linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
To: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Ingo Molnar <mingo@kernel.org>, David Lang <david@lang.hm>,
	Frederic Weisbecker <fweisbec@gmail.com>,
	Seth Jennings <sjenning@redhat.com>,
	Steven Rostedt <rostedt@goodmis.org>,
	Ingo Molnar <mingo@redhat.com>, Jiri Slaby <jslaby@suse.cz>,
	linux-kernel@vger.kernel.org,
	Peter Zijlstra <a.p.zijlstra@chello.nl>,
	Andrew Morton <akpm@linux-foundation.org>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Thomas Gleixner <tglx@linutronix.de>
Subject: Re: Re: [RFC PATCH 0/2] kpatch: dynamic kernel patching
Date: Fri, 09 May 2014 15:21:35 +0900	[thread overview]
Message-ID: <536C73EF.7010907@hitachi.com> (raw)
In-Reply-To: <20140508124816.GA23565@treble.redhat.com>

(2014/05/08 21:48), Josh Poimboeuf wrote:
>> No, I was not demanding that at all, my suggestion was:
>>
>>    > My claim is that if a patch is correct/safe in the old fashioned 
>>    > way, then a fundamental principle is that a live patching 
>>    > subsystem must either safely apply, or safely reject the live 
>>    > patching attempt, independently from any user input.
>>
>> Note the 'if'. It could start simple and stupid, and only allow cases 
>> where we know the patch must be trivially safe (because it does not do 
>> much in terms of disturbing globally visible state). That needs some 
>> tooling help, but apparently tooling help is in place already.
>>
>> And then we can complicate it from there - but have a reasonably 
>> robust starting point that we _know_ works (as long as the 
>> implementation is correct).
> 
> I really wonder if detecting a "trivially safe" patch is even possible.
> 
> Where do you draw the line with the following patches?
> 
> - add a call to another function which modifies global data

This depends on what global data and how. For example, the global data
is used only from the replaced functions, it's a kind of local data.
And also, the global data modification is as designed (e.g. acquiring/
releasing a spinlock), that is also safe.

I think, the bad case is modifying shared global data to new state which
unexpected by other data holders.

> - add an early return or a goto which changes the way the function
>   modifies (or no longer modifies) global data

Ditto, if it is unexpected at other parts, that will be unacceptable.

> - touch a local stack variable which results in global data being
>   modified later in the function
> 
> - return a different value which causes the function's caller to modify
>   data

I think if the local variable or return value change is correctly handled
by the caller (as expected), that is good too.

Thank you,

-- 
Masami HIRAMATSU
Software Platform Research Dept. Linux Technology Research Center
Hitachi, Ltd., Yokohama Research Laboratory
E-mail: masami.hiramatsu.pt@hitachi.com



  reply	other threads:[~2014-05-09  6:21 UTC|newest]

Thread overview: 60+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-05-01 15:52 [RFC PATCH 0/2] kpatch: dynamic kernel patching Josh Poimboeuf
2014-05-01 15:52 ` [RFC PATCH 1/2] kpatch: add TAINT_KPATCH flag Josh Poimboeuf
2014-05-01 15:52 ` [RFC PATCH 2/2] kpatch: add kpatch core module Josh Poimboeuf
2014-05-01 20:45 ` [RFC PATCH 0/2] kpatch: dynamic kernel patching Andi Kleen
2014-05-01 21:01   ` Josh Poimboeuf
2014-05-01 21:06     ` Andi Kleen
2014-05-01 21:27       ` Josh Poimboeuf
2014-05-01 21:39         ` Josh Poimboeuf
2014-05-02  1:30       ` Masami Hiramatsu
2014-05-02  8:37 ` Jiri Kosina
2014-05-02 13:29   ` Josh Poimboeuf
2014-05-02 13:10 ` Jiri Kosina
2014-05-02 13:37   ` Josh Poimboeuf
2014-05-05 23:34   ` David Lang
2014-05-05 23:52     ` Jiri Kosina
2014-05-06  1:59       ` David Lang
2014-05-06 12:17         ` Josh Poimboeuf
2014-05-06  7:32       ` Ingo Molnar
2014-05-06  8:03         ` Jiri Kosina
2014-05-06 12:23         ` Josh Poimboeuf
2014-05-07 12:19           ` Ingo Molnar
2014-05-09  1:46             ` David Lang
2014-05-09  2:45               ` Steven Rostedt
2014-05-09  4:07               ` Masami Hiramatsu
2014-05-05  8:55 ` Ingo Molnar
2014-05-05 13:26   ` Josh Poimboeuf
2014-05-05 14:10     ` Frederic Weisbecker
2014-05-05 18:43       ` Ingo Molnar
2014-05-05 21:49         ` Frederic Weisbecker
2014-05-06 12:12           ` Josh Poimboeuf
2014-05-06 12:33             ` Steven Rostedt
2014-05-06 22:49               ` Masami Hiramatsu
2014-05-06 14:05             ` Frederic Weisbecker
2014-05-06 14:50               ` Josh Poimboeuf
2014-05-07 12:24                 ` Ingo Molnar
2014-05-07 15:41                   ` Josh Poimboeuf
2014-05-07 15:57                     ` Ingo Molnar
2014-05-07 16:43                       ` Josh Poimboeuf
2014-05-07 22:56                       ` David Lang
2014-05-08  6:12                         ` Ingo Molnar
2014-05-08  6:50                           ` David Lang
2014-05-08  7:08                             ` Ingo Molnar
2014-05-08  7:29                               ` Masami Hiramatsu
2014-05-08 12:48                               ` Josh Poimboeuf
2014-05-09  6:21                                 ` Masami Hiramatsu [this message]
2014-06-14 20:31                               ` Pavel Machek
2014-06-15  6:57                                 ` Ingo Molnar
2014-05-06 11:45         ` Masami Hiramatsu
2014-05-06 12:26           ` Steven Rostedt
2014-05-06 22:33             ` Masami Hiramatsu
2014-05-16 16:27             ` Jiri Kosina
2014-05-16 17:14               ` Josh Poimboeuf
2014-05-20  9:37                 ` Jiri Kosina
2014-05-20 12:59                   ` Josh Poimboeuf
2014-05-16 18:09               ` Masami Hiramatsu
2014-05-17 22:46                 ` Vojtech Pavlik
2014-05-16 18:55               ` Steven Rostedt
2014-05-16 22:32                 ` Jiri Kosina
2014-05-17  0:27                   ` Steven Rostedt
2014-05-17  7:10                     ` Jiri Kosina

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=536C73EF.7010907@hitachi.com \
    --to=masami.hiramatsu.pt@hitachi.com \
    --cc=a.p.zijlstra@chello.nl \
    --cc=akpm@linux-foundation.org \
    --cc=david@lang.hm \
    --cc=fweisbec@gmail.com \
    --cc=jpoimboe@redhat.com \
    --cc=jslaby@suse.cz \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@kernel.org \
    --cc=mingo@redhat.com \
    --cc=rostedt@goodmis.org \
    --cc=sjenning@redhat.com \
    --cc=tglx@linutronix.de \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).