Re: [PATCH v6 3/5] liveupdate: block session mutations during reboot

[Pratyush Yadav <pratyush@kernel.org>]

On Wed, May 27 2026, Pasha Tatashin wrote:

> During the reboot() syscall, user processes may still be running
> concurrently and attempting to mutate sessions (e.g., creating,
> retrieving, or releasing sessions). To prevent this, introduce
> luo_session_serialize_rwsem to synchronize mutations with the
> serialization process.
>
> All session mutation operations (create, retrieve, release, ioctl) take
> the read lock. The serialization process (luo_session_serialize) takes
> the write lock and holds it indefinitely on success. This effectively
> freezes the LUO session subsystem during the transition to the new
> kernel. If serialization fails, the lock is released to allow recovery.
>
> Fixes: 0153094d03df ("liveupdate: luo_session: add sessions support")
> Reported-by: Oskar Gerlicz Kowalczuk <oskar@gerlicz.space>
> Acked-by: Mike Rapoport (Microsoft) <rppt@kernel.org>
> Signed-off-by: Pasha Tatashin <pasha.tatashin@soleen.com>
> ---
>  kernel/liveupdate/luo_session.c | 56 +++++++++++++++++++++++++++++++--
>  1 file changed, 53 insertions(+), 3 deletions(-)
>
> diff --git a/kernel/liveupdate/luo_session.c b/kernel/liveupdate/luo_session.c
> index 169131642939..c9bdad2e5ae7 100644
> --- a/kernel/liveupdate/luo_session.c
> +++ b/kernel/liveupdate/luo_session.c
> @@ -46,6 +46,38 @@
>   * 4.  Retrieval: A userspace agent in the new kernel can then call
>   *     `luo_session_retrieve()` with a session name to get a new file
>   *     descriptor and access the preserved state.
> + *
> + * Locking:
> + *
> + * The LUO session subsystem uses a three-tier locking hierarchy to ensure thread
> + * safety and prevent deadlocks during concurrent session mutations and kexec
> + * serialization:
> + *
> + * 1. `luo_session_serialize_rwsem` (global rwsem):
> + *    Protects session mutations (creation, retrieval, release, and ioctls)
> + *    against the serialization process during reboot.
> + *
> + *    - Readers: Taken by any path modifying or accessing session state (e.g.,
> + *      `luo_session_create()`, `luo_session_retrieve()`, `luo_session_release()`,
> + *      and `luo_session_ioctl()`).
> + *    - Writer: Taken by the serialization process (`luo_session_serialize()`)
> + *      during reboot. On success, the write lock is held indefinitely to freeze
> + *      the subsystem. On failure, it is released to allow recovery.
> + *
> + * 2. `luo_session_header->rwsem` (per-list rwsem):
> + *    Synchronizes list-level operations for the incoming and outgoing session headers.
> + *
> + *    - Writer: Taken during list mutation operations (inserting or removing a
> + *      session from the list).
> + *    - Reader: Taken when traversing the list (e.g., retrieving a session by name).
> + *
> + * 3. `luo_session->mutex` (per-session mutex):
> + *    Protects the internal state and file sets of an individual session. It is
> + *    acquired during per-session operations such as preserving, retrieving,
> + *    or freezing files.
> + *
> + * Lock Hierarchy:
> + *   `luo_session_serialize_rwsem` -> `luo_session_header->rwsem` -> `luo_session->mutex`
>   */
>  
>  #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> @@ -75,6 +107,13 @@
>  		sizeof(struct luo_session_header_ser)) /		\
>  		sizeof(struct luo_session_ser))
>  
> +/*
> + * Protects session mutations during serialization. All session mutation
> + * operations must hold the read lock. The serialization process holds the write
> + * lock indefinitely on success to block all concurrent and future mutations.
> + */

Nit: this comment is redundant now. I guess you can remove this when
applying.

Reviewed-by: Pratyush Yadav (Google) <pratyush@kernel.org>

> +static DECLARE_RWSEM(luo_session_serialize_rwsem);
> +
>  /**
>   * struct luo_session_header - Header struct for managing LUO sessions.
>   * @count:      The number of sessions currently tracked in the @list.
[...]

-- 
Regards,
Pratyush Yadav