* + liveupdate-protect-file-handler-list-with-rwsem.patch added to mm-new branch
@ 2026-03-18 18:05 Andrew Morton
0 siblings, 0 replies; 2+ messages in thread
From: Andrew Morton @ 2026-03-18 18:05 UTC (permalink / raw)
To: mm-commits, rppt, pratyush, dmatlack, pasha.tatashin, akpm
The patch titled
Subject: liveupdate: protect file handler list with rwsem
has been added to the -mm mm-new branch. Its filename is
liveupdate-protect-file-handler-list-with-rwsem.patch
This patch will shortly appear at
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patches/liveupdate-protect-file-handler-list-with-rwsem.patch
This patch will later appear in the mm-new branch at
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Note, mm-new is a provisional staging ground for work-in-progress
patches, and acceptance into mm-new is a notification for others take
notice and to finish up reviews. Please do not hesitate to respond to
review feedback and post updated versions to replace or incrementally
fixup patches in mm-new.
The mm-new branch of mm.git is not included in linux-next
If a few days of testing in mm-new is successful, the patch will me moved
into mm.git's mm-unstable branch, which is included in linux-next
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via various
branches at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there most days
------------------------------------------------------
From: Pasha Tatashin <pasha.tatashin@soleen.com>
Subject: liveupdate: protect file handler list with rwsem
Date: Wed, 18 Mar 2026 10:16:39 -0400
Patch series "liveupdate: Fix module unloading and unregister API", v2.
This patch series addresses an issue with how LUO handles module reference
counting and unregistration during a module unload (e.g., via rmmod).
Currently, modules that register live update file handlers are pinned for
the entire duration they are registered. This prevents the modules from
being unloaded gracefully, even when no live update session is in
progress.
Furthermore, if a module is forcefully unloaded, the unregistration
functions return an error (e.g. -EBUSY) if a session is active, which is
ignored by the kernel's module unload path, leaving dangling pointers in
the LUO global lists.
As pointed out by Jason Gunthorpe and Alex Williamson during the review
of the VFIO PCI live update patches [1]:
> "destroy" functions that fail are evil. :)
> IMHO blow up the kernel or something in the core code, you can't stop
> module unloading once it starts so it is pointless to propagate this
To resolve these issues, this series introduces the following changes:
1. Adds read-write semaphores (luo_file_handler_lock, luo_flb_lock, and
a per-handler flb_lock) to protect the registration lists. This allows
concurrent access for file preservation without blocking, while still
preventing traversal races during module unload.
2. Defers FLB module reference counting (try_module_get / module_put)
so that modules are only pinned when their FLBs are actively used
in a live update session.
3. Removes module reference counting for file handlers, relying
on the VFS 'struct file' pinning (via f_op->owner) and safe
deserialization without concurrent unloads.
4. Removes the global luo_session_quiesce() mechanism since module
unload behavior now handles active sessions implicitly.
5. Introduces auto-unregistration of FLBs during file handler
unregistration to prevent leaving dangling resources.
6. Changes the unregistration functions to return void instead of
an error code.
This patch (of 8):
Because liveupdate file handlers will no longer hold a module reference
when registered, we must ensure that the access to the handler list is
protected against concurrent module unloading.
Link: https://lkml.kernel.org/r/20260318141637.1870220-11-pasha.tatashin@soleen.com
Link: https://lore.kernel.org/all/20260303210733.GG972761@nvidia.com [1]
Signed-off-by: Pasha Tatashin <pasha.tatashin@soleen.com>
Cc: David Matlack <dmatlack@google.com>
Cc: Mike Rapoport <rppt@kernel.org>
Cc: Pratyush Yadav <pratyush@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
kernel/liveupdate/luo_file.c | 61 ++++++++++++++++++---------------
1 file changed, 35 insertions(+), 26 deletions(-)
--- a/kernel/liveupdate/luo_file.c~liveupdate-protect-file-handler-list-with-rwsem
+++ a/kernel/liveupdate/luo_file.c
@@ -112,6 +112,7 @@
#include <linux/string.h>
#include "luo_internal.h"
+static DECLARE_RWSEM(luo_file_handler_lock);
static LIST_HEAD(luo_file_handler_list);
/* 2 4K pages, give space for 128 files per file_set */
@@ -277,10 +278,12 @@ int luo_preserve_file(struct luo_file_se
goto err_fput;
err = -ENOENT;
- list_private_for_each_entry(fh, &luo_file_handler_list, list) {
- if (fh->ops->can_preserve(fh, file)) {
- err = 0;
- break;
+ scoped_guard(rwsem_read, &luo_file_handler_lock) {
+ list_private_for_each_entry(fh, &luo_file_handler_list, list) {
+ if (fh->ops->can_preserve(fh, file)) {
+ err = 0;
+ break;
+ }
}
}
@@ -777,10 +780,12 @@ int luo_file_deserialize(struct luo_file
bool handler_found = false;
struct luo_file *luo_file;
- list_private_for_each_entry(fh, &luo_file_handler_list, list) {
- if (!strcmp(fh->compatible, file_ser[i].compatible)) {
- handler_found = true;
- break;
+ scoped_guard(rwsem_read, &luo_file_handler_lock) {
+ list_private_for_each_entry(fh, &luo_file_handler_list, list) {
+ if (!strcmp(fh->compatible, file_ser[i].compatible)) {
+ handler_found = true;
+ break;
+ }
}
}
@@ -850,25 +855,27 @@ int liveupdate_register_file_handler(str
if (!luo_session_quiesce())
return -EBUSY;
- /* Check for duplicate compatible strings */
- list_private_for_each_entry(fh_iter, &luo_file_handler_list, list) {
- if (!strcmp(fh_iter->compatible, fh->compatible)) {
- pr_err("File handler registration failed: Compatible string '%s' already registered.\n",
- fh->compatible);
- err = -EEXIST;
+ scoped_guard(rwsem_write, &luo_file_handler_lock) {
+ /* Check for duplicate compatible strings */
+ list_private_for_each_entry(fh_iter, &luo_file_handler_list, list) {
+ if (!strcmp(fh_iter->compatible, fh->compatible)) {
+ pr_err("File handler registration failed: Compatible string '%s' already registered.\n",
+ fh->compatible);
+ err = -EEXIST;
+ goto err_resume;
+ }
+ }
+
+ /* Pin the module implementing the handler */
+ if (!try_module_get(fh->ops->owner)) {
+ err = -EAGAIN;
goto err_resume;
}
- }
- /* Pin the module implementing the handler */
- if (!try_module_get(fh->ops->owner)) {
- err = -EAGAIN;
- goto err_resume;
+ INIT_LIST_HEAD(&ACCESS_PRIVATE(fh, flb_list));
+ INIT_LIST_HEAD(&ACCESS_PRIVATE(fh, list));
+ list_add_tail(&ACCESS_PRIVATE(fh, list), &luo_file_handler_list);
}
-
- INIT_LIST_HEAD(&ACCESS_PRIVATE(fh, flb_list));
- INIT_LIST_HEAD(&ACCESS_PRIVATE(fh, list));
- list_add_tail(&ACCESS_PRIVATE(fh, list), &luo_file_handler_list);
luo_session_resume();
liveupdate_test_register(fh);
@@ -909,10 +916,12 @@ int liveupdate_unregister_file_handler(s
if (!luo_session_quiesce())
goto err_register;
- if (!list_empty(&ACCESS_PRIVATE(fh, flb_list)))
- goto err_resume;
+ scoped_guard(rwsem_write, &luo_file_handler_lock) {
+ if (!list_empty(&ACCESS_PRIVATE(fh, flb_list)))
+ goto err_resume;
- list_del(&ACCESS_PRIVATE(fh, list));
+ list_del(&ACCESS_PRIVATE(fh, list));
+ }
module_put(fh->ops->owner);
luo_session_resume();
_
Patches currently in -mm which might be from pasha.tatashin@soleen.com are
mm-vmalloc-export-clear_vm_uninitialized_flag.patch
kho-fix-kasan-support-for-restored-vmalloc-regions.patch
liveupdate-protect-file-handler-list-with-rwsem.patch
liveupdate-protect-flb-lists-with-rwsem.patch
liveupdate-remove-file-handler-module-refcounting.patch
liveupdate-defer-flb-module-refcounting-to-active-sessions.patch
liveupdate-remove-luo_session_quiesce.patch
liveupdate-auto-unregister-flbs-on-file-handler-unregistration.patch
liveupdate-remove-liveupdate_test_unregister.patch
liveupdate-make-unregister-functions-return-void.patch
^ permalink raw reply [flat|nested] 2+ messages in thread* + liveupdate-protect-file-handler-list-with-rwsem.patch added to mm-new branch
@ 2026-03-27 17:22 Andrew Morton
0 siblings, 0 replies; 2+ messages in thread
From: Andrew Morton @ 2026-03-27 17:22 UTC (permalink / raw)
To: mm-commits, pasha.tatashin, akpm
The patch titled
Subject: liveupdate: protect file handler list with rwsem
has been added to the -mm mm-new branch. Its filename is
liveupdate-protect-file-handler-list-with-rwsem.patch
This patch will shortly appear at
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patches/liveupdate-protect-file-handler-list-with-rwsem.patch
This patch will later appear in the mm-new branch at
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Note, mm-new is a provisional staging ground for work-in-progress
patches, and acceptance into mm-new is a notification for others take
notice and to finish up reviews. Please do not hesitate to respond to
review feedback and post updated versions to replace or incrementally
fixup patches in mm-new.
The mm-new branch of mm.git is not included in linux-next
If a few days of testing in mm-new is successful, the patch will me moved
into mm.git's mm-unstable branch, which is included in linux-next
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via various
branches at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there most days
------------------------------------------------------
From: Pasha Tatashin <pasha.tatashin@soleen.com>
Subject: liveupdate: protect file handler list with rwsem
Date: Fri, 27 Mar 2026 03:33:27 +0000
Because liveupdate file handlers will no longer hold a module reference
when registered, we must ensure that the access to the handler list is
protected against concurrent module unloading.
Utilize the global luo_register_rwlock to protect the global registry of
file handlers. Read locks are taken during list traversals in
luo_preserve_file() and luo_file_deserialize(). Write locks are taken
during registration and unregistration.
Link: https://lkml.kernel.org/r/20260327033335.696621-4-pasha.tatashin@soleen.com
Signed-off-by: Pasha Tatashin <pasha.tatashin@soleen.com>
Cc: David Matlack <dmatlack@google.com>
Cc: Mike Rapoport <rppt@kernel.org>
Cc: Pratyush Yadav <pratyush@kernel.org>
Cc: Samiullah Khawaja <skhawaja@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
kernel/liveupdate/luo_core.c | 6 ++++++
kernel/liveupdate/luo_file.c | 22 +++++++++++++++++-----
kernel/liveupdate/luo_internal.h | 2 ++
3 files changed, 25 insertions(+), 5 deletions(-)
--- a/kernel/liveupdate/luo_core.c~liveupdate-protect-file-handler-list-with-rwsem
+++ a/kernel/liveupdate/luo_core.c
@@ -54,6 +54,7 @@
#include <linux/liveupdate.h>
#include <linux/miscdevice.h>
#include <linux/mm.h>
+#include <linux/rwsem.h>
#include <linux/sizes.h>
#include <linux/string.h>
#include <linux/unaligned.h>
@@ -68,6 +69,11 @@ static struct {
u64 liveupdate_num;
} luo_global;
+/*
+ * luo_register_rwlock - Protects registration of file handlers and FLBs.
+ */
+DECLARE_RWSEM(luo_register_rwlock);
+
static int __init early_liveupdate_param(char *buf)
{
return kstrtobool(buf, &luo_global.enabled);
--- a/kernel/liveupdate/luo_file.c~liveupdate-protect-file-handler-list-with-rwsem
+++ a/kernel/liveupdate/luo_file.c
@@ -288,12 +288,14 @@ int luo_preserve_file(struct luo_file_se
goto err_fput;
err = -ENOENT;
+ down_read(&luo_register_rwlock);
list_private_for_each_entry(fh, &luo_file_handler_list, list) {
if (fh->ops->can_preserve(fh, file)) {
err = 0;
break;
}
}
+ up_read(&luo_register_rwlock);
/* err is still -ENOENT if no handler was found */
if (err)
@@ -805,12 +807,14 @@ int luo_file_deserialize(struct luo_file
bool handler_found = false;
struct luo_file *luo_file;
+ down_read(&luo_register_rwlock);
list_private_for_each_entry(fh, &luo_file_handler_list, list) {
if (!strcmp(fh->compatible, file_ser[i].compatible)) {
handler_found = true;
break;
}
}
+ up_read(&luo_register_rwlock);
if (!handler_found) {
pr_warn("No registered handler for compatible '%.*s'\n",
@@ -879,32 +883,36 @@ int liveupdate_register_file_handler(str
if (!luo_session_quiesce())
return -EBUSY;
+ down_write(&luo_register_rwlock);
/* Check for duplicate compatible strings */
list_private_for_each_entry(fh_iter, &luo_file_handler_list, list) {
if (!strcmp(fh_iter->compatible, fh->compatible)) {
pr_err("File handler registration failed: Compatible string '%s' already registered.\n",
fh->compatible);
err = -EEXIST;
- goto err_resume;
+ goto err_unlock;
}
}
/* Pin the module implementing the handler */
if (!try_module_get(fh->ops->owner)) {
err = -EAGAIN;
- goto err_resume;
+ goto err_unlock;
}
INIT_LIST_HEAD(&ACCESS_PRIVATE(fh, flb_list));
INIT_LIST_HEAD(&ACCESS_PRIVATE(fh, list));
list_add_tail(&ACCESS_PRIVATE(fh, list), &luo_file_handler_list);
+ up_write(&luo_register_rwlock);
+
luo_session_resume();
liveupdate_test_register(fh);
return 0;
-err_resume:
+err_unlock:
+ up_write(&luo_register_rwlock);
luo_session_resume();
return err;
}
@@ -938,16 +946,20 @@ int liveupdate_unregister_file_handler(s
if (!luo_session_quiesce())
goto err_register;
+ down_write(&luo_register_rwlock);
if (!list_empty(&ACCESS_PRIVATE(fh, flb_list)))
- goto err_resume;
+ goto err_unlock;
list_del(&ACCESS_PRIVATE(fh, list));
+ up_write(&luo_register_rwlock);
+
module_put(fh->ops->owner);
luo_session_resume();
return 0;
-err_resume:
+err_unlock:
+ up_write(&luo_register_rwlock);
luo_session_resume();
err_register:
liveupdate_test_register(fh);
--- a/kernel/liveupdate/luo_internal.h~liveupdate-protect-file-handler-list-with-rwsem
+++ a/kernel/liveupdate/luo_internal.h
@@ -77,6 +77,8 @@ struct luo_session {
struct mutex mutex;
};
+extern struct rw_semaphore luo_register_rwlock;
+
int luo_session_create(const char *name, struct file **filep);
int luo_session_retrieve(const char *name, struct file **filep);
int __init luo_session_setup_outgoing(void *fdt);
_
Patches currently in -mm which might be from pasha.tatashin@soleen.com are
liveupdate-prevent-double-management-of-files.patch
memfd-implement-get_id-for-memfd_luo.patch
selftests-liveupdate-add-test-for-double-preservation.patch
liveupdate-safely-print-untrusted-strings.patch
liveupdate-synchronize-lazy-initialization-of-flb-private-state.patch
liveupdate-protect-file-handler-list-with-rwsem.patch
liveupdate-protect-flb-lists-with-luo_register_rwlock.patch
liveupdate-defer-flb-module-refcounting-to-active-sessions.patch
liveupdate-remove-luo_session_quiesce.patch
liveupdate-auto-unregister-flbs-on-file-handler-unregistration.patch
liveupdate-remove-liveupdate_test_unregister.patch
liveupdate-make-unregister-functions-return-void.patch
liveupdate-defer-file-handler-module-refcounting-to-active-sessions.patch
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-03-27 17:22 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-03-18 18:05 + liveupdate-protect-file-handler-list-with-rwsem.patch added to mm-new branch Andrew Morton
-- strict thread matches above, loose matches on Subject: below --
2026-03-27 17:22 Andrew Morton
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.