On Wed, Mar 07, 2018 at 09:20:34AM +0100, Petr Mladek wrote: > From: Jason Baron <jbaron@xxxxxxxxxx> > > We are going to add a feature called atomic replace. It will allow to > create a patch that would replace all already registered patches. > > The replaced patches will stay registered because they are typically > unregistered by some package uninstall scripts. But we will remove > these patches from @klp_patches list to keep the enabled patch > on the bottom of the stack. Otherwise, we would need to implement > rather complex logic for moving the patches on the stack. Also > it would complicate implementation of the atomic replace feature. > It is not worth it. > > As a result, we will have patches that are registered but that > are no longer usable. Let's get prepared for this and use > a better descriptive name for klp_is_patch_registered() function. > > Also create separate list for the replaced patches and allow to > unregister them. Alternative solution would be to add a flag > into struct klp_patch. Note that patch->kobj.state_initialized > is not safe because it can be cleared outside klp_mutex. > > This patch does not change the existing behavior. > > Signed-off-by: Jason Baron <jbaron@xxxxxxxxxx> > [pmladek@xxxxxxxx: Split and renamed klp_is_patch_usable()] > Signed-off-by: Petr Mladek <pmladek@xxxxxxxx> > Cc: Josh Poimboeuf <jpoimboe@xxxxxxxxxx> > Cc: Jessica Yu <jeyu@xxxxxxxxxx> > Cc: Jiri Kosina <jikos@xxxxxxxxxx> > Acked-by: Miroslav Benes <mbenes@xxxxxxx> > --- > kernel/livepatch/core.c | 30 ++++++++++++++++++++++++------ > 1 file changed, 24 insertions(+), 6 deletions(-) > > diff --git a/kernel/livepatch/core.c b/kernel/livepatch/core.c > index ab1f6a371fc8..fd0296859ff4 100644 > --- a/kernel/livepatch/core.c > +++ b/kernel/livepatch/core.c > @@ -47,6 +47,13 @@ DEFINE_MUTEX(klp_mutex); > > static LIST_HEAD(klp_patches); > > +/* > + * List of 'replaced' patches that have been replaced by a patch that has the > + * 'replace' bit set. When they are added to this list, they are disabled and > + * can not be re-enabled, but they can be unregistered(). > + */ > +static LIST_HEAD(klp_replaced_patches); Can someone remind me why we're permanently disabling replaced patches? I seem to remember being involved in that decision, but at least with this latest version of the patches, it seems like it would be simpler to just let 'replace' patches be rolled back to the previous state when they're unpatched. Then we don't need two lists of patches, the nops can become more permanent, the replaced patches remain "enabled" but inert, and the unpatching behavior is less surprising to the user, more like a normal rollback. Along those lines, I'd also propose that we constrain our existing patch stacking even further. Right now we allow a new patch to be registered on top of a disabled patch, though we don't allow the new patch to be enabled until the previous patch gets enabled. I'd propose we no longer allow that condition. We should instead enforce that all existing patches are *enabled* before allowing a new patch to be registered on top. That way the patch stacking is even more sane, and there are less "unusual" conditions to worry about. We have enough of those already. Each additional bit of flexibility has a maintenance cost, and this one isn't worth it IMO. The downside of the above proposals is that now you can't remove an old patch after it's been replaced, but IMO that's a small price to pay for code sanity. Every additional bit of flexibility has a maintenance cost, and this one isn't worth it IMO. Just force the user to leave the old inert patches loaded. They shouldn't take up much memory anyway, and they might come in handy should a revert be needed. > + > static struct kobject *klp_root_kobj; > > static void klp_init_func_list(struct klp_object *obj, struct klp_func *func) > @@ -108,17 +115,28 @@ static void klp_find_object_module(struct klp_object *obj) > mutex_unlock(&module_mutex); > } > > -static bool klp_is_patch_registered(struct klp_patch *patch) > +static bool klp_is_patch_in_list(struct klp_patch *patch, > + struct list_head *head) > { > struct klp_patch *mypatch; > > - list_for_each_entry(mypatch, &klp_patches, list) > + list_for_each_entry(mypatch, head, list) > if (mypatch == patch) > return true; > > return false; > } > > +static bool klp_is_patch_usable(struct klp_patch *patch) > +{ > + return klp_is_patch_in_list(patch, &klp_patches); > +} > + > +static bool klp_is_patch_replaced(struct klp_patch *patch) > +{ > + return klp_is_patch_in_list(patch, &klp_replaced_patches); > +} > + > static bool klp_initialized(void) > { > return !!klp_root_kobj; > @@ -375,7 +393,7 @@ int klp_disable_patch(struct klp_patch *patch) > > mutex_lock(&klp_mutex); > > - if (!klp_is_patch_registered(patch)) { > + if (!klp_is_patch_usable(patch)) { This is another case where a wrapper function hurts readability. What does "usable" even mean to the reader of this code? Every time I see it, I have to do a double take. I think getting rid of the wrapper in favor of just doing if (!klp_is_patch_in_list(patch, &klp_patches)) would be much more obvious. > ret = -EINVAL; > goto err; > } > @@ -475,7 +493,7 @@ int klp_enable_patch(struct klp_patch *patch) > > mutex_lock(&klp_mutex); > > - if (!klp_is_patch_registered(patch)) { > + if (!klp_is_patch_usable(patch)) { > ret = -EINVAL; > goto err; > } > @@ -516,7 +534,7 @@ static ssize_t enabled_store(struct kobject *kobj, struct kobj_attribute *attr, > > mutex_lock(&klp_mutex); > > - if (!klp_is_patch_registered(patch)) { > + if (!klp_is_patch_usable(patch)) { > /* > * Module with the patch could either disappear meanwhile or is > * not properly initialized yet. > @@ -971,7 +989,7 @@ int klp_unregister_patch(struct klp_patch *patch) > > mutex_lock(&klp_mutex); > > - if (!klp_is_patch_registered(patch)) { > + if (!klp_is_patch_usable(patch) && !klp_is_patch_replaced(patch)) { > ret = -EINVAL; > goto err; > } > -- > 2.13.6 > -- Josh -- To unsubscribe from this list: send the line "unsubscribe live-patching" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html