2017-04-11 11:08:13

by Petr Mladek

[permalink] [raw]
Subject: [PATCH] livepatch: Cancel transition a safe way for immediate patches

klp_init_transition() does not set func->transition for immediate patches.
Then klp_ftrace_handler() could use the new code immediately. As a result,
it is not safe to put the livepatch module in klp_cancel_transition().

This patch reverts most of the last minute changes klp_cancel_transition().
It keeps the warning about a misuse because it still makes sense.

Signed-off-by: Petr Mladek <[email protected]>
---
Hi,

I am afraid that Mirek was not right in the mail
https://lkml.kernel.org/r/[email protected]
IMHO, it is not safe to put the module when the immediate
patch cannot be applied.

Best Regards,
Petr

kernel/livepatch/transition.c | 20 --------------------
1 file changed, 20 deletions(-)

diff --git a/kernel/livepatch/transition.c b/kernel/livepatch/transition.c
index 2de09e0c4e5c..adc0cc64aa4b 100644
--- a/kernel/livepatch/transition.c
+++ b/kernel/livepatch/transition.c
@@ -120,31 +120,11 @@ static void klp_complete_transition(void)
*/
void klp_cancel_transition(void)
{
- struct klp_patch *patch = klp_transition_patch;
- struct klp_object *obj;
- struct klp_func *func;
- bool immediate_func = false;
-
if (WARN_ON_ONCE(klp_target_state != KLP_PATCHED))
return;

klp_target_state = KLP_UNPATCHED;
klp_complete_transition();
-
- /*
- * In the enable error path, even immediate patches can be safely
- * removed because the transition hasn't been started yet.
- *
- * klp_complete_transition() doesn't have a module_put() for immediate
- * patches, so do it here.
- */
- klp_for_each_object(patch, obj)
- klp_for_each_func(obj, func)
- if (func->immediate)
- immediate_func = true;
-
- if (patch->immediate || immediate_func)
- module_put(patch->mod);
}

/*
--
1.8.5.6


2017-04-11 11:31:42

by Miroslav Benes

[permalink] [raw]
Subject: Re: [PATCH] livepatch: Cancel transition a safe way for immediate patches

On Tue, 11 Apr 2017, Petr Mladek wrote:

> klp_init_transition() does not set func->transition for immediate patches.
> Then klp_ftrace_handler() could use the new code immediately. As a result,
> it is not safe to put the livepatch module in klp_cancel_transition().
>
> This patch reverts most of the last minute changes klp_cancel_transition().
> It keeps the warning about a misuse because it still makes sense.
>
> Signed-off-by: Petr Mladek <[email protected]>
> ---
> Hi,
>
> I am afraid that Mirek was not right in the mail
> https://lkml.kernel.org/r/[email protected]
> IMHO, it is not safe to put the module when the immediate
> patch cannot be applied.
>
> Best Regards,
> Petr

You're right, Petr. Thanks for fixing my fault.

If needed, we could still follow the idea - set func->transition even for
immediate patches/funcs. But for now, removing the code is the best.

Acked-by: Miroslav Benes <[email protected]>

Jiri, this (obviously) needs to go to 4.12 with the patch set...

Miroslav

> kernel/livepatch/transition.c | 20 --------------------
> 1 file changed, 20 deletions(-)
>
> diff --git a/kernel/livepatch/transition.c b/kernel/livepatch/transition.c
> index 2de09e0c4e5c..adc0cc64aa4b 100644
> --- a/kernel/livepatch/transition.c
> +++ b/kernel/livepatch/transition.c
> @@ -120,31 +120,11 @@ static void klp_complete_transition(void)
> */
> void klp_cancel_transition(void)
> {
> - struct klp_patch *patch = klp_transition_patch;
> - struct klp_object *obj;
> - struct klp_func *func;
> - bool immediate_func = false;
> -
> if (WARN_ON_ONCE(klp_target_state != KLP_PATCHED))
> return;
>
> klp_target_state = KLP_UNPATCHED;
> klp_complete_transition();
> -
> - /*
> - * In the enable error path, even immediate patches can be safely
> - * removed because the transition hasn't been started yet.
> - *
> - * klp_complete_transition() doesn't have a module_put() for immediate
> - * patches, so do it here.
> - */
> - klp_for_each_object(patch, obj)
> - klp_for_each_func(obj, func)
> - if (func->immediate)
> - immediate_func = true;
> -
> - if (patch->immediate || immediate_func)
> - module_put(patch->mod);
> }
>
> /*
> --
> 1.8.5.6
>

2017-04-11 15:10:36

by Josh Poimboeuf

[permalink] [raw]
Subject: Re: [PATCH] livepatch: Cancel transition a safe way for immediate patches

On Tue, Apr 11, 2017 at 01:07:48PM +0200, Petr Mladek wrote:
> klp_init_transition() does not set func->transition for immediate patches.
> Then klp_ftrace_handler() could use the new code immediately. As a result,
> it is not safe to put the livepatch module in klp_cancel_transition().
>
> This patch reverts most of the last minute changes klp_cancel_transition().
> It keeps the warning about a misuse because it still makes sense.
>
> Signed-off-by: Petr Mladek <[email protected]>

Good catch Petr, thanks!

Fixes: 3ec24776bfd0 ("livepatch: allow removal of a disabled patch")
Acked-by: Josh Poimboeuf <[email protected]>

--
Josh

2017-04-11 18:55:40

by Jiri Kosina

[permalink] [raw]
Subject: Re: [PATCH] livepatch: Cancel transition a safe way for immediate patches

On Tue, 11 Apr 2017, Petr Mladek wrote:

> klp_init_transition() does not set func->transition for immediate patches.
> Then klp_ftrace_handler() could use the new code immediately. As a result,
> it is not safe to put the livepatch module in klp_cancel_transition().
>
> This patch reverts most of the last minute changes klp_cancel_transition().
> It keeps the warning about a misuse because it still makes sense.
>
> Signed-off-by: Petr Mladek <[email protected]>
> ---
> Hi,
>
> I am afraid that Mirek was not right in the mail
> https://lkml.kernel.org/r/[email protected]
> IMHO, it is not safe to put the module when the immediate
> patch cannot be applied.

That's a very good catch indeed, thanks. Applied.

--
Jiri Kosina
SUSE Labs