Skip to content

Commit

Permalink
Remove insn_queue from libpulp
Browse files Browse the repository at this point in the history
The insn_queue was introduced to overcome issues related to seccomp.
However there is a simpler way of overcoming this issue which is to
use /proc/self/mem.

Signed-off-by: Giuliano Belinassi <[email protected]>
  • Loading branch information
giulianobelinassi committed Aug 26, 2024
1 parent c1704b4 commit 7c88342
Show file tree
Hide file tree
Showing 10 changed files with 61 additions and 558 deletions.
3 changes: 1 addition & 2 deletions include/Makefile.am
Original file line number Diff line number Diff line change
Expand Up @@ -26,5 +26,4 @@ noinst_HEADERS = \
error_common.h \
terminal_colors.h \
ld_rtld.h \
insn_queue.h \
insn_queue_lib.h
insn_queue.h
35 changes: 0 additions & 35 deletions include/insn_queue_lib.h

This file was deleted.

4 changes: 0 additions & 4 deletions lib/Makefile.am
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,6 @@ libpulp_la_SOURCES = \
ulp.c \
interpose.c \
msg_queue.c \
insn_queue.c \
error.c \
ulp_prologue.S \
ulp_interface.S
Expand All @@ -39,7 +38,4 @@ libpulp_la_LIBADD = $(top_builddir)/common/libcommon.la

AM_CFLAGS += -I$(top_srcdir)/include

# Add -fno-strict-alias to the insn_queue code.
insn_queue.lo : CFLAGS += -fno-strict-aliasing

EXTRA_DIST = libpulp.versions
172 changes: 0 additions & 172 deletions lib/insn_queue.c

This file was deleted.

59 changes: 45 additions & 14 deletions lib/ulp.c
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,6 @@

#include "config.h"
#include "error.h"
#include "insn_queue_lib.h"
#include "interpose.h"
#include "msg_queue.h"
#include "ulp.h"
Expand Down Expand Up @@ -89,6 +88,38 @@ begin(void)
msgq_push("libpulp loaded...\n");
}

/** @brief Write into memory bypassing memory protections
*
* The process may be launched with mprotect through seccomp, which
* will block certain addresses to be written. This function
* circunvent this by writing through /proc/self/map.
*
* @param dest Destination address
* @param src Source address
* @param n number of bytes
* @return dest on success, NULL if error.
*/
void *
memwrite(void *dest, const void *src, size_t n)
{
FILE *file = fopen("/proc/self/mem", "r+");

/* SLE have some processes which chroots into /proc. If the above fopen
fails then try this to check if this is the case. */
if (file == NULL) {
file = fopen("/self/mem", "r+");
libpulp_assert(file != NULL);
}

libpulp_assert(fseek(file, (size_t)dest, SEEK_SET) == 0);
libpulp_assert(fwrite(src, 1, n, file) == n);

fflush(file);
fclose(file);

return dest;
}

/** @brief Revert all live patches associated with library `lib_name`
*
* The user may have applied a series of live patches on a library named
Expand Down Expand Up @@ -157,10 +188,6 @@ __ulp_revert_patches_from_lib()
if (libpulp_is_in_error_state())
return get_libpulp_error_state();

/* If the instruction queue is in an weird state, we cannot continue. */
if (insnq_ensure_emptiness())
return get_libpulp_error_state();

/*
* If the target process is busy within functions from the malloc or
* dlopen implementations, applying a live patch could lead to a
Expand All @@ -173,6 +200,10 @@ __ulp_revert_patches_from_lib()
/* Otherwise, try to apply the live patch. */
result = revert_all_patches_from_lib(__ulp_metadata_buffer);

/* If we entered in an error state, then return the error. */
if (libpulp_is_in_error_state())
return get_libpulp_error_state();

/*
* Live patching could fail for a couple of different reasons, thus
* check the result and return either zero for success or one for
Expand All @@ -191,10 +222,6 @@ __ulp_apply_patch()
if (libpulp_is_in_error_state())
return get_libpulp_error_state();

/* If the instruction queue is in an weird state, we cannot continue. */
if (insnq_ensure_emptiness())
return get_libpulp_error_state();

/*
* If the target process is busy within functions from the malloc or
* dlopen implementations, applying a live patch could lead to a
Expand All @@ -207,6 +234,10 @@ __ulp_apply_patch()
/* Otherwise, try to apply the live patch. */
result = load_patch();

/* If we entered in an error state, then return the error. */
if (libpulp_is_in_error_state())
return get_libpulp_error_state();

/*
* Live patching could fail for a couple of different reasons, thus
* check the result and return either zero for success or whatever
Expand Down Expand Up @@ -743,11 +774,11 @@ ulp_apply_all_units(struct ulp_metadata *ulp)

if (ref->tls) {
tls_index ti = { .ti_module = tls_idx, .ti_offset = ref->target_offset };
insnq_insert_write((void *)patch_address, sizeof(ti), &ti);
memwrite((void *)patch_address, &ti, sizeof(ti));
}
else {
uintptr_t target_address = target_base + ref->target_offset;
insnq_insert_write((void *)patch_address, sizeof(void *), &target_address);
memwrite((void *)patch_address, &target_address, sizeof(void *));
}
ref = ref->next;
}
Expand Down Expand Up @@ -1064,7 +1095,7 @@ check_build_id(struct ulp_metadata *ulp)
static void
ulp_patch_prologue_layout(void *old_fentry, const char *prologue, int len)
{
insnq_insert_write(old_fentry, len, prologue);
memwrite(old_fentry, prologue, len);
}

/** @brief skip the ulp prologue.
Expand All @@ -1090,7 +1121,7 @@ ulp_skip_prologue(void *fentry)
bias += sizeof(insn_endbr64);

/* Do not jump backwards on function entry (0x6690 is a nop on x86). */
insnq_insert_write((char *)fentry + bias, sizeof(insn_nop2), insn_nop2);
memwrite((char *)fentry + bias, insn_nop2, sizeof(insn_nop2));
}

/** @brief Get patched address of function with universe index = idx.
Expand Down Expand Up @@ -1193,7 +1224,7 @@ void
ulp_patch_addr_absolute(void *old_fentry, void *manager)
{
char *dst = (char *)old_fentry + ULP_DATA_OFFSET;
insnq_insert_write(dst, sizeof(void *), &manager);
memwrite(dst, &manager, sizeof(void *));
}

/** @brief Actually patch the old function with the new function
Expand Down
6 changes: 0 additions & 6 deletions tests/Makefile.am
Original file line number Diff line number Diff line change
Expand Up @@ -444,7 +444,6 @@ check_PROGRAMS = \
pcqueue \
comments \
block_mprotect \
insn_queue \
chroot \
visibility

Expand Down Expand Up @@ -580,10 +579,6 @@ block_mprotect_SOURCES = block_mprotect.c
block_mprotect_CFLAGS = $(AM_CFLAGS) -I/usr/include/libseccomp/
block_mprotect_LDADD = -lseccomp

insn_queue_SOURCES = insn_queue.c
insn_queue_CFLAGS = $(AM_CFLAGS) -I$(srcdir)/../include -I$(srcdir)/../tools/include
insn_queue_LDADD =

chroot_SOURCES = chroot.c
chroot_CFLAGS = $(AM_CFLAGS)
chroot_LDADD = libparameters.la
Expand Down Expand Up @@ -643,7 +638,6 @@ TESTS = \
mprotect_patch.py \
patches.py \
mprotect_patch.py \
insn_queue.py \
chroot.py \
visibility.py

Expand Down
Loading

0 comments on commit 7c88342

Please sign in to comment.