lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.LSU.2.20.1702010951520.24423@pobox.suse.cz>
Date:   Wed, 1 Feb 2017 09:54:55 +0100 (CET)
From:   Miroslav Benes <mbenes@...e.cz>
To:     Josh Poimboeuf <jpoimboe@...hat.com>
cc:     Jessica Yu <jeyu@...hat.com>, Jiri Kosina <jikos@...nel.org>,
        Petr Mladek <pmladek@...e.com>, linux-kernel@...r.kernel.org,
        live-patching@...r.kernel.org,
        Michael Ellerman <mpe@...erman.id.au>,
        Heiko Carstens <heiko.carstens@...ibm.com>, x86@...nel.org,
        linuxppc-dev@...ts.ozlabs.org, linux-s390@...r.kernel.org,
        Vojtech Pavlik <vojtech@...e.com>, Jiri Slaby <jslaby@...e.cz>,
        Chris J Arges <chris.j.arges@...onical.com>,
        Andy Lutomirski <luto@...nel.org>,
        Ingo Molnar <mingo@...nel.org>,
        Peter Zijlstra <peterz@...radead.org>,
        Kamalesh Babulal <kamalesh@...ux.vnet.ibm.com>,
        Balbir Singh <bsingharora@...il.com>
Subject: Re: [PATCH v4 14/15] livepatch: add /proc/<pid>/patch_state

On Tue, 31 Jan 2017, Josh Poimboeuf wrote:

> On Tue, Jan 31, 2017 at 03:31:39PM +0100, Miroslav Benes wrote:
> > On Thu, 19 Jan 2017, Josh Poimboeuf wrote:
> > 
> > > Expose the per-task patch state value so users can determine which tasks
> > > are holding up completion of a patching operation.
> > > 
> > > Signed-off-by: Josh Poimboeuf <jpoimboe@...hat.com>
> > > Reviewed-by: Petr Mladek <pmladek@...e.com>
> > > Reviewed-by: Miroslav Benes <mbenes@...e.cz>
> > > ---
> > >  Documentation/filesystems/proc.txt | 18 ++++++++++++++++++
> > >  fs/proc/base.c                     | 15 +++++++++++++++
> > >  2 files changed, 33 insertions(+)
> > > 
> > > diff --git a/Documentation/filesystems/proc.txt b/Documentation/filesystems/proc.txt
> > > index 72624a1..85c501b 100644
> > > --- a/Documentation/filesystems/proc.txt
> > > +++ b/Documentation/filesystems/proc.txt
> > > @@ -44,6 +44,7 @@ Table of Contents
> > >    3.8   /proc/<pid>/fdinfo/<fd> - Information about opened file
> > >    3.9   /proc/<pid>/map_files - Information about memory mapped files
> > >    3.10  /proc/<pid>/timerslack_ns - Task timerslack value
> > > +  3.11	/proc/<pid>/patch_state - Livepatch patch operation state
> > >  
> > >    4	Configuring procfs
> > >    4.1	Mount options
> > > @@ -1886,6 +1887,23 @@ Valid values are from 0 - ULLONG_MAX
> > >  An application setting the value must have PTRACE_MODE_ATTACH_FSCREDS level
> > >  permissions on the task specified to change its timerslack_ns value.
> > >  
> > > +3.11	/proc/<pid>/patch_state - Livepatch patch operation state
> > > +-----------------------------------------------------------------
> > > +When CONFIG_LIVEPATCH is enabled, this file displays the value of the
> > > +patch state for the task.
> > > +
> > > +A value of '-1' indicates that no patch is in transition.
> > > +
> > > +A value of '0' indicates that a patch is in transition and the task is
> > > +unpatched.  If the patch is being enabled, then the task hasn't been
> > > +patched yet.  If the patch is being disabled, then the task has already
> > > +been unpatched.
> > > +
> > > +A value of '1' indicates that a patch is in transition and the task is
> > > +patched.  If the patch is being enabled, then the task has already been
> > > +patched.  If the patch is being disabled, then the task hasn't been
> > > +unpatched yet.
> > > +
> > 
> > Despite my review I thought about this some more. I think the logic make 
> > sense internally but when exposed it can be confusing. We do not export 
> > klp_target_state value, so users have to know if a patch is being enabled 
> > or disabled. Of course, they should know that, but I guess they'd like to 
> > use an userspace tool for this. Such tool needs to look at 
> > /proc/<pid>/patch_state to find out which tasks are blocking the 
> > completion and that is it. No more information anywhere.
> > 
> > We can either export klp_target_state, or change /proc/<pid>/patch_state 
> > to show only two states - task is in transition (1), task is patched (0).
> > 
> > What do you think?
> 
> Isn't this information already available in
> /sys/kernel/livepatch/<patch>/{enabled,transition}?

transition no. That only gives the hint that something is happening with 
the patch. But yes, enabled is the one I wanted. I don't know how I missed 
that. Combined with /proc/<pid>/task it is exactly what a tool needs.

Miroslav

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ