Re: [RFC v2 00/16] Live Update Orchestrator
From: Mike Rapoport
Date: Mon May 26 2025 - 02:33:08 EST
(cc'ing linux-api)
On Thu, May 15, 2025 at 06:23:04PM +0000, Pasha Tatashin wrote:
> This v2 series introduces the LUO, a kernel subsystem designed to
> facilitate live kernel updates with minimal downtime,
> particularly in cloud delplyoments aiming to update without fully
> disrupting running virtual machines.
>
> This series builds upon KHO framework [1] by adding programmatic
> control over KHO's lifecycle and leveraging KHO for persisting LUO's
> own metadata across the kexec boundary. The git branch for this series
> can be found at:
> https://github.com/googleprodkernel/linux-liveupdate/tree/luo/rfc-v2
>
> Changelog from v1:
> - Control Interface: Shifted from sysfs-based control
> (/sys/kernel/liveupdate/{prepare,finish}) to an ioctl interface
> (/dev/liveupdate). Sysfs is now primarily for monitoring the state.
> - Event/State Renaming: LIVEUPDATE_REBOOT event/phase is now
> LIVEUPDATE_FREEZE.
> - FD Preservation: A new component for preserving file descriptors.
> Subsystem Registration: A formal mechanism for kernel subsystems
> to participate.
> - Device Layer: removed device list handling from this series, it is
> going to be added separately.
> - Selftests: Kernel-side selftest hooks and userspace selftests are
> now included.
> KHO Enhancements:
> - KHO debugfs became optional, and kernel APIs for finalize/abort
> were added (driven by LUO's needs).
> - KHO unpreserve functions were also added.
>
> What is Live Update?
> Live Update is a specialized reboot process where selected kernel
> resources (memory, file descriptors, and eventually devices) are kept
> operational or their state preserved across a kernel transition (e.g.,
> via kexec). For certain resources, DMA and interrupt activity might
> continue with minimal interruption during the kernel reboot.
>
> LUO v2 Overview:
> LUO v2 provides a framework for coordinating live updates. It features:
> State Machine: Manages the live update process through states:
> NORMAL, PREPARED, FROZEN, UPDATED.
>
> KHO Integration:
>
> LUO programmatically drives KHO's finalization and abort sequences.
> KHO's debugfs interface is now optional configured via
> CONFIG_KEXEC_HANDOVER_DEBUG.
>
> LUO preserves its own metadata via KHO's kho_add_subtree and
> kho_preserve_phys() mechanisms.
>
> Subsystem Participation: A callback API liveupdate_register_subsystem()
> allows kernel subsystems (e.g., KVM, IOMMU, VFIO, PCI) to register
> handlers for LUO events (PREPARE, FREEZE, FINISH, CANCEL) and persist a
> u64 payload via the LUO FDT.
>
> File Descriptor Preservation: Infrastructure
> liveupdate_register_filesystem, luo_register_file, luo_retrieve_file to
> allow specific types of file descriptors (e.g., memfd, vfio) to be
> preserved and restored.
>
> Handlers for specific file types can be registered to manage their
> preservation and restoration, storing a u64 payload in the LUO FDT.
>
> Example WIP for memfd preservation can be found here [2].
>
> User-space Interface:
>
> ioctl (/dev/liveupdate): The primary control interface for
> triggering LUO state transitions (prepare, freeze, finish, cancel)
> and managing the preservation/restoration of file descriptors.
> Access requires CAP_SYS_ADMIN.
>
> sysfs (/sys/kernel/liveupdate/state): A read-only interface for
> monitoring the current LUO state. This allows userspace services to
> track progress and coordinate actions.
>
> Selftests: Includes kernel-side hooks and userspace selftests to
> verify core LUO functionality, particularly subsystem registration and
> basic state transitions.
>
> LUO State Machine and Events:
>
> NORMAL: Default operational state.
> PREPARED: Initial preparation complete after LIVEUPDATE_PREPARE
> event. Subsystems have saved initial state.
> FROZEN: Final "blackout window" state after LIVEUPDATE_FREEZE
> event, just before kexec. Workloads must be suspended.
> UPDATED: Next kernel has booted via live update. Awaiting restoration
> and LIVEUPDATE_FINISH.
>
> Events:
> LIVEUPDATE_PREPARE: Prepare for reboot, serialize state.
> LIVEUPDATE_FREEZE: Final opportunity to save state before kexec.
> LIVEUPDATE_FINISH: Post-reboot cleanup in the next kernel.
> LIVEUPDATE_CANCEL: Abort prepare or freeze, revert changes.
>
> [1] https://lore.kernel.org/all/20250509074635.3187114-1-changyuanl@xxxxxxxxxx
> https://github.com/googleprodkernel/linux-liveupdate/tree/luo/kho-v8
> [2] https://github.com/googleprodkernel/linux-liveupdate/tree/luo/memfd-v0.1
>
> RFC v1: https://lore.kernel.org/all/20250320024011.2995837-1-pasha.tatashin@xxxxxxxxxx
>
> Changyuan Lyu (1):
> kho: add kho_unpreserve_folio/phys
>
> Pasha Tatashin (15):
> kho: make debugfs interface optional
> kho: allow to drive kho from within kernel
> luo: luo_core: Live Update Orchestrator
> luo: luo_core: integrate with KHO
> luo: luo_subsystems: add subsystem registration
> luo: luo_subsystems: implement subsystem callbacks
> luo: luo_files: add infrastructure for FDs
> luo: luo_files: implement file systems callbacks
> luo: luo_ioctl: add ioctl interface
> luo: luo_sysfs: add sysfs state monitoring
> reboot: call liveupdate_reboot() before kexec
> luo: add selftests for subsystems un/registration
> selftests/liveupdate: add subsystem/state tests
> docs: add luo documentation
> MAINTAINERS: add liveupdate entry
>
> .../ABI/testing/sysfs-kernel-liveupdate | 51 ++
> Documentation/admin-guide/index.rst | 1 +
> Documentation/admin-guide/liveupdate.rst | 62 ++
> .../userspace-api/ioctl/ioctl-number.rst | 1 +
> MAINTAINERS | 14 +-
> drivers/misc/Kconfig | 1 +
> drivers/misc/Makefile | 1 +
> drivers/misc/liveupdate/Kconfig | 60 ++
> drivers/misc/liveupdate/Makefile | 7 +
> drivers/misc/liveupdate/luo_core.c | 547 +++++++++++++++
> drivers/misc/liveupdate/luo_files.c | 664 ++++++++++++++++++
> drivers/misc/liveupdate/luo_internal.h | 59 ++
> drivers/misc/liveupdate/luo_ioctl.c | 203 ++++++
> drivers/misc/liveupdate/luo_selftests.c | 283 ++++++++
> drivers/misc/liveupdate/luo_selftests.h | 23 +
> drivers/misc/liveupdate/luo_subsystems.c | 413 +++++++++++
> drivers/misc/liveupdate/luo_sysfs.c | 92 +++
> include/linux/kexec_handover.h | 27 +
> include/linux/liveupdate.h | 214 ++++++
> include/uapi/linux/liveupdate.h | 324 +++++++++
> kernel/Kconfig.kexec | 10 +
> kernel/Makefile | 1 +
> kernel/kexec_handover.c | 343 +++------
> kernel/kexec_handover_debug.c | 237 +++++++
> kernel/kexec_handover_internal.h | 74 ++
> kernel/reboot.c | 4 +
> tools/testing/selftests/Makefile | 1 +
> tools/testing/selftests/liveupdate/.gitignore | 1 +
> tools/testing/selftests/liveupdate/Makefile | 7 +
> tools/testing/selftests/liveupdate/config | 6 +
> .../testing/selftests/liveupdate/liveupdate.c | 440 ++++++++++++
> 31 files changed, 3933 insertions(+), 238 deletions(-)
> create mode 100644 Documentation/ABI/testing/sysfs-kernel-liveupdate
> create mode 100644 Documentation/admin-guide/liveupdate.rst
> create mode 100644 drivers/misc/liveupdate/Kconfig
> create mode 100644 drivers/misc/liveupdate/Makefile
> create mode 100644 drivers/misc/liveupdate/luo_core.c
> create mode 100644 drivers/misc/liveupdate/luo_files.c
> create mode 100644 drivers/misc/liveupdate/luo_internal.h
> create mode 100644 drivers/misc/liveupdate/luo_ioctl.c
> create mode 100644 drivers/misc/liveupdate/luo_selftests.c
> create mode 100644 drivers/misc/liveupdate/luo_selftests.h
> create mode 100644 drivers/misc/liveupdate/luo_subsystems.c
> create mode 100644 drivers/misc/liveupdate/luo_sysfs.c
> create mode 100644 include/linux/liveupdate.h
> create mode 100644 include/uapi/linux/liveupdate.h
> create mode 100644 kernel/kexec_handover_debug.c
> create mode 100644 kernel/kexec_handover_internal.h
> create mode 100644 tools/testing/selftests/liveupdate/.gitignore
> create mode 100644 tools/testing/selftests/liveupdate/Makefile
> create mode 100644 tools/testing/selftests/liveupdate/config
> create mode 100644 tools/testing/selftests/liveupdate/liveupdate.c
>
> --
> 2.49.0.1101.gccaa498523-goog
>
--
Sincerely yours,
Mike.