| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 31 Jan 2017 15:31:39 +0100 (CET)
From: Miroslav Benes <mbenes@...e.cz>
To: Josh Poimboeuf <jpoimboe@...hat.com>
cc: Jessica Yu <jeyu@...hat.com>, Jiri Kosina <jikos@...nel.org>,
Petr Mladek <pmladek@...e.com>, linux-kernel@...r.kernel.org,
live-patching@...r.kernel.org,
Michael Ellerman <mpe@...erman.id.au>,
Heiko Carstens <heiko.carstens@...ibm.com>, x86@...nel.org,
linuxppc-dev@...ts.ozlabs.org, linux-s390@...r.kernel.org,
Vojtech Pavlik <vojtech@...e.com>, Jiri Slaby <jslaby@...e.cz>,
Chris J Arges <chris.j.arges@...onical.com>,
Andy Lutomirski <luto@...nel.org>,
Ingo Molnar <mingo@...nel.org>,
Peter Zijlstra <peterz@...radead.org>,
Kamalesh Babulal <kamalesh@...ux.vnet.ibm.com>,
Balbir Singh <bsingharora@...il.com>
Subject: Re: [PATCH v4 14/15] livepatch: add /proc/<pid>/patch_state
On Thu, 19 Jan 2017, Josh Poimboeuf wrote:
> Expose the per-task patch state value so users can determine which tasks
> are holding up completion of a patching operation.
>
> Signed-off-by: Josh Poimboeuf <jpoimboe@...hat.com>
> Reviewed-by: Petr Mladek <pmladek@...e.com>
> Reviewed-by: Miroslav Benes <mbenes@...e.cz>
> ---
> Documentation/filesystems/proc.txt | 18 ++++++++++++++++++
> fs/proc/base.c | 15 +++++++++++++++
> 2 files changed, 33 insertions(+)
>
> diff --git a/Documentation/filesystems/proc.txt b/Documentation/filesystems/proc.txt
> index 72624a1..85c501b 100644
> --- a/Documentation/filesystems/proc.txt
> +++ b/Documentation/filesystems/proc.txt
> @@ -44,6 +44,7 @@ Table of Contents
> 3.8 /proc/<pid>/fdinfo/<fd> - Information about opened file
> 3.9 /proc/<pid>/map_files - Information about memory mapped files
> 3.10 /proc/<pid>/timerslack_ns - Task timerslack value
> + 3.11 /proc/<pid>/patch_state - Livepatch patch operation state
>
> 4 Configuring procfs
> 4.1 Mount options
> @@ -1886,6 +1887,23 @@ Valid values are from 0 - ULLONG_MAX
> An application setting the value must have PTRACE_MODE_ATTACH_FSCREDS level
> permissions on the task specified to change its timerslack_ns value.
>
> +3.11 /proc/<pid>/patch_state - Livepatch patch operation state
> +-----------------------------------------------------------------
> +When CONFIG_LIVEPATCH is enabled, this file displays the value of the
> +patch state for the task.
> +
> +A value of '-1' indicates that no patch is in transition.
> +
> +A value of '0' indicates that a patch is in transition and the task is
> +unpatched. If the patch is being enabled, then the task hasn't been
> +patched yet. If the patch is being disabled, then the task has already
> +been unpatched.
> +
> +A value of '1' indicates that a patch is in transition and the task is
> +patched. If the patch is being enabled, then the task has already been
> +patched. If the patch is being disabled, then the task hasn't been
> +unpatched yet.
> +
Despite my review I thought about this some more. I think the logic make
sense internally but when exposed it can be confusing. We do not export
klp_target_state value, so users have to know if a patch is being enabled
or disabled. Of course, they should know that, but I guess they'd like to
use an userspace tool for this. Such tool needs to look at
/proc/<pid>/patch_state to find out which tasks are blocking the
completion and that is it. No more information anywhere.
We can either export klp_target_state, or change /proc/<pid>/patch_state
to show only two states - task is in transition (1), task is patched (0).
What do you think?
Miroslav
Powered by blists - more mailing lists