[kpatch] Correlating unchanged locals
Evgenii Shatokhin
eshatokhin at virtuozzo.com
Tue Oct 18 11:50:08 UTC 2016
On 14.10.2016 20:49, Josh Poimboeuf wrote:
> On Fri, Oct 14, 2016 at 04:21:59PM +0300, Evgenii Shatokhin wrote:
>> Hi,
>>
>> It might be not a problem in Kpatch itself but perhaps you could give an
>> advice on how to deal with it.
>>
>> I hit a strange problem when experimenting with the patches for
>> CVE-2015-7872 and CVE-2016-5696 for the kernel 3.10.0-327.4.4 in CentOS.
>>
>> To build the binary patch for these, I used the same GCC as was used
for the
>> kernel, GCC 4.8.3 20140911 (Red Hat 4.8.3-9).
>>
>> The following error was reported by kpatch-build:
>>
>> /usr/libexec/kpatch/create-diff-object: ERROR: gc.o:
>> kpatch_create_dynamic_rela_sections: 2659: lookup_local_symbol
>> graveyard.20319 (gc.c) needed for .text.key_gc_unused_keys.constprop.1
>>
>> The kernel has such symbol but with a different numeric suffix:
>> $ readelf -sW ./vmlinux | grep -F graveyard.
>> 24328: ffffffff819df280 16 OBJECT LOCAL DEFAULT 15
graveyard.20316
>>
>> I cannot say why the same GCC behaved differently in these cases.
>>
>> I can change lookup_local_symbol() so that it would ignore such
suffixes for
>> variables (but not for the functions) when matching the names. This
is not
>> enough however, because the dynrela for that symbol still refers to
>> graveyard.20319 and the binary patch fails to load as a result.
>>
>> The problem has not shown up for other kernels so far, only for
>> 3.10.0-327.4.4.
>>
>> Any ideas?
>
> Hi Evgenii,
>
> gcc added the suffix to the graveyard variable because it's a static
> local variable, which is very similar to a global variable, except its
> scope is local to the function. So it's possible for there to be
> several of these variables with the same name in the same file, or even
> in the same function.
>
> The .20316 suffix is its gcc object number, which can change even if you
> patch completely unrelated code. It's always added to static local
> variables to distinguish them for other static locals which might have
> the same name.
Yes, I know about this peculiarity of GCC.
>
> In general, dealing with static local variables properly is hard, and
> has been a real problem area for kpatch-build. We have plans to rewrite
> the static local handling code (yet again). For some background, see:
> https://github.com/dynup/kpatch/issues/545
>
> Anyway, I don't know what specific issue you're seeing, but feel free to
> open a github issue for it.
>
While experimenting with that kernel more, I encountered a more serious
issue, which can be related to static locals. The binary patch for
CVE-2016-3134 builds without errors but fails to load on that kernel.
Reported it here: https://github.com/dynup/kpatch/issues/612
Regards,
Evgenii
More information about the kpatch
mailing list