Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755635AbbBLMwZ (ORCPT ); Thu, 12 Feb 2015 07:52:25 -0500 Received: from mx1.redhat.com ([209.132.183.28]:42454 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755459AbbBLMwY (ORCPT ); Thu, 12 Feb 2015 07:52:24 -0500 Date: Thu, 12 Feb 2015 06:51:49 -0600 From: Josh Poimboeuf To: Peter Zijlstra Cc: Ingo Molnar , Masami Hiramatsu , live-patching@vger.kernel.org, linux-kernel@vger.kernel.org, Seth Jennings , Jiri Kosina , Vojtech Pavlik Subject: Re: [RFC PATCH 6/9] livepatch: create per-task consistency model Message-ID: <20150212125149.GB18578@treble.redhat.com> References: <2c3d1e685dae5cccc2dfdb1b24c241b2f1c89348.1423499826.git.jpoimboe@redhat.com> <20150212032121.GA18578@treble.redhat.com> <20150212115628.GL2896@worktop.programming.kicks-ass.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20150212115628.GL2896@worktop.programming.kicks-ass.net> User-Agent: Mutt/1.5.23.1-rc1 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2496 Lines: 60 On Thu, Feb 12, 2015 at 12:56:28PM +0100, Peter Zijlstra wrote: > On Wed, Feb 11, 2015 at 09:21:21PM -0600, Josh Poimboeuf wrote: > > Ingo, Peter, > > > > Would you have any objections to making task_rq_lock/unlock() non-static > > (or moving them to kernel/sched/sched.h) so they can be called by the > > livepatch code? > > Basically yes. I really don't want to expose that. And > kernel/sched/sched.h is very much not intended for use outside of > kernel/sched/ so even that is a no go. > > > To provide some background, I'm looking for a way to temporarily prevent > > a sleeping task from running while its stack is examined, to decide > > whether it can be safely switched to the new patching "universe". For > > more details see klp_transition_task() in the patch below. > > > > Using task_rq_lock() is the most straightforward way I could find to > > achieve that. > > Its not at all clear how all this would work to me. And I'm not > motivated enough to go try and reverse engineer your patch; The short answer is: I need a way to ensure that a task isn't sleeping on any of the functions we're trying to patch. If it's not, then I can switch the task over to start using new versions of functions. Obviously, there are many more details than that. If you have specific questions I can try to answer them. > IMO livepatching is utter fail. > > If your infrastructure relies on the uptime of a single machine you've > lost already. It's not always about uptime. IMO it's usually more about decoupling your reboot schedule from your distro's kernel release schedule. Most users want to plan in advance when they're going to reboot, rather than being at the mercy of when CVEs and kernel fixes are released. Rebooting is costly and risky, even (or often especially) for large systems for which you have to stagger the reboots. You want to do it at a time when you're ready for something bad to happen, without having to also worry about security in the mean time while you're waiting for your reboot window. > FWIW, the barriers in klp_update_task_universe() and > klp_set_universe_goal() look like complete crack, and their comments are > seriously deficient. Ok, I'll try to improve the comments for the barriers. -- Josh -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/