Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp833458imu; Thu, 3 Jan 2019 07:58:13 -0800 (PST) X-Google-Smtp-Source: ALg8bN5+j6mwfxOcOvo+xQkIdHXTdus/Ub/1MJEuVySxH9Rkok6aBlBuGM5lUa+UlomSBIVI3+33 X-Received: by 2002:a17:902:b943:: with SMTP id h3mr48070672pls.12.1546531093297; Thu, 03 Jan 2019 07:58:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1546531093; cv=none; d=google.com; s=arc-20160816; b=x/ZuiC/bPpJ9SJvjntAd8M151jmThZbSlVWBuw08jexvwZEBAgOLk8JkDb+TTb1p6V W+dmYeidHT/VvJpX7ouI11Fu0QdCWy9TstNQKfPxjEKc1KjtMwY3N1MPbCBiK7SGLaXF Q6icQ1RcmNiwSdTNmVMb+GqtRaoXKLsW1lIsUM4iPePCHgsVBQtFIjtxv5dFe35gdZDh uCTNGiJdMap0zoLFQnBLi5GKOmochZAhphlXHKAv0BM4cGGNVu3LGH2WI2cpX8gl/XzM ZFmLLyZR6SNJl1GWb5Xn6hJtWPmJqOu+UoHdxMsOcP19rwVGL96+JxJjI0hbmjon/vD1 9+MA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=MHbkTJWjtp8/ZrS4T9n5pU5ei47EnqkX8NOXmjzXcDk=; b=iSyxYFWMlmC7gbU40611ctK0c4dbYfwb75IBBM30v6fkByvHGeheGK6d8GtdqU6IJs B6TxugjnkL9neNE8Hfq8p5ZznSWYsVFHGjoLM2g55HQXA4U+ovr6nogXgieSi8YOifja I9nwm+a3H7uH3q/deLHViVTUeva3f7lGvWwAEEL5pqFauFRPXatbVXebpmcdK8kSEnxW zXMFrkZZ+ih/XAvYHVlsjPlY+IlhUgvWEqgodGfWLXrElgktInHIGDDng8txMT7GDA8m XYxmJzOWIrCQ3DL85Buc+0zvRgnXx67MlrqH+jQtdaFvq/iM+oCd8hxgwBrXgV4Jx5MF 2bMw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g26si5815325pfe.127.2019.01.03.07.57.34; Thu, 03 Jan 2019 07:58:13 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730698AbfACLrf (ORCPT + 99 others); Thu, 3 Jan 2019 06:47:35 -0500 Received: from mx2.suse.de ([195.135.220.15]:60198 "EHLO mx1.suse.de" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726345AbfACLrf (ORCPT ); Thu, 3 Jan 2019 06:47:35 -0500 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id 4D513ACAE; Thu, 3 Jan 2019 11:47:33 +0000 (UTC) Date: Thu, 3 Jan 2019 12:47:32 +0100 From: Petr Mladek To: Joe Lawrence Cc: Jiri Kosina , Josh Poimboeuf , Miroslav Benes , Jason Baron , Evgenii Shatokhin , live-patching@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v14 05/11] livepatch: Simplify API by removing registration step Message-ID: <20190103114732.f52qioxi6osl3ett@pathway.suse.cz> References: <20181129094431.7801-1-pmladek@suse.com> <20181129094431.7801-6-pmladek@suse.com> <20181205193253.mhlqj37r4o6ukkhp@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20181205193253.mhlqj37r4o6ukkhp@redhat.com> User-Agent: NeoMutt/20170421 (1.8.2) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed 2018-12-05 14:32:53, Joe Lawrence wrote: > On Thu, Nov 29, 2018 at 10:44:25AM +0100, Petr Mladek wrote: > > The possibility to re-enable a registered patch was useful for immediate > > patches where the livepatch module had to stay until the system reboot. > > The improved consistency model allows to achieve the same result by > > unloading and loading the livepatch module again. > > > > Also we are going to add a feature called atomic replace. It will allow > > to create a patch that would replace all already registered patches. > > The aim is to handle dependent patches more securely. It will obsolete > > the stack of patches that helped to handle the dependencies so far. > > Then it might be unclear when a cumulative patch re-enabling is safe. > > > > It would be complicated to support the many modes. Instead we could > > actually make the API and code easier to understand. > > > > This patch removes the two step public API. All the checks and init calls > > are moved from klp_register_patch() to klp_enabled_patch(). Also the patch > > is automatically freed, including the sysfs interface when the transition > > to the disabled state is completed. > > > > diff --git a/Documentation/livepatch/livepatch.txt b/Documentation/livepatch/livepatch.txt > > index 2d7ed09dbd59..d849af312576 100644 > > --- a/Documentation/livepatch/livepatch.txt > > +++ b/Documentation/livepatch/livepatch.txt > > > > +5.4. Removing > > +------------- > > > > -At this stage, all the relevant sys-fs entries are removed and the patch > > -is removed from the list of known patches. > > +Module removal is only safe when there are no users of the underlying > ^^^^^^^^^^ > Could a reader confuse "underlying functions" for functions in the > livepatching-core? Would "modified functions" or adding "(struct > klp_func) " make this more specific? > > > +functions. This is the reason why the force feature permanently disables > > +the removal. The forced tasks entered the functions but we cannot say > ^^^^^^^^^^^^^ > Same ambiguity here. I am going to simplify the entire paragraph and replace: "Module removal is only safe when there are no users of the underlying functions. This is the reason why the force feature permanently disables the removal. The forced tasks entered the functions but we cannot say that they returned back. Therefore it cannot be decided when the livepatch module can be safely removed. When the system is successfully transitioned to a new patch state (patched/unpatched) without being forced it is guaranteed that no task sleeps or runs in the old code." with "Module removal is only safe when there are no users of functions provided by the module. This is the reason why the force feature permanently disables the removal. Only when the system is successfully transitioned to a new patch state (patched/unpatched) without being forced it is guaranteed that no task sleeps or runs in the old code." Best Regards, Petr PS: Note that the text was there even before this patch. I just moved it from the section 4.3.