On Tue 2022-05-10 13:33:13, Rik van Riel wrote:
> On Tue, 2022-05-10 at 09:56 +0200, Petr Mladek wrote:
> >
> > IMHO, the problem is that klp_transition_work_fn() tries the
> > transition "only" once per second, see
> >
> > void klp_try_complete_transition(void)
> > {
> > [...]
> > schedule_delayed_work(&klp_transition_work,
> > round_jiffies_relative(HZ));
> > [...]
> > }
> >
> > It means that there are "only" 60 attempts to migrate the busy
> > process.
> > It fails when the process is in the running state or sleeping in a
> > livepatched function. There is a _non-zero_ chance of a bad luck.
> >
>
> We are definitely hitting that non-zero chance :)
>
> > Anyway, the limit 60s looks like a bad idea to me. It is too low.
>
> That has its own issues, though. System management software
> tracks whether kpatch succeeds, and a run of the system
> management software will not complete until all of the commands
> it has run have completed.
>
> One reason for this is that allowing system management software
> to just fork more and more things that might potentially get
> stuck is that you never want your system management software
> to come even close to resembling a fork bomb :)
>
> Rollout of the next config change to a system should not be
> blocked on KLP completion.
Makes sense.
> I think the best approach for us might be to just track what
> is causing the transition failures, and send in trivial patches
> to make the outer loop in such kernel threads do the same KLP
> transition the idle task already does.
I am afraid that is a way to hell. We might end up in doing
really crazy things if we want to complete the transition
in one minute.
The great thing about the current approach is that it tries
to livepatch the system without too much disruption. The
more we try to speed up the transition the more we might
disrupt the system. Not to say about the code complexity
and potential bugs.
IMHO a better approach is to fix your management system.
The task is done when the livepatch module is loaded.
If you want to know that there is some problem. Then the
livepatch code might write some warning when the transition
has not finished within some reasonable time frame
(1 hour or so). It might be monitored the same way
as the messages from various watchdogs, ...
Best Regards,
Petr
