1 // SPDX-License-Identifier: GPL-2.0
2 // error-inject.c: Function-level error injection table
3 #include <linux/error-injection.h>
4 #include <linux/debugfs.h>
5 #include <linux/kallsyms.h>
6 #include <linux/kprobes.h>
7 #include <linux/module.h>
8 #include <linux/mutex.h>
9 #include <linux/list.h>
10 #include <linux/slab.h>
11 #include <asm/sections.h>
12
13 /* Whitelist of symbols that can be overridden for error injection. */
14 static LIST_HEAD(error_injection_list);
15 static DEFINE_MUTEX(ei_mutex);
16 struct ei_entry {
17 struct list_head list;
18 unsigned long start_addr;
19 unsigned long end_addr;
20 int etype;
21 void *priv;
22 };
23
within_error_injection_list(unsigned long addr)24 bool within_error_injection_list(unsigned long addr)
25 {
26 struct ei_entry *ent;
27 bool ret = false;
28
29 mutex_lock(&ei_mutex);
30 list_for_each_entry(ent, &error_injection_list, list) {
31 if (addr >= ent->start_addr && addr < ent->end_addr) {
32 ret = true;
33 break;
34 }
35 }
36 mutex_unlock(&ei_mutex);
37 return ret;
38 }
39
get_injectable_error_type(unsigned long addr)40 int get_injectable_error_type(unsigned long addr)
41 {
42 struct ei_entry *ent;
43 int ei_type = -EINVAL;
44
45 mutex_lock(&ei_mutex);
46 list_for_each_entry(ent, &error_injection_list, list) {
47 if (addr >= ent->start_addr && addr < ent->end_addr) {
48 ei_type = ent->etype;
49 break;
50 }
51 }
52 mutex_unlock(&ei_mutex);
53
54 return ei_type;
55 }
56
57 /*
58 * Lookup and populate the error_injection_list.
59 *
60 * For safety reasons we only allow certain functions to be overridden with
61 * bpf_error_injection, so we need to populate the list of the symbols that have
62 * been marked as safe for overriding.
63 */
populate_error_injection_list(struct error_injection_entry * start,struct error_injection_entry * end,void * priv)64 static void populate_error_injection_list(struct error_injection_entry *start,
65 struct error_injection_entry *end,
66 void *priv)
67 {
68 struct error_injection_entry *iter;
69 struct ei_entry *ent;
70 unsigned long entry, offset = 0, size = 0;
71
72 mutex_lock(&ei_mutex);
73 for (iter = start; iter < end; iter++) {
74 entry = (unsigned long)dereference_symbol_descriptor((void *)iter->addr);
75
76 if (!kernel_text_address(entry) ||
77 !kallsyms_lookup_size_offset(entry, &size, &offset)) {
78 pr_err("Failed to find error inject entry at %p\n",
79 (void *)entry);
80 continue;
81 }
82
83 ent = kmalloc(sizeof(*ent), GFP_KERNEL);
84 if (!ent)
85 break;
86 ent->start_addr = entry;
87 ent->end_addr = entry + size;
88 ent->etype = iter->etype;
89 ent->priv = priv;
90 INIT_LIST_HEAD(&ent->list);
91 list_add_tail(&ent->list, &error_injection_list);
92 }
93 mutex_unlock(&ei_mutex);
94 }
95
96 /* Markers of the _error_inject_whitelist section */
97 extern struct error_injection_entry __start_error_injection_whitelist[];
98 extern struct error_injection_entry __stop_error_injection_whitelist[];
99
populate_kernel_ei_list(void)100 static void __init populate_kernel_ei_list(void)
101 {
102 populate_error_injection_list(__start_error_injection_whitelist,
103 __stop_error_injection_whitelist,
104 NULL);
105 }
106
107 #ifdef CONFIG_MODULES
module_load_ei_list(struct module * mod)108 static void module_load_ei_list(struct module *mod)
109 {
110 if (!mod->num_ei_funcs)
111 return;
112
113 populate_error_injection_list(mod->ei_funcs,
114 mod->ei_funcs + mod->num_ei_funcs, mod);
115 }
116
module_unload_ei_list(struct module * mod)117 static void module_unload_ei_list(struct module *mod)
118 {
119 struct ei_entry *ent, *n;
120
121 if (!mod->num_ei_funcs)
122 return;
123
124 mutex_lock(&ei_mutex);
125 list_for_each_entry_safe(ent, n, &error_injection_list, list) {
126 if (ent->priv == mod) {
127 list_del_init(&ent->list);
128 kfree(ent);
129 }
130 }
131 mutex_unlock(&ei_mutex);
132 }
133
134 /* Module notifier call back, checking error injection table on the module */
ei_module_callback(struct notifier_block * nb,unsigned long val,void * data)135 static int ei_module_callback(struct notifier_block *nb,
136 unsigned long val, void *data)
137 {
138 struct module *mod = data;
139
140 if (val == MODULE_STATE_COMING)
141 module_load_ei_list(mod);
142 else if (val == MODULE_STATE_GOING)
143 module_unload_ei_list(mod);
144
145 return NOTIFY_DONE;
146 }
147
148 static struct notifier_block ei_module_nb = {
149 .notifier_call = ei_module_callback,
150 .priority = 0
151 };
152
module_ei_init(void)153 static __init int module_ei_init(void)
154 {
155 return register_module_notifier(&ei_module_nb);
156 }
157 #else /* !CONFIG_MODULES */
158 #define module_ei_init() (0)
159 #endif
160
161 /*
162 * error_injection/whitelist -- shows which functions can be overridden for
163 * error injection.
164 */
ei_seq_start(struct seq_file * m,loff_t * pos)165 static void *ei_seq_start(struct seq_file *m, loff_t *pos)
166 {
167 mutex_lock(&ei_mutex);
168 return seq_list_start(&error_injection_list, *pos);
169 }
170
ei_seq_stop(struct seq_file * m,void * v)171 static void ei_seq_stop(struct seq_file *m, void *v)
172 {
173 mutex_unlock(&ei_mutex);
174 }
175
ei_seq_next(struct seq_file * m,void * v,loff_t * pos)176 static void *ei_seq_next(struct seq_file *m, void *v, loff_t *pos)
177 {
178 return seq_list_next(v, &error_injection_list, pos);
179 }
180
error_type_string(int etype)181 static const char *error_type_string(int etype)
182 {
183 switch (etype) {
184 case EI_ETYPE_NULL:
185 return "NULL";
186 case EI_ETYPE_ERRNO:
187 return "ERRNO";
188 case EI_ETYPE_ERRNO_NULL:
189 return "ERRNO_NULL";
190 case EI_ETYPE_TRUE:
191 return "TRUE";
192 default:
193 return "(unknown)";
194 }
195 }
196
ei_seq_show(struct seq_file * m,void * v)197 static int ei_seq_show(struct seq_file *m, void *v)
198 {
199 struct ei_entry *ent = list_entry(v, struct ei_entry, list);
200
201 seq_printf(m, "%ps\t%s\n", (void *)ent->start_addr,
202 error_type_string(ent->etype));
203 return 0;
204 }
205
206 static const struct seq_operations ei_sops = {
207 .start = ei_seq_start,
208 .next = ei_seq_next,
209 .stop = ei_seq_stop,
210 .show = ei_seq_show,
211 };
212
213 DEFINE_SEQ_ATTRIBUTE(ei);
214
ei_debugfs_init(void)215 static int __init ei_debugfs_init(void)
216 {
217 struct dentry *dir, *file;
218
219 dir = debugfs_create_dir("error_injection", NULL);
220
221 file = debugfs_create_file("list", 0444, dir, NULL, &ei_fops);
222 if (!file) {
223 debugfs_remove(dir);
224 return -ENOMEM;
225 }
226
227 return 0;
228 }
229
init_error_injection(void)230 static int __init init_error_injection(void)
231 {
232 populate_kernel_ei_list();
233
234 if (!module_ei_init())
235 ei_debugfs_init();
236
237 return 0;
238 }
239 late_initcall(init_error_injection);
240