(2014/05/08 21:48), Josh Poimboeuf wrote: >> No, I was not demanding that at all, my suggestion was: >> >> > My claim is that if a patch is correct/safe in the old fashioned >> > way, then a fundamental principle is that a live patching >> > subsystem must either safely apply, or safely reject the live >> > patching attempt, independently from any user input. >> >> Note the 'if'. It could start simple and stupid, and only allow cases >> where we know the patch must be trivially safe (because it does not do >> much in terms of disturbing globally visible state). That needs some >> tooling help, but apparently tooling help is in place already. >> >> And then we can complicate it from there - but have a reasonably >> robust starting point that we _know_ works (as long as the >> implementation is correct). > > I really wonder if detecting a "trivially safe" patch is even possible. > > Where do you draw the line with the following patches? > > - add a call to another function which modifies global data
This depends on what global data and how. For example, the global data is used only from the replaced functions, it's a kind of local data. And also, the global data modification is as designed (e.g. acquiring/ releasing a spinlock), that is also safe. I think, the bad case is modifying shared global data to new state which unexpected by other data holders. > - add an early return or a goto which changes the way the function > modifies (or no longer modifies) global data Ditto, if it is unexpected at other parts, that will be unacceptable. > - touch a local stack variable which results in global data being > modified later in the function > > - return a different value which causes the function's caller to modify > data I think if the local variable or return value change is correctly handled by the caller (as expected), that is good too. Thank you, -- Masami HIRAMATSU Software Platform Research Dept. Linux Technology Research Center Hitachi, Ltd., Yokohama Research Laboratory E-mail: [email protected] -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
