linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Petr Mladek <pmladek@suse.com>
To: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Miroslav Benes <mbenes@suse.cz>,
	jeyu@kernel.org, jikos@kernel.org, linux-kernel@vger.kernel.org,
	live-patching@vger.kernel.org, jbaron@akamai.com
Subject: Re: [PATCH 1/2] livepatch: Remove immediate feature
Date: Thu, 21 Dec 2017 14:30:04 +0100	[thread overview]
Message-ID: <20171221133004.lilrqfiu3btb74lj@pathway.suse.cz> (raw)
In-Reply-To: <20171220170937.2wow5fkxoza2cf6v@treble>

On Wed 2017-12-20 11:09:37, Josh Poimboeuf wrote:
> On Wed, Dec 20, 2017 at 03:35:12PM +0100, Petr Mladek wrote:
> > On Fri 2017-12-08 18:25:22, Miroslav Benes wrote:
> > > immediate flag has been used to disable per-task consistency and patch
> > > all tasks immediately. It could be useful if the patch doesn't change any
> > > function or data semantics.
> > > 
> > > However, it causes problems on its own. The consistency problem is
> > > currently broken with respect to immediate patches.
> > > 
> > > func            a
> > > patches         1i
> > >                 2i
> > >                 3
> > > 
> > > When the patch 3 is applied, only 2i function is checked (by stack
> > > checking facility). There might be a task sleeping in 1i though. Such
> > > task is migrated to 3, because we do not check 1i in
> > > klp_check_stack_func() at all.
> > > 
> > 
> > Sigh, the force feature actually have the same problem. We would use
> > it when a process never has a reliable stack or when it is endlessly
> > sleeping in a function that might have been patched immediately.
> > 
> > I see two possibilities. We could either refuse loading new
> > livepatches after using the force flag. Or we would need
> > to check all variants of the function "a" that might still
> > be in use.
> 
> "Using the force" is a nuclear option.  User beware.  If you use it (or
> recommend that others use it), be prepared for the consequences.  That
> means anticipating how forcing this patch might affect future patches,
> and planning accordingly.
> 
> >From a livepatch code standpoint, let's avoid adding complexity (or
> limitations) where none are needed.  I think all we need to do is
> permanently disable patch module unloading when somebody forces a patch,
> which we already do.  Otherwise the user is on their own.

This looks like a rather weak protection against nuclear diseases ;-)

If we want to keep it simple and safe, we should either print
a big fact warning about this danger when the option is used.
Or we should allow to load new patches only with yet another
force flag.

Anyway, I agree that we should keep it simple. The fact is
that the immediate flag removal makes the code better
readable.

Best Regards,
Petr

  reply	other threads:[~2017-12-21 13:30 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-12-08 17:25 [PATCH 0/2] Remove immediate feature Miroslav Benes
2017-12-08 17:25 ` [PATCH 1/2] livepatch: " Miroslav Benes
2017-12-20 14:35   ` Petr Mladek
2017-12-20 17:09     ` Josh Poimboeuf
2017-12-21 13:30       ` Petr Mladek [this message]
2017-12-21 13:55         ` Miroslav Benes
2017-12-21 14:58   ` Petr Mladek
2017-12-22 13:10     ` Miroslav Benes
2017-12-08 17:25 ` [PATCH 2/2] livepatch: Allow loading modules on architectures without HAVE_RELIABLE_STACKTRACE Miroslav Benes
2017-12-21 15:14   ` Petr Mladek
2017-12-22 13:12     ` Miroslav Benes

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20171221133004.lilrqfiu3btb74lj@pathway.suse.cz \
    --to=pmladek@suse.com \
    --cc=jbaron@akamai.com \
    --cc=jeyu@kernel.org \
    --cc=jikos@kernel.org \
    --cc=jpoimboe@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=live-patching@vger.kernel.org \
    --cc=mbenes@suse.cz \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).