Comments (11)
euspectre
commented on August 19, 2024
To support RISC-V in live patching, you need much more that updating kpatch tools.
Many things need to be done at the kernel side, e.g. to make stack traces reliable, etc.
You can take a look at the activities to add livepatch support for ARM:
https://lore.kernel.org/linux-arm-kernel/[email protected]/T/
https://lwn.net/Articles/890741/
from kpatch.
euspectre
commented on August 19, 2024
I guess, reliable kernel stack traces and support for RISC-V in objtool are the areas to start to eventually enable livepatch on this architecture. Likely, doable but not that easy.
from kpatch.
yinxx
commented on August 19, 2024
could you give me some clue or advice, or web, etc
for me to study
to add the riscv64 support!
thanks a lot
At 2022-09-01 17:39:16, "Eugene A. Shatokhin" ***@***.***> wrote:
I guess, reliable kernel stack traces and support for RISC-V in objtool are the areas to start to eventually enable livepatch on this architecture. Likely, doable but not that easy.
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you authored the thread.Message ID: ***@***.***>
from kpatch.
euspectre
commented on August 19, 2024
I'd suggest to learn how they did it for ARM first, see my earlier comment (#1296 (comment)).
from kpatch.
euspectre
commented on August 19, 2024
By the way, I am very interested in having livepatch on RISC-V too.
I'll gladly help in reviewing and testing of the related patches, at least. I mean, the patches both to the kernel and to the kpatch tools.
from kpatch.
jpoimboe
commented on August 19, 2024
Porting an architecture can be done in three phases:
-
In the kernel, add CONFIG_HAVE_LIVEPATCH support. For some arches this might be as simple as enabling CONFIG_DYNAMIC_FTRACE_WITH REGS. With this support you can do basic live patches like those in samples/livepatch. Livepatch functionality is limited and extra care must be taken to avoid certain pitfalls.
-
Add kpatch-build (create-diff-object) support. This makes it easier to build patches, and avoids some of the pitfalls.
-
Add CONFIG_HAVE_RELIABLE_STACKTRACE and (if needed) objtool support in the kernel. This avoids more pitfalls and enables full livepatch functionality.
from kpatch.
euspectre
commented on August 19, 2024
@jpoimboe Thanks!
As far as RISC-V is concerned,
- DYNAMIC_FTRACE_WITH REGS seems to be supported, one needs to enable it, test if it works OK and report/fix the bugs.
- kpatch-build (create-diff-object) support - IMO, this is mostly about RISC-V-specific relocations, special sections (if any) and, may be, detection of WARN() and such. Looks doable.
- CONFIG_HAVE_RELIABLE_STACKTRACE & objtool - the most difficult and time-consuming part, I think. And absolutely critical for production use. This is why I'd suggest to deal with is first.
from kpatch.
jpoimboe
commented on August 19, 2024
- kpatch-build (create-diff-object) support - IMO, this is mostly about RISC-V-specific relocations, special sections (if any) and, may be, detection of WARN() and such. Looks doable.
Yes, the s390 port turned out to be quite small, the kpatch-build code base seems to have become quite arch-friendly.
- CONFIG_HAVE_RELIABLE_STACKTRACE & objtool - the most difficult and time-consuming part, I think. And absolutely critical for production use. This is why I'd suggest to deal with is first.
Many patches don't need the livepatch "consistency model". If the patch author knows what they're doing and is careful, the reliable stack tracing isn't needed in many cases.
from kpatch.
joe-lawrence
commented on August 19, 2024
Since the question was answered and high-level steps documented in #1297, is there anything more to track in this issue?
from kpatch.
euspectre
commented on August 19, 2024
I think this one can be closed. The issues with particular steps to add support for RISC-V (checking Ftrace, adapting objtool, etc.) should be tracked separately when they arise.
from kpatch.
euspectre
commented on August 19, 2024
- In the kernel, add CONFIG_HAVE_LIVEPATCH support. For some arches this might be as simple as enabling CONFIG_DYNAMIC_FTRACE_WITH REGS. With this support you can do basic live patches like those in samples/livepatch. Livepatch functionality is limited and extra care must be taken to avoid certain pitfalls.
A quick update:
-
CONFIG_DYNAMIC_FTRACE_WITH_REGS is currently (linux 6.2-rc1) broken w.r.t. FTRACE_OPS_FL_IPMODIFY on RISC-V.
This patch fixes the issue as a side-effect: https://lkml.iu.edu/hypermail/linux/kernel/2212.1/00200.html. -
CONFIG_HAVE_LIVEPATCH needs a bit more work here.
First, it turned out that livepatch actually requires CONFIG_HAVE_DYNAMIC_FTRACE_WITH_ARGS (not sure if that is intentional). With CONFIG_HAVE_DYNAMIC_FTRACE_WITH_ARGS unset, even if CONFIG_DYNAMIC_FTRACE_WITH_REGS=y, ftrace_instruction_pointer_set() is a no-op, and control redirection to the new function does not happen.
There are a few more things to be done here and there: thread flags, etc.
I'll experiment with this when I have time.
from kpatch.
Related Issues (20)
- Do we need more robust archeticture protection HOT 4
- kpatch-build: verify_patch_files might miss a parameter HOT 2
- ERROR in find_local_syms, couldn't find matching XXX local symbols in vmlinux symbol table HOT 14
- Can you add support for Rocky and Alma? HOT 1
- relocation with type R_X86_64_GOTPCREL is not supported HOT 5
- Arch Compile kpatch-git test failed HOT 4
- Regarding "statically allocated data" again HOT 2
- kpatch-build error when modifying an object file's only syscall
- nowhere to find the definition of klp_register_patch HOT 5
- x86 paravirt code uses alternatives v6.8+ HOT 1
- special-static.patch can fail to build on s390x / upstream v6.8 HOT 6
- CONFIG_FTRACE_MCOUNT_USE_PATCHABLE_FUNCTION_ENTRY not supported on ppc64le HOT 6
- function __pfx_new_sync_read has no fentry/mcount call, unable to patch HOT 6
- Unchanged and unpatchable function moves from .text to .text.unlikely HOT 5
- Why did the kpatch-build script export the KPATCH-BUILD environment variable from the BUILD directory to the SOURCE directory? HOT 3
- CONFIG_WERROR=y and CONFIG_LD_ORPHAN_WARN_LEVEL="error" break kpatch-build HOT 2
- linux 6.9.0-rc6 can't find special struct paravirt_patch_site size HOT 6
- fair.o: changed section .data..read_mostly not selected for inclusion HOT 9
- find_local_syms: 218: couldn't find matching cm.c local symbols in ib_mad symbol table HOT 5
- Kernel Warning: Unpatched return thunk in use. This should not happen! HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kpatch.