lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.LSU.2.20.1701311518290.3719@pobox.suse.cz>
Date:   Tue, 31 Jan 2017 15:31:39 +0100 (CET)
From:   Miroslav Benes <mbenes@...e.cz>
To:     Josh Poimboeuf <jpoimboe@...hat.com>
cc:     Jessica Yu <jeyu@...hat.com>, Jiri Kosina <jikos@...nel.org>,
        Petr Mladek <pmladek@...e.com>, linux-kernel@...r.kernel.org,
        live-patching@...r.kernel.org,
        Michael Ellerman <mpe@...erman.id.au>,
        Heiko Carstens <heiko.carstens@...ibm.com>, x86@...nel.org,
        linuxppc-dev@...ts.ozlabs.org, linux-s390@...r.kernel.org,
        Vojtech Pavlik <vojtech@...e.com>, Jiri Slaby <jslaby@...e.cz>,
        Chris J Arges <chris.j.arges@...onical.com>,
        Andy Lutomirski <luto@...nel.org>,
        Ingo Molnar <mingo@...nel.org>,
        Peter Zijlstra <peterz@...radead.org>,
        Kamalesh Babulal <kamalesh@...ux.vnet.ibm.com>,
        Balbir Singh <bsingharora@...il.com>
Subject: Re: [PATCH v4 14/15] livepatch: add /proc/<pid>/patch_state

On Thu, 19 Jan 2017, Josh Poimboeuf wrote:

> Expose the per-task patch state value so users can determine which tasks
> are holding up completion of a patching operation.
> 
> Signed-off-by: Josh Poimboeuf <jpoimboe@...hat.com>
> Reviewed-by: Petr Mladek <pmladek@...e.com>
> Reviewed-by: Miroslav Benes <mbenes@...e.cz>
> ---
>  Documentation/filesystems/proc.txt | 18 ++++++++++++++++++
>  fs/proc/base.c                     | 15 +++++++++++++++
>  2 files changed, 33 insertions(+)
> 
> diff --git a/Documentation/filesystems/proc.txt b/Documentation/filesystems/proc.txt
> index 72624a1..85c501b 100644
> --- a/Documentation/filesystems/proc.txt
> +++ b/Documentation/filesystems/proc.txt
> @@ -44,6 +44,7 @@ Table of Contents
>    3.8   /proc/<pid>/fdinfo/<fd> - Information about opened file
>    3.9   /proc/<pid>/map_files - Information about memory mapped files
>    3.10  /proc/<pid>/timerslack_ns - Task timerslack value
> +  3.11	/proc/<pid>/patch_state - Livepatch patch operation state
>  
>    4	Configuring procfs
>    4.1	Mount options
> @@ -1886,6 +1887,23 @@ Valid values are from 0 - ULLONG_MAX
>  An application setting the value must have PTRACE_MODE_ATTACH_FSCREDS level
>  permissions on the task specified to change its timerslack_ns value.
>  
> +3.11	/proc/<pid>/patch_state - Livepatch patch operation state
> +-----------------------------------------------------------------
> +When CONFIG_LIVEPATCH is enabled, this file displays the value of the
> +patch state for the task.
> +
> +A value of '-1' indicates that no patch is in transition.
> +
> +A value of '0' indicates that a patch is in transition and the task is
> +unpatched.  If the patch is being enabled, then the task hasn't been
> +patched yet.  If the patch is being disabled, then the task has already
> +been unpatched.
> +
> +A value of '1' indicates that a patch is in transition and the task is
> +patched.  If the patch is being enabled, then the task has already been
> +patched.  If the patch is being disabled, then the task hasn't been
> +unpatched yet.
> +

Despite my review I thought about this some more. I think the logic make 
sense internally but when exposed it can be confusing. We do not export 
klp_target_state value, so users have to know if a patch is being enabled 
or disabled. Of course, they should know that, but I guess they'd like to 
use an userspace tool for this. Such tool needs to look at 
/proc/<pid>/patch_state to find out which tasks are blocking the 
completion and that is it. No more information anywhere.

We can either export klp_target_state, or change /proc/<pid>/patch_state 
to show only two states - task is in transition (1), task is patched (0).

What do you think?

Miroslav

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ