lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20250331100940.3dc5e23a@gandalf.local.home>
Date: Mon, 31 Mar 2025 10:09:40 -0400
From: Steven Rostedt <rostedt@...dmis.org>
To: Shung-Hsi Yu <shung-hsi.yu@...e.com>
Cc: "Naveen N. Rao" <naveen@...nel.org>, Hari Bathini
 <hbathini@...ux.ibm.com>, bpf@...r.kernel.org, Michael Ellerman
 <mpe@...erman.id.au>, Mark Rutland <mark.rutland@....com>, Daniel Borkmann
 <daniel@...earbox.net>, Masahiro Yamada <masahiroy@...nel.org>, Nicholas
 Piggin <npiggin@...il.com>, Alexei Starovoitov <ast@...nel.org>, Masami
 Hiramatsu <mhiramat@...nel.org>, Andrii Nakryiko <andrii@...nel.org>,
 Christophe Leroy <christophe.leroy@...roup.eu>, Vishal Chourasia
 <vishalc@...ux.ibm.com>, Mahesh J Salgaonkar <mahesh@...ux.ibm.com>,
 Miroslav Benes <mbenes@...e.cz>, Michal Suchánek
 <msuchanek@...e.de>, linux-kernel@...r.kernel.org,
 linuxppc-dev@...ts.ozlabs.org, linux-trace-kernel@...r.kernel.org,
 live-patching@...r.kernel.org
Subject: Re: [BUG?] ppc64le: fentry BPF not triggered after live patch
 (v6.14)

On Mon, 31 Mar 2025 21:19:36 +0800
Shung-Hsi Yu <shung-hsi.yu@...e.com> wrote:

> Hi all,
> 
> On ppc64le (v6.14, kernel config attached), I've observed that fentry
> BPF programs stop being invoked after the target kernel function is live
> patched. This occurs regardless of whether the BPF program was attached
> before or after the live patch. I believe fentry/fprobe on ppc64le is
> added with [1].
> 
> Steps to reproduce on ppc64le:
> - Use bpftrace (v0.10.0+) to attach a BPF program to cmdline_proc_show
>   with fentry (kfunc is the older name bpftrace used for fentry, used
>   here for max compatability)
> 
>     bpftrace -e 'kfunc:cmdline_proc_show { printf("%lld: cmdline_proc_show() called by %s\n", nsecs(), comm) }'
> 
> - Run `cat /proc/cmdline` and observe bpftrace output
> 
> - Load samples/livepatch/livepatch-sample.ko
> 
> - Run `cat /proc/cmdline` again. Observe "this has been live patched" in
>   output, but no new bpftrace output.
> 
> Note: once the live patching module is disabled through the sysfs interface
> the BPF program invocation is restored.
> 
> Is this the expected interaction between fentry BPF and live patching?
> On x86_64 it does _not_ happen, so I'd guess the behavior on ppc64le is
> unintended. Any insights appreciated.

Hmm, I'm not sure how well BPF function attachment and live patching
interact. Can you see if on x86 the live patch is actually updated when a
BPF program is attached?

Would be even more interesting to see how BPF reading the return code works
with live patching, as it calls the function directly from the BPF
trampoline. I wonder, does it call the live patched function, or does it
call the original one?

-- Steve


> 
> 
> Thanks,
> Shung-Hsi Yu
> 
> 1: https://lore.kernel.org/all/20241030070850.1361304-2-hbathini@linux.ibm.com/


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ