Hello, On Fri, 12 Mar 2021, Libor Pechacek wrote:
Indeed! Now it works! :)
Nicolai reminded me about the magic $ORIGIN token. The demo works even better with that one.
Encouraged by the success, I've entertained the idea of getting rid of the LD_PRELOAD. So, I tried:
$ gcc -Wl,-rpath,\$ORIGIN -Wl,-rpath,/data/src/libpulp/lib/.libs -L. \ -L ../lib/.libs/ -o main main.c -lworkload -lpulp
And, voilà! I can just run "main" and live patch it without any extra hassle.
Of course, that's nothing to do with $ORIGIN, though. You linked against libpulp, hence it's loaded, hence it can be used by the ulp tool to live patch the process. The problem is the following: imagine you have a live patchable libfoo, and a random collection of binaries linking against libfoo. (To see the size of that random set, imagine libfoo being libc.so.6). Do you want to make all these binaries live patchable (or to be precise: processes resulting from execve(2) of these binaries) simply by installing the live patchable libfoo? Even if enabling live patching for a process induces a performance hit? Even if you decide to say "yes" to this question: do you want to have to link all these binaries against libpulp (which comes with the problem that suddenly those binaries only work when libpulp is installed, even though they themself don't make use of any live-patching facilities). You could also link a live patchable library against libpulp (and so make any process using that library also be live patchable). But that has some interesting consequences about entry tracking: it starts globally for a process only when libpulp is loaded, so anything loaded before libpulp is loaded isn't tracked. This might not be a problem, as normally it should be only required to track stuff in the live-patchable libs, but we punted on that. So, for now we decided to let the answer to the question "should a process be live patchable?" be a policy decision that is expressed through environment variables. I don't know of a good solution to some of the above sub questions :-/ (Hint: you can force preloading a library to all processes ever started by using /etc/ld.so.preload) Ciao, Michael.