From: Peter Zijlstra <peterz@infradead.org>
To: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Ingo Molnar <mingo@redhat.com>, Jiri Kosina <jkosina@suse.cz>,
Seth Jennings <sjenning@redhat.com>,
linux-kernel@vger.kernel.org, Vojtech Pavlik <vojtech@suse.cz>
Subject: Re: [PATCH 1/3] sched: add sched_task_call()
Date: Thu, 19 Feb 2015 01:20:58 +0100 [thread overview]
Message-ID: <20150219002058.GD5029@twins.programming.kicks-ass.net> (raw)
In-Reply-To: <20150218171256.GA28553@treble.hsd1.ky.comcast.net>
On Wed, Feb 18, 2015 at 11:12:56AM -0600, Josh Poimboeuf wrote:
> > > a) spend the time to ensure the unwinding code is correct and resilient
> > > to errors;
> > >
> > > b) leave the consistency model compiled code out if !FRAME_POINTER and
> > > allow users to patch without one (similar to the livepatch code
> > > that's already in the livepatch tree today); or
> >
> > Which has a much more limited set of patches it can do, right?
>
> If we're talking security patches, roughly 9 out of 10 of them don't
> change function prototypes, data, or data semantics. If the patch
> author is careful, he or she doesn't need a consistency model in those
> cases.
>
> So it's not _overly_ limited. If somebody's not happy about those
> limitations, they can put in the work for option a :-)
OK. So all this is really only about really funny bits.
> > So uhm, what happens if your target task is running? When will you
> > retry? The problem I see is that if you do a sample approach you might
> > never hit an opportune moment.
>
> We attack it from multiple angles.
>
> First we check the stack of all sleeping tasks. That patches the
> majority of tasks immediately. If necessary, we also do that
> periodically in a workqueue to catch any stragglers.
So not only do you need an 'atomic' stack save, you need to analyze and
flip its state in the same atomic region. The task cannot start running
again after the save and start using old functions while you analyze the
stack and flip it.
> The next line of attack is patching tasks when exiting the kernel to
> user space (system calls, interrupts, signals), to catch all CPU-bound
> and some I/O-bound tasks. That's done in patch 9 [1] of the consistency
> model patch set.
So the HPC people are really into userspace that does for (;;) ; and
isolate that on CPUs and have the tick interrupt stopped and all that.
You'll not catch those threads on the sysexit path.
And I'm fairly sure they'll not want to SIGSTOP/CONT their stuff either.
Now its fairly easy to also handle this; just mark those tasks with a
_TIF_WORK_SYSCALL_ENTRY flag, have that slowpath wait for the flag to
go-away, then flip their state and clear the flag.
> As a last resort, if there are still any tasks which are sleeping on a
> to-be-patched function, the user can send them SIGSTOP and SIGCONT to
> force them to be patched.
You typically cannot SIGSTOP/SIGCONT kernel threads. Also
TASK_UNINTERRUPTIBLE sleeps are unaffected by signals.
Bit pesky that.. needs pondering.
next prev parent reply other threads:[~2015-02-19 0:21 UTC|newest]
Thread overview: 86+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-16 18:52 [PATCH 0/3] prevent /proc/<pid>/stack garbage for running tasks Josh Poimboeuf
2015-02-16 18:52 ` [PATCH 1/3] sched: add sched_task_call() Josh Poimboeuf
2015-02-16 20:44 ` Peter Zijlstra
2015-02-16 22:05 ` Josh Poimboeuf
2015-02-17 9:24 ` Peter Zijlstra
2015-02-17 14:12 ` Josh Poimboeuf
2015-02-17 18:15 ` Peter Zijlstra
2015-02-17 21:25 ` Josh Poimboeuf
2015-02-18 15:21 ` Peter Zijlstra
2015-02-18 17:12 ` Josh Poimboeuf
2015-02-19 0:20 ` Peter Zijlstra [this message]
2015-02-19 4:17 ` Josh Poimboeuf
2015-02-19 10:16 ` Peter Zijlstra
2015-02-19 16:24 ` Josh Poimboeuf
2015-02-19 16:33 ` Vojtech Pavlik
2015-02-19 17:03 ` Josh Poimboeuf
2015-02-19 17:08 ` Jiri Kosina
2015-02-19 17:19 ` Vojtech Pavlik
2015-02-19 17:32 ` Josh Poimboeuf
2015-02-19 17:48 ` Vojtech Pavlik
2015-02-19 20:40 ` Vojtech Pavlik
2015-02-19 21:42 ` Josh Poimboeuf
2015-02-20 7:46 ` Jiri Kosina
2015-02-20 8:49 ` Jiri Kosina
2015-02-20 9:50 ` Ingo Molnar
2015-02-20 10:02 ` Jiri Kosina
2015-02-20 10:44 ` live patching design (was: Re: [PATCH 1/3] sched: add sched_task_call()) Ingo Molnar
2015-02-20 10:58 ` Jiri Kosina
2015-02-20 19:49 ` Ingo Molnar
2015-02-20 21:46 ` Vojtech Pavlik
2015-02-20 22:08 ` Josh Poimboeuf
2015-02-21 18:30 ` Ingo Molnar
2015-02-22 8:52 ` Jiri Kosina
2015-02-22 10:17 ` Ingo Molnar
2015-02-22 19:18 ` Jiri Kosina
2015-02-23 12:43 ` Jiri Kosina
2015-02-24 10:37 ` Ingo Molnar
2015-02-21 18:18 ` Ingo Molnar
2015-02-21 18:57 ` Jiri Kosina
2015-02-21 19:16 ` Ingo Molnar
2015-02-21 19:31 ` Jiri Kosina
2015-02-21 19:48 ` Ingo Molnar
2015-02-21 20:10 ` Jiri Kosina
2015-02-21 20:53 ` Jiri Kosina
2015-02-22 8:46 ` Ingo Molnar
2015-02-22 9:08 ` Jiri Kosina
2015-02-22 9:46 ` live kernel upgrades (was: live kernel patching design) Ingo Molnar
2015-02-22 10:34 ` Ingo Molnar
2015-02-22 10:48 ` Ingo Molnar
2015-02-22 19:13 ` Jiri Kosina
2015-02-22 23:01 ` Andrew Morton
2015-02-23 0:18 ` Dave Airlie
2015-02-23 0:44 ` Arjan van de Ven
2015-02-23 8:17 ` Jiri Kosina
2015-02-23 10:42 ` Richard Weinberger
2015-02-23 11:08 ` Vojtech Pavlik
2015-02-23 11:50 ` Pavel Machek
2015-02-24 9:16 ` Ingo Molnar
2015-02-24 12:28 ` Jiri Slaby
2015-03-05 0:51 ` Ingo Molnar
2015-02-23 6:35 ` Vojtech Pavlik
2015-02-24 9:44 ` Ingo Molnar
2015-02-24 12:12 ` Vojtech Pavlik
2015-02-24 10:53 ` Ingo Molnar
2015-02-24 12:19 ` Vojtech Pavlik
2015-02-22 14:37 ` Josh Poimboeuf
2015-02-22 16:40 ` Josh Poimboeuf
2015-02-22 19:03 ` Jiri Kosina
2015-02-24 10:23 ` Ingo Molnar
2015-02-24 11:10 ` Petr Mladek
2015-02-24 12:36 ` Vojtech Pavlik
2015-02-23 11:39 ` Pavel Machek
2015-02-24 10:25 ` Ingo Molnar
2015-02-24 12:11 ` Jiri Slaby
2015-02-24 13:18 ` live kernel upgrades Pavel Emelyanov
2015-02-20 16:12 ` [PATCH 1/3] sched: add sched_task_call() Josh Poimboeuf
2015-02-20 20:08 ` Ingo Molnar
2015-02-20 21:22 ` Josh Poimboeuf
2015-02-20 17:05 ` Josh Poimboeuf
2015-02-19 21:26 ` Jiri Kosina
2015-02-19 21:38 ` Jiri Kosina
2015-02-19 23:11 ` Josh Poimboeuf
2015-02-16 18:52 ` [PATCH 2/3] stacktrace: add save_stack_trace_tsk_safe() Josh Poimboeuf
2015-02-18 0:13 ` Andrew Morton
2015-02-20 9:32 ` Jiri Kosina
2015-02-16 18:52 ` [PATCH 3/3] proc: fix /proc/<pid>/stack for running tasks Josh Poimboeuf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150219002058.GD5029@twins.programming.kicks-ass.net \
--to=peterz@infradead.org \
--cc=akpm@linux-foundation.org \
--cc=jkosina@suse.cz \
--cc=jpoimboe@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=sjenning@redhat.com \
--cc=vojtech@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox