lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 21 May 2024 08:34:46 +0200 (CEST)
From: Miroslav Benes <mbenes@...e.cz>
To: zhang warden <zhangwarden@...il.com>
cc: Josh Poimboeuf <jpoimboe@...nel.org>, Jiri Kosina <jikos@...nel.org>, 
    Petr Mladek <pmladek@...e.com>, Joe Lawrence <joe.lawrence@...hat.com>, 
    live-patching@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] livepatch: introduce klp_func called interface

Hello,

On Mon, 20 May 2024, zhang warden wrote:

> 
> 
> > On May 20, 2024, at 14:46, Miroslav Benes <mbenes@...e.cz> wrote:
> > 
> > Hi,
> > 
> > On Mon, 20 May 2024, Wardenjohn wrote:
> > 
> >> Livepatch module usually used to modify kernel functions.
> >> If the patched function have bug, it may cause serious result
> >> such as kernel crash.
> >> 
> >> This is a kobject attribute of klp_func. Sysfs interface named
> >> "called" is introduced to livepatch which will be set as true
> >> if the patched function is called.
> >> 
> >> /sys/kernel/livepatch/<patch>/<object>/<function,sympos>/called
> >> 
> >> This value "called" is quite necessary for kernel stability
> >> assurance for livepatching module of a running system.
> >> Testing process is important before a livepatch module apply to
> >> a production system. With this interface, testing process can
> >> easily find out which function is successfully called.
> >> Any testing process can make sure they have successfully cover
> >> all the patched function that changed with the help of this interface.
> > 
> > Even easier is to use the existing tracing infrastructure in the kernel 
> > (ftrace for example) to track the new function. You can obtain much more 
> > information with that than the new attribute provides.
> > 
> > Regards,
> > Miroslav
> Hi Miroslav
> 
> First, in most cases, testing process is should be automated, which make 
> using existing tracing infrastructure inconvenient.

could you elaborate, please? We use ftrace exactly for this purpose and 
our testing process is also more or less automated.

> Second, livepatch is 
> already use ftrace for functional replacement, I don’t think it is a 
> good choice of using kernel tracing tool to trace a patched function.

Why?

> At last, this attribute can be thought of as a state of a livepatch 
> function. It is a state, like the "patched" "transition" state of a 
> klp_patch.  Adding this state will not break the state consistency of 
> livepatch.

Yes, but the information you get is limited compared to what is available 
now. You would obtain the information that a patched function was called 
but ftrace could also give you the context and more.

It would not hurt to add a new attribute per se but I am wondering about 
the reason and its usage. Once we have it, the commit message should be 
improved based on that.

Regards,
Miroslav

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ