1*4882a593Smuzhiyun // SPDX-License-Identifier: GPL-2.0-or-later
2*4882a593Smuzhiyun /*
3*4882a593Smuzhiyun * Copyright (C) 2017 Joe Lawrence <joe.lawrence@redhat.com>
4*4882a593Smuzhiyun */
5*4882a593Smuzhiyun
6*4882a593Smuzhiyun /*
7*4882a593Smuzhiyun * livepatch-shadow-fix2.c - Shadow variables, livepatch demo
8*4882a593Smuzhiyun *
9*4882a593Smuzhiyun * Purpose
10*4882a593Smuzhiyun * -------
11*4882a593Smuzhiyun *
12*4882a593Smuzhiyun * Adds functionality to livepatch-shadow-mod's in-flight data
13*4882a593Smuzhiyun * structures through a shadow variable. The livepatch patches a
14*4882a593Smuzhiyun * routine that periodically inspects data structures, incrementing a
15*4882a593Smuzhiyun * per-data-structure counter, creating the counter if needed.
16*4882a593Smuzhiyun *
17*4882a593Smuzhiyun *
18*4882a593Smuzhiyun * Usage
19*4882a593Smuzhiyun * -----
20*4882a593Smuzhiyun *
21*4882a593Smuzhiyun * This module is not intended to be standalone. See the "Usage"
22*4882a593Smuzhiyun * section of livepatch-shadow-mod.c.
23*4882a593Smuzhiyun */
24*4882a593Smuzhiyun
25*4882a593Smuzhiyun #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
26*4882a593Smuzhiyun
27*4882a593Smuzhiyun #include <linux/module.h>
28*4882a593Smuzhiyun #include <linux/kernel.h>
29*4882a593Smuzhiyun #include <linux/livepatch.h>
30*4882a593Smuzhiyun #include <linux/slab.h>
31*4882a593Smuzhiyun
32*4882a593Smuzhiyun /* Shadow variable enums */
33*4882a593Smuzhiyun #define SV_LEAK 1
34*4882a593Smuzhiyun #define SV_COUNTER 2
35*4882a593Smuzhiyun
36*4882a593Smuzhiyun struct dummy {
37*4882a593Smuzhiyun struct list_head list;
38*4882a593Smuzhiyun unsigned long jiffies_expire;
39*4882a593Smuzhiyun };
40*4882a593Smuzhiyun
livepatch_fix2_dummy_check(struct dummy * d,unsigned long jiffies)41*4882a593Smuzhiyun static bool livepatch_fix2_dummy_check(struct dummy *d, unsigned long jiffies)
42*4882a593Smuzhiyun {
43*4882a593Smuzhiyun int *shadow_count;
44*4882a593Smuzhiyun
45*4882a593Smuzhiyun /*
46*4882a593Smuzhiyun * Patch: handle in-flight dummy structures, if they do not
47*4882a593Smuzhiyun * already have a SV_COUNTER shadow variable, then attach a
48*4882a593Smuzhiyun * new one.
49*4882a593Smuzhiyun */
50*4882a593Smuzhiyun shadow_count = klp_shadow_get_or_alloc(d, SV_COUNTER,
51*4882a593Smuzhiyun sizeof(*shadow_count), GFP_NOWAIT,
52*4882a593Smuzhiyun NULL, NULL);
53*4882a593Smuzhiyun if (shadow_count)
54*4882a593Smuzhiyun *shadow_count += 1;
55*4882a593Smuzhiyun
56*4882a593Smuzhiyun return time_after(jiffies, d->jiffies_expire);
57*4882a593Smuzhiyun }
58*4882a593Smuzhiyun
livepatch_fix2_dummy_leak_dtor(void * obj,void * shadow_data)59*4882a593Smuzhiyun static void livepatch_fix2_dummy_leak_dtor(void *obj, void *shadow_data)
60*4882a593Smuzhiyun {
61*4882a593Smuzhiyun void *d = obj;
62*4882a593Smuzhiyun int **shadow_leak = shadow_data;
63*4882a593Smuzhiyun
64*4882a593Smuzhiyun kfree(*shadow_leak);
65*4882a593Smuzhiyun pr_info("%s: dummy @ %p, prevented leak @ %p\n",
66*4882a593Smuzhiyun __func__, d, *shadow_leak);
67*4882a593Smuzhiyun }
68*4882a593Smuzhiyun
livepatch_fix2_dummy_free(struct dummy * d)69*4882a593Smuzhiyun static void livepatch_fix2_dummy_free(struct dummy *d)
70*4882a593Smuzhiyun {
71*4882a593Smuzhiyun int **shadow_leak;
72*4882a593Smuzhiyun int *shadow_count;
73*4882a593Smuzhiyun
74*4882a593Smuzhiyun /* Patch: copy the memory leak patch from the fix1 module. */
75*4882a593Smuzhiyun shadow_leak = klp_shadow_get(d, SV_LEAK);
76*4882a593Smuzhiyun if (shadow_leak)
77*4882a593Smuzhiyun klp_shadow_free(d, SV_LEAK, livepatch_fix2_dummy_leak_dtor);
78*4882a593Smuzhiyun else
79*4882a593Smuzhiyun pr_info("%s: dummy @ %p leaked!\n", __func__, d);
80*4882a593Smuzhiyun
81*4882a593Smuzhiyun /*
82*4882a593Smuzhiyun * Patch: fetch the SV_COUNTER shadow variable and display
83*4882a593Smuzhiyun * the final count. Detach the shadow variable.
84*4882a593Smuzhiyun */
85*4882a593Smuzhiyun shadow_count = klp_shadow_get(d, SV_COUNTER);
86*4882a593Smuzhiyun if (shadow_count) {
87*4882a593Smuzhiyun pr_info("%s: dummy @ %p, check counter = %d\n",
88*4882a593Smuzhiyun __func__, d, *shadow_count);
89*4882a593Smuzhiyun klp_shadow_free(d, SV_COUNTER, NULL);
90*4882a593Smuzhiyun }
91*4882a593Smuzhiyun
92*4882a593Smuzhiyun kfree(d);
93*4882a593Smuzhiyun }
94*4882a593Smuzhiyun
95*4882a593Smuzhiyun static struct klp_func funcs[] = {
96*4882a593Smuzhiyun {
97*4882a593Smuzhiyun .old_name = "dummy_check",
98*4882a593Smuzhiyun .new_func = livepatch_fix2_dummy_check,
99*4882a593Smuzhiyun },
100*4882a593Smuzhiyun {
101*4882a593Smuzhiyun .old_name = "dummy_free",
102*4882a593Smuzhiyun .new_func = livepatch_fix2_dummy_free,
103*4882a593Smuzhiyun }, { }
104*4882a593Smuzhiyun };
105*4882a593Smuzhiyun
106*4882a593Smuzhiyun static struct klp_object objs[] = {
107*4882a593Smuzhiyun {
108*4882a593Smuzhiyun .name = "livepatch_shadow_mod",
109*4882a593Smuzhiyun .funcs = funcs,
110*4882a593Smuzhiyun }, { }
111*4882a593Smuzhiyun };
112*4882a593Smuzhiyun
113*4882a593Smuzhiyun static struct klp_patch patch = {
114*4882a593Smuzhiyun .mod = THIS_MODULE,
115*4882a593Smuzhiyun .objs = objs,
116*4882a593Smuzhiyun };
117*4882a593Smuzhiyun
livepatch_shadow_fix2_init(void)118*4882a593Smuzhiyun static int livepatch_shadow_fix2_init(void)
119*4882a593Smuzhiyun {
120*4882a593Smuzhiyun return klp_enable_patch(&patch);
121*4882a593Smuzhiyun }
122*4882a593Smuzhiyun
livepatch_shadow_fix2_exit(void)123*4882a593Smuzhiyun static void livepatch_shadow_fix2_exit(void)
124*4882a593Smuzhiyun {
125*4882a593Smuzhiyun /* Cleanup any existing SV_COUNTER shadow variables */
126*4882a593Smuzhiyun klp_shadow_free_all(SV_COUNTER, NULL);
127*4882a593Smuzhiyun }
128*4882a593Smuzhiyun
129*4882a593Smuzhiyun module_init(livepatch_shadow_fix2_init);
130*4882a593Smuzhiyun module_exit(livepatch_shadow_fix2_exit);
131*4882a593Smuzhiyun MODULE_LICENSE("GPL");
132*4882a593Smuzhiyun MODULE_INFO(livepatch, "Y");
133