| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CA+CK2bBtrkdos6YmCatggS19rwWYBXXDLwiUWmUrs2+ye23cXA@mail.gmail.com> Date: Thu, 9 Oct 2025 14:37:44 -0400 From: Pasha Tatashin <pasha.tatashin@...een.com> To: Jason Gunthorpe <jgg@...dia.com> Cc: Samiullah Khawaja <skhawaja@...gle.com>, pratyush@...nel.org, jasonmiu@...gle.com, graf@...zon.com, changyuanl@...gle.com, rppt@...nel.org, dmatlack@...gle.com, rientjes@...gle.com, corbet@....net, rdunlap@...radead.org, ilpo.jarvinen@...ux.intel.com, kanie@...ux.alibaba.com, ojeda@...nel.org, aliceryhl@...gle.com, masahiroy@...nel.org, akpm@...ux-foundation.org, tj@...nel.org, yoann.congal@...le.fr, mmaurer@...gle.com, roman.gushchin@...ux.dev, chenridong@...wei.com, axboe@...nel.dk, mark.rutland@....com, jannh@...gle.com, vincent.guittot@...aro.org, hannes@...xchg.org, dan.j.williams@...el.com, david@...hat.com, joel.granados@...nel.org, rostedt@...dmis.org, anna.schumaker@...cle.com, song@...nel.org, zhangguopeng@...inos.cn, linux@...ssschuh.net, linux-kernel@...r.kernel.org, linux-doc@...r.kernel.org, linux-mm@...ck.org, gregkh@...uxfoundation.org, tglx@...utronix.de, mingo@...hat.com, bp@...en8.de, dave.hansen@...ux.intel.com, x86@...nel.org, hpa@...or.com, rafael@...nel.org, dakr@...nel.org, bartosz.golaszewski@...aro.org, cw00.choi@...sung.com, myungjoo.ham@...sung.com, yesanishhere@...il.com, Jonathan.Cameron@...wei.com, quic_zijuhu@...cinc.com, aleksander.lobakin@...el.com, ira.weiny@...el.com, andriy.shevchenko@...ux.intel.com, leon@...nel.org, lukas@...ner.de, bhelgaas@...gle.com, wagi@...nel.org, djeffery@...hat.com, stuart.w.hayes@...il.com, ptyadav@...zon.de, lennart@...ttering.net, brauner@...nel.org, linux-api@...r.kernel.org, linux-fsdevel@...r.kernel.org, saeedm@...dia.com, ajayachandra@...dia.com, parav@...dia.com, leonro@...dia.com, witu@...dia.com, hughd@...gle.com, chrisl@...nel.org, steven.sistare@...cle.com Subject: Re: [PATCH v4 00/30] Live Update Orchestrator On Thu, Oct 9, 2025 at 1:39 PM Jason Gunthorpe <jgg@...dia.com> wrote: > > On Thu, Oct 09, 2025 at 11:01:25AM -0400, Pasha Tatashin wrote: > > In this case we can enforce strict > > ordering during retrieval. If "struct file" can be retrieved by > > anything within the kernel, then that could be any kernel process > > during boot, meaning that charging is not going to be properly applied > > when kernel allocations are performed. > > Ugh, yeah, OK that's irritating and might burn us, but we did decide > on that strategy. > > > > I would argue it should always cause a preservation... > > > > > > But this is still backwards, what we need is something like > > > > > > liveupdate_preserve_file(session, file, &token); > > > my_preserve_blob.file_token = token > > > > We cannot do that, the user should have already preserved that file > > and provided us with a token to use, if that file was not preserved by > > the user it is a bug. With this proposal, we would have to generate a > > token, and it was argued that the kernel should not do that. > > The token is the label used as ABI across the kexec. Each entity doing > a serialization can operate it's labels however it needs. > > Here I am suggeting that when a kernel entity goes to record a struct > file in a kernel ABI structure it can get a kernel generated token for > it. Sure, we can consider allowing the kernel to preserve dependent FDs automatically in the future, but is there a compelling use case that requires it right now? For the initial implementation, I think we should stick to the simpler, agreed-upon plan: preservation order is explicitly defined by userspace. If a preserve() call fails due to an unmet dependency, the error is returned to the user, who is then responsible for correcting the order. This keeps the kernel logic straightforward and places the preservation responsibility squarely in userspace, where it belongs. Pasha
Powered by blists - more mailing lists