On Mon, Jun 04, 2018 at 04:16:35PM +0200, Miroslav Benes wrote:
> An administrator may send a fake signal to all remaining blocking tasks
> of a running transition by writing to
> /sys/kernel/livepatch/<patch>/signal attribute. Let's do it
> automatically after 10 seconds. The timeout is chosen deliberately. It
> gives the tasks enough time to transition themselves.
>
> Theoretically, sending it once should be more than enough. Better be safe
> than sorry, so send it periodically.
This is the part I don't understand. Why do it periodically?
Instead, might it make sense to just send the signals once, and if that
doesn't work, reverse the transition? Then we could make patching a
synchronous operation. But then, it might be remotely possible that the
reverse operation also stalls (e.g., on a kthread). So, maybe it's best
to just leave all these controls in the hands of the user.
All that said, a few code review comments:
- AFAICT, it does an 8 second delay instead of a 10 second delay,
because
a) try_complete_transition() is first called before there's any delay;
b) the preincrement operator used on signals_cnt.
- I think 15 seconds might be a better default. I've seen longer
patching delays on a system with 100+ CPUs.
- If a kthread or idle task is sleeping on a patched function, the
pr_notice("signaling remaining tasks\n") will be repeated continously.
- It might be cleaner to do it from the delayed work function
(klp_transition_work_fn).
--
Josh
--
To unsubscribe from this list: send the line "unsubscribe live-patching" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
