live-patching.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Miroslav Benes <mbenes@suse.cz>
To: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>,
	live-patching@vger.kernel.org, linux-kernel@vger.kernel.org,
	Jessica Yu <jeyu@kernel.org>
Subject: Re: [PATCH 1/7] livepatch: Apply vmlinux-specific KLP relocations early
Date: Wed, 15 Apr 2020 16:30:15 +0200 (CEST)	[thread overview]
Message-ID: <alpine.LSU.2.21.2004151627100.13470@pobox.suse.cz> (raw)
In-Reply-To: <20200414193150.iqw224itgpedpltm@treble>

On Tue, 14 Apr 2020, Josh Poimboeuf wrote:

> On Tue, Apr 14, 2020 at 01:01:09PM -0500, Josh Poimboeuf wrote:
> > On Tue, Apr 14, 2020 at 07:44:06PM +0200, Peter Zijlstra wrote:
> > > On Tue, Apr 14, 2020 at 11:28:37AM -0500, Josh Poimboeuf wrote:
> > > > KLP relocations are livepatch-specific relocations which are applied to
> > > >   1) vmlinux-specific KLP relocation sections
> > > > 
> > > >      .klp.rela.vmlinux.{sec}
> > > > 
> > > >      These are relocations (applied to the KLP module) which reference
> > > >      unexported vmlinux symbols.
> > > > 
> > > >   2) module-specific KLP relocation sections
> > > > 
> > > >      .klp.rela.{module}.{sec}:
> > > > 
> > > >      These are relocations (applied to the KLP module) which reference
> > > >      unexported or exported module symbols.
> > > 
> > > Is there something that disallows a module from being called 'vmlinux' ?
> > > If not, we might want to enforce this somewhere.
> > 
> > I'm pretty sure we don't have a check for that anywhere, though the KLP
> > module would almost certainly fail during the module load when it
> > couldn't find the vmlinux.ko symbols it needed.
> > 
> > It wouldn't hurt to add a check somewhere though.  Maybe in
> > klp_module_coming() since the restriction only applies to
> > CONFIG_LIVEPATCH...
> 
> From: Josh Poimboeuf <jpoimboe@redhat.com>
> Subject: [PATCH] livepatch: Disallow vmlinux.ko
> 
> This is purely a theoretical issue, but if there were a module named

OT: "if there were"... subjunctive?

> vmlinux.ko, the livepatch relocation code wouldn't be able to
> distinguish between vmlinux-specific and vmlinux.o-specific KLP
> relocations.
> 
> If CONFIG_LIVEPATCH is enabled, don't allow a module named vmlinux.ko.

Yup, there is no such check nowadays. I always struggle to find the right 
balance between being overprotective and letting the user shoot themselves 
in their foot if they want to. But it does not hurt, so ack to that.

Miroslav

  reply	other threads:[~2020-04-15 14:30 UTC|newest]

Thread overview: 38+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-04-14 16:28 [PATCH 0/7] livepatch,module: Remove .klp.arch and module_disable_ro() Josh Poimboeuf
2020-04-14 16:28 ` [PATCH 1/7] livepatch: Apply vmlinux-specific KLP relocations early Josh Poimboeuf
2020-04-14 17:44   ` Peter Zijlstra
2020-04-14 18:01     ` Josh Poimboeuf
2020-04-14 19:31       ` Josh Poimboeuf
2020-04-15 14:30         ` Miroslav Benes [this message]
2020-04-15 16:29           ` Josh Poimboeuf
2020-04-15 14:34   ` Miroslav Benes
2020-04-15 16:30     ` Josh Poimboeuf
2020-04-14 16:28 ` [PATCH 2/7] livepatch: Remove .klp.arch Josh Poimboeuf
2020-04-15 15:18   ` Jessica Yu
2020-04-14 16:28 ` [PATCH 3/7] livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols Josh Poimboeuf
2020-04-14 16:28 ` [PATCH 4/7] s390/module: Use s390_kernel_write() for relocations Josh Poimboeuf
2020-04-16  8:56   ` Miroslav Benes
2020-04-16 12:06     ` Josh Poimboeuf
2020-04-16 13:16       ` Josh Poimboeuf
2020-04-17  1:37         ` Josh Poimboeuf
2020-04-14 16:28 ` [PATCH 5/7] x86/module: Use text_poke() " Josh Poimboeuf
2020-04-14 16:28 ` [PATCH 6/7] livepatch: Remove module_disable_ro() usage Josh Poimboeuf
2020-04-15 15:02   ` Jessica Yu
2020-04-15 16:33     ` Josh Poimboeuf
2020-04-16  9:28       ` Miroslav Benes
2020-04-16 12:10         ` Josh Poimboeuf
2020-04-14 16:28 ` [PATCH 7/7] module: Remove module_disable_ro() Josh Poimboeuf
2020-04-14 18:27 ` [PATCH 0/7] livepatch,module: Remove .klp.arch and module_disable_ro() Peter Zijlstra
2020-04-14 19:08   ` Josh Poimboeuf
2020-04-15 14:24     ` Peter Zijlstra
2020-04-15 16:17       ` Josh Poimboeuf
2020-04-16 15:31         ` Jessica Yu
2020-04-16 15:45           ` Josh Poimboeuf
2020-04-17  8:27             ` Miroslav Benes
2020-04-17  8:50               ` Jessica Yu
2020-04-16  9:45     ` Miroslav Benes
2020-04-16 12:20       ` Josh Poimboeuf
2020-04-17  9:08         ` Miroslav Benes
2020-04-15  0:57 ` Joe Lawrence
2020-04-15  1:31   ` Josh Poimboeuf
2020-04-15  1:37     ` Joe Lawrence

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=alpine.LSU.2.21.2004151627100.13470@pobox.suse.cz \
    --to=mbenes@suse.cz \
    --cc=jeyu@kernel.org \
    --cc=jpoimboe@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=live-patching@vger.kernel.org \
    --cc=peterz@infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).