SUSE Labs Conference 2018 - Live patching tricks
Most of the time, fixing a vulnerablility from a live patch is straight forward and local in nature: adding an additional bounds check, for example.
And then there's CPU bugs.
After a short recap of the kGraft and upstream kernel live patching's per-task consistency model, see how we managed to achieve global consistency by live patching kGraft itself. This enabled us to to change semantics on a running system: flipping CR4 bits, messing with page tables, etc. is all possible now.
Other highlights, unrelated to the consistency model, include
live patching entry code
fooling the non-eager mode FPU switching heuristics into being eager
Parts of this talk have been handled at a not so technical level at
https://www.suse.com/c/live-patching-...
Nicolai Stange
Watch video SUSE Labs Conference 2018 - Live patching tricks online without registration, duration hours minute second in high quality. This video was added by user SUSE Labs 17 September 2018, don't forget to share it with your friends and acquaintances, it has been viewed on our site 253 once and liked it 2 people.