[PATCH v2 0/8] liveupdate: Fix module unloading and unregister API

[Pasha Tatashin]

This patch series addresses an issue with how LUO handles module
reference counting and unregistration during a module unload (e.g.,
via rmmod).

Currently, modules that register live update file handlers are pinned
for the entire duration they are registered. This prevents the modules
from being unloaded gracefully, even when no live update session is in
progress.

Furthermore, if a module is forcefully unloaded, the unregistration
functions return an error (e.g. -EBUSY) if a session is active, which
is ignored by the kernel's module unload path, leaving dangling
pointers in the LUO global lists.

As pointed out by Jason Gunthorpe and Alex Williamson during the review
of the VFIO PCI live update patches [1]:
> "destroy" functions that fail are evil. :)
> IMHO blow up the kernel or something in the core code, you can't stop
> module unloading once it starts so it is pointless to propagate this

To resolve these issues, this series introduces the following changes:
1. Adds read-write semaphores (luo_file_handler_lock, luo_flb_lock, and
   a per-handler flb_lock) to protect the registration lists. This allows
   concurrent access for file preservation without blocking, while still
   preventing traversal races during module unload.
2. Defers FLB module reference counting (try_module_get / module_put)
   so that modules are only pinned when their FLBs are actively used
   in a live update session.
3. Removes module reference counting for file handlers, relying
   on the VFS 'struct file' pinning (via f_op->owner) and safe
   deserialization without concurrent unloads.
4. Removes the global luo_session_quiesce() mechanism since module
   unload behavior now handles active sessions implicitly.
5. Introduces auto-unregistration of FLBs during file handler
   unregistration to prevent leaving dangling resources.
6. Changes the unregistration functions to return void instead of
   an error code.

[1] https://lore.kernel.org/all/20260303210733.GG972761@xxxxxxxxxx

Changelog since v1:
- Restructured the patch series to eliminate intermediate code changes.
- Replaced the "Defer file handler module refcounting" patch with
  "Remove file handler module refcounting" since the VFS 'struct file'
  inherently pins the file handler's module via f_op->owner during
  active sessions, rendering dynamic reference counting unnecessary
  for handlers, as suggested by David Matlack.
- Split the unregister API change into two logical patches: one for
  auto-unregistration of FLBs and another to convert the unregister
  functions to return void.
- Added a patch to clean up the redundant `liveupdate_test_unregister()`
  function in `lib/tests/liveupdate.c`.
- Reordered the patches so that `liveupdate_test_unregister()` is cleanly
  removed before the core API signatures change to return void.

Pasha Tatashin (8):
  liveupdate: Protect file handler list with rwsem
  liveupdate: Protect FLB lists with rwsem
  liveupdate: Remove file handler module refcounting
  liveupdate: Defer FLB module refcounting to active sessions
  liveupdate: Remove luo_session_quiesce()
  liveupdate: Auto unregister FLBs on file handler unregistration
  liveupdate: Remove liveupdate_test_unregister()
  liveupdate: Make unregister functions return void

 include/linux/liveupdate.h       |  17 +--
 kernel/liveupdate/luo_file.c     | 102 ++++++-----------
 kernel/liveupdate/luo_flb.c      | 182 +++++++++++++++++--------------
 kernel/liveupdate/luo_internal.h |   5 +-
 kernel/liveupdate/luo_session.c  |  44 --------
 lib/tests/liveupdate.c           |  18 ---
 6 files changed, 139 insertions(+), 229 deletions(-)


base-commit: 8e5a478b6d6a5bb0a3d52147862b15e4d826af19
-- 
2.53.0.851.ga537e3e6e9-goog