Received: by 2002:a05:6a10:9afc:0:0:0:0 with SMTP id t28csp698060pxm; Thu, 3 Mar 2022 02:50:35 -0800 (PST) X-Google-Smtp-Source: ABdhPJwyxKtv5qi389l1L7oA2jI6eqqIQxda+KU9IgsALK4ffXJGwR4RamfdFDy9AiQzLi2BVJ9B X-Received: by 2002:a17:906:5a94:b0:6c5:5aa4:da87 with SMTP id l20-20020a1709065a9400b006c55aa4da87mr27994025ejq.381.1646304635161; Thu, 03 Mar 2022 02:50:35 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1646304635; cv=none; d=google.com; s=arc-20160816; b=GrtiUn0HZsl6UfYhQCM33MtClZ7/x159EAeGZtObS0xghggMnX2CU1sK0lpOub5dYU fAqRHyWU+lhMOJdt5ULTatyUF6HAWxVDA81QzmB2DOE5AJp2KZUo20pG0ZthchVWPB26 8gPmXIwgi2GHifwXC8UzMq0LnE9zh4Fq0TQfMF+bqc7VeEQtDSvazB8VPWA8ipOhts0J nAH5kDeYlzpN0ZMu56HNJW3EARLgIDpXAYydvpDiOcN+srCNCFEyT7FI7zU9ifmWKu+X nqDiZ3Xrbjo3XmvaymvMNMyViYs9whodL3ckSCeiELJ+82njz1iuxwrFvOTBIJsAndpn lSCQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=Oja3CIqE9fA451Twve2pF1vRqS/QrpX6zmesqNzXMcA=; b=CAaEGzRsUViPB2t+p2PFcAUgBIgReQNAhL2Uqfx3jFH29e5gjt8pS0zmcytMoNFi29 5PoAXjkUg6WgKDgnxUuBXSAMjbKaVZVbolDo5JNhC9a/4E2NgQvQktxS3M6O5qSoOwch lgamx8plTQOEPC+XKk3c3yVrsjvQgjSM8pVOpfhyuiTWnJjemhKLZDAuVrRz2ToyM213 ita9dNOvsSnMGqBg3R8ek4J/lUC2x9RzfLGzgYU3Jtz2y6nfG8fT1tJWk9mVp8Sj8mP3 vRFnj0uZhCGlQiLlM/bEJhuHs1vpY+Y6xorH7Nj74zyxSQ9HxHxeySql9avjEedKyxKc sOjQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@bytedance-com.20210112.gappssmtp.com header.s=20210112 header.b=N2wLZPHb; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bytedance.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id nb23-20020a1709071c9700b006d659315ef6si1382485ejc.123.2022.03.03.02.50.12; Thu, 03 Mar 2022 02:50:35 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@bytedance-com.20210112.gappssmtp.com header.s=20210112 header.b=N2wLZPHb; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bytedance.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232365AbiCCKeU (ORCPT + 99 others); Thu, 3 Mar 2022 05:34:20 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44958 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230097AbiCCKeT (ORCPT ); Thu, 3 Mar 2022 05:34:19 -0500 Received: from mail-pl1-x629.google.com (mail-pl1-x629.google.com [IPv6:2607:f8b0:4864:20::629]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D89B3329BB for ; Thu, 3 Mar 2022 02:33:29 -0800 (PST) Received: by mail-pl1-x629.google.com with SMTP id 9so4144994pll.6 for ; Thu, 03 Mar 2022 02:33:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bytedance-com.20210112.gappssmtp.com; s=20210112; h=message-id:date:mime-version:user-agent:subject:content-language:to :cc:references:from:in-reply-to:content-transfer-encoding; bh=Oja3CIqE9fA451Twve2pF1vRqS/QrpX6zmesqNzXMcA=; b=N2wLZPHbeKHF/4+voaEtvGxD4D0DSWyFiqi97W2sREHJv/ENo8uK3Hw2n9e7A8qvDo bRnCP8++kh/M1T6jTh2vnsUxNhP55uzjf6FwKhRll3JN6V4st8JWD8EjUYMgQH6Gu2m9 nIqW2sYZaRtLvnOcgLgz4RtyvzU9oNl8C4llgeoPWxSBTL9wQZv/A06uyPaoC7uoA0x6 hwt7zKUvioPFQ+yGUbePCCrclL+jR+ca+xK/4HQJz4Au+x4aJogZj+hQiyzSuPvauxNe QTyL+t9uIlHdaKPct5K3nCbb7IwbeJsBMYPvKl+zRIHZJHAhZhoNItFaepYo/neCFKYn yVDA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:cc:references:from:in-reply-to :content-transfer-encoding; bh=Oja3CIqE9fA451Twve2pF1vRqS/QrpX6zmesqNzXMcA=; b=0TzD/k3foZk64bxs2HDVuJ234MzN0RfyfOVLQpZvh5a7ygaJkNDPtSEbrFFyx01y44 bs14wvolzH+iB5XVl7/BwxTEcYnojxGL5f/J8pSuWrjNVXwSvmre2ZjW5feZXhOnMVK7 0jJxHLu6Jc0PnV0pXDMkNLzxFvRuv6eJukXFxkEO/YWfOkvmzJSkZfQYLrav9xv61WCX Ix8Z5lW16PtSwNmnJ81uNxCDADmGYMwu2jYFxkz/KiVkTr7eF13llKJVlulo+xu3forz /Mafh7o7Sjvc9U820FoSBUF8HDjG7SIRWVQ9jBCDyG718k9W+lPH7vTy1JZDgqfBOUXa sl6w== X-Gm-Message-State: AOAM531bjCqwgGTq7lchPymVIfCPHSt+npp45k68UJAB1zolDbBgycMP LM6RLqW07vWOAMpQH5BLChdQuw== X-Received: by 2002:a17:90b:4d86:b0:1bd:223f:6cb5 with SMTP id oj6-20020a17090b4d8600b001bd223f6cb5mr4604124pjb.151.1646303609319; Thu, 03 Mar 2022 02:33:29 -0800 (PST) Received: from [10.255.179.141] ([139.177.225.237]) by smtp.gmail.com with ESMTPSA id q9-20020a056a00150900b004f4735396fesm2163786pfu.191.2022.03.03.02.33.24 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 03 Mar 2022 02:33:28 -0800 (PST) Message-ID: <1929669c-7674-035b-8cf1-5b5007ecccec@bytedance.com> Date: Thu, 3 Mar 2022 18:33:22 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.6.1 Subject: Re: [External] Re: [PATCH] livepatch: Only block the removal of KLP_UNPATCHED forced transition patch Content-Language: en-US To: Miroslav Benes Cc: jpoimboe@redhat.com, jikos@kernel.org, pmladek@suse.com, joe.lawrence@redhat.com, live-patching@vger.kernel.org, linux-kernel@vger.kernel.org, songmuchun@bytedance.com, qirui.001@bytedance.com References: <20220301140840.29345-1-zhouchengming@bytedance.com> From: Chengming Zhou In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2022/3/3 3:51 下午, Miroslav Benes wrote: > On Thu, 3 Mar 2022, Chengming Zhou wrote: > >> Hi, >> >> On 2022/3/2 5:55 下午, Miroslav Benes wrote: >>> Hi, >>> >>> On Tue, 1 Mar 2022, Chengming Zhou wrote: >>> >>>> module_put() is currently never called for a patch with forced flag, to block >>>> the removal of that patch module that might still be in use after a forced >>>> transition. >>>> >>>> But klp_force_transition() will flag all patches on the list to be forced, since >>>> commit d67a53720966 ("livepatch: Remove ordering (stacking) of the livepatches") >>>> has removed stack ordering of the livepatches, it will cause all other patches can't >>>> be unloaded after disabled even if they have completed the KLP_UNPATCHED transition. >>>> >>>> In fact, we don't need to flag a patch to forced if it's a KLP_PATCHED forced >>>> transition. It can still be unloaded only if it has passed through the consistency >>>> model in KLP_UNPATCHED transition. >>>> >>>> So this patch only set forced flag and block the removal of a KLP_UNPATCHED forced >>>> transition livepatch. >>>> >>>> Signed-off-by: Chengming Zhou >>>> --- >>>> kernel/livepatch/transition.c | 4 ++-- >>>> 1 file changed, 2 insertions(+), 2 deletions(-) >>>> >>>> diff --git a/kernel/livepatch/transition.c b/kernel/livepatch/transition.c >>>> index 5683ac0d2566..8b296ad9e407 100644 >>>> --- a/kernel/livepatch/transition.c >>>> +++ b/kernel/livepatch/transition.c >>>> @@ -641,6 +641,6 @@ void klp_force_transition(void) >>>> for_each_possible_cpu(cpu) >>>> klp_update_patch_state(idle_task(cpu)); >>>> >>>> - klp_for_each_patch(patch) >>>> - patch->forced = true; >>>> + if (klp_target_state == KLP_UNPATCHED) >>>> + klp_transition_patch->forced = true; >>> >>> I do not think this would interact nicely with the atomic replace feature. >>> If you force the transition of a patch with ->replace set to true, no >>> existing patch would get ->forced set with this change, which means all >>> patches will be removed at the end of klp_try_complete_transition(). And >>> that is something we want to prevent. >> >> Good point, I should check if it's an atomic replace livepatch in the else >> branch, in which case we have to set all existing patches to forced. > > Yes, but that leads to a question if it then brings any value. Forcing a > transition should be exceptional. If it is needed, there may be other > issues involved which should probably be fixed. Have you come across a > practical situation where the patch helped? Yes, you're right, the correct way is to find and fix the issues that make us to use this "force" transition interface, until we don't need to use it. Apart from this reason, another reason we may use "force" transition is that we want to speed up the transition process of some patches when load them, and we can make sure these patches are safe to do so. (just like a consistency model check disable option when load a patch) Then I find it confusing and limited that force transition in loading a patch will make all previous patches can't be unloaded, so can't be reverted and enabled again (updated or not). Anyway, I think this patch won't decrease the security performance of livepatch, but can increase flexibility in some user experience. Thanks. > > Thanks > > Miroslav