| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 15 Jan 2021 12:33:47 +0000
From: Mark Rutland <mark.rutland@....com>
To: "Madhavan T. Venkataraman" <madvenka@...ux.microsoft.com>
Cc: linux-arm-kernel@...ts.infradead.org,
Mark Brown <broonie@...nel.org>,
Julien Thierry <jthierry@...hat.com>, jpoimboe@...hat.com,
live-patching@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: Live patching on ARM64
On Thu, Jan 14, 2021 at 04:07:55PM -0600, Madhavan T. Venkataraman wrote:
> Hi all,
>
> My name is Madhavan Venkataraman.
Hi Madhavan,
> Microsoft is very interested in Live Patching support for ARM64.
> On behalf of Microsoft, I would like to contribute.
>
> I would like to get in touch with the people who are currently working
> in this area, find out what exactly they are working on and see if they
> could use an extra pair of eyes/hands with what they are working on.
>
> It looks like the most recent work in this area has been from the
> following folks:
>
> Mark Brown and Mark Rutland:
> Kernel changes to providing reliable stack traces.
>
> Julien Thierry:
> Providing ARM64 support in objtool.
>
> Torsten Duwe:
> Ftrace with regs.
IIRC that's about right. I'm also trying to make arm64 patch-safe (more
on that below), and there's a long tail of work there for anyone
interested.
> I apologize if I have missed anyone else who is working on Live Patching
> for ARM64. Do let me know.
>
> Is there any work I can help with? Any areas that need investigation, any code
> that needs to be written, any work that needs to be reviewed, any testing that
> needs to done? You folks are probably super busy and would not mind an extra
> hand.
One general thing that I believe we'll need to do is to rework code to
be patch-safe (which implies being noinstr-safe too). For example, we'll
need to rework the instruction patching code such that this cannot end
up patching itself (or anything that has instrumented it) in an unsafe
way.
Once we have objtool it should be possible to identify those cases
automatically. Currently I'm aware that we'll need to do something in at
least the following places:
* The entry code -- I'm currently chipping away at this.
* The insn framework (which is used by some patching code), since the
bulk of it lives in arch/arm64/kernel/insn.c and isn't marked noinstr.
We can probably shift the bulk of the aarch64_insn_gen_*() and
aarch64_get_*() helpers into a header as __always_inline functions,
which would allow them to be used in noinstr code. As those are
typically invoked with a number of constant arguments that the
compiler can fold, this /might/ work out as an optimization if the
compiler can elide the error paths.
* The alternatives code, since we call instrumentable and patchable
functions between updating instructions and performing all the
necessary maintenance. There are a number of cases within
__apply_alternatives(), e.g.
- test_bit()
- cpus_have_cap()
- pr_info_once()
- lm_alias()
- alt_cb, if the callback is not marked as noinstr, or if it calls
instrumentable code (e.g. from the insn framework).
- clean_dcache_range_nopatch(), as read_sanitised_ftr_reg() and
related code can be instrumented.
This might need some underlying rework elsewhere (e.g. in the
cpufeature code, or atomics framework).
So on the kernel side, maybe a first step would be to try to headerize
the insn generation code as __always_inline, and see whether that looks
ok? With that out of the way it'd be a bit easier to rework patching
code depending on the insn framework.
I'm not sure about the objtool side, so I'll leave that to Julien and co
to answer.
Thanks,
Mark.
Powered by blists - more mailing lists