[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.LNX.2.00.1411241427281.23174@pobox.suse.cz>
Date: Mon, 24 Nov 2014 14:31:58 +0100 (CET)
From: Jiri Kosina <jkosina@...e.cz>
To: Thomas Gleixner <tglx@...utronix.de>
cc: Seth Jennings <sjenning@...hat.com>,
Josh Poimboeuf <jpoimboe@...hat.com>,
Vojtech Pavlik <vojtech@...e.cz>,
Steven Rostedt <rostedt@...dmis.org>,
Petr Mladek <pmladek@...e.cz>, Miroslav Benes <mbenes@...e.cz>,
Christoph Hellwig <hch@...radead.org>,
Greg KH <gregkh@...uxfoundation.org>,
Andy Lutomirski <luto@...capital.net>,
Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>,
live-patching@...r.kernel.org, x86@...nel.org, kpatch@...hat.com,
linux-kernel@...r.kernel.org
Subject: Re: [PATCHv3 2/3] kernel: add support for live patching
On Mon, 24 Nov 2014, Thomas Gleixner wrote:
> > The person writing the patch would always need to understand what he is
> > doing to be able to pick correct consistency model to be used. I
> > personally think this is a good thing -- this is nothing where we should
> > be relying on any kinds of tools.
>
> But why want we to provide a mechanism which has no consistency
> enforcement at all?
"No consistency model needed" is also a consistency model in a sense that
there is a (large) group of patches that can be applied that way. We've
done some very rough analysis, and vast majority patches for CVE bugs with
severity 6+ (which is in some sense the main motivation for all this) are
applicable without any need of extra consistency model.
The "add bounds checking to syscall entry" is a prime example of that.
> Surely you can argue that the person who is doing that is supposed to
> know what he's doing, but what's the downside of enforcing consistency
> mechanisms on all live code changes?
The implementation of the consistency models (the ones that kgraft and
kpatch have at least) is not really super-trivial and it's sometimes
tricky to get it right and cover all the corner cases.
So the agreement was to do cover "no consistency model needed" group of
live patches first, and design the API and data structures in such way
that more sophisticated consistency models can be added on top as needed
in the future.
--
Jiri Kosina
SUSE Labs
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists