[cgl_discussion] Live patching project announcement

Takashi Ikebe ikebe.takashi at lab.ntt.co.jp
Thu Jun 10 18:22:55 PDT 2004


 >man documentation
OK, We'll make man documentation, and update it.
please wait.

 > How do you debug your application after it has been patched?  It's 
pretty
 > easy to send a bogus patch (did it a couple of times so far while
 > experimenting with the technology), but when the process segfaults...
 > then what?

One possible debug way is build offline patched (means apply new 
function to old source code) source and debug it.
And if we can find that there is no bug, then we make patch module 
funciton.
Then we crefully test patch before we apply to actual service 
system(as we make documentation soon,), because "jmp" assembly code 
needs 5 byte, and if overwirte it with out test, some context's stack 
may be back to between overwriten address(means back to within 
overwritten 5 byte),  then process goes crash.
So before apply this, we need to carefuly test it and also need to 
search each process's context's current eip, stack's and other 
possible jmp target address(means while, or goto, etc which does not 
use stack).

 > Do you think the time delay in applying the patch will need to 
always be
 > as long as it is now?  Looks like we interrupt the process for 5sec 
now.
 > Wouldn't that cause you to loose most of your sessions and 
therefore loose
 > the benefit of not just stopping/starting to a new version of you app.

The new version improve this one, and also SMP, thread.
I think we can open it after october, then I hope we can ask 
everyone's help to make pannus more useful one.

I'll make ML on web available soon,  after that, I'll forward this 
disscussion there, this kind of discussion is very useful.
Thank you.

Rusty Lynch wrote:
> On Thu, Jun 10, 2004 at 10:26:59AM +0900, Takashi Ikebe wrote:
> 
>>Hello,
>>Yes, that is correct, and current release does not have any function
>>to prevent to be abused syscall from.
>>We are developing new version internaly and new version's systemcall
>>is only available by root.
> 
> 
> Interesting technology.  I'm playing around with your sample, but the project
> is in bad need of some documentation. At least a man page for the pannus
> utility.
> 
> A couple of questions:
> 
> How do you debug your application after it has been patched?  It's pretty
> easy to send a bogus patch (did it a couple of times so far while
> experimenting with the technology), but when the process segfaults...
> then what?
> 
> Do you think the time delay in applying the patch will need to always be
> as long as it is now?  Looks like we interrupt the process for 5sec now.
> Wouldn't that cause you to loose most of your sessions and therefore loose
> the benefit of not just stopping/starting to a new version of you app.
> 
>     --rusty


-- 
Takashi Ikebe
NTT Network Service Systems Laboratories
9-11, Midori-Cho 3-Chome Musashino-Shi,
Tokyo 180-8585 Japan
Tel : +81 422 59 4246, Fax : +81 422 60 4012
e-mail : ikebe.takashi at lab.ntt.co.jp



More information about the cgl_discussion mailing list