On 7/16/24 05:53, Roman Rashchupkin wrote: >>> The first thing that comes to mind is that this might be solved using >>> the existing shadow variable API. > >> Same. > > I just don't have enough experience using live-patch shadow-variables, > so I agree that probably that's a better general solution for problem > (1) of refcount underflow, than mine refholder flags. > Yes, a general solution could cover the same problem but for different datatypes, including locks, mutex, etc. >> I can confirm that this scenario happens quite often with real world CVE >> fixes and there's currently no way to implement such changes safely from >> a livepatch. But I also believe this is an instance of a broader problem >> class we attempted to solve with that "enhanced" states API proposed and >> discussed at LPC ([1], there's a link to a recording at the bottom). For >> reference, see Petr's POC from [2]. Thanks for the link -- I thought of that grand-unified shadow/callback/states patch but couldn't find the latest version. (I see that Miroslav has just resurrected it with a fresh review, too.) >> I think the problem of consistently maintaining shadowed reference >> counts (or anything shadowed for that matter) could be solved with the >> help of aforementioned states API enhancements, so I would propose to >> revive Petr's IMO more generic patchset as an alternative. >> >> Thoughts? >> I definitely think the states API enhancement could be used to handle the cases here via shadow variables. In the meantime, are you using the kprefcount_t API currently via a livepatch support module? i.e. we don't need this in the kernel asap to solve these problems, right? -- Joe
