On 06/27/2014 09:18 PM, Pavel Machek wrote: >>> This now writes: >>> + help >>> + Select this to enable kGraft online kernel patching. The >>> + runtime price is nearly zero, so it is safe to say Y here >>> + provided you are aware of all the consequences (e.g. in >>> + security). >>> >>> Is it OK with you? >> >> This might cause a false impression that we are actually opening a >> security hole into a system, which is not true at all. >> >> Yes, backdoor writeres might (or might not) make use of kGraft API, but >> they have gazillion of other comparable options (*probes, ftrace, >> text_poke(), ...). >> >> I'd perhaps propose something like >> >> "Select this to enable kGraft live kernel patching. The runtime penalty is >> nearly zero, so it is safe to say Y here if you want the kernel to expose >> API for live patching to modules". > > Well. People that are not distro vendors will not prepare patches for > themselves, right?
Hi, why do you believe so? But it is not so important, see below. > And patches prepared for suse will not work on > self-configured kernels. > > So probably everyone should say "N" here... The text is formulated correctly and satisfies your concerns, I think. Say Y, if you want the API... thanks, -- js suse labs -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
