From: Seth Jennings <sjenning@redhat.com>
To: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>,
Jiri Kosina <jkosina@suse.cz>, Vojtech Pavlik <vojtech@suse.cz>,
Steven Rostedt <rostedt@goodmis.org>,
Petr Mladek <pmladek@suse.cz>, Miroslav Benes <mbenes@suse.cz>,
Christoph Hellwig <hch@infradead.org>,
Greg KH <gregkh@linuxfoundation.org>,
Andy Lutomirski <luto@amacapital.net>,
live-patching@vger.kernel.org, x86@kernel.org, kpatch@redhat.com,
linux-kernel@vger.kernel.org
Subject: Re: [PATCHv2 0/3] Kernel Live Patching
Date: Mon, 17 Nov 2014 08:54:50 -0600 [thread overview]
Message-ID: <20141117145450.GA2314@cerebellum.variantweb.net> (raw)
In-Reply-To: <5469888E.3090501@hitachi.com>
On Mon, Nov 17, 2014 at 02:33:02PM +0900, Masami Hiramatsu wrote:
> Hi Seth,
>
> (2014/11/17 10:29), Seth Jennings wrote:
> > Changelog:
> >
> > Thanks for all the feedback!
> >
> > changes in v2:
> > - rebase to next-20141113
> > - add copyright/license block to livepatch.h
> > - add _LINUX prefix to header defines
> > - replace semaphore with mutex
> > - add LPC_ prefix to state enum
> > - convert BUGs to WARNs and handle properly
> > - change Kconfig default to n
> > - remove [old|new] attrs from function sysfs dir (KASLR leak, no use)
> > - disregard user provided old_addr if kernel uses KASLR
> > - s/out/err for error path labels
> > - s/unregister/disable for uniform terminology
> > - s/lp/lpc for module notifier elements
>
> Hmm, btw, "LP" and "LPC" remind me line-printer and LPC bus :(
> Can we use LKP (Live Kernel Patching) or KLP (Kernel Live Patching) instead ?
Jiri S also mentioned this so I guess it is a common sentiment :) He
suggested "lip" but I think I like "klp" better? Jiri S sound good?
>
> > - replace module ref'ing with unload notifier + mutex protection
> > - adjust notifier priority to run before ftrace
> > - make LIVE_PATCHING boolean (about to depend on arch stuff)
>
> For better handling x86-32, we'd better introduce ARCH_HAVE_LIVE_PATCHING and
> avoid enabling LIVE_PATCHING on x86_32, then we can simplify arch/x86/kernel/livepatch.c.
Will do.
Thanks for the review!
Seth
>
> Thank you,
>
> > - move x86-specific reloc code to arch/x86
> > - s/dynrela/reloc/
> > - add live patching sysfs documentation
> > - add API function kernel-doc
> > - TODO: kernel-doc for API structs once agreed upon
> >
> > Summary:
> >
> > This patchset implements an ftrace-based mechanism and kernel interface for
> > doing live patching of kernel and kernel module functions. It represents the
> > greatest common functionality set between kpatch [1] and kGraft [2] and can
> > accept patches built using either method. This solution was discussed in the
> > Live Patching Mini-conference at LPC 2014 [3].
> >
> > The model consists of a live patching "core" that provides an interface for
> > other "patch" kernel modules to register patches with the core.
> >
> > Patch modules contain the new function code and create an lp_patch structure
> > containing the required data about what functions to patch, where the new code
> > for each patched function resides, and in which kernel object (vmlinux or
> > module) the function to be patch resides. The patch module then invokes the
> > lp_register_patch() function to register with the core, then lp_enable_patch()
> > to have the core redirect the execution paths using ftrace.
> >
> > An example patch module can be found here:
> > https://github.com/spartacus06/livepatch/blob/master/patch/patch.c
> >
> > The live patching core creates a sysfs hierarchy for user-level access to live
> > patching information. The hierarchy is structured like this:
> >
> > /sys/kernel/livepatch
> > /sys/kernel/livepatch/<patch>
> > /sys/kernel/livepatch/<patch>/enabled
> > /sys/kernel/livepatch/<patch>/<object>
> > /sys/kernel/livepatch/<patch>/<object>/<func>
> >
> > The old function is located using one of two methods: it is either provided by
> > the patch module (only possible for a function in vmlinux) or kallsyms lookup.
> > Symbol ambiguity results in a failure.
> >
> > The core takes a reference on the patch module itself to keep it from
> > unloading. This is because, without a mechanism to ensure that no thread is
> > currently executing in the patched function, we can not determine whether it is
> > safe to unload the patch module. For this reason, unloading patch modules is
> > currently not allowed.
> >
> > Disabling patches can be done using the "enabled" attribute of the patch:
> >
> > echo 0 > /sys/kernel/livepatch/<patch>/enabled
> >
> > If a patch module contains a patch for a module that is not currently loaded,
> > there is nothing to patch so the core does nothing for that patch object.
> > However, the core registers a module notifier that looks for COMING events so
> > that if the module is ever loaded, it is immediately patched. If a module with
> > patch code is removed, the notifier looks for GOING events and disables any
> > patched functions for that object before it unloads. The notifier has a higher
> > priority than that of the ftrace notifier so that it runs before the ftrace
> > notifier for GOING events and we can cleanly unregister from ftrace.
> >
> > kpatch and kGraft each have their own mechanisms for ensuring system
> > consistency during the patching process. This first version does not implement
> > any consistency mechanism that ensures that old and new code do not run
> > together. In practice, ~90% of CVEs are safe to apply in this way, since they
> > simply add a conditional check. However, any function change that can not
> > execute safely with the old version of the function can _not_ be safely applied
> > for now.
> >
> > [1] https://github.com/dynup/kpatch
> > [2] https://git.kernel.org/cgit/linux/kernel/git/jirislaby/kgraft.git/
> > [3] https://etherpad.fr/p/LPC2014_LivePatching
> >
> > Seth Jennings (3):
> > kernel: add TAINT_LIVEPATCH
> > kernel: add support for live patching
> > kernel: add sysfs documentation for live patching
> >
> > Documentation/ABI/testing/sysfs-kernel-livepatch | 44 +
> > Documentation/oops-tracing.txt | 2 +
> > Documentation/sysctl/kernel.txt | 1 +
> > MAINTAINERS | 13 +
> > arch/x86/Kconfig | 2 +
> > arch/x86/include/asm/livepatch.h | 38 +
> > arch/x86/kernel/Makefile | 1 +
> > arch/x86/kernel/livepatch.c | 83 ++
> > include/linux/kernel.h | 1 +
> > include/linux/livepatch.h | 68 ++
> > kernel/Makefile | 1 +
> > kernel/livepatch/Kconfig | 9 +
> > kernel/livepatch/Makefile | 3 +
> > kernel/livepatch/core.c | 999 +++++++++++++++++++++++
> > kernel/panic.c | 2 +
> > 15 files changed, 1267 insertions(+)
> > create mode 100644 Documentation/ABI/testing/sysfs-kernel-livepatch
> > create mode 100644 arch/x86/include/asm/livepatch.h
> > create mode 100644 arch/x86/kernel/livepatch.c
> > create mode 100644 include/linux/livepatch.h
> > create mode 100644 kernel/livepatch/Kconfig
> > create mode 100644 kernel/livepatch/Makefile
> > create mode 100644 kernel/livepatch/core.c
> >
>
>
> --
> Masami HIRAMATSU
> Software Platform Research Dept. Linux Technology Research Center
> Hitachi, Ltd., Yokohama Research Laboratory
> E-mail: masami.hiramatsu.pt@hitachi.com
>
>
next prev parent reply other threads:[~2014-11-17 14:55 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-11-17 1:29 [PATCHv2 0/3] Kernel Live Patching Seth Jennings
2014-11-17 1:29 ` [PATCHv2 1/3] kernel: add TAINT_LIVEPATCH Seth Jennings
2014-11-17 1:29 ` [PATCHv2 2/3] kernel: add support for live patching Seth Jennings
2014-11-17 18:45 ` Greg KH
2014-11-17 19:13 ` Seth Jennings
2014-11-18 14:11 ` Miroslav Benes
2014-11-18 14:26 ` Seth Jennings
2014-11-18 14:45 ` Miroslav Benes
2014-11-19 20:34 ` Seth Jennings
2014-11-20 13:22 ` Miroslav Benes
2014-11-19 15:27 ` Miroslav Benes
2014-11-19 16:05 ` Seth Jennings
2014-11-20 13:10 ` Miroslav Benes
2014-11-20 17:35 ` Josh Poimboeuf
2014-11-20 19:56 ` Seth Jennings
2014-11-21 14:41 ` Miroslav Benes
2014-11-21 14:38 ` Miroslav Benes
2014-11-20 15:19 ` Josh Poimboeuf
2014-11-20 16:48 ` Seth Jennings
2014-11-17 1:29 ` [PATCHv2 3/3] kernel: add sysfs documentation " Seth Jennings
2014-11-17 18:50 ` Greg KH
2014-11-17 5:33 ` [PATCHv2 0/3] Kernel Live Patching Masami Hiramatsu
2014-11-17 13:16 ` Steven Rostedt
2014-11-17 14:54 ` Seth Jennings [this message]
2014-11-18 14:23 ` Jiri Slaby
2014-11-18 14:42 ` Seth Jennings
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141117145450.GA2314@cerebellum.variantweb.net \
--to=sjenning@redhat.com \
--cc=gregkh@linuxfoundation.org \
--cc=hch@infradead.org \
--cc=jkosina@suse.cz \
--cc=jpoimboe@redhat.com \
--cc=kpatch@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=live-patching@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=masami.hiramatsu.pt@hitachi.com \
--cc=mbenes@suse.cz \
--cc=pmladek@suse.cz \
--cc=rostedt@goodmis.org \
--cc=vojtech@suse.cz \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).