Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Kernel Live Patching #305

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Kernel Live Patching #305

wants to merge 5 commits into from

Conversation

dmpop
Copy link
Contributor

@dmpop dmpop commented Mar 6, 2024

Description

Rewrite the Kernel Live Patching from scratch

Are there any relevant issues/feature requests?

Is this (based on) existing content?

@dmpop dmpop added the WIP Work in progress. Do not merge! label Mar 6, 2024
Copy link
Contributor

@taroth21 taroth21 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you, this works very well as a Smart Doc! Sorry for the large number of comments and suggestions but a great deal of them are about updating the metadata to the latest templates only.

Regarding the content, only some minor nitpicks. Many thanks!

Comment on lines +44 to +109
<revhistory xml:id="rh-klp">
<revision><date>2024-02-21</date>
<revdescription>
<itemizedlist>
<!-- Group by type of change (added/removed/changed)-->
<listitem>
<para>
Added sections:
</para>
<itemizedlist>
<!-- Reference, but don't link to tracker items-->
<!-- Follow https://en.opensuse.org/openSUSE:Packaging_Patches_guidelines#Current_set_of_abbreviations for tracker item references-->
<listitem>
<para>
New section on <quote>foo</quote> to resolve issue
<uri>bsc#12345</uri>
</para>
</listitem>
<!-- Name sections, but don't insert links -->
<listitem>
<para>
New section on <quote>foo bar</quote>
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
Removed sections:
</para>
<itemizedlist>
<listitem>
<para>
Removed section on <quote>foo1</quote> to resolve issue
<uri>bsc#12346</uri>
</para>
</listitem>
<listitem>
<para>
Removed section on <quote>foo1 bar</quote>
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
Changed sections:
</para>
<itemizedlist>
<listitem>
<para>
Changed section on <quote>foo2</quote> to resolve issue
<uri>bsc#12347</uri>
</para>
</listitem>
<listitem>
<para>
Changed section on <quote>foo2 bar</quote>
</para>
</listitem>
</itemizedlist>
</listitem>
</itemizedlist>
</revdescription>
</revision>
</revhistory>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
<revhistory xml:id="rh-klp">
<revision><date>2024-02-21</date>
<revdescription>
<itemizedlist>
<!-- Group by type of change (added/removed/changed)-->
<listitem>
<para>
Added sections:
</para>
<itemizedlist>
<!-- Reference, but don't link to tracker items-->
<!-- Follow https://en.opensuse.org/openSUSE:Packaging_Patches_guidelines#Current_set_of_abbreviations for tracker item references-->
<listitem>
<para>
New section on <quote>foo</quote> to resolve issue
<uri>bsc#12345</uri>
</para>
</listitem>
<!-- Name sections, but don't insert links -->
<listitem>
<para>
New section on <quote>foo bar</quote>
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
Removed sections:
</para>
<itemizedlist>
<listitem>
<para>
Removed section on <quote>foo1</quote> to resolve issue
<uri>bsc#12346</uri>
</para>
</listitem>
<listitem>
<para>
Removed section on <quote>foo1 bar</quote>
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
Changed sections:
</para>
<itemizedlist>
<listitem>
<para>
Changed section on <quote>foo2</quote> to resolve issue
<uri>bsc#12347</uri>
</para>
</listitem>
<listitem>
<para>
Changed section on <quote>foo2 bar</quote>
</para>
</listitem>
</itemizedlist>
</listitem>
</itemizedlist>
</revdescription>
</revision>
</revhistory>
<revhistory xml:id="rh-klp">
<revision><date>2024-11-27</date>
<revdescription>
<para>
Initial version
</para>
</revdescription>
</revision>
</revhistory>

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My suggestion is about adjusting the revhistory to the latest, simplified template (see https://github.com/openSUSE/doc-kit/blob/main/smart-doc/articles/assembly.asm.xml#L69 for reference)

</revhistory>
<!-- TODO: provide a listing of possible and validatable meta entry values. Maybe in our geekodoc repo? -->
<!-- add author's e-mail -->
<meta name="maintainer" content="" its:translate="no"/>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
<meta name="maintainer" content="" its:translate="no"/>
<meta name="maintainer" content="[email protected]" its:translate="no"/>

<!-- add author's e-mail -->
<meta name="maintainer" content="" its:translate="no"/>
<!-- ISO date of last update as YYYY-MM-DD -->
<meta name="updated" content="2037-11-16" its:translate="no"/>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
<meta name="updated" content="2037-11-16" its:translate="no"/>
<meta name="updated" content="2024-11-27" its:translate="no"/>

Comment on lines +144 to +150
<dm:bugtracker>
<dm:url>https://bugzilla.suse.com/enter_bug.cgi</dm:url>
<dm:component>Smart Docs</dm:component>
<dm:product>Documentation</dm:product>
<!-- provide your BUGZILLA e-mail address, otherwise this does not work correctly-->
<dm:assignee>[email protected]</dm:assignee>
</dm:bugtracker>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
<dm:bugtracker>
<dm:url>https://bugzilla.suse.com/enter_bug.cgi</dm:url>
<dm:component>Smart Docs</dm:component>
<dm:product>Documentation</dm:product>
<!-- provide your BUGZILLA e-mail address, otherwise this does not work correctly-->
<dm:assignee>[email protected]</dm:assignee>
</dm:bugtracker>
<dm:bugtracker>
<dm:url>https://bugzilla.suse.com/enter_bug.cgi</dm:url>
<dm:component>Documentation</dm:component>
<dm:product>SUSE Linux Enterprise Server 16.0</dm:product>
<dm:assignee>[email protected]</dm:assignee>
</dm:bugtracker>

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using the latest template for Bugzilla pointers (see https://github.com/openSUSE/doc-kit/blob/main/smart-doc/articles/assembly.asm.xml#L111 for reference)

Comment on lines +135 to +136
<meta name="productname" its:translate="no">
<!-- enter product name and version --><productname version="X.Y">&productname;</productname>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
<meta name="productname" its:translate="no">
<!-- enter product name and version --><productname version="X.Y">&productname;</productname>
<meta name="productname" its:translate="no">
<productname version="15 SP6">&sles;</productname>

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add missing metadata

</meta>
<meta name="title" its:translate="yes">&klp; on &slsa;</meta>
<meta name="description" its:translate="yes">&klp; on &slsa;</meta>
<meta name="social-descr" its:translate="yes">&klp; on &slsa;</meta>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
<meta name="social-descr" its:translate="yes">&klp; on &slsa;</meta>
<meta name="social-descr" its:translate="yes">Perform kernel live patching on &productnameshort;</meta>

Comment on lines +54 to +64
The scope of &slea; Live Patching includes fixes for SUSE Common
Vulnerability Scoring System (CVSS; SUSE CVSS is based on the CVSS v3.0
system) level 7+ vulnerabilities and bug fixes related to system
stability or data corruption. However, it may not be technically feasible
to create live patches for all fixes that fall under the specified
categories. &suse; therefore reserves the right to skip fixes in
situations where creating a kernel live patch is not possible for
technical reasons. Currently, over 95% of qualifying fixes are released
as live patches. For more information on CVSS (the base for the SUSE CVSS
rating), see <link xlink:href="https://www.first.org/cvss/">Common
Vulnerability Scoring System SIG</link>.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
The scope of &slea; Live Patching includes fixes for SUSE Common
Vulnerability Scoring System (CVSS; SUSE CVSS is based on the CVSS v3.0
system) level 7+ vulnerabilities and bug fixes related to system
stability or data corruption. However, it may not be technically feasible
to create live patches for all fixes that fall under the specified
categories. &suse; therefore reserves the right to skip fixes in
situations where creating a kernel live patch is not possible for
technical reasons. Currently, over 95% of qualifying fixes are released
as live patches. For more information on CVSS (the base for the SUSE CVSS
rating), see <link xlink:href="https://www.first.org/cvss/">Common
Vulnerability Scoring System SIG</link>.
The scope of &slea; Live Patching includes fixes for SUSE Common
Vulnerability Scoring System (CVSS) level 7+ vulnerabilities and bug fixes related to system
stability or data corruption. However, it may not be technically feasible
to create live patches for all fixes that fall under the specified
categories. &suse; therefore reserves the right to skip fixes in
situations where creating a kernel live patch is not possible for
technical reasons. Currently, over 95% of qualifying fixes are released
as live patches. SUSE CVSS is based on the CVSS v3.0
system. For more information on CVSS, see <link xlink:href="https://www.first.org/cvss/">Common
Vulnerability Scoring System SIG</link>.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suggested to move a part of the first sentences (content in parentheses) into a separate sentence at the end of the paragraph. That way it suits the link in the following sentence and makes the first sentence shorter and easier to grasp.

every addition of fixes. To determine the kernel patching status, use the
<command>klp -v patches</command> command.
</para>
<section xml:id="sec-kernel-patches-vs-updates">
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right now, "Live patches versus kernel updates" is a 'lone' section within section 2, which means there is section 2.1 but no 2.2 or 2.3. As the overall content of "Understanding kernel live patches" is brief, it does not make sense to subdivide the remaining content into more subsection. To avoid the lone section (see also https://documentation.suse.com/style/current/html/docu_styleguide/sec-structure.html#sec-outline-level) I would suggest to move the following content directly into the parent section and add a title to the figure below. This would help to avoid the lone section, while still highlighting the relationship/difference between live patches and kernel updates by adding a figure title.

Comment on lines +41 to +50
<informalfigure>
<mediaobject>
<imageobject role="fo">
<imagedata fileref="klp.png" width="100%"/>
</imageobject>
<imageobject role="html">
<imagedata fileref="klp.png" width="100%"/>
</imageobject>
</mediaobject>
</informalfigure>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
<informalfigure>
<mediaobject>
<imageobject role="fo">
<imagedata fileref="klp.png" width="100%"/>
</imageobject>
<imageobject role="html">
<imagedata fileref="klp.png" width="100%"/>
</imageobject>
</mediaobject>
</informalfigure>
<figure>
<title>Relationship between live patches and kernel updates</title>
<mediaobject>
<imageobject role="fo">
<imagedata fileref="klp.png" width="100%"/>
</imageobject>
<imageobject role="html">
<imagedata fileref="klp.png" width="100%"/>
</imageobject>
</mediaobject>
</figure>

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would turn the informalfigure into a <figure> and give it a title. This also makes it easier to see what the diagram is about when readers are just skimming the article.

xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:trans="http://docbook.org/ns/transclusion">
<info>
<title>Performing &klp;</title>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While this topic is categorized as 'task', the content of this topic is mixed. Some of the items below qualify as tasks, others are more of informational purpose. From my point of view, its content would fit well into other topics that already exist:

  • Maybe you could move the first three items (and the last one) into the 'Troubleshooting' section and turn them into separate subsections there?

  • I would move the content of the 4th listitem into the 'Understanding kernel live patches' section. It would fit well to the paragraphs where you talk about live patches vs. kernel versions.

Then you could remove this topic completely.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
WIP Work in progress. Do not merge!
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants