| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 2 May 2014 08:37:51 -0500 From: Josh Poimboeuf <jpoimboe@...hat.com> To: Jiri Kosina <jkosina@...e.cz> Cc: Seth Jennings <sjenning@...hat.com>, Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>, Steven Rostedt <rostedt@...dmis.org>, Frederic Weisbecker <fweisbec@...il.com>, Ingo Molnar <mingo@...hat.com>, Jiri Slaby <jslaby@...e.cz>, linux-kernel@...r.kernel.org Subject: Re: [RFC PATCH 0/2] kpatch: dynamic kernel patching On Fri, May 02, 2014 at 03:10:58PM +0200, Jiri Kosina wrote: > On Thu, 1 May 2014, Josh Poimboeuf wrote: > > > kpatch vs kGraft > > ---------------- > > > > I think the biggest difference between kpatch and kGraft is how they > > ensure that the patch is applied atomically and safely. > > > > kpatch checks the backtraces of all tasks in stop_machine() to ensure > > that no instances of the old function are running when the new function > > is applied. I think the biggest downside of this approach is that > > stop_machine() has to idle all other CPUs during the patching process, > > so it inserts a small amount of latency (a few ms on an idle system). > > > > Instead, kGraft uses per-task consistency: each task either sees the old > > version or the new version of the function. This gives a consistent > > view with respect to functions, but _not_ data, because the old and new > > functions are allowed to run simultaneously and share data. This could > > be dangerous if a patch changes how a function uses a data structure. > > The new function could make a data change that the old function wasn't > > expecting. > > Please correct me if I am wrong, but with kPatch, you are also unable to > do a "flip and forget" switch between functions that expect different > format of in-memory data without performing a non-trivial all-memory > lookup to find structures in question and perfoming corresponding > transformations. > > What we can do with kGraft si to perform the patching in two steps > > (1) redirect to a temporary band-aid function that can handle both > semantics of the data (persumably in highly sub-optimal way) > (2) patching in (1) succeeds completely (kGraft claims victory), start a > new round of patching with redirect to the final function which > expects only the new semantics > > This basically implies that both aproaches need "human inspection" in this > respect anyway. Ah, interesting. The intermediate function which knows how to handle both versions of the data could get pretty tricky though. With kpatch we'd just need to allow the user to install a callback function which runs in stop_machine() and manually updates all the data structures. I think we'll be implementing something like this soon. -- Josh -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists