Commit 1aece821 authored by Pasha Tatashin's avatar Pasha Tatashin Committed by Andrew Morton
Browse files

liveupdate: luo_core: integrate with KHO 

Integrate the LUO with the KHO framework to enable passing LUO state
across a kexec reboot.

This patch implements the lifecycle integration with KHO:

1. Incoming State: During early boot (`early_initcall`), LUO checks if
   KHO is active. If so, it retrieves the "LUO" subtree, verifies the
   "luo-v1" compatibility string, and reads the `liveupdate-number` to
   track the update count.

2. Outgoing State: During late initialization (`late_initcall`), LUO
   allocates a new FDT for the next kernel, populates it with the basic
   header (compatible string and incremented update number), and
   registers it with KHO (`kho_add_subtree`).

3. Finalization: The `liveupdate_reboot()` notifier is updated to invoke
   `kho_finalize()`. This ensures that all memory segments marked for
   preservation are properly serialized before the kexec jump.

Link: https://lkml.kernel.org/r/20251125165850.3389713-3-pasha.tatashin@soleen.com


Signed-off-by: default avatarPasha Tatashin <pasha.tatashin@soleen.com>
Reviewed-by: default avatarPratyush Yadav <pratyush@kernel.org>
Tested-by: default avatarDavid Matlack <dmatlack@google.com>
Reviewed-by: default avatarMike Rapoport (Microsoft) <rppt@kernel.org>
Cc: Aleksander Lobakin <aleksander.lobakin@intel.com>
Cc: Alexander Graf <graf@amazon.com>
Cc: Alice Ryhl <aliceryhl@google.com>
Cc: Andriy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: anish kumar <yesanishhere@gmail.com>
Cc: Anna Schumaker <anna.schumaker@oracle.com>
Cc: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Cc: Bjorn Helgaas <bhelgaas@google.com>
Cc: Borislav Betkov <bp@alien8.de>
Cc: Chanwoo Choi <cw00.choi@samsung.com>
Cc: Chen Ridong <chenridong@huawei.com>
Cc: Chris Li <chrisl@kernel.org>
Cc: Christian Brauner <brauner@kernel.org>
Cc: Daniel Wagner <wagi@kernel.org>
Cc: Danilo Krummrich <dakr@kernel.org>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: David Hildenbrand <david@redhat.com>
Cc: David Jeffery <djeffery@redhat.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Guixin Liu <kanie@linux.alibaba.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Ira Weiny <ira.weiny@intel.com>
Cc: Jann Horn <jannh@google.com>
Cc: Jason Gunthorpe <jgg@nvidia.com>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Joanthan Cameron <Jonathan.Cameron@huawei.com>
Cc: Joel Granados <joel.granados@kernel.org>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Lennart Poettering <lennart@poettering.net>
Cc: Leon Romanovsky <leon@kernel.org>
Cc: Leon Romanovsky <leonro@nvidia.com>
Cc: Lukas Wunner <lukas@wunner.de>
Cc: Marc Rutland <mark.rutland@arm.com>
Cc: Masahiro Yamada <masahiroy@kernel.org>
Cc: Matthew Maurer <mmaurer@google.com>
Cc: Miguel Ojeda <ojeda@kernel.org>
Cc: Myugnjoo Ham <myungjoo.ham@samsung.com>
Cc: Parav Pandit <parav@nvidia.com>
Cc: Pratyush Yadav <ptyadav@amazon.de>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: Roman Gushchin <roman.gushchin@linux.dev>
Cc: Saeed Mahameed <saeedm@nvidia.com>
Cc: Samiullah Khawaja <skhawaja@google.com>
Cc: Song Liu <song@kernel.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Stuart Hayes <stuart.w.hayes@gmail.com>
Cc: Tejun Heo <tj@kernel.org>
Cc: Thomas Gleinxer <tglx@linutronix.de>
Cc: Thomas Weißschuh <linux@weissschuh.net>
Cc: Vincent Guittot <vincent.guittot@linaro.org>
Cc: William Tu <witu@nvidia.com>
Cc: Yoann Congal <yoann.congal@smile.fr>
Cc: Zhu Yanjun <yanjun.zhu@linux.dev>
Cc: Zijun Hu <quic_zijuhu@quicinc.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
parent 9e2fd062

include/linux/kho/abi/luo.h

0 → 100644
+58 −0
Original line number Diff line number Diff line 
/* SPDX-License-Identifier: GPL-2.0 */



/*

 * Copyright (c) 2025, Google LLC.

 * Pasha Tatashin <pasha.tatashin@soleen.com>

 */



/**

 * DOC: Live Update Orchestrator ABI

 *

 * This header defines the stable Application Binary Interface used by the

 * Live Update Orchestrator to pass state from a pre-update kernel to a

 * post-update kernel. The ABI is built upon the Kexec HandOver framework

 * and uses a Flattened Device Tree to describe the preserved data.

 *

 * This interface is a contract. Any modification to the FDT structure, node

 * properties, compatible strings, or the layout of the `__packed` serialization

 * structures defined here constitutes a breaking change. Such changes require

 * incrementing the version number in the relevant `_COMPATIBLE` string to

 * prevent a new kernel from misinterpreting data from an old kernel.

 *

 * Changes are allowed provided the compatibility version is incremented;

 * however, backward/forward compatibility is only guaranteed for kernels

 * supporting the same ABI version.

 *

 * FDT Structure Overview:

 *   The entire LUO state is encapsulated within a single KHO entry named "LUO".

 *   This entry contains an FDT with the following layout:

 *

 *   .. code-block:: none

 *

 *     / {

 *         compatible = "luo-v1";

 *         liveupdate-number = <...>;

 *     };

 *

 * Main LUO Node (/):

 *

 *   - compatible: "luo-v1"

 *     Identifies the overall LUO ABI version.

 *   - liveupdate-number: u64

 *     A counter tracking the number of successful live updates performed.

 */



#ifndef _LINUX_KHO_ABI_LUO_H

#define _LINUX_KHO_ABI_LUO_H



/*

 * The LUO FDT hooks all LUO state for sessions, fds, etc.

 * In the root it also carries "liveupdate-number" 64-bit property that

 * corresponds to the number of live-updates performed on this machine.

 */

#define LUO_FDT_SIZE		PAGE_SIZE

#define LUO_FDT_KHO_ENTRY_NAME	"LUO"

#define LUO_FDT_COMPATIBLE	"luo-v1"

#define LUO_FDT_LIVEUPDATE_NUM	"liveupdate-number"



#endif /* _LINUX_KHO_ABI_LUO_H */

kernel/liveupdate/luo_core.c

+153 −1
Original line number Diff line number Diff line
@@ -41,12 +41,26 @@ 


#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt



#include <linux/io.h>

#include <linux/kexec_handover.h>

#include <linux/kho/abi/luo.h>

#include <linux/kobject.h>

#include <linux/libfdt.h>

#include <linux/liveupdate.h>

#include <linux/miscdevice.h>

#include <linux/mm.h>

#include <linux/sizes.h>

#include <linux/string.h>

#include <linux/unaligned.h>



#include "kexec_handover_internal.h"

#include "luo_internal.h"



static struct {

	bool enabled;

	void *fdt_out;

	void *fdt_in;

	u64 liveupdate_num;

} luo_global;



static int __init early_liveupdate_param(char *buf)
@@ -55,6 +69,129 @@ static int __init early_liveupdate_param(char *buf) 
}

early_param("liveupdate", early_liveupdate_param);



static int __init luo_early_startup(void)

{

	phys_addr_t fdt_phys;

	int err, ln_size;

	const void *ptr;



	if (!kho_is_enabled()) {

		if (liveupdate_enabled())

			pr_warn("Disabling liveupdate because KHO is disabled\n");

		luo_global.enabled = false;

		return 0;

	}



	/* Retrieve LUO subtree, and verify its format. */

	err = kho_retrieve_subtree(LUO_FDT_KHO_ENTRY_NAME, &fdt_phys);

	if (err) {

		if (err != -ENOENT) {

			pr_err("failed to retrieve FDT '%s' from KHO: %pe\n",

			       LUO_FDT_KHO_ENTRY_NAME, ERR_PTR(err));

			return err;

		}



		return 0;

	}



	luo_global.fdt_in = phys_to_virt(fdt_phys);

	err = fdt_node_check_compatible(luo_global.fdt_in, 0,

					LUO_FDT_COMPATIBLE);

	if (err) {

		pr_err("FDT '%s' is incompatible with '%s' [%d]\n",

		       LUO_FDT_KHO_ENTRY_NAME, LUO_FDT_COMPATIBLE, err);



		return -EINVAL;

	}



	ln_size = 0;

	ptr = fdt_getprop(luo_global.fdt_in, 0, LUO_FDT_LIVEUPDATE_NUM,

			  &ln_size);

	if (!ptr || ln_size != sizeof(luo_global.liveupdate_num)) {

		pr_err("Unable to get live update number '%s' [%d]\n",

		       LUO_FDT_LIVEUPDATE_NUM, ln_size);



		return -EINVAL;

	}



	luo_global.liveupdate_num = get_unaligned((u64 *)ptr);

	pr_info("Retrieved live update data, liveupdate number: %lld\n",

		luo_global.liveupdate_num);



	return 0;

}



static int __init liveupdate_early_init(void)

{

	int err;



	err = luo_early_startup();

	if (err) {

		luo_global.enabled = false;

		luo_restore_fail("The incoming tree failed to initialize properly [%pe], disabling live update\n",

				 ERR_PTR(err));

	}



	return err;

}

early_initcall(liveupdate_early_init);



/* Called during boot to create outgoing LUO fdt tree */

static int __init luo_fdt_setup(void)

{

	const u64 ln = luo_global.liveupdate_num + 1;

	void *fdt_out;

	int err;



	fdt_out = kho_alloc_preserve(LUO_FDT_SIZE);

	if (IS_ERR(fdt_out)) {

		pr_err("failed to allocate/preserve FDT memory\n");

		return PTR_ERR(fdt_out);

	}



	err = fdt_create(fdt_out, LUO_FDT_SIZE);

	err |= fdt_finish_reservemap(fdt_out);

	err |= fdt_begin_node(fdt_out, "");

	err |= fdt_property_string(fdt_out, "compatible", LUO_FDT_COMPATIBLE);

	err |= fdt_property(fdt_out, LUO_FDT_LIVEUPDATE_NUM, &ln, sizeof(ln));

	err |= fdt_end_node(fdt_out);

	err |= fdt_finish(fdt_out);

	if (err)

		goto exit_free;



	err = kho_add_subtree(LUO_FDT_KHO_ENTRY_NAME, fdt_out);

	if (err)

		goto exit_free;

	luo_global.fdt_out = fdt_out;



	return 0;



exit_free:

	kho_unpreserve_free(fdt_out);

	pr_err("failed to prepare LUO FDT: %d\n", err);



	return err;

}



/*

 * late initcall because it initializes the outgoing tree that is needed only

 * once userspace starts using /dev/liveupdate.

 */

static int __init luo_late_startup(void)

{

	int err;



	if (!liveupdate_enabled())

		return 0;



	err = luo_fdt_setup();

	if (err)

		luo_global.enabled = false;



	return err;

}

late_initcall(luo_late_startup);



/* Public Functions */



/**
@@ -69,7 +206,22 @@ early_param("liveupdate", early_liveupdate_param); 
 */

int liveupdate_reboot(void)

{

	int err;



	if (!liveupdate_enabled())

		return 0;



	err = kho_finalize();

	if (err) {

		pr_err("kho_finalize failed %d\n", err);

		/*

		 * kho_finalize() may return libfdt errors, to aboid passing to

		 * userspace unknown errors, change this to EAGAIN.

		 */

		err = -EAGAIN;

	}



	return err;

}



/**

kernel/liveupdate/luo_internal.h

0 → 100644
+22 −0
Original line number Diff line number Diff line 
/* SPDX-License-Identifier: GPL-2.0 */



/*

 * Copyright (c) 2025, Google LLC.

 * Pasha Tatashin <pasha.tatashin@soleen.com>

 */



#ifndef _LINUX_LUO_INTERNAL_H

#define _LINUX_LUO_INTERNAL_H



#include <linux/liveupdate.h>



/*

 * Handles a deserialization failure: devices and memory is in unpredictable

 * state.

 *

 * Continuing the boot process after a failure is dangerous because it could

 * lead to leaks of private data.

 */

#define luo_restore_fail(__fmt, ...) panic(__fmt, ##__VA_ARGS__)



#endif /* _LINUX_LUO_INTERNAL_H */