lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <alpine.LSU.2.21.2409271555430.15317@pobox.suse.cz>
Date: Fri, 27 Sep 2024 16:11:02 +0200 (CEST)
From: Miroslav Benes <mbenes@...e.cz>
To: Wardenjohn <zhangwarden@...il.com>
cc: jpoimboe@...nel.org, jikos@...nel.org, pmladek@...e.com, 
    joe.lawrence@...hat.com, live-patching@...r.kernel.org, 
    linux-kernel@...r.kernel.org
Subject: Re: [PATCH] livepatch: introduce 'stack_order' sysfs interface to
 klp_patch

Hi,

I would change the subject to something like

"livepatch: Add "stack_order" sysfs attribute"

to keep it somehow consistent with what we have there so far.

On Wed, 25 Sep 2024, Wardenjohn wrote:

> This feature can provide livepatch patch order information.
> With the order of sysfs interface of one klp_patch, we can
> use patch order to find out which function of the patch is
> now activate.
> 
> After the discussion, we decided that patch-level sysfs
> interface is the only accaptable way to introduce this
> information.
> 
> This feature is like:
> cat /sys/kernel/livepatch/livepatch_1/stack_order -> 1
> means this livepatch_1 module is the 1st klp patch applied.
> 
> cat /sys/kernel/livepatch/livepatch_module/stack_order -> N
> means this lviepatch_module is the Nth klp patch applied
> to the system.

Perhaps something like

"
Add "stack_order" sysfs attribute which holds the order in which a live 
patch module was loaded into the system. A user can then determine an 
active live patched version of a function.

 cat /sys/kernel/livepatch/livepatch_1/stack_order -> 1

 means that livepatch_1 is the first live patch applied

 cat /sys/kernel/livepatch/livepatch_module/stack_order -> N

 means that livepatch_module is the Nth live patch applied
"
?

> Suggested-by: Petr Mladek <pmladek@...e.com>
> Suggested-by: Miroslav Benes <mbenes@...e.cz>
> Suggested-by: Josh Poimboeuf <jpoimboe@...nel.org>
> Signed-off-by: Wardenjohn <zhangwarden@...il.com>
 
How do you prepare your patches?

"---" delimiter is missing here.

> diff --git a/kernel/livepatch/core.c b/kernel/livepatch/core.c
> index ecbc9b6aba3a..914b7cabf8fe 100644
> --- a/kernel/livepatch/core.c
> +++ b/kernel/livepatch/core.c
> @@ -346,6 +346,7 @@ int klp_apply_section_relocs(struct module *pmod, Elf_Shdr *sechdrs,
>   * /sys/kernel/livepatch/<patch>/enabled
>   * /sys/kernel/livepatch/<patch>/transition
>   * /sys/kernel/livepatch/<patch>/force
> + * /sys/kernel/livepatch/<patch>/stack_order
>   * /sys/kernel/livepatch/<patch>/<object>
>   * /sys/kernel/livepatch/<patch>/<object>/patched
>   * /sys/kernel/livepatch/<patch>/<object>/<function,sympos>
> @@ -443,13 +444,37 @@ static ssize_t force_store(struct kobject *kobj, struct kobj_attribute *attr,
>  	return count;
>  }
>  
> +static ssize_t stack_order_show(struct kobject *kobj,
> +				struct kobj_attribute *attr, char *buf)
> +{
> +	struct klp_patch *patch, *this_patch;
> +	int stack_order = 0;
> +
> +	this_patch = container_of(kobj, struct klp_patch, kobj);
> +
> +	/* make sure the calculate of patch order correct */

The comment is not necessary.

> +	mutex_lock(&klp_mutex);
> +
> +	klp_for_each_patch(patch) {
> +		stack_order++;
> +		if (patch == this_patch)
> +			break;
> +	}
> +
> +	mutex_unlock(&klp_mutex);

Please add an empty line before return here.

>+       return sysfs_emit(buf, "%d\n", stack_order);
>+}

Miroslav

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ