Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp1872896imu; Thu, 10 Jan 2019 04:35:39 -0800 (PST) X-Google-Smtp-Source: ALg8bN5uud466L2TTRaz4Twi8qeczaOA1Nrb0q3bVdNfUoGIxR35a606UcjuXbMu1l5Nm+C1KpEV X-Received: by 2002:a62:3603:: with SMTP id d3mr10421911pfa.146.1547123739627; Thu, 10 Jan 2019 04:35:39 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547123739; cv=none; d=google.com; s=arc-20160816; b=lPJifvNqqbVm7okMugV2huVwleJhza5Dx3Fd6eDLN+vMqLXNCzsOjqSRoYl4L902TP vAjMrvl9SWfrntDeakdLA/vjtltX3bGpSMwVE+cUXJ8U1Oqx6tfOZXS7zAfW+5yzzaha hQKJMUKkWKLGiqXlseVtFFIcZz3e1YkSsFBEL3vJe9i3Lij2HLj/7qvdyJjspK2+tImc Sgi6nwKQOQn1zbDGEbJd1cIR70mkGCOj3ZC+tsosfl642QRygPSSYyXcWjGeYhCjeKX2 xRU0JLeBGcwrXVb/ZsgQR8e5CU7KFpm39/9RLXre/+pRtkI6bwlWxzx/jcn55Dzqb0Ep urqg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date; bh=Q+0osNWm1ASFdbgL1raBeMzrhe7MsTfX3oMJQBtgljw=; b=cv6c5IR7KOwR+WwanLoRhPaf43OTBaj0Eu0SHDVTOLbxqFC844801xx3pXXzfFO/rY 13aJWsKflDSAIhYnmRoPzNRxB5ERkt0M3M+gS1MfI3jfkZX7iLYCRZvS7xJUXSR+qbV1 b0QqLmyccjO0Io4SOT420bRofeBQWPFD4kRSrkw7No2sdCIaL8KAuDXTQy4fqyF00CVD C06iClE0B/wCQwU+yh1jrcGN5j/Gsv65ciY39t/Wiov4tVpfJOfZIdjGkGsUXVrrsW6A prluSIV4eLSZVj5qgc7w05Jor8zYWtGANK75wC6Wyu1CS7ZHHBwHFmP4YMBeBL3mFizV MlRg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i198si58374228pfe.289.2019.01.10.04.35.23; Thu, 10 Jan 2019 04:35:39 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728282AbfAJMci (ORCPT + 99 others); Thu, 10 Jan 2019 07:32:38 -0500 Received: from mx2.suse.de ([195.135.220.15]:58560 "EHLO mx1.suse.de" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726560AbfAJMch (ORCPT ); Thu, 10 Jan 2019 07:32:37 -0500 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay1.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id 3E7B1AEA6; Thu, 10 Jan 2019 12:32:36 +0000 (UTC) Date: Thu, 10 Jan 2019 13:32:35 +0100 (CET) From: Miroslav Benes To: Petr Mladek cc: Jiri Kosina , Josh Poimboeuf , Jason Baron , Joe Lawrence , Evgenii Shatokhin , live-patching@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v15 05/11] livepatch: Simplify API by removing registration step In-Reply-To: <20190109124329.21991-6-pmladek@suse.com> Message-ID: References: <20190109124329.21991-1-pmladek@suse.com> <20190109124329.21991-6-pmladek@suse.com> User-Agent: Alpine 2.21 (LSU 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 9 Jan 2019, Petr Mladek wrote: > The possibility to re-enable a registered patch was useful for immediate > patches where the livepatch module had to stay until the system reboot. > The improved consistency model allows to achieve the same result by > unloading and loading the livepatch module again. > > Also we are going to add a feature called atomic replace. It will allow > to create a patch that would replace all already registered patches. > The aim is to handle dependent patches more securely. It will obsolete > the stack of patches that helped to handle the dependencies so far. > Then it might be unclear when a cumulative patch re-enabling is safe. > > It would be complicated to support the many modes. Instead we could > actually make the API and code easier to understand. > > Therefore, remove the two step public API. All the checks and init calls > are moved from klp_register_patch() to klp_enabled_patch(). Also the patch > is automatically freed, including the sysfs interface when the transition > to the disabled state is completed. > > As a result, there is never a disabled patch on the top of the stack. > Therefore we do not need to check the stack in __klp_enable_patch(). > And we could simplify the check in __klp_disable_patch(). > > Also the API and logic is much easier. It is enough to call > klp_enable_patch() in module_init() call. The patch can be disabled > by writing '0' into /sys/kernel/livepatch//enabled. Then the module > can be removed once the transition finishes and sysfs interface is freed. > > The only problem is how to free the structures and kobjects safely. > The operation is triggered from the sysfs interface. We could not put > the related kobject from there because it would cause lock inversion > between klp_mutex and kernfs locks, see kn->count lockdep map. > > Therefore, offload the free task to a workqueue. It is perfectly fine: > > + The patch can no longer be used in the livepatch operations. > > + The module could not be removed until the free operation finishes > and module_put() is called. > > + The operation is asynchronous already when the first > klp_try_complete_transition() fails and another call > is queued with a delay. > > Suggested-by: Josh Poimboeuf > Signed-off-by: Petr Mladek Acked-by: Miroslav Benes Miroslav