Why not? In particular, I'd really like somebody to answer the question
"why not just store a cookie before each address-taken or
external-linkage function?".
FWIIW, this was done before (at least twice): First with grsecurity/PaX
RAP (https://grsecurity.net/rap_faq) then with kCFI
the macro undoable, as thought in
this patch. Suggestions on how to fix this are welcome.
Signed-off-by: Joao Moreira
---
arch/x86/crypto/twofish_avx_glue.c| 65 ---
arch/x86/crypto/twofish_glue_3way.c | 33 +-
arch/x86/include/asm/crypto
Add macros that generate glue functions for serpent crypto functions.
Remove GLUE_FUNC_CAST macros from function pointer assignement and use
the helper instead, making the prototypes compliant.
Signed-off-by: Joao Moreira
---
arch/x86/crypto/serpent_avx2_glue.c| 68
Add macros that generate glue functions for camellia crypto functions.
Remove GLUE_FUNC_CAST macros from function pointer assignement and use
the helper instead, making the prototypes compliant.
Signed-off-by: Joao Moreira
---
arch/x86/crypto/camellia_aesni_avx2_glue.c | 69
Add macros that generate glue functions for cast6 crypto functions.
Remove GLUE_FUNC_CAST macros from function pointer assignement and use
the helper instead, making the prototypes compliant.
Signed-off-by: Joao Moreira
---
arch/x86/crypto/cast6_avx_glue.c | 54
algorithms were
tested with the help of tcrypt.ko without any visible harm.
Joao Moreira (4):
Fix serpent crypto function prototypes
Fix camellia crypto function prototypes
Fix twofish crypto function prototypes
Fix cast6 crypto function prototypes
arch/x86/crypto/camellia_aesni_avx2_glue.c
On 4/24/19 3:19 PM, Miroslav Benes wrote:
[...]
Result: a small tweak to sympos_sanity_check() to relax its symbol
uniqueness verification: allow for duplicate
instances. Now it will only complain when a supplied symbol references
the same but a different .
diff --git
On 4/4/19 8:31 AM, Miroslav Benes wrote:
On Fri, 22 Mar 2019, Joe Lawrence wrote:
On Fri, Mar 01, 2019 at 11:13:10AM -0300, Joao Moreira wrote:
From: Josh Poimboeuf
Create cmd_klp_convert and hook it into scripts/Makefile.modpost.
cmd_klp_convert invokes klp-convert with the right
On 3/18/19 4:18 PM, Joe Lawrence wrote:
On Fri, Mar 01, 2019 at 11:13:05AM -0300, Joao Moreira wrote:
Livepatches may use symbols which are not contained in its own scope,
and, because of that, may end up compiled with relocations that will
only be resolved during module load. Yet, when
On 3/20/19 4:36 PM, Miroslav Benes wrote:
[ ... snip ... ]
+
+/* Checks if sympos is valid, otherwise prints valid sympos list */
+static bool valid_sympos(struct sympos *sp)
+{
+ struct symbol_entry *e;
+ int counter = 0;
+
+ list_for_each_entry(e, , list) {
+
On 3/26/19 1:15 PM, Joe Lawrence wrote:
On 3/26/19 10:40 AM, Joao Moreira wrote:
On 3/20/19 4:08 PM, Miroslav Benes wrote:
diff --git a/scripts/Makefile.build b/scripts/Makefile.build
index fd03d60f6c5a..1e28ad21314c 100644
--- a/scripts/Makefile.build
+++ b/scripts/Makefile.build
right place
Signed-off-by: Joao Moreira
---
scripts/Makefile.build | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/Makefile.build b/scripts/Makefile.build
index 1e28ad21314c..5f66106a47d6 100644
--- a/scripts/Makefile.build
+++ b/scripts/Makefile.b
On 2019-03-22 11:54, Joe Lawrence wrote:
On Fri, Mar 01, 2019 at 11:13:10AM -0300, Joao Moreira wrote:
From: Josh Poimboeuf
Create cmd_klp_convert and hook it into scripts/Makefile.modpost.
cmd_klp_convert invokes klp-convert with the right arguments for the
conversion of unresolved symbols
On 12/20/18 12:33 AM, Miroslav Benes wrote:
On Wed, 19 Dec 2018, Jiri Kosina wrote:
On Wed, 19 Dec 2018, Josh Poimboeuf wrote:
Also the commit message needs an analysis of the performance impacts.
Agreed. Especially as it's expected (*) to be completely in the noise
particularly for the
Convert the use of 'struct twofish_ctx *' to 'void *' in prototypes of
functions which are referenced through 'struct common_glue_func_entry',
making their prototypes match those of this struct and, consequently,
turning them compatible with CFI requirements.
Whenever needed, cast 'void *' to
algorithms, yet, if someone finds relevant, the affected algorithms were
tested with the help of tcrypt.ko without any visible harm.
Joao Moreira (4):
x86/crypto: camellia: Fix function prototypes
x86/crypto: cast6: Fix function prototypes
x86/crypto: serpent: Fix function prototypes
x86/crypto
Convert the use of 'struct twofish_ctx *' to 'void *' in prototypes of
functions which are referenced through 'struct common_glue_func_entry',
making their prototypes match those of this struct and, consequently,
turning them compatible with CFI requirements.
Whenever needed, cast 'void *' to
algorithms, yet, if someone finds relevant, the affected algorithms were
tested with the help of tcrypt.ko without any visible harm.
Joao Moreira (4):
x86/crypto: camellia: Fix function prototypes
x86/crypto: cast6: Fix function prototypes
x86/crypto: serpent: Fix function prototypes
x86/crypto
Convert the use of 'struct serpent_ctx *' to 'void *' in prototypes of
functions which are referenced through 'struct common_glue_func_entry',
making their prototypes match those of this struct and, consequently,
turning them compatible with CFI requirements.
Whenever needed, cast 'void *' to
Convert the use of 'struct camellia_ctx *' to 'void *' in prototypes of
functions which are referenced through 'struct common_glue_func_entry',
making their prototypes match those of this struct and, consequently,
turning them compatible with CFI requirements.
Whenever needed, cast 'void *' to
Convert the use of 'struct serpent_ctx *' to 'void *' in prototypes of
functions which are referenced through 'struct common_glue_func_entry',
making their prototypes match those of this struct and, consequently,
turning them compatible with CFI requirements.
Whenever needed, cast 'void *' to
Convert the use of 'struct camellia_ctx *' to 'void *' in prototypes of
functions which are referenced through 'struct common_glue_func_entry',
making their prototypes match those of this struct and, consequently,
turning them compatible with CFI requirements.
Whenever needed, cast 'void *' to
Convert the use of 'struct cast6_ctx *' to 'void *' in prototypes of
functions which are referenced through 'struct common_glue_func_entry',
making their prototypes match those of this struct and, consequently,
turning them compatible with CFI requirements.
Signed-off-by: João Moreira
Convert the use of 'struct cast6_ctx *' to 'void *' in prototypes of
functions which are referenced through 'struct common_glue_func_entry',
making their prototypes match those of this struct and, consequently,
turning them compatible with CFI requirements.
Signed-off-by: João Moreira
---
It is possible to indirectly invoke functions with prototypes that do not
match those of the respectively used function pointers by using void types.
Despite widely used as a feature for relaxing function invocation, this
should be avoided when possible as it may prevent the use of heuristics
such
It is possible to indirectly invoke functions with prototypes that do not
match those of the respectively used function pointers by using void types.
Despite widely used as a feature for relaxing function invocation, this
should be avoided when possible as it may prevent the use of heuristics
such
On 10/10/2017 11:46 PM, Josh Poimboeuf wrote:
On Tue, Oct 10, 2017 at 04:17:10PM +0200, Miroslav Benes wrote:
On Wed, 30 Aug 2017, Josh Poimboeuf wrote:
On Tue, Aug 29, 2017 at 04:01:32PM -0300, Joao Moreira wrote:
Livepatches may use symbols which are not contained in its own scope
On 10/10/2017 11:46 PM, Josh Poimboeuf wrote:
On Tue, Oct 10, 2017 at 04:17:10PM +0200, Miroslav Benes wrote:
On Wed, 30 Aug 2017, Josh Poimboeuf wrote:
On Tue, Aug 29, 2017 at 04:01:32PM -0300, Joao Moreira wrote:
Livepatches may use symbols which are not contained in its own scope
On 08/31/2017 12:24 PM, Joe Lawrence wrote:
Hi Joao,
Hi Joe and Josh,
Thanks for the quick feedback, I'll be looking forward for your comments
once you have the change to dig deeper :). I'll apply all typo-fixes,
add klpclean to the PHONY targets and change the quiet_cmd invocation as
On 08/31/2017 12:24 PM, Joe Lawrence wrote:
Hi Joao,
Hi Joe and Josh,
Thanks for the quick feedback, I'll be looking forward for your comments
once you have the change to dig deeper :). I'll apply all typo-fixes,
add klpclean to the PHONY targets and change the quiet_cmd invocation as
. Perhaps we should care about it in the future.
Tks,
Joao.
On 08/29/2017 04:01 PM, Joao Moreira wrote:
From: Josh Poimboeuf <jpoim...@redhat.com>
Livepatches may use symbols which are not contained in its own scope,
and, because of that, may end up compiled with relocations that wil
. Perhaps we should care about it in the future.
Tks,
Joao.
On 08/29/2017 04:01 PM, Joao Moreira wrote:
From: Josh Poimboeuf
Livepatches may use symbols which are not contained in its own scope,
and, because of that, may end up compiled with relocations that will
only be resolved during module
struct section {
+ struct list_head list;
+ GElf_Shdr sh;
+ struct section *base, *rela;
+ struct list_head relas;
+ struct symbol *sym;
+ Elf_Data *elf_data;
+ char *name;
+ int idx;
+ void *data;
+ unsigned int size;
+};
+
+struct symbo
HOSTLOADLIBES_ instead of HOSTLDFLAGS: -lelf must be
at the end]
[jmoreira:
* add support to automatic relocation conversion in klp-convert.c
* changelog]
Signed-off-by: Josh Poimboeuf
Signed-off-by: Konstantin Khlebnikov
Signed-off-by: Joao Moreira
---
MAINTAINERS | 1 +
Makefile
use KLP_SYMPOS
* Comments on symbol resolution scheme
* Update Makefile
* Changelog
]
Signed-off-by: Josh Poimboeuf <jpoim...@redhat.com>
Signed-off-by: Joao Moreira <jmore...@suse.de>
---
samples/livepatch/Makefile | 4 +-
samples/livepatch/livepatch-annotated-s
ts on symbol resolution scheme
* Update Makefile
* Changelog
]
Signed-off-by: Josh Poimboeuf
Signed-off-by: Joao Moreira
---
samples/livepatch/Makefile | 4 +-
samples/livepatch/livepatch-annotated-sample.c | 128 +
2 files changed, 131 insertions(+), 1 d
: Josh Poimboeuf <jpoim...@redhat.com>
Signed-off-by: Konstantin Khlebnikov <khlebni...@yandex-team.ru>
Signed-off-by: Miroslav Benes <mbe...@suse.cz>
Signed-off-by: Joao Moreira <jmore...@suse.de>
---
scripts/Kbuild.include | 4 +++-
scripts/Makefile.modpost | 16 +
-by: Konstantin Khlebnikov
Signed-off-by: Miroslav Benes
Signed-off-by: Joao Moreira
---
scripts/Kbuild.include | 4 +++-
scripts/Makefile.modpost | 16 +++-
scripts/mod/modpost.c| 6 +-
scripts/mod/modpost.h| 1 +
4 files changed, 24 insertions(+), 3 deletions(-)
diff
Add a section to Documentation/livepatch/module-elf-format.txt
describing how klp-convert works for fixing relocations.
Signed-off-by: Joao Moreira <jmore...@suse.de>
---
Documentation/livepatch/module-elf-format.txt | 47 ---
1 file changed, 42 insertions(+), 5 del
Add a section to Documentation/livepatch/module-elf-format.txt
describing how klp-convert works for fixing relocations.
Signed-off-by: Joao Moreira
---
Documentation/livepatch/module-elf-format.txt | 47 ---
1 file changed, 42 insertions(+), 5 deletions(-)
diff --git
flag and prevent modpost from breaking due to unresolved
symbols
* remove MODULE_INFO statement
]
Signed-off-by: Miroslav Benes <mbe...@suse.cz>
Signed-off-by: Joao Moreira <jmore...@suse.de>
---
samples/livepatch/livepatch-sample.c | 1 -
scripts/Makefile.modpost | 8
dpost from breaking due to unresolved
symbols
* remove MODULE_INFO statement
]
Signed-off-by: Miroslav Benes
Signed-off-by: Joao Moreira
---
samples/livepatch/livepatch-sample.c | 1 -
scripts/Makefile.modpost | 8 +++-
scripts/mod/modpost.c
s from include/uapi/livepatch.h to include/linux/livepatch.h
]
Signed-off-by: Josh Poimboeuf <jpoim...@redhat.com>
Signed-off-by: Joao Moreira <jmore...@suse.de>
---
include/linux/livepatch.h | 11 +++
1 file changed, 11 insertions(+)
diff --git a/include/linux/livepatch
to include/linux/livepatch.h
]
Signed-off-by: Josh Poimboeuf
Signed-off-by: Joao Moreira
---
include/linux/livepatch.h | 11 +++
1 file changed, 11 insertions(+)
diff --git a/include/linux/livepatch.h b/include/linux/livepatch.h
index 96a75be7ef50..3956929f21bc 100644
--- a/include
proposed by Miroslav Benes as a workaround for identifying livepathces
without depending on modinfo during the modpost stage. It was moved to
this patch as the approach also shown to be useful while building
Symbols.list.
Signed-off-by: Joao Moreira <jmore...@suse.de>
---
.gitignore
proposed by Miroslav Benes as a workaround for identifying livepathces
without depending on modinfo during the modpost stage. It was moved to
this patch as the approach also shown to be useful while building
Symbols.list.
Signed-off-by: Joao Moreira
---
.gitignore | 1 +
Makefile
, but no annotation was provided in the livepatch,
triggering an error during compilation - reproducible with this livepatch
sample: www.livewire.com.br/suse/klp/livepatch-sample.2.c
Joao Moreira (2):
kbuild: Support for Symbols.list creation
documentation: Update on livepatch elf format
Josh Poimboeuf
e tool that will be added in patch 03/07 of this same patch set.
[jmoreira: split up and changelog]
Signed-off-by: Josh Poimboeuf <jpoim...@redhat.com>
Signed-off-by: Joao Moreira <jmore...@suse.de>
---
MAINTAINERS| 1 +
include/linux/livepatch.h | 1 +
include/uapi/linu
, but no annotation was provided in the livepatch,
triggering an error during compilation - reproducible with this livepatch
sample: www.livewire.com.br/suse/klp/livepatch-sample.2.c
Joao Moreira (2):
kbuild: Support for Symbols.list creation
documentation: Update on livepatch elf format
Josh Poimboeuf
of this same patch set.
[jmoreira: split up and changelog]
Signed-off-by: Josh Poimboeuf
Signed-off-by: Joao Moreira
---
MAINTAINERS| 1 +
include/linux/livepatch.h | 1 +
include/uapi/linux/livepatch.h | 28
kernel/livepatch/core.c
50 matches
Mail list logo