From: Ingo Molnar <mingo@kernel.org>
To: Jiri Kosina <jkosina@suse.cz>
Cc: Vojtech Pavlik <vojtech@suse.com>,
Josh Poimboeuf <jpoimboe@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
Andrew Morton <akpm@linux-foundation.org>,
Ingo Molnar <mingo@redhat.com>,
Seth Jennings <sjenning@redhat.com>,
linux-kernel@vger.kernel.org,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: live patching design (was: Re: [PATCH 1/3] sched: add sched_task_call())
Date: Sun, 22 Feb 2015 09:46:01 +0100 [thread overview]
Message-ID: <20150222084601.GA23491@gmail.com> (raw)
In-Reply-To: <alpine.LNX.2.00.1502212058080.2357@pobox.suse.cz>
* Jiri Kosina <jkosina@suse.cz> wrote:
> > > Or think of kernel that has some 3rd party vendor
> > > module loaded, and this module spawning a ktrehad
> > > that is not capable of parking itself.
> >
> > The kernel will refuse to live patch until the module
> > is fixed. It is a win by any measure.
>
> Depends on your point of view. If you are an
> administrator of the vulnerable system, you have no to
> very little clue why patching your system is not possible
> (and what you should to to have it fixed in the coming
> days, before your system is taken down by attackers, for
> example), and would be really sad to be forced to run
> with unpatched system.
I don't see what precise argument you are making here. That
we are unable to fix possible bugs in binary only modules?
News at 11.
Or are you making the argument that we should design our
core kernel capabilities to be deficient, just to
accomodate hypothetical scenarios with buggy third party
modules that create unparkable kernel threads? That would
be a crazy proposition.
> > Why would __notrace__ functions be a problem in the
> > 'simple' method? Live patching with this method will
> > work even if ftrace is not built in, we can just patch
> > out the function in the simplest possible fashion,
> > because we do it atomically and don't have to worry
> > about per task 'transition state' - like kGraft does.
> >
> > It's a massive simplification and there's no need to
> > rely on ftrace's mcount trick. (Sorry Steve!)
>
> This would indeed be possible iff we take the "global
> synchronizing point" aproach you are proposing. [...]
Yes.
> [...] Still technicalities to be solved (what happens if
> you are patching that already has ftrace on it, etc), but
> probably nothing principal.
Correct.
> > > So it's not black and white, it's really a rather
> > > philosophical question where to draw the line (and
> > > make sure that everyone is aware of where the line is
> > > and what it means).
> >
> > Out of the three examples you mentioned, two are
> > actually an advantage to begin with - so I'd suggest
> > you stop condescending me ...
>
> Ugh, if you feel my e-mails like attempts to condescend
> you, I am really surprised; I thought we are discussing
> technical details. If you feel otherwise, we should
> probably just stop discussing then.
I am making specific technical arguments, but you attempted
to redirect my very specific arguments towards 'differences
in philosophy' and 'where to draw the line'. Lets discuss
the merits and brush them aside as 'philosophical
differences' or a made up category of 'consistency models'.
Anyway, let me try to reboot this discussion back to
technological details by summing up my arguments in another
mail.
Thanks,
Ingo
next prev parent reply other threads:[~2015-02-22 8:46 UTC|newest]
Thread overview: 86+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-16 18:52 [PATCH 0/3] prevent /proc/<pid>/stack garbage for running tasks Josh Poimboeuf
2015-02-16 18:52 ` [PATCH 1/3] sched: add sched_task_call() Josh Poimboeuf
2015-02-16 20:44 ` Peter Zijlstra
2015-02-16 22:05 ` Josh Poimboeuf
2015-02-17 9:24 ` Peter Zijlstra
2015-02-17 14:12 ` Josh Poimboeuf
2015-02-17 18:15 ` Peter Zijlstra
2015-02-17 21:25 ` Josh Poimboeuf
2015-02-18 15:21 ` Peter Zijlstra
2015-02-18 17:12 ` Josh Poimboeuf
2015-02-19 0:20 ` Peter Zijlstra
2015-02-19 4:17 ` Josh Poimboeuf
2015-02-19 10:16 ` Peter Zijlstra
2015-02-19 16:24 ` Josh Poimboeuf
2015-02-19 16:33 ` Vojtech Pavlik
2015-02-19 17:03 ` Josh Poimboeuf
2015-02-19 17:08 ` Jiri Kosina
2015-02-19 17:19 ` Vojtech Pavlik
2015-02-19 17:32 ` Josh Poimboeuf
2015-02-19 17:48 ` Vojtech Pavlik
2015-02-19 20:40 ` Vojtech Pavlik
2015-02-19 21:42 ` Josh Poimboeuf
2015-02-20 7:46 ` Jiri Kosina
2015-02-20 8:49 ` Jiri Kosina
2015-02-20 9:50 ` Ingo Molnar
2015-02-20 10:02 ` Jiri Kosina
2015-02-20 10:44 ` live patching design (was: Re: [PATCH 1/3] sched: add sched_task_call()) Ingo Molnar
2015-02-20 10:58 ` Jiri Kosina
2015-02-20 19:49 ` Ingo Molnar
2015-02-20 21:46 ` Vojtech Pavlik
2015-02-20 22:08 ` Josh Poimboeuf
2015-02-21 18:30 ` Ingo Molnar
2015-02-22 8:52 ` Jiri Kosina
2015-02-22 10:17 ` Ingo Molnar
2015-02-22 19:18 ` Jiri Kosina
2015-02-23 12:43 ` Jiri Kosina
2015-02-24 10:37 ` Ingo Molnar
2015-02-21 18:18 ` Ingo Molnar
2015-02-21 18:57 ` Jiri Kosina
2015-02-21 19:16 ` Ingo Molnar
2015-02-21 19:31 ` Jiri Kosina
2015-02-21 19:48 ` Ingo Molnar
2015-02-21 20:10 ` Jiri Kosina
2015-02-21 20:53 ` Jiri Kosina
2015-02-22 8:46 ` Ingo Molnar [this message]
2015-02-22 9:08 ` Jiri Kosina
2015-02-22 9:46 ` live kernel upgrades (was: live kernel patching design) Ingo Molnar
2015-02-22 10:34 ` Ingo Molnar
2015-02-22 10:48 ` Ingo Molnar
2015-02-22 19:13 ` Jiri Kosina
2015-02-22 23:01 ` Andrew Morton
2015-02-23 0:18 ` Dave Airlie
2015-02-23 0:44 ` Arjan van de Ven
2015-02-23 8:17 ` Jiri Kosina
2015-02-23 10:42 ` Richard Weinberger
2015-02-23 11:08 ` Vojtech Pavlik
2015-02-23 11:50 ` Pavel Machek
2015-02-24 9:16 ` Ingo Molnar
2015-02-24 12:28 ` Jiri Slaby
2015-03-05 0:51 ` Ingo Molnar
2015-02-23 6:35 ` Vojtech Pavlik
2015-02-24 9:44 ` Ingo Molnar
2015-02-24 12:12 ` Vojtech Pavlik
2015-02-24 10:53 ` Ingo Molnar
2015-02-24 12:19 ` Vojtech Pavlik
2015-02-22 14:37 ` Josh Poimboeuf
2015-02-22 16:40 ` Josh Poimboeuf
2015-02-22 19:03 ` Jiri Kosina
2015-02-24 10:23 ` Ingo Molnar
2015-02-24 11:10 ` Petr Mladek
2015-02-24 12:36 ` Vojtech Pavlik
2015-02-23 11:39 ` Pavel Machek
2015-02-24 10:25 ` Ingo Molnar
2015-02-24 12:11 ` Jiri Slaby
2015-02-24 13:18 ` live kernel upgrades Pavel Emelyanov
2015-02-20 16:12 ` [PATCH 1/3] sched: add sched_task_call() Josh Poimboeuf
2015-02-20 20:08 ` Ingo Molnar
2015-02-20 21:22 ` Josh Poimboeuf
2015-02-20 17:05 ` Josh Poimboeuf
2015-02-19 21:26 ` Jiri Kosina
2015-02-19 21:38 ` Jiri Kosina
2015-02-19 23:11 ` Josh Poimboeuf
2015-02-16 18:52 ` [PATCH 2/3] stacktrace: add save_stack_trace_tsk_safe() Josh Poimboeuf
2015-02-18 0:13 ` Andrew Morton
2015-02-20 9:32 ` Jiri Kosina
2015-02-16 18:52 ` [PATCH 3/3] proc: fix /proc/<pid>/stack for running tasks Josh Poimboeuf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150222084601.GA23491@gmail.com \
--to=mingo@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=jkosina@suse.cz \
--cc=jpoimboe@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=sjenning@redhat.com \
--cc=torvalds@linux-foundation.org \
--cc=vojtech@suse.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox