From: Petr Mladek <pmladek@suse.com>
To: Jiri Kosina <jikos@kernel.org>,
Josh Poimboeuf <jpoimboe@redhat.com>,
Miroslav Benes <mbenes@suse.cz>
Cc: Joe Lawrence <joe.lawrence@redhat.com>,
Kamalesh Babulal <kamalesh@linux.vnet.ibm.com>,
Nicolai Stange <nstange@suse.de>,
live-patching@vger.kernel.org, linux-kernel@vger.kernel.org,
Petr Mladek <pmladek@suse.com>
Subject: [POC 00/23] livepatch: Split livepatch module per-object
Date: Fri, 17 Jan 2020 16:03:00 +0100 [thread overview]
Message-ID: <20200117150323.21801-1-pmladek@suse.com> (raw)
Hi,
first, do not get scared by the size of the patchset. There are only
few patches that are really complicated and need attention at this
stage. I just wanted to split it as much as possible to review
and discuss each change separately.
Now to the problem. There are long term complains about maintainability
of the arch-specific code that is needed to livepatch modules that
are loaded after the livepatch itself.
There was always an idea about splitting the livepatch module
per-livepatched object. One interesting approach was drafted
on the last Livepatch microconference at Linux Plubmers 2019.
I played with the idea and came up with this POC. Of course,
there are pros and cons.
On the positive note:
+ The approach seems to work.
+ The same scenarios are supported. It is even newly possible to use
the livepatch-specific relocations and reload the livepatched module.
+ The livepatch-specific relocations are still needed but
they are handled together with other relocations. As
a result, the other code modifications work out of box,
e.g. alternatives, parainstructions.
+ Some problematic code could get removed (last 4 patches):
+ module_disable_ro()
+ arch_klp_init_object_loaded()
+ copy_module_elf()
+ The amount if livepatch-specific hooks in the module loader
is about the same. They are _not_ longer arch-specific. But
they are a bit tricky, see negatives below.
On the negative side:
+ It adds dependency on userspace tool "modprobe" called
via usermodhelper. It brings several new problems:
+ How to distinguish modprobe called by user or by kernel
when resolving races and errors.
+ How to pass the real error code to the usermodhelper caller.
+ Automatic dependencies are generated and handled in
the userspace. Might create unwanted cyclic load.
It requires crazy workarounds from the kernel side,
see the patch 19.
+ There is a new bunch of races that sometimes need a tricky
solution. For example, see the patches 8, 9, 15.
+ It might be slightly more complicated to prepare and use
the livepatches. There are more modules that need to built
and are visibly to the administrators. Also it complicates
sharing some common helper functionality.
From my point of view. The new code is much less arch-dependent
and more self-contained. Therefore it should be easier to maintain
in the long term.
On the other hand, it is more tricky regarding possible races and
infinite loops. They are not always easy to solve because of
"modprobe" called via userspace and because of more switches
between klp_mutex and module_mutex guarded code. Anyway, once
this is solved, it should just work for a long time as is.
All in all, I think that this approach is worth exploring.
I am curious about your opinion.
Best Regards,
Petr
PS: The patchset applies against Linus' master (v5.5-rc6).
Petr Mladek (23):
module: Allow to delete module also from inside kernel
livepatch: Split livepatch modules per livepatched object
livepatch: Better checks of struct klp_object definition
livepatch: Prevent loading livepatch sub-module unintentionally.
livepatch: Initialize and free livepatch submodule
livepatch: Enable the livepatch submodule
livepatch: Remove obsolete functionality from klp_module_coming()
livepatch: Automatically load livepatch module when the patch module
is loaded
livepatch: Handle race when livepatches are reloaded during a module
load
livepatch: Handle modprobe exit code
livepatch: Safely detect forced transition when removing split
livepatch modules
livepatch: Automatically remove livepatch module when the object is
freed
livepatch: Remove livepatch module when the livepatched module is
unloaded
livepatch: Never block livepatch modules when the related module is
being removed
livepatch: Prevent infinite loop when loading livepatch module
livepatch: Add patch into the global list early
livepatch: Load livepatches for modules when loading the main
livepatch
module: Refactor add_unformed_module()
module/livepatch: Allow to use exported symbols from livepatch module
for "vmlinux"
module/livepatch: Relocate local variables in the module loaded when
the livepatch is being loaded
livepatch: Remove obsolete arch_klp_init_object_loaded()
livepatch/module: Remove obsolete copy_module_elf()
module: Remove obsolete module_disable_ro()
Documentation/livepatch/module-elf-format.rst | 15 +-
arch/x86/kernel/Makefile | 1 -
arch/x86/kernel/livepatch.c | 53 --
include/linux/livepatch.h | 36 +-
include/linux/module.h | 10 +-
kernel/livepatch/core.c | 743 ++++++++++++++-------
kernel/livepatch/core.h | 5 -
kernel/livepatch/transition.c | 22 +-
kernel/module.c | 279 ++++----
lib/livepatch/Makefile | 2 +
lib/livepatch/test_klp_atomic_replace.c | 18 +-
lib/livepatch/test_klp_callbacks_demo.c | 90 ++-
lib/livepatch/test_klp_callbacks_demo.h | 11 +
lib/livepatch/test_klp_callbacks_demo2.c | 62 +-
lib/livepatch/test_klp_callbacks_demo2.h | 11 +
...t_klp_callbacks_demo__test_klp_callbacks_busy.c | 50 ++
...st_klp_callbacks_demo__test_klp_callbacks_mod.c | 42 ++
lib/livepatch/test_klp_livepatch.c | 18 +-
lib/livepatch/test_klp_state.c | 53 +-
lib/livepatch/test_klp_state2.c | 53 +-
samples/livepatch/Makefile | 4 +
samples/livepatch/livepatch-callbacks-demo.c | 90 ++-
samples/livepatch/livepatch-callbacks-demo.h | 11 +
...h-callbacks-demo__livepatch-callbacks-busymod.c | 54 ++
...patch-callbacks-demo__livepatch-callbacks-mod.c | 46 ++
samples/livepatch/livepatch-sample.c | 18 +-
samples/livepatch/livepatch-shadow-fix1.c | 120 +---
.../livepatch-shadow-fix1__livepatch-shadow-mod.c | 155 +++++
samples/livepatch/livepatch-shadow-fix2.c | 92 +--
.../livepatch-shadow-fix2__livepatch-shadow-mod.c | 127 ++++
.../testing/selftests/livepatch/test-callbacks.sh | 19 +-
31 files changed, 1424 insertions(+), 886 deletions(-)
delete mode 100644 arch/x86/kernel/livepatch.c
create mode 100644 lib/livepatch/test_klp_callbacks_demo.h
create mode 100644 lib/livepatch/test_klp_callbacks_demo2.h
create mode 100644 lib/livepatch/test_klp_callbacks_demo__test_klp_callbacks_busy.c
create mode 100644 lib/livepatch/test_klp_callbacks_demo__test_klp_callbacks_mod.c
create mode 100644 samples/livepatch/livepatch-callbacks-demo.h
create mode 100644 samples/livepatch/livepatch-callbacks-demo__livepatch-callbacks-busymod.c
create mode 100644 samples/livepatch/livepatch-callbacks-demo__livepatch-callbacks-mod.c
create mode 100644 samples/livepatch/livepatch-shadow-fix1__livepatch-shadow-mod.c
create mode 100644 samples/livepatch/livepatch-shadow-fix2__livepatch-shadow-mod.c
--
2.16.4
next reply other threads:[~2020-01-17 15:03 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-17 15:03 Petr Mladek [this message]
2020-01-17 15:03 ` [POC 01/23] module: Allow to delete module also from inside kernel Petr Mladek
2020-01-21 11:11 ` Julien Thierry
2020-01-17 15:03 ` [POC 02/23] livepatch: Split livepatch modules per livepatched object Petr Mladek
2020-01-21 11:11 ` Julien Thierry
2020-01-28 12:16 ` Petr Mladek
2020-01-17 15:03 ` [POC 03/23] livepatch: Better checks of struct klp_object definition Petr Mladek
2020-01-21 11:27 ` Julien Thierry
2020-01-17 15:03 ` [POC 04/23] livepatch: Prevent loading livepatch sub-module unintentionally Petr Mladek
2020-04-03 17:54 ` Joe Lawrence
2020-01-17 15:03 ` [POC 05/23] livepatch: Initialize and free livepatch submodule Petr Mladek
2020-01-21 11:58 ` Julien Thierry
2020-01-17 15:03 ` [POC 06/23] livepatch: Enable the " Petr Mladek
2020-01-17 15:03 ` [POC 07/23] livepatch: Remove obsolete functionality from klp_module_coming() Petr Mladek
2020-01-17 15:03 ` [POC 08/23] livepatch: Automatically load livepatch module when the patch module is loaded Petr Mladek
2020-01-17 15:03 ` [POC 09/23] livepatch: Handle race when livepatches are reloaded during a module load Petr Mladek
2020-01-22 18:51 ` Julien Thierry
2020-01-17 15:03 ` [POC 10/23] livepatch: Handle modprobe exit code Petr Mladek
2020-01-17 15:03 ` [POC 11/23] livepatch: Safely detect forced transition when removing split livepatch modules Petr Mladek
2020-01-22 10:15 ` Julien Thierry
2020-01-17 15:03 ` [POC 12/23] livepatch: Automatically remove livepatch module when the object is freed Petr Mladek
2020-01-17 15:03 ` [POC 13/23] livepatch: Remove livepatch module when the livepatched module is unloaded Petr Mladek
2020-01-17 15:03 ` [POC 14/23] livepatch: Never block livepatch modules when the related module is being removed Petr Mladek
2020-01-17 15:03 ` [POC 15/23] livepatch: Prevent infinite loop when loading livepatch module Petr Mladek
2020-01-17 15:03 ` [POC 16/23] livepatch: Add patch into the global list early Petr Mladek
2020-01-17 15:03 ` [POC 17/23] livepatch: Load livepatches for modules when loading the main livepatch Petr Mladek
2020-01-17 15:03 ` [POC 18/23] module: Refactor add_unformed_module() Petr Mladek
2020-01-17 15:03 ` [POC 19/23] module/livepatch: Allow to use exported symbols from livepatch module for "vmlinux" Petr Mladek
2020-04-06 18:48 ` Joe Lawrence
2020-04-07 7:33 ` Miroslav Benes
2020-04-07 20:57 ` Joe Lawrence
2020-01-17 15:03 ` [POC 20/23] module/livepatch: Relocate local variables in the module loaded when the livepatch is being loaded Petr Mladek
2020-01-18 10:29 ` kbuild test robot
2020-04-03 18:00 ` Joe Lawrence
2020-01-17 15:03 ` [POC 21/23] livepatch: Remove obsolete arch_klp_init_object_loaded() Petr Mladek
2020-01-17 15:03 ` [POC 22/23] livepatch/module: Remove obsolete copy_module_elf() Petr Mladek
2020-04-03 18:03 ` Joe Lawrence
2020-01-17 15:03 ` [POC 23/23] module: Remove obsolete module_disable_ro() Petr Mladek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200117150323.21801-1-pmladek@suse.com \
--to=pmladek@suse.com \
--cc=jikos@kernel.org \
--cc=joe.lawrence@redhat.com \
--cc=jpoimboe@redhat.com \
--cc=kamalesh@linux.vnet.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=live-patching@vger.kernel.org \
--cc=mbenes@suse.cz \
--cc=nstange@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).