Linux Plumbers Conference 2023

Session

Live Patching MC

15 Nov 2023, 09:30

Description

The Live Patching microconference at Linux Plumbers 2023 aims to gather stakeholders and interested parties to discuss proposed features and outstanding issues in live patching.

Presentation materials

mc-klp-minutes.org

notes.pdf

Video

212. Livepatch Visibility at Scale

Breno Leitao (Meta), Song Liu (Meta)

15/11/2023, 09:30

To support various Linux Kernels in hyperscale data centers, it is important to aggregate signals (console output, crash dump, etc.) among millions of servers. One of the key types of information in this massive dataset is the Kernel version running on each host.

At Meta, we use netconsole to analyze console outputs from millions of servers. Recent work...

233. KLP for Clang LTO Kernel

Yonghong Song, Song Liu (Meta)

15/11/2023, 10:00

We want to discuss live patching with clang built LTO kernel. We have managed to make it work on top of kpatch now. We would like to discuss:

• How current comparison with vmlinux binary itself not scalable.
• How we used clang lto internal flag to compare pre-linker object files.
• How new special symbols introduced by lto may complicate live patching and how build system needs to adapt...

222. Kbuild support for klp-relocation generation

Lukáš Hruška

15/11/2023, 10:30

Livepatches may use symbols which are not contained in its own scope, and, because of that, may end up compiled with relocations that will only be resolved during module load. Yet, when the referenced symbols are not exported, solving this relocation requires information on the object that holds the symbol (either vmlinux or modules) and its position inside the object, as an object may...

127. Simplify Livepatch Callbacks, Shadow Variables, and States handling

Petr Mladek (SUSE)

15/11/2023, 11:30

Livepatches allow fixing critical security or functional bugs without reboot. They are useful when an downtime is expensive.

The basic livepatch feature functionality is to redirect problematic functions to fixed or improved variants. In addition, there are two features helping with more problematic situations:

• pre_patch(), post_patch(), pre_unpatch(), post_unpatch()...

238. Moving livepatching module building to kselftests

Marcos de Souza (SUSE)

15/11/2023, 12:00

The kernel livepatching subsystem has a number of tests that reside in the kernel. There are kernel modules and scripts that are placed in different locations. The kernel livepatch modules are stored in lib/livepatch, while the scripts to load the modules and run tests are stored in tools/testing/kselftests. The test modules are currently only compiled when CONFIG_TEST_LIVEPATCH is enabled,...

279. Arm64 live patching

Mark Rutland (Arm Ltd)

15/11/2023, 12:30

The current status of the kernel side of Arm64 live patching will be provided. Missing pieces and obstacles which prevent the enablement on the architecture.