lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.LSU.2.21.1810151756290.11383@pobox.suse.cz>
Date:   Mon, 15 Oct 2018 18:01:43 +0200 (CEST)
From:   Miroslav Benes <mbenes@...e.cz>
To:     Petr Mladek <pmladek@...e.com>
cc:     Jiri Kosina <jikos@...nel.org>,
        Josh Poimboeuf <jpoimboe@...hat.com>,
        Jason Baron <jbaron@...mai.com>,
        Joe Lawrence <joe.lawrence@...hat.com>,
        Jessica Yu <jeyu@...nel.org>,
        Evgenii Shatokhin <eshatokhin@...tuozzo.com>,
        live-patching@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v12 06/12] livepatch: Simplify API by removing registration
 step

On Fri, 12 Oct 2018, Petr Mladek wrote:

> On Wed 2018-09-05 11:34:06, Miroslav Benes wrote:
> > On Tue, 28 Aug 2018, Petr Mladek wrote:
> > > Also the API and logic is much easier. It is enough to call
> > > klp_enable_patch() in module_init() call. The patch patch can be disabled
> > > by writing '0' into /sys/kernel/livepatch/<patch>/enabled. Then the module
> > > can be removed once the transition finishes and sysfs interface is freed.
> > 
> > I think it would be good to discuss our sysfs interface here as well.
> > 
> > Writing '1' to enabled attribute now makes sense only when you need to 
> > reverse an unpatching transition. Writing '0' means "disable" or a 
> > reversion again.
> > 
> > Wouldn't be better to split it to two different attributes? Something like 
> > "disable" and "reverse"? It could be more intuitive.
> > 
> > Maybe we'd also find out that even patch->enabled member is not useful 
> > anymore in such case.
> 
> I though about this as well. I kept "enabled" because:
> 
>   + It keeps the public interface the same as before. Most people
>     would not notice any change in the behavior except maybe that
>     the interface disappears when the patch gets disabled.

Well our sysfs interface is still in a testing phase as far as ABI is 
involved. Moreover, each live patch is bound to its base kernel by 
definition anyway. So we can change this without remorse, I think.
 
>   + The reverse operation makes most sense when the transition
>     cannot get finished. In theory, it might be problem to
>     finish even the reversed one. People might want to
>     reverse once again and force it. Then "reverse" file
>     might be confusing. They might not know in which direction
>     they do the reverse.

I still think it would be better to have a less confusing interface and it 
would outweigh the second remark.
 
> > > @@ -846,17 +740,8 @@ static int __klp_enable_patch(struct klp_patch *patch)
> > >  	if (WARN_ON(patch->enabled))
> > >  		return -EINVAL;
> > >  
> > > -	/* enforce stacking: only the first disabled patch can be enabled */
> > > -	if (patch->list.prev != &klp_patches &&
> > > -	    !list_prev_entry(patch, list)->enabled)
> > > -		return -EBUSY;
> > > -
> > > -	/*
> > > -	 * A reference is taken on the patch module to prevent it from being
> > > -	 * unloaded.
> > > -	 */
> > > -	if (!try_module_get(patch->mod))
> > > -		return -ENODEV;
> > > +	if (!patch->kobj.state_initialized)
> > > +		return -EINVAL;
> > 
> > I think the check is not needed here. __klp_enable_patch() is called right after
> > klp_init_patch() in klp_enable_patch().
> 
> I would keep it. Someone might want to call this also from other
> location. Even we used to do it from enable_store() ;-)

Ok, I don't mind in the end.

Miroslav

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ