Re: [PATCH v6 05/20] liveupdate: luo_ioctl: add user interface

Next message: Dave Hansen: "Re: Old microcode CPU matching issue - x86/microcode/intel: Refresh the revisions that determine old_microcode"
Previous message: tip-bot2 for Gabriele Monaco: " [tip: timers/core] timers/migration: Rename 'online' bit to 'available'"
In reply to: David Matlack: "Re: [PATCH v6 05/20] liveupdate: luo_ioctl: add user interface"
Next in thread: David Matlack: "Re: [PATCH v6 05/20] liveupdate: luo_ioctl: add user interface"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Pasha Tatashin

Date: Thu Nov 20 2025 - 14:23:30 EST

On Thu, Nov 20, 2025 at 1:38 PM David Matlack <dmatlack@xxxxxxxxxx> wrote:
>
> On Sat, Nov 15, 2025 at 3:34 PM Pasha Tatashin
> <pasha.tatashin@xxxxxxxxxx> wrote:
> > The idea is that there is going to be a single userspace agent driving
> > the live update, therefore, only a single process can ever hold this
> > device opened at a time.
> ...
> > +static int luo_open(struct inode *inodep, struct file *filep)
> > +{
> > + struct luo_device_state *ldev = container_of(filep->private_data,
> > + struct luo_device_state,
> > + miscdev);
> > +
> > + if (atomic_cmpxchg(&ldev->in_use, 0, 1))
> > + return -EBUSY;
>
> Can you remind me why the kernel needs to enforce this? What would be
> wrong or unsafe from the kernel perspective if there were multiple
> userspace agents holding open files for /dev/liveupdate, each with
> their own sessions?

By enforcing a singleton, we will ensure a consistent view for tooling
like luoadm (which will track incoming/outgoing sessions, UUIDs, etc.)
and prevent conflicting commands regarding the transition state.

This is not a bottleneck because the vast majority of the work
(preserving devicse/memory) is handled via the individual Session FDs.
Also, since sessions persist even if /dev/liveupdate is closed, we
allow the agent upgrade, or crashing without requiring concurrent
access.

Pasha