SUSE Labs Conference 2018 - Live patching tricks
Most of the time, fixing a vulnerablility from a live patch is straight forward and local in nature: adding an additional bounds check, for example.
And then there's CPU bugs.
After a short recap of the kGraft and upstream kernel live patching's per-task consistency model, see how we managed to achieve global consistency by live patching kGraft itself. This enabled us to to change semantics on a running system: flipping CR4 bits, messing with page tables, etc. is all possible now.
Other highlights, unrelated to the consistency model, include
live patching entry code
fooling the non-eager mode FPU switching heuristics into being eager
Parts of this talk have been handled at a not so technical level at
https://www.suse.com/c/live-patching-...
Nicolai Stange
Смотрите видео SUSE Labs Conference 2018 - Live patching tricks онлайн, длительностью часов минут секунд в хорошем качестве, которое загружено на канал SUSE Labs 17 Сентябрь 2018. Делитесь ссылкой на видео в социальных сетях, чтобы ваши подписчики и друзья так же посмотрели это видео. Данный видеоклип посмотрели 253 раз и оно понравилось 2 посетителям.
