1

Livepatching changes for 6.1

-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEESH4wyp42V4tXvYsjUqAMR0iAlPIFAmM9Y/gACgkQUqAMR0iA
 lPJxwg//SJsMwv3zDDP3YAzhROongc9mlNL9yTNo5zMFYaLIF6j0UkN7zP7+ChTY
 u3rfiOYOiSNVyylC4+Auznqi219wjEPedDtJkP6Gx6mHJIArXoFltOGct1fz3CH6
 xJjBYPpRVQTP54HQ/OEM4kfxn7eG1HXpErxIYUfeRzM5REJR0iZFfI6FwyXVhjsL
 1lDTHc/qlLlaDMqik2sQ/3yJ391SQKodAwkJY9d2wS06OjMmvtX+dADZJkXwv14f
 5wnBXG/4Zr0HSR2JW3VgU7AwZptaRLYF2PtYdDp+yI0DSsmjPq4d+0YqTVbgLNSq
 r0XmewMpnNUNojEuFpW4/+RGZo0pnlJpjUOYfKTbDecnYfMjUFtSGPLVTMnN1OT+
 xcW/Q8jO4nQ24993xrQbOr/vBT6nIsePkJAOJkTPzzAxkPF3X7ik3lZyjb7ntDlV
 mTfUpmTiFtmdMsDaKFxbgRknPre7z4XASMAiErHU4TGNyKBHsRDXmAdtC8hNn7ZU
 z2NGlDrBKuHL8IcKQ6uH/SYtyG3HIVCeiWqkRd9Sm9RKoz4p+sGl3I4D367O+fGX
 GGwXj8b5wvjl/BGXHoM+kQKmclYB8kD/8iQSwd64qooTkiDtt1HDPGr2Ewa5thiz
 fDoVyy98vyRSNmXtst9S7+IMmdjQ7mjmW9AlAITOwIo89UW+7GQ=
 =+qS1
 -----END PGP SIGNATURE-----

Merge tag 'livepatching-for-6.1' of git://git.kernel.org/pub/scm/linux/kernel/git/livepatching/livepatching

Pull livepatching updates from Petr Mladek:

 - Fix race between fork and livepatch transition revert

 - Add sysfs entry that shows "patched" state for each object (module)
   that can be livepatched by the given livepatch

 - Some clean up

* tag 'livepatching-for-6.1' of git://git.kernel.org/pub/scm/linux/kernel/git/livepatching/livepatching:
  selftests/livepatch: add sysfs test
  livepatch: add sysfs entry "patched" for each klp_object
  selftests/livepatch: normalize sysctl error message
  livepatch: Add a missing newline character in klp_module_coming()
  livepatch: fix race between fork and KLP transition
This commit is contained in:
Linus Torvalds 2022-10-10 11:36:19 -07:00
commit 4de65c5830
6 changed files with 166 additions and 5 deletions

View File

@ -55,6 +55,14 @@ Description:
The object directory contains subdirectories for each function
that is patched within the object.
What: /sys/kernel/livepatch/<patch>/<object>/patched
Date: August 2022
KernelVersion: 6.1.0
Contact: live-patching@vger.kernel.org
Description:
An attribute which indicates whether the object is currently
patched.
What: /sys/kernel/livepatch/<patch>/<object>/<function,sympos>
Date: Nov 2014
KernelVersion: 3.19.0

View File

@ -325,6 +325,7 @@ int klp_apply_section_relocs(struct module *pmod, Elf_Shdr *sechdrs,
* /sys/kernel/livepatch/<patch>/transition
* /sys/kernel/livepatch/<patch>/force
* /sys/kernel/livepatch/<patch>/<object>
* /sys/kernel/livepatch/<patch>/<object>/patched
* /sys/kernel/livepatch/<patch>/<object>/<function,sympos>
*/
static int __klp_disable_patch(struct klp_patch *patch);
@ -431,6 +432,22 @@ static struct attribute *klp_patch_attrs[] = {
};
ATTRIBUTE_GROUPS(klp_patch);
static ssize_t patched_show(struct kobject *kobj,
struct kobj_attribute *attr, char *buf)
{
struct klp_object *obj;
obj = container_of(kobj, struct klp_object, kobj);
return sysfs_emit(buf, "%d\n", obj->patched);
}
static struct kobj_attribute patched_kobj_attr = __ATTR_RO(patched);
static struct attribute *klp_object_attrs[] = {
&patched_kobj_attr.attr,
NULL,
};
ATTRIBUTE_GROUPS(klp_object);
static void klp_free_object_dynamic(struct klp_object *obj)
{
kfree(obj->name);
@ -576,6 +593,7 @@ static void klp_kobj_release_object(struct kobject *kobj)
static struct kobj_type klp_ktype_object = {
.release = klp_kobj_release_object,
.sysfs_ops = &kobj_sysfs_ops,
.default_groups = klp_object_groups,
};
static void klp_kobj_release_func(struct kobject *kobj)
@ -1171,7 +1189,7 @@ int klp_module_coming(struct module *mod)
return -EINVAL;
if (!strcmp(mod->name, "vmlinux")) {
pr_err("vmlinux.ko: invalid module name");
pr_err("vmlinux.ko: invalid module name\n");
return -EINVAL;
}

View File

@ -610,9 +610,23 @@ void klp_reverse_transition(void)
/* Called from copy_process() during fork */
void klp_copy_process(struct task_struct *child)
{
child->patch_state = current->patch_state;
/* TIF_PATCH_PENDING gets copied in setup_thread_stack() */
/*
* The parent process may have gone through a KLP transition since
* the thread flag was copied in setup_thread_stack earlier. Bring
* the task flag up to date with the parent here.
*
* The operation is serialized against all klp_*_transition()
* operations by the tasklist_lock. The only exception is
* klp_update_patch_state(current), but we cannot race with
* that because we are current.
*/
if (test_tsk_thread_flag(current, TIF_PATCH_PENDING))
set_tsk_thread_flag(child, TIF_PATCH_PENDING);
else
clear_tsk_thread_flag(child, TIF_PATCH_PENDING);
child->patch_state = current->patch_state;
}
/*

View File

@ -6,7 +6,8 @@ TEST_PROGS := \
test-callbacks.sh \
test-shadow-vars.sh \
test-state.sh \
test-ftrace.sh
test-ftrace.sh \
test-sysfs.sh
TEST_FILES := settings

View File

@ -6,6 +6,7 @@
MAX_RETRIES=600
RETRY_INTERVAL=".1" # seconds
KLP_SYSFS_DIR="/sys/kernel/livepatch"
# Kselftest framework requirement - SKIP code is 4
ksft_skip=4
@ -86,7 +87,7 @@ function set_ftrace_enabled() {
if [[ "$result" != "$1" ]] ; then
if [[ $can_fail -eq 1 ]] ; then
echo "livepatch: $err" > /dev/kmsg
echo "livepatch: $err" | sed 's#/proc/sys/kernel/#kernel.#' > /dev/kmsg
return
fi
@ -308,3 +309,36 @@ function check_result {
cleanup_dmesg_file
}
# check_sysfs_rights(modname, rel_path, expected_rights) - check sysfs
# path permissions
# modname - livepatch module creating the sysfs interface
# rel_path - relative path of the sysfs interface
# expected_rights - expected access rights
function check_sysfs_rights() {
local mod="$1"; shift
local rel_path="$1"; shift
local expected_rights="$1"; shift
local path="$KLP_SYSFS_DIR/$mod/$rel_path"
local rights=$(/bin/stat --format '%A' "$path")
if test "$rights" != "$expected_rights" ; then
die "Unexpected access rights of $path: $expected_rights vs. $rights"
fi
}
# check_sysfs_value(modname, rel_path, expected_value) - check sysfs value
# modname - livepatch module creating the sysfs interface
# rel_path - relative path of the sysfs interface
# expected_value - expected value read from the file
function check_sysfs_value() {
local mod="$1"; shift
local rel_path="$1"; shift
local expected_value="$1"; shift
local path="$KLP_SYSFS_DIR/$mod/$rel_path"
local value=`cat $path`
if test "$value" != "$expected_value" ; then
die "Unexpected value in $path: $expected_value vs. $value"
fi
}

View File

@ -0,0 +1,86 @@
#!/bin/bash
# SPDX-License-Identifier: GPL-2.0
# Copyright (C) 2022 Song Liu <song@kernel.org>
. $(dirname $0)/functions.sh
MOD_LIVEPATCH=test_klp_livepatch
setup_config
# - load a livepatch and verifies the sysfs entries work as expected
start_test "sysfs test"
load_lp $MOD_LIVEPATCH
check_sysfs_rights "$MOD_LIVEPATCH" "" "drwxr-xr-x"
check_sysfs_rights "$MOD_LIVEPATCH" "enabled" "-rw-r--r--"
check_sysfs_value "$MOD_LIVEPATCH" "enabled" "1"
check_sysfs_rights "$MOD_LIVEPATCH" "force" "--w-------"
check_sysfs_rights "$MOD_LIVEPATCH" "transition" "-r--r--r--"
check_sysfs_value "$MOD_LIVEPATCH" "transition" "0"
check_sysfs_rights "$MOD_LIVEPATCH" "vmlinux/patched" "-r--r--r--"
check_sysfs_value "$MOD_LIVEPATCH" "vmlinux/patched" "1"
disable_lp $MOD_LIVEPATCH
unload_lp $MOD_LIVEPATCH
check_result "% modprobe $MOD_LIVEPATCH
livepatch: enabling patch '$MOD_LIVEPATCH'
livepatch: '$MOD_LIVEPATCH': initializing patching transition
livepatch: '$MOD_LIVEPATCH': starting patching transition
livepatch: '$MOD_LIVEPATCH': completing patching transition
livepatch: '$MOD_LIVEPATCH': patching complete
% echo 0 > /sys/kernel/livepatch/$MOD_LIVEPATCH/enabled
livepatch: '$MOD_LIVEPATCH': initializing unpatching transition
livepatch: '$MOD_LIVEPATCH': starting unpatching transition
livepatch: '$MOD_LIVEPATCH': completing unpatching transition
livepatch: '$MOD_LIVEPATCH': unpatching complete
% rmmod $MOD_LIVEPATCH"
start_test "sysfs test object/patched"
MOD_LIVEPATCH=test_klp_callbacks_demo
MOD_TARGET=test_klp_callbacks_mod
load_lp $MOD_LIVEPATCH
# check the "patch" file changes as target module loads/unloads
check_sysfs_value "$MOD_LIVEPATCH" "$MOD_TARGET/patched" "0"
load_mod $MOD_TARGET
check_sysfs_value "$MOD_LIVEPATCH" "$MOD_TARGET/patched" "1"
unload_mod $MOD_TARGET
check_sysfs_value "$MOD_LIVEPATCH" "$MOD_TARGET/patched" "0"
disable_lp $MOD_LIVEPATCH
unload_lp $MOD_LIVEPATCH
check_result "% modprobe test_klp_callbacks_demo
livepatch: enabling patch 'test_klp_callbacks_demo'
livepatch: 'test_klp_callbacks_demo': initializing patching transition
test_klp_callbacks_demo: pre_patch_callback: vmlinux
livepatch: 'test_klp_callbacks_demo': starting patching transition
livepatch: 'test_klp_callbacks_demo': completing patching transition
test_klp_callbacks_demo: post_patch_callback: vmlinux
livepatch: 'test_klp_callbacks_demo': patching complete
% modprobe test_klp_callbacks_mod
livepatch: applying patch 'test_klp_callbacks_demo' to loading module 'test_klp_callbacks_mod'
test_klp_callbacks_demo: pre_patch_callback: test_klp_callbacks_mod -> [MODULE_STATE_COMING] Full formed, running module_init
test_klp_callbacks_demo: post_patch_callback: test_klp_callbacks_mod -> [MODULE_STATE_COMING] Full formed, running module_init
test_klp_callbacks_mod: test_klp_callbacks_mod_init
% rmmod test_klp_callbacks_mod
test_klp_callbacks_mod: test_klp_callbacks_mod_exit
test_klp_callbacks_demo: pre_unpatch_callback: test_klp_callbacks_mod -> [MODULE_STATE_GOING] Going away
livepatch: reverting patch 'test_klp_callbacks_demo' on unloading module 'test_klp_callbacks_mod'
test_klp_callbacks_demo: post_unpatch_callback: test_klp_callbacks_mod -> [MODULE_STATE_GOING] Going away
% echo 0 > /sys/kernel/livepatch/test_klp_callbacks_demo/enabled
livepatch: 'test_klp_callbacks_demo': initializing unpatching transition
test_klp_callbacks_demo: pre_unpatch_callback: vmlinux
livepatch: 'test_klp_callbacks_demo': starting unpatching transition
livepatch: 'test_klp_callbacks_demo': completing unpatching transition
test_klp_callbacks_demo: post_unpatch_callback: vmlinux
livepatch: 'test_klp_callbacks_demo': unpatching complete
% rmmod test_klp_callbacks_demo"
exit 0