lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20150122130519.GA17376@treble.redhat.com>
Date:	Thu, 22 Jan 2015 07:05:19 -0600
From:	Josh Poimboeuf <jpoimboe@...hat.com>
To:	Li Bin <huawei.libin@...wei.com>
Cc:	Jiri Kosina <jkosina@...e.cz>, Seth Jennings <sjenning@...hat.com>,
	Vojtech Pavlik <vojtech@...e.cz>, Jiri Slaby <jslaby@...e.cz>,
	Miroslav Benes <mbenes@...e.cz>, live-patching@...r.kernel.org,
	linux-kernel@...r.kernel.org, lizefan@...wei.com,
	guohanjun@...wei.com, zhangdianfang@...wei.com, xiexiuqi@...wei.com
Subject: Re: [PATCH 2/2] livepatch: disable/enable_patch manners for
 interdependent patches

On Thu, Jan 22, 2015 at 05:54:23PM +0800, Li Bin wrote:
> On 2015/1/22 16:39, Li Bin wrote:
> > On 2015/1/22 11:51, Josh Poimboeuf wrote:
> >> On Thu, Jan 22, 2015 at 08:42:29AM +0800, Li Bin wrote:
> >>> On 2015/1/21 22:08, Jiri Kosina wrote:
> >>>> On Wed, 21 Jan 2015, Li Bin wrote:
> >>>> By this you limit the definition of the patch inter-dependency to just 
> >>>> symbols. But that's not the only way how patches can depend on it other -- 
> >>>> the dependency can be semantical.
> >>>
> >>> Yes, I agree with you. But I think the other dependencies such as semantical
> >>> dependency should be judged by the user, like reverting a patch from git repository.
> >>> Right?
> >>
> >> But with live patching, there are two users: the patch creator (who
> >> creates the patch module) and the end user (who loads it on their
> >> system).
> >>
> >> We can assume the patch creator knows what he's doing, but the end user
> >> doesn't always know or care about low level details like patch
> >> dependencies.  The easiest and safest way to protect the end user is the
> >> current approach, which assumes that each patch depends on all
> >> previously applied patches.
> > 
> > But then, the feature that disable patch dynamically is useless.
> > For example, if user find a bug be introduced by the last patch and disable
> > it directly, the new patch is no longer allowed from now unless enable the
> > old patch firstly but there is a risk window by this way.
> > 
> 
> Ok, in this case we can unregister the old patch firstly.
> But it seems that the feature that enable/disable patch dynamically indeed
> useless. (Its value is only for the last patch to enable or disable.)

I wouldn't say it's useless... It's just a patch stack.  If there's a
bug at the bottom of the stack, you can either:

1) push a new patch which does the opposite of the original patch
   (similar to how "git revert" adds a new commit);

2) or pop everything off the stack and create a new stack to your
   liking.

It doesn't actually prevent you from doing what you want, it just makes
it less convenient (and more safe IMO).

I suppose an alternative would be to allow the patch creator to specify
patch dependencies (in addition to something like your patch to catch
the obvious dependencies).  But dependencies are tricky and I'm not
really convinced that would be worth the added risk and code complexity.

-- 
Josh
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ