[GIT PULL] Live patching for 3.20

From: Jiri Kosina
Date: Mon Feb 09 2015 - 14:56:00 EST


Linus,

Live patching core is available for you to pull at

git://git.kernel.org/pub/scm/linux/kernel/git/jikos/livepatching.git for-linus



Let me provide a bit of history first, before describing what is in this
pile.

Originally, there was kSplice as a standalone project that implemented
stop_machine()-based patching for the linux kernel. This project got later
acquired, and the current owner is providing live patching as a
proprietary service, without any intentions to have their implementation
merged.

Then, due to rising user/customer demand, both Red Hat and SUSE started
working on their own implementation (not knowing about each other), and
announced first versions roughly at the same time [1] [2].

The principle difference between the two solutions is how they are making
sure that the patching is performed in a consistent way when it comes to
different execution threads with respect to the semantic nature of the
change that is being introduced.

In a nutshell, kPatch is issuing stop_machine(), then looking at stacks of
all existing processess, and if it decides that the system is in a state
that can be patched safely, it proceeds insterting code redirection
machinery to the patched functions.

On the other hand, kGraft provides a per-thread consistency during one
single pass of a process through the kernel and performs a lazy
contignuous migration of threads from "unpatched" universe to the
"patched" one at safe checkpoints.

If interested in a more detailed discussion about the consistency models
and its possible combinations, please see the thread that evolved
around [3].

It pretty quickly became obvious to the interested parties that it's
absolutely impractical in this case to have several isolated solutions for
one task to co-exist in the kernel. During a dedicated Live Kernel
Patching track at LPC in Dusseldorf, all the interested parties sat
together and came up with a joint aproach that would work for both distro
vendors. Steven Rostedt took notes [4] from this meeting.

And the foundation for that aproach is what's present in this pull
request.

It provides a basic infrastructure for function "live patching" (i.e. code
redirection), including API for kernel modules containing the actual
patches, and API/ABI for userspace to be able to operate on the patches
(look up what patches are applied, enable/disable them, etc). It's
relatively simple and minimalistic, as it's making use of existing kernel
infrastructure (namely ftrace) as much as possible. It's also
self-contained, in a sense that it doesn't hook itself in any other kernel
subsystem (it doesn't even touch any other code). It's now implemented for
x86 only as a reference architecture, but support for powerpc, s390 and
arm is already in the works (adding arch-specific support basically boils
down to teaching ftrace about regs-saving).

Once this common infrastructure gets merged, both Red Hat and SUSE have
agreed to immediately start porting their current solutions on top of
this, abandoning their out-of-tree code. The plan basically is that each
patch will be marked by flag(s) that would indicate which consistency
model it is willing to use (again, the details have been sketched out
already in the thread at [3]).

Before this happens, the current codebase can be used to patch a large
group of secruity/stability problems the patches for which are not too
complex (in a sense that they don't introduce non-trivial change of
function's return value semantics, they don't change layout of data
structures, etc) -- this corresponds to LEAVE_FUNCTION && SWITCH_FUNCTION
semantics described at [3].

This tree has been in linux-next since December.

Thanks.

[1] https://lkml.org/lkml/2014/4/30/477
[2] https://lkml.org/lkml/2014/7/14/857
[3] https://lkml.org/lkml/2014/11/7/354
[4] http://linuxplumbersconf.org/2014/wp-content/uploads/2014/10/LPC2014_LivePatching.txt



[ The core code is introduced by the three commits authored by Seth
Jennings, which got a lot of changes incorporated during numerous
respins and reviews of the initial implementation. All the followup
commits have materialized only after public tree has been created, so
they were not folded into initial three commits so that the public tree
doesn't get rebased. ]

----------------------------------------------------------------
Christoph Jaeger (1):
livepatch: kconfig: use bool instead of boolean

Jiri Kosina (2):
livepatch: MAINTAINERS: add git tree location
livepatch: handle ancient compilers with more grace

Josh Poimboeuf (8):
livepatch: use FTRACE_OPS_FL_IPMODIFY
livepatch: samples: fix usage example comments
livepatch: fix deferred module patching order
livepatch: enforce patch stacking semantics
livepatch: support for repatching a function
livepatch: fix uninitialized return value
livepatch: rename config to CONFIG_LIVEPATCH
livepatch: add missing newline to error message

Li Bin (1):
livepatch: move x86 specific ftrace handler code to arch/x86

Miroslav Benes (1):
livepatch: change ARCH_HAVE_LIVE_PATCHING to HAVE_LIVE_PATCHING

Seth Jennings (3):
livepatch: kernel: add TAINT_LIVEPATCH
livepatch: kernel: add support for live patching
livepatch: samples: add sample live patching module

Documentation/ABI/testing/sysfs-kernel-livepatch | 44 +
Documentation/oops-tracing.txt | 2 +
Documentation/sysctl/kernel.txt | 1 +
MAINTAINERS | 15 +
arch/x86/Kconfig | 3 +
arch/x86/include/asm/livepatch.h | 46 +
arch/x86/kernel/Makefile | 1 +
arch/x86/kernel/livepatch.c | 90 ++
include/linux/kernel.h | 1 +
include/linux/livepatch.h | 133 +++
kernel/Makefile | 1 +
kernel/livepatch/Kconfig | 18 +
kernel/livepatch/Makefile | 3 +
kernel/livepatch/core.c | 1015 ++++++++++++++++++++++
kernel/panic.c | 2 +
samples/Kconfig | 7 +
samples/Makefile | 2 +-
samples/livepatch/Makefile | 1 +
samples/livepatch/livepatch-sample.c | 91 ++
19 files changed, 1475 insertions(+), 1 deletion(-)
create mode 100644 Documentation/ABI/testing/sysfs-kernel-livepatch
create mode 100644 arch/x86/include/asm/livepatch.h
create mode 100644 arch/x86/kernel/livepatch.c
create mode 100644 include/linux/livepatch.h
create mode 100644 kernel/livepatch/Kconfig
create mode 100644 kernel/livepatch/Makefile
create mode 100644 kernel/livepatch/core.c
create mode 100644 samples/livepatch/Makefile
create mode 100644 samples/livepatch/livepatch-sample.c

--
Jiri Kosina
SUSE Labs
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/