Received: by 2002:a25:d7c1:0:0:0:0:0 with SMTP id o184csp1739829ybg;
        Sat, 19 Oct 2019 01:28:20 -0700 (PDT)
X-Google-Smtp-Source: APXvYqzHAieBeODqJZlwnOf+mxXfmHEVwrreWXfCaq0IhrbBjQSLIukvSciomUfQLw37V1niZgZK
X-Received: by 2002:a17:906:6bcd:: with SMTP id t13mr1726238ejs.231.1571473700307;
        Sat, 19 Oct 2019 01:28:20 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1571473700; cv=none;
        d=google.com; s=arc-20160816;
        b=G/48U77mhkTGnE5erzuUtvLVMQ8mUDUvTxxOoI52CN4MvzZt988072TMJnAtYBWy9G
         cMT3eOoLOartP4BqCcICxIpmo+Fkd+UbfaXLW2FwIgTar5tBZUGnpzNySvxnJbRxKYCQ
         DbAfBv8kEC6FVXj19KI/n3OTjYIpUD5ZHK3T9j42/66TcltQj+QEWEl/WmpH0eSOcHOk
         ZHqqtJaxpXv0JYx07w1wByxAS5KzLmuI8nttCPZP7RmwKGB+JJhc1NyehKZ8ac1n3exs
         5Rg2rmyh3Pn1Rtywk1vPHKH7ZsIUe8RjjQjLhM/TC+PSf0S1ZzzqJahtRDtKcJcp/gdI
         U+3A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date;
        bh=Q55WtF23+SQvgV1QFXscuE/FNZ/UzNBqhkjlCNTvPQw=;
        b=DFpXSnQbpfLGBgU4FJfdzXBg6xuL64uTtFl1UT11lWEv1lWBxKMyOxCDgdOjCZ5Rmz
         ng0+eOZfZvXjnGgAOhkyWFNhImuzdLqtm9Jpy+6wITkejtvjBV/t7pYfiY/59tPaU0Y/
         Ri7EDNvWS/n8PUPzHBu4dDVsi9B+ww8oIqPH/l/0lWBS3+VHImcAkFlfYMz8YKOp2kDE
         AM/Sed21Q/80sQctphPvpyPykSHO35BYt/TWticA6calD/Agkd2ioXlM9Rubigh+p+Y7
         b0cXfA7gQHKBpKomVMKYwPz4dVQm/Yi1pr7VavsUEpZ+RgQNMw6AHl9k969fb42yoOuO
         PAAA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id z19si4760228ejr.244.2019.10.19.01.27.57;
        Sat, 19 Oct 2019 01:28:20 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2410418AbfJRNlC (ORCPT <rfc822;busarih159@gmail.com>
        + 99 others); Fri, 18 Oct 2019 09:41:02 -0400
Received: from mx2.suse.de ([195.135.220.15]:40414 "EHLO mx1.suse.de"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1728150AbfJRNlC (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 18 Oct 2019 09:41:02 -0400
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay2.suse.de (unknown [195.135.220.254])
        by mx1.suse.de (Postfix) with ESMTP id 0FBAFB1D4;
        Fri, 18 Oct 2019 13:41:00 +0000 (UTC)
Date:   Fri, 18 Oct 2019 15:40:58 +0200
From:   Petr Mladek <pmladek@suse.com>
To:     Jessica Yu <jeyu@kernel.org>
Cc:     Miroslav Benes <mbenes@suse.cz>,
        Peter Zijlstra <peterz@infradead.org>,
        Steven Rostedt <rostedt@goodmis.org>,
        Joe Lawrence <joe.lawrence@redhat.com>, x86@kernel.org,
        linux-kernel@vger.kernel.org, mhiramat@kernel.org,
        bristot@redhat.com, jbaron@akamai.com,
        torvalds@linux-foundation.org, tglx@linutronix.de,
        mingo@kernel.org, namit@vmware.com, hpa@zytor.com, luto@kernel.org,
        ard.biesheuvel@linaro.org, jpoimboe@redhat.com,
        live-patching@vger.kernel.org
Subject: Re: [PATCH v3 5/6] x86/ftrace: Use text_poke()
Message-ID: <20191018134058.7zyls4746wpa7jy5@pathway.suse.cz>
References: <20191015135634.GK2328@hirez.programming.kicks-ass.net>
 <alpine.LSU.2.21.1910151611000.13169@pobox.suse.cz>
 <88bab814-ea24-ece9-2bc0-7a1e10a62f12@redhat.com>
 <20191015153120.GA21580@linux-8ccs>
 <7e9c7dd1-809e-f130-26a3-3d3328477437@redhat.com>
 <20191015182705.1aeec284@gandalf.local.home>
 <20191016074951.GM2328@hirez.programming.kicks-ass.net>
 <alpine.LSU.2.21.1910161216100.7750@pobox.suse.cz>
 <alpine.LSU.2.21.1910161521010.7750@pobox.suse.cz>
 <20191018130342.GA4625@linux-8ccs>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20191018130342.GA4625@linux-8ccs>
User-Agent: NeoMutt/20170912 (1.9.0)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri 2019-10-18 15:03:42, Jessica Yu wrote:
> +++ Miroslav Benes [16/10/19 15:29 +0200]:
> > On Wed, 16 Oct 2019, Miroslav Benes wrote:
> > Thinking about it more... crazy idea. I think we could leverage these new
> > ELF .text per vmlinux/module sections for the reinvention I was talking
> > about. If we teach module loader to relocate (and apply alternatives and
> > so on, everything in arch-specific module_finalize()) not the whole module
> > in case of live patch modules, but separate ELF .text sections, it could
> > solve the issue with late module patching we have. It is a variation on
> > Steven's idea. When live patch module is loaded, only its section for
> > present modules would be processed. Then whenever a to-be-patched module
> > is loaded, its .text section in all present patch module would be
> > processed.
> > 
> > The upside is that almost no work would be required on patch modules
> > creation side. The downside is that klp_modinfo must stay. Module loader
> > needs to be hacked a lot in both cases. So it remains to be seen which
> > idea is easier to implement.
> > 
> > Jessica, do you think it would be feasible?
> 
> I think that does sound feasible. I'm trying to visualize how that
> would look. I guess there would need to be various livepatching hooks
> called during the different stages (apply_relocate_add(),
> module_finalize(), module_enable_ro/x()).
> 
> So maybe something like the following?
> 
> When a livepatch module loads:
>    apply_relocate_add()
>        klp hook: apply .klp.rela.$objname relocations *only* for
>        already loaded modules
>    module_finalize()
>        klp hook: apply .klp.arch.$objname changes for already loaded modules
>    module_enable_ro()
>        klp hook: only enable ro/x for .klp.text.$objname for already
>        loaded modules

Just for record. We should also set ro for the not-yet used
.klp.text.$objname at this stage so that it can't be modified
easily "by accident".


> When a to-be-patched module loads:
>    apply_relocate_add()
>        klp hook: for each patch module that patches the coming
>        module, apply .klp.rela.$objname relocations for this object
>    module_finalize()
>        klp hook: for each patch module that patches the coming
>        module, apply .klp.arch.$objname changes for this object
>    module_enable_ro()
>        klp hook: for each patch module, apply ro/x permissions for
>        .klp.text.$objname for this object
> 
> Then, in klp_module_coming, we only need to do the callbacks and
> enable the patch, and get rid of the module_disable_ro->apply
> relocs->module_enable_ro block.
> 
> Does that sound like what you had in mind or am I totally off?

Makes sense to me.

Well, I wonder if it is really any better from what we have now.
We would still need special delayed handling for the module-specific
elf sections. Also we still would not need to clear the modifications
in these sections when the livepatched object gets unloaded.

I am afraid that the real difference might come when we split
the livepatch into per-livepatched object modules. This would
move the complexity to another parts of the code ;-) I am
unable to say what approach is easier and more safe to maintain
at the moment.

Best Regards,
Petr