[cgl_discussion] Live patching project announcement
Takashi Ikebe
ikebe.takashi at lab.ntt.co.jp
Thu Jun 10 18:22:55 PDT 2004
>man documentation
OK, We'll make man documentation, and update it.
please wait.
> How do you debug your application after it has been patched? It's
pretty
> easy to send a bogus patch (did it a couple of times so far while
> experimenting with the technology), but when the process segfaults...
> then what?
One possible debug way is build offline patched (means apply new
function to old source code) source and debug it.
And if we can find that there is no bug, then we make patch module
funciton.
Then we crefully test patch before we apply to actual service
system(as we make documentation soon,), because "jmp" assembly code
needs 5 byte, and if overwirte it with out test, some context's stack
may be back to between overwriten address(means back to within
overwritten 5 byte), then process goes crash.
So before apply this, we need to carefuly test it and also need to
search each process's context's current eip, stack's and other
possible jmp target address(means while, or goto, etc which does not
use stack).
> Do you think the time delay in applying the patch will need to
always be
> as long as it is now? Looks like we interrupt the process for 5sec
now.
> Wouldn't that cause you to loose most of your sessions and
therefore loose
> the benefit of not just stopping/starting to a new version of you app.
The new version improve this one, and also SMP, thread.
I think we can open it after october, then I hope we can ask
everyone's help to make pannus more useful one.
I'll make ML on web available soon, after that, I'll forward this
disscussion there, this kind of discussion is very useful.
Thank you.
Rusty Lynch wrote:
> On Thu, Jun 10, 2004 at 10:26:59AM +0900, Takashi Ikebe wrote:
>
>>Hello,
>>Yes, that is correct, and current release does not have any function
>>to prevent to be abused syscall from.
>>We are developing new version internaly and new version's systemcall
>>is only available by root.
>
>
> Interesting technology. I'm playing around with your sample, but the project
> is in bad need of some documentation. At least a man page for the pannus
> utility.
>
> A couple of questions:
>
> How do you debug your application after it has been patched? It's pretty
> easy to send a bogus patch (did it a couple of times so far while
> experimenting with the technology), but when the process segfaults...
> then what?
>
> Do you think the time delay in applying the patch will need to always be
> as long as it is now? Looks like we interrupt the process for 5sec now.
> Wouldn't that cause you to loose most of your sessions and therefore loose
> the benefit of not just stopping/starting to a new version of you app.
>
> --rusty
--
Takashi Ikebe
NTT Network Service Systems Laboratories
9-11, Midori-Cho 3-Chome Musashino-Shi,
Tokyo 180-8585 Japan
Tel : +81 422 59 4246, Fax : +81 422 60 4012
e-mail : ikebe.takashi at lab.ntt.co.jp
More information about the cgl_discussion
mailing list