Live-Patching Archive on
 help / color / Atom feed
From: Josh Poimboeuf <>
To: Miroslav Benes <>
Subject: Re: [RFC PATCH v2 1/3] livepatch: Clear relocation targets on a module removal
Date: Wed, 2 Oct 2019 13:18:17 -0500
Message-ID: <20191002181817.xpiqiisg5ybtwhru@treble> (raw)
In-Reply-To: <>

On Thu, Sep 05, 2019 at 02:45:12PM +0200, Miroslav Benes wrote:
> Josh reported a bug:
>   When the object to be patched is a module, and that module is
>   rmmod'ed and reloaded, it fails to load with:
>   module: x86/modules: Skipping invalid relocation target, existing value is nonzero for type 2, loc 00000000ba0302e9, val ffffffffa03e293c
>   livepatch: failed to initialize patch 'livepatch_nfsd' for module 'nfsd' (-8)
>   livepatch: patch 'livepatch_nfsd' failed for module 'nfsd', refusing to load module 'nfsd'
>   The livepatch module has a relocation which references a symbol
>   in the _previous_ loading of nfsd. When apply_relocate_add()
>   tries to replace the old relocation with a new one, it sees that
>   the previous one is nonzero and it errors out.
>   On ppc64le, we have a similar issue:
>   module_64: livepatch_nfsd: Expected nop after call, got e8410018 at e_show+0x60/0x548 [livepatch_nfsd]
>   livepatch: failed to initialize patch 'livepatch_nfsd' for module 'nfsd' (-8)
>   livepatch: patch 'livepatch_nfsd' failed for module 'nfsd', refusing to load module 'nfsd'
> He also proposed three different solutions. We could remove the error
> check in apply_relocate_add() introduced by commit eda9cec4c9a1
> ("x86/module: Detect and skip invalid relocations"). However the check
> is useful for detecting corrupted modules.
> We could also deny the patched modules to be removed. If it proved to be
> a major drawback for users, we could still implement a different
> approach. The solution would also complicate the existing code a lot.
> We thus decided to reverse the relocation patching (clear all relocation
> targets on x86_64, or return back nops on powerpc). The solution is not
> universal and is too much arch-specific, but it may prove to be simpler
> in the end.
> Reported-by: Josh Poimboeuf <>
> Signed-off-by: Miroslav Benes <>

Since we decided to fix late module patching at LPC, the commit message
and clear_relocate_add() should both probably clarify that these
functions are hacks which are relatively temporary, until we fix the
root cause.

But this patch gives me a bad feeling :-/  Not that I have a better

Has anybody seen this problem in the real world?  If not, maybe we'd be
better off just pretending the problem doesn't exist for now.


  parent reply index

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-09-05 12:45 [RFC PATCH v2 0/3] " Miroslav Benes
2019-09-05 12:45 ` [RFC PATCH v2 1/3] " Miroslav Benes
2019-10-02 13:22   ` Petr Mladek
2019-10-03  8:55     ` Miroslav Benes
2019-10-02 18:18   ` Josh Poimboeuf [this message]
2019-10-03  9:17     ` Miroslav Benes
2019-09-05 12:45 ` [RFC PATCH v2 2/3] livepatch: Unify functions for writing and clearing object relocations Miroslav Benes
2019-10-02 13:35   ` Petr Mladek
2019-09-05 12:45 ` [RFC PATCH v2 3/3] livepatch: Clean up klp_update_object_relocations() return paths Miroslav Benes
2019-10-02 13:46   ` Petr Mladek
2019-10-03  9:08     ` Miroslav Benes
2019-10-01 12:30 ` [RFC PATCH v2 0/3] livepatch: Clear relocation targets on a module removal Miroslav Benes

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20191002181817.xpiqiisg5ybtwhru@treble \ \ \ \ \ \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Live-Patching Archive on

Archives are clonable:
	git clone --mirror live-patching/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 live-patching live-patching/ \
	public-inbox-index live-patching

Example config snippet for mirrors

Newsgroup available over NNTP:

AGPL code for this site: git clone