lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20220301140840.29345-1-zhouchengming@bytedance.com>
Date:   Tue,  1 Mar 2022 22:08:40 +0800
From:   Chengming Zhou <zhouchengming@...edance.com>
To:     jpoimboe@...hat.com, jikos@...nel.org, mbenes@...e.cz,
        pmladek@...e.com, joe.lawrence@...hat.com
Cc:     live-patching@...r.kernel.org, linux-kernel@...r.kernel.org,
        songmuchun@...edance.com, qirui.001@...edance.com,
        Chengming Zhou <zhouchengming@...edance.com>
Subject: [PATCH] livepatch: Only block the removal of KLP_UNPATCHED forced transition patch

module_put() is currently never called for a patch with forced flag, to block
the removal of that patch module that might still be in use after a forced
transition.

But klp_force_transition() will flag all patches on the list to be forced, since
commit d67a53720966 ("livepatch: Remove ordering (stacking) of the livepatches")
has removed stack ordering of the livepatches, it will cause all other patches can't
be unloaded after disabled even if they have completed the KLP_UNPATCHED transition.

In fact, we don't need to flag a patch to forced if it's a KLP_PATCHED forced
transition. It can still be unloaded only if it has passed through the consistency
model in KLP_UNPATCHED transition.

So this patch only set forced flag and block the removal of a KLP_UNPATCHED forced
transition livepatch.

Signed-off-by: Chengming Zhou <zhouchengming@...edance.com>
---
 kernel/livepatch/transition.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/kernel/livepatch/transition.c b/kernel/livepatch/transition.c
index 5683ac0d2566..8b296ad9e407 100644
--- a/kernel/livepatch/transition.c
+++ b/kernel/livepatch/transition.c
@@ -641,6 +641,6 @@ void klp_force_transition(void)
 	for_each_possible_cpu(cpu)
 		klp_update_patch_state(idle_task(cpu));
 
-	klp_for_each_patch(patch)
-		patch->forced = true;
+	if (klp_target_state == KLP_UNPATCHED)
+		klp_transition_patch->forced = true;
 }
-- 
2.20.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ