Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S964887AbbD0Oqd (ORCPT ); Mon, 27 Apr 2015 10:46:33 -0400 Received: from blu004-omc1s28.hotmail.com ([65.55.116.39]:60621 "EHLO BLU004-OMC1S28.hotmail.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932852AbbD0Oq3 (ORCPT ); Mon, 27 Apr 2015 10:46:29 -0400 X-Greylist: delayed 301 seconds by postgrey-1.27 at vger.kernel.org; Mon, 27 Apr 2015 10:46:29 EDT X-TMN: [41TE1rkwmsrbR1/FzD+C7ctJLc7U6TtO] X-Originating-Email: [minfei.huang@hotmail.com] Message-ID: Date: Mon, 27 Apr 2015 22:41:18 +0800 From: Minfei Huang To: Jiri Kosina CC: x86@kernel.org, Borislav Petkov , Kees Cook , Josh Poimboeuf , Seth Jennings , Vojtech Pavlik , linux-kernel@vger.kernel.org, live-patching@vger.kernel.org Subject: Re: [PATCH 2/2] livepatch: x86: make kASLR logic more accurate References: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) X-OriginalArrivalTime: 27 Apr 2015 14:41:27.0474 (UTC) FILETIME=[3E089920:01D080F8] Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2901 Lines: 77 On 04/27/15 at 04:28P, Jiri Kosina wrote: > We give up old_addr hint from the coming patch module in cases when kernel > load base has been randomized (as in such case, the coming module has no > idea about the exact randomization offset). > > We are currently too pessimistic, and give up immediately as soon as > CONFIG_RANDOMIZE_BASE is set; this doesn't however directly imply that the > load base has actually been randomized. There are config options that > disable kASLR (such as hibernation), user could have disabled kaslr on > kernel command-line, etc. > > The loader propagates the information whether kernel has been randomized > through bootparams. This allows us to have the condition more accurate. > > On top of that, it seems unnecessary to give up old_addr hints even if > randomization is active. The relocation offset can be computed using > kaslr_ofsset(), and therefore old_addr can be adjusted accordingly. > > Signed-off-by: Jiri Kosina > --- > arch/x86/include/asm/livepatch.h | 1 + > kernel/livepatch/core.c | 5 +++-- > 2 files changed, 4 insertions(+), 2 deletions(-) > > diff --git a/arch/x86/include/asm/livepatch.h b/arch/x86/include/asm/livepatch.h > index 2d29197..19c099a 100644 > --- a/arch/x86/include/asm/livepatch.h > +++ b/arch/x86/include/asm/livepatch.h > @@ -21,6 +21,7 @@ > #ifndef _ASM_X86_LIVEPATCH_H > #define _ASM_X86_LIVEPATCH_H > > +#include > #include > #include > > diff --git a/kernel/livepatch/core.c b/kernel/livepatch/core.c > index 284e269..0e7c23c 100644 > --- a/kernel/livepatch/core.c > +++ b/kernel/livepatch/core.c > @@ -234,8 +234,9 @@ static int klp_find_verify_func_addr(struct klp_object *obj, > int ret; > > #if defined(CONFIG_RANDOMIZE_BASE) > - /* KASLR is enabled, disregard old_addr from user */ > - func->old_addr = 0; > + /* If KASLR has been enabled, adjust old_addr accordingly */ > + if (kaslr_enabled() && func->old_addr) > + func->old_addr += kaslr_offset(); Hi. Remove the judgement "CONFIG_RANDOMIZE_BASE" is fine. if kaslr is disabled, the offset will be 0. Found that kaslr_enabled is only exist for x86. Maybe you can define a weak function klp_adjustment_function_addr in general. Then each arch can overwrite the function to implemente it specially. Thanks Minfei > #endif > > if (!func->old_addr || klp_is_module(obj)) > -- > Jiri Kosina > SUSE Labs > -- > To unsubscribe from this list: send the line "unsubscribe live-patching" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/