lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20170718130047.GG3393@pathway.suse.cz>
Date:   Tue, 18 Jul 2017 15:00:47 +0200
From:   Petr Mladek <pmladek@...e.com>
To:     Miroslav Benes <mbenes@...e.cz>
Cc:     Josh Poimboeuf <jpoimboe@...hat.com>,
        Joe Lawrence <joe.lawrence@...hat.com>,
        live-patching@...r.kernel.org, linux-kernel@...r.kernel.org,
        Jessica Yu <jeyu@...hat.com>, Jiri Kosina <jikos@...nel.org>
Subject: Re: [PATCH v2 1/2] livepatch: introduce shadow variable API

On Mon 2017-07-17 17:35:38, Miroslav Benes wrote:
> On Thu, 13 Jul 2017, Josh Poimboeuf wrote:
> 
> > On Wed, Jun 28, 2017 at 11:37:26AM -0400, Joe Lawrence wrote:
> > 
> > > +Brief API summary
> > > +-----------------
> > > +
> > > +See the full API usage docbook notes in the livepatch/shadow.c
> > > +implementation.
> > > +
> > > +An in-kernel hashtable references all of the shadow variables.  These
> > > +references are stored/retrieved through a <obj, num> key pair.
> > 
> > "num" is rather vague, how about "key"?

As Mirek said in the previous version. "obj" is the key for the hash
table.

Anyway, I agree that "num" is vague and even confusing. I would
suggest to use "id".

> > (And note, this and some of the other comments also apply to the code as
> > well)
> > 
> > > +* The klp_shadow variable data structure encapsulates both tracking
> > > +meta-data and shadow-data:
> > > +  - meta-data
> > > +    - obj - pointer to original data
> > 
> > Instead of "original data", how about calling it the "parent object"?
> > That describes it better to me at least.  "Original data" sounds like
> > some of the data might be replaced.
> 
> I agree that "original data" does not sound right. However, we use "parent 
> object" for vmlinux or a module in our code. But I don't have a better 
> name and "parent object" sounds good.

What about "primary object"? I took inspiration from
https://en.wikipedia.org/wiki/Shadow_table

> > > +    - num - numerical description of new data
> > 
> > "numerical description of new data" sounds a little confusing, how about
> > "unique identifier for new data"?

Here we come to the "id" ;-)

I wonder if each patch should register its own IDs and the size of the
data. The API could shout when anyone wants to use a not yet
registered ID or when the same ID with another size is being
registered. It might increase security. But I am not sure
if it is worth it.


> > I'm also not sure about the phrase "new data".  Maybe something like
> > "new data field" would be more descriptive?  Or just "new field"?  I
> > view it kind of like adding a field to a struct.  Not a big deal either
> > way.
> >
> > > +void *klp_shadow_attach(void *obj, unsigned long num, void *new_data,
> > > +			size_t new_size, gfp_t gfp_flags);
> > 
> > It could be just me, but the "new_" prefixes threw me off a little bit.
> > The new is implied anyway.  How about just "data" and "size"?
> > 
> > And the same comment for the klp_shadow struct.
> 
> I agree with Josh on all of this.

You persuaded me that "data" and "size" make sense after all ;-)
new_obj would mean that we replace/copy the entire object.

Best Regards,
Petr

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ