From: Pasha Tatashin <pasha.tatashin@soleen.com>
To: rppt@kernel.org, akpm@linux-foundation.org, linux-mm@kvack.org,
linux-kernel@vger.kernel.org, pasha.tatashin@soleen.com,
dmatlack@google.com, pratyush@kernel.org, skhawaja@google.com
Subject: [PATCH v4 00/11] liveupdate: Fix module unloading and unregister API
Date: Mon, 13 Apr 2026 18:51:16 +0000 [thread overview]
Message-ID: <20260413185127.128180-1-pasha.tatashin@soleen.com> (raw)
This patch series addresses an issue with how LUO handles module
reference counting and unregistration during a module unload (e.g.,
via rmmod).
Currently, modules that register live update file handlers are pinned
for the entire duration they are registered. This prevents the modules
from being unloaded gracefully, even when no live update session is in
progress.
Furthermore, if a module is forcefully unloaded, the unregistration
functions return an error (e.g. -EBUSY) if a session is active, which
is ignored by the kernel's module unload path, leaving dangling
pointers in the LUO global lists.
To resolve these issues, this series introduces the following changes:
1. Adds a global read-write semaphore (luo_register_rwlock) to protect
the registration lists for both file handlers and FLBs.
2. Reduces the scope of module reference counting for file handlers and
FLBs. Instead of pinning modules indefinitely upon registration,
references are now taken only when they are actively used in a live
update session (e.g., during preservation, retrieval, or
deserialization).
3. Removes the global luo_session_quiesce() mechanism since module
unload behavior now handles active sessions implicitly.
4. Introduces auto-unregistration of FLBs during file handler
unregistration to prevent leaving dangling resources.
5. Changes the unregistration functions to return void instead of
an error code.
6. Fixes a data race in luo_flb_get_private() by introducing a spinlock
for thread-safe lazy initialization.
7. Strengthens security by using %.*s when printing untrusted deserialized
compatible strings and session names to prevent out-of-bounds reads.
8. Fixes a return value issue in session deserialization.
Changelog since v3:
- Collected Reviewed-by tags from Pratyush Yadav and Samiullah Khawaja.
- Documented the assumption that a handler's lifecycle is bound to its
implementing module's lifecycle in the LUO File Descriptors DOC comment,
as requested by Sami.
- Added a lockdep_assert_held_write() in luo_flb_unregister_all() as
reqeuested by Pratyush.
- Added "fix return value on session allocation failure" patch per
discussion in v3.
Pasha Tatashin (11):
liveupdate: Safely print untrusted strings
liveupdate: Synchronize lazy initialization of FLB private state
liveupdate: Protect file handler list with rwsem
liveupdate: Protect FLB lists with luo_register_rwlock
liveupdate: Defer FLB module refcounting to active sessions
liveupdate: Remove luo_session_quiesce()
liveupdate: Auto unregister FLBs on file handler unregistration
liveupdate: Remove liveupdate_test_unregister()
liveupdate: Make unregister functions return void
liveupdate: Defer file handler module refcounting to active sessions
liveupdate: fix return value on session allocation failure
include/linux/liveupdate.h | 15 ++-
kernel/liveupdate/luo_core.c | 6 +
kernel/liveupdate/luo_file.c | 91 ++++++---------
kernel/liveupdate/luo_flb.c | 183 +++++++++++++++++--------------
kernel/liveupdate/luo_internal.h | 7 +-
kernel/liveupdate/luo_session.c | 49 +--------
lib/tests/liveupdate.c | 18 ---
7 files changed, 151 insertions(+), 218 deletions(-)
--
2.43.0
next reply other threads:[~2026-04-13 18:51 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-13 18:51 Pasha Tatashin [this message]
2026-04-13 18:51 ` [PATCH v4 01/11] liveupdate: Safely print untrusted strings Pasha Tatashin
2026-04-13 18:51 ` [PATCH v4 02/11] liveupdate: Synchronize lazy initialization of FLB private state Pasha Tatashin
2026-04-13 18:51 ` [PATCH v4 03/11] liveupdate: Protect file handler list with rwsem Pasha Tatashin
2026-04-13 18:51 ` [PATCH v4 04/11] liveupdate: Protect FLB lists with luo_register_rwlock Pasha Tatashin
2026-04-13 18:51 ` [PATCH v4 05/11] liveupdate: Defer FLB module refcounting to active sessions Pasha Tatashin
2026-04-13 18:51 ` [PATCH v4 06/11] liveupdate: Remove luo_session_quiesce() Pasha Tatashin
2026-04-13 18:51 ` [PATCH v4 07/11] liveupdate: Auto unregister FLBs on file handler unregistration Pasha Tatashin
2026-04-13 18:51 ` [PATCH v4 08/11] liveupdate: Remove liveupdate_test_unregister() Pasha Tatashin
2026-04-13 18:51 ` [PATCH v4 09/11] liveupdate: Make unregister functions return void Pasha Tatashin
2026-04-13 18:51 ` [PATCH v4 10/11] liveupdate: Defer file handler module refcounting to active sessions Pasha Tatashin
2026-04-13 18:51 ` [PATCH v4 11/11] liveupdate: fix return value on session allocation failure Pasha Tatashin
2026-04-14 9:35 ` Pratyush Yadav
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260413185127.128180-1-pasha.tatashin@soleen.com \
--to=pasha.tatashin@soleen.com \
--cc=akpm@linux-foundation.org \
--cc=dmatlack@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=pratyush@kernel.org \
--cc=rppt@kernel.org \
--cc=skhawaja@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox