From: Michal Hocko <mhocko@suse.com>
To: Sasha Levin <sashal@kernel.org>
Cc: Breno Leitao <leitao@debian.org>,
Andrew Morton <akpm@linux-foundation.org>,
corbet@lwn.net, skhan@linuxfoundation.org,
linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-kselftest@vger.kernel.org, gregkh@linuxfoundation.org
Subject: Re: [PATCH] killswitch: add per-function short-circuit mitigation primitive
Date: Mon, 11 May 2026 18:10:20 +0200 [thread overview]
Message-ID: <agH_bGUTvWm2h5g4@tiehlicka> (raw)
In-Reply-To: <agH7_QBPLWKTZucB@laps>
On Mon 11-05-26 11:55:41, Sasha Levin wrote:
> On Mon, May 11, 2026 at 04:25:57PM +0200, Michal Hocko wrote:
> > On Mon 11-05-26 09:56:30, Sasha Levin wrote:
> > > On Mon, May 11, 2026 at 03:49:24PM +0200, Michal Hocko wrote:
> > > > On Mon 11-05-26 09:39:32, Sasha Levin wrote:
> > > > > On Mon, May 11, 2026 at 03:07:51PM +0200, Michal Hocko wrote:
> > > > > In a similar way to how they would know if a given livepatch is safe to apply -
> > > > > ideally it would be communicated by the vendor/distro/kernel team.
> > > >
> > > > You have missed my point. KLP takes an extra steps to make sure patching
> > > > a particular function is safe to modify or to put the change into the
> > > > effect.
> > >
> > > Safety checks like making sure the patched function is on the stack, or did you
> > > mean something else?
> >
> > Yes, exactly what LP infrastructure already provides.
>
> But do we actually need it here?
If not then you can simply systemtap or use BPF to inject the code. In
other words we have several ways how to runtime modify the kernel so
before yet another interface is provided (with a non-trivial amount of
code and very limited functionality) you should really start by
describing why none of the existing one is fitting well.
I do understand your argument that solutions based on loading a module
might have an additional step to deal with (AFAIK you do not need to
build your own kernel to deploy your key) is that a brohibitive
roadblock? We also do have fault injection which is much less convenient
because of all the existing constraines but can those be elevated?
So nothing really against playing with ideas nad LLMs to generated a
quick PoC. That is all good but for this to be considered more seriously
I think we really need to think deeper whether the existing
infrastructure is really not fitting and if not whether it could be
changed to cover more usecase like the one you have mentioned here and I
believe it is something worth thinking about.
--
Michal Hocko
SUSE Labs
next prev parent reply other threads:[~2026-05-11 16:10 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-07 7:05 [PATCH] killswitch: add per-function short-circuit mitigation primitive Sasha Levin
2026-05-07 10:47 ` Greg KH
2026-05-07 13:40 ` Sasha Levin
2026-05-07 16:23 ` Greg KH
2026-05-07 15:21 ` Jonathan Corbet
2026-05-08 13:44 ` Sasha Levin
2026-05-08 15:40 ` Joshua Peisach
2026-05-08 15:48 ` Mathieu Desnoyers
2026-05-08 16:13 ` Sasha Levin
2026-05-08 16:18 ` Mathieu Desnoyers
2026-05-08 16:23 ` Sasha Levin
2026-05-08 16:26 ` Mathieu Desnoyers
2026-05-08 16:54 ` Sasha Levin
2026-05-08 20:56 ` Andrew Morton
2026-05-08 21:47 ` Sasha Levin
2026-05-08 23:49 ` Andrew Morton
2026-05-09 0:15 ` Sasha Levin
2026-05-09 0:36 ` Andrew Morton
2026-05-11 11:41 ` Breno Leitao
2026-05-11 13:07 ` Michal Hocko
2026-05-11 13:39 ` Sasha Levin
2026-05-11 13:49 ` Michal Hocko
2026-05-11 13:56 ` Sasha Levin
2026-05-11 14:25 ` Michal Hocko
2026-05-11 15:55 ` Sasha Levin
2026-05-11 16:10 ` Michal Hocko [this message]
2026-05-11 16:45 ` Sasha Levin
2026-05-11 17:10 ` Michal Hocko
2026-05-11 18:09 ` Sasha Levin
2026-05-11 13:40 ` Breno Leitao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=agH_bGUTvWm2h5g4@tiehlicka \
--to=mhocko@suse.com \
--cc=akpm@linux-foundation.org \
--cc=corbet@lwn.net \
--cc=gregkh@linuxfoundation.org \
--cc=leitao@debian.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=sashal@kernel.org \
--cc=skhan@linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox