| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 21 Oct 2011 22:36:28 +0400 From: Cyrill Gorcunov <gorcunov@...il.com> To: Tejun Heo <tj@...nel.org> Cc: Pavel Emelyanov <xemul@...allels.com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Andrey Vagin <avagin@...allels.com>, James Bottomley <jbottomley@...allels.com>, Glauber Costa <glommer@...allels.com>, "H. Peter Anvin" <hpa@...or.com>, Ingo Molnar <mingo@...e.hu>, Dave Hansen <dave@...ux.vnet.ibm.com>, "Eric W. Biederman" <ebiederm@...ssion.com>, Daniel Lezcano <dlezcano@...ibm.com>, Alexey Dobriyan <adobriyan@...il.com>, Linus Torvalds <torvalds@...ux-foundation.org>, Oleg Nesterov <oleg@...hat.com> Subject: Re: [patch 5/5] elf: Add support for loading ET_CKPT files On Fri, Oct 21, 2011 at 11:26:10AM -0700, Tejun Heo wrote: > Hello, > > On Wed, Oct 19, 2011 at 11:56:32PM +0400, Cyrill Gorcunov wrote: > > > I find that quite difficult to agree with. We're talking about some > > > minor additions to prctl against updating exec path to do something it > > > was never designed to do + new binary format. > > > > Tejun, regardless the mm_struct entries, what about mapping vdso pages at the > > place they had on snapshot time? How would we handle them? > > We discussed this elsewhere but just for the record. > Yes ;) > I haven't really looked into vdso but what the currently suggested > implementation isn't correct. vdso is there so that kernel can > provide userspace code which may vary depending on kernel version and > the actual machine it's running on, so both saving vdso and restoring > verbatim and asking the kernel to map its vdso at certain address are > wrong. > It's fine for first iteration (or rather for first RFC where such details exactly to be revealed and discussed). > The checkpointer would need to remember the vdso symtab from the > original process and then somehow build indirect jump table at the > same address which redirects to the vdso of the machine the target > process is being restored on. I'm not sure about the details of the > implementation but it could be something like "please allow me to > write to this original vdso address and keep your vdso elsewhere". > Original vdso address should remain as it was at checkpoint time but you're right that we need kinda bridge between various kernels versions I think. > I think this comes back to why one-stop-solution-in-kernel is a bad > idea for CR. My impression is that when people say "that would > require too many small API updatesa", it usually means that they > haven't really thought about each necessary piece enough and just > hacked something up lumpy and fuzzy on the edges. The thing is that > no matter how you lump them, those problems don't go away and > attacking things in small understandable API pieces not only ensures > the update itself makes sense and may be useful for others too but > also forces people to actually think about each problem. > Cyrill -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists