Re: [PATCH v14 10/11] livepatch: Remove ordering and refuse loading conflicting patches
From: Josh Poimboeuf
Date: Thu Dec 13 2018 - 18:07:02 EST
On Thu, Nov 29, 2018 at 10:44:30AM +0100, Petr Mladek wrote:
> The atomic replace and cumulative patches were introduced as a more secure
> way to handle dependent patches. They simplify the logic:
>
> + Any new cumulative patch is supposed to take over shadow variables
> and changes made by callbacks from previous livepatches.
>
> + All replaced patches are discarded and the modules can be unloaded.
> As a result, there is only one scenario when a cumulative livepatch
> gets disabled.
>
> The different handling of "normal" and cumulative patches might cause
> confusion. It would make sense to keep only one mode. On the other hand,
> it would be rude to enforce using the cumulative livepatches even for
> trivial and independent (hot) fixes.
>
> This patch removes the stack of patches. The list of enabled patches
> is still needed but the ordering is not longer enforced.
>
> Note that it is not possible to catch all possible dependencies. It is
> the responsibility of the livepatch authors to decide.
>
> Nevertheless this patch prevents having two patches for the same function
> enabled at the same time after the transition finishes. It might help
> to catch obvious mistakes. But more importantly, we do not need to
> handle situation when a patch in the middle of the function stack
> (ops->func_stack) is being removed.
I'm not sure about this patch. I like the removal of the stacking. But
do we really want to enforce no dependencies between non-cumulative
patches? It can be done correctly if the user is careful.
Maybe we should just let users do it if they want to. And then that
also would mean less code for us to maintain.
And as usual, I apologize if I'm either contradicting or repeating past
versions of myself. :-)
--
Josh