lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 22 Jan 2020 15:42:39 -0600
From:   Josh Poimboeuf <jpoimboe@...hat.com>
To:     Miroslav Benes <mbenes@...e.cz>
Cc:     Peter Zijlstra <peterz@...radead.org>,
        Steven Rostedt <rostedt@...dmis.org>,
        Joe Lawrence <joe.lawrence@...hat.com>,
        Jessica Yu <jeyu@...nel.org>, x86@...nel.org,
        linux-kernel@...r.kernel.org, mhiramat@...nel.org,
        bristot@...hat.com, jbaron@...mai.com,
        torvalds@...ux-foundation.org, tglx@...utronix.de,
        mingo@...nel.org, namit@...are.com, hpa@...or.com, luto@...nel.org,
        ard.biesheuvel@...aro.org, live-patching@...r.kernel.org,
        Randy Dunlap <rdunlap@...radead.org>
Subject: Re: [PATCH v3 5/6] x86/ftrace: Use text_poke()

On Wed, Jan 22, 2020 at 11:09:56AM +0100, Miroslav Benes wrote:
> 
> > > > At this point, I only see downsides of -flive-patching, at least until
> > > > we actually have real upstream code which needs it.
> > > 
> > > Can you explain this? The option makes GCC to avoid optimizations which 
> > > are difficult to detect and would make live patching unsafe. I consider it 
> > > useful as it is, so if you shared the other downsides and what you meant 
> > > by real upstream code, we could discuss it.
> > 
> > Only SLES needs it right?  Why inflict it on other livepatch users?  By
> > "real upstream code" I mean there's no (documented) way to create live
> > patches using the method which relies on this flag.  So I don't see any
> > upstream benefits for having it enabled.
> 
> I'd put it differently. SLES and upstream need it, RHEL does not need it. 
> Or anyone using kpatch-build.

I'm confused about why you think upstream needs it.

Is all the tooling available somewhere?  Is there documentation
available which describes how to build patches using that method from
start to finish?  Are there actual users other than SUSE?

BTW, kpatch-build has a *lot* of users other than RHEL.  All its tooling
and documentation are available on Github.

> It is perfectly fine to prepare live patches just from the source code
> using upstream live patching infrastructure. 

Do you mean the dangerous method used by the livepatch sample code which
completely ignores interprocedural optimizations?  I wouldn't call that
perfectly fine.

> After all, SLES is nothing else than upstream here. We were creating live 
> patches manually for quite a long time and only recently we have been 
> using Nicolai's klp-ccp automation (https://github.com/SUSE/klp-ccp).
> 
> So, everyone using upstream directly relies on the flag, which seems to be 
> a clear benefit to me. Reverting the patch would be a step back.

Who exactly is "everyone using upstream"?

>From what I can tell, kpatch-build is the only known way (to those
outside of SUSE) to make safe patches for an upstream kernel.  And it
doesn't need this flag and the problems associated with it: performance,
LTO incompatibility, clang incompatibility (I think?), the GCC dead code
issue.

-- 
Josh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ