Re: [PATCHv2 2/3] kernel: add support for live patching

From: Miroslav Benes
Date: Thu Nov 20 2014 - 08:10:36 EST

On Sun, 16 Nov 2014, Seth Jennings wrote:

> This commit introduces code for the live patching core. It implements
> an ftrace-based mechanism and kernel interface for doing live patching
> of kernel and kernel module functions.
> It represents the greatest common functionality set between kpatch and
> kgraft and can accept patches built using either method.
> This first version does not implement any consistency mechanism that
> ensures that old and new code do not run together. In practice, ~90% of
> CVEs are safe to apply in this way, since they simply add a conditional
> check. However, any function change that can not execute safely with
> the old version of the function can _not_ be safely applied in this
> version.
> Signed-off-by: Seth Jennings <sjenning@xxxxxxxxxx>


below is the patch which merges the internal and external data structures
(so it is only one part of our original patch for version 1). Apart from
that I tried to make minimal changes to the code. Only unnecessary
kobjects were removed and I renamed lpc_create_* functions to lpc_init_*
as it made more sense in this approach, I think.

I hope this clearly shows our point of view stated previously. What do
you say?

Next, I'll look at the three level hierarchy and sysfs directory and see
if we can make it simpler yet keep its advantages.


Miroslav Benes

-- >8 --