From: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
To: Petr Mladek <pmladek@suse.cz>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>,
Jiri Kosina <jkosina@suse.cz>,
Seth Jennings <sjenning@redhat.com>,
Vojtech Pavlik <vojtech@suse.cz>,
Steven Rostedt <rostedt@goodmis.org>,
Miroslav Benes <mbenes@suse.cz>,
Christoph Hellwig <hch@infradead.org>,
Greg KH <gregkh@linuxfoundation.org>,
Andy Lutomirski <luto@amacapital.net>,
live-patching@vger.kernel.org, x86@kernel.org, kpatch@redhat.com,
linux-kernel@vger.kernel.org
Subject: Re: Re: [PATCHv4 0/3] Kernel Live Patching
Date: Fri, 28 Nov 2014 11:21:53 +0900 [thread overview]
Message-ID: <5477DC41.8090509@hitachi.com> (raw)
In-Reply-To: <20141127105233.GA5998@pathway.suse.cz>
(2014/11/27 19:52), Petr Mladek wrote:
> On Thu 2014-11-27 19:06:37, Masami Hiramatsu wrote:
>> (2014/11/27 0:27), Josh Poimboeuf wrote:
>>> On Wed, Nov 26, 2014 at 10:18:24AM +0100, Jiri Kosina wrote:
>>>> On Wed, 26 Nov 2014, Masami Hiramatsu wrote:
>>>>
>>>>>> Note to Steve:
>>>>>> Masami's IPMODIFY patch is heading for -next via your tree. Once it arrives,
>>>>>> I'll rebase and make the change to set IPMODIFY. Do not pull this for -next
>>>>>> yet. This version (v4) is for review and gathering acks.
>>>>>
>>>>> BTW, as we discussed IPMODIFY is an exclusive flag. So if we allocate
>>>>> ftrace_ops for each function in each patch, it could be conflict each
>>>>> other.
>>>>
>>>> Yup, this corresponds to what Petr brought up yesterday. There are cases
>>>> where all solutions (kpatch, kgraft, klp) would allocate multiple
>>>> ftrace_ops for a single function entry (think of patching one function
>>>> multiple times in a row).
>>>>
>>>> So it's not as easy as just setting the flag.
>>>>
>>>>> Maybe we need to have another ops hashtable to find such conflict and
>>>>> new handler to handle it.
>>>>
>>>> If I understand your proposal correctly, that would sound like a hackish
>>>> workaround, trying to basically trick the IPMODIFY flag semantics you just
>>>> implemented :)
>>>
>>> I think Masami may be proposing something similar to what we do in
>>> kpatch today. We have a single ftrace_ops and handler which is used for
>>> all functions. The handler accesses a global hash of kpatch_func
>>> structs which is indexed by the original function's IP address.
>>
>> Hmm, I think both is OK. kpatch method is less memory consuming and
>> will have a bigger overhead. However, as Steven talked at Plumbers Conf.,
>> he will introduce a direct code modifying interface for ftrace. After
>> that is introduced, we don't need to care about performance degradation
>> by patching :)
>
> Yup, I would prefer to have ftrace_ops per (original) function entry. I mean
> that new patches will reuse the existing ftrace_ops for already
> patched functions. They will just create new ftrace_ops from the
> not-yet-patched symbols.
However, too many ftrace_ops will get bigger overhead if conflicts
happened on any entry, since on such entry ftrace walks through
all registered ftrace_ops and checks its filter. It's a downside.
Perhaps, ftrace needs to have 2 different ftrace_ops lists, one
is for managing, and one is for walk through. And the latter list
drops the ftrace_ops which has trampoline and whose all filtered ip
is exclusively used (iow, such ftrace_ops never be hit in the walk
through).
> Using a single ftrace_ops everywhere would kill the win from
> Steven's direct ftrace optimization.
It depends on the implementation and interface. E.g. an explicit
path-change optimization interface for each address with ftrace_ops,
like as
ftrace_change_path_ip(ftrace_ops *ops, unsigned long old_addr,
unsigned long new_addr);
This checks ftrace_ops is already registered and has given old_addr
in filter, ensures no other ftrace_ops are registered on given address,
and then optimizes the fentry call to jump to the new_addr.
Anyway, at this point it is not a major discussion point, it's a
kind of minor implementation issue for performance and memory consuming.
We can switch it without changing API.
Thank you,
>>> It actually works out pretty well because it nicely encapsulates the
>>> knowledge about which functions are patched in a single place. And it
>>> makes it easy to track function versions (for incremental patching and
>>> rollback).
>>>
>>>> What I'd propose instead is to make sure that we always have
>>>> just a ftrace_ops per function entry, and only update the pointers there
>>>> as necessary. Fortunately we can do the switch atomically, by making use
>>>> of ->private.
>>>
>>> But how would you update multiple functions atomically, to enforce
>>> per-thread consistency?
>>
>> At this point, both can do it atomically. We just need an atomic flag
>> for applying patches.
>
> By other words, we would need something like the "kgr_immutable" flag from
> kGraft. It will make sure that everybody stays with the current code until
> all function entries are updated.
>
> Best Regards,
> Petr
--
Masami HIRAMATSU
Software Platform Research Dept. Linux Technology Research Center
Hitachi, Ltd., Yokohama Research Laboratory
E-mail: masami.hiramatsu.pt@hitachi.com
next prev parent reply other threads:[~2014-11-28 2:22 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-11-25 17:15 [PATCHv4 0/3] Kernel Live Patching Seth Jennings
2014-11-25 17:15 ` [PATCHv4 1/3] kernel: add TAINT_LIVEPATCH Seth Jennings
2014-11-25 17:15 ` [PATCHv4 2/3] kernel: add support for live patching Seth Jennings
2014-11-26 9:05 ` Masami Hiramatsu
2014-11-26 13:37 ` Jiri Slaby
2014-11-26 14:19 ` Miroslav Benes
2014-11-26 15:40 ` Josh Poimboeuf
2014-12-01 13:31 ` Miroslav Benes
2014-12-01 17:07 ` Josh Poimboeuf
2014-12-02 12:24 ` Miroslav Benes
2014-11-28 17:07 ` Petr Mladek
2014-11-28 17:14 ` [PATCH] livepatch: clean up klp_find_object_module() usage: was: " Petr Mladek
2014-12-01 12:08 ` Miroslav Benes
2014-12-01 12:40 ` Petr Mladek
2014-11-28 17:19 ` [PATCH] livepatch: do relocation when initializing the patch: " Petr Mladek
2014-12-03 10:00 ` Miroslav Benes
2014-11-25 17:15 ` [PATCHv4 3/3] samples: add sample live patching module Seth Jennings
2014-11-27 17:05 ` Petr Mladek
2014-12-01 17:11 ` Seth Jennings
2014-11-25 19:26 ` [PATCHv4 0/3] Kernel Live Patching Jiri Kosina
2014-11-25 22:10 ` Seth Jennings
2014-11-25 22:22 ` Jiri Kosina
2014-11-26 9:00 ` Masami Hiramatsu
2014-11-26 9:18 ` Jiri Kosina
2014-11-26 9:26 ` Jiri Kosina
2014-11-26 15:27 ` Josh Poimboeuf
2014-11-27 10:06 ` Masami Hiramatsu
2014-11-27 10:52 ` Petr Mladek
2014-11-28 2:21 ` Masami Hiramatsu [this message]
2014-11-27 6:12 ` Masami Hiramatsu
2014-11-26 15:55 ` Josh Poimboeuf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5477DC41.8090509@hitachi.com \
--to=masami.hiramatsu.pt@hitachi.com \
--cc=gregkh@linuxfoundation.org \
--cc=hch@infradead.org \
--cc=jkosina@suse.cz \
--cc=jpoimboe@redhat.com \
--cc=kpatch@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=live-patching@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mbenes@suse.cz \
--cc=pmladek@suse.cz \
--cc=rostedt@goodmis.org \
--cc=sjenning@redhat.com \
--cc=vojtech@suse.cz \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.