From: Josh Poimboeuf <jpoimboe@redhat.com>
To: Miroslav Benes <mbenes@suse.cz>
Cc: Seth Jennings <sjenning@redhat.com>,
Jiri Kosina <jkosina@suse.cz>, Vojtech Pavlik <vojtech@suse.cz>,
Steven Rostedt <rostedt@goodmis.org>,
Petr Mladek <pmladek@suse.cz>,
Christoph Hellwig <hch@infradead.org>,
Greg KH <gregkh@linuxfoundation.org>,
Andy Lutomirski <luto@amacapital.net>,
Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>,
live-patching@vger.kernel.org, x86@kernel.org, kpatch@redhat.com,
linux-kernel@vger.kernel.org
Subject: Re: [PATCHv4 2/3] kernel: add support for live patching
Date: Mon, 1 Dec 2014 11:07:18 -0600 [thread overview]
Message-ID: <20141201170718.GA12633@treble.redhat.com> (raw)
In-Reply-To: <alpine.LNX.2.00.1412011416110.23443@pobox.suse.cz>
On Mon, Dec 01, 2014 at 02:31:35PM +0100, Miroslav Benes wrote:
> On Wed, 26 Nov 2014, Josh Poimboeuf wrote:
>
> > Hi Miroslav,
> >
> > Just addressing one of your comments below. I'll let Seth respond to
> > the others :-)
> >
> > On Wed, Nov 26, 2014 at 03:19:17PM +0100, Miroslav Benes wrote:
> > > > +/**
> > > > + * struct klp_func - function structure for live patching
> > > > + * @old_name: name of the function to be patched
> > > > + * @new_func: pointer to the patched function code
> > > > + * @old_addr: a hint conveying at what address the old function
> > > > + * can be found (optional, vmlinux patches only)
> > > > + */
> > > > +struct klp_func {
> > > > + /* external */
> > > > + const char *old_name;
> > > > + void *new_func;
> > > > + /*
> > > > + * The old_addr field is optional and can be used to resolve
> > > > + * duplicate symbol names in the vmlinux object. If this
> > > > + * information is not present, the symbol is located by name
> > > > + * with kallsyms. If the name is not unique and old_addr is
> > > > + * not provided, the patch application fails as there is no
> > > > + * way to resolve the ambiguity.
> > > > + */
> > > > + unsigned long old_addr;
> > >
> > > I wonder if we really need old_addr as an external field. I assume that
> > > userspace tool in kpatch use it as a "hint" for kernel part and thus
> > > kallsyms is not needed there (and it solves ambiguity problem as well).
> > > But I am not sure if it is gonna be the same in upstream. When kernel is
> > > randomized (CONFIG_RANDOMIZE_BASE is set to 'y', though default is 'n')
> > > old_addr is not usable (and we throw it away in the code). Without
> > > old_addr being set by the user we could spare some of code (calls to
> > > klp_verify_vmlinux_symbol and such).
> >
> > Even with CONFIG_RANDOMIZE_BASE, the function offsets will be the same
> > regardless of the base address. So we could still use old_addr to
> > determine the offset.
> >
> > > So the question is whether future userspace tool in upstream would need it
> > > and would use it. Please note that I do not mean it as a kpatch or kgraft
> > > way to do things, I'm just not sure about old_addr being "public" and want
> > > do discuss the options.
> > >
> > > The ambiguity of symbols was discussed in some other thread in lkml in
> > > october (I guess) with no conclusion IIRC...
> >
> > We need to resolve ambiguity somehow, and old_addr is a way to do that.
> > Do you have any other ideas?
>
> Unfortunately I don't.
>
> But similarly we don't deal with ambiguity in modules either. And it is
> (at least theoretically) possible. Two static functions of the same name
> in two different .c files which the final module is linked from. You have
> to use kallsyms and it would get confused. Maybe this sounds odd but it
> could happen.
True, this is a remote possibility, but we haven't run into this issue
yet. If it becomes a problem, we can try to come up with another way to
resolve duplicates.
Here's one idea: since the symbols are always listed in the same order
in kallsyms (per-object), instead of old_addr we could have sym_idx. A
sym_idx of 2 could mean "I want the 2nd occurence of foo in the object's
kallsyms list".
However I'd rather keep our current old_addr scheme for now, since it's
what we have implemented already. And there are plenty of more
important things we need to do first.
> Thus the old_addr value is not general protection (as modules are still
> affected) and it is questionable whether the user should use it.
It's not really protection, since even if you don't specify old_addr and
you rely on kallsyms, klp_find_symbol will return an error if there are
any duplicates.
It's really just a way to increase the size of the set of functions
which can be patched (duplicately named functions).
We also rely on something similar for relocations: klp_reloc.src. It's
even more important there, since duplicately named static objects are
more common than duplicately named functions.
> I do not have strong opinion on this and if no one else shares my
> thoughts, I am not against.
>
> Mira
--
Josh
next prev parent reply other threads:[~2014-12-01 17:07 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-11-25 17:15 [PATCHv4 0/3] Kernel Live Patching Seth Jennings
2014-11-25 17:15 ` [PATCHv4 1/3] kernel: add TAINT_LIVEPATCH Seth Jennings
2014-11-25 17:15 ` [PATCHv4 2/3] kernel: add support for live patching Seth Jennings
2014-11-26 9:05 ` Masami Hiramatsu
2014-11-26 13:37 ` Jiri Slaby
2014-11-26 14:19 ` Miroslav Benes
2014-11-26 15:40 ` Josh Poimboeuf
2014-12-01 13:31 ` Miroslav Benes
2014-12-01 17:07 ` Josh Poimboeuf [this message]
2014-12-02 12:24 ` Miroslav Benes
2014-11-28 17:07 ` Petr Mladek
2014-11-28 17:14 ` [PATCH] livepatch: clean up klp_find_object_module() usage: was: " Petr Mladek
2014-12-01 12:08 ` Miroslav Benes
2014-12-01 12:40 ` Petr Mladek
2014-11-28 17:19 ` [PATCH] livepatch: do relocation when initializing the patch: " Petr Mladek
2014-12-03 10:00 ` Miroslav Benes
2014-11-25 17:15 ` [PATCHv4 3/3] samples: add sample live patching module Seth Jennings
2014-11-27 17:05 ` Petr Mladek
2014-12-01 17:11 ` Seth Jennings
2014-11-25 19:26 ` [PATCHv4 0/3] Kernel Live Patching Jiri Kosina
2014-11-25 22:10 ` Seth Jennings
2014-11-25 22:22 ` Jiri Kosina
2014-11-26 9:00 ` Masami Hiramatsu
2014-11-26 9:18 ` Jiri Kosina
2014-11-26 9:26 ` Jiri Kosina
2014-11-26 15:27 ` Josh Poimboeuf
2014-11-27 10:06 ` Masami Hiramatsu
2014-11-27 10:52 ` Petr Mladek
2014-11-28 2:21 ` Masami Hiramatsu
2014-11-27 6:12 ` Masami Hiramatsu
2014-11-26 15:55 ` Josh Poimboeuf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141201170718.GA12633@treble.redhat.com \
--to=jpoimboe@redhat.com \
--cc=gregkh@linuxfoundation.org \
--cc=hch@infradead.org \
--cc=jkosina@suse.cz \
--cc=kpatch@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=live-patching@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=masami.hiramatsu.pt@hitachi.com \
--cc=mbenes@suse.cz \
--cc=pmladek@suse.cz \
--cc=rostedt@goodmis.org \
--cc=sjenning@redhat.com \
--cc=vojtech@suse.cz \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.