lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 21 Jul 2020 13:17:00 +0200 (CEST)
From:   Miroslav Benes <mbenes@...e.cz>
To:     Josh Poimboeuf <jpoimboe@...hat.com>
cc:     live-patching@...r.kernel.org, linux-kernel@...r.kernel.org,
        Peter Zijlstra <peterz@...radead.org>,
        Randy Dunlap <rdunlap@...radead.org>
Subject: Re: [PATCH] Revert "kbuild: use -flive-patching when CONFIG_LIVEPATCH
 is enabled"

On Fri, 17 Jul 2020, Josh Poimboeuf wrote:

> Use of the new -flive-patching flag was introduced with the following
> commit:
> 
>   43bd3a95c98e ("kbuild: use -flive-patching when CONFIG_LIVEPATCH is enabled")
> 
> This flag has several drawbacks:
> 
> - It disables some optimizations, so it can have a negative effect on
>   performance.
> 
> - According to the GCC documentation it's not compatible with LTO, which
>   will become a compatibility issue as LTO support gets upstreamed in
>   the kernel.
> 
> - It was intended to be used for source-based patch generation tooling,
>   as opposed to binary-based patch generation tooling (e.g.,
>   kpatch-build).  It probably should have at least been behind a
>   separate config option so as not to negatively affect other livepatch
>   users.
> 
> - Clang doesn't have the flag, so as far as I can tell, this method of
>   generating patches is incompatible with Clang, which like LTO is
>   becoming more mainstream.
> 
> - It breaks GCC's implicit noreturn detection for local functions.  This
>   is the cause of several "unreachable instruction" objtool warnings.
> 
> - The broken noreturn detection is an obvious GCC regression, but we
>   haven't yet gotten GCC developers to acknowledge that, which doesn't
>   inspire confidence in their willingness to keep the feature working as
>   optimizations are added or changed going forward.
> 
> - While there *is* a distro which relies on this flag for their distro
>   livepatch module builds, there's not a publicly documented way to
>   create safe livepatch modules with it.  Its use seems to be based on
>   tribal knowledge.  It serves no benefit to those who don't know how to
>   use it.
> 
>   (In fact, I believe the current livepatch documentation and samples
>   are misleading and dangerous, and should be corrected.  Or at least
>   amended with a disclaimer.  But I don't feel qualified to make such
>   changes.)
> 
> Also, we have an idea for using objtool to detect function changes,
> which could potentially obsolete the need for this flag anyway.
> 
> At this point the flag has no benefits for upstream which would
> counteract the above drawbacks.  Revert it until it becomes more ready.
> 
> This reverts commit 43bd3a95c98e1a86b8b55d97f745c224ecff02b9.
> 
> Fixes: 43bd3a95c98e ("kbuild: use -flive-patching when CONFIG_LIVEPATCH is enabled")
> Reported-by: Randy Dunlap <rdunlap@...radead.org>
> Signed-off-by: Josh Poimboeuf <jpoimboe@...hat.com>

Acked-by: Miroslav Benes <mbenes@...e.cz>

M

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ