From: Pasha Tatashin <pasha.tatashin@soleen.com>
To: Pratyush Yadav <pratyush@kernel.org>
Cc: Pasha Tatashin <pasha.tatashin@soleen.com>,
rppt@kernel.org, sourabhjain@linux.ibm.com, jbouron@amazon.com,
akpm@linux-foundation.org, bhe@redhat.com,
linux-kernel@vger.kernel.org, dan.carpenter@linaro.org,
rafael.j.wysocki@intel.com, piliu@redhat.com,
kexec@lists.infradead.org, skhawaja@google.com, graf@amazon.com,
mario.limonciello@amd.com
Subject: Re: [PATCH v5 3/5] liveupdate: block session mutations during reboot
Date: Mon, 18 May 2026 23:15:17 +0000 [thread overview]
Message-ID: <aguXhxrjhvmxAyb2@plex> (raw)
In-Reply-To: <2vxzo6ic8ysn.fsf@kernel.org>
On 05-18 18:31, Pratyush Yadav wrote:
> On Mon, May 18 2026, Pasha Tatashin wrote:
>
> > During the reboot() syscall, user processes may still be running
> > concurrently and attempting to mutate sessions (e.g., creating,
> > retrieving, or releasing sessions). To prevent this, introduce
> > luo_session_serialize_rwsem to synchronize mutations with the
> > serialization process.
> >
> > All session mutation operations (create, retrieve, release, ioctl) take
> > the read lock. The serialization process (luo_session_serialize) takes
> > the write lock and holds it indefinitely on success. This effectively
> > freezes the LUO session subsystem during the transition to the new
> > kernel. If serialization fails, the lock is released to allow recovery.
>
> Good idea I think.
Hi Pratyush,
>
> But, do we need a new mutex? Can't we use luo_session_header->rwsem?
> Session creation and release take the header rwsem at one point anyway,
> so perhaps we can just reuse that?
The sh->rwsem is for protecting the the session list. We only take it as
a writer when modifying the list (insert/remove) and as a reader when
traversing it. Also, we drop sh->rwsem as soon as we've acquired the
per-session mutex to allow other list operations to proceed while a
session is being modified.
Because of this, many session mutation operations (specifically ioctl
calls) don't touch sh->rwsem at all—they jump straight to the session
state via the file's private_data. To use sh->rwsem to block
these mutations, we would be forced to add down_read(&sh->rwsem) to
every ioctl path. This would be a layering violation, coupling list
management to per-session data mutations, and would introduce a global
bottleneck for operations that are otherwise independent.
The only other way to prevent mutations without a new global lock would
be for the reboot process to acquire every individual session mutex.
However, since LUO_SESSION_MAX can be large, this would exceed lockdep's
maximum lock tracking limit and trigger failures. The
luo_session_serialize_rwsem provides a dedicated signal to freeze the
entire subsystem without messing with the existing fine-grained locking
logic.
>
> Also, do we need to block incoming sessions? They won't participate in
> serialization, so perhaps we can leave those alone, and all the outgoing
> sessions get protected by the outgoing session header rwsem?
Incoming sessions don't participate in serialization, but blocking them
makes the code more robust. This provides a level of future proofing if
new ioctls or operations are added later, we won't accidentally miss a
path that should have been frozen during reboot. It's safer to treat the
subsystem as a single unit that freezes entirely once the transition
begins.
Pasha
next prev parent reply other threads:[~2026-05-18 23:15 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-18 12:54 [PATCH v5 0/5] liveupdate: serialization safety and race fixes Pasha Tatashin
2026-05-18 12:54 ` [PATCH v5 1/5] liveupdate: skip serialization for context-preserving kexec Pasha Tatashin
2026-05-18 12:54 ` [PATCH v5 2/5] liveupdate: fix TOCTOU race in luo_session_retrieve() Pasha Tatashin
2026-05-18 16:13 ` Pratyush Yadav
2026-05-18 12:54 ` [PATCH v5 3/5] liveupdate: block session mutations during reboot Pasha Tatashin
2026-05-18 16:31 ` Pratyush Yadav
2026-05-18 23:15 ` Pasha Tatashin [this message]
2026-05-22 12:52 ` Pratyush Yadav
2026-05-27 20:06 ` Pasha Tatashin
2026-05-18 12:54 ` [PATCH v5 4/5] liveupdate: fix u-a-f in luo_file_unpreserve_files() and luo_file_finish() Pasha Tatashin
2026-05-18 16:24 ` Pratyush Yadav
2026-05-18 12:54 ` [PATCH v5 5/5] liveupdate: Remove unused ser field from struct luo_session Pasha Tatashin
2026-05-18 16:24 ` Pratyush Yadav
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aguXhxrjhvmxAyb2@plex \
--to=pasha.tatashin@soleen.com \
--cc=akpm@linux-foundation.org \
--cc=bhe@redhat.com \
--cc=dan.carpenter@linaro.org \
--cc=graf@amazon.com \
--cc=jbouron@amazon.com \
--cc=kexec@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mario.limonciello@amd.com \
--cc=piliu@redhat.com \
--cc=pratyush@kernel.org \
--cc=rafael.j.wysocki@intel.com \
--cc=rppt@kernel.org \
--cc=skhawaja@google.com \
--cc=sourabhjain@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.