lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <e8c0328a-b7c7-3e8d-0cd0-fe0c608026d8@redhat.com>
Date:   Tue, 30 Jan 2018 14:24:13 -0500
From:   Joe Lawrence <joe.lawrence@...hat.com>
To:     Jason Baron <jbaron@...mai.com>,
        Evgenii Shatokhin <eshatokhin@...tuozzo.com>,
        Petr Mladek <pmladek@...e.com>
Cc:     linux-kernel@...r.kernel.org, live-patching@...r.kernel.org,
        jpoimboe@...hat.com, jeyu@...nel.org, jikos@...nel.org,
        mbenes@...e.cz
Subject: Re: [PATCH v5 0/3] livepatch: introduce atomic replace

On 01/30/2018 01:19 PM, Jason Baron wrote:
> [ ... snip ... ]
>
> Our main interest in 'atomic replace' is simply to make sure that
> cumulative patches work as expected in that they 'replace' any prior
> patches. We have an interest primarily in being able to apply patches
> from the stable trees via livepatch. I think the current situation with
> respect to 'replace' and callbacks is fine for us as well, but could
> change based on more experience with livepatch.

Well the callback implementation was based somewhat on theoretical
usage..  it was inspired by the kpatch macros that you talk about below,
in which we had a few specific use-cases.  Converting (un)patch
notifiers to the livepatch model presented additional callback
locations, and as such we ended up with pre-patch, post-patch,
pre-unpatch and post-unpatch callbacks.  Hopefully we'll get a better
idea of their worth as we gain experience using them.  At this point in
time I would suggest keeping it as simple and safe as possible.  :)

> As an aside I was just wondering how you are making use of the callbacks
> using the tool you mentioned (that is based on kpatch)? I see in the
> upstream kpatch that there are hooks such as: 'KPATCH_LOAD_HOOK(fn)' and
> 'KPATCH_UNLOAD_HOOK(fn)'. However, these are specific to 'kpatch' (as
> opposed to livepatch), and I do not see these sort of macros for the
> recently introduced livepatch callbacks. It seems it would be easy
> enough to add similar hooks for the livepatch callbacks. I was thinking
> of writing such a patch, but was wondering if there was an existing
> solution?

I've got a work in progress PR for this very feature:
https://github.com/dynup/kpatch/pull/780

Evgenii has already provided some helpful feedback. Another set of
eyes/testing would be appreciated!

Regards,

-- Joe

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ