From: Miroslav Benes <mbenes@xxxxxxx>
Date: Thu, 9 Sep 2021 13:53:35 +0200 (CEST)
> Hi,
Hi!
> On Tue, 31 Aug 2021, Alexander Lobakin wrote:
>
> > From: Kristen Carlson Accardi <kristen@xxxxxxxxxxxxxxx>
> >
> > If any type of function granular randomization is enabled, the sympos
> > algorithm will fail, as it will be impossible to resolve symbols when
> > there are duplicates using the previous symbol position.
> >
> > Override the value of sympos to always be zero if fgkaslr is enabled for
> > either the core kernel or modules, forcing the algorithm
> > to require that only unique symbols are allowed to be patched.
> >
> > Signed-off-by: Kristen Carlson Accardi <kristen@xxxxxxxxxxxxxxx>
> > Signed-off-by: Alexander Lobakin <alexandr.lobakin@xxxxxxxxx>
> > ---
> > kernel/livepatch/core.c | 11 +++++++++++
> > 1 file changed, 11 insertions(+)
> >
> > diff --git a/kernel/livepatch/core.c b/kernel/livepatch/core.c
> > index 335d988bd811..852bbfa9da7b 100644
> > --- a/kernel/livepatch/core.c
> > +++ b/kernel/livepatch/core.c
> > @@ -169,6 +169,17 @@ static int klp_find_object_symbol(const char *objname, const char *name,
> > else
> > kallsyms_on_each_symbol(klp_find_callback, &args);
> >
> > + /*
> > + * If any type of function granular randomization is enabled, it
> > + * will be impossible to resolve symbols when there are duplicates
> > + * using the previous symbol position (i.e. sympos != 0). Override
> > + * the value of sympos to always be zero in this case. This will
> > + * force the algorithm to require that only unique symbols are
> > + * allowed to be patched.
> > + */
> > + if (IS_ENABLED(CONFIG_FG_KASLR))
> > + sympos = 0;
> > +
>
> I ran the live patching tests and no problem occurred, which is great. We
> do not have a test for old_sympos, which makes the testing less telling,
> but at least nothing blows up with the section randomization itself.
Great, thanks!
> However, I want to reiterate what I wrote for the same patch in v5
> series.
>
> The above hunk should work, but I wonder if we should make it more
> explicit. With the change the user will get the error with "unresolvable
> ambiguity for symbol..." if they specify sympos and the symbol is not
> unique. It could confuse them.
>
> So, how about it making it something like
>
> if (IS_ENABLED(CONFIG_FG_KASLR) || IS_ENABLED(CONFIG_MODULE_FG_KASLR))
> if (sympos) {
> pr_err("fgkaslr is enabled, specifying sympos for symbol '%s' in object '%s' does not work.\n",
> name, objname);
> *addr = 0;
> return -EINVAL;
> }
>
> ? (there could be goto to the error out at the end of the function to
> save copy-pasting).
>
> In that case, if sympos is not specified, the user will get the message
> which matches the reality. If the user specifies it, they will get the
> error in case of fgkaslr (no matter if the symbol is found or not).
Not familiar with livepatching unfortunately, hope Kristen and/or
Kees will comment on this. Looks fine for me anyways.
> What do you think?
>
> Miroslav
Thanks,
Al
