Re: [PATCH v3 5/6] x86/ftrace: Use text_poke()

From: Jessica Yu
Date: Mon Oct 21 2019 - 10:14:29 EST

+++ Petr Mladek [18/10/19 15:40 +0200]:
On Fri 2019-10-18 15:03:42, Jessica Yu wrote:
+++ Miroslav Benes [16/10/19 15:29 +0200]:
> On Wed, 16 Oct 2019, Miroslav Benes wrote:
> Thinking about it more... crazy idea. I think we could leverage these new
> ELF .text per vmlinux/module sections for the reinvention I was talking
> about. If we teach module loader to relocate (and apply alternatives and
> so on, everything in arch-specific module_finalize()) not the whole module
> in case of live patch modules, but separate ELF .text sections, it could
> solve the issue with late module patching we have. It is a variation on
> Steven's idea. When live patch module is loaded, only its section for
> present modules would be processed. Then whenever a to-be-patched module
> is loaded, its .text section in all present patch module would be
> processed.
> The upside is that almost no work would be required on patch modules
> creation side. The downside is that klp_modinfo must stay. Module loader
> needs to be hacked a lot in both cases. So it remains to be seen which
> idea is easier to implement.
> Jessica, do you think it would be feasible?

I think that does sound feasible. I'm trying to visualize how that
would look. I guess there would need to be various livepatching hooks
called during the different stages (apply_relocate_add(),
module_finalize(), module_enable_ro/x()).

So maybe something like the following?

When a livepatch module loads:
klp hook: apply .klp.rela.$objname relocations *only* for
already loaded modules
klp hook: apply .klp.arch.$objname changes for already loaded modules
klp hook: only enable ro/x for .klp.text.$objname for already
loaded modules

Just for record. We should also set ro for the not-yet used
.klp.text.$objname at this stage so that it can't be modified
easily "by accident".

If we also set ro protection already for .klp.text.$objname for
not-yet loaded modules, I think this would unfortunately mean we would
still have to do the protection flipping for late module patching that
Peter was trying to avoid, right?

That is, we *still* end up having to do the whole module_disable_ro()
-> apply_relocate_add() -> module_finalize() -> module_enable_ro()
thing for late module patching, except now we've moved that work to
the module loader instead of in klp_module_coming.. It sounds just as
complicated as the current way :/

However, I think this complaint would not apply if livepatch switches
to the one patch module per module model..