lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20211210124449.21537-1-mbenes@suse.cz>
Date:   Fri, 10 Dec 2021 13:44:47 +0100
From:   Miroslav Benes <mbenes@...e.cz>
To:     jpoimboe@...hat.com, jikos@...nel.org, pmladek@...e.com,
        joe.lawrence@...hat.com
Cc:     peterz@...radead.org, linux-kernel@...r.kernel.org,
        live-patching@...r.kernel.org, shuah@...nel.org,
        linux-kselftest@...r.kernel.org, Miroslav Benes <mbenes@...e.cz>
Subject: [PATCH v2 0/2] livepatch: Allow user to specify functions to search for on a stack

livepatch's consistency model requires that no live patched function
must be found on any task's stack during a transition process after a
live patch is applied. It is achieved by walking through stacks of all
blocked tasks.

The user might also want to define more functions to search for without
them being patched at all. It may either help with preparing a live
patch, which would otherwise require adding more functions just to
achieve the consistency, or it can be used to overcome deficiencies the
stack checking inherently has.

Consider the following example, in which GCC may optimize function
parent() so that a part of it is moved to a different section
(child.cold()) and parent() jumps to it. If both parent() and child2()
are to patching targets, things can break easily if a task sleeps in
child.cold() and new patched child2() changes ABI. parent() is not found
on the stack, child.cold() jumps back to parent() eventually and new
child2() is called.

  parent():             /* to-be-patched */
    ...
    jmp child.cold()    /* cannot be patched */
      ...
      schedule()
      ...
      jmp <back>
    ...
    call child2()       /* to-be-patched */
    ...

The patch set adds a new API which allows the user to specify such
functions.

v1: https://lore.kernel.org/all/20211119090327.12811-1-mbenes@suse.cz/

Changes:
--------
v2:
  - no separate klp_funcs, stack_only attribute is defined
  - tests rewritten

Miroslav Benes (2):
  livepatch: Allow user to specify functions to search for on a stack
  selftests/livepatch: Test of the API for specifying functions to
    search for on a stack

 include/linux/livepatch.h                     |   3 +
 kernel/livepatch/core.c                       |  28 ++-
 kernel/livepatch/patch.c                      |   6 +
 kernel/livepatch/transition.c                 |   5 +-
 lib/livepatch/Makefile                        |   5 +-
 lib/livepatch/test_klp_func_stack_only_demo.c |  66 ++++++++
 .../test_klp_func_stack_only_demo2.c          |  61 +++++++
 lib/livepatch/test_klp_func_stack_only_mod.c  |  70 ++++++++
 tools/testing/selftests/livepatch/Makefile    |   3 +-
 .../livepatch/test-func-stack-only.sh         | 159 ++++++++++++++++++
 10 files changed, 402 insertions(+), 4 deletions(-)
 create mode 100644 lib/livepatch/test_klp_func_stack_only_demo.c
 create mode 100644 lib/livepatch/test_klp_func_stack_only_demo2.c
 create mode 100644 lib/livepatch/test_klp_func_stack_only_mod.c
 create mode 100755 tools/testing/selftests/livepatch/test-func-stack-only.sh

-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ