| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20230120-vhost-klp-switching-v1-0-7c2b65519c43@kernel.org>
Date: Fri, 20 Jan 2023 16:12:20 -0600
From: "Seth Forshee (DigitalOcean)" <sforshee@...italocean.com>
To: Petr Mladek <pmladek@...e.com>, Jason Wang <jasowang@...hat.com>,
"Michael S. Tsirkin" <mst@...hat.com>,
Jiri Kosina <jikos@...nel.org>,
Miroslav Benes <mbenes@...e.cz>,
Joe Lawrence <joe.lawrence@...hat.com>,
Josh Poimboeuf <jpoimboe@...nel.org>
Cc: virtualization@...ts.linux-foundation.org, kvm@...r.kernel.org,
"Seth Forshee (DigitalOcean)" <sforshee@...nel.org>,
netdev@...r.kernel.org, live-patching@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: [PATCH 0/2] vhost: improve livepatch switching for heavily loaded vhost worker kthreads
We've fairly regularaly seen liveptches which cannot transition within kpatch's
timeout period due to busy vhost worker kthreads. In looking for a solution the
only answer I found was to call klp_update_patch_state() from a safe location.
I tried adding this call to vhost_worker(), and it works, but this creates the
potential for problems if a livepatch attempted to patch vhost_worker().
Without a call to klp_update_patch_state() fully loaded vhost kthreads can
never switch because vhost_worker() will always appear on the stack, but with
the call these kthreads can switch but will still be running the old version of
vhost_worker().
To avoid this situation I've added a new function, klp_switch_current(), which
switches the current task only if its stack does not include any function being
patched. This allows kthreads to safely attempt switching themselves if a patch
is pending. There is at least one downside, however. Since there's no way for
the kthread to track whether it has already tried to switch for a pending patch
it can end up calling klp_switch_current() repeatedly when it can never be
safely switched.
I don't know whether this is the right solution, and I'm happy to try out other
suggestions. But in my testing these patches proved effective in consistently
switching heavily loaded vhost kthreads almost immediately.
To: Josh Poimboeuf <jpoimboe@...nel.org>
To: Jiri Kosina <jikos@...nel.org>
To: Miroslav Benes <mbenes@...e.cz>
To: Petr Mladek <pmladek@...e.com>
To: Joe Lawrence <joe.lawrence@...hat.com>
To: "Michael S. Tsirkin" <mst@...hat.com>
To: Jason Wang <jasowang@...hat.com>
Cc: live-patching@...r.kernel.org
Cc: linux-kernel@...r.kernel.org
Cc: kvm@...r.kernel.org
Cc: virtualization@...ts.linux-foundation.org
Cc: netdev@...r.kernel.org
Signed-off-by: Seth Forshee (DigitalOcean) <sforshee@...nel.org>
---
Seth Forshee (DigitalOcean) (2):
livepatch: add an interface for safely switching kthreads
vhost: check for pending livepatches from vhost worker kthreads
drivers/vhost/vhost.c | 4 ++++
include/linux/livepatch.h | 2 ++
kernel/livepatch/transition.c | 11 +++++++++++
3 files changed, 17 insertions(+)
---
base-commit: 5dc4c995db9eb45f6373a956eb1f69460e69e6d4
change-id: 20230120-vhost-klp-switching-ba9a3ae38b8a
Best regards,
--
Seth Forshee (DigitalOcean) <sforshee@...nel.org>
Powered by blists - more mailing lists