lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20140507122444.GB12234@gmail.com>
Date:	Wed, 7 May 2014 14:24:44 +0200
From:	Ingo Molnar <mingo@...nel.org>
To:	Josh Poimboeuf <jpoimboe@...hat.com>
Cc:	Frederic Weisbecker <fweisbec@...il.com>,
	Seth Jennings <sjenning@...hat.com>,
	Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>,
	Steven Rostedt <rostedt@...dmis.org>,
	Ingo Molnar <mingo@...hat.com>, Jiri Slaby <jslaby@...e.cz>,
	linux-kernel@...r.kernel.org,
	Peter Zijlstra <a.p.zijlstra@...llo.nl>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Thomas Gleixner <tglx@...utronix.de>
Subject: Re: [RFC PATCH 0/2] kpatch: dynamic kernel patching


* Josh Poimboeuf <jpoimboe@...hat.com> wrote:

> > Ah this reminds me when we chased kprobes dangerous spots and we 
> > tried to declare __kprobes the functions which were too dangerous 
> > to hot patch.
> > 
> > We eventually gave up because it was impossible to fix everything. 
> > And that was only for kprobes!
> > 
> > So you can never tell if a given patch will impact a given 
> > kthread.
> 
> If the user (or the person creating the patch for them) doesn't 
> understand all impacts of the patch, they have no business patching 
> their kernel with it.

I think what is being somewhat lost is this discussion is the 
distinction between:

 1) is the patch safe
 2) is the _live patching_ safe

It's really two different things. We should absolutely strive for live 
patching to be safe under all circumstances, as long as the patch 
being fed to it is safe in itself when building a new kernel the old 
fashioned way.

I.e. it's natural that a kernel can be messed up via a patch, but this 
subsystem should absolutely make sure that it will safely reject 
totally fine patches that are unsafe to live patch.

Thanks,

	Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ