Re: announcing LLpatch: arch-independent live-patch creation

From: "Madhavan T. Venkataraman" <madvenka@linux.microsoft.com>
To: Peter Swain <swine@pobox.com>, live-patching@vger.kernel.org
Subject: Re: announcing LLpatch: arch-independent live-patch creation
Date: Thu, 26 Aug 2021 21:01:23 -0500	[thread overview]
Message-ID: <d8cd311d-dc4c-e81d-286e-2ce4614ddc5e@linux.microsoft.com> (raw)
In-Reply-To: <CABFpvm2o+d0e-dfmCx7H6=8i3QQS_xyGFt4i3zn8G=Myr_miag@mail.gmail.com>

On 8/26/21 5:34 PM, Peter Swain wrote:
> We have a new userspace live-patch creation tool, LLpatch, paralleling
> kpatch-build, but without requiring its arch-specific code for ELF
> analysis and manipulation.
> 
> We considered extending kpatch-build to a new target architecture
> (arm64), cluttering its code with details of another architecture’s
> quirky instruction sequences & relocation modes, and suspected there
> might be a better way.
> 
> 
> The LLVM suite already knows these details, and offers llvm-diff, for
> comparing generated code at the LLVM-IR (internal representation)
> level, which has access to much more of the code’s _intent_ than
> kpatch’s create-diff-object is able to infer from ELF-level
> differences.
> 
> 
> Building on this, LLpatch adds namespace analysis, further
> dead/duplicate code elimination, and creation of patch modules
> compatible with kernel’s livepatch API.
> 
> Arm64 is supported - testing against a livepatch-capable v5.12 arm64
> kernel, using the preliminary reliable-stacktrace work from
> madvenka@linux.microsoft.com, LLpatch modules for x86 and arm64 behave
> identically to the x86 kpatch-build modules, without requiring any
> additional arch-specific code.
> 
> On x86, where both tools are available, LLpatch produces smaller patch
> modules than kpatch, and already correctly handles most of the kpatch
> test cases, without any arch-specific code. This suggests it can work
> with any clang-supported kernel architecture.
> 
> 
> Work is ongoing, collaboration is welcome.
> 
> 
> See https://github.com/google/LLpatch for further details on the
> technology and its benefits.
> 
> 
> Yonghyun Hwang (yonghyun@google.com freeaion@gmail.com)
> Bill Wendling (morbo@google.com isanbard@gmail.com)
> Pete Swain (swine@google.com swine@pobox.com)
> 

This is great.

I have implemented an alternative method in objtool to do stack
validation for livepatch purposes. I have successfully built a livepatch
kernel and tested it. I have run all the livepatch tests in the
linux kernel sources successfully.

But I needed kpatch (or something similar) to do more testing. From Josh,
I came to know that a port to ARM64 exists for kpatch. But I was not sure
how well ARM64 was supported.

Since your tool already works on ARM64, I could really use your tool for
my testing. I will study it and contact you with any questions I might
have or any help that I might need. If everything works, I can give
you a "Tested-by".

Thanks.

Madhavan