From: Pasha Tatashin <pasha.tatashin@soleen.com>
To: Mike Rapoport <rppt@kernel.org>
Cc: Pasha Tatashin <pasha.tatashin@soleen.com>,
kees@kernel.org, sourabhjain@linux.ibm.com, jbouron@amazon.com,
akpm@linux-foundation.org, bhe@redhat.com,
linux-kernel@vger.kernel.org, dan.carpenter@linaro.org,
rafael.j.wysocki@intel.com, piliu@redhat.com,
kexec@lists.infradead.org, pratyush@kernel.org,
skhawaja@google.com, graf@amazon.com, mario.limonciello@amd.com
Subject: Re: [PATCH v3 0/5] liveupdate: serialization safety and race fixes
Date: Sun, 17 May 2026 19:01:27 +0000 [thread overview]
Message-ID: <agoOe_BjM4IKJM4Z@plex> (raw)
In-Reply-To: <agn-R5TPNmUSeU3y@kernel.org>
On 05-17 20:43, Mike Rapoport wrote:
> On Fri, May 15, 2026 at 12:37:17AM +0000, Pasha Tatashin wrote:
> > This series addresses several issues related to the synchronization
> > between the reboot process and LUO session management.
> >
> > Changes in v3:
> > - Refined the session mutation blocking to use a dedicated global
> > rwsem (luo_session_serialize_rwsem) instead of pinning individual
> > mutexes.
> > - Fixed a use-after-free race in luo_file_unpreserve_files() where
> > a module could be released before its file handler ID was erased.
> > - Fixed a TOCTOU race in luo_session_retrieve() by extending the
> > lock scope to overlap with session mutex acquisition.
> > - Removed an unused 'ser' field from struct luo_session.
> > - Dropped the KHO skip patch as it was not needed.
> >
> > 1. Skip LUO serialization for context-preserving kexec: A
> > preserve_context kexec returns to the current kernel, which is unrelated
> > to live update where state is passed to the next kernel. Skipping
> > serialization avoids unnecessary work and prevents sessions from being
> > left in a frozen state upon return.
> >
> > 2. Block session mutations during reboot: During the reboot() syscall,
> > user processes may still be running concurrently and attempting to
> > mutate sessions. To prevent this, we introduce luo_session_serialize_rwsem.
> > All mutation operations (create, retrieve, release, ioctl) hold the
> > read lock. The serialization process holds the write lock indefinitely
> > on success, effectively freezing the subsystem.
> >
> > 3. Fix use-after-free in luo_file_unpreserve_files(): Reorder module_put()
> > to ensure the file handler module remains pinned while its operations
> > are being accessed during cleanup.
> >
> > 4. Fix TOCTOU race in luo_session_retrieve(): Extend the rwsem lock
> > scope to prevent a session from being released between lookup and
> > mutex acquisition.
> >
> > 5. Remove unused ser field from struct luo_session: Clean up the
> > session structure by removing a field that was never utilized.
>
> Sashiko is still unhappy:
> https://sashiko.dev/#/patchset/20260515003722.938123-1-pasha.tatashin@soleen.com
>
> Didn't verify it's actually right, but its complaints seem legit.
Reviewed the complaints, a couple things are legit, I will address
them and respin.
> Among other things sashiko noted a TOCTOU issue and then found it's fixed
> by a later patch, maybe move the TOCTOU fix earlier in the series?
Sure, will move it earlier, while I think, as long as it is fixed in
ther series it does not matter where it is :-)
Pasha
next prev parent reply other threads:[~2026-05-17 19:01 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-15 0:37 [PATCH v3 0/5] liveupdate: serialization safety and race fixes Pasha Tatashin
2026-05-15 0:37 ` [PATCH v3 1/5] liveupdate: skip serialization for context-preserving kexec Pasha Tatashin
2026-05-15 0:37 ` [PATCH v3 2/5] liveupdate: block session mutations during reboot Pasha Tatashin
2026-05-15 0:37 ` [PATCH v3 3/5] liveupdate: fix u-a-f in luo_file_unpreserve_files() and luo_file_finish() Pasha Tatashin
2026-05-15 0:37 ` [PATCH v3 4/5] liveupdate: fix TOCTOU race in luo_session_retrieve() Pasha Tatashin
2026-05-15 0:37 ` [PATCH v3 5/5] liveupdate: Remove unused ser field from struct luo_session Pasha Tatashin
2026-05-17 17:43 ` [PATCH v3 0/5] liveupdate: serialization safety and race fixes Mike Rapoport
2026-05-17 19:01 ` Pasha Tatashin [this message]
2026-05-17 20:11 ` Mike Rapoport
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=agoOe_BjM4IKJM4Z@plex \
--to=pasha.tatashin@soleen.com \
--cc=akpm@linux-foundation.org \
--cc=bhe@redhat.com \
--cc=dan.carpenter@linaro.org \
--cc=graf@amazon.com \
--cc=jbouron@amazon.com \
--cc=kees@kernel.org \
--cc=kexec@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mario.limonciello@amd.com \
--cc=piliu@redhat.com \
--cc=pratyush@kernel.org \
--cc=rafael.j.wysocki@intel.com \
--cc=rppt@kernel.org \
--cc=skhawaja@google.com \
--cc=sourabhjain@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.