[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.LNX.2.00.1502212025450.2357@pobox.suse.cz>
Date: Sat, 21 Feb 2015 20:31:48 +0100 (CET)
From: Jiri Kosina <jkosina@...e.cz>
To: Ingo Molnar <mingo@...nel.org>
cc: Vojtech Pavlik <vojtech@...e.com>,
Josh Poimboeuf <jpoimboe@...hat.com>,
Peter Zijlstra <peterz@...radead.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Ingo Molnar <mingo@...hat.com>,
Seth Jennings <sjenning@...hat.com>,
linux-kernel@...r.kernel.org,
Linus Torvalds <torvalds@...ux-foundation.org>
Subject: Re: live patching design (was: Re: [PATCH 1/3] sched: add
sched_task_call())
On Sat, 21 Feb 2015, Ingo Molnar wrote:
> > But admittedly, if we reserve a special sort-of signal
> > for making the tasks pass through a safe checkpoint (and
> > make them queue there (your solution) or make them just
> > pass through it and continue (current kGraft)), it might
> > reduce the time this effort needs considerably.
>
> Well, I think the 'simple' method has another advantage: it can only
> work if all those problems (kthreads, parking machinery) are solved,
> because the patching will occur only everything is quiescent.
>
> So no shortcuts are allowed, by design. It starts from a fundamentally
> safe, robust base, while all the other approaches I've seen were
> developed in a 'lets get the patching to work, then iteratively try to
> make it safer' which really puts the cart before the horse.
>
> So to put it more bluntly: I don't subscribe to the whole 'consistency
> model' nonsense: that's just crazy talk IMHO.
>
> Make it fundamentally safe from the very beginning, the 'simple method'
> I suggested _won't live patch the kernel_ if the mechanism has a bug and
> some kthread or task does not park. See the difference?
I see the difference, but I am afraid you are simplifying the situation a
litle bit too much.
There will always be properties of patches that will make them
unapplicable in a "live patching" way by design. Think of data structure
layout changes (*).
Or think of kernel that has some 3rd party vendor module loaded, and this
module spawning a ktrehad that is not capable of parking itself.
Or think of patching __notrace__ functions.
Etc.
So it's not black and white, it's really a rather philosophical question
where to draw the line (and make sure that everyone is aware of where the
line is and what it means).
This is exactly why we came up with consistency models -- it allows you to
draw the line at well-defined places.
(*) there are some rather crazy ideas how to make this work, but the price
you pay is basically always unacceptable slowdown
Thanks,
--
Jiri Kosina
SUSE Labs
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists