On Thu, 26 Jun 2014, Jiri Slaby wrote: > >> --- > >> kernel/Kconfig.kgraft | 3 +++ > >> samples/Kconfig | 4 ++++ > >> 2 files changed, 7 insertions(+) > >> > >> diff --git a/kernel/Kconfig.kgraft b/kernel/Kconfig.kgraft > >> index f38d82c06580..bead93646071 100644 > >> --- a/kernel/Kconfig.kgraft > >> +++ b/kernel/Kconfig.kgraft > >> @@ -5,3 +5,6 @@ config KGRAFT > >> bool "kGraft infrastructure" > >> depends on DYNAMIC_FTRACE_WITH_REGS > >> depends on HAVE_KGRAFT > >> + help > >> + Select this to enable kGraft online kernel patching. The > >> + runtime price is zero, so it is safe to say Y here. > >> diff --git a/samples/Kconfig b/samples/Kconfi > > > > The runtime impact is that you've just introduced a virus and trojan > > writers delight into your kernel. There's a balance between convenience > > and security but given most users will never use kgraft this advice seems > > incorrect. > > This now writes: > + help > + Select this to enable kGraft online kernel patching. The > + runtime price is nearly zero, so it is safe to say Y here > + provided you are aware of all the consequences (e.g. in > + security). > > Is it OK with you?
This might cause a false impression that we are actually opening a security hole into a system, which is not true at all. Yes, backdoor writeres might (or might not) make use of kGraft API, but they have gazillion of other comparable options (*probes, ftrace, text_poke(), ...). I'd perhaps propose something like "Select this to enable kGraft live kernel patching. The runtime penalty is nearly zero, so it is safe to say Y here if you want the kernel to expose API for live patching to modules". -- Jiri Kosina SUSE Labs -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
