Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp3187126rwb; Tue, 8 Nov 2022 01:23:02 -0800 (PST) X-Google-Smtp-Source: AMsMyM5E8smfxP7iVRE8vM4S5pkQKjYFp+yAsyX/29luSmtvQhvrcXbrE2mdoXa+G6qnedoGQ4el X-Received: by 2002:a63:4517:0:b0:464:4f06:a0f1 with SMTP id s23-20020a634517000000b004644f06a0f1mr45397149pga.509.1667899382159; Tue, 08 Nov 2022 01:23:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1667899382; cv=none; d=google.com; s=arc-20160816; b=ywuZO6eqPPYIR1iKFMX/fpfSg0HyikzaAz+qm8X+wBwu/n1XlJsSQdhgMyl+W1g2D8 PuP/aVsdWu40TWwS9reFf9Wtsf1IrRR+E5mmuAfXa4x/M6LeBJhMZ8KfYY5xEc0QAxvW Zi7QefQtvw3FGFyWUJNHHXEmtwcyCWhX2wCfIKXAYKpSsSC6E6NuxeWRp9pWpmeMYASx 09wNWIWHgAcQ/SCxu0jclwjygvvEEChhrfPN1wC0f/AcfmVsjNC4uDO+/EGzwPC2HJ6k Fh/fIEnf3hq+3X0z2o1A6gbEmaKi7+K2MsP/xq+cwqO9Il3Z9uY0YoJlYAkuOlY2BcK7 mBsw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=tQyf2Bea/AOHWwaWJvP1WJFWRYE/NVS0I5KxRCHvLIw=; b=DZfiXUF9rR3wPAMbYeL9KOiTWJTFmgDFAi37kzYPIrpfgG0t4WN+yfoOB4tzrchHSk f6Lad6FpG6n27pWIPe12e+54hF8TBWhpOwcxl6K5rw5C2Ivdj/CY63+udwMml+Ya65FN gVygE0i7dgDliBqPkpE+aiEPOcMkSyQG3ClOgBexizp2KMHB8o97tEv2PCyPYjvu3giE ef7FU+9y2ib048YKl2pT6s37ARk3OzmMrpgC5D66f3V4HmMpWuN/65KHCkJLhyBH4yZb +jJt3ekv6xVLLyVw9CMoh5y9A2/XL00d/DDEAHVq+ccoOzqVJRwJqF+d9c63NFlLITKc ZxeA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=AvRc1BlJ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id z8-20020a631908000000b0046f4a36ae51si13400606pgl.710.2022.11.08.01.22.50; Tue, 08 Nov 2022 01:23:02 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=AvRc1BlJ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233521AbiKHJOZ (ORCPT + 89 others); Tue, 8 Nov 2022 04:14:25 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35928 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233313AbiKHJOY (ORCPT ); Tue, 8 Nov 2022 04:14:24 -0500 Received: from smtp-out1.suse.de (smtp-out1.suse.de [IPv6:2001:67c:2178:6::1c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2B850DE96; Tue, 8 Nov 2022 01:14:23 -0800 (PST) Received: from relay2.suse.de (relay2.suse.de [149.44.160.134]) by smtp-out1.suse.de (Postfix) with ESMTP id C9E4E224A1; Tue, 8 Nov 2022 09:14:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1667898861; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=tQyf2Bea/AOHWwaWJvP1WJFWRYE/NVS0I5KxRCHvLIw=; b=AvRc1BlJoq1AQg4nXnlTTu/2k/iHDP0910RlLu7mz1U1/zzHeoXg2/n8zpaL9FYJgTne1B 7GJ0I+Cx4DhT5/RBbo11jTBv9iM2Y1Gus6JaKinqOhEixD1YKz73yxHArdA32/Z+8Ehjkc 3KPBH4koK1+gIAfCSGlD3wW7Giy8kzg= Received: from suse.cz (unknown [10.100.208.146]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by relay2.suse.de (Postfix) with ESMTPS id AC5A72C142; Tue, 8 Nov 2022 09:14:21 +0000 (UTC) Date: Tue, 8 Nov 2022 10:14:18 +0100 From: Petr Mladek To: Josh Poimboeuf Cc: Nicolai Stange , Marcos Paulo de Souza , linux-kernel@vger.kernel.org, live-patching@vger.kernel.org, jpoimboe@redhat.com, joe.lawrence@redhat.com Subject: Re: [PATCH v2 4/4] livepatch/shadow: Add garbage collection of shadow variables Message-ID: References: <20221026194122.11761-1-mpdesouza@suse.com> <20221026194122.11761-5-mpdesouza@suse.com> <20221104010327.wa256pos75dczt4x@treble> <20221108013209.eqrxs3xqtat6kksm@treble> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20221108013209.eqrxs3xqtat6kksm@treble> X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon 2022-11-07 17:32:09, Josh Poimboeuf wrote: > On Fri, Nov 04, 2022 at 11:25:38AM +0100, Petr Mladek wrote: > > > I get the feeling the latter would be easier to implement (no reference > > > counting; also maybe can be auto-detected with THIS_MODULE?) and harder > > > for the patch author to mess up (by accidentally omitting an object > > > which uses it). > > > > I am not sure how you mean it. I guess that you suggest to store > > the name of the livepatch module into the shadow variable. > > And use the variable only when the livepatch module is still loaded. > > Actually I was thinking the klp_patch could have references to all the > shadow variables (or shadow variable types?) it owns. In short, you suggest to move the array of used klp_shadow_types from struct klp_object to struct klp_patch. Do I get it correctly? > Instead of reference counting, the livepatch atomic replace code could > just migrate any previously owned shadow variables to the new klp_patch. I see. We would not need to explicitly register the shadow type using klp_shadow_register() and allocate struct klp_shadow_type_reg for the reference counter. > This of course adds the restriction that such garbage-collected shadow > variables couldn't be shared across non-replace livepatches. But I > wouldn't expect that to be much of a problem. From my POV, this is similar to "func_stack" in struct "klp_ops". The list was originally designed for non-replace livepatches because the same function might be livepatched many times. It might theoretically get "simplified" when only the atomic replace is supported. Then there would be the maximum of two livepatches and the (infinite) list would be an overhead. I say theoretically because the list is actually quite elegant solution. > Additionally, I was wondering if "which klp_patch owns which shadow > variables" could be auto-detected somehow. > > For example: > > 1) add 'struct module *owner' or 'struct klp_patch *owner' to klp_shadow > > 2) add klp_shadow_alloc_gc() and klp_shadow_get_or_alloc_gc(), which are > similar to their non-gc counterparts, with a few additional > arguments: the klp module owner (THIS_MODULE for the caller); and a > destructor to be used later for the garbage collection > > 3) When atomic replacing a patch, iterate through the klp_shadow_hash > and, for each klp_shadow which previously had an owner, change it to > be owned by the new patch This is not clear to me. The new livepatch might also use less shadow variables. It must not blindly take over all shadow variables which were owned by the previous livepatch. > 4) When unloading/freeing a patch, free all its associated klp_shadows > (also calling destructors where applicable) > > > I'm thinking this would be easier for the patch author, and also simpler > overall. I could work up a patch. From the patch author POV: If the autodetection did not work then the patch author would still need to provide the array of used shadow types. I agree that only one array in struct klp_patch might be enough. From the implementation POV: I agree that the code might be easier if we support only atomic replace. We would not need the reference counter in this case. But I am not sure if this is acceptable for users that do not use the atomic replace. They suffer from the same problem. Do we really want to make this mode a 2nd citizen? IMHO, all applicable features have been implemented for both modes so far. Best Regards, Petr