archive mirror
 help / color / mirror / Atom feed
From: Miroslav Benes <>
To: Kristen Carlson Accardi <>
Subject: Re: [PATCH v5 00/10] Function Granular KASLR
Date: Fri, 25 Sep 2020 15:06:55 +0200 (CEST)	[thread overview]
Message-ID: <> (raw)
In-Reply-To: <>

Hi Kristen,

On Wed, 23 Sep 2020, Kristen Carlson Accardi wrote:

> Function Granular Kernel Address Space Layout Randomization (fgkaslr)
> ---------------------------------------------------------------------
> This patch set is an implementation of finer grained kernel address space
> randomization. It rearranges your kernel code at load time 
> on a per-function level granularity, with only around a second added to
> boot time.

I ran live patching kernel selftests on the patch set and everything 
passed fine.

However, we also use not-yet-upstream set of tests at SUSE for testing 
live patching [1] and one of them,, is failing. You should be 
able to run the set on upstream as is.

The test uninterruptedly sleeps in a kretprobed function called by a 
patched one. The current master without fgkaslr patch set reports the 
stack of the sleeping task as unreliable and live patching fails. The 
situation is different with fgkaslr (even with nofgkaslr on the command 
line). The stack is returned as reliable. It looks something like 

[<0>] __schedule+0x465/0xa40
[<0>] schedule+0x55/0xd0
[<0>] orig_do_sleep+0xb1/0x110 [klp_test_support_mod]
[<0>] swap_pages+0x7f/0x7f

where the last entry is not reliable. I've seen 
kretprobe_trampoline+0x0/0x4a and some other symbols there too. Since the 
patched function (orig_sleep_uninterruptible_set) is not on the stack, 
live patching succeeds, which is not intended.

With kprobe setting removed, all works as expected.

So I wonder if there is still some issue with ORC somewhere as you 
mentioned in v4 thread. I'll investigate more next week, but wanted to 
report early.



  parent reply	other threads:[~2020-09-25 13:23 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <>
2020-09-23 17:39 ` [PATCH v5 10/10] livepatch: only match unique symbols when using fgkaslr Kristen Carlson Accardi
2020-09-24 13:06   ` Miroslav Benes
2020-09-25 13:06 ` Miroslav Benes [this message]
2020-09-28 17:31   ` [PATCH v5 00/10] Function Granular KASLR Kristen Carlson Accardi

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \ \ \ \ \ \ \ \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).