All of lore.kernel.org
 help / color / mirror / Atom feed
From: Josh Poimboeuf <jpoimboe@redhat.com>
To: Jiri Kosina <jikos@kernel.org>
Cc: Miroslav Benes <mbenes@suse.cz>, Jason Baron <jbaron@akamai.com>,
	linux-kernel@vger.kernel.org, live-patching@vger.kernel.org,
	jeyu@kernel.org, pmladek@suse.com
Subject: Re: [PATCH v3 2/2] livepatch: add atomic replace
Date: Wed, 18 Oct 2017 11:14:09 -0500	[thread overview]
Message-ID: <20171018161409.b46tuwtk4kvd6thm@treble> (raw)
In-Reply-To: <nycvar.YFH.7.76.1710181535110.9294@jbgna.fhfr.qr>

On Wed, Oct 18, 2017 at 03:36:42PM +0200, Jiri Kosina wrote:
> On Wed, 18 Oct 2017, Miroslav Benes wrote:
> 
> > 3. Drop immediate. It causes problems only and its advantages on x86_64 
> > are theoretical. You would still need to solve the interaction with atomic 
> > replace on other architecture with immediate preserved, but that may be 
> > easier. Or we can be aggressive and drop immediate completely. The force 
> > transition I proposed earlier could achieve the same.
> 
> After brief off-thread discussion, I've been thinking about this a bit 
> more and I also think that we should claim immediate "an experiment that 
> failed", especially as the force functionality (which provides equal 
> functionality from the userspace POV) will likely be there sonnish.

Agreed.

To clarify, we'll need the force patch before removing
klp_patch.immediate, so we don't break non-x86 arches in the meantime.

On the other hand I think we could remove klp_func.immediate
immediately.


While we're on the subject of removing code... :-)


I've mentioned this several times before, but the more features we add,
the more obvious this point becomes: if we could figure out how to get
rid of the "patching unloaded modules" feature, the code would be so
much better, and I'd actually be able to fit the code in my brain.  Then
we could get rid of all these sneaky bugs that Miroslav and Petr keep
finding, and I wouldn't get an uneasy feeling everytime somebody posts a
new feature.

Here's one vague idea for how to achieve that.  More ideas welcome.

1) Make the consistency model synchronous with respect to modules: don't
   allow any modules to load or unload until the patch transition is
   complete.

2) Instead of one big uber patch module which patches vmlinux and
   modules at the same time, make each patch module specific to a single
   object.  Then bundle the patch modules together somehow into a "patch
   bundle" so they're treated as a single atomic unit.

3) The patch bundle, when loaded, would load some of its patch modules
   immediately (for those objects which are already loaded).  For
   unloaded objects, the corresponding patch modules will be copied into
   memory but not loaded.

4) Then, when a to-be-patched module is loaded, the module loader loads
   it into memory and relocates it, but doesn't make it live.  Then it
   loads the patch module from the memory blob, makes the patch module
   live, and then makes the to-be-patched module live.

(A variation would be to create a way for user space to load a module in
the paused state.  Then user space can handle the dependencies and do
the patch juggling.  I think that would mean depmod/modprobe would need
to be involved.)

It could be a terrible idea, though it might be worth looking into.

-- 
Josh

  reply	other threads:[~2017-10-18 16:14 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-09-28  3:41 [PATCH v3 0/2] livepatch: introduce atomic replace Jason Baron
2017-09-28  3:41 ` [PATCH v3 1/2] livepatch: Add dynamic klp_object and klp_func iterators Jason Baron
2017-10-06 21:22   ` Josh Poimboeuf
2017-10-10 15:15     ` Jason Baron
2017-10-11  2:51       ` Josh Poimboeuf
2017-10-16 14:47         ` Miroslav Benes
2017-09-28  3:41 ` [PATCH v3 2/2] livepatch: add atomic replace Jason Baron
2017-10-06 22:32   ` Josh Poimboeuf
2017-10-10 17:27     ` Jason Baron
2017-10-17  9:02       ` Miroslav Benes
2017-10-17 13:50         ` Miroslav Benes
2017-10-18  3:33           ` Jason Baron
2017-10-18  9:10             ` Miroslav Benes
2017-10-18 11:05               ` Josh Poimboeuf
2017-10-18 11:29                 ` Miroslav Benes
2017-10-18 11:25               ` Petr Mladek
2017-10-19 21:44                 ` Jason Baron
2017-10-20  7:44                   ` Petr Mladek
2017-10-20  8:59                 ` Miroslav Benes
2017-10-18 13:36               ` Jiri Kosina
2017-10-18 16:14                 ` Josh Poimboeuf [this message]
2017-10-19  8:30                   ` Miroslav Benes
2017-10-19 10:57                     ` Josh Poimboeuf
2017-10-19 21:52               ` Jason Baron
2017-10-20  9:03                 ` Miroslav Benes
2017-10-17 14:27         ` Petr Mladek
2017-10-10 17:19 ` [PATCH v3.1 2/3] livepatch: shuffle core.c function order Jason Baron
2017-10-10 17:19 ` [PATCH v3.1 3/3] livepatch: add atomic replace Jason Baron

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20171018161409.b46tuwtk4kvd6thm@treble \
    --to=jpoimboe@redhat.com \
    --cc=jbaron@akamai.com \
    --cc=jeyu@kernel.org \
    --cc=jikos@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=live-patching@vger.kernel.org \
    --cc=mbenes@suse.cz \
    --cc=pmladek@suse.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.