lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.LSU.2.21.1910161521010.7750@pobox.suse.cz>
Date:   Wed, 16 Oct 2019 15:29:17 +0200 (CEST)
From:   Miroslav Benes <mbenes@...e.cz>
To:     Peter Zijlstra <peterz@...radead.org>
cc:     Steven Rostedt <rostedt@...dmis.org>,
        Joe Lawrence <joe.lawrence@...hat.com>,
        Jessica Yu <jeyu@...nel.org>, x86@...nel.org,
        linux-kernel@...r.kernel.org, mhiramat@...nel.org,
        bristot@...hat.com, jbaron@...mai.com,
        torvalds@...ux-foundation.org, tglx@...utronix.de,
        mingo@...nel.org, namit@...are.com, hpa@...or.com, luto@...nel.org,
        ard.biesheuvel@...aro.org, jpoimboe@...hat.com,
        live-patching@...r.kernel.org, pmladek@...e.com
Subject: Re: [PATCH v3 5/6] x86/ftrace: Use text_poke()

On Wed, 16 Oct 2019, Miroslav Benes wrote:

> On Wed, 16 Oct 2019, Peter Zijlstra wrote:
> 
> > On Tue, Oct 15, 2019 at 06:27:05PM -0400, Steven Rostedt wrote:
> > 
> > > (7) Seventh session, titled "klp-convert and livepatch relocations", was led
> > > by Joe Lawrence.
> > > 
> > > Joe started the session with problem statement: accessing non exported / static
> > > symbols from inside the patch module. One possible workardound is manually via
> > > kallsyms. Second workaround is klp-convert, which actually creates proper
> > > relocations inside the livepatch module from the symbol database during the
> > > final .ko link.
> > > Currently module loader looks for special livepatch relocations and resolves
> > > those during runtime; kernel support for these relocations have so far been
> > > added for x86 only. Special livepatch relocations are supported and processed
> > > also on other architectures. Special quirks/sections are not yet supported.
> > > Plus klp-convert would still be needed even with late module patching update.
> > > vmlinux or modules could have ambiguous static symbols.
> > > 
> > > It turns out that the features / bugs below have to be resolved before we
> > > can claim the klp-convert support for relocation complete:
> > >     - handle all the corner cases (jump labels, static keys, ...) properly and
> > >       have a good regression tests in place
> > 
> > I suppose all the patches in this series-of-series here will make life
> > harder for KLP, static_call() and 2 byte jumps etc..
> 
> Yes, I think so. We'll have to deal with that once it lands. That is why 
> we want to get rid of all this arch-specific code in livepatch and 
> reinvent the late module patching. So it is perhaps better to start 
> working on it sooner than later. Adding Petr, who hesitantly signed up for 
> the task...

Thinking about it more... crazy idea. I think we could leverage these new 
ELF .text per vmlinux/module sections for the reinvention I was talking 
about. If we teach module loader to relocate (and apply alternatives and 
so on, everything in arch-specific module_finalize()) not the whole module 
in case of live patch modules, but separate ELF .text sections, it could 
solve the issue with late module patching we have. It is a variation on 
Steven's idea. When live patch module is loaded, only its section for 
present modules would be processed. Then whenever a to-be-patched module 
is loaded, its .text section in all present patch module would be 
processed.

The upside is that almost no work would be required on patch modules 
creation side. The downside is that klp_modinfo must stay. Module loader 
needs to be hacked a lot in both cases. So it remains to be seen which 
idea is easier to implement.

Jessica, do you think it would be feasible?

Petr, Joe, Josh, am I missing something or would it work?

Miroslav

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ