lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 9 Mar 2016 13:56:38 +0100
From:	Petr Mladek <pmladek@...e.com>
To:	Torsten Duwe <duwe@....de>
Cc:	Jiri Kosina <jikos@...nel.org>,
	Balbir Singh <bsingharora@...il.com>, linuxppc-dev@...abs.org,
	linux-kernel@...r.kernel.org, rostedt@...dmis.org,
	kamalesh@...ux.vnet.ibm.com, jeyu@...hat.com,
	live-patching@...r.kernel.org, mbenes@...e.cz
Subject: Re: [PATCH][v6][RFC] livepatch/ppc: Enable livepatching on powerpc

On Wed 2016-03-09 12:16:47, Torsten Duwe wrote:
> On Wed, Mar 09, 2016 at 11:13:05AM +0100, Jiri Kosina wrote:
> > On Wed, 9 Mar 2016, Torsten Duwe wrote:
> > > was my first choice. Arguments on the stack? I thought we'll deal with them
> > > once we get there (e.g. _really_ need to patch a varargs function or one
> > > with a silly signature).
> > 
> > Well, the problem is, once such need arises, it's too late already.
> 
> No, not if it's documented.
> 
> > You need to be able to patch the kernels which are already out there, 
> > running on machines potentially for ages once all of a sudden there is a 
> > CVE for >8args / varargs function.
> 
> Then you'd need a solution like I sent out yesterday, with a pre-prologue
> caller that pops the extra frame, so the replacement can be more straight-
> forward. Or you can just deal with the shifted offsets in the replacement.
> 
> I'll try to demonstrate the alternative. That would then be required for
> _all_ replacement functions. Or can the live patching framework differentiate
> and tell ftrace_caller whether to place a stack frame or not?
>
> Miroslav? Petr? Can we have 2 sorts of replacement functions?

I personally prefer to keep most functions without any special hack,
especially when it is needed only for one architecture. If a hack is
needed for "corner cases" and it is documented then, IMHO, we could
live with it for some time. We test all patches anyway, so.

But I could not speak for the LivePatching maintainers whose are Josh
and Jiri.

Best Regards,
Petr

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ