| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CA+CK2bAqisSdZ7gSBd7=hGd1VbLHX5WXfBazR=rO8BOVCRx3pg@mail.gmail.com> Date: Tue, 18 Nov 2025 12:58:20 -0500 From: Pasha Tatashin <pasha.tatashin@...een.com> To: Pratyush Yadav <pratyush@...nel.org> Cc: David Matlack <dmatlack@...gle.com>, jasonmiu@...gle.com, graf@...zon.com, rppt@...nel.org, rientjes@...gle.com, corbet@....net, rdunlap@...radead.org, ilpo.jarvinen@...ux.intel.com, kanie@...ux.alibaba.com, ojeda@...nel.org, aliceryhl@...gle.com, masahiroy@...nel.org, akpm@...ux-foundation.org, tj@...nel.org, yoann.congal@...le.fr, mmaurer@...gle.com, roman.gushchin@...ux.dev, chenridong@...wei.com, axboe@...nel.dk, mark.rutland@....com, jannh@...gle.com, vincent.guittot@...aro.org, hannes@...xchg.org, dan.j.williams@...el.com, david@...hat.com, joel.granados@...nel.org, rostedt@...dmis.org, anna.schumaker@...cle.com, song@...nel.org, linux@...ssschuh.net, linux-kernel@...r.kernel.org, linux-doc@...r.kernel.org, linux-mm@...ck.org, gregkh@...uxfoundation.org, tglx@...utronix.de, mingo@...hat.com, bp@...en8.de, dave.hansen@...ux.intel.com, x86@...nel.org, hpa@...or.com, rafael@...nel.org, dakr@...nel.org, bartosz.golaszewski@...aro.org, cw00.choi@...sung.com, myungjoo.ham@...sung.com, yesanishhere@...il.com, Jonathan.Cameron@...wei.com, quic_zijuhu@...cinc.com, aleksander.lobakin@...el.com, ira.weiny@...el.com, andriy.shevchenko@...ux.intel.com, leon@...nel.org, lukas@...ner.de, bhelgaas@...gle.com, wagi@...nel.org, djeffery@...hat.com, stuart.w.hayes@...il.com, lennart@...ttering.net, brauner@...nel.org, linux-api@...r.kernel.org, linux-fsdevel@...r.kernel.org, saeedm@...dia.com, ajayachandra@...dia.com, jgg@...dia.com, parav@...dia.com, leonro@...dia.com, witu@...dia.com, hughd@...gle.com, skhawaja@...gle.com, chrisl@...nel.org Subject: Re: [PATCH v6 06/20] liveupdate: luo_file: implement file systems callbacks On Tue, Nov 18, 2025 at 12:43 PM Pratyush Yadav <pratyush@...nel.org> wrote: > > On Tue, Nov 18 2025, David Matlack wrote: > > > On 2025-11-15 06:33 PM, Pasha Tatashin wrote: > >> This patch implements the core mechanism for managing preserved > >> files throughout the live update lifecycle. It provides the logic to > >> invoke the file handler callbacks (preserve, unpreserve, freeze, > >> unfreeze, retrieve, and finish) at the appropriate stages. > >> > >> During the reboot phase, luo_file_freeze() serializes the final > >> metadata for each file (handler compatible string, token, and data > >> handle) into a memory region preserved by KHO. In the new kernel, > >> luo_file_deserialize() reconstructs the in-memory file list from this > >> data, preparing the session for retrieval. > >> > >> Signed-off-by: Pasha Tatashin <pasha.tatashin@...een.com> > > > >> +int liveupdate_register_file_handler(struct liveupdate_file_handler *h); > > > > Should there be a way to unregister a file handler? > > > > If VFIO is built as module then I think it would need to be able to > > unregister its file handler when the module is unloaded to avoid leaking > > pointers to its text in LUO. I actually had full unregister functionality in v4 and earlier, but I dropped it from this series to minimize the footprint and get the core infrastructure landed first. For now, safety is guaranteed because liveupdate_register_file_handler() and liveupdate_register_flb() take a module reference. This effectively pins any module that registers with LUO, meaning those driver modules cannot be unloaded or upgraded dynamically, they can only be updated via Live Update or full reboot. I plan to introduce unregister support in a future improvements to relax this constraint. The design I have in mind is: 1. Unregistration will acquire the singleton lock on /dev/liveupdate to ensure no new sessions can be created during teardown. 2. Verify that there are no incoming/outgoing sessions. 2. File-Handler can only be unregistered if there are no FLBs currently registered against it. Pasha > Good point. We also need when using FLB. You would first do > liveupdate_register_file_handler(), and then do > liveupdate_register_flb(). If the latter fails, you would want to > unregister the file handler too. > > -- > Regards, > Pratyush Yadav
Powered by blists - more mailing lists