lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <YicvyEbFzZIAut+4@alley>
Date:   Tue, 8 Mar 2022 11:28:24 +0100
From:   Petr Mladek <pmladek@...e.com>
To:     Chengming Zhou <zhouchengming@...edance.com>
Cc:     Joe Lawrence <joe.lawrence@...hat.com>,
        Miroslav Benes <mbenes@...e.cz>, jpoimboe@...hat.com,
        jikos@...nel.org, live-patching@...r.kernel.org,
        linux-kernel@...r.kernel.org, songmuchun@...edance.com,
        qirui.001@...edance.com
Subject: Re: [External] Re: [PATCH] livepatch: Only block the removal of
 KLP_UNPATCHED forced transition patch

On Fri 2022-03-04 23:14:15, Chengming Zhou wrote:
> On 2022/3/3 11:43 下午, Joe Lawrence wrote:
> > On 3/3/22 5:33 AM, Chengming Zhou wrote:
> >> On 2022/3/3 3:51 下午, Miroslav Benes wrote:
> >> Apart from this reason, another reason we may use "force" transition
> >> is that we want to speed up the transition process of some patches
> >> when load them, and we can make sure these patches are safe to do so.
> >> (just like a consistency model check disable option when load a patch)
> >>
> > Interesting use case.  Can you share any example livepatches where the
> > transition time was exceptionally long and that lead to requiring this
> > patch?
> 
> Sorry, I haven't easy reproducible testcase on hand, maybe I could try to
> make one to simulate the production environment later.

An artificial test case is not much useful. We would like to know if you
met the problem in the real life. It would be great to know more
details if it really happened.


> > From a kpatch developer's perspective, it would be interesting to read
> > how you go about ensuring forced livepatch safety.  We don't generally
> > build forced livepatches, so I'm curious how the dev/review process goes.
> 
> We also use kpatch-build for some patches too, but for some other patches,
> which need to add new members to some struct type, or fix some kernel function
> bugs, we may need to rewrite the source patch to make a livepatch module.
> 
> There are some types that don't need per-task consistency or even can replace
> the old functions when tasks stack in the old functions. We may want to use
> "force" transition in case load process timeout.

What is the motivation for the timeout, please?

The "force" functionality was introduced as a last resort solution.
It might be useful when the transition gets blocked and another
transition is needed.

"force" should be used carefully. Users should be sure that it is
really safe in the current state.

Note that forced transition does not magically makes the system
patched. If a process is sleeping on a non-patched function then
it will continue running the old code until it returns
the non-patched function.

Best Regards,
Petr

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ