Re: [PATCHv7 2/3] kernel: add support for live patching
From: Jiri Kosina
Date: Fri Dec 19 2014 - 02:40:22 EST
On Tue, 16 Dec 2014, Seth Jennings wrote:
> This commit introduces code for the live patching core. It implements
> an ftrace-based mechanism and kernel interface for doing live patching
> of kernel and kernel module functions.
>
> It represents the greatest common functionality set between kpatch and
> kgraft and can accept patches built using either method.
>
> This first version does not implement any consistency mechanism that
> ensures that old and new code do not run together. In practice, ~90% of
> CVEs are safe to apply in this way, since they simply add a conditional
> check. However, any function change that can not execute safely with
> the old version of the function can _not_ be safely applied in this
> version.
>
> Signed-off-by: Seth Jennings <sjenning@xxxxxxxxxx>
> Signed-off-by: Josh Poimboeuf <jpoimboe@xxxxxxxxxx>
I have finally finished reviewing this as well.
Reviewed-by: Jiri Kosina <jkosina@xxxxxxx>
and
Signed-off-by: Jiri Kosina <jkosina@xxxxxxx>
for the changes I contributed.
I'll wait a bit more to eventually gather more acks / review comments, and
will then push it to git.kernel.org repository (with SUSE copyright added
to livepatch.c) and have included in linux-next, as discussed before.
Thanks!
--
Jiri Kosina
SUSE Labs
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/