Skip to content

Commit

Permalink
Merge tag 'livepatching-for-6.1' of git://git.kernel.org/pub/scm/linu…
Browse files Browse the repository at this point in the history
…x/kernel/git/livepatching/livepatching

Pull livepatching updates from Petr Mladek:

 - Fix race between fork and livepatch transition revert

 - Add sysfs entry that shows "patched" state for each object (module)
   that can be livepatched by the given livepatch

 - Some clean up

* tag 'livepatching-for-6.1' of git://git.kernel.org/pub/scm/linux/kernel/git/livepatching/livepatching:
  selftests/livepatch: add sysfs test
  livepatch: add sysfs entry "patched" for each klp_object
  selftests/livepatch: normalize sysctl error message
  livepatch: Add a missing newline character in klp_module_coming()
  livepatch: fix race between fork and KLP transition
  • Loading branch information
torvalds committed Oct 10, 2022
2 parents b520410 + 59b2a38 commit 4de65c5
Show file tree
Hide file tree
Showing 6 changed files with 166 additions and 5 deletions.
8 changes: 8 additions & 0 deletions Documentation/ABI/testing/sysfs-kernel-livepatch
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,14 @@ Description:
The object directory contains subdirectories for each function
that is patched within the object.

What: /sys/kernel/livepatch/<patch>/<object>/patched
Date: August 2022
KernelVersion: 6.1.0
Contact: [email protected]
Description:
An attribute which indicates whether the object is currently
patched.

What: /sys/kernel/livepatch/<patch>/<object>/<function,sympos>
Date: Nov 2014
KernelVersion: 3.19.0
Expand Down
20 changes: 19 additions & 1 deletion kernel/livepatch/core.c
Original file line number Diff line number Diff line change
Expand Up @@ -325,6 +325,7 @@ int klp_apply_section_relocs(struct module *pmod, Elf_Shdr *sechdrs,
* /sys/kernel/livepatch/<patch>/transition
* /sys/kernel/livepatch/<patch>/force
* /sys/kernel/livepatch/<patch>/<object>
* /sys/kernel/livepatch/<patch>/<object>/patched
* /sys/kernel/livepatch/<patch>/<object>/<function,sympos>
*/
static int __klp_disable_patch(struct klp_patch *patch);
Expand Down Expand Up @@ -431,6 +432,22 @@ static struct attribute *klp_patch_attrs[] = {
};
ATTRIBUTE_GROUPS(klp_patch);

static ssize_t patched_show(struct kobject *kobj,
struct kobj_attribute *attr, char *buf)
{
struct klp_object *obj;

obj = container_of(kobj, struct klp_object, kobj);
return sysfs_emit(buf, "%d\n", obj->patched);
}

static struct kobj_attribute patched_kobj_attr = __ATTR_RO(patched);
static struct attribute *klp_object_attrs[] = {
&patched_kobj_attr.attr,
NULL,
};
ATTRIBUTE_GROUPS(klp_object);

static void klp_free_object_dynamic(struct klp_object *obj)
{
kfree(obj->name);
Expand Down Expand Up @@ -576,6 +593,7 @@ static void klp_kobj_release_object(struct kobject *kobj)
static struct kobj_type klp_ktype_object = {
.release = klp_kobj_release_object,
.sysfs_ops = &kobj_sysfs_ops,
.default_groups = klp_object_groups,
};

static void klp_kobj_release_func(struct kobject *kobj)
Expand Down Expand Up @@ -1171,7 +1189,7 @@ int klp_module_coming(struct module *mod)
return -EINVAL;

if (!strcmp(mod->name, "vmlinux")) {
pr_err("vmlinux.ko: invalid module name");
pr_err("vmlinux.ko: invalid module name\n");
return -EINVAL;
}

Expand Down
18 changes: 16 additions & 2 deletions kernel/livepatch/transition.c
Original file line number Diff line number Diff line change
Expand Up @@ -610,9 +610,23 @@ void klp_reverse_transition(void)
/* Called from copy_process() during fork */
void klp_copy_process(struct task_struct *child)
{
child->patch_state = current->patch_state;

/* TIF_PATCH_PENDING gets copied in setup_thread_stack() */
/*
* The parent process may have gone through a KLP transition since
* the thread flag was copied in setup_thread_stack earlier. Bring
* the task flag up to date with the parent here.
*
* The operation is serialized against all klp_*_transition()
* operations by the tasklist_lock. The only exception is
* klp_update_patch_state(current), but we cannot race with
* that because we are current.
*/
if (test_tsk_thread_flag(current, TIF_PATCH_PENDING))
set_tsk_thread_flag(child, TIF_PATCH_PENDING);
else
clear_tsk_thread_flag(child, TIF_PATCH_PENDING);

child->patch_state = current->patch_state;
}

/*
Expand Down
3 changes: 2 additions & 1 deletion tools/testing/selftests/livepatch/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,8 @@ TEST_PROGS := \
test-callbacks.sh \
test-shadow-vars.sh \
test-state.sh \
test-ftrace.sh
test-ftrace.sh \
test-sysfs.sh

TEST_FILES := settings

Expand Down
36 changes: 35 additions & 1 deletion tools/testing/selftests/livepatch/functions.sh
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@

MAX_RETRIES=600
RETRY_INTERVAL=".1" # seconds
KLP_SYSFS_DIR="/sys/kernel/livepatch"

# Kselftest framework requirement - SKIP code is 4
ksft_skip=4
Expand Down Expand Up @@ -86,7 +87,7 @@ function set_ftrace_enabled() {

if [[ "$result" != "$1" ]] ; then
if [[ $can_fail -eq 1 ]] ; then
echo "livepatch: $err" > /dev/kmsg
echo "livepatch: $err" | sed 's#/proc/sys/kernel/#kernel.#' > /dev/kmsg
return
fi

Expand Down Expand Up @@ -308,3 +309,36 @@ function check_result {

cleanup_dmesg_file
}

# check_sysfs_rights(modname, rel_path, expected_rights) - check sysfs
# path permissions
# modname - livepatch module creating the sysfs interface
# rel_path - relative path of the sysfs interface
# expected_rights - expected access rights
function check_sysfs_rights() {
local mod="$1"; shift
local rel_path="$1"; shift
local expected_rights="$1"; shift

local path="$KLP_SYSFS_DIR/$mod/$rel_path"
local rights=$(/bin/stat --format '%A' "$path")
if test "$rights" != "$expected_rights" ; then
die "Unexpected access rights of $path: $expected_rights vs. $rights"
fi
}

# check_sysfs_value(modname, rel_path, expected_value) - check sysfs value
# modname - livepatch module creating the sysfs interface
# rel_path - relative path of the sysfs interface
# expected_value - expected value read from the file
function check_sysfs_value() {
local mod="$1"; shift
local rel_path="$1"; shift
local expected_value="$1"; shift

local path="$KLP_SYSFS_DIR/$mod/$rel_path"
local value=`cat $path`
if test "$value" != "$expected_value" ; then
die "Unexpected value in $path: $expected_value vs. $value"
fi
}
86 changes: 86 additions & 0 deletions tools/testing/selftests/livepatch/test-sysfs.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
#!/bin/bash
# SPDX-License-Identifier: GPL-2.0
# Copyright (C) 2022 Song Liu <[email protected]>

. $(dirname $0)/functions.sh

MOD_LIVEPATCH=test_klp_livepatch

setup_config

# - load a livepatch and verifies the sysfs entries work as expected

start_test "sysfs test"

load_lp $MOD_LIVEPATCH

check_sysfs_rights "$MOD_LIVEPATCH" "" "drwxr-xr-x"
check_sysfs_rights "$MOD_LIVEPATCH" "enabled" "-rw-r--r--"
check_sysfs_value "$MOD_LIVEPATCH" "enabled" "1"
check_sysfs_rights "$MOD_LIVEPATCH" "force" "--w-------"
check_sysfs_rights "$MOD_LIVEPATCH" "transition" "-r--r--r--"
check_sysfs_value "$MOD_LIVEPATCH" "transition" "0"
check_sysfs_rights "$MOD_LIVEPATCH" "vmlinux/patched" "-r--r--r--"
check_sysfs_value "$MOD_LIVEPATCH" "vmlinux/patched" "1"

disable_lp $MOD_LIVEPATCH

unload_lp $MOD_LIVEPATCH

check_result "% modprobe $MOD_LIVEPATCH
livepatch: enabling patch '$MOD_LIVEPATCH'
livepatch: '$MOD_LIVEPATCH': initializing patching transition
livepatch: '$MOD_LIVEPATCH': starting patching transition
livepatch: '$MOD_LIVEPATCH': completing patching transition
livepatch: '$MOD_LIVEPATCH': patching complete
% echo 0 > /sys/kernel/livepatch/$MOD_LIVEPATCH/enabled
livepatch: '$MOD_LIVEPATCH': initializing unpatching transition
livepatch: '$MOD_LIVEPATCH': starting unpatching transition
livepatch: '$MOD_LIVEPATCH': completing unpatching transition
livepatch: '$MOD_LIVEPATCH': unpatching complete
% rmmod $MOD_LIVEPATCH"

start_test "sysfs test object/patched"

MOD_LIVEPATCH=test_klp_callbacks_demo
MOD_TARGET=test_klp_callbacks_mod
load_lp $MOD_LIVEPATCH

# check the "patch" file changes as target module loads/unloads
check_sysfs_value "$MOD_LIVEPATCH" "$MOD_TARGET/patched" "0"
load_mod $MOD_TARGET
check_sysfs_value "$MOD_LIVEPATCH" "$MOD_TARGET/patched" "1"
unload_mod $MOD_TARGET
check_sysfs_value "$MOD_LIVEPATCH" "$MOD_TARGET/patched" "0"

disable_lp $MOD_LIVEPATCH
unload_lp $MOD_LIVEPATCH

check_result "% modprobe test_klp_callbacks_demo
livepatch: enabling patch 'test_klp_callbacks_demo'
livepatch: 'test_klp_callbacks_demo': initializing patching transition
test_klp_callbacks_demo: pre_patch_callback: vmlinux
livepatch: 'test_klp_callbacks_demo': starting patching transition
livepatch: 'test_klp_callbacks_demo': completing patching transition
test_klp_callbacks_demo: post_patch_callback: vmlinux
livepatch: 'test_klp_callbacks_demo': patching complete
% modprobe test_klp_callbacks_mod
livepatch: applying patch 'test_klp_callbacks_demo' to loading module 'test_klp_callbacks_mod'
test_klp_callbacks_demo: pre_patch_callback: test_klp_callbacks_mod -> [MODULE_STATE_COMING] Full formed, running module_init
test_klp_callbacks_demo: post_patch_callback: test_klp_callbacks_mod -> [MODULE_STATE_COMING] Full formed, running module_init
test_klp_callbacks_mod: test_klp_callbacks_mod_init
% rmmod test_klp_callbacks_mod
test_klp_callbacks_mod: test_klp_callbacks_mod_exit
test_klp_callbacks_demo: pre_unpatch_callback: test_klp_callbacks_mod -> [MODULE_STATE_GOING] Going away
livepatch: reverting patch 'test_klp_callbacks_demo' on unloading module 'test_klp_callbacks_mod'
test_klp_callbacks_demo: post_unpatch_callback: test_klp_callbacks_mod -> [MODULE_STATE_GOING] Going away
% echo 0 > /sys/kernel/livepatch/test_klp_callbacks_demo/enabled
livepatch: 'test_klp_callbacks_demo': initializing unpatching transition
test_klp_callbacks_demo: pre_unpatch_callback: vmlinux
livepatch: 'test_klp_callbacks_demo': starting unpatching transition
livepatch: 'test_klp_callbacks_demo': completing unpatching transition
test_klp_callbacks_demo: post_unpatch_callback: vmlinux
livepatch: 'test_klp_callbacks_demo': unpatching complete
% rmmod test_klp_callbacks_demo"

exit 0

0 comments on commit 4de65c5

Please sign in to comment.