| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 12 Feb 2015 06:51:49 -0600 From: Josh Poimboeuf <jpoimboe@...hat.com> To: Peter Zijlstra <peterz@...radead.org> Cc: Ingo Molnar <mingo@...hat.com>, Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>, live-patching@...r.kernel.org, linux-kernel@...r.kernel.org, Seth Jennings <sjenning@...hat.com>, Jiri Kosina <jkosina@...e.cz>, Vojtech Pavlik <vojtech@...e.cz> Subject: Re: [RFC PATCH 6/9] livepatch: create per-task consistency model On Thu, Feb 12, 2015 at 12:56:28PM +0100, Peter Zijlstra wrote: > On Wed, Feb 11, 2015 at 09:21:21PM -0600, Josh Poimboeuf wrote: > > Ingo, Peter, > > > > Would you have any objections to making task_rq_lock/unlock() non-static > > (or moving them to kernel/sched/sched.h) so they can be called by the > > livepatch code? > > Basically yes. I really don't want to expose that. And > kernel/sched/sched.h is very much not intended for use outside of > kernel/sched/ so even that is a no go. > > > To provide some background, I'm looking for a way to temporarily prevent > > a sleeping task from running while its stack is examined, to decide > > whether it can be safely switched to the new patching "universe". For > > more details see klp_transition_task() in the patch below. > > > > Using task_rq_lock() is the most straightforward way I could find to > > achieve that. > > Its not at all clear how all this would work to me. And I'm not > motivated enough to go try and reverse engineer your patch; The short answer is: I need a way to ensure that a task isn't sleeping on any of the functions we're trying to patch. If it's not, then I can switch the task over to start using new versions of functions. Obviously, there are many more details than that. If you have specific questions I can try to answer them. > IMO livepatching is utter fail. > > If your infrastructure relies on the uptime of a single machine you've > lost already. It's not always about uptime. IMO it's usually more about decoupling your reboot schedule from your distro's kernel release schedule. Most users want to plan in advance when they're going to reboot, rather than being at the mercy of when CVEs and kernel fixes are released. Rebooting is costly and risky, even (or often especially) for large systems for which you have to stagger the reboots. You want to do it at a time when you're ready for something bad to happen, without having to also worry about security in the mean time while you're waiting for your reboot window. > FWIW, the barriers in klp_update_task_universe() and > klp_set_universe_goal() look like complete crack, and their comments are > seriously deficient. Ok, I'll try to improve the comments for the barriers. -- Josh -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists