lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20231110213317.g4wz3j3flj7u2qg2@treble> Date: Fri, 10 Nov 2023 13:33:17 -0800 From: Josh Poimboeuf <jpoimboe@...nel.org> To: Petr Mladek <pmladek@...e.com> Cc: Miroslav Benes <mbenes@...e.cz>, Joe Lawrence <joe.lawrence@...hat.com>, Nicolai Stange <nstange@...e.de>, live-patching@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [POC 0/7] livepatch: Make livepatch states, callbacks, and shadow variables work together On Fri, Nov 10, 2023 at 06:04:21PM +0100, Petr Mladek wrote: > This POC is a material for the discussion "Simplify Livepatch Callbacks, > Shadow Variables, and States handling" at LPC 2013, see > https://lpc.events/event/17/contributions/1541/ > > It obsoletes the patchset adding the garbage collection of shadow > variables. This new solution is based on ideas from Nicolai Stange. > And it should also be in sync with Josh's ideas mentioned into > the thread about the garbage collection, see > https://lore.kernel.org/r/20230204235910.4j4ame5ntqogqi7m@treble Nice! I like how it brings the "features" together and makes them easy to use. This looks like a vast improvement. Was there a reason to change the naming? I'm thinking setup / enable / disable / release is less precise than pre_patch / post_patch / pre_unpatch / post_unpatch. Also, I'm thinking "replaced" instead of "obsolete" would be more consistent with the existing terminology. For example, in __klp_enable_patch(): ret = klp_setup_states(patch); if (ret) goto err; if (patch->replace) klp_disable_obsolete_states(patch); it's not immediately clear why "disable obsolete" would be the "replace" counterpart to "setup". Similarly, in klp_complete_transition(): if (klp_transition_patch->replace && klp_target_state == KLP_PATCHED) { klp_unpatch_replaced_patches(klp_transition_patch); klp_discard_nops(klp_transition_patch); klp_release_obsolete_states(klp_transition_patch); } it's a little jarring to have "unpatch replaced" followed by "release obsolete". So instead of: int klp_setup_states(struct klp_patch *patch); void klp_enable_states(struct klp_patch *patch); void klp_disable_states(struct klp_patch *patch); void klp_release_states(struct klp_patch *patch); void klp_enable_obsolete_states(struct klp_patch *patch); void klp_disable_obsolete_states(struct klp_patch *patch); void klp_release_obsolete_states(struct klp_patch *patch); how about something like: int klp_states_pre_patch(void); void klp_states_post_patch(void); void klp_states_pre_unpatch(void); void klp_states_post_unpatch(void); void klp_states_post_patch_replaced(void); void klp_states_pre_unpatch_replaced(void); void klp_states_post_unpatch_replaced(void); ? (note that passing klp_transition_patch might be optional since state.c already has visibility to it anyway) -- Josh
Powered by blists - more mailing lists