Категории

SUSE Labs Conference 2018 - Live patching tricks

Опубликовано: 17 Сентябрь 2018
на канале: SUSE Labs
253
2

Most of the time, fixing a vulnerablility from a live patch is straight forward and local in nature: adding an additional bounds check, for example.

And then there's CPU bugs.

After a short recap of the kGraft and upstream kernel live patching's per-task consistency model, see how we managed to achieve global consistency by live patching kGraft itself. This enabled us to to change semantics on a running system: flipping CR4 bits, messing with page tables, etc. is all possible now.

Other highlights, unrelated to the consistency model, include
live patching entry code
fooling the non-eager mode FPU switching heuristics into being eager

Parts of this talk have been handled at a not so technical level at
https://www.suse.com/c/live-patching-...



Nicolai Stange

Смотрите видео SUSE Labs Conference 2018 - Live patching tricks онлайн без регистрации, длительностью часов минут секунд в хорошем качестве. Это видео добавил пользователь SUSE Labs 17 Сентябрь 2018, не забудьте поделиться им ссылкой с друзьями и знакомыми, на нашем сайте его посмотрели 253 раз и оно понравилось 2 людям.

play_arrow
88
0

Американская Акита Тайва 4 мес.

Американская Акита Тайва 4 мес.
play_arrow
20
1

First time playing Wuthering waves | Clacharo vs Level 35 Crownless

First time playing Wuthering waves | Clacharo vs Level 35 Crownless
play_arrow
7,061
252

ГАЙД! Как заработать миллионы в игре Arena Breakout Infinite!

ГАЙД! Как заработать миллионы в игре Arena Breakout Infinite!
play_arrow
922,369
15 тыс

DARK PEASANT vs SAITAMA ONE PUNCH MAN DARK PEASANT vs WEB TABS UNITS and STALINGRAD 4

DARK PEASANT vs SAITAMA ONE PUNCH MAN DARK PEASANT vs WEB TABS UNITS and STALINGRAD 4
play_arrow
59
1

JUST GO HOME | Spongebob Killer Pants

JUST GO HOME | Spongebob Killer Pants
play_arrow
58,939
2.3 тыс

Đi Mua S1000RR Cùng Tới Tài Tử

Đi Mua S1000RR Cùng Tới Tài Tử
play_arrow
16
0

17 de julho de 2023

17 de julho de 2023
play_arrow
85
3

Kilian knows how to play the game

Kilian knows how to play the game

Похожие видео
play_arrow
Richard Biener: Compute offloading to your GPU with GCC and OpenMP

Richard Biener: Compute offloading to your GPU with GCC and OpenMP
play_arrow
Christian Goll: Warewulf - making cluster installations fast and reliable

Christian Goll: Warewulf - making cluster installations fast and reliable
play_arrow
Arne Wolf & Dario Faggioli: SAP HANA on KVM @ SUSE

Arne Wolf & Dario Faggioli: SAP HANA on KVM @ SUSE
play_arrow
David Mulder: Bridging Worlds: Linux and Azure AD

David Mulder: Bridging Worlds: Linux and Azure AD
play_arrow
Ondrej Holecek: SUSE Manager 5: A containerization story

Ondrej Holecek: SUSE Manager 5: A containerization story
play_arrow
Thorsten Kukuk: Update from the Future Technology Team

Thorsten Kukuk: Update from the Future Technology Team
play_arrow
Ignaz Forster: State of transactional-update: soft-reboots and less overlays

Ignaz Forster: State of transactional-update: soft-reboots and less overlays
play_arrow
Jan Kara: Recent page cache and VFS changes

Jan Kara: Recent page cache and VFS changes
play_arrow
Martin Jambor, Jan Hubicka: Optimizing C++ std::vector use in GCC 14

Martin Jambor, Jan Hubicka: Optimizing C++ std::vector use in GCC 14
play_arrow
Valentin Lefebvre: Securitized the initramfs and the UKI

Valentin Lefebvre: Securitized the initramfs and the UKI
play_arrow
Luna Dragon: Deep dive into Cockpit

Luna Dragon: Deep dive into Cockpit
play_arrow
Coly Li: What is bcachefs - outside and inside introduction

Coly Li: What is bcachefs - outside and inside introduction
play_arrow
Daniel Garcia: rpmlint GSoC experience

Daniel Garcia: rpmlint GSoC experience
play_arrow
Alberto Planas Dominguez: Current state of Full Disk Encryption in openSUSE

Alberto Planas Dominguez: Current state of Full Disk Encryption in openSUSE
play_arrow
Jiri Wiesner: Measuring latency with ftrace

Jiri Wiesner: Measuring latency with ftrace
play_arrow
Miroslav Franc: Linux's SECCOMP, its usecases and problems

Miroslav Franc: Linux's SECCOMP, its usecases and problems
play_arrow
Danilo Spinella: rinstall: make install for non-C projects, the modern way

Danilo Spinella: rinstall: make install for non-C projects, the modern way
play_arrow
Ludwig Nussel: Systemd-boot status update

Ludwig Nussel: Systemd-boot status update
play_arrow
Johannes Segitz: ALP and SELinux: One year later

Johannes Segitz: ALP and SELinux: One year later
play_arrow
Cyril Hrubis: Particularities of kernel test executor

Cyril Hrubis: Particularities of kernel test executor
play_arrow
Darragh O'Reilly: Server monitoring at SUSE using Velociraptor

Darragh O'Reilly: Server monitoring at SUSE using Velociraptor
play_arrow
Roy Hopkins: Establishing root seeds in a vTPM with COCONUT-SVSM in Confidential VM Remote

Roy Hopkins: Establishing root seeds in a vTPM with COCONUT-SVSM in Confidential VM Remote
play_arrow
Enno Gotthold: Orthos 2 past & future

Enno Gotthold: Orthos 2 past & future
play_arrow
Danilo Spinella: openSUSE packaging compared: is macro the way to go?

Danilo Spinella: openSUSE packaging compared: is macro the way to go?