| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 21 Oct 2011 11:26:10 -0700 From: Tejun Heo <tj@...nel.org> To: Cyrill Gorcunov <gorcunov@...il.com> Cc: Pavel Emelyanov <xemul@...allels.com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Andrey Vagin <avagin@...allels.com>, James Bottomley <jbottomley@...allels.com>, Glauber Costa <glommer@...allels.com>, "H. Peter Anvin" <hpa@...or.com>, Ingo Molnar <mingo@...e.hu>, Dave Hansen <dave@...ux.vnet.ibm.com>, "Eric W. Biederman" <ebiederm@...ssion.com>, Daniel Lezcano <dlezcano@...ibm.com>, Alexey Dobriyan <adobriyan@...il.com>, Linus Torvalds <torvalds@...ux-foundation.org>, Oleg Nesterov <oleg@...hat.com> Subject: Re: [patch 5/5] elf: Add support for loading ET_CKPT files Hello, On Wed, Oct 19, 2011 at 11:56:32PM +0400, Cyrill Gorcunov wrote: > > I find that quite difficult to agree with. We're talking about some > > minor additions to prctl against updating exec path to do something it > > was never designed to do + new binary format. > > Tejun, regardless the mm_struct entries, what about mapping vdso pages at the > place they had on snapshot time? How would we handle them? We discussed this elsewhere but just for the record. I haven't really looked into vdso but what the currently suggested implementation isn't correct. vdso is there so that kernel can provide userspace code which may vary depending on kernel version and the actual machine it's running on, so both saving vdso and restoring verbatim and asking the kernel to map its vdso at certain address are wrong. The checkpointer would need to remember the vdso symtab from the original process and then somehow build indirect jump table at the same address which redirects to the vdso of the machine the target process is being restored on. I'm not sure about the details of the implementation but it could be something like "please allow me to write to this original vdso address and keep your vdso elsewhere". I think this comes back to why one-stop-solution-in-kernel is a bad idea for CR. My impression is that when people say "that would require too many small API updatesa", it usually means that they haven't really thought about each necessary piece enough and just hacked something up lumpy and fuzzy on the edges. The thing is that no matter how you lump them, those problems don't go away and attacking things in small understandable API pieces not only ensures the update itself makes sense and may be useful for others too but also forces people to actually think about each problem. Thank you. -- tejun -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists