1. Patchew
  2. linux
  3. View series

[PATCH 0/6] liveupdate: Fix module unloading and unregister API

Pasha Tatashin posted 6 patches 2 weeks, 6 days ago
There is a newer version of this series
include/linux/liveupdate.h       |  16 +++--
kernel/liveupdate/luo_file.c     | 118 ++++++++++++++-----------------
kernel/liveupdate/luo_flb.c      | 108 ++++++++++++----------------
kernel/liveupdate/luo_internal.h |   2 -
kernel/liveupdate/luo_session.c  |  44 ------------
lib/tests/liveupdate.c           |   8 +--
6 files changed, 113 insertions(+), 183 deletions(-)
[PATCH 0/6] liveupdate: Fix module unloading and unregister API
Posted by Pasha Tatashin 2 weeks, 6 days ago 
This patch series addresses an issue with how LUO handles module
reference counting and unregistration during a module unload (e.g.,
via rmmod).

Currently, modules that register live update file handlers are pinned
for the entire duration they are registered. This prevents the modules
from being unloaded gracefully, even when no live update session is in
progress.

Furthermore, if a module is forcefully unloaded, the unregistration
functions return an error (e.g. -EBUSY) if a session is active, which
is ignored by the kernel's module unload path, leaving dangling
pointers in the LUO global lists.

As pointed out by Jason Gunthorpe and Alex Williamson during the review
of the VFIO PCI live update patches [1]:
> "destroy" functions that fail are evil. :)
> IMHO blow up the kernel or something in the core code, you can't stop
> module unloading once it starts so it is pointless to propagate this

To resolve these issues, this series introduces the following changes:
1. Adds read-write semaphores (luo_file_handler_lock, luo_flb_lock, and
   a per-handler flb_lock) to protect the registration lists. This allows
   highly scalable concurrent access for file preservation without
   blocking, while still preventing traversal races during module unload.
2. Defers module reference counting (try_module_get / module_put)
   so that modules are only pinned when their handlers or FLBs are
   actively used in a live update session. This allows the core kernel
   module code to correctly reject an unload attempt (-EWOULDBLOCK)
   only when a session is actively running.
3. Changes the unregistration functions to return void instead of
   an error code. If they fail to unregister due to dangling references,
   they print a warning instead of aborting, aligning with standard
   kernel destroy/unregister semantics.
4. Removes the global luo_session_quiesce() mechanism. Now that module
   references properly handle the usage of file handlers and FLBs
   during active sessions, we can safely remove the quiesce/resume logic.

[1] https://lore.kernel.org/all/20260303210733.GG972761@nvidia.com

Pasha Tatashin (6):
  liveupdate: Protect file handler list with rwsem
  liveupdate: Protect FLB lists with rwsem
  liveupdate: Defer file handler module refcounting to active sessions
  liveupdate: Defer FLB module refcounting to active sessions
  liveupdate: Make unregister functions return void
  liveupdate: Remove luo_session_quiesce()

 include/linux/liveupdate.h       |  16 +++--
 kernel/liveupdate/luo_file.c     | 118 ++++++++++++++-----------------
 kernel/liveupdate/luo_flb.c      | 108 ++++++++++++----------------
 kernel/liveupdate/luo_internal.h |   2 -
 kernel/liveupdate/luo_session.c  |  44 ------------
 lib/tests/liveupdate.c           |   8 +--
 6 files changed, 113 insertions(+), 183 deletions(-)

-- 
2.53.0.851.ga537e3e6e9-goog

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.