Re: [PATCH v7 02/22] liveupdate: luo_core: integrate with KHO
From: Mike Rapoport <rppt@kernel.org>
Date: 2025-11-23 11:27:53
Also in:
linux-doc, linux-fsdevel, linux-mm, lkml
On Sat, Nov 22, 2025 at 05:23:29PM -0500, Pasha Tatashin wrote:
quoted hunk ↗ jump to hunk
Integrate the LUO with the KHO framework to enable passing LUO state across a kexec reboot. This patch implements the lifecycle integration with KHO: 1. Incoming State: During early boot (`early_initcall`), LUO checks if KHO is active. If so, it retrieves the "LUO" subtree, verifies the "luo-v1" compatibility string, and reads the `liveupdate-number` to track the update count. 2. Outgoing State: During late initialization (`late_initcall`), LUO allocates a new FDT for the next kernel, populates it with the basic header (compatible string and incremented update number), and registers it with KHO (`kho_add_subtree`). 3. Finalization: The `liveupdate_reboot()` notifier is updated to invoke `kho_finalize()`. This ensures that all memory segments marked for preservation are properly serialized before the kexec jump. LUO now depends on `CONFIG_KEXEC_HANDOVER`. Signed-off-by: Pasha Tatashin <pasha.tatashin@soleen.com> --- include/linux/kho/abi/luo.h | 54 +++++++++++ kernel/liveupdate/luo_core.c | 154 ++++++++++++++++++++++++++++++- kernel/liveupdate/luo_internal.h | 22 +++++ 3 files changed, 229 insertions(+), 1 deletion(-) create mode 100644 include/linux/kho/abi/luo.h create mode 100644 kernel/liveupdate/luo_internal.hdiff --git a/include/linux/kho/abi/luo.h b/include/linux/kho/abi/luo.h new file mode 100644 index 000000000000..8523b3ff82d1 --- /dev/null +++ b/include/linux/kho/abi/luo.h@@ -0,0 +1,54 @@ +/* SPDX-License-Identifier: GPL-2.0 */ + +/* + * Copyright (c) 2025, Google LLC. + * Pasha Tatashin <pasha.tatashin@soleen.com> + */ + +/** + * DOC: Live Update Orchestrator ABI + * + * This header defines the stable Application Binary Interface used by the + * Live Update Orchestrator to pass state from a pre-update kernel to a + * post-update kernel. The ABI is built upon the Kexec HandOver framework + * and uses a Flattened Device Tree to describe the preserved data. + * + * This interface is a contract. Any modification to the FDT structure, node + * properties, compatible strings, or the layout of the `__packed` serialization + * structures defined here constitutes a breaking change. Such changes require + * incrementing the version number in the relevant `_COMPATIBLE` string to + * prevent a new kernel from misinterpreting data from an old kernel.
From v6 thread:
quoted
I'd add a sentence that stresses that ABI changes are possible as long they include changes to the FDT version. This is indeed implied by the last paragraph, but I think it's worth spelling it explicitly. Another thing that I think this should mention is that compatibility is only guaranteed for the kernels that use the same ABI version.Sure, I will add both.
Looks like it fell between the cracks :/
+static int __init liveupdate_early_init(void)
+{
+ int err;
+
+ err = luo_early_startup();
+ if (err) {
+ luo_global.enabled = false;
+ luo_restore_fail("The incoming tree failed to initialize properly [%pe], disabling live update\n",
+ ERR_PTR(err));What's wrong with a plain panic()?
+ } + + return err; +} +early_initcall(liveupdate_early_init); +
...
int liveupdate_reboot(void)
{
- return 0;
+ int err;
+
+ if (!liveupdate_enabled())
+ return 0;
+
+ err = kho_finalize();
+ if (err) {
+ pr_err("kho_finalize failed %d\n", err);Nit: why not %pe?
quoted hunk ↗ jump to hunk
+ /* + * kho_finalize() may return libfdt errors, to aboid passing to + * userspace unknown errors, change this to EAGAIN. + */ + err = -EAGAIN; + } + + return err; } /**diff --git a/kernel/liveupdate/luo_internal.h b/kernel/liveupdate/luo_internal.h new file mode 100644 index 000000000000..8612687b2000 --- /dev/null +++ b/kernel/liveupdate/luo_internal.h@@ -0,0 +1,22 @@ +/* SPDX-License-Identifier: GPL-2.0 */ + +/* + * Copyright (c) 2025, Google LLC. + * Pasha Tatashin <pasha.tatashin@soleen.com> + */ + +#ifndef _LINUX_LUO_INTERNAL_H +#define _LINUX_LUO_INTERNAL_H + +#include <linux/liveupdate.h> + +/* + * Handles a deserialization failure: devices and memory is in unpredictable + * state. + * + * Continuing the boot process after a failure is dangerous because it could + * lead to leaks of private data. + */ +#define luo_restore_fail(__fmt, ...) panic(__fmt, ##__VA_ARGS__)
Let's add this when we have more than a single callsite. Just use panic() in liveupdate_early_init() and add the comment there.
+ +#endif /* _LINUX_LUO_INTERNAL_H */ -- 2.52.0.rc2.455.g230fcf2819-goog
-- Sincerely yours, Mike.