1 /* 2 * core.c - Kernel Live Patching Core 3 * 4 * Copyright (C) 2014 Seth Jennings <[email protected]> 5 * Copyright (C) 2014 SUSE 6 * 7 * This program is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU General Public License 9 * as published by the Free Software Foundation; either version 2 10 * of the License, or (at your option) any later version. 11 * 12 * This program is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 * GNU General Public License for more details. 16 * 17 * You should have received a copy of the GNU General Public License 18 * along with this program; if not, see <http://www.gnu.org/licenses/>. 19 */ 20 21 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 22 23 #include <linux/module.h> 24 #include <linux/kernel.h> 25 #include <linux/mutex.h> 26 #include <linux/slab.h> 27 #include <linux/list.h> 28 #include <linux/kallsyms.h> 29 #include <linux/livepatch.h> 30 #include <linux/elf.h> 31 #include <linux/moduleloader.h> 32 #include <linux/completion.h> 33 #include <asm/cacheflush.h> 34 #include "patch.h" 35 #include "transition.h" 36 37 /* 38 * klp_mutex is a coarse lock which serializes access to klp data. All 39 * accesses to klp-related variables and structures must have mutex protection, 40 * except within the following functions which carefully avoid the need for it: 41 * 42 * - klp_ftrace_handler() 43 * - klp_update_patch_state() 44 */ 45 DEFINE_MUTEX(klp_mutex); 46 47 static LIST_HEAD(klp_patches); 48 49 static struct kobject *klp_root_kobj; 50 51 static bool klp_is_module(struct klp_object *obj) 52 { 53 return obj->name; 54 } 55 56 static bool klp_is_object_loaded(struct klp_object *obj) 57 { 58 return !obj->name || obj->mod; 59 } 60 61 /* sets obj->mod if object is not vmlinux and module is found */ 62 static void klp_find_object_module(struct klp_object *obj) 63 { 64 struct module *mod; 65 66 if (!klp_is_module(obj)) 67 return; 68 69 mutex_lock(&module_mutex); 70 /* 71 * We do not want to block removal of patched modules and therefore 72 * we do not take a reference here. The patches are removed by 73 * klp_module_going() instead. 74 */ 75 mod = find_module(obj->name); 76 /* 77 * Do not mess work of klp_module_coming() and klp_module_going(). 78 * Note that the patch might still be needed before klp_module_going() 79 * is called. Module functions can be called even in the GOING state 80 * until mod->exit() finishes. This is especially important for 81 * patches that modify semantic of the functions. 82 */ 83 if (mod && mod->klp_alive) 84 obj->mod = mod; 85 86 mutex_unlock(&module_mutex); 87 } 88 89 static bool klp_is_patch_registered(struct klp_patch *patch) 90 { 91 struct klp_patch *mypatch; 92 93 list_for_each_entry(mypatch, &klp_patches, list) 94 if (mypatch == patch) 95 return true; 96 97 return false; 98 } 99 100 static bool klp_initialized(void) 101 { 102 return !!klp_root_kobj; 103 } 104 105 struct klp_find_arg { 106 const char *objname; 107 const char *name; 108 unsigned long addr; 109 unsigned long count; 110 unsigned long pos; 111 }; 112 113 static int klp_find_callback(void *data, const char *name, 114 struct module *mod, unsigned long addr) 115 { 116 struct klp_find_arg *args = data; 117 118 if ((mod && !args->objname) || (!mod && args->objname)) 119 return 0; 120 121 if (strcmp(args->name, name)) 122 return 0; 123 124 if (args->objname && strcmp(args->objname, mod->name)) 125 return 0; 126 127 args->addr = addr; 128 args->count++; 129 130 /* 131 * Finish the search when the symbol is found for the desired position 132 * or the position is not defined for a non-unique symbol. 133 */ 134 if ((args->pos && (args->count == args->pos)) || 135 (!args->pos && (args->count > 1))) 136 return 1; 137 138 return 0; 139 } 140 141 static int klp_find_object_symbol(const char *objname, const char *name, 142 unsigned long sympos, unsigned long *addr) 143 { 144 struct klp_find_arg args = { 145 .objname = objname, 146 .name = name, 147 .addr = 0, 148 .count = 0, 149 .pos = sympos, 150 }; 151 152 mutex_lock(&module_mutex); 153 kallsyms_on_each_symbol(klp_find_callback, &args); 154 mutex_unlock(&module_mutex); 155 156 /* 157 * Ensure an address was found. If sympos is 0, ensure symbol is unique; 158 * otherwise ensure the symbol position count matches sympos. 159 */ 160 if (args.addr == 0) 161 pr_err("symbol '%s' not found in symbol table\n", name); 162 else if (args.count > 1 && sympos == 0) { 163 pr_err("unresolvable ambiguity for symbol '%s' in object '%s'\n", 164 name, objname); 165 } else if (sympos != args.count && sympos > 0) { 166 pr_err("symbol position %lu for symbol '%s' in object '%s' not found\n", 167 sympos, name, objname ? objname : "vmlinux"); 168 } else { 169 *addr = args.addr; 170 return 0; 171 } 172 173 *addr = 0; 174 return -EINVAL; 175 } 176 177 static int klp_resolve_symbols(Elf_Shdr *relasec, struct module *pmod) 178 { 179 int i, cnt, vmlinux, ret; 180 char objname[MODULE_NAME_LEN]; 181 char symname[KSYM_NAME_LEN]; 182 char *strtab = pmod->core_kallsyms.strtab; 183 Elf_Rela *relas; 184 Elf_Sym *sym; 185 unsigned long sympos, addr; 186 187 /* 188 * Since the field widths for objname and symname in the sscanf() 189 * call are hard-coded and correspond to MODULE_NAME_LEN and 190 * KSYM_NAME_LEN respectively, we must make sure that MODULE_NAME_LEN 191 * and KSYM_NAME_LEN have the values we expect them to have. 192 * 193 * Because the value of MODULE_NAME_LEN can differ among architectures, 194 * we use the smallest/strictest upper bound possible (56, based on 195 * the current definition of MODULE_NAME_LEN) to prevent overflows. 196 */ 197 BUILD_BUG_ON(MODULE_NAME_LEN < 56 || KSYM_NAME_LEN != 128); 198 199 relas = (Elf_Rela *) relasec->sh_addr; 200 /* For each rela in this klp relocation section */ 201 for (i = 0; i < relasec->sh_size / sizeof(Elf_Rela); i++) { 202 sym = pmod->core_kallsyms.symtab + ELF_R_SYM(relas[i].r_info); 203 if (sym->st_shndx != SHN_LIVEPATCH) { 204 pr_err("symbol %s is not marked as a livepatch symbol", 205 strtab + sym->st_name); 206 return -EINVAL; 207 } 208 209 /* Format: .klp.sym.objname.symname,sympos */ 210 cnt = sscanf(strtab + sym->st_name, 211 ".klp.sym.%55[^.].%127[^,],%lu", 212 objname, symname, &sympos); 213 if (cnt != 3) { 214 pr_err("symbol %s has an incorrectly formatted name", 215 strtab + sym->st_name); 216 return -EINVAL; 217 } 218 219 /* klp_find_object_symbol() treats a NULL objname as vmlinux */ 220 vmlinux = !strcmp(objname, "vmlinux"); 221 ret = klp_find_object_symbol(vmlinux ? NULL : objname, 222 symname, sympos, &addr); 223 if (ret) 224 return ret; 225 226 sym->st_value = addr; 227 } 228 229 return 0; 230 } 231 232 static int klp_write_object_relocations(struct module *pmod, 233 struct klp_object *obj) 234 { 235 int i, cnt, ret = 0; 236 const char *objname, *secname; 237 char sec_objname[MODULE_NAME_LEN]; 238 Elf_Shdr *sec; 239 240 if (WARN_ON(!klp_is_object_loaded(obj))) 241 return -EINVAL; 242 243 objname = klp_is_module(obj) ? obj->name : "vmlinux"; 244 245 /* For each klp relocation section */ 246 for (i = 1; i < pmod->klp_info->hdr.e_shnum; i++) { 247 sec = pmod->klp_info->sechdrs + i; 248 secname = pmod->klp_info->secstrings + sec->sh_name; 249 if (!(sec->sh_flags & SHF_RELA_LIVEPATCH)) 250 continue; 251 252 /* 253 * Format: .klp.rela.sec_objname.section_name 254 * See comment in klp_resolve_symbols() for an explanation 255 * of the selected field width value. 256 */ 257 cnt = sscanf(secname, ".klp.rela.%55[^.]", sec_objname); 258 if (cnt != 1) { 259 pr_err("section %s has an incorrectly formatted name", 260 secname); 261 ret = -EINVAL; 262 break; 263 } 264 265 if (strcmp(objname, sec_objname)) 266 continue; 267 268 ret = klp_resolve_symbols(sec, pmod); 269 if (ret) 270 break; 271 272 ret = apply_relocate_add(pmod->klp_info->sechdrs, 273 pmod->core_kallsyms.strtab, 274 pmod->klp_info->symndx, i, pmod); 275 if (ret) 276 break; 277 } 278 279 return ret; 280 } 281 282 static int __klp_disable_patch(struct klp_patch *patch) 283 { 284 if (klp_transition_patch) 285 return -EBUSY; 286 287 /* enforce stacking: only the last enabled patch can be disabled */ 288 if (!list_is_last(&patch->list, &klp_patches) && 289 list_next_entry(patch, list)->enabled) 290 return -EBUSY; 291 292 klp_init_transition(patch, KLP_UNPATCHED); 293 294 /* 295 * Enforce the order of the func->transition writes in 296 * klp_init_transition() and the TIF_PATCH_PENDING writes in 297 * klp_start_transition(). In the rare case where klp_ftrace_handler() 298 * is called shortly after klp_update_patch_state() switches the task, 299 * this ensures the handler sees that func->transition is set. 300 */ 301 smp_wmb(); 302 303 klp_start_transition(); 304 klp_try_complete_transition(); 305 patch->enabled = false; 306 307 return 0; 308 } 309 310 /** 311 * klp_disable_patch() - disables a registered patch 312 * @patch: The registered, enabled patch to be disabled 313 * 314 * Unregisters the patched functions from ftrace. 315 * 316 * Return: 0 on success, otherwise error 317 */ 318 int klp_disable_patch(struct klp_patch *patch) 319 { 320 int ret; 321 322 mutex_lock(&klp_mutex); 323 324 if (!klp_is_patch_registered(patch)) { 325 ret = -EINVAL; 326 goto err; 327 } 328 329 if (!patch->enabled) { 330 ret = -EINVAL; 331 goto err; 332 } 333 334 ret = __klp_disable_patch(patch); 335 336 err: 337 mutex_unlock(&klp_mutex); 338 return ret; 339 } 340 EXPORT_SYMBOL_GPL(klp_disable_patch); 341 342 static int __klp_enable_patch(struct klp_patch *patch) 343 { 344 struct klp_object *obj; 345 int ret; 346 347 if (klp_transition_patch) 348 return -EBUSY; 349 350 if (WARN_ON(patch->enabled)) 351 return -EINVAL; 352 353 /* enforce stacking: only the first disabled patch can be enabled */ 354 if (patch->list.prev != &klp_patches && 355 !list_prev_entry(patch, list)->enabled) 356 return -EBUSY; 357 358 /* 359 * A reference is taken on the patch module to prevent it from being 360 * unloaded. 361 * 362 * Note: For immediate (no consistency model) patches we don't allow 363 * patch modules to unload since there is no safe/sane method to 364 * determine if a thread is still running in the patched code contained 365 * in the patch module once the ftrace registration is successful. 366 */ 367 if (!try_module_get(patch->mod)) 368 return -ENODEV; 369 370 pr_notice("enabling patch '%s'\n", patch->mod->name); 371 372 klp_init_transition(patch, KLP_PATCHED); 373 374 /* 375 * Enforce the order of the func->transition writes in 376 * klp_init_transition() and the ops->func_stack writes in 377 * klp_patch_object(), so that klp_ftrace_handler() will see the 378 * func->transition updates before the handler is registered and the 379 * new funcs become visible to the handler. 380 */ 381 smp_wmb(); 382 383 klp_for_each_object(patch, obj) { 384 if (!klp_is_object_loaded(obj)) 385 continue; 386 387 ret = klp_patch_object(obj); 388 if (ret) { 389 pr_warn("failed to enable patch '%s'\n", 390 patch->mod->name); 391 392 klp_cancel_transition(); 393 return ret; 394 } 395 } 396 397 klp_start_transition(); 398 klp_try_complete_transition(); 399 patch->enabled = true; 400 401 return 0; 402 } 403 404 /** 405 * klp_enable_patch() - enables a registered patch 406 * @patch: The registered, disabled patch to be enabled 407 * 408 * Performs the needed symbol lookups and code relocations, 409 * then registers the patched functions with ftrace. 410 * 411 * Return: 0 on success, otherwise error 412 */ 413 int klp_enable_patch(struct klp_patch *patch) 414 { 415 int ret; 416 417 mutex_lock(&klp_mutex); 418 419 if (!klp_is_patch_registered(patch)) { 420 ret = -EINVAL; 421 goto err; 422 } 423 424 ret = __klp_enable_patch(patch); 425 426 err: 427 mutex_unlock(&klp_mutex); 428 return ret; 429 } 430 EXPORT_SYMBOL_GPL(klp_enable_patch); 431 432 /* 433 * Sysfs Interface 434 * 435 * /sys/kernel/livepatch 436 * /sys/kernel/livepatch/<patch> 437 * /sys/kernel/livepatch/<patch>/enabled 438 * /sys/kernel/livepatch/<patch>/transition 439 * /sys/kernel/livepatch/<patch>/<object> 440 * /sys/kernel/livepatch/<patch>/<object>/<function,sympos> 441 */ 442 443 static ssize_t enabled_store(struct kobject *kobj, struct kobj_attribute *attr, 444 const char *buf, size_t count) 445 { 446 struct klp_patch *patch; 447 int ret; 448 bool enabled; 449 450 ret = kstrtobool(buf, &enabled); 451 if (ret) 452 return ret; 453 454 patch = container_of(kobj, struct klp_patch, kobj); 455 456 mutex_lock(&klp_mutex); 457 458 if (!klp_is_patch_registered(patch)) { 459 /* 460 * Module with the patch could either disappear meanwhile or is 461 * not properly initialized yet. 462 */ 463 ret = -EINVAL; 464 goto err; 465 } 466 467 if (patch->enabled == enabled) { 468 /* already in requested state */ 469 ret = -EINVAL; 470 goto err; 471 } 472 473 if (patch == klp_transition_patch) { 474 klp_reverse_transition(); 475 } else if (enabled) { 476 ret = __klp_enable_patch(patch); 477 if (ret) 478 goto err; 479 } else { 480 ret = __klp_disable_patch(patch); 481 if (ret) 482 goto err; 483 } 484 485 mutex_unlock(&klp_mutex); 486 487 return count; 488 489 err: 490 mutex_unlock(&klp_mutex); 491 return ret; 492 } 493 494 static ssize_t enabled_show(struct kobject *kobj, 495 struct kobj_attribute *attr, char *buf) 496 { 497 struct klp_patch *patch; 498 499 patch = container_of(kobj, struct klp_patch, kobj); 500 return snprintf(buf, PAGE_SIZE-1, "%d\n", patch->enabled); 501 } 502 503 static ssize_t transition_show(struct kobject *kobj, 504 struct kobj_attribute *attr, char *buf) 505 { 506 struct klp_patch *patch; 507 508 patch = container_of(kobj, struct klp_patch, kobj); 509 return snprintf(buf, PAGE_SIZE-1, "%d\n", 510 patch == klp_transition_patch); 511 } 512 513 static struct kobj_attribute enabled_kobj_attr = __ATTR_RW(enabled); 514 static struct kobj_attribute transition_kobj_attr = __ATTR_RO(transition); 515 static struct attribute *klp_patch_attrs[] = { 516 &enabled_kobj_attr.attr, 517 &transition_kobj_attr.attr, 518 NULL 519 }; 520 521 static void klp_kobj_release_patch(struct kobject *kobj) 522 { 523 struct klp_patch *patch; 524 525 patch = container_of(kobj, struct klp_patch, kobj); 526 complete(&patch->finish); 527 } 528 529 static struct kobj_type klp_ktype_patch = { 530 .release = klp_kobj_release_patch, 531 .sysfs_ops = &kobj_sysfs_ops, 532 .default_attrs = klp_patch_attrs, 533 }; 534 535 static void klp_kobj_release_object(struct kobject *kobj) 536 { 537 } 538 539 static struct kobj_type klp_ktype_object = { 540 .release = klp_kobj_release_object, 541 .sysfs_ops = &kobj_sysfs_ops, 542 }; 543 544 static void klp_kobj_release_func(struct kobject *kobj) 545 { 546 } 547 548 static struct kobj_type klp_ktype_func = { 549 .release = klp_kobj_release_func, 550 .sysfs_ops = &kobj_sysfs_ops, 551 }; 552 553 /* 554 * Free all functions' kobjects in the array up to some limit. When limit is 555 * NULL, all kobjects are freed. 556 */ 557 static void klp_free_funcs_limited(struct klp_object *obj, 558 struct klp_func *limit) 559 { 560 struct klp_func *func; 561 562 for (func = obj->funcs; func->old_name && func != limit; func++) 563 kobject_put(&func->kobj); 564 } 565 566 /* Clean up when a patched object is unloaded */ 567 static void klp_free_object_loaded(struct klp_object *obj) 568 { 569 struct klp_func *func; 570 571 obj->mod = NULL; 572 573 klp_for_each_func(obj, func) 574 func->old_addr = 0; 575 } 576 577 /* 578 * Free all objects' kobjects in the array up to some limit. When limit is 579 * NULL, all kobjects are freed. 580 */ 581 static void klp_free_objects_limited(struct klp_patch *patch, 582 struct klp_object *limit) 583 { 584 struct klp_object *obj; 585 586 for (obj = patch->objs; obj->funcs && obj != limit; obj++) { 587 klp_free_funcs_limited(obj, NULL); 588 kobject_put(&obj->kobj); 589 } 590 } 591 592 static void klp_free_patch(struct klp_patch *patch) 593 { 594 klp_free_objects_limited(patch, NULL); 595 if (!list_empty(&patch->list)) 596 list_del(&patch->list); 597 } 598 599 static int klp_init_func(struct klp_object *obj, struct klp_func *func) 600 { 601 if (!func->old_name || !func->new_func) 602 return -EINVAL; 603 604 INIT_LIST_HEAD(&func->stack_node); 605 func->patched = false; 606 func->transition = false; 607 608 /* The format for the sysfs directory is <function,sympos> where sympos 609 * is the nth occurrence of this symbol in kallsyms for the patched 610 * object. If the user selects 0 for old_sympos, then 1 will be used 611 * since a unique symbol will be the first occurrence. 612 */ 613 return kobject_init_and_add(&func->kobj, &klp_ktype_func, 614 &obj->kobj, "%s,%lu", func->old_name, 615 func->old_sympos ? func->old_sympos : 1); 616 } 617 618 /* Arches may override this to finish any remaining arch-specific tasks */ 619 void __weak arch_klp_init_object_loaded(struct klp_patch *patch, 620 struct klp_object *obj) 621 { 622 } 623 624 /* parts of the initialization that is done only when the object is loaded */ 625 static int klp_init_object_loaded(struct klp_patch *patch, 626 struct klp_object *obj) 627 { 628 struct klp_func *func; 629 int ret; 630 631 module_disable_ro(patch->mod); 632 ret = klp_write_object_relocations(patch->mod, obj); 633 if (ret) { 634 module_enable_ro(patch->mod, true); 635 return ret; 636 } 637 638 arch_klp_init_object_loaded(patch, obj); 639 module_enable_ro(patch->mod, true); 640 641 klp_for_each_func(obj, func) { 642 ret = klp_find_object_symbol(obj->name, func->old_name, 643 func->old_sympos, 644 &func->old_addr); 645 if (ret) 646 return ret; 647 648 ret = kallsyms_lookup_size_offset(func->old_addr, 649 &func->old_size, NULL); 650 if (!ret) { 651 pr_err("kallsyms size lookup failed for '%s'\n", 652 func->old_name); 653 return -ENOENT; 654 } 655 656 ret = kallsyms_lookup_size_offset((unsigned long)func->new_func, 657 &func->new_size, NULL); 658 if (!ret) { 659 pr_err("kallsyms size lookup failed for '%s' replacement\n", 660 func->old_name); 661 return -ENOENT; 662 } 663 } 664 665 return 0; 666 } 667 668 static int klp_init_object(struct klp_patch *patch, struct klp_object *obj) 669 { 670 struct klp_func *func; 671 int ret; 672 const char *name; 673 674 if (!obj->funcs) 675 return -EINVAL; 676 677 obj->patched = false; 678 obj->mod = NULL; 679 680 klp_find_object_module(obj); 681 682 name = klp_is_module(obj) ? obj->name : "vmlinux"; 683 ret = kobject_init_and_add(&obj->kobj, &klp_ktype_object, 684 &patch->kobj, "%s", name); 685 if (ret) 686 return ret; 687 688 klp_for_each_func(obj, func) { 689 ret = klp_init_func(obj, func); 690 if (ret) 691 goto free; 692 } 693 694 if (klp_is_object_loaded(obj)) { 695 ret = klp_init_object_loaded(patch, obj); 696 if (ret) 697 goto free; 698 } 699 700 return 0; 701 702 free: 703 klp_free_funcs_limited(obj, func); 704 kobject_put(&obj->kobj); 705 return ret; 706 } 707 708 static int klp_init_patch(struct klp_patch *patch) 709 { 710 struct klp_object *obj; 711 int ret; 712 713 if (!patch->objs) 714 return -EINVAL; 715 716 mutex_lock(&klp_mutex); 717 718 patch->enabled = false; 719 init_completion(&patch->finish); 720 721 ret = kobject_init_and_add(&patch->kobj, &klp_ktype_patch, 722 klp_root_kobj, "%s", patch->mod->name); 723 if (ret) { 724 mutex_unlock(&klp_mutex); 725 return ret; 726 } 727 728 klp_for_each_object(patch, obj) { 729 ret = klp_init_object(patch, obj); 730 if (ret) 731 goto free; 732 } 733 734 list_add_tail(&patch->list, &klp_patches); 735 736 mutex_unlock(&klp_mutex); 737 738 return 0; 739 740 free: 741 klp_free_objects_limited(patch, obj); 742 743 mutex_unlock(&klp_mutex); 744 745 kobject_put(&patch->kobj); 746 wait_for_completion(&patch->finish); 747 748 return ret; 749 } 750 751 /** 752 * klp_unregister_patch() - unregisters a patch 753 * @patch: Disabled patch to be unregistered 754 * 755 * Frees the data structures and removes the sysfs interface. 756 * 757 * Return: 0 on success, otherwise error 758 */ 759 int klp_unregister_patch(struct klp_patch *patch) 760 { 761 int ret; 762 763 mutex_lock(&klp_mutex); 764 765 if (!klp_is_patch_registered(patch)) { 766 ret = -EINVAL; 767 goto err; 768 } 769 770 if (patch->enabled) { 771 ret = -EBUSY; 772 goto err; 773 } 774 775 klp_free_patch(patch); 776 777 mutex_unlock(&klp_mutex); 778 779 kobject_put(&patch->kobj); 780 wait_for_completion(&patch->finish); 781 782 return 0; 783 err: 784 mutex_unlock(&klp_mutex); 785 return ret; 786 } 787 EXPORT_SYMBOL_GPL(klp_unregister_patch); 788 789 /** 790 * klp_register_patch() - registers a patch 791 * @patch: Patch to be registered 792 * 793 * Initializes the data structure associated with the patch and 794 * creates the sysfs interface. 795 * 796 * There is no need to take the reference on the patch module here. It is done 797 * later when the patch is enabled. 798 * 799 * Return: 0 on success, otherwise error 800 */ 801 int klp_register_patch(struct klp_patch *patch) 802 { 803 if (!patch || !patch->mod) 804 return -EINVAL; 805 806 if (!is_livepatch_module(patch->mod)) { 807 pr_err("module %s is not marked as a livepatch module", 808 patch->mod->name); 809 return -EINVAL; 810 } 811 812 if (!klp_initialized()) 813 return -ENODEV; 814 815 /* 816 * Architectures without reliable stack traces have to set 817 * patch->immediate because there's currently no way to patch kthreads 818 * with the consistency model. 819 */ 820 if (!klp_have_reliable_stack() && !patch->immediate) { 821 pr_err("This architecture doesn't have support for the livepatch consistency model.\n"); 822 return -ENOSYS; 823 } 824 825 return klp_init_patch(patch); 826 } 827 EXPORT_SYMBOL_GPL(klp_register_patch); 828 829 int klp_module_coming(struct module *mod) 830 { 831 int ret; 832 struct klp_patch *patch; 833 struct klp_object *obj; 834 835 if (WARN_ON(mod->state != MODULE_STATE_COMING)) 836 return -EINVAL; 837 838 mutex_lock(&klp_mutex); 839 /* 840 * Each module has to know that klp_module_coming() 841 * has been called. We never know what module will 842 * get patched by a new patch. 843 */ 844 mod->klp_alive = true; 845 846 list_for_each_entry(patch, &klp_patches, list) { 847 klp_for_each_object(patch, obj) { 848 if (!klp_is_module(obj) || strcmp(obj->name, mod->name)) 849 continue; 850 851 obj->mod = mod; 852 853 ret = klp_init_object_loaded(patch, obj); 854 if (ret) { 855 pr_warn("failed to initialize patch '%s' for module '%s' (%d)\n", 856 patch->mod->name, obj->mod->name, ret); 857 goto err; 858 } 859 860 /* 861 * Only patch the module if the patch is enabled or is 862 * in transition. 863 */ 864 if (!patch->enabled && patch != klp_transition_patch) 865 break; 866 867 pr_notice("applying patch '%s' to loading module '%s'\n", 868 patch->mod->name, obj->mod->name); 869 870 ret = klp_patch_object(obj); 871 if (ret) { 872 pr_warn("failed to apply patch '%s' to module '%s' (%d)\n", 873 patch->mod->name, obj->mod->name, ret); 874 goto err; 875 } 876 877 break; 878 } 879 } 880 881 mutex_unlock(&klp_mutex); 882 883 return 0; 884 885 err: 886 /* 887 * If a patch is unsuccessfully applied, return 888 * error to the module loader. 889 */ 890 pr_warn("patch '%s' failed for module '%s', refusing to load module '%s'\n", 891 patch->mod->name, obj->mod->name, obj->mod->name); 892 mod->klp_alive = false; 893 klp_free_object_loaded(obj); 894 mutex_unlock(&klp_mutex); 895 896 return ret; 897 } 898 899 void klp_module_going(struct module *mod) 900 { 901 struct klp_patch *patch; 902 struct klp_object *obj; 903 904 if (WARN_ON(mod->state != MODULE_STATE_GOING && 905 mod->state != MODULE_STATE_COMING)) 906 return; 907 908 mutex_lock(&klp_mutex); 909 /* 910 * Each module has to know that klp_module_going() 911 * has been called. We never know what module will 912 * get patched by a new patch. 913 */ 914 mod->klp_alive = false; 915 916 list_for_each_entry(patch, &klp_patches, list) { 917 klp_for_each_object(patch, obj) { 918 if (!klp_is_module(obj) || strcmp(obj->name, mod->name)) 919 continue; 920 921 /* 922 * Only unpatch the module if the patch is enabled or 923 * is in transition. 924 */ 925 if (patch->enabled || patch == klp_transition_patch) { 926 pr_notice("reverting patch '%s' on unloading module '%s'\n", 927 patch->mod->name, obj->mod->name); 928 klp_unpatch_object(obj); 929 } 930 931 klp_free_object_loaded(obj); 932 break; 933 } 934 } 935 936 mutex_unlock(&klp_mutex); 937 } 938 939 static int __init klp_init(void) 940 { 941 int ret; 942 943 ret = klp_check_compiler_support(); 944 if (ret) { 945 pr_info("Your compiler is too old; turning off.\n"); 946 return -EINVAL; 947 } 948 949 klp_root_kobj = kobject_create_and_add("livepatch", kernel_kobj); 950 if (!klp_root_kobj) 951 return -ENOMEM; 952 953 return 0; 954 } 955 956 module_init(klp_init); 957