| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 22 Jun 2009 17:25:32 -0400 From: Jon Masters <jonathan@...masters.org> To: Peter Zijlstra <peterz@...radead.org> Cc: Tim Abbott <tabbott@...lice.com>, Linus Torvalds <torvalds@...ux-foundation.org>, Linux kernel mailing list <linux-kernel@...r.kernel.org>, Arjan van de Ven <arjan@...radead.org>, Alexey Dobriyan <adobriyan@...il.com>, Andrew Morton <akpm@...ux-foundation.org>, Anders Kaseorg <andersk@...lice.com>, Jeffrey B Arnold <jbarnold@...lice.com> Subject: Re: [PATCH] Add new TAINT_KSPLICE flag for when a Ksplice update has been loaded. On Mon, 2009-06-22 at 10:50 +0200, Peter Zijlstra wrote: > On Mon, 2009-06-22 at 03:51 -0400, Jon Masters wrote: > > On Fri, 2009-06-19 at 22:11 +0200, Peter Zijlstra wrote: > > > On Fri, 2009-06-19 at 15:57 -0400, Tim Abbott wrote: > > > > Distributions and kerneloops.org have requested that the Ksplice > > > > rebootless update system taint the kernel the first time that a > > > > Ksplice update is installed, in order to assist with bug triage. > > > > > > > > Ksplice uses a new taint flag, TAINT_KSPLICE, displayed as 'K', for > > > > this purpose. > > > > > > > > We would like to confirm that this use of taint meets with the > > > > community's approval and get this taint flag registered in mainline. > > > > > > > > Signed-off-by: Tim Abbott <tabbott@...lice.com> > > > > > > Since all of ksplice is still out-of-tree, it seems to me this taint > > > should be too. > > > > Respectfully, I disagree. > > > > The thing is, distribution maintainers and others would really benefit > > from knowing if this stuff is loaded today, before the possible eventual > > addition of ksplice upstream. We already have tainting for non-GPL code > > and I don't see us arguing about the fact that the kernel has no non-GPL > > code actually shipping in it to cause such taints to get set :) > > But without ksplice patches you cannot ksplice, right? Nah. This is a common missunderstanding. Ksplice actually doesn't need any in-kernel patches, but it does include a rather uncomfortable (from upstream PoV) disassembler to help it with patching. To avoid this, the Ksplice guys are looking to get some of the split function sections stuff, etc. upstream so that they don't need the extraneous stuff. > That is, there is > a non trivial patch to the kernel to make this happen afaik. Well, actually there are several ways that could get in upstream - even just the base bits are useful. Upstream may never take the shadow data structure tracking kABI stuff that also comes with Ksplice (I can, however, think of a few distributions that might be interested in adding those bits for themselves sometime), but that can live in their module. > If distros > ship that, then they can add this taint flag as well. No need to burden > mainline with any of that until it ksplice proper makes it in. Nah. We need a flag. It's a really nice way to know "is this backtrace I'm seeing coming from the kernel that I shipped?". Just imagine you're one of the folks in $enterprise_vendor who needs to figure this out (sure you should get there from the linked module list if you've half a brain, but perhaps "you" is actually an automated tool, like sosreport on RH systems and I'm sure other vendors have their own equivalents). Jon. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists