2 * core.c - Kernel Live Patching Core
4 * Copyright (C) 2014 Seth Jennings <sjenning@redhat.com>
5 * Copyright (C) 2014 SUSE
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version 2
10 * of the License, or (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
21 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
23 #include <linux/module.h>
24 #include <linux/kernel.h>
25 #include <linux/mutex.h>
26 #include <linux/slab.h>
27 #include <linux/ftrace.h>
28 #include <linux/list.h>
29 #include <linux/kallsyms.h>
30 #include <linux/livepatch.h>
33 * struct klp_ops - structure for tracking registered ftrace ops structs
35 * A single ftrace_ops is shared between all enabled replacement functions
36 * (klp_func structs) which have the same old_addr. This allows the switch
37 * between function versions to happen instantaneously by updating the klp_ops
38 * struct's func_stack list. The winner is the klp_func at the top of the
39 * func_stack (front of the list).
41 * @node: node for the global klp_ops list
42 * @func_stack: list head for the stack of klp_func's (active func is on top)
43 * @fops: registered ftrace ops struct
46 struct list_head node;
47 struct list_head func_stack;
48 struct ftrace_ops fops;
52 * The klp_mutex protects the global lists and state transitions of any
53 * structure reachable from them. References to any structure must be obtained
54 * under mutex protection (except in klp_ftrace_handler(), which uses RCU to
55 * ensure it gets consistent data).
57 static DEFINE_MUTEX(klp_mutex);
59 static LIST_HEAD(klp_patches);
60 static LIST_HEAD(klp_ops);
62 static struct kobject *klp_root_kobj;
64 static struct klp_ops *klp_find_ops(unsigned long old_addr)
67 struct klp_func *func;
69 list_for_each_entry(ops, &klp_ops, node) {
70 func = list_first_entry(&ops->func_stack, struct klp_func,
72 if (func->old_addr == old_addr)
79 static bool klp_is_module(struct klp_object *obj)
84 static bool klp_is_object_loaded(struct klp_object *obj)
86 return !obj->name || obj->mod;
89 /* sets obj->mod if object is not vmlinux and module is found */
90 static void klp_find_object_module(struct klp_object *obj)
94 if (!klp_is_module(obj))
97 mutex_lock(&module_mutex);
99 * We do not want to block removal of patched modules and therefore
100 * we do not take a reference here. The patches are removed by
101 * a going module handler instead.
103 mod = find_module(obj->name);
105 * Do not mess work of the module coming and going notifiers.
106 * Note that the patch might still be needed before the going handler
107 * is called. Module functions can be called even in the GOING state
108 * until mod->exit() finishes. This is especially important for
109 * patches that modify semantic of the functions.
111 if (mod && mod->klp_alive)
114 mutex_unlock(&module_mutex);
117 /* klp_mutex must be held by caller */
118 static bool klp_is_patch_registered(struct klp_patch *patch)
120 struct klp_patch *mypatch;
122 list_for_each_entry(mypatch, &klp_patches, list)
123 if (mypatch == patch)
129 static bool klp_initialized(void)
131 return klp_root_kobj;
134 struct klp_find_arg {
139 * If count == 0, the symbol was not found. If count == 1, a unique
140 * match was found and addr is set. If count > 1, there is
141 * unresolvable ambiguity among "count" number of symbols with the same
142 * name in the same object.
147 static int klp_find_callback(void *data, const char *name,
148 struct module *mod, unsigned long addr)
150 struct klp_find_arg *args = data;
152 if ((mod && !args->objname) || (!mod && args->objname))
155 if (strcmp(args->name, name))
158 if (args->objname && strcmp(args->objname, mod->name))
162 * args->addr might be overwritten if another match is found
163 * but klp_find_object_symbol() handles this and only returns the
164 * addr if count == 1.
172 static int klp_find_object_symbol(const char *objname, const char *name,
175 struct klp_find_arg args = {
182 mutex_lock(&module_mutex);
183 kallsyms_on_each_symbol(klp_find_callback, &args);
184 mutex_unlock(&module_mutex);
187 pr_err("symbol '%s' not found in symbol table\n", name);
188 else if (args.count > 1)
189 pr_err("unresolvable ambiguity (%lu matches) on symbol '%s' in object '%s'\n",
190 args.count, name, objname);
200 struct klp_verify_args {
202 const unsigned long addr;
205 static int klp_verify_callback(void *data, const char *name,
206 struct module *mod, unsigned long addr)
208 struct klp_verify_args *args = data;
211 !strcmp(args->name, name) &&
218 static int klp_verify_vmlinux_symbol(const char *name, unsigned long addr)
220 struct klp_verify_args args = {
226 mutex_lock(&module_mutex);
227 ret = kallsyms_on_each_symbol(klp_verify_callback, &args);
228 mutex_unlock(&module_mutex);
231 pr_err("symbol '%s' not found at specified address 0x%016lx, kernel mismatch?\n",
239 static int klp_find_verify_func_addr(struct klp_object *obj,
240 struct klp_func *func)
244 #if defined(CONFIG_RANDOMIZE_BASE)
245 /* KASLR is enabled, disregard old_addr from user */
249 if (!func->old_addr || klp_is_module(obj))
250 ret = klp_find_object_symbol(obj->name, func->old_name,
253 ret = klp_verify_vmlinux_symbol(func->old_name,
260 * external symbols are located outside the parent object (where the parent
261 * object is either vmlinux or the kmod being patched).
263 static int klp_find_external_symbol(struct module *pmod, const char *name,
266 const struct kernel_symbol *sym;
268 /* first, check if it's an exported symbol */
270 sym = find_symbol(name, NULL, NULL, true, true);
278 /* otherwise check if it's in another .o within the patch module */
279 return klp_find_object_symbol(pmod->name, name, addr);
282 static int klp_write_object_relocations(struct module *pmod,
283 struct klp_object *obj)
286 struct klp_reloc *reloc;
288 if (WARN_ON(!klp_is_object_loaded(obj)))
291 if (WARN_ON(!obj->relocs))
294 for (reloc = obj->relocs; reloc->name; reloc++) {
295 if (!klp_is_module(obj)) {
296 ret = klp_verify_vmlinux_symbol(reloc->name,
301 /* module, reloc->val needs to be discovered */
303 ret = klp_find_external_symbol(pmod,
307 ret = klp_find_object_symbol(obj->mod->name,
313 ret = klp_write_module_reloc(pmod, reloc->type, reloc->loc,
314 reloc->val + reloc->addend);
316 pr_err("relocation failed for symbol '%s' at 0x%016lx (%d)\n",
317 reloc->name, reloc->val, ret);
325 static void notrace klp_ftrace_handler(unsigned long ip,
326 unsigned long parent_ip,
327 struct ftrace_ops *fops,
328 struct pt_regs *regs)
331 struct klp_func *func;
333 ops = container_of(fops, struct klp_ops, fops);
336 func = list_first_or_null_rcu(&ops->func_stack, struct klp_func,
338 if (WARN_ON_ONCE(!func))
341 klp_arch_set_pc(regs, (unsigned long)func->new_func);
346 static void klp_disable_func(struct klp_func *func)
350 WARN_ON(func->state != KLP_ENABLED);
351 WARN_ON(!func->old_addr);
353 ops = klp_find_ops(func->old_addr);
357 if (list_is_singular(&ops->func_stack)) {
358 WARN_ON(unregister_ftrace_function(&ops->fops));
359 WARN_ON(ftrace_set_filter_ip(&ops->fops, func->old_addr, 1, 0));
361 list_del_rcu(&func->stack_node);
362 list_del(&ops->node);
365 list_del_rcu(&func->stack_node);
368 func->state = KLP_DISABLED;
371 static int klp_enable_func(struct klp_func *func)
376 if (WARN_ON(!func->old_addr))
379 if (WARN_ON(func->state != KLP_DISABLED))
382 ops = klp_find_ops(func->old_addr);
384 ops = kzalloc(sizeof(*ops), GFP_KERNEL);
388 ops->fops.func = klp_ftrace_handler;
389 ops->fops.flags = FTRACE_OPS_FL_SAVE_REGS |
390 FTRACE_OPS_FL_DYNAMIC |
391 FTRACE_OPS_FL_IPMODIFY;
393 list_add(&ops->node, &klp_ops);
395 INIT_LIST_HEAD(&ops->func_stack);
396 list_add_rcu(&func->stack_node, &ops->func_stack);
398 ret = ftrace_set_filter_ip(&ops->fops, func->old_addr, 0, 0);
400 pr_err("failed to set ftrace filter for function '%s' (%d)\n",
401 func->old_name, ret);
405 ret = register_ftrace_function(&ops->fops);
407 pr_err("failed to register ftrace handler for function '%s' (%d)\n",
408 func->old_name, ret);
409 ftrace_set_filter_ip(&ops->fops, func->old_addr, 1, 0);
415 list_add_rcu(&func->stack_node, &ops->func_stack);
418 func->state = KLP_ENABLED;
423 list_del_rcu(&func->stack_node);
424 list_del(&ops->node);
429 static void klp_disable_object(struct klp_object *obj)
431 struct klp_func *func;
433 for (func = obj->funcs; func->old_name; func++)
434 if (func->state == KLP_ENABLED)
435 klp_disable_func(func);
437 obj->state = KLP_DISABLED;
440 static int klp_enable_object(struct klp_object *obj)
442 struct klp_func *func;
445 if (WARN_ON(obj->state != KLP_DISABLED))
448 if (WARN_ON(!klp_is_object_loaded(obj)))
451 for (func = obj->funcs; func->old_name; func++) {
452 ret = klp_enable_func(func);
454 klp_disable_object(obj);
458 obj->state = KLP_ENABLED;
463 static int __klp_disable_patch(struct klp_patch *patch)
465 struct klp_object *obj;
467 /* enforce stacking: only the last enabled patch can be disabled */
468 if (!list_is_last(&patch->list, &klp_patches) &&
469 list_next_entry(patch, list)->state == KLP_ENABLED)
472 pr_notice("disabling patch '%s'\n", patch->mod->name);
474 for (obj = patch->objs; obj->funcs; obj++) {
475 if (obj->state == KLP_ENABLED)
476 klp_disable_object(obj);
479 patch->state = KLP_DISABLED;
485 * klp_disable_patch() - disables a registered patch
486 * @patch: The registered, enabled patch to be disabled
488 * Unregisters the patched functions from ftrace.
490 * Return: 0 on success, otherwise error
492 int klp_disable_patch(struct klp_patch *patch)
496 mutex_lock(&klp_mutex);
498 if (!klp_is_patch_registered(patch)) {
503 if (patch->state == KLP_DISABLED) {
508 ret = __klp_disable_patch(patch);
511 mutex_unlock(&klp_mutex);
514 EXPORT_SYMBOL_GPL(klp_disable_patch);
516 static int __klp_enable_patch(struct klp_patch *patch)
518 struct klp_object *obj;
521 if (WARN_ON(patch->state != KLP_DISABLED))
524 /* enforce stacking: only the first disabled patch can be enabled */
525 if (patch->list.prev != &klp_patches &&
526 list_prev_entry(patch, list)->state == KLP_DISABLED)
529 pr_notice_once("tainting kernel with TAINT_LIVEPATCH\n");
530 add_taint(TAINT_LIVEPATCH, LOCKDEP_STILL_OK);
532 pr_notice("enabling patch '%s'\n", patch->mod->name);
534 for (obj = patch->objs; obj->funcs; obj++) {
535 if (!klp_is_object_loaded(obj))
538 ret = klp_enable_object(obj);
543 patch->state = KLP_ENABLED;
548 WARN_ON(__klp_disable_patch(patch));
553 * klp_enable_patch() - enables a registered patch
554 * @patch: The registered, disabled patch to be enabled
556 * Performs the needed symbol lookups and code relocations,
557 * then registers the patched functions with ftrace.
559 * Return: 0 on success, otherwise error
561 int klp_enable_patch(struct klp_patch *patch)
565 mutex_lock(&klp_mutex);
567 if (!klp_is_patch_registered(patch)) {
572 ret = __klp_enable_patch(patch);
575 mutex_unlock(&klp_mutex);
578 EXPORT_SYMBOL_GPL(klp_enable_patch);
583 * /sys/kernel/livepatch
584 * /sys/kernel/livepatch/<patch>
585 * /sys/kernel/livepatch/<patch>/enabled
586 * /sys/kernel/livepatch/<patch>/<object>
587 * /sys/kernel/livepatch/<patch>/<object>/<func>
590 static ssize_t enabled_store(struct kobject *kobj, struct kobj_attribute *attr,
591 const char *buf, size_t count)
593 struct klp_patch *patch;
597 ret = kstrtoul(buf, 10, &val);
601 if (val != KLP_DISABLED && val != KLP_ENABLED)
604 patch = container_of(kobj, struct klp_patch, kobj);
606 mutex_lock(&klp_mutex);
608 if (val == patch->state) {
609 /* already in requested state */
614 if (val == KLP_ENABLED) {
615 ret = __klp_enable_patch(patch);
619 ret = __klp_disable_patch(patch);
624 mutex_unlock(&klp_mutex);
629 mutex_unlock(&klp_mutex);
633 static ssize_t enabled_show(struct kobject *kobj,
634 struct kobj_attribute *attr, char *buf)
636 struct klp_patch *patch;
638 patch = container_of(kobj, struct klp_patch, kobj);
639 return snprintf(buf, PAGE_SIZE-1, "%d\n", patch->state);
642 static struct kobj_attribute enabled_kobj_attr = __ATTR_RW(enabled);
643 static struct attribute *klp_patch_attrs[] = {
644 &enabled_kobj_attr.attr,
648 static void klp_kobj_release_patch(struct kobject *kobj)
651 * Once we have a consistency model we'll need to module_put() the
652 * patch module here. See klp_register_patch() for more details.
656 static struct kobj_type klp_ktype_patch = {
657 .release = klp_kobj_release_patch,
658 .sysfs_ops = &kobj_sysfs_ops,
659 .default_attrs = klp_patch_attrs,
662 static void klp_kobj_release_func(struct kobject *kobj)
666 static struct kobj_type klp_ktype_func = {
667 .release = klp_kobj_release_func,
668 .sysfs_ops = &kobj_sysfs_ops,
672 * Free all functions' kobjects in the array up to some limit. When limit is
673 * NULL, all kobjects are freed.
675 static void klp_free_funcs_limited(struct klp_object *obj,
676 struct klp_func *limit)
678 struct klp_func *func;
680 for (func = obj->funcs; func->old_name && func != limit; func++)
681 kobject_put(&func->kobj);
684 /* Clean up when a patched object is unloaded */
685 static void klp_free_object_loaded(struct klp_object *obj)
687 struct klp_func *func;
691 for (func = obj->funcs; func->old_name; func++)
696 * Free all objects' kobjects in the array up to some limit. When limit is
697 * NULL, all kobjects are freed.
699 static void klp_free_objects_limited(struct klp_patch *patch,
700 struct klp_object *limit)
702 struct klp_object *obj;
704 for (obj = patch->objs; obj->funcs && obj != limit; obj++) {
705 klp_free_funcs_limited(obj, NULL);
706 kobject_put(obj->kobj);
710 static void klp_free_patch(struct klp_patch *patch)
712 klp_free_objects_limited(patch, NULL);
713 if (!list_empty(&patch->list))
714 list_del(&patch->list);
715 kobject_put(&patch->kobj);
718 static int klp_init_func(struct klp_object *obj, struct klp_func *func)
720 INIT_LIST_HEAD(&func->stack_node);
721 func->state = KLP_DISABLED;
723 return kobject_init_and_add(&func->kobj, &klp_ktype_func,
724 obj->kobj, "%s", func->old_name);
727 /* parts of the initialization that is done only when the object is loaded */
728 static int klp_init_object_loaded(struct klp_patch *patch,
729 struct klp_object *obj)
731 struct klp_func *func;
735 ret = klp_write_object_relocations(patch->mod, obj);
740 for (func = obj->funcs; func->old_name; func++) {
741 ret = klp_find_verify_func_addr(obj, func);
749 static int klp_init_object(struct klp_patch *patch, struct klp_object *obj)
751 struct klp_func *func;
758 obj->state = KLP_DISABLED;
761 klp_find_object_module(obj);
763 name = klp_is_module(obj) ? obj->name : "vmlinux";
764 obj->kobj = kobject_create_and_add(name, &patch->kobj);
768 for (func = obj->funcs; func->old_name; func++) {
769 ret = klp_init_func(obj, func);
774 if (klp_is_object_loaded(obj)) {
775 ret = klp_init_object_loaded(patch, obj);
783 klp_free_funcs_limited(obj, func);
784 kobject_put(obj->kobj);
788 static int klp_init_patch(struct klp_patch *patch)
790 struct klp_object *obj;
796 mutex_lock(&klp_mutex);
798 patch->state = KLP_DISABLED;
800 ret = kobject_init_and_add(&patch->kobj, &klp_ktype_patch,
801 klp_root_kobj, "%s", patch->mod->name);
805 for (obj = patch->objs; obj->funcs; obj++) {
806 ret = klp_init_object(patch, obj);
811 list_add_tail(&patch->list, &klp_patches);
813 mutex_unlock(&klp_mutex);
818 klp_free_objects_limited(patch, obj);
819 kobject_put(&patch->kobj);
821 mutex_unlock(&klp_mutex);
826 * klp_unregister_patch() - unregisters a patch
827 * @patch: Disabled patch to be unregistered
829 * Frees the data structures and removes the sysfs interface.
831 * Return: 0 on success, otherwise error
833 int klp_unregister_patch(struct klp_patch *patch)
837 mutex_lock(&klp_mutex);
839 if (!klp_is_patch_registered(patch)) {
844 if (patch->state == KLP_ENABLED) {
849 klp_free_patch(patch);
852 mutex_unlock(&klp_mutex);
855 EXPORT_SYMBOL_GPL(klp_unregister_patch);
858 * klp_register_patch() - registers a patch
859 * @patch: Patch to be registered
861 * Initializes the data structure associated with the patch and
862 * creates the sysfs interface.
864 * Return: 0 on success, otherwise error
866 int klp_register_patch(struct klp_patch *patch)
870 if (!klp_initialized())
873 if (!patch || !patch->mod)
877 * A reference is taken on the patch module to prevent it from being
878 * unloaded. Right now, we don't allow patch modules to unload since
879 * there is currently no method to determine if a thread is still
880 * running in the patched code contained in the patch module once
881 * the ftrace registration is successful.
883 if (!try_module_get(patch->mod))
886 ret = klp_init_patch(patch);
888 module_put(patch->mod);
892 EXPORT_SYMBOL_GPL(klp_register_patch);
894 static void klp_module_notify_coming(struct klp_patch *patch,
895 struct klp_object *obj)
897 struct module *pmod = patch->mod;
898 struct module *mod = obj->mod;
901 ret = klp_init_object_loaded(patch, obj);
905 if (patch->state == KLP_DISABLED)
908 pr_notice("applying patch '%s' to loading module '%s'\n",
909 pmod->name, mod->name);
911 ret = klp_enable_object(obj);
916 pr_warn("failed to apply patch '%s' to module '%s' (%d)\n",
917 pmod->name, mod->name, ret);
920 static void klp_module_notify_going(struct klp_patch *patch,
921 struct klp_object *obj)
923 struct module *pmod = patch->mod;
924 struct module *mod = obj->mod;
926 if (patch->state == KLP_DISABLED)
929 pr_notice("reverting patch '%s' on unloading module '%s'\n",
930 pmod->name, mod->name);
932 klp_disable_object(obj);
935 klp_free_object_loaded(obj);
938 static int klp_module_notify(struct notifier_block *nb, unsigned long action,
941 struct module *mod = data;
942 struct klp_patch *patch;
943 struct klp_object *obj;
945 if (action != MODULE_STATE_COMING && action != MODULE_STATE_GOING)
948 mutex_lock(&klp_mutex);
951 * Each module has to know that the notifier has been called.
952 * We never know what module will get patched by a new patch.
954 if (action == MODULE_STATE_COMING)
955 mod->klp_alive = true;
956 else /* MODULE_STATE_GOING */
957 mod->klp_alive = false;
959 list_for_each_entry(patch, &klp_patches, list) {
960 for (obj = patch->objs; obj->funcs; obj++) {
961 if (!klp_is_module(obj) || strcmp(obj->name, mod->name))
964 if (action == MODULE_STATE_COMING) {
966 klp_module_notify_coming(patch, obj);
967 } else /* MODULE_STATE_GOING */
968 klp_module_notify_going(patch, obj);
974 mutex_unlock(&klp_mutex);
979 static struct notifier_block klp_module_nb = {
980 .notifier_call = klp_module_notify,
981 .priority = INT_MIN+1, /* called late but before ftrace notifier */
984 static int klp_init(void)
988 ret = klp_check_compiler_support();
990 pr_info("Your compiler is too old; turning off.\n");
994 ret = register_module_notifier(&klp_module_nb);
998 klp_root_kobj = kobject_create_and_add("livepatch", kernel_kobj);
999 if (!klp_root_kobj) {
1007 unregister_module_notifier(&klp_module_nb);
1011 module_init(klp_init);
Code Review / kvmfornfv.git / blob