Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp598318ybz;
        Wed, 15 Apr 2020 14:51:56 -0700 (PDT)
X-Google-Smtp-Source: APiQypIatC0In/DXi/CuZEyPvUBnu5V8ymTJKYJ1heUIUYqPY9cCtuRCEtaRcRue6mIx1R8g1oFm
X-Received: by 2002:a17:906:4d8f:: with SMTP id s15mr7066194eju.288.1586987516063;
        Wed, 15 Apr 2020 14:51:56 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1586987516; cv=none;
        d=google.com; s=arc-20160816;
        b=J49JKRTsjCuBVq/jhkTqcX8u0fzRdvXgC8ouBxAYCOJMuqmUiYu9hmJrjJn+aVwf7W
         45rAZk4XQdi5mnBQd+/ff85iIpkSmRbK/dtrzcSkAq5+5oKGXb/MeQFKvWEi2fG/zpZv
         dxnG3XdlzMmnFI/kNZVG9jNIvErCzRGnHrdhKexq2BUVh5Q/tbHpzlLWA3+SPqJKbvtc
         foWEW+zrg21IMHaN6sIoeLrxA/cXUX3G5bL627WGsQ0ZpLw8wVh0zBT6PBkdhrknNEhy
         m9PJTU5GedHSbZrUSsKKRrahchGbG0Ec+Po3L297DVpOcb+q0DgsXQu/SF69vEwf0rSb
         V91Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:in-reply-to:content-disposition
         :mime-version:references:message-id:subject:cc:to:from:date
         :dkim-signature;
        bh=+Ahnft7vUrxEzTLFARwrc8iGTJuhUk/MsvvVIUVUZdA=;
        b=CTvWOt2dJJoovg3tFdA+tTE2bn71cbq85+S4CjdtyifRHXQkbLTIRNBwANKFFAcGZ6
         N6rIp5m53GV1SrycgFZXzpMYXdw2g5n0GFGsmPmTnlO9HFUs7Mfov+kqnygypAdEN9Jw
         w4oW4ro9tKnuNsyR4W24s47QQMqk2ALREkP5xnigga9L3VvFHS2xeP04nm+fjUTtm/oK
         eMlwosgc+2Z+3zgdF3FKSJOU5RjBGbck89a59KlPB3vumKS3ZXEnoeiYI1JNS/Bqwa/n
         AFqBWo3UavIpsIEqcwT50nCn/41aEH1aQrusTSr9HUD3KQXsx+Aq6ra9oVTK5nRLISzJ
         hhsQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=irwPblHD;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id 30si13515452edr.255.2020.04.15.14.51.32;
        Wed, 15 Apr 2020 14:51:56 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=irwPblHD;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2504837AbgDNTcN (ORCPT <rfc822;ahaning.tech@gmail.com>
        + 99 others); Tue, 14 Apr 2020 15:32:13 -0400
Received: from us-smtp-1.mimecast.com ([207.211.31.81]:52717 "EHLO
        us-smtp-delivery-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL)
        by vger.kernel.org with ESMTP id S2504817AbgDNTb6 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 14 Apr 2020 15:31:58 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
        s=mimecast20190719; t=1586892716;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         in-reply-to:in-reply-to:references:references;
        bh=+Ahnft7vUrxEzTLFARwrc8iGTJuhUk/MsvvVIUVUZdA=;
        b=irwPblHDA/mj3vvMgCcsNFAoBxFse+/oK+dWQbKMWkFN0HeEQ+IB2Pc3AJB+dS0nh96wcM
        cFHuSOp0CN+Ak7C4zdkQQ7MAE5Ufj9N+cyMxHlXXcqEjPv1pnMK67cxHmTNpdglSqm/zXc
        MpZgNn0JM/jU+w4cKSAEwE6rVxztRnI=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-405-APxugEDrOxmPbni84qHg7w-1; Tue, 14 Apr 2020 15:31:55 -0400
X-MC-Unique: APxugEDrOxmPbni84qHg7w-1
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mimecast-mx01.redhat.com (Postfix) with ESMTPS id D27311034AE1;
        Tue, 14 Apr 2020 19:31:53 +0000 (UTC)
Received: from treble (ovpn-116-146.rdu2.redhat.com [10.10.116.146])
        by smtp.corp.redhat.com (Postfix) with ESMTPS id D40F95D9CD;
        Tue, 14 Apr 2020 19:31:52 +0000 (UTC)
Date:   Tue, 14 Apr 2020 14:31:50 -0500
From:   Josh Poimboeuf <jpoimboe@redhat.com>
To:     Peter Zijlstra <peterz@infradead.org>
Cc:     live-patching@vger.kernel.org, linux-kernel@vger.kernel.org,
        Jessica Yu <jeyu@kernel.org>
Subject: Re: [PATCH 1/7] livepatch: Apply vmlinux-specific KLP relocations
 early
Message-ID: <20200414193150.iqw224itgpedpltm@treble>
References: <cover.1586881704.git.jpoimboe@redhat.com>
 <8c3af42719fe0add37605ede634c7035a90f9acc.1586881704.git.jpoimboe@redhat.com>
 <20200414174406.GC2483@worktop.programming.kicks-ass.net>
 <20200414180109.da4v2b4ifpixuzn3@treble>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <20200414180109.da4v2b4ifpixuzn3@treble>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Apr 14, 2020 at 01:01:09PM -0500, Josh Poimboeuf wrote:
> On Tue, Apr 14, 2020 at 07:44:06PM +0200, Peter Zijlstra wrote:
> > On Tue, Apr 14, 2020 at 11:28:37AM -0500, Josh Poimboeuf wrote:
> > > KLP relocations are livepatch-specific relocations which are applied to
> > >   1) vmlinux-specific KLP relocation sections
> > > 
> > >      .klp.rela.vmlinux.{sec}
> > > 
> > >      These are relocations (applied to the KLP module) which reference
> > >      unexported vmlinux symbols.
> > > 
> > >   2) module-specific KLP relocation sections
> > > 
> > >      .klp.rela.{module}.{sec}:
> > > 
> > >      These are relocations (applied to the KLP module) which reference
> > >      unexported or exported module symbols.
> > 
> > Is there something that disallows a module from being called 'vmlinux' ?
> > If not, we might want to enforce this somewhere.
> 
> I'm pretty sure we don't have a check for that anywhere, though the KLP
> module would almost certainly fail during the module load when it
> couldn't find the vmlinux.ko symbols it needed.
> 
> It wouldn't hurt to add a check somewhere though.  Maybe in
> klp_module_coming() since the restriction only applies to
> CONFIG_LIVEPATCH...

From: Josh Poimboeuf <jpoimboe@redhat.com>
Subject: [PATCH] livepatch: Disallow vmlinux.ko

This is purely a theoretical issue, but if there were a module named
vmlinux.ko, the livepatch relocation code wouldn't be able to
distinguish between vmlinux-specific and vmlinux.o-specific KLP
relocations.

If CONFIG_LIVEPATCH is enabled, don't allow a module named vmlinux.ko.

Suggested-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
---
 kernel/livepatch/core.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/kernel/livepatch/core.c b/kernel/livepatch/core.c
index 3a88639b3326..3ff886b911ae 100644
--- a/kernel/livepatch/core.c
+++ b/kernel/livepatch/core.c
@@ -1169,6 +1169,11 @@ int klp_module_coming(struct module *mod)
 	if (WARN_ON(mod->state != MODULE_STATE_COMING))
 		return -EINVAL;
 
+	if (!strcmp(mod->name, "vmlinux")) {
+		pr_err("vmlinux.ko: invalid module name");
+		return -EINVAL;
+	}
+
 	mutex_lock(&klp_mutex);
 	/*
 	 * Each module has to know that klp_module_coming()
-- 
2.21.1