| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20231110213317.g4wz3j3flj7u2qg2@treble>
Date: Fri, 10 Nov 2023 13:33:17 -0800
From: Josh Poimboeuf <jpoimboe@...nel.org>
To: Petr Mladek <pmladek@...e.com>
Cc: Miroslav Benes <mbenes@...e.cz>,
Joe Lawrence <joe.lawrence@...hat.com>,
Nicolai Stange <nstange@...e.de>,
live-patching@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [POC 0/7] livepatch: Make livepatch states, callbacks, and
shadow variables work together
On Fri, Nov 10, 2023 at 06:04:21PM +0100, Petr Mladek wrote:
> This POC is a material for the discussion "Simplify Livepatch Callbacks,
> Shadow Variables, and States handling" at LPC 2013, see
> https://lpc.events/event/17/contributions/1541/
>
> It obsoletes the patchset adding the garbage collection of shadow
> variables. This new solution is based on ideas from Nicolai Stange.
> And it should also be in sync with Josh's ideas mentioned into
> the thread about the garbage collection, see
> https://lore.kernel.org/r/20230204235910.4j4ame5ntqogqi7m@treble
Nice! I like how it brings the "features" together and makes them easy
to use. This looks like a vast improvement.
Was there a reason to change the naming? I'm thinking
setup / enable / disable / release
is less precise than
pre_patch / post_patch / pre_unpatch / post_unpatch.
Also, I'm thinking "replaced" instead of "obsolete" would be more
consistent with the existing terminology.
For example, in __klp_enable_patch():
ret = klp_setup_states(patch);
if (ret)
goto err;
if (patch->replace)
klp_disable_obsolete_states(patch);
it's not immediately clear why "disable obsolete" would be the "replace"
counterpart to "setup".
Similarly, in klp_complete_transition():
if (klp_transition_patch->replace && klp_target_state == KLP_PATCHED) {
klp_unpatch_replaced_patches(klp_transition_patch);
klp_discard_nops(klp_transition_patch);
klp_release_obsolete_states(klp_transition_patch);
}
it's a little jarring to have "unpatch replaced" followed by "release
obsolete".
So instead of:
int klp_setup_states(struct klp_patch *patch);
void klp_enable_states(struct klp_patch *patch);
void klp_disable_states(struct klp_patch *patch);
void klp_release_states(struct klp_patch *patch);
void klp_enable_obsolete_states(struct klp_patch *patch);
void klp_disable_obsolete_states(struct klp_patch *patch);
void klp_release_obsolete_states(struct klp_patch *patch);
how about something like:
int klp_states_pre_patch(void);
void klp_states_post_patch(void);
void klp_states_pre_unpatch(void);
void klp_states_post_unpatch(void);
void klp_states_post_patch_replaced(void);
void klp_states_pre_unpatch_replaced(void);
void klp_states_post_unpatch_replaced(void);
?
(note that passing klp_transition_patch might be optional since state.c
already has visibility to it anyway)
--
Josh
Powered by blists - more mailing lists