lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 24 Nov 2014 14:31:58 +0100 (CET)
From:	Jiri Kosina <jkosina@...e.cz>
To:	Thomas Gleixner <tglx@...utronix.de>
cc:	Seth Jennings <sjenning@...hat.com>,
	Josh Poimboeuf <jpoimboe@...hat.com>,
	Vojtech Pavlik <vojtech@...e.cz>,
	Steven Rostedt <rostedt@...dmis.org>,
	Petr Mladek <pmladek@...e.cz>, Miroslav Benes <mbenes@...e.cz>,
	Christoph Hellwig <hch@...radead.org>,
	Greg KH <gregkh@...uxfoundation.org>,
	Andy Lutomirski <luto@...capital.net>,
	Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>,
	live-patching@...r.kernel.org, x86@...nel.org, kpatch@...hat.com,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCHv3 2/3] kernel: add support for live patching

On Mon, 24 Nov 2014, Thomas Gleixner wrote:

> > The person writing the patch would always need to understand what he is 
> > doing to be able to pick correct consistency model to be used. I 
> > personally think this is a good thing -- this is nothing where we should 
> > be relying on any kinds of tools.
> 
> But why want we to provide a mechanism which has no consistency
> enforcement at all?

"No consistency model needed" is also a consistency model in a sense that 
there is a (large) group of patches that can be applied that way. We've 
done some very rough analysis, and vast majority patches for CVE bugs with 
severity 6+ (which is in some sense the main motivation for all this) are 
applicable without any need of extra consistency model.

The "add bounds checking to syscall entry" is a prime example of that.

> Surely you can argue that the person who is doing that is supposed to 
> know what he's doing, but what's the downside of enforcing consistency 
> mechanisms on all live code changes?

The implementation of the consistency models (the ones that kgraft and 
kpatch have at least) is not really super-trivial and it's sometimes 
tricky to get it right and cover all the corner cases.

So the agreement was to do cover "no consistency model needed" group of 
live patches first, and design the API and data structures in such way 
that more sophisticated consistency models can be added on top as needed 
in the future.

-- 
Jiri Kosina
SUSE Labs
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ