2 * core.c - Kernel Live Patching Core
4 * Copyright (C) 2014 Seth Jennings <sjenning@redhat.com>
5 * Copyright (C) 2014 SUSE
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version 2
10 * of the License, or (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
21 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
23 #include <linux/module.h>
24 #include <linux/kernel.h>
25 #include <linux/mutex.h>
26 #include <linux/slab.h>
27 #include <linux/list.h>
28 #include <linux/kallsyms.h>
29 #include <linux/livepatch.h>
30 #include <linux/elf.h>
31 #include <linux/moduleloader.h>
32 #include <linux/completion.h>
33 #include <asm/cacheflush.h>
35 #include "transition.h"
38 * klp_mutex is a coarse lock which serializes access to klp data. All
39 * accesses to klp-related variables and structures must have mutex protection,
40 * except within the following functions which carefully avoid the need for it:
42 * - klp_ftrace_handler()
43 * - klp_update_patch_state()
45 DEFINE_MUTEX(klp_mutex);
47 static LIST_HEAD(klp_patches);
49 static struct kobject *klp_root_kobj;
51 static bool klp_is_module(struct klp_object *obj)
56 static bool klp_is_object_loaded(struct klp_object *obj)
58 return !obj->name || obj->mod;
61 /* sets obj->mod if object is not vmlinux and module is found */
62 static void klp_find_object_module(struct klp_object *obj)
66 if (!klp_is_module(obj))
69 mutex_lock(&module_mutex);
71 * We do not want to block removal of patched modules and therefore
72 * we do not take a reference here. The patches are removed by
73 * klp_module_going() instead.
75 mod = find_module(obj->name);
77 * Do not mess work of klp_module_coming() and klp_module_going().
78 * Note that the patch might still be needed before klp_module_going()
79 * is called. Module functions can be called even in the GOING state
80 * until mod->exit() finishes. This is especially important for
81 * patches that modify semantic of the functions.
83 if (mod && mod->klp_alive)
86 mutex_unlock(&module_mutex);
89 static bool klp_is_patch_registered(struct klp_patch *patch)
91 struct klp_patch *mypatch;
93 list_for_each_entry(mypatch, &klp_patches, list)
100 static bool klp_initialized(void)
102 return !!klp_root_kobj;
105 struct klp_find_arg {
113 static int klp_find_callback(void *data, const char *name,
114 struct module *mod, unsigned long addr)
116 struct klp_find_arg *args = data;
118 if ((mod && !args->objname) || (!mod && args->objname))
121 if (strcmp(args->name, name))
124 if (args->objname && strcmp(args->objname, mod->name))
131 * Finish the search when the symbol is found for the desired position
132 * or the position is not defined for a non-unique symbol.
134 if ((args->pos && (args->count == args->pos)) ||
135 (!args->pos && (args->count > 1)))
141 static int klp_find_object_symbol(const char *objname, const char *name,
142 unsigned long sympos, unsigned long *addr)
144 struct klp_find_arg args = {
152 mutex_lock(&module_mutex);
153 kallsyms_on_each_symbol(klp_find_callback, &args);
154 mutex_unlock(&module_mutex);
157 * Ensure an address was found. If sympos is 0, ensure symbol is unique;
158 * otherwise ensure the symbol position count matches sympos.
161 pr_err("symbol '%s' not found in symbol table\n", name);
162 else if (args.count > 1 && sympos == 0) {
163 pr_err("unresolvable ambiguity for symbol '%s' in object '%s'\n",
165 } else if (sympos != args.count && sympos > 0) {
166 pr_err("symbol position %lu for symbol '%s' in object '%s' not found\n",
167 sympos, name, objname ? objname : "vmlinux");
177 static int klp_resolve_symbols(Elf_Shdr *relasec, struct module *pmod)
179 int i, cnt, vmlinux, ret;
180 char objname[MODULE_NAME_LEN];
181 char symname[KSYM_NAME_LEN];
182 char *strtab = pmod->core_kallsyms.strtab;
185 unsigned long sympos, addr;
188 * Since the field widths for objname and symname in the sscanf()
189 * call are hard-coded and correspond to MODULE_NAME_LEN and
190 * KSYM_NAME_LEN respectively, we must make sure that MODULE_NAME_LEN
191 * and KSYM_NAME_LEN have the values we expect them to have.
193 * Because the value of MODULE_NAME_LEN can differ among architectures,
194 * we use the smallest/strictest upper bound possible (56, based on
195 * the current definition of MODULE_NAME_LEN) to prevent overflows.
197 BUILD_BUG_ON(MODULE_NAME_LEN < 56 || KSYM_NAME_LEN != 128);
199 relas = (Elf_Rela *) relasec->sh_addr;
200 /* For each rela in this klp relocation section */
201 for (i = 0; i < relasec->sh_size / sizeof(Elf_Rela); i++) {
202 sym = pmod->core_kallsyms.symtab + ELF_R_SYM(relas[i].r_info);
203 if (sym->st_shndx != SHN_LIVEPATCH) {
204 pr_err("symbol %s is not marked as a livepatch symbol",
205 strtab + sym->st_name);
209 /* Format: .klp.sym.objname.symname,sympos */
210 cnt = sscanf(strtab + sym->st_name,
211 ".klp.sym.%55[^.].%127[^,],%lu",
212 objname, symname, &sympos);
214 pr_err("symbol %s has an incorrectly formatted name",
215 strtab + sym->st_name);
219 /* klp_find_object_symbol() treats a NULL objname as vmlinux */
220 vmlinux = !strcmp(objname, "vmlinux");
221 ret = klp_find_object_symbol(vmlinux ? NULL : objname,
222 symname, sympos, &addr);
226 sym->st_value = addr;
232 static int klp_write_object_relocations(struct module *pmod,
233 struct klp_object *obj)
236 const char *objname, *secname;
237 char sec_objname[MODULE_NAME_LEN];
240 if (WARN_ON(!klp_is_object_loaded(obj)))
243 objname = klp_is_module(obj) ? obj->name : "vmlinux";
245 /* For each klp relocation section */
246 for (i = 1; i < pmod->klp_info->hdr.e_shnum; i++) {
247 sec = pmod->klp_info->sechdrs + i;
248 secname = pmod->klp_info->secstrings + sec->sh_name;
249 if (!(sec->sh_flags & SHF_RELA_LIVEPATCH))
253 * Format: .klp.rela.sec_objname.section_name
254 * See comment in klp_resolve_symbols() for an explanation
255 * of the selected field width value.
257 cnt = sscanf(secname, ".klp.rela.%55[^.]", sec_objname);
259 pr_err("section %s has an incorrectly formatted name",
265 if (strcmp(objname, sec_objname))
268 ret = klp_resolve_symbols(sec, pmod);
272 ret = apply_relocate_add(pmod->klp_info->sechdrs,
273 pmod->core_kallsyms.strtab,
274 pmod->klp_info->symndx, i, pmod);
282 static int __klp_disable_patch(struct klp_patch *patch)
284 if (klp_transition_patch)
287 /* enforce stacking: only the last enabled patch can be disabled */
288 if (!list_is_last(&patch->list, &klp_patches) &&
289 list_next_entry(patch, list)->enabled)
292 klp_init_transition(patch, KLP_UNPATCHED);
295 * Enforce the order of the func->transition writes in
296 * klp_init_transition() and the TIF_PATCH_PENDING writes in
297 * klp_start_transition(). In the rare case where klp_ftrace_handler()
298 * is called shortly after klp_update_patch_state() switches the task,
299 * this ensures the handler sees that func->transition is set.
303 klp_start_transition();
304 klp_try_complete_transition();
305 patch->enabled = false;
311 * klp_disable_patch() - disables a registered patch
312 * @patch: The registered, enabled patch to be disabled
314 * Unregisters the patched functions from ftrace.
316 * Return: 0 on success, otherwise error
318 int klp_disable_patch(struct klp_patch *patch)
322 mutex_lock(&klp_mutex);
324 if (!klp_is_patch_registered(patch)) {
329 if (!patch->enabled) {
334 ret = __klp_disable_patch(patch);
337 mutex_unlock(&klp_mutex);
340 EXPORT_SYMBOL_GPL(klp_disable_patch);
342 static int __klp_enable_patch(struct klp_patch *patch)
344 struct klp_object *obj;
347 if (klp_transition_patch)
350 if (WARN_ON(patch->enabled))
353 /* enforce stacking: only the first disabled patch can be enabled */
354 if (patch->list.prev != &klp_patches &&
355 !list_prev_entry(patch, list)->enabled)
359 * A reference is taken on the patch module to prevent it from being
362 * Note: For immediate (no consistency model) patches we don't allow
363 * patch modules to unload since there is no safe/sane method to
364 * determine if a thread is still running in the patched code contained
365 * in the patch module once the ftrace registration is successful.
367 if (!try_module_get(patch->mod))
370 pr_notice("enabling patch '%s'\n", patch->mod->name);
372 klp_init_transition(patch, KLP_PATCHED);
375 * Enforce the order of the func->transition writes in
376 * klp_init_transition() and the ops->func_stack writes in
377 * klp_patch_object(), so that klp_ftrace_handler() will see the
378 * func->transition updates before the handler is registered and the
379 * new funcs become visible to the handler.
383 klp_for_each_object(patch, obj) {
384 if (!klp_is_object_loaded(obj))
387 ret = klp_patch_object(obj);
389 pr_warn("failed to enable patch '%s'\n",
392 klp_cancel_transition();
397 klp_start_transition();
398 klp_try_complete_transition();
399 patch->enabled = true;
405 * klp_enable_patch() - enables a registered patch
406 * @patch: The registered, disabled patch to be enabled
408 * Performs the needed symbol lookups and code relocations,
409 * then registers the patched functions with ftrace.
411 * Return: 0 on success, otherwise error
413 int klp_enable_patch(struct klp_patch *patch)
417 mutex_lock(&klp_mutex);
419 if (!klp_is_patch_registered(patch)) {
424 ret = __klp_enable_patch(patch);
427 mutex_unlock(&klp_mutex);
430 EXPORT_SYMBOL_GPL(klp_enable_patch);
435 * /sys/kernel/livepatch
436 * /sys/kernel/livepatch/<patch>
437 * /sys/kernel/livepatch/<patch>/enabled
438 * /sys/kernel/livepatch/<patch>/transition
439 * /sys/kernel/livepatch/<patch>/<object>
440 * /sys/kernel/livepatch/<patch>/<object>/<function,sympos>
443 static ssize_t enabled_store(struct kobject *kobj, struct kobj_attribute *attr,
444 const char *buf, size_t count)
446 struct klp_patch *patch;
450 ret = kstrtobool(buf, &enabled);
454 patch = container_of(kobj, struct klp_patch, kobj);
456 mutex_lock(&klp_mutex);
458 if (!klp_is_patch_registered(patch)) {
460 * Module with the patch could either disappear meanwhile or is
461 * not properly initialized yet.
467 if (patch->enabled == enabled) {
468 /* already in requested state */
473 if (patch == klp_transition_patch) {
474 klp_reverse_transition();
475 } else if (enabled) {
476 ret = __klp_enable_patch(patch);
480 ret = __klp_disable_patch(patch);
485 mutex_unlock(&klp_mutex);
490 mutex_unlock(&klp_mutex);
494 static ssize_t enabled_show(struct kobject *kobj,
495 struct kobj_attribute *attr, char *buf)
497 struct klp_patch *patch;
499 patch = container_of(kobj, struct klp_patch, kobj);
500 return snprintf(buf, PAGE_SIZE-1, "%d\n", patch->enabled);
503 static ssize_t transition_show(struct kobject *kobj,
504 struct kobj_attribute *attr, char *buf)
506 struct klp_patch *patch;
508 patch = container_of(kobj, struct klp_patch, kobj);
509 return snprintf(buf, PAGE_SIZE-1, "%d\n",
510 patch == klp_transition_patch);
513 static struct kobj_attribute enabled_kobj_attr = __ATTR_RW(enabled);
514 static struct kobj_attribute transition_kobj_attr = __ATTR_RO(transition);
515 static struct attribute *klp_patch_attrs[] = {
516 &enabled_kobj_attr.attr,
517 &transition_kobj_attr.attr,
521 static void klp_kobj_release_patch(struct kobject *kobj)
523 struct klp_patch *patch;
525 patch = container_of(kobj, struct klp_patch, kobj);
526 complete(&patch->finish);
529 static struct kobj_type klp_ktype_patch = {
530 .release = klp_kobj_release_patch,
531 .sysfs_ops = &kobj_sysfs_ops,
532 .default_attrs = klp_patch_attrs,
535 static void klp_kobj_release_object(struct kobject *kobj)
539 static struct kobj_type klp_ktype_object = {
540 .release = klp_kobj_release_object,
541 .sysfs_ops = &kobj_sysfs_ops,
544 static void klp_kobj_release_func(struct kobject *kobj)
548 static struct kobj_type klp_ktype_func = {
549 .release = klp_kobj_release_func,
550 .sysfs_ops = &kobj_sysfs_ops,
554 * Free all functions' kobjects in the array up to some limit. When limit is
555 * NULL, all kobjects are freed.
557 static void klp_free_funcs_limited(struct klp_object *obj,
558 struct klp_func *limit)
560 struct klp_func *func;
562 for (func = obj->funcs; func->old_name && func != limit; func++)
563 kobject_put(&func->kobj);
566 /* Clean up when a patched object is unloaded */
567 static void klp_free_object_loaded(struct klp_object *obj)
569 struct klp_func *func;
573 klp_for_each_func(obj, func)
578 * Free all objects' kobjects in the array up to some limit. When limit is
579 * NULL, all kobjects are freed.
581 static void klp_free_objects_limited(struct klp_patch *patch,
582 struct klp_object *limit)
584 struct klp_object *obj;
586 for (obj = patch->objs; obj->funcs && obj != limit; obj++) {
587 klp_free_funcs_limited(obj, NULL);
588 kobject_put(&obj->kobj);
592 static void klp_free_patch(struct klp_patch *patch)
594 klp_free_objects_limited(patch, NULL);
595 if (!list_empty(&patch->list))
596 list_del(&patch->list);
599 static int klp_init_func(struct klp_object *obj, struct klp_func *func)
601 if (!func->old_name || !func->new_func)
604 INIT_LIST_HEAD(&func->stack_node);
605 func->patched = false;
606 func->transition = false;
608 /* The format for the sysfs directory is <function,sympos> where sympos
609 * is the nth occurrence of this symbol in kallsyms for the patched
610 * object. If the user selects 0 for old_sympos, then 1 will be used
611 * since a unique symbol will be the first occurrence.
613 return kobject_init_and_add(&func->kobj, &klp_ktype_func,
614 &obj->kobj, "%s,%lu", func->old_name,
615 func->old_sympos ? func->old_sympos : 1);
618 /* Arches may override this to finish any remaining arch-specific tasks */
619 void __weak arch_klp_init_object_loaded(struct klp_patch *patch,
620 struct klp_object *obj)
624 /* parts of the initialization that is done only when the object is loaded */
625 static int klp_init_object_loaded(struct klp_patch *patch,
626 struct klp_object *obj)
628 struct klp_func *func;
631 module_disable_ro(patch->mod);
632 ret = klp_write_object_relocations(patch->mod, obj);
634 module_enable_ro(patch->mod, true);
638 arch_klp_init_object_loaded(patch, obj);
639 module_enable_ro(patch->mod, true);
641 klp_for_each_func(obj, func) {
642 ret = klp_find_object_symbol(obj->name, func->old_name,
648 ret = kallsyms_lookup_size_offset(func->old_addr,
649 &func->old_size, NULL);
651 pr_err("kallsyms size lookup failed for '%s'\n",
656 ret = kallsyms_lookup_size_offset((unsigned long)func->new_func,
657 &func->new_size, NULL);
659 pr_err("kallsyms size lookup failed for '%s' replacement\n",
668 static int klp_init_object(struct klp_patch *patch, struct klp_object *obj)
670 struct klp_func *func;
677 obj->patched = false;
680 klp_find_object_module(obj);
682 name = klp_is_module(obj) ? obj->name : "vmlinux";
683 ret = kobject_init_and_add(&obj->kobj, &klp_ktype_object,
684 &patch->kobj, "%s", name);
688 klp_for_each_func(obj, func) {
689 ret = klp_init_func(obj, func);
694 if (klp_is_object_loaded(obj)) {
695 ret = klp_init_object_loaded(patch, obj);
703 klp_free_funcs_limited(obj, func);
704 kobject_put(&obj->kobj);
708 static int klp_init_patch(struct klp_patch *patch)
710 struct klp_object *obj;
716 mutex_lock(&klp_mutex);
718 patch->enabled = false;
719 init_completion(&patch->finish);
721 ret = kobject_init_and_add(&patch->kobj, &klp_ktype_patch,
722 klp_root_kobj, "%s", patch->mod->name);
724 mutex_unlock(&klp_mutex);
728 klp_for_each_object(patch, obj) {
729 ret = klp_init_object(patch, obj);
734 list_add_tail(&patch->list, &klp_patches);
736 mutex_unlock(&klp_mutex);
741 klp_free_objects_limited(patch, obj);
743 mutex_unlock(&klp_mutex);
745 kobject_put(&patch->kobj);
746 wait_for_completion(&patch->finish);
752 * klp_unregister_patch() - unregisters a patch
753 * @patch: Disabled patch to be unregistered
755 * Frees the data structures and removes the sysfs interface.
757 * Return: 0 on success, otherwise error
759 int klp_unregister_patch(struct klp_patch *patch)
763 mutex_lock(&klp_mutex);
765 if (!klp_is_patch_registered(patch)) {
770 if (patch->enabled) {
775 klp_free_patch(patch);
777 mutex_unlock(&klp_mutex);
779 kobject_put(&patch->kobj);
780 wait_for_completion(&patch->finish);
784 mutex_unlock(&klp_mutex);
787 EXPORT_SYMBOL_GPL(klp_unregister_patch);
790 * klp_register_patch() - registers a patch
791 * @patch: Patch to be registered
793 * Initializes the data structure associated with the patch and
794 * creates the sysfs interface.
796 * There is no need to take the reference on the patch module here. It is done
797 * later when the patch is enabled.
799 * Return: 0 on success, otherwise error
801 int klp_register_patch(struct klp_patch *patch)
803 if (!patch || !patch->mod)
806 if (!is_livepatch_module(patch->mod)) {
807 pr_err("module %s is not marked as a livepatch module",
812 if (!klp_initialized())
816 * Architectures without reliable stack traces have to set
817 * patch->immediate because there's currently no way to patch kthreads
818 * with the consistency model.
820 if (!klp_have_reliable_stack() && !patch->immediate) {
821 pr_err("This architecture doesn't have support for the livepatch consistency model.\n");
825 return klp_init_patch(patch);
827 EXPORT_SYMBOL_GPL(klp_register_patch);
829 int klp_module_coming(struct module *mod)
832 struct klp_patch *patch;
833 struct klp_object *obj;
835 if (WARN_ON(mod->state != MODULE_STATE_COMING))
838 mutex_lock(&klp_mutex);
840 * Each module has to know that klp_module_coming()
841 * has been called. We never know what module will
842 * get patched by a new patch.
844 mod->klp_alive = true;
846 list_for_each_entry(patch, &klp_patches, list) {
847 klp_for_each_object(patch, obj) {
848 if (!klp_is_module(obj) || strcmp(obj->name, mod->name))
853 ret = klp_init_object_loaded(patch, obj);
855 pr_warn("failed to initialize patch '%s' for module '%s' (%d)\n",
856 patch->mod->name, obj->mod->name, ret);
861 * Only patch the module if the patch is enabled or is
864 if (!patch->enabled && patch != klp_transition_patch)
867 pr_notice("applying patch '%s' to loading module '%s'\n",
868 patch->mod->name, obj->mod->name);
870 ret = klp_patch_object(obj);
872 pr_warn("failed to apply patch '%s' to module '%s' (%d)\n",
873 patch->mod->name, obj->mod->name, ret);
881 mutex_unlock(&klp_mutex);
887 * If a patch is unsuccessfully applied, return
888 * error to the module loader.
890 pr_warn("patch '%s' failed for module '%s', refusing to load module '%s'\n",
891 patch->mod->name, obj->mod->name, obj->mod->name);
892 mod->klp_alive = false;
893 klp_free_object_loaded(obj);
894 mutex_unlock(&klp_mutex);
899 void klp_module_going(struct module *mod)
901 struct klp_patch *patch;
902 struct klp_object *obj;
904 if (WARN_ON(mod->state != MODULE_STATE_GOING &&
905 mod->state != MODULE_STATE_COMING))
908 mutex_lock(&klp_mutex);
910 * Each module has to know that klp_module_going()
911 * has been called. We never know what module will
912 * get patched by a new patch.
914 mod->klp_alive = false;
916 list_for_each_entry(patch, &klp_patches, list) {
917 klp_for_each_object(patch, obj) {
918 if (!klp_is_module(obj) || strcmp(obj->name, mod->name))
922 * Only unpatch the module if the patch is enabled or
925 if (patch->enabled || patch == klp_transition_patch) {
926 pr_notice("reverting patch '%s' on unloading module '%s'\n",
927 patch->mod->name, obj->mod->name);
928 klp_unpatch_object(obj);
931 klp_free_object_loaded(obj);
936 mutex_unlock(&klp_mutex);
939 static int __init klp_init(void)
943 ret = klp_check_compiler_support();
945 pr_info("Your compiler is too old; turning off.\n");
949 klp_root_kobj = kobject_create_and_add("livepatch", kernel_kobj);
956 module_init(klp_init);
projects / karo-tx-linux.git / blob