lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 29 Jan 2016 13:47:15 -0600
From:	Josh Poimboeuf <jpoimboe@...hat.com>
To:	Steven Rostedt <rostedt@...dmis.org>
Cc:	Miroslav Benes <mbenes@...e.cz>, Jessica Yu <jeyu@...hat.com>,
	Seth Jennings <sjenning@...hat.com>,
	Jiri Kosina <jikos@...nel.org>,
	Vojtech Pavlik <vojtech@...e.com>,
	Ingo Molnar <mingo@...hat.com>, live-patching@...r.kernel.org,
	linux-kernel@...r.kernel.org, Rusty Russell <rusty@...tcorp.com.au>
Subject: Re: [PATCH 1/2] livepatch: Implement separate coming and going
 module notifiers

On Fri, Jan 29, 2016 at 02:29:50PM -0500, Steven Rostedt wrote:
> On Fri, 29 Jan 2016 20:25:15 +0100 (CET)
> Miroslav Benes <mbenes@...e.cz> wrote:
> 
> > It is possible to achieve the same goal even with the notifiers. They are 
> > processed synchronously in complete_formation(). So we can put our klp 
> > hook after that, right? Or better, put it to load_module() after 
> > complete_formation() call. There is an error handling code even today 
> > (that is, parse_args() or mod_sysfs_setup() can fail). Moreover, we'll 
> > have a hook there with Jessica's relocation rework patch set.
> 
> The problem with notifiers is that you don't know what is being called.
> A function call directly in the code, where it will always be needed if
> configured in, is a reasonable need to not use a notifier.
> 
> Although, I have to admit, if live kernel patching is configured in,
> it's not always needed to be called here, does it? With ftrace, the
> call has to be done when ftrace is configured in regardless if tracing
> is used or not.

For live patching it actually does need to be called for every module.
We need to check if any previously loaded patches have any modifications
which affect the module.

> 
> > 
> > But Steven's reasoning is convincing, so I'm all up for it.
> 
> Great!
> 
> -- Steve

-- 
Josh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ