lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20250515182322.117840-1-pasha.tatashin@soleen.com>
Date: Thu, 15 May 2025 18:23:04 +0000
From: Pasha Tatashin <pasha.tatashin@...een.com>
To: pratyush@...nel.org,
	jasonmiu@...gle.com,
	graf@...zon.com,
	changyuanl@...gle.com,
	pasha.tatashin@...een.com,
	rppt@...nel.org,
	dmatlack@...gle.com,
	rientjes@...gle.com,
	corbet@....net,
	rdunlap@...radead.org,
	ilpo.jarvinen@...ux.intel.com,
	kanie@...ux.alibaba.com,
	ojeda@...nel.org,
	aliceryhl@...gle.com,
	masahiroy@...nel.org,
	akpm@...ux-foundation.org,
	tj@...nel.org,
	yoann.congal@...le.fr,
	mmaurer@...gle.com,
	roman.gushchin@...ux.dev,
	chenridong@...wei.com,
	axboe@...nel.dk,
	mark.rutland@....com,
	jannh@...gle.com,
	vincent.guittot@...aro.org,
	hannes@...xchg.org,
	dan.j.williams@...el.com,
	david@...hat.com,
	joel.granados@...nel.org,
	rostedt@...dmis.org,
	anna.schumaker@...cle.com,
	song@...nel.org,
	zhangguopeng@...inos.cn,
	linux@...ssschuh.net,
	linux-kernel@...r.kernel.org,
	linux-doc@...r.kernel.org,
	linux-mm@...ck.org,
	gregkh@...uxfoundation.org,
	tglx@...utronix.de,
	mingo@...hat.com,
	bp@...en8.de,
	dave.hansen@...ux.intel.com,
	x86@...nel.org,
	hpa@...or.com,
	rafael@...nel.org,
	dakr@...nel.org,
	bartosz.golaszewski@...aro.org,
	cw00.choi@...sung.com,
	myungjoo.ham@...sung.com,
	yesanishhere@...il.com,
	Jonathan.Cameron@...wei.com,
	quic_zijuhu@...cinc.com,
	aleksander.lobakin@...el.com,
	ira.weiny@...el.com,
	andriy.shevchenko@...ux.intel.com,
	leon@...nel.org,
	lukas@...ner.de,
	bhelgaas@...gle.com,
	wagi@...nel.org,
	djeffery@...hat.com,
	stuart.w.hayes@...il.com,
	ptyadav@...zon.de
Subject: [RFC v2 00/16] Live Update Orchestrator

This v2 series introduces the LUO, a kernel subsystem designed to
facilitate live kernel updates with minimal downtime,
particularly in cloud delplyoments aiming to update without fully
disrupting running virtual machines.

This series builds upon KHO framework [1] by adding programmatic
control over KHO's lifecycle and leveraging KHO for persisting LUO's
own metadata across the kexec boundary. The git branch for this series
can be found at:
https://github.com/googleprodkernel/linux-liveupdate/tree/luo/rfc-v2

Changelog from v1:
- Control Interface: Shifted from sysfs-based control
  (/sys/kernel/liveupdate/{prepare,finish}) to an ioctl interface
  (/dev/liveupdate). Sysfs is now primarily for monitoring the state.
- Event/State Renaming: LIVEUPDATE_REBOOT event/phase is now
  LIVEUPDATE_FREEZE.
- FD Preservation: A new component for preserving file descriptors.
  Subsystem Registration: A formal mechanism for kernel subsystems
  to participate.
- Device Layer: removed device list handling from this series, it is
  going to be added separately.
- Selftests: Kernel-side selftest hooks and userspace selftests are
  now included.
KHO Enhancements:
- KHO debugfs became optional, and kernel APIs for finalize/abort
  were added (driven by LUO's needs).
- KHO unpreserve functions were also added.

What is Live Update?
Live Update is a specialized reboot process where selected kernel
resources (memory, file descriptors, and eventually devices) are kept
operational or their state preserved across a kernel transition (e.g.,
via kexec). For certain resources, DMA and interrupt activity might
continue with minimal interruption during the kernel reboot.

LUO v2 Overview:
LUO v2 provides a framework for coordinating live updates. It features:
State Machine: Manages the live update process through states:
NORMAL, PREPARED, FROZEN, UPDATED.

KHO Integration:

LUO programmatically drives KHO's finalization and abort sequences.
KHO's debugfs interface is now optional configured via
CONFIG_KEXEC_HANDOVER_DEBUG.

LUO preserves its own metadata via KHO's kho_add_subtree and
kho_preserve_phys() mechanisms.

Subsystem Participation: A callback API liveupdate_register_subsystem()
allows kernel subsystems (e.g., KVM, IOMMU, VFIO, PCI) to register
handlers for LUO events (PREPARE, FREEZE, FINISH, CANCEL) and persist a
u64 payload via the LUO FDT.

File Descriptor Preservation: Infrastructure
liveupdate_register_filesystem, luo_register_file, luo_retrieve_file to
allow specific types of file descriptors (e.g., memfd, vfio) to be
preserved and restored.

Handlers for specific file types can be registered to manage their
preservation and restoration, storing a u64 payload in the LUO FDT.

Example WIP for memfd preservation can be found here [2].

User-space Interface:

ioctl (/dev/liveupdate): The primary control interface for
triggering LUO state transitions (prepare, freeze, finish, cancel)
and managing the preservation/restoration of file descriptors.
Access requires CAP_SYS_ADMIN.

sysfs (/sys/kernel/liveupdate/state): A read-only interface for
monitoring the current LUO state. This allows userspace services to
track progress and coordinate actions.

Selftests: Includes kernel-side hooks and userspace selftests to
verify core LUO functionality, particularly subsystem registration and
basic state transitions.

LUO State Machine and Events:

NORMAL:   Default operational state.
PREPARED: Initial preparation complete after LIVEUPDATE_PREPARE
          event. Subsystems have saved initial state.
FROZEN:   Final "blackout window" state after LIVEUPDATE_FREEZE
          event, just before kexec. Workloads must be suspended.
UPDATED:  Next kernel has booted via live update. Awaiting restoration
          and LIVEUPDATE_FINISH.

Events:
LIVEUPDATE_PREPARE: Prepare for reboot, serialize state.
LIVEUPDATE_FREEZE:  Final opportunity to save state before kexec.
LIVEUPDATE_FINISH:  Post-reboot cleanup in the next kernel.
LIVEUPDATE_CANCEL:  Abort prepare or freeze, revert changes.

[1] https://lore.kernel.org/all/20250509074635.3187114-1-changyuanl@google.com
    https://github.com/googleprodkernel/linux-liveupdate/tree/luo/kho-v8
[2] https://github.com/googleprodkernel/linux-liveupdate/tree/luo/memfd-v0.1

RFC v1: https://lore.kernel.org/all/20250320024011.2995837-1-pasha.tatashin@soleen.com

Changyuan Lyu (1):
  kho: add kho_unpreserve_folio/phys

Pasha Tatashin (15):
  kho: make debugfs interface optional
  kho: allow to drive kho from within kernel
  luo: luo_core: Live Update Orchestrator
  luo: luo_core: integrate with KHO
  luo: luo_subsystems: add subsystem registration
  luo: luo_subsystems: implement subsystem callbacks
  luo: luo_files: add infrastructure for FDs
  luo: luo_files: implement file systems callbacks
  luo: luo_ioctl: add ioctl interface
  luo: luo_sysfs: add sysfs state monitoring
  reboot: call liveupdate_reboot() before kexec
  luo: add selftests for subsystems un/registration
  selftests/liveupdate: add subsystem/state tests
  docs: add luo documentation
  MAINTAINERS: add liveupdate entry

 .../ABI/testing/sysfs-kernel-liveupdate       |  51 ++
 Documentation/admin-guide/index.rst           |   1 +
 Documentation/admin-guide/liveupdate.rst      |  62 ++
 .../userspace-api/ioctl/ioctl-number.rst      |   1 +
 MAINTAINERS                                   |  14 +-
 drivers/misc/Kconfig                          |   1 +
 drivers/misc/Makefile                         |   1 +
 drivers/misc/liveupdate/Kconfig               |  60 ++
 drivers/misc/liveupdate/Makefile              |   7 +
 drivers/misc/liveupdate/luo_core.c            | 547 +++++++++++++++
 drivers/misc/liveupdate/luo_files.c           | 664 ++++++++++++++++++
 drivers/misc/liveupdate/luo_internal.h        |  59 ++
 drivers/misc/liveupdate/luo_ioctl.c           | 203 ++++++
 drivers/misc/liveupdate/luo_selftests.c       | 283 ++++++++
 drivers/misc/liveupdate/luo_selftests.h       |  23 +
 drivers/misc/liveupdate/luo_subsystems.c      | 413 +++++++++++
 drivers/misc/liveupdate/luo_sysfs.c           |  92 +++
 include/linux/kexec_handover.h                |  27 +
 include/linux/liveupdate.h                    | 214 ++++++
 include/uapi/linux/liveupdate.h               | 324 +++++++++
 kernel/Kconfig.kexec                          |  10 +
 kernel/Makefile                               |   1 +
 kernel/kexec_handover.c                       | 343 +++------
 kernel/kexec_handover_debug.c                 | 237 +++++++
 kernel/kexec_handover_internal.h              |  74 ++
 kernel/reboot.c                               |   4 +
 tools/testing/selftests/Makefile              |   1 +
 tools/testing/selftests/liveupdate/.gitignore |   1 +
 tools/testing/selftests/liveupdate/Makefile   |   7 +
 tools/testing/selftests/liveupdate/config     |   6 +
 .../testing/selftests/liveupdate/liveupdate.c | 440 ++++++++++++
 31 files changed, 3933 insertions(+), 238 deletions(-)
 create mode 100644 Documentation/ABI/testing/sysfs-kernel-liveupdate
 create mode 100644 Documentation/admin-guide/liveupdate.rst
 create mode 100644 drivers/misc/liveupdate/Kconfig
 create mode 100644 drivers/misc/liveupdate/Makefile
 create mode 100644 drivers/misc/liveupdate/luo_core.c
 create mode 100644 drivers/misc/liveupdate/luo_files.c
 create mode 100644 drivers/misc/liveupdate/luo_internal.h
 create mode 100644 drivers/misc/liveupdate/luo_ioctl.c
 create mode 100644 drivers/misc/liveupdate/luo_selftests.c
 create mode 100644 drivers/misc/liveupdate/luo_selftests.h
 create mode 100644 drivers/misc/liveupdate/luo_subsystems.c
 create mode 100644 drivers/misc/liveupdate/luo_sysfs.c
 create mode 100644 include/linux/liveupdate.h
 create mode 100644 include/uapi/linux/liveupdate.h
 create mode 100644 kernel/kexec_handover_debug.c
 create mode 100644 kernel/kexec_handover_internal.h
 create mode 100644 tools/testing/selftests/liveupdate/.gitignore
 create mode 100644 tools/testing/selftests/liveupdate/Makefile
 create mode 100644 tools/testing/selftests/liveupdate/config
 create mode 100644 tools/testing/selftests/liveupdate/liveupdate.c

-- 
2.49.0.1101.gccaa498523-goog


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ