Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/livepatching
Pull live patching infrastructure from Jiri Kosina: "Let me provide a bit of history first, before describing what is in this pile. Originally, there was kSplice as a standalone project that implemented stop_machine()-based patching for the linux kernel. This project got later acquired, and the current owner is providing live patching as a proprietary service, without any intentions to have their implementation merged. Then, due to rising user/customer demand, both Red Hat and SUSE started working on their own implementation (not knowing about each other), and announced first versions roughly at the same time [1] [2]. The principle difference between the two solutions is how they are making sure that the patching is performed in a consistent way when it comes to different execution threads with respect to the semantic nature of the change that is being introduced. In a nutshell, kPatch is issuing stop_machine(), then looking at stacks of all existing processess, and if it decides that the system is in a state that can be patched safely, it proceeds insterting code redirection machinery to the patched functions. On the other hand, kGraft provides a per-thread consistency during one single pass of a process through the kernel and performs a lazy contignuous migration of threads from "unpatched" universe to the "patched" one at safe checkpoints. If interested in a more detailed discussion about the consistency models and its possible combinations, please see the thread that evolved around [3]. It pretty quickly became obvious to the interested parties that it's absolutely impractical in this case to have several isolated solutions for one task to co-exist in the kernel. During a dedicated Live Kernel Patching track at LPC in Dusseldorf, all the interested parties sat together and came up with a joint aproach that would work for both distro vendors. Steven Rostedt took notes [4] from this meeting. And the foundation for that aproach is what's present in this pull request. It provides a basic infrastructure for function "live patching" (i.e. code redirection), including API for kernel modules containing the actual patches, and API/ABI for userspace to be able to operate on the patches (look up what patches are applied, enable/disable them, etc). It's relatively simple and minimalistic, as it's making use of existing kernel infrastructure (namely ftrace) as much as possible. It's also self-contained, in a sense that it doesn't hook itself in any other kernel subsystem (it doesn't even touch any other code). It's now implemented for x86 only as a reference architecture, but support for powerpc, s390 and arm is already in the works (adding arch-specific support basically boils down to teaching ftrace about regs-saving). Once this common infrastructure gets merged, both Red Hat and SUSE have agreed to immediately start porting their current solutions on top of this, abandoning their out-of-tree code. The plan basically is that each patch will be marked by flag(s) that would indicate which consistency model it is willing to use (again, the details have been sketched out already in the thread at [3]). Before this happens, the current codebase can be used to patch a large group of secruity/stability problems the patches for which are not too complex (in a sense that they don't introduce non-trivial change of function's return value semantics, they don't change layout of data structures, etc) -- this corresponds to LEAVE_FUNCTION && SWITCH_FUNCTION semantics described at [3]. This tree has been in linux-next since December. [1] https://lkml.org/lkml/2014/4/30/477 [2] https://lkml.org/lkml/2014/7/14/857 [3] https://lkml.org/lkml/2014/11/7/354 [4] http://linuxplumbersconf.org/2014/wp-content/uploads/2014/10/LPC2014_LivePatching.txt [ The core code is introduced by the three commits authored by Seth Jennings, which got a lot of changes incorporated during numerous respins and reviews of the initial implementation. All the followup commits have materialized only after public tree has been created, so they were not folded into initial three commits so that the public tree doesn't get rebased ]" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/livepatching: livepatch: add missing newline to error message livepatch: rename config to CONFIG_LIVEPATCH livepatch: fix uninitialized return value livepatch: support for repatching a function livepatch: enforce patch stacking semantics livepatch: change ARCH_HAVE_LIVE_PATCHING to HAVE_LIVE_PATCHING livepatch: fix deferred module patching order livepatch: handle ancient compilers with more grace livepatch: kconfig: use bool instead of boolean livepatch: samples: fix usage example comments livepatch: MAINTAINERS: add git tree location livepatch: use FTRACE_OPS_FL_IPMODIFY livepatch: move x86 specific ftrace handler code to arch/x86 livepatch: samples: add sample live patching module livepatch: kernel: add support for live patching livepatch: kernel: add TAINT_LIVEPATCH
This commit is contained in:
commit
1d9c5d79e6
44
Documentation/ABI/testing/sysfs-kernel-livepatch
Normal file
44
Documentation/ABI/testing/sysfs-kernel-livepatch
Normal file
@ -0,0 +1,44 @@
|
||||
What: /sys/kernel/livepatch
|
||||
Date: Nov 2014
|
||||
KernelVersion: 3.19.0
|
||||
Contact: live-patching@vger.kernel.org
|
||||
Description:
|
||||
Interface for kernel live patching
|
||||
|
||||
The /sys/kernel/livepatch directory contains subdirectories for
|
||||
each loaded live patch module.
|
||||
|
||||
What: /sys/kernel/livepatch/<patch>
|
||||
Date: Nov 2014
|
||||
KernelVersion: 3.19.0
|
||||
Contact: live-patching@vger.kernel.org
|
||||
Description:
|
||||
The patch directory contains subdirectories for each kernel
|
||||
object (vmlinux or a module) in which it patched functions.
|
||||
|
||||
What: /sys/kernel/livepatch/<patch>/enabled
|
||||
Date: Nov 2014
|
||||
KernelVersion: 3.19.0
|
||||
Contact: live-patching@vger.kernel.org
|
||||
Description:
|
||||
A writable attribute that indicates whether the patched
|
||||
code is currently applied. Writing 0 will disable the patch
|
||||
while writing 1 will re-enable the patch.
|
||||
|
||||
What: /sys/kernel/livepatch/<patch>/<object>
|
||||
Date: Nov 2014
|
||||
KernelVersion: 3.19.0
|
||||
Contact: live-patching@vger.kernel.org
|
||||
Description:
|
||||
The object directory contains subdirectories for each function
|
||||
that is patched within the object.
|
||||
|
||||
What: /sys/kernel/livepatch/<patch>/<object>/<function>
|
||||
Date: Nov 2014
|
||||
KernelVersion: 3.19.0
|
||||
Contact: live-patching@vger.kernel.org
|
||||
Description:
|
||||
The function directory contains attributes regarding the
|
||||
properties and state of the patched function.
|
||||
|
||||
There are currently no such attributes.
|
@ -270,6 +270,8 @@ characters, each representing a particular tainted value.
|
||||
|
||||
15: 'L' if a soft lockup has previously occurred on the system.
|
||||
|
||||
16: 'K' if the kernel has been live patched.
|
||||
|
||||
The primary reason for the 'Tainted: ' string is to tell kernel
|
||||
debuggers if this is a clean kernel or if anything unusual has
|
||||
occurred. Tainting is permanent: even if an offending module is
|
||||
|
@ -843,6 +843,7 @@ can be ORed together:
|
||||
8192 - An unsigned module has been loaded in a kernel supporting module
|
||||
signature.
|
||||
16384 - A soft lockup has previously occurred on the system.
|
||||
32768 - The kernel has been live patched.
|
||||
|
||||
==============================================================
|
||||
|
||||
|
15
MAINTAINERS
15
MAINTAINERS
@ -5853,6 +5853,21 @@ F: Documentation/misc-devices/lis3lv02d
|
||||
F: drivers/misc/lis3lv02d/
|
||||
F: drivers/platform/x86/hp_accel.c
|
||||
|
||||
LIVE PATCHING
|
||||
M: Josh Poimboeuf <jpoimboe@redhat.com>
|
||||
M: Seth Jennings <sjenning@redhat.com>
|
||||
M: Jiri Kosina <jkosina@suse.cz>
|
||||
M: Vojtech Pavlik <vojtech@suse.cz>
|
||||
S: Maintained
|
||||
F: kernel/livepatch/
|
||||
F: include/linux/livepatch.h
|
||||
F: arch/x86/include/asm/livepatch.h
|
||||
F: arch/x86/kernel/livepatch.c
|
||||
F: Documentation/ABI/testing/sysfs-kernel-livepatch
|
||||
F: samples/livepatch/
|
||||
L: live-patching@vger.kernel.org
|
||||
T: git git://git.kernel.org/pub/scm/linux/kernel/git/jikos/livepatching.git
|
||||
|
||||
LLC (802.2)
|
||||
M: Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
|
||||
S: Maintained
|
||||
|
@ -17,6 +17,7 @@ config X86_64
|
||||
depends on 64BIT
|
||||
select X86_DEV_DMA_OPS
|
||||
select ARCH_USE_CMPXCHG_LOCKREF
|
||||
select HAVE_LIVEPATCH
|
||||
|
||||
### Arch settings
|
||||
config X86
|
||||
@ -2028,6 +2029,8 @@ config CMDLINE_OVERRIDE
|
||||
This is used to work around broken boot loaders. This should
|
||||
be set to 'N' under normal conditions.
|
||||
|
||||
source "kernel/livepatch/Kconfig"
|
||||
|
||||
endmenu
|
||||
|
||||
config ARCH_ENABLE_MEMORY_HOTPLUG
|
||||
|
46
arch/x86/include/asm/livepatch.h
Normal file
46
arch/x86/include/asm/livepatch.h
Normal file
@ -0,0 +1,46 @@
|
||||
/*
|
||||
* livepatch.h - x86-specific Kernel Live Patching Core
|
||||
*
|
||||
* Copyright (C) 2014 Seth Jennings <sjenning@redhat.com>
|
||||
* Copyright (C) 2014 SUSE
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License
|
||||
* as published by the Free Software Foundation; either version 2
|
||||
* of the License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
#ifndef _ASM_X86_LIVEPATCH_H
|
||||
#define _ASM_X86_LIVEPATCH_H
|
||||
|
||||
#include <linux/module.h>
|
||||
#include <linux/ftrace.h>
|
||||
|
||||
#ifdef CONFIG_LIVEPATCH
|
||||
static inline int klp_check_compiler_support(void)
|
||||
{
|
||||
#ifndef CC_USING_FENTRY
|
||||
return 1;
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
extern int klp_write_module_reloc(struct module *mod, unsigned long type,
|
||||
unsigned long loc, unsigned long value);
|
||||
|
||||
static inline void klp_arch_set_pc(struct pt_regs *regs, unsigned long ip)
|
||||
{
|
||||
regs->ip = ip;
|
||||
}
|
||||
#else
|
||||
#error Live patching support is disabled; check CONFIG_LIVEPATCH
|
||||
#endif
|
||||
|
||||
#endif /* _ASM_X86_LIVEPATCH_H */
|
@ -63,6 +63,7 @@ obj-$(CONFIG_X86_MPPARSE) += mpparse.o
|
||||
obj-y += apic/
|
||||
obj-$(CONFIG_X86_REBOOTFIXUPS) += reboot_fixups_32.o
|
||||
obj-$(CONFIG_DYNAMIC_FTRACE) += ftrace.o
|
||||
obj-$(CONFIG_LIVEPATCH) += livepatch.o
|
||||
obj-$(CONFIG_FUNCTION_GRAPH_TRACER) += ftrace.o
|
||||
obj-$(CONFIG_FTRACE_SYSCALLS) += ftrace.o
|
||||
obj-$(CONFIG_X86_TSC) += trace_clock.o
|
||||
|
90
arch/x86/kernel/livepatch.c
Normal file
90
arch/x86/kernel/livepatch.c
Normal file
@ -0,0 +1,90 @@
|
||||
/*
|
||||
* livepatch.c - x86-specific Kernel Live Patching Core
|
||||
*
|
||||
* Copyright (C) 2014 Seth Jennings <sjenning@redhat.com>
|
||||
* Copyright (C) 2014 SUSE
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License
|
||||
* as published by the Free Software Foundation; either version 2
|
||||
* of the License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
#include <linux/module.h>
|
||||
#include <linux/uaccess.h>
|
||||
#include <asm/cacheflush.h>
|
||||
#include <asm/page_types.h>
|
||||
#include <asm/elf.h>
|
||||
#include <asm/livepatch.h>
|
||||
|
||||
/**
|
||||
* klp_write_module_reloc() - write a relocation in a module
|
||||
* @mod: module in which the section to be modified is found
|
||||
* @type: ELF relocation type (see asm/elf.h)
|
||||
* @loc: address that the relocation should be written to
|
||||
* @value: relocation value (sym address + addend)
|
||||
*
|
||||
* This function writes a relocation to the specified location for
|
||||
* a particular module.
|
||||
*/
|
||||
int klp_write_module_reloc(struct module *mod, unsigned long type,
|
||||
unsigned long loc, unsigned long value)
|
||||
{
|
||||
int ret, numpages, size = 4;
|
||||
bool readonly;
|
||||
unsigned long val;
|
||||
unsigned long core = (unsigned long)mod->module_core;
|
||||
unsigned long core_ro_size = mod->core_ro_size;
|
||||
unsigned long core_size = mod->core_size;
|
||||
|
||||
switch (type) {
|
||||
case R_X86_64_NONE:
|
||||
return 0;
|
||||
case R_X86_64_64:
|
||||
val = value;
|
||||
size = 8;
|
||||
break;
|
||||
case R_X86_64_32:
|
||||
val = (u32)value;
|
||||
break;
|
||||
case R_X86_64_32S:
|
||||
val = (s32)value;
|
||||
break;
|
||||
case R_X86_64_PC32:
|
||||
val = (u32)(value - loc);
|
||||
break;
|
||||
default:
|
||||
/* unsupported relocation type */
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
if (loc < core || loc >= core + core_size)
|
||||
/* loc does not point to any symbol inside the module */
|
||||
return -EINVAL;
|
||||
|
||||
if (loc < core + core_ro_size)
|
||||
readonly = true;
|
||||
else
|
||||
readonly = false;
|
||||
|
||||
/* determine if the relocation spans a page boundary */
|
||||
numpages = ((loc & PAGE_MASK) == ((loc + size) & PAGE_MASK)) ? 1 : 2;
|
||||
|
||||
if (readonly)
|
||||
set_memory_rw(loc & PAGE_MASK, numpages);
|
||||
|
||||
ret = probe_kernel_write((void *)loc, &val, size);
|
||||
|
||||
if (readonly)
|
||||
set_memory_ro(loc & PAGE_MASK, numpages);
|
||||
|
||||
return ret;
|
||||
}
|
@ -471,6 +471,7 @@ extern enum system_states {
|
||||
#define TAINT_OOT_MODULE 12
|
||||
#define TAINT_UNSIGNED_MODULE 13
|
||||
#define TAINT_SOFTLOCKUP 14
|
||||
#define TAINT_LIVEPATCH 15
|
||||
|
||||
extern const char hex_asc[];
|
||||
#define hex_asc_lo(x) hex_asc[((x) & 0x0f)]
|
||||
|
133
include/linux/livepatch.h
Normal file
133
include/linux/livepatch.h
Normal file
@ -0,0 +1,133 @@
|
||||
/*
|
||||
* livepatch.h - Kernel Live Patching Core
|
||||
*
|
||||
* Copyright (C) 2014 Seth Jennings <sjenning@redhat.com>
|
||||
* Copyright (C) 2014 SUSE
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License
|
||||
* as published by the Free Software Foundation; either version 2
|
||||
* of the License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
#ifndef _LINUX_LIVEPATCH_H_
|
||||
#define _LINUX_LIVEPATCH_H_
|
||||
|
||||
#include <linux/module.h>
|
||||
#include <linux/ftrace.h>
|
||||
|
||||
#if IS_ENABLED(CONFIG_LIVEPATCH)
|
||||
|
||||
#include <asm/livepatch.h>
|
||||
|
||||
enum klp_state {
|
||||
KLP_DISABLED,
|
||||
KLP_ENABLED
|
||||
};
|
||||
|
||||
/**
|
||||
* struct klp_func - function structure for live patching
|
||||
* @old_name: name of the function to be patched
|
||||
* @new_func: pointer to the patched function code
|
||||
* @old_addr: a hint conveying at what address the old function
|
||||
* can be found (optional, vmlinux patches only)
|
||||
* @kobj: kobject for sysfs resources
|
||||
* @state: tracks function-level patch application state
|
||||
* @stack_node: list node for klp_ops func_stack list
|
||||
*/
|
||||
struct klp_func {
|
||||
/* external */
|
||||
const char *old_name;
|
||||
void *new_func;
|
||||
/*
|
||||
* The old_addr field is optional and can be used to resolve
|
||||
* duplicate symbol names in the vmlinux object. If this
|
||||
* information is not present, the symbol is located by name
|
||||
* with kallsyms. If the name is not unique and old_addr is
|
||||
* not provided, the patch application fails as there is no
|
||||
* way to resolve the ambiguity.
|
||||
*/
|
||||
unsigned long old_addr;
|
||||
|
||||
/* internal */
|
||||
struct kobject kobj;
|
||||
enum klp_state state;
|
||||
struct list_head stack_node;
|
||||
};
|
||||
|
||||
/**
|
||||
* struct klp_reloc - relocation structure for live patching
|
||||
* @loc: address where the relocation will be written
|
||||
* @val: address of the referenced symbol (optional,
|
||||
* vmlinux patches only)
|
||||
* @type: ELF relocation type
|
||||
* @name: name of the referenced symbol (for lookup/verification)
|
||||
* @addend: offset from the referenced symbol
|
||||
* @external: symbol is either exported or within the live patch module itself
|
||||
*/
|
||||
struct klp_reloc {
|
||||
unsigned long loc;
|
||||
unsigned long val;
|
||||
unsigned long type;
|
||||
const char *name;
|
||||
int addend;
|
||||
int external;
|
||||
};
|
||||
|
||||
/**
|
||||
* struct klp_object - kernel object structure for live patching
|
||||
* @name: module name (or NULL for vmlinux)
|
||||
* @relocs: relocation entries to be applied at load time
|
||||
* @funcs: function entries for functions to be patched in the object
|
||||
* @kobj: kobject for sysfs resources
|
||||
* @mod: kernel module associated with the patched object
|
||||
* (NULL for vmlinux)
|
||||
* @state: tracks object-level patch application state
|
||||
*/
|
||||
struct klp_object {
|
||||
/* external */
|
||||
const char *name;
|
||||
struct klp_reloc *relocs;
|
||||
struct klp_func *funcs;
|
||||
|
||||
/* internal */
|
||||
struct kobject *kobj;
|
||||
struct module *mod;
|
||||
enum klp_state state;
|
||||
};
|
||||
|
||||
/**
|
||||
* struct klp_patch - patch structure for live patching
|
||||
* @mod: reference to the live patch module
|
||||
* @objs: object entries for kernel objects to be patched
|
||||
* @list: list node for global list of registered patches
|
||||
* @kobj: kobject for sysfs resources
|
||||
* @state: tracks patch-level application state
|
||||
*/
|
||||
struct klp_patch {
|
||||
/* external */
|
||||
struct module *mod;
|
||||
struct klp_object *objs;
|
||||
|
||||
/* internal */
|
||||
struct list_head list;
|
||||
struct kobject kobj;
|
||||
enum klp_state state;
|
||||
};
|
||||
|
||||
extern int klp_register_patch(struct klp_patch *);
|
||||
extern int klp_unregister_patch(struct klp_patch *);
|
||||
extern int klp_enable_patch(struct klp_patch *);
|
||||
extern int klp_disable_patch(struct klp_patch *);
|
||||
|
||||
#endif /* CONFIG_LIVEPATCH */
|
||||
|
||||
#endif /* _LINUX_LIVEPATCH_H_ */
|
@ -26,6 +26,7 @@ obj-y += power/
|
||||
obj-y += printk/
|
||||
obj-y += irq/
|
||||
obj-y += rcu/
|
||||
obj-y += livepatch/
|
||||
|
||||
obj-$(CONFIG_CHECKPOINT_RESTORE) += kcmp.o
|
||||
obj-$(CONFIG_FREEZER) += freezer.o
|
||||
|
18
kernel/livepatch/Kconfig
Normal file
18
kernel/livepatch/Kconfig
Normal file
@ -0,0 +1,18 @@
|
||||
config HAVE_LIVEPATCH
|
||||
bool
|
||||
help
|
||||
Arch supports kernel live patching
|
||||
|
||||
config LIVEPATCH
|
||||
bool "Kernel Live Patching"
|
||||
depends on DYNAMIC_FTRACE_WITH_REGS
|
||||
depends on MODULES
|
||||
depends on SYSFS
|
||||
depends on KALLSYMS_ALL
|
||||
depends on HAVE_LIVEPATCH
|
||||
help
|
||||
Say Y here if you want to support kernel live patching.
|
||||
This option has no runtime impact until a kernel "patch"
|
||||
module uses the interface provided by this option to register
|
||||
a patch, causing calls to patched functions to be redirected
|
||||
to new function code contained in the patch module.
|
3
kernel/livepatch/Makefile
Normal file
3
kernel/livepatch/Makefile
Normal file
@ -0,0 +1,3 @@
|
||||
obj-$(CONFIG_LIVEPATCH) += livepatch.o
|
||||
|
||||
livepatch-objs := core.o
|
1015
kernel/livepatch/core.c
Normal file
1015
kernel/livepatch/core.c
Normal file
File diff suppressed because it is too large
Load Diff
@ -226,6 +226,7 @@ static const struct tnt tnts[] = {
|
||||
{ TAINT_OOT_MODULE, 'O', ' ' },
|
||||
{ TAINT_UNSIGNED_MODULE, 'E', ' ' },
|
||||
{ TAINT_SOFTLOCKUP, 'L', ' ' },
|
||||
{ TAINT_LIVEPATCH, 'K', ' ' },
|
||||
};
|
||||
|
||||
/**
|
||||
@ -246,6 +247,7 @@ static const struct tnt tnts[] = {
|
||||
* 'O' - Out-of-tree module has been loaded.
|
||||
* 'E' - Unsigned module has been loaded.
|
||||
* 'L' - A soft lockup has previously occurred.
|
||||
* 'K' - Kernel has been live patched.
|
||||
*
|
||||
* The string is overwritten by the next call to print_tainted().
|
||||
*/
|
||||
|
@ -63,4 +63,11 @@ config SAMPLE_RPMSG_CLIENT
|
||||
to communicate with an AMP-configured remote processor over
|
||||
the rpmsg bus.
|
||||
|
||||
config SAMPLE_LIVEPATCH
|
||||
tristate "Build live patching sample -- loadable modules only"
|
||||
depends on LIVEPATCH && m
|
||||
help
|
||||
Builds a sample live patch that replaces the procfs handler
|
||||
for /proc/cmdline to print "this has been live patched".
|
||||
|
||||
endif # SAMPLES
|
||||
|
@ -1,4 +1,4 @@
|
||||
# Makefile for Linux samples code
|
||||
|
||||
obj-$(CONFIG_SAMPLES) += kobject/ kprobes/ trace_events/ \
|
||||
obj-$(CONFIG_SAMPLES) += kobject/ kprobes/ trace_events/ livepatch/ \
|
||||
hw_breakpoint/ kfifo/ kdb/ hidraw/ rpmsg/ seccomp/
|
||||
|
1
samples/livepatch/Makefile
Normal file
1
samples/livepatch/Makefile
Normal file
@ -0,0 +1 @@
|
||||
obj-$(CONFIG_SAMPLE_LIVEPATCH) += livepatch-sample.o
|
91
samples/livepatch/livepatch-sample.c
Normal file
91
samples/livepatch/livepatch-sample.c
Normal file
@ -0,0 +1,91 @@
|
||||
/*
|
||||
* livepatch-sample.c - Kernel Live Patching Sample Module
|
||||
*
|
||||
* Copyright (C) 2014 Seth Jennings <sjenning@redhat.com>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License
|
||||
* as published by the Free Software Foundation; either version 2
|
||||
* of the License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
#include <linux/module.h>
|
||||
#include <linux/kernel.h>
|
||||
#include <linux/livepatch.h>
|
||||
|
||||
/*
|
||||
* This (dumb) live patch overrides the function that prints the
|
||||
* kernel boot cmdline when /proc/cmdline is read.
|
||||
*
|
||||
* Example:
|
||||
*
|
||||
* $ cat /proc/cmdline
|
||||
* <your cmdline>
|
||||
*
|
||||
* $ insmod livepatch-sample.ko
|
||||
* $ cat /proc/cmdline
|
||||
* this has been live patched
|
||||
*
|
||||
* $ echo 0 > /sys/kernel/livepatch/livepatch_sample/enabled
|
||||
* $ cat /proc/cmdline
|
||||
* <your cmdline>
|
||||
*/
|
||||
|
||||
#include <linux/seq_file.h>
|
||||
static int livepatch_cmdline_proc_show(struct seq_file *m, void *v)
|
||||
{
|
||||
seq_printf(m, "%s\n", "this has been live patched");
|
||||
return 0;
|
||||
}
|
||||
|
||||
static struct klp_func funcs[] = {
|
||||
{
|
||||
.old_name = "cmdline_proc_show",
|
||||
.new_func = livepatch_cmdline_proc_show,
|
||||
}, { }
|
||||
};
|
||||
|
||||
static struct klp_object objs[] = {
|
||||
{
|
||||
/* name being NULL means vmlinux */
|
||||
.funcs = funcs,
|
||||
}, { }
|
||||
};
|
||||
|
||||
static struct klp_patch patch = {
|
||||
.mod = THIS_MODULE,
|
||||
.objs = objs,
|
||||
};
|
||||
|
||||
static int livepatch_init(void)
|
||||
{
|
||||
int ret;
|
||||
|
||||
ret = klp_register_patch(&patch);
|
||||
if (ret)
|
||||
return ret;
|
||||
ret = klp_enable_patch(&patch);
|
||||
if (ret) {
|
||||
WARN_ON(klp_unregister_patch(&patch));
|
||||
return ret;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void livepatch_exit(void)
|
||||
{
|
||||
WARN_ON(klp_disable_patch(&patch));
|
||||
WARN_ON(klp_unregister_patch(&patch));
|
||||
}
|
||||
|
||||
module_init(livepatch_init);
|
||||
module_exit(livepatch_exit);
|
||||
MODULE_LICENSE("GPL");
|
Loading…
Reference in New Issue
Block a user