lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1457519279.8111.2.camel@ellerman.id.au>
Date:	Wed, 09 Mar 2016 21:27:59 +1100
From:	Michael Ellerman <mpe@...erman.id.au>
To:	Torsten Duwe <duwe@....de>, Petr Mladek <pmladek@...e.com>
Cc:	jeyu@...hat.com, jkosina@...e.cz, linux-kernel@...r.kernel.org,
	rostedt@...dmis.org, kamalesh@...ux.vnet.ibm.com,
	linuxppc-dev@...abs.org, live-patching@...r.kernel.org,
	mbenes@...e.cz
Subject: Re: [PATCH][v6][RFC] livepatch/ppc: Enable livepatching on powerpc

On Wed, 2016-03-09 at 11:03 +0100, Torsten Duwe wrote:

> On Wed, Mar 09, 2016 at 10:44:23AM +0100, Petr Mladek wrote:

> > find a solution that would work transparently. I mean that adding
> > an extra hacks into selected functions in the patch might be quite
> > error prone and problems hard to debug. I think that we all want this
> > but I wanted to be sure :-)
>
> Full ACK. Again, the TOC restore needs to go _after_ the replacement function,
> and the klp_return_helper works as transparently as possible, so this
> was my first choice. Arguments on the stack? I thought we'll deal with them
> once we get there (e.g. _really_ need to patch a varargs function or one
> with a silly signature).

I agree it's unlikely many people will want to patch varargs functions, or
functions with stupid numbers of parameters.

But at least with the current proposals, we have no way of preventing them from
doing so. Which means the first sign they'll get that it doesn't work is when
they've applied the patch and their production system goes down. And not even
when they insert the patch, only when the patched function is called, possibly
some time later.

Now perhaps in reality most people are only applying livepatches from their
distro, in which case the distro should have tested it. But I don't know for
sure.

Still I'm happy for the current solution to go in (klp_return_helper creating a
minimal frame).

I think we can probably come up with a fully robust solution. But not tonight,
and not this week :)

cheers

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ