| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 1 Feb 2018 09:18:07 -0600
From: Josh Poimboeuf <jpoimboe@...hat.com>
To: Miroslav Benes <mbenes@...e.cz>
Cc: Joe Lawrence <joe.lawrence@...hat.com>,
Petr Mladek <pmladek@...e.com>, jikos@...nel.org,
Jason Baron <jbaron@...mai.com>, jeyu@...nel.org,
Evgenii Shatokhin <eshatokhin@...tuozzo.com>,
linux-kernel@...r.kernel.org, live-patching@...r.kernel.org
Subject: Re: PATCH v6 0/6] livepatch: Atomic replace feature
On Thu, Feb 01, 2018 at 04:08:14PM +0100, Miroslav Benes wrote:
> On Thu, 1 Feb 2018, Joe Lawrence wrote:
>
> > On 02/01/2018 08:49 AM, Miroslav Benes wrote:
> > >
> > > Well, one more thing. I think there is a problem with shadow variables.
> > > Similar to callbacks situation. Shadow variables cannot be destroyed the
> > > way it is shown in our samples. Cumulative patches want to preserve
> > > everything as much as possible. If I'm right, it should be mentioned in
> > > the documentation.
> >
> > Are you talking about using klp_shadow_free_all() call in a module_exit
> > routine? Yeah, I think in this case, that responsibility would be
> > passed to the newly loaded cumulative patch, right?
>
> Yes, but we haven't got an option not to call it here (as with callbacks,
> where we can omit callbacks completely with atomic replace patches). A
> live patch author must be aware of this and use shadow variables
> appropriately.
So maybe we should recommend that shadow variables generally be freed
from a post-unpatch callback.
--
Josh
Powered by blists - more mailing lists