lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aRoGw9gml3vozrbz@kernel.org>
Date: Sun, 16 Nov 2025 19:15:47 +0200
From: Mike Rapoport <rppt@...nel.org>
To: Pasha Tatashin <pasha.tatashin@...een.com>
Cc: pratyush@...nel.org, jasonmiu@...gle.com, graf@...zon.com,
	dmatlack@...gle.com, rientjes@...gle.com, corbet@....net,
	rdunlap@...radead.org, ilpo.jarvinen@...ux.intel.com,
	kanie@...ux.alibaba.com, ojeda@...nel.org, aliceryhl@...gle.com,
	masahiroy@...nel.org, akpm@...ux-foundation.org, tj@...nel.org,
	yoann.congal@...le.fr, mmaurer@...gle.com, roman.gushchin@...ux.dev,
	chenridong@...wei.com, axboe@...nel.dk, mark.rutland@....com,
	jannh@...gle.com, vincent.guittot@...aro.org, hannes@...xchg.org,
	dan.j.williams@...el.com, david@...hat.com,
	joel.granados@...nel.org, rostedt@...dmis.org,
	anna.schumaker@...cle.com, song@...nel.org, linux@...ssschuh.net,
	linux-kernel@...r.kernel.org, linux-doc@...r.kernel.org,
	linux-mm@...ck.org, gregkh@...uxfoundation.org, tglx@...utronix.de,
	mingo@...hat.com, bp@...en8.de, dave.hansen@...ux.intel.com,
	x86@...nel.org, hpa@...or.com, rafael@...nel.org, dakr@...nel.org,
	bartosz.golaszewski@...aro.org, cw00.choi@...sung.com,
	myungjoo.ham@...sung.com, yesanishhere@...il.com,
	Jonathan.Cameron@...wei.com, quic_zijuhu@...cinc.com,
	aleksander.lobakin@...el.com, ira.weiny@...el.com,
	andriy.shevchenko@...ux.intel.com, leon@...nel.org, lukas@...ner.de,
	bhelgaas@...gle.com, wagi@...nel.org, djeffery@...hat.com,
	stuart.w.hayes@...il.com, ptyadav@...zon.de, lennart@...ttering.net,
	brauner@...nel.org, linux-api@...r.kernel.org,
	linux-fsdevel@...r.kernel.org, saeedm@...dia.com,
	ajayachandra@...dia.com, jgg@...dia.com, parav@...dia.com,
	leonro@...dia.com, witu@...dia.com, hughd@...gle.com,
	skhawaja@...gle.com, chrisl@...nel.org
Subject: Re: [PATCH v6 05/20] liveupdate: luo_ioctl: add user interface

On Sat, Nov 15, 2025 at 06:33:51PM -0500, Pasha Tatashin wrote:
> Introduce the user-space interface for the Live Update Orchestrator
> via ioctl commands, enabling external control over the live update
> process and management of preserved resources.
> 
> The idea is that there is going to be a single userspace agent driving
> the live update, therefore, only a single process can ever hold this
> device opened at a time.
> 
> The following ioctl commands are introduced:
> 
> LIVEUPDATE_IOCTL_CREATE_SESSION
> Provides a way for userspace to create a named session for grouping file
> descriptors that need to be preserved. It returns a new file descriptor
> representing the session.
> 
> LIVEUPDATE_IOCTL_RETRIEVE_SESSION
> Allows the userspace agent in the new kernel to reclaim a preserved
> session by its name, receiving a new file descriptor to manage the
> restored resources.
> 
> Signed-off-by: Pasha Tatashin <pasha.tatashin@...een.com>
> ---
>  include/uapi/linux/liveupdate.h  |  66 +++++++++++-
>  kernel/liveupdate/luo_internal.h |  21 ++++
>  kernel/liveupdate/luo_ioctl.c    | 178 +++++++++++++++++++++++++++++++
>  3 files changed, 264 insertions(+), 1 deletion(-)
> 
> diff --git a/include/uapi/linux/liveupdate.h b/include/uapi/linux/liveupdate.h
> index d2ef2f7e0dbd..6e04254ee535 100644
> --- a/include/uapi/linux/liveupdate.h
> +++ b/include/uapi/linux/liveupdate.h
> @@ -44,6 +44,70 @@
>  #define LIVEUPDATE_IOCTL_TYPE		0xBA
>  
>  /* The maximum length of session name including null termination */
> -#define LIVEUPDATE_SESSION_NAME_LENGTH 56
> +#define LIVEUPDATE_SESSION_NAME_LENGTH 64
> +
> +/* The /dev/liveupdate ioctl commands */
> +enum {
> +	LIVEUPDATE_CMD_BASE = 0x00,
> +	LIVEUPDATE_CMD_CREATE_SESSION = LIVEUPDATE_CMD_BASE,
> +	LIVEUPDATE_CMD_RETRIEVE_SESSION = 0x01,
> +};
> +
> +/**
> + * struct liveupdate_ioctl_create_session - ioctl(LIVEUPDATE_IOCTL_CREATE_SESSION)
> + * @size:	Input; sizeof(struct liveupdate_ioctl_create_session)
> + * @fd:		Output; The new file descriptor for the created session.
> + * @name:	Input; A null-terminated string for the session name, max
> + *		length %LIVEUPDATE_SESSION_NAME_LENGTH including termination
> + *		char.

Nit:          ^ character

> + *
> + * Creates a new live update session for managing preserved resources.
> + * This ioctl can only be called on the main /dev/liveupdate device.
> + *
> + * Return: 0 on success, negative error code on failure.
> + */
> +struct liveupdate_ioctl_create_session {
> +	__u32		size;
> +	__s32		fd;
> +	__u8		name[LIVEUPDATE_SESSION_NAME_LENGTH];
> +};
> +
> +#define LIVEUPDATE_IOCTL_CREATE_SESSION					\
> +	_IO(LIVEUPDATE_IOCTL_TYPE, LIVEUPDATE_CMD_CREATE_SESSION)
> +
> +/**
> + * struct liveupdate_ioctl_retrieve_session - ioctl(LIVEUPDATE_IOCTL_RETRIEVE_SESSION)
> + * @size:    Input; sizeof(struct liveupdate_ioctl_retrieve_session)
> + * @fd:      Output; The new file descriptor for the retrieved session.
> + * @name:    Input; A null-terminated string identifying the session to retrieve.
> + *           The name must exactly match the name used when the session was
> + *           created in the previous kernel.
> + *
> + * Retrieves a handle (a new file descriptor) for a preserved session by its
> + * name. This is the primary mechanism for a userspace agent to regain control
> + * of its preserved resources after a live update.
> + *
> + * The userspace application provides the null-terminated `name` of a session
> + * it created before the live update. If a preserved session with a matching
> + * name is found, the kernel instantiates it and returns a new file descriptor
> + * in the `fd` field. This new session FD can then be used for all file-specific
> + * operations, such as restoring individual file descriptors with
> + * LIVEUPDATE_SESSION_RETRIEVE_FD.
> + *
> + * It is the responsibility of the userspace application to know the names of
> + * the sessions it needs to retrieve. If no session with the given name is
> + * found, the ioctl will fail with -ENOENT.
> + *
> + * This ioctl can only be called on the main /dev/liveupdate device when the
> + * system is in the LIVEUPDATE_STATE_UPDATED state.
> + */
> +struct liveupdate_ioctl_retrieve_session {
> +	__u32		size;
> +	__s32		fd;
> +	__u8		name[LIVEUPDATE_SESSION_NAME_LENGTH];
> +};
> +
> +#define LIVEUPDATE_IOCTL_RETRIEVE_SESSION \
> +	_IO(LIVEUPDATE_IOCTL_TYPE, LIVEUPDATE_CMD_RETRIEVE_SESSION)
>  
>  #endif /* _UAPI_LIVEUPDATE_H */
> diff --git a/kernel/liveupdate/luo_internal.h b/kernel/liveupdate/luo_internal.h
> index 245373edfa6f..5185ad37a8c1 100644
> --- a/kernel/liveupdate/luo_internal.h
> +++ b/kernel/liveupdate/luo_internal.h
> @@ -9,6 +9,27 @@
>  #define _LINUX_LUO_INTERNAL_H
>  
>  #include <linux/liveupdate.h>
> +#include <linux/uaccess.h>
> +
> +struct luo_ucmd {
> +	void __user *ubuffer;
> +	u32 user_size;
> +	void *cmd;
> +};
> +
> +static inline int luo_ucmd_respond(struct luo_ucmd *ucmd,
> +				   size_t kernel_cmd_size)
> +{
> +	/*
> +	 * Copy the minimum of what the user provided and what we actually
> +	 * have.
> +	 */
> +	if (copy_to_user(ucmd->ubuffer, ucmd->cmd,
> +			 min_t(size_t, ucmd->user_size, kernel_cmd_size))) {
> +		return -EFAULT;
> +	}
> +	return 0;
> +}
>  
>  /**
>   * struct luo_session - Represents an active or incoming Live Update session.
> diff --git a/kernel/liveupdate/luo_ioctl.c b/kernel/liveupdate/luo_ioctl.c
> index 44d365185f7c..367385efa962 100644
> --- a/kernel/liveupdate/luo_ioctl.c
> +++ b/kernel/liveupdate/luo_ioctl.c
> @@ -5,15 +5,192 @@
>   * Pasha Tatashin <pasha.tatashin@...een.com>
>   */
>  
> +/**
> + * DOC: LUO ioctl Interface
> + *
> + * The IOCTL user-space control interface for the LUO subsystem.
> + * It registers a character device, typically found at ``/dev/liveupdate``,
> + * which allows a userspace agent to manage the LUO state machine and its
> + * associated resources, such as preservable file descriptors.
> + *
> + * To ensure that the state machine is controlled by a single entity, access
> + * to this device is exclusive: only one process is permitted to have
> + * ``/dev/liveupdate`` open at any given time. Subsequent open attempts will
> + * fail with -EBUSY until the first process closes its file descriptor.
> + * This singleton model simplifies state management by preventing conflicting
> + * commands from multiple userspace agents.
> + */
> +
> +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> +
> +#include <linux/atomic.h>
> +#include <linux/errno.h>
> +#include <linux/file.h>
> +#include <linux/fs.h>
> +#include <linux/init.h>
> +#include <linux/kernel.h>
>  #include <linux/liveupdate.h>
>  #include <linux/miscdevice.h>
> +#include <uapi/linux/liveupdate.h>
> +#include "luo_internal.h"
>  
>  struct luo_device_state {
>  	struct miscdevice miscdev;
> +	atomic_t in_use;
> +};
> +
> +static int luo_ioctl_create_session(struct luo_ucmd *ucmd)
> +{
> +	struct liveupdate_ioctl_create_session *argp = ucmd->cmd;
> +	struct file *file;
> +	int err;
> +
> +	argp->fd = get_unused_fd_flags(O_CLOEXEC);
> +	if (argp->fd < 0)
> +		return argp->fd;
> +
> +	err = luo_session_create(argp->name, &file);
> +	if (err)
> +		goto err_put_fd;
> +
> +	err = luo_ucmd_respond(ucmd, sizeof(*argp));
> +	if (err)
> +		goto err_put_file;
> +
> +	fd_install(argp->fd, file);
> +
> +	return 0;
> +
> +err_put_file:
> +	fput(file);
> +err_put_fd:
> +	put_unused_fd(argp->fd);
> +
> +	return err;
> +}
> +
> +static int luo_ioctl_retrieve_session(struct luo_ucmd *ucmd)
> +{
> +	struct liveupdate_ioctl_retrieve_session *argp = ucmd->cmd;
> +	struct file *file;
> +	int err;
> +
> +	argp->fd = get_unused_fd_flags(O_CLOEXEC);
> +	if (argp->fd < 0)
> +		return argp->fd;
> +
> +	err = luo_session_retrieve(argp->name, &file);
> +	if (err < 0)
> +		goto err_put_fd;
> +
> +	err = luo_ucmd_respond(ucmd, sizeof(*argp));
> +	if (err)
> +		goto err_put_file;
> +
> +	fd_install(argp->fd, file);
> +
> +	return 0;
> +
> +err_put_file:
> +	fput(file);
> +err_put_fd:
> +	put_unused_fd(argp->fd);
> +
> +	return err;
> +}
> +
> +static int luo_open(struct inode *inodep, struct file *filep)
> +{
> +	struct luo_device_state *ldev = container_of(filep->private_data,
> +						     struct luo_device_state,
> +						     miscdev);
> +
> +	if (atomic_cmpxchg(&ldev->in_use, 0, 1))
> +		return -EBUSY;
> +
> +	luo_session_deserialize();

Why luo_session_deserialize() is tied to the first open of the chardev?

> +
> +	return 0;
> +}
> +

-- 
Sincerely yours,
Mike.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ