Re: [PATCH 1/2] livepatch: Add a new function to verify the address and name match for extra module

From: Josh Poimboeuf
Date: Tue Apr 14 2015 - 00:05:58 EST


On Tue, Apr 14, 2015 at 08:48:11AM +0800, Minfei Huang wrote:
> On 04/14/15 at 08:17P, Minfei Huang wrote:
> > On 04/13/15 at 05:58P, Josh Poimboeuf wrote:
> > > On Mon, Apr 13, 2015 at 06:37:10PM +0800, Minfei Huang wrote:
> > > > For my patches, I think it is used by the persion which will compose the
> > > > patch individually, not for the manufactor.
> > > >
> > > > Yes, Verifying extra function address is more useless in general, due to
> > > > the changable address on different system.
> > > >
> > > > IMO, we shall do our best to make livepatch more robust.
> > >
> > > IIUC, to use this, you'd have to load the module first, manually look up
> > > the module function's address, and _then_ build the patch for the
> > > running system. And the resulting patch wouldn't work on other systems.
> > >
> > > Do you have concrete plans to use it this way?
> > >
> > > Just trying to understand if this is needed for a real world usage
> > > scenario.
> >
> > For some companies(like cloud computing company), they will compose
> > their own module to improve the performance.
> >
> > Once there is some bug for the own module, they cannt restart to reload
> > the fixed-module. So it seems that livepatch is the best way to fix this
> > issue.
> >
> > Before livepatch being integrated in kernel, we usually use ksplice to
> > patch the patch.
> >
> > What the above scenario I met is in my previous work.
> >
> > For now, livepatch cannt patch the patch for extra module, once the
> > function name is larger than 127.
> >
>
> Also, Maybe there is some day, we can use script to detect the function
> name and address in userspace, then generate the patch to patch the
> defective kernel or extra module.

I'd rather wait until we have a real world use case before adding
support for that. Otherwise we end up bloating the code and have to
support a nebulous feature which nobody uses.

> So the people who want to use livepatch never concern how to compose the
> patch to patch the kernel or extra module by using livepatch. All they
> will do is to provide a common patch which is different with the
> original code.

We already have a kpatch tool named kpatch-build which does this. It is
not yet upstreamed into Linux. The key difference is that it creates
the patch at compile time rather than runtime. The resulting patch
works for _all_ systems running the given version of kernel, rather than
only the current system.

--
Josh
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/