Re: [PATCH 2/2] livepatch: Fix the bug if the function name is larger than KSYM_NAME_LEN-1

[Minfei Huang]

On 04/14/15 at 08:41pm, Petr Mladek wrote:
> On Wed 2015-04-15 01:01:39, Minfei Huang wrote:
> > On 04/14/15 at 06:27pm, Petr Mladek wrote:
> > > On Tue 2015-04-14 23:55:36, Minfei Huang wrote:
> > > > On 04/14/15 at 10:11P, Josh Poimboeuf wrote:
> > > > > On Tue, Apr 14, 2015 at 01:45:49PM +0800, Minfei Huang wrote:
> > > > > > On 04/14/15 at 12:32P, Josh Poimboeuf wrote:
> > > > > > > On Tue, Apr 14, 2015 at 01:29:50PM +0800, Minfei Huang wrote:
> > > > > > > > 
> > > > > > > > For end user, they may know litter about restriction of kallsyms and
> > > > > > > > livepatch. How can they know the restriction that function name is
> > > > > > > > limited to 127?
> > > > > > > 
> > > > > > > As I mentioned above, I think kallsyms.c should fail the build if it
> > > > > > > encounters a symbol longer than KSYM_NAME_LEN.
> > > > > > > 
> > > > > > 
> > > > > > I dont think it is a good idea to handle this case like that. The
> > > > > > function name is only for human recognization. Why the compiler fails
> > > > > > to build it?
> > > > > 
> > > > > Well, the function name isn't only for human recognition.  kpatch-build
> > > > > generates patch modules automatically.  It assumes that the compiled
> > > > > function name matches the kallsyms name.  And I'd guess that a lot of
> > > > > other code (both in-kernel and user space tools) make the same
> > > > > assumption.
> > > > > 
> > > > > Not to mention that most humans would also make the same assumption...
> > > > 
> > > > Yes. The assumption is correct for most case.
> > > > 
> > > > It is significance for livepatch to support extra module, because in my
> > > > opinion kernel is more stable than the third module.
> > > > 
> > > > So it is more important, if the livepatch can patch all sorts of patch.
> > > > For dynamic function name, I think it is simple to avoid it.
> > > 
> > > Do you have some really existing module with such a crazy long
> > > function names or is this debate pure theoretical, please?
> > > 
> > 
> > No, I do not have such running module which function name is exceed to
> > 127.
> > 
> > Again, we can not predict what end user do to name the function name. I
> > think the overlength function name is valid for linux kernel, if the
> > module can be installed.
> 
> My position on this is that using >127 length function names is
> insane. I would be scared to use such a module on a production system.
> If we refuse patching, we actually do a favor for the user.
> Instead of fixing live patch for such a scenario, we should suggest
> the user to use more trustful modules.

Yes, the function name can be changed, before the extra module is
installed to the production system.

We discuss around and around, there are still some confusion with it.

1) How does end user know that livepatch can _not_ support the function
    which length is larger than 127. We can not enforce the end user
    to know the livepatch and kallsyms code in detail.
2) How does end user use livepatch to patch running extra module, once
    the module is running in the production system, if the function name
    is insane.
3) The error message is ambiguity, if we try to patch the overlength
    function. We can give the error message clearly, once the function
    name is overlength.

I think it is better that we can take more time on the people who will
use livepatch frequently.

Attaching a patch to make error message explictly for the overlength
function name.