Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp1196849ybe; Fri, 6 Sep 2019 13:28:40 -0700 (PDT) X-Google-Smtp-Source: APXvYqzA2YCiQVZcy87XB4H29HC2BbW0R0a6ALok7SFkY9LRHluVLYo+8Yv8RfMPHlS2xU/LOLSo X-Received: by 2002:a17:902:8689:: with SMTP id g9mr672338plo.160.1567801720597; Fri, 06 Sep 2019 13:28:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1567801720; cv=none; d=google.com; s=arc-20160816; b=E2m8kn8aDggMWVlYDX7oTUxRb278HXo5/xiC8229rrrgwMsapUvF/n4RVp7fKFslHI 6ZayfZfXNDN1ZC47zozN0P+YEIhwQtbUrr0T1chetQbV4IaN52LCSt9gL3Cl1QGTZvuT 4rvT8RjZfCVyChX9PYm9PFyhpSOjiMqX5vjwJ2sulIJ6mmztRwDrCEJ0J7jLAOqmrqak Et+6SuR6h0SoE1ql7QCTLitoh9plieF7xH9oqoJ2tqmyeX6BNRemmIGS46L9YGeyR6x5 oukfWBAfrjG5yd8a8gnbKc2ywh7D+xaa31GH5tPoHlJ3zG2QE5TIcsjx5VigMKVlJjMd 47jg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date; bh=7JySguX44ZXrbxFWCdjpYHDq1bM1hQD5ik0zpAeEZgc=; b=jC6+aCydJXUyDKPFAFoaH757hAUKZXGuSBW0nG9deqZmTgFxo3D0jD82KoGsFUrwDq 0RQKI7E64Rdbc8aZr+XJPzwSQ7RJQ1vh4GWCgUO9uarB63sRupf7wS2MSDBOLgnH9MSi JMwLlmGQDZdaH+DuYsGRxafcKq2JFa+jaDF+Ma/kkHLmZiHonTWTjCVl4TvSA91pvMWv 6ZhAJZ+cYEDKBQhNAFZkvmlzLGenBjhXcESES6gBKL368sZVk3lueSqE+G0JmukZbkB3 Q54g8rvLBIbbmOJWSWKaNlkr3iHas9Z5l4d+KH3P+N7DvRlwoeLqISg8tuNTUI/Tnavt tdVQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i6si5649992pjs.13.2019.09.06.13.28.09; Fri, 06 Sep 2019 13:28:40 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2404756AbfIFMvR (ORCPT + 99 others); Fri, 6 Sep 2019 08:51:17 -0400 Received: from mx2.suse.de ([195.135.220.15]:35376 "EHLO mx1.suse.de" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2404746AbfIFMvR (ORCPT ); Fri, 6 Sep 2019 08:51:17 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id 70B34AFB0; Fri, 6 Sep 2019 12:51:15 +0000 (UTC) Date: Fri, 6 Sep 2019 14:51:01 +0200 (CEST) From: Miroslav Benes To: Josh Poimboeuf cc: Joe Lawrence , Petr Mladek , jikos@kernel.org, linux-kernel@vger.kernel.org, live-patching@vger.kernel.org Subject: Re: [RFC PATCH 2/2] livepatch: Clear relocation targets on a module removal In-Reply-To: <20190905125418.kleis5ackvhtn4hs@treble> Message-ID: References: <20190814151244.5xoaxib5iya2qjco@treble> <20190816094608.3p2z73oxcoqavnm4@pathway.suse.cz> <20190822223649.ptg6e7qyvosrljqx@treble> <20190823081306.kbkm7b4deqrare2v@pathway.suse.cz> <20190826145449.wyo7avwpqyriem46@treble> <5c649320-a9bf-ae7f-5102-483bc34d219f@redhat.com> <20190905023202.ed7fecc22xze4pwj@treble> <20190905125418.kleis5ackvhtn4hs@treble> User-Agent: Alpine 2.21 (LSU 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > > Now, I don't think that replacing .ko on disk is a good idea. We've > > already discussed it. It would lead to a maintenance/packaging problem, > > because you never know which version of the module is loaded in the > > system. The state space grows rather rapidly there. > > What exactly are your concerns? > > Either the old version of the module is loaded, and it's livepatched; or > the new version of the module is loaded, and it's not livepatched. Let's have module foo.ko with function a(). Live patch 1 (LP1) fixes it to a'(), which calls new function b() (present in LP1). LP1 is used only if foo.ko is loaded. foo.ko is replaced with foo'.ko on disk. It contains both a'() (fixed a() to be precise) and new b(). Now there is LP2 with new function c() (or c'(), it does not matter) calling b(). Either foo.ko or foo'.ko can be loaded and you don't know which one. The implementation LP2 would be different in both cases. You could say that it does not matter. If LP2 is implemented for foo.ko, the same could work for foo'.ko (b() would be a part of LP2 and would not be called directly from foo'.ko). LP2 would only be necessarily larger. It is true in case of functions, but if symbol b is not a function but a global variable, it is different then. Moreover, in this case foo'.ko is "LP superset". Meaning that it contains only fixes which are present in LP1. What if it is not. We usually preserve kABI, so there could be a module in two or more versions compiled from slightly different code (older/newer and so on) and you don't know which one is loaded. To be fair we don't allow it (I think) at SUSE except for KMPs (kernel module packages) (the issue of course exists even now and we haven't solved it yet, because it is rare) and out of tree modules which we don't support with LP. It could be solved with srcversion, but it complicates things a lot. "blue sky" idea could extend the issue to all modules given the above is real. Does it make sense? Miroslav