Jiri Kosina: Live patching

July 22, 2015

Related Material:

  1. 2014 ksummit-discuss: Jiri Kosina: live kernel patching
  2. May 7, 2014 LWN article: The first kpatch submission
  3. February 25, 2015 LWN article: A rough patch for live patching
  4. 2015 LPC Microconference: Live kernel patching wiki and presentations

Additional Participants: Masami Hiramatsu, Kamezawa Hiroyuki,

People tagged: Ingo Molnar, Josh Boyer?,

Jiri Kosina noted that the basic infrastructure for live patching has been merged, but that many loose ends remain. Jiri calls out the following issues:

  1. Live patching would like to rely on stack unwinding, but currently stack unwinding is purely a debugging facility with no correctness guarantees.
  2. The various kthreads all have ad-hoc handling of freezer points, signal handling, and so on. It would be good to consolidate this for common-case kthreads.
  3. An alternative “checkpoint”-based approach to live patching has been proposed, with significant controversy on both sides.

Masami Hiramatsu suggested that live patching could depend on frame pointers in order improve stack-unwinding reliability, but argues that the “checkpoint” approach is not compatible with the real-time requirements common in process-control applications. Jiri agreed that frame pointers would be a good first step, but added that Josh (Boyer?) is planning to also add DWARF2 CFI support.

Kamezawa Hiroyuki is concerned that FUSE-based filesystems could deadlock with the freezer in cases where the userspace logic had called back into the kernel at the time of the freeze. Jiri Kosina argued that this should not be a problem with freezing, because otherwise similar deadlocks would be seen during hibernation. Kamezawa Hiroyuki replied that this problem had in fact been reported during hibernation, and believes that the workaround is to stop using FUSE before hibernating, either by hand, using scripts, or via systemd. Kamezawa therefore believes that these workarounds are not applicable to live kernel patching, so that some other fix will be required. [ Ed. note: Or prohibit use of FUSE on systems that are to be live patched. ]