On Wed, 4 Sep 2019, Josh Poimboeuf wrote: > On Tue, Sep 03, 2019 at 03:02:34PM +0200, Miroslav Benes wrote: > > On Mon, 2 Sep 2019, Joe Lawrence wrote: > > > > > On 9/2/19 12:13 PM, Miroslav Benes wrote: > > > >> I can easily foresee more problems like those in the future. Going > > > >> forward we have to always keep track of which special sections are > > > >> needed for which architectures. Those special sections can change over > > > >> time, or can simply be overlooked for a given architecture. It's > > > >> fragile. > > > > > > > > Indeed. It bothers me a lot. Even x86 "port" is not feature complete in > > > > this regard (jump labels, alternatives,...) and who knows what lurks in > > > > the corners of the other architectures we support. > > > > > > > > So it is in itself reason enough to do something about late module > > > > patching. > > > > > > > > > > Hi Miroslav, > > > > > > I was tinkering with the "blue-sky" ideas that I mentioned to Josh the other > > > day. > > > > > I dunno if you had a chance to look at what removing that code looks > > > like, but I can continue to flesh out that idea if it looks interesting: > > > > Unfortunately no and I don't think I'll come up with something useful > > before LPC, so anything is really welcome. > > > > > > > > https://github.com/joe-lawrence/linux/tree/blue-sky > > I like this a lot. > > > > A full demo would require packaging up replacement .ko's with a livepatch, as > > > well as "blacklisting" those deprecated .kos, etc. But that's all I had time > > > to cook up last week before our holiday weekend here. > > > > Frankly, I'm not sure about this approach. I'm kind of torn. The current > > solution is far from ideal, but I'm not excited about the other options > > either. It seems like the choice is basically between "general but > > technically complicated fragile solution with nontrivial maintenance > > burden", or "something safer and maybe cleaner, but limiting for > > users/distros". Of course it depends on whether the limitation is even > > real and how big it is. Unfortunately we cannot quantify it much and that > > is probably why our opinions (in the email thread) differ. > > How would this option be "limiting for users/distros"? If the packaging > part of the solution is done correctly then I don't see how it would be > limiting. I'll try to explain my worries. Blacklisting first. Yes, I agree that it would make things a lot simpler, but I am afraid it would not fly at SUSE. Petr meanwhile explained elsewhere, but I don't think we can limit our customers that much. We perceive live patching as a product as much transparent as possible and as less intrusive as possible. One thing is to forbid to remove a module, the other is to forbid its loading. We could warn the admin. Something like "there is a fix for a module foo, which is not loaded currently. It will not be patched and the system will be still vulnerable if you load the module unless a new fixed version is provided." Yes, we can distribute the new version of .ko with a livepatch. What is the reason for blacklisting then? I don't probably understand, but either a module is loaded and we can patch it (without late module patching), or it is not and we could replace .ko on disk. Now, I don't think that replacing .ko on disk is a good idea. We've already discussed it. It would lead to a maintenance/packaging problem, because you never know which version of the module is loaded in the system. The state space grows rather rapidly there. But I may be wrong in my understanding, so bear with me. Miroslav
