| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20170131145654.hzbxahqr4rz6r5f2@treble>
Date: Tue, 31 Jan 2017 08:56:54 -0600
From: Josh Poimboeuf <jpoimboe@...hat.com>
To: Miroslav Benes <mbenes@...e.cz>
Cc: Jessica Yu <jeyu@...hat.com>, Jiri Kosina <jikos@...nel.org>,
Petr Mladek <pmladek@...e.com>, linux-kernel@...r.kernel.org,
live-patching@...r.kernel.org,
Michael Ellerman <mpe@...erman.id.au>,
Heiko Carstens <heiko.carstens@...ibm.com>, x86@...nel.org,
linuxppc-dev@...ts.ozlabs.org, linux-s390@...r.kernel.org,
Vojtech Pavlik <vojtech@...e.com>, Jiri Slaby <jslaby@...e.cz>,
Chris J Arges <chris.j.arges@...onical.com>,
Andy Lutomirski <luto@...nel.org>,
Ingo Molnar <mingo@...nel.org>,
Peter Zijlstra <peterz@...radead.org>,
Kamalesh Babulal <kamalesh@...ux.vnet.ibm.com>,
Balbir Singh <bsingharora@...il.com>
Subject: Re: [PATCH v4 14/15] livepatch: add /proc/<pid>/patch_state
On Tue, Jan 31, 2017 at 03:31:39PM +0100, Miroslav Benes wrote:
> On Thu, 19 Jan 2017, Josh Poimboeuf wrote:
>
> > Expose the per-task patch state value so users can determine which tasks
> > are holding up completion of a patching operation.
> >
> > Signed-off-by: Josh Poimboeuf <jpoimboe@...hat.com>
> > Reviewed-by: Petr Mladek <pmladek@...e.com>
> > Reviewed-by: Miroslav Benes <mbenes@...e.cz>
> > ---
> > Documentation/filesystems/proc.txt | 18 ++++++++++++++++++
> > fs/proc/base.c | 15 +++++++++++++++
> > 2 files changed, 33 insertions(+)
> >
> > diff --git a/Documentation/filesystems/proc.txt b/Documentation/filesystems/proc.txt
> > index 72624a1..85c501b 100644
> > --- a/Documentation/filesystems/proc.txt
> > +++ b/Documentation/filesystems/proc.txt
> > @@ -44,6 +44,7 @@ Table of Contents
> > 3.8 /proc/<pid>/fdinfo/<fd> - Information about opened file
> > 3.9 /proc/<pid>/map_files - Information about memory mapped files
> > 3.10 /proc/<pid>/timerslack_ns - Task timerslack value
> > + 3.11 /proc/<pid>/patch_state - Livepatch patch operation state
> >
> > 4 Configuring procfs
> > 4.1 Mount options
> > @@ -1886,6 +1887,23 @@ Valid values are from 0 - ULLONG_MAX
> > An application setting the value must have PTRACE_MODE_ATTACH_FSCREDS level
> > permissions on the task specified to change its timerslack_ns value.
> >
> > +3.11 /proc/<pid>/patch_state - Livepatch patch operation state
> > +-----------------------------------------------------------------
> > +When CONFIG_LIVEPATCH is enabled, this file displays the value of the
> > +patch state for the task.
> > +
> > +A value of '-1' indicates that no patch is in transition.
> > +
> > +A value of '0' indicates that a patch is in transition and the task is
> > +unpatched. If the patch is being enabled, then the task hasn't been
> > +patched yet. If the patch is being disabled, then the task has already
> > +been unpatched.
> > +
> > +A value of '1' indicates that a patch is in transition and the task is
> > +patched. If the patch is being enabled, then the task has already been
> > +patched. If the patch is being disabled, then the task hasn't been
> > +unpatched yet.
> > +
>
> Despite my review I thought about this some more. I think the logic make
> sense internally but when exposed it can be confusing. We do not export
> klp_target_state value, so users have to know if a patch is being enabled
> or disabled. Of course, they should know that, but I guess they'd like to
> use an userspace tool for this. Such tool needs to look at
> /proc/<pid>/patch_state to find out which tasks are blocking the
> completion and that is it. No more information anywhere.
>
> We can either export klp_target_state, or change /proc/<pid>/patch_state
> to show only two states - task is in transition (1), task is patched (0).
>
> What do you think?
Isn't this information already available in
/sys/kernel/livepatch/<patch>/{enabled,transition}?
--
Josh
Powered by blists - more mailing lists