Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp1927600imm;
        Thu, 7 Jun 2018 02:34:00 -0700 (PDT)
X-Google-Smtp-Source: ADUXVKLi/QJ+a0ShlN6kpswXHePEFvmGzi1WofBWFzkqTLhivOHf27/2u4Zle43nDIgPRdJJutbU
X-Received: by 2002:a17:902:229:: with SMTP id 38-v6mr1252734plc.384.1528364040849;
        Thu, 07 Jun 2018 02:34:00 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1528364040; cv=none;
        d=google.com; s=arc-20160816;
        b=ZiQd7fimSsaIxJJbhJNK4oU20oTEbY0tPqTmzrTLRny1gikXX754GnCnmiVj0Xi09R
         TAfapMr0u+Yw2zDpWCNNce/MGIUJzbL/fqI5q4Cdec8K1Eg/2mP8IerX3BVGaF8i00sN
         L8ZEqfl50QVuiZt8L+ysf8o6DB5l2N688b/ospiXWFtdmIrLivk346ZAg4LeaklkHzJe
         OiotrOu4NI7jCT6LeTfnlHliG2Tps9rPWs0f7btvxTSY6WCmevfXAaD0im98t2ISrGu6
         zNW9l/aHdpCFaVSxaz8WIrIop0kuAMwgh5rl+1uX9ZohGhMm7TwhGxksFkoW+5JeJyUa
         j1mA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:date:subject:cc:to:from
         :arc-authentication-results;
        bh=5J35yjbFTFTE3JEq/rSl0YGBvqaie0IW30I/GX/eAvM=;
        b=ef6XVgkFKAqcGOQPUSyT/OIcf88pUWgr22mEI0740fVpj2SQWkOrL0wTxY0uMLQR2O
         ME+VprI8W+UdkRShSjarc0slSRmSJZvEhE34DEWDRMmfgVCqyEDzYAMSZMmV6ahkLo8w
         MHlsjzQnGZ8NiwOS+4E/+3SSCsVkb3fJEVeYFkGR037SMrQtmICVJMycUKI6yvLMeU/Y
         j5yXpDrGk5UVuL09cNMtj3m3KM+sYxI3rYiqIDAO3xshXQx7YZrR6lmuB9YcpjaiaVqI
         OMn91qVR9OwPgzoXUtbe5CfF6xb/Fu79awIOrGgKvzWStQSg3j2zzdAu2rl7V+vr7SwI
         /1oA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id a6-v6si2960948pfh.137.2018.06.07.02.33.46;
        Thu, 07 Jun 2018 02:34:00 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753118AbeFGJ3y (ORCPT <rfc822;plaguedbypenguins@gmail.com>
        + 99 others); Thu, 7 Jun 2018 05:29:54 -0400
Received: from mx2.suse.de ([195.135.220.15]:54601 "EHLO mx2.suse.de"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1751491AbeFGJ3w (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 7 Jun 2018 05:29:52 -0400
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay2.suse.de (charybdis-ext-too.suse.de [195.135.220.254])
        by mx2.suse.de (Postfix) with ESMTP id 3C9A0ABF1;
        Thu,  7 Jun 2018 09:29:51 +0000 (UTC)
From:   Miroslav Benes <mbenes@suse.cz>
To:     jikos@kernel.org, jpoimboe@redhat.com, jeyu@kernel.org
Cc:     pmladek@suse.com, live-patching@vger.kernel.org,
        linux-kernel@vger.kernel.org, Miroslav Benes <mbenes@suse.cz>
Subject: [PATCH 0/3] Deny the patched modules to be removed
Date:   Thu,  7 Jun 2018 11:29:46 +0200
Message-Id: <20180607092949.1706-1-mbenes@suse.cz>
X-Mailer: git-send-email 2.17.0
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Quoting the second patch's changelog:

    Josh reported a bug:
    
      When the object to be patched is a module, and that module is
      rmmod'ed and reloaded, it fails to load with:
    
      module: x86/modules: Skipping invalid relocation target, existing value is nonzero for type 2, loc 00000000ba0302e9, val ffffffffa03e293c
      livepatch: failed to initialize patch 'livepatch_nfsd' for module 'nfsd' (-8)
      livepatch: patch 'livepatch_nfsd' failed for module 'nfsd', refusing to load module 'nfsd'
    
      The livepatch module has a relocation which references a symbol
      in the _previous_ loading of nfsd. When apply_relocate_add()
      tries to replace the old relocation with a new one, it sees that
      the previous one is nonzero and it errors out.
    
      On ppc64le, we have a similar issue:
    
      module_64: livepatch_nfsd: Expected nop after call, got e8410018 at e_show+0x60/0x548 [livepatch_nfsd]
      livepatch: failed to initialize patch 'livepatch_nfsd' for module 'nfsd' (-8)
      livepatch: patch 'livepatch_nfsd' failed for module 'nfsd', refusing to load module 'nfsd'
    
    He also proposed three different solutions. We could remove the error
    check in apply_relocate_add() introduced by commit eda9cec4c9a1
    ("x86/module: Detect and skip invalid relocations"). However the check
    is useful for detecting corrupted modules.
    
    We could also reverse the relocation patching (clear all relocation
    targets on x86_64, or return back nops on powerpc) in
    klp_unpatch_object(). The solution is not universal and is too much
    arch-specific.
    
    We decided to deny the patched modules to be removed. If it proves to be
    a major drawback for users, we can still implement a different approach.

There were many subtle details to check, so it may be broken somewhere.
Hopefully it is not, but please review carefully.

Miroslav Benes (3):
  livepatch: Nullify obj->mod in klp_module_coming()'s error path
  livepatch: Deny the patched modules to be removed
  module: Remove superfluous call to klp_module_going()

 kernel/livepatch/core.c | 25 +++++++++++++++++++++++--
 kernel/module.c         |  1 -
 2 files changed, 23 insertions(+), 3 deletions(-)

-- 
2.17.0