€•úIŒsphinx.addnodes”Œdocument”“”)”}”(Œ rawsource”Œ”Œchildren”]”(Œ translations”Œ LanguagesNode”“”)”}”(hhh]”(hŒ pending_xref”“”)”}”(hhh]”Œdocutils.nodes”ŒText”“”ŒChinese (Simplified)”…””}”Œparent”hsbaŒ attributes”}”(Œids”]”Œclasses”]”Œnames”]”Œdupnames”]”Œbackrefs”]”Œ refdomain”Œstd”Œreftype”Œdoc”Œ reftarget”Œ0/translations/zh_CN/livepatch/cumulative-patches”Œmodname”NŒ classname”NŒ refexplicit”ˆuŒtagname”hhh ubh)”}”(hhh]”hŒChinese (Traditional)”…””}”hh2sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ0/translations/zh_TW/livepatch/cumulative-patches”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒItalian”…””}”hhFsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ0/translations/it_IT/livepatch/cumulative-patches”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒJapanese”…””}”hhZsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ0/translations/ja_JP/livepatch/cumulative-patches”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒKorean”…””}”hhnsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ0/translations/ko_KR/livepatch/cumulative-patches”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒSpanish”…””}”hh‚sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ0/translations/sp_SP/livepatch/cumulative-patches”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubeh}”(h]”h ]”h"]”h$]”h&]”Œcurrent_language”ŒEnglish”uh1h hhŒ _document”hŒsource”NŒline”NubhŒsection”“”)”}”(hhh]”(hŒtitle”“”)”}”(hŒ#Atomic Replace & Cumulative Patches”h]”hŒ#Atomic Replace & Cumulative Patches”…””}”(hh¨hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hh£hžhhŸŒJ/var/lib/git/docbuild/linux/Documentation/livepatch/cumulative-patches.rst”h KubhŒ paragraph”“”)”}”(hXThere might be dependencies between livepatches. If multiple patches need to do different changes to the same function(s) then we need to define an order in which the patches will be installed. And function implementations from any newer livepatch must be done on top of the older ones.”h]”hXThere might be dependencies between livepatches. If multiple patches need to do different changes to the same function(s) then we need to define an order in which the patches will be installed. And function implementations from any newer livepatch must be done on top of the older ones.”…””}”(hh¹hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Khh£hžhubh¸)”}”(hŒuThis might become a maintenance nightmare. Especially when more patches modified the same function in different ways.”h]”hŒuThis might become a maintenance nightmare. Especially when more patches modified the same function in different ways.”…””}”(hhÇhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K hh£hžhubh¸)”}”(hŒãAn elegant solution comes with the feature called "Atomic Replace". It allows creation of so called "Cumulative Patches". They include all wanted changes from all older livepatches and completely replace them in one transition.”h]”hŒëAn elegant solution comes with the feature called “Atomic Replaceâ€. It allows creation of so called “Cumulative Patchesâ€. They include all wanted changes from all older livepatches and completely replace them in one transition.”…””}”(hhÕhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K hh£hžhubh¢)”}”(hhh]”(h§)”}”(hŒUsage”h]”hŒUsage”…””}”(hhæhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hhãhžhhŸh¶h Kubh¸)”}”(hŒ^The atomic replace can be enabled by setting "replace" flag in struct klp_patch, for example::”h]”hŒaThe atomic replace can be enabled by setting “replace†flag in struct klp_patch, for example:”…””}”(hhôhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KhhãhžhubhŒ literal_block”“”)”}”(hŒostatic struct klp_patch patch = { .mod = THIS_MODULE, .objs = objs, .replace = true, };”h]”hŒostatic struct klp_patch patch = { .mod = THIS_MODULE, .objs = objs, .replace = true, };”…””}”hjsbah}”(h]”h ]”h"]”h$]”h&]”Œ xml:space”Œpreserve”uh1jhŸh¶h Khhãhžhubh¸)”}”(hŒ—All processes are then migrated to use the code only from the new patch. Once the transition is finished, all older patches are automatically disabled.”h]”hŒ—All processes are then migrated to use the code only from the new patch. Once the transition is finished, all older patches are automatically disabled.”…””}”(hjhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Khhãhžhubh¸)”}”(hŒqFtrace handlers are transparently removed from functions that are no longer modified by the new cumulative patch.”h]”hŒqFtrace handlers are transparently removed from functions that are no longer modified by the new cumulative patch.”…””}”(hj"hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K!hhãhžhubh¸)”}”(hŒ²As a result, the livepatch authors might maintain sources only for one cumulative patch. It helps to keep the patch consistent while adding or removing various fixes or features.”h]”hŒ²As a result, the livepatch authors might maintain sources only for one cumulative patch. It helps to keep the patch consistent while adding or removing various fixes or features.”…””}”(hj0hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K$hhãhžhubh¸)”}”(hXSUsers could keep only the last patch installed on the system after the transition to has finished. It helps to clearly see what code is actually in use. Also the livepatch might then be seen as a "normal" module that modifies the kernel behavior. The only difference is that it can be updated at runtime without breaking its functionality.”h]”hXWUsers could keep only the last patch installed on the system after the transition to has finished. It helps to clearly see what code is actually in use. Also the livepatch might then be seen as a “normal†module that modifies the kernel behavior. The only difference is that it can be updated at runtime without breaking its functionality.”…””}”(hj>hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K(hhãhžhubeh}”(h]”Œusage”ah ]”h"]”Œusage”ah$]”h&]”uh1h¡hh£hžhhŸh¶h Kubh¢)”}”(hhh]”(h§)”}”(hŒFeatures”h]”hŒFeatures”…””}”(hjWhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hjThžhhŸh¶h K0ubh¸)”}”(hŒThe atomic replace allows:”h]”hŒThe atomic replace allows:”…””}”(hjehžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K2hjThžhubhŒ block_quote”“”)”}”(hX - Atomically revert some functions in a previous patch while upgrading other functions. - Remove eventual performance impact caused by core redirection for functions that are no longer patched. - Decrease user confusion about dependencies between livepatches. ”h]”hŒ bullet_list”“”)”}”(hhh]”(hŒ list_item”“”)”}”(hŒVAtomically revert some functions in a previous patch while upgrading other functions. ”h]”h¸)”}”(hŒUAtomically revert some functions in a previous patch while upgrading other functions.”h]”hŒUAtomically revert some functions in a previous patch while upgrading other functions.”…””}”(hj„hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K4hj€ubah}”(h]”h ]”h"]”h$]”h&]”uh1j~hj{ubj)”}”(hŒhRemove eventual performance impact caused by core redirection for functions that are no longer patched. ”h]”h¸)”}”(hŒgRemove eventual performance impact caused by core redirection for functions that are no longer patched.”h]”hŒgRemove eventual performance impact caused by core redirection for functions that are no longer patched.”…””}”(hjœhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K7hj˜ubah}”(h]”h ]”h"]”h$]”h&]”uh1j~hj{ubj)”}”(hŒADecrease user confusion about dependencies between livepatches. ”h]”h¸)”}”(hŒ?Decrease user confusion about dependencies between livepatches.”h]”hŒ?Decrease user confusion about dependencies between livepatches.”…””}”(hj´hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K:hj°ubah}”(h]”h ]”h"]”h$]”h&]”uh1j~hj{ubeh}”(h]”h ]”h"]”h$]”h&]”Œbullet”Œ-”uh1jyhŸh¶h K4hjuubah}”(h]”h ]”h"]”h$]”h&]”uh1jshŸh¶h K4hjThžhubeh}”(h]”Œfeatures”ah ]”h"]”Œfeatures”ah$]”h&]”uh1h¡hh£hžhhŸh¶h K0ubh¢)”}”(hhh]”(h§)”}”(hŒ Limitations:”h]”hŒ Limitations:”…””}”(hjáhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hjÞhžhhŸh¶h K>ubjt)”}”(hXý- Once the operation finishes, there is no straightforward way to reverse it and restore the replaced patches atomically. A good practice is to set .replace flag in any released livepatch. Then re-adding an older livepatch is equivalent to downgrading to that patch. This is safe as long as the livepatches do _not_ do extra modifications in (un)patching callbacks or in the module_init() or module_exit() functions, see below. Also note that the replaced patch can be removed and loaded again only when the transition was not forced. - Only the (un)patching callbacks from the _new_ cumulative livepatch are executed. Any callbacks from the replaced patches are ignored. In other words, the cumulative patch is responsible for doing any actions that are necessary to properly replace any older patch. As a result, it might be dangerous to replace newer cumulative patches by older ones. The old livepatches might not provide the necessary callbacks. This might be seen as a limitation in some scenarios. But it makes life easier in many others. Only the new cumulative livepatch knows what fixes/features are added/removed and what special actions are necessary for a smooth transition. In any case, it would be a nightmare to think about the order of the various callbacks and their interactions if the callbacks from all enabled patches were called. - There is no special handling of shadow variables. Livepatch authors must create their own rules how to pass them from one cumulative patch to the other. Especially that they should not blindly remove them in module_exit() functions. A good practice might be to remove shadow variables in the post-unpatch callback. It is called only when the livepatch is properly disabled.”h]”jz)”}”(hhh]”(j)”}”(hXOnce the operation finishes, there is no straightforward way to reverse it and restore the replaced patches atomically. A good practice is to set .replace flag in any released livepatch. Then re-adding an older livepatch is equivalent to downgrading to that patch. This is safe as long as the livepatches do _not_ do extra modifications in (un)patching callbacks or in the module_init() or module_exit() functions, see below. Also note that the replaced patch can be removed and loaded again only when the transition was not forced. ”h]”(h¸)”}”(hŒwOnce the operation finishes, there is no straightforward way to reverse it and restore the replaced patches atomically.”h]”hŒwOnce the operation finishes, there is no straightforward way to reverse it and restore the replaced patches atomically.”…””}”(hjúhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K@hjöubh¸)”}”(hX1A good practice is to set .replace flag in any released livepatch. Then re-adding an older livepatch is equivalent to downgrading to that patch. This is safe as long as the livepatches do _not_ do extra modifications in (un)patching callbacks or in the module_init() or module_exit() functions, see below.”h]”hX1A good practice is to set .replace flag in any released livepatch. Then re-adding an older livepatch is equivalent to downgrading to that patch. This is safe as long as the livepatches do _not_ do extra modifications in (un)patching callbacks or in the module_init() or module_exit() functions, see below.”…””}”(hjhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KChjöubh¸)”}”(hŒjAlso note that the replaced patch can be removed and loaded again only when the transition was not forced.”h]”hŒjAlso note that the replaced patch can be removed and loaded again only when the transition was not forced.”…””}”(hjhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KIhjöubeh}”(h]”h ]”h"]”h$]”h&]”uh1j~hjóubj)”}”(hX5Only the (un)patching callbacks from the _new_ cumulative livepatch are executed. Any callbacks from the replaced patches are ignored. In other words, the cumulative patch is responsible for doing any actions that are necessary to properly replace any older patch. As a result, it might be dangerous to replace newer cumulative patches by older ones. The old livepatches might not provide the necessary callbacks. This might be seen as a limitation in some scenarios. But it makes life easier in many others. Only the new cumulative livepatch knows what fixes/features are added/removed and what special actions are necessary for a smooth transition. In any case, it would be a nightmare to think about the order of the various callbacks and their interactions if the callbacks from all enabled patches were called. ”h]”(h¸)”}”(hŒ†Only the (un)patching callbacks from the _new_ cumulative livepatch are executed. Any callbacks from the replaced patches are ignored.”h]”hŒ†Only the (un)patching callbacks from the _new_ cumulative livepatch are executed. Any callbacks from the replaced patches are ignored.”…””}”(hj.hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KMhj*ubh¸)”}”(hŒIn other words, the cumulative patch is responsible for doing any actions that are necessary to properly replace any older patch.”h]”hŒIn other words, the cumulative patch is responsible for doing any actions that are necessary to properly replace any older patch.”…””}”(hj<hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KPhj*ubh¸)”}”(hŒ”As a result, it might be dangerous to replace newer cumulative patches by older ones. The old livepatches might not provide the necessary callbacks.”h]”hŒ”As a result, it might be dangerous to replace newer cumulative patches by older ones. The old livepatches might not provide the necessary callbacks.”…””}”(hjJhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KShj*ubh¸)”}”(hŒìThis might be seen as a limitation in some scenarios. But it makes life easier in many others. Only the new cumulative livepatch knows what fixes/features are added/removed and what special actions are necessary for a smooth transition.”h]”hŒìThis might be seen as a limitation in some scenarios. But it makes life easier in many others. Only the new cumulative livepatch knows what fixes/features are added/removed and what special actions are necessary for a smooth transition.”…””}”(hjXhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KVhj*ubh¸)”}”(hŒ¤In any case, it would be a nightmare to think about the order of the various callbacks and their interactions if the callbacks from all enabled patches were called.”h]”hŒ¤In any case, it would be a nightmare to think about the order of the various callbacks and their interactions if the callbacks from all enabled patches were called.”…””}”(hjfhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K[hj*ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j~hjóubj)”}”(hXvThere is no special handling of shadow variables. Livepatch authors must create their own rules how to pass them from one cumulative patch to the other. Especially that they should not blindly remove them in module_exit() functions. A good practice might be to remove shadow variables in the post-unpatch callback. It is called only when the livepatch is properly disabled.”h]”(h¸)”}”(hŒèThere is no special handling of shadow variables. Livepatch authors must create their own rules how to pass them from one cumulative patch to the other. Especially that they should not blindly remove them in module_exit() functions.”h]”hŒèThere is no special handling of shadow variables. Livepatch authors must create their own rules how to pass them from one cumulative patch to the other. Especially that they should not blindly remove them in module_exit() functions.”…””}”(hj~hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K`hjzubh¸)”}”(hŒŒA good practice might be to remove shadow variables in the post-unpatch callback. It is called only when the livepatch is properly disabled.”h]”hŒŒA good practice might be to remove shadow variables in the post-unpatch callback. It is called only when the livepatch is properly disabled.”…””}”(hjŒhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Kehjzubeh}”(h]”h ]”h"]”h$]”h&]”uh1j~hjóubeh}”(h]”h ]”h"]”h$]”h&]”jÎjÏuh1jyhŸh¶h K@hjïubah}”(h]”h ]”h"]”h$]”h&]”uh1jshŸh¶h K@hjÞhžhubeh}”(h]”Œ limitations”ah ]”h"]”Œ limitations:”ah$]”h&]”uh1h¡hh£hžhhŸh¶h K>ubeh}”(h]”Œ!atomic-replace-cumulative-patches”ah ]”h"]”Œ#atomic replace & cumulative patches”ah$]”h&]”uh1h¡hhhžhhŸh¶h Kubeh}”(h]”h ]”h"]”h$]”h&]”Œsource”h¶uh1hŒcurrent_source”NŒ current_line”NŒsettings”Œdocutils.frontend”ŒValues”“”)”}”(h¦NŒ generator”NŒ datestamp”NŒ source_link”NŒ source_url”NŒ toc_backlinks”Œentry”Œfootnote_backlinks”KŒ sectnum_xform”KŒstrip_comments”NŒstrip_elements_with_classes”NŒ strip_classes”NŒ report_level”KŒ halt_level”KŒexit_status_level”KŒdebug”NŒwarning_stream”NŒ traceback”ˆŒinput_encoding”Œ utf-8-sig”Œinput_encoding_error_handler”Œstrict”Œoutput_encoding”Œutf-8”Œoutput_encoding_error_handler”jߌerror_encoding”Œutf-8”Œerror_encoding_error_handler”Œbackslashreplace”Œ language_code”Œen”Œrecord_dependencies”NŒconfig”NŒ id_prefix”hŒauto_id_prefix”Œid”Œ dump_settings”NŒdump_internals”NŒdump_transforms”NŒdump_pseudo_xml”NŒexpose_internals”NŒstrict_visitor”NŒ_disable_config”NŒ_source”h¶Œ _destination”NŒ _config_files”]”Œ7/var/lib/git/docbuild/linux/Documentation/docutils.conf”aŒfile_insertion_enabled”ˆŒ raw_enabled”KŒline_length_limit”M'Œpep_references”NŒ pep_base_url”Œhttps://peps.python.org/”Œpep_file_url_template”Œpep-%04d”Œrfc_references”NŒ rfc_base_url”Œ&https://datatracker.ietf.org/doc/html/”Œ tab_width”KŒtrim_footnote_reference_space”‰Œsyntax_highlight”Œlong”Œ smart_quotes”ˆŒsmartquotes_locales”]”Œcharacter_level_inline_markup”‰Œdoctitle_xform”‰Œ docinfo_xform”KŒsectsubtitle_xform”‰Œ image_loading”Œlink”Œembed_stylesheet”‰Œcloak_email_addresses”ˆŒsection_self_link”‰Œenv”NubŒreporter”NŒindirect_targets”]”Œsubstitution_defs”}”Œsubstitution_names”}”Œrefnames”}”Œrefids”}”Œnameids”}”(j¹j¶jQjNjÛjØj±j®uŒ nametypes”}”(j¹‰jQ‰jÛ‰j±‰uh}”(j¶h£jNhãjØjTj®jÞuŒ footnote_refs”}”Œ citation_refs”}”Œ autofootnotes”]”Œautofootnote_refs”]”Œsymbol_footnotes”]”Œsymbol_footnote_refs”]”Œ footnotes”]”Œ citations”]”Œautofootnote_start”KŒsymbol_footnote_start”KŒ id_counter”Œ collections”ŒCounter”“”}”…”R”Œparse_messages”]”Œtransform_messages”]”Œ transformer”NŒ include_log”]”Œ decoration”Nhžhub.