lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20181012130120.f5berowklyccd7lj@pathway.suse.cz>
Date:   Fri, 12 Oct 2018 15:01:20 +0200
From:   Petr Mladek <pmladek@...e.com>
To:     Miroslav Benes <mbenes@...e.cz>
Cc:     Jiri Kosina <jikos@...nel.org>,
        Josh Poimboeuf <jpoimboe@...hat.com>,
        Jason Baron <jbaron@...mai.com>,
        Joe Lawrence <joe.lawrence@...hat.com>,
        Jessica Yu <jeyu@...nel.org>,
        Evgenii Shatokhin <eshatokhin@...tuozzo.com>,
        live-patching@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v12 06/12] livepatch: Simplify API by removing
 registration step

On Wed 2018-09-05 11:34:06, Miroslav Benes wrote:
> On Tue, 28 Aug 2018, Petr Mladek wrote:
> > Also the API and logic is much easier. It is enough to call
> > klp_enable_patch() in module_init() call. The patch patch can be disabled
> > by writing '0' into /sys/kernel/livepatch/<patch>/enabled. Then the module
> > can be removed once the transition finishes and sysfs interface is freed.
> 
> I think it would be good to discuss our sysfs interface here as well.
> 
> Writing '1' to enabled attribute now makes sense only when you need to 
> reverse an unpatching transition. Writing '0' means "disable" or a 
> reversion again.
> 
> Wouldn't be better to split it to two different attributes? Something like 
> "disable" and "reverse"? It could be more intuitive.
> 
> Maybe we'd also find out that even patch->enabled member is not useful 
> anymore in such case.

I though about this as well. I kept "enabled" because:

  + It keeps the public interface the same as before. Most people
    would not notice any change in the behavior except maybe that
    the interface disappears when the patch gets disabled.

  + The reverse operation makes most sense when the transition
    cannot get finished. In theory, it might be problem to
    finish even the reversed one. People might want to
    reverse once again and force it. Then "reverse" file
    might be confusing. They might not know in which direction
    they do the reverse.


> > @@ -846,17 +740,8 @@ static int __klp_enable_patch(struct klp_patch *patch)
> >  	if (WARN_ON(patch->enabled))
> >  		return -EINVAL;
> >  
> > -	/* enforce stacking: only the first disabled patch can be enabled */
> > -	if (patch->list.prev != &klp_patches &&
> > -	    !list_prev_entry(patch, list)->enabled)
> > -		return -EBUSY;
> > -
> > -	/*
> > -	 * A reference is taken on the patch module to prevent it from being
> > -	 * unloaded.
> > -	 */
> > -	if (!try_module_get(patch->mod))
> > -		return -ENODEV;
> > +	if (!patch->kobj.state_initialized)
> > +		return -EINVAL;
> 
> I think the check is not needed here. __klp_enable_patch() is called right after
> klp_init_patch() in klp_enable_patch().

I would keep it. Someone might want to call this also from other
location. Even we used to do it from enable_store() ;-)

Best Regards,
Petr

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ