lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 3 Feb 2017 17:41:28 +0100 (CET)
From:   Miroslav Benes <mbenes@...e.cz>
To:     Josh Poimboeuf <jpoimboe@...hat.com>
cc:     Jessica Yu <jeyu@...hat.com>, Jiri Kosina <jikos@...nel.org>,
        Petr Mladek <pmladek@...e.com>, linux-kernel@...r.kernel.org,
        live-patching@...r.kernel.org,
        Michael Ellerman <mpe@...erman.id.au>,
        Heiko Carstens <heiko.carstens@...ibm.com>, x86@...nel.org,
        linuxppc-dev@...ts.ozlabs.org, linux-s390@...r.kernel.org,
        Vojtech Pavlik <vojtech@...e.com>, Jiri Slaby <jslaby@...e.cz>,
        Chris J Arges <chris.j.arges@...onical.com>,
        Andy Lutomirski <luto@...nel.org>,
        Ingo Molnar <mingo@...nel.org>,
        Peter Zijlstra <peterz@...radead.org>,
        Kamalesh Babulal <kamalesh@...ux.vnet.ibm.com>,
        Balbir Singh <bsingharora@...il.com>
Subject: Re: [PATCH v4 13/15] livepatch: change to a per-task consistency
 model


Petr has already mentioned majority of things I too found out, so only 
couple of nits...

> diff --git a/Documentation/ABI/testing/sysfs-kernel-livepatch b/Documentation/ABI/testing/sysfs-kernel-livepatch
> index da87f43..24b6570 100644
> --- a/Documentation/ABI/testing/sysfs-kernel-livepatch
> +++ b/Documentation/ABI/testing/sysfs-kernel-livepatch
> @@ -25,6 +25,14 @@ Description:
>  		code is currently applied.  Writing 0 will disable the patch
>  		while writing 1 will re-enable the patch.
>  
> +What:		/sys/kernel/livepatch/<patch>/transition
> +Date:		May 2016

'May 2016' looks strange, but maybe nobody cares about it...

> diff --git a/Documentation/livepatch/livepatch.txt b/Documentation/livepatch/livepatch.txt
> index 7f04e13..fb00d66 100644
> --- a/Documentation/livepatch/livepatch.txt
> +++ b/Documentation/livepatch/livepatch.txt
>  4. Livepatch module
> @@ -134,7 +242,7 @@ Documentation/livepatch/module-elf-format.txt for more details.
>  
>  
>  4.2. Metadata
> -------------
> +-------------

klp_func and klp_patch have new members - immediate. Should be documented 
here in "4.2. Metadata" section.

The section also contains this text under klp_patch bullet. It seems 
oudated:

"Also if a more complex consistency model is supported then a selected 
unit (thread, kernel as a whole) will see the new code from the entire 
patch only when it is in a safe state."

We now have a more complex consistency model.

And finally, the section "Limitations" has this text under the first 
bullet:

  + The patch must not change the semantic of the patched functions.

    The current implementation guarantees only that either the old
    or the new function is called. The functions are patched one
    by one. It means that the patch must _not_ change the semantic
    of the function.

I think it is confusing. The consistency model allows us to change the 
semantic of a function. To certain degree. Of course, there are cases that 
cannot be patched, or have to be patched carefully. For example if a 
function takes a lock by calling foo_lock(), foo_lock() is not on a stack 
afterwards. Then the locking semantics may be changed with a livepatch. 
One has to make sure to patch also the caller foo_lock() to enforce the 
consistency. And so on... But I do not consider a limitation of livepatch. 
It is a feature of the consistency model, which is weaker than kGraft's or 
kpatch's (or stronger. It depends on your point of view.)

So, I propose to remove this text and better describe the properties of 
the consistency model above in the section 3. Maybe a quote from an old 
mail thread (Nov 2014) would be sufficient. I don't remember what was 
mentioned and what not.

What do you think?

> diff --git a/include/linux/livepatch.h b/include/linux/livepatch.h
> index 6602b34..ed90ad1 100644
> --- a/include/linux/livepatch.h
> +++ b/include/linux/livepatch.h
> @@ -68,7 +92,7 @@ struct klp_func {
>   * @funcs:	function entries for functions to be patched in the object
>   * @kobj:	kobject for sysfs resources
>   * @mod:	kernel module associated with the patched object
> - * 		(NULL for vmlinux)
> + *		(NULL for vmlinux)

This looks superfluous.

(checking my notes)... and that's it. Aside from the discussion in Petr's 
subthread it looks good to me. Great job.

Thanks,
Miroslav

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ