lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 31 May 2024 15:57:56 -0400
From: Joe Lawrence <joe.lawrence@...hat.com>
To: Miroslav Benes <mbenes@...e.cz>
Cc: live-patching@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 0/2] livepatch: Add compiler optimization disclaimer/docs

On 5/31/24 07:23, Miroslav Benes wrote:
> Hi,
> 
> On Tue, 21 Jul 2020, Joe Lawrence wrote:
> 
>> In light of [PATCH] Revert "kbuild: use -flive-patching when
>> CONFIG_LIVEPATCH is enabled" [1], we should add some loud disclaimers
>> and explanation of the impact compiler optimizations have on
>> livepatching.
>>
>> The first commit provides detailed explanations and examples.  The list
>> was taken mostly from Miroslav's LPC talk a few years back.  This is a
>> bit rough, so corrections and additional suggestions welcome.  Expanding
>> upon the source-based patching approach would be helpful, too.
>>
>> The second commit adds a small README.rst file in the livepatch samples
>> directory pointing the reader to the doc introduced in the first commit.
>>
>> I didn't touch the livepatch kselftests yet as I'm still unsure about
>> how to best account for IPA here.  We could add the same README.rst
>> disclaimer here, too, but perhaps we have a chance to do something more.
>> Possibilities range from checking for renamed functions as part of their
>> build, or the selftest scripts, or even adding something to the kernel
>> API.  I think we'll have a better idea after reviewing the compiler
>> considerations doc.
> 
> thanks to Marcos for resurrecting this.
> 
> Joe, do you have an updated version by any chance? Some things have 
> changed since July 2020 so it calls for a new review. If there was an 
> improved version, it would be easier. If not, no problem at all.
> 

Yea, it's been a little while :) I don't have any newer version than
this one.  I can rebase,  apply all of the v1 suggestions, and see where
it stands.  LMK if you can think of any specifics that could be added.

For example, CONFIG_KERNEL_IBT will be driving some changes soon,
whether it be klp-convert for source-based patches or vmlinux.o binary
comparison for kpatch-build.

I can push a v2 with a few changes, but IIRC, last time we reviewed
this, it kinda begged the question of how someone is creating the
livepatch in the first place.  As long as we're fine holding that
thought for a while longer, this doc may still be useful by itself.

-- 
Joe

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ