[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.LNX.2.00.1406261030210.15939@pobox.suse.cz>
Date: Thu, 26 Jun 2014 10:34:03 +0200 (CEST)
From: Jiri Kosina <jkosina@...e.cz>
To: Jiri Slaby <jslaby@...e.cz>
cc: One Thousand Gnomes <gnomes@...rguk.ukuu.org.uk>,
linux-kernel@...r.kernel.org, tj@...nel.org, rostedt@...dmis.org,
mingo@...hat.com, akpm@...ux-foundation.org, andi@...stfloor.org,
paulmck@...ux.vnet.ibm.com, pavel@....cz, jirislaby@...il.com,
Vojtech Pavlik <vojtech@...e.cz>, Michael Matz <matz@...e.de>,
Udo Seidel <udoseidel@....de>
Subject: Re: [PATCH -repost 05/21] kgr: update Kconfig documentation
On Thu, 26 Jun 2014, Jiri Slaby wrote:
> >> ---
> >> kernel/Kconfig.kgraft | 3 +++
> >> samples/Kconfig | 4 ++++
> >> 2 files changed, 7 insertions(+)
> >>
> >> diff --git a/kernel/Kconfig.kgraft b/kernel/Kconfig.kgraft
> >> index f38d82c06580..bead93646071 100644
> >> --- a/kernel/Kconfig.kgraft
> >> +++ b/kernel/Kconfig.kgraft
> >> @@ -5,3 +5,6 @@ config KGRAFT
> >> bool "kGraft infrastructure"
> >> depends on DYNAMIC_FTRACE_WITH_REGS
> >> depends on HAVE_KGRAFT
> >> + help
> >> + Select this to enable kGraft online kernel patching. The
> >> + runtime price is zero, so it is safe to say Y here.
> >> diff --git a/samples/Kconfig b/samples/Kconfi
> >
> > The runtime impact is that you've just introduced a virus and trojan
> > writers delight into your kernel. There's a balance between convenience
> > and security but given most users will never use kgraft this advice seems
> > incorrect.
>
> This now writes:
> + help
> + Select this to enable kGraft online kernel patching. The
> + runtime price is nearly zero, so it is safe to say Y here
> + provided you are aware of all the consequences (e.g. in
> + security).
>
> Is it OK with you?
This might cause a false impression that we are actually opening a
security hole into a system, which is not true at all.
Yes, backdoor writeres might (or might not) make use of kGraft API, but
they have gazillion of other comparable options (*probes, ftrace,
text_poke(), ...).
I'd perhaps propose something like
"Select this to enable kGraft live kernel patching. The runtime penalty is
nearly zero, so it is safe to say Y here if you want the kernel to expose
API for live patching to modules".
--
Jiri Kosina
SUSE Labs
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists