Thread (5 messages) 5 messages, 3 authors, 2021-08-28

Re: announcing LLpatch: arch-independent live-patch creation

From: Madhavan T. Venkataraman <hidden>
Date: 2021-08-27 02:01:26 


On 8/26/21 5:34 PM, Peter Swain wrote:
We have a new userspace live-patch creation tool, LLpatch, paralleling
kpatch-build, but without requiring its arch-specific code for ELF
analysis and manipulation.

We considered extending kpatch-build to a new target architecture
(arm64), cluttering its code with details of another architecture’s
quirky instruction sequences & relocation modes, and suspected there
might be a better way.


The LLVM suite already knows these details, and offers llvm-diff, for
comparing generated code at the LLVM-IR (internal representation)
level, which has access to much more of the code’s _intent_ than
kpatch’s create-diff-object is able to infer from ELF-level
differences.


Building on this, LLpatch adds namespace analysis, further
dead/duplicate code elimination, and creation of patch modules
compatible with kernel’s livepatch API.

Arm64 is supported - testing against a livepatch-capable v5.12 arm64
kernel, using the preliminary reliable-stacktrace work from
madvenka@linux.microsoft.com, LLpatch modules for x86 and arm64 behave
identically to the x86 kpatch-build modules, without requiring any
additional arch-specific code.

On x86, where both tools are available, LLpatch produces smaller patch
modules than kpatch, and already correctly handles most of the kpatch
test cases, without any arch-specific code. This suggests it can work
with any clang-supported kernel architecture.


Work is ongoing, collaboration is welcome.


See https://github.com/google/LLpatch for further details on the
technology and its benefits.


Yonghyun Hwang (yonghyun@google.com freeaion@gmail.com)
Bill Wendling (morbo@google.com isanbard@gmail.com)
Pete Swain (swine@google.com swine@pobox.com)
This is great.

I have implemented an alternative method in objtool to do stack
validation for livepatch purposes. I have successfully built a livepatch
kernel and tested it. I have run all the livepatch tests in the
linux kernel sources successfully.

But I needed kpatch (or something similar) to do more testing. From Josh,
I came to know that a port to ARM64 exists for kpatch. But I was not sure
how well ARM64 was supported.

Since your tool already works on ARM64, I could really use your tool for
my testing. I will study it and contact you with any questions I might
have or any help that I might need. If everything works, I can give
you a "Tested-by".

Thanks.

Madhavan
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help