xref: /linux/kernel/livepatch/patch.c (revision c411ed854584a71b0e86ac3019b60e4789d88086)
1 /*
2  * patch.c - livepatch patching functions
3  *
4  * Copyright (C) 2014 Seth Jennings <sjenning@redhat.com>
5  * Copyright (C) 2014 SUSE
6  * Copyright (C) 2015 Josh Poimboeuf <jpoimboe@redhat.com>
7  *
8  * This program is free software; you can redistribute it and/or
9  * modify it under the terms of the GNU General Public License
10  * as published by the Free Software Foundation; either version 2
11  * of the License, or (at your option) any later version.
12  *
13  * This program is distributed in the hope that it will be useful,
14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16  * GNU General Public License for more details.
17  *
18  * You should have received a copy of the GNU General Public License
19  * along with this program; if not, see <http://www.gnu.org/licenses/>.
20  */
21 
22 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
23 
24 #include <linux/livepatch.h>
25 #include <linux/list.h>
26 #include <linux/ftrace.h>
27 #include <linux/rculist.h>
28 #include <linux/slab.h>
29 #include <linux/bug.h>
30 #include <linux/printk.h>
31 #include "patch.h"
32 #include "transition.h"
33 
34 static LIST_HEAD(klp_ops);
35 
36 struct klp_ops *klp_find_ops(unsigned long old_addr)
37 {
38 	struct klp_ops *ops;
39 	struct klp_func *func;
40 
41 	list_for_each_entry(ops, &klp_ops, node) {
42 		func = list_first_entry(&ops->func_stack, struct klp_func,
43 					stack_node);
44 		if (func->old_addr == old_addr)
45 			return ops;
46 	}
47 
48 	return NULL;
49 }
50 
51 static void notrace klp_ftrace_handler(unsigned long ip,
52 				       unsigned long parent_ip,
53 				       struct ftrace_ops *fops,
54 				       struct pt_regs *regs)
55 {
56 	struct klp_ops *ops;
57 	struct klp_func *func;
58 	int patch_state;
59 
60 	ops = container_of(fops, struct klp_ops, fops);
61 
62 	/*
63 	 * A variant of synchronize_sched() is used to allow patching functions
64 	 * where RCU is not watching, see klp_synchronize_transition().
65 	 */
66 	preempt_disable_notrace();
67 
68 	func = list_first_or_null_rcu(&ops->func_stack, struct klp_func,
69 				      stack_node);
70 
71 	/*
72 	 * func should never be NULL because preemption should be disabled here
73 	 * and unregister_ftrace_function() does the equivalent of a
74 	 * synchronize_sched() before the func_stack removal.
75 	 */
76 	if (WARN_ON_ONCE(!func))
77 		goto unlock;
78 
79 	/*
80 	 * In the enable path, enforce the order of the ops->func_stack and
81 	 * func->transition reads.  The corresponding write barrier is in
82 	 * __klp_enable_patch().
83 	 *
84 	 * (Note that this barrier technically isn't needed in the disable
85 	 * path.  In the rare case where klp_update_patch_state() runs before
86 	 * this handler, its TIF_PATCH_PENDING read and this func->transition
87 	 * read need to be ordered.  But klp_update_patch_state() already
88 	 * enforces that.)
89 	 */
90 	smp_rmb();
91 
92 	if (unlikely(func->transition)) {
93 
94 		/*
95 		 * Enforce the order of the func->transition and
96 		 * current->patch_state reads.  Otherwise we could read an
97 		 * out-of-date task state and pick the wrong function.  The
98 		 * corresponding write barrier is in klp_init_transition().
99 		 */
100 		smp_rmb();
101 
102 		patch_state = current->patch_state;
103 
104 		WARN_ON_ONCE(patch_state == KLP_UNDEFINED);
105 
106 		if (patch_state == KLP_UNPATCHED) {
107 			/*
108 			 * Use the previously patched version of the function.
109 			 * If no previous patches exist, continue with the
110 			 * original function.
111 			 */
112 			func = list_entry_rcu(func->stack_node.next,
113 					      struct klp_func, stack_node);
114 
115 			if (&func->stack_node == &ops->func_stack)
116 				goto unlock;
117 		}
118 	}
119 
120 	klp_arch_set_pc(regs, (unsigned long)func->new_func);
121 unlock:
122 	preempt_enable_notrace();
123 }
124 
125 /*
126  * Convert a function address into the appropriate ftrace location.
127  *
128  * Usually this is just the address of the function, but on some architectures
129  * it's more complicated so allow them to provide a custom behaviour.
130  */
131 #ifndef klp_get_ftrace_location
132 static unsigned long klp_get_ftrace_location(unsigned long faddr)
133 {
134 	return faddr;
135 }
136 #endif
137 
138 static void klp_unpatch_func(struct klp_func *func)
139 {
140 	struct klp_ops *ops;
141 
142 	if (WARN_ON(!func->patched))
143 		return;
144 	if (WARN_ON(!func->old_addr))
145 		return;
146 
147 	ops = klp_find_ops(func->old_addr);
148 	if (WARN_ON(!ops))
149 		return;
150 
151 	if (list_is_singular(&ops->func_stack)) {
152 		unsigned long ftrace_loc;
153 
154 		ftrace_loc = klp_get_ftrace_location(func->old_addr);
155 		if (WARN_ON(!ftrace_loc))
156 			return;
157 
158 		WARN_ON(unregister_ftrace_function(&ops->fops));
159 		WARN_ON(ftrace_set_filter_ip(&ops->fops, ftrace_loc, 1, 0));
160 
161 		list_del_rcu(&func->stack_node);
162 		list_del(&ops->node);
163 		kfree(ops);
164 	} else {
165 		list_del_rcu(&func->stack_node);
166 	}
167 
168 	func->patched = false;
169 }
170 
171 static int klp_patch_func(struct klp_func *func)
172 {
173 	struct klp_ops *ops;
174 	int ret;
175 
176 	if (WARN_ON(!func->old_addr))
177 		return -EINVAL;
178 
179 	if (WARN_ON(func->patched))
180 		return -EINVAL;
181 
182 	ops = klp_find_ops(func->old_addr);
183 	if (!ops) {
184 		unsigned long ftrace_loc;
185 
186 		ftrace_loc = klp_get_ftrace_location(func->old_addr);
187 		if (!ftrace_loc) {
188 			pr_err("failed to find location for function '%s'\n",
189 				func->old_name);
190 			return -EINVAL;
191 		}
192 
193 		ops = kzalloc(sizeof(*ops), GFP_KERNEL);
194 		if (!ops)
195 			return -ENOMEM;
196 
197 		ops->fops.func = klp_ftrace_handler;
198 		ops->fops.flags = FTRACE_OPS_FL_SAVE_REGS |
199 				  FTRACE_OPS_FL_DYNAMIC |
200 				  FTRACE_OPS_FL_IPMODIFY;
201 
202 		list_add(&ops->node, &klp_ops);
203 
204 		INIT_LIST_HEAD(&ops->func_stack);
205 		list_add_rcu(&func->stack_node, &ops->func_stack);
206 
207 		ret = ftrace_set_filter_ip(&ops->fops, ftrace_loc, 0, 0);
208 		if (ret) {
209 			pr_err("failed to set ftrace filter for function '%s' (%d)\n",
210 			       func->old_name, ret);
211 			goto err;
212 		}
213 
214 		ret = register_ftrace_function(&ops->fops);
215 		if (ret) {
216 			pr_err("failed to register ftrace handler for function '%s' (%d)\n",
217 			       func->old_name, ret);
218 			ftrace_set_filter_ip(&ops->fops, ftrace_loc, 1, 0);
219 			goto err;
220 		}
221 
222 
223 	} else {
224 		list_add_rcu(&func->stack_node, &ops->func_stack);
225 	}
226 
227 	func->patched = true;
228 
229 	return 0;
230 
231 err:
232 	list_del_rcu(&func->stack_node);
233 	list_del(&ops->node);
234 	kfree(ops);
235 	return ret;
236 }
237 
238 void klp_unpatch_object(struct klp_object *obj)
239 {
240 	struct klp_func *func;
241 
242 	klp_for_each_func(obj, func)
243 		if (func->patched)
244 			klp_unpatch_func(func);
245 
246 	obj->patched = false;
247 }
248 
249 int klp_patch_object(struct klp_object *obj)
250 {
251 	struct klp_func *func;
252 	int ret;
253 
254 	if (WARN_ON(obj->patched))
255 		return -EINVAL;
256 
257 	klp_for_each_func(obj, func) {
258 		ret = klp_patch_func(func);
259 		if (ret) {
260 			klp_unpatch_object(obj);
261 			return ret;
262 		}
263 	}
264 	obj->patched = true;
265 
266 	return 0;
267 }
268 
269 void klp_unpatch_objects(struct klp_patch *patch)
270 {
271 	struct klp_object *obj;
272 
273 	klp_for_each_object(patch, obj)
274 		if (obj->patched)
275 			klp_unpatch_object(obj);
276 }
277