From nobody Mon Feb 9 04:30:58 2026 Received: from mail-yw1-f172.google.com (mail-yw1-f172.google.com [209.85.128.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A3E60263F2D for ; Sat, 15 Nov 2025 23:34:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.172 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763249660; cv=none; b=nvrhVTI/yGwKhHu4LOnTCnIjBeq+8+QC1wL+w6VBYzoBG/4gRUmKD344VZ+yYiiy2o1AuLSiqGxyhIyQVEQ1EQDhrGG54/eztgBwbxtPpDC2UGy+/4OKQjWYZQryJ+V50RjC0BVSIzv6h+7E5K3bzvaNMFKdpjge8owOoiMXv5w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763249660; c=relaxed/simple; bh=NQKtPLWR81Qm7MzT9lC2XjYilnYCbYjBtKuJoGGXQX4=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=spa23O33Ai8ky7eoqZXIaBv9Wk8xxyDdc5rVrm6+ZqfqugmvamN3PTE8TcEveyxcDAaWdy2ufgU19fX2oCPgTkoeYH+e9hPDtDtXkSjZSsTXRlGvHC9V81uVAj0Bb6mlGg79+GYQoUcrDyHGfG7w6DoPXOO8WRrtfXGWAv5XSO0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=soleen.com; spf=pass smtp.mailfrom=soleen.com; dkim=pass (2048-bit key) header.d=soleen.com header.i=@soleen.com header.b=UvKFyOZ1; arc=none smtp.client-ip=209.85.128.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=soleen.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=soleen.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=soleen.com header.i=@soleen.com header.b="UvKFyOZ1" Received: by mail-yw1-f172.google.com with SMTP id 00721157ae682-71d71bcab69so27330647b3.0 for ; Sat, 15 Nov 2025 15:34:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=soleen.com; s=google; t=1763249657; x=1763854457; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=DsNyMuhtDAQHyD6UHI66GVXsruEvzFMYKhd6mwZ56OI=; b=UvKFyOZ1XfKpXz5ZLSKeWWTen9L0ta1L0oMMPGgSJcxK1gmLR06PkxhadyhIk7YSeu SLnjOc7+kvFTA57K5gvgA5VyqFs+gq/xb4QB18lTys4mDcXQTb3yiGySWEJR68mZyCvH LcnI5Wwgk3CBYA9Wl9z5F4bYVFDLYjGcWjd9DU6JD3W/CnbB9GzrytNoK8Pg8PQParm0 P4UrouHlFJSMZy1B/oRVTYiQzHreiHnpL/THQNnZHi3Sp1nIGN0dAbhhsuhCqjK6lrO1 Tmj1tT0XF9sJ5wQ+3BAU2LG8bFs7lALgfoICVyULSBzBocobbZEF21M/em8q9jDWxA1k jklg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763249657; x=1763854457; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=DsNyMuhtDAQHyD6UHI66GVXsruEvzFMYKhd6mwZ56OI=; b=XNtr0lOK3WS043yfT0o5YBUD4XdlDwG0OngOiYTecryTB3eUXOcAwGUtu4j2jukHTz RwwOnth3PCIW8/9WXZUFfDzpATn2U39r+uaUl9fSmNBSNA2jtIZQLTQYtc20ymA6T5yo AOavoTjyc0+JBsIZjlm+bCSxW9/r+N9q+nAy55YklW9YWBs/WBqVUcNr5Q9dJZcseoKr tkYxKvDqbjKJjckC9/B78JNOvZ1kNBNeY2CyQUCCHbHNyEj6Y9xWWMTgLZS37fjjQsuX emOEtIMlr8cTNtZ01ab0UdcF51FkuQFL+QeLb2m3FSPKe4uLICgRfZ9KR6dw0nxhFhCp r2/Q== X-Forwarded-Encrypted: i=1; AJvYcCVjnMPW5iZYh6D9eKBb+dxbN2O7KgqOZyqznVGD5BsZ77n93bWERvHb24Rx4voN70zr+RGaiRfrWNqy7Ks=@vger.kernel.org X-Gm-Message-State: AOJu0YzbeP+3gfhSQNl9FfgZo/m+vpPBj8EuxBp/WL/IEY3E5gUJ9vUh z5b8NKlZIHL+BAEoncqdKmIlPsZ2vOKLaO+MNj50ByVY6TuXXk6zat8OQiD6WZ5n67E= X-Gm-Gg: ASbGncuIZcqzcrnsGbTsBF8KDI8ByB4ZjiTuitMzL8Ytby9PzXMB2Zs7Ftsvhp31McT LaeWUu/zRlLL96XAENCO4RjQlE0Jv9uXDVDLvWFRkZEg8rVvlvPulihDyann4YOWRaV2REdco9x ZneNh9M4zJjrWjn40Ugs7WmDaMoD1qxT1yMEI0MWcVxukwpL8f16twXDkAGXiO13N0QUEJ04Zix ICDpkd9+S0iAi3oU2KRAbIXz8uREh3PGiEw4ilOPwmwFNHwB+5u+5USRKtRH/U+sonoZIOAq9+I TD9kKyAqbEv0fq+sW7zvCutt90k0riursKpqNYSOd/61uPWFZ3TE0V8eW2ABtd9SEQAdO/iWyr3 EcxVE3ezF8IsFzCQzchBwPMyL0i/VKVM757j9fDaJGBA9fLjp12v2xjev4stovswfnDQxkqlBHJ LSx4wAWxGUguLHg0Olzvl234i/M8FN2rQt1vipYk2fy/hGY6mY6zr38zbjZCLdVjsqbeVS X-Google-Smtp-Source: AGHT+IHkSgV5Rn6D+sYrviaVQ1zxvVEpwoqTPqlZvJGsTAz/bbXvFVvHMeVFqz6Pbcj3yEwUtgWUWQ== X-Received: by 2002:a05:690c:c371:b0:788:143:27d9 with SMTP id 00721157ae682-78929eee242mr60220677b3.44.1763249657444; Sat, 15 Nov 2025 15:34:17 -0800 (PST) Received: from soleen.c.googlers.com.com (182.221.85.34.bc.googleusercontent.com. [34.85.221.182]) by smtp.gmail.com with ESMTPSA id 00721157ae682-7882218774esm28462007b3.57.2025.11.15.15.34.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 15 Nov 2025 15:34:16 -0800 (PST) From: Pasha Tatashin To: pratyush@kernel.org, jasonmiu@google.com, graf@amazon.com, pasha.tatashin@soleen.com, rppt@kernel.org, dmatlack@google.com, rientjes@google.com, corbet@lwn.net, rdunlap@infradead.org, ilpo.jarvinen@linux.intel.com, kanie@linux.alibaba.com, ojeda@kernel.org, aliceryhl@google.com, masahiroy@kernel.org, akpm@linux-foundation.org, tj@kernel.org, yoann.congal@smile.fr, mmaurer@google.com, roman.gushchin@linux.dev, chenridong@huawei.com, axboe@kernel.dk, mark.rutland@arm.com, jannh@google.com, vincent.guittot@linaro.org, hannes@cmpxchg.org, dan.j.williams@intel.com, david@redhat.com, joel.granados@kernel.org, rostedt@goodmis.org, anna.schumaker@oracle.com, song@kernel.org, linux@weissschuh.net, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, gregkh@linuxfoundation.org, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, rafael@kernel.org, dakr@kernel.org, bartosz.golaszewski@linaro.org, cw00.choi@samsung.com, myungjoo.ham@samsung.com, yesanishhere@gmail.com, Jonathan.Cameron@huawei.com, quic_zijuhu@quicinc.com, aleksander.lobakin@intel.com, ira.weiny@intel.com, andriy.shevchenko@linux.intel.com, leon@kernel.org, lukas@wunner.de, bhelgaas@google.com, wagi@kernel.org, djeffery@redhat.com, stuart.w.hayes@gmail.com, ptyadav@amazon.de, lennart@poettering.net, brauner@kernel.org, linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org, saeedm@nvidia.com, ajayachandra@nvidia.com, jgg@nvidia.com, parav@nvidia.com, leonro@nvidia.com, witu@nvidia.com, hughd@google.com, skhawaja@google.com, chrisl@kernel.org Subject: [PATCH v6 01/20] liveupdate: luo_core: luo_ioctl: Live Update Orchestrator Date: Sat, 15 Nov 2025 18:33:47 -0500 Message-ID: <20251115233409.768044-2-pasha.tatashin@soleen.com> X-Mailer: git-send-email 2.52.0.rc1.455.g30608eb744-goog In-Reply-To: <20251115233409.768044-1-pasha.tatashin@soleen.com> References: <20251115233409.768044-1-pasha.tatashin@soleen.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Introduce LUO, a mechanism intended to facilitate kernel updates while keeping designated devices operational across the transition (e.g., via kexec). The primary use case is updating hypervisors with minimal disruption to running virtual machines. For userspace side of hypervisor update we have copyless migration. LUO is for updating the kernel. This initial patch lays the groundwork for the LUO subsystem. Further functionality, including the implementation of state transition logic, integration with KHO, and hooks for subsystems and file descriptors, will be added in subsequent patches. Create a character device at /dev/liveupdate. A new uAPI header, , will define the necessary structures. The magic number for IOCTL is registered in Documentation/userspace-api/ioctl/ioctl-number.rst. Signed-off-by: Pasha Tatashin Reviewed-by: Pratyush Yadav --- .../userspace-api/ioctl/ioctl-number.rst | 2 + include/linux/liveupdate.h | 35 ++++++++ include/uapi/linux/liveupdate.h | 46 ++++++++++ kernel/liveupdate/Kconfig | 27 ++++++ kernel/liveupdate/Makefile | 6 ++ kernel/liveupdate/luo_core.c | 86 +++++++++++++++++++ kernel/liveupdate/luo_ioctl.c | 45 ++++++++++ 7 files changed, 247 insertions(+) create mode 100644 include/linux/liveupdate.h create mode 100644 include/uapi/linux/liveupdate.h create mode 100644 kernel/liveupdate/luo_core.c create mode 100644 kernel/liveupdate/luo_ioctl.c diff --git a/Documentation/userspace-api/ioctl/ioctl-number.rst b/Documenta= tion/userspace-api/ioctl/ioctl-number.rst index 7c527a01d1cf..7232b3544cec 100644 --- a/Documentation/userspace-api/ioctl/ioctl-number.rst +++ b/Documentation/userspace-api/ioctl/ioctl-number.rst @@ -385,6 +385,8 @@ Code Seq# Include File = Comments 0xB8 01-02 uapi/misc/mrvl_cn10k_dpi.h Mar= vell CN10K DPI driver 0xB8 all uapi/linux/mshv.h Mic= rosoft Hyper-V /dev/mshv driver +0xBA 00-0F uapi/linux/liveupdate.h Pas= ha Tatashin + 0xC0 00-0F linux/usb/iowarrior.h 0xCA 00-0F uapi/misc/cxl.h Dea= d since 6.15 0xCA 10-2F uapi/misc/ocxl.h diff --git a/include/linux/liveupdate.h b/include/linux/liveupdate.h new file mode 100644 index 000000000000..730b76625fec --- /dev/null +++ b/include/linux/liveupdate.h @@ -0,0 +1,35 @@ +/* SPDX-License-Identifier: GPL-2.0 */ + +/* + * Copyright (c) 2025, Google LLC. + * Pasha Tatashin + */ +#ifndef _LINUX_LIVEUPDATE_H +#define _LINUX_LIVEUPDATE_H + +#include +#include +#include + +#ifdef CONFIG_LIVEUPDATE + +/* Return true if live update orchestrator is enabled */ +bool liveupdate_enabled(void); + +/* Called during kexec to tell LUO that entered into reboot */ +int liveupdate_reboot(void); + +#else /* CONFIG_LIVEUPDATE */ + +static inline bool liveupdate_enabled(void) +{ + return false; +} + +static inline int liveupdate_reboot(void) +{ + return 0; +} + +#endif /* CONFIG_LIVEUPDATE */ +#endif /* _LINUX_LIVEUPDATE_H */ diff --git a/include/uapi/linux/liveupdate.h b/include/uapi/linux/liveupdat= e.h new file mode 100644 index 000000000000..df34c1642c4d --- /dev/null +++ b/include/uapi/linux/liveupdate.h @@ -0,0 +1,46 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ + +/* + * Userspace interface for /dev/liveupdate + * Live Update Orchestrator + * + * Copyright (c) 2025, Google LLC. + * Pasha Tatashin + */ + +#ifndef _UAPI_LIVEUPDATE_H +#define _UAPI_LIVEUPDATE_H + +#include +#include + +/** + * DOC: General ioctl format + * + * The ioctl interface follows a general format to allow for extensibility= . Each + * ioctl is passed in a structure pointer as the argument providing the si= ze of + * the structure in the first u32. The kernel checks that any structure sp= ace + * beyond what it understands is 0. This allows userspace to use the backw= ard + * compatible portion while consistently using the newer, larger, structur= es. + * + * ioctls use a standard meaning for common errnos: + * + * - ENOTTY: The IOCTL number itself is not supported at all + * - E2BIG: The IOCTL number is supported, but the provided structure has + * non-zero in a part the kernel does not understand. + * - EOPNOTSUPP: The IOCTL number is supported, and the structure is + * understood, however a known field has a value the kernel does not + * understand or support. + * - EINVAL: Everything about the IOCTL was understood, but a field is not + * correct. + * - ENOENT: A provided token does not exist. + * - ENOMEM: Out of memory. + * - EOVERFLOW: Mathematics overflowed. + * + * As well as additional errnos, within specific ioctls. + */ + +/* The ioctl type, documented in ioctl-number.rst */ +#define LIVEUPDATE_IOCTL_TYPE 0xBA + +#endif /* _UAPI_LIVEUPDATE_H */ diff --git a/kernel/liveupdate/Kconfig b/kernel/liveupdate/Kconfig index a973a54447de..90857dccb359 100644 --- a/kernel/liveupdate/Kconfig +++ b/kernel/liveupdate/Kconfig @@ -1,4 +1,10 @@ # SPDX-License-Identifier: GPL-2.0-only +# +# Copyright (c) 2025, Google LLC. +# Pasha Tatashin +# +# Live Update Orchestrator +# =20 menu "Live Update and Kexec HandOver" depends on !DEFERRED_STRUCT_PAGE_INIT @@ -51,4 +57,25 @@ config KEXEC_HANDOVER_ENABLE_DEFAULT The default behavior can still be overridden at boot time by passing 'kho=3Doff'. =20 +config LIVEUPDATE + bool "Live Update Orchestrator" + depends on KEXEC_HANDOVER + help + Enable the Live Update Orchestrator. Live Update is a mechanism, + typically based on kexec, that allows the kernel to be updated + while keeping selected devices operational across the transition. + These devices are intended to be reclaimed by the new kernel and + re-attached to their original workload without requiring a device + reset. + + Ability to handover a device from current to the next kernel depends + on specific support within device drivers and related kernel + subsystems. + + This feature primarily targets virtual machine hosts to quickly update + the kernel hypervisor with minimal disruption to the running virtual + machines. + + If unsure, say N. + endmenu diff --git a/kernel/liveupdate/Makefile b/kernel/liveupdate/Makefile index f52ce1ebcf86..413722002b7a 100644 --- a/kernel/liveupdate/Makefile +++ b/kernel/liveupdate/Makefile @@ -1,5 +1,11 @@ # SPDX-License-Identifier: GPL-2.0 =20 +luo-y :=3D \ + luo_core.o \ + luo_ioctl.o + obj-$(CONFIG_KEXEC_HANDOVER) +=3D kexec_handover.o obj-$(CONFIG_KEXEC_HANDOVER_DEBUG) +=3D kexec_handover_debug.o obj-$(CONFIG_KEXEC_HANDOVER_DEBUGFS) +=3D kexec_handover_debugfs.o + +obj-$(CONFIG_LIVEUPDATE) +=3D luo.o diff --git a/kernel/liveupdate/luo_core.c b/kernel/liveupdate/luo_core.c new file mode 100644 index 000000000000..0e1ab19fa1cd --- /dev/null +++ b/kernel/liveupdate/luo_core.c @@ -0,0 +1,86 @@ +// SPDX-License-Identifier: GPL-2.0 + +/* + * Copyright (c) 2025, Google LLC. + * Pasha Tatashin + */ + +/** + * DOC: Live Update Orchestrator (LUO) + * + * Live Update is a specialized, kexec-based reboot process that allows a + * running kernel to be updated from one version to another while preservi= ng + * the state of selected resources and keeping designated hardware devices + * operational. For these devices, DMA activity may continue throughout the + * kernel transition. + * + * While the primary use case driving this work is supporting live updates= of + * the Linux kernel when it is used as a hypervisor in cloud environments,= the + * LUO framework itself is designed to be workload-agnostic. Much like Ker= nel + * Live Patching, which applies security fixes regardless of the workload, + * Live Update facilitates a full kernel version upgrade for any type of s= ystem. + * + * For example, a non-hypervisor system running an in-memory cache like + * memcached with many gigabytes of data can use LUO. The userspace service + * can place its cache into a memfd, have its state preserved by LUO, and + * restore it immediately after the kernel kexec. + * + * Whether the system is running virtual machines, containers, a + * high-performance database, or networking services, LUO's primary goal i= s to + * enable a full kernel update by preserving critical userspace state and + * keeping essential devices operational. + * + * The core of LUO is a mechanism that tracks the progress of a live updat= e, + * along with a callback API that allows other kernel subsystems to partic= ipate + * in the process. Example subsystems that can hook into LUO include: kvm, + * iommu, interrupts, vfio, participating filesystems, and memory manageme= nt. + * + * LUO uses Kexec Handover to transfer memory state from the current kerne= l to + * the next kernel. For more details see + * Documentation/core-api/kho/concepts.rst. + */ + +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt + +#include +#include + +static struct { + bool enabled; +} luo_global; + +static int __init early_liveupdate_param(char *buf) +{ + return kstrtobool(buf, &luo_global.enabled); +} +early_param("liveupdate", early_liveupdate_param); + +/* Public Functions */ + +/** + * liveupdate_reboot() - Kernel reboot notifier for live update final + * serialization. + * + * This function is invoked directly from the reboot() syscall pathway + * if kexec is in progress. + * + * If any callback fails, this function aborts KHO, undoes the freeze() + * callbacks, and returns an error. + */ +int liveupdate_reboot(void) +{ + return 0; +} + +/** + * liveupdate_enabled - Check if the live update feature is enabled. + * + * This function returns the state of the live update feature flag, which + * can be controlled via the ``liveupdate`` kernel command-line parameter. + * + * @return true if live update is enabled, false otherwise. + */ +bool liveupdate_enabled(void) +{ + return luo_global.enabled; +} diff --git a/kernel/liveupdate/luo_ioctl.c b/kernel/liveupdate/luo_ioctl.c new file mode 100644 index 000000000000..44d365185f7c --- /dev/null +++ b/kernel/liveupdate/luo_ioctl.c @@ -0,0 +1,45 @@ +// SPDX-License-Identifier: GPL-2.0 + +/* + * Copyright (c) 2025, Google LLC. + * Pasha Tatashin + */ + +#include +#include + +struct luo_device_state { + struct miscdevice miscdev; +}; + +static const struct file_operations luo_fops =3D { + .owner =3D THIS_MODULE, +}; + +static struct luo_device_state luo_dev =3D { + .miscdev =3D { + .minor =3D MISC_DYNAMIC_MINOR, + .name =3D "liveupdate", + .fops =3D &luo_fops, + }, +}; + +static int __init liveupdate_ioctl_init(void) +{ + if (!liveupdate_enabled()) + return 0; + + return misc_register(&luo_dev.miscdev); +} +module_init(liveupdate_ioctl_init); + +static void __exit liveupdate_exit(void) +{ + misc_deregister(&luo_dev.miscdev); +} +module_exit(liveupdate_exit); + +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Pasha Tatashin"); +MODULE_DESCRIPTION("Live Update Orchestrator"); +MODULE_VERSION("0.1"); --=20 2.52.0.rc1.455.g30608eb744-goog From nobody Mon Feb 9 04:30:58 2026 Received: from mail-yw1-f176.google.com (mail-yw1-f176.google.com [209.85.128.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3A36C26F471 for ; Sat, 15 Nov 2025 23:34:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.176 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763249664; cv=none; b=Fx8RGOAve70xZB/+MPEok+zdGy1vEEFlEqnp5K1l7PVw/fzZW91a+J6HHvvUxttOhL5093ee6TmJ+qe55sxmuX4xBFsdGSdCXFcwvXrAZC2aro1oANj5dQQQ/bSFahyqrUIHcHWxAsCbrJG+zv9c5JY3/T3Mn/9EpHLpEKvk6yw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763249664; c=relaxed/simple; bh=85s8aRdE8kPGJFRP7ZNIAfLg9kvRem2DBsVDlxsaNoE=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ADhY3n2bFelK3NEA19hG8iVM5auuncoZfqPT/vZUMfdL/YY9bImEvOY8EW2CExZyWb7kjKqI+WH2Gn9LVUY3P2A3O1k2/49RFjdOa1xVSg+LX3dsY/tgNRPfXbdiw5aNxUi0FItx1e6NI4IbNPA/uLn93VsflP+lMmcxo0eHlm4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=soleen.com; spf=pass smtp.mailfrom=soleen.com; dkim=pass (2048-bit key) header.d=soleen.com header.i=@soleen.com header.b=bzJrhVwh; arc=none smtp.client-ip=209.85.128.176 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=soleen.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=soleen.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=soleen.com header.i=@soleen.com header.b="bzJrhVwh" Received: by mail-yw1-f176.google.com with SMTP id 00721157ae682-78933de9ab5so14587357b3.1 for ; Sat, 15 Nov 2025 15:34:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=soleen.com; s=google; t=1763249660; x=1763854460; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=23di5vng5g7PzO6qdci6haN5BnqYj05Ou9mnU5YCuOY=; b=bzJrhVwhAcx8OIRFIJ+fOV8hsLG+wd4n7QfCmy07OxEKuCHKZgl5N1TMZxCK9UMh5t wRZ4mwFgHPimECtGC0FVImHX//qPN2R5DqqX6bUOssaahmcOaqh+gf2QQgdZOiIGNfr/ Tb+Q0C/iC1YCU0sD8ZBKJDZxkOW36QgplIsWjGJ0qZ/n86IrrwBGAy/f1C65HB+56XX0 NVDrQ1c+wYgRgIr1QsBT6DIbavnlGpV8R8BBYRoWB1ILKfgvTb8zGZ1eLPjxe3/99zk3 5/Azs31Jld9EKK9J0TT6WnksKcf7KvvlGLz9UggNKrrJPqJ0jxh7ZI4dR4k+AeNVOKm3 E29Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763249660; x=1763854460; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=23di5vng5g7PzO6qdci6haN5BnqYj05Ou9mnU5YCuOY=; b=e2PvRa6KT5hMFyxRrN4vRqBrqLR5vCV4ijb7Xb0TKEXeB2D3SW3dCyVeEVshAnHzX/ 3pXr4yQD2cuXyJYL5pWl/JVh1mq3qgLIY9Du3pB48EiuKbdrNC3K+y3kaNDn19N2u0UL e/MBsUEKcvT48zPtIL8dzdK2hC3Vw7ACscxknnTbeRKIs51l1aU59YJ4ePJZln0M5qAu qXkBKYg1zUyYb7mJIQQ93DDiX9ZjuXPeypSqGxtAB4/weeoDKn8RU3ljGaDGyFMmggjV FqCKxgu6HaMEKHnMUqCh6yy4MNCv+yK1cSIeTIhXautlBK04I6DBKNV641fp/lj/t5QZ 8s9w== X-Forwarded-Encrypted: i=1; AJvYcCX2T7j4kCP7+dnIAOVTrtDA0MaxlqPdXpfP6qYyxtGPks47mpPU7j5VWCnSk1qQyY84fRW2PDnCoSEAtlw=@vger.kernel.org X-Gm-Message-State: AOJu0YyKqllnkQ6w/QszZC/x3Zoo7jVRAmerkY2xKPY3t/DLx6Ergl2B KcqXXOSsN2qv1IzLU7WoOa6/MSTZZGETPzANogA02qCC3/wkgm2ZPEy1x+nnLM9Bpvc= X-Gm-Gg: ASbGnctAFq1viGf54bawfF/FbExG2hbN9ZbPFHvK6IydpzEdQLezyv1OUlAFgxKgQ+P abqm+hjU6VtaV5yvTUiVyw3vzpSse8oPeCOjDCDVQanr6xv5ZIrxltbpHdbNJUFJDRHEHyk6LXg Kwd98sA5sKAG4jTG7TYjGKHfrZAG1dUF1vW+gtMSZgGBg77qLBOYmSh8eY3wC9dK39hmA6Atebl 7Jewr7SXxHqdyV9S0Va1Hd46ZDGhCKPTYnDKSPALyYpZGv5403mJd7QupLdAMDmBNE/wguODe1T HZkujp1iRtcpT1mjDOGNuWLKikuA59rFoUAeEWZoXa+Z5d1p08W74B8wRZwmnFB7wSySputFTEz zOwrEsQv7mDMbpkwrXcksFVQMkbkVrCOlB7rx5hd0e/RZEgiXYWQhxAeFXVodG486XJy78Oe3KF QbdBr2HgQVRXsvqdyBt1jEc2z1NJWQN4cIuhBPFvOosLtZv8JswU68IUGAp1SDAhnCl0aa05Ssi 16EFvY= X-Google-Smtp-Source: AGHT+IEUj2RUJjPsfBfXOnD3CReia59JiFjPNPh1BEz+Ns8My+i3Um+tr89GzjAojwVUDuStxu7XSg== X-Received: by 2002:a05:690c:a1cd:b0:784:883c:a88d with SMTP id 00721157ae682-78929f3d937mr47983967b3.52.1763249660013; Sat, 15 Nov 2025 15:34:20 -0800 (PST) Received: from soleen.c.googlers.com.com (182.221.85.34.bc.googleusercontent.com. [34.85.221.182]) by smtp.gmail.com with ESMTPSA id 00721157ae682-7882218774esm28462007b3.57.2025.11.15.15.34.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 15 Nov 2025 15:34:19 -0800 (PST) From: Pasha Tatashin To: pratyush@kernel.org, jasonmiu@google.com, graf@amazon.com, pasha.tatashin@soleen.com, rppt@kernel.org, dmatlack@google.com, rientjes@google.com, corbet@lwn.net, rdunlap@infradead.org, ilpo.jarvinen@linux.intel.com, kanie@linux.alibaba.com, ojeda@kernel.org, aliceryhl@google.com, masahiroy@kernel.org, akpm@linux-foundation.org, tj@kernel.org, yoann.congal@smile.fr, mmaurer@google.com, roman.gushchin@linux.dev, chenridong@huawei.com, axboe@kernel.dk, mark.rutland@arm.com, jannh@google.com, vincent.guittot@linaro.org, hannes@cmpxchg.org, dan.j.williams@intel.com, david@redhat.com, joel.granados@kernel.org, rostedt@goodmis.org, anna.schumaker@oracle.com, song@kernel.org, linux@weissschuh.net, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, gregkh@linuxfoundation.org, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, rafael@kernel.org, dakr@kernel.org, bartosz.golaszewski@linaro.org, cw00.choi@samsung.com, myungjoo.ham@samsung.com, yesanishhere@gmail.com, Jonathan.Cameron@huawei.com, quic_zijuhu@quicinc.com, aleksander.lobakin@intel.com, ira.weiny@intel.com, andriy.shevchenko@linux.intel.com, leon@kernel.org, lukas@wunner.de, bhelgaas@google.com, wagi@kernel.org, djeffery@redhat.com, stuart.w.hayes@gmail.com, ptyadav@amazon.de, lennart@poettering.net, brauner@kernel.org, linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org, saeedm@nvidia.com, ajayachandra@nvidia.com, jgg@nvidia.com, parav@nvidia.com, leonro@nvidia.com, witu@nvidia.com, hughd@google.com, skhawaja@google.com, chrisl@kernel.org Subject: [PATCH v6 02/20] liveupdate: luo_core: integrate with KHO Date: Sat, 15 Nov 2025 18:33:48 -0500 Message-ID: <20251115233409.768044-3-pasha.tatashin@soleen.com> X-Mailer: git-send-email 2.52.0.rc1.455.g30608eb744-goog In-Reply-To: <20251115233409.768044-1-pasha.tatashin@soleen.com> References: <20251115233409.768044-1-pasha.tatashin@soleen.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Integrate the LUO with the KHO framework to enable passing LUO state across a kexec reboot. When LUO is transitioned to a "prepared" state, it tells KHO to finalize, so all memory segments that were added to KHO preservation list are getting preserved. After "Prepared" state no new segments can be preserved. If LUO is canceled, it also tells KHO to cancel the serialization, and therefore, later LUO can go back into the prepared state. This patch introduces the following changes: - During the KHO finalization phase allocate FDT blob. - Populate this FDT with a LUO compatibility string ("luo-v1"). LUO now depends on `CONFIG_KEXEC_HANDOVER`. The core state transition logic (`luo_do_*_calls`) remains unimplemented in this patch. Signed-off-by: Pasha Tatashin --- include/linux/liveupdate/abi/luo.h | 54 ++++++++++ kernel/liveupdate/luo_core.c | 153 ++++++++++++++++++++++++++++- 2 files changed, 206 insertions(+), 1 deletion(-) create mode 100644 include/linux/liveupdate/abi/luo.h diff --git a/include/linux/liveupdate/abi/luo.h b/include/linux/liveupdate/= abi/luo.h new file mode 100644 index 000000000000..9483a294287f --- /dev/null +++ b/include/linux/liveupdate/abi/luo.h @@ -0,0 +1,54 @@ +/* SPDX-License-Identifier: GPL-2.0 */ + +/* + * Copyright (c) 2025, Google LLC. + * Pasha Tatashin + */ + +/** + * DOC: Live Update Orchestrator ABI + * + * This header defines the stable Application Binary Interface used by the + * Live Update Orchestrator to pass state from a pre-update kernel to a + * post-update kernel. The ABI is built upon the Kexec HandOver framework + * and uses a Flattened Device Tree to describe the preserved data. + * + * This interface is a contract. Any modification to the FDT structure, no= de + * properties, compatible strings, or the layout of the `__packed` seriali= zation + * structures defined here constitutes a breaking change. Such changes req= uire + * incrementing the version number in the relevant `_COMPATIBLE` string to + * prevent a new kernel from misinterpreting data from an old kernel. + * + * FDT Structure Overview: + * The entire LUO state is encapsulated within a single KHO entry named = "LUO". + * This entry contains an FDT with the following layout: + * + * .. code-block:: none + * + * / { + * compatible =3D "luo-v1"; + * liveupdate-number =3D <...>; + * }; + * + * Main LUO Node (/): + * + * - compatible: "luo-v1" + * Identifies the overall LUO ABI version. + * - liveupdate-number: u64 + * A counter tracking the number of successful live updates performed. + */ + +#ifndef _LINUX_LIVEUPDATE_ABI_LUO_H +#define _LINUX_LIVEUPDATE_ABI_LUO_H + +/* + * The LUO FDT hooks all LUO state for sessions, fds, etc. + * In the root it allso carries "liveupdate-number" 64-bit property that + * corresponds to the number of live-updates performed on this machine. + */ +#define LUO_FDT_SIZE PAGE_SIZE +#define LUO_FDT_KHO_ENTRY_NAME "LUO" +#define LUO_FDT_COMPATIBLE "luo-v1" +#define LUO_FDT_LIVEUPDATE_NUM "liveupdate-number" + +#endif /* _LINUX_LIVEUPDATE_ABI_LUO_H */ diff --git a/kernel/liveupdate/luo_core.c b/kernel/liveupdate/luo_core.c index 0e1ab19fa1cd..4a213b262b9f 100644 --- a/kernel/liveupdate/luo_core.c +++ b/kernel/liveupdate/luo_core.c @@ -42,11 +42,24 @@ =20 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt =20 +#include +#include #include +#include #include +#include +#include +#include +#include +#include + +#include "kexec_handover_internal.h" =20 static struct { bool enabled; + void *fdt_out; + void *fdt_in; + u64 liveupdate_num; } luo_global; =20 static int __init early_liveupdate_param(char *buf) @@ -55,6 +68,129 @@ static int __init early_liveupdate_param(char *buf) } early_param("liveupdate", early_liveupdate_param); =20 +static int __init luo_early_startup(void) +{ + phys_addr_t fdt_phys; + int err, ln_size; + const void *ptr; + + if (!kho_is_enabled()) { + if (liveupdate_enabled()) + pr_warn("Disabling liveupdate because KHO is disabled\n"); + luo_global.enabled =3D false; + return 0; + } + + /* Retrieve LUO subtree, and verify its format. */ + err =3D kho_retrieve_subtree(LUO_FDT_KHO_ENTRY_NAME, &fdt_phys); + if (err) { + if (err !=3D -ENOENT) { + pr_err("failed to retrieve FDT '%s' from KHO: %pe\n", + LUO_FDT_KHO_ENTRY_NAME, ERR_PTR(err)); + return err; + } + + return 0; + } + + luo_global.fdt_in =3D phys_to_virt(fdt_phys); + err =3D fdt_node_check_compatible(luo_global.fdt_in, 0, + LUO_FDT_COMPATIBLE); + if (err) { + pr_err("FDT '%s' is incompatible with '%s' [%d]\n", + LUO_FDT_KHO_ENTRY_NAME, LUO_FDT_COMPATIBLE, err); + + return -EINVAL; + } + + ln_size =3D 0; + ptr =3D fdt_getprop(luo_global.fdt_in, 0, LUO_FDT_LIVEUPDATE_NUM, + &ln_size); + if (!ptr || ln_size !=3D sizeof(luo_global.liveupdate_num)) { + pr_err("Unable to get live update number '%s' [%d]\n", + LUO_FDT_LIVEUPDATE_NUM, ln_size); + + return -EINVAL; + } + + luo_global.liveupdate_num =3D get_unaligned((u64 *)ptr); + pr_info("Retrieved live update data, liveupdate number: %lld\n", + luo_global.liveupdate_num); + + return 0; +} + +static int __init liveupdate_early_init(void) +{ + int err; + + err =3D luo_early_startup(); + if (err) { + pr_err("The incoming tree failed to initialize properly [%pe], disabling= live update\n", + ERR_PTR(err)); + luo_global.enabled =3D false; + } + + return err; +} +early_initcall(liveupdate_early_init); + +/* Called during boot to create outgoing LUO fdt tree */ +static int __init luo_fdt_setup(void) +{ + const u64 ln =3D luo_global.liveupdate_num + 1; + void *fdt_out; + int err; + + fdt_out =3D kho_alloc_preserve(LUO_FDT_SIZE); + if (IS_ERR(fdt_out)) { + pr_err("failed to allocate/preserve FDT memory\n"); + return PTR_ERR(fdt_out); + } + + err =3D fdt_create(fdt_out, LUO_FDT_SIZE); + err |=3D fdt_finish_reservemap(fdt_out); + err |=3D fdt_begin_node(fdt_out, ""); + err |=3D fdt_property_string(fdt_out, "compatible", LUO_FDT_COMPATIBLE); + err |=3D fdt_property(fdt_out, LUO_FDT_LIVEUPDATE_NUM, &ln, sizeof(ln)); + err |=3D fdt_end_node(fdt_out); + err |=3D fdt_finish(fdt_out); + if (err) + goto exit_free; + + err =3D kho_add_subtree(LUO_FDT_KHO_ENTRY_NAME, fdt_out); + if (err) + goto exit_free; + luo_global.fdt_out =3D fdt_out; + + return 0; + +exit_free: + kho_unpreserve_free(fdt_out); + pr_err("failed to prepare LUO FDT: %d\n", err); + + return err; +} + +/* + * late initcall because it initializes the outgoing tree that is needed o= nly + * once userspace starts using /dev/liveupdate. + */ +static int __init luo_late_startup(void) +{ + int err; + + if (!liveupdate_enabled()) + return 0; + + err =3D luo_fdt_setup(); + if (err) + luo_global.enabled =3D false; + + return err; +} +late_initcall(luo_late_startup); + /* Public Functions */ =20 /** @@ -69,7 +205,22 @@ early_param("liveupdate", early_liveupdate_param); */ int liveupdate_reboot(void) { - return 0; + int err; + + if (!liveupdate_enabled()) + return 0; + + err =3D kho_finalize(); + if (err) { + pr_err("kho_finalize failed %d\n", err); + /* + * kho_finalize() may return libfdt errors, to aboid passing to + * userspace unknown errors, change this to EAGAIN. + */ + err =3D -EAGAIN; + } + + return err; } =20 /** --=20 2.52.0.rc1.455.g30608eb744-goog From nobody Mon Feb 9 04:30:58 2026 Received: from mail-yx1-f50.google.com (mail-yx1-f50.google.com [74.125.224.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D554C27146A for ; Sat, 15 Nov 2025 23:34:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.224.50 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763249666; cv=none; b=bHd2pJj4hlVXm83S2vl+zqdJDOGKmrtEhXsBHeFMx/ccTxswe+18/pl0B7RPU1XGVqm5ylcnAZ4KMW6l60Hcj9ETSl17oYBiZs5fGp5mkxps9z/x3oj/8nQh4GBuLedrSDyTbrYxZhT8OtM3ZiCAexEXSxSKu/rMCkr9stFW5dE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763249666; c=relaxed/simple; bh=E5mYrrro8NuMkC7HPDRevyvgCJvESo2IchKI5QmQD24=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=E2SUAQqWorvmlREnHx2E3EoGkjt4Ctdp0I9HXwS3EN194nwoFyhrOE5uGVIm+5Lul7wd8HwQ98WduvmmAjM3UddPQHvNJH7WpxHRju7Jzebee59B7d+eMNQwmS5r5FmA3is0a4CeVTzn7cGupVHpKRtyLaTNARf+O6pBVDTFWYU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=soleen.com; spf=pass smtp.mailfrom=soleen.com; dkim=pass (2048-bit key) header.d=soleen.com header.i=@soleen.com header.b=Vv5M4s4M; arc=none smtp.client-ip=74.125.224.50 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=soleen.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=soleen.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=soleen.com header.i=@soleen.com header.b="Vv5M4s4M" Received: by mail-yx1-f50.google.com with SMTP id 956f58d0204a3-63fbed0f71aso2518157d50.0 for ; Sat, 15 Nov 2025 15:34:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=soleen.com; s=google; t=1763249663; x=1763854463; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=ffF6ShDH072kEeRsAneEmG7BXpD8z3YnDwKiTvXVzXs=; b=Vv5M4s4MbrZaPZzUnOkFJ76hhvkmuERgaGRqL1tIN8y5KepaYZOw/Tu+Xu3Edtl9t3 25ZzhmpORqXbdS5edKlWEm8miyI4KHd7WrhVY/GlR5x9/Tfxa7Ehko7PnW0rhCYHMN9W 2EByd+g5tDX+koAZ2B1VF+N7NYy39cMtfh0fgPezQ9fyndvKYl6ZhEVVAyTzRiT4yEoE m+4ZOebyBqp07E0dzUi/V23AdQIkp9wNWMusu9Jn+hD6trtyRonySzmz3T2beA5STHE1 dnoMYv0YvAD3k9es+LFyckE4vVWCpJ8aJAPBjIbDNxvhtWIMmoIpAJbRL2RXb+kE6ELY Avrw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763249663; x=1763854463; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=ffF6ShDH072kEeRsAneEmG7BXpD8z3YnDwKiTvXVzXs=; b=oWHbdd3B2L7VrSnyM1RNpuTZ7ymey47OCmVVQk8DZygL90PBwzeHd837mYmhJMNll1 +AaH7+AxH3oZodFOkl+wTznxTfD0JAEBlXIPA11UXZnsYK2yuHD0uS/6P0X7TbJdRY+E pn90ywYLXZkBPEihbtVZ5NcK9mh7bUF5cE0alcY1xx5Aupx4PWriMhgiTM2n1vzVMSFQ 42cO3ioyM/KQQ63kHuPX5mMl59Vax2I7tK2THohwodUBsCMS7SOBQlVwtOG9cwh2pqIg 3IHK2deiHrOtOxnRGiBpZLem0ikxbrrhfwE5QjHbCqcL5KDVtjbeNfs5sDX8RrkDPBrE kGyw== X-Forwarded-Encrypted: i=1; AJvYcCW8kTv8umRFLQiS1V3uRmcCk6q61ba8V01w3hi91NmufSzRyuj9ttno+TCUyB7l3ERkPZJrhcem7FjjSuU=@vger.kernel.org X-Gm-Message-State: AOJu0Yzoe3F401NpWKNY55ci/RcPhfUSi9MDuU2CYgO11hNS+lXYAPcf 04RQkyAiNKrvtYoSUH/Yzy4kKyxY0/cuCc4F+/XZT8dRbLbfCGIUFSQOkW5HVloo+8M= X-Gm-Gg: ASbGnct9vpp0GCbi9jFyHJ1T1qhf05J+XWPhWZFgsE9sVu4GCgHHvmX3qb9ZCCGld/U 74u2wYTfId8j9DQCSbwWMK+F1hXQNVP9dxRZPkpw3iHg0mktTxVNLRjLuKziMtNWOPwLfmMbmbW jnE5ZZn/idU/Fi8297Vq38wKr1Bk6oZiGj1HxtJykt/bXQWEWjRq80wJ2/6b9jIBj+E5/EGATPp sNyHK0GpnUc3ayywIV+XqBCsbEpblw9wZTrCz69RNHxp/wB6Meq/c6OYXr2EE8g2l3cUffc8zKc v9Lg72FPSTy/Yre8fgYxIWPcfNDyZqIsl2UPeUZ1di0/JQJI7XbNeLkkzp5D+knxmo+u4ngPm1H sU04+Ic7y83/e+7+Kf2VZDK9wLgfIFv9aclGrJaJtkl4hVv4ULD9Cf5LhWli7dcwXNnuowRZ5zy 4BpxsIMU1lG7csVeRagVgAPoHAujiJb4BfQ6zgG/3CtH+YlhHIlcRiflVw2LLgANlueppjJKEkP lU4x3g= X-Google-Smtp-Source: AGHT+IGaaou1T8IlNwnvhEGAvgtl5hmvWdjNxQr9knw88/sarPOBHEpKzr0vdGK9CACIRmLZkXd5Qw== X-Received: by 2002:a05:690e:4366:b0:63f:b6a4:dcbb with SMTP id 956f58d0204a3-641e76b2c36mr5840850d50.69.1763249662685; Sat, 15 Nov 2025 15:34:22 -0800 (PST) Received: from soleen.c.googlers.com.com (182.221.85.34.bc.googleusercontent.com. [34.85.221.182]) by smtp.gmail.com with ESMTPSA id 00721157ae682-7882218774esm28462007b3.57.2025.11.15.15.34.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 15 Nov 2025 15:34:21 -0800 (PST) From: Pasha Tatashin To: pratyush@kernel.org, jasonmiu@google.com, graf@amazon.com, pasha.tatashin@soleen.com, rppt@kernel.org, dmatlack@google.com, rientjes@google.com, corbet@lwn.net, rdunlap@infradead.org, ilpo.jarvinen@linux.intel.com, kanie@linux.alibaba.com, ojeda@kernel.org, aliceryhl@google.com, masahiroy@kernel.org, akpm@linux-foundation.org, tj@kernel.org, yoann.congal@smile.fr, mmaurer@google.com, roman.gushchin@linux.dev, chenridong@huawei.com, axboe@kernel.dk, mark.rutland@arm.com, jannh@google.com, vincent.guittot@linaro.org, hannes@cmpxchg.org, dan.j.williams@intel.com, david@redhat.com, joel.granados@kernel.org, rostedt@goodmis.org, anna.schumaker@oracle.com, song@kernel.org, linux@weissschuh.net, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, gregkh@linuxfoundation.org, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, rafael@kernel.org, dakr@kernel.org, bartosz.golaszewski@linaro.org, cw00.choi@samsung.com, myungjoo.ham@samsung.com, yesanishhere@gmail.com, Jonathan.Cameron@huawei.com, quic_zijuhu@quicinc.com, aleksander.lobakin@intel.com, ira.weiny@intel.com, andriy.shevchenko@linux.intel.com, leon@kernel.org, lukas@wunner.de, bhelgaas@google.com, wagi@kernel.org, djeffery@redhat.com, stuart.w.hayes@gmail.com, ptyadav@amazon.de, lennart@poettering.net, brauner@kernel.org, linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org, saeedm@nvidia.com, ajayachandra@nvidia.com, jgg@nvidia.com, parav@nvidia.com, leonro@nvidia.com, witu@nvidia.com, hughd@google.com, skhawaja@google.com, chrisl@kernel.org Subject: [PATCH v6 03/20] kexec: call liveupdate_reboot() before kexec Date: Sat, 15 Nov 2025 18:33:49 -0500 Message-ID: <20251115233409.768044-4-pasha.tatashin@soleen.com> X-Mailer: git-send-email 2.52.0.rc1.455.g30608eb744-goog In-Reply-To: <20251115233409.768044-1-pasha.tatashin@soleen.com> References: <20251115233409.768044-1-pasha.tatashin@soleen.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Modify the kernel_kexec() to call liveupdate_reboot(). This ensures that the Live Update Orchestrator is notified just before the kernel executes the kexec jump. The liveupdate_reboot() function triggers the final freeze event, allowing participating FDs perform last-minute check or state saving within the blackout window. If liveupdate_reboot() returns an error (indicating a failure during LUO finalization), the kexec operation is aborted to prevent proceeding with an inconsistent state. An error is returned to user. Signed-off-by: Pasha Tatashin Reviewed-by: Mike Rapoport (Microsoft) Reviewed-by: Pratyush Yadav --- kernel/kexec_core.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/kernel/kexec_core.c b/kernel/kexec_core.c index a8890dd03a1d..3122235c225b 100644 --- a/kernel/kexec_core.c +++ b/kernel/kexec_core.c @@ -15,6 +15,7 @@ #include #include #include +#include #include #include #include @@ -1145,6 +1146,10 @@ int kernel_kexec(void) goto Unlock; } =20 + error =3D liveupdate_reboot(); + if (error) + goto Unlock; + #ifdef CONFIG_KEXEC_JUMP if (kexec_image->preserve_context) { /* --=20 2.52.0.rc1.455.g30608eb744-goog From nobody Mon Feb 9 04:30:58 2026 Received: from mail-yx1-f44.google.com (mail-yx1-f44.google.com [74.125.224.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 18F18273D9A for ; Sat, 15 Nov 2025 23:34:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.224.44 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763249670; cv=none; b=tLnsa8HOM8X679sayxU2qO3CD6g0+Ubc/ZF/PanD8nxlPKaPqC+5lvijYvK6G8vwuzV/zhVLgi/GHS4gEuVawQfzPrkrR3BNcqY84mKv8qAxllwJms6luZjnlEm8eGDjztFQZmDndxbgztwcy8D7EXph8KCFpNa6sTECDPaBRWs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763249670; c=relaxed/simple; bh=DC+/8cF3L0u6R0EjydgxU5jp3TE/1fwcl8clX8IYvGo=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Yj0PbtJFcQEy3E/QZuay66v7zZgdPsP0jQ0XYZdQPEgfPmzm7+iRtuX1Qinlmr938UWMNjCOIWyboLV9hdR7qK3pXQczWeqLp1Pu+jIZ4vyGF9pZW2F2D5BKH+/P/V4CGgC6OrRcgOYoXsUWP1uRrsWCxombi7afX8g0K9jvS/s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=soleen.com; spf=pass smtp.mailfrom=soleen.com; dkim=pass (2048-bit key) header.d=soleen.com header.i=@soleen.com header.b=iDvFDUmc; arc=none smtp.client-ip=74.125.224.44 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=soleen.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=soleen.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=soleen.com header.i=@soleen.com header.b="iDvFDUmc" Received: by mail-yx1-f44.google.com with SMTP id 956f58d0204a3-63f74b43db8so2959788d50.3 for ; Sat, 15 Nov 2025 15:34:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=soleen.com; s=google; t=1763249665; x=1763854465; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=vC5HIk5wxfhNcl9YYsg8q2jT/gR3iTIogBqHasBQCwg=; b=iDvFDUmcGD+1rXech82FyaE/16nR4WBUKwDb22k7XfdgYKRvB/mz62hq9OE75Jr3sk Lg7P2RPbUGGEoqiz0ymOOdZPpNccJSH/URUrDtcVwTsvLWjwwnA7prVxWbt355za9kat Rqy63E0L7g0Z/gwSe+29zOtEPgexReACpZmIzvGqFrdh244OrdwpY2tnMaS5B57pw9AY kRMNQ1l4iaYxyNShtguQrOFB7FNgmmrFtKJZmGn8zP5tsKJzAyuz6jx6CJVydyDVkLpe WldQ8r+QiCLcZzFpo7hYiVhzL34t9629SuAN72jyVUW9z/meu4MZq7gNB2siWRdCWJVM tPdw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763249665; x=1763854465; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=vC5HIk5wxfhNcl9YYsg8q2jT/gR3iTIogBqHasBQCwg=; b=VbzH9dV19NlkV7lj/Qi5FwK8eQk4XpyxR7hboTHUNAV1uUHCg25reMVpyDPYv49Brk Q5ym8iwb9eS2udIOthqfJI4WzeGQm4tJk4vNdRK+yu4L1n/vIIP3JWtOmnIFdNje42eu WZSj1lkAxqE0fjmiRl9zYT2Pw7vtXq5C3zq5b1nIIPh0KNSc7b+CTXMJgRMQY5HMwfpv dUX8Y47hA2J2gYO/OJjPnIdpaWeS9UE1KsYI1Xorxn96sPl7cu23Wags6xanqDsx1U/L fCaBe8LglJ5Nw9E7SCpPD6GFJCXA/5X5ARYwiMaMYbOO+TJSaIjtTe4deudq2L6m/T1Z mCcw== X-Forwarded-Encrypted: i=1; AJvYcCUoXze8lwwePz/USr5IiewWkoOWAqihtWX7rlqmwoat3PFVHiB6lkHAb8mfOIKo7e7uWedG+s8xUNUOE10=@vger.kernel.org X-Gm-Message-State: AOJu0Yy8hQ/ChXMRqdTla2byecGav/j2/oWxFNWUfvfBgykrrkY9t9vo PJ9jtsjz15MnJuowCNWq+zzxcgkwhLGDS6wdqvxVu+DVBEgAGbXjeoePxxOe89iR/Ks= X-Gm-Gg: ASbGncvvSXT4wtD+73QqUs+4qjb6f1R15iKIzRDzymhT21i3Wretj2hORuzTN4fa52v Ad+fmN/O3XJtdf6uk9CehIVkD3hQB6jFnrhFURic6pVDW132ZuOA026Nx4p3q7ZUWQybcCAp3NQ Vxg3M1yjek1k35qWJJmsIKUopp8o4/ZocCJlV6NqPDP4+5qqwPd9O4c8E82TcXvKIgL3yh6u+D2 HYTjfJ6jKoOyVJtxkgPCEHVuvCUCWn4ff/edQvxtlD1ituVxHfUVgsho+trrSYP8n0QUHYSlL9P KjbBvI8GFYgJ40eoMomNeajJrVwcViF6wRWV/R4l3er33AsUJgSI6zY3xoY7GTh9iVU9nO4f9Q6 u5heaIebDyM4AIrWmKbJRRsCuIoyxqCWeHaGYbr5D/zveF23AnywCP+uz6dHDoNuBSqUsMaPUsz XN0h35R3BPoiuB8NO8GD+7YNv+hL/fstb+VO+P6U5f0N9TmQAZudiK6aClcZRi1DDdDlkS X-Google-Smtp-Source: AGHT+IHem+2hZ6xQ4olWW1Q3Rpqew5a3uGTnJ9KN2lGJfZPuRLe/n4CCdQvkdj7ElMutVbhE7/dOjA== X-Received: by 2002:a53:acc3:0:10b0:63f:aef7:d01b with SMTP id 956f58d0204a3-641e7555715mr5609674d50.8.1763249664754; Sat, 15 Nov 2025 15:34:24 -0800 (PST) Received: from soleen.c.googlers.com.com (182.221.85.34.bc.googleusercontent.com. [34.85.221.182]) by smtp.gmail.com with ESMTPSA id 00721157ae682-7882218774esm28462007b3.57.2025.11.15.15.34.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 15 Nov 2025 15:34:24 -0800 (PST) From: Pasha Tatashin To: pratyush@kernel.org, jasonmiu@google.com, graf@amazon.com, pasha.tatashin@soleen.com, rppt@kernel.org, dmatlack@google.com, rientjes@google.com, corbet@lwn.net, rdunlap@infradead.org, ilpo.jarvinen@linux.intel.com, kanie@linux.alibaba.com, ojeda@kernel.org, aliceryhl@google.com, masahiroy@kernel.org, akpm@linux-foundation.org, tj@kernel.org, yoann.congal@smile.fr, mmaurer@google.com, roman.gushchin@linux.dev, chenridong@huawei.com, axboe@kernel.dk, mark.rutland@arm.com, jannh@google.com, vincent.guittot@linaro.org, hannes@cmpxchg.org, dan.j.williams@intel.com, david@redhat.com, joel.granados@kernel.org, rostedt@goodmis.org, anna.schumaker@oracle.com, song@kernel.org, linux@weissschuh.net, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, gregkh@linuxfoundation.org, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, rafael@kernel.org, dakr@kernel.org, bartosz.golaszewski@linaro.org, cw00.choi@samsung.com, myungjoo.ham@samsung.com, yesanishhere@gmail.com, Jonathan.Cameron@huawei.com, quic_zijuhu@quicinc.com, aleksander.lobakin@intel.com, ira.weiny@intel.com, andriy.shevchenko@linux.intel.com, leon@kernel.org, lukas@wunner.de, bhelgaas@google.com, wagi@kernel.org, djeffery@redhat.com, stuart.w.hayes@gmail.com, ptyadav@amazon.de, lennart@poettering.net, brauner@kernel.org, linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org, saeedm@nvidia.com, ajayachandra@nvidia.com, jgg@nvidia.com, parav@nvidia.com, leonro@nvidia.com, witu@nvidia.com, hughd@google.com, skhawaja@google.com, chrisl@kernel.org Subject: [PATCH v6 04/20] liveupdate: luo_session: add sessions support Date: Sat, 15 Nov 2025 18:33:50 -0500 Message-ID: <20251115233409.768044-5-pasha.tatashin@soleen.com> X-Mailer: git-send-email 2.52.0.rc1.455.g30608eb744-goog In-Reply-To: <20251115233409.768044-1-pasha.tatashin@soleen.com> References: <20251115233409.768044-1-pasha.tatashin@soleen.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Introduce concept of "Live Update Sessions" within the LUO framework. LUO sessions provide a mechanism to group and manage `struct file *` instances (representing file descriptors) that need to be preserved across a kexec-based live update. Each session is identified by a unique name and acts as a container for file objects whose state is critical to a userspace workload, such as a virtual machine or a high-performance database, aiming to maintain their functionality across a kernel transition. This groundwork establishes the framework for preserving file-backed state across kernel updates, with the actual file data preservation mechanisms to be implemented in subsequent patches. Signed-off-by: Pasha Tatashin --- include/linux/liveupdate/abi/luo.h | 83 +++++- include/uapi/linux/liveupdate.h | 3 + kernel/liveupdate/Makefile | 3 +- kernel/liveupdate/luo_core.c | 10 + kernel/liveupdate/luo_internal.h | 52 ++++ kernel/liveupdate/luo_session.c | 421 +++++++++++++++++++++++++++++ 6 files changed, 570 insertions(+), 2 deletions(-) create mode 100644 kernel/liveupdate/luo_internal.h create mode 100644 kernel/liveupdate/luo_session.c diff --git a/include/linux/liveupdate/abi/luo.h b/include/linux/liveupdate/= abi/luo.h index 9483a294287f..03a177ae232e 100644 --- a/include/linux/liveupdate/abi/luo.h +++ b/include/linux/liveupdate/abi/luo.h @@ -28,6 +28,11 @@ * / { * compatible =3D "luo-v1"; * liveupdate-number =3D <...>; + * + * luo-session { + * compatible =3D "luo-session-v1"; + * luo-session-header =3D ; + * }; * }; * * Main LUO Node (/): @@ -36,14 +41,40 @@ * Identifies the overall LUO ABI version. * - liveupdate-number: u64 * A counter tracking the number of successful live updates performed. + * + * Session Node (luo-session): + * This node describes all preserved user-space sessions. + * + * - compatible: "luo-session-v1" + * Identifies the session ABI version. + * - luo-session-header: u64 + * The physical address of a `struct luo_session_header_ser`. This str= ucture + * is the header for a contiguous block of memory containing an array = of + * `struct luo_session_ser`, one for each preserved session. + * + * Serialization Structures: + * The FDT properties point to memory regions containing arrays of simpl= e, + * `__packed` structures. These structures contain the actual preserved = state. + * + * - struct luo_session_header_ser: + * Header for the session array. Contains the total page count of the + * preserved memory block and the number of `struct luo_session_ser` + * entries that follow. + * + * - struct luo_session_ser: + * Metadata for a single session, including its name and a physical po= inter + * to another preserved memory block containing an array of + * `struct luo_file_ser` for all files in that session. */ =20 #ifndef _LINUX_LIVEUPDATE_ABI_LUO_H #define _LINUX_LIVEUPDATE_ABI_LUO_H =20 +#include + /* * The LUO FDT hooks all LUO state for sessions, fds, etc. - * In the root it allso carries "liveupdate-number" 64-bit property that + * In the root it also carries "liveupdate-number" 64-bit property that * corresponds to the number of live-updates performed on this machine. */ #define LUO_FDT_SIZE PAGE_SIZE @@ -51,4 +82,54 @@ #define LUO_FDT_COMPATIBLE "luo-v1" #define LUO_FDT_LIVEUPDATE_NUM "liveupdate-number" =20 +/* + * LUO FDT session node + * LUO_FDT_SESSION_HEADER: is a u64 physical address of struct + * luo_session_header_ser + */ +#define LUO_FDT_SESSION_NODE_NAME "luo-session" +#define LUO_FDT_SESSION_COMPATIBLE "luo-session-v1" +#define LUO_FDT_SESSION_HEADER "luo-session-header" + +/** + * struct luo_session_header_ser - Header for the serialized session data = block. + * @pgcnt: The total size, in pages, of the entire preserved memory block + * that this header describes. + * @count: The number of 'struct luo_session_ser' entries that immediately + * follow this header in the memory block. + * + * This structure is located at the beginning of a contiguous block of + * physical memory preserved across the kexec. It provides the necessary + * metadata to interpret the array of session entries that follow. + */ +struct luo_session_header_ser { + u64 pgcnt; + u64 count; +} __packed; + +/** + * struct luo_session_ser - Represents the serialized metadata for a LUO s= ession. + * @name: The unique name of the session, copied from the `luo_session` + * structure. + * @files: The physical address of a contiguous memory block that holds + * the serialized state of files. + * @pgcnt: The number of pages occupied by the `files` memory block. + * @count: The total number of files that were part of this session duri= ng + * serialization. Used for iteration and validation during + * restoration. + * + * This structure is used to package session-specific metadata for transfer + * between kernels via Kexec Handover. An array of these structures (one p= er + * session) is created and passed to the new kernel, allowing it to recons= truct + * the session context. + * + * If this structure is modified, LUO_SESSION_COMPATIBLE must be updated. + */ +struct luo_session_ser { + char name[LIVEUPDATE_SESSION_NAME_LENGTH]; + u64 files; + u64 pgcnt; + u64 count; +} __packed; + #endif /* _LINUX_LIVEUPDATE_ABI_LUO_H */ diff --git a/include/uapi/linux/liveupdate.h b/include/uapi/linux/liveupdat= e.h index df34c1642c4d..d2ef2f7e0dbd 100644 --- a/include/uapi/linux/liveupdate.h +++ b/include/uapi/linux/liveupdate.h @@ -43,4 +43,7 @@ /* The ioctl type, documented in ioctl-number.rst */ #define LIVEUPDATE_IOCTL_TYPE 0xBA =20 +/* The maximum length of session name including null termination */ +#define LIVEUPDATE_SESSION_NAME_LENGTH 56 + #endif /* _UAPI_LIVEUPDATE_H */ diff --git a/kernel/liveupdate/Makefile b/kernel/liveupdate/Makefile index 413722002b7a..83285e7ad726 100644 --- a/kernel/liveupdate/Makefile +++ b/kernel/liveupdate/Makefile @@ -2,7 +2,8 @@ =20 luo-y :=3D \ luo_core.o \ - luo_ioctl.o + luo_ioctl.o \ + luo_session.o =20 obj-$(CONFIG_KEXEC_HANDOVER) +=3D kexec_handover.o obj-$(CONFIG_KEXEC_HANDOVER_DEBUG) +=3D kexec_handover_debug.o diff --git a/kernel/liveupdate/luo_core.c b/kernel/liveupdate/luo_core.c index 4a213b262b9f..653cdca5e25d 100644 --- a/kernel/liveupdate/luo_core.c +++ b/kernel/liveupdate/luo_core.c @@ -54,6 +54,7 @@ #include =20 #include "kexec_handover_internal.h" +#include "luo_internal.h" =20 static struct { bool enabled; @@ -117,6 +118,10 @@ static int __init luo_early_startup(void) pr_info("Retrieved live update data, liveupdate number: %lld\n", luo_global.liveupdate_num); =20 + err =3D luo_session_setup_incoming(luo_global.fdt_in); + if (err) + return err; + return 0; } =20 @@ -153,6 +158,7 @@ static int __init luo_fdt_setup(void) err |=3D fdt_begin_node(fdt_out, ""); err |=3D fdt_property_string(fdt_out, "compatible", LUO_FDT_COMPATIBLE); err |=3D fdt_property(fdt_out, LUO_FDT_LIVEUPDATE_NUM, &ln, sizeof(ln)); + err |=3D luo_session_setup_outgoing(fdt_out); err |=3D fdt_end_node(fdt_out); err |=3D fdt_finish(fdt_out); if (err) @@ -210,6 +216,10 @@ int liveupdate_reboot(void) if (!liveupdate_enabled()) return 0; =20 + err =3D luo_session_serialize(); + if (err) + return err; + err =3D kho_finalize(); if (err) { pr_err("kho_finalize failed %d\n", err); diff --git a/kernel/liveupdate/luo_internal.h b/kernel/liveupdate/luo_inter= nal.h new file mode 100644 index 000000000000..245373edfa6f --- /dev/null +++ b/kernel/liveupdate/luo_internal.h @@ -0,0 +1,52 @@ +/* SPDX-License-Identifier: GPL-2.0 */ + +/* + * Copyright (c) 2025, Google LLC. + * Pasha Tatashin + */ + +#ifndef _LINUX_LUO_INTERNAL_H +#define _LINUX_LUO_INTERNAL_H + +#include + +/** + * struct luo_session - Represents an active or incoming Live Update sessi= on. + * @name: A unique name for this session, used for identification and + * retrieval. + * @files_list: An ordered list of files associated with this session, it = is + * ordered by preservation time. + * @ser: Pointer to the serialized data for this session. + * @count: A counter tracking the number of files currently stored in= the + * @files_list for this session. + * @list: A list_head member used to link this session into a global= list + * of either outgoing (to be preserved) or incoming (restored= from + * previous kernel) sessions. + * @retrieved: A boolean flag indicating whether this session has been + * retrieved by a consumer in the new kernel. + * @mutex: Session lock, protects files_list, and count. + * @files: The physically contiguous memory block that holds the seri= alized + * state of files. + * @pgcnt: The number of pages @files occupy. + */ +struct luo_session { + char name[LIVEUPDATE_SESSION_NAME_LENGTH]; + struct list_head files_list; + struct luo_session_ser *ser; + long count; + struct list_head list; + bool retrieved; + struct mutex mutex; + struct luo_file_ser *files; + u64 pgcnt; +}; + +int luo_session_create(const char *name, struct file **filep); +int luo_session_retrieve(const char *name, struct file **filep); +int __init luo_session_setup_outgoing(void *fdt); +int __init luo_session_setup_incoming(void *fdt); +int luo_session_serialize(void); +int luo_session_deserialize(void); +bool luo_session_is_deserialized(void); + +#endif /* _LINUX_LUO_INTERNAL_H */ diff --git a/kernel/liveupdate/luo_session.c b/kernel/liveupdate/luo_sessio= n.c new file mode 100644 index 000000000000..cb74bfaba479 --- /dev/null +++ b/kernel/liveupdate/luo_session.c @@ -0,0 +1,421 @@ +// SPDX-License-Identifier: GPL-2.0 + +/* + * Copyright (c) 2025, Google LLC. + * Pasha Tatashin + */ + +/** + * DOC: LUO Sessions + * + * LUO Sessions provide the core mechanism for grouping and managing `stru= ct + * file *` instances that need to be preserved across a kexec-based live + * update. Each session acts as a named container for a set of file object= s, + * allowing a userspace agent to manage the lifecycle of resources critica= l to a + * workload. + * + * Core Concepts: + * + * - Named Containers: Sessions are identified by a unique, user-provided = name, + * which is used for both creation in the current kernel and retrieval i= n the + * next kernel. + * + * - Userspace Interface: Session management is driven from userspace via + * ioctls on /dev/liveupdate. + * + * - Serialization: Session metadata is preserved using the KHO framework.= When + * a live update is triggered via kexec, an array of `struct luo_session= _ser` + * is populated and placed in a preserved memory region. An FDT node is = also + * created, containing the count of sessions and the physical address of= this + * array. + * + * Session Lifecycle: + * + * 1. Creation: A userspace agent calls `luo_session_create()` to create a + * new, empty session and receives a file descriptor for it. + * + * 2. Serialization: When the `reboot(LINUX_REBOOT_CMD_KEXEC)` syscall is + * made, `luo_session_serialize()` is called. It iterates through all + * active sessions and writes their metadata into a memory area preser= ved + * by KHO. + * + * 3. Deserialization (in new kernel): After kexec, `luo_session_deserial= ize()` + * runs, reading the serialized data and creating a list of `struct + * luo_session` objects representing the preserved sessions. + * + * 4. Retrieval: A userspace agent in the new kernel can then call + * `luo_session_retrieve()` with a session name to get a new file + * descriptor and access the preserved state. + */ + +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "luo_internal.h" + +/* 16 4K pages, give space for 819 sessions */ +#define LUO_SESSION_PGCNT 16ul +#define LUO_SESSION_MAX (((LUO_SESSION_PGCNT << PAGE_SHIFT) - \ + sizeof(struct luo_session_header_ser)) / \ + sizeof(struct luo_session_ser)) + +/** + * struct luo_session_header - Header struct for managing LUO sessions. + * @count: The number of sessions currently tracked in the @list. + * @list: The head of the linked list of `struct luo_session` instan= ces. + * @rwsem: A read-write semaphore providing synchronized access to the + * session list and other fields in this structure. + * @header_ser: The header data of serialization array. + * @ser: The serialized session data (an array of + * `struct luo_session_ser`). + * @active: Set to true when first initialized. If previous kernel did= not + * send session data, active stays false for incoming. + */ +struct luo_session_header { + long count; + struct list_head list; + struct rw_semaphore rwsem; + struct luo_session_header_ser *header_ser; + struct luo_session_ser *ser; + bool active; +}; + +/** + * struct luo_session_global - Global container for managing LUO sessions. + * @incoming: The sessions passed from the previous kernel. + * @outgoing: The sessions that are going to be passed to the next ker= nel. + * @deserialized: The sessions have been deserialized once /dev/liveupdate + * has been opened. + */ +struct luo_session_global { + struct luo_session_header incoming; + struct luo_session_header outgoing; + bool deserialized; +}; + +static struct luo_session_global luo_session_global; + +static struct luo_session *luo_session_alloc(const char *name) +{ + struct luo_session *session =3D kzalloc(sizeof(*session), GFP_KERNEL); + + if (!session) + return ERR_PTR(-ENOMEM); + + strscpy(session->name, name, sizeof(session->name)); + INIT_LIST_HEAD(&session->files_list); + INIT_LIST_HEAD(&session->list); + mutex_init(&session->mutex); + session->count =3D 0; + + return session; +} + +static void luo_session_free(struct luo_session *session) +{ + WARN_ON(session->count); + WARN_ON(!list_empty(&session->files_list)); + mutex_destroy(&session->mutex); + kfree(session); +} + +static int luo_session_insert(struct luo_session_header *sh, + struct luo_session *session) +{ + struct luo_session *it; + + guard(rwsem_write)(&sh->rwsem); + + /* + * For outgoing we should make sure there is room in serialization array + * for new session. + */ + if (sh =3D=3D &luo_session_global.outgoing) { + if (sh->count =3D=3D LUO_SESSION_MAX) + return -ENOMEM; + } + + /* + * For small number of sessions this loop won't hurt performance + * but if we ever start using a lot of sessions, this might + * become a bottle neck during deserialization time, as it would + * cause O(n*n) complexity. + */ + list_for_each_entry(it, &sh->list, list) { + if (!strncmp(it->name, session->name, sizeof(it->name))) + return -EEXIST; + } + list_add_tail(&session->list, &sh->list); + sh->count++; + + return 0; +} + +static void luo_session_remove(struct luo_session_header *sh, + struct luo_session *session) +{ + guard(rwsem_write)(&sh->rwsem); + list_del(&session->list); + sh->count--; +} + +static int luo_session_release(struct inode *inodep, struct file *filep) +{ + struct luo_session *session =3D filep->private_data; + struct luo_session_header *sh; + + /* If retrieved is set, it means this session is from incoming list */ + if (session->retrieved) + sh =3D &luo_session_global.incoming; + else + sh =3D &luo_session_global.outgoing; + + luo_session_remove(sh, session); + luo_session_free(session); + + return 0; +} + +static const struct file_operations luo_session_fops =3D { + .owner =3D THIS_MODULE, + .release =3D luo_session_release, +}; + +/* Create a "struct file" for session */ +static int luo_session_getfile(struct luo_session *session, struct file **= filep) +{ + char name_buf[128]; + struct file *file; + + guard(mutex)(&session->mutex); + snprintf(name_buf, sizeof(name_buf), "[luo_session] %s", session->name); + file =3D anon_inode_getfile(name_buf, &luo_session_fops, session, O_RDWR); + if (IS_ERR(file)) + return PTR_ERR(file); + + *filep =3D file; + + return 0; +} + +int luo_session_create(const char *name, struct file **filep) +{ + struct luo_session *session; + int err; + + session =3D luo_session_alloc(name); + if (IS_ERR(session)) + return PTR_ERR(session); + + err =3D luo_session_insert(&luo_session_global.outgoing, session); + if (err) + goto err_free; + + err =3D luo_session_getfile(session, filep); + if (err) + goto err_remove; + + return 0; + +err_remove: + luo_session_remove(&luo_session_global.outgoing, session); +err_free: + luo_session_free(session); + + return err; +} + +int luo_session_retrieve(const char *name, struct file **filep) +{ + struct luo_session_header *sh =3D &luo_session_global.incoming; + struct luo_session *session =3D NULL; + struct luo_session *it; + int err; + + scoped_guard(rwsem_read, &sh->rwsem) { + list_for_each_entry(it, &sh->list, list) { + if (!strncmp(it->name, name, sizeof(it->name))) { + session =3D it; + break; + } + } + } + + if (!session) + return -ENOENT; + + scoped_guard(mutex, &session->mutex) { + if (session->retrieved) + return -EINVAL; + } + + err =3D luo_session_getfile(session, filep); + if (!err) { + scoped_guard(mutex, &session->mutex) + session->retrieved =3D true; + } + + return err; +} + +int __init luo_session_setup_outgoing(void *fdt_out) +{ + struct luo_session_header_ser *header_ser; + u64 header_ser_pa; + int err; + + header_ser =3D kho_alloc_preserve(LUO_SESSION_PGCNT << PAGE_SHIFT); + if (IS_ERR(header_ser)) + return PTR_ERR(header_ser); + header_ser_pa =3D virt_to_phys(header_ser); + + err =3D fdt_begin_node(fdt_out, LUO_FDT_SESSION_NODE_NAME); + err |=3D fdt_property_string(fdt_out, "compatible", + LUO_FDT_SESSION_COMPATIBLE); + err |=3D fdt_property(fdt_out, LUO_FDT_SESSION_HEADER, &header_ser_pa, + sizeof(header_ser_pa)); + err |=3D fdt_end_node(fdt_out); + + if (err) + goto err_unpreserve; + + header_ser->pgcnt =3D LUO_SESSION_PGCNT; + INIT_LIST_HEAD(&luo_session_global.outgoing.list); + init_rwsem(&luo_session_global.outgoing.rwsem); + luo_session_global.outgoing.header_ser =3D header_ser; + luo_session_global.outgoing.ser =3D (void *)(header_ser + 1); + luo_session_global.outgoing.active =3D true; + + return 0; + +err_unpreserve: + kho_unpreserve_free(header_ser); + return err; +} + +int __init luo_session_setup_incoming(void *fdt_in) +{ + struct luo_session_header_ser *header_ser; + int err, header_size, offset; + u64 header_ser_pa; + const void *ptr; + + offset =3D fdt_subnode_offset(fdt_in, 0, LUO_FDT_SESSION_NODE_NAME); + if (offset < 0) { + pr_err("Unable to get session node: [%s]\n", + LUO_FDT_SESSION_NODE_NAME); + return -EINVAL; + } + + err =3D fdt_node_check_compatible(fdt_in, offset, + LUO_FDT_SESSION_COMPATIBLE); + if (err) { + pr_err("Session node incompatible [%s]\n", + LUO_FDT_SESSION_COMPATIBLE); + return -EINVAL; + } + + header_size =3D 0; + ptr =3D fdt_getprop(fdt_in, offset, LUO_FDT_SESSION_HEADER, &header_size); + if (!ptr || header_size !=3D sizeof(u64)) { + pr_err("Unable to get session header '%s' [%d]\n", + LUO_FDT_SESSION_HEADER, header_size); + return -EINVAL; + } + + header_ser_pa =3D get_unaligned((u64 *)ptr); + header_ser =3D phys_to_virt(header_ser_pa); + + luo_session_global.incoming.header_ser =3D header_ser; + luo_session_global.incoming.ser =3D (void *)(header_ser + 1); + INIT_LIST_HEAD(&luo_session_global.incoming.list); + init_rwsem(&luo_session_global.incoming.rwsem); + luo_session_global.incoming.active =3D true; + + return 0; +} + +bool luo_session_is_deserialized(void) +{ + return luo_session_global.deserialized; +} + +int luo_session_deserialize(void) +{ + struct luo_session_header *sh =3D &luo_session_global.incoming; + int err; + + if (luo_session_is_deserialized()) + return 0; + + luo_session_global.deserialized =3D true; + if (!sh->active) { + INIT_LIST_HEAD(&sh->list); + init_rwsem(&sh->rwsem); + return 0; + } + + for (int i =3D 0; i < sh->header_ser->count; i++) { + struct luo_session *session; + + session =3D luo_session_alloc(sh->ser[i].name); + if (IS_ERR(session)) { + pr_warn("Failed to allocate session [%s] during deserialization %pe\n", + sh->ser[i].name, session); + return PTR_ERR(session); + } + + err =3D luo_session_insert(sh, session);=20 + if (err) { + luo_session_free(session); + pr_warn("Failed to insert session [%s] %pe\n", + session->name, ERR_PTR(err)); + return err; + } + + session->count =3D sh->ser[i].count; + session->files =3D sh->ser[i].files ? phys_to_virt(sh->ser[i].files) : 0; + session->pgcnt =3D sh->ser[i].pgcnt; + } + + kho_restore_free(sh->header_ser); + sh->header_ser =3D NULL; + sh->ser =3D NULL; + + return 0; +} + +int luo_session_serialize(void) +{ + struct luo_session_header *sh =3D &luo_session_global.outgoing; + struct luo_session *session; + int i =3D 0; + + guard(rwsem_write)(&sh->rwsem); + list_for_each_entry(session, &sh->list, list) { + strscpy(sh->ser[i].name, session->name, + sizeof(sh->ser[i].name)); + sh->ser[i].count =3D session->count; + sh->ser[i].files =3D session->files ? virt_to_phys(session->files) : 0; + sh->ser[i].pgcnt =3D session->pgcnt; + i++; + } + sh->header_ser->count =3D sh->count; + + return 0; +} --=20 2.52.0.rc1.455.g30608eb744-goog From nobody Mon Feb 9 04:30:58 2026 Received: from mail-yx1-f54.google.com (mail-yx1-f54.google.com [74.125.224.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9351526CE1A for ; Sat, 15 Nov 2025 23:34:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.224.54 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763249672; cv=none; b=CWc2amLlE/UGeLJUOV4Axlrie/nUo+PDuzA6nVF7nNx0CHaFi2VnQ4AiH/GAfo085VgSb7Gt3fhkCnAGrqO8+BxvdfXmuQYnMl+ppXF9Hd5DIkxDfjHs7GcxURmkP2wmpR8Xor4zmwD7yphE1Eb+jEiK5oKTlWy9R8kJGUTBGmA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763249672; c=relaxed/simple; bh=EV1FJvnBwce/3tH7ZYd0IU8CiUPzD4risoW1Ylp6BnM=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ukrj9bD9CLJV0aQqZ6B26Aq18IfUbyVy0DF//YyzTSUEr9fJWK4FZYoRObGtk4LSNmOxVXKTseHYmE2gbpTgpHjBMmSKXXDzWj0jQ1Rg1HrGLBOFLqNzFvIM5C+TMBIBb+R5m7eQym9TGV4yPSmm+sOPmXcPl+AarbJGcfLdIl8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=soleen.com; spf=pass smtp.mailfrom=soleen.com; dkim=pass (2048-bit key) header.d=soleen.com header.i=@soleen.com header.b=hKfJiWAO; arc=none smtp.client-ip=74.125.224.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=soleen.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=soleen.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=soleen.com header.i=@soleen.com header.b="hKfJiWAO" Received: by mail-yx1-f54.google.com with SMTP id 956f58d0204a3-63e393c49f1so2557215d50.0 for ; Sat, 15 Nov 2025 15:34:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=soleen.com; s=google; t=1763249668; x=1763854468; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=uhpBAGvtCaN4/zg4Hr4ieTycke69MZ3f5SdTyIeLbQM=; b=hKfJiWAOMkFsfDt+3prXLGJKRJ59NPyADIvUXUqEH09UMjSW8Yv0I924sUR8++up2G QjQbAH2PERoMeE9u3zNrU6cqXmWQv1JpkeJT4T0s5xL6bHpa4gOzRbUv8ihS2dG1ihWh zzi5JKsJPuEdgMb6joVDdqOXgA7Kofixd8aR916yMpLxsPqFonA/d40bzVQ9Nw18kodL jXJSxLP08bQIDq3kg3LOJDz7swc3/MhlC4fwvh+r5M6IB4JBdkFigXb9yY6TH6uHUoUb xBC4rw1G8Bt3L2mn3wl8WJB11/XNH1mZ6S+u7Q4Sgz7Er2TytggO728k+2vawFvz5Ygu W7xA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763249668; x=1763854468; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=uhpBAGvtCaN4/zg4Hr4ieTycke69MZ3f5SdTyIeLbQM=; b=eQehFVVTtml/yl770tqRcY/ZFDCWsL+6Lw6xyYE0Xgvg3Zcv5cPKXPgXK15lU1/TPG fnlReFF+700/1/GpJ9TEpN87fCZZ+RFsJm6oZhrfsocSRY/PHQx03XZxEkCJPPmbmg8E yGXa+VUAUhbTRCGWW5VTQOycsGkLJdXT3vO9nF5ZViIau2wXaQMsibblm/NrKELzQPKh kslxFJvmJjd5mtKxUO8shVSyubR9wFQj4duL3JJMUhzrq2okeDl/4cvVFqHqvXPGRkd9 iEN7Yj4uSEwPmZDonFtpeY2WiN3kWr+9ppiaYSqx4IxHYGHlkvYvh60KTgjgD7gA0/bA xKsA== X-Forwarded-Encrypted: i=1; AJvYcCULjlyfor8dYNYELU1kZpSSJpd44DupdL8DcgUJRlPphzvxCJDLS6eNK7Az/bf7c+JqCnYXRcDCmhBEnGs=@vger.kernel.org X-Gm-Message-State: AOJu0YwlXCXMyRo3huTxz9qaWIEW/MnUeFly2SwNlsGyNHFlLd3k5Yx4 L4dqFTbCPMhtDpUdCzj5X6enzlIMuE4dmUZO0TFhQelARF40DDZDd9C/uuai8mtURtY= X-Gm-Gg: ASbGncsS8J4nR2yOyQY9Nv9pyJG9uWe2c3Z15eYIgw8f9EvtZdYkb7trF+mpDtz9EWc F41VRhgFIr6gYE/bW8OZ8HOURIKNIYIBMhHHavhLWJ1ecRmTk3z5/U3CLLSkzkFElTHA6aJ93LU hRE4lrvTXEDANO5OqQ+/5+k/kGSiUaVg3aIjNsf0ZTtsqeRVimr+eXiEA/WDOjpfWCd9FUW3cuU Mpx4dh1OSiCE+VHyObE989yMlCeDVQkiga1+84WMJ5Z1o1YcikDjAASGFt4zPkMRXIo5YR6hyNH VkdbPgadvSQ1X7qWyIIFzjZWyz27U9ShUIVNL77hsmcdhDUosuAMvgPvfnCIr/77lXWThoMtDct QoMzPzBuWm5upKN7Re8m1tPDGQGDi+MCi/eqpFcyx7/8i8O9qXpF5edbXVWlJUu9BaU3vDIvbls Zg1bvGoOiTHEg3QQ3lKCMFQOti7Zd5s1dT10Y+bbjoJBCDlUyJsx+zShokZD3P1m3QbXfYjq09d 27m3qA= X-Google-Smtp-Source: AGHT+IFJMBrnhF+4OSns1bp7GpeFjnjXMcyVeEY2io2SABiWcTnwBJHtxWD+Dg9xZPdnxm6Uu5PmeA== X-Received: by 2002:a53:b428:0:b0:63f:bc75:6ee0 with SMTP id 956f58d0204a3-641e74a3600mr4321309d50.10.1763249668108; Sat, 15 Nov 2025 15:34:28 -0800 (PST) Received: from soleen.c.googlers.com.com (182.221.85.34.bc.googleusercontent.com. [34.85.221.182]) by smtp.gmail.com with ESMTPSA id 00721157ae682-7882218774esm28462007b3.57.2025.11.15.15.34.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 15 Nov 2025 15:34:26 -0800 (PST) From: Pasha Tatashin To: pratyush@kernel.org, jasonmiu@google.com, graf@amazon.com, pasha.tatashin@soleen.com, rppt@kernel.org, dmatlack@google.com, rientjes@google.com, corbet@lwn.net, rdunlap@infradead.org, ilpo.jarvinen@linux.intel.com, kanie@linux.alibaba.com, ojeda@kernel.org, aliceryhl@google.com, masahiroy@kernel.org, akpm@linux-foundation.org, tj@kernel.org, yoann.congal@smile.fr, mmaurer@google.com, roman.gushchin@linux.dev, chenridong@huawei.com, axboe@kernel.dk, mark.rutland@arm.com, jannh@google.com, vincent.guittot@linaro.org, hannes@cmpxchg.org, dan.j.williams@intel.com, david@redhat.com, joel.granados@kernel.org, rostedt@goodmis.org, anna.schumaker@oracle.com, song@kernel.org, linux@weissschuh.net, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, gregkh@linuxfoundation.org, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, rafael@kernel.org, dakr@kernel.org, bartosz.golaszewski@linaro.org, cw00.choi@samsung.com, myungjoo.ham@samsung.com, yesanishhere@gmail.com, Jonathan.Cameron@huawei.com, quic_zijuhu@quicinc.com, aleksander.lobakin@intel.com, ira.weiny@intel.com, andriy.shevchenko@linux.intel.com, leon@kernel.org, lukas@wunner.de, bhelgaas@google.com, wagi@kernel.org, djeffery@redhat.com, stuart.w.hayes@gmail.com, ptyadav@amazon.de, lennart@poettering.net, brauner@kernel.org, linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org, saeedm@nvidia.com, ajayachandra@nvidia.com, jgg@nvidia.com, parav@nvidia.com, leonro@nvidia.com, witu@nvidia.com, hughd@google.com, skhawaja@google.com, chrisl@kernel.org Subject: [PATCH v6 05/20] liveupdate: luo_ioctl: add user interface Date: Sat, 15 Nov 2025 18:33:51 -0500 Message-ID: <20251115233409.768044-6-pasha.tatashin@soleen.com> X-Mailer: git-send-email 2.52.0.rc1.455.g30608eb744-goog In-Reply-To: <20251115233409.768044-1-pasha.tatashin@soleen.com> References: <20251115233409.768044-1-pasha.tatashin@soleen.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Introduce the user-space interface for the Live Update Orchestrator via ioctl commands, enabling external control over the live update process and management of preserved resources. The idea is that there is going to be a single userspace agent driving the live update, therefore, only a single process can ever hold this device opened at a time. The following ioctl commands are introduced: LIVEUPDATE_IOCTL_CREATE_SESSION Provides a way for userspace to create a named session for grouping file descriptors that need to be preserved. It returns a new file descriptor representing the session. LIVEUPDATE_IOCTL_RETRIEVE_SESSION Allows the userspace agent in the new kernel to reclaim a preserved session by its name, receiving a new file descriptor to manage the restored resources. Signed-off-by: Pasha Tatashin Reviewed-by: Pratyush Yadav --- include/uapi/linux/liveupdate.h | 66 +++++++++++- kernel/liveupdate/luo_internal.h | 21 ++++ kernel/liveupdate/luo_ioctl.c | 178 +++++++++++++++++++++++++++++++ 3 files changed, 264 insertions(+), 1 deletion(-) diff --git a/include/uapi/linux/liveupdate.h b/include/uapi/linux/liveupdat= e.h index d2ef2f7e0dbd..6e04254ee535 100644 --- a/include/uapi/linux/liveupdate.h +++ b/include/uapi/linux/liveupdate.h @@ -44,6 +44,70 @@ #define LIVEUPDATE_IOCTL_TYPE 0xBA =20 /* The maximum length of session name including null termination */ -#define LIVEUPDATE_SESSION_NAME_LENGTH 56 +#define LIVEUPDATE_SESSION_NAME_LENGTH 64 + +/* The /dev/liveupdate ioctl commands */ +enum { + LIVEUPDATE_CMD_BASE =3D 0x00, + LIVEUPDATE_CMD_CREATE_SESSION =3D LIVEUPDATE_CMD_BASE, + LIVEUPDATE_CMD_RETRIEVE_SESSION =3D 0x01, +}; + +/** + * struct liveupdate_ioctl_create_session - ioctl(LIVEUPDATE_IOCTL_CREATE_= SESSION) + * @size: Input; sizeof(struct liveupdate_ioctl_create_session) + * @fd: Output; The new file descriptor for the created session. + * @name: Input; A null-terminated string for the session name, max + * length %LIVEUPDATE_SESSION_NAME_LENGTH including termination + * char. + * + * Creates a new live update session for managing preserved resources. + * This ioctl can only be called on the main /dev/liveupdate device. + * + * Return: 0 on success, negative error code on failure. + */ +struct liveupdate_ioctl_create_session { + __u32 size; + __s32 fd; + __u8 name[LIVEUPDATE_SESSION_NAME_LENGTH]; +}; + +#define LIVEUPDATE_IOCTL_CREATE_SESSION \ + _IO(LIVEUPDATE_IOCTL_TYPE, LIVEUPDATE_CMD_CREATE_SESSION) + +/** + * struct liveupdate_ioctl_retrieve_session - ioctl(LIVEUPDATE_IOCTL_RETRI= EVE_SESSION) + * @size: Input; sizeof(struct liveupdate_ioctl_retrieve_session) + * @fd: Output; The new file descriptor for the retrieved session. + * @name: Input; A null-terminated string identifying the session to re= trieve. + * The name must exactly match the name used when the session was + * created in the previous kernel. + * + * Retrieves a handle (a new file descriptor) for a preserved session by i= ts + * name. This is the primary mechanism for a userspace agent to regain con= trol + * of its preserved resources after a live update. + * + * The userspace application provides the null-terminated `name` of a sess= ion + * it created before the live update. If a preserved session with a matchi= ng + * name is found, the kernel instantiates it and returns a new file descri= ptor + * in the `fd` field. This new session FD can then be used for all file-sp= ecific + * operations, such as restoring individual file descriptors with + * LIVEUPDATE_SESSION_RETRIEVE_FD. + * + * It is the responsibility of the userspace application to know the names= of + * the sessions it needs to retrieve. If no session with the given name is + * found, the ioctl will fail with -ENOENT. + * + * This ioctl can only be called on the main /dev/liveupdate device when t= he + * system is in the LIVEUPDATE_STATE_UPDATED state. + */ +struct liveupdate_ioctl_retrieve_session { + __u32 size; + __s32 fd; + __u8 name[LIVEUPDATE_SESSION_NAME_LENGTH]; +}; + +#define LIVEUPDATE_IOCTL_RETRIEVE_SESSION \ + _IO(LIVEUPDATE_IOCTL_TYPE, LIVEUPDATE_CMD_RETRIEVE_SESSION) =20 #endif /* _UAPI_LIVEUPDATE_H */ diff --git a/kernel/liveupdate/luo_internal.h b/kernel/liveupdate/luo_inter= nal.h index 245373edfa6f..5185ad37a8c1 100644 --- a/kernel/liveupdate/luo_internal.h +++ b/kernel/liveupdate/luo_internal.h @@ -9,6 +9,27 @@ #define _LINUX_LUO_INTERNAL_H =20 #include +#include + +struct luo_ucmd { + void __user *ubuffer; + u32 user_size; + void *cmd; +}; + +static inline int luo_ucmd_respond(struct luo_ucmd *ucmd, + size_t kernel_cmd_size) +{ + /* + * Copy the minimum of what the user provided and what we actually + * have. + */ + if (copy_to_user(ucmd->ubuffer, ucmd->cmd, + min_t(size_t, ucmd->user_size, kernel_cmd_size))) { + return -EFAULT; + } + return 0; +} =20 /** * struct luo_session - Represents an active or incoming Live Update sessi= on. diff --git a/kernel/liveupdate/luo_ioctl.c b/kernel/liveupdate/luo_ioctl.c index 44d365185f7c..367385efa962 100644 --- a/kernel/liveupdate/luo_ioctl.c +++ b/kernel/liveupdate/luo_ioctl.c @@ -5,15 +5,192 @@ * Pasha Tatashin */ =20 +/** + * DOC: LUO ioctl Interface + * + * The IOCTL user-space control interface for the LUO subsystem. + * It registers a character device, typically found at ``/dev/liveupdate``, + * which allows a userspace agent to manage the LUO state machine and its + * associated resources, such as preservable file descriptors. + * + * To ensure that the state machine is controlled by a single entity, acce= ss + * to this device is exclusive: only one process is permitted to have + * ``/dev/liveupdate`` open at any given time. Subsequent open attempts wi= ll + * fail with -EBUSY until the first process closes its file descriptor. + * This singleton model simplifies state management by preventing conflict= ing + * commands from multiple userspace agents. + */ + +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt + +#include +#include +#include +#include +#include +#include #include #include +#include +#include "luo_internal.h" =20 struct luo_device_state { struct miscdevice miscdev; + atomic_t in_use; +}; + +static int luo_ioctl_create_session(struct luo_ucmd *ucmd) +{ + struct liveupdate_ioctl_create_session *argp =3D ucmd->cmd; + struct file *file; + int err; + + argp->fd =3D get_unused_fd_flags(O_CLOEXEC); + if (argp->fd < 0) + return argp->fd; + + err =3D luo_session_create(argp->name, &file); + if (err) + goto err_put_fd; + + err =3D luo_ucmd_respond(ucmd, sizeof(*argp)); + if (err) + goto err_put_file; + + fd_install(argp->fd, file); + + return 0; + +err_put_file: + fput(file); +err_put_fd: + put_unused_fd(argp->fd); + + return err; +} + +static int luo_ioctl_retrieve_session(struct luo_ucmd *ucmd) +{ + struct liveupdate_ioctl_retrieve_session *argp =3D ucmd->cmd; + struct file *file; + int err; + + argp->fd =3D get_unused_fd_flags(O_CLOEXEC); + if (argp->fd < 0) + return argp->fd; + + err =3D luo_session_retrieve(argp->name, &file); + if (err < 0) + goto err_put_fd; + + err =3D luo_ucmd_respond(ucmd, sizeof(*argp)); + if (err) + goto err_put_file; + + fd_install(argp->fd, file); + + return 0; + +err_put_file: + fput(file); +err_put_fd: + put_unused_fd(argp->fd); + + return err; +} + +static int luo_open(struct inode *inodep, struct file *filep) +{ + struct luo_device_state *ldev =3D container_of(filep->private_data, + struct luo_device_state, + miscdev); + + if (atomic_cmpxchg(&ldev->in_use, 0, 1)) + return -EBUSY; + + luo_session_deserialize(); + + return 0; +} + +static int luo_release(struct inode *inodep, struct file *filep) +{ + struct luo_device_state *ldev =3D container_of(filep->private_data, + struct luo_device_state, + miscdev); + atomic_set(&ldev->in_use, 0); + + return 0; +} + +union ucmd_buffer { + struct liveupdate_ioctl_create_session create; + struct liveupdate_ioctl_retrieve_session retrieve; +}; + +struct luo_ioctl_op { + unsigned int size; + unsigned int min_size; + unsigned int ioctl_num; + int (*execute)(struct luo_ucmd *ucmd); +}; + +#define IOCTL_OP(_ioctl, _fn, _struct, _last) = \ + [_IOC_NR(_ioctl) - LIVEUPDATE_CMD_BASE] =3D { \ + .size =3D sizeof(_struct) + \ + BUILD_BUG_ON_ZERO(sizeof(union ucmd_buffer) < \ + sizeof(_struct)), \ + .min_size =3D offsetofend(_struct, _last), \ + .ioctl_num =3D _ioctl, \ + .execute =3D _fn, \ + } + +static const struct luo_ioctl_op luo_ioctl_ops[] =3D { + IOCTL_OP(LIVEUPDATE_IOCTL_CREATE_SESSION, luo_ioctl_create_session, + struct liveupdate_ioctl_create_session, name), + IOCTL_OP(LIVEUPDATE_IOCTL_RETRIEVE_SESSION, luo_ioctl_retrieve_session, + struct liveupdate_ioctl_retrieve_session, name), }; =20 +static long luo_ioctl(struct file *filep, unsigned int cmd, unsigned long = arg) +{ + const struct luo_ioctl_op *op; + struct luo_ucmd ucmd =3D {}; + union ucmd_buffer buf; + unsigned int nr; + int err; + + nr =3D _IOC_NR(cmd); + if (nr < LIVEUPDATE_CMD_BASE || + (nr - LIVEUPDATE_CMD_BASE) >=3D ARRAY_SIZE(luo_ioctl_ops)) { + return -EINVAL; + } + + ucmd.ubuffer =3D (void __user *)arg; + err =3D get_user(ucmd.user_size, (u32 __user *)ucmd.ubuffer); + if (err) + return err; + + op =3D &luo_ioctl_ops[nr - LIVEUPDATE_CMD_BASE]; + if (op->ioctl_num !=3D cmd) + return -ENOIOCTLCMD; + if (ucmd.user_size < op->min_size) + return -EINVAL; + + ucmd.cmd =3D &buf; + err =3D copy_struct_from_user(ucmd.cmd, op->size, ucmd.ubuffer, + ucmd.user_size); + if (err) + return err; + + return op->execute(&ucmd); +} + static const struct file_operations luo_fops =3D { .owner =3D THIS_MODULE, + .open =3D luo_open, + .release =3D luo_release, + .unlocked_ioctl =3D luo_ioctl, }; =20 static struct luo_device_state luo_dev =3D { @@ -22,6 +199,7 @@ static struct luo_device_state luo_dev =3D { .name =3D "liveupdate", .fops =3D &luo_fops, }, + .in_use =3D ATOMIC_INIT(0), }; =20 static int __init liveupdate_ioctl_init(void) --=20 2.52.0.rc1.455.g30608eb744-goog From nobody Mon Feb 9 04:30:58 2026 Received: from mail-yw1-f169.google.com (mail-yw1-f169.google.com [209.85.128.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7D1EC2765D4 for ; Sat, 15 Nov 2025 23:34:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.169 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763249674; cv=none; b=T1gd8+h9ednzZoMheK3VrZEeJRB6In3KNSOgqmI641gp6RYzGtSs9o38Y9otvekebxly27/3O5NBqjLMkicQwswHyvMlHwHOfQ8jU9FXPsrRG8AUlfGUMQM4sBbPap9nkzKvvr715VNi/m2GaER2TQ1K3fmgGed4Fwp2t2QbWMI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763249674; c=relaxed/simple; bh=AWOjCu9mBWP6yws5JiB9V5u/W4bLuBnw3hWXTwS5UI0=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=nZKoG6JdaS9KpdTBipMnqqrKiGa/UhwRHHlFOwD4gPZOlhvXLKgJqQ0K8vYbI4XDJg3hdnx0vKaKql0maBC+bGoC1XuJJBCVbNzDmbkP+VZycaQgPYWrN6WRsq9gco5H1oM/08SZwSoLamSEX+UJS+yKPdmmIHkfJSa5yzKm1Bc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=soleen.com; spf=pass smtp.mailfrom=soleen.com; dkim=pass (2048-bit key) header.d=soleen.com header.i=@soleen.com header.b=XKb8gUZ6; arc=none smtp.client-ip=209.85.128.169 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=soleen.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=soleen.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=soleen.com header.i=@soleen.com header.b="XKb8gUZ6" Received: by mail-yw1-f169.google.com with SMTP id 00721157ae682-787da30c53dso28687987b3.0 for ; Sat, 15 Nov 2025 15:34:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=soleen.com; s=google; t=1763249670; x=1763854470; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=sqG0flBMZGeh359GdHLv+mvcgHNyaBu3Ru726sDNB6w=; b=XKb8gUZ6pCnK0lh5qx/Pi0cWv7MG2sC0qELVmIy2+6v9cMhoh/pMJ50ATUJagxyb2/ vzZJxkuFgvE0ruHCwy3PvvrSnbqsnGf2gt5bZJq61LXEqPoPNZ9tJkyvbrDfpvioicg2 ULhu/0zg2Ig8ZuY1U1QDt0UKmz4/lt8Tg7I1lclxdWFFKAQijNredhLMHZlD0OaehaM8 XC7X2MYZxmWcjr2/zROoWbQ/mL2k5satBiwXrV2Etli4I/s0XphBEYPcqf77+VU9QmC8 uoEFw18dQ9KtOk4RrVKGvK1/sNbgLFPPWXtRrYKRHWy0ysFiFZfkXzY4VSinnn22Ti7L r7sA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763249670; x=1763854470; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=sqG0flBMZGeh359GdHLv+mvcgHNyaBu3Ru726sDNB6w=; b=vdpIqHYTgdXXYsu4orxJIQUrFCPKFEAsVExv7ZcM4DpuBIcuqAxoeSGmLCfbkR0C1K lkqHIuVRqrS0jOx2gTGJ/MSKqruxwJPCSuzjUncOboWWBhQnMKEh4H8yqTpLnyZ2l+xb MqCBVB4YcVuayhJ0n4nxsObY4saLSr3HZyaNj7ul7ZC/nmAZm39PAXLhkLHrv4xpiGim EwcNUUW4Wmm3kMdwMqaTClXAI2Cn7GTrRx1r8jnBQ7DbdbzgjHnq2+I0c1hfkiT5P3F5 gq+GcOOIKfyl7hZkVyIh1bLpINVlRg4bbghRlPik/Q2m0TsfVWA2nJ2dszX02OAR0pKg lpsw== X-Forwarded-Encrypted: i=1; AJvYcCXGMIxngIO3a5YXw6hV+GYiDiYOMCcHcJKFkPgZ2kcJp2aODg6yz2FBignXFCCMP2IaXYTDmS7nu3638os=@vger.kernel.org X-Gm-Message-State: AOJu0Yyl9eSWH7NPB+xt3wVFsJdRLJDwXgyiRJtpERj//crPvxzFGjFz YBT9uh/whSwvG8PFSXqw/2+UMICfiFdcgVY4Ky7MPlPY9MpNpm6UqY878SMh8mMqTV8= X-Gm-Gg: ASbGncukgQIBR7fTyenBk3NfHMVIYBXkjC33fPhF2Ku6HF+NBAWLmou8KaFbI+hjpLb q2Eoelnqi0UyDCeoBphxw9vTJv0IypR3Qk86Rjoi4oc4r+kSGBc6C/Bh+nSHnXc84Id26Zh7xan 1j++aa6lKy4s16kVvVaZPBVR+d4Oii8shB3/UrHJWCWOQPgtWho7FFWrRBugxoJVeZamsyafciD yGqseb3n7IwwPrWghXytyj5/z0HJPGtxaoOn8bhZEtJi53pdOurmEpsgxiH1uSe7CpuG+LqaHET ryGeR4Zg5aI9snQzjV/Jawn2XuHIBkzUQeJJ7YGCQC24cKFSxKgwYVomb9M6G6G4dNQlyT8F9vW Io5f5nDZhlDZJ3dZowB4f6XF411fvxE2LQ1e0TQCp4t5HtIELMN0L0LzBaoAVvnuYJOf28e3Eg2 kfNM27+34LwDHEeFEnBpjX55n+ojETlaykupidu3JZCllC7IruTblSukubv4e+S5LLIY7B8aiiv 6GwC6Q= X-Google-Smtp-Source: AGHT+IFT+yWE1xQelJsZaiu4UOHuENZ+/6pEVy78QbS2aI+aV+DMjL7cvmQFgzOpOfHm3mNZ1BhBVQ== X-Received: by 2002:a05:690c:e3ca:b0:786:99b8:1cad with SMTP id 00721157ae682-78929ed9415mr67766247b3.51.1763249670113; Sat, 15 Nov 2025 15:34:30 -0800 (PST) Received: from soleen.c.googlers.com.com (182.221.85.34.bc.googleusercontent.com. [34.85.221.182]) by smtp.gmail.com with ESMTPSA id 00721157ae682-7882218774esm28462007b3.57.2025.11.15.15.34.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 15 Nov 2025 15:34:29 -0800 (PST) From: Pasha Tatashin To: pratyush@kernel.org, jasonmiu@google.com, graf@amazon.com, pasha.tatashin@soleen.com, rppt@kernel.org, dmatlack@google.com, rientjes@google.com, corbet@lwn.net, rdunlap@infradead.org, ilpo.jarvinen@linux.intel.com, kanie@linux.alibaba.com, ojeda@kernel.org, aliceryhl@google.com, masahiroy@kernel.org, akpm@linux-foundation.org, tj@kernel.org, yoann.congal@smile.fr, mmaurer@google.com, roman.gushchin@linux.dev, chenridong@huawei.com, axboe@kernel.dk, mark.rutland@arm.com, jannh@google.com, vincent.guittot@linaro.org, hannes@cmpxchg.org, dan.j.williams@intel.com, david@redhat.com, joel.granados@kernel.org, rostedt@goodmis.org, anna.schumaker@oracle.com, song@kernel.org, linux@weissschuh.net, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, gregkh@linuxfoundation.org, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, rafael@kernel.org, dakr@kernel.org, bartosz.golaszewski@linaro.org, cw00.choi@samsung.com, myungjoo.ham@samsung.com, yesanishhere@gmail.com, Jonathan.Cameron@huawei.com, quic_zijuhu@quicinc.com, aleksander.lobakin@intel.com, ira.weiny@intel.com, andriy.shevchenko@linux.intel.com, leon@kernel.org, lukas@wunner.de, bhelgaas@google.com, wagi@kernel.org, djeffery@redhat.com, stuart.w.hayes@gmail.com, ptyadav@amazon.de, lennart@poettering.net, brauner@kernel.org, linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org, saeedm@nvidia.com, ajayachandra@nvidia.com, jgg@nvidia.com, parav@nvidia.com, leonro@nvidia.com, witu@nvidia.com, hughd@google.com, skhawaja@google.com, chrisl@kernel.org Subject: [PATCH v6 06/20] liveupdate: luo_file: implement file systems callbacks Date: Sat, 15 Nov 2025 18:33:52 -0500 Message-ID: <20251115233409.768044-7-pasha.tatashin@soleen.com> X-Mailer: git-send-email 2.52.0.rc1.455.g30608eb744-goog In-Reply-To: <20251115233409.768044-1-pasha.tatashin@soleen.com> References: <20251115233409.768044-1-pasha.tatashin@soleen.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable This patch implements the core mechanism for managing preserved files throughout the live update lifecycle. It provides the logic to invoke the file handler callbacks (preserve, unpreserve, freeze, unfreeze, retrieve, and finish) at the appropriate stages. During the reboot phase, luo_file_freeze() serializes the final metadata for each file (handler compatible string, token, and data handle) into a memory region preserved by KHO. In the new kernel, luo_file_deserialize() reconstructs the in-memory file list from this data, preparing the session for retrieval. Signed-off-by: Pasha Tatashin --- include/linux/liveupdate.h | 109 ++++ include/linux/liveupdate/abi/luo.h | 22 + kernel/liveupdate/Makefile | 1 + kernel/liveupdate/luo_file.c | 887 +++++++++++++++++++++++++++++ kernel/liveupdate/luo_internal.h | 9 + 5 files changed, 1028 insertions(+) create mode 100644 kernel/liveupdate/luo_file.c diff --git a/include/linux/liveupdate.h b/include/linux/liveupdate.h index 730b76625fec..4a5d4dd9905a 100644 --- a/include/linux/liveupdate.h +++ b/include/linux/liveupdate.h @@ -10,6 +10,88 @@ #include #include #include +#include +#include + +struct liveupdate_file_handler; +struct liveupdate_session; +struct file; + +/** + * struct liveupdate_file_op_args - Arguments for file operation callbacks. + * @handler: The file handler being called. + * @session: The session this file belongs to. + * @retrieved: The retrieve status for the 'can_finish / finish' + * operation. + * @file: The file object. For retrieve: [OUT] The callback se= ts + * this to the new file. For other ops: [IN] The caller= sets + * this to the file being operated on. + * @serialized_data: The opaque u64 handle, preserve/prepare/freeze may u= pdate + * this field. + * + * This structure bundles all parameters for the file operation callbacks. + * The 'data' and 'file' fields are used for both input and output. + */ +struct liveupdate_file_op_args { + struct liveupdate_file_handler *handler; + struct liveupdate_session *session; + bool retrieved; + struct file *file; + u64 serialized_data; +}; + +/** + * struct liveupdate_file_ops - Callbacks for live-updatable files. + * @can_preserve: Required. Lightweight check to see if this handler is + * compatible with the given file. + * @preserve: Required. Performs state-saving for the file. + * @unpreserve: Required. Cleans up any resources allocated by @preserve. + * @freeze: Optional. Final actions just before kernel transition. + * @unfreeze: Optional. Undo freeze operations. + * @retrieve: Required. Restores the file in the new kernel. + * @can_finish: Optional. Check if this FD can finish, i.e. all restorat= ion + * pre-requirements for this FD are satisfied. Called prior= to + * finish, in order to do successful finish calls for all + * resources in the session. + * @finish: Required. Final cleanup in the new kernel. + * @owner: Module reference + * + * All operations (except can_preserve) receive a pointer to a + * 'struct liveupdate_file_op_args' containing the necessary context. + */ +struct liveupdate_file_ops { + bool (*can_preserve)(struct liveupdate_file_handler *handler, + struct file *file); + int (*preserve)(struct liveupdate_file_op_args *args); + void (*unpreserve)(struct liveupdate_file_op_args *args); + int (*freeze)(struct liveupdate_file_op_args *args); + void (*unfreeze)(struct liveupdate_file_op_args *args); + int (*retrieve)(struct liveupdate_file_op_args *args); + bool (*can_finish)(struct liveupdate_file_op_args *args); + void (*finish)(struct liveupdate_file_op_args *args); + struct module *owner; +}; + +/** + * struct liveupdate_file_handler - Represents a handler for a live-updata= ble file type. + * @ops: Callback functions + * @compatible: The compatibility string (e.g., "memfd-v1", "vfiof= d-v1") + * that uniquely identifies the file type this handler + * supports. This is matched against the compatible s= tring + * associated with individual &struct file instances. + * @list: Used for linking this handler instance into a glob= al + * list of registered file handlers. + * + * Modules that want to support live update for specific file types should + * register an instance of this structure. LUO uses this registration to + * determine if a given file can be preserved and to find the appropriate + * operations to manage its state across the update. + */ +struct liveupdate_file_handler { + const struct liveupdate_file_ops *ops; + const char compatible[LIVEUPDATE_HNDL_COMPAT_LENGTH]; + struct list_head list; +}; =20 #ifdef CONFIG_LIVEUPDATE =20 @@ -19,6 +101,16 @@ bool liveupdate_enabled(void); /* Called during kexec to tell LUO that entered into reboot */ int liveupdate_reboot(void); =20 +int liveupdate_register_file_handler(struct liveupdate_file_handler *h); + +/* kernel can internally retrieve files */ +int liveupdate_get_file_incoming(struct liveupdate_session *s, u64 token, + struct file **filep); + +/* Get a token for an outgoing file, or -ENOENT if file is not preserved */ +int liveupdate_get_token_outgoing(struct liveupdate_session *s, + struct file *file, u64 *tokenp); + #else /* CONFIG_LIVEUPDATE */ =20 static inline bool liveupdate_enabled(void) @@ -31,5 +123,22 @@ static inline int liveupdate_reboot(void) return 0; } =20 +static inline int liveupdate_register_file_handler(struct liveupdate_file_= handler *h) +{ + return -EOPNOTSUPP; +} + +static inline int liveupdate_get_file_incoming(struct liveupdate_session *= s, + u64 token, struct file **filep) +{ + return -EOPNOTSUPP; +} + +static inline int liveupdate_get_token_outgoing(struct liveupdate_session = *s, + struct file *file, u64 *tokenp) +{ + return -EOPNOTSUPP; +} + #endif /* CONFIG_LIVEUPDATE */ #endif /* _LINUX_LIVEUPDATE_H */ diff --git a/include/linux/liveupdate/abi/luo.h b/include/linux/liveupdate/= abi/luo.h index 03a177ae232e..3a596ca1907b 100644 --- a/include/linux/liveupdate/abi/luo.h +++ b/include/linux/liveupdate/abi/luo.h @@ -65,6 +65,11 @@ * Metadata for a single session, including its name and a physical po= inter * to another preserved memory block containing an array of * `struct luo_file_ser` for all files in that session. + * + * - struct luo_file_ser: + * Metadata for a single preserved file. Contains the `compatible` str= ing to + * find the correct handler in the new kernel, a user-provided `token`= for + * identification, and an opaque `data` handle for the handler to use. */ =20 #ifndef _LINUX_LIVEUPDATE_ABI_LUO_H @@ -132,4 +137,21 @@ struct luo_session_ser { u64 count; } __packed; =20 +/* The max size is set so it can be reliably used during in serialization = */ +#define LIVEUPDATE_HNDL_COMPAT_LENGTH 48 + +/** + * struct luo_file_ser - Represents the serialized preserves files. + * @compatible: File handler compatible string. + * @data: Private data + * @token: User provided token for this file + * + * If this structure is modified, LUO_SESSION_COMPATIBLE must be updated. + */ +struct luo_file_ser { + char compatible[LIVEUPDATE_HNDL_COMPAT_LENGTH]; + u64 data; + u64 token; +} __packed; + #endif /* _LINUX_LIVEUPDATE_ABI_LUO_H */ diff --git a/kernel/liveupdate/Makefile b/kernel/liveupdate/Makefile index 83285e7ad726..c2252a2ad7bd 100644 --- a/kernel/liveupdate/Makefile +++ b/kernel/liveupdate/Makefile @@ -2,6 +2,7 @@ =20 luo-y :=3D \ luo_core.o \ + luo_file.o \ luo_ioctl.o \ luo_session.o =20 diff --git a/kernel/liveupdate/luo_file.c b/kernel/liveupdate/luo_file.c new file mode 100644 index 000000000000..dae27a69a09f --- /dev/null +++ b/kernel/liveupdate/luo_file.c @@ -0,0 +1,887 @@ +// SPDX-License-Identifier: GPL-2.0 + +/* + * Copyright (c) 2025, Google LLC. + * Pasha Tatashin + */ + +/** + * DOC: LUO File Descriptors + * + * LUO provides the infrastructure to preserve specific, stateful file + * descriptors across a kexec-based live update. The primary goal is to al= low + * workloads, such as virtual machines using vfio, memfd, or iommufd, to + * retain access to their essential resources without interruption. + * + * The framework is built around a callback-based handler model and a well- + * defined lifecycle for each preserved file. + * + * Handler Registration: + * Kernel modules responsible for a specific file type (e.g., memfd, vfio) + * register a &struct liveupdate_file_handler. This handler provides a set= of + * callbacks that LUO invokes at different stages of the update process, m= ost + * notably: + * + * - can_preserve(): A lightweight check to determine if the handler is + * compatible with a given 'struct file'. + * - preserve(): The heavyweight operation that saves the file's state a= nd + * returns an opaque u64 handle, happens while vcpus are still running. + * LUO becomes the owner of this file until session is closed or file = is + * finished. + * - unpreserve(): Cleans up any resources allocated by .preserve(), cal= led + * if the preservation process is aborted before the reboot (i.e. sess= ion is + * closed). + * - freeze(): A final pre-reboot opportunity to prepare the state for k= exec. + * We are already in reboot syscall, and therefore userspace cannot mu= tate + * the file anymore. + * - unfreeze(): Undoes the actions of .freeze(), called if the live upd= ate + * is aborted after the freeze phase. + * - retrieve(): Reconstructs the file in the new kernel from the preser= ved + * handle. + * - finish(): Performs final check and cleanup in the new kernel. After + * succesul finish call, LUO gives up ownership to this file. + * + * File Preservation Lifecycle happy path: + * + * 1. Preserve (Normal Operation): A userspace agent preserves files one b= y one + * via an ioctl. For each file, luo_preserve_file() finds a compatible + * handler, calls its .preserve() op, and creates an internal &struct + * luo_file to track the live state. + * + * 2. Freeze (Pre-Reboot): Just before the kexec, luo_file_freeze() is cal= led. + * It iterates through all preserved files, calls their respective .fre= eze() + * ops, and serializes their final metadata (compatible string, token, = and + * data handle) into a contiguous memory block for KHO. + * + * 3. Deserialize (New Kernel - Early Boot): After kexec, luo_file_deseria= lize() + * runs. It reads the serialized data from the KHO memory region and + * reconstructs the in-memory list of &struct luo_file instances for th= e new + * kernel, linking them to their corresponding handlers. + * + * 4. Retrieve (New Kernel - Userspace Ready): The userspace agent can now + * restore file descriptors by providing a token. luo_retrieve_file() + * searches for the matching token, calls the handler's .retrieve() op = to + * re-create the 'struct file', and returns a new FD. Files can be + * retrieved in ANY order. + * + * 5. Finish (New Kernel - Cleanup): Once a session retrival is complete, + * luo_file_finish() is called. It iterates through all files, + * invokes their .finish() ops for final cleanup, and releases all + * associated kernel resources. + * + * File Preservation Lifecycle unhappy paths: + * + * 1. Abort Before Reboot: If the userspace agent aborts the live update + * process before calling reboot (e.g., by closing the session file + * descriptor), the session's release handler calls + * luo_file_unpreserve_files(). This invokes the .unpreserve() callback= on + * all preserved files, ensuring all allocated resources are cleaned up= and + * returning the system to a clean state. + * + * 2. Freeze Failure: During the reboot() syscall, if any handler's .freez= e() + * op fails, the .unfreeze() op is invoked on all previously *successfu= l* + * freezes to roll back their state. The reboot() syscall then returns = an + * error to userspace, canceling the live update. + * + * 3. Finish Failure: In the new kernel, if a handler's .finish() op fails, + * the luo_file_finish() operation is aborted. LUO retains ownership of + * all files within that session, including those that were not yet + * processed. The userspace agent can attempt to call the finish operat= ion + * again later. If the issue cannot be resolved, these resources will b= e held + * by LUO until the next live update cycle, at which point they will be + * discarded. + */ + +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "luo_internal.h" + +static LIST_HEAD(luo_file_handler_list); + +/* 2 4K pages, give space for 128 files per session */ +#define LUO_FILE_PGCNT 2ul +#define LUO_FILE_MAX \ + ((LUO_FILE_PGCNT << PAGE_SHIFT) / sizeof(struct luo_file_ser)) + +/** + * struct luo_file - Represents a single preserved file instance. + * @fh: Pointer to the &struct liveupdate_file_handler that man= ages + * this type of file. + * @file: Pointer to the kernel's &struct file that is being pres= erved. + * This is NULL in the new kernel until the file is succes= sfully + * retrieved. + * @serialized_data: The opaque u64 handle to the serialized state of the = file. + * This handle is passed back to the handler's .freeze(), + * .retrieve(), and .finish() callbacks, allowing it to tr= ack + * and update its serialized state across phases. + * @retrieved: A flag indicating whether a user/kernel in the new kern= el has + * successfully called retrieve() on this file. This preve= nts + * multiple retrieval attempts. + * @mutex: A mutex that protects the fields of this specific insta= nce + * (e.g., @retrieved, @file), ensuring that operations like + * retrieving or finishing a file are atomic. + * @list: The list_head linking this instance into its parent + * session's list of preserved files. + * @token: The user-provided unique token used to identify this fi= le. + * + * This structure is the core in-kernel representation of a single file be= ing + * managed through a live update. An instance is created by luo_preserve_f= ile() + * to link a 'struct file' to its corresponding handler, a user-provided t= oken, + * and the serialized state handle returned by the handler's .preserve() + * operation. + * + * These instances are tracked in a per-session list. The @serialized_data + * field, which holds a handle to the file's serialized state, may be upda= ted + * during the .freeze() callback before being serialized for the next kern= el. + * After reboot, these structures are recreated by luo_file_deserialize() = and + * are finally cleaned up by luo_file_finish(). + */ +struct luo_file { + struct liveupdate_file_handler *fh; + struct file *file; + u64 serialized_data; + bool retrieved; + struct mutex mutex; + struct list_head list; + u64 token; +}; + +static int luo_session_alloc_files_mem(struct luo_session *session) +{ + size_t size; + void *mem; + + if (session->files) + return 0; + + WARN_ON_ONCE(session->count); + + size =3D LUO_FILE_PGCNT << PAGE_SHIFT; + mem =3D kho_alloc_preserve(size); + if (IS_ERR(mem)) + return PTR_ERR(mem); + + session->files =3D mem; + session->pgcnt =3D LUO_FILE_PGCNT; + + return 0; +} + +static void luo_session_free_files_mem(struct luo_session *session) +{ + /* If session has files, no need to free preservation memory */ + if (session->count) + return; + + if (!session->files) + return; + + kho_unpreserve_free(session->files); + session->files =3D NULL; + session->pgcnt =3D 0; +} + +static bool luo_token_is_used(struct luo_session *session, u64 token) +{ + struct luo_file *iter; + + list_for_each_entry(iter, &session->files_list, list) { + if (iter->token =3D=3D token) + return true; + } + + return false; +} + +/** + * luo_preserve_file - Initiate the preservation of a file descriptor. + * @session: The session to which the preserved file will be added. + * @token: A unique, user-provided identifier for the file. + * @fd: The file descriptor to be preserved. + * + * This function orchestrates the first phase of preserving a file. Upon e= ntry, + * it takes a reference to the 'struct file' via fget(), effectively makin= g LUO + * a co-owner of the file. This reference is held until the file is either + * unpreserved or successfully finished in the next kernel, preventing the= file + * from being prematurely destroyed. + * + * This function orchestrates the first phase of preserving a file. It per= forms + * the following steps: + * + * 1. Validates that the @token is not already in use within the session. + * 2. Ensures the session's memory for files serialization is allocated + * (allocates if needed). + * 3. Iterates through registered handlers, calling can_preserve() to find= one + * compatible with the given @fd. + * 4. Calls the handler's .preserve() operation, which saves the file's st= ate + * and returns an opaque private data handle. + * 5. Adds the new instance to the session's internal list. + * + * On success, LUO takes a reference to the 'struct file' and considers it + * under its management until it is unpreserved or finished. + * + * In case of any failure, all intermediate allocations (file reference, m= emory + * for the 'luo_file' struct, etc.) are cleaned up before returning an err= or. + * + * Context: Can be called from an ioctl handler during normal system opera= tion. + * Return: 0 on success. Returns a negative errno on failure: + * -EEXIST if the token is already used. + * -EBADF if the file descriptor is invalid. + * -ENOSPC if the session is full. + * -ENOENT if no compatible handler is found. + * -ENOMEM on memory allocation failure. + * Other erros might be returned by .preserve(). + */ +int luo_preserve_file(struct luo_session *session, u64 token, int fd) +{ + struct liveupdate_file_op_args args =3D {0}; + struct liveupdate_file_handler *fh; + struct luo_file *luo_file; + struct file *file; + int err; + + lockdep_assert_held(&session->mutex); + + if (luo_token_is_used(session, token)) + return -EEXIST; + + file =3D fget(fd); + if (!file) + return -EBADF; + + err =3D luo_session_alloc_files_mem(session); + if (err) + goto exit_err; + + if (session->count =3D=3D LUO_FILE_MAX) { + err =3D -ENOSPC; + goto exit_err; + } + + err =3D -ENOENT; + list_for_each_entry(fh, &luo_file_handler_list, list) { + if (fh->ops->can_preserve(fh, file)) { + err =3D 0; + break; + } + } + + /* err is still -ENOENT if no handler was found */ + if (err) + goto exit_err; + + luo_file =3D kzalloc(sizeof(*luo_file), GFP_KERNEL); + if (!luo_file) { + err =3D -ENOMEM; + goto exit_err; + } + + luo_file->file =3D file; + luo_file->fh =3D fh; + luo_file->token =3D token; + luo_file->retrieved =3D false; + mutex_init(&luo_file->mutex); + + args.handler =3D fh; + args.session =3D (struct liveupdate_session *)session; + args.file =3D file; + err =3D fh->ops->preserve(&args); + if (err) { + mutex_destroy(&luo_file->mutex); + kfree(luo_file); + goto exit_err; + } else { + luo_file->serialized_data =3D args.serialized_data; + list_add_tail(&luo_file->list, &session->files_list); + session->count++; + } + + return 0; + +exit_err: + fput(file); + luo_session_free_files_mem(session); + + return err; +} + +/** + * luo_file_unpreserve_files - Unpreserves all files from a session. + * @session: The session to be cleaned up. + * + * This function serves as the primary cleanup path for a session. It is + * invoked when the userspace agent closes the session's file descriptor. + * + * For each file, it performs the following cleanup actions: + * 1. Calls the handler's .unpreserve() callback to allow the handler to + * release any resources it allocated. + * 2. Removes the file from the session's internal tracking list. + * 3. Releases the reference to the 'struct file' that was taken by + * luo_preserve_file() via fput(), returning ownership. + * 4. Frees the memory associated with the internal 'struct luo_file'. + * + * After all individual files are unpreserved, it frees the contiguous mem= ory + * block that was allocated to hold their serialization data. + */ +void luo_file_unpreserve_files(struct luo_session *session) +{ + struct luo_file *luo_file; + + lockdep_assert_held(&session->mutex); + + while (!list_empty(&session->files_list)) { + struct liveupdate_file_op_args args =3D {0}; + + luo_file =3D list_last_entry(&session->files_list, + struct luo_file, list); + + args.handler =3D luo_file->fh; + args.session =3D (struct liveupdate_session *)session; + args.file =3D luo_file->file; + args.serialized_data =3D luo_file->serialized_data; + luo_file->fh->ops->unpreserve(&args); + + list_del(&luo_file->list); + session->count--; + + fput(luo_file->file); + mutex_destroy(&luo_file->mutex); + kfree(luo_file); + } + + luo_session_free_files_mem(session); +} + +static int luo_file_freeze_one(struct luo_session *session, + struct luo_file *luo_file) +{ + int err =3D 0; + + guard(mutex)(&luo_file->mutex); + + if (luo_file->fh->ops->freeze) { + struct liveupdate_file_op_args args =3D {0}; + + args.handler =3D luo_file->fh; + args.session =3D (struct liveupdate_session *)session; + args.file =3D luo_file->file; + args.serialized_data =3D luo_file->serialized_data; + + err =3D luo_file->fh->ops->freeze(&args); + if (!err) + luo_file->serialized_data =3D args.serialized_data; + } + + return err; +} + +static void luo_file_unfreeze_one(struct luo_session *session, + struct luo_file *luo_file) +{ + guard(mutex)(&luo_file->mutex); + + if (luo_file->fh->ops->unfreeze) { + struct liveupdate_file_op_args args =3D {0}; + + args.handler =3D luo_file->fh; + args.session =3D (struct liveupdate_session *)session; + args.file =3D luo_file->file; + args.serialized_data =3D luo_file->serialized_data; + + luo_file->fh->ops->unfreeze(&args); + } + + luo_file->serialized_data =3D 0; +} + +static void __luo_file_unfreeze(struct luo_session *session, + struct luo_file *failed_entry) +{ + struct list_head *files_list =3D &session->files_list; + struct luo_file *luo_file; + + list_for_each_entry(luo_file, files_list, list) { + if (luo_file =3D=3D failed_entry) + break; + + luo_file_unfreeze_one(session, luo_file); + } + + memset(session->files, 0, session->pgcnt << PAGE_SHIFT); +} + +/** + * luo_file_freeze - Freezes all preserved files and serializes their meta= data. + * @session: The session whose files are to be frozen. + * + * This function is called from the reboot() syscall path, just before the + * kernel transitions to the new image via kexec. Its purpose is to perfor= m the + * final preparation and serialization of all preserved files in the sessi= on. + * + * It iterates through each preserved file in FIFO order (the order of + * preservation) and performs two main actions: + * + * 1. Freezes the File: It calls the handler's .freeze() callback for each + * file. This gives the handler a final opportunity to quiesce the devi= ce or + * prepare its state for the upcoming reboot. The handler may update its + * private data handle during this step. + * + * 2. Serializes Metadata: After a successful freeze, it copies the final = file + * metadata=E2=80=94the handler's compatible string, the user token, an= d the final + * private data handle=E2=80=94into the pre-allocated contiguous memory= buffer + * (session->files) that will be handed over to the next kernel via KHO. + * + * Error Handling (Rollback): + * This function is atomic. If any handler's .freeze() operation fails, the + * entire live update is aborted. The __luo_file_unfreeze() helper is + * immediately called to invoke the .unfreeze() op on all files that were + * successfully frozen before the point of failure, rolling them back to a + * running state. The function then returns an error, causing the reboot() + * syscall to fail. + * + * Context: Called only from the liveupdate_reboot() path. + * Return: 0 on success, or a negative errno on failure. + */ +int luo_file_freeze(struct luo_session *session) +{ + struct luo_file_ser *file_ser =3D session->files; + struct luo_file *luo_file; + int err; + int i; + + lockdep_assert_held(&session->mutex); + + if (!session->count) + return 0; + + if (WARN_ON(!file_ser)) + return -EINVAL; + + i =3D 0; + list_for_each_entry(luo_file, &session->files_list, list) { + err =3D luo_file_freeze_one(session, luo_file); + if (err < 0) { + pr_warn("Freeze failed for session[%s] token[%#0llx] handler[%s] err[%p= e]\n", + session->name, luo_file->token, + luo_file->fh->compatible, ERR_PTR(err)); + goto exit_err; + } + + strscpy(file_ser[i].compatible, luo_file->fh->compatible, + sizeof(file_ser[i].compatible)); + file_ser[i].data =3D luo_file->serialized_data; + file_ser[i].token =3D luo_file->token; + i++; + } + + return 0; + +exit_err: + __luo_file_unfreeze(session, luo_file); + + return err; +} + +/** + * luo_file_unfreeze - Unfreezes all files in a session. + * @session: The session whose files are to be unfrozen. + * + * This function rolls back the state of all files in a session after the = freeze + * phase has begun but must be aborted. It is the counterpart to + * luo_file_freeze(). + * + * It invokes the __luo_file_unfreeze() helper with a NULL argument, which + * signals the helper to iterate through all files in the session and call + * their respective .unfreeze() handler callbacks. + * + * Context: This is called when the live update is aborted during + * the reboot() syscall, after luo_file_freeze() has been called. + */ +void luo_file_unfreeze(struct luo_session *session) +{ + lockdep_assert_held(&session->mutex); + + if (!session->count) + return; + + __luo_file_unfreeze(session, NULL); +} + +/** + * luo_retrieve_file - Restores a preserved file from a session by its tok= en. + * @session: The session from which to retrieve the file. + * @token: The unique token identifying the file to be restored. + * @filep: Output parameter; on success, this is populated with a pointer + * to the newly retrieved 'struct file'. + * + * This function is the primary mechanism for recreating a file in the new + * kernel after a live update. It searches the session's list of deseriali= zed + * files for an entry matching the provided @token. + * + * The operation is idempotent: if a file has already been successfully + * retrieved, this function will simply return a pointer to the existing + * 'struct file' and report success without re-executing the retrieve + * operation. This is handled by checking the 'retrieved' flag under a loc= k. + * + * File retrieval can happen in any order; it is not bound by the order of + * preservation. + * + * Context: Can be called from an ioctl or other in-kernel code in the new + * kernel. + * Return: 0 on success. Returns a negative errno on failure: + * -ENOENT if no file with the matching token is found. + * Any error code returned by the handler's .retrieve() op. + */ +int luo_retrieve_file(struct luo_session *session, u64 token, + struct file **filep) +{ + struct liveupdate_file_op_args args =3D {0}; + struct luo_file *luo_file; + int err; + + lockdep_assert_held(&session->mutex); + + if (list_empty(&session->files_list)) + return -ENOENT; + + list_for_each_entry(luo_file, &session->files_list, list) { + if (luo_file->token =3D=3D token) + break; + } + + if (luo_file->token !=3D token) + return -ENOENT; + + guard(mutex)(&luo_file->mutex); + if (luo_file->retrieved) { + /* + * Someone is asking for this file again, so get a reference + * for them. + */ + get_file(luo_file->file); + *filep =3D luo_file->file; + return 0; + } + + args.handler =3D luo_file->fh; + args.session =3D (struct liveupdate_session *)session; + args.serialized_data =3D luo_file->serialized_data; + err =3D luo_file->fh->ops->retrieve(&args); + if (!err) { + luo_file->file =3D args.file; + + /* Get reference so we can keep this file in LUO until finish */ + get_file(luo_file->file); + *filep =3D luo_file->file; + luo_file->retrieved =3D true; + } + + return err; +} + +static int luo_file_can_finish_one(struct luo_session *session, + struct luo_file *luo_file) +{ + bool can_finish =3D true; + + guard(mutex)(&luo_file->mutex); + + if (luo_file->fh->ops->can_finish) { + struct liveupdate_file_op_args args =3D {0}; + + args.handler =3D luo_file->fh; + args.session =3D (struct liveupdate_session *)session; + args.file =3D luo_file->file; + args.serialized_data =3D luo_file->serialized_data; + args.retrieved =3D luo_file->retrieved; + can_finish =3D luo_file->fh->ops->can_finish(&args); + } + + return can_finish ? 0 : -EBUSY; +} + +static void luo_file_finish_one(struct luo_session *session, + struct luo_file *luo_file) +{ + struct liveupdate_file_op_args args =3D {0}; + + guard(mutex)(&luo_file->mutex); + + args.handler =3D luo_file->fh; + args.session =3D (struct liveupdate_session *)session; + args.file =3D luo_file->file; + args.serialized_data =3D luo_file->serialized_data; + args.retrieved =3D luo_file->retrieved; + + luo_file->fh->ops->finish(&args); +} + +/** + * luo_file_finish - Completes the lifecycle for all files in a session. + * @session: The session to be finalized. + * + * This function orchestrates the final teardown of a live update session = in the + * new kernel. It should be called after all necessary files have been + * retrieved and the userspace agent is ready to release the preserved sta= te. + * + * The function iterates through all tracked files. For each file, it perf= orms + * the following sequence of cleanup actions: + * + * 1. If file is not yet retrieved, retrieves it, and calls can_finish() on + * every file in the session. If all can_finish return true, continue to + * finish. + * 2. Calls the handler's .finish() callback (via luo_file_finish_one) to + * allow for final resource cleanup within the handler. + * 3. Releases LUO's ownership reference on the 'struct file' via fput(). = This + * is the counterpart to the get_file() call in luo_retrieve_file(). + * 4. Removes the 'struct luo_file' from the session's internal list. + * 5. Frees the memory for the 'struct luo_file' instance itself. + * + * After successfully finishing all individual files, it frees the + * contiguous memory block that was used to transfer the serialized metada= ta + * from the previous kernel. + * + * Error Handling (Atomic Failure): + * This operation is atomic. If any handler's .can_finish() op fails, the = entire + * function aborts immediately and returns an error. + * + * Context: Can be called from an ioctl handler in the new kernel. + * Return: 0 on success, or a negative errno on failure. + */ +int luo_file_finish(struct luo_session *session) +{ + struct list_head *files_list =3D &session->files_list; + struct luo_file *luo_file; + int err; + + if (!session->count) + return 0; + + lockdep_assert_held(&session->mutex); + + list_for_each_entry(luo_file, files_list, list) { + err =3D luo_file_can_finish_one(session, luo_file); + if (err) + return err; + } + + while (!list_empty(&session->files_list)) { + luo_file =3D list_last_entry(&session->files_list, + struct luo_file, list); + + luo_file_finish_one(session, luo_file); + + if (luo_file->file) + fput(luo_file->file); + list_del(&luo_file->list); + session->count--; + mutex_destroy(&luo_file->mutex); + kfree(luo_file); + } + + if (session->files) { + kho_restore_free(session->files); + session->files =3D NULL; + session->pgcnt =3D 0; + } + + return 0; +} + +/** + * luo_file_deserialize - Reconstructs the list of preserved files in the = new kernel. + * @session: The incoming session containing the serialized file data from= KHO. + * + * This function is called during the early boot process of the new kernel= . It + * takes the raw, contiguous memory block of 'struct luo_file_ser' entries, + * provided by the previous kernel, and transforms it back into a live, + * in-memory linked list of 'struct luo_file' instances. + * + * For each serialized entry, it performs the following steps: + * 1. Reads the 'compatible' string. + * 2. Searches the global list of registered file handlers for one that + * matches the compatible string. + * 3. Allocates a new 'struct luo_file'. + * 4. Populates the new structure with the deserialized data (token, pri= vate + * data handle) and links it to the found handler. The 'file' pointer= is + * initialized to NULL, as the file has not been retrieved yet. + * 5. Adds the new 'struct luo_file' to the session's files_list. + * + * This prepares the session for userspace, which can later call + * luo_retrieve_file() to restore the actual file descriptors. + * + * Context: Called from session deserialization. + */ +int luo_file_deserialize(struct luo_session *session) +{ + struct luo_file_ser *file_ser; + u64 i; + + lockdep_assert_held(&session->mutex); + + if (!session->files) + return 0; + + file_ser =3D session->files; + for (i =3D 0; i < session->count; i++) { + struct liveupdate_file_handler *fh; + bool handler_found =3D false; + struct luo_file *luo_file; + + list_for_each_entry(fh, &luo_file_handler_list, list) { + if (!strcmp(fh->compatible, file_ser[i].compatible)) { + handler_found =3D true; + break; + } + } + + if (!handler_found) { + pr_warn("No registered handler for compatible '%s'\n", + file_ser[i].compatible); + return -ENOENT; + } + + luo_file =3D kzalloc(sizeof(*luo_file), GFP_KERNEL); + if (!luo_file) + return -ENOMEM; + + luo_file->fh =3D fh; + luo_file->file =3D NULL; + luo_file->serialized_data =3D file_ser[i].data; + luo_file->token =3D file_ser[i].token; + luo_file->retrieved =3D false; + mutex_init(&luo_file->mutex); + list_add_tail(&luo_file->list, &session->files_list); + } + + return 0; +} + +/** + * liveupdate_register_file_handler - Register a file handler with LUO. + * @fh: Pointer to a caller-allocated &struct liveupdate_file_handler. + * The caller must initialize this structure, including a unique + * 'compatible' string and a valid 'fh' callbacks. This function adds the + * handler to the global list of supported file handlers. + * + * Context: Typically called during module initialization for file types t= hat + * support live update preservation. + * + * Return: 0 on success. Negative errno on failure. + */ +int liveupdate_register_file_handler(struct liveupdate_file_handler *fh) +{ + static DEFINE_MUTEX(register_file_handler_lock); + struct liveupdate_file_handler *fh_iter; + + if (!liveupdate_enabled()) + return -EOPNOTSUPP; + + /* + * Once sessions have been deserialized, file handlers cannot be + * registered, it is too late. + */ + if (WARN_ON(luo_session_is_deserialized())) + return -EBUSY; + + /* Sanity check that all required callbacks are set */ + if (!fh->ops->preserve || !fh->ops->unpreserve || + !fh->ops->retrieve || !fh->ops->finish) { + return -EINVAL; + } + + guard(mutex)(®ister_file_handler_lock); + list_for_each_entry(fh_iter, &luo_file_handler_list, list) { + if (!strcmp(fh_iter->compatible, fh->compatible)) { + pr_err("File handler registration failed: Compatible string '%s' alread= y registered.\n", + fh->compatible); + return -EEXIST; + } + } + + if (!try_module_get(fh->ops->owner)) + return -EAGAIN; + + INIT_LIST_HEAD(&fh->list); + list_add_tail(&fh->list, &luo_file_handler_list); + + return 0; +} + +/** + * liveupdate_get_token_outgoing - Get the token for a preserved file. + * @s: The outgoing liveupdate session. + * @file: The file object to search for. + * @tokenp: Output parameter for the found token. + * + * Searches the list of preserved files in an outgoing session for a match= ing + * file object. If found, the corresponding user-provided token is returne= d. + * + * This function is intended for in-kernel callers that need to correlate a + * file with its liveupdate token. + * + * Context: Can be called from any context that can acquire the session mu= tex. + * Return: 0 on success, -ENOENT if the file is not preserved in this sess= ion. + */ +int liveupdate_get_token_outgoing(struct liveupdate_session *s, + struct file *file, u64 *tokenp) +{ + struct luo_session *session =3D (struct luo_session *)s; + struct luo_file *luo_file; + int err =3D -ENOENT; + + list_for_each_entry(luo_file, &session->files_list, list) { + if (luo_file->file =3D=3D file) { + if (tokenp) + *tokenp =3D luo_file->token; + err =3D 0; + break; + } + } + + return err; +} + +/** + * liveupdate_get_file_incoming - Retrieves a preserved file for in-kernel= use. + * @s: The incoming liveupdate session (restored from the previous ke= rnel). + * @token: The unique token identifying the file to retrieve. + * @filep: On success, this will be populated with a pointer to the retri= eved + * 'struct file'. + * + * Provides a kernel-internal API for other subsystems to retrieve their + * preserved files after a live update. This function is a simple wrapper + * around luo_retrieve_file(), allowing callers to find a file by its toke= n. + * + * The operation is idempotent; subsequent calls for the same token will r= eturn + * a pointer to the same 'struct file' object. + * + * The caller receives a pointer to the file with a reference incremented.= The + * file's lifetime is managed by LUO and any userspace file + * descriptors. If the caller needs to hold a reference to the file beyond= the + * immediate scope, it must call get_file() itself. + * + * Context: Can be called from any context in the new kernel that has a ha= ndle + * to a restored session. + * Return: 0 on success. Returns -ENOENT if no file with the matching toke= n is + * found, or any other negative errno on failure. + */ +int liveupdate_get_file_incoming(struct liveupdate_session *s, u64 token, + struct file **filep) +{ + struct luo_session *session =3D (struct luo_session *)s; + + return luo_retrieve_file(session, token, filep); +} diff --git a/kernel/liveupdate/luo_internal.h b/kernel/liveupdate/luo_inter= nal.h index 5185ad37a8c1..1a36f2383123 100644 --- a/kernel/liveupdate/luo_internal.h +++ b/kernel/liveupdate/luo_internal.h @@ -70,4 +70,13 @@ int luo_session_serialize(void); int luo_session_deserialize(void); bool luo_session_is_deserialized(void); =20 +int luo_preserve_file(struct luo_session *session, u64 token, int fd); +void luo_file_unpreserve_files(struct luo_session *session); +int luo_file_freeze(struct luo_session *session); +void luo_file_unfreeze(struct luo_session *session); +int luo_retrieve_file(struct luo_session *session, u64 token, + struct file **filep); +int luo_file_finish(struct luo_session *session); +int luo_file_deserialize(struct luo_session *session); + #endif /* _LINUX_LUO_INTERNAL_H */ --=20 2.52.0.rc1.455.g30608eb744-goog From nobody Mon Feb 9 04:30:58 2026 Received: from mail-yx1-f45.google.com (mail-yx1-f45.google.com [74.125.224.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A463C27F759 for ; Sat, 15 Nov 2025 23:34:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.224.45 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763249678; cv=none; b=R5OGK24qMdMyrbruo26SHiFlpvT0sUPkgEc9c2x1T1AISQsxtokSJhoTlBBbPmsX82ar/MeSxb6WoTkHTRssDHtm7GeaU2P5U9QBhbUTxKyqI8dmi48dV8fj/FZhGcY3VtA4Z63To7ImG7hehUNi4EHBJhXv2loa8sXhNC28UgY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763249678; c=relaxed/simple; bh=iH6e2dbZhxNGawYVnoeitVB8B9t7TUQvEkiyaf4Tegw=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=BP8pt0jL3Vscjb7fMR+rpO59D/RjXlUWiIkxNUUxv9GIy7RUOj4DdNTn6cighD88sKqF8+rBz6j6vPle21HDHeVKTLg1tLSW0cygA3PqYIx4Xgnjnaru5T+3Z/MZsdp9K9UfPG0o4M6TH7NI1Lk27Zdp55JVdKanntkPrIda/J0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=soleen.com; spf=pass smtp.mailfrom=soleen.com; dkim=pass (2048-bit key) header.d=soleen.com header.i=@soleen.com header.b=AykjmslO; arc=none smtp.client-ip=74.125.224.45 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=soleen.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=soleen.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=soleen.com header.i=@soleen.com header.b="AykjmslO" Received: by mail-yx1-f45.google.com with SMTP id 956f58d0204a3-640f2c9cc72so2325769d50.3 for ; Sat, 15 Nov 2025 15:34:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=soleen.com; s=google; t=1763249673; x=1763854473; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=WkjwaQDLlS9Yr5+HyVNaGiCitPd127gM/CMqs5Sb1tM=; b=AykjmslO++YzOQz1+BrIYUf3j8mlyDpI3qflfsfKrohqm1bCvzDm98nYz6/M7dbEBn rWbWvsVCI1pSzRFxlcYMR5WkPk/05pqVq1c2eWikreG9KaAOiHGPpoVu4PU6R+cGG0gP XrSrVjIYz+wHsAVwEBUjVROhZIfU2krFNe5AMnr5s3ghtPWbkdbdzzoB6ypezkv1Jaaz c5vTKv9BogUHkQZbWhhJOuFGw+0xZSXmPqO6d0nLFCjqyxr39H3WiGTXCKX7S6encq4u jEzpa3H5pWAo4lk4LR8iitUEj7qh3YfXucQXWTDeiHyKESsXAmLt42LDTt1KT33hc6gC QwKw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763249673; x=1763854473; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=WkjwaQDLlS9Yr5+HyVNaGiCitPd127gM/CMqs5Sb1tM=; b=VXODD2KEG8n7VC6ok7aMtgTGeFnoQSadUYP5w5iKverRrtizavus31g4JVo6msS+6F 0bK2ZXcbgT1eG7GqB0wHZSkugLAkF4faEVdjY1C2lN80adgz7d8L9ER51MzdKlWE0g2b DNZkb02/BL8uqHJIQPEyfPyPKHlj5u2WwY9ABPxBZW4yQ9Tfwyp/XLBHpajsC3wB7iWO Ex86cLHtuCZipOeMDJ8Rxqh/AlY9zELFEPsbdIEF+k3eASbFSXxbJAqnBCsJI86j5c4A KJBBO1BSHN4NK1fPby2TeKtdNhIIKqZr8oiCdV4HCXVKKm3EJgoczNr91H9XKMn6J57S zXMw== X-Forwarded-Encrypted: i=1; AJvYcCVuxUG7TwrD7puvaSMWxhT9Ys4ZjdMSvIWNUdmC0e0Vl8D7k8nZf5eWqDlmZPnrtYYZbT5B+WALyLZGHJw=@vger.kernel.org X-Gm-Message-State: AOJu0YxESL403ndW4J/PRgnP24Fdi4/F41GzyH2oTzez1+3v3Miu6gTF Uk3EqpW3YIb09M07wFOZ2hhalcKKdgNDENERtxJnKEtJPYCJg3uRskzZQecBsMPmoys= X-Gm-Gg: ASbGncsUPz5QjuiWR9ln8Ajs8YdLETv7mVCRkfnlLwWFQab023C8PEYexElfHzYt4jH gSH0kNUqbOwUqIX0wRWE9DKHX2in3JQZ82bV832VCNqe9uQJbsdXfisZZjd+mMd0zxC2cLD/t1x naLQmV1cm0tMV5z/3YJLMoZgdIWOXIBxbaNbVA/rgJ/0u7qFNoZ6SiUpjU8nsZgnf8SSFWDzFNm R03LykNKAdr10kxflCe5PZIHdf8Q7HW7JL7GW6moHROjuoik40eytl5l6CGhhkI4MiuX40nCXSC 5P5IHNTMP4aGEwDDui2xDG/ePzTJ1jZxVOxJCaO7N0f5vhQ/AlNIkgL0hWYvceD2DIbYWzlYzlR BBHwFOyTgC+Ul7s6lxCCZe2Q+Wwmew9on1Q3780lUZcfZY6J/qd1ZnrFM5nytGS4wkIXy8MPmdP uVA1J6Q2uqNkN9Nuf/TLtEhfdZZrelPoNdnSt5YJ4ZWwb5xyFbo80CpbXm6Q7rMoPKVLhs X-Google-Smtp-Source: AGHT+IGIvzvWx+seWY3lDwubxMit7pfqszZynxJfb+7BhQKgt/q2GPlXgRc870pYq2BGK02AYhbTJA== X-Received: by 2002:a05:690c:868a:10b0:788:161c:7117 with SMTP id 00721157ae682-78929dff2b5mr118300507b3.8.1763249673543; Sat, 15 Nov 2025 15:34:33 -0800 (PST) Received: from soleen.c.googlers.com.com (182.221.85.34.bc.googleusercontent.com. [34.85.221.182]) by smtp.gmail.com with ESMTPSA id 00721157ae682-7882218774esm28462007b3.57.2025.11.15.15.34.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 15 Nov 2025 15:34:32 -0800 (PST) From: Pasha Tatashin To: pratyush@kernel.org, jasonmiu@google.com, graf@amazon.com, pasha.tatashin@soleen.com, rppt@kernel.org, dmatlack@google.com, rientjes@google.com, corbet@lwn.net, rdunlap@infradead.org, ilpo.jarvinen@linux.intel.com, kanie@linux.alibaba.com, ojeda@kernel.org, aliceryhl@google.com, masahiroy@kernel.org, akpm@linux-foundation.org, tj@kernel.org, yoann.congal@smile.fr, mmaurer@google.com, roman.gushchin@linux.dev, chenridong@huawei.com, axboe@kernel.dk, mark.rutland@arm.com, jannh@google.com, vincent.guittot@linaro.org, hannes@cmpxchg.org, dan.j.williams@intel.com, david@redhat.com, joel.granados@kernel.org, rostedt@goodmis.org, anna.schumaker@oracle.com, song@kernel.org, linux@weissschuh.net, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, gregkh@linuxfoundation.org, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, rafael@kernel.org, dakr@kernel.org, bartosz.golaszewski@linaro.org, cw00.choi@samsung.com, myungjoo.ham@samsung.com, yesanishhere@gmail.com, Jonathan.Cameron@huawei.com, quic_zijuhu@quicinc.com, aleksander.lobakin@intel.com, ira.weiny@intel.com, andriy.shevchenko@linux.intel.com, leon@kernel.org, lukas@wunner.de, bhelgaas@google.com, wagi@kernel.org, djeffery@redhat.com, stuart.w.hayes@gmail.com, ptyadav@amazon.de, lennart@poettering.net, brauner@kernel.org, linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org, saeedm@nvidia.com, ajayachandra@nvidia.com, jgg@nvidia.com, parav@nvidia.com, leonro@nvidia.com, witu@nvidia.com, hughd@google.com, skhawaja@google.com, chrisl@kernel.org Subject: [PATCH v6 07/20] liveupdate: luo_session: Add ioctls for file preservation Date: Sat, 15 Nov 2025 18:33:53 -0500 Message-ID: <20251115233409.768044-8-pasha.tatashin@soleen.com> X-Mailer: git-send-email 2.52.0.rc1.455.g30608eb744-goog In-Reply-To: <20251115233409.768044-1-pasha.tatashin@soleen.com> References: <20251115233409.768044-1-pasha.tatashin@soleen.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Introducing the userspace interface and internal logic required to manage the lifecycle of file descriptors within a session. Previously, a session was merely a container; this change makes it a functional management unit. The following capabilities are added: A new set of ioctl commands are added, which operate on the file descriptor returned by CREATE_SESSION. This allows userspace to: - LIVEUPDATE_SESSION_PRESERVE_FD: Add a file descriptor to a session to be preserved across the live update. - LIVEUPDATE_SESSION_RETRIEVE_FD: Retrieve a preserved file in the new kernel using its unique token. - LIVEUPDATE_SESSION_FINISH: finish session The session's .release handler is enhanced to be state-aware. When a session's file descriptor is closed, it correctly unpreserves the session based on its current state before freeing all associated file resources. Signed-off-by: Pasha Tatashin --- include/uapi/linux/liveupdate.h | 103 ++++++++++++++++++ kernel/liveupdate/luo_session.c | 187 +++++++++++++++++++++++++++++++- 2 files changed, 286 insertions(+), 4 deletions(-) diff --git a/include/uapi/linux/liveupdate.h b/include/uapi/linux/liveupdat= e.h index 6e04254ee535..3902ffab4c53 100644 --- a/include/uapi/linux/liveupdate.h +++ b/include/uapi/linux/liveupdate.h @@ -53,6 +53,14 @@ enum { LIVEUPDATE_CMD_RETRIEVE_SESSION =3D 0x01, }; =20 +/* ioctl commands for session file descriptors */ +enum { + LIVEUPDATE_CMD_SESSION_BASE =3D 0x40, + LIVEUPDATE_CMD_SESSION_PRESERVE_FD =3D LIVEUPDATE_CMD_SESSION_BASE, + LIVEUPDATE_CMD_SESSION_RETRIEVE_FD =3D 0x41, + LIVEUPDATE_CMD_SESSION_FINISH =3D 0x42, +}; + /** * struct liveupdate_ioctl_create_session - ioctl(LIVEUPDATE_IOCTL_CREATE_= SESSION) * @size: Input; sizeof(struct liveupdate_ioctl_create_session) @@ -110,4 +118,99 @@ struct liveupdate_ioctl_retrieve_session { #define LIVEUPDATE_IOCTL_RETRIEVE_SESSION \ _IO(LIVEUPDATE_IOCTL_TYPE, LIVEUPDATE_CMD_RETRIEVE_SESSION) =20 +/* Session specific IOCTLs */ + +/** + * struct liveupdate_session_preserve_fd - ioctl(LIVEUPDATE_SESSION_PRESER= VE_FD) + * @size: Input; sizeof(struct liveupdate_session_preserve_fd) + * @fd: Input; The user-space file descriptor to be preserved. + * @token: Input; An opaque, unique token for preserved resource. + * + * Holds parameters for preserving a file descriptor. + * + * User sets the @fd field identifying the file descriptor to preserve + * (e.g., memfd, kvm, iommufd, VFIO). The kernel validates if this FD type + * and its dependencies are supported for preservation. If validation pass= es, + * the kernel marks the FD internally and *initiates the process* of prepa= ring + * its state for saving. The actual snapshotting of the state typically oc= curs + * during the subsequent %LIVEUPDATE_IOCTL_PREPARE execution phase, though + * some finalization might occur during freeze. + * On successful validation and initiation, the kernel uses the @token + * field with an opaque identifier representing the resource being preserv= ed. + * This token confirms the FD is targeted for preservation and is required= for + * the subsequent %LIVEUPDATE_SESSION_RETRIEVE_FD call after the live upda= te. + * + * Return: 0 on success (validation passed, preservation initiated), negat= ive + * error code on failure (e.g., unsupported FD type, dependency issue, + * validation failed). + */ +struct liveupdate_session_preserve_fd { + __u32 size; + __s32 fd; + __aligned_u64 token; +}; + +#define LIVEUPDATE_SESSION_PRESERVE_FD \ + _IO(LIVEUPDATE_IOCTL_TYPE, LIVEUPDATE_CMD_SESSION_PRESERVE_FD) + +/** + * struct liveupdate_session_retrieve_fd - ioctl(LIVEUPDATE_SESSION_RETRIE= VE_FD) + * @size: Input; sizeof(struct liveupdate_session_RETRIEVE_fd) + * @fd: Output; The new file descriptor representing the fully restored + * kernel resource. + * @token: Input; An opaque, token that was used to preserve the resource. + * + * Retrieve a previously preserved file descriptor. + * + * User sets the @token field to the value obtained from a successful + * %LIVEUPDATE_IOCTL_FD_PRESERVE call before the live update. On success, + * the kernel restores the state (saved during the PREPARE/FREEZE phases) + * associated with the token and populates the @fd field with a new file + * descriptor referencing the restored resource in the current (new) kerne= l. + * This operation must be performed *before* signaling completion via + * %LIVEUPDATE_IOCTL_FINISH. + * + * Return: 0 on success, negative error code on failure (e.g., invalid tok= en). + */ +struct liveupdate_session_retrieve_fd { + __u32 size; + __s32 fd; + __aligned_u64 token; +}; + +#define LIVEUPDATE_SESSION_RETRIEVE_FD \ + _IO(LIVEUPDATE_IOCTL_TYPE, LIVEUPDATE_CMD_SESSION_RETRIEVE_FD) + +/** + * struct liveupdate_session_finish - ioctl(LIVEUPDATE_SESSION_FINISH) + * @size: Input; sizeof(struct liveupdate_session_finish) + * @reserved: Input; Must be zero. Reserved for future use. + * + * Signals the completion of the restoration process for a retrieved sessi= on. + * This is the final operation that should be performed on a session file + * descriptor after a live update. + * + * This ioctl must be called once all required file descriptors for the se= ssion + * have been successfully retrieved (using %LIVEUPDATE_SESSION_RETRIEVE_FD= ) and + * are fully restored from the userspace and kernel perspective. + * + * Upon success, the kernel releases its ownership of the preserved resour= ces + * associated with this session. This allows internal resources to be free= d, + * typically by decrementing reference counts on the underlying preserved + * objects. + * + * If this operation fails, the resources remain preserved in memory. User= space + * may attempt to call finish again. The resources will otherwise be reset + * during the next live update cycle. + * + * Return: 0 on success, negative error code on failure. + */ +struct liveupdate_session_finish { + __u32 size; + __u32 reserved; +}; + +#define LIVEUPDATE_SESSION_FINISH \ + _IO(LIVEUPDATE_IOCTL_TYPE, LIVEUPDATE_CMD_SESSION_FINISH) + #endif /* _UAPI_LIVEUPDATE_H */ diff --git a/kernel/liveupdate/luo_session.c b/kernel/liveupdate/luo_sessio= n.c index cb74bfaba479..82ba6e3578f5 100644 --- a/kernel/liveupdate/luo_session.c +++ b/kernel/liveupdate/luo_session.c @@ -174,26 +174,189 @@ static void luo_session_remove(struct luo_session_he= ader *sh, sh->count--; } =20 +static int luo_session_finish_one(struct luo_session *session) +{ + guard(mutex)(&session->mutex); + return luo_file_finish(session); +} + +static void luo_session_unfreeze_one(struct luo_session *session) +{ + guard(mutex)(&session->mutex); + luo_file_unfreeze(session); +} + +static int luo_session_freeze_one(struct luo_session *session) +{ + guard(mutex)(&session->mutex); + return luo_file_freeze(session); +} + static int luo_session_release(struct inode *inodep, struct file *filep) { struct luo_session *session =3D filep->private_data; struct luo_session_header *sh; + int err =3D 0; =20 /* If retrieved is set, it means this session is from incoming list */ - if (session->retrieved) + if (session->retrieved) { sh =3D &luo_session_global.incoming; - else + + err =3D luo_session_finish_one(session); + if (err) { + pr_warn("Unable to finish session [%s] on release\n", + session->name); + } else { + luo_session_remove(sh, session); + luo_session_free(session); + } + + } else { sh =3D &luo_session_global.outgoing; =20 - luo_session_remove(sh, session); - luo_session_free(session); + scoped_guard(mutex, &session->mutex) + luo_file_unpreserve_files(session); + luo_session_remove(sh, session); + luo_session_free(session); + } + + return err; +} + +static int luo_session_preserve_fd(struct luo_session *session, + struct luo_ucmd *ucmd) +{ + struct liveupdate_session_preserve_fd *argp =3D ucmd->cmd; + int err; + + guard(mutex)(&session->mutex); + err =3D luo_preserve_file(session, argp->token, argp->fd); + if (err) + return err; + + err =3D luo_ucmd_respond(ucmd, sizeof(*argp)); + if (err) + pr_warn("The file was successfully preserved, but response to user faile= d\n"); + + return err; +} + +static int luo_session_retrieve_fd(struct luo_session *session, + struct luo_ucmd *ucmd) +{ + struct liveupdate_session_retrieve_fd *argp =3D ucmd->cmd; + struct file *file; + int err; + + argp->fd =3D get_unused_fd_flags(O_CLOEXEC); + if (argp->fd < 0) + return argp->fd; + + guard(mutex)(&session->mutex); + err =3D luo_retrieve_file(session, argp->token, &file); + if (err < 0) + goto err_put_fd; + + err =3D luo_ucmd_respond(ucmd, sizeof(*argp)); + if (err) + goto err_put_file; + + fd_install(argp->fd, file); =20 return 0; + +err_put_file: + fput(file); +err_put_fd: + put_unused_fd(argp->fd); + + return err; +} + +static int luo_session_finish(struct luo_session *session, + struct luo_ucmd *ucmd) +{ + struct liveupdate_session_finish *argp =3D ucmd->cmd; + int err =3D luo_session_finish_one(session); + + if (err) + return err; + + return luo_ucmd_respond(ucmd, sizeof(*argp)); +} + +union ucmd_buffer { + struct liveupdate_session_finish finish; + struct liveupdate_session_preserve_fd preserve; + struct liveupdate_session_retrieve_fd retrieve; +}; + +struct luo_ioctl_op { + unsigned int size; + unsigned int min_size; + unsigned int ioctl_num; + int (*execute)(struct luo_session *session, struct luo_ucmd *ucmd); +}; + +#define IOCTL_OP(_ioctl, _fn, _struct, _last) = \ + [_IOC_NR(_ioctl) - LIVEUPDATE_CMD_SESSION_BASE] =3D { \ + .size =3D sizeof(_struct) + \ + BUILD_BUG_ON_ZERO(sizeof(union ucmd_buffer) < \ + sizeof(_struct)), \ + .min_size =3D offsetofend(_struct, _last), \ + .ioctl_num =3D _ioctl, \ + .execute =3D _fn, \ + } + +static const struct luo_ioctl_op luo_session_ioctl_ops[] =3D { + IOCTL_OP(LIVEUPDATE_SESSION_FINISH, luo_session_finish, + struct liveupdate_session_finish, reserved), + IOCTL_OP(LIVEUPDATE_SESSION_PRESERVE_FD, luo_session_preserve_fd, + struct liveupdate_session_preserve_fd, token), + IOCTL_OP(LIVEUPDATE_SESSION_RETRIEVE_FD, luo_session_retrieve_fd, + struct liveupdate_session_retrieve_fd, token), +}; + +static long luo_session_ioctl(struct file *filep, unsigned int cmd, + unsigned long arg) +{ + struct luo_session *session =3D filep->private_data; + const struct luo_ioctl_op *op; + struct luo_ucmd ucmd =3D {}; + union ucmd_buffer buf; + unsigned int nr; + int ret; + + nr =3D _IOC_NR(cmd); + if (nr < LIVEUPDATE_CMD_SESSION_BASE || (nr - LIVEUPDATE_CMD_SESSION_BASE= ) >=3D + ARRAY_SIZE(luo_session_ioctl_ops)) { + return -EINVAL; + } + + ucmd.ubuffer =3D (void __user *)arg; + ret =3D get_user(ucmd.user_size, (u32 __user *)ucmd.ubuffer); + if (ret) + return ret; + + op =3D &luo_session_ioctl_ops[nr - LIVEUPDATE_CMD_SESSION_BASE]; + if (op->ioctl_num !=3D cmd) + return -ENOIOCTLCMD; + if (ucmd.user_size < op->min_size) + return -EINVAL; + + ucmd.cmd =3D &buf; + ret =3D copy_struct_from_user(ucmd.cmd, op->size, ucmd.ubuffer, + ucmd.user_size); + if (ret) + return ret; + + return op->execute(session, &ucmd); } =20 static const struct file_operations luo_session_fops =3D { .owner =3D THIS_MODULE, .release =3D luo_session_release, + .unlocked_ioctl =3D luo_session_ioctl, }; =20 /* Create a "struct file" for session */ @@ -391,6 +554,8 @@ int luo_session_deserialize(void) session->count =3D sh->ser[i].count; session->files =3D sh->ser[i].files ? phys_to_virt(sh->ser[i].files) : 0; session->pgcnt =3D sh->ser[i].pgcnt; + scoped_guard(mutex, &session->mutex) + luo_file_deserialize(session); } =20 kho_restore_free(sh->header_ser); @@ -405,9 +570,14 @@ int luo_session_serialize(void) struct luo_session_header *sh =3D &luo_session_global.outgoing; struct luo_session *session; int i =3D 0; + int err; =20 guard(rwsem_write)(&sh->rwsem); list_for_each_entry(session, &sh->list, list) { + err =3D luo_session_freeze_one(session); + if (err) + goto err_undo; + strscpy(sh->ser[i].name, session->name, sizeof(sh->ser[i].name)); sh->ser[i].count =3D session->count; @@ -418,4 +588,13 @@ int luo_session_serialize(void) sh->header_ser->count =3D sh->count; =20 return 0; + +err_undo: + list_for_each_entry_continue_reverse(session, &sh->list, list) { + luo_session_unfreeze_one(session); + i--; + memset(&sh->ser[i], 0, sizeof(sh->ser[i])); + } + + return err; } --=20 2.52.0.rc1.455.g30608eb744-goog From nobody Mon Feb 9 04:30:58 2026 Received: from mail-yx1-f47.google.com (mail-yx1-f47.google.com [74.125.224.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1DE3126F28A for ; Sat, 15 Nov 2025 23:34:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.224.47 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763249682; cv=none; b=gOHZ/R99Sdf/DpWBEaGNBaYod753lOnVg0hd/VaRizE1lOXivtR0TgolyH2FLsmz5S2uD4463YV4dWOiarG3ALMwnPAJkXkXxf+hXEC4fVycKCMbpYmEiE840dcD8cQ7HWtG3j6WSoFneMR7NttVemvNaIomgCDfUEgf1+s8v3k= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763249682; c=relaxed/simple; bh=fA9qK8MUzM7dL9JdYokqTDAEIy1y2cay9xGJX4+k77k=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=TLVbPpYfMG5bkkFgI1+2laJest7oyZfACRYdB9mU9xztfnFb5SNtuRFMDeL+AUMfX+1gjClfOVmBq8DElDG4LBxvKJym89WyB3KJyIln5+SjAMjrBIzV20elaefGTAYAnovda9TD2Fs0sk2DYSjAS3tlvDkZqAxSbNQmLdx8Pv8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=soleen.com; spf=pass smtp.mailfrom=soleen.com; dkim=pass (2048-bit key) header.d=soleen.com header.i=@soleen.com header.b=eILqezXt; arc=none smtp.client-ip=74.125.224.47 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=soleen.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=soleen.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=soleen.com header.i=@soleen.com header.b="eILqezXt" Received: by mail-yx1-f47.google.com with SMTP id 956f58d0204a3-640d8b78608so2312550d50.1 for ; Sat, 15 Nov 2025 15:34:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=soleen.com; s=google; t=1763249676; x=1763854476; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=zkLBy5NcjxjmnDRSa+ox2cXiOPEVeruJrbcFG+QjG9I=; b=eILqezXtWYW0RhCPUoy/GQIfKpFZ/bH7vVQXQ1DXOlAiEfBtlWOP+hrvOGcV/9pzB+ osK5sJkz1guQCSJ1Qk4AuxunO0RJ7ebX0B1ANHhQBDebDFFPZ9H8+g4f75G56KU7pmkb g5AsfaXtLvUpJyD4Fay+8rBIhNpLksjSbmysXRuHssrRxezlqOKKa01woxaVMCbLCPRw 8MWbPXUjP/up2qzPQ11SKGpsNa0KyR8/ZoNO5CLBc+qrfeVnzr+AKN/TbfGvxXkq42QU 4rkAysVgm5yhta6J9T5zRtBPZeaDQIGjudJAGVKuRP3L+7tnjf5hdYNsmuLElim1E28d GyGA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763249676; x=1763854476; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=zkLBy5NcjxjmnDRSa+ox2cXiOPEVeruJrbcFG+QjG9I=; b=jQoEGja3wP1oj5dFrvcZGKQTT63xLp1VevgYUf83H6Z5dTLtZXGgbljN5G/wAGGuPt oacohRj2lnaD6QrLaCBEo7tlHbQBH2HC85Y5/19rHYezjdRgfEirtFD1fsgaKFzMgnwJ btbjZkPOeGLAq0N9bfm8Y2qb/U+uz50bXyneuUAHYvA2sffoFnVY0YcwqV6kHaa7SqWo Ls6ItmDeDAha1JxfAM8gul55i/sZWoawgHKrvyeko5YGkTVWEKzWHovpTfaYsmH21vyK nQpsQRu+GlVKZXJmXm2v9lxzCyDJIO22j86PXB26DoKuT1WGNYPOZfx3kaSiW8eCax2t iBng== X-Forwarded-Encrypted: i=1; AJvYcCWgWr9TGY3VAVYUBSBya8JJmf2MSeR2QAU7pm+Ot+nomohIZ8Vahl9qSuF/orv2KmurOh8JaY4ajRAHK8k=@vger.kernel.org X-Gm-Message-State: AOJu0YzrQcnC7+gAjxF8gV7iGzOt/Kjx0G6mEKqweK6azLVdsJ1X2DjH 4Jj/gA1LHJOH1Cynb54K73FzVLmbQSJnycR0ma0yj6FA50moPOn0jwXXWO4yDEhXg+Y= X-Gm-Gg: ASbGncvXrSEwmYSnEorqlkz1Sok1ISjt3Cc6auDYBHW5Kzn3i3kE9MbwE34g81jKo4Z trcl8lBrjWv96O4VoRSjkzSBcgaVoXpWUpDb74vkgpDPNVOKRhmbzT+0nxLK6R/b0INJ0vGsyR6 KZ2kj6ozAR9iVI6I+tOMslGpKalT0Th2HdJ+EEca9QnWBtOZbhlPOyWpX0ASS9ajgmYmjdqKwFx uH9xUu3Z+h/6q83PeTreifr1YhnkSMCR+V6NLU89RG8W2fKnXrATyCbtw1C0oi8nSPk4WGOQ9S8 FK7/ME5fPqvBPe2xU3GTIFlyZOkLVi9potUCF8AgLOnMpMOWbAU0AA5zF7wTC2tV0oWy/JEY7NX Fme/YlK1U2kkHWuJQrFgS1uaGH44AQ81juVoeE9R+oGHsi0AZJwDDzELOosWXWyCR+UVyFWikhF 6VB2kXanetBmOAOE9k9HDctUjlWvXKMpcwe+8PPgVLPqP0OwefBNn9e5T55m9dPMtcUxn5S1QiN Onxwr5r2kgS9z4lWg== X-Google-Smtp-Source: AGHT+IFqBK5iMM31s+FqHmn8pdAdCSPYUkP2man/XA08raYdv8kc6CVKrxPoKXomFKoeJQioPCeg+g== X-Received: by 2002:a05:690e:4289:20b0:640:d23d:3753 with SMTP id 956f58d0204a3-641e75e6195mr5932504d50.38.1763249675514; Sat, 15 Nov 2025 15:34:35 -0800 (PST) Received: from soleen.c.googlers.com.com (182.221.85.34.bc.googleusercontent.com. [34.85.221.182]) by smtp.gmail.com with ESMTPSA id 00721157ae682-7882218774esm28462007b3.57.2025.11.15.15.34.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 15 Nov 2025 15:34:35 -0800 (PST) From: Pasha Tatashin To: pratyush@kernel.org, jasonmiu@google.com, graf@amazon.com, pasha.tatashin@soleen.com, rppt@kernel.org, dmatlack@google.com, rientjes@google.com, corbet@lwn.net, rdunlap@infradead.org, ilpo.jarvinen@linux.intel.com, kanie@linux.alibaba.com, ojeda@kernel.org, aliceryhl@google.com, masahiroy@kernel.org, akpm@linux-foundation.org, tj@kernel.org, yoann.congal@smile.fr, mmaurer@google.com, roman.gushchin@linux.dev, chenridong@huawei.com, axboe@kernel.dk, mark.rutland@arm.com, jannh@google.com, vincent.guittot@linaro.org, hannes@cmpxchg.org, dan.j.williams@intel.com, david@redhat.com, joel.granados@kernel.org, rostedt@goodmis.org, anna.schumaker@oracle.com, song@kernel.org, linux@weissschuh.net, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, gregkh@linuxfoundation.org, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, rafael@kernel.org, dakr@kernel.org, bartosz.golaszewski@linaro.org, cw00.choi@samsung.com, myungjoo.ham@samsung.com, yesanishhere@gmail.com, Jonathan.Cameron@huawei.com, quic_zijuhu@quicinc.com, aleksander.lobakin@intel.com, ira.weiny@intel.com, andriy.shevchenko@linux.intel.com, leon@kernel.org, lukas@wunner.de, bhelgaas@google.com, wagi@kernel.org, djeffery@redhat.com, stuart.w.hayes@gmail.com, ptyadav@amazon.de, lennart@poettering.net, brauner@kernel.org, linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org, saeedm@nvidia.com, ajayachandra@nvidia.com, jgg@nvidia.com, parav@nvidia.com, leonro@nvidia.com, witu@nvidia.com, hughd@google.com, skhawaja@google.com, chrisl@kernel.org Subject: [PATCH v6 08/20] liveupdate: luo_flb: Introduce File-Lifecycle-Bound global state Date: Sat, 15 Nov 2025 18:33:54 -0500 Message-ID: <20251115233409.768044-9-pasha.tatashin@soleen.com> X-Mailer: git-send-email 2.52.0.rc1.455.g30608eb744-goog In-Reply-To: <20251115233409.768044-1-pasha.tatashin@soleen.com> References: <20251115233409.768044-1-pasha.tatashin@soleen.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Introduce a mechanism for managing global kernel state whose lifecycle is tied to the preservation of one or more files. This is necessary for subsystems where multiple preserved file descriptors depend on a single, shared underlying resource. An example is HugeTLB, where multiple file descriptors such as memfd and guest_memfd may rely on the state of a single HugeTLB subsystem. Preserving this state for each individual file would be redundant and incorrect. The state should be preserved only once when the first file is preserved, and restored/finished only once the last file is handled. This patch introduces File-Lifecycle-Bound (FLB) objects to solve this problem. An FLB is a global, reference-counted object with a defined set of operations: - A file handler (struct liveupdate_file_handler) declares a dependency on one or more FLBs via a new registration function, liveupdate_register_flb(). - When the first file depending on an FLB is preserved, the FLB's .preserve() callback is invoked to save the shared global state. The reference count is then incremented for each subsequent file. - Conversely, when the last file is unpreserved (before reboot) or finished (after reboot), the FLB's .unpreserve() or .finish() callback is invoked to clean up the global resource. The implementation includes: - A new set of ABI definitions (luo_flb_ser, luo_flb_head_ser) and a corresponding FDT node (luo-flb) to serialize the state of all active FLBs and pass them via Kexec Handover. - Core logic in luo_flb.c to manage FLB registration, reference counting, and the invocation of lifecycle callbacks. - An API (liveupdate_flb_*_locked/*_unlock) for other kernel subsystems to safely access the live object managed by an FLB, both before and after the live update. This framework provides the necessary infrastructure for more complex subsystems like IOMMU, VFIO, and KVM to integrate with the Live Update Orchestrator. Signed-off-by: Pasha Tatashin --- include/linux/liveupdate.h | 116 +++++ include/linux/liveupdate/abi/luo.h | 76 ++++ kernel/liveupdate/Makefile | 1 + kernel/liveupdate/luo_core.c | 7 +- kernel/liveupdate/luo_file.c | 8 + kernel/liveupdate/luo_flb.c | 658 +++++++++++++++++++++++++++++ kernel/liveupdate/luo_internal.h | 7 + 7 files changed, 872 insertions(+), 1 deletion(-) create mode 100644 kernel/liveupdate/luo_flb.c diff --git a/include/linux/liveupdate.h b/include/linux/liveupdate.h index 4a5d4dd9905a..36a831ae3ead 100644 --- a/include/linux/liveupdate.h +++ b/include/linux/liveupdate.h @@ -14,6 +14,7 @@ #include =20 struct liveupdate_file_handler; +struct liveupdate_flb; struct liveupdate_session; struct file; =20 @@ -81,6 +82,7 @@ struct liveupdate_file_ops { * associated with individual &struct file instances. * @list: Used for linking this handler instance into a glob= al * list of registered file handlers. + * @flb_list: A list of FLB dependencies. * * Modules that want to support live update for specific file types should * register an instance of this structure. LUO uses this registration to @@ -91,6 +93,80 @@ struct liveupdate_file_handler { const struct liveupdate_file_ops *ops; const char compatible[LIVEUPDATE_HNDL_COMPAT_LENGTH]; struct list_head list; + struct list_head flb_list; +}; + +/** + * struct liveupdate_flb_op_args - Arguments for FLB operation callbacks. + * @flb: The global FLB instance for which this call is performed. + * @data: For .preserve(): [OUT] The callback sets this field. + * For .unpreserve(): [IN] The handle from .preserve(). + * For .retrieve(): [IN] The handle from .preserve(). + * @obj: For .preserve(): [OUT] Sets this to the live object. + * For .retrieve(): [OUT] Sets this to the live object. + * For .finish(): [IN] The live object from .retrieve(). + * + * This structure bundles all parameters for the FLB operation callbacks. + */ +struct liveupdate_flb_op_args { + struct liveupdate_flb *flb; + u64 data; + void *obj; +}; + +/** + * struct liveupdate_flb_ops - Callbacks for global File-Lifecycle-Bound d= ata. + * @preserve: Called when the first file using this FLB is preserve= d. + * The callback must save its state and return a single, + * self-contained u64 handle by setting the 'argp->data' + * field and 'argp->obj'. + * @unpreserve: Called when the last file using this FLB is unpreserv= ed + * (aborted before reboot). Receives the handle via + * 'argp->data' and live object via 'argp->obj'. + * @retrieve: Called on-demand in the new kernel, the first time a + * component requests access to the shared object. It re= ceives + * the preserved handle via 'argp->data' and must recons= truct + * the live object, returning it by setting the 'argp->o= bj' + * field. + * @finish: Called in the new kernel when the last file using thi= s FLB + * is finished. Receives the live object via 'argp->obj'= for + * cleanup. + * @owner: Module reference + * + * Operations that manage global shared data with file bound lifecycle, + * triggered by the first file that uses it and concluded by the last file= that + * uses it, across all sessions. + */ +struct liveupdate_flb_ops { + int (*preserve)(struct liveupdate_flb_op_args *argp); + void (*unpreserve)(struct liveupdate_flb_op_args *argp); + int (*retrieve)(struct liveupdate_flb_op_args *argp); + void (*finish)(struct liveupdate_flb_op_args *argp); + struct module *owner; +}; + +/** + * struct liveupdate_flb - A global definition for a shared data object. + * @ops: Callback functions + * @compatible: The compatibility string (e.g., "iommu-core-v1" + * that uniquely identifies the FLB type this handler + * supports. This is matched against the compatible string + * associated with individual &struct liveupdate_flb + * instances. + * @list: A global list of registered FLBs. + * @internal: Internal state, set in liveupdate_init_flb(). + * + * This struct is the "template" that a driver registers to define a share= d, + * file-lifecycle-bound object. The actual runtime state (the live object, + * refcount, etc.) is managed internally by the LUO core. + * Use liveupdate_init_flb() to initialize this struct before using it in + * other functions. + */ +struct liveupdate_flb { + const struct liveupdate_flb_ops *ops; + const char compatible[LIVEUPDATE_FLB_COMPAT_LENGTH]; + struct list_head list; + void *internal; }; =20 #ifdef CONFIG_LIVEUPDATE @@ -111,6 +187,17 @@ int liveupdate_get_file_incoming(struct liveupdate_ses= sion *s, u64 token, int liveupdate_get_token_outgoing(struct liveupdate_session *s, struct file *file, u64 *tokenp); =20 +/* Before using FLB for the first time it should be initialized */ +int liveupdate_init_flb(struct liveupdate_flb *flb); + +int liveupdate_register_flb(struct liveupdate_file_handler *h, + struct liveupdate_flb *flb); + +int liveupdate_flb_incoming_locked(struct liveupdate_flb *flb, void **objp= ); +void liveupdate_flb_incoming_unlock(struct liveupdate_flb *flb, void *obj); +int liveupdate_flb_outgoing_locked(struct liveupdate_flb *flb, void **objp= ); +void liveupdate_flb_outgoing_unlock(struct liveupdate_flb *flb, void *obj); + #else /* CONFIG_LIVEUPDATE */ =20 static inline bool liveupdate_enabled(void) @@ -140,5 +227,34 @@ static inline int liveupdate_get_token_outgoing(struct= liveupdate_session *s, return -EOPNOTSUPP; } =20 +static inline int liveupdate_init_flb(struct liveupdate_flb *flb) +{ + return -EOPNOTSUPP; +} + +static inline int liveupdate_register_flb(struct liveupdate_file_handler *= h, + struct liveupdate_flb *flb) +{ + return -EOPNOTSUPP; +} + +static inline int liveupdate_flb_incoming_locked(struct liveupdate_flb *fl= b, + void **objp) +{ + return -EOPNOTSUPP; +} + +static inline void liveupdate_flb_incoming_unlock(struct liveupdate_flb *f= lb, + void *obj) { } + +static inline int liveupdate_flb_outgoing_locked(struct liveupdate_flb *fl= b, + void **objp) +{ + return -EOPNOTSUPP; +} + +static inline void liveupdate_flb_outgoing_unlock(struct liveupdate_flb *f= lb, + void *obj) { } + #endif /* CONFIG_LIVEUPDATE */ #endif /* _LINUX_LIVEUPDATE_H */ diff --git a/include/linux/liveupdate/abi/luo.h b/include/linux/liveupdate/= abi/luo.h index 3a596ca1907b..85596ce68c16 100644 --- a/include/linux/liveupdate/abi/luo.h +++ b/include/linux/liveupdate/abi/luo.h @@ -33,6 +33,11 @@ * compatible =3D "luo-session-v1"; * luo-session-header =3D ; * }; + * + * luo-flb { + * compatible =3D "luo-flb-v1"; + * luo-flb-header =3D ; + * }; * }; * * Main LUO Node (/): @@ -52,6 +57,17 @@ * is the header for a contiguous block of memory containing an array = of * `struct luo_session_ser`, one for each preserved session. * + * File-Lifecycle-Bound Node (luo-flb): + * This node describes all preserved global objects whose lifecycle is b= ound + * to that of the preserved files (e.g., shared IOMMU state). + * + * - compatible: "luo-flb-v1" + * Identifies the FLB ABI version. + * - luo-flb-header: u64 + * The physical address of a `struct luo_flb_header_ser`. This structu= re is + * the header for a contiguous block of memory containing an array of + * `struct luo_flb_ser`, one for each preserved global object. + * * Serialization Structures: * The FDT properties point to memory regions containing arrays of simpl= e, * `__packed` structures. These structures contain the actual preserved = state. @@ -70,6 +86,16 @@ * Metadata for a single preserved file. Contains the `compatible` str= ing to * find the correct handler in the new kernel, a user-provided `token`= for * identification, and an opaque `data` handle for the handler to use. + * + * - struct luo_flb_header_ser: + * Header for the FLB array. Contains the total page count of the + * preserved memory block and the number of `struct luo_flb_ser` entri= es + * that follow. + * + * - struct luo_flb_ser: + * Metadata for a single preserved global object. Contains its `name` + * (compatible string), an opaque `data` handle, and the `count` + * number of files depending on it. */ =20 #ifndef _LINUX_LIVEUPDATE_ABI_LUO_H @@ -154,4 +180,54 @@ struct luo_file_ser { u64 token; } __packed; =20 +/* The max size is set so it can be reliably used during in serialization = */ +#define LIVEUPDATE_FLB_COMPAT_LENGTH 48 + +#define LUO_FDT_FLB_NODE_NAME "luo-flb" +#define LUO_FDT_FLB_COMPATIBLE "luo-flb-v1" +#define LUO_FDT_FLB_HEADER "luo-flb-header" + +/** + * struct luo_flb_header_ser - Header for the serialized FLB data block. + * @pgcnt: The total number of pages occupied by the entire preserved memo= ry + * region, including this header and the subsequent array of + * &struct luo_flb_ser entries. + * @count: The number of &struct luo_flb_ser entries that follow this head= er + * in the memory block. + * + * This structure is located at the physical address specified by the + * `LUO_FDT_FLB_HEADER` FDT property. It provides the new kernel with the + * necessary information to find and iterate over the array of preserved + * File-Lifecycle-Bound objects and to manage the underlying memory. + * + * If this structure is modified, LUO_FDT_FLB_COMPATIBLE must be updated. + */ +struct luo_flb_header_ser { + u64 pgcnt; + u64 count; +} __packed; + +/** + * struct luo_flb_ser - Represents the serialized state of a single FLB ob= ject. + * @name: The unique compatibility string of the FLB object, used to fi= nd the + * corresponding &struct liveupdate_flb handler in the new kerne= l. + * @data: The opaque u64 handle returned by the FLB's .preserve() opera= tion + * in the old kernel. This handle encapsulates the entire state = needed + * for restoration. + * @count: The reference count at the time of serialization; i.e., the n= umber + * of preserved files that depended on this FLB. This is used by= the + * new kernel to correctly manage the FLB's lifecycle. + * + * An array of these structures is created in a preserved memory region and + * passed to the new kernel. Each entry allows the LUO core to restore one + * global, shared object. + * + * If this structure is modified, LUO_FDT_FLB_COMPATIBLE must be updated. + */ +struct luo_flb_ser { + char name[LIVEUPDATE_FLB_COMPAT_LENGTH]; + u64 data; + u64 count; +} __packed; + #endif /* _LINUX_LIVEUPDATE_ABI_LUO_H */ diff --git a/kernel/liveupdate/Makefile b/kernel/liveupdate/Makefile index c2252a2ad7bd..8d5a8354ad5a 100644 --- a/kernel/liveupdate/Makefile +++ b/kernel/liveupdate/Makefile @@ -3,6 +3,7 @@ luo-y :=3D \ luo_core.o \ luo_file.o \ + luo_flb.o \ luo_ioctl.o \ luo_session.o =20 diff --git a/kernel/liveupdate/luo_core.c b/kernel/liveupdate/luo_core.c index 653cdca5e25d..7c3932b6f96f 100644 --- a/kernel/liveupdate/luo_core.c +++ b/kernel/liveupdate/luo_core.c @@ -122,7 +122,9 @@ static int __init luo_early_startup(void) if (err) return err; =20 - return 0; + err =3D luo_flb_setup_incoming(luo_global.fdt_in); + + return err; } =20 static int __init liveupdate_early_init(void) @@ -159,6 +161,7 @@ static int __init luo_fdt_setup(void) err |=3D fdt_property_string(fdt_out, "compatible", LUO_FDT_COMPATIBLE); err |=3D fdt_property(fdt_out, LUO_FDT_LIVEUPDATE_NUM, &ln, sizeof(ln)); err |=3D luo_session_setup_outgoing(fdt_out); + err |=3D luo_flb_setup_outgoing(fdt_out); err |=3D fdt_end_node(fdt_out); err |=3D fdt_finish(fdt_out); if (err) @@ -220,6 +223,8 @@ int liveupdate_reboot(void) if (err) return err; =20 + luo_flb_serialize(); + err =3D kho_finalize(); if (err) { pr_err("kho_finalize failed %d\n", err); diff --git a/kernel/liveupdate/luo_file.c b/kernel/liveupdate/luo_file.c index dae27a69a09f..3d3bd84cb281 100644 --- a/kernel/liveupdate/luo_file.c +++ b/kernel/liveupdate/luo_file.c @@ -282,6 +282,10 @@ int luo_preserve_file(struct luo_session *session, u64= token, int fd) if (err) goto exit_err; =20 + err =3D luo_flb_file_preserve(fh); + if (err) + goto exit_err; + luo_file =3D kzalloc(sizeof(*luo_file), GFP_KERNEL); if (!luo_file) { err =3D -ENOMEM; @@ -301,6 +305,7 @@ int luo_preserve_file(struct luo_session *session, u64 = token, int fd) if (err) { mutex_destroy(&luo_file->mutex); kfree(luo_file); + luo_flb_file_unpreserve(fh); goto exit_err; } else { luo_file->serialized_data =3D args.serialized_data; @@ -352,6 +357,7 @@ void luo_file_unpreserve_files(struct luo_session *sess= ion) args.file =3D luo_file->file; args.serialized_data =3D luo_file->serialized_data; luo_file->fh->ops->unpreserve(&args); + luo_flb_file_unpreserve(luo_file->fh); =20 list_del(&luo_file->list); session->count--; @@ -624,6 +630,7 @@ static void luo_file_finish_one(struct luo_session *ses= sion, args.file =3D luo_file->file; args.serialized_data =3D luo_file->serialized_data; args.retrieved =3D luo_file->retrieved; + luo_flb_file_finish(luo_file->fh); =20 luo_file->fh->ops->finish(&args); } @@ -815,6 +822,7 @@ int liveupdate_register_file_handler(struct liveupdate_= file_handler *fh) return -EAGAIN; =20 INIT_LIST_HEAD(&fh->list); + INIT_LIST_HEAD(&fh->flb_list); list_add_tail(&fh->list, &luo_file_handler_list); =20 return 0; diff --git a/kernel/liveupdate/luo_flb.c b/kernel/liveupdate/luo_flb.c new file mode 100644 index 000000000000..47fcd3d74eb5 --- /dev/null +++ b/kernel/liveupdate/luo_flb.c @@ -0,0 +1,658 @@ +// SPDX-License-Identifier: GPL-2.0 + +/* + * Copyright (c) 2025, Google LLC. + * Pasha Tatashin + */ + +/** + * DOC: LUO File Lifecycle Bound Global Data + * + * File-Lifecycle-Bound (FLB) objects provide a mechanism for managing glo= bal + * state that is shared across multiple live-updatable files. The lifecycl= e of + * this shared state is tied to the preservation of the files that depend = on it. + * + * An FLB represents a global resource, such as the IOMMU core state, that= is + * required by multiple file descriptors (e.g., all VFIO fds). + * + * The preservation of the FLB's state is triggered when the *first* file + * depending on it is preserved. The cleanup of this state (unpreserve or + * finish) is triggered when the *last* file depending on it is unpreserve= d or + * finished. + * + * Handler Dependency: A file handler declares its dependency on one or mo= re + * FLBs by registering them via liveupdate_register_flb(). + * + * Callback Model: Each FLB is defined by a set of operations + * (&struct liveupdate_flb_ops) that LUO invokes at key points: + * + * - .preserve(): Called for the first file. Saves global state. + * - .unpreserve(): Called for the last file (if aborted pre-reboot). + * - .retrieve(): Called on-demand in the new kernel to restore the st= ate. + * - .finish(): Called for the last file in the new kernel for cleanup. + * + * This reference-counted approach ensures that shared state is saved exac= tly + * once and restored exactly once, regardless of how many files depend on = it, + * and that its lifecycle is correctly managed across the kexec transition. + */ + +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "luo_internal.h" + +#define LUO_FLB_PGCNT 1ul +#define LUO_FLB_MAX (((LUO_FLB_PGCNT << PAGE_SHIFT) - \ + sizeof(struct luo_flb_header_ser)) / sizeof(struct luo_flb_ser)) + +struct luo_flb_header { + struct luo_flb_header_ser *header_ser; + struct luo_flb_ser *ser; + bool active; +}; + +struct luo_flb_global { + struct luo_flb_header incoming; + struct luo_flb_header outgoing; + struct list_head list; + long count; +}; + +static struct luo_flb_global luo_flb_global =3D { + .list =3D LIST_HEAD_INIT(luo_flb_global.list), +}; + +/* + * struct luo_flb_link - Links an FLB definition to a file handler's inter= nal + * list of dependencies. + * @flb: A pointer to the registered &struct liveupdate_flb definition. + * @list: The list_head for linking. + */ +struct luo_flb_link { + struct liveupdate_flb *flb; + struct list_head list; +}; + +/* + * struct luo_flb_state - Holds the runtime state for one FLB lifecycle pa= th. + * @count: The number of preserved files currently depending on this FLB. + * This is used to trigger the preserve/unpreserve/finish ops on t= he + * first/last file. + * @data: The opaque u64 handle returned by .preserve() or passed to + * .retrieve(). + * @obj: The live kernel object returned by .preserve() or .retrieve(). + * @lock: A mutex that protects all fields within this structure, providi= ng + * the synchronization service for the FLB's ops. + */ +struct luo_flb_state { + long count; + u64 data; + void *obj; + struct mutex lock; +}; + +/* + * struct luo_flb_internal - Keep separate incoming and outgoing states. + * @outgoing: The runtime state for the pre-reboot (preserve/unpreserve) + * lifecycle. + * @incoming: The runtime state for the post-reboot (retrieve/finish) + * lifecycle. + */ +struct luo_flb_internal { + struct luo_flb_state outgoing; + struct luo_flb_state incoming; +}; + +static int luo_flb_file_preserve_one(struct liveupdate_flb *flb) +{ + struct luo_flb_internal *internal =3D flb->internal; + + scoped_guard(mutex, &internal->outgoing.lock) { + if (!internal->outgoing.count) { + struct liveupdate_flb_op_args args =3D {0}; + int err; + + args.flb =3D flb; + err =3D flb->ops->preserve(&args); + if (err) + return err; + internal->outgoing.data =3D args.data; + internal->outgoing.obj =3D args.obj; + } + internal->outgoing.count++; + } + + return 0; +} + +static void luo_flb_file_unpreserve_one(struct liveupdate_flb *flb) +{ + struct luo_flb_internal *internal =3D flb->internal; + + scoped_guard(mutex, &internal->outgoing.lock) { + internal->outgoing.count--; + if (!internal->outgoing.count) { + struct liveupdate_flb_op_args args =3D {0}; + + args.flb =3D flb; + args.data =3D internal->outgoing.data; + args.obj =3D internal->outgoing.obj; + + if (flb->ops->unpreserve) + flb->ops->unpreserve(&args); + + internal->outgoing.data =3D 0; + internal->outgoing.obj =3D NULL; + } + } +} + +static int luo_flb_retrieve_one(struct liveupdate_flb *flb) +{ + struct luo_flb_header *fh =3D &luo_flb_global.incoming; + struct luo_flb_internal *internal =3D flb->internal; + struct liveupdate_flb_op_args args =3D {0}; + bool found =3D false; + int err; + + guard(mutex)(&internal->incoming.lock); + + if (internal->incoming.obj) + return 0; + + if (!fh->active) + return -ENODATA; + + for (int i =3D 0; i < fh->header_ser->count; i++) { + if (!strcmp(fh->ser[i].name, flb->compatible)) { + internal->incoming.data =3D fh->ser[i].data; + internal->incoming.count =3D fh->ser[i].count; + found =3D true; + break; + } + } + + if (!found) + return -ENOENT; + + args.flb =3D flb; + args.data =3D internal->incoming.data; + + err =3D flb->ops->retrieve(&args); + if (err) + return err; + + internal->incoming.obj =3D args.obj; + + if (WARN_ON_ONCE(!internal->incoming.obj)) + return -EIO; + + return 0; +} + +static void luo_flb_file_finish_one(struct liveupdate_flb *flb) +{ + struct luo_flb_internal *internal =3D flb->internal; + u64 count; + + scoped_guard(mutex, &internal->incoming.lock) + count =3D --internal->incoming.count; + + if (!count) { + struct liveupdate_flb_op_args args =3D {0}; + + if (!internal->incoming.obj) { + int err =3D luo_flb_retrieve_one(flb); + + if (WARN_ON(err)) + return; + } + + scoped_guard(mutex, &internal->incoming.lock) { + args.flb =3D flb; + args.obj =3D internal->incoming.obj; + flb->ops->finish(&args); + + internal->incoming.data =3D 0; + internal->incoming.obj =3D NULL; + } + } +} + +/** + * luo_flb_file_preserve - Notifies FLBs that a file is about to be preser= ved. + * @h: The file handler for the preserved file. + * + * This function iterates through all FLBs associated with the given file + * handler. It increments the reference count for each FLB. If the count b= ecomes + * 1, it triggers the FLB's .preserve() callback to save the global state. + * + * This operation is atomic. If any FLB's .preserve() op fails, it will ro= ll + * back by calling .unpreserve() on any FLBs that were successfully preser= ved + * during this call. + * + * Context: Called from luo_preserve_file() + * Return: 0 on success, or a negative errno on failure. + */ +int luo_flb_file_preserve(struct liveupdate_file_handler *h) +{ + struct luo_flb_link *iter; + int err =3D 0; + + list_for_each_entry(iter, &h->flb_list, list) { + err =3D luo_flb_file_preserve_one(iter->flb); + if (err) + goto exit_err; + } + + return 0; + +exit_err: + list_for_each_entry_continue_reverse(iter, &h->flb_list, list) + luo_flb_file_unpreserve_one(iter->flb); + + return err; +} + +/** + * luo_flb_file_unpreserve - Notifies FLBs that a dependent file was unpre= served. + * @h: The file handler for the unpreserved file. + * + * This function iterates through all FLBs associated with the given file + * handler, in reverse order of registration. It decrements the reference = count + * for each FLB. If the count becomes 0, it triggers the FLB's .unpreserve= () + * callback to clean up the global state. + * + * Context: Called when a preserved file is being cleaned up before reboot + * (e.g., from luo_file_unpreserve_files()). + */ +void luo_flb_file_unpreserve(struct liveupdate_file_handler *h) +{ + struct luo_flb_link *iter; + + list_for_each_entry_reverse(iter, &h->flb_list, list) + luo_flb_file_unpreserve_one(iter->flb); +} + +/** + * luo_flb_file_finish - Notifies FLBs that a dependent file has been fini= shed. + * @h: The file handler for the finished file. + * + * This function iterates through all FLBs associated with the given file + * handler, in reverse order of registration. It decrements the incoming + * reference count for each FLB. If the count becomes 0, it triggers the F= LB's + * .finish() callback for final cleanup in the new kernel. + * + * Context: Called from luo_file_finish() for each file being finished. + */ +void luo_flb_file_finish(struct liveupdate_file_handler *h) +{ + struct luo_flb_link *iter; + + list_for_each_entry_reverse(iter, &h->flb_list, list) + luo_flb_file_finish_one(iter->flb); +} + +/** + * liveupdate_init_flb - Initializes a liveupdate FLB structure. + * @flb: The &struct liveupdate_flb to initialize. + * + * This function must be called to prepare an FLB structure before it can = be + * used with liveupdate_register_flb() or any other LUO functions. + * + * Context: Typically called once from a subsystem's module init function = for + * each global FLB object that the module defines. + * + * Return: 0 on success, or -ENOMEM if memory allocation fails, and -EOPNO= TSUPP + * when live update is disabled or not configured. + */ +int liveupdate_init_flb(struct liveupdate_flb *flb) +{ + struct luo_flb_internal *internal; + + if (!liveupdate_enabled()) + return -EOPNOTSUPP; + + internal =3D kzalloc(sizeof(*internal), GFP_KERNEL | __GFP_ZERO); + if (!internal) + return -ENOMEM; + + mutex_init(&internal->incoming.lock); + mutex_init(&internal->outgoing.lock); + + flb->internal =3D internal; + INIT_LIST_HEAD(&flb->list); + + return 0; +} + +/** + * liveupdate_register_flb - Associate an FLB with a file handler and regi= ster it globally. + * @h: The file handler that will now depend on the FLB. + * @flb: The File-Lifecycle-Bound object to associate. + * + * Establishes a dependency, informing the LUO core that whenever a file of + * type @h is preserved, the state of @flb must also be managed. + * + * On the first registration of a given @flb object, it is added to a glob= al + * registry. This function checks for duplicate registrations, both for a + * specific handler and globally, and ensures the total number of unique + * FLBs does not exceed the system limit. + * + * Context: Typically called from a subsystem's module init function after + * both the handler and the FLB have been defined and initialized. + * Return: 0 on success. Returns a negative errno on failure: + * -EINVAL if arguments are NULL or not initialized. + * -ENOMEM on memory allocation failure. + * -EEXIST if this FLB is already registered with this handler. + * -ENOSPC if the maximum number of global FLBs has been reached. + * -EOPNOTSUPP if live update is disabled or not configured. + */ +int liveupdate_register_flb(struct liveupdate_file_handler *h, + struct liveupdate_flb *flb) +{ + struct luo_flb_internal *internal =3D flb->internal; + struct luo_flb_link *link __free(kfree) =3D NULL; + static DEFINE_MUTEX(register_flb_lock); + struct liveupdate_flb *gflb; + struct luo_flb_link *iter; + + if (!liveupdate_enabled()) + return -EOPNOTSUPP; + + if (WARN_ON(!h || !flb || !internal)) + return -EINVAL; + + if (WARN_ON(!flb->ops->preserve || !flb->ops->unpreserve || + !flb->ops->retrieve || !flb->ops->finish)) { + return -EINVAL; + } + + /* + * Once session/files have been deserialized, FLBs cannot be registered, + * it is too late. Deserialization uses file handlers, and FLB registers + * to file handlers. + */ + if (WARN_ON(luo_session_is_deserialized())) + return -EBUSY; + + /* + * File handler must already be registered, as it is initializes the + * flb_list + */ + if (WARN_ON(list_empty(&h->list))) + return -EINVAL; + + link =3D kzalloc(sizeof(*link), GFP_KERNEL); + if (!link) + return -ENOMEM; + + guard(mutex)(®ister_flb_lock); + + /* Check that this FLB is not already linked to this file handler */ + list_for_each_entry(iter, &h->flb_list, list) { + if (iter->flb =3D=3D flb) + return -EEXIST; + } + + /* Is this FLB linked to global list ? */ + if (list_empty(&flb->list)) { + if (luo_flb_global.count =3D=3D LUO_FLB_MAX) + return -ENOSPC; + + /* Check that compatible string is unique in global list */ + list_for_each_entry(gflb, &luo_flb_global.list, list) { + if (!strcmp(gflb->compatible, flb->compatible)) + return -EEXIST; + } + + if (!try_module_get(flb->ops->owner)) + return -EAGAIN; + + list_add_tail(&flb->list, &luo_flb_global.list); + luo_flb_global.count++; + } + + /* Finally, link the FLB to the file handler */ + link->flb =3D flb; + list_add_tail(&no_free_ptr(link)->list, &h->flb_list); + + return 0; +} + +/** + * liveupdate_flb_incoming_locked - Lock and retrieve the incoming FLB obj= ect. + * @flb: The FLB definition. + * @objp: Output parameter; will be populated with the live shared object. + * + * Acquires the FLB's internal lock and returns a pointer to its shared li= ve + * object for the incoming (post-reboot) path. + * + * If this is the first time the object is requested in the new kernel, th= is + * function will trigger the FLB's .retrieve() callback to reconstruct the + * object from its preserved state. Subsequent calls will return the same + * cached object. + * + * The caller MUST call liveupdate_flb_incoming_unlock() to release the lo= ck. + * + * Return: 0 on success, or a negative errno on failure. -ENODATA means no + * incoming FLB data, -ENOENT means specific flb not found in the incoming + * data, and -EOPNOTSUPP when live update is disabled or not configured. + */ +int liveupdate_flb_incoming_locked(struct liveupdate_flb *flb, void **objp) +{ + struct luo_flb_internal *internal =3D flb->internal; + + if (!liveupdate_enabled()) + return -EOPNOTSUPP; + + if (WARN_ON(!internal)) + return -EINVAL; + + if (!internal->incoming.obj) { + int err =3D luo_flb_retrieve_one(flb); + + if (err) + return err; + } + + mutex_lock(&internal->incoming.lock); + *objp =3D internal->incoming.obj; + + return 0; +} + +/** + * liveupdate_flb_incoming_unlock - Unlock an incoming FLB object. + * @flb: The FLB definition. + * @obj: The object that was returned by the _locked call (used for valida= tion). + * + * Releases the internal lock acquired by liveupdate_flb_incoming_locked(). + */ +void liveupdate_flb_incoming_unlock(struct liveupdate_flb *flb, void *obj) +{ + struct luo_flb_internal *internal =3D flb->internal; + + lockdep_assert_held(&internal->incoming.lock); + internal->incoming.obj =3D obj; + mutex_unlock(&internal->incoming.lock); +} + +/** + * liveupdate_flb_outgoing_locked - Lock and retrieve the outgoing FLB obj= ect. + * @flb: The FLB definition. + * @objp: Output parameter; will be populated with the live shared object. + * + * Acquires the FLB's internal lock and returns a pointer to its shared li= ve + * object for the outgoing (pre-reboot) path. + * + * This function assumes the object has already been created by the FLB's + * .preserve() callback, which is triggered when the first dependent file + * is preserved. + * + * The caller MUST call liveupdate_flb_outgoing_unlock() to release the lo= ck. + * + * Return: 0 on success, or a negative errno on failure. + */ +int liveupdate_flb_outgoing_locked(struct liveupdate_flb *flb, void **objp) +{ + struct luo_flb_internal *internal =3D flb->internal; + + if (!liveupdate_enabled()) + return -EOPNOTSUPP; + + if (WARN_ON(!internal)) + return -EINVAL; + + mutex_lock(&internal->outgoing.lock); + + /* The object must exist if any file is being preserved */ + if (WARN_ON_ONCE(!internal->outgoing.obj)) { + mutex_unlock(&internal->outgoing.lock); + return -ENOENT; + } + + *objp =3D internal->outgoing.obj; + + return 0; +} + +/** + * liveupdate_flb_outgoing_unlock - Unlock an outgoing FLB object. + * @flb: The FLB definition. + * @obj: The object that was returned by the _locked call (used for valida= tion). + * + * Releases the internal lock acquired by liveupdate_flb_outgoing_locked(). + */ +void liveupdate_flb_outgoing_unlock(struct liveupdate_flb *flb, void *obj) +{ + struct luo_flb_internal *internal =3D flb->internal; + + lockdep_assert_held(&internal->outgoing.lock); + internal->outgoing.obj =3D obj; + mutex_unlock(&internal->outgoing.lock); +} + +int __init luo_flb_setup_outgoing(void *fdt_out) +{ + struct luo_flb_header_ser *header_ser; + u64 header_ser_pa; + int err; + + header_ser =3D kho_alloc_preserve(LUO_FLB_PGCNT << PAGE_SHIFT); + if (IS_ERR(header_ser)) + return PTR_ERR(header_ser); + + header_ser_pa =3D virt_to_phys(header_ser); + + err =3D fdt_begin_node(fdt_out, LUO_FDT_FLB_NODE_NAME); + err |=3D fdt_property_string(fdt_out, "compatible", + LUO_FDT_FLB_COMPATIBLE); + err |=3D fdt_property(fdt_out, LUO_FDT_FLB_HEADER, &header_ser_pa, + sizeof(header_ser_pa)); + err |=3D fdt_end_node(fdt_out); + + if (err) + goto err_unpreserve; + + header_ser->pgcnt =3D LUO_FLB_PGCNT; + luo_flb_global.outgoing.header_ser =3D header_ser; + luo_flb_global.outgoing.ser =3D (void *)(header_ser + 1); + luo_flb_global.outgoing.active =3D true; + + return 0; + +err_unpreserve: + kho_unpreserve_free(header_ser); + + return err; +} + +int __init luo_flb_setup_incoming(void *fdt_in) +{ + struct luo_flb_header_ser *header_ser; + int err, header_size, offset; + const void *ptr; + u64 header_ser_pa; + + offset =3D fdt_subnode_offset(fdt_in, 0, LUO_FDT_FLB_NODE_NAME); + if (offset < 0) { + pr_err("Unable to get FLB node [%s]\n", LUO_FDT_FLB_NODE_NAME); + + return -ENOENT; + } + + err =3D fdt_node_check_compatible(fdt_in, offset, + LUO_FDT_FLB_COMPATIBLE); + if (err) { + pr_err("FLB node is incompatible with '%s' [%d]\n", + LUO_FDT_FLB_COMPATIBLE, err); + + return -EINVAL; + } + + header_size =3D 0; + ptr =3D fdt_getprop(fdt_in, offset, LUO_FDT_FLB_HEADER, &header_size); + if (!ptr || header_size !=3D sizeof(u64)) { + pr_err("Unable to get FLB header property '%s' [%d]\n", + LUO_FDT_FLB_HEADER, header_size); + + return -EINVAL; + } + + header_ser_pa =3D get_unaligned((u64 *)ptr); + header_ser =3D phys_to_virt(header_ser_pa); + + luo_flb_global.incoming.header_ser =3D header_ser; + luo_flb_global.incoming.ser =3D (void *)(header_ser + 1); + luo_flb_global.incoming.active =3D true; + + return 0; +} + +/** + * luo_flb_serialize - Serializes all active FLB objects for KHO. + * + * This function is called from the reboot path. It iterates through all + * registered File-Lifecycle-Bound (FLB) objects. For each FLB that has be= en + * preserved (i.e., its reference count is greater than zero), it writes i= ts + * metadata into the memory region designated for Kexec Handover. + * + * The serialized data includes the FLB's compatibility string, its opaque + * data handle, and the final reference count. This allows the new kernel = to + * find the appropriate handler and reconstruct the FLB's state. + * + * Context: Called from liveupdate_reboot() just before kho_finalize(). + */ +void luo_flb_serialize(void) +{ + struct luo_flb_header *fh =3D &luo_flb_global.outgoing; + struct liveupdate_flb *flb; + int i =3D 0; + + list_for_each_entry(flb, &luo_flb_global.list, list) { + struct luo_flb_internal *internal =3D flb->internal; + + if (internal->outgoing.count > 0) { + strscpy(fh->ser[i].name, flb->compatible, + sizeof(fh->ser[i].name)); + fh->ser[i].data =3D internal->outgoing.data; + fh->ser[i].count =3D internal->outgoing.count; + i++; + } + } + + fh->header_ser->count =3D i; +} diff --git a/kernel/liveupdate/luo_internal.h b/kernel/liveupdate/luo_inter= nal.h index 1a36f2383123..389fb102775f 100644 --- a/kernel/liveupdate/luo_internal.h +++ b/kernel/liveupdate/luo_internal.h @@ -79,4 +79,11 @@ int luo_retrieve_file(struct luo_session *session, u64 t= oken, int luo_file_finish(struct luo_session *session); int luo_file_deserialize(struct luo_session *session); =20 +int luo_flb_file_preserve(struct liveupdate_file_handler *h); +void luo_flb_file_unpreserve(struct liveupdate_file_handler *h); +void luo_flb_file_finish(struct liveupdate_file_handler *h); +int __init luo_flb_setup_outgoing(void *fdt); +int __init luo_flb_setup_incoming(void *fdt); +void luo_flb_serialize(void); + #endif /* _LINUX_LUO_INTERNAL_H */ --=20 2.52.0.rc1.455.g30608eb744-goog From nobody Mon Feb 9 04:30:58 2026 Received: from mail-yw1-f177.google.com (mail-yw1-f177.google.com [209.85.128.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6FA7127815E for ; Sat, 15 Nov 2025 23:34:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.177 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763249681; cv=none; b=Y4h70p2M3dJ8AIKAG5oMCj3T8+kklW194lqKg1+qXTBlhswvoObcBuNi0gAMU78IdiTfCLLTX1PhUF4qx2hWZvHZSvRNblfSWEPDpGJZwiLqXEHLRXn8TaBL9JHGM64BiLXD5y0pijF7VlLuMJSeMqO6XmKOZvnsJaggqw5dF98= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763249681; c=relaxed/simple; bh=2mrQ965aNOyL25lReCyXI/DAGszixk+DgWv0xAAZqf8=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=uz7p7kYhDyVltwWVJObveFbgyM+XaYNDLOM0EHhmq9W9zMBZGt4PuQZNhiLtqPighmIJVIpPI9V4KG9DWYZlNS8vDiVZZSX5dKc40C9YCDgk39OpK8F7l7al/yvQshzoTx00a1Sv733B7ozFsXqhn1OQN7cP2Add9bYNxH0YrIg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=soleen.com; spf=pass smtp.mailfrom=soleen.com; dkim=pass (2048-bit key) header.d=soleen.com header.i=@soleen.com header.b=ifdsKQen; arc=none smtp.client-ip=209.85.128.177 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=soleen.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=soleen.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=soleen.com header.i=@soleen.com header.b="ifdsKQen" Received: by mail-yw1-f177.google.com with SMTP id 00721157ae682-787be077127so31410567b3.2 for ; Sat, 15 Nov 2025 15:34:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=soleen.com; s=google; t=1763249677; x=1763854477; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=tXGZnSu70DIN08Y0wZgdajU/gnoj90NX2WHdQr/BE9Y=; b=ifdsKQenuCkFbYlErcumtEHB7MCaBK+jrTWYSop+MA1bI9SXOMY9vZuXKirW4wWNSM Qe7ELLdfAe9e62omxkkDndWMjc2hTk2yQ8p5UbnwTmcZ+97CLWVji40SlMxMe3Sdjn7x H4dXBI7ES+KA+cY1Rp0ljwSSR0hkcDu0lmPpj9/GGCrEGA62q+4vJQhFLAuCV52yUlgy RQFrRPgGqJ/wLXwrMcuu4yRAdIFkoV+CQN6mcFASWo9Ua6ra8c4Yl4zRFY/rj1AoRApX euVsoZ+2lZ6wekiH4l49wQ7bW44FvQGuuCF06Ublhl5Jg2DQVGEeW9/V92RV7eE5Zsjk Aanw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763249677; x=1763854477; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=tXGZnSu70DIN08Y0wZgdajU/gnoj90NX2WHdQr/BE9Y=; b=vi+6aCpIyfJdo4OYiYstJwzIbL6ID34J8cYe+weVIaKYfR6EjLOvYIBX+GklRIa3lR Sp59h0YfXk451cZCaX9OaRuoxSsBvR/B41LHR/N/B6Pu3d5FO2z4JPirsKM/KwLk34S0 2UHhWlT3ab1lZ1iUfGvS354uQf0wSVbEj/64X50dTb3DaUez8aU6CcwcUadAaMmcWQIg pqehnltFGwhFrePUvWZf5xLkoCQ+A3DlUb5HPh5lel0Aaj2Y/GJyL9DKDbSlDHHeEq2y coU5n1QOyDNb3dcZymBtFCWPn57rjmg+L6lzPWhJemL9Y7+/LzzEMaVE5x+mDfWLgShE B0fQ== X-Forwarded-Encrypted: i=1; AJvYcCVWq5Anp+ZsmZsgGUDmir66PZip1sMhlP+Yjkjc+Mr5gFvu53iWbr3qvRSn3XAkH/IpXeDM/bhNaIdts5c=@vger.kernel.org X-Gm-Message-State: AOJu0YynMB3zXpVE6GKO2DWKPWQRPUeZAM0R675h3tpFDfqIIe88fJ78 yrdackBEmylCvaVQXS0kLnkHrMsWQQLT7xEgj768UboSZN2XIIhD2t/ExYf3Lf8QvQk= X-Gm-Gg: ASbGncuGUz5VjGI2n6tU259DT+7S7OUQE1C992LgEptJcy/e67Mvnj9jLykXsWY7GAA tMuRch97idqTiTOTiA/xkD9Qo55nO1fQ5ci9JUfTywz3EUsMx64s/LA4LMFQv5pvWVk8oP9Gdyl v+pCFY3NyuG2nF/tWRD3JFNoSuwRbiWUy1mUMpWUcsprg/TXoSQ/9lDdY1dRPMYrr1cECArfZGQ EpbsPl4W9qHt5lI9q5TcI0Xx2qt7aJta5ysZQO50o5h7VD4jNtdrvnNzkl+P7q9GBYsCFLaCiC3 MAzp0QkJRwcRFRvbh1ZFzR853wbdeQM8L5UHGH5iHoiDYzOGoQCpFN52iDF+/6YQRDEk0fY7lcp hN44WQIVARhFxmtRr8fKOYv3Q9fsC+MZs7Lr4uDFL2HenZdEw6B6hJOdPEhUhTNvUohYWC4YGUy SLtzUj33R3CyOf+UJGLRi0mIZf8n/FvpfiqPk7mjPQEZz0I3FRctpovrqSZMYN3kZch8Xq X-Google-Smtp-Source: AGHT+IEr4ZSX5F0ShTJnhoCAiRSreIR9tV+TAE+bMcxkAeUYbXHH2oKIfnq7gg9dS89JT0P8DLy0LQ== X-Received: by 2002:a05:690c:9304:b0:784:8286:fde3 with SMTP id 00721157ae682-78929ee3a37mr62160337b3.42.1763249677538; Sat, 15 Nov 2025 15:34:37 -0800 (PST) Received: from soleen.c.googlers.com.com (182.221.85.34.bc.googleusercontent.com. [34.85.221.182]) by smtp.gmail.com with ESMTPSA id 00721157ae682-7882218774esm28462007b3.57.2025.11.15.15.34.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 15 Nov 2025 15:34:37 -0800 (PST) From: Pasha Tatashin To: pratyush@kernel.org, jasonmiu@google.com, graf@amazon.com, pasha.tatashin@soleen.com, rppt@kernel.org, dmatlack@google.com, rientjes@google.com, corbet@lwn.net, rdunlap@infradead.org, ilpo.jarvinen@linux.intel.com, kanie@linux.alibaba.com, ojeda@kernel.org, aliceryhl@google.com, masahiroy@kernel.org, akpm@linux-foundation.org, tj@kernel.org, yoann.congal@smile.fr, mmaurer@google.com, roman.gushchin@linux.dev, chenridong@huawei.com, axboe@kernel.dk, mark.rutland@arm.com, jannh@google.com, vincent.guittot@linaro.org, hannes@cmpxchg.org, dan.j.williams@intel.com, david@redhat.com, joel.granados@kernel.org, rostedt@goodmis.org, anna.schumaker@oracle.com, song@kernel.org, linux@weissschuh.net, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, gregkh@linuxfoundation.org, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, rafael@kernel.org, dakr@kernel.org, bartosz.golaszewski@linaro.org, cw00.choi@samsung.com, myungjoo.ham@samsung.com, yesanishhere@gmail.com, Jonathan.Cameron@huawei.com, quic_zijuhu@quicinc.com, aleksander.lobakin@intel.com, ira.weiny@intel.com, andriy.shevchenko@linux.intel.com, leon@kernel.org, lukas@wunner.de, bhelgaas@google.com, wagi@kernel.org, djeffery@redhat.com, stuart.w.hayes@gmail.com, ptyadav@amazon.de, lennart@poettering.net, brauner@kernel.org, linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org, saeedm@nvidia.com, ajayachandra@nvidia.com, jgg@nvidia.com, parav@nvidia.com, leonro@nvidia.com, witu@nvidia.com, hughd@google.com, skhawaja@google.com, chrisl@kernel.org Subject: [PATCH v6 09/20] docs: add luo documentation Date: Sat, 15 Nov 2025 18:33:55 -0500 Message-ID: <20251115233409.768044-10-pasha.tatashin@soleen.com> X-Mailer: git-send-email 2.52.0.rc1.455.g30608eb744-goog In-Reply-To: <20251115233409.768044-1-pasha.tatashin@soleen.com> References: <20251115233409.768044-1-pasha.tatashin@soleen.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add the documentation files for the Live Update Orchestrator Signed-off-by: Pasha Tatashin --- Documentation/core-api/index.rst | 1 + Documentation/core-api/liveupdate.rst | 64 ++++++++++++++++++++++ Documentation/userspace-api/index.rst | 1 + Documentation/userspace-api/liveupdate.rst | 20 +++++++ 4 files changed, 86 insertions(+) create mode 100644 Documentation/core-api/liveupdate.rst create mode 100644 Documentation/userspace-api/liveupdate.rst diff --git a/Documentation/core-api/index.rst b/Documentation/core-api/inde= x.rst index 6cbdcbfa79c3..5eb0fbbbc323 100644 --- a/Documentation/core-api/index.rst +++ b/Documentation/core-api/index.rst @@ -138,6 +138,7 @@ Documents that don't fit elsewhere or which have yet to= be categorized. :maxdepth: 1 =20 librs + liveupdate netlink =20 .. only:: subproject and html diff --git a/Documentation/core-api/liveupdate.rst b/Documentation/core-api= /liveupdate.rst new file mode 100644 index 000000000000..deacc098d024 --- /dev/null +++ b/Documentation/core-api/liveupdate.rst @@ -0,0 +1,64 @@ +.. SPDX-License-Identifier: GPL-2.0 + +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +Live Update Orchestrator +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +:Author: Pasha Tatashin + +.. kernel-doc:: kernel/liveupdate/luo_core.c + :doc: Live Update Orchestrator (LUO) + +LUO Sessions +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +.. kernel-doc:: kernel/liveupdate/luo_session.c + :doc: LUO Sessions + +LUO Preserving File Descriptors +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D +.. kernel-doc:: kernel/liveupdate/luo_file.c + :doc: LUO File Descriptors + +LUO File Lifecycle Bound Global Data +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +.. kernel-doc:: kernel/liveupdate/luo_flb.c + :doc: LUO File Lifecycle Bound Global Data + +Live Update Orchestrator ABI +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D +.. kernel-doc:: include/linux/liveupdate/abi/luo.h + :doc: Live Update Orchestrator ABI + +Public API +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +.. kernel-doc:: include/linux/liveupdate.h + +.. kernel-doc:: include/linux/liveupdate/abi/luo.h + +.. kernel-doc:: kernel/liveupdate/luo_core.c + :export: + +.. kernel-doc:: kernel/liveupdate/luo_flb.c + :export: + +.. kernel-doc:: kernel/liveupdate/luo_file.c + :export: + +Internal API +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +.. kernel-doc:: kernel/liveupdate/luo_core.c + :internal: + +.. kernel-doc:: kernel/liveupdate/luo_flb.c + :internal: + +.. kernel-doc:: kernel/liveupdate/luo_session.c + :internal: + +.. kernel-doc:: kernel/liveupdate/luo_file.c + :internal: + +See Also +=3D=3D=3D=3D=3D=3D=3D=3D + +- :doc:`Live Update uAPI ` +- :doc:`/core-api/kho/concepts` diff --git a/Documentation/userspace-api/index.rst b/Documentation/userspac= e-api/index.rst index b8c73be4fb11..8a61ac4c1bf1 100644 --- a/Documentation/userspace-api/index.rst +++ b/Documentation/userspace-api/index.rst @@ -61,6 +61,7 @@ Everything else :maxdepth: 1 =20 ELF + liveupdate netlink/index sysfs-platform_profile vduse diff --git a/Documentation/userspace-api/liveupdate.rst b/Documentation/use= rspace-api/liveupdate.rst new file mode 100644 index 000000000000..04210a6cf6d6 --- /dev/null +++ b/Documentation/userspace-api/liveupdate.rst @@ -0,0 +1,20 @@ +.. SPDX-License-Identifier: GPL-2.0 + +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +Live Update uAPI +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +:Author: Pasha Tatashin + +ioctl interface +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +.. kernel-doc:: kernel/liveupdate/luo_ioctl.c + :doc: LUO ioctl Interface + +ioctl uAPI +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +.. kernel-doc:: include/uapi/linux/liveupdate.h + +See Also +=3D=3D=3D=3D=3D=3D=3D=3D + +- :doc:`Live Update Orchestrator ` --=20 2.52.0.rc1.455.g30608eb744-goog From nobody Mon Feb 9 04:30:58 2026 Received: from mail-yw1-f170.google.com (mail-yw1-f170.google.com [209.85.128.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 98849285C84 for ; Sat, 15 Nov 2025 23:34:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.170 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763249683; cv=none; b=BMLUiMvH3rHOijRVlKZXZsGg8X2zjWt67X1dbJRRXTcUGkxfPRwurX6ML0RjhrbbU9UhFe0Lo0hS7t0LFA12LAKlCIOkkOxJKalJ86Lt1bXukkXMhQiYu12/60SO5A1yK2QzHQWp/oW3P5rTjGvWxAYoul9s2k8FN3XPOqAN9LQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763249683; c=relaxed/simple; bh=BcQ/q/HLfjUC/A/ryQjCYpP7otXrO8RSxRHDXnqgx54=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=mjrh9PJMiXjQ7+4BE/3NU/VhaOId+GH9q6ibmGbW6vsZc+ud7Ccz5CioUtauzM9BtqeQ04nFHLy4mv+7KptpB85mUXbeyfOmd4uEuaH3U2vaAnhHNzzsv2Hm6GfpFq7mOJUYI/8Y/tDbQ0Ze+rx4yFb4eAgjgtfgQBfYArd/faE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=soleen.com; spf=pass smtp.mailfrom=soleen.com; dkim=pass (2048-bit key) header.d=soleen.com header.i=@soleen.com header.b=DJ/Bocdf; arc=none smtp.client-ip=209.85.128.170 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=soleen.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=soleen.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=soleen.com header.i=@soleen.com header.b="DJ/Bocdf" Received: by mail-yw1-f170.google.com with SMTP id 00721157ae682-7866aca9ff4so31462437b3.3 for ; Sat, 15 Nov 2025 15:34:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=soleen.com; s=google; t=1763249679; x=1763854479; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=eMpZqjn+eetCXAXNQY+bjgKy9hWait8fsWMBfgLawx8=; b=DJ/BocdfPWOR4Bxk7q936aHJKqMhTobW1Pm8UA46plJ0JXAJyLM1vn+tri2NewiTgN FEsiCkJNq5hB+1e1+ARINqp6E5rNq2nNGb2OlWWEUJc7c6TtLz63MEw5kV0bTrsK7akj RskPchmn5z/wk9O8o7LdX62v+GA5DF3aNGsmeuKxCUgYUNXeA6a5sO4s+qjb9nPs6PLE dpt7yllYlT4mMYFRco89JhXp2Raz+CyWEoeASCdxuXIZzguneWTiFKl82du9uvjOLauL Wa27hHoPt5X7yXg6GA9ix/zVcaDDEfyiNKVdOdnAlA6g5vYrm3+ej609WTgQkQO/RDJh kZzg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763249679; x=1763854479; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=eMpZqjn+eetCXAXNQY+bjgKy9hWait8fsWMBfgLawx8=; b=t8WM5/HOg3g+8l8NbQWwRhyDYH3PnR0R3/EQnj6e6TIs7HYvmTOO+TtUN/0Ba/vHtu satxA5fHJmN3X/R0MM+UYn7GNp1ddSMbUq9lJn2nX1idAJdmGboiCGGAR1NI1XlaqoNG 2gvt96qT6CtCFkma4Xsc3k+q8i9ikZeY4W8htucSJPbA4eqyq+Xu+dyjOHpTuffheAi/ OP0sSwiMWAE0ykg5hYFmKDMxoFEuNES50LtevjHmKLprYOSad1aHD+MQPWv6VIxuPqb2 EtEZd/25ZO4u11xQmO77brxueVSgLvV3cRC2JDtRui1NrojFhAL+elPXSnd8U8wx1d/0 ldDg== X-Forwarded-Encrypted: i=1; AJvYcCWr82FxTsgB7OWUVd52ATWvzHe+2RMEoA50Lj4Isvb7tgtKrDo2ybNt9zF8zXS+fkFbCyzS7o0ZBzWybhc=@vger.kernel.org X-Gm-Message-State: AOJu0Yyz2ZW1ziGhr7OI0JhWGoIndDp9f/GI0wiaQekHaI1PvG4mwmTs GJf1fYWZQP444uBumBvHg0JK7iV/VJ0eFfv4dABD7m+vbpeftifWt5i+nfL1kVFZnAI= X-Gm-Gg: ASbGncsPJHszo3OO4apgDz+Na5rGpMEA4dG1zu+gop8BERflJcPUIqNO2JFP5w9NK+e 9Pmn3zW0UmpuWlhagj41jHyow73l2PFsvmvnLsMpoiEx8GxAZFJw7tIeL2qiUtwIhBZzpRyUgkR 6tdLO/l1oWHmrH6ccFZyUQd7YX0U7mbrgHQP1NXzFLQpAJzQcqRo2J4xfBKDMX2VCI03TnrmQ0n zu7XvNQYcZnBn99hTlaiLiVHR88Uam/uupe+Jh25ViAMK8Y1U6tNz8vG1XXDq1t7OSlv8jJCegG xhWxoX0iQIWv2WTcjyvyeRNUTqfH/EWb2uV5Yl1dITyEKZ3SS3i6MH29Vfpkkwt1M++nbNW6+BG C3eeSqKudH3s6PnEV/iigadTSwrsQTgaOtAbhIIEuqt0d/gq13L33FdIOwIUnQD4/HHNf/rnLoV sJaBv5CrxOYf7/if1/eOEzGY/bntEG6tmPozMHASd8stJ8Yna8n22CI01elgfozIZrgpA6 X-Google-Smtp-Source: AGHT+IFpvmU4rwVaUle/Xd4qMbKiIN+TYBpeyYU/cujp1isseucHsBaZ4L2SnGIl5nDP3gsBZTrPxA== X-Received: by 2002:a05:690c:64c4:b0:788:1cde:cabb with SMTP id 00721157ae682-78929e2fd13mr69921557b3.20.1763249679369; Sat, 15 Nov 2025 15:34:39 -0800 (PST) Received: from soleen.c.googlers.com.com (182.221.85.34.bc.googleusercontent.com. [34.85.221.182]) by smtp.gmail.com with ESMTPSA id 00721157ae682-7882218774esm28462007b3.57.2025.11.15.15.34.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 15 Nov 2025 15:34:39 -0800 (PST) From: Pasha Tatashin To: pratyush@kernel.org, jasonmiu@google.com, graf@amazon.com, pasha.tatashin@soleen.com, rppt@kernel.org, dmatlack@google.com, rientjes@google.com, corbet@lwn.net, rdunlap@infradead.org, ilpo.jarvinen@linux.intel.com, kanie@linux.alibaba.com, ojeda@kernel.org, aliceryhl@google.com, masahiroy@kernel.org, akpm@linux-foundation.org, tj@kernel.org, yoann.congal@smile.fr, mmaurer@google.com, roman.gushchin@linux.dev, chenridong@huawei.com, axboe@kernel.dk, mark.rutland@arm.com, jannh@google.com, vincent.guittot@linaro.org, hannes@cmpxchg.org, dan.j.williams@intel.com, david@redhat.com, joel.granados@kernel.org, rostedt@goodmis.org, anna.schumaker@oracle.com, song@kernel.org, linux@weissschuh.net, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, gregkh@linuxfoundation.org, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, rafael@kernel.org, dakr@kernel.org, bartosz.golaszewski@linaro.org, cw00.choi@samsung.com, myungjoo.ham@samsung.com, yesanishhere@gmail.com, Jonathan.Cameron@huawei.com, quic_zijuhu@quicinc.com, aleksander.lobakin@intel.com, ira.weiny@intel.com, andriy.shevchenko@linux.intel.com, leon@kernel.org, lukas@wunner.de, bhelgaas@google.com, wagi@kernel.org, djeffery@redhat.com, stuart.w.hayes@gmail.com, ptyadav@amazon.de, lennart@poettering.net, brauner@kernel.org, linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org, saeedm@nvidia.com, ajayachandra@nvidia.com, jgg@nvidia.com, parav@nvidia.com, leonro@nvidia.com, witu@nvidia.com, hughd@google.com, skhawaja@google.com, chrisl@kernel.org Subject: [PATCH v6 10/20] MAINTAINERS: add liveupdate entry Date: Sat, 15 Nov 2025 18:33:56 -0500 Message-ID: <20251115233409.768044-11-pasha.tatashin@soleen.com> X-Mailer: git-send-email 2.52.0.rc1.455.g30608eb744-goog In-Reply-To: <20251115233409.768044-1-pasha.tatashin@soleen.com> References: <20251115233409.768044-1-pasha.tatashin@soleen.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add a MAINTAINERS file entry for the new Live Update Orchestrator introduced in previous patches. Signed-off-by: Pasha Tatashin --- MAINTAINERS | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/MAINTAINERS b/MAINTAINERS index 500789529359..bc9f5c6f0e80 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -14464,6 +14464,17 @@ F: kernel/module/livepatch.c F: samples/livepatch/ F: tools/testing/selftests/livepatch/ =20 +LIVE UPDATE +M: Pasha Tatashin +L: linux-kernel@vger.kernel.org +S: Maintained +F: Documentation/core-api/liveupdate.rst +F: Documentation/userspace-api/liveupdate.rst +F: include/linux/liveupdate.h +F: include/linux/liveupdate/ +F: include/uapi/linux/liveupdate.h +F: kernel/liveupdate/ + LLC (802.2) L: netdev@vger.kernel.org S: Odd fixes --=20 2.52.0.rc1.455.g30608eb744-goog From nobody Mon Feb 9 04:30:58 2026 Received: from mail-yx1-f48.google.com (mail-yx1-f48.google.com [74.125.224.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5B1DD283151 for ; Sat, 15 Nov 2025 23:34:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.224.48 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763249685; cv=none; b=kA7mI1B6RWuLfXxVYpQj4twT7uWnZnu9E2T724WTZlQMAZZHsCEUZhynPDx1YcHVt4A/Kpty0W4nl1yPiua6leIZFN/Gnx3Zq7tQ8RDWusSczMpfJMtk1Q3XQ5IB5nR36l00TNFJlbExRp0+XZCBQ4NdDvEw0htfaEqpHc30rgA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763249685; c=relaxed/simple; bh=j8iAbugWey2UNmiVotvEh8rhktrFPtv6x1dIdrnGvQI=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Z2mTAglxXNWMkaDuO+znw0Eh9kkh923GprlLmrcffpJZSB8R0ancHhC6JQffan9cmQhY6mPzXQioShkPiHI9JvqGO07qNRNfMu//XxjVhO2HIHRsZSq98eJIOQ8nBHN/qzBB79vmClJX4PQKMZO6KWvZO1xp+7yEy2HPrdUxw2w= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=soleen.com; spf=pass smtp.mailfrom=soleen.com; dkim=pass (2048-bit key) header.d=soleen.com header.i=@soleen.com header.b=PfSkJJyC; arc=none smtp.client-ip=74.125.224.48 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=soleen.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=soleen.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=soleen.com header.i=@soleen.com header.b="PfSkJJyC" Received: by mail-yx1-f48.google.com with SMTP id 956f58d0204a3-63f74b43db8so2959881d50.3 for ; Sat, 15 Nov 2025 15:34:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=soleen.com; s=google; t=1763249681; x=1763854481; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=jQfGBV3CSsV2YD3qXZ/zQArJZQqVNJTRetihMrpqxA8=; b=PfSkJJyCMpgnIl90+mD4E1X4mCWDkDBNEgaPeGDFX+288sJ8iPnOw9uOv82vCc1apf IwDcI0bGopOdDzgWiKsSwdRK579BVKlVAw/v26FWDqYJDIaBuXKJPYF5zNF7WmL7Nejh eEQvZRqQp3Gw6uC7UAnZSoLRPI48XPu0loKxw6HF1/fTRE0Nk2olp/hQsmak0k5+tA8k XJK+AzJM1r3Oxse3Sr4VREOZrHQSlLidtDm7t9kHsIAhMUWwSYjzRIOowQ8mKRxLMi7r rayT9nLWUueGdP5JAs4XLB9QyH47VjMUTm+SsOJEf3KE0OdK1e3LbIInKFlTxzvXhLGo 6sIw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763249681; x=1763854481; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=jQfGBV3CSsV2YD3qXZ/zQArJZQqVNJTRetihMrpqxA8=; b=OFmGTX5pB3JWcZCfvenjNIqqmhzCM3Xxig7aQlBt6AaqocyD/VCD91qyG5hPBok/ZN wupzvpqWU8rI07tiZpq0KF4fw/L8agLb8T/RJmPixxnnlPy1PTcGq5DvGMMaH+S1R+/N 8/3kswxrZDSSzn9v9n3+XhSbjBC/V4cm9LFaO5fjD+72guI6ybIBbMFUO3bP7P1oOwOB nzS8q4GCxd+yH2k07T29PHVJZMlUfrbfHnaAelpdZ2jTLgG1VQq/3tpCTOI+5/7rtzrb AWR+ideK1C0wjiYMo8onhrtflG95lWl4UGFoHcQxcZMOMX47IxZwMTIyFDGzD/RgHSj8 FzOg== X-Forwarded-Encrypted: i=1; AJvYcCXP0zdPN/SUc+EiNKYCbU2Asy1BLOTZ18Vrcy6/1aMSXWzgV4jNeTVUYm+1NRNsHnYtTQQmZtEVliOoUyg=@vger.kernel.org X-Gm-Message-State: AOJu0Yx02gMBUvHTzGPhUEgbmUvMcB1U2yGFIwuqtvv2kNsZtz9z0aKS 2hTsgTzBOkP6cPK4S54z7+jfZbjsaAxDYqT9d7RpCbkdlZP1jBRnY7vlJ7biM6PfI/8= X-Gm-Gg: ASbGncuRv5eLWcQap2QnSI8NPwMZ0tKsDV8fIlxtejCM8UyBaqkZfqvVUK22KtT+mAq tiULnPVrxCu3sQLpLvQ2O4uw2D+DNj7ZsijtZ8aILtszXeP2HLbOWald6MtldJi+VdbkQygY2D1 o4kxU4HzixBTBOcqWKckNpOXaAlibVkgoFVmPA+TQJ2GD/RQRxisfhpzd05DRI/HTqyZHlzP3Iw lF0ISNNXD2jJpbBJCsntEqlf2AQc4yXIC/ouZyVBaYPf5+0TiQHbq2KfoX/rueoMT/6f3Kdzvll LgbvW9efHOusyHQ84grkU4NOQBn2RLUm9mzjnBrLRDZOzooLXHB2/7SGi9UEvWPkzH0Wt86h+ja pJ7vo/jRyI5h5eiE6tMqQy8zQF9HZhneiaMnIT9/Q9V7N5T1CySW+V4u97KBqIWWjswmu6L7krG Kba39JWVhK/ga3+TUSZIrxAponXcqNzoMewy+QnKQjrQUBpcma6JcYPiXLX/DsYlnEzG82Qp8TN Cy+IvM= X-Google-Smtp-Source: AGHT+IHeAL+DcR07qAd9Iq2m/6xSEhl2MNEGDRSNqvjmNRLE9j5J2Un3wjkpsAn+QXmHZ/aaiqTk0Q== X-Received: by 2002:a05:690e:148b:b0:63f:9f5c:d96a with SMTP id 956f58d0204a3-641e75ba074mr6023031d50.27.1763249681206; Sat, 15 Nov 2025 15:34:41 -0800 (PST) Received: from soleen.c.googlers.com.com (182.221.85.34.bc.googleusercontent.com. [34.85.221.182]) by smtp.gmail.com with ESMTPSA id 00721157ae682-7882218774esm28462007b3.57.2025.11.15.15.34.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 15 Nov 2025 15:34:40 -0800 (PST) From: Pasha Tatashin To: pratyush@kernel.org, jasonmiu@google.com, graf@amazon.com, pasha.tatashin@soleen.com, rppt@kernel.org, dmatlack@google.com, rientjes@google.com, corbet@lwn.net, rdunlap@infradead.org, ilpo.jarvinen@linux.intel.com, kanie@linux.alibaba.com, ojeda@kernel.org, aliceryhl@google.com, masahiroy@kernel.org, akpm@linux-foundation.org, tj@kernel.org, yoann.congal@smile.fr, mmaurer@google.com, roman.gushchin@linux.dev, chenridong@huawei.com, axboe@kernel.dk, mark.rutland@arm.com, jannh@google.com, vincent.guittot@linaro.org, hannes@cmpxchg.org, dan.j.williams@intel.com, david@redhat.com, joel.granados@kernel.org, rostedt@goodmis.org, anna.schumaker@oracle.com, song@kernel.org, linux@weissschuh.net, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, gregkh@linuxfoundation.org, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, rafael@kernel.org, dakr@kernel.org, bartosz.golaszewski@linaro.org, cw00.choi@samsung.com, myungjoo.ham@samsung.com, yesanishhere@gmail.com, Jonathan.Cameron@huawei.com, quic_zijuhu@quicinc.com, aleksander.lobakin@intel.com, ira.weiny@intel.com, andriy.shevchenko@linux.intel.com, leon@kernel.org, lukas@wunner.de, bhelgaas@google.com, wagi@kernel.org, djeffery@redhat.com, stuart.w.hayes@gmail.com, ptyadav@amazon.de, lennart@poettering.net, brauner@kernel.org, linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org, saeedm@nvidia.com, ajayachandra@nvidia.com, jgg@nvidia.com, parav@nvidia.com, leonro@nvidia.com, witu@nvidia.com, hughd@google.com, skhawaja@google.com, chrisl@kernel.org Subject: [PATCH v6 11/20] mm: shmem: use SHMEM_F_* flags instead of VM_* flags Date: Sat, 15 Nov 2025 18:33:57 -0500 Message-ID: <20251115233409.768044-12-pasha.tatashin@soleen.com> X-Mailer: git-send-email 2.52.0.rc1.455.g30608eb744-goog In-Reply-To: <20251115233409.768044-1-pasha.tatashin@soleen.com> References: <20251115233409.768044-1-pasha.tatashin@soleen.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Pratyush Yadav shmem_inode_info::flags can have the VM flags VM_NORESERVE and VM_LOCKED. These are used to suppress pre-accounting or to lock the pages in the inode respectively. Using the VM flags directly makes it difficult to add shmem-specific flags that are unrelated to VM behavior since one would need to find a VM flag not used by shmem and re-purpose it. Introduce SHMEM_F_NORESERVE and SHMEM_F_LOCKED which represent the same information, but their bits are independent of the VM flags. Callers can still pass VM_NORESERVE to shmem_get_inode(), but it gets transformed to the shmem-specific flag internally. No functional changes intended. Signed-off-by: Pratyush Yadav Signed-off-by: Pasha Tatashin Reviewed-by: Mike Rapoport (Microsoft) --- include/linux/shmem_fs.h | 6 ++++++ mm/shmem.c | 28 +++++++++++++++------------- 2 files changed, 21 insertions(+), 13 deletions(-) diff --git a/include/linux/shmem_fs.h b/include/linux/shmem_fs.h index 0e47465ef0fd..650874b400b5 100644 --- a/include/linux/shmem_fs.h +++ b/include/linux/shmem_fs.h @@ -10,6 +10,7 @@ #include #include #include +#include =20 struct swap_iocb; =20 @@ -19,6 +20,11 @@ struct swap_iocb; #define SHMEM_MAXQUOTAS 2 #endif =20 +/* Suppress pre-accounting of the entire object size. */ +#define SHMEM_F_NORESERVE BIT(0) +/* Disallow swapping. */ +#define SHMEM_F_LOCKED BIT(1) + struct shmem_inode_info { spinlock_t lock; unsigned int seals; /* shmem seals */ diff --git a/mm/shmem.c b/mm/shmem.c index 58701d14dd96..1d5036dec08a 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -175,20 +175,20 @@ static inline struct shmem_sb_info *SHMEM_SB(struct s= uper_block *sb) */ static inline int shmem_acct_size(unsigned long flags, loff_t size) { - return (flags & VM_NORESERVE) ? + return (flags & SHMEM_F_NORESERVE) ? 0 : security_vm_enough_memory_mm(current->mm, VM_ACCT(size)); } =20 static inline void shmem_unacct_size(unsigned long flags, loff_t size) { - if (!(flags & VM_NORESERVE)) + if (!(flags & SHMEM_F_NORESERVE)) vm_unacct_memory(VM_ACCT(size)); } =20 static inline int shmem_reacct_size(unsigned long flags, loff_t oldsize, loff_t newsize) { - if (!(flags & VM_NORESERVE)) { + if (!(flags & SHMEM_F_NORESERVE)) { if (VM_ACCT(newsize) > VM_ACCT(oldsize)) return security_vm_enough_memory_mm(current->mm, VM_ACCT(newsize) - VM_ACCT(oldsize)); @@ -206,7 +206,7 @@ static inline int shmem_reacct_size(unsigned long flags, */ static inline int shmem_acct_blocks(unsigned long flags, long pages) { - if (!(flags & VM_NORESERVE)) + if (!(flags & SHMEM_F_NORESERVE)) return 0; =20 return security_vm_enough_memory_mm(current->mm, @@ -215,7 +215,7 @@ static inline int shmem_acct_blocks(unsigned long flags= , long pages) =20 static inline void shmem_unacct_blocks(unsigned long flags, long pages) { - if (flags & VM_NORESERVE) + if (flags & SHMEM_F_NORESERVE) vm_unacct_memory(pages * VM_ACCT(PAGE_SIZE)); } =20 @@ -1551,7 +1551,7 @@ int shmem_writeout(struct folio *folio, struct swap_i= ocb **plug, int nr_pages; bool split =3D false; =20 - if ((info->flags & VM_LOCKED) || sbinfo->noswap) + if ((info->flags & SHMEM_F_LOCKED) || sbinfo->noswap) goto redirty; =20 if (!total_swap_pages) @@ -2910,15 +2910,15 @@ int shmem_lock(struct file *file, int lock, struct = ucounts *ucounts) * ipc_lock_object() when called from shmctl_do_lock(), * no serialization needed when called from shm_destroy(). */ - if (lock && !(info->flags & VM_LOCKED)) { + if (lock && !(info->flags & SHMEM_F_LOCKED)) { if (!user_shm_lock(inode->i_size, ucounts)) goto out_nomem; - info->flags |=3D VM_LOCKED; + info->flags |=3D SHMEM_F_LOCKED; mapping_set_unevictable(file->f_mapping); } - if (!lock && (info->flags & VM_LOCKED) && ucounts) { + if (!lock && (info->flags & SHMEM_F_LOCKED) && ucounts) { user_shm_unlock(inode->i_size, ucounts); - info->flags &=3D ~VM_LOCKED; + info->flags &=3D ~SHMEM_F_LOCKED; mapping_clear_unevictable(file->f_mapping); } retval =3D 0; @@ -3062,7 +3062,7 @@ static struct inode *__shmem_get_inode(struct mnt_idm= ap *idmap, spin_lock_init(&info->lock); atomic_set(&info->stop_eviction, 0); info->seals =3D F_SEAL_SEAL; - info->flags =3D flags & VM_NORESERVE; + info->flags =3D (flags & VM_NORESERVE) ? SHMEM_F_NORESERVE : 0; info->i_crtime =3D inode_get_mtime(inode); info->fsflags =3D (dir =3D=3D NULL) ? 0 : SHMEM_I(dir)->fsflags & SHMEM_FL_INHERITED; @@ -5804,8 +5804,10 @@ static inline struct inode *shmem_get_inode(struct m= nt_idmap *idmap, /* common code */ =20 static struct file *__shmem_file_setup(struct vfsmount *mnt, const char *n= ame, - loff_t size, unsigned long flags, unsigned int i_flags) + loff_t size, unsigned long vm_flags, + unsigned int i_flags) { + unsigned long flags =3D (vm_flags & VM_NORESERVE) ? SHMEM_F_NORESERVE : 0; struct inode *inode; struct file *res; =20 @@ -5822,7 +5824,7 @@ static struct file *__shmem_file_setup(struct vfsmoun= t *mnt, const char *name, return ERR_PTR(-ENOMEM); =20 inode =3D shmem_get_inode(&nop_mnt_idmap, mnt->mnt_sb, NULL, - S_IFREG | S_IRWXUGO, 0, flags); + S_IFREG | S_IRWXUGO, 0, vm_flags); if (IS_ERR(inode)) { shmem_unacct_size(flags, size); return ERR_CAST(inode); --=20 2.52.0.rc1.455.g30608eb744-goog From nobody Mon Feb 9 04:30:58 2026 Received: from mail-yx1-f51.google.com (mail-yx1-f51.google.com [74.125.224.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 113652868AD for ; Sat, 15 Nov 2025 23:34:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.224.51 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763249688; cv=none; b=PdP+GhSVun/dzUBMZ0MGypCSNkbAv+dxUNQ/g0l9RNZ9xqd/Z3a0kVOdFemSiU9ZYCNnJxJiE1VAMCol6Auy0WUskvgLbqrL/9Lha7xqDBWi5wy3xQli9Rdrtd6YuaHgtW65D/SrRFTZ00RvbUGrXLxCy8MNRcHrD4irn5F43p4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763249688; c=relaxed/simple; bh=h2vjGzbBg4AU2ifY5ek+1jbDzqzMBe5yccYCDtitHbo=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=gwgz9vUMsure3VOxutXk5jvprvJlqa3PHRhxfTo4nK4qjcmWE9QHw2lJfABSukptrfVJWIUuRbEd2yY8VzlqYFlZaU6FyJ+f98N64gVrgNX6DlKwVtoSoWTfqhDgMVvVN9pm7pK3J+D5vCoLoUMkMZl4q+UgJdj8dg8t8jMQjw8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=soleen.com; spf=pass smtp.mailfrom=soleen.com; dkim=pass (2048-bit key) header.d=soleen.com header.i=@soleen.com header.b=abUQnKFp; arc=none smtp.client-ip=74.125.224.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=soleen.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=soleen.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=soleen.com header.i=@soleen.com header.b="abUQnKFp" Received: by mail-yx1-f51.google.com with SMTP id 956f58d0204a3-63e1e1bf882so2603272d50.1 for ; Sat, 15 Nov 2025 15:34:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=soleen.com; s=google; t=1763249684; x=1763854484; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=rjp2i+yn5YhJt0E9Cm6hXiIeiW1VzlvDXGR3nMqDfIY=; b=abUQnKFpmpaAioTjEc5MaZxSqpGfaR0hBJjJPKmL7grHOerbjdMmY/E/rnBdz4Zhp+ 4f4MzmBxe2yXt3/aZ8GGFg3PoDEr0EK9xI2QfWEyy5kxcZO6eokfC88/6rrn3r0elnUl 6rmp6vVwi3S5b7+HYnCUfC35j+v8fLarRvPWy/tys6dv+Vit9G/k0UpS4BI0rn469xk2 efuYF2WtmLWf1gnPhZzveTFPrdjrOG92+HC59YwQe98cWvLIgZ7GRWxqkv1RKmlNyG/7 T07zhjiovMSPdvCvYYZYNQRa3zmMRuValDIePY9NCniS5ueEd+/NrWk8XrfQ3w1ykU0B i/0g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763249684; x=1763854484; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=rjp2i+yn5YhJt0E9Cm6hXiIeiW1VzlvDXGR3nMqDfIY=; b=RBN43qKaLX803q+wH40ybj//H48lTp8mekDZjpUxukZtzqvdVRg8ugXDJSm15XP6Gf dp0ZrhgOFogG/LINuf5WiNexxJOyK7Rt4JvhhTj2uFS12faeQb8qqYN2OyYkqt/naKzz qTeDS4A4/gUuCCJngxrs8uoXuaAbVPzC9J49SyKJPO3LO/dsfqKFzTuBAy6ZoSP3lSLy IKJHDwYevcaonvRewzPrYX8OXq9YwLTfb/Tf2j38vack9Tm+7Z5Iv5IvEZLfUD1PDZKf j0oeDcmkVmPdYZzMZBQsiRa3gv/7/1SfmEphrnCFb5G2VlXDY/0TLASuN6PuCa+GlTYr 5GsQ== X-Forwarded-Encrypted: i=1; AJvYcCW4VjAfZORBieoWLNCKA9jIHuG2wR9Mh1ZmwHnRNCcjaZLJxJjBGcRefatV42MaqgpqiMfq/spXsT4TeB4=@vger.kernel.org X-Gm-Message-State: AOJu0YzImCkZr46shCrm8UHOp6losSaaluD8nQz8uaCWyIV7LzGJBZHk RllOE/JsTJ9pLJLY63gB4S6s7UkEEsEKWCaOQtKr4/hqZPhom+VBf6voVpojGQ06R00= X-Gm-Gg: ASbGnct4YWrnuHTh126oJeSSHK+jtu+M8lsvrfhdOGqLslrCKY9FHYAEKNPeT54iJRl bXjaH+hxzT35rFaDlyztCsk4kjS8v6+EUCqvHKdsUryXSqmumuyCHItu6EMKhsyJLYsi1BwhCcx MuUzvrhrkf4ZRXi1A/mHXGfhhP832dTaF9pOXWpIOwBeruMmxAfGqejSdMWTnPttp7n4Z9hRjPJ iFU86QpHRJ2kvUK5VF5tX1igFj1WmAZs/7mPmFUZUYER1PQe3frofz6q10glrfIDnYIjNr4AB+q 2yuCxFGvdNMJR0wp/SsNAvXzCXFQugRRa2494k9t3JgSjfPFRi4cM0v53CYB+X2n/qAjfizrEne Eyba0T4CsuLUXburtVFkJmKZnLaMZzr424INlNBfKXKfqA4rUQ8Ea6iFyDlgNXbCsFgDeELE2/M 4SH5bH+P/xmLK8KT1Wv+T+Scm5tboOKjkXNHPyicxnomRQjokPe0D9K+OZktL08QZC3Bt3VtouN gCnXN4= X-Google-Smtp-Source: AGHT+IEqQqw8FjtFSAai2c9iP1dDJFDaXC1XcmhVkOppI5F0MwDFeehYvZcQ8y1up6QBmlqTCYD2LA== X-Received: by 2002:a05:690c:7408:b0:787:d456:2e62 with SMTP id 00721157ae682-78929ed2da6mr132263187b3.33.1763249683921; Sat, 15 Nov 2025 15:34:43 -0800 (PST) Received: from soleen.c.googlers.com.com (182.221.85.34.bc.googleusercontent.com. [34.85.221.182]) by smtp.gmail.com with ESMTPSA id 00721157ae682-7882218774esm28462007b3.57.2025.11.15.15.34.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 15 Nov 2025 15:34:43 -0800 (PST) From: Pasha Tatashin To: pratyush@kernel.org, jasonmiu@google.com, graf@amazon.com, pasha.tatashin@soleen.com, rppt@kernel.org, dmatlack@google.com, rientjes@google.com, corbet@lwn.net, rdunlap@infradead.org, ilpo.jarvinen@linux.intel.com, kanie@linux.alibaba.com, ojeda@kernel.org, aliceryhl@google.com, masahiroy@kernel.org, akpm@linux-foundation.org, tj@kernel.org, yoann.congal@smile.fr, mmaurer@google.com, roman.gushchin@linux.dev, chenridong@huawei.com, axboe@kernel.dk, mark.rutland@arm.com, jannh@google.com, vincent.guittot@linaro.org, hannes@cmpxchg.org, dan.j.williams@intel.com, david@redhat.com, joel.granados@kernel.org, rostedt@goodmis.org, anna.schumaker@oracle.com, song@kernel.org, linux@weissschuh.net, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, gregkh@linuxfoundation.org, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, rafael@kernel.org, dakr@kernel.org, bartosz.golaszewski@linaro.org, cw00.choi@samsung.com, myungjoo.ham@samsung.com, yesanishhere@gmail.com, Jonathan.Cameron@huawei.com, quic_zijuhu@quicinc.com, aleksander.lobakin@intel.com, ira.weiny@intel.com, andriy.shevchenko@linux.intel.com, leon@kernel.org, lukas@wunner.de, bhelgaas@google.com, wagi@kernel.org, djeffery@redhat.com, stuart.w.hayes@gmail.com, ptyadav@amazon.de, lennart@poettering.net, brauner@kernel.org, linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org, saeedm@nvidia.com, ajayachandra@nvidia.com, jgg@nvidia.com, parav@nvidia.com, leonro@nvidia.com, witu@nvidia.com, hughd@google.com, skhawaja@google.com, chrisl@kernel.org Subject: [PATCH v6 12/20] mm: shmem: allow freezing inode mapping Date: Sat, 15 Nov 2025 18:33:58 -0500 Message-ID: <20251115233409.768044-13-pasha.tatashin@soleen.com> X-Mailer: git-send-email 2.52.0.rc1.455.g30608eb744-goog In-Reply-To: <20251115233409.768044-1-pasha.tatashin@soleen.com> References: <20251115233409.768044-1-pasha.tatashin@soleen.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Pratyush Yadav To prepare a shmem inode for live update via the Live Update Orchestrator (LUO), its index -> folio mappings must be serialized. Once the mappings are serialized, they cannot change since it would cause the serialized data to become inconsistent. This can be done by pinning the folios to avoid migration, and by making sure no folios can be added to or removed from the inode. While mechanisms to pin folios already exist, the only way to stop folios being added or removed are the grow and shrink file seals. But file seals come with their own semantics, one of which is that they can't be removed. This doesn't work with liveupdate since it can be cancelled or error out, which would need the seals to be removed and the file's normal functionality to be restored. Introduce SHMEM_F_MAPPING_FROZEN to indicate this instead. It is internal to shmem and is not directly exposed to userspace. It functions similar to F_SEAL_GROW | F_SEAL_SHRINK, but additionally disallows hole punching, and can be removed. Signed-off-by: Pratyush Yadav Signed-off-by: Pasha Tatashin --- include/linux/shmem_fs.h | 17 +++++++++++++++++ mm/shmem.c | 12 +++++++++++- 2 files changed, 28 insertions(+), 1 deletion(-) diff --git a/include/linux/shmem_fs.h b/include/linux/shmem_fs.h index 650874b400b5..a9f5db472a39 100644 --- a/include/linux/shmem_fs.h +++ b/include/linux/shmem_fs.h @@ -24,6 +24,14 @@ struct swap_iocb; #define SHMEM_F_NORESERVE BIT(0) /* Disallow swapping. */ #define SHMEM_F_LOCKED BIT(1) +/* + * Disallow growing, shrinking, or hole punching in the inode. Combined wi= th + * folio pinning, makes sure the inode's mapping stays fixed. + * + * In some ways similar to F_SEAL_GROW | F_SEAL_SHRINK, but can be removed= and + * isn't directly visible to userspace. + */ +#define SHMEM_F_MAPPING_FROZEN BIT(2) =20 struct shmem_inode_info { spinlock_t lock; @@ -186,6 +194,15 @@ static inline bool shmem_file(struct file *file) return shmem_mapping(file->f_mapping); } =20 +/* Must be called with inode lock taken exclusive. */ +static inline void shmem_i_mapping_freeze(struct inode *inode, bool freeze) +{ + if (freeze) + SHMEM_I(inode)->flags |=3D SHMEM_F_MAPPING_FROZEN; + else + SHMEM_I(inode)->flags &=3D ~SHMEM_F_MAPPING_FROZEN; +} + /* * If fallocate(FALLOC_FL_KEEP_SIZE) has been used, there may be pages * beyond i_size's notion of EOF, which fallocate has committed to reservi= ng: diff --git a/mm/shmem.c b/mm/shmem.c index 1d5036dec08a..05c3db840257 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -1292,7 +1292,8 @@ static int shmem_setattr(struct mnt_idmap *idmap, loff_t newsize =3D attr->ia_size; =20 /* protected by i_rwsem */ - if ((newsize < oldsize && (info->seals & F_SEAL_SHRINK)) || + if ((info->flags & SHMEM_F_MAPPING_FROZEN) || + (newsize < oldsize && (info->seals & F_SEAL_SHRINK)) || (newsize > oldsize && (info->seals & F_SEAL_GROW))) return -EPERM; =20 @@ -3289,6 +3290,10 @@ shmem_write_begin(const struct kiocb *iocb, struct a= ddress_space *mapping, return -EPERM; } =20 + if (unlikely((info->flags & SHMEM_F_MAPPING_FROZEN) && + pos + len > inode->i_size)) + return -EPERM; + ret =3D shmem_get_folio(inode, index, pos + len, &folio, SGP_WRITE); if (ret) return ret; @@ -3662,6 +3667,11 @@ static long shmem_fallocate(struct file *file, int m= ode, loff_t offset, =20 inode_lock(inode); =20 + if (info->flags & SHMEM_F_MAPPING_FROZEN) { + error =3D -EPERM; + goto out; + } + if (mode & FALLOC_FL_PUNCH_HOLE) { struct address_space *mapping =3D file->f_mapping; loff_t unmap_start =3D round_up(offset, PAGE_SIZE); --=20 2.52.0.rc1.455.g30608eb744-goog From nobody Mon Feb 9 04:30:58 2026 Received: from mail-yw1-f182.google.com (mail-yw1-f182.google.com [209.85.128.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7DB1F2701DA for ; Sat, 15 Nov 2025 23:34:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763249689; cv=none; b=TsYbaKv5Y7Y3VzahSJDVOTDo84LWzb4yqN+f3MQnNc3pO+zQtArD9FyKZ1vDfhKAyAsCZQCiON6nSjIc13/RJRKmgPR08V96U1Bol3AJizC0GLLlvIdDtDYDmdLhpSi1/QjNnKlGk88bqcxqr9bPj8COx4KORj67FVlcBCbG/qo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763249689; c=relaxed/simple; bh=ofxtTHhqb802FVk4Sz/AUTZJyer5O95kDxWgWujt1uQ=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ebaLfSgUQGp5YfX7lAaokonmJ8FqrneCIWlTpNIWum755untPegaN+BBJ6nkiZT+e4kneyj/venJbK4PNqvOo67N9keMiUYY6ofGCmlkjku9wrRUje8a5Sw36UXVuF36T4FGJgRQCBQWbw5Advixs/AW6Xug5S9ouMQg7yCWvJE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=soleen.com; spf=pass smtp.mailfrom=soleen.com; dkim=pass (2048-bit key) header.d=soleen.com header.i=@soleen.com header.b=MU0St5ek; arc=none smtp.client-ip=209.85.128.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=soleen.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=soleen.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=soleen.com header.i=@soleen.com header.b="MU0St5ek" Received: by mail-yw1-f182.google.com with SMTP id 00721157ae682-7869deffb47so29921987b3.1 for ; Sat, 15 Nov 2025 15:34:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=soleen.com; s=google; t=1763249686; x=1763854486; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=/eLZ78bp0n4p6Wf1XgYT9EXfbUSCOwy9XSJd2QadY6Y=; b=MU0St5ek5BHZIjMoxb8a/pdJBRZMUeNYvc4Vl6PWIeLG5J2JB65i9eTHN/SrhEYN0y wyYg1CWYQ4SWxauig7H9N8ELoesAOLaqG9WS0S2WmLGe7K0nHQA0RrDhVCwBlu+g16Zv oIYx/CDHRtLWdV1Wr9CAf0rHG2quBj0YLawytcwOJATZAQdqU4f7sraq0weiY9/UQyt7 jR1Z4+Phh2UPcKNpPyIGKEDFHGQrffP/fE4dOxTRabTEsreb5r1l5ugoh/bB06e01vrH C/4av6+QbZdPsShCH9vUEEtiwG0p3S37rBYydBBc8lHDmW9ddIuslt99n/RvNuvcrbN9 iD+w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763249686; x=1763854486; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=/eLZ78bp0n4p6Wf1XgYT9EXfbUSCOwy9XSJd2QadY6Y=; b=qtpngf9UXJUa4xzHX9yzLGlfXfR545u+gOtL8KNkwFA71H8IjxgFSQC4f9hB2OdQb7 FcE2OPbySwGkiXmtQ1U/I3EanjLP1y+vZMQlVZFByYqQ9+ZXtru0cUCZaSSSTWd6kL2w jfCs9GwqJO6wZTTEpxsMS0R9s32KvuKIcbT/Pyk7zUJpaTYE54/gUD6uVkVnIwO09xuB Sk2EeAPc1mFaQEmhcvQmr7OqyyY7mBW56Y9Rb43fJTaoB6qQTZoosJ58fAGJ2RaKcwoM oypVO23NbUeDkm+kgDYIht247qmH/6PW2GNaNNYLPpSJLg/7+zta1HX2vgBbp+r2nw1G PHUA== X-Forwarded-Encrypted: i=1; AJvYcCV+t05jeR8cYo8KFVMqkEQCnEWrUgHpBx27cFVVsiYeu6aSYGX3ZD3J/2aniCxaj7hT5BD+VjdhsXmraNg=@vger.kernel.org X-Gm-Message-State: AOJu0YyHfFg7zxCiW/BDcq0BNh98QG9D4Q63BUSQarTmNTVvo/s7FtdX 1IBKBdz1jsTTzOc3VAl/cf59NSW1IKBm9t9iwy5x8iLlCBPBC+mNCfrYe82QD2Hw8/U= X-Gm-Gg: ASbGncvJ8U0KwCvu1Z8kNgwaRQgbAWSjD8vJMmq+Acd8vhaaJLS0miXyDw4q8sGi2N1 f9f/6hYfEY5l3I5qZsv+93qN9CKMSkT45+mC4sjf16JgRwsflMn1X21X1hBUC/1j4eoGyJPIpyC 1J/KIiX73z+pBZhMwo+BhMcZSC1SDGFL3gk2DBbXInraxtSGszFJGJYhjfLc74uHhsLzGqOeL+d y9VPDNzp7deH7HKMyBI0Aam/+77TIRGqVOaRaVpYncao1+n+/ypN4vG8z/hJBjvrV7hP2aO/Eml 3ddXbasW4wWXbnrnPxRo9QW4y++JNxqtnF/gCn5fi7mxlkfByWFYIWYPDGS4XkuK3KA5i0NY0ts 3VKyY4GHj+4KcT8yiCdYbA3zd0C4JhNS+71dTXzoAsH58hVc8+oEq+GCvZRpjSJTDgVibNUgEmw Je3pwcrDdFNo63OHW9oMH6V/DEzLuIfRZvfAEcz9YRIBJwY2PhCLZ26frw7hKMOqcsWrxs X-Google-Smtp-Source: AGHT+IHk0jQUizdAzkiK9Xpe2uUL2VAa8k1RUUTK2HykUPyp4K26BcN3/UXlJAExurxnthMVN+vR9Q== X-Received: by 2002:a05:690c:2603:b0:786:5be2:d460 with SMTP id 00721157ae682-78929e29f77mr74299087b3.1.1763249686563; Sat, 15 Nov 2025 15:34:46 -0800 (PST) Received: from soleen.c.googlers.com.com (182.221.85.34.bc.googleusercontent.com. [34.85.221.182]) by smtp.gmail.com with ESMTPSA id 00721157ae682-7882218774esm28462007b3.57.2025.11.15.15.34.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 15 Nov 2025 15:34:45 -0800 (PST) From: Pasha Tatashin To: pratyush@kernel.org, jasonmiu@google.com, graf@amazon.com, pasha.tatashin@soleen.com, rppt@kernel.org, dmatlack@google.com, rientjes@google.com, corbet@lwn.net, rdunlap@infradead.org, ilpo.jarvinen@linux.intel.com, kanie@linux.alibaba.com, ojeda@kernel.org, aliceryhl@google.com, masahiroy@kernel.org, akpm@linux-foundation.org, tj@kernel.org, yoann.congal@smile.fr, mmaurer@google.com, roman.gushchin@linux.dev, chenridong@huawei.com, axboe@kernel.dk, mark.rutland@arm.com, jannh@google.com, vincent.guittot@linaro.org, hannes@cmpxchg.org, dan.j.williams@intel.com, david@redhat.com, joel.granados@kernel.org, rostedt@goodmis.org, anna.schumaker@oracle.com, song@kernel.org, linux@weissschuh.net, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, gregkh@linuxfoundation.org, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, rafael@kernel.org, dakr@kernel.org, bartosz.golaszewski@linaro.org, cw00.choi@samsung.com, myungjoo.ham@samsung.com, yesanishhere@gmail.com, Jonathan.Cameron@huawei.com, quic_zijuhu@quicinc.com, aleksander.lobakin@intel.com, ira.weiny@intel.com, andriy.shevchenko@linux.intel.com, leon@kernel.org, lukas@wunner.de, bhelgaas@google.com, wagi@kernel.org, djeffery@redhat.com, stuart.w.hayes@gmail.com, ptyadav@amazon.de, lennart@poettering.net, brauner@kernel.org, linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org, saeedm@nvidia.com, ajayachandra@nvidia.com, jgg@nvidia.com, parav@nvidia.com, leonro@nvidia.com, witu@nvidia.com, hughd@google.com, skhawaja@google.com, chrisl@kernel.org Subject: [PATCH v6 13/20] mm: shmem: export some functions to internal.h Date: Sat, 15 Nov 2025 18:33:59 -0500 Message-ID: <20251115233409.768044-14-pasha.tatashin@soleen.com> X-Mailer: git-send-email 2.52.0.rc1.455.g30608eb744-goog In-Reply-To: <20251115233409.768044-1-pasha.tatashin@soleen.com> References: <20251115233409.768044-1-pasha.tatashin@soleen.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Pratyush Yadav shmem_inode_acct_blocks(), shmem_recalc_inode(), and shmem_add_to_page_cache() are used by shmem_alloc_and_add_folio(). This functionality will also be used in the future by Live Update Orchestrator (LUO) to recreate memfd files after a live update. Signed-off-by: Pratyush Yadav Signed-off-by: Pasha Tatashin Reviewed-by: Mike Rapoport (Microsoft) --- mm/internal.h | 6 ++++++ mm/shmem.c | 10 +++++----- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/mm/internal.h b/mm/internal.h index 1561fc2ff5b8..4ba155524f80 100644 --- a/mm/internal.h +++ b/mm/internal.h @@ -1562,6 +1562,12 @@ void __meminit __init_page_from_nid(unsigned long pf= n, int nid); unsigned long shrink_slab(gfp_t gfp_mask, int nid, struct mem_cgroup *memc= g, int priority); =20 +int shmem_add_to_page_cache(struct folio *folio, + struct address_space *mapping, + pgoff_t index, void *expected, gfp_t gfp); +int shmem_inode_acct_blocks(struct inode *inode, long pages); +bool shmem_recalc_inode(struct inode *inode, long alloced, long swapped); + #ifdef CONFIG_SHRINKER_DEBUG static inline __printf(2, 0) int shrinker_debugfs_name_alloc( struct shrinker *shrinker, const char *fmt, va_list ap) diff --git a/mm/shmem.c b/mm/shmem.c index 05c3db840257..c3dc4af59c14 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -219,7 +219,7 @@ static inline void shmem_unacct_blocks(unsigned long fl= ags, long pages) vm_unacct_memory(pages * VM_ACCT(PAGE_SIZE)); } =20 -static int shmem_inode_acct_blocks(struct inode *inode, long pages) +int shmem_inode_acct_blocks(struct inode *inode, long pages) { struct shmem_inode_info *info =3D SHMEM_I(inode); struct shmem_sb_info *sbinfo =3D SHMEM_SB(inode->i_sb); @@ -435,7 +435,7 @@ static void shmem_free_inode(struct super_block *sb, si= ze_t freed_ispace) * * Return: true if swapped was incremented from 0, for shmem_writeout(). */ -static bool shmem_recalc_inode(struct inode *inode, long alloced, long swa= pped) +bool shmem_recalc_inode(struct inode *inode, long alloced, long swapped) { struct shmem_inode_info *info =3D SHMEM_I(inode); bool first_swapped =3D false; @@ -861,9 +861,9 @@ static void shmem_update_stats(struct folio *folio, int= nr_pages) /* * Somewhat like filemap_add_folio, but error if expected item has gone. */ -static int shmem_add_to_page_cache(struct folio *folio, - struct address_space *mapping, - pgoff_t index, void *expected, gfp_t gfp) +int shmem_add_to_page_cache(struct folio *folio, + struct address_space *mapping, + pgoff_t index, void *expected, gfp_t gfp) { XA_STATE_ORDER(xas, &mapping->i_pages, index, folio_order(folio)); unsigned long nr =3D folio_nr_pages(folio); --=20 2.52.0.rc1.455.g30608eb744-goog From nobody Mon Feb 9 04:30:58 2026 Received: from mail-yw1-f179.google.com (mail-yw1-f179.google.com [209.85.128.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 60A1630C370 for ; Sat, 15 Nov 2025 23:34:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.179 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763249692; cv=none; b=o9txQ5m9Hb2hrfKfZ9rsbiVJXr02fb7GKhZZzgcs3v2e19+pQ9hRvrIJvUvmfLpt7X8yvYUC7H7j61QhSbY4kAjpD6kuwE2BB8wN67j3zIUekhGUKwI58DWKRhChJz+znKGEeycxdkAHppBClCOXik0r6U9IzISrV9ikqXkYi1o= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763249692; c=relaxed/simple; bh=xccKVGMJ06tz/lkKn64u87jb4PRZGDO1HSTw7IKUbOs=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=N/E8l2an9m6QakL9gU3KcR693ysqbAQMNbpAQjkEnfPuoMY0XuBdQdKRILInV1r9iSNEDTNfvQJo9g5EMKzIIvqq9RqPrYKPNn2FyUdQrm2ZqI9erdU181USqwCD4JGdBzu5xGCq8h77J+VS9X2GRoNWxF5cyqn/Fh9HnWtH6Zk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=soleen.com; spf=pass smtp.mailfrom=soleen.com; dkim=pass (2048-bit key) header.d=soleen.com header.i=@soleen.com header.b=C3iCx/rG; arc=none smtp.client-ip=209.85.128.179 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=soleen.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=soleen.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=soleen.com header.i=@soleen.com header.b="C3iCx/rG" Received: by mail-yw1-f179.google.com with SMTP id 00721157ae682-71d71bcab6fso28794187b3.0 for ; Sat, 15 Nov 2025 15:34:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=soleen.com; s=google; t=1763249689; x=1763854489; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=VyQXl7tWXRV/YETkSwjN2Plb4i1qeg0xlo6fhXkHNVA=; b=C3iCx/rGV582hC4pEfJpW/VhjJ52sbI6jrHAV/ts15eo/ss0O/5uY9h42uFZ+GvVtS mUzRTu2/FHfMi7gspOsL2/p7doxgbIZkmGFRm3i6U09Vf6Y7ChbtNVa9OiStJCc3pRHc 9DNU8tZX6OKA+ksAFGUBmaGYgl4W6wvoGEPj9VEB/9TWiCqUU+FkOzroBO1tdLT8sMXe Nr1NTwePJ6L8QbueNIVx73is9waW/AM4duOUe+l1L+NFfPShFwjPE+4jIc8Av2hlkRHd B6wrOHskrO+V/KCuaqtRqLHT3BqA9RmwxXdLNYXU5WjeFh3njfIKdH2Bv4Q/754yf0Mf Mr6A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763249689; x=1763854489; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=VyQXl7tWXRV/YETkSwjN2Plb4i1qeg0xlo6fhXkHNVA=; b=OdYeH8cgW57NeWroaV0S6FJfiDtdrXrAP1rXQpSoNFLWLnDVOqoFvOD3vpnr2IkwJ9 wm78OGx98cJItmlB54GaTvvF0LSAQeGRdXmKt5nqZOpn2hrsHvDrESPDZxBXS1pAAMBI 0oetsg1x+3DrPC8YYg4h7/djbVxuPiFEfVZ572Oi7d6RApHeeg3/dLH0RJYuXFJ1wUb3 tUQDLBWD8+/i0b3uoNIydJz+kdp3oE+W+04Rg8wOT6/jpGBvrtg+cE1DPZ7QYeyASi49 1kk2R83I0shhu9gBd6k5h88NcMZk1KRn7ivbyUQdFEcbKBF1pC2igYLX/Z7+IdS6UXvN hbXA== X-Forwarded-Encrypted: i=1; AJvYcCVWyXiYaDT6MRNVtCie60angLgcLCQF+OiCfkCzIgax3HomxcAlzBd35tTEPFoiXgMFyuNaqF5MAu4aCu4=@vger.kernel.org X-Gm-Message-State: AOJu0Yzma/oAyND8xPWQdozXLIhGSAr46N0y5umdxFwVBSZ1aw0qycCG C2VTGxFLD+FtK60mBxTsVxpCDdrpErJ/wNI6yQzEyGKuos8ogg1RSQ1le2u20RFUACc= X-Gm-Gg: ASbGncsMErtjrdnfqglFMBc8iy6P7cnNrBRFfOYcVvXEqTghMYVWFZsraikyE2NtRMZ ecGNTmfNaTya7fKwh9enhqad+9NFnmqfVyjDI0A1mCMWOU9WE2Q6Cg3+1qVixK0zM5W6xQ0Z9yt hinizZO2/PwwhID7msPJarg/DbG1Tfi8chIZCSCaGc2kzMA8t4UX0ixRPWBqnppW32FH6/84FpY dPwgbJivAecDfQ56RoympfUetAAaOlzaScosmIZBtYnSQB5cXXN7mLZeA+X+UeVZclI5sWXe6ts gcCsNyGrqVFaImL0eeNai5CIEyYkZkg5G1FkXze4nekq5m7jhx5wC/ysIJbvCj4QKrBVYKhqIz2 bc8Fd9MAEk1xpN2xM/GhG503Rz1/PviC6Pxcv0N7lp9cSmn0qrhLkCCtX6Tvi6hsQbeHAUrrMCn yNblLdPt4mxJXavA/FwCLyJBPUfI1Lwxih9ylnPR+GdP0GRr2Vy6HKLLWkMygLtC1jQiyG X-Google-Smtp-Source: AGHT+IEy3rWCZZa0SeOLBQxT1yFnRWPZjFkRUtPU+kVtuy5howb5ZMUGXRB8KQbRbOWcLX2jr1XF1w== X-Received: by 2002:a05:690c:a003:b0:788:161c:722e with SMTP id 00721157ae682-78929e81770mr63042867b3.26.1763249689113; Sat, 15 Nov 2025 15:34:49 -0800 (PST) Received: from soleen.c.googlers.com.com (182.221.85.34.bc.googleusercontent.com. [34.85.221.182]) by smtp.gmail.com with ESMTPSA id 00721157ae682-7882218774esm28462007b3.57.2025.11.15.15.34.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 15 Nov 2025 15:34:48 -0800 (PST) From: Pasha Tatashin To: pratyush@kernel.org, jasonmiu@google.com, graf@amazon.com, pasha.tatashin@soleen.com, rppt@kernel.org, dmatlack@google.com, rientjes@google.com, corbet@lwn.net, rdunlap@infradead.org, ilpo.jarvinen@linux.intel.com, kanie@linux.alibaba.com, ojeda@kernel.org, aliceryhl@google.com, masahiroy@kernel.org, akpm@linux-foundation.org, tj@kernel.org, yoann.congal@smile.fr, mmaurer@google.com, roman.gushchin@linux.dev, chenridong@huawei.com, axboe@kernel.dk, mark.rutland@arm.com, jannh@google.com, vincent.guittot@linaro.org, hannes@cmpxchg.org, dan.j.williams@intel.com, david@redhat.com, joel.granados@kernel.org, rostedt@goodmis.org, anna.schumaker@oracle.com, song@kernel.org, linux@weissschuh.net, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, gregkh@linuxfoundation.org, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, rafael@kernel.org, dakr@kernel.org, bartosz.golaszewski@linaro.org, cw00.choi@samsung.com, myungjoo.ham@samsung.com, yesanishhere@gmail.com, Jonathan.Cameron@huawei.com, quic_zijuhu@quicinc.com, aleksander.lobakin@intel.com, ira.weiny@intel.com, andriy.shevchenko@linux.intel.com, leon@kernel.org, lukas@wunner.de, bhelgaas@google.com, wagi@kernel.org, djeffery@redhat.com, stuart.w.hayes@gmail.com, ptyadav@amazon.de, lennart@poettering.net, brauner@kernel.org, linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org, saeedm@nvidia.com, ajayachandra@nvidia.com, jgg@nvidia.com, parav@nvidia.com, leonro@nvidia.com, witu@nvidia.com, hughd@google.com, skhawaja@google.com, chrisl@kernel.org Subject: [PATCH v6 14/20] liveupdate: luo_file: add private argument to store runtime state Date: Sat, 15 Nov 2025 18:34:00 -0500 Message-ID: <20251115233409.768044-15-pasha.tatashin@soleen.com> X-Mailer: git-send-email 2.52.0.rc1.455.g30608eb744-goog In-Reply-To: <20251115233409.768044-1-pasha.tatashin@soleen.com> References: <20251115233409.768044-1-pasha.tatashin@soleen.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Pratyush Yadav Currently file handlers only get the serialized_data field to store their state. This field has a pointer to the serialized state of the file, and it becomes a part of LUO file's serialized state. File handlers can also need some runtime state to track information that shouldn't make it in the serialized data. One such example is a vmalloc pointer. While kho_preserve_vmalloc() preserves the memory backing a vmalloc allocation, it does not store the original vmap pointer, since that has no use being passed to the next kernel. The pointer is needed to free the memory in case the file is unpreserved. Provide a private field in struct luo_file and pass it to all the callbacks. The field's can be set by preserve, and must be freed by unpreserve. Signed-off-by: Pratyush Yadav Co-developed-by: Pasha Tatashin Signed-off-by: Pasha Tatashin Reviewed-by: Mike Rapoport (Microsoft) --- include/linux/liveupdate.h | 5 +++++ kernel/liveupdate/luo_file.c | 9 +++++++++ 2 files changed, 14 insertions(+) diff --git a/include/linux/liveupdate.h b/include/linux/liveupdate.h index 36a831ae3ead..defc69a1985d 100644 --- a/include/linux/liveupdate.h +++ b/include/linux/liveupdate.h @@ -29,6 +29,10 @@ struct file; * this to the file being operated on. * @serialized_data: The opaque u64 handle, preserve/prepare/freeze may u= pdate * this field. + * @private_data: Private data for the file used to hold runtime state= that + * is not preserved. Set by the handler's .preserve() + * callback, and must be freed in the handler's + * .unpreserve() callback. * * This structure bundles all parameters for the file operation callbacks. * The 'data' and 'file' fields are used for both input and output. @@ -39,6 +43,7 @@ struct liveupdate_file_op_args { bool retrieved; struct file *file; u64 serialized_data; + void *private_data; }; =20 /** diff --git a/kernel/liveupdate/luo_file.c b/kernel/liveupdate/luo_file.c index 3d3bd84cb281..df337c9c4f21 100644 --- a/kernel/liveupdate/luo_file.c +++ b/kernel/liveupdate/luo_file.c @@ -126,6 +126,10 @@ static LIST_HEAD(luo_file_handler_list); * This handle is passed back to the handler's .freeze(), * .retrieve(), and .finish() callbacks, allowing it to tr= ack * and update its serialized state across phases. + * @private_data: Pointer to the private data for the file used to hold r= untime + * state that is not preserved. Set by the handler's .pres= erve() + * callback, and must be freed in the handler's .unpreserv= e() + * callback. * @retrieved: A flag indicating whether a user/kernel in the new kern= el has * successfully called retrieve() on this file. This preve= nts * multiple retrieval attempts. @@ -152,6 +156,7 @@ struct luo_file { struct liveupdate_file_handler *fh; struct file *file; u64 serialized_data; + void *private_data; bool retrieved; struct mutex mutex; struct list_head list; @@ -309,6 +314,7 @@ int luo_preserve_file(struct luo_session *session, u64 = token, int fd) goto exit_err; } else { luo_file->serialized_data =3D args.serialized_data; + luo_file->private_data =3D args.private_data; list_add_tail(&luo_file->list, &session->files_list); session->count++; } @@ -356,6 +362,7 @@ void luo_file_unpreserve_files(struct luo_session *sess= ion) args.session =3D (struct liveupdate_session *)session; args.file =3D luo_file->file; args.serialized_data =3D luo_file->serialized_data; + args.private_data =3D luo_file->private_data; luo_file->fh->ops->unpreserve(&args); luo_flb_file_unpreserve(luo_file->fh); =20 @@ -384,6 +391,7 @@ static int luo_file_freeze_one(struct luo_session *sess= ion, args.session =3D (struct liveupdate_session *)session; args.file =3D luo_file->file; args.serialized_data =3D luo_file->serialized_data; + args.private_data =3D luo_file->private_data; =20 err =3D luo_file->fh->ops->freeze(&args); if (!err) @@ -405,6 +413,7 @@ static void luo_file_unfreeze_one(struct luo_session *s= ession, args.session =3D (struct liveupdate_session *)session; args.file =3D luo_file->file; args.serialized_data =3D luo_file->serialized_data; + args.private_data =3D luo_file->private_data; =20 luo_file->fh->ops->unfreeze(&args); } --=20 2.52.0.rc1.455.g30608eb744-goog From nobody Mon Feb 9 04:30:58 2026 Received: from mail-yw1-f174.google.com (mail-yw1-f174.google.com [209.85.128.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B457130CDBD for ; Sat, 15 Nov 2025 23:34:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.174 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763249695; cv=none; b=amcaI/vbXmaZquLTH4gr9I63kY9EanTRCOmKqkaHxvOm17xC/yBONGrbL99FURzjk6ZZ1dZrfJBEzAqP388DEJwuWDR/ntykiwGAb1wpE5afgAqTBEGh66JRrUQnlS8WQqpFg881t8g1bmcxFwDlv59n+dLcnAvlQM6d/NBVoxs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763249695; c=relaxed/simple; bh=+YFBbFQk/pljCds7647Fxp82ZFn05Nv50R3d1fopj7I=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Xg+Td3kkDREj+aShs8TCC6DEZ4ELEdl64x3OT94GmLU8aty9pt0QRod+KCssxq4+5v4JvLbXWAyPNM/tijBvQvgraw+1Qmc2TBp3GuxONWsgxhncQnBdgTuPH1IhiwuBF5ZrrxAC3NQNyz1ojviBI4G4ue/hwGwztIIxxA9oj7o= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=soleen.com; spf=pass smtp.mailfrom=soleen.com; dkim=pass (2048-bit key) header.d=soleen.com header.i=@soleen.com header.b=kavQ4cgR; arc=none smtp.client-ip=209.85.128.174 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=soleen.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=soleen.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=soleen.com header.i=@soleen.com header.b="kavQ4cgR" Received: by mail-yw1-f174.google.com with SMTP id 00721157ae682-780fe76f457so28581157b3.0 for ; Sat, 15 Nov 2025 15:34:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=soleen.com; s=google; t=1763249692; x=1763854492; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=z3RLZovbFwtP/RQUp1nppbVtzQW85hwtf6RrGKSmtoo=; b=kavQ4cgRiDe70/0KQ10aV+2vSN5+px1/Jp8jJudsEI08VuCW38hmt9HME3bsiyNmH+ j5UX+PvRWJ2CNjpNip2Ag0m+pgJcffo5c6tW+NSRWZMh6Kwnj4h7LUET23FHSUyTHS3s j95vEL+6NKbKnWzf5jRpCKzHPdG9MtuPo5cXJ+VAwhCqHPY42M14sTAo2u+bYHb6EYph +Xa6gxxU1U+HZuj8ye69yBBIcUX3hQILMJ1JqVtsQliEzlgfYrD1qolV04eOoItEMivM DF+CoUxVARkXhDaSyShiZBGn3Fk+PUiQvDa7fXNR042cMMaMTjM3MKJ/Qc1rVi1N0oTt DSNA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763249692; x=1763854492; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=z3RLZovbFwtP/RQUp1nppbVtzQW85hwtf6RrGKSmtoo=; b=HfuRY7qgK8pzJ4MC13GrUAdNpdxuSMC984JlXIRxbdVeKUIB7KAOvIpIUvnMKYzYX4 zORuNkhoPhzxUfU7OjK0xgBOvSP7VRKcbpO3AboJOFd5eqbis/fI9SH3kL2WxfCaxEvN DzuVvVVyFbHBV2PZLgBm3UXEAC1gslS07JOwJXgJ/l5aK/7YBaDCZbLZQwP1gYfz2it7 tJxZt6YrHjmlYeawlKdgx62XG5Fh3duDm2VwOGS7rwTT1KxnIyZgNO3NemnMQBe3yXMD Vhc3PKk3SZ4U2JBgGSPp0bF3vWq9qWL5kOfj+5r0j2sF+ShHt2dBw3hndtMKo3RPSP4m A2Jg== X-Forwarded-Encrypted: i=1; AJvYcCVcZxO1lweXGs7OymjzyrBfvQNrGASGmBG8fOCW0UY998M2eKoif9Ms7Anv9h1/YpsRtJjlEuqI4hj3mW8=@vger.kernel.org X-Gm-Message-State: AOJu0Yyl/tkePKp+FONQaADjlA6SspG2eJxDFvwyS/JrI6duEdUfLDtw azadka7kyQun1xfwXGQ6a9JA0QhCXEZWSv8AMWpAoj9KoQQqpFj8ucDlAAt8uJ0RqJk= X-Gm-Gg: ASbGncvEBtqHqfdc+TqrDY8+Us/VaSk+9xnPrtz9B6XeFIhi8gDDOWIPjkwWGdd6TMs tIYr1F1DVCoeJMtkWHZYaZ6o0iQTQKqL7UkUlTOq5a9Ysw83BGL5DW5FqMs8v+eYehaNqbApQff GhVkG3BGGmi5Q6Ijj1vwIhhyQNOL5VNyCjl/uwMF6PFyb0GPdE2QQn1GrNlCGy48mJHunLMZ6SO s7zzm/QaK+YJrvCS07otYm+m55Rw5vNgkJwaKavJ5j6j5lx1MzJxlOlryGBFHuzxNUiuCfM4oAK fLabXYG1RsauM5cypMHbVO44KHG/FnHazyaiZEPdjWPXohhI5hHK9Mh09IFDJxL6ZW1IA5CQ8Rt gdmhD/sI/HFt2xKkDQrIZuLgn2cbj3si/iWK/mTWGkctX5++6Elnhy9z51E6dxPVdsYECrdsVy+ s/ByI6J+it3vAfAUskVYxoi9X4LCrXUDHM2eRfK+7HIbhWEqQWX1rb1J+ApGtOqoolv0Ax5g4qx NcJJRI= X-Google-Smtp-Source: AGHT+IEDxucBxDV7YhPudgcf2ZpiZXeOBbuMtqu2QzxZIMkFxtD61LYMfKmQVcLo/cvXLlT/NQ5m9g== X-Received: by 2002:a05:690c:30f:b0:786:8331:6a02 with SMTP id 00721157ae682-78929f40ac0mr137517487b3.69.1763249691460; Sat, 15 Nov 2025 15:34:51 -0800 (PST) Received: from soleen.c.googlers.com.com (182.221.85.34.bc.googleusercontent.com. [34.85.221.182]) by smtp.gmail.com with ESMTPSA id 00721157ae682-7882218774esm28462007b3.57.2025.11.15.15.34.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 15 Nov 2025 15:34:51 -0800 (PST) From: Pasha Tatashin To: pratyush@kernel.org, jasonmiu@google.com, graf@amazon.com, pasha.tatashin@soleen.com, rppt@kernel.org, dmatlack@google.com, rientjes@google.com, corbet@lwn.net, rdunlap@infradead.org, ilpo.jarvinen@linux.intel.com, kanie@linux.alibaba.com, ojeda@kernel.org, aliceryhl@google.com, masahiroy@kernel.org, akpm@linux-foundation.org, tj@kernel.org, yoann.congal@smile.fr, mmaurer@google.com, roman.gushchin@linux.dev, chenridong@huawei.com, axboe@kernel.dk, mark.rutland@arm.com, jannh@google.com, vincent.guittot@linaro.org, hannes@cmpxchg.org, dan.j.williams@intel.com, david@redhat.com, joel.granados@kernel.org, rostedt@goodmis.org, anna.schumaker@oracle.com, song@kernel.org, linux@weissschuh.net, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, gregkh@linuxfoundation.org, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, rafael@kernel.org, dakr@kernel.org, bartosz.golaszewski@linaro.org, cw00.choi@samsung.com, myungjoo.ham@samsung.com, yesanishhere@gmail.com, Jonathan.Cameron@huawei.com, quic_zijuhu@quicinc.com, aleksander.lobakin@intel.com, ira.weiny@intel.com, andriy.shevchenko@linux.intel.com, leon@kernel.org, lukas@wunner.de, bhelgaas@google.com, wagi@kernel.org, djeffery@redhat.com, stuart.w.hayes@gmail.com, ptyadav@amazon.de, lennart@poettering.net, brauner@kernel.org, linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org, saeedm@nvidia.com, ajayachandra@nvidia.com, jgg@nvidia.com, parav@nvidia.com, leonro@nvidia.com, witu@nvidia.com, hughd@google.com, skhawaja@google.com, chrisl@kernel.org Subject: [PATCH v6 15/20] mm: memfd_luo: allow preserving memfd Date: Sat, 15 Nov 2025 18:34:01 -0500 Message-ID: <20251115233409.768044-16-pasha.tatashin@soleen.com> X-Mailer: git-send-email 2.52.0.rc1.455.g30608eb744-goog In-Reply-To: <20251115233409.768044-1-pasha.tatashin@soleen.com> References: <20251115233409.768044-1-pasha.tatashin@soleen.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Pratyush Yadav The ability to preserve a memfd allows userspace to use KHO and LUO to transfer its memory contents to the next kernel. This is useful in many ways. For one, it can be used with IOMMUFD as the backing store for IOMMU page tables. Preserving IOMMUFD is essential for performing a hypervisor live update with passthrough devices. memfd support provides the first building block for making that possible. For another, applications with a large amount of memory that takes time to reconstruct, reboots to consume kernel upgrades can be very expensive. memfd with LUO gives those applications reboot-persistent memory that they can use to quickly save and reconstruct that state. While memfd is backed by either hugetlbfs or shmem, currently only support on shmem is added. To be more precise, support for anonymous shmem files is added. The handover to the next kernel is not transparent. All the properties of the file are not preserved; only its memory contents, position, and size. The recreated file gets the UID and GID of the task doing the restore, and the task's cgroup gets charged with the memory. Once preserved, the file cannot grow or shrink, and all its pages are pinned to avoid migrations and swapping. The file can still be read from or written to. Use vmalloc to get the buffer to hold the folios, and preserve it using kho_preserve_vmalloc(). This doesn't have the size limit. Co-developed-by: Pasha Tatashin Signed-off-by: Pasha Tatashin Signed-off-by: Pratyush Yadav --- MAINTAINERS | 2 + include/linux/liveupdate/abi/memfd.h | 88 ++++ mm/Makefile | 1 + mm/memfd_luo.c | 671 +++++++++++++++++++++++++++ 4 files changed, 762 insertions(+) create mode 100644 include/linux/liveupdate/abi/memfd.h create mode 100644 mm/memfd_luo.c diff --git a/MAINTAINERS b/MAINTAINERS index bc9f5c6f0e80..ad9fee6dc605 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -14466,6 +14466,7 @@ F: tools/testing/selftests/livepatch/ =20 LIVE UPDATE M: Pasha Tatashin +R: Pratyush Yadav L: linux-kernel@vger.kernel.org S: Maintained F: Documentation/core-api/liveupdate.rst @@ -14474,6 +14475,7 @@ F: include/linux/liveupdate.h F: include/linux/liveupdate/ F: include/uapi/linux/liveupdate.h F: kernel/liveupdate/ +F: mm/memfd_luo.c =20 LLC (802.2) L: netdev@vger.kernel.org diff --git a/include/linux/liveupdate/abi/memfd.h b/include/linux/liveupdat= e/abi/memfd.h new file mode 100644 index 000000000000..bf848e5bd1de --- /dev/null +++ b/include/linux/liveupdate/abi/memfd.h @@ -0,0 +1,88 @@ +/* SPDX-License-Identifier: GPL-2.0 */ + +/* + * Copyright (c) 2025, Google LLC. + * Pasha Tatashin + * + * Copyright (C) 2025 Amazon.com Inc. or its affiliates. + * Pratyush Yadav + */ + +#ifndef _LINUX_LIVEUPDATE_ABI_MEMFD_H +#define _LINUX_LIVEUPDATE_ABI_MEMFD_H + +/** + * DOC: memfd Live Update ABI + * + * This header defines the ABI for preserving the state of a memfd across a + * kexec reboot using the LUO. + * + * The state is serialized into a Flattened Device Tree which is then hand= ed + * over to the next kernel via the KHO mechanism. The FDT is passed as the + * opaque `data` handle in the file handler callbacks. + * + * This interface is a contract. Any modification to the FDT structure, + * node properties, compatible string, or the layout of the serialization + * structures defined here constitutes a breaking change. Such changes req= uire + * incrementing the version number in the MEMFD_LUO_FH_COMPATIBLE string. + * + * FDT Structure Overview: + * The memfd state is contained within a single FDT with the following l= ayout: + * + * .. code-block:: none + * + * / { + * pos =3D <...>; + * size =3D <...>; + * nr_folios =3D <...>; + * folios =3D < ... binary data ... >; + * }; + * + * Node Properties: + * - pos: u64 + * The file's current position (f_pos). + * - size: u64 + * The total size of the file in bytes (i_size). + * - nr_folios: u64 + * Number of folios in folios array. Only present when size > 0. + * - folios: struct kho_vmalloc + * KHO vmalloc preservation for an array of &struct memfd_luo_folio_= ser, + * one for each preserved folio from the original file's mapping. On= ly + * present when size > 0. + */ + +/** + * struct memfd_luo_folio_ser - Serialized state of a single folio. + * @foliodesc: A packed 64-bit value containing both the PFN and status fl= ags of + * the preserved folio. The upper 52 bits store the PFN, and t= he + * lower 12 bits are reserved for flags (e.g., dirty, uptodate= ). + * @index: The page offset (pgoff_t) of the folio within the original = file's + * address space. This is used to correctly position the folio + * during restoration. + * + * This structure represents the minimal information required to restore a + * single folio in the new kernel. An array of these structs forms the bin= ary + * data for the "folios" property in the handover FDT. + */ +struct memfd_luo_folio_ser { + u64 foliodesc; + u64 index; +}; + +/* The strings used for memfd KHO FDT sub-tree. */ + +/* 64-bit pos value for the preserved memfd */ +#define MEMFD_FDT_POS "pos" + +/* 64-bit size value of the preserved memfd */ +#define MEMFD_FDT_SIZE "size" + +#define MEMFD_FDT_FOLIOS "folios" + +/* Number of folios in the folios array. */ +#define MEMFD_FDT_NR_FOLIOS "nr_folios" + +/* The compatibility string for memfd file handler */ +#define MEMFD_LUO_FH_COMPATIBLE "memfd-v1" + +#endif /* _LINUX_LIVEUPDATE_ABI_MEMFD_H */ diff --git a/mm/Makefile b/mm/Makefile index 21abb3353550..7738ec416f00 100644 --- a/mm/Makefile +++ b/mm/Makefile @@ -100,6 +100,7 @@ obj-$(CONFIG_NUMA) +=3D memory-tiers.o obj-$(CONFIG_DEVICE_MIGRATION) +=3D migrate_device.o obj-$(CONFIG_TRANSPARENT_HUGEPAGE) +=3D huge_memory.o khugepaged.o obj-$(CONFIG_PAGE_COUNTER) +=3D page_counter.o +obj-$(CONFIG_LIVEUPDATE) +=3D memfd_luo.o obj-$(CONFIG_MEMCG_V1) +=3D memcontrol-v1.o obj-$(CONFIG_MEMCG) +=3D memcontrol.o vmpressure.o ifdef CONFIG_SWAP diff --git a/mm/memfd_luo.c b/mm/memfd_luo.c new file mode 100644 index 000000000000..4c1d16db2cff --- /dev/null +++ b/mm/memfd_luo.c @@ -0,0 +1,671 @@ +// SPDX-License-Identifier: GPL-2.0 + +/* + * Copyright (c) 2025, Google LLC. + * Pasha Tatashin + * + * Copyright (C) 2025 Amazon.com Inc. or its affiliates. + * Pratyush Yadav + */ + +/** + * DOC: Memfd Preservation via LUO + * + * Overview + * =3D=3D=3D=3D=3D=3D=3D=3D + * + * Memory file descriptors (memfd) can be preserved over a kexec using the= Live + * Update Orchestrator (LUO) file preservation. This allows userspace to + * transfer its memory contents to the next kernel after a kexec. + * + * The preservation is not intended to be transparent. Only select propert= ies of + * the file are preserved. All others are reset to default. The preserved + * properties are described below. + * + * .. note:: + * The LUO API is not stabilized yet, so the preserved properties of a = memfd + * are also not stable and are subject to backwards incompatible change= s. + * + * .. note:: + * Currently a memfd backed by Hugetlb is not supported. Memfds created + * with ``MFD_HUGETLB`` will be rejected. + * + * Preserved Properties + * =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + * + * The following properties of the memfd are preserved across kexec: + * + * File Contents + * All data stored in the file is preserved. + * + * File Size + * The size of the file is preserved. Holes in the file are filled by + * allocating pages for them during preservation. + * + * File Position + * The current file position is preserved, allowing applications to cont= inue + * reading/writing from their last position. + * + * File Status Flags + * memfds are always opened with ``O_RDWR`` and ``O_LARGEFILE``. This pr= operty + * is maintained. + * + * Non-Preserved Properties + * =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D + * + * All properties which are not preserved must be assumed to be reset to + * default. This section describes some of those properties which may be m= ore of + * note. + * + * ``FD_CLOEXEC`` flag + * A memfd can be created with the ``MFD_CLOEXEC`` flag that sets the + * ``FD_CLOEXEC`` on the file. This flag is not preserved and must be set + * again after restore via ``fcntl()``. + * + * Seals + * File seals are not preserved. The file is unsealed on restore and if + * needed, must be sealed again via ``fcntl()``. + */ + +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "internal.h" + +#define PRESERVED_PFN_MASK GENMASK(63, 12) +#define PRESERVED_PFN_SHIFT 12 +#define PRESERVED_FLAG_DIRTY BIT(0) +#define PRESERVED_FLAG_UPTODATE BIT(1) + +#define PRESERVED_FOLIO_PFN(desc) (((desc) & PRESERVED_PFN_MASK) >> PRESER= VED_PFN_SHIFT) +#define PRESERVED_FOLIO_FLAGS(desc) ((desc) & ~PRESERVED_PFN_MASK) +#define PRESERVED_FOLIO_MKDESC(pfn, flags) (((pfn) << PRESERVED_PFN_SHIFT)= | (flags)) + +struct memfd_luo_private { + struct memfd_luo_folio_ser *pfolios; + u64 nr_folios; +}; + +static struct memfd_luo_folio_ser *memfd_luo_preserve_folios(struct file *= file, void *fdt, + u64 *nr_foliosp) +{ + struct inode *inode =3D file_inode(file); + struct memfd_luo_folio_ser *pfolios; + struct kho_vmalloc *kho_vmalloc; + unsigned int max_folios; + long i, size, nr_pinned; + struct folio **folios; + int err =3D -EINVAL; + pgoff_t offset; + u64 nr_folios; + + size =3D i_size_read(inode); + /* + * If the file has zero size, then the folios and nr_folios properties + * are not set. + */ + if (!size) { + *nr_foliosp =3D 0; + return NULL; + } + + /* + * Guess the number of folios based on inode size. Real number might end + * up being smaller if there are higher order folios. + */ + max_folios =3D PAGE_ALIGN(size) / PAGE_SIZE; + folios =3D kvmalloc_array(max_folios, sizeof(*folios), GFP_KERNEL); + if (!folios) + return ERR_PTR(-ENOMEM); + + /* + * Pin the folios so they don't move around behind our back. This also + * ensures none of the folios are in CMA -- which ensures they don't + * fall in KHO scratch memory. It also moves swapped out folios back to + * memory. + * + * A side effect of doing this is that it allocates a folio for all + * indices in the file. This might waste memory on sparse memfds. If + * that is really a problem in the future, we can have a + * memfd_pin_folios() variant that does not allocate a page on empty + * slots. + */ + nr_pinned =3D memfd_pin_folios(file, 0, size - 1, folios, max_folios, + &offset); + if (nr_pinned < 0) { + err =3D nr_pinned; + pr_err("failed to pin folios: %d\n", err); + goto err_free_folios; + } + nr_folios =3D nr_pinned; + + err =3D fdt_property(fdt, MEMFD_FDT_NR_FOLIOS, &nr_folios, sizeof(nr_foli= os)); + if (err) + goto err_unpin; + + err =3D fdt_property_placeholder(fdt, MEMFD_FDT_FOLIOS, sizeof(*kho_vmall= oc), + (void **)&kho_vmalloc); + if (err) { + pr_err("Failed to reserve '%s' property in FDT: %s\n", + MEMFD_FDT_FOLIOS, fdt_strerror(err)); + err =3D -ENOMEM; + goto err_unpin; + } + + pfolios =3D vcalloc(nr_folios, sizeof(*pfolios)); + if (!pfolios) { + err =3D -ENOMEM; + goto err_unpin; + } + + for (i =3D 0; i < nr_folios; i++) { + struct memfd_luo_folio_ser *pfolio =3D &pfolios[i]; + struct folio *folio =3D folios[i]; + unsigned int flags =3D 0; + unsigned long pfn; + + err =3D kho_preserve_folio(folio); + if (err) + goto err_unpreserve; + + pfn =3D folio_pfn(folio); + if (folio_test_dirty(folio)) + flags |=3D PRESERVED_FLAG_DIRTY; + if (folio_test_uptodate(folio)) + flags |=3D PRESERVED_FLAG_UPTODATE; + + pfolio->foliodesc =3D PRESERVED_FOLIO_MKDESC(pfn, flags); + pfolio->index =3D folio->index; + } + + err =3D kho_preserve_vmalloc(pfolios, kho_vmalloc); + if (err) + goto err_unpreserve; + + kvfree(folios); + *nr_foliosp =3D nr_folios; + return pfolios; + +err_unpreserve: + i--; + for (; i >=3D 0; i--) + kho_unpreserve_folio(folios[i]); + vfree(pfolios); +err_unpin: + unpin_folios(folios, nr_folios); +err_free_folios: + kvfree(folios); + return ERR_PTR(err); +} + +static void memfd_luo_unpreserve_folios(void *fdt, struct memfd_luo_folio_= ser *pfolios, + u64 nr_folios) +{ + struct kho_vmalloc *kho_vmalloc; + long i; + + if (!nr_folios) + return; + + kho_vmalloc =3D (struct kho_vmalloc *)fdt_getprop(fdt, 0, MEMFD_FDT_FOLIO= S, NULL); + /* The FDT was created by this kernel so expect it to be sane. */ + WARN_ON_ONCE(!kho_vmalloc); + kho_unpreserve_vmalloc(kho_vmalloc); + + for (i =3D 0; i < nr_folios; i++) { + const struct memfd_luo_folio_ser *pfolio =3D &pfolios[i]; + struct folio *folio; + + if (!pfolio->foliodesc) + continue; + + folio =3D pfn_folio(PRESERVED_FOLIO_PFN(pfolio->foliodesc)); + + kho_unpreserve_folio(folio); + unpin_folio(folio); + } + + vfree(pfolios); +} + +static struct memfd_luo_folio_ser *memfd_luo_fdt_folios(const void *fdt, u= 64 *nr_folios) +{ + const struct kho_vmalloc *kho_vmalloc; + struct memfd_luo_folio_ser *pfolios; + const u64 *nr; + int len; + + nr =3D fdt_getprop(fdt, 0, MEMFD_FDT_NR_FOLIOS, &len); + if (!nr || len !=3D sizeof(*nr)) { + pr_err("invalid '%s' property\n", MEMFD_FDT_NR_FOLIOS); + return NULL; + } + + kho_vmalloc =3D fdt_getprop(fdt, 0, MEMFD_FDT_FOLIOS, &len); + if (!kho_vmalloc || len !=3D sizeof(*kho_vmalloc)) { + pr_err("invalid '%s' property\n", MEMFD_FDT_FOLIOS); + return NULL; + } + + pfolios =3D kho_restore_vmalloc(kho_vmalloc); + if (!pfolios) + return NULL; + + *nr_folios =3D *nr; + return pfolios; +} + +static void *memfd_luo_create_fdt(void) +{ + struct folio *fdt_folio; + int err =3D 0; + void *fdt; + + /* + * The FDT only contains a couple of properties and a kho_vmalloc + * object. One page should be enough for that. + */ + fdt_folio =3D folio_alloc(GFP_KERNEL | __GFP_ZERO, 0); + if (!fdt_folio) + return NULL; + + fdt =3D folio_address(fdt_folio); + + err |=3D fdt_create(fdt, folio_size(fdt_folio)); + err |=3D fdt_finish_reservemap(fdt); + err |=3D fdt_begin_node(fdt, ""); + if (err) + goto free; + + return fdt; + +free: + folio_put(fdt_folio); + return NULL; +} + +static int memfd_luo_finish_fdt(void *fdt) +{ + int err; + + err =3D fdt_end_node(fdt); + if (err) + return err; + + return fdt_finish(fdt); +} + +static int memfd_luo_preserve(struct liveupdate_file_op_args *args) +{ + struct inode *inode =3D file_inode(args->file); + struct memfd_luo_folio_ser *pfolios; + struct memfd_luo_private *private; + u64 pos, nr_folios; + int err =3D 0; + void *fdt; + long size; + + private =3D kmalloc(sizeof(*private), GFP_KERNEL); + if (!private) + return -ENOMEM; + + inode_lock(inode); + shmem_i_mapping_freeze(inode, true); + + size =3D i_size_read(inode); + + fdt =3D memfd_luo_create_fdt(); + if (!fdt) { + err =3D -ENOMEM; + goto err_unlock; + } + + pos =3D args->file->f_pos; + err =3D fdt_property(fdt, MEMFD_FDT_POS, &pos, sizeof(pos)); + if (err) + goto err_free_fdt; + + err =3D fdt_property(fdt, MEMFD_FDT_SIZE, &size, sizeof(size)); + if (err) + goto err_free_fdt; + + pfolios =3D memfd_luo_preserve_folios(args->file, fdt, &nr_folios); + if (IS_ERR(pfolios)) { + err =3D PTR_ERR(pfolios); + goto err_free_fdt; + } + + err =3D memfd_luo_finish_fdt(fdt); + if (err) + goto err_unpreserve_folios; + + err =3D kho_preserve_folio(virt_to_folio(fdt)); + if (err) + goto err_unpreserve_folios; + + inode_unlock(inode); + + private->pfolios =3D pfolios; + private->nr_folios =3D nr_folios; + args->private_data =3D private; + args->serialized_data =3D virt_to_phys(fdt); + return 0; + +err_unpreserve_folios: + memfd_luo_unpreserve_folios(fdt, pfolios, nr_folios); +err_free_fdt: + folio_put(virt_to_folio(fdt)); +err_unlock: + shmem_i_mapping_freeze(inode, false); + inode_unlock(inode); + kfree(private); + return err; +} + +static int memfd_luo_freeze(struct liveupdate_file_op_args *args) +{ + u64 pos =3D args->file->f_pos; + void *fdt; + int err; + + if (WARN_ON_ONCE(!args->serialized_data)) + return -EINVAL; + + fdt =3D phys_to_virt(args->serialized_data); + + /* + * The pos might have changed since prepare. Everything else stays the + * same. + */ + err =3D fdt_setprop(fdt, 0, "pos", &pos, sizeof(pos)); + if (err) + return err; + + return 0; +} + +static void memfd_luo_unpreserve(struct liveupdate_file_op_args *args) +{ + struct memfd_luo_private *private =3D args->private_data; + struct inode *inode =3D file_inode(args->file); + struct folio *fdt_folio; + void *fdt; + + if (WARN_ON_ONCE(!args->serialized_data || !args->private_data)) + return; + + inode_lock(inode); + shmem_i_mapping_freeze(inode, false); + + fdt =3D phys_to_virt(args->serialized_data); + fdt_folio =3D virt_to_folio(fdt); + + memfd_luo_unpreserve_folios(fdt, private->pfolios, private->nr_folios); + + kho_unpreserve_folio(fdt_folio); + folio_put(fdt_folio); + inode_unlock(inode); + kfree(private); +} + +static struct folio *memfd_luo_get_fdt(u64 data) +{ + return kho_restore_folio((phys_addr_t)data); +} + +static void memfd_luo_discard_folios(const struct memfd_luo_folio_ser *pfo= lios, + long nr_folios) +{ + unsigned int i; + + for (i =3D 0; i < nr_folios; i++) { + const struct memfd_luo_folio_ser *pfolio =3D &pfolios[i]; + struct folio *folio; + phys_addr_t phys; + + if (!pfolio->foliodesc) + continue; + + phys =3D PFN_PHYS(PRESERVED_FOLIO_PFN(pfolio->foliodesc)); + folio =3D kho_restore_folio(phys); + if (!folio) { + pr_warn_ratelimited("Unable to restore folio at physical address: %llx\= n", + phys); + continue; + } + + folio_put(folio); + } +} + +static void memfd_luo_finish(struct liveupdate_file_op_args *args) +{ + const struct memfd_luo_folio_ser *pfolios; + struct folio *fdt_folio; + const void *fdt; + u64 nr_folios; + + if (args->retrieved) + return; + + fdt_folio =3D memfd_luo_get_fdt(args->serialized_data); + if (!fdt_folio) { + pr_err("failed to restore memfd FDT\n"); + return; + } + + fdt =3D folio_address(fdt_folio); + + pfolios =3D memfd_luo_fdt_folios(fdt, &nr_folios); + if (!pfolios) + goto out; + + memfd_luo_discard_folios(pfolios, nr_folios); + vfree(pfolios); + +out: + folio_put(fdt_folio); +} + +static int memfd_luo_retrieve_folios(struct file *file, const void *fdt) +{ + const struct memfd_luo_folio_ser *pfolios; + struct inode *inode =3D file_inode(file); + struct address_space *mapping; + struct folio *folio; + u64 nr_folios; + long i =3D 0; + int err; + + /* Careful: folios don't exist in FDT on zero-size files. */ + if (!inode->i_size) + return 0; + + pfolios =3D memfd_luo_fdt_folios(fdt, &nr_folios); + if (!pfolios) { + pr_err("failed to fetch preserved folio list\n"); + return -EINVAL; + } + + inode =3D file->f_inode; + mapping =3D inode->i_mapping; + + for (; i < nr_folios; i++) { + const struct memfd_luo_folio_ser *pfolio =3D &pfolios[i]; + phys_addr_t phys; + u64 index; + int flags; + + if (!pfolio->foliodesc) + continue; + + phys =3D PFN_PHYS(PRESERVED_FOLIO_PFN(pfolio->foliodesc)); + folio =3D kho_restore_folio(phys); + if (!folio) { + pr_err("Unable to restore folio at physical address: %llx\n", + phys); + goto put_folios; + } + index =3D pfolio->index; + flags =3D PRESERVED_FOLIO_FLAGS(pfolio->foliodesc); + + /* Set up the folio for insertion. */ + __folio_set_locked(folio); + __folio_set_swapbacked(folio); + + err =3D mem_cgroup_charge(folio, NULL, mapping_gfp_mask(mapping)); + if (err) { + pr_err("shmem: failed to charge folio index %ld: %d\n", + i, err); + goto unlock_folio; + } + + err =3D shmem_add_to_page_cache(folio, mapping, index, NULL, + mapping_gfp_mask(mapping)); + if (err) { + pr_err("shmem: failed to add to page cache folio index %ld: %d\n", + i, err); + goto unlock_folio; + } + + if (flags & PRESERVED_FLAG_UPTODATE) + folio_mark_uptodate(folio); + if (flags & PRESERVED_FLAG_DIRTY) + folio_mark_dirty(folio); + + err =3D shmem_inode_acct_blocks(inode, 1); + if (err) { + pr_err("shmem: failed to account folio index %ld: %d\n", + i, err); + goto unlock_folio; + } + + shmem_recalc_inode(inode, 1, 0); + folio_add_lru(folio); + folio_unlock(folio); + folio_put(folio); + } + + vfree(pfolios); + return 0; + +unlock_folio: + folio_unlock(folio); + folio_put(folio); + i++; +put_folios: + /* + * Note: don't free the folios already added to the file. They will be + * freed when the file is freed. Free the ones not added yet here. + */ + for (; i < nr_folios; i++) { + const struct memfd_luo_folio_ser *pfolio =3D &pfolios[i]; + + folio =3D kho_restore_folio(PRESERVED_FOLIO_PFN(pfolio->foliodesc)); + if (folio) + folio_put(folio); + } + + vfree(pfolios); + return err; +} + +static int memfd_luo_retrieve(struct liveupdate_file_op_args *args) +{ + struct folio *fdt_folio; + const u64 *pos, *size; + struct file *file; + int len, ret =3D 0; + const void *fdt; + + fdt_folio =3D memfd_luo_get_fdt(args->serialized_data); + if (!fdt_folio) + return -ENOENT; + + fdt =3D page_to_virt(folio_page(fdt_folio, 0)); + + size =3D fdt_getprop(fdt, 0, "size", &len); + if (!size || len !=3D sizeof(u64)) { + pr_err("invalid 'size' property\n"); + ret =3D -EINVAL; + goto put_fdt; + } + + pos =3D fdt_getprop(fdt, 0, "pos", &len); + if (!pos || len !=3D sizeof(u64)) { + pr_err("invalid 'pos' property\n"); + ret =3D -EINVAL; + goto put_fdt; + } + + file =3D shmem_file_setup("", 0, VM_NORESERVE); + + if (IS_ERR(file)) { + ret =3D PTR_ERR(file); + pr_err("failed to setup file: %d\n", ret); + goto put_fdt; + } + + vfs_setpos(file, *pos, MAX_LFS_FILESIZE); + file->f_inode->i_size =3D *size; + + ret =3D memfd_luo_retrieve_folios(file, fdt); + if (ret) + goto put_file; + + args->file =3D file; + folio_put(fdt_folio); + return 0; + +put_file: + fput(file); +put_fdt: + folio_put(fdt_folio); + return ret; +} + +static bool memfd_luo_can_preserve(struct liveupdate_file_handler *handler, + struct file *file) +{ + struct inode *inode =3D file_inode(file); + + return shmem_file(file) && !inode->i_nlink; +} + +static const struct liveupdate_file_ops memfd_luo_file_ops =3D { + .freeze =3D memfd_luo_freeze, + .finish =3D memfd_luo_finish, + .retrieve =3D memfd_luo_retrieve, + .preserve =3D memfd_luo_preserve, + .unpreserve =3D memfd_luo_unpreserve, + .can_preserve =3D memfd_luo_can_preserve, + .owner =3D THIS_MODULE, +}; + +static struct liveupdate_file_handler memfd_luo_handler =3D { + .ops =3D &memfd_luo_file_ops, + .compatible =3D MEMFD_LUO_FH_COMPATIBLE, +}; + +static int __init memfd_luo_init(void) +{ + int err =3D liveupdate_register_file_handler(&memfd_luo_handler); + + if (err && err !=3D -EOPNOTSUPP) { + pr_err("Could not register luo filesystem handler: %pe\n", ERR_PTR(err)); + + return err; + } + + return 0; +} +late_initcall(memfd_luo_init); --=20 2.52.0.rc1.455.g30608eb744-goog From nobody Mon Feb 9 04:30:58 2026 Received: from mail-yx1-f54.google.com (mail-yx1-f54.google.com [74.125.224.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D0C2F30DD2E for ; Sat, 15 Nov 2025 23:34:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.224.54 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763249696; cv=none; b=tS1QA40OMcUa0UTaNmuda79Is/TxOxCj36tbNvut8d2oF6wk1T7GZwPxDRNsgckcDidkMBBhQVGgGxP3ZDzUrIxvDb2eUISgzCx5iiDvYTufcaYuQ5RgzSr5cpnmtL8b0IWM3dG6VDSL7xWutN9J1sHErSjxyIc/+In8lHWunIs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763249696; c=relaxed/simple; bh=ozB694jmbnonJd7q0YUnhbTNPWhn9EUs4khf2so6x4U=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=aihhp08t3fJbnfC87YOOu9MumzTT5sNIJi1XThoQU7uPqqf+9DIXreYg8rsZkDUWdaxof5pvzwvpmSh3MdhxcKRSaVg6p17mTtRVMtylGOYqpdN713Fr2oe2gx3tllcD1u92jpg3osn2uPBZG2AyyqRfgyr4nDIzM3HxheXBFBA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=soleen.com; spf=pass smtp.mailfrom=soleen.com; dkim=pass (2048-bit key) header.d=soleen.com header.i=@soleen.com header.b=Fe01lsQq; arc=none smtp.client-ip=74.125.224.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=soleen.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=soleen.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=soleen.com header.i=@soleen.com header.b="Fe01lsQq" Received: by mail-yx1-f54.google.com with SMTP id 956f58d0204a3-63fca769163so2887518d50.2 for ; Sat, 15 Nov 2025 15:34:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=soleen.com; s=google; t=1763249694; x=1763854494; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=fTOw5RLmNkeRdWzsM1mSOCwBuPeRYehGrzOUVePWwho=; b=Fe01lsQqg+ABF38Ii8gQw3+qtMhC+EuRx1QflpJXzZNME+8qvFr/P4UbqtHpD0evDu AQ7mde8yT7bKaiaWpo4MlpYZ8ziCH7yLn8Ax06mruSzgl1wnaFf6H+RJzQbhqUtx3Cd2 e1S5SYsld6+CMOlCTP0SV6WA2ch/Xy8Q2smWrJ5nec6ZLE0VgAFechKO3KAPN5cE61O+ 3IbVe0I1b6NYK2TcrBzXfSOF0VNNgW0JzNDs5q4O8Q1cqO1ry1/3ZmWdpvx80XarZ2fn QvQ5Ft69wID/5KvK7WLQwd8hx+7g9XB9Cfi28uebAwQ9nefmtUOUJprapiWNVTd9ZVdP rGGg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763249694; x=1763854494; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=fTOw5RLmNkeRdWzsM1mSOCwBuPeRYehGrzOUVePWwho=; b=jsFkIZWzdab9bVkla6XmG8ldWuG2jGGsRduHZDUCE1T0vkjCQH6bOzESw9NgBc9ntW rkyWM2xNzRykj3yB/ZMg/AKyvWRNEbv3c7DMe0cLUFgmy+g0F1eUIjtHYIdhN5EQSA2i CbQlAYVwGyzpBfmBs1QPX9oI4FEmn9oEI2SlsuWUnSWZu+BGlP1UW0H7nop9L9p5EwH6 Tg5MFvGTS0iPbuqMR5nvNc4fCXmytSC17Zm/PIbAmBlXYXpaCaFaAXuEB+DzBf9jHxjj jEF+VnuD5N5Fcf8z4UDbuXU/Pajcux1NWAtFfzoOjGfa8lX2XldzHMvm23tKLbyq2c7/ rKgg== X-Forwarded-Encrypted: i=1; AJvYcCWf4FCTYQDHBc9QcGrU3BW382cYLme33Mvp1sbZTppW9kNjwcPwzmWUCP9UulkTeSb8LNrCun7PbLNQ+Ts=@vger.kernel.org X-Gm-Message-State: AOJu0YxznBlCPcWbgxNnTQq4RcHsskHTouGHfn7wtK0R8IlQEjvE+Cso s/N+BAd7VpQRml1AGQZFs8PRL+xdmWmx2V9maOKE8883l5L7JtoHmG+a0bmhnL0Gdt0= X-Gm-Gg: ASbGncta01XtQ7wDgXbnDLPmA3qOh5Rx6slRhkGr21kjIBq1lY6h03xS7Cn+06ROy63 fe+Cxerq/irq4YzdIMQqxGwIpKvajNXnPUyGJ8zJa70DCQ4LGg8AEhOW4fIcw4wdvFFPR3Tufy9 675KQbZVWdwkNzxEYkCWouXesZhK8ON2Qc6zVYs4aT2cGJu0izm9JXgVb1xZAhyOu7TbW0WkYM1 cVpTQqDi8i+rNQDhEpFOqHJn/ftdCd8krSG5OyPleRdcxdnRISXjgdNdFSvfdcueuYd7PlO1Yc1 nSdx6yHqLt94rje7eNZvduUaz/OP2KJhGFgMXLMCuUwlLHH4UsVN7qg3Q+PxdkzeJvph3UK9uN0 +nhJRau61LXXkp5rl20OfnhE/y+KPyx6fhpOHu9G4brualbqRROxjmp2goE7AyrKtw5hrHtjqkk l68tbNpt0GhQN0rYdcmLO1A5xCakzNijQOuI2zPZcRt4V+2UZ88H7kyRUGHqykpEwlBvzxtE9Rj 6q2TP0= X-Google-Smtp-Source: AGHT+IE86X5p/xDAl3c7gipm+lk2CKoWWGbQ3TowepV0QBeNnwP3lOoccaKcpzs5yPfF3BpHdJYzlA== X-Received: by 2002:a53:d006:0:b0:641:f5bc:6944 with SMTP id 956f58d0204a3-641f5bc71acmr2800491d50.72.1763249693809; Sat, 15 Nov 2025 15:34:53 -0800 (PST) Received: from soleen.c.googlers.com.com (182.221.85.34.bc.googleusercontent.com. [34.85.221.182]) by smtp.gmail.com with ESMTPSA id 00721157ae682-7882218774esm28462007b3.57.2025.11.15.15.34.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 15 Nov 2025 15:34:52 -0800 (PST) From: Pasha Tatashin To: pratyush@kernel.org, jasonmiu@google.com, graf@amazon.com, pasha.tatashin@soleen.com, rppt@kernel.org, dmatlack@google.com, rientjes@google.com, corbet@lwn.net, rdunlap@infradead.org, ilpo.jarvinen@linux.intel.com, kanie@linux.alibaba.com, ojeda@kernel.org, aliceryhl@google.com, masahiroy@kernel.org, akpm@linux-foundation.org, tj@kernel.org, yoann.congal@smile.fr, mmaurer@google.com, roman.gushchin@linux.dev, chenridong@huawei.com, axboe@kernel.dk, mark.rutland@arm.com, jannh@google.com, vincent.guittot@linaro.org, hannes@cmpxchg.org, dan.j.williams@intel.com, david@redhat.com, joel.granados@kernel.org, rostedt@goodmis.org, anna.schumaker@oracle.com, song@kernel.org, linux@weissschuh.net, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, gregkh@linuxfoundation.org, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, rafael@kernel.org, dakr@kernel.org, bartosz.golaszewski@linaro.org, cw00.choi@samsung.com, myungjoo.ham@samsung.com, yesanishhere@gmail.com, Jonathan.Cameron@huawei.com, quic_zijuhu@quicinc.com, aleksander.lobakin@intel.com, ira.weiny@intel.com, andriy.shevchenko@linux.intel.com, leon@kernel.org, lukas@wunner.de, bhelgaas@google.com, wagi@kernel.org, djeffery@redhat.com, stuart.w.hayes@gmail.com, ptyadav@amazon.de, lennart@poettering.net, brauner@kernel.org, linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org, saeedm@nvidia.com, ajayachandra@nvidia.com, jgg@nvidia.com, parav@nvidia.com, leonro@nvidia.com, witu@nvidia.com, hughd@google.com, skhawaja@google.com, chrisl@kernel.org Subject: [PATCH v6 16/20] docs: add documentation for memfd preservation via LUO Date: Sat, 15 Nov 2025 18:34:02 -0500 Message-ID: <20251115233409.768044-17-pasha.tatashin@soleen.com> X-Mailer: git-send-email 2.52.0.rc1.455.g30608eb744-goog In-Reply-To: <20251115233409.768044-1-pasha.tatashin@soleen.com> References: <20251115233409.768044-1-pasha.tatashin@soleen.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Pratyush Yadav Add the documentation under the "Preserving file descriptors" section of LUO's documentation. Signed-off-by: Pratyush Yadav Co-developed-by: Pasha Tatashin Signed-off-by: Pasha Tatashin --- Documentation/core-api/liveupdate.rst | 7 +++++++ Documentation/mm/index.rst | 1 + Documentation/mm/memfd_preservation.rst | 23 +++++++++++++++++++++++ MAINTAINERS | 1 + 4 files changed, 32 insertions(+) create mode 100644 Documentation/mm/memfd_preservation.rst diff --git a/Documentation/core-api/liveupdate.rst b/Documentation/core-api= /liveupdate.rst index deacc098d024..384de79a2457 100644 --- a/Documentation/core-api/liveupdate.rst +++ b/Documentation/core-api/liveupdate.rst @@ -28,6 +28,13 @@ Live Update Orchestrator ABI .. kernel-doc:: include/linux/liveupdate/abi/luo.h :doc: Live Update Orchestrator ABI =20 +The following types of file descriptors can be preserved + +.. toctree:: + :maxdepth: 1 + + ../mm/memfd_preservation + Public API =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D .. kernel-doc:: include/linux/liveupdate.h diff --git a/Documentation/mm/index.rst b/Documentation/mm/index.rst index ba6a8872849b..7aa2a8886908 100644 --- a/Documentation/mm/index.rst +++ b/Documentation/mm/index.rst @@ -48,6 +48,7 @@ documentation, or deleted if it has served its purpose. hugetlbfs_reserv ksm memory-model + memfd_preservation mmu_notifier multigen_lru numa diff --git a/Documentation/mm/memfd_preservation.rst b/Documentation/mm/mem= fd_preservation.rst new file mode 100644 index 000000000000..4f09c3921893 --- /dev/null +++ b/Documentation/mm/memfd_preservation.rst @@ -0,0 +1,23 @@ +.. SPDX-License-Identifier: GPL-2.0-or-later + +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D +Memfd Preservation via LUO +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D + +.. kernel-doc:: mm/memfd_luo.c + :doc: Memfd Preservation via LUO + +Memfd Preservation ABI +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +.. kernel-doc:: include/linux/liveupdate/abi/memfd.h + :doc: DOC: memfd Live Update ABI + +.. kernel-doc:: include/linux/liveupdate/abi/memfd.h + :internal: + +See Also +=3D=3D=3D=3D=3D=3D=3D=3D + +- :doc:`/core-api/liveupdate` +- :doc:`/core-api/kho/concepts` diff --git a/MAINTAINERS b/MAINTAINERS index ad9fee6dc605..6ffe4425adbf 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -14470,6 +14470,7 @@ R: Pratyush Yadav L: linux-kernel@vger.kernel.org S: Maintained F: Documentation/core-api/liveupdate.rst +F: Documentation/mm/memfd_preservation.rst F: Documentation/userspace-api/liveupdate.rst F: include/linux/liveupdate.h F: include/linux/liveupdate/ --=20 2.52.0.rc1.455.g30608eb744-goog From nobody Mon Feb 9 04:30:58 2026 Received: from mail-yx1-f46.google.com (mail-yx1-f46.google.com [74.125.224.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2FFD430E0D9 for ; Sat, 15 Nov 2025 23:34:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.224.46 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763249699; cv=none; b=LD4Gyp8HYPrxVAozPaHgTqWaXZWRG7gzsgrIe8SKRpqWyrLUfTPWJho0nb3+8Fba4Z3V1Cg6cZfSbEltNbKRIHtJLA/cMWotFywoj3htzi30CmlAtC8+OhJzdbrJ5ClHuwhW/QO7EYnu2QHPPR71Xifa2V5l/BI126XvQX35AxE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763249699; c=relaxed/simple; bh=3LgFVG3WGye/XbBR8rtyEtDV89N7U1RgNovIzVAnT8c=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=cq94rFfR5W9/yiY3EEu+WHStCoQaMtfuYG7qYucd3wI20zsZpSxvWTOfylQyDBkXUBTG+OMEGNxEnykV5TCjBtmRnsLE5Yx6QieOpxuOxvEtcAxB9m8vxYrX3WJLSw+QW5ljZW7vVyi6Crs6pGEid/Dv4GT/co4XP5CfccG2Ovo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=soleen.com; spf=pass smtp.mailfrom=soleen.com; dkim=pass (2048-bit key) header.d=soleen.com header.i=@soleen.com header.b=F+5BhBuL; arc=none smtp.client-ip=74.125.224.46 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=soleen.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=soleen.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=soleen.com header.i=@soleen.com header.b="F+5BhBuL" Received: by mail-yx1-f46.google.com with SMTP id 956f58d0204a3-640d4f2f13dso3001798d50.1 for ; Sat, 15 Nov 2025 15:34:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=soleen.com; s=google; t=1763249696; x=1763854496; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=f5S0vcOaGPBc/xPnnYkmK3BuBrLvlvg5l9MZinPrpq0=; b=F+5BhBuLgzB/En5elX2EfYQ15gFDywalmOJ2l9iWyePdjKHpor84l4UB7BGPbg2a2W LtK/juj5dZlr7sABmaedc1MGNRceFja7wyGvVYpCTxNWxVJsskTIzEaQo5GDpe2pVZrj Cv8pwblkrjDOGttDgupSz1qNuM6YRSMRrsWgxHKono2x5rqLwLHqBFU93azUwQe76We2 4M8rSFJT205sLox70IRof6RNzN3M7bM3ph28M4Lj1CQL/X6uqHdv3S0dSh7RRCJqqpF3 g8AKjdOkQS8qmYWopriCA7Nf4T1V++Jv0eNqEJE6d/t1MxZr6OxCuKHSCh00tLDJf0WM W7mw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763249696; x=1763854496; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=f5S0vcOaGPBc/xPnnYkmK3BuBrLvlvg5l9MZinPrpq0=; b=uPSAKB+unFMeIkC/1k887FbMXB25ckxHM4pdbYZFvCtLhuo6ws6PEOM4I64if+zEIg celF5H3ZT5uzbif/Auuitakt1JUfIKOeJb5ziRBcbIknJETZzqXik+xChon2ew7LBvoe v1BaFhZ9ZoEhP8saYKGaDzXyx1HQeQfdeAePhzwGMHfof4tMHTYbTRhlAO8baAFWI2lm ZrdHvpe9JM6krxeacg1hREKOEddY9jBRv/MFoV1BCmnpTgNmRA4RbF929u0RQRo3+FEO ViQb+QFl1YqMMTDhek0la7HHoyJidTIt7FO6auFfW2vJMzUQhqBmCacr5USW0BrgXpKi tzow== X-Forwarded-Encrypted: i=1; AJvYcCVOog5buF0sVavJsvwdCp8esivcFIuX9lHTEszzgMZp4Lea3GSuYmqNjBtxp9/PLl876UGgbwxbrtOY5rk=@vger.kernel.org X-Gm-Message-State: AOJu0YyOr541nL+oMn0eFjkmMJk9JC3QQzdI1LZnhFtMjF8I9phVV7gj BjqSFznXiuh4Z+wikKTbwtXUGdkskEqcd4ZmNXsMg7Lh4UxpEGdIc1nvZ1X40My6HpA= X-Gm-Gg: ASbGncsNs0xVqQjQKop+I9v4EVrGPZ5Y5AhAfZdlfqLmI5/V54lkR58gTqXtXPzbLOw rKiuIEDHTc+7R2nA1zgiZ49kkvvX50+ZLVT+NVB3LB2DiHQw8wyYnhBmVmrc+qPKU3at40FjWE0 kvHMfhb+A4/7rezHuxbTTA9I21eHfltglEPHVZjv1+TqZhbvJtBpRGH3sN3gg3HE0R8JS3k+Z4e 6Iu8/z5OEEE86U16OuaEeU5nVG0VnHReGjOsosA7Vb6ms2pErZJYCxUIB7+NuKOKlFP9A2bEG1/ D3NSohFT3ymmyQIKlL3+E5Y+7ewrQxrA6vOulNpUohzvMyu2VDoZQRVIMsbUPmMjxPK+vM8WMfh lpMWVbvdiJber0FlEVlrNV7GTWyb2yWGvygIArwq3UqWHb9gYR2MZbVLwrWS07wWHd9lUl6MDU8 BvrcVrprW2DpkY2eO3znPpM0+ImXf0gIjZ/KFosO2HObylanvilkFS3VtjspNgcu5fJMmLcD0vH N1PuIU= X-Google-Smtp-Source: AGHT+IGi+GT9ZHanKi9MAwv46wj31I6UW4wvg+DCMOJo43hhLaMJSMVLxpTF87yQuYFejJEJXTbohQ== X-Received: by 2002:a53:b10e:0:b0:63f:a228:1859 with SMTP id 956f58d0204a3-641e75ef062mr5298448d50.38.1763249695703; Sat, 15 Nov 2025 15:34:55 -0800 (PST) Received: from soleen.c.googlers.com.com (182.221.85.34.bc.googleusercontent.com. [34.85.221.182]) by smtp.gmail.com with ESMTPSA id 00721157ae682-7882218774esm28462007b3.57.2025.11.15.15.34.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 15 Nov 2025 15:34:55 -0800 (PST) From: Pasha Tatashin To: pratyush@kernel.org, jasonmiu@google.com, graf@amazon.com, pasha.tatashin@soleen.com, rppt@kernel.org, dmatlack@google.com, rientjes@google.com, corbet@lwn.net, rdunlap@infradead.org, ilpo.jarvinen@linux.intel.com, kanie@linux.alibaba.com, ojeda@kernel.org, aliceryhl@google.com, masahiroy@kernel.org, akpm@linux-foundation.org, tj@kernel.org, yoann.congal@smile.fr, mmaurer@google.com, roman.gushchin@linux.dev, chenridong@huawei.com, axboe@kernel.dk, mark.rutland@arm.com, jannh@google.com, vincent.guittot@linaro.org, hannes@cmpxchg.org, dan.j.williams@intel.com, david@redhat.com, joel.granados@kernel.org, rostedt@goodmis.org, anna.schumaker@oracle.com, song@kernel.org, linux@weissschuh.net, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, gregkh@linuxfoundation.org, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, rafael@kernel.org, dakr@kernel.org, bartosz.golaszewski@linaro.org, cw00.choi@samsung.com, myungjoo.ham@samsung.com, yesanishhere@gmail.com, Jonathan.Cameron@huawei.com, quic_zijuhu@quicinc.com, aleksander.lobakin@intel.com, ira.weiny@intel.com, andriy.shevchenko@linux.intel.com, leon@kernel.org, lukas@wunner.de, bhelgaas@google.com, wagi@kernel.org, djeffery@redhat.com, stuart.w.hayes@gmail.com, ptyadav@amazon.de, lennart@poettering.net, brauner@kernel.org, linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org, saeedm@nvidia.com, ajayachandra@nvidia.com, jgg@nvidia.com, parav@nvidia.com, leonro@nvidia.com, witu@nvidia.com, hughd@google.com, skhawaja@google.com, chrisl@kernel.org Subject: [PATCH v6 17/20] selftests/liveupdate: Add userspace API selftests Date: Sat, 15 Nov 2025 18:34:03 -0500 Message-ID: <20251115233409.768044-18-pasha.tatashin@soleen.com> X-Mailer: git-send-email 2.52.0.rc1.455.g30608eb744-goog In-Reply-To: <20251115233409.768044-1-pasha.tatashin@soleen.com> References: <20251115233409.768044-1-pasha.tatashin@soleen.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Introduce a selftest suite for LUO. These tests validate the core userspace-facing API provided by the /dev/liveupdate device and its associated ioctls. The suite covers fundamental device behavior, session management, and the file preservation mechanism using memfd as a test case. This provides regression testing for the LUO uAPI. The following functionality is verified: Device Access: Basic open and close operations on /dev/liveupdate. Enforcement of exclusive device access (verifying EBUSY on a second open). Session Management: Successful creation of sessions with unique names. Failure to create sessions with duplicate names. File Preservation: Preserving a single memfd and verifying its content remains intact post-preservation. Preserving multiple memfds within a single session, each with unique data. A complex scenario involving multiple sessions, each containing a mix of empty and data-filled memfds. Note: This test suite is limited to verifying the pre-kexec functionality of LUO (e.g., session creation, file preservation). The post-kexec restoration of resources is not covered, as the kselftest framework does not currently support orchestrating a reboot and continuing execution in the new kernel. Signed-off-by: Pasha Tatashin --- MAINTAINERS | 1 + tools/testing/selftests/Makefile | 1 + tools/testing/selftests/liveupdate/.gitignore | 1 + tools/testing/selftests/liveupdate/Makefile | 7 + tools/testing/selftests/liveupdate/config | 5 + .../testing/selftests/liveupdate/liveupdate.c | 348 ++++++++++++++++++ 6 files changed, 363 insertions(+) create mode 100644 tools/testing/selftests/liveupdate/.gitignore create mode 100644 tools/testing/selftests/liveupdate/Makefile create mode 100644 tools/testing/selftests/liveupdate/config create mode 100644 tools/testing/selftests/liveupdate/liveupdate.c diff --git a/MAINTAINERS b/MAINTAINERS index 6ffe4425adbf..5a1ed783de20 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -14477,6 +14477,7 @@ F: include/linux/liveupdate/ F: include/uapi/linux/liveupdate.h F: kernel/liveupdate/ F: mm/memfd_luo.c +F: tools/testing/selftests/liveupdate/ =20 LLC (802.2) L: netdev@vger.kernel.org diff --git a/tools/testing/selftests/Makefile b/tools/testing/selftests/Mak= efile index c46ebdb9b8ef..56e44a98d6a5 100644 --- a/tools/testing/selftests/Makefile +++ b/tools/testing/selftests/Makefile @@ -54,6 +54,7 @@ TARGETS +=3D kvm TARGETS +=3D landlock TARGETS +=3D lib TARGETS +=3D livepatch +TARGETS +=3D liveupdate TARGETS +=3D lkdtm TARGETS +=3D lsm TARGETS +=3D membarrier diff --git a/tools/testing/selftests/liveupdate/.gitignore b/tools/testing/= selftests/liveupdate/.gitignore new file mode 100644 index 000000000000..af6e773cf98f --- /dev/null +++ b/tools/testing/selftests/liveupdate/.gitignore @@ -0,0 +1 @@ +/liveupdate diff --git a/tools/testing/selftests/liveupdate/Makefile b/tools/testing/se= lftests/liveupdate/Makefile new file mode 100644 index 000000000000..2a573c36016e --- /dev/null +++ b/tools/testing/selftests/liveupdate/Makefile @@ -0,0 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only +CFLAGS +=3D -Wall -O2 -Wno-unused-function +CFLAGS +=3D $(KHDR_INCLUDES) + +TEST_GEN_PROGS +=3D liveupdate + +include ../lib.mk diff --git a/tools/testing/selftests/liveupdate/config b/tools/testing/self= tests/liveupdate/config new file mode 100644 index 000000000000..c0c7e7cc484e --- /dev/null +++ b/tools/testing/selftests/liveupdate/config @@ -0,0 +1,5 @@ +CONFIG_KEXEC_FILE=3Dy +CONFIG_KEXEC_HANDOVER=3Dy +CONFIG_KEXEC_HANDOVER_DEBUGFS=3Dy +CONFIG_KEXEC_HANDOVER_DEBUG=3Dy +CONFIG_LIVEUPDATE=3Dy diff --git a/tools/testing/selftests/liveupdate/liveupdate.c b/tools/testin= g/selftests/liveupdate/liveupdate.c new file mode 100644 index 000000000000..c2878e3d5ef9 --- /dev/null +++ b/tools/testing/selftests/liveupdate/liveupdate.c @@ -0,0 +1,348 @@ +// SPDX-License-Identifier: GPL-2.0 + +/* + * Copyright (c) 2025, Google LLC. + * Pasha Tatashin + */ + +/* + * Selftests for the Live Update Orchestrator. + * This test suite verifies the functionality and behavior of the + * /dev/liveupdate character device and its session management capabilitie= s. + * + * Tests include: + * - Device access: basic open/close, and enforcement of exclusive access. + * - Session management: creation of unique sessions, and duplicate name d= etection. + * - Resource preservation: successfully preserving individual and multipl= e memfds, + * verifying contents remain accessible. + * - Complex multi-session scenarios involving mixed empty and populated f= iles. + */ + +#include +#include +#include +#include +#include + +#include + +#include "../kselftest.h" +#include "../kselftest_harness.h" + +#define LIVEUPDATE_DEV "/dev/liveupdate" + +FIXTURE(liveupdate_device) { + int fd1; + int fd2; +}; + +FIXTURE_SETUP(liveupdate_device) +{ + self->fd1 =3D -1; + self->fd2 =3D -1; +} + +FIXTURE_TEARDOWN(liveupdate_device) +{ + if (self->fd1 >=3D 0) + close(self->fd1); + if (self->fd2 >=3D 0) + close(self->fd2); +} + +/* + * Test Case: Basic Open and Close + * + * Verifies that the /dev/liveupdate device can be opened and subsequently + * closed without errors. Skips if the device does not exist. + */ +TEST_F(liveupdate_device, basic_open_close) +{ + self->fd1 =3D open(LIVEUPDATE_DEV, O_RDWR); + + if (self->fd1 < 0 && errno =3D=3D ENOENT) + SKIP(return, "%s does not exist.", LIVEUPDATE_DEV); + + ASSERT_GE(self->fd1, 0); + ASSERT_EQ(close(self->fd1), 0); + self->fd1 =3D -1; +} + +/* + * Test Case: Exclusive Open Enforcement + * + * Verifies that the /dev/liveupdate device can only be opened by one proc= ess + * at a time. It checks that a second attempt to open the device fails with + * the EBUSY error code. + */ +TEST_F(liveupdate_device, exclusive_open) +{ + self->fd1 =3D open(LIVEUPDATE_DEV, O_RDWR); + + if (self->fd1 < 0 && errno =3D=3D ENOENT) + SKIP(return, "%s does not exist.", LIVEUPDATE_DEV); + + ASSERT_GE(self->fd1, 0); + self->fd2 =3D open(LIVEUPDATE_DEV, O_RDWR); + EXPECT_LT(self->fd2, 0); + EXPECT_EQ(errno, EBUSY); +} + +/* Helper function to create a LUO session via ioctl. */ +static int create_session(int lu_fd, const char *name) +{ + struct liveupdate_ioctl_create_session args =3D {}; + + args.size =3D sizeof(args); + strncpy((char *)args.name, name, sizeof(args.name) - 1); + + if (ioctl(lu_fd, LIVEUPDATE_IOCTL_CREATE_SESSION, &args)) + return -errno; + + return args.fd; +} + +/* + * Test Case: Create Duplicate Session + * + * Verifies that attempting to create two sessions with the same name fails + * on the second attempt with EEXIST. + */ +TEST_F(liveupdate_device, create_duplicate_session) +{ + int session_fd1, session_fd2; + + self->fd1 =3D open(LIVEUPDATE_DEV, O_RDWR); + if (self->fd1 < 0 && errno =3D=3D ENOENT) + SKIP(return, "%s does not exist", LIVEUPDATE_DEV); + + ASSERT_GE(self->fd1, 0); + + session_fd1 =3D create_session(self->fd1, "duplicate-session-test"); + ASSERT_GE(session_fd1, 0); + + session_fd2 =3D create_session(self->fd1, "duplicate-session-test"); + EXPECT_LT(session_fd2, 0); + EXPECT_EQ(-session_fd2, EEXIST); + + ASSERT_EQ(close(session_fd1), 0); +} + +/* + * Test Case: Create Distinct Sessions + * + * Verifies that creating two sessions with different names succeeds. + */ +TEST_F(liveupdate_device, create_distinct_sessions) +{ + int session_fd1, session_fd2; + + self->fd1 =3D open(LIVEUPDATE_DEV, O_RDWR); + if (self->fd1 < 0 && errno =3D=3D ENOENT) + SKIP(return, "%s does not exist", LIVEUPDATE_DEV); + + ASSERT_GE(self->fd1, 0); + + session_fd1 =3D create_session(self->fd1, "distinct-session-1"); + ASSERT_GE(session_fd1, 0); + + session_fd2 =3D create_session(self->fd1, "distinct-session-2"); + ASSERT_GE(session_fd2, 0); + + ASSERT_EQ(close(session_fd1), 0); + ASSERT_EQ(close(session_fd2), 0); +} + +static int preserve_fd(int session_fd, int fd_to_preserve, __u64 token) +{ + struct liveupdate_session_preserve_fd args =3D {}; + + args.size =3D sizeof(args); + args.fd =3D fd_to_preserve; + args.token =3D token; + + if (ioctl(session_fd, LIVEUPDATE_SESSION_PRESERVE_FD, &args)) + return -errno; + + return 0; +} + +/* + * Test Case: Preserve MemFD + * + * Verifies that a valid memfd can be successfully preserved in a session = and + * that its contents remain intact after the preservation call. + */ +TEST_F(liveupdate_device, preserve_memfd) +{ + const char *test_str =3D "hello liveupdate"; + char read_buf[64] =3D {}; + int session_fd, mem_fd; + + self->fd1 =3D open(LIVEUPDATE_DEV, O_RDWR); + if (self->fd1 < 0 && errno =3D=3D ENOENT) + SKIP(return, "%s does not exist", LIVEUPDATE_DEV); + ASSERT_GE(self->fd1, 0); + + session_fd =3D create_session(self->fd1, "preserve-memfd-test"); + ASSERT_GE(session_fd, 0); + + mem_fd =3D memfd_create("test-memfd", 0); + ASSERT_GE(mem_fd, 0); + + ASSERT_EQ(write(mem_fd, test_str, strlen(test_str)), strlen(test_str)); + ASSERT_EQ(preserve_fd(session_fd, mem_fd, 0x1234), 0); + ASSERT_EQ(close(session_fd), 0); + + ASSERT_EQ(lseek(mem_fd, 0, SEEK_SET), 0); + ASSERT_EQ(read(mem_fd, read_buf, sizeof(read_buf)), strlen(test_str)); + ASSERT_STREQ(read_buf, test_str); + ASSERT_EQ(close(mem_fd), 0); +} + +/* + * Test Case: Preserve Multiple MemFDs + * + * Verifies that multiple memfds can be preserved in a single session, + * each with a unique token, and that their contents remain distinct and + * correct after preservation. + */ +TEST_F(liveupdate_device, preserve_multiple_memfds) +{ + const char *test_str1 =3D "data for memfd one"; + const char *test_str2 =3D "data for memfd two"; + char read_buf[64] =3D {}; + int session_fd, mem_fd1, mem_fd2; + + self->fd1 =3D open(LIVEUPDATE_DEV, O_RDWR); + if (self->fd1 < 0 && errno =3D=3D ENOENT) + SKIP(return, "%s does not exist", LIVEUPDATE_DEV); + ASSERT_GE(self->fd1, 0); + + session_fd =3D create_session(self->fd1, "preserve-multi-memfd-test"); + ASSERT_GE(session_fd, 0); + + mem_fd1 =3D memfd_create("test-memfd-1", 0); + ASSERT_GE(mem_fd1, 0); + mem_fd2 =3D memfd_create("test-memfd-2", 0); + ASSERT_GE(mem_fd2, 0); + + ASSERT_EQ(write(mem_fd1, test_str1, strlen(test_str1)), strlen(test_str1)= ); + ASSERT_EQ(write(mem_fd2, test_str2, strlen(test_str2)), strlen(test_str2)= ); + + ASSERT_EQ(preserve_fd(session_fd, mem_fd1, 0xAAAA), 0); + ASSERT_EQ(preserve_fd(session_fd, mem_fd2, 0xBBBB), 0); + + memset(read_buf, 0, sizeof(read_buf)); + ASSERT_EQ(lseek(mem_fd1, 0, SEEK_SET), 0); + ASSERT_EQ(read(mem_fd1, read_buf, sizeof(read_buf)), strlen(test_str1)); + ASSERT_STREQ(read_buf, test_str1); + + memset(read_buf, 0, sizeof(read_buf)); + ASSERT_EQ(lseek(mem_fd2, 0, SEEK_SET), 0); + ASSERT_EQ(read(mem_fd2, read_buf, sizeof(read_buf)), strlen(test_str2)); + ASSERT_STREQ(read_buf, test_str2); + + ASSERT_EQ(close(mem_fd1), 0); + ASSERT_EQ(close(mem_fd2), 0); + ASSERT_EQ(close(session_fd), 0); +} + +/* + * Test Case: Preserve Complex Scenario + * + * Verifies a more complex scenario with multiple sessions and a mix of em= pty + * and non-empty memfds distributed across them. + */ +TEST_F(liveupdate_device, preserve_complex_scenario) +{ + const char *data1 =3D "data for session 1"; + const char *data2 =3D "data for session 2"; + char read_buf[64] =3D {}; + int session_fd1, session_fd2; + int mem_fd_data1, mem_fd_empty1, mem_fd_data2, mem_fd_empty2; + + self->fd1 =3D open(LIVEUPDATE_DEV, O_RDWR); + if (self->fd1 < 0 && errno =3D=3D ENOENT) + SKIP(return, "%s does not exist", LIVEUPDATE_DEV); + ASSERT_GE(self->fd1, 0); + + session_fd1 =3D create_session(self->fd1, "complex-session-1"); + ASSERT_GE(session_fd1, 0); + session_fd2 =3D create_session(self->fd1, "complex-session-2"); + ASSERT_GE(session_fd2, 0); + + mem_fd_data1 =3D memfd_create("data1", 0); + ASSERT_GE(mem_fd_data1, 0); + ASSERT_EQ(write(mem_fd_data1, data1, strlen(data1)), strlen(data1)); + + mem_fd_empty1 =3D memfd_create("empty1", 0); + ASSERT_GE(mem_fd_empty1, 0); + + mem_fd_data2 =3D memfd_create("data2", 0); + ASSERT_GE(mem_fd_data2, 0); + ASSERT_EQ(write(mem_fd_data2, data2, strlen(data2)), strlen(data2)); + + mem_fd_empty2 =3D memfd_create("empty2", 0); + ASSERT_GE(mem_fd_empty2, 0); + + ASSERT_EQ(preserve_fd(session_fd1, mem_fd_data1, 0x1111), 0); + ASSERT_EQ(preserve_fd(session_fd1, mem_fd_empty1, 0x2222), 0); + ASSERT_EQ(preserve_fd(session_fd2, mem_fd_data2, 0x3333), 0); + ASSERT_EQ(preserve_fd(session_fd2, mem_fd_empty2, 0x4444), 0); + + ASSERT_EQ(lseek(mem_fd_data1, 0, SEEK_SET), 0); + ASSERT_EQ(read(mem_fd_data1, read_buf, sizeof(read_buf)), strlen(data1)); + ASSERT_STREQ(read_buf, data1); + + memset(read_buf, 0, sizeof(read_buf)); + ASSERT_EQ(lseek(mem_fd_data2, 0, SEEK_SET), 0); + ASSERT_EQ(read(mem_fd_data2, read_buf, sizeof(read_buf)), strlen(data2)); + ASSERT_STREQ(read_buf, data2); + + ASSERT_EQ(lseek(mem_fd_empty1, 0, SEEK_SET), 0); + ASSERT_EQ(read(mem_fd_empty1, read_buf, sizeof(read_buf)), 0); + + ASSERT_EQ(lseek(mem_fd_empty2, 0, SEEK_SET), 0); + ASSERT_EQ(read(mem_fd_empty2, read_buf, sizeof(read_buf)), 0); + + ASSERT_EQ(close(mem_fd_data1), 0); + ASSERT_EQ(close(mem_fd_empty1), 0); + ASSERT_EQ(close(mem_fd_data2), 0); + ASSERT_EQ(close(mem_fd_empty2), 0); + ASSERT_EQ(close(session_fd1), 0); + ASSERT_EQ(close(session_fd2), 0); +} + +/* + * Test Case: Preserve Unsupported File Descriptor + * + * Verifies that attempting to preserve a file descriptor that does not ha= ve + * a registered Live Update handler fails gracefully. + * Uses /dev/null as a representative of a file type (character device) + * that is not supported by the orchestrator. + */ +TEST_F(liveupdate_device, preserve_unsupported_fd) +{ + int session_fd, unsupported_fd; + int ret; + + self->fd1 =3D open(LIVEUPDATE_DEV, O_RDWR); + if (self->fd1 < 0 && errno =3D=3D ENOENT) + SKIP(return, "%s does not exist", LIVEUPDATE_DEV); + ASSERT_GE(self->fd1, 0); + + session_fd =3D create_session(self->fd1, "unsupported-fd-test"); + ASSERT_GE(session_fd, 0); + + unsupported_fd =3D open("/dev/null", O_RDWR); + ASSERT_GE(unsupported_fd, 0); + + ret =3D preserve_fd(session_fd, unsupported_fd, 0xDEAD); + EXPECT_EQ(ret, -ENOENT); + + ASSERT_EQ(close(unsupported_fd), 0); + ASSERT_EQ(close(session_fd), 0); +} + +TEST_HARNESS_MAIN --=20 2.52.0.rc1.455.g30608eb744-goog From nobody Mon Feb 9 04:30:58 2026 Received: from mail-yw1-f169.google.com (mail-yw1-f169.google.com [209.85.128.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BE0CB27281D for ; Sat, 15 Nov 2025 23:34:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.169 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763249701; cv=none; b=nGnw+dnYsOMUSRlyM8ZPDPhx8M7m7E6jyu+Ne6BfKnkf50rFGCSD1oJ4BefVJsRbk5iBLTWF8mlFPQy8VZI2Gcs8Y0wTx7JMLWZ8XXNWBaB+Hp5iPxdpF5BE6vojSOR+zPiaYrOPc7xl3u7E3ogO6UdZRWcUIHY6mqM8b+CAMyA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763249701; c=relaxed/simple; bh=zOlIFVxyz4Jfb8qq9qrWYoYErhjuT9cTchUmodV5qxU=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=FuLhzAVaCMCqBBiB12LL7m7aPBbg+TkI3iGbu4OvG7bWJYD9scXhgJ88XHwy9wQgR9Rj4LdKcIUKdRqdl88V3W1YBQxxV7lae0vNo191/2eeiKhyU4dXjCCeboETzGbdxc1NI5VVDj+qZGOBIOiTa1ZbIsqGyUWq8ynpVY1/BaY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=soleen.com; spf=pass smtp.mailfrom=soleen.com; dkim=pass (2048-bit key) header.d=soleen.com header.i=@soleen.com header.b=Ihu2PpJN; arc=none smtp.client-ip=209.85.128.169 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=soleen.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=soleen.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=soleen.com header.i=@soleen.com header.b="Ihu2PpJN" Received: by mail-yw1-f169.google.com with SMTP id 00721157ae682-786943affbaso26158427b3.0 for ; Sat, 15 Nov 2025 15:34:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=soleen.com; s=google; t=1763249698; x=1763854498; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=wRnyVkZ6EghERA6gxAJfjyXqxf3e5UVSw+T69XyH00s=; b=Ihu2PpJNVOJcGclzK4m08Yutwn1Fmtgnah1zcPTu+gJ6Jtb4w1xJ0X6dq/1KbypRlL z1PxV5Fzq5MvFf/vA5eqwLYHTTkEJ/IsU0C1Bi7smYuPJNyyPRVAdboPclMsuJ4+++pb 8/O/ATBXBuomQYkbbjCxlSkW54FlQY3QrVFjTvmgen9BLEqGMZfH6uabianpLFwoz9zf crYFvbXdeArVhut06aF5zsZsK+G2X7ZnfRM9wy5hSsvg1RLNTd0rkOCgBj0Pi44NIiBk FwR54W7GtPzk9ORKX74d2zGyCbNhOIPUjRNuL3MYTVckrBUiBcn5MbNIyUTG5sD5TJXM +cAQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763249698; x=1763854498; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=wRnyVkZ6EghERA6gxAJfjyXqxf3e5UVSw+T69XyH00s=; b=eVj3zaMAmMnBOmr+aSDf41PMvGQWiTzsxjhLS1OOVOkm1JXjghGmNoqPgpA87FopVK GyG5l8GUgzGH2ouED3Tykx0qZNOiUJJCVO3RY1LToFqYOJYMi+hr5waTgJIqZ4VvrpZ3 3Scl3uVGG7xRC5FVy2jAoACWFwh4UbCKaVq+oXVnQAzacxgSNNK43jklb3EySu91pM2l 5JY7ScAqyFVFFxSEH9IqSiLdoGwgiZjCqcV4XNoN6N7tk4laJ7UwufNEXzPQ12rVLEhb 33tgrOVWvF6soOXgjpL5nR7uzE3d6xpR3kqZiD26NlTUXI2zzmwkxYwZ8wQtQd2tkWfe aIOw== X-Forwarded-Encrypted: i=1; AJvYcCX6VIMvY7M2MsH3tQfTiCPFSEnj30TvhQZ4PKkpzjFdtg0MDPnNjQSqH2LqPy2Idwo8ndJjXfU/zUADqbM=@vger.kernel.org X-Gm-Message-State: AOJu0Yz314CHDYv62wzI68giA8G0uRrl3W6hAOuhzd3jKHJV+OqHbTgm 9CyfIMKEzGtJYGaxz8LVajGj74i2BrZKliT/IVO6VcNoiTuoeATQRtj9iTLeAzamzP4= X-Gm-Gg: ASbGncvzg5FxbRjS3EVa6eUw83qsmY4Cj2894tpg9R1ycYwDHnTEn9FACp1CgkcRV0W V6NNOvJKZxiHfviU6bXXIFZ4ip9Jp0LbFdm/Ms+WxMkXR0rP5mLU4yX9eSJL4rx1LiJyRWmNT8Z NcMA5DFqYYQeTwZZcqZR9ZOUDmZCtT5FyELRfYtbzckaNeORG3A1upy9+qKmvWCuS42udJIjCPB 8jXp3Uzb8mqiF1vQIVbS6Xcsaw7NqpUQBylzg9uW1PSdQpiwjyAot/PHvrSGv2xc1XzDBvMfGgf 99iBxjUl1lT1GFT7svm5QvNkDcP6Y2ZLTH2qh5J7FwaQC1Ru6Vsq2QZ9jy0HpWjpGX9g5qKqPqH VN/e95Pm5G+NwlZ912wi9JmwFamnAsXCqzFjY4zslJEkxHTuc7Sm0z4IEtoIsKU1bhRtIexnV/G msXzFYXSMkIlOmAjNruN2A13+YNXWipvgKGaE2OYCkEo8A4hdGnUipzM9eUXohfCClAvao X-Google-Smtp-Source: AGHT+IHDs//g3Uj2SRlulGEN91ZpKSgLlg7OOvRRAkAuVjbPb4i6BumxwZieKZ9EfukQ2VNFeuNWMw== X-Received: by 2002:a05:690c:25c4:b0:784:8cb4:d935 with SMTP id 00721157ae682-78929f17bfamr70697767b3.65.1763249697694; Sat, 15 Nov 2025 15:34:57 -0800 (PST) Received: from soleen.c.googlers.com.com (182.221.85.34.bc.googleusercontent.com. [34.85.221.182]) by smtp.gmail.com with ESMTPSA id 00721157ae682-7882218774esm28462007b3.57.2025.11.15.15.34.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 15 Nov 2025 15:34:57 -0800 (PST) From: Pasha Tatashin To: pratyush@kernel.org, jasonmiu@google.com, graf@amazon.com, pasha.tatashin@soleen.com, rppt@kernel.org, dmatlack@google.com, rientjes@google.com, corbet@lwn.net, rdunlap@infradead.org, ilpo.jarvinen@linux.intel.com, kanie@linux.alibaba.com, ojeda@kernel.org, aliceryhl@google.com, masahiroy@kernel.org, akpm@linux-foundation.org, tj@kernel.org, yoann.congal@smile.fr, mmaurer@google.com, roman.gushchin@linux.dev, chenridong@huawei.com, axboe@kernel.dk, mark.rutland@arm.com, jannh@google.com, vincent.guittot@linaro.org, hannes@cmpxchg.org, dan.j.williams@intel.com, david@redhat.com, joel.granados@kernel.org, rostedt@goodmis.org, anna.schumaker@oracle.com, song@kernel.org, linux@weissschuh.net, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, gregkh@linuxfoundation.org, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, rafael@kernel.org, dakr@kernel.org, bartosz.golaszewski@linaro.org, cw00.choi@samsung.com, myungjoo.ham@samsung.com, yesanishhere@gmail.com, Jonathan.Cameron@huawei.com, quic_zijuhu@quicinc.com, aleksander.lobakin@intel.com, ira.weiny@intel.com, andriy.shevchenko@linux.intel.com, leon@kernel.org, lukas@wunner.de, bhelgaas@google.com, wagi@kernel.org, djeffery@redhat.com, stuart.w.hayes@gmail.com, ptyadav@amazon.de, lennart@poettering.net, brauner@kernel.org, linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org, saeedm@nvidia.com, ajayachandra@nvidia.com, jgg@nvidia.com, parav@nvidia.com, leonro@nvidia.com, witu@nvidia.com, hughd@google.com, skhawaja@google.com, chrisl@kernel.org Subject: [PATCH v6 18/20] selftests/liveupdate: Add kexec-based selftest for session lifecycle Date: Sat, 15 Nov 2025 18:34:04 -0500 Message-ID: <20251115233409.768044-19-pasha.tatashin@soleen.com> X-Mailer: git-send-email 2.52.0.rc1.455.g30608eb744-goog In-Reply-To: <20251115233409.768044-1-pasha.tatashin@soleen.com> References: <20251115233409.768044-1-pasha.tatashin@soleen.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Introduce a kexec-based selftest, luo_kexec_simple, to validate the end-to-end lifecycle of a Live Update Orchestrator (LUO) session across a reboot. While existing tests verify the uAPI in a pre-reboot context, this test ensures that the core functionality=E2=80=94preserving state via Kexec Hand= over and restoring it in a new kernel=E2=80=94works as expected. The test operates in two stages, managing its state across the reboot by preserving a dedicated "state session" containing a memfd. This mechanism dogfoods the LUO feature itself for state tracking, making the test self-contained. The test validates the following sequence: Stage 1 (Pre-kexec): - Creates a test session (test-session). - Creates and preserves a memfd with a known data pattern into the test session. - Creates the state-tracking session to signal progression to Stage 2. - Executes a kexec reboot via a helper script. Stage 2 (Post-kexec): - Retrieves the state-tracking session to confirm it is in the post-reboot stage. - Retrieves the preserved test session. - Restores the memfd from the test session and verifies its contents match the original data pattern written in Stage 1. - Finalizes both the test and state sessions to ensure a clean teardown. The test relies on a helper script (do_kexec.sh) to perform the reboot and a shared utility library (luo_test_utils.c) for common LUO operations, keeping the main test logic clean and focused. Signed-off-by: Pasha Tatashin Reviewed-by: Zhu Yanjun --- tools/testing/selftests/liveupdate/.gitignore | 1 + tools/testing/selftests/liveupdate/Makefile | 32 ++++ .../testing/selftests/liveupdate/do_kexec.sh | 16 ++ .../selftests/liveupdate/luo_kexec_simple.c | 114 ++++++++++++ .../selftests/liveupdate/luo_test_utils.c | 168 ++++++++++++++++++ .../selftests/liveupdate/luo_test_utils.h | 39 ++++ 6 files changed, 370 insertions(+) create mode 100755 tools/testing/selftests/liveupdate/do_kexec.sh create mode 100644 tools/testing/selftests/liveupdate/luo_kexec_simple.c create mode 100644 tools/testing/selftests/liveupdate/luo_test_utils.c create mode 100644 tools/testing/selftests/liveupdate/luo_test_utils.h diff --git a/tools/testing/selftests/liveupdate/.gitignore b/tools/testing/= selftests/liveupdate/.gitignore index af6e773cf98f..daeef116174d 100644 --- a/tools/testing/selftests/liveupdate/.gitignore +++ b/tools/testing/selftests/liveupdate/.gitignore @@ -1 +1,2 @@ /liveupdate +/luo_kexec_simple diff --git a/tools/testing/selftests/liveupdate/Makefile b/tools/testing/se= lftests/liveupdate/Makefile index 2a573c36016e..1563ac84006a 100644 --- a/tools/testing/selftests/liveupdate/Makefile +++ b/tools/testing/selftests/liveupdate/Makefile @@ -1,7 +1,39 @@ # SPDX-License-Identifier: GPL-2.0-only + +KHDR_INCLUDES ?=3D -I../../../../usr/include CFLAGS +=3D -Wall -O2 -Wno-unused-function CFLAGS +=3D $(KHDR_INCLUDES) +LDFLAGS +=3D -static +OUTPUT ?=3D . + +# --- Test Configuration (Edit this section when adding new tests) --- +LUO_SHARED_SRCS :=3D luo_test_utils.c +LUO_SHARED_HDRS +=3D luo_test_utils.h + +LUO_MANUAL_TESTS +=3D luo_kexec_simple + +TEST_FILES +=3D do_kexec.sh =20 TEST_GEN_PROGS +=3D liveupdate =20 +# --- Automatic Rule Generation (Do not edit below) --- + +TEST_GEN_PROGS_EXTENDED +=3D $(LUO_MANUAL_TESTS) + +# Define the full list of sources for each manual test. +$(foreach test,$(LUO_MANUAL_TESTS), \ + $(eval $(test)_SOURCES :=3D $(test).c $(LUO_SHARED_SRCS))) + +# This loop automatically generates an explicit build rule for each manual= test. +# It includes dependencies on the shared headers and makes the output +# executable. +# Note the use of '$$' to escape automatic variables for the 'eval' comman= d. +$(foreach test,$(LUO_MANUAL_TESTS), \ + $(eval $(OUTPUT)/$(test): $($(test)_SOURCES) $(LUO_SHARED_HDRS) \ + $(call msg,LINK,,$$@) ; \ + $(Q)$(LINK.c) $$^ $(LDLIBS) -o $$@ ; \ + $(Q)chmod +x $$@ \ + ) \ +) + include ../lib.mk diff --git a/tools/testing/selftests/liveupdate/do_kexec.sh b/tools/testing= /selftests/liveupdate/do_kexec.sh new file mode 100755 index 000000000000..3c7c6cafbef8 --- /dev/null +++ b/tools/testing/selftests/liveupdate/do_kexec.sh @@ -0,0 +1,16 @@ +#!/bin/sh +# SPDX-License-Identifier: GPL-2.0 +set -e + +# Use $KERNEL and $INITRAMFS to pass custom Kernel and optional initramfs + +KERNEL=3D"${KERNEL:-/boot/bzImage}" +set -- -l -s --reuse-cmdline "$KERNEL" + +INITRAMFS=3D"${INITRAMFS:-/boot/initramfs}" +if [ -f "$INITRAMFS" ]; then + set -- "$@" --initrd=3D"$INITRAMFS" +fi + +kexec "$@" +kexec -e diff --git a/tools/testing/selftests/liveupdate/luo_kexec_simple.c b/tools/= testing/selftests/liveupdate/luo_kexec_simple.c new file mode 100644 index 000000000000..67ab6ebf9eec --- /dev/null +++ b/tools/testing/selftests/liveupdate/luo_kexec_simple.c @@ -0,0 +1,114 @@ +// SPDX-License-Identifier: GPL-2.0-only + +/* + * Copyright (c) 2025, Google LLC. + * Pasha Tatashin + * + * A simple selftest to validate the end-to-end lifecycle of a LUO session + * across a single kexec reboot. + */ + +#include "luo_test_utils.h" + +/* Test-specific constants are now defined locally */ +#define KEXEC_SCRIPT "./do_kexec.sh" +#define TEST_SESSION_NAME "test-session" +#define TEST_MEMFD_TOKEN 0x1A +#define TEST_MEMFD_DATA "hello kexec world" + +/* Constants for the state-tracking mechanism, specific to this test file.= */ +#define STATE_SESSION_NAME "kexec_simple_state" +#define STATE_MEMFD_TOKEN 999 + +/* Stage 1: Executed before the kexec reboot. */ +static void run_stage_1(int luo_fd) +{ + int session_fd; + + ksft_print_msg("[STAGE 1] Starting pre-kexec setup...\n"); + + ksft_print_msg("[STAGE 1] Creating state file for next stage (2)...\n"); + create_state_file(luo_fd, STATE_SESSION_NAME, STATE_MEMFD_TOKEN, 2); + + ksft_print_msg("[STAGE 1] Creating session '%s' and preserving memfd...\n= ", + TEST_SESSION_NAME); + session_fd =3D luo_create_session(luo_fd, TEST_SESSION_NAME); + if (session_fd < 0) + fail_exit("luo_create_session for '%s'", TEST_SESSION_NAME); + + if (create_and_preserve_memfd(session_fd, TEST_MEMFD_TOKEN, + TEST_MEMFD_DATA) < 0) { + fail_exit("create_and_preserve_memfd for token %#x", + TEST_MEMFD_TOKEN); + } + + ksft_print_msg("[STAGE 1] Executing kexec...\n"); + if (system(KEXEC_SCRIPT) !=3D 0) + fail_exit("kexec script failed"); + exit(EXIT_FAILURE); +} + +/* Stage 2: Executed after the kexec reboot. */ +static void run_stage_2(int luo_fd, int state_session_fd) +{ + int session_fd, mfd, stage; + + ksft_print_msg("[STAGE 2] Starting post-kexec verification...\n"); + + restore_and_read_stage(state_session_fd, STATE_MEMFD_TOKEN, &stage); + if (stage !=3D 2) + fail_exit("Expected stage 2, but state file contains %d", stage); + + ksft_print_msg("[STAGE 2] Retrieving session '%s'...\n", TEST_SESSION_NAM= E); + session_fd =3D luo_retrieve_session(luo_fd, TEST_SESSION_NAME); + if (session_fd < 0) + fail_exit("luo_retrieve_session for '%s'", TEST_SESSION_NAME); + + ksft_print_msg("[STAGE 2] Restoring and verifying memfd (token %#x)...\n", + TEST_MEMFD_TOKEN); + mfd =3D restore_and_verify_memfd(session_fd, TEST_MEMFD_TOKEN, + TEST_MEMFD_DATA); + if (mfd < 0) + fail_exit("restore_and_verify_memfd for token %#x", TEST_MEMFD_TOKEN); + close(mfd); + + ksft_print_msg("[STAGE 2] Test data verified successfully.\n"); + ksft_print_msg("[STAGE 2] Finalizing test session...\n"); + if (luo_session_finish(session_fd) < 0) + fail_exit("luo_session_finish for test session"); + close(session_fd); + + ksft_print_msg("[STAGE 2] Finalizing state session...\n"); + if (luo_session_finish(state_session_fd) < 0) + fail_exit("luo_session_finish for state session"); + close(state_session_fd); + + ksft_print_msg("\n--- SIMPLE KEXEC TEST PASSED ---\n"); +} + +int main(int argc, char *argv[]) +{ + int luo_fd; + int state_session_fd; + + luo_fd =3D luo_open_device(); + if (luo_fd < 0) + ksft_exit_skip("Failed to open %s. Is the luo module loaded?\n", + LUO_DEVICE); + + /* + * Determine the stage by attempting to retrieve the state session. + * If it doesn't exist (ENOENT), we are in Stage 1 (pre-kexec). + */ + state_session_fd =3D luo_retrieve_session(luo_fd, STATE_SESSION_NAME); + if (state_session_fd =3D=3D -ENOENT) { + run_stage_1(luo_fd); + } else if (state_session_fd >=3D 0) { + /* We got a valid handle, pass it directly to stage 2 */ + run_stage_2(luo_fd, state_session_fd); + } else { + fail_exit("Failed to check for state session"); + } + + close(luo_fd); +} diff --git a/tools/testing/selftests/liveupdate/luo_test_utils.c b/tools/te= sting/selftests/liveupdate/luo_test_utils.c new file mode 100644 index 000000000000..0a24105cbc54 --- /dev/null +++ b/tools/testing/selftests/liveupdate/luo_test_utils.c @@ -0,0 +1,168 @@ +// SPDX-License-Identifier: GPL-2.0-only + +/* + * Copyright (c) 2025, Google LLC. + * Pasha Tatashin + */ + +#define _GNU_SOURCE + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "luo_test_utils.h" + +int luo_open_device(void) +{ + return open(LUO_DEVICE, O_RDWR); +} + +int luo_create_session(int luo_fd, const char *name) +{ + struct liveupdate_ioctl_create_session arg =3D { .size =3D sizeof(arg) }; + + snprintf((char *)arg.name, LIVEUPDATE_SESSION_NAME_LENGTH, "%.*s", + LIVEUPDATE_SESSION_NAME_LENGTH - 1, name); + + if (ioctl(luo_fd, LIVEUPDATE_IOCTL_CREATE_SESSION, &arg) < 0) + return -errno; + + return arg.fd; +} + +int luo_retrieve_session(int luo_fd, const char *name) +{ + struct liveupdate_ioctl_retrieve_session arg =3D { .size =3D sizeof(arg) = }; + + snprintf((char *)arg.name, LIVEUPDATE_SESSION_NAME_LENGTH, "%.*s", + LIVEUPDATE_SESSION_NAME_LENGTH - 1, name); + + if (ioctl(luo_fd, LIVEUPDATE_IOCTL_RETRIEVE_SESSION, &arg) < 0) + return -errno; + + return arg.fd; +} + +int create_and_preserve_memfd(int session_fd, int token, const char *data) +{ + struct liveupdate_session_preserve_fd arg =3D { .size =3D sizeof(arg) }; + long page_size =3D sysconf(_SC_PAGE_SIZE); + void *map =3D MAP_FAILED; + int mfd =3D -1, ret =3D -1; + + mfd =3D memfd_create("test_mfd", 0); + if (mfd < 0) + return -errno; + + if (ftruncate(mfd, page_size) !=3D 0) + goto out; + + map =3D mmap(NULL, page_size, PROT_WRITE, MAP_SHARED, mfd, 0); + if (map =3D=3D MAP_FAILED) + goto out; + + snprintf(map, page_size, "%s", data); + munmap(map, page_size); + + arg.fd =3D mfd; + arg.token =3D token; + if (ioctl(session_fd, LIVEUPDATE_SESSION_PRESERVE_FD, &arg) < 0) + goto out; + + ret =3D 0; +out: + if (ret !=3D 0 && errno !=3D 0) + ret =3D -errno; + if (mfd >=3D 0) + close(mfd); + return ret; +} + +int restore_and_verify_memfd(int session_fd, int token, + const char *expected_data) +{ + struct liveupdate_session_retrieve_fd arg =3D { .size =3D sizeof(arg) }; + long page_size =3D sysconf(_SC_PAGE_SIZE); + void *map =3D MAP_FAILED; + int mfd =3D -1, ret =3D -1; + + arg.token =3D token; + if (ioctl(session_fd, LIVEUPDATE_SESSION_RETRIEVE_FD, &arg) < 0) + return -errno; + mfd =3D arg.fd; + + map =3D mmap(NULL, page_size, PROT_READ, MAP_SHARED, mfd, 0); + if (map =3D=3D MAP_FAILED) + goto out; + + if (expected_data && strcmp(expected_data, map) !=3D 0) { + ksft_print_msg("Data mismatch! Expected '%s', Got '%s'\n", + expected_data, (char *)map); + ret =3D -EINVAL; + goto out_munmap; + } + + ret =3D mfd; +out_munmap: + munmap(map, page_size); +out: + if (ret < 0 && errno !=3D 0) + ret =3D -errno; + if (ret < 0 && mfd >=3D 0) + close(mfd); + return ret; +} + +int luo_session_finish(int session_fd) +{ + struct liveupdate_session_finish arg =3D { .size =3D sizeof(arg) }; + + if (ioctl(session_fd, LIVEUPDATE_SESSION_FINISH, &arg) < 0) + return -errno; + + return 0; +} + +void create_state_file(int luo_fd, const char *session_name, int token, + int next_stage) +{ + char buf[32]; + int state_session_fd; + + state_session_fd =3D luo_create_session(luo_fd, session_name); + if (state_session_fd < 0) + fail_exit("luo_create_session for state tracking"); + + snprintf(buf, sizeof(buf), "%d", next_stage); + if (create_and_preserve_memfd(state_session_fd, token, buf) < 0) + fail_exit("create_and_preserve_memfd for state tracking"); + + /* + * DO NOT close session FD, otherwise it is going to be unpreserved + */ +} + +void restore_and_read_stage(int state_session_fd, int token, int *stage) +{ + char buf[32] =3D {0}; + int mfd; + + mfd =3D restore_and_verify_memfd(state_session_fd, token, NULL); + if (mfd < 0) + fail_exit("failed to restore state memfd"); + + if (read(mfd, buf, sizeof(buf) - 1) < 0) + fail_exit("failed to read state mfd"); + + *stage =3D atoi(buf); + + close(mfd); +} diff --git a/tools/testing/selftests/liveupdate/luo_test_utils.h b/tools/te= sting/selftests/liveupdate/luo_test_utils.h new file mode 100644 index 000000000000..093e787b9f4b --- /dev/null +++ b/tools/testing/selftests/liveupdate/luo_test_utils.h @@ -0,0 +1,39 @@ +/* SPDX-License-Identifier: GPL-2.0 */ + +/* + * Copyright (c) 2025, Google LLC. + * Pasha Tatashin + * + * Utility functions for LUO kselftests. + */ + +#ifndef LUO_TEST_UTILS_H +#define LUO_TEST_UTILS_H + +#include +#include +#include +#include "../kselftest.h" + +#define LUO_DEVICE "/dev/liveupdate" + +#define fail_exit(fmt, ...) \ + ksft_exit_fail_msg("[%s:%d] " fmt " (errno: %s)\n", \ + __func__, __LINE__, ##__VA_ARGS__, strerror(errno)) + +/* Generic LUO and session management helpers */ +int luo_open_device(void); +int luo_create_session(int luo_fd, const char *name); +int luo_retrieve_session(int luo_fd, const char *name); +int luo_session_finish(int session_fd); + +/* Generic file preservation and restoration helpers */ +int create_and_preserve_memfd(int session_fd, int token, const char *data); +int restore_and_verify_memfd(int session_fd, int token, const char *expect= ed_data); + +/* Kexec state-tracking helpers */ +void create_state_file(int luo_fd, const char *session_name, int token, + int next_stage); +void restore_and_read_stage(int state_session_fd, int token, int *stage); + +#endif /* LUO_TEST_UTILS_H */ --=20 2.52.0.rc1.455.g30608eb744-goog From nobody Mon Feb 9 04:30:58 2026 Received: from mail-yw1-f182.google.com (mail-yw1-f182.google.com [209.85.128.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9068830F522 for ; Sat, 15 Nov 2025 23:35:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763249703; cv=none; b=t+/ynNAFsWSUXXQGCNqFA/xXEbX8VHLfnJ1OwAxpG9TglTtTpYoY0s7V73PEcC0eVZYfUv9SXqLR5rWpQbU68EK9tmw043h16OCvzeY4tQGkcM/xQsUEkv6Q+cLIzjxHzw7H4JejaHcMal3M7G8ZbcOD9U0mxct3oyRRsc8GNyE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763249703; c=relaxed/simple; bh=W5Bue9P1xOJ2ZQwNFbvCgwAE7R1/MIZA5g+4J7Z2xV8=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=aZg/W6KAw8TaXmyt8BmjzFFd5m9+HVkT2vjlqNb2W958HfEi8LCivC3j4zVMfRhuswh1s1vG2zsW/i2aGQkzv2pqlBOP++bPNph+kt1YwPchJ8ckR5iLoRRLIX8CFtFytwYM4QSCaiDFExf+1AqhND+bKk1t3S2+QR1pdccG7sE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=soleen.com; spf=pass smtp.mailfrom=soleen.com; dkim=pass (2048-bit key) header.d=soleen.com header.i=@soleen.com header.b=NT0ttY0F; arc=none smtp.client-ip=209.85.128.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=soleen.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=soleen.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=soleen.com header.i=@soleen.com header.b="NT0ttY0F" Received: by mail-yw1-f182.google.com with SMTP id 00721157ae682-78665368a5cso30706937b3.3 for ; Sat, 15 Nov 2025 15:35:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=soleen.com; s=google; t=1763249699; x=1763854499; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=CSlG1Y2+SXL2yTQcBXyPgNZX+KSmTJRUknMQAnDq5UM=; b=NT0ttY0FkRBjMCD28mLrSG8cLUVmK9W6idgDOSQT9/xbHc12R0keUam26+4bRjtobB 060UgD1ETx+YJ/gWNOWfoOx1+DEbI3PdCYGeHhnh3/ZVXW2R77+FDhsSCcOPQq+k+YXW SiV7SxQ8KAbnF0FfHnxF59dBR1vhRhOhsLRFYOZkcCbVrsZBxNmIzOvPZsFGO4Is6ZXy Bcr3VhOjmAEqEdKGAh59FGlCrhyvm1GZzvYjJSDYbXABQFCos5+7wFfYqWQ98yqZtk/Y irFA6JVCU4EPRTByczKzmJ1m/NlOw2XM/P46sEwqvilnifDDi6ii/IUUJlByRnANJpZq vdcA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763249699; x=1763854499; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=CSlG1Y2+SXL2yTQcBXyPgNZX+KSmTJRUknMQAnDq5UM=; b=Hl4dUUXRkSyEwk3mmrat8GNwTkeoCan8rsY/eX2v/VKVKGCmVfWG9NYakiReQRDNi0 omvlBQ5jQBOTxyfwWCFQuCNUP5uH/lsIxSZqp2B8sPMFteTxXl8kG2uhW/KGoTtSfZGO 9BqpKA931h+fdKTP5A3Er9bYNbUIAHfKLQ4l+zhQjmoq2TEFHZggqQkomv1tLr1RrWnr nnzgNc72iuUeCSCk4rtm+2MSJ4ytH4Z4FoEBZejOnALo70Fo+PGaXg/liov8aG5ZVCad Kq8WKLj6L06uv7VoDa2iHTtPZDWlU+qFvh3JJo0zI5YlcW1DFu4whjpxgvr0//TSlhzn lY7Q== X-Forwarded-Encrypted: i=1; AJvYcCUFu5IYW2eGAR2cX8SluoDjvi7fGxXBrVLShbNXJSniioE8xum0hpiFvmVMUTNDqPg9lQfIVG3bEfLOCoM=@vger.kernel.org X-Gm-Message-State: AOJu0YyYd/kWjFWhAaSIKlUoPgK/Vq9nnP8BhguIjSPNKMgqW9uC8RmZ k8LT0ups/FOQH2jfm63/eDVADQIxZn7ZRlmBDhu1VMfRAXKXpef8xgrkvnhToIrVXQA= X-Gm-Gg: ASbGnctOIuvgknFjZcGr4cJrO7GWgO03ue7C+p4a4gLYRBgMOY5KoACD6rKWF5UFNQV kjeINxDDtaayPVaVlZd7aFDtfb4UXaMObaNbHRT0OlsYgI4mu3fRSbgMW7Wfy4vX/zxMxO8SfXo R4jFXSMYdxesmk2nO330v+3VeOazsOtNTlbrnHsMcq/IPBfsNJp6IYRgpzFwdZ6mYZA0V3yn3yp nPGuidbj3ofnmdRlc1U0LbfbRtYMxzdCQhMu3iyeQPblZIV+Gd031JC0jvx/xVwtrS+lOAxOql6 2mw+T4kEghwXjHbf7YkOppdKnAzm3+YPiK2qg1Y+Y3tXKVvTe5XfH6oUxKEqBM/Mgbn5vEeDWeN quNw9aYDsUNQOA3pneE2U/5io+1DRYGnkatxZ0wlY8k0TS3ioVDy38JOWO5S13kxtbKceGI68VH qgyPOlxzptp5yzuyn81hf7yjq+xdW7MXQpr6bXDoLK7vAenO+Ory1ks0f1bU/OWxHH4i1M X-Google-Smtp-Source: AGHT+IEO3oC5wpp8HE7J5E7WMHVnu7uEdSDWxH1HLV0XnEzmxGRKeC/y8GCb0/gJtHYw7ZpQFatLjQ== X-Received: by 2002:a05:690c:6c85:b0:786:522f:f5b2 with SMTP id 00721157ae682-78929f4237amr78850027b3.63.1763249699523; Sat, 15 Nov 2025 15:34:59 -0800 (PST) Received: from soleen.c.googlers.com.com (182.221.85.34.bc.googleusercontent.com. [34.85.221.182]) by smtp.gmail.com with ESMTPSA id 00721157ae682-7882218774esm28462007b3.57.2025.11.15.15.34.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 15 Nov 2025 15:34:59 -0800 (PST) From: Pasha Tatashin To: pratyush@kernel.org, jasonmiu@google.com, graf@amazon.com, pasha.tatashin@soleen.com, rppt@kernel.org, dmatlack@google.com, rientjes@google.com, corbet@lwn.net, rdunlap@infradead.org, ilpo.jarvinen@linux.intel.com, kanie@linux.alibaba.com, ojeda@kernel.org, aliceryhl@google.com, masahiroy@kernel.org, akpm@linux-foundation.org, tj@kernel.org, yoann.congal@smile.fr, mmaurer@google.com, roman.gushchin@linux.dev, chenridong@huawei.com, axboe@kernel.dk, mark.rutland@arm.com, jannh@google.com, vincent.guittot@linaro.org, hannes@cmpxchg.org, dan.j.williams@intel.com, david@redhat.com, joel.granados@kernel.org, rostedt@goodmis.org, anna.schumaker@oracle.com, song@kernel.org, linux@weissschuh.net, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, gregkh@linuxfoundation.org, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, rafael@kernel.org, dakr@kernel.org, bartosz.golaszewski@linaro.org, cw00.choi@samsung.com, myungjoo.ham@samsung.com, yesanishhere@gmail.com, Jonathan.Cameron@huawei.com, quic_zijuhu@quicinc.com, aleksander.lobakin@intel.com, ira.weiny@intel.com, andriy.shevchenko@linux.intel.com, leon@kernel.org, lukas@wunner.de, bhelgaas@google.com, wagi@kernel.org, djeffery@redhat.com, stuart.w.hayes@gmail.com, ptyadav@amazon.de, lennart@poettering.net, brauner@kernel.org, linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org, saeedm@nvidia.com, ajayachandra@nvidia.com, jgg@nvidia.com, parav@nvidia.com, leonro@nvidia.com, witu@nvidia.com, hughd@google.com, skhawaja@google.com, chrisl@kernel.org Subject: [PATCH v6 19/20] selftests/liveupdate: Add kexec test for multiple and empty sessions Date: Sat, 15 Nov 2025 18:34:05 -0500 Message-ID: <20251115233409.768044-20-pasha.tatashin@soleen.com> X-Mailer: git-send-email 2.52.0.rc1.455.g30608eb744-goog In-Reply-To: <20251115233409.768044-1-pasha.tatashin@soleen.com> References: <20251115233409.768044-1-pasha.tatashin@soleen.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Introduce a new kexec-based selftest, luo_kexec_multi_session, to validate the end-to-end lifecycle of a more complex LUO scenario. While the existing luo_kexec_simple test covers the basic end-to-end lifecycle, it is limited to a single session with one preserved file. This new test significantly expands coverage by verifying LUO's ability to handle a mixed workload involving multiple sessions, some of which are intentionally empty. This ensures that the LUO core correctly preserves and restores the state of all session types across a reboot. The test validates the following sequence: Stage 1 (Pre-kexec): - Creates two empty test sessions (multi-test-empty-1, multi-test-empty-2). - Creates a session with one preserved memfd (multi-test-files-1). - Creates another session with two preserved memfds (multi-test-files-2), each containing unique data. - Creates a state-tracking session to manage the transition to Stage 2. - Executes a kexec reboot via the helper script. Stage 2 (Post-kexec): - Retrieves the state-tracking session to confirm it is in the post-reboot stage. - Retrieves all four test sessions (both the empty and non-empty ones). - For the non-empty sessions, restores the preserved memfds and verifies their contents match the original data patterns. - Finalizes all test sessions and the state session to ensure a clean teardown and that all associated kernel resources are correctly released. This test provides greater confidence in the robustness of the LUO framework by validating its behavior in a more realistic, multi-faceted scenario. Signed-off-by: Pasha Tatashin --- tools/testing/selftests/liveupdate/.gitignore | 1 + tools/testing/selftests/liveupdate/Makefile | 1 + .../selftests/liveupdate/luo_multi_session.c | 190 ++++++++++++++++++ 3 files changed, 192 insertions(+) create mode 100644 tools/testing/selftests/liveupdate/luo_multi_session.c diff --git a/tools/testing/selftests/liveupdate/.gitignore b/tools/testing/= selftests/liveupdate/.gitignore index daeef116174d..42a15a8d5d9e 100644 --- a/tools/testing/selftests/liveupdate/.gitignore +++ b/tools/testing/selftests/liveupdate/.gitignore @@ -1,2 +1,3 @@ /liveupdate /luo_kexec_simple +/luo_multi_session diff --git a/tools/testing/selftests/liveupdate/Makefile b/tools/testing/se= lftests/liveupdate/Makefile index 1563ac84006a..6ee6efeec62d 100644 --- a/tools/testing/selftests/liveupdate/Makefile +++ b/tools/testing/selftests/liveupdate/Makefile @@ -11,6 +11,7 @@ LUO_SHARED_SRCS :=3D luo_test_utils.c LUO_SHARED_HDRS +=3D luo_test_utils.h =20 LUO_MANUAL_TESTS +=3D luo_kexec_simple +LUO_MANUAL_TESTS +=3D luo_multi_session =20 TEST_FILES +=3D do_kexec.sh =20 diff --git a/tools/testing/selftests/liveupdate/luo_multi_session.c b/tools= /testing/selftests/liveupdate/luo_multi_session.c new file mode 100644 index 000000000000..c9955f1b6e97 --- /dev/null +++ b/tools/testing/selftests/liveupdate/luo_multi_session.c @@ -0,0 +1,190 @@ +// SPDX-License-Identifier: GPL-2.0-only + +/* + * Copyright (c) 2025, Google LLC. + * Pasha Tatashin + * + * A selftest to validate the end-to-end lifecycle of multiple LUO sessions + * across a kexec reboot, including empty sessions and sessions with multi= ple + * files. + */ + +#include "luo_test_utils.h" + +#define KEXEC_SCRIPT "./do_kexec.sh" + +#define SESSION_EMPTY_1 "multi-test-empty-1" +#define SESSION_EMPTY_2 "multi-test-empty-2" +#define SESSION_FILES_1 "multi-test-files-1" +#define SESSION_FILES_2 "multi-test-files-2" + +#define MFD1_TOKEN 0x1001 +#define MFD2_TOKEN 0x2002 +#define MFD3_TOKEN 0x3003 + +#define MFD1_DATA "Data for session files 1" +#define MFD2_DATA "First file for session files 2" +#define MFD3_DATA "Second file for session files 2" + +#define STATE_SESSION_NAME "kexec_multi_state" +#define STATE_MEMFD_TOKEN 998 + +/* Stage 1: Executed before the kexec reboot. */ +static void run_stage_1(int luo_fd) +{ + int s_empty1_fd, s_empty2_fd, s_files1_fd, s_files2_fd; + + ksft_print_msg("[STAGE 1] Starting pre-kexec setup for multi-session test= ...\n"); + + ksft_print_msg("[STAGE 1] Creating state file for next stage (2)...\n"); + create_state_file(luo_fd, STATE_SESSION_NAME, STATE_MEMFD_TOKEN, 2); + + ksft_print_msg("[STAGE 1] Creating empty sessions '%s' and '%s'...\n", + SESSION_EMPTY_1, SESSION_EMPTY_2); + s_empty1_fd =3D luo_create_session(luo_fd, SESSION_EMPTY_1); + if (s_empty1_fd < 0) + fail_exit("luo_create_session for '%s'", SESSION_EMPTY_1); + + s_empty2_fd =3D luo_create_session(luo_fd, SESSION_EMPTY_2); + if (s_empty2_fd < 0) + fail_exit("luo_create_session for '%s'", SESSION_EMPTY_2); + + ksft_print_msg("[STAGE 1] Creating session '%s' with one memfd...\n", + SESSION_FILES_1); + + s_files1_fd =3D luo_create_session(luo_fd, SESSION_FILES_1); + if (s_files1_fd < 0) + fail_exit("luo_create_session for '%s'", SESSION_FILES_1); + if (create_and_preserve_memfd(s_files1_fd, MFD1_TOKEN, MFD1_DATA) < 0) { + fail_exit("create_and_preserve_memfd for token %#x", + MFD1_TOKEN); + } + + ksft_print_msg("[STAGE 1] Creating session '%s' with two memfds...\n", + SESSION_FILES_2); + + s_files2_fd =3D luo_create_session(luo_fd, SESSION_FILES_2); + if (s_files2_fd < 0) + fail_exit("luo_create_session for '%s'", SESSION_FILES_2); + if (create_and_preserve_memfd(s_files2_fd, MFD2_TOKEN, MFD2_DATA) < 0) { + fail_exit("create_and_preserve_memfd for token %#x", + MFD2_TOKEN); + } + if (create_and_preserve_memfd(s_files2_fd, MFD3_TOKEN, MFD3_DATA) < 0) { + fail_exit("create_and_preserve_memfd for token %#x", + MFD3_TOKEN); + } + + ksft_print_msg("[STAGE 1] Executing kexec...\n"); + + if (system(KEXEC_SCRIPT) !=3D 0) + fail_exit("kexec script failed"); + + exit(EXIT_FAILURE); +} + +/* Stage 2: Executed after the kexec reboot. */ +static void run_stage_2(int luo_fd, int state_session_fd) +{ + int s_empty1_fd, s_empty2_fd, s_files1_fd, s_files2_fd; + int mfd1, mfd2, mfd3, stage; + + ksft_print_msg("[STAGE 2] Starting post-kexec verification...\n"); + + restore_and_read_stage(state_session_fd, STATE_MEMFD_TOKEN, &stage); + if (stage !=3D 2) { + fail_exit("Expected stage 2, but state file contains %d", + stage); + } + + ksft_print_msg("[STAGE 2] Retrieving all sessions...\n"); + s_empty1_fd =3D luo_retrieve_session(luo_fd, SESSION_EMPTY_1); + if (s_empty1_fd < 0) + fail_exit("luo_retrieve_session for '%s'", SESSION_EMPTY_1); + + s_empty2_fd =3D luo_retrieve_session(luo_fd, SESSION_EMPTY_2); + if (s_empty2_fd < 0) + fail_exit("luo_retrieve_session for '%s'", SESSION_EMPTY_2); + + s_files1_fd =3D luo_retrieve_session(luo_fd, SESSION_FILES_1); + if (s_files1_fd < 0) + fail_exit("luo_retrieve_session for '%s'", SESSION_FILES_1); + + s_files2_fd =3D luo_retrieve_session(luo_fd, SESSION_FILES_2); + if (s_files2_fd < 0) + fail_exit("luo_retrieve_session for '%s'", SESSION_FILES_2); + + ksft_print_msg("[STAGE 2] Verifying contents of session '%s'...\n", + SESSION_FILES_1); + mfd1 =3D restore_and_verify_memfd(s_files1_fd, MFD1_TOKEN, MFD1_DATA); + if (mfd1 < 0) + fail_exit("restore_and_verify_memfd for token %#x", MFD1_TOKEN); + close(mfd1); + + ksft_print_msg("[STAGE 2] Verifying contents of session '%s'...\n", + SESSION_FILES_2); + + mfd2 =3D restore_and_verify_memfd(s_files2_fd, MFD2_TOKEN, MFD2_DATA); + if (mfd2 < 0) + fail_exit("restore_and_verify_memfd for token %#x", MFD2_TOKEN); + close(mfd2); + + mfd3 =3D restore_and_verify_memfd(s_files2_fd, MFD3_TOKEN, MFD3_DATA); + if (mfd3 < 0) + fail_exit("restore_and_verify_memfd for token %#x", MFD3_TOKEN); + close(mfd3); + + ksft_print_msg("[STAGE 2] Test data verified successfully.\n"); + + ksft_print_msg("[STAGE 2] Finalizing all test sessions...\n"); + if (luo_session_finish(s_empty1_fd) < 0) + fail_exit("luo_session_finish for '%s'", SESSION_EMPTY_1); + close(s_empty1_fd); + + if (luo_session_finish(s_empty2_fd) < 0) + fail_exit("luo_session_finish for '%s'", SESSION_EMPTY_2); + close(s_empty2_fd); + + if (luo_session_finish(s_files1_fd) < 0) + fail_exit("luo_session_finish for '%s'", SESSION_FILES_1); + close(s_files1_fd); + + if (luo_session_finish(s_files2_fd) < 0) + fail_exit("luo_session_finish for '%s'", SESSION_FILES_2); + close(s_files2_fd); + + ksft_print_msg("[STAGE 2] Finalizing state session...\n"); + if (luo_session_finish(state_session_fd) < 0) + fail_exit("luo_session_finish for state session"); + close(state_session_fd); + + ksft_print_msg("\n--- MULTI-SESSION KEXEC TEST PASSED ---\n"); +} + +int main(int argc, char *argv[]) +{ + int luo_fd; + int state_session_fd; + + luo_fd =3D luo_open_device(); + if (luo_fd < 0) + ksft_exit_skip("Failed to open %s. Is the luo module loaded?\n", + LUO_DEVICE); + + /* + * Determine the stage by attempting to retrieve the state session. + * If it doesn't exist (ENOENT), we are in Stage 1 (pre-kexec). + */ + state_session_fd =3D luo_retrieve_session(luo_fd, STATE_SESSION_NAME); + if (state_session_fd =3D=3D -ENOENT) { + run_stage_1(luo_fd); + } else if (state_session_fd >=3D 0) { + /* We got a valid handle, pass it directly to stage 2 */ + run_stage_2(luo_fd, state_session_fd); + } else { + fail_exit("Failed to check for state session"); + } + + close(luo_fd); + return 0; +} --=20 2.52.0.rc1.455.g30608eb744-goog From nobody Mon Feb 9 04:30:58 2026 Received: from mail-yx1-f48.google.com (mail-yx1-f48.google.com [74.125.224.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1B0E030F7FC for ; Sat, 15 Nov 2025 23:35:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.224.48 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763249705; cv=none; b=n0TPc0hvyu3kwPNzQoRw1P55qGbggmlenBwKNYrp9NAzQlK6YoKoqeilD2Y2ZHCliup/E3T0OPgTc7vpWaxYRi4D5JkksFAVbMqDN4gUQnDPKlQLGoQUCI4H3PjuprR1raxCKdEqfpj0xC+1PsE05sQW7I6sbsn1K68Divl+bMw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763249705; c=relaxed/simple; bh=5sxzx1bZt4H4ppGfEKJyxtR/cxVtMYfIiDYpbNHVfW8=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=RsNqhlJaH7p3ANIYD2AJLOceS4bTME34GwRLAs0GuGe5JFnKbpiUbEebcclhwCsp9UjagHyhLK+0VRih2xsa63vzP6acf0WKg8DNztGhYDoEjLvx1dKgLxVCcQEKvYRhnNiw+/yGW9cTJ8PD5W4J1RCivCpqG70InQjFkvuOREU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=soleen.com; spf=pass smtp.mailfrom=soleen.com; dkim=pass (2048-bit key) header.d=soleen.com header.i=@soleen.com header.b=JVP5e2o3; arc=none smtp.client-ip=74.125.224.48 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=soleen.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=soleen.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=soleen.com header.i=@soleen.com header.b="JVP5e2o3" Received: by mail-yx1-f48.google.com with SMTP id 956f58d0204a3-640d4f2f13dso3001830d50.1 for ; Sat, 15 Nov 2025 15:35:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=soleen.com; s=google; t=1763249702; x=1763854502; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=90EWWx4Mqnqhp1SMDUIMTw5wlXkO7ivVTgHSWLpFw+Q=; b=JVP5e2o3exPEFykJdNXUI7hbIs8P0xHwuBtHAgC6NEmCcGUFaLkirNrA9qktcHm/VQ br/ClZkTsg5G1mlM1CL79AYi7QQaH8INw9jqDaENa2UaMRXsBtEAHvivyGjR7//iJOIj BQgyF15W/r1SC8ekYoHt3K2scHdau+SMpG91+WYc8MmDota9ytwsFjJYWHORAfVZF0lh sRSEc1O4asi8Y9nIpVKwAkC4VKt+8zO54S7riYAeNYFo0sNOO/GOEj1sZPMVaObm9JzB BZBiD5ms8kz+j1SovR65XyWWInB37eFJuKTvHLlE28R0aah3c4FcqaXzY6p26kDFV267 4EDA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763249702; x=1763854502; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=90EWWx4Mqnqhp1SMDUIMTw5wlXkO7ivVTgHSWLpFw+Q=; b=pBQc0PA/6Hufj/ABHLQYFro0CVQr8UvVU0dS72RUMhbX8IfRTIEM9379NPSv6q+FoO kgNeXY2vRGijbAhsUIo97M+8vuAzyM3PPY120jbdTzaaVJ6cAa87Heukb9hVAlIvqY09 zC3ezinGkuzYUnKv11sl3CkW7bPRyKaDc1+FvpGhP1t4j4TrpnVRFPe9lO+yiYsTXcnh GCVN8cYutcj6MbfbnqxJC02m8Q1ku5XNzHPeNHbH3uoEfKyPNhulKC07YropoCq/8W9H 61/L/AhN0c9O4L2NFF1OR5qNhGVP5B6wu2r6M4PPQLid7evydNCDwSChsHTDIp6cVSi9 S/bA== X-Forwarded-Encrypted: i=1; AJvYcCXtni9cjMUkjdJr6gFq7pod1Y8mHkvMNLfcM2I2aUPHL68XfdYxQ3dNu75lN9ICO3wUltrjWWoYHb23Lhs=@vger.kernel.org X-Gm-Message-State: AOJu0Yw8GiulkUf4Weop8gvEloJSGkX49yglKjcUDH11U5ykCSRtNOBq md5lXcLlQ2ollRPz5Nv7XWZFk3DhM8RdlKSehcj+FTPaiKdaFMZXcrMhLqM7spuSLHw= X-Gm-Gg: ASbGncs5b1u92KFqmPm8vhV26s0nGVHH3KQNbS6X8wXA9/YA0JUkH8aKRXSXsP2I4Hw 0ILV7jLXeJUEm8UfAy3JM3lj44cPBUBUAKpJ9fSWp7ZVFeWJHXy+l2X5Vkib7+jpSxGpJV/g0UJ ll0P7tDeFO9WLzc2s3xbTBNihBoSaoy9/+IojLaY8azcXWzrWjYo+HmgVWivE7Db5ar0ymf9pfw AAE6kD0B7e6EbjgcvlYwPlLjU7ThjN24n1Cs33I0RPyCztA+T5DXawHK5cmuUMGlAtrXuGEgXhe CFz98tuRv9CjPXTTttabX0++WlrFH8Jan0/a3PceEBkqUdDjz94Hb3l1aw3Z/3JVhrJOSocbXxM NJboTVZgw5G9AAr9s7Dek/haXx/HHuzrmpUkIWkw7A4oacTbD6HCLoKOhGD7wzPium6ZZtn/XNy jPW8MDJd+nMMwGAYTDnygnkeNNOhzazG8noPDqIMOJ+OuDFDjLupVs8LVKKVUBlf+n67/xuW/5J 6Xk5TI= X-Google-Smtp-Source: AGHT+IG/UxHvAnv9mWVe8wsyDfZKwfGnjYpnQZh3+Log3+EltTNlF7D6RJztgMPJcAoGZZph5wgzaA== X-Received: by 2002:a05:690e:d02:b0:641:f347:5b57 with SMTP id 956f58d0204a3-641f3475ba1mr4093730d50.71.1763249702125; Sat, 15 Nov 2025 15:35:02 -0800 (PST) Received: from soleen.c.googlers.com.com (182.221.85.34.bc.googleusercontent.com. [34.85.221.182]) by smtp.gmail.com with ESMTPSA id 00721157ae682-7882218774esm28462007b3.57.2025.11.15.15.34.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 15 Nov 2025 15:35:01 -0800 (PST) From: Pasha Tatashin To: pratyush@kernel.org, jasonmiu@google.com, graf@amazon.com, pasha.tatashin@soleen.com, rppt@kernel.org, dmatlack@google.com, rientjes@google.com, corbet@lwn.net, rdunlap@infradead.org, ilpo.jarvinen@linux.intel.com, kanie@linux.alibaba.com, ojeda@kernel.org, aliceryhl@google.com, masahiroy@kernel.org, akpm@linux-foundation.org, tj@kernel.org, yoann.congal@smile.fr, mmaurer@google.com, roman.gushchin@linux.dev, chenridong@huawei.com, axboe@kernel.dk, mark.rutland@arm.com, jannh@google.com, vincent.guittot@linaro.org, hannes@cmpxchg.org, dan.j.williams@intel.com, david@redhat.com, joel.granados@kernel.org, rostedt@goodmis.org, anna.schumaker@oracle.com, song@kernel.org, linux@weissschuh.net, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, gregkh@linuxfoundation.org, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, rafael@kernel.org, dakr@kernel.org, bartosz.golaszewski@linaro.org, cw00.choi@samsung.com, myungjoo.ham@samsung.com, yesanishhere@gmail.com, Jonathan.Cameron@huawei.com, quic_zijuhu@quicinc.com, aleksander.lobakin@intel.com, ira.weiny@intel.com, andriy.shevchenko@linux.intel.com, leon@kernel.org, lukas@wunner.de, bhelgaas@google.com, wagi@kernel.org, djeffery@redhat.com, stuart.w.hayes@gmail.com, ptyadav@amazon.de, lennart@poettering.net, brauner@kernel.org, linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org, saeedm@nvidia.com, ajayachandra@nvidia.com, jgg@nvidia.com, parav@nvidia.com, leonro@nvidia.com, witu@nvidia.com, hughd@google.com, skhawaja@google.com, chrisl@kernel.org Subject: [PATCH v6 20/20] tests/liveupdate: Add in-kernel liveupdate test Date: Sat, 15 Nov 2025 18:34:06 -0500 Message-ID: <20251115233409.768044-21-pasha.tatashin@soleen.com> X-Mailer: git-send-email 2.52.0.rc1.455.g30608eb744-goog In-Reply-To: <20251115233409.768044-1-pasha.tatashin@soleen.com> References: <20251115233409.768044-1-pasha.tatashin@soleen.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Introduce an in-kernel test module to validate the core logic of the Live Update Orchestrator's File-Lifecycle-Bound feature. This provides a low-level, controlled environment to test FLB registration and callback invocation without requiring userspace interaction or actual kexec reboots. The test is enabled by the CONFIG_LIVEUPDATE_TEST Kconfig option. Signed-off-by: Pasha Tatashin --- include/linux/liveupdate/abi/luo.h | 5 + kernel/liveupdate/luo_file.c | 2 + kernel/liveupdate/luo_internal.h | 6 ++ lib/Kconfig.debug | 23 +++++ lib/tests/Makefile | 1 + lib/tests/liveupdate.c | 143 +++++++++++++++++++++++++++++ 6 files changed, 180 insertions(+) create mode 100644 lib/tests/liveupdate.c diff --git a/include/linux/liveupdate/abi/luo.h b/include/linux/liveupdate/= abi/luo.h index 85596ce68c16..cdcace9b48f5 100644 --- a/include/linux/liveupdate/abi/luo.h +++ b/include/linux/liveupdate/abi/luo.h @@ -230,4 +230,9 @@ struct luo_flb_ser { u64 count; } __packed; =20 +/* Kernel Live Update Test ABI */ +#ifdef CONFIG_LIVEUPDATE_TEST +#define LIVEUPDATE_TEST_FLB_COMPATIBLE(i) "liveupdate-test-flb-v" #i +#endif + #endif /* _LINUX_LIVEUPDATE_ABI_LUO_H */ diff --git a/kernel/liveupdate/luo_file.c b/kernel/liveupdate/luo_file.c index df337c9c4f21..9a531096bdb5 100644 --- a/kernel/liveupdate/luo_file.c +++ b/kernel/liveupdate/luo_file.c @@ -834,6 +834,8 @@ int liveupdate_register_file_handler(struct liveupdate_= file_handler *fh) INIT_LIST_HEAD(&fh->flb_list); list_add_tail(&fh->list, &luo_file_handler_list); =20 + liveupdate_test_register(fh); + return 0; } =20 diff --git a/kernel/liveupdate/luo_internal.h b/kernel/liveupdate/luo_inter= nal.h index 389fb102775f..c863cb051d49 100644 --- a/kernel/liveupdate/luo_internal.h +++ b/kernel/liveupdate/luo_internal.h @@ -86,4 +86,10 @@ int __init luo_flb_setup_outgoing(void *fdt); int __init luo_flb_setup_incoming(void *fdt); void luo_flb_serialize(void); =20 +#ifdef CONFIG_LIVEUPDATE_TEST +void liveupdate_test_register(struct liveupdate_file_handler *h); +#else +static inline void liveupdate_test_register(struct liveupdate_file_handler= *h) { } +#endif + #endif /* _LINUX_LUO_INTERNAL_H */ diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index 9a087826498a..eaa2af2bd963 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -2803,6 +2803,29 @@ config LINEAR_RANGES_TEST =20 If unsure, say N. =20 +config LIVEUPDATE_TEST + bool "Live Update Kernel Test" + default n + depends on LIVEUPDATE + help + Enable a built-in kernel test module for the Live Update + Orchestrator. + + This module validates the File-Lifecycle-Bound subsystem by + registering a set of mock FLB objects with any real file handlers + that support live update (such as the memfd handler). + + When live update operations are performed, this test module will + output messages to the kernel log (dmesg), confirming that its + registration and various callback functions (preserve, retrieve, + finish, etc.) are being invoked correctly. + + This is a debugging and regression testing tool for developers + working on the Live Update subsystem. It should not be enabled in + production kernels. + + If unsure, say N + config CMDLINE_KUNIT_TEST tristate "KUnit test for cmdline API" if !KUNIT_ALL_TESTS depends on KUNIT diff --git a/lib/tests/Makefile b/lib/tests/Makefile index f7460831cfdd..8e5c527a94ac 100644 --- a/lib/tests/Makefile +++ b/lib/tests/Makefile @@ -27,6 +27,7 @@ obj-$(CONFIG_LIST_KUNIT_TEST) +=3D list-test.o obj-$(CONFIG_KFIFO_KUNIT_TEST) +=3D kfifo_kunit.o obj-$(CONFIG_TEST_LIST_SORT) +=3D test_list_sort.o obj-$(CONFIG_LINEAR_RANGES_TEST) +=3D test_linear_ranges.o +obj-$(CONFIG_LIVEUPDATE_TEST) +=3D liveupdate.o =20 CFLAGS_longest_symbol_kunit.o +=3D $(call cc-disable-warning, missing-prot= otypes) obj-$(CONFIG_LONGEST_SYM_KUNIT_TEST) +=3D longest_symbol_kunit.o diff --git a/lib/tests/liveupdate.c b/lib/tests/liveupdate.c new file mode 100644 index 000000000000..05c05b8c1c22 --- /dev/null +++ b/lib/tests/liveupdate.c @@ -0,0 +1,143 @@ +// SPDX-License-Identifier: GPL-2.0 + +/* + * Copyright (c) 2025, Google LLC. + * Pasha Tatashin + */ + +#define pr_fmt(fmt) KBUILD_MODNAME " test: " fmt + +#include +#include +#include +#include +#include +#include "../../kernel/liveupdate/luo_internal.h" + +static const struct liveupdate_flb_ops test_flb_ops; +#define DEFINE_TEST_FLB(i) { \ + .ops =3D &test_flb_ops, \ + .compatible =3D LIVEUPDATE_TEST_FLB_COMPATIBLE(i), \ +} + +/* Number of Test FLBs to register with every file handler */ +#define TEST_NFLBS 3 +static struct liveupdate_flb test_flbs[TEST_NFLBS] =3D { + DEFINE_TEST_FLB(0), + DEFINE_TEST_FLB(1), + DEFINE_TEST_FLB(2), +}; + +#define TEST_FLB_MAGIC_BASE 0xFEEDF00DCAFEBEE0ULL + +static int test_flb_preserve(struct liveupdate_flb_op_args *argp) +{ + ptrdiff_t index =3D argp->flb - test_flbs; + + pr_info("%s: preserve was triggered\n", argp->flb->compatible); + argp->data =3D TEST_FLB_MAGIC_BASE + index; + + return 0; +} + +static void test_flb_unpreserve(struct liveupdate_flb_op_args *argp) +{ + pr_info("%s: unpreserve was triggered\n", argp->flb->compatible); +} + +static int test_flb_retrieve(struct liveupdate_flb_op_args *argp) +{ + ptrdiff_t index =3D argp->flb - test_flbs; + u64 expected_data =3D TEST_FLB_MAGIC_BASE + index; + + if (argp->data =3D=3D expected_data) { + pr_info("%s: found flb data from the previous boot\n", + argp->flb->compatible); + argp->obj =3D (void *)argp->data; + } else { + pr_err("%s: ERROR - incorrect data handle: %llx, expected %llx\n", + argp->flb->compatible, argp->data, expected_data); + return -EINVAL; + } + + return 0; +} + +static void test_flb_finish(struct liveupdate_flb_op_args *argp) +{ + ptrdiff_t index =3D argp->flb - test_flbs; + void *expected_obj =3D (void *)(TEST_FLB_MAGIC_BASE + index); + + if (argp->obj =3D=3D expected_obj) { + pr_info("%s: finish was triggered\n", argp->flb->compatible); + } else { + pr_err("%s: ERROR - finish called with invalid object\n", + argp->flb->compatible); + } +} + +static const struct liveupdate_flb_ops test_flb_ops =3D { + .preserve =3D test_flb_preserve, + .unpreserve =3D test_flb_unpreserve, + .retrieve =3D test_flb_retrieve, + .finish =3D test_flb_finish, + .owner =3D THIS_MODULE, +}; + +static void liveupdate_test_init(void) +{ + static DEFINE_MUTEX(init_lock); + static bool initialized; + int i; + + guard(mutex)(&init_lock); + + if (initialized) + return; + + for (i =3D 0; i < TEST_NFLBS; i++) { + struct liveupdate_flb *flb =3D &test_flbs[i]; + void *obj; + int err; + + liveupdate_init_flb(flb); + + err =3D liveupdate_flb_incoming_locked(flb, &obj); + if (!err) { + liveupdate_flb_incoming_unlock(flb, obj); + } else if (err !=3D -ENODATA && err !=3D -ENOENT) { + pr_err("liveupdate_flb_incoming_locked for %s failed: %pe\n", + flb->compatible, ERR_PTR(err)); + } + } + initialized =3D true; +} + +void liveupdate_test_register(struct liveupdate_file_handler *h) +{ + int err, i; + + liveupdate_test_init(); + + for (i =3D 0; i < TEST_NFLBS; i++) { + struct liveupdate_flb *flb =3D &test_flbs[i]; + + err =3D liveupdate_register_flb(h, flb); + if (err) + pr_err("Failed to register %s %pe\n", + flb->compatible, ERR_PTR(err)); + } + + err =3D liveupdate_register_flb(h, &test_flbs[0]); + if (!err || err !=3D -EEXIST) { + pr_err("Failed: %s should be already registered, but got err: %pe\n", + test_flbs[0].compatible, ERR_PTR(err)); + } + + pr_info("Registered %d FLBs with file handler: [%s]\n", + TEST_NFLBS, h->compatible); +} + +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Pasha Tatashin "); +MODULE_DESCRIPTION("In-kernel test for LUO mechanism"); --=20 2.52.0.rc1.455.g30608eb744-goog