Received: by 2002:a25:8b12:0:0:0:0:0 with SMTP id i18csp938808ybl; Wed, 14 Aug 2019 08:15:13 -0700 (PDT) X-Google-Smtp-Source: APXvYqxFbTyDyXv9jrCQaO6632IqVTuyPamrdh8d/x9Gcnnfxu7XVb/A1UG2TVrCnhvXfSfqnQ+I X-Received: by 2002:a17:90a:4c:: with SMTP id 12mr270426pjb.40.1565795713651; Wed, 14 Aug 2019 08:15:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1565795713; cv=none; d=google.com; s=arc-20160816; b=VbafFnPTno+YpWXkTDVHejk7wJjAY7emsN9CLdvjYadcwsWF/CHVaJMyhZ9CqkYNGI blQ/hGVxyhnJHlDQn/aCcxt3LH6guLGLmZJPd7YjG8f8NcPkj6BG8OBKcjqILPlWXdyp ThdpYx2GihOBL2p4NTxH4keFQmjg6r79goKLHWqHkA0VrzXPlRq4FPad7b14zMJxCaNL Q7gIdUyB17xQgDWIBujIzCTi9lYOLBhgsnNEEOpjyTBCVJ8mRI78MW2yk97YQUyv6Dgs xWKs56/sjkxn2+9AHjiqZBjaSxG+CYKMkNewf5ooxXeAlnRthnWKppfA5iaQ91lS9Aq3 ixQg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=LyF4vjrviCs6SgGtb9ylON9i2Fag6S0LrutFwV9xCOE=; b=hbdbr0Thyi4fmUJGun87FJT/RgjVTO3OGePufTRfJkbcC+82UYQEfe30mmSy9BbO08 KXn9/yNogTHasX8UP3C5/0LNbCkXeXkEmeRmfnqGZILlg5mt6dBmQOwG5UI0KPCuW6k6 SK1RdQZlxozwpf5bJDXmMc5vaYnBkOc8MqSaHz5EVTfLIuRWwXR/cNuPIhHe+42NT222 t6GPTUhZ3ZLGDZ1BKmMworjxK6oUqN6a4IweG0xsj7I/9k6T1x/zIYy8rC+HSwa6VSCk DIQBlPCjcMoswQbR6DrdunjcOW1lL3fJLRq/ccDESX0uv4PKhNm0SD/9SjBkrzs2y6rv sIdg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b17si155pgw.519.2019.08.14.08.14.57; Wed, 14 Aug 2019 08:15:13 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728002AbfHNPMt (ORCPT + 99 others); Wed, 14 Aug 2019 11:12:49 -0400 Received: from mx1.redhat.com ([209.132.183.28]:35408 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727111AbfHNPMt (ORCPT ); Wed, 14 Aug 2019 11:12:49 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 267D3302C067; Wed, 14 Aug 2019 15:12:49 +0000 (UTC) Received: from treble (ovpn-120-159.rdu2.redhat.com [10.10.120.159]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D4CB17AB7E; Wed, 14 Aug 2019 15:12:45 +0000 (UTC) Date: Wed, 14 Aug 2019 10:12:44 -0500 From: Josh Poimboeuf To: Miroslav Benes Cc: jikos@kernel.org, pmladek@suse.com, joe.lawrence@redhat.com, live-patching@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [RFC PATCH 2/2] livepatch: Clear relocation targets on a module removal Message-ID: <20190814151244.5xoaxib5iya2qjco@treble> References: <20190719122840.15353-1-mbenes@suse.cz> <20190719122840.15353-3-mbenes@suse.cz> <20190728200427.dbrojgu7hafphia7@treble> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20180716 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.46]); Wed, 14 Aug 2019 15:12:49 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Aug 14, 2019 at 01:06:09PM +0200, Miroslav Benes wrote: > > Really, we should be going in the opposite direction, by creating module > > dependencies, like all other kernel modules do, ensuring that a module > > is loaded *before* we patch it. That would also eliminate this bug. > > Yes, but it is not ideal either with cumulative one-fixes-all patch > modules. It would load also modules which are not necessary for a > customer and I know that at least some customers care about this. They > want to deploy only things which are crucial for their systems. If you frame the question as "do you want to destabilize the live patching infrastucture" then the answer might be different. We should look at whether it makes sense to destabilize live patching for everybody, for a small minority of people who care about a small minority of edge cases. Or maybe there's some other solution we haven't thought about, which fits more in the framework of how kernel modules already work. > We could split patch modules as you proposed in the past, but that have > issues as well. Right, I'm not really crazy about that solution either. Here's another idea: per-object patch modules. Patches to vmlinux are in a vmlinux patch module. Patches to kvm.ko are in a kvm patch module. That would require: - Careful management of dependencies between object-specific patches. Maybe that just means that exported function ABIs shouldn't change. - Some kind of hooking into modprobe to ensure the patch module gets loaded with the real one. - Changing 'atomic replace' to allow patch modules to be per-object. > Anyway, that is why I proposed "Rethinking late module patching" talk at > LPC and we should try to come up with a solution there. Thanks, I saw that. It's definitely worthy of more discussion. The talk may be more productive if there were code to look at. For example, a patch which removes all the "late module patching" gunk, so we can at least quantify the cost of the current approach. -- Josh