On Wed, Jan 22, 2020 at 11:09:56AM +0100, Miroslav Benes wrote: > > > > > At this point, I only see downsides of -flive-patching, at least until > > > > we actually have real upstream code which needs it. > > > > > > Can you explain this? The option makes GCC to avoid optimizations which > > > are difficult to detect and would make live patching unsafe. I consider it > > > useful as it is, so if you shared the other downsides and what you meant > > > by real upstream code, we could discuss it. > > > > Only SLES needs it right? Why inflict it on other livepatch users? By > > "real upstream code" I mean there's no (documented) way to create live > > patches using the method which relies on this flag. So I don't see any > > upstream benefits for having it enabled. > > I'd put it differently. SLES and upstream need it, RHEL does not need it. > Or anyone using kpatch-build. I'm confused about why you think upstream needs it. Is all the tooling available somewhere? Is there documentation available which describes how to build patches using that method from start to finish? Are there actual users other than SUSE? BTW, kpatch-build has a *lot* of users other than RHEL. All its tooling and documentation are available on Github. > It is perfectly fine to prepare live patches just from the source code > using upstream live patching infrastructure. Do you mean the dangerous method used by the livepatch sample code which completely ignores interprocedural optimizations? I wouldn't call that perfectly fine. > After all, SLES is nothing else than upstream here. We were creating live > patches manually for quite a long time and only recently we have been > using Nicolai's klp-ccp automation (https://github.com/SUSE/klp-ccp). > > So, everyone using upstream directly relies on the flag, which seems to be > a clear benefit to me. Reverting the patch would be a step back. Who exactly is "everyone using upstream"? >From what I can tell, kpatch-build is the only known way (to those outside of SUSE) to make safe patches for an upstream kernel. And it doesn't need this flag and the problems associated with it: performance, LTO incompatibility, clang incompatibility (I think?), the GCC dead code issue. -- Josh