lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 6 Jun 2018 09:49:50 +0200 (CEST)
From:   Miroslav Benes <mbenes@...e.cz>
To:     Josh Poimboeuf <jpoimboe@...hat.com>
cc:     jikos@...nel.org, jeyu@...nel.org, pmladek@...e.com,
        live-patching@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/2] livepatch: Send a fake signal periodically

On Tue, 5 Jun 2018, Josh Poimboeuf wrote:

> On Tue, Jun 05, 2018 at 09:17:52AM +0200, Miroslav Benes wrote:
> > On Mon, 4 Jun 2018, Josh Poimboeuf wrote:
> > 
> > > On Mon, Jun 04, 2018 at 04:16:35PM +0200, Miroslav Benes wrote:
> > > > An administrator may send a fake signal to all remaining blocking tasks
> > > > of a running transition by writing to
> > > > /sys/kernel/livepatch/<patch>/signal attribute. Let's do it
> > > > automatically after 10 seconds. The timeout is chosen deliberately. It
> > > > gives the tasks enough time to transition themselves.
> > > > 
> > > > Theoretically, sending it once should be more than enough. Better be safe
> > > > than sorry, so send it periodically.
> > > 
> > > This is the part I don't understand.  Why do it periodically?
> > 
> > I met (rare!) cases when doing it once was not enough due to a race and 
> > the signal was missed. However involved testcases were really artificial.
> >  
> > > Instead, might it make sense to just send the signals once, and if that
> > > doesn't work, reverse the transition?  Then we could make patching a
> > > synchronous operation.  But then, it might be remotely possible that the
> > > reverse operation also stalls (e.g., on a kthread).  So, maybe it's best
> > > to just leave all these controls in the hands of the user.
> > 
> > And there is 'force' option...
> > 
> > So given all this, I'd call klp_send_signals() once and then leave it up 
> > to the user. Would that work for you?
> 
> Well, I don't know.  Since the patching process will already need to be
> managed by user space, what's the benefit of having the kernel doing
> only this part of it?

I'm not sure about 'will already need to be managed by user space' part. 
Sending the fake signal would unblock transition in certain cases "for 
free". No user interaction is really needed and we can do it 
automatically. That's why I find it beneficial.

If it does not help, then the user must decide what to do next. Reversion 
or force. That's up to them.

Miroslav

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ