lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20140502133751.GB4556@treble.redhat.com>
Date:	Fri, 2 May 2014 08:37:51 -0500
From:	Josh Poimboeuf <jpoimboe@...hat.com>
To:	Jiri Kosina <jkosina@...e.cz>
Cc:	Seth Jennings <sjenning@...hat.com>,
	Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>,
	Steven Rostedt <rostedt@...dmis.org>,
	Frederic Weisbecker <fweisbec@...il.com>,
	Ingo Molnar <mingo@...hat.com>, Jiri Slaby <jslaby@...e.cz>,
	linux-kernel@...r.kernel.org
Subject: Re: [RFC PATCH 0/2] kpatch: dynamic kernel patching

On Fri, May 02, 2014 at 03:10:58PM +0200, Jiri Kosina wrote:
> On Thu, 1 May 2014, Josh Poimboeuf wrote:
> 
> > kpatch vs kGraft
> > ----------------
> > 
> > I think the biggest difference between kpatch and kGraft is how they
> > ensure that the patch is applied atomically and safely.
> > 
> > kpatch checks the backtraces of all tasks in stop_machine() to ensure
> > that no instances of the old function are running when the new function
> > is applied.  I think the biggest downside of this approach is that
> > stop_machine() has to idle all other CPUs during the patching process,
> > so it inserts a small amount of latency (a few ms on an idle system).
> > 
> > Instead, kGraft uses per-task consistency: each task either sees the old
> > version or the new version of the function.  This gives a consistent
> > view with respect to functions, but _not_ data, because the old and new
> > functions are allowed to run simultaneously and share data.  This could
> > be dangerous if a patch changes how a function uses a data structure.
> > The new function could make a data change that the old function wasn't
> > expecting.
> 
> Please correct me if I am wrong, but with kPatch, you are also unable to 
> do a "flip and forget" switch between functions that expect different 
> format of in-memory data without performing a non-trivial all-memory 
> lookup to find structures in question and perfoming corresponding 
> transformations.
> 
> What we can do with kGraft si to perform the patching in two steps
> 
> (1) redirect to a temporary band-aid function that can handle both 
>     semantics of the data (persumably in highly sub-optimal way)
> (2) patching in (1) succeeds completely (kGraft claims victory), start a 
>     new round of patching with redirect to the final function which 
>     expects only the new semantics
> 
> This basically implies that both aproaches need "human inspection" in this 
> respect anyway.

Ah, interesting.  The intermediate function which knows how to handle
both versions of the data could get pretty tricky though.

With kpatch we'd just need to allow the user to install a callback
function which runs in stop_machine() and manually updates all the data
structures.  I think we'll be implementing something like this soon.

-- 
Josh
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ