Re: [PATCH] livepatch: add load/unload hooks to objects

From: Jiri Kosina
Date: Tue Aug 30 2016 - 05:41:37 EST

Next message: Jiri Olsa: "Re: [tip:perf/core] perf/core: Check return value of the perf_event_read() IPI"
Previous message: Binoy Jayan: "Re: [PATCH v3 2/3] tracing: Add trace_irqsoff tracepoints"
In reply to: Christopher Arges: "Re: [PATCH] livepatch: add load/unload hooks to objects"
Next in thread: Christopher Arges: "Re: [PATCH] livepatch: add load/unload hooks to objects"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 29 Aug 2016, Christopher Arges wrote:

> Another example is CVE-2016-2117. Here we need to unset NETIF_F_SG on a
> particular device. If the device is already loaded we need a way to
> fixup hw_features on an already allocated network device. Again this
> could be done in the init code of the patch, but a nicer solution would
> be to do this on a load/unload hook appropriately.

I am afraid this is more complicated than what you describe. You can't
just unset NETIF_F_SG and be done with it; look for example what might
happen if you clear the flag while skb_segment() is running and gcc is
refetching netdev_features_t (there is no READ_ONCE() for that). The same
holds for __ip6_append_data().
I am not saying this can't be worked around, but it's way much more
complicated than just clearing a bit in a callback.

--
Jiri Kosina
SUSE Labs

Next message: Jiri Olsa: "Re: [tip:perf/core] perf/core: Check return value of the perf_event_read() IPI"
Previous message: Binoy Jayan: "Re: [PATCH v3 2/3] tracing: Add trace_irqsoff tracepoints"
In reply to: Christopher Arges: "Re: [PATCH] livepatch: add load/unload hooks to objects"
Next in thread: Christopher Arges: "Re: [PATCH] livepatch: add load/unload hooks to objects"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]