mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-12-29 09:16:33 +00:00
Livepatching changes for 6.1
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEESH4wyp42V4tXvYsjUqAMR0iAlPIFAmM9Y/gACgkQUqAMR0iA lPJxwg//SJsMwv3zDDP3YAzhROongc9mlNL9yTNo5zMFYaLIF6j0UkN7zP7+ChTY u3rfiOYOiSNVyylC4+Auznqi219wjEPedDtJkP6Gx6mHJIArXoFltOGct1fz3CH6 xJjBYPpRVQTP54HQ/OEM4kfxn7eG1HXpErxIYUfeRzM5REJR0iZFfI6FwyXVhjsL 1lDTHc/qlLlaDMqik2sQ/3yJ391SQKodAwkJY9d2wS06OjMmvtX+dADZJkXwv14f 5wnBXG/4Zr0HSR2JW3VgU7AwZptaRLYF2PtYdDp+yI0DSsmjPq4d+0YqTVbgLNSq r0XmewMpnNUNojEuFpW4/+RGZo0pnlJpjUOYfKTbDecnYfMjUFtSGPLVTMnN1OT+ xcW/Q8jO4nQ24993xrQbOr/vBT6nIsePkJAOJkTPzzAxkPF3X7ik3lZyjb7ntDlV mTfUpmTiFtmdMsDaKFxbgRknPre7z4XASMAiErHU4TGNyKBHsRDXmAdtC8hNn7ZU z2NGlDrBKuHL8IcKQ6uH/SYtyG3HIVCeiWqkRd9Sm9RKoz4p+sGl3I4D367O+fGX GGwXj8b5wvjl/BGXHoM+kQKmclYB8kD/8iQSwd64qooTkiDtt1HDPGr2Ewa5thiz fDoVyy98vyRSNmXtst9S7+IMmdjQ7mjmW9AlAITOwIo89UW+7GQ= =+qS1 -----END PGP SIGNATURE----- Merge tag 'livepatching-for-6.1' of git://git.kernel.org/pub/scm/linux/kernel/git/livepatching/livepatching Pull livepatching updates from Petr Mladek: - Fix race between fork and livepatch transition revert - Add sysfs entry that shows "patched" state for each object (module) that can be livepatched by the given livepatch - Some clean up * tag 'livepatching-for-6.1' of git://git.kernel.org/pub/scm/linux/kernel/git/livepatching/livepatching: selftests/livepatch: add sysfs test livepatch: add sysfs entry "patched" for each klp_object selftests/livepatch: normalize sysctl error message livepatch: Add a missing newline character in klp_module_coming() livepatch: fix race between fork and KLP transition
This commit is contained in:
commit
4de65c5830
@ -55,6 +55,14 @@ Description:
|
|||||||
The object directory contains subdirectories for each function
|
The object directory contains subdirectories for each function
|
||||||
that is patched within the object.
|
that is patched within the object.
|
||||||
|
|
||||||
|
What: /sys/kernel/livepatch/<patch>/<object>/patched
|
||||||
|
Date: August 2022
|
||||||
|
KernelVersion: 6.1.0
|
||||||
|
Contact: live-patching@vger.kernel.org
|
||||||
|
Description:
|
||||||
|
An attribute which indicates whether the object is currently
|
||||||
|
patched.
|
||||||
|
|
||||||
What: /sys/kernel/livepatch/<patch>/<object>/<function,sympos>
|
What: /sys/kernel/livepatch/<patch>/<object>/<function,sympos>
|
||||||
Date: Nov 2014
|
Date: Nov 2014
|
||||||
KernelVersion: 3.19.0
|
KernelVersion: 3.19.0
|
||||||
|
@ -325,6 +325,7 @@ int klp_apply_section_relocs(struct module *pmod, Elf_Shdr *sechdrs,
|
|||||||
* /sys/kernel/livepatch/<patch>/transition
|
* /sys/kernel/livepatch/<patch>/transition
|
||||||
* /sys/kernel/livepatch/<patch>/force
|
* /sys/kernel/livepatch/<patch>/force
|
||||||
* /sys/kernel/livepatch/<patch>/<object>
|
* /sys/kernel/livepatch/<patch>/<object>
|
||||||
|
* /sys/kernel/livepatch/<patch>/<object>/patched
|
||||||
* /sys/kernel/livepatch/<patch>/<object>/<function,sympos>
|
* /sys/kernel/livepatch/<patch>/<object>/<function,sympos>
|
||||||
*/
|
*/
|
||||||
static int __klp_disable_patch(struct klp_patch *patch);
|
static int __klp_disable_patch(struct klp_patch *patch);
|
||||||
@ -431,6 +432,22 @@ static struct attribute *klp_patch_attrs[] = {
|
|||||||
};
|
};
|
||||||
ATTRIBUTE_GROUPS(klp_patch);
|
ATTRIBUTE_GROUPS(klp_patch);
|
||||||
|
|
||||||
|
static ssize_t patched_show(struct kobject *kobj,
|
||||||
|
struct kobj_attribute *attr, char *buf)
|
||||||
|
{
|
||||||
|
struct klp_object *obj;
|
||||||
|
|
||||||
|
obj = container_of(kobj, struct klp_object, kobj);
|
||||||
|
return sysfs_emit(buf, "%d\n", obj->patched);
|
||||||
|
}
|
||||||
|
|
||||||
|
static struct kobj_attribute patched_kobj_attr = __ATTR_RO(patched);
|
||||||
|
static struct attribute *klp_object_attrs[] = {
|
||||||
|
&patched_kobj_attr.attr,
|
||||||
|
NULL,
|
||||||
|
};
|
||||||
|
ATTRIBUTE_GROUPS(klp_object);
|
||||||
|
|
||||||
static void klp_free_object_dynamic(struct klp_object *obj)
|
static void klp_free_object_dynamic(struct klp_object *obj)
|
||||||
{
|
{
|
||||||
kfree(obj->name);
|
kfree(obj->name);
|
||||||
@ -576,6 +593,7 @@ static void klp_kobj_release_object(struct kobject *kobj)
|
|||||||
static struct kobj_type klp_ktype_object = {
|
static struct kobj_type klp_ktype_object = {
|
||||||
.release = klp_kobj_release_object,
|
.release = klp_kobj_release_object,
|
||||||
.sysfs_ops = &kobj_sysfs_ops,
|
.sysfs_ops = &kobj_sysfs_ops,
|
||||||
|
.default_groups = klp_object_groups,
|
||||||
};
|
};
|
||||||
|
|
||||||
static void klp_kobj_release_func(struct kobject *kobj)
|
static void klp_kobj_release_func(struct kobject *kobj)
|
||||||
@ -1171,7 +1189,7 @@ int klp_module_coming(struct module *mod)
|
|||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
if (!strcmp(mod->name, "vmlinux")) {
|
if (!strcmp(mod->name, "vmlinux")) {
|
||||||
pr_err("vmlinux.ko: invalid module name");
|
pr_err("vmlinux.ko: invalid module name\n");
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -610,9 +610,23 @@ void klp_reverse_transition(void)
|
|||||||
/* Called from copy_process() during fork */
|
/* Called from copy_process() during fork */
|
||||||
void klp_copy_process(struct task_struct *child)
|
void klp_copy_process(struct task_struct *child)
|
||||||
{
|
{
|
||||||
child->patch_state = current->patch_state;
|
|
||||||
|
|
||||||
/* TIF_PATCH_PENDING gets copied in setup_thread_stack() */
|
/*
|
||||||
|
* The parent process may have gone through a KLP transition since
|
||||||
|
* the thread flag was copied in setup_thread_stack earlier. Bring
|
||||||
|
* the task flag up to date with the parent here.
|
||||||
|
*
|
||||||
|
* The operation is serialized against all klp_*_transition()
|
||||||
|
* operations by the tasklist_lock. The only exception is
|
||||||
|
* klp_update_patch_state(current), but we cannot race with
|
||||||
|
* that because we are current.
|
||||||
|
*/
|
||||||
|
if (test_tsk_thread_flag(current, TIF_PATCH_PENDING))
|
||||||
|
set_tsk_thread_flag(child, TIF_PATCH_PENDING);
|
||||||
|
else
|
||||||
|
clear_tsk_thread_flag(child, TIF_PATCH_PENDING);
|
||||||
|
|
||||||
|
child->patch_state = current->patch_state;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -6,7 +6,8 @@ TEST_PROGS := \
|
|||||||
test-callbacks.sh \
|
test-callbacks.sh \
|
||||||
test-shadow-vars.sh \
|
test-shadow-vars.sh \
|
||||||
test-state.sh \
|
test-state.sh \
|
||||||
test-ftrace.sh
|
test-ftrace.sh \
|
||||||
|
test-sysfs.sh
|
||||||
|
|
||||||
TEST_FILES := settings
|
TEST_FILES := settings
|
||||||
|
|
||||||
|
@ -6,6 +6,7 @@
|
|||||||
|
|
||||||
MAX_RETRIES=600
|
MAX_RETRIES=600
|
||||||
RETRY_INTERVAL=".1" # seconds
|
RETRY_INTERVAL=".1" # seconds
|
||||||
|
KLP_SYSFS_DIR="/sys/kernel/livepatch"
|
||||||
|
|
||||||
# Kselftest framework requirement - SKIP code is 4
|
# Kselftest framework requirement - SKIP code is 4
|
||||||
ksft_skip=4
|
ksft_skip=4
|
||||||
@ -86,7 +87,7 @@ function set_ftrace_enabled() {
|
|||||||
|
|
||||||
if [[ "$result" != "$1" ]] ; then
|
if [[ "$result" != "$1" ]] ; then
|
||||||
if [[ $can_fail -eq 1 ]] ; then
|
if [[ $can_fail -eq 1 ]] ; then
|
||||||
echo "livepatch: $err" > /dev/kmsg
|
echo "livepatch: $err" | sed 's#/proc/sys/kernel/#kernel.#' > /dev/kmsg
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -308,3 +309,36 @@ function check_result {
|
|||||||
|
|
||||||
cleanup_dmesg_file
|
cleanup_dmesg_file
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# check_sysfs_rights(modname, rel_path, expected_rights) - check sysfs
|
||||||
|
# path permissions
|
||||||
|
# modname - livepatch module creating the sysfs interface
|
||||||
|
# rel_path - relative path of the sysfs interface
|
||||||
|
# expected_rights - expected access rights
|
||||||
|
function check_sysfs_rights() {
|
||||||
|
local mod="$1"; shift
|
||||||
|
local rel_path="$1"; shift
|
||||||
|
local expected_rights="$1"; shift
|
||||||
|
|
||||||
|
local path="$KLP_SYSFS_DIR/$mod/$rel_path"
|
||||||
|
local rights=$(/bin/stat --format '%A' "$path")
|
||||||
|
if test "$rights" != "$expected_rights" ; then
|
||||||
|
die "Unexpected access rights of $path: $expected_rights vs. $rights"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# check_sysfs_value(modname, rel_path, expected_value) - check sysfs value
|
||||||
|
# modname - livepatch module creating the sysfs interface
|
||||||
|
# rel_path - relative path of the sysfs interface
|
||||||
|
# expected_value - expected value read from the file
|
||||||
|
function check_sysfs_value() {
|
||||||
|
local mod="$1"; shift
|
||||||
|
local rel_path="$1"; shift
|
||||||
|
local expected_value="$1"; shift
|
||||||
|
|
||||||
|
local path="$KLP_SYSFS_DIR/$mod/$rel_path"
|
||||||
|
local value=`cat $path`
|
||||||
|
if test "$value" != "$expected_value" ; then
|
||||||
|
die "Unexpected value in $path: $expected_value vs. $value"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
86
tools/testing/selftests/livepatch/test-sysfs.sh
Executable file
86
tools/testing/selftests/livepatch/test-sysfs.sh
Executable file
@ -0,0 +1,86 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# SPDX-License-Identifier: GPL-2.0
|
||||||
|
# Copyright (C) 2022 Song Liu <song@kernel.org>
|
||||||
|
|
||||||
|
. $(dirname $0)/functions.sh
|
||||||
|
|
||||||
|
MOD_LIVEPATCH=test_klp_livepatch
|
||||||
|
|
||||||
|
setup_config
|
||||||
|
|
||||||
|
# - load a livepatch and verifies the sysfs entries work as expected
|
||||||
|
|
||||||
|
start_test "sysfs test"
|
||||||
|
|
||||||
|
load_lp $MOD_LIVEPATCH
|
||||||
|
|
||||||
|
check_sysfs_rights "$MOD_LIVEPATCH" "" "drwxr-xr-x"
|
||||||
|
check_sysfs_rights "$MOD_LIVEPATCH" "enabled" "-rw-r--r--"
|
||||||
|
check_sysfs_value "$MOD_LIVEPATCH" "enabled" "1"
|
||||||
|
check_sysfs_rights "$MOD_LIVEPATCH" "force" "--w-------"
|
||||||
|
check_sysfs_rights "$MOD_LIVEPATCH" "transition" "-r--r--r--"
|
||||||
|
check_sysfs_value "$MOD_LIVEPATCH" "transition" "0"
|
||||||
|
check_sysfs_rights "$MOD_LIVEPATCH" "vmlinux/patched" "-r--r--r--"
|
||||||
|
check_sysfs_value "$MOD_LIVEPATCH" "vmlinux/patched" "1"
|
||||||
|
|
||||||
|
disable_lp $MOD_LIVEPATCH
|
||||||
|
|
||||||
|
unload_lp $MOD_LIVEPATCH
|
||||||
|
|
||||||
|
check_result "% modprobe $MOD_LIVEPATCH
|
||||||
|
livepatch: enabling patch '$MOD_LIVEPATCH'
|
||||||
|
livepatch: '$MOD_LIVEPATCH': initializing patching transition
|
||||||
|
livepatch: '$MOD_LIVEPATCH': starting patching transition
|
||||||
|
livepatch: '$MOD_LIVEPATCH': completing patching transition
|
||||||
|
livepatch: '$MOD_LIVEPATCH': patching complete
|
||||||
|
% echo 0 > /sys/kernel/livepatch/$MOD_LIVEPATCH/enabled
|
||||||
|
livepatch: '$MOD_LIVEPATCH': initializing unpatching transition
|
||||||
|
livepatch: '$MOD_LIVEPATCH': starting unpatching transition
|
||||||
|
livepatch: '$MOD_LIVEPATCH': completing unpatching transition
|
||||||
|
livepatch: '$MOD_LIVEPATCH': unpatching complete
|
||||||
|
% rmmod $MOD_LIVEPATCH"
|
||||||
|
|
||||||
|
start_test "sysfs test object/patched"
|
||||||
|
|
||||||
|
MOD_LIVEPATCH=test_klp_callbacks_demo
|
||||||
|
MOD_TARGET=test_klp_callbacks_mod
|
||||||
|
load_lp $MOD_LIVEPATCH
|
||||||
|
|
||||||
|
# check the "patch" file changes as target module loads/unloads
|
||||||
|
check_sysfs_value "$MOD_LIVEPATCH" "$MOD_TARGET/patched" "0"
|
||||||
|
load_mod $MOD_TARGET
|
||||||
|
check_sysfs_value "$MOD_LIVEPATCH" "$MOD_TARGET/patched" "1"
|
||||||
|
unload_mod $MOD_TARGET
|
||||||
|
check_sysfs_value "$MOD_LIVEPATCH" "$MOD_TARGET/patched" "0"
|
||||||
|
|
||||||
|
disable_lp $MOD_LIVEPATCH
|
||||||
|
unload_lp $MOD_LIVEPATCH
|
||||||
|
|
||||||
|
check_result "% modprobe test_klp_callbacks_demo
|
||||||
|
livepatch: enabling patch 'test_klp_callbacks_demo'
|
||||||
|
livepatch: 'test_klp_callbacks_demo': initializing patching transition
|
||||||
|
test_klp_callbacks_demo: pre_patch_callback: vmlinux
|
||||||
|
livepatch: 'test_klp_callbacks_demo': starting patching transition
|
||||||
|
livepatch: 'test_klp_callbacks_demo': completing patching transition
|
||||||
|
test_klp_callbacks_demo: post_patch_callback: vmlinux
|
||||||
|
livepatch: 'test_klp_callbacks_demo': patching complete
|
||||||
|
% modprobe test_klp_callbacks_mod
|
||||||
|
livepatch: applying patch 'test_klp_callbacks_demo' to loading module 'test_klp_callbacks_mod'
|
||||||
|
test_klp_callbacks_demo: pre_patch_callback: test_klp_callbacks_mod -> [MODULE_STATE_COMING] Full formed, running module_init
|
||||||
|
test_klp_callbacks_demo: post_patch_callback: test_klp_callbacks_mod -> [MODULE_STATE_COMING] Full formed, running module_init
|
||||||
|
test_klp_callbacks_mod: test_klp_callbacks_mod_init
|
||||||
|
% rmmod test_klp_callbacks_mod
|
||||||
|
test_klp_callbacks_mod: test_klp_callbacks_mod_exit
|
||||||
|
test_klp_callbacks_demo: pre_unpatch_callback: test_klp_callbacks_mod -> [MODULE_STATE_GOING] Going away
|
||||||
|
livepatch: reverting patch 'test_klp_callbacks_demo' on unloading module 'test_klp_callbacks_mod'
|
||||||
|
test_klp_callbacks_demo: post_unpatch_callback: test_klp_callbacks_mod -> [MODULE_STATE_GOING] Going away
|
||||||
|
% echo 0 > /sys/kernel/livepatch/test_klp_callbacks_demo/enabled
|
||||||
|
livepatch: 'test_klp_callbacks_demo': initializing unpatching transition
|
||||||
|
test_klp_callbacks_demo: pre_unpatch_callback: vmlinux
|
||||||
|
livepatch: 'test_klp_callbacks_demo': starting unpatching transition
|
||||||
|
livepatch: 'test_klp_callbacks_demo': completing unpatching transition
|
||||||
|
test_klp_callbacks_demo: post_unpatch_callback: vmlinux
|
||||||
|
livepatch: 'test_klp_callbacks_demo': unpatching complete
|
||||||
|
% rmmod test_klp_callbacks_demo"
|
||||||
|
|
||||||
|
exit 0
|
Loading…
Reference in New Issue
Block a user