From: Josh Poimboeuf <jpoimboe@redhat.com>
To: Jiri Kosina <jkosina@suse.cz>
Cc: x86@kernel.org, Borislav Petkov <bp@alien8.de>,
Kees Cook <keescook@chromium.org>,
Seth Jennings <sjenning@redhat.com>,
Vojtech Pavlik <vojtech@suse.cz>,
linux-kernel@vger.kernel.org, live-patching@vger.kernel.org
Subject: Re: [PATCH 2/2] livepatch: x86: make kASLR logic more accurate
Date: Tue, 28 Apr 2015 07:09:02 -0500 [thread overview]
Message-ID: <20150428120902.GB16487@treble.redhat.com> (raw)
In-Reply-To: <alpine.LNX.2.00.1504271335020.16113@pobox.suse.cz>
On Mon, Apr 27, 2015 at 04:28:58PM +0200, Jiri Kosina wrote:
> We give up old_addr hint from the coming patch module in cases when kernel
> load base has been randomized (as in such case, the coming module has no
> idea about the exact randomization offset).
>
> We are currently too pessimistic, and give up immediately as soon as
> CONFIG_RANDOMIZE_BASE is set; this doesn't however directly imply that the
> load base has actually been randomized. There are config options that
> disable kASLR (such as hibernation), user could have disabled kaslr on
> kernel command-line, etc.
>
> The loader propagates the information whether kernel has been randomized
> through bootparams. This allows us to have the condition more accurate.
>
> On top of that, it seems unnecessary to give up old_addr hints even if
> randomization is active. The relocation offset can be computed using
> kaslr_ofsset(), and therefore old_addr can be adjusted accordingly.
>
> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Acked-by: Josh Poimboeuf <jpoimboe@redhat.com>
> ---
> arch/x86/include/asm/livepatch.h | 1 +
> kernel/livepatch/core.c | 5 +++--
> 2 files changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/arch/x86/include/asm/livepatch.h b/arch/x86/include/asm/livepatch.h
> index 2d29197..19c099a 100644
> --- a/arch/x86/include/asm/livepatch.h
> +++ b/arch/x86/include/asm/livepatch.h
> @@ -21,6 +21,7 @@
> #ifndef _ASM_X86_LIVEPATCH_H
> #define _ASM_X86_LIVEPATCH_H
>
> +#include <asm/setup.h>
> #include <linux/module.h>
> #include <linux/ftrace.h>
>
> diff --git a/kernel/livepatch/core.c b/kernel/livepatch/core.c
> index 284e269..0e7c23c 100644
> --- a/kernel/livepatch/core.c
> +++ b/kernel/livepatch/core.c
> @@ -234,8 +234,9 @@ static int klp_find_verify_func_addr(struct klp_object *obj,
> int ret;
>
> #if defined(CONFIG_RANDOMIZE_BASE)
> - /* KASLR is enabled, disregard old_addr from user */
> - func->old_addr = 0;
> + /* If KASLR has been enabled, adjust old_addr accordingly */
> + if (kaslr_enabled() && func->old_addr)
> + func->old_addr += kaslr_offset();
> #endif
>
> if (!func->old_addr || klp_is_module(obj))
> --
> Jiri Kosina
> SUSE Labs
--
Josh
next prev parent reply other threads:[~2015-04-28 12:09 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-27 14:27 [PATCH 0/2] introduce kaslr_offset() and its users Jiri Kosina
2015-04-27 14:28 ` [PATCH 1/2] x86: introduce kaslr_offset() Jiri Kosina
2015-04-28 12:08 ` Josh Poimboeuf
2015-04-28 15:15 ` [PATCH v2 " Jiri Kosina
2015-04-28 15:57 ` Jiri Kosina
2015-04-28 15:59 ` Borislav Petkov
2015-04-29 14:56 ` Jiri Kosina
2015-04-29 16:16 ` Jiri Kosina
2015-04-27 14:28 ` [PATCH 2/2] livepatch: x86: make kASLR logic more accurate Jiri Kosina
2015-04-27 14:41 ` Minfei Huang
2015-04-27 23:29 ` Jiri Kosina
2015-04-28 0:08 ` Minfei Huang
2015-04-28 12:09 ` Josh Poimboeuf [this message]
2015-04-29 14:56 ` Jiri Kosina
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150428120902.GB16487@treble.redhat.com \
--to=jpoimboe@redhat.com \
--cc=bp@alien8.de \
--cc=jkosina@suse.cz \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=live-patching@vger.kernel.org \
--cc=sjenning@redhat.com \
--cc=vojtech@suse.cz \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.