LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Re: [RFC] kreplace: Rebootless kernel updates

[Posted November 24, 2008 by corbet]

From:  Anders Kaseorg <andersk-AT-MIT.EDU>
To:  Nikanth Karthikesan <knikanth-AT-suse.de>
Subject:  Re: [RFC] kreplace: Rebootless kernel updates
Date:  Fri, 21 Nov 2008 15:19:21 -0500 (EST)
Message-ID:  <alpine.DEB.2.00.0811211306000.1505@vinegar-pot.mit.edu>
Cc:  linux-kernel-AT-vger.kernel.org, ananth-AT-in.ibm.com, davem-AT-davemloft.net, mhiramat-AT-redhat.com, contact-AT-ksplice.com, jbarnold-AT-ksplice.com, tabbott-AT-ksplice.com, wdaher-AT-ksplice.com
Archive-link:  Article, Thread 

On Fri, 21 Nov 2008, Nikanth Karthikesan wrote:
> When looking for a shortcut to avoid the rebuild/reboot cycle when 
> hacking the kernel - the ksplice[1] was posted. This patch extends 
> kprobes to do something similar, which would require even lesser time to 
> _experiment_ with the running kernel.

Maybe we haven? done a good job of explaining just how quickly you can 
use Ksplice for rapid experimentation.  Using the Ksplice utilities 
<http://www.ksplice.com/software>, you can write a 5-line patch today that 
does the same experiment as your 42-line kreplace example, without using 
unsafe hacks:

$ cat example.patch
--- a/block/blk-merge.c
+++ b/block/blk-merge.c
@@ -488,6 +488,11 @@

 int attempt_back_merge(struct request_queue *q, struct request *rq)
 {
+	static int count = 0;
+	count++;
+	if (count % 50 == 0)
+		printk("attempt_back_merge called another 50 times\n");
+	return 0;
 	struct request *next = elv_latter_request(q, rq);

 	if (next)
$ ksplice-create -j4 --patch=example.patch linux-2.6/
Ksplice update tarball written to ksplice-sxk9pvow.tar.gz
$ sudo ksplice-apply ksplice-sxk9pvow.tar.gz
Done!
$ sudo ksplice-undo sxk9pvow

Assuming the kernel source tree has been prepared for Ksplice (e.g. if you 
have used Ksplice before), it takes as little as 35 seconds to compile the 
Ksplice update and a fraction of a second to apply it.  The running kernel 
does not need to have been specially prepared or patched.

> This small patch extends jprobes so that the jprobe's handler is 
> executed but skips executing the actual function. But this has its own 
> limitations such as Cannot access symbols not exported for modules 
> (ofcourse hacks like pointers[2] can be used.), problems related to 
> return values[3], etc... This is currently a x86_64 only _hack_.

An even more fundamental limitation of kprobes/jprobes is that it cannot 
hook functions that have been inlined (or partially inlined) by the 
compiler, because the compiler only writes mcount() calls at the beginning 
of function bodies after inlining has been performed.  (Note that at least 
20% of functions in the kernel that don? have an explicit inline keyword 
get inlined anyway.)

This problem, and others such as the ambiguous symbol name problem (see 
<http://www.ksplice.com/paper>), mean that jprobes doesn? work well for 
much more than gathering statistics and debugging, which is what it was 
designed for.  Building hot updates with jprobes makes for a cute jprobes 
example, but let? be clear: it isn? nearly robust enough for security 
patches or telecom/enterprise use.

Ksplice solves all of these problems, and additionally includes extensive 
safety checks (run-pre matching, kernel stack checking, update dependency 
tracking) to avoid a wide range of dangerous situations, which would 
commonly cause a simplistic hot update system to corrupt the running 
kernel.

Anders
(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds