All of lore.kernel.org
 help / color / mirror / Atom feed
From: Joe Lawrence <joe.lawrence@redhat.com>
To: Petr Mladek <pmladek@suse.com>,
	Evgenii Shatokhin <eshatokhin@virtuozzo.com>
Cc: Jason Baron <jbaron@akamai.com>,
	linux-kernel@vger.kernel.org, live-patching@vger.kernel.org,
	jpoimboe@redhat.com, jeyu@kernel.org, jikos@kernel.org,
	mbenes@suse.cz
Subject: Re: [PATCH v5 0/3] livepatch: introduce atomic replace
Date: Wed, 31 Jan 2018 17:09:21 -0500	[thread overview]
Message-ID: <d7ea0dc8-bfde-c6f4-0e05-6c97184018c4@redhat.com> (raw)
In-Reply-To: <20180130140303.6xmjgnbdemovzif5@pathway.suse.cz>

On 01/30/2018 09:03 AM, Petr Mladek wrote:
> On Fri 2018-01-26 14:29:36, Evgenii Shatokhin wrote:
>>
>> In my experience, it was quite convenient sometimes to just "replace all
>> binary patches the user currently has loaded with this single one". No
>> matter what these original binary patches did and where they came from.
> 
> To be honest, I would feel better if the livepatch framework is
> more safe. It should prevent breaking the system by a patch
> that atomically replaces other random patches that rely on callbacks.
> 
> Well, combining random livepatches from random vendors is a call
> for troubles. It might easily fail when two patches add
> different changes to the same function.
> 
> I wonder if we should introduce some tags, keys, vendors. I mean
> to define an identification or dependencies that would say that some
> patches are compatible or incompatible.
> 
> We could allow to livepatch one function by two livepatches
> only if they are from the same vendor. But then the order still
> might be important. Also I am not sure if this condition is safe
> enough.
> 
> One the other hand, we could handle callbacks like the shadow
> variables. Every shadow variable has an ID. We have an API to
> add/read/update/remove them. We might allow to have more
> callbacks with different IDs. Then we could run callbacks
> only for IDs that are newly added or removed. Sigh, this would
> be very complex implementation as well. But it might make
> these features easier to use and maintain.

Interesting ideas, but I wonder if this could be accomplished at the
livepatch module level?  ie, leave it to kpatch-build (or a livepatch
equivalent) to produce a module that does this automatically.  I guess
it would then be completely opt-in checking, but transfers the
complexity out of the kernel livepatching core.

I don't see a simple way to provide flexibility of when/if calling
redundant callbacks without making the code even more complicated.  I
don't have any use-cases off hand that would require such features, but
I guess if I did absolutely needed them, I might be inclined to say
prepare ahead of time and write callbacks so that they may be disabled
externally -- either by a new livepatch module's init() or some other
means.  Then whatever crazy policy I need is contained to my modules,
not provided or enforced by the kernel.

-- Joe

  parent reply	other threads:[~2018-01-31 22:09 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-01-12 19:55 [PATCH v5 0/3] livepatch: introduce atomic replace Jason Baron
2018-01-12 19:55 ` [PATCH v5 1/3] livepatch: use lists to manage patches, objects and functions Jason Baron
2018-01-12 19:55 ` [PATCH v5 2/3] livepatch: shuffle core.c function order Jason Baron
2018-01-12 19:55 ` [PATCH v5 3/3] livepatch: add atomic replace Jason Baron
2018-01-19 15:58 ` [PATCH v5 0/3] livepatch: introduce " Petr Mladek
2018-01-19 19:20 ` Evgenii Shatokhin
2018-01-19 21:10   ` Jason Baron
2018-01-26 10:23     ` Petr Mladek
2018-01-26 11:29       ` Evgenii Shatokhin
2018-01-30 14:03         ` Petr Mladek
2018-01-30 15:06           ` Evgenii Shatokhin
2018-01-30 18:19             ` Jason Baron
2018-01-30 19:24               ` Joe Lawrence
2018-01-30 22:11                 ` Jason Baron
2018-01-31  9:14                 ` Evgenii Shatokhin
2018-01-31 22:09           ` Joe Lawrence [this message]
2018-02-01 13:42             ` Petr Mladek
2018-01-31 14:35       ` Miroslav Benes
2018-01-31 22:08       ` Josh Poimboeuf

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=d7ea0dc8-bfde-c6f4-0e05-6c97184018c4@redhat.com \
    --to=joe.lawrence@redhat.com \
    --cc=eshatokhin@virtuozzo.com \
    --cc=jbaron@akamai.com \
    --cc=jeyu@kernel.org \
    --cc=jikos@kernel.org \
    --cc=jpoimboe@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=live-patching@vger.kernel.org \
    --cc=mbenes@suse.cz \
    --cc=pmladek@suse.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.