lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Yg0qgtSFNQx5Mo1i@redhat.com>
Date:   Wed, 16 Feb 2022 11:46:58 -0500
From:   Joe Lawrence <joe.lawrence@...hat.com>
To:     live-patching@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-kbuild@...r.kernel.org
Subject: Re: [RFC PATCH v6 03/12] livepatch: Add klp-convert tool

On Wed, Feb 16, 2022 at 11:39:31AM -0500, Joe Lawrence wrote:
> 
>  [ ... snip ... ]
> 
> +/*
> + * Checks if rela conversion is supported in given section
> + */
> +static bool supported_section(struct section *sec, char *object_name)
> +{
> +#if 0
> +	/*
> +	 * klp-relocations forbidden in sections that otherwise would
> +	 * match in allowed_prefixes[]
> +	 */
> +	static const char * const not_allowed[] = {
> +		".rela.data.rel.ro",
> +		".rela.data.rel.ro.local",
> +		".rela.data..ro_after_init",
> +		NULL
> +	};
> +#endif
> +
> +	/* klp-relocations allowed in sections only for vmlinux */
> +	static const char * const allowed_vmlinux[] = {
> +		".rela__jump_table",
> +		NULL
> +	};
> +
> +	/* klp-relocations allowed in sections with prefixes */
> +	static const char * const allowed_prefixes[] = {
> +		".rela.data",
> +		".rela.rodata",	// supported ???
> +		".rela.sdata",
> +		".rela.text",
> +		".rela.toc",
> +		NULL
> +	};
> +
> +	const char * const *name;
> +
> +#if 0
> +	for (name = not_allowed; *name; name++)
> +		if (strcmp(sec->name, *name) == 0)
> +			return false;
> +#endif

I wasn't sure if relocations in .rela.<read-only> sections should be
supported or not, particularly in the late relocation use case.  For
most, I think they can be easily avoided by the livepatch author
changing the storage class for the C pointer that is relocated.  On the
other hand, this may be disruptive to automated tools like
kpatch-build... or maybe there is no issue at all for late relocating
.rela.<read-only>?

-- Joe

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ