Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <5d9b4b306b9cc9109286e2d8f7213be3296d6aa8.camel@linux.intel.com>
Date: Mon, 28 Sep 2020 10:31:12 -0700
From: Kristen Carlson Accardi <kristen@...ux.intel.com>
To: Miroslav Benes <mbenes@...e.cz>
Cc: keescook@...omium.org, tglx@...utronix.de, mingo@...hat.com,
 bp@...en8.de,  arjan@...ux.intel.com, x86@...nel.org,
 linux-kernel@...r.kernel.org,  kernel-hardening@...ts.openwall.com,
 rick.p.edgecombe@...el.com,  live-patching@...r.kernel.org
Subject: Re: [PATCH v5 00/10] Function Granular KASLR

Hi,

On Fri, 2020-09-25 at 15:06 +0200, Miroslav Benes wrote:
> Hi Kristen,
> 
> On Wed, 23 Sep 2020, Kristen Carlson Accardi wrote:
> 
> > Function Granular Kernel Address Space Layout Randomization
> > (fgkaslr)
> > -----------------------------------------------------------------
> > ----
> > 
> > This patch set is an implementation of finer grained kernel address
> > space
> > randomization. It rearranges your kernel code at load time 
> > on a per-function level granularity, with only around a second
> > added to
> > boot time.
> 
> I ran live patching kernel selftests on the patch set and everything 
> passed fine.
> 
> However, we also use not-yet-upstream set of tests at SUSE for
> testing 
> live patching [1] and one of them, klp_tc_12.sh, is failing. You
> should be 
> able to run the set on upstream as is.
> 
> The test uninterruptedly sleeps in a kretprobed function called by a 
> patched one. The current master without fgkaslr patch set reports
> the 
> stack of the sleeping task as unreliable and live patching fails.
> The 
> situation is different with fgkaslr (even with nofgkaslr on the
> command 
> line). The stack is returned as reliable. It looks something like 
> 
> [<0>] __schedule+0x465/0xa40
> [<0>] schedule+0x55/0xd0
> [<0>] orig_do_sleep+0xb1/0x110 [klp_test_support_mod]
> [<0>] swap_pages+0x7f/0x7f
> 
> where the last entry is not reliable. I've seen 
> kretprobe_trampoline+0x0/0x4a and some other symbols there too. Since
> the 
> patched function (orig_sleep_uninterruptible_set) is not on the
> stack, 
> live patching succeeds, which is not intended.
> 
> With kprobe setting removed, all works as expected.
> 
> So I wonder if there is still some issue with ORC somewhere as you 
> mentioned in v4 thread. I'll investigate more next week, but wanted
> to 
> report early.
> 
> Regards
> Miroslav
> 
> [1] https://github.com/lpechacek/qa_test_klp

Thanks for testing and reporting. I will grab your test and see what I
can find.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.