Received: by 2002:a25:d7c1:0:0:0:0:0 with SMTP id o184csp5338536ybg; Tue, 22 Oct 2019 01:29:42 -0700 (PDT) X-Google-Smtp-Source: APXvYqw77B591Ma9Q1Cly98Lr7acWDKfFvJzEaUdTD6Q1+dLdYN+FQed/R8SHA11CO5APC2Y310V X-Received: by 2002:a17:906:4a0d:: with SMTP id w13mr14098383eju.89.1571732982475; Tue, 22 Oct 2019 01:29:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1571732982; cv=none; d=google.com; s=arc-20160816; b=hSmLdeTM5v2CIwiyZ85PEUB3mFxmgPglcUwze7jR40Q/SbSTT7WISwaaOUfOi0kV0K 6XUgQqee/Q1LKPWbZg685IjAF33tkFHs+AsVlHR77o4JNvgaGmD2qt3Sw3u3NuGA1+KX TvALpAITAIdi0efzRvQrXgG6ghGi17GN+LsRts08tPJlT1A+iRfWAlQOVoVIYXPUN2fR Q+oAZybY2fnW0MJAIOBdFcDNCnbIcbSTK/dI0OQSB6dWicjJaTdxA5T0dz8GgCPjC8g9 jbJie7aAK971OFVv3FA/ESZGSJxjW1NsGlsTzkML4AUYeBNx4pcm4EFyaMdhBzdDfn60 4GcQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date; bh=nr5h1Qum3UeU0KS8yUVUpTECYFGfWJ537xJ07/feHu4=; b=PzOObksj2Uknw4sf6FSK9Z/jXlweEx+nGPksavUr0e93IV6a7cqov/fPvdydUM/8QG BE0TmyCWqh+bBmWbQkaL0Sfa792SJE+06FsKtOZUPDX7ULCp4BhY7Qe5njlKjKKjt5EC K3erzY1hONLY7KqKv9JFpCPbFffi6HopqnP4FnT0hDP6f90mRodVjyPadsI/2jhm/8mS 1IHNTHTIpo2h7UcVmqutYLJs0Ui9BekbV45yP1cVw3Kp+ULRqgdzXtS+v5aq6ZL+zoNY BKtkRUOk7XozIhMVkUPJ8LmU6wzA6OmtpX/sm0s4w+InoW/ORohQ/iZjoMmP6RPTYDR2 MBuw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 26si6625697edz.340.2019.10.22.01.29.18; Tue, 22 Oct 2019 01:29:42 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388416AbfJVI1x (ORCPT + 99 others); Tue, 22 Oct 2019 04:27:53 -0400 Received: from mx2.suse.de ([195.135.220.15]:39198 "EHLO mx1.suse.de" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2388061AbfJVI1x (ORCPT ); Tue, 22 Oct 2019 04:27:53 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id 87540B399; Tue, 22 Oct 2019 08:27:50 +0000 (UTC) Date: Tue, 22 Oct 2019 10:27:49 +0200 (CEST) From: Miroslav Benes To: Jessica Yu cc: Peter Zijlstra , Steven Rostedt , Joe Lawrence , x86@kernel.org, linux-kernel@vger.kernel.org, mhiramat@kernel.org, bristot@redhat.com, jbaron@akamai.com, torvalds@linux-foundation.org, tglx@linutronix.de, mingo@kernel.org, namit@vmware.com, hpa@zytor.com, luto@kernel.org, ard.biesheuvel@linaro.org, jpoimboe@redhat.com, live-patching@vger.kernel.org, pmladek@suse.com Subject: Re: [PATCH v3 5/6] x86/ftrace: Use text_poke() In-Reply-To: <20191018130342.GA4625@linux-8ccs> Message-ID: References: <20191015130739.GA23565@linux-8ccs> <20191015135634.GK2328@hirez.programming.kicks-ass.net> <88bab814-ea24-ece9-2bc0-7a1e10a62f12@redhat.com> <20191015153120.GA21580@linux-8ccs> <7e9c7dd1-809e-f130-26a3-3d3328477437@redhat.com> <20191015182705.1aeec284@gandalf.local.home> <20191016074951.GM2328@hirez.programming.kicks-ass.net> <20191018130342.GA4625@linux-8ccs> User-Agent: Alpine 2.21 (LSU 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 18 Oct 2019, Jessica Yu wrote: > +++ Miroslav Benes [16/10/19 15:29 +0200]: > >On Wed, 16 Oct 2019, Miroslav Benes wrote: > > > >> On Wed, 16 Oct 2019, Peter Zijlstra wrote: > >> > >> > On Tue, Oct 15, 2019 at 06:27:05PM -0400, Steven Rostedt wrote: > >> > > >> > > (7) Seventh session, titled "klp-convert and livepatch relocations", > >> > > was led > >> > > by Joe Lawrence. > >> > > > >> > > Joe started the session with problem statement: accessing non exported > >> > > / static > >> > > symbols from inside the patch module. One possible workardound is > >> > > manually via > >> > > kallsyms. Second workaround is klp-convert, which actually creates > >> > > proper > >> > > relocations inside the livepatch module from the symbol database during > >> > > the > >> > > final .ko link. > >> > > Currently module loader looks for special livepatch relocations and > >> > > resolves > >> > > those during runtime; kernel support for these relocations have so far > >> > > been > >> > > added for x86 only. Special livepatch relocations are supported and > >> > > processed > >> > > also on other architectures. Special quirks/sections are not yet > >> > > supported. > >> > > Plus klp-convert would still be needed even with late module patching > >> > > update. > >> > > vmlinux or modules could have ambiguous static symbols. > >> > > > >> > > It turns out that the features / bugs below have to be resolved before > >> > > we > >> > > can claim the klp-convert support for relocation complete: > >> > > - handle all the corner cases (jump labels, static keys, ...) > >> > > properly and > >> > > have a good regression tests in place > >> > > >> > I suppose all the patches in this series-of-series here will make life > >> > harder for KLP, static_call() and 2 byte jumps etc.. > >> > >> Yes, I think so. We'll have to deal with that once it lands. That is why > >> we want to get rid of all this arch-specific code in livepatch and > >> reinvent the late module patching. So it is perhaps better to start > >> working on it sooner than later. Adding Petr, who hesitantly signed up for > >> the task... > > > >Thinking about it more... crazy idea. I think we could leverage these new > >ELF .text per vmlinux/module sections for the reinvention I was talking > >about. If we teach module loader to relocate (and apply alternatives and > >so on, everything in arch-specific module_finalize()) not the whole module > >in case of live patch modules, but separate ELF .text sections, it could > >solve the issue with late module patching we have. It is a variation on > >Steven's idea. When live patch module is loaded, only its section for > >present modules would be processed. Then whenever a to-be-patched module > >is loaded, its .text section in all present patch module would be > >processed. > > > >The upside is that almost no work would be required on patch modules > >creation side. The downside is that klp_modinfo must stay. Module loader > >needs to be hacked a lot in both cases. So it remains to be seen which > >idea is easier to implement. > > > >Jessica, do you think it would be feasible? > > I think that does sound feasible. I'm trying to visualize how that > would look. I guess there would need to be various livepatching hooks > called during the different stages (apply_relocate_add(), > module_finalize(), module_enable_ro/x()). > > So maybe something like the following? > > When a livepatch module loads: > apply_relocate_add() > klp hook: apply .klp.rela.$objname relocations *only* for > already loaded modules > module_finalize() > klp hook: apply .klp.arch.$objname changes for already loaded modules > module_enable_ro() > klp hook: only enable ro/x for .klp.text.$objname for already > loaded modules > > When a to-be-patched module loads: > apply_relocate_add() > klp hook: for each patch module that patches the coming > module, apply .klp.rela.$objname relocations for this object > module_finalize() > klp hook: for each patch module that patches the coming > module, apply .klp.arch.$objname changes for this object > module_enable_ro() > klp hook: for each patch module, apply ro/x permissions for > .klp.text.$objname for this object > > Then, in klp_module_coming, we only need to do the callbacks and > enable the patch, and get rid of the module_disable_ro->apply > relocs->module_enable_ro block. > > Does that sound like what you had in mind or am I totally off? Sort of. What I had in mind was that we could get rid of all special .klp ELF section if module loader guarantees that only sections for loaded modules are processed. Then .klp.rela.$objname is not needed and proper .rela.text.$objname (or whatever its text section is named) should be sufficient. The same for the rest (.klp.arch). Only then it would be useful. Miroslav