Received: by 10.213.65.68 with SMTP id h4csp1194412imn; Wed, 14 Mar 2018 12:28:12 -0700 (PDT) X-Google-Smtp-Source: AG47ELuDB9ex+vNrrgpkbCs5bgDaBCYiWNyj13U3bYW7IXc2sGnndhif6SM1rX4t9nBLMRu68oof X-Received: by 10.98.190.26 with SMTP id l26mr3133358pff.62.1521055692145; Wed, 14 Mar 2018 12:28:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1521055692; cv=none; d=google.com; s=arc-20160816; b=neY+N3arv+xiAbYicUwZ4JfsJxdiVsVn5IVucAnIITtDdSHokzMZ+59BjQjJgWmvGb J+tjeiSjKhg5uT+hJE5DkSuW/bbg3zoZAz+0pkUrtDKcM2C8e106YMyNICpP52kZxMjn uqfl18uLA8Y2kUhHUuF9Fya167U/TCj/x4CifrCOjJQA2vh7rjJU8lQwFkl/Ah7jofDI 8eOZjgb/Ybvzkg8812EABto9AFZWdFVj2Uv3EpevUDzzae21BrqHR/lRE7693M6WIWO5 +juMQd559q0HR5OWOqXBEP9zJhD3+6WNHq//7qcT+FB4yLsteaFaQ8Pkme2iHnO+4Wlo xytA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=5os+r80wgxeG2Gh3MqQ+DikINxKl23DsFYtgr6uhW7Y=; b=Djqs9Ml7gLI47qZGqYskmJCsIjBZQYY1n/kHYKLoAt5akjVO9o/OKz3gHbFxTxyEZC E0razSAW0VTfoziDCHe0P6MH4cvjTPzhf/PWu9rpoNJihiUhrEvzLzs21ciffXhQcUbc MQhuGlIm49aFFFTI8GZu+HN13ijnse+HbtaBcaYzgkl7QLMhBb5vOmhHj+4t5jv4DbU1 Q/q3XpFdmRBR4qIxwePCZmuyiZm6OpHRNiUOwZY//F2j9oCjO/3v/aUrnaz0MhGsJJcD 873os2gQv2jbwKvckvkD8b+GViV29/fB2HrQV15FNoAyNpBAgVLGcaZv4k8ObIvpHTkw SeDg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 62-v6si2410916ply.15.2018.03.14.12.27.56; Wed, 14 Mar 2018 12:28:12 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751461AbeCNT1F (ORCPT + 99 others); Wed, 14 Mar 2018 15:27:05 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:45704 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1750779AbeCNT1E (ORCPT ); Wed, 14 Mar 2018 15:27:04 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 827FA406E8A4; Wed, 14 Mar 2018 19:27:03 +0000 (UTC) Received: from redhat.com (ovpn-125-196.rdu2.redhat.com [10.10.125.196]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 087E210EE850; Wed, 14 Mar 2018 19:27:02 +0000 (UTC) Date: Wed, 14 Mar 2018 15:27:02 -0400 From: Joe Lawrence To: Petr Mladek Cc: Jiri Kosina , Josh Poimboeuf , Miroslav Benes , Jessica Yu , Nicolai Stange , live-patching@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH 1/2] livepatch: Initialize shadow variables by init function safely Message-ID: <20180314192702.h6fvqoo7myt426ww@redhat.com> References: <20180313155448.1998-1-pmladek@suse.com> <20180313155448.1998-2-pmladek@suse.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180313155448.1998-2-pmladek@suse.com> User-Agent: Mutt/1.6.2-neo (2016-08-08) X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Wed, 14 Mar 2018 19:27:03 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Wed, 14 Mar 2018 19:27:03 +0000 (UTC) for IP:'10.11.54.3' DOMAIN:'int-mx03.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'joe.lawrence@redhat.com' RCPT:'' Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Mar 13, 2018 at 04:54:47PM +0100, Petr Mladek wrote: > The existing API allows to pass a sample data to initialize the shadow > data. It works well when the data are position independent. But it fails > miserably when we need to set a pointer to the shadow structure itself. > > Unfortunately, we might need to initialize the pointer surprisingly > often because of struct list_head. It is even worse because the list > might be hidden in other common structures, for example, struct mutex, > struct wait_queue_head. > > This patch makes the API more safe. A custom init function and data > are passed to klp_shadow_*alloc() functions instead of the sample data. Yup, this looks kinda familiar, I remember tinkering with the same idea last year [1] before settling on the simpler API. [1] https://github.com/torvalds/linux/compare/master...joe-lawrence:shadow_variables_v2_c > Note that the init_data are not longer a template for the shadow->data. > It might point to any data that might be necessary when the init > function is called. I'm not opposed to changing the API, but I was wondering if you had thought about expanding it as an alternative? When working on this last summer, I remember holding onto to some less than intuitive naming conventions so that I could support a basic API and an extended API with bells and whistles like this patchset implements. It didn't seem too difficult to layer the basic API ontop of one like this (see [1] for example), so maybe that's an option to keep basic shadow variable usage a little simpler. /two cents > In addition, the newly allocated shadow structure is initialized > only when it is really used. For this, the init function must be > called under klp_shadow_lock. On one hand, this adds a risk of > ABBA deadlocks. On the other hand, it allows to do some operations > safely. For example, we could add the new structure into an > existing list. > > Reported-by: Nicolai Stange > Signed-off-by: Petr Mladek > --- > Documentation/livepatch/shadow-vars.txt | 32 +++++++++++++++------ > include/linux/livepatch.h | 17 ++++++++--- > kernel/livepatch/shadow.c | 48 +++++++++++++++++++++---------- > samples/livepatch/livepatch-shadow-fix1.c | 19 +++++++++++- > samples/livepatch/livepatch-shadow-fix2.c | 6 ++-- > 5 files changed, 89 insertions(+), 33 deletions(-) > > diff --git a/Documentation/livepatch/shadow-vars.txt b/Documentation/livepatch/shadow-vars.txt > [ ... snip ...] > @@ -148,16 +154,24 @@ shadow variables to parents already in-flight. > For commit 1d147bfa6429, a good spot to allocate a shadow spinlock is > inside ieee80211_sta_ps_deliver_wakeup(): > > +int ps_lock_shadow_init(void *obj, void *shadow_data, void *data) > +{ > + spinlock_t *lock = shadow_data; > + > + spin_lock_init(lock); > + return 0; > +} > + > #define PS_LOCK 1 > void ieee80211_sta_ps_deliver_wakeup(struct sta_info *sta) > { > - DEFINE_SPINLOCK(ps_lock_fallback); > spinlock_t *ps_lock; > > /* sync with ieee80211_tx_h_unicast_ps_buf */ > ps_lock = klp_shadow_get_or_alloc(sta, PS_LOCK, > - &ps_lock_fallback, sizeof(ps_lock_fallback), > - GFP_ATOMIC); > + sizeof(ps_lock_fallback), GFP_ATOMIC, I think this should be "sizeof(*ps_lock)" here since we've removed the ps_lock_fallback. > + ps_lock_shadow_init, NULL); > + > if (ps_lock) > spin_lock(ps_lock); The rest of this patchset looks pretty good. I gave the samples a test-run and they still operate as advertised. Perhaps shadow variables are another candidate for some kind of kselftest? Regards, -- Joe