Re: [PATCH v3 0/7] livepatch: Introduce replace set support

[Joe Lawrence <joe.lawrence@redhat.com>]

On Sun, Jun 07, 2026 at 09:16:52PM +0800, Yafang Shao wrote:
> We previously proposed a BPF+livepatch method to enable rapid
> experimentation with new kernel features without interrupting production
> workloads:
> 
>   https://lore.kernel.org/live-patching/20260402092607.96430-1-laoar.shao@gmail.com/
> 
> In the resulting discussion, Song and Petr suggested adding a "replace set"
> to support scenarios where specific livepatches can be selectively replaced
> or skipped.
> 
> This patch introduces 'replace_set' to provide finer-grained control over
> livepatch management. The core rules and behaviors of a replace_set are
> defined as follows:
> - Livepatches sharing the same replace_set can mutually replace each
>   other.
> - Only one livepatch within a given replace_set can be active at a time.
> - Livepatches belonging to different replace_sets can coexist on the
>   system.
> - Livepatches in different replace_sets are prohibited from modifying the
>   same function.
> - Livepatches in different replace_sets cannot use the same state ID.
> 
> Additionally, this design deprecates the traditional non-atomic-replace
> model. Previously, setting 'replace' to 0 was the only way to keep
> certain livepatches persistent on the system, forcing developers to
> disable atomic replacement entirely. With the introduction of replace_set,
> developers now have a selective option to keep specific livepatches
> persistent while maintaining atomic replacement capabilities elsewhere.
> 
> At present, KLP state, shadow variables, and callbacks are not integrated
> with the new replace_set mechanism in this patchset. Support for these
> features is deferred until Petr's klp-state-transfer infrastructure is
> completed and merged:
> 
>   https://github.com/pmladek/linux/tree/klp-state-transfer-v1-iter12
> 
> v2->v3:
> - Address the feedback from Sachiko AI
>  - Fix the pre-existing NULL pointer dereference issue
>  - Move klp_find_func into core.h
>  - Don't deprecate stack_order completely
> 
> v2: https://lore.kernel.org/live-patching/20260529034542.68766-1-laoar.shao@gmail.com/
> 
> v1->v2:
> - Incorporate feedback from Petr:
>   - Initialize replace_set to 0 by default
>   - Improve documentation
>   - Enforce that livepatches in different replace_sets cannot use the same
>     state->id.
>   - Enforce that livepatches in different replace_sets cannot modify the
>     same function.
>   - Ensure consistent capitalization and naming usage of KLP_REPLACE_SET.
> - Incorporate feedback from Sachiko AI:
>   - Skip the klp_transition patch during klp_force_transition().
> 
> v1 (RFC): https://lore.kernel.org/live-patching/20260513143321.26185-1-laoar.shao@gmail.com/
> 
> Yafang Shao (7):
>   livepatch: Fix NULL pointer dereference in klp_find_func()
>   livepatch: Move klp_find_func() into core.h
>   livepatch: Support scoped atomic replace using replace_set
>   livepatch: Deprecate stack_order
>   selftests/livepatch: Update tests for replace_set
>   selftests/livepatch: Add test for state ID conflict across
>     replace_sets
>   selftests/livepatch: Add test for function conflict across
>     replace_sets
> 
>  .../ABI/removed/sysfs-kernel-livepatch        |   9 +
>  .../ABI/testing/sysfs-kernel-livepatch        |  14 +-
>  .../livepatch/cumulative-patches.rst          |  23 ++-
>  Documentation/livepatch/livepatch.rst         |  21 ++-
>  include/linux/livepatch.h                     |   5 +-
>  kernel/livepatch/core.c                       |  65 ++-----
>  kernel/livepatch/core.h                       |  21 +++
>  kernel/livepatch/state.c                      |  51 ++++--
>  kernel/livepatch/transition.c                 |  11 +-
>  scripts/livepatch/init.c                      |   6 +-
>  scripts/livepatch/klp-build                   |  16 +-
>  .../selftests/livepatch/test-callbacks.sh     |  33 ++--
>  .../selftests/livepatch/test-livepatch.sh     | 159 +++++++----------
>  .../testing/selftests/livepatch/test-state.sh |  34 ++++
>  .../testing/selftests/livepatch/test-sysfs.sh |  91 ++--------
>  .../selftests/livepatch/test_modules/Makefile |   2 +
>  .../test_modules/test_klp_atomic_replace.c    |  10 +-
>  .../test_modules/test_klp_atomic_replace2.c   |  55 ++++++
>  .../test_modules/test_klp_callbacks_demo.c    |   6 +
>  .../test_modules/test_klp_callbacks_demo2.c   |  10 +-
>  .../test_modules/test_klp_livepatch.c         |   6 +
>  .../livepatch/test_modules/test_klp_state.c   |   4 +-
>  .../livepatch/test_modules/test_klp_state2.c  |   4 +-
>  .../livepatch/test_modules/test_klp_state4.c  | 163 ++++++++++++++++++
>  24 files changed, 507 insertions(+), 312 deletions(-)
>  create mode 100644 Documentation/ABI/removed/sysfs-kernel-livepatch
>  create mode 100644 tools/testing/selftests/livepatch/test_modules/test_klp_atomic_replace2.c
>  create mode 100644 tools/testing/selftests/livepatch/test_modules/test_klp_state4.c
> 
> -- 
> 2.52.0
> 

Hi Yafang,

Thanks for implementing this.  Supporting both replace and non-replace
style patches has always been a headache for me when reading through the
code, or worse, actual end user cases.  A few minor nitpicks:

After applying the series, Documentation/livepatch/system-state.rst
still references the old non-replace model.  Section 2 states that
"Non-cumulative livepatches are allowed to touch already modified
system states," which is no longer true.  The introductions in both
system-state.rst and cumulative-patches.rst also frame atomic replace
as opt-in.  Petr's proposed documentation rewrites cover some of
this, but system-state.rst section 2 needs updating as well.

See also my replies to specific patches/replies, mainly around the
supercedes feature discussion.

--
Joe