+++ Miroslav Benes [16/10/19 15:29 +0200]:
On Wed, 16 Oct 2019, Miroslav Benes wrote:
On Wed, 16 Oct 2019, Peter Zijlstra wrote:
> On Tue, Oct 15, 2019 at 06:27:05PM -0400, Steven Rostedt wrote:
>
> > (7) Seventh session, titled "klp-convert and livepatch relocations", was led
> > by Joe Lawrence.
> >
> > Joe started the session with problem statement: accessing non exported / static
> > symbols from inside the patch module. One possible workardound is manually via
> > kallsyms. Second workaround is klp-convert, which actually creates proper
> > relocations inside the livepatch module from the symbol database during the
> > final .ko link.
> > Currently module loader looks for special livepatch relocations and resolves
> > those during runtime; kernel support for these relocations have so far been
> > added for x86 only. Special livepatch relocations are supported and processed
> > also on other architectures. Special quirks/sections are not yet supported.
> > Plus klp-convert would still be needed even with late module patching update.
> > vmlinux or modules could have ambiguous static symbols.
> >
> > It turns out that the features / bugs below have to be resolved before we
> > can claim the klp-convert support for relocation complete:
> > - handle all the corner cases (jump labels, static keys, ...) properly and
> > have a good regression tests in place
>
> I suppose all the patches in this series-of-series here will make life
> harder for KLP, static_call() and 2 byte jumps etc..
Yes, I think so. We'll have to deal with that once it lands. That is why
we want to get rid of all this arch-specific code in livepatch and
reinvent the late module patching. So it is perhaps better to start
working on it sooner than later. Adding Petr, who hesitantly signed up for
the task...
Thinking about it more... crazy idea. I think we could leverage these new
ELF .text per vmlinux/module sections for the reinvention I was talking
about. If we teach module loader to relocate (and apply alternatives and
so on, everything in arch-specific module_finalize()) not the whole module
in case of live patch modules, but separate ELF .text sections, it could
solve the issue with late module patching we have. It is a variation on
Steven's idea. When live patch module is loaded, only its section for
present modules would be processed. Then whenever a to-be-patched module
is loaded, its .text section in all present patch module would be
processed.
The upside is that almost no work would be required on patch modules
creation side. The downside is that klp_modinfo must stay. Module loader
needs to be hacked a lot in both cases. So it remains to be seen which
idea is easier to implement.
Jessica, do you think it would be feasible?
I think that does sound feasible. I'm trying to visualize how that
would look. I guess there would need to be various livepatching hooks
called during the different stages (apply_relocate_add(),
module_finalize(), module_enable_ro/x()).
So maybe something like the following?
When a livepatch module loads:
apply_relocate_add()
klp hook: apply .klp.rela.$objname relocations *only* for
already loaded modules
module_finalize()
klp hook: apply .klp.arch.$objname changes for already loaded modules
module_enable_ro()
klp hook: only enable ro/x for .klp.text.$objname for already
loaded modules
When a to-be-patched module loads:
apply_relocate_add()
klp hook: for each patch module that patches the coming
module, apply .klp.rela.$objname relocations for this object
module_finalize()
klp hook: for each patch module that patches the coming
module, apply .klp.arch.$objname changes for this object
module_enable_ro()
klp hook: for each patch module, apply ro/x permissions for
.klp.text.$objname for this object
Then, in klp_module_coming, we only need to do the callbacks and
enable the patch, and get rid of the module_disable_ro->apply
relocs->module_enable_ro block.
Does that sound like what you had in mind or am I totally off?
Thanks!
Jessica