Re: [RFC PATCH 0/2] kpatch: dynamic kernel patching

From: David Lang
Date: Mon May 05 2014 - 19:35:03 EST

Next message: Jiri Kosina: "Re: [RFC PATCH 0/2] kpatch: dynamic kernel patching"
Previous message: Maciej W. Rozycki: "Re: X86: Impossible select Enhanced Real Time Clock Support (legacy PC RTC driver)"
In reply to: Josh Poimboeuf: "Re: [RFC PATCH 0/2] kpatch: dynamic kernel patching"
Next in thread: Jiri Kosina: "Re: [RFC PATCH 0/2] kpatch: dynamic kernel patching"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 2 May 2014, Jiri Kosina wrote:

On Thu, 1 May 2014, Josh Poimboeuf wrote:

kpatch vs kGraft
----------------

I think the biggest difference between kpatch and kGraft is how they
ensure that the patch is applied atomically and safely.

kpatch checks the backtraces of all tasks in stop_machine() to ensure
that no instances of the old function are running when the new function
is applied. I think the biggest downside of this approach is that
stop_machine() has to idle all other CPUs during the patching process,
so it inserts a small amount of latency (a few ms on an idle system).

Instead, kGraft uses per-task consistency: each task either sees the old
version or the new version of the function. This gives a consistent
view with respect to functions, but _not_ data, because the old and new
functions are allowed to run simultaneously and share data. This could
be dangerous if a patch changes how a function uses a data structure.
The new function could make a data change that the old function wasn't
expecting.

Please correct me if I am wrong, but with kPatch, you are also unable to
do a "flip and forget" switch between functions that expect different
format of in-memory data without performing a non-trivial all-memory
lookup to find structures in question and perfoming corresponding
transformations.

What we can do with kGraft si to perform the patching in two steps

(1) redirect to a temporary band-aid function that can handle both
semantics of the data (persumably in highly sub-optimal way)
(2) patching in (1) succeeds completely (kGraft claims victory), start a
new round of patching with redirect to the final function which
expects only the new semantics

This basically implies that both aproaches need "human inspection" in this
respect anyway.

how would you know that all instances of the datastructure in memory have been touched? just because all tasks have run and are outside the function in question doesn't tell you data structures have been converted. You have no way of knowing when (or if) the next call to the modified function will take place on any potential in-memory structure.

David Lang
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jiri Kosina: "Re: [RFC PATCH 0/2] kpatch: dynamic kernel patching"
Previous message: Maciej W. Rozycki: "Re: X86: Impossible select Enhanced Real Time Clock Support (legacy PC RTC driver)"
In reply to: Josh Poimboeuf: "Re: [RFC PATCH 0/2] kpatch: dynamic kernel patching"
Next in thread: Jiri Kosina: "Re: [RFC PATCH 0/2] kpatch: dynamic kernel patching"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]