From: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
To: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Ingo Molnar <mingo@kernel.org>, David Lang <david@lang.hm>,
Frederic Weisbecker <fweisbec@gmail.com>,
Seth Jennings <sjenning@redhat.com>,
Steven Rostedt <rostedt@goodmis.org>,
Ingo Molnar <mingo@redhat.com>, Jiri Slaby <jslaby@suse.cz>,
linux-kernel@vger.kernel.org,
Peter Zijlstra <a.p.zijlstra@chello.nl>,
Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Thomas Gleixner <tglx@linutronix.de>
Subject: Re: Re: [RFC PATCH 0/2] kpatch: dynamic kernel patching
Date: Fri, 09 May 2014 15:21:35 +0900 [thread overview]
Message-ID: <536C73EF.7010907@hitachi.com> (raw)
In-Reply-To: <20140508124816.GA23565@treble.redhat.com>
(2014/05/08 21:48), Josh Poimboeuf wrote:
>> No, I was not demanding that at all, my suggestion was:
>>
>> > My claim is that if a patch is correct/safe in the old fashioned
>> > way, then a fundamental principle is that a live patching
>> > subsystem must either safely apply, or safely reject the live
>> > patching attempt, independently from any user input.
>>
>> Note the 'if'. It could start simple and stupid, and only allow cases
>> where we know the patch must be trivially safe (because it does not do
>> much in terms of disturbing globally visible state). That needs some
>> tooling help, but apparently tooling help is in place already.
>>
>> And then we can complicate it from there - but have a reasonably
>> robust starting point that we _know_ works (as long as the
>> implementation is correct).
>
> I really wonder if detecting a "trivially safe" patch is even possible.
>
> Where do you draw the line with the following patches?
>
> - add a call to another function which modifies global data
This depends on what global data and how. For example, the global data
is used only from the replaced functions, it's a kind of local data.
And also, the global data modification is as designed (e.g. acquiring/
releasing a spinlock), that is also safe.
I think, the bad case is modifying shared global data to new state which
unexpected by other data holders.
> - add an early return or a goto which changes the way the function
> modifies (or no longer modifies) global data
Ditto, if it is unexpected at other parts, that will be unacceptable.
> - touch a local stack variable which results in global data being
> modified later in the function
>
> - return a different value which causes the function's caller to modify
> data
I think if the local variable or return value change is correctly handled
by the caller (as expected), that is good too.
Thank you,
--
Masami HIRAMATSU
Software Platform Research Dept. Linux Technology Research Center
Hitachi, Ltd., Yokohama Research Laboratory
E-mail: masami.hiramatsu.pt@hitachi.com
next prev parent reply other threads:[~2014-05-09 6:21 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-01 15:52 [RFC PATCH 0/2] kpatch: dynamic kernel patching Josh Poimboeuf
2014-05-01 15:52 ` [RFC PATCH 1/2] kpatch: add TAINT_KPATCH flag Josh Poimboeuf
2014-05-01 15:52 ` [RFC PATCH 2/2] kpatch: add kpatch core module Josh Poimboeuf
2014-05-01 20:45 ` [RFC PATCH 0/2] kpatch: dynamic kernel patching Andi Kleen
2014-05-01 21:01 ` Josh Poimboeuf
2014-05-01 21:06 ` Andi Kleen
2014-05-01 21:27 ` Josh Poimboeuf
2014-05-01 21:39 ` Josh Poimboeuf
2014-05-02 1:30 ` Masami Hiramatsu
2014-05-02 8:37 ` Jiri Kosina
2014-05-02 13:29 ` Josh Poimboeuf
2014-05-02 13:10 ` Jiri Kosina
2014-05-02 13:37 ` Josh Poimboeuf
2014-05-05 23:34 ` David Lang
2014-05-05 23:52 ` Jiri Kosina
2014-05-06 1:59 ` David Lang
2014-05-06 12:17 ` Josh Poimboeuf
2014-05-06 7:32 ` Ingo Molnar
2014-05-06 8:03 ` Jiri Kosina
2014-05-06 12:23 ` Josh Poimboeuf
2014-05-07 12:19 ` Ingo Molnar
2014-05-09 1:46 ` David Lang
2014-05-09 2:45 ` Steven Rostedt
2014-05-09 4:07 ` Masami Hiramatsu
2014-05-05 8:55 ` Ingo Molnar
2014-05-05 13:26 ` Josh Poimboeuf
2014-05-05 14:10 ` Frederic Weisbecker
2014-05-05 18:43 ` Ingo Molnar
2014-05-05 21:49 ` Frederic Weisbecker
2014-05-06 12:12 ` Josh Poimboeuf
2014-05-06 12:33 ` Steven Rostedt
2014-05-06 22:49 ` Masami Hiramatsu
2014-05-06 14:05 ` Frederic Weisbecker
2014-05-06 14:50 ` Josh Poimboeuf
2014-05-07 12:24 ` Ingo Molnar
2014-05-07 15:41 ` Josh Poimboeuf
2014-05-07 15:57 ` Ingo Molnar
2014-05-07 16:43 ` Josh Poimboeuf
2014-05-07 22:56 ` David Lang
2014-05-08 6:12 ` Ingo Molnar
2014-05-08 6:50 ` David Lang
2014-05-08 7:08 ` Ingo Molnar
2014-05-08 7:29 ` Masami Hiramatsu
2014-05-08 12:48 ` Josh Poimboeuf
2014-05-09 6:21 ` Masami Hiramatsu [this message]
2014-06-14 20:31 ` Pavel Machek
2014-06-15 6:57 ` Ingo Molnar
2014-05-06 11:45 ` Masami Hiramatsu
2014-05-06 12:26 ` Steven Rostedt
2014-05-06 22:33 ` Masami Hiramatsu
2014-05-16 16:27 ` Jiri Kosina
2014-05-16 17:14 ` Josh Poimboeuf
2014-05-20 9:37 ` Jiri Kosina
2014-05-20 12:59 ` Josh Poimboeuf
2014-05-16 18:09 ` Masami Hiramatsu
2014-05-17 22:46 ` Vojtech Pavlik
2014-05-16 18:55 ` Steven Rostedt
2014-05-16 22:32 ` Jiri Kosina
2014-05-17 0:27 ` Steven Rostedt
2014-05-17 7:10 ` Jiri Kosina
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=536C73EF.7010907@hitachi.com \
--to=masami.hiramatsu.pt@hitachi.com \
--cc=a.p.zijlstra@chello.nl \
--cc=akpm@linux-foundation.org \
--cc=david@lang.hm \
--cc=fweisbec@gmail.com \
--cc=jpoimboe@redhat.com \
--cc=jslaby@suse.cz \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=mingo@redhat.com \
--cc=rostedt@goodmis.org \
--cc=sjenning@redhat.com \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).