We previously proposed a BPF+livepatch method to enable rapid experimentation with new kernel features without interrupting production workloads:
https://lore.kernel.org/live-patching/[email protected]/ In the resulting discussion, Song and Petr suggested adding a "replace set" to support scenarios where specific livepatches can be selectively replaced or skipped. This patch introduces 'replace_set' to provide finer-grained control over livepatch management. The core rules and behaviors of a replace_set are defined as follows: - Livepatches sharing the same replace_set can mutually replace each other. - Only one livepatch within a given replace_set can be active at a time. - Livepatches belonging to different replace_sets can coexist on the system. - Livepatches in different replace_sets are prohibited from modifying the same function. - Livepatches in different replace_sets cannot use the same state ID. Additionally, this design deprecates the traditional non-atomic-replace model. Previously, setting 'replace' to 0 was the only way to keep certain livepatches persistent on the system, forcing developers to disable atomic replacement entirely. With the introduction of replace_set, developers now have a selective option to keep specific livepatches persistent while maintaining atomic replacement capabilities elsewhere. At present, KLP state, shadow variables, and callbacks are not integrated with the new replace_set mechanism in this patchset. Support for these features is deferred until Petr's klp-state-transfer infrastructure is completed and merged: https://github.com/pmladek/linux/tree/klp-state-transfer-v1-iter12 v1->v2: - Incorporate feedback from Petr: - Initialize replace_set to 0 by default - Improve documentation - Enforce that livepatches in different replace_sets cannot use the same state->id. - Enforce that livepatches in different replace_sets cannot modify the same function. - Ensure consistent capitalization and naming usage of KLP_REPLACE_SET. - Incorporate feedback from Sachiko AI: - Skip the klp_transition patch during klp_force_transition(). v1 (RFC): https://lore.kernel.org/live-patching/[email protected]/ Yafang Shao (4): livepatch: Make klp_find_func() non-static livepatch: Support scoped atomic replace using replace_set livepatch: Deprecate stack_order selftests/livepatch: Update tests for replace_set .../ABI/testing/sysfs-kernel-livepatch | 6 +- .../livepatch/cumulative-patches.rst | 23 +++-- Documentation/livepatch/livepatch.rst | 21 ++-- include/linux/livepatch.h | 8 +- kernel/livepatch/core.c | 52 +++------- kernel/livepatch/state.c | 51 ++++++++-- kernel/livepatch/transition.c | 11 ++- scripts/livepatch/init.c | 6 +- scripts/livepatch/klp-build | 16 +-- .../selftests/livepatch/test-callbacks.sh | 33 +++---- .../selftests/livepatch/test-livepatch.sh | 98 +------------------ .../testing/selftests/livepatch/test-sysfs.sh | 91 +++-------------- .../test_modules/test_klp_atomic_replace.c | 10 +- .../test_modules/test_klp_callbacks_demo.c | 6 ++ .../test_modules/test_klp_callbacks_demo2.c | 10 +- .../test_modules/test_klp_livepatch.c | 6 ++ .../livepatch/test_modules/test_klp_state.c | 2 +- .../livepatch/test_modules/test_klp_state2.c | 2 +- 18 files changed, 165 insertions(+), 287 deletions(-) -- 2.47.3
