lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 13 Apr 2015 17:11:19 +0800
From:	Minfei Huang <minfei.huang@...mail.com>
To:	Petr Mladek <pmladek@...e.cz>
CC:	jpoimboe@...hat.com, sjenning@...hat.com, jkosina@...e.cz,
	vojtech@...e.cz, live-patching@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/2] livepatch: Add a new function to verify the address
 and name match for extra module

On 04/13/15 at 10:37P, Petr Mladek wrote:
> On Sun 2015-04-12 21:15:53, Minfei Huang wrote:
> > In order to restrict the patch, we can verify the provided function
> > address and name match. Now we have can only verify the vmlinux function
> > name and address.
> > 
> > Add a new function to verify extra module function name and address. The
> > patch would not be patched, if the function name and address are not
> > matched.
> 
> old_addr could be predefined only for vmlinux. It does not make sense
> to define it for modules because they are loaded dynamically, each
> time on a different addresses. It means that it does not make sense
> to verify addresses from modules. They always need to be detected.
> 

Please correct me if there is something wrong for below comment.

As commented in the doc that function address is optional, it is more
confortable during patching the patch, if function name and address are
provided.

For now we only use function name to detect the module function. It is
more accurate to detect the function using function name and address.

Maybe the function address being optional to be added is more accepted. 

Also what the patches's purpose is to support the situation that
function name is larger than 128.

I think the patches make sense, because we can not disallow the extra
module to be patch, which function name may be larger than 128.

Thanks
Minfei

> Best Regards,
> Petr
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ