[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20220818135629.1113036-1-alexandr.lobakin@intel.com>
Date: Thu, 18 Aug 2022 15:56:29 +0200
From: Alexander Lobakin <alexandr.lobakin@...el.com>
To: Greg KH <gregkh@...uxfoundation.org>
Cc: Alexander Lobakin <alexandr.lobakin@...el.com>,
linux-kernel@...r.kernel.org,
Masahiro Yamada <masahiroy@...nel.org>,
Michal Marek <michal.lkml@...kovi.net>,
"Naveen N. Rao" <naveen.n.rao@...ux.ibm.com>,
Anil S Keshavamurthy <anil.s.keshavamurthy@...el.com>,
"David S. Miller" <davem@...emloft.net>,
Masami Hiramatsu <mhiramat@...nel.org>,
Nick Desaulniers <ndesaulniers@...gle.com>,
Josh Poimboeuf <jpoimboe@...nel.org>,
Peter Zijlstra <peterz@...radead.org>,
Jiri Kosina <jikos@...nel.org>,
Miroslav Benes <mbenes@...e.cz>,
Petr Mladek <pmladek@...e.com>,
Joe Lawrence <joe.lawrence@...hat.com>,
linux-kbuild@...r.kernel.org, live-patching@...r.kernel.org,
lkp@...el.com, stable@...r.kernel.org
Subject: Re: [RFC PATCH 3/3] kallsyms: add option to include relative filepaths into kallsyms
From: Greg KH <gregkh@...uxfoundation.org>
Date: Thu, 18 Aug 2022 14:23:43 +0200
> On Thu, Aug 18, 2022 at 01:53:06PM +0200, Alexander Lobakin wrote:
> > Currently, kallsyms kernel code copes with symbols with the same
> > name by indexing them according to their position in vmlinux and
> > requiring to provide an index of the desired symbol. This is not
> > really quite reliable and is fragile to any features performing
> > symbol or section manipulations such as FG-KASLR.
>
> Ah, here's the reasoning, stuff like this should go into the 0/X message
> too, right?
>
> Anyway, what is currently broken that requires this? What will this
> make easier in the future? What in the future will depend on this?
2) FG-KASLR will depend and probably some more crazy hardening
stuff. And/or perf-based function/symbol placement, which is
in the "discuss and dream sometimes" stage.
>
> > So, in order to make kallsyms immune to object code modification
>
> What do you mean by "object code modification"?
Yeah, probably not a good term. Anything that can change symbol
order in the decompressed kernel in the memory. As for FG-KASLR,
it shuffles functions on each boot randomly, so
>
> Can that happen now? What causes it? What happens if it does happen?
So then, if e.g. we have two functions with the same name:
ffffffff81133700 t func (func one)
ffffffff81733100 t func (func two)
and they got reordered by FG-KASLR
ffffffffdeadbeef t func (func two)
ffffffffe0fffeed t func (func one)
and kallsyms table got reordered too.
So, utilities that rely on vmlinux and kallsyms, like probes,
livepatch etc. will have mismatch in "symbol positions" with the
kernel, so wrong symbols will be patched. So the code will get
broken.
>
> And why are any of these being cc:ed to the stable mailing list?
I Cced stable in 1/3 and I don't like when someone receives only
some parts of a series, and not only me. So I usually collect all
addresses and make one Tos and Ccs for the whole stuff.
>
> confused,
>
> greg k-h
Thanks,
Olek
Powered by blists - more mailing lists