jsauer/torvalds-linux
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2026-01-11 09:00:12 +00:00
Code
torvalds-linux/include/uapi/linux/liveupdate.h
Pasha Tatashin 16cec0d265 liveupdate: luo_session: add ioctls for file preservation 
Introducing the userspace interface and internal logic required to manage
the lifecycle of file descriptors within a session.  Previously, a session
was merely a container; this change makes it a functional management unit.

The following capabilities are added:

A new set of ioctl commands are added, which operate on the file
descriptor returned by CREATE_SESSION. This allows userspace to:
- LIVEUPDATE_SESSION_PRESERVE_FD: Add a file descriptor to a session
  to be preserved across the live update.
- LIVEUPDATE_SESSION_RETRIEVE_FD: Retrieve a preserved file in the
  new kernel using its unique token.
- LIVEUPDATE_SESSION_FINISH: finish session

The session's .release handler is enhanced to be state-aware.  When a
session's file descriptor is closed, it correctly unpreserves the session
based on its current state before freeing all associated file resources.

Link: https://lkml.kernel.org/r/20251125165850.3389713-8-pasha.tatashin@soleen.com
Signed-off-by: Pasha Tatashin <pasha.tatashin@soleen.com>
Reviewed-by: Pratyush Yadav <pratyush@kernel.org>
Reviewed-by: Mike Rapoport (Microsoft) <rppt@kernel.org>
Tested-by: David Matlack <dmatlack@google.com>
Cc: Aleksander Lobakin <aleksander.lobakin@intel.com>
Cc: Alexander Graf <graf@amazon.com>
Cc: Alice Ryhl <aliceryhl@google.com>
Cc: Andriy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: anish kumar <yesanishhere@gmail.com>
Cc: Anna Schumaker <anna.schumaker@oracle.com>
Cc: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Cc: Bjorn Helgaas <bhelgaas@google.com>
Cc: Borislav Betkov <bp@alien8.de>
Cc: Chanwoo Choi <cw00.choi@samsung.com>
Cc: Chen Ridong <chenridong@huawei.com>
Cc: Chris Li <chrisl@kernel.org>
Cc: Christian Brauner <brauner@kernel.org>
Cc: Daniel Wagner <wagi@kernel.org>
Cc: Danilo Krummrich <dakr@kernel.org>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: David Hildenbrand <david@redhat.com>
Cc: David Jeffery <djeffery@redhat.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Guixin Liu <kanie@linux.alibaba.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Ira Weiny <ira.weiny@intel.com>
Cc: Jann Horn <jannh@google.com>
Cc: Jason Gunthorpe <jgg@nvidia.com>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Joanthan Cameron <Jonathan.Cameron@huawei.com>
Cc: Joel Granados <joel.granados@kernel.org>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Lennart Poettering <lennart@poettering.net>
Cc: Leon Romanovsky <leon@kernel.org>
Cc: Leon Romanovsky <leonro@nvidia.com>
Cc: Lukas Wunner <lukas@wunner.de>
Cc: Marc Rutland <mark.rutland@arm.com>
Cc: Masahiro Yamada <masahiroy@kernel.org>
Cc: Matthew Maurer <mmaurer@google.com>
Cc: Miguel Ojeda <ojeda@kernel.org>
Cc: Myugnjoo Ham <myungjoo.ham@samsung.com>
Cc: Parav Pandit <parav@nvidia.com>
Cc: Pratyush Yadav <ptyadav@amazon.de>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: Roman Gushchin <roman.gushchin@linux.dev>
Cc: Saeed Mahameed <saeedm@nvidia.com>
Cc: Samiullah Khawaja <skhawaja@google.com>
Cc: Song Liu <song@kernel.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Stuart Hayes <stuart.w.hayes@gmail.com>
Cc: Tejun Heo <tj@kernel.org>
Cc: Thomas Gleinxer <tglx@linutronix.de>
Cc: Thomas Weißschuh <linux@weissschuh.net>
Cc: Vincent Guittot <vincent.guittot@linaro.org>
Cc: William Tu <witu@nvidia.com>
Cc: Yoann Congal <yoann.congal@smile.fr>
Cc: Zhu Yanjun <yanjun.zhu@linux.dev>
Cc: Zijun Hu <quic_zijuhu@quicinc.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2025-11-27 14:24:39 -08:00

217 lines
8.3 KiB
C
Raw Blame History

/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
/*
* Userspace interface for /dev/liveupdate
* Live Update Orchestrator
*
* Copyright (c) 2025, Google LLC.
* Pasha Tatashin <pasha.tatashin@soleen.com>
*/
#ifndef _UAPI_LIVEUPDATE_H
#define _UAPI_LIVEUPDATE_H
#include <linux/ioctl.h>
#include <linux/types.h>
/**
* DOC: General ioctl format
*
* The ioctl interface follows a general format to allow for extensibility. Each
* ioctl is passed in a structure pointer as the argument providing the size of
* the structure in the first u32. The kernel checks that any structure space
* beyond what it understands is 0. This allows userspace to use the backward
* compatible portion while consistently using the newer, larger, structures.
*
* ioctls use a standard meaning for common errnos:
*
* - ENOTTY: The IOCTL number itself is not supported at all
* - E2BIG: The IOCTL number is supported, but the provided structure has
* non-zero in a part the kernel does not understand.
* - EOPNOTSUPP: The IOCTL number is supported, and the structure is
* understood, however a known field has a value the kernel does not
* understand or support.
* - EINVAL: Everything about the IOCTL was understood, but a field is not
* correct.
* - ENOENT: A provided token does not exist.
* - ENOMEM: Out of memory.
* - EOVERFLOW: Mathematics overflowed.
*
* As well as additional errnos, within specific ioctls.
*/
/* The ioctl type, documented in ioctl-number.rst */
#define LIVEUPDATE_IOCTL_TYPE 0xBA
/* The maximum length of session name including null termination */
#define LIVEUPDATE_SESSION_NAME_LENGTH 64
/* The /dev/liveupdate ioctl commands */
enum {
LIVEUPDATE_CMD_BASE = 0x00,
LIVEUPDATE_CMD_CREATE_SESSION = LIVEUPDATE_CMD_BASE,
LIVEUPDATE_CMD_RETRIEVE_SESSION = 0x01,
};
/* ioctl commands for session file descriptors */
enum {
LIVEUPDATE_CMD_SESSION_BASE = 0x40,
LIVEUPDATE_CMD_SESSION_PRESERVE_FD = LIVEUPDATE_CMD_SESSION_BASE,
LIVEUPDATE_CMD_SESSION_RETRIEVE_FD = 0x41,
LIVEUPDATE_CMD_SESSION_FINISH = 0x42,
};
/**
* struct liveupdate_ioctl_create_session - ioctl(LIVEUPDATE_IOCTL_CREATE_SESSION)
* @size: Input; sizeof(struct liveupdate_ioctl_create_session)
* @fd: Output; The new file descriptor for the created session.
* @name: Input; A null-terminated string for the session name, max
* length %LIVEUPDATE_SESSION_NAME_LENGTH including termination
* character.
*
* Creates a new live update session for managing preserved resources.
* This ioctl can only be called on the main /dev/liveupdate device.
*
* Return: 0 on success, negative error code on failure.
*/
struct liveupdate_ioctl_create_session {
__u32 size;
__s32 fd;
__u8 name[LIVEUPDATE_SESSION_NAME_LENGTH];
};
#define LIVEUPDATE_IOCTL_CREATE_SESSION \
_IO(LIVEUPDATE_IOCTL_TYPE, LIVEUPDATE_CMD_CREATE_SESSION)
/**
* struct liveupdate_ioctl_retrieve_session - ioctl(LIVEUPDATE_IOCTL_RETRIEVE_SESSION)
* @size: Input; sizeof(struct liveupdate_ioctl_retrieve_session)
* @fd: Output; The new file descriptor for the retrieved session.
* @name: Input; A null-terminated string identifying the session to retrieve.
* The name must exactly match the name used when the session was
* created in the previous kernel.
*
* Retrieves a handle (a new file descriptor) for a preserved session by its
* name. This is the primary mechanism for a userspace agent to regain control
* of its preserved resources after a live update.
*
* The userspace application provides the null-terminated `name` of a session
* it created before the live update. If a preserved session with a matching
* name is found, the kernel instantiates it and returns a new file descriptor
* in the `fd` field. This new session FD can then be used for all file-specific
* operations, such as restoring individual file descriptors with
* LIVEUPDATE_SESSION_RETRIEVE_FD.
*
* It is the responsibility of the userspace application to know the names of
* the sessions it needs to retrieve. If no session with the given name is
* found, the ioctl will fail with -ENOENT.
*
* This ioctl can only be called on the main /dev/liveupdate device when the
* system is in the LIVEUPDATE_STATE_UPDATED state.
*/
struct liveupdate_ioctl_retrieve_session {
__u32 size;
__s32 fd;
__u8 name[LIVEUPDATE_SESSION_NAME_LENGTH];
};
#define LIVEUPDATE_IOCTL_RETRIEVE_SESSION \
_IO(LIVEUPDATE_IOCTL_TYPE, LIVEUPDATE_CMD_RETRIEVE_SESSION)
/* Session specific IOCTLs */
/**
* struct liveupdate_session_preserve_fd - ioctl(LIVEUPDATE_SESSION_PRESERVE_FD)
* @size: Input; sizeof(struct liveupdate_session_preserve_fd)
* @fd: Input; The user-space file descriptor to be preserved.
* @token: Input; An opaque, unique token for preserved resource.
*
* Holds parameters for preserving a file descriptor.
*
* User sets the @fd field identifying the file descriptor to preserve
* (e.g., memfd, kvm, iommufd, VFIO). The kernel validates if this FD type
* and its dependencies are supported for preservation. If validation passes,
* the kernel marks the FD internally and *initiates the process* of preparing
* its state for saving. The actual snapshotting of the state typically occurs
* during the subsequent %LIVEUPDATE_IOCTL_PREPARE execution phase, though
* some finalization might occur during freeze.
* On successful validation and initiation, the kernel uses the @token
* field with an opaque identifier representing the resource being preserved.
* This token confirms the FD is targeted for preservation and is required for
* the subsequent %LIVEUPDATE_SESSION_RETRIEVE_FD call after the live update.
*
* Return: 0 on success (validation passed, preservation initiated), negative
* error code on failure (e.g., unsupported FD type, dependency issue,
* validation failed).
*/
struct liveupdate_session_preserve_fd {
__u32 size;
__s32 fd;
__aligned_u64 token;
};
#define LIVEUPDATE_SESSION_PRESERVE_FD \
_IO(LIVEUPDATE_IOCTL_TYPE, LIVEUPDATE_CMD_SESSION_PRESERVE_FD)
/**
* struct liveupdate_session_retrieve_fd - ioctl(LIVEUPDATE_SESSION_RETRIEVE_FD)
* @size: Input; sizeof(struct liveupdate_session_retrieve_fd)
* @fd: Output; The new file descriptor representing the fully restored
* kernel resource.
* @token: Input; An opaque, token that was used to preserve the resource.
*
* Retrieve a previously preserved file descriptor.
*
* User sets the @token field to the value obtained from a successful
* %LIVEUPDATE_IOCTL_FD_PRESERVE call before the live update. On success,
* the kernel restores the state (saved during the PREPARE/FREEZE phases)
* associated with the token and populates the @fd field with a new file
* descriptor referencing the restored resource in the current (new) kernel.
* This operation must be performed *before* signaling completion via
* %LIVEUPDATE_IOCTL_FINISH.
*
* Return: 0 on success, negative error code on failure (e.g., invalid token).
*/
struct liveupdate_session_retrieve_fd {
__u32 size;
__s32 fd;
__aligned_u64 token;
};
#define LIVEUPDATE_SESSION_RETRIEVE_FD \
_IO(LIVEUPDATE_IOCTL_TYPE, LIVEUPDATE_CMD_SESSION_RETRIEVE_FD)
/**
* struct liveupdate_session_finish - ioctl(LIVEUPDATE_SESSION_FINISH)
* @size: Input; sizeof(struct liveupdate_session_finish)
* @reserved: Input; Must be zero. Reserved for future use.
*
* Signals the completion of the restoration process for a retrieved session.
* This is the final operation that should be performed on a session file
* descriptor after a live update.
*
* This ioctl must be called once all required file descriptors for the session
* have been successfully retrieved (using %LIVEUPDATE_SESSION_RETRIEVE_FD) and
* are fully restored from the userspace and kernel perspective.
*
* Upon success, the kernel releases its ownership of the preserved resources
* associated with this session. This allows internal resources to be freed,
* typically by decrementing reference counts on the underlying preserved
* objects.
*
* If this operation fails, the resources remain preserved in memory. Userspace
* may attempt to call finish again. The resources will otherwise be reset
* during the next live update cycle.
*
* Return: 0 on success, negative error code on failure.
*/
struct liveupdate_session_finish {
__u32 size;
__u32 reserved;
};
#define LIVEUPDATE_SESSION_FINISH \
_IO(LIVEUPDATE_IOCTL_TYPE, LIVEUPDATE_CMD_SESSION_FINISH)
#endif /* _UAPI_LIVEUPDATE_H */
View Git Blame Copy Permalink