Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp1764472ybe; Sat, 7 Sep 2019 02:25:20 -0700 (PDT) X-Google-Smtp-Source: APXvYqwyYjIDXDd8VjTKuGkbw4C3Qj700TG1hgm00TokHMrQjKKjAvZq8rC+sYuPRyAoUH4M3xV3 X-Received: by 2002:a63:184b:: with SMTP id 11mr12325908pgy.112.1567848320255; Sat, 07 Sep 2019 02:25:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1567848320; cv=none; d=google.com; s=arc-20160816; b=SCOt8QowVo9G6WXBIU9qm6IlfkP56w4q3XBnwZNP3auVJSxsVVYZjTOZPbqC1SRtbN kTmT+SHztT4fu5UZ8EIg9s+wk24F9ddRIp2fQAtSUfzMA41KRfiVkAwB7tK2nOIvfkhj dbLZK22zmXziHgZslPs5n2DOkTiu0l0ueRGBbeQoCnfn3SnHCSAacWz1DJPNwlHe1vFl mTJGydh9UuBpKr6CpXyw8jjwjk2CUYaFSdcFGDT0z5Rm9sCG+Ob7vSYT2FB2dYyGbjQs c+kqwxZxY7cA5Ok7HT/CVkSn427dtMOOQdcMKuoGl/1RfMB5FljvoI28FhJgikX4eYp9 /l7Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=B1VRONwRcMVFGtZl/CPE2CxVkeKXBnFtZmqiG20vP6g=; b=0soULQ3655UgxrANIi8Kxm4L9PcEdpwTa8GzIFDscH07VqujaembYUS+VdaoldKxIo 54gADzaEP4MmjqAQhaI04XjaLqZeIZn6+ypUPYWz957vNpNSzWpblnlTKH96T5pWAxsB NWJuwsCpJz5VSMNiQAKv5Isyh3DK7QTc8nOrM5ISViQXDLQcNFT+ouDSd+XrFyW8ff45 plZLBPWFgKLwQCFTnJVb+/uWgAX6bbbwcEQVM9HpDcRm3yrdzVgjYvPzEOD7butVha7U vcuQrA7CJAgqsIIRoRlIwi+LIOBDZFkMf9xL+0x4IZKO/PNNzBbbDdmCdUIK9DA9VY2c wceA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p33si6620631pgb.0.2019.09.07.02.25.04; Sat, 07 Sep 2019 02:25:20 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2392425AbfIFQpy (ORCPT + 99 others); Fri, 6 Sep 2019 12:45:54 -0400 Received: from mx1.redhat.com ([209.132.183.28]:44628 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727816AbfIFQpy (ORCPT ); Fri, 6 Sep 2019 12:45:54 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id ED1433084288; Fri, 6 Sep 2019 16:45:53 +0000 (UTC) Received: from treble (ovpn-112-76.rdu2.redhat.com [10.10.112.76]) by smtp.corp.redhat.com (Postfix) with ESMTPS id CB107194BB; Fri, 6 Sep 2019 16:45:48 +0000 (UTC) Date: Fri, 6 Sep 2019 11:45:44 -0500 From: Josh Poimboeuf To: Miroslav Benes Cc: Joe Lawrence , Petr Mladek , jikos@kernel.org, linux-kernel@vger.kernel.org, live-patching@vger.kernel.org Subject: Re: [RFC PATCH 2/2] livepatch: Clear relocation targets on a module removal Message-ID: <20190906164544.4hmszo2wlqw3pvu5@treble> References: <20190822223649.ptg6e7qyvosrljqx@treble> <20190823081306.kbkm7b4deqrare2v@pathway.suse.cz> <20190826145449.wyo7avwpqyriem46@treble> <5c649320-a9bf-ae7f-5102-483bc34d219f@redhat.com> <20190905023202.ed7fecc22xze4pwj@treble> <20190905125418.kleis5ackvhtn4hs@treble> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20180716 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.40]); Fri, 06 Sep 2019 16:45:54 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Sep 06, 2019 at 02:51:01PM +0200, Miroslav Benes wrote: > > > > Now, I don't think that replacing .ko on disk is a good idea. We've > > > already discussed it. It would lead to a maintenance/packaging problem, > > > because you never know which version of the module is loaded in the > > > system. The state space grows rather rapidly there. > > > > What exactly are your concerns? > > > > Either the old version of the module is loaded, and it's livepatched; or > > the new version of the module is loaded, and it's not livepatched. > > Let's have module foo.ko with function a(). > > Live patch 1 (LP1) fixes it to a'(), which calls new function b() (present > in LP1). LP1 is used only if foo.ko is loaded. foo.ko is replaced with > foo'.ko on disk. It contains both a'() (fixed a() to be precise) and new > b(). > > Now there is LP2 with new function c() (or c'(), it does not matter) > calling b(). Either foo.ko or foo'.ko can be loaded and you don't know > which one. The implementation LP2 would be different in both cases. > > You could say that it does not matter. If LP2 is implemented for foo.ko, > the same could work for foo'.ko (b() would be a part of LP2 and would not > be called directly from foo'.ko). LP2 would only be necessarily larger. It > is true in case of functions, but if symbol b is not a function but a > global variable, it is different then. Assuming atomic replace, I don't see how this could be a problem. LP2 replaces LP1, so why would LP2 need to access LP1's (or foo'.ko's) symbol b? All live patches should be built against and targeted for the original foo.ko. However... it might break atomic replace functionality in another way. If LP2 is an 'atomic replace' partial revert of LP1, and foo'.ko were loaded, when loading LP2, the atomic replace code wouldn't be able to detect which functions were "patched" in foo'.ko. So if the LP2 functions are not a superset of the LP1 functions, the "patched" functions in foo'.ko wouldn't get reverted. What if foo'.ko were really just the original foo.ko, plus livepatch metadata grafted onto it somehow, such that it patches itself when it loads? Then patched state would always be the same regardless of whether the patch came from the LP or foo'.ko. > Moreover, in this case foo'.ko is "LP superset". Meaning that it contains > only fixes which are present in LP1. What if it is not. We usually > preserve kABI, so there could be a module in two or more versions compiled > from slightly different code (older/newer and so on) and you don't know > which one is loaded. To be fair we don't allow it (I think) at SUSE except > for KMPs (kernel module packages) (the issue of course exists even now > and we haven't solved it yet, because it is rare) and out of tree modules > which we don't support with LP. It could be solved with srcversion, but it > complicates things a lot. "blue sky" idea could extend the issue to all > modules given the above is real. I'm having trouble understanding what this issue is and how "blue sky" would extend it. -- Josh