Hi, In testing livepatch, I found that when doing cumulative patches, if a patched function is completed reverted by a subsequent patch (back to its original state) livepatch does not revert the funtion to its original state. Specifically, if patch A introduces a change to function 1, and patch B reverts the change to function 1 and introduces changes to say function 2 and 3 as well, the change that patch A introducd to function 1 is still present. This could be addressed by first completely removing patch A (disable and then rmmod) and then inserting patch B (insmod and enable), but this leaves an unpatched window. In discussing this issue with Josh on the kpatch mailing list, he mentioned that we could get 'atomic replace working properly', and that is the direction of this patchset: https://www.redhat.com/archives/kpatch/2017-June/msg00005.html Patches: 1) livepatch: Add klp_object and klp_func iterators Just a prep patch for the 'atomic revert' feature 2) livepatch: add atomic replace Core feature 3) livepatch: Add a sysctl livepatch_mode for atomic replace Introduces a knob for enabling atomic replace. I hate knobs and perhaps its possible to default to cumulative replace? Although I suspect there are workflows relying on the existing behavior - I'm not sure. It may be desirable to associate the knob with the patch itself as in the 'immediate' flag, such that we don't introduce a global sysctl that likely would also need to built-in, if there are patches in the initrd. Thanks, -Jason Jason Baron (3): livepatch: Add klp_object and klp_func iterators livepatch: add atomic replace livepatch: Add a sysctl livepatch_mode for atomic revert include/linux/livepatch.h | 118 ++++++++++++++++++++++++++++++-- kernel/livepatch/core.c | 154 ++++++++++++++++++++++++++++++++++++++++-- kernel/livepatch/core.h | 4 ++ kernel/livepatch/patch.c | 23 ++++--- kernel/livepatch/patch.h | 1 + kernel/livepatch/transition.c | 79 +++++++++++++++++++--- kernel/sysctl.c | 12 ++++ 7 files changed, 362 insertions(+), 29 deletions(-) -- 2.6.1 -- To unsubscribe from this list: send the line "unsubscribe live-patching" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
