From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 23CED3C3438 for ; Sun, 17 May 2026 17:43:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779039824; cv=none; b=Dj/KoxA93+WKV7Kp6sEPNuYiTVZiQK2qIpe5btTG3Hx812DaHeKLpVxqPYr1qYudmEEcnTylz3SpwkzFQPDxYeSFaR7CJOhwgitEMmTQa7azfeUbwi9/diimrBs0elKVeM8BiKn36I9sbnBTK2J4V4dCM2vnd82KQ0Ef6pWM5ws= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779039824; c=relaxed/simple; bh=rWCwn0WhZmPuLcMpCzhXHEHqKaFyvDfyRV9d6IBQCpQ=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=AYV8C4yUnJL+1bB4GsM26q/emDTJ09g0HvCfZQuSPYvgp597Jy6yX/tZWDXNNY6yw+uRWRv9GGl87hhI7WD2ivEK71+/2ZQTTYhF7NgiTxaC+q8adLY7PRTIEiIl+jVKjghJvtfJHn15Lqtx6y4FGh+guf93XC8KRW81NudWElc= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=LxnXMPN3; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="LxnXMPN3" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 118B7C2BCB0; Sun, 17 May 2026 17:43:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1779039823; bh=rWCwn0WhZmPuLcMpCzhXHEHqKaFyvDfyRV9d6IBQCpQ=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=LxnXMPN3DwEeFnD+T6HY2+pMONdBh+tn06Qz2lB/yxMEd/VAUkNs2PlZKOiTSNgKS sBzrflt7jRNKxLO+cc9YxHhDQHa7XZI0s/LfNi78xBu33hHs7W2to4KcdX+40y3Ywl KC9gKkcxcsix2Af0AtkG6j/8ERSXWFhrbl/mWdBuaiEAOWWrbR1sa0WKig6GyTktTx WeU3H/yjG99XgekNHH3ckYytmdCajw6j9POPgxrG/iHKTJbe4kUZq7V1VGC2zR70XK jwhMi9ErZJkA+XirPdeTF/pXRqSgYA8rHDDSwW3KMb0yVzz10IEXgXabNXgjEQpRrv liEeRoB6MeFAA== Date: Sun, 17 May 2026 20:43:35 +0300 From: Mike Rapoport To: Pasha Tatashin Cc: kees@kernel.org, sourabhjain@linux.ibm.com, jbouron@amazon.com, akpm@linux-foundation.org, bhe@redhat.com, linux-kernel@vger.kernel.org, dan.carpenter@linaro.org, rafael.j.wysocki@intel.com, piliu@redhat.com, kexec@lists.infradead.org, pratyush@kernel.org, skhawaja@google.com, graf@amazon.com, mario.limonciello@amd.com Subject: Re: [PATCH v3 0/5] liveupdate: serialization safety and race fixes Message-ID: References: <20260515003722.938123-1-pasha.tatashin@soleen.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20260515003722.938123-1-pasha.tatashin@soleen.com> On Fri, May 15, 2026 at 12:37:17AM +0000, Pasha Tatashin wrote: > This series addresses several issues related to the synchronization > between the reboot process and LUO session management. > > Changes in v3: > - Refined the session mutation blocking to use a dedicated global > rwsem (luo_session_serialize_rwsem) instead of pinning individual > mutexes. > - Fixed a use-after-free race in luo_file_unpreserve_files() where > a module could be released before its file handler ID was erased. > - Fixed a TOCTOU race in luo_session_retrieve() by extending the > lock scope to overlap with session mutex acquisition. > - Removed an unused 'ser' field from struct luo_session. > - Dropped the KHO skip patch as it was not needed. > > 1. Skip LUO serialization for context-preserving kexec: A > preserve_context kexec returns to the current kernel, which is unrelated > to live update where state is passed to the next kernel. Skipping > serialization avoids unnecessary work and prevents sessions from being > left in a frozen state upon return. > > 2. Block session mutations during reboot: During the reboot() syscall, > user processes may still be running concurrently and attempting to > mutate sessions. To prevent this, we introduce luo_session_serialize_rwsem. > All mutation operations (create, retrieve, release, ioctl) hold the > read lock. The serialization process holds the write lock indefinitely > on success, effectively freezing the subsystem. > > 3. Fix use-after-free in luo_file_unpreserve_files(): Reorder module_put() > to ensure the file handler module remains pinned while its operations > are being accessed during cleanup. > > 4. Fix TOCTOU race in luo_session_retrieve(): Extend the rwsem lock > scope to prevent a session from being released between lookup and > mutex acquisition. > > 5. Remove unused ser field from struct luo_session: Clean up the > session structure by removing a field that was never utilized. Sashiko is still unhappy: https://sashiko.dev/#/patchset/20260515003722.938123-1-pasha.tatashin@soleen.com Didn't verify it's actually right, but its complaints seem legit. Among other things sashiko noted a TOCTOU issue and then found it's fixed by a later patch, maybe move the TOCTOU fix earlier in the series? > Tree: git.kernel.org/pub/scm/linux/kernel/git/tatashin/linux.git Branch: > luo-reboot-sync/v3 > > Pasha Tatashin (5): > liveupdate: skip serialization for context-preserving kexec > liveupdate: block session mutations during reboot > liveupdate: fix u-a-f in luo_file_unpreserve_files() and > luo_file_finish() > liveupdate: fix TOCTOU race in luo_session_retrieve() > liveupdate: Remove unused ser field from struct luo_session > > kernel/kexec_core.c | 8 +++++--- > kernel/liveupdate/luo_file.c | 5 +++-- > kernel/liveupdate/luo_internal.h | 2 -- > kernel/liveupdate/luo_session.c | 27 ++++++++++++++++++++------- > 4 files changed, 28 insertions(+), 14 deletions(-) > > > base-commit: 7b0b68b2b95606e65594958686833e53423f58f2 > -- > 2.53.0 > -- Sincerely yours, Mike.