Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752186AbbBWISD (ORCPT ); Mon, 23 Feb 2015 03:18:03 -0500 Received: from cantor2.suse.de ([195.135.220.15]:58000 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750818AbbBWISB (ORCPT ); Mon, 23 Feb 2015 03:18:01 -0500 Date: Mon, 23 Feb 2015 09:17:57 +0100 (CET) From: Jiri Kosina To: Arjan van de Ven cc: Dave Airlie , Andrew Morton , Ingo Molnar , Vojtech Pavlik , Josh Poimboeuf , Peter Zijlstra , Ingo Molnar , Seth Jennings , LKML , Linus Torvalds , Arjan van de Ven , Thomas Gleixner , Peter Zijlstra , Borislav Petkov , live-patching@vger.kernel.org Subject: Re: live kernel upgrades (was: live kernel patching design) In-Reply-To: Message-ID: References: <20150220194901.GB3603@gmail.com> <20150220214613.GA21598@suse.com> <20150221181852.GA8406@gmail.com> <20150221191607.GA9534@gmail.com> <20150221194840.GA10126@gmail.com> <20150222084601.GA23491@gmail.com> <20150222094639.GA23684@gmail.com> <20150222104841.GA25335@gmail.com> <20150222150148.3c566837.akpm@linux-foundation.org> User-Agent: Alpine 2.00 (LNX 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1989 Lines: 46 On Sun, 22 Feb 2015, Arjan van de Ven wrote: > There's a lot of logistical issues (can you patch a patched system... if > live patching is a first class citizen you end up with dozens and dozens > of live patches applied, some out of sequence etc etc). I can't speak on behalf of others, but I definitely can speak on behalf of SUSE, as we are already basing a product on this. Yes, you can patch a patched system, you can patch one function multiple times, you can revert a patch. It's all tracked by dependencies. Of course, if you are random Joe User, you can do whatever you want, i.e. also compile your own home-brew patches and apply them randomly and brick your system that way. But that's in no way different to what you as Joe User can do today; there is nothing that will prevent you from shooting yourself in a foot if you are creative. Regarding "out of sequence", this is up to the vendor providing/packaging the patches to make sure that this is guaranteed not to happen. SUSE for example always provides "all-in-one" patch for each and every released and supported kernel codestream in a cummulative manner, which takes care of the ordering issue completely. It's not really too different from shipping external kernel modules and making sure they have proper dependencies that need to be satisfied before the module can be loaded. > There's the "which patches do I have, and if the first patch for a > security hole was not complete, how do I cope by applying number two. > There's the "which of my 50.000 servers have which patch applied" > logistics. Yes. That's easy if distro/patch vendors make reasonable userspace and distribution infrastructure around this. Thanks, -- Jiri Kosina SUSE Labs -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/