1. Patchew
  2. linux
  3. View series

[PATCH v4 00/11] liveupdate: Fix module unloading and unregister API

Pasha Tatashin posted 11 patches 1 month, 4 weeks ago 
include/linux/liveupdate.h       |  15 ++-
kernel/liveupdate/luo_core.c     |   6 +
kernel/liveupdate/luo_file.c     |  91 ++++++---------
kernel/liveupdate/luo_flb.c      | 183 +++++++++++++++++--------------
kernel/liveupdate/luo_internal.h |   7 +-
kernel/liveupdate/luo_session.c  |  49 +--------
lib/tests/liveupdate.c           |  18 ---
7 files changed, 151 insertions(+), 218 deletions(-)
[PATCH v4 00/11] liveupdate: Fix module unloading and unregister API
Posted by Pasha Tatashin 1 month, 4 weeks ago 
This patch series addresses an issue with how LUO handles module
reference counting and unregistration during a module unload (e.g.,
via rmmod).

Currently, modules that register live update file handlers are pinned
for the entire duration they are registered. This prevents the modules
from being unloaded gracefully, even when no live update session is in
progress.

Furthermore, if a module is forcefully unloaded, the unregistration
functions return an error (e.g. -EBUSY) if a session is active, which
is ignored by the kernel's module unload path, leaving dangling
pointers in the LUO global lists.

To resolve these issues, this series introduces the following changes:
1. Adds a global read-write semaphore (luo_register_rwlock) to protect
   the registration lists for both file handlers and FLBs.
2. Reduces the scope of module reference counting for file handlers and
   FLBs. Instead of pinning modules indefinitely upon registration,
   references are now taken only when they are actively used in a live
   update session (e.g., during preservation, retrieval, or
   deserialization).
3. Removes the global luo_session_quiesce() mechanism since module
   unload behavior now handles active sessions implicitly.
4. Introduces auto-unregistration of FLBs during file handler
   unregistration to prevent leaving dangling resources.
5. Changes the unregistration functions to return void instead of
   an error code.
6. Fixes a data race in luo_flb_get_private() by introducing a spinlock
   for thread-safe lazy initialization.
7. Strengthens security by using %.*s when printing untrusted deserialized
   compatible strings and session names to prevent out-of-bounds reads.
8. Fixes a return value issue in session deserialization.

Changelog since v3:
- Collected Reviewed-by tags from Pratyush Yadav and Samiullah Khawaja.
- Documented the assumption that a handler's lifecycle is bound to its
  implementing module's lifecycle in the LUO File Descriptors DOC comment,
  as requested by Sami.
- Added a lockdep_assert_held_write() in luo_flb_unregister_all() as
  reqeuested by Pratyush.
- Added "fix return value on session allocation failure" patch per
  discussion in v3.

Pasha Tatashin (11):
  liveupdate: Safely print untrusted strings
  liveupdate: Synchronize lazy initialization of FLB private state
  liveupdate: Protect file handler list with rwsem
  liveupdate: Protect FLB lists with luo_register_rwlock
  liveupdate: Defer FLB module refcounting to active sessions
  liveupdate: Remove luo_session_quiesce()
  liveupdate: Auto unregister FLBs on file handler unregistration
  liveupdate: Remove liveupdate_test_unregister()
  liveupdate: Make unregister functions return void
  liveupdate: Defer file handler module refcounting to active sessions
  liveupdate: fix return value on session allocation failure

 include/linux/liveupdate.h       |  15 ++-
 kernel/liveupdate/luo_core.c     |   6 +
 kernel/liveupdate/luo_file.c     |  91 ++++++---------
 kernel/liveupdate/luo_flb.c      | 183 +++++++++++++++++--------------
 kernel/liveupdate/luo_internal.h |   7 +-
 kernel/liveupdate/luo_session.c  |  49 +--------
 lib/tests/liveupdate.c           |  18 ---
 7 files changed, 151 insertions(+), 218 deletions(-)

-- 
2.43.0

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.