1b700e7f0SSeth Jennings /* 2b700e7f0SSeth Jennings * core.c - Kernel Live Patching Core 3b700e7f0SSeth Jennings * 4b700e7f0SSeth Jennings * Copyright (C) 2014 Seth Jennings <[email protected]> 5b700e7f0SSeth Jennings * Copyright (C) 2014 SUSE 6b700e7f0SSeth Jennings * 7b700e7f0SSeth Jennings * This program is free software; you can redistribute it and/or 8b700e7f0SSeth Jennings * modify it under the terms of the GNU General Public License 9b700e7f0SSeth Jennings * as published by the Free Software Foundation; either version 2 10b700e7f0SSeth Jennings * of the License, or (at your option) any later version. 11b700e7f0SSeth Jennings * 12b700e7f0SSeth Jennings * This program is distributed in the hope that it will be useful, 13b700e7f0SSeth Jennings * but WITHOUT ANY WARRANTY; without even the implied warranty of 14b700e7f0SSeth Jennings * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15b700e7f0SSeth Jennings * GNU General Public License for more details. 16b700e7f0SSeth Jennings * 17b700e7f0SSeth Jennings * You should have received a copy of the GNU General Public License 18b700e7f0SSeth Jennings * along with this program; if not, see <http://www.gnu.org/licenses/>. 19b700e7f0SSeth Jennings */ 20b700e7f0SSeth Jennings 21b700e7f0SSeth Jennings #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 22b700e7f0SSeth Jennings 23b700e7f0SSeth Jennings #include <linux/module.h> 24b700e7f0SSeth Jennings #include <linux/kernel.h> 25b700e7f0SSeth Jennings #include <linux/mutex.h> 26b700e7f0SSeth Jennings #include <linux/slab.h> 27b700e7f0SSeth Jennings #include <linux/ftrace.h> 28b700e7f0SSeth Jennings #include <linux/list.h> 29b700e7f0SSeth Jennings #include <linux/kallsyms.h> 30b700e7f0SSeth Jennings #include <linux/livepatch.h> 31b700e7f0SSeth Jennings 32b700e7f0SSeth Jennings /* 33b700e7f0SSeth Jennings * The klp_mutex protects the klp_patches list and state transitions of any 34b700e7f0SSeth Jennings * structure reachable from the patches list. References to any structure must 35b700e7f0SSeth Jennings * be obtained under mutex protection. 36b700e7f0SSeth Jennings */ 37b700e7f0SSeth Jennings 38b700e7f0SSeth Jennings static DEFINE_MUTEX(klp_mutex); 39b700e7f0SSeth Jennings static LIST_HEAD(klp_patches); 40b700e7f0SSeth Jennings 41b700e7f0SSeth Jennings static struct kobject *klp_root_kobj; 42b700e7f0SSeth Jennings 43b700e7f0SSeth Jennings static bool klp_is_module(struct klp_object *obj) 44b700e7f0SSeth Jennings { 45b700e7f0SSeth Jennings return obj->name; 46b700e7f0SSeth Jennings } 47b700e7f0SSeth Jennings 48b700e7f0SSeth Jennings static bool klp_is_object_loaded(struct klp_object *obj) 49b700e7f0SSeth Jennings { 50b700e7f0SSeth Jennings return !obj->name || obj->mod; 51b700e7f0SSeth Jennings } 52b700e7f0SSeth Jennings 53b700e7f0SSeth Jennings /* sets obj->mod if object is not vmlinux and module is found */ 54b700e7f0SSeth Jennings static void klp_find_object_module(struct klp_object *obj) 55b700e7f0SSeth Jennings { 56b700e7f0SSeth Jennings if (!klp_is_module(obj)) 57b700e7f0SSeth Jennings return; 58b700e7f0SSeth Jennings 59b700e7f0SSeth Jennings mutex_lock(&module_mutex); 60b700e7f0SSeth Jennings /* 61b700e7f0SSeth Jennings * We don't need to take a reference on the module here because we have 62b700e7f0SSeth Jennings * the klp_mutex, which is also taken by the module notifier. This 63b700e7f0SSeth Jennings * prevents any module from unloading until we release the klp_mutex. 64b700e7f0SSeth Jennings */ 65b700e7f0SSeth Jennings obj->mod = find_module(obj->name); 66b700e7f0SSeth Jennings mutex_unlock(&module_mutex); 67b700e7f0SSeth Jennings } 68b700e7f0SSeth Jennings 69b700e7f0SSeth Jennings /* klp_mutex must be held by caller */ 70b700e7f0SSeth Jennings static bool klp_is_patch_registered(struct klp_patch *patch) 71b700e7f0SSeth Jennings { 72b700e7f0SSeth Jennings struct klp_patch *mypatch; 73b700e7f0SSeth Jennings 74b700e7f0SSeth Jennings list_for_each_entry(mypatch, &klp_patches, list) 75b700e7f0SSeth Jennings if (mypatch == patch) 76b700e7f0SSeth Jennings return true; 77b700e7f0SSeth Jennings 78b700e7f0SSeth Jennings return false; 79b700e7f0SSeth Jennings } 80b700e7f0SSeth Jennings 81b700e7f0SSeth Jennings static bool klp_initialized(void) 82b700e7f0SSeth Jennings { 83b700e7f0SSeth Jennings return klp_root_kobj; 84b700e7f0SSeth Jennings } 85b700e7f0SSeth Jennings 86b700e7f0SSeth Jennings struct klp_find_arg { 87b700e7f0SSeth Jennings const char *objname; 88b700e7f0SSeth Jennings const char *name; 89b700e7f0SSeth Jennings unsigned long addr; 90b700e7f0SSeth Jennings /* 91b700e7f0SSeth Jennings * If count == 0, the symbol was not found. If count == 1, a unique 92b700e7f0SSeth Jennings * match was found and addr is set. If count > 1, there is 93b700e7f0SSeth Jennings * unresolvable ambiguity among "count" number of symbols with the same 94b700e7f0SSeth Jennings * name in the same object. 95b700e7f0SSeth Jennings */ 96b700e7f0SSeth Jennings unsigned long count; 97b700e7f0SSeth Jennings }; 98b700e7f0SSeth Jennings 99b700e7f0SSeth Jennings static int klp_find_callback(void *data, const char *name, 100b700e7f0SSeth Jennings struct module *mod, unsigned long addr) 101b700e7f0SSeth Jennings { 102b700e7f0SSeth Jennings struct klp_find_arg *args = data; 103b700e7f0SSeth Jennings 104b700e7f0SSeth Jennings if ((mod && !args->objname) || (!mod && args->objname)) 105b700e7f0SSeth Jennings return 0; 106b700e7f0SSeth Jennings 107b700e7f0SSeth Jennings if (strcmp(args->name, name)) 108b700e7f0SSeth Jennings return 0; 109b700e7f0SSeth Jennings 110b700e7f0SSeth Jennings if (args->objname && strcmp(args->objname, mod->name)) 111b700e7f0SSeth Jennings return 0; 112b700e7f0SSeth Jennings 113b700e7f0SSeth Jennings /* 114b700e7f0SSeth Jennings * args->addr might be overwritten if another match is found 115b700e7f0SSeth Jennings * but klp_find_object_symbol() handles this and only returns the 116b700e7f0SSeth Jennings * addr if count == 1. 117b700e7f0SSeth Jennings */ 118b700e7f0SSeth Jennings args->addr = addr; 119b700e7f0SSeth Jennings args->count++; 120b700e7f0SSeth Jennings 121b700e7f0SSeth Jennings return 0; 122b700e7f0SSeth Jennings } 123b700e7f0SSeth Jennings 124b700e7f0SSeth Jennings static int klp_find_object_symbol(const char *objname, const char *name, 125b700e7f0SSeth Jennings unsigned long *addr) 126b700e7f0SSeth Jennings { 127b700e7f0SSeth Jennings struct klp_find_arg args = { 128b700e7f0SSeth Jennings .objname = objname, 129b700e7f0SSeth Jennings .name = name, 130b700e7f0SSeth Jennings .addr = 0, 131b700e7f0SSeth Jennings .count = 0 132b700e7f0SSeth Jennings }; 133b700e7f0SSeth Jennings 134b700e7f0SSeth Jennings kallsyms_on_each_symbol(klp_find_callback, &args); 135b700e7f0SSeth Jennings 136b700e7f0SSeth Jennings if (args.count == 0) 137b700e7f0SSeth Jennings pr_err("symbol '%s' not found in symbol table\n", name); 138b700e7f0SSeth Jennings else if (args.count > 1) 139b700e7f0SSeth Jennings pr_err("unresolvable ambiguity (%lu matches) on symbol '%s' in object '%s'\n", 140b700e7f0SSeth Jennings args.count, name, objname); 141b700e7f0SSeth Jennings else { 142b700e7f0SSeth Jennings *addr = args.addr; 143b700e7f0SSeth Jennings return 0; 144b700e7f0SSeth Jennings } 145b700e7f0SSeth Jennings 146b700e7f0SSeth Jennings *addr = 0; 147b700e7f0SSeth Jennings return -EINVAL; 148b700e7f0SSeth Jennings } 149b700e7f0SSeth Jennings 150b700e7f0SSeth Jennings struct klp_verify_args { 151b700e7f0SSeth Jennings const char *name; 152b700e7f0SSeth Jennings const unsigned long addr; 153b700e7f0SSeth Jennings }; 154b700e7f0SSeth Jennings 155b700e7f0SSeth Jennings static int klp_verify_callback(void *data, const char *name, 156b700e7f0SSeth Jennings struct module *mod, unsigned long addr) 157b700e7f0SSeth Jennings { 158b700e7f0SSeth Jennings struct klp_verify_args *args = data; 159b700e7f0SSeth Jennings 160b700e7f0SSeth Jennings if (!mod && 161b700e7f0SSeth Jennings !strcmp(args->name, name) && 162b700e7f0SSeth Jennings args->addr == addr) 163b700e7f0SSeth Jennings return 1; 164b700e7f0SSeth Jennings 165b700e7f0SSeth Jennings return 0; 166b700e7f0SSeth Jennings } 167b700e7f0SSeth Jennings 168b700e7f0SSeth Jennings static int klp_verify_vmlinux_symbol(const char *name, unsigned long addr) 169b700e7f0SSeth Jennings { 170b700e7f0SSeth Jennings struct klp_verify_args args = { 171b700e7f0SSeth Jennings .name = name, 172b700e7f0SSeth Jennings .addr = addr, 173b700e7f0SSeth Jennings }; 174b700e7f0SSeth Jennings 175b700e7f0SSeth Jennings if (kallsyms_on_each_symbol(klp_verify_callback, &args)) 176b700e7f0SSeth Jennings return 0; 177b700e7f0SSeth Jennings 178b700e7f0SSeth Jennings pr_err("symbol '%s' not found at specified address 0x%016lx, kernel mismatch?", 179b700e7f0SSeth Jennings name, addr); 180b700e7f0SSeth Jennings return -EINVAL; 181b700e7f0SSeth Jennings } 182b700e7f0SSeth Jennings 183b700e7f0SSeth Jennings static int klp_find_verify_func_addr(struct klp_object *obj, 184b700e7f0SSeth Jennings struct klp_func *func) 185b700e7f0SSeth Jennings { 186b700e7f0SSeth Jennings int ret; 187b700e7f0SSeth Jennings 188b700e7f0SSeth Jennings #if defined(CONFIG_RANDOMIZE_BASE) 189b700e7f0SSeth Jennings /* KASLR is enabled, disregard old_addr from user */ 190b700e7f0SSeth Jennings func->old_addr = 0; 191b700e7f0SSeth Jennings #endif 192b700e7f0SSeth Jennings 193b700e7f0SSeth Jennings if (!func->old_addr || klp_is_module(obj)) 194b700e7f0SSeth Jennings ret = klp_find_object_symbol(obj->name, func->old_name, 195b700e7f0SSeth Jennings &func->old_addr); 196b700e7f0SSeth Jennings else 197b700e7f0SSeth Jennings ret = klp_verify_vmlinux_symbol(func->old_name, 198b700e7f0SSeth Jennings func->old_addr); 199b700e7f0SSeth Jennings 200b700e7f0SSeth Jennings return ret; 201b700e7f0SSeth Jennings } 202b700e7f0SSeth Jennings 203b700e7f0SSeth Jennings /* 204b700e7f0SSeth Jennings * external symbols are located outside the parent object (where the parent 205b700e7f0SSeth Jennings * object is either vmlinux or the kmod being patched). 206b700e7f0SSeth Jennings */ 207b700e7f0SSeth Jennings static int klp_find_external_symbol(struct module *pmod, const char *name, 208b700e7f0SSeth Jennings unsigned long *addr) 209b700e7f0SSeth Jennings { 210b700e7f0SSeth Jennings const struct kernel_symbol *sym; 211b700e7f0SSeth Jennings 212b700e7f0SSeth Jennings /* first, check if it's an exported symbol */ 213b700e7f0SSeth Jennings preempt_disable(); 214b700e7f0SSeth Jennings sym = find_symbol(name, NULL, NULL, true, true); 215b700e7f0SSeth Jennings preempt_enable(); 216b700e7f0SSeth Jennings if (sym) { 217b700e7f0SSeth Jennings *addr = sym->value; 218b700e7f0SSeth Jennings return 0; 219b700e7f0SSeth Jennings } 220b700e7f0SSeth Jennings 221b700e7f0SSeth Jennings /* otherwise check if it's in another .o within the patch module */ 222b700e7f0SSeth Jennings return klp_find_object_symbol(pmod->name, name, addr); 223b700e7f0SSeth Jennings } 224b700e7f0SSeth Jennings 225b700e7f0SSeth Jennings static int klp_write_object_relocations(struct module *pmod, 226b700e7f0SSeth Jennings struct klp_object *obj) 227b700e7f0SSeth Jennings { 228b700e7f0SSeth Jennings int ret; 229b700e7f0SSeth Jennings struct klp_reloc *reloc; 230b700e7f0SSeth Jennings 231b700e7f0SSeth Jennings if (WARN_ON(!klp_is_object_loaded(obj))) 232b700e7f0SSeth Jennings return -EINVAL; 233b700e7f0SSeth Jennings 234b700e7f0SSeth Jennings if (WARN_ON(!obj->relocs)) 235b700e7f0SSeth Jennings return -EINVAL; 236b700e7f0SSeth Jennings 237b700e7f0SSeth Jennings for (reloc = obj->relocs; reloc->name; reloc++) { 238b700e7f0SSeth Jennings if (!klp_is_module(obj)) { 239b700e7f0SSeth Jennings ret = klp_verify_vmlinux_symbol(reloc->name, 240b700e7f0SSeth Jennings reloc->val); 241b700e7f0SSeth Jennings if (ret) 242b700e7f0SSeth Jennings return ret; 243b700e7f0SSeth Jennings } else { 244b700e7f0SSeth Jennings /* module, reloc->val needs to be discovered */ 245b700e7f0SSeth Jennings if (reloc->external) 246b700e7f0SSeth Jennings ret = klp_find_external_symbol(pmod, 247b700e7f0SSeth Jennings reloc->name, 248b700e7f0SSeth Jennings &reloc->val); 249b700e7f0SSeth Jennings else 250b700e7f0SSeth Jennings ret = klp_find_object_symbol(obj->mod->name, 251b700e7f0SSeth Jennings reloc->name, 252b700e7f0SSeth Jennings &reloc->val); 253b700e7f0SSeth Jennings if (ret) 254b700e7f0SSeth Jennings return ret; 255b700e7f0SSeth Jennings } 256b700e7f0SSeth Jennings ret = klp_write_module_reloc(pmod, reloc->type, reloc->loc, 257b700e7f0SSeth Jennings reloc->val + reloc->addend); 258b700e7f0SSeth Jennings if (ret) { 259b700e7f0SSeth Jennings pr_err("relocation failed for symbol '%s' at 0x%016lx (%d)\n", 260b700e7f0SSeth Jennings reloc->name, reloc->val, ret); 261b700e7f0SSeth Jennings return ret; 262b700e7f0SSeth Jennings } 263b700e7f0SSeth Jennings } 264b700e7f0SSeth Jennings 265b700e7f0SSeth Jennings return 0; 266b700e7f0SSeth Jennings } 267b700e7f0SSeth Jennings 268b700e7f0SSeth Jennings static void notrace klp_ftrace_handler(unsigned long ip, 269b700e7f0SSeth Jennings unsigned long parent_ip, 270b700e7f0SSeth Jennings struct ftrace_ops *ops, 271b700e7f0SSeth Jennings struct pt_regs *regs) 272b700e7f0SSeth Jennings { 273b700e7f0SSeth Jennings struct klp_func *func = ops->private; 274b700e7f0SSeth Jennings 275b5bfc517SLi Bin klp_arch_set_pc(regs, (unsigned long)func->new_func); 276b700e7f0SSeth Jennings } 277b700e7f0SSeth Jennings 278b700e7f0SSeth Jennings static int klp_disable_func(struct klp_func *func) 279b700e7f0SSeth Jennings { 280b700e7f0SSeth Jennings int ret; 281b700e7f0SSeth Jennings 282b700e7f0SSeth Jennings if (WARN_ON(func->state != KLP_ENABLED)) 283b700e7f0SSeth Jennings return -EINVAL; 284b700e7f0SSeth Jennings 285b700e7f0SSeth Jennings if (WARN_ON(!func->old_addr)) 286b700e7f0SSeth Jennings return -EINVAL; 287b700e7f0SSeth Jennings 288b700e7f0SSeth Jennings ret = unregister_ftrace_function(func->fops); 289b700e7f0SSeth Jennings if (ret) { 290b700e7f0SSeth Jennings pr_err("failed to unregister ftrace handler for function '%s' (%d)\n", 291b700e7f0SSeth Jennings func->old_name, ret); 292b700e7f0SSeth Jennings return ret; 293b700e7f0SSeth Jennings } 294b700e7f0SSeth Jennings 295b700e7f0SSeth Jennings ret = ftrace_set_filter_ip(func->fops, func->old_addr, 1, 0); 296b700e7f0SSeth Jennings if (ret) 297b700e7f0SSeth Jennings pr_warn("function unregister succeeded but failed to clear the filter\n"); 298b700e7f0SSeth Jennings 299b700e7f0SSeth Jennings func->state = KLP_DISABLED; 300b700e7f0SSeth Jennings 301b700e7f0SSeth Jennings return 0; 302b700e7f0SSeth Jennings } 303b700e7f0SSeth Jennings 304b700e7f0SSeth Jennings static int klp_enable_func(struct klp_func *func) 305b700e7f0SSeth Jennings { 306b700e7f0SSeth Jennings int ret; 307b700e7f0SSeth Jennings 308b700e7f0SSeth Jennings if (WARN_ON(!func->old_addr)) 309b700e7f0SSeth Jennings return -EINVAL; 310b700e7f0SSeth Jennings 311b700e7f0SSeth Jennings if (WARN_ON(func->state != KLP_DISABLED)) 312b700e7f0SSeth Jennings return -EINVAL; 313b700e7f0SSeth Jennings 314b700e7f0SSeth Jennings ret = ftrace_set_filter_ip(func->fops, func->old_addr, 0, 0); 315b700e7f0SSeth Jennings if (ret) { 316b700e7f0SSeth Jennings pr_err("failed to set ftrace filter for function '%s' (%d)\n", 317b700e7f0SSeth Jennings func->old_name, ret); 318b700e7f0SSeth Jennings return ret; 319b700e7f0SSeth Jennings } 320b700e7f0SSeth Jennings 321b700e7f0SSeth Jennings ret = register_ftrace_function(func->fops); 322b700e7f0SSeth Jennings if (ret) { 323b700e7f0SSeth Jennings pr_err("failed to register ftrace handler for function '%s' (%d)\n", 324b700e7f0SSeth Jennings func->old_name, ret); 325b700e7f0SSeth Jennings ftrace_set_filter_ip(func->fops, func->old_addr, 1, 0); 326b700e7f0SSeth Jennings } else { 327b700e7f0SSeth Jennings func->state = KLP_ENABLED; 328b700e7f0SSeth Jennings } 329b700e7f0SSeth Jennings 330b700e7f0SSeth Jennings return ret; 331b700e7f0SSeth Jennings } 332b700e7f0SSeth Jennings 333b700e7f0SSeth Jennings static int klp_disable_object(struct klp_object *obj) 334b700e7f0SSeth Jennings { 335b700e7f0SSeth Jennings struct klp_func *func; 336b700e7f0SSeth Jennings int ret; 337b700e7f0SSeth Jennings 338b700e7f0SSeth Jennings for (func = obj->funcs; func->old_name; func++) { 339b700e7f0SSeth Jennings if (func->state != KLP_ENABLED) 340b700e7f0SSeth Jennings continue; 341b700e7f0SSeth Jennings 342b700e7f0SSeth Jennings ret = klp_disable_func(func); 343b700e7f0SSeth Jennings if (ret) 344b700e7f0SSeth Jennings return ret; 345b700e7f0SSeth Jennings } 346b700e7f0SSeth Jennings 347b700e7f0SSeth Jennings obj->state = KLP_DISABLED; 348b700e7f0SSeth Jennings 349b700e7f0SSeth Jennings return 0; 350b700e7f0SSeth Jennings } 351b700e7f0SSeth Jennings 352b700e7f0SSeth Jennings static int klp_enable_object(struct klp_object *obj) 353b700e7f0SSeth Jennings { 354b700e7f0SSeth Jennings struct klp_func *func; 355b700e7f0SSeth Jennings int ret; 356b700e7f0SSeth Jennings 357b700e7f0SSeth Jennings if (WARN_ON(obj->state != KLP_DISABLED)) 358b700e7f0SSeth Jennings return -EINVAL; 359b700e7f0SSeth Jennings 360b700e7f0SSeth Jennings if (WARN_ON(!klp_is_object_loaded(obj))) 361b700e7f0SSeth Jennings return -EINVAL; 362b700e7f0SSeth Jennings 363b700e7f0SSeth Jennings for (func = obj->funcs; func->old_name; func++) { 364b700e7f0SSeth Jennings ret = klp_enable_func(func); 365b700e7f0SSeth Jennings if (ret) 366b700e7f0SSeth Jennings goto unregister; 367b700e7f0SSeth Jennings } 368b700e7f0SSeth Jennings obj->state = KLP_ENABLED; 369b700e7f0SSeth Jennings 370b700e7f0SSeth Jennings return 0; 371b700e7f0SSeth Jennings 372b700e7f0SSeth Jennings unregister: 373b700e7f0SSeth Jennings WARN_ON(klp_disable_object(obj)); 374b700e7f0SSeth Jennings return ret; 375b700e7f0SSeth Jennings } 376b700e7f0SSeth Jennings 377b700e7f0SSeth Jennings static int __klp_disable_patch(struct klp_patch *patch) 378b700e7f0SSeth Jennings { 379b700e7f0SSeth Jennings struct klp_object *obj; 380b700e7f0SSeth Jennings int ret; 381b700e7f0SSeth Jennings 382*83a90bb1SJosh Poimboeuf /* enforce stacking: only the last enabled patch can be disabled */ 383*83a90bb1SJosh Poimboeuf if (!list_is_last(&patch->list, &klp_patches) && 384*83a90bb1SJosh Poimboeuf list_next_entry(patch, list)->state == KLP_ENABLED) 385*83a90bb1SJosh Poimboeuf return -EBUSY; 386*83a90bb1SJosh Poimboeuf 387b700e7f0SSeth Jennings pr_notice("disabling patch '%s'\n", patch->mod->name); 388b700e7f0SSeth Jennings 389b700e7f0SSeth Jennings for (obj = patch->objs; obj->funcs; obj++) { 390b700e7f0SSeth Jennings if (obj->state != KLP_ENABLED) 391b700e7f0SSeth Jennings continue; 392b700e7f0SSeth Jennings 393b700e7f0SSeth Jennings ret = klp_disable_object(obj); 394b700e7f0SSeth Jennings if (ret) 395b700e7f0SSeth Jennings return ret; 396b700e7f0SSeth Jennings } 397b700e7f0SSeth Jennings 398b700e7f0SSeth Jennings patch->state = KLP_DISABLED; 399b700e7f0SSeth Jennings 400b700e7f0SSeth Jennings return 0; 401b700e7f0SSeth Jennings } 402b700e7f0SSeth Jennings 403b700e7f0SSeth Jennings /** 404b700e7f0SSeth Jennings * klp_disable_patch() - disables a registered patch 405b700e7f0SSeth Jennings * @patch: The registered, enabled patch to be disabled 406b700e7f0SSeth Jennings * 407b700e7f0SSeth Jennings * Unregisters the patched functions from ftrace. 408b700e7f0SSeth Jennings * 409b700e7f0SSeth Jennings * Return: 0 on success, otherwise error 410b700e7f0SSeth Jennings */ 411b700e7f0SSeth Jennings int klp_disable_patch(struct klp_patch *patch) 412b700e7f0SSeth Jennings { 413b700e7f0SSeth Jennings int ret; 414b700e7f0SSeth Jennings 415b700e7f0SSeth Jennings mutex_lock(&klp_mutex); 416b700e7f0SSeth Jennings 417b700e7f0SSeth Jennings if (!klp_is_patch_registered(patch)) { 418b700e7f0SSeth Jennings ret = -EINVAL; 419b700e7f0SSeth Jennings goto err; 420b700e7f0SSeth Jennings } 421b700e7f0SSeth Jennings 422b700e7f0SSeth Jennings if (patch->state == KLP_DISABLED) { 423b700e7f0SSeth Jennings ret = -EINVAL; 424b700e7f0SSeth Jennings goto err; 425b700e7f0SSeth Jennings } 426b700e7f0SSeth Jennings 427b700e7f0SSeth Jennings ret = __klp_disable_patch(patch); 428b700e7f0SSeth Jennings 429b700e7f0SSeth Jennings err: 430b700e7f0SSeth Jennings mutex_unlock(&klp_mutex); 431b700e7f0SSeth Jennings return ret; 432b700e7f0SSeth Jennings } 433b700e7f0SSeth Jennings EXPORT_SYMBOL_GPL(klp_disable_patch); 434b700e7f0SSeth Jennings 435b700e7f0SSeth Jennings static int __klp_enable_patch(struct klp_patch *patch) 436b700e7f0SSeth Jennings { 437b700e7f0SSeth Jennings struct klp_object *obj; 438b700e7f0SSeth Jennings int ret; 439b700e7f0SSeth Jennings 440b700e7f0SSeth Jennings if (WARN_ON(patch->state != KLP_DISABLED)) 441b700e7f0SSeth Jennings return -EINVAL; 442b700e7f0SSeth Jennings 443*83a90bb1SJosh Poimboeuf /* enforce stacking: only the first disabled patch can be enabled */ 444*83a90bb1SJosh Poimboeuf if (patch->list.prev != &klp_patches && 445*83a90bb1SJosh Poimboeuf list_prev_entry(patch, list)->state == KLP_DISABLED) 446*83a90bb1SJosh Poimboeuf return -EBUSY; 447*83a90bb1SJosh Poimboeuf 448b700e7f0SSeth Jennings pr_notice_once("tainting kernel with TAINT_LIVEPATCH\n"); 449b700e7f0SSeth Jennings add_taint(TAINT_LIVEPATCH, LOCKDEP_STILL_OK); 450b700e7f0SSeth Jennings 451b700e7f0SSeth Jennings pr_notice("enabling patch '%s'\n", patch->mod->name); 452b700e7f0SSeth Jennings 453b700e7f0SSeth Jennings for (obj = patch->objs; obj->funcs; obj++) { 454b700e7f0SSeth Jennings klp_find_object_module(obj); 455b700e7f0SSeth Jennings 456b700e7f0SSeth Jennings if (!klp_is_object_loaded(obj)) 457b700e7f0SSeth Jennings continue; 458b700e7f0SSeth Jennings 459b700e7f0SSeth Jennings ret = klp_enable_object(obj); 460b700e7f0SSeth Jennings if (ret) 461b700e7f0SSeth Jennings goto unregister; 462b700e7f0SSeth Jennings } 463b700e7f0SSeth Jennings 464b700e7f0SSeth Jennings patch->state = KLP_ENABLED; 465b700e7f0SSeth Jennings 466b700e7f0SSeth Jennings return 0; 467b700e7f0SSeth Jennings 468b700e7f0SSeth Jennings unregister: 469b700e7f0SSeth Jennings WARN_ON(__klp_disable_patch(patch)); 470b700e7f0SSeth Jennings return ret; 471b700e7f0SSeth Jennings } 472b700e7f0SSeth Jennings 473b700e7f0SSeth Jennings /** 474b700e7f0SSeth Jennings * klp_enable_patch() - enables a registered patch 475b700e7f0SSeth Jennings * @patch: The registered, disabled patch to be enabled 476b700e7f0SSeth Jennings * 477b700e7f0SSeth Jennings * Performs the needed symbol lookups and code relocations, 478b700e7f0SSeth Jennings * then registers the patched functions with ftrace. 479b700e7f0SSeth Jennings * 480b700e7f0SSeth Jennings * Return: 0 on success, otherwise error 481b700e7f0SSeth Jennings */ 482b700e7f0SSeth Jennings int klp_enable_patch(struct klp_patch *patch) 483b700e7f0SSeth Jennings { 484b700e7f0SSeth Jennings int ret; 485b700e7f0SSeth Jennings 486b700e7f0SSeth Jennings mutex_lock(&klp_mutex); 487b700e7f0SSeth Jennings 488b700e7f0SSeth Jennings if (!klp_is_patch_registered(patch)) { 489b700e7f0SSeth Jennings ret = -EINVAL; 490b700e7f0SSeth Jennings goto err; 491b700e7f0SSeth Jennings } 492b700e7f0SSeth Jennings 493b700e7f0SSeth Jennings ret = __klp_enable_patch(patch); 494b700e7f0SSeth Jennings 495b700e7f0SSeth Jennings err: 496b700e7f0SSeth Jennings mutex_unlock(&klp_mutex); 497b700e7f0SSeth Jennings return ret; 498b700e7f0SSeth Jennings } 499b700e7f0SSeth Jennings EXPORT_SYMBOL_GPL(klp_enable_patch); 500b700e7f0SSeth Jennings 501b700e7f0SSeth Jennings /* 502b700e7f0SSeth Jennings * Sysfs Interface 503b700e7f0SSeth Jennings * 504b700e7f0SSeth Jennings * /sys/kernel/livepatch 505b700e7f0SSeth Jennings * /sys/kernel/livepatch/<patch> 506b700e7f0SSeth Jennings * /sys/kernel/livepatch/<patch>/enabled 507b700e7f0SSeth Jennings * /sys/kernel/livepatch/<patch>/<object> 508b700e7f0SSeth Jennings * /sys/kernel/livepatch/<patch>/<object>/<func> 509b700e7f0SSeth Jennings */ 510b700e7f0SSeth Jennings 511b700e7f0SSeth Jennings static ssize_t enabled_store(struct kobject *kobj, struct kobj_attribute *attr, 512b700e7f0SSeth Jennings const char *buf, size_t count) 513b700e7f0SSeth Jennings { 514b700e7f0SSeth Jennings struct klp_patch *patch; 515b700e7f0SSeth Jennings int ret; 516b700e7f0SSeth Jennings unsigned long val; 517b700e7f0SSeth Jennings 518b700e7f0SSeth Jennings ret = kstrtoul(buf, 10, &val); 519b700e7f0SSeth Jennings if (ret) 520b700e7f0SSeth Jennings return -EINVAL; 521b700e7f0SSeth Jennings 522b700e7f0SSeth Jennings if (val != KLP_DISABLED && val != KLP_ENABLED) 523b700e7f0SSeth Jennings return -EINVAL; 524b700e7f0SSeth Jennings 525b700e7f0SSeth Jennings patch = container_of(kobj, struct klp_patch, kobj); 526b700e7f0SSeth Jennings 527b700e7f0SSeth Jennings mutex_lock(&klp_mutex); 528b700e7f0SSeth Jennings 529b700e7f0SSeth Jennings if (val == patch->state) { 530b700e7f0SSeth Jennings /* already in requested state */ 531b700e7f0SSeth Jennings ret = -EINVAL; 532b700e7f0SSeth Jennings goto err; 533b700e7f0SSeth Jennings } 534b700e7f0SSeth Jennings 535b700e7f0SSeth Jennings if (val == KLP_ENABLED) { 536b700e7f0SSeth Jennings ret = __klp_enable_patch(patch); 537b700e7f0SSeth Jennings if (ret) 538b700e7f0SSeth Jennings goto err; 539b700e7f0SSeth Jennings } else { 540b700e7f0SSeth Jennings ret = __klp_disable_patch(patch); 541b700e7f0SSeth Jennings if (ret) 542b700e7f0SSeth Jennings goto err; 543b700e7f0SSeth Jennings } 544b700e7f0SSeth Jennings 545b700e7f0SSeth Jennings mutex_unlock(&klp_mutex); 546b700e7f0SSeth Jennings 547b700e7f0SSeth Jennings return count; 548b700e7f0SSeth Jennings 549b700e7f0SSeth Jennings err: 550b700e7f0SSeth Jennings mutex_unlock(&klp_mutex); 551b700e7f0SSeth Jennings return ret; 552b700e7f0SSeth Jennings } 553b700e7f0SSeth Jennings 554b700e7f0SSeth Jennings static ssize_t enabled_show(struct kobject *kobj, 555b700e7f0SSeth Jennings struct kobj_attribute *attr, char *buf) 556b700e7f0SSeth Jennings { 557b700e7f0SSeth Jennings struct klp_patch *patch; 558b700e7f0SSeth Jennings 559b700e7f0SSeth Jennings patch = container_of(kobj, struct klp_patch, kobj); 560b700e7f0SSeth Jennings return snprintf(buf, PAGE_SIZE-1, "%d\n", patch->state); 561b700e7f0SSeth Jennings } 562b700e7f0SSeth Jennings 563b700e7f0SSeth Jennings static struct kobj_attribute enabled_kobj_attr = __ATTR_RW(enabled); 564b700e7f0SSeth Jennings static struct attribute *klp_patch_attrs[] = { 565b700e7f0SSeth Jennings &enabled_kobj_attr.attr, 566b700e7f0SSeth Jennings NULL 567b700e7f0SSeth Jennings }; 568b700e7f0SSeth Jennings 569b700e7f0SSeth Jennings static void klp_kobj_release_patch(struct kobject *kobj) 570b700e7f0SSeth Jennings { 571b700e7f0SSeth Jennings /* 572b700e7f0SSeth Jennings * Once we have a consistency model we'll need to module_put() the 573b700e7f0SSeth Jennings * patch module here. See klp_register_patch() for more details. 574b700e7f0SSeth Jennings */ 575b700e7f0SSeth Jennings } 576b700e7f0SSeth Jennings 577b700e7f0SSeth Jennings static struct kobj_type klp_ktype_patch = { 578b700e7f0SSeth Jennings .release = klp_kobj_release_patch, 579b700e7f0SSeth Jennings .sysfs_ops = &kobj_sysfs_ops, 580b700e7f0SSeth Jennings .default_attrs = klp_patch_attrs, 581b700e7f0SSeth Jennings }; 582b700e7f0SSeth Jennings 583b700e7f0SSeth Jennings static void klp_kobj_release_func(struct kobject *kobj) 584b700e7f0SSeth Jennings { 585b700e7f0SSeth Jennings struct klp_func *func; 586b700e7f0SSeth Jennings 587b700e7f0SSeth Jennings func = container_of(kobj, struct klp_func, kobj); 588b700e7f0SSeth Jennings kfree(func->fops); 589b700e7f0SSeth Jennings } 590b700e7f0SSeth Jennings 591b700e7f0SSeth Jennings static struct kobj_type klp_ktype_func = { 592b700e7f0SSeth Jennings .release = klp_kobj_release_func, 593b700e7f0SSeth Jennings .sysfs_ops = &kobj_sysfs_ops, 594b700e7f0SSeth Jennings }; 595b700e7f0SSeth Jennings 596b700e7f0SSeth Jennings /* 597b700e7f0SSeth Jennings * Free all functions' kobjects in the array up to some limit. When limit is 598b700e7f0SSeth Jennings * NULL, all kobjects are freed. 599b700e7f0SSeth Jennings */ 600b700e7f0SSeth Jennings static void klp_free_funcs_limited(struct klp_object *obj, 601b700e7f0SSeth Jennings struct klp_func *limit) 602b700e7f0SSeth Jennings { 603b700e7f0SSeth Jennings struct klp_func *func; 604b700e7f0SSeth Jennings 605b700e7f0SSeth Jennings for (func = obj->funcs; func->old_name && func != limit; func++) 606b700e7f0SSeth Jennings kobject_put(&func->kobj); 607b700e7f0SSeth Jennings } 608b700e7f0SSeth Jennings 609b700e7f0SSeth Jennings /* Clean up when a patched object is unloaded */ 610b700e7f0SSeth Jennings static void klp_free_object_loaded(struct klp_object *obj) 611b700e7f0SSeth Jennings { 612b700e7f0SSeth Jennings struct klp_func *func; 613b700e7f0SSeth Jennings 614b700e7f0SSeth Jennings obj->mod = NULL; 615b700e7f0SSeth Jennings 616b700e7f0SSeth Jennings for (func = obj->funcs; func->old_name; func++) 617b700e7f0SSeth Jennings func->old_addr = 0; 618b700e7f0SSeth Jennings } 619b700e7f0SSeth Jennings 620b700e7f0SSeth Jennings /* 621b700e7f0SSeth Jennings * Free all objects' kobjects in the array up to some limit. When limit is 622b700e7f0SSeth Jennings * NULL, all kobjects are freed. 623b700e7f0SSeth Jennings */ 624b700e7f0SSeth Jennings static void klp_free_objects_limited(struct klp_patch *patch, 625b700e7f0SSeth Jennings struct klp_object *limit) 626b700e7f0SSeth Jennings { 627b700e7f0SSeth Jennings struct klp_object *obj; 628b700e7f0SSeth Jennings 629b700e7f0SSeth Jennings for (obj = patch->objs; obj->funcs && obj != limit; obj++) { 630b700e7f0SSeth Jennings klp_free_funcs_limited(obj, NULL); 631b700e7f0SSeth Jennings kobject_put(obj->kobj); 632b700e7f0SSeth Jennings } 633b700e7f0SSeth Jennings } 634b700e7f0SSeth Jennings 635b700e7f0SSeth Jennings static void klp_free_patch(struct klp_patch *patch) 636b700e7f0SSeth Jennings { 637b700e7f0SSeth Jennings klp_free_objects_limited(patch, NULL); 638b700e7f0SSeth Jennings if (!list_empty(&patch->list)) 639b700e7f0SSeth Jennings list_del(&patch->list); 640b700e7f0SSeth Jennings kobject_put(&patch->kobj); 641b700e7f0SSeth Jennings } 642b700e7f0SSeth Jennings 643b700e7f0SSeth Jennings static int klp_init_func(struct klp_object *obj, struct klp_func *func) 644b700e7f0SSeth Jennings { 645b700e7f0SSeth Jennings struct ftrace_ops *ops; 646b700e7f0SSeth Jennings int ret; 647b700e7f0SSeth Jennings 648b700e7f0SSeth Jennings ops = kzalloc(sizeof(*ops), GFP_KERNEL); 649b700e7f0SSeth Jennings if (!ops) 650b700e7f0SSeth Jennings return -ENOMEM; 651b700e7f0SSeth Jennings 652b700e7f0SSeth Jennings ops->private = func; 653b700e7f0SSeth Jennings ops->func = klp_ftrace_handler; 65433e8612fSJosh Poimboeuf ops->flags = FTRACE_OPS_FL_SAVE_REGS | FTRACE_OPS_FL_DYNAMIC | 65533e8612fSJosh Poimboeuf FTRACE_OPS_FL_IPMODIFY; 656b700e7f0SSeth Jennings func->fops = ops; 657b700e7f0SSeth Jennings func->state = KLP_DISABLED; 658b700e7f0SSeth Jennings 659b700e7f0SSeth Jennings ret = kobject_init_and_add(&func->kobj, &klp_ktype_func, 660b700e7f0SSeth Jennings obj->kobj, func->old_name); 661b700e7f0SSeth Jennings if (ret) { 662b700e7f0SSeth Jennings kfree(func->fops); 663b700e7f0SSeth Jennings return ret; 664b700e7f0SSeth Jennings } 665b700e7f0SSeth Jennings 666b700e7f0SSeth Jennings return 0; 667b700e7f0SSeth Jennings } 668b700e7f0SSeth Jennings 669b700e7f0SSeth Jennings /* parts of the initialization that is done only when the object is loaded */ 670b700e7f0SSeth Jennings static int klp_init_object_loaded(struct klp_patch *patch, 671b700e7f0SSeth Jennings struct klp_object *obj) 672b700e7f0SSeth Jennings { 673b700e7f0SSeth Jennings struct klp_func *func; 674b700e7f0SSeth Jennings int ret; 675b700e7f0SSeth Jennings 676b700e7f0SSeth Jennings if (obj->relocs) { 677b700e7f0SSeth Jennings ret = klp_write_object_relocations(patch->mod, obj); 678b700e7f0SSeth Jennings if (ret) 679b700e7f0SSeth Jennings return ret; 680b700e7f0SSeth Jennings } 681b700e7f0SSeth Jennings 682b700e7f0SSeth Jennings for (func = obj->funcs; func->old_name; func++) { 683b700e7f0SSeth Jennings ret = klp_find_verify_func_addr(obj, func); 684b700e7f0SSeth Jennings if (ret) 685b700e7f0SSeth Jennings return ret; 686b700e7f0SSeth Jennings } 687b700e7f0SSeth Jennings 688b700e7f0SSeth Jennings return 0; 689b700e7f0SSeth Jennings } 690b700e7f0SSeth Jennings 691b700e7f0SSeth Jennings static int klp_init_object(struct klp_patch *patch, struct klp_object *obj) 692b700e7f0SSeth Jennings { 693b700e7f0SSeth Jennings struct klp_func *func; 694b700e7f0SSeth Jennings int ret; 695b700e7f0SSeth Jennings const char *name; 696b700e7f0SSeth Jennings 697b700e7f0SSeth Jennings if (!obj->funcs) 698b700e7f0SSeth Jennings return -EINVAL; 699b700e7f0SSeth Jennings 700b700e7f0SSeth Jennings obj->state = KLP_DISABLED; 701b700e7f0SSeth Jennings 702b700e7f0SSeth Jennings klp_find_object_module(obj); 703b700e7f0SSeth Jennings 704b700e7f0SSeth Jennings name = klp_is_module(obj) ? obj->name : "vmlinux"; 705b700e7f0SSeth Jennings obj->kobj = kobject_create_and_add(name, &patch->kobj); 706b700e7f0SSeth Jennings if (!obj->kobj) 707b700e7f0SSeth Jennings return -ENOMEM; 708b700e7f0SSeth Jennings 709b700e7f0SSeth Jennings for (func = obj->funcs; func->old_name; func++) { 710b700e7f0SSeth Jennings ret = klp_init_func(obj, func); 711b700e7f0SSeth Jennings if (ret) 712b700e7f0SSeth Jennings goto free; 713b700e7f0SSeth Jennings } 714b700e7f0SSeth Jennings 715b700e7f0SSeth Jennings if (klp_is_object_loaded(obj)) { 716b700e7f0SSeth Jennings ret = klp_init_object_loaded(patch, obj); 717b700e7f0SSeth Jennings if (ret) 718b700e7f0SSeth Jennings goto free; 719b700e7f0SSeth Jennings } 720b700e7f0SSeth Jennings 721b700e7f0SSeth Jennings return 0; 722b700e7f0SSeth Jennings 723b700e7f0SSeth Jennings free: 724b700e7f0SSeth Jennings klp_free_funcs_limited(obj, func); 725b700e7f0SSeth Jennings kobject_put(obj->kobj); 726b700e7f0SSeth Jennings return ret; 727b700e7f0SSeth Jennings } 728b700e7f0SSeth Jennings 729b700e7f0SSeth Jennings static int klp_init_patch(struct klp_patch *patch) 730b700e7f0SSeth Jennings { 731b700e7f0SSeth Jennings struct klp_object *obj; 732b700e7f0SSeth Jennings int ret; 733b700e7f0SSeth Jennings 734b700e7f0SSeth Jennings if (!patch->objs) 735b700e7f0SSeth Jennings return -EINVAL; 736b700e7f0SSeth Jennings 737b700e7f0SSeth Jennings mutex_lock(&klp_mutex); 738b700e7f0SSeth Jennings 739b700e7f0SSeth Jennings patch->state = KLP_DISABLED; 740b700e7f0SSeth Jennings 741b700e7f0SSeth Jennings ret = kobject_init_and_add(&patch->kobj, &klp_ktype_patch, 742b700e7f0SSeth Jennings klp_root_kobj, patch->mod->name); 743b700e7f0SSeth Jennings if (ret) 744b700e7f0SSeth Jennings goto unlock; 745b700e7f0SSeth Jennings 746b700e7f0SSeth Jennings for (obj = patch->objs; obj->funcs; obj++) { 747b700e7f0SSeth Jennings ret = klp_init_object(patch, obj); 748b700e7f0SSeth Jennings if (ret) 749b700e7f0SSeth Jennings goto free; 750b700e7f0SSeth Jennings } 751b700e7f0SSeth Jennings 75299590ba5SJosh Poimboeuf list_add_tail(&patch->list, &klp_patches); 753b700e7f0SSeth Jennings 754b700e7f0SSeth Jennings mutex_unlock(&klp_mutex); 755b700e7f0SSeth Jennings 756b700e7f0SSeth Jennings return 0; 757b700e7f0SSeth Jennings 758b700e7f0SSeth Jennings free: 759b700e7f0SSeth Jennings klp_free_objects_limited(patch, obj); 760b700e7f0SSeth Jennings kobject_put(&patch->kobj); 761b700e7f0SSeth Jennings unlock: 762b700e7f0SSeth Jennings mutex_unlock(&klp_mutex); 763b700e7f0SSeth Jennings return ret; 764b700e7f0SSeth Jennings } 765b700e7f0SSeth Jennings 766b700e7f0SSeth Jennings /** 767b700e7f0SSeth Jennings * klp_unregister_patch() - unregisters a patch 768b700e7f0SSeth Jennings * @patch: Disabled patch to be unregistered 769b700e7f0SSeth Jennings * 770b700e7f0SSeth Jennings * Frees the data structures and removes the sysfs interface. 771b700e7f0SSeth Jennings * 772b700e7f0SSeth Jennings * Return: 0 on success, otherwise error 773b700e7f0SSeth Jennings */ 774b700e7f0SSeth Jennings int klp_unregister_patch(struct klp_patch *patch) 775b700e7f0SSeth Jennings { 776b700e7f0SSeth Jennings int ret = 0; 777b700e7f0SSeth Jennings 778b700e7f0SSeth Jennings mutex_lock(&klp_mutex); 779b700e7f0SSeth Jennings 780b700e7f0SSeth Jennings if (!klp_is_patch_registered(patch)) { 781b700e7f0SSeth Jennings ret = -EINVAL; 782b700e7f0SSeth Jennings goto out; 783b700e7f0SSeth Jennings } 784b700e7f0SSeth Jennings 785b700e7f0SSeth Jennings if (patch->state == KLP_ENABLED) { 786b700e7f0SSeth Jennings ret = -EBUSY; 787b700e7f0SSeth Jennings goto out; 788b700e7f0SSeth Jennings } 789b700e7f0SSeth Jennings 790b700e7f0SSeth Jennings klp_free_patch(patch); 791b700e7f0SSeth Jennings 792b700e7f0SSeth Jennings out: 793b700e7f0SSeth Jennings mutex_unlock(&klp_mutex); 794b700e7f0SSeth Jennings return ret; 795b700e7f0SSeth Jennings } 796b700e7f0SSeth Jennings EXPORT_SYMBOL_GPL(klp_unregister_patch); 797b700e7f0SSeth Jennings 798b700e7f0SSeth Jennings /** 799b700e7f0SSeth Jennings * klp_register_patch() - registers a patch 800b700e7f0SSeth Jennings * @patch: Patch to be registered 801b700e7f0SSeth Jennings * 802b700e7f0SSeth Jennings * Initializes the data structure associated with the patch and 803b700e7f0SSeth Jennings * creates the sysfs interface. 804b700e7f0SSeth Jennings * 805b700e7f0SSeth Jennings * Return: 0 on success, otherwise error 806b700e7f0SSeth Jennings */ 807b700e7f0SSeth Jennings int klp_register_patch(struct klp_patch *patch) 808b700e7f0SSeth Jennings { 809b700e7f0SSeth Jennings int ret; 810b700e7f0SSeth Jennings 811b700e7f0SSeth Jennings if (!klp_initialized()) 812b700e7f0SSeth Jennings return -ENODEV; 813b700e7f0SSeth Jennings 814b700e7f0SSeth Jennings if (!patch || !patch->mod) 815b700e7f0SSeth Jennings return -EINVAL; 816b700e7f0SSeth Jennings 817b700e7f0SSeth Jennings /* 818b700e7f0SSeth Jennings * A reference is taken on the patch module to prevent it from being 819b700e7f0SSeth Jennings * unloaded. Right now, we don't allow patch modules to unload since 820b700e7f0SSeth Jennings * there is currently no method to determine if a thread is still 821b700e7f0SSeth Jennings * running in the patched code contained in the patch module once 822b700e7f0SSeth Jennings * the ftrace registration is successful. 823b700e7f0SSeth Jennings */ 824b700e7f0SSeth Jennings if (!try_module_get(patch->mod)) 825b700e7f0SSeth Jennings return -ENODEV; 826b700e7f0SSeth Jennings 827b700e7f0SSeth Jennings ret = klp_init_patch(patch); 828b700e7f0SSeth Jennings if (ret) 829b700e7f0SSeth Jennings module_put(patch->mod); 830b700e7f0SSeth Jennings 831b700e7f0SSeth Jennings return ret; 832b700e7f0SSeth Jennings } 833b700e7f0SSeth Jennings EXPORT_SYMBOL_GPL(klp_register_patch); 834b700e7f0SSeth Jennings 835b700e7f0SSeth Jennings static void klp_module_notify_coming(struct klp_patch *patch, 836b700e7f0SSeth Jennings struct klp_object *obj) 837b700e7f0SSeth Jennings { 838b700e7f0SSeth Jennings struct module *pmod = patch->mod; 839b700e7f0SSeth Jennings struct module *mod = obj->mod; 840b700e7f0SSeth Jennings int ret; 841b700e7f0SSeth Jennings 842b700e7f0SSeth Jennings ret = klp_init_object_loaded(patch, obj); 843b700e7f0SSeth Jennings if (ret) 844b700e7f0SSeth Jennings goto err; 845b700e7f0SSeth Jennings 846b700e7f0SSeth Jennings if (patch->state == KLP_DISABLED) 847b700e7f0SSeth Jennings return; 848b700e7f0SSeth Jennings 849b700e7f0SSeth Jennings pr_notice("applying patch '%s' to loading module '%s'\n", 850b700e7f0SSeth Jennings pmod->name, mod->name); 851b700e7f0SSeth Jennings 852b700e7f0SSeth Jennings ret = klp_enable_object(obj); 853b700e7f0SSeth Jennings if (!ret) 854b700e7f0SSeth Jennings return; 855b700e7f0SSeth Jennings 856b700e7f0SSeth Jennings err: 857b700e7f0SSeth Jennings pr_warn("failed to apply patch '%s' to module '%s' (%d)\n", 858b700e7f0SSeth Jennings pmod->name, mod->name, ret); 859b700e7f0SSeth Jennings } 860b700e7f0SSeth Jennings 861b700e7f0SSeth Jennings static void klp_module_notify_going(struct klp_patch *patch, 862b700e7f0SSeth Jennings struct klp_object *obj) 863b700e7f0SSeth Jennings { 864b700e7f0SSeth Jennings struct module *pmod = patch->mod; 865b700e7f0SSeth Jennings struct module *mod = obj->mod; 866b700e7f0SSeth Jennings int ret; 867b700e7f0SSeth Jennings 868b700e7f0SSeth Jennings if (patch->state == KLP_DISABLED) 869b700e7f0SSeth Jennings goto disabled; 870b700e7f0SSeth Jennings 871b700e7f0SSeth Jennings pr_notice("reverting patch '%s' on unloading module '%s'\n", 872b700e7f0SSeth Jennings pmod->name, mod->name); 873b700e7f0SSeth Jennings 874b700e7f0SSeth Jennings ret = klp_disable_object(obj); 875b700e7f0SSeth Jennings if (ret) 876b700e7f0SSeth Jennings pr_warn("failed to revert patch '%s' on module '%s' (%d)\n", 877b700e7f0SSeth Jennings pmod->name, mod->name, ret); 878b700e7f0SSeth Jennings 879b700e7f0SSeth Jennings disabled: 880b700e7f0SSeth Jennings klp_free_object_loaded(obj); 881b700e7f0SSeth Jennings } 882b700e7f0SSeth Jennings 883b700e7f0SSeth Jennings static int klp_module_notify(struct notifier_block *nb, unsigned long action, 884b700e7f0SSeth Jennings void *data) 885b700e7f0SSeth Jennings { 886b700e7f0SSeth Jennings struct module *mod = data; 887b700e7f0SSeth Jennings struct klp_patch *patch; 888b700e7f0SSeth Jennings struct klp_object *obj; 889b700e7f0SSeth Jennings 890b700e7f0SSeth Jennings if (action != MODULE_STATE_COMING && action != MODULE_STATE_GOING) 891b700e7f0SSeth Jennings return 0; 892b700e7f0SSeth Jennings 893b700e7f0SSeth Jennings mutex_lock(&klp_mutex); 894b700e7f0SSeth Jennings 895b700e7f0SSeth Jennings list_for_each_entry(patch, &klp_patches, list) { 896b700e7f0SSeth Jennings for (obj = patch->objs; obj->funcs; obj++) { 897b700e7f0SSeth Jennings if (!klp_is_module(obj) || strcmp(obj->name, mod->name)) 898b700e7f0SSeth Jennings continue; 899b700e7f0SSeth Jennings 900b700e7f0SSeth Jennings if (action == MODULE_STATE_COMING) { 901b700e7f0SSeth Jennings obj->mod = mod; 902b700e7f0SSeth Jennings klp_module_notify_coming(patch, obj); 903b700e7f0SSeth Jennings } else /* MODULE_STATE_GOING */ 904b700e7f0SSeth Jennings klp_module_notify_going(patch, obj); 905b700e7f0SSeth Jennings 906b700e7f0SSeth Jennings break; 907b700e7f0SSeth Jennings } 908b700e7f0SSeth Jennings } 909b700e7f0SSeth Jennings 910b700e7f0SSeth Jennings mutex_unlock(&klp_mutex); 911b700e7f0SSeth Jennings 912b700e7f0SSeth Jennings return 0; 913b700e7f0SSeth Jennings } 914b700e7f0SSeth Jennings 915b700e7f0SSeth Jennings static struct notifier_block klp_module_nb = { 916b700e7f0SSeth Jennings .notifier_call = klp_module_notify, 917b700e7f0SSeth Jennings .priority = INT_MIN+1, /* called late but before ftrace notifier */ 918b700e7f0SSeth Jennings }; 919b700e7f0SSeth Jennings 920b700e7f0SSeth Jennings static int klp_init(void) 921b700e7f0SSeth Jennings { 922b700e7f0SSeth Jennings int ret; 923b700e7f0SSeth Jennings 924b9dfe0beSJiri Kosina ret = klp_check_compiler_support(); 925b9dfe0beSJiri Kosina if (ret) { 926b9dfe0beSJiri Kosina pr_info("Your compiler is too old; turning off.\n"); 927b9dfe0beSJiri Kosina return -EINVAL; 928b9dfe0beSJiri Kosina } 929b9dfe0beSJiri Kosina 930b700e7f0SSeth Jennings ret = register_module_notifier(&klp_module_nb); 931b700e7f0SSeth Jennings if (ret) 932b700e7f0SSeth Jennings return ret; 933b700e7f0SSeth Jennings 934b700e7f0SSeth Jennings klp_root_kobj = kobject_create_and_add("livepatch", kernel_kobj); 935b700e7f0SSeth Jennings if (!klp_root_kobj) { 936b700e7f0SSeth Jennings ret = -ENOMEM; 937b700e7f0SSeth Jennings goto unregister; 938b700e7f0SSeth Jennings } 939b700e7f0SSeth Jennings 940b700e7f0SSeth Jennings return 0; 941b700e7f0SSeth Jennings 942b700e7f0SSeth Jennings unregister: 943b700e7f0SSeth Jennings unregister_module_notifier(&klp_module_nb); 944b700e7f0SSeth Jennings return ret; 945b700e7f0SSeth Jennings } 946b700e7f0SSeth Jennings 947b700e7f0SSeth Jennings module_init(klp_init); 948