Re: [PATCH] livepatch: add load/unload hooks to objects
From: Jiri Kosina
Date: Tue Aug 30 2016 - 05:41:37 EST
On Mon, 29 Aug 2016, Christopher Arges wrote:
> Another example is CVE-2016-2117. Here we need to unset NETIF_F_SG on a
> particular device. If the device is already loaded we need a way to
> fixup hw_features on an already allocated network device. Again this
> could be done in the init code of the patch, but a nicer solution would
> be to do this on a load/unload hook appropriately.
I am afraid this is more complicated than what you describe. You can't
just unset NETIF_F_SG and be done with it; look for example what might
happen if you clear the flag while skb_segment() is running and gcc is
refetching netdev_features_t (there is no READ_ONCE() for that). The same
holds for __ip6_append_data().
I am not saying this can't be worked around, but it's way much more
complicated than just clearing a bit in a callback.
--
Jiri Kosina
SUSE Labs