lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 19 Nov 2021 10:03:24 +0100
From:   Miroslav Benes <mbenes@...e.cz>
To:     jpoimboe@...hat.com, jikos@...nel.org, pmladek@...e.com,
        joe.lawrence@...hat.com
Cc:     peterz@...radead.org, linux-kernel@...r.kernel.org,
        live-patching@...r.kernel.org, shuah@...nel.org,
        linux-kselftest@...r.kernel.org, Miroslav Benes <mbenes@...e.cz>
Subject: [PATCH 0/3] livepatch: Allow user to specify functions to search for on a stack

livepatch's consistency model requires that no live patched function
must be found on any task's stack during a transition process after a
live patch is applied. It is achieved by walking through stacks of all
blocked tasks.

The user might also want to define more functions to search for without
them being patched at all. It may either help with preparing a live
patch, which would otherwise require additional touches to achieve the
consistency, or it can be used to overcome deficiencies the stack
checking inherently has. For example, GCC may optimize a function so
that a part of it is moved to a different section and the function would
jump to it. This child function would not be found on a stack in this
case, but it may be important to search for it so that, again, the
consistency is achieved.

The patch set adds a new API which allows the user to specify such
functions.

The first patch is only preparatory. The main work is in the second one.
The third patch adds a test.

Originally, I wanted to add it all to klp_patch struct, but it makes
more sense to do it on klp_object level. It is also easier to reuse as
much of the existing code as possible in that case.

I am not good with naming so bike-shedding is welcome. Reviews even
more.

Miroslav Benes (3):
  livepatch: Move the initialization of old_func to a new function
  livepatch: Allow user to specify functions to search for on a stack
  selftests/livepatch: Test of the API for specifying functions to
    search for on a stack

 include/linux/livepatch.h                     | 11 +++
 kernel/livepatch/core.c                       | 50 ++++++++---
 kernel/livepatch/transition.c                 | 21 +++--
 lib/Kconfig.debug                             |  1 +
 lib/livepatch/Makefile                        |  4 +-
 lib/livepatch/test_klp_funcstack_demo.c       | 61 +++++++++++++
 lib/livepatch/test_klp_funcstack_mod.c        | 72 +++++++++++++++
 tools/testing/selftests/livepatch/Makefile    |  3 +-
 .../selftests/livepatch/test-func-stack.sh    | 88 +++++++++++++++++++
 9 files changed, 293 insertions(+), 18 deletions(-)
 create mode 100644 lib/livepatch/test_klp_funcstack_demo.c
 create mode 100644 lib/livepatch/test_klp_funcstack_mod.c
 create mode 100755 tools/testing/selftests/livepatch/test-func-stack.sh

-- 
2.33.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ