One Line Summary

Abstract

Currently, livepatch allows patching of modules before they are loaded. This means we are able to load a patch module that patches many modules before those modules themselves are loaded. This grants us advantages such as being able to load a single patch module that can patch/unpatch modules as they come and go. This has however introduced a number of complications due to the fact livepatch circumvents module dependencies. Namely, this has required livepatch to implement workarounds such as delaying symbol resolution, delaying application of relocations, (formerly) relying on notifiers, delaying application of alternatives/paravirt instructions, and so on.

Discuss and explore the pros and cons of enforcing hard module dependencies for patch modules. In other words, what are the potential advantages and disadvantages of requiring to-be-patched module(s) to be loaded before the corresponding patch module?

Presentation Materials

Speaker

• Jessica Yu

  Biography

  Jessica is a kernel developer at Red Hat, where she actively works on kpatch/livepatch.