lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 3 Mar 2022 18:54:46 +0800 From: Chengming Zhou <zhouchengming@...edance.com> To: jpoimboe@...hat.com, jikos@...nel.org, mbenes@...e.cz, pmladek@...e.com, joe.lawrence@...hat.com Cc: live-patching@...r.kernel.org, linux-kernel@...r.kernel.org, Chengming Zhou <zhouchengming@...edance.com> Subject: [PATCH v2] livepatch: Don't block removal of patches that are safe to unload module_put() is currently never called for a patch with forced flag, to block the removal of that patch module that might still be in use after a forced transition. But klp_force_transition() will set all patches on the list to be forced, since commit d67a53720966 ("livepatch: Remove ordering (stacking) of the livepatches") has removed stack ordering of the livepatches, it will cause all other patches can't be unloaded after disabled even if they have completed the KLP_UNPATCHED transition. In fact, we don't need to set a patch to forced if it's a KLP_PATCHED forced transition. It can still be unloaded safely as long as it has passed through the consistency model in KLP_UNPATCHED transition. But the exception is when force transition of an atomic replace patch, we have to set all previous patches to forced, or they will be removed at the end of klp_try_complete_transition(). This patch only set the klp_transition_patch to be forced in KLP_UNPATCHED case, and keep the old behavior when in atomic replace case. Signed-off-by: Chengming Zhou <zhouchengming@...edance.com> --- v2: interact nicely with the atomic replace feature noted by Miroslav. --- kernel/livepatch/transition.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/kernel/livepatch/transition.c b/kernel/livepatch/transition.c index 5683ac0d2566..34ffb8c014ed 100644 --- a/kernel/livepatch/transition.c +++ b/kernel/livepatch/transition.c @@ -641,6 +641,10 @@ void klp_force_transition(void) for_each_possible_cpu(cpu) klp_update_patch_state(idle_task(cpu)); - klp_for_each_patch(patch) - patch->forced = true; + if (klp_target_state == KLP_UNPATCHED) + klp_transition_patch->forced = true; + else if (klp_transition_patch->replace) { + klp_for_each_patch(patch) + patch->forced = true; + } } -- 2.20.1
Powered by blists - more mailing lists