Received: by 10.192.165.156 with SMTP id m28csp894285imm; Wed, 11 Apr 2018 08:53:32 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+EnuCgI5MVWBQPbKTlgK5XbaUX3nXT+BTPagxvUjJXFP2jXaIR6WdctrfmxG4P9jSLL/II X-Received: by 10.99.95.22 with SMTP id t22mr3939081pgb.315.1523462012730; Wed, 11 Apr 2018 08:53:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523462012; cv=none; d=google.com; s=arc-20160816; b=FEfa23LKyR0fIm55ro9Vdd1EHdSM0nnlaBbFQr/soOckKxvEcXQtf54c9Ldz1HKiU2 nsIlX50HjZ+XD4rpcL3pgFqod9+LepARrIi1mdLbVhRNgbCvDrzxdtPDJekca4VTpmGL HJAgSOtA48JPHS+CbEFJ8ztr0wmKABEl/Q39eM10XPekzMD+6goPaJMVhF8ZCk+ut9ie 80I9tWzGDrIjjoX//uEVvzfBHEXSG4NrW4+wGEMDRNJnEncJ64Tu1SX5er+zH41IDyO2 C9z/K8WvDbTptjv3N37FUKOrXF5TAMs6Q+qkwDkLmwRm/NeXx0kwjyke+TNf9PAqwZKi vT0g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=WigFtTPU7+6J9bFl6TnzQBHZ7kOs40ZwL4GGTYGpnLU=; b=a54VuaY2dm1veuDZF+SsTp272XvbqFPidSXoNhsV48p9hPByysSY52RJ10BevJJEW1 ron+wpPNOFFvA2QIYRMWAVBGDgjcyELWWg6BHgj2+HU/JGWhwOM8iAFoQwECs5IkysSA 09J6O4dsdoxMbZRQad9F3uoWRdg+wEdpQXmHoA43on+X6BampnQHdy8qGina9cCC7Ft9 raolRpkZXDAQHd+qaslLf76KshY1b/zUw4nKwSuJOF/ioiNbl66HhXenGFMRo+OUek76 ywTR6vuf7oT7BmN9QZGAFOy4crd6F9DDaSWHmU/eQOeKCEgvev3Qk+AICI21cX6+LHJc Q7bw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n9si1090280pfb.166.2018.04.11.08.52.56; Wed, 11 Apr 2018 08:53:32 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753356AbeDKPuD (ORCPT + 99 others); Wed, 11 Apr 2018 11:50:03 -0400 Received: from mx1.redhat.com ([209.132.183.28]:53178 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753224AbeDKPuB (ORCPT ); Wed, 11 Apr 2018 11:50:01 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id D1F5E312F90A; Wed, 11 Apr 2018 15:50:00 +0000 (UTC) Received: from treble (ovpn-120-110.rdu2.redhat.com [10.10.120.110]) by smtp.corp.redhat.com (Postfix) with SMTP id 046A382DE9; Wed, 11 Apr 2018 15:49:33 +0000 (UTC) Date: Wed, 11 Apr 2018 10:48:52 -0500 From: Josh Poimboeuf To: Petr Mladek Cc: Miroslav Benes , Jiri Kosina , Jason Baron , Joe Lawrence , Jessica Yu , Evgenii Shatokhin , live-patching@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v10 05/10] livepatch: Support separate list for replaced patches. Message-ID: <20180411154852.3yjab3ot76qicw6m@treble> References: <20180320201502.2skkk3ld4zk2dxwg@treble> <20180323094507.smsqc5ft3yajnwqt@pathway.suse.cz> <20180323224410.vuq5cabfprqhd6ej@treble> <20180326101107.bbloeh5l276on7uz@pathway.suse.cz> <20180406195049.dtfebzfdkbvv6yex@treble> <20180410083455.l26dgo5kx4cy7bc7@pathway.suse.cz> <20180410174206.l3uk6lchhzxvn75x@treble> <20180411123214.mfpkbrirze32phrb@treble> <20180411141711.cwceg7o5ttjgebii@pathway.suse.cz> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20180411141711.cwceg7o5ttjgebii@pathway.suse.cz> User-Agent: Mutt/1.6.0.1 (2016-04-01) X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.43]); Wed, 11 Apr 2018 15:50:00 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Apr 11, 2018 at 04:17:11PM +0200, Petr Mladek wrote: > > I still agree with my original conclusion that enforcing stack order no > > longer makes sense though. > > The question is what we will get if we remove the stack. Will it > really make the code easier and livepatching more safe? > > First, note that stack is the main trick used by the ftrace handler. > It gets the patch from top of the stack and use the new_addr from > that patch. > > If we remove the stack, we still need to handle 3 possibilities. > The handler will need to continue either with original_code, > old_patch or new_patch. > > Now, just imagine the code. We will need variables orig_addr, > old_addr, new_addr or so which might be confusing. It will be > even more confusion if we do revert/disable. Also new_addr will > become old_addr if we install yet another patch. > > We had exactly this in kGraft and it was a mess. I said "wow, > that is genius" when I saw the stack approach in the upstream > code proposal. You're confusing the func stack with the patch stack. My proposal is to get rid of the patch stack. We can keep the func stack. It will be needed anyway for the 'replace' case, where the stack may be of size 2. > Second, unrelated patches must never patch the same functions. > Otherwise we would not be able to define which implementation > should be used. This is especially important when a patch is > removed and we need to fallback either to another patch or > original code. Yes, it makes perfect sense. But it needs code > that will check it, refuse loading the patch, ... It is not > complicated. But it is rather additional code than > simplification. I might make livepatching more safe > but probably not simplify the code. We don't need to enforce that. The func stack can stay. If somebody wants to patch the same function multiple times (without using 'replace'), that's inadvisable, but it's also their business. They're responsible for the tooling to ensure the patch stack order is sane. > > > > > Another possibility would be to get rid of the enable/disable states. > > > > > I mean that the patch will be automatically enabled during > > > > > registration and removed during unregistration. > > > > > > > > I don't see how disabling during unregistration would be possible, since > > > > the unregister is called from the patch module exit function, which > > > > can only be called *after* the patch is disabled. > > > > > > > > However, we could unregister immediately after disabling (i.e., in > > > > enabled_store context). > > > > > > I think this is what Petr meant. So there would be nothing in the patch > > > module exit function. Well, not exactly. We'd need to remove sysfs dir and > > > maybe something more. > > > > Sounds good to me, though aren't the livepatch sysfs entries removed by > > klp during unregister? > > This is why I asked in my earlier mail if we need to keep sysfs > entries for unused patches. If they are permanently disabled then I think the sysfs entries should be removed. > We could remove them when the patch gets disabled (transition > finishes). Then we do not need to do anything in module_exit(). Agreed, though what happens if the transition finishes while still running in the context of the write to the sysfs entry? Can we remove a sysfs entry while executing code associated with it? -- Josh