From: Jiri Slaby <jslaby@suse.cz>
To: One Thousand Gnomes <gnomes@lxorguk.ukuu.org.uk>
Cc: linux-kernel@vger.kernel.org, tj@kernel.org, rostedt@goodmis.org,
mingo@redhat.com, akpm@linux-foundation.org, andi@firstfloor.org,
paulmck@linux.vnet.ibm.com, pavel@ucw.cz, jirislaby@gmail.com,
Vojtech Pavlik <vojtech@suse.cz>, Michael Matz <matz@suse.de>,
Jiri Kosina <jkosina@suse.cz>, Udo Seidel <udoseidel@gmx.de>
Subject: Re: [PATCH -repost 05/21] kgr: update Kconfig documentation
Date: Thu, 26 Jun 2014 10:25:31 +0200 [thread overview]
Message-ID: <53ABD8FB.9000700@suse.cz> (raw)
In-Reply-To: <20140625134212.4fb38e14@alan.etchedpixels.co.uk>
On 06/25/2014 02:42 PM, One Thousand Gnomes wrote:
> On Wed, 25 Jun 2014 13:06:59 +0200
> Jiri Slaby <jslaby@suse.cz> wrote:
>
>> This is based on Udo's text which was augmented in this patch.
>>
>> Signed-off-by: Jiri Slaby <jslaby@suse.cz>
>> Cc: Udo Seidel <udoseidel@gmx.de>
>> Cc: Vojtech Pavlik <vojtech@suse.cz>
>> ---
>> kernel/Kconfig.kgraft | 3 +++
>> samples/Kconfig | 4 ++++
>> 2 files changed, 7 insertions(+)
>>
>> diff --git a/kernel/Kconfig.kgraft b/kernel/Kconfig.kgraft
>> index f38d82c06580..bead93646071 100644
>> --- a/kernel/Kconfig.kgraft
>> +++ b/kernel/Kconfig.kgraft
>> @@ -5,3 +5,6 @@ config KGRAFT
>> bool "kGraft infrastructure"
>> depends on DYNAMIC_FTRACE_WITH_REGS
>> depends on HAVE_KGRAFT
>> + help
>> + Select this to enable kGraft online kernel patching. The
>> + runtime price is zero, so it is safe to say Y here.
>> diff --git a/samples/Kconfig b/samples/Kconfi
>
> The runtime impact is that you've just introduced a virus and trojan
> writers delight into your kernel. There's a balance between convenience
> and security but given most users will never use kgraft this advice seems
> incorrect.
This now writes:
+ help
+ Select this to enable kGraft online kernel patching. The
+ runtime price is nearly zero, so it is safe to say Y here
+ provided you are aware of all the consequences (e.g. in
+ security).
Is it OK with you?
thanks,
--
js
suse labs
next prev parent reply other threads:[~2014-06-26 8:25 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-25 11:06 [PATCH -repost 01/21] ftrace: Add function to find fentry of function Jiri Slaby
2014-06-25 11:06 ` [PATCH -repost 02/21] ftrace: Make ftrace_is_dead available globally Jiri Slaby
2014-06-25 11:06 ` [PATCH -repost 03/21] kgr: initial code Jiri Slaby
2014-06-25 11:06 ` [PATCH -repost 04/21] kgr: add testing kgraft patch Jiri Slaby
2014-06-25 11:06 ` [PATCH -repost 05/21] kgr: update Kconfig documentation Jiri Slaby
2014-06-25 12:42 ` One Thousand Gnomes
2014-06-26 8:25 ` Jiri Slaby [this message]
2014-06-26 8:34 ` Jiri Kosina
2014-06-27 19:18 ` Pavel Machek
2014-07-04 9:14 ` Jiri Slaby
2014-07-04 10:35 ` Pavel Machek
2014-07-05 19:47 ` Jiri Kosina
2014-07-06 12:35 ` Pavel Machek
2014-06-25 11:07 ` [PATCH -repost 06/21] kgr: add Documentation Jiri Slaby
2014-06-25 11:07 ` [PATCH -repost 07/21] kgr: trigger the first check earlier Jiri Slaby
2014-06-25 11:07 ` [PATCH -repost 08/21] kgr: sched.h, introduce kgr_task_safe helper Jiri Slaby
2014-06-25 11:07 ` [PATCH -repost 09/21] kgr: mark task_safe in some kthreads Jiri Slaby
2014-06-25 11:07 ` [PATCH -repost 10/21] kgr: kthreads support Jiri Slaby
2014-06-25 11:07 ` [PATCH -repost 11/21] kgr: handle irqs Jiri Slaby
2014-06-25 11:07 ` [PATCH -repost 12/21] kgr: add MAINTAINERS entry Jiri Slaby
2014-06-25 11:07 ` [PATCH -repost 13/21] kgr: x86: refuse to build without fentry support Jiri Slaby
2014-06-25 11:07 ` [PATCH -repost 14/21] kgr: add procfs interface for per-process 'kgr_in_progress' Jiri Slaby
2014-06-25 11:07 ` [PATCH -repost 15/21] kgr: make a per-process 'in progress' flag a single bit Jiri Slaby
2014-06-25 11:07 ` [PATCH -repost 16/21] kgr: add support for missing functions Jiri Slaby
2014-06-25 11:07 ` [PATCH -repost 17/21] kgr: exercise non-present function Jiri Slaby
2014-06-25 11:07 ` [PATCH -repost 18/21] kgr: fix race of stub and patching Jiri Slaby
2014-06-25 11:07 ` [PATCH -repost 19/21] kgr: expose global 'in_progress' state through procfs Jiri Slaby
2014-06-25 11:07 ` [PATCH -repost 20/21] kgr: rephrase the "kGraft failed" message Jiri Slaby
2014-06-25 11:07 ` [PATCH -repost 21/21] kgr: x86: optimize handling of CPU-bound tasks Jiri Slaby
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53ABD8FB.9000700@suse.cz \
--to=jslaby@suse.cz \
--cc=akpm@linux-foundation.org \
--cc=andi@firstfloor.org \
--cc=gnomes@lxorguk.ukuu.org.uk \
--cc=jirislaby@gmail.com \
--cc=jkosina@suse.cz \
--cc=linux-kernel@vger.kernel.org \
--cc=matz@suse.de \
--cc=mingo@redhat.com \
--cc=paulmck@linux.vnet.ibm.com \
--cc=pavel@ucw.cz \
--cc=rostedt@goodmis.org \
--cc=tj@kernel.org \
--cc=udoseidel@gmx.de \
--cc=vojtech@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).