| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250515182322.117840-1-pasha.tatashin@soleen.com>
Date: Thu, 15 May 2025 18:23:04 +0000
From: Pasha Tatashin <pasha.tatashin@...een.com>
To: pratyush@...nel.org,
jasonmiu@...gle.com,
graf@...zon.com,
changyuanl@...gle.com,
pasha.tatashin@...een.com,
rppt@...nel.org,
dmatlack@...gle.com,
rientjes@...gle.com,
corbet@....net,
rdunlap@...radead.org,
ilpo.jarvinen@...ux.intel.com,
kanie@...ux.alibaba.com,
ojeda@...nel.org,
aliceryhl@...gle.com,
masahiroy@...nel.org,
akpm@...ux-foundation.org,
tj@...nel.org,
yoann.congal@...le.fr,
mmaurer@...gle.com,
roman.gushchin@...ux.dev,
chenridong@...wei.com,
axboe@...nel.dk,
mark.rutland@....com,
jannh@...gle.com,
vincent.guittot@...aro.org,
hannes@...xchg.org,
dan.j.williams@...el.com,
david@...hat.com,
joel.granados@...nel.org,
rostedt@...dmis.org,
anna.schumaker@...cle.com,
song@...nel.org,
zhangguopeng@...inos.cn,
linux@...ssschuh.net,
linux-kernel@...r.kernel.org,
linux-doc@...r.kernel.org,
linux-mm@...ck.org,
gregkh@...uxfoundation.org,
tglx@...utronix.de,
mingo@...hat.com,
bp@...en8.de,
dave.hansen@...ux.intel.com,
x86@...nel.org,
hpa@...or.com,
rafael@...nel.org,
dakr@...nel.org,
bartosz.golaszewski@...aro.org,
cw00.choi@...sung.com,
myungjoo.ham@...sung.com,
yesanishhere@...il.com,
Jonathan.Cameron@...wei.com,
quic_zijuhu@...cinc.com,
aleksander.lobakin@...el.com,
ira.weiny@...el.com,
andriy.shevchenko@...ux.intel.com,
leon@...nel.org,
lukas@...ner.de,
bhelgaas@...gle.com,
wagi@...nel.org,
djeffery@...hat.com,
stuart.w.hayes@...il.com,
ptyadav@...zon.de
Subject: [RFC v2 00/16] Live Update Orchestrator
This v2 series introduces the LUO, a kernel subsystem designed to
facilitate live kernel updates with minimal downtime,
particularly in cloud delplyoments aiming to update without fully
disrupting running virtual machines.
This series builds upon KHO framework [1] by adding programmatic
control over KHO's lifecycle and leveraging KHO for persisting LUO's
own metadata across the kexec boundary. The git branch for this series
can be found at:
https://github.com/googleprodkernel/linux-liveupdate/tree/luo/rfc-v2
Changelog from v1:
- Control Interface: Shifted from sysfs-based control
(/sys/kernel/liveupdate/{prepare,finish}) to an ioctl interface
(/dev/liveupdate). Sysfs is now primarily for monitoring the state.
- Event/State Renaming: LIVEUPDATE_REBOOT event/phase is now
LIVEUPDATE_FREEZE.
- FD Preservation: A new component for preserving file descriptors.
Subsystem Registration: A formal mechanism for kernel subsystems
to participate.
- Device Layer: removed device list handling from this series, it is
going to be added separately.
- Selftests: Kernel-side selftest hooks and userspace selftests are
now included.
KHO Enhancements:
- KHO debugfs became optional, and kernel APIs for finalize/abort
were added (driven by LUO's needs).
- KHO unpreserve functions were also added.
What is Live Update?
Live Update is a specialized reboot process where selected kernel
resources (memory, file descriptors, and eventually devices) are kept
operational or their state preserved across a kernel transition (e.g.,
via kexec). For certain resources, DMA and interrupt activity might
continue with minimal interruption during the kernel reboot.
LUO v2 Overview:
LUO v2 provides a framework for coordinating live updates. It features:
State Machine: Manages the live update process through states:
NORMAL, PREPARED, FROZEN, UPDATED.
KHO Integration:
LUO programmatically drives KHO's finalization and abort sequences.
KHO's debugfs interface is now optional configured via
CONFIG_KEXEC_HANDOVER_DEBUG.
LUO preserves its own metadata via KHO's kho_add_subtree and
kho_preserve_phys() mechanisms.
Subsystem Participation: A callback API liveupdate_register_subsystem()
allows kernel subsystems (e.g., KVM, IOMMU, VFIO, PCI) to register
handlers for LUO events (PREPARE, FREEZE, FINISH, CANCEL) and persist a
u64 payload via the LUO FDT.
File Descriptor Preservation: Infrastructure
liveupdate_register_filesystem, luo_register_file, luo_retrieve_file to
allow specific types of file descriptors (e.g., memfd, vfio) to be
preserved and restored.
Handlers for specific file types can be registered to manage their
preservation and restoration, storing a u64 payload in the LUO FDT.
Example WIP for memfd preservation can be found here [2].
User-space Interface:
ioctl (/dev/liveupdate): The primary control interface for
triggering LUO state transitions (prepare, freeze, finish, cancel)
and managing the preservation/restoration of file descriptors.
Access requires CAP_SYS_ADMIN.
sysfs (/sys/kernel/liveupdate/state): A read-only interface for
monitoring the current LUO state. This allows userspace services to
track progress and coordinate actions.
Selftests: Includes kernel-side hooks and userspace selftests to
verify core LUO functionality, particularly subsystem registration and
basic state transitions.
LUO State Machine and Events:
NORMAL: Default operational state.
PREPARED: Initial preparation complete after LIVEUPDATE_PREPARE
event. Subsystems have saved initial state.
FROZEN: Final "blackout window" state after LIVEUPDATE_FREEZE
event, just before kexec. Workloads must be suspended.
UPDATED: Next kernel has booted via live update. Awaiting restoration
and LIVEUPDATE_FINISH.
Events:
LIVEUPDATE_PREPARE: Prepare for reboot, serialize state.
LIVEUPDATE_FREEZE: Final opportunity to save state before kexec.
LIVEUPDATE_FINISH: Post-reboot cleanup in the next kernel.
LIVEUPDATE_CANCEL: Abort prepare or freeze, revert changes.
[1] https://lore.kernel.org/all/20250509074635.3187114-1-changyuanl@google.com
https://github.com/googleprodkernel/linux-liveupdate/tree/luo/kho-v8
[2] https://github.com/googleprodkernel/linux-liveupdate/tree/luo/memfd-v0.1
RFC v1: https://lore.kernel.org/all/20250320024011.2995837-1-pasha.tatashin@soleen.com
Changyuan Lyu (1):
kho: add kho_unpreserve_folio/phys
Pasha Tatashin (15):
kho: make debugfs interface optional
kho: allow to drive kho from within kernel
luo: luo_core: Live Update Orchestrator
luo: luo_core: integrate with KHO
luo: luo_subsystems: add subsystem registration
luo: luo_subsystems: implement subsystem callbacks
luo: luo_files: add infrastructure for FDs
luo: luo_files: implement file systems callbacks
luo: luo_ioctl: add ioctl interface
luo: luo_sysfs: add sysfs state monitoring
reboot: call liveupdate_reboot() before kexec
luo: add selftests for subsystems un/registration
selftests/liveupdate: add subsystem/state tests
docs: add luo documentation
MAINTAINERS: add liveupdate entry
.../ABI/testing/sysfs-kernel-liveupdate | 51 ++
Documentation/admin-guide/index.rst | 1 +
Documentation/admin-guide/liveupdate.rst | 62 ++
.../userspace-api/ioctl/ioctl-number.rst | 1 +
MAINTAINERS | 14 +-
drivers/misc/Kconfig | 1 +
drivers/misc/Makefile | 1 +
drivers/misc/liveupdate/Kconfig | 60 ++
drivers/misc/liveupdate/Makefile | 7 +
drivers/misc/liveupdate/luo_core.c | 547 +++++++++++++++
drivers/misc/liveupdate/luo_files.c | 664 ++++++++++++++++++
drivers/misc/liveupdate/luo_internal.h | 59 ++
drivers/misc/liveupdate/luo_ioctl.c | 203 ++++++
drivers/misc/liveupdate/luo_selftests.c | 283 ++++++++
drivers/misc/liveupdate/luo_selftests.h | 23 +
drivers/misc/liveupdate/luo_subsystems.c | 413 +++++++++++
drivers/misc/liveupdate/luo_sysfs.c | 92 +++
include/linux/kexec_handover.h | 27 +
include/linux/liveupdate.h | 214 ++++++
include/uapi/linux/liveupdate.h | 324 +++++++++
kernel/Kconfig.kexec | 10 +
kernel/Makefile | 1 +
kernel/kexec_handover.c | 343 +++------
kernel/kexec_handover_debug.c | 237 +++++++
kernel/kexec_handover_internal.h | 74 ++
kernel/reboot.c | 4 +
tools/testing/selftests/Makefile | 1 +
tools/testing/selftests/liveupdate/.gitignore | 1 +
tools/testing/selftests/liveupdate/Makefile | 7 +
tools/testing/selftests/liveupdate/config | 6 +
.../testing/selftests/liveupdate/liveupdate.c | 440 ++++++++++++
31 files changed, 3933 insertions(+), 238 deletions(-)
create mode 100644 Documentation/ABI/testing/sysfs-kernel-liveupdate
create mode 100644 Documentation/admin-guide/liveupdate.rst
create mode 100644 drivers/misc/liveupdate/Kconfig
create mode 100644 drivers/misc/liveupdate/Makefile
create mode 100644 drivers/misc/liveupdate/luo_core.c
create mode 100644 drivers/misc/liveupdate/luo_files.c
create mode 100644 drivers/misc/liveupdate/luo_internal.h
create mode 100644 drivers/misc/liveupdate/luo_ioctl.c
create mode 100644 drivers/misc/liveupdate/luo_selftests.c
create mode 100644 drivers/misc/liveupdate/luo_selftests.h
create mode 100644 drivers/misc/liveupdate/luo_subsystems.c
create mode 100644 drivers/misc/liveupdate/luo_sysfs.c
create mode 100644 include/linux/liveupdate.h
create mode 100644 include/uapi/linux/liveupdate.h
create mode 100644 kernel/kexec_handover_debug.c
create mode 100644 kernel/kexec_handover_internal.h
create mode 100644 tools/testing/selftests/liveupdate/.gitignore
create mode 100644 tools/testing/selftests/liveupdate/Makefile
create mode 100644 tools/testing/selftests/liveupdate/config
create mode 100644 tools/testing/selftests/liveupdate/liveupdate.c
--
2.49.0.1101.gccaa498523-goog
Powered by blists - more mailing lists