On Wed, Jul 23, 2025 at 02:46:27PM +0000, Pasha Tatashin wrote:
> +/**
> + * struct liveupdate_file_ops - Callbacks for for live-updatable files.
> + * @prepare: Optional. Saves state for a specific file instance (@file,
> + * @arg) before update, potentially returning value via @data.
> + * Returns 0 on success, negative errno on failure.
> + * @freeze: Optional. Performs final actions just before kernel
> + * transition, potentially reading/updating the handle via
> + * @data.
> + * Returns 0 on success, negative errno on failure.
> + * @cancel: Optional. Cleans up state/resources if update is aborted
> + * after prepare/freeze succeeded, using the @data handle (by
> + * value) from the successful prepare. Returns void.
> + * @finish: Optional. Performs final cleanup in the new kernel using the
> + * preserved @data handle (by value). Returns void.
> + * @retrieve: Retrieve the preserved file. Must be called before finish.
> + * @can_preserve: callback to determine if @file with associated context (@arg)
> + * can be preserved by this handler.
> + * Return bool (true if preservable, false otherwise).
> + */
> +struct liveupdate_file_ops {
> + int (*prepare)(struct file *file, void *arg, u64 *data);
> + int (*freeze)(struct file *file, void *arg, u64 *data);
> + void (*cancel)(struct file *file, void *arg, u64 data);
> + void (*finish)(struct file *file, void *arg, u64 data, bool reclaimed);
> + int (*retrieve)(void *arg, u64 data, struct file **file);
> + bool (*can_preserve)(struct file *file, void *arg);
> +};
ops structures often have an owner = THIS_MODULE
It wouldn't hurt to add it here too, and some appropriate module_get's
though I didn't try to figure what happens if userspace races a module
unload with other luo operations.
> +
> +/**
> + * struct liveupdate_file_handler - Represents a handler for a live-updatable
> + * file type.
> + * @ops: Callback functions
> + * @compatible: The compatibility string (e.g., "memfd-v1", "vfiofd-v1")
> + * that uniquely identifies the file type this handler supports.
> + * This is matched against the compatible string associated with
> + * individual &struct liveupdate_file instances.
> + * @arg: An opaque pointer to implementation-specific context data
> + * associated with this file handler registration.
Why? This is not the normal way, if you want context data then
allocate a struct driver_liveupdate_file_handler and embed a normal
struct liveupdate_file_handler inside it, then use container_of.
> + fdt_for_each_subnode(file_node_offset, luo_file_fdt_in, 0) {
> + bool handler_found = false;
> + u64 token;
> +
> + node_name = fdt_get_name(luo_file_fdt_in, file_node_offset,
> + NULL);
> + if (!node_name) {
> + panic("FDT subnode at offset %d: Cannot get name\n",
> + file_node_offset);
I think this approach will raise lots of questions..
I'd introduce a new function "luo_deserialize_failure" that does panic
internally.
Only called by places that are parsing the FDT & related but run into
trouble that cannot be savely recovered from.
Jason
