Commit d2d721e2 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'livepatching-for-6.11' of... 

Merge tag 'livepatching-for-6.11' of git://git.kernel.org/pub/scm/linux/kernel/git/livepatching/livepatching

Pull livepatching update from Petr Mladek:

 - show patch->replace flag in sysfs

 - add or improve few selftests

* tag 'livepatching-for-6.11' of git://git.kernel.org/pub/scm/linux/kernel/git/livepatching/livepatching:
  livepatch: Replace snprintf() with sysfs_emit()
  selftests/livepatch: Add selftests for "replace" sysfs attribute
  livepatch: Add "replace" sysfs attribute
  selftests: livepatch: Test atomic replace against multiple modules
  selftests/livepatch: define max test-syscall processes
parents 28bbe4ea ea5377ec

Documentation/ABI/testing/sysfs-kernel-livepatch

+8 −0
Original line number Diff line number Diff line
@@ -47,6 +47,14 @@ Description: 
		disabled when the feature is used. See

		Documentation/livepatch/livepatch.rst for more information.



What:		/sys/kernel/livepatch/<patch>/replace

Date:		Jun 2024

KernelVersion:	6.11.0

Contact:	live-patching@vger.kernel.org

Description:

		An attribute which indicates whether the patch supports

		atomic-replace.



What:		/sys/kernel/livepatch/<patch>/<object>

Date:		Nov 2014

KernelVersion:	3.19.0

kernel/livepatch/core.c

+14 −3
Original line number Diff line number Diff line
@@ -346,6 +346,7 @@ int klp_apply_section_relocs(struct module *pmod, Elf_Shdr *sechdrs, 
 * /sys/kernel/livepatch/<patch>/enabled

 * /sys/kernel/livepatch/<patch>/transition

 * /sys/kernel/livepatch/<patch>/force

 * /sys/kernel/livepatch/<patch>/replace

 * /sys/kernel/livepatch/<patch>/<object>

 * /sys/kernel/livepatch/<patch>/<object>/patched

 * /sys/kernel/livepatch/<patch>/<object>/<function,sympos>
@@ -401,7 +402,7 @@ static ssize_t enabled_show(struct kobject *kobj, 
	struct klp_patch *patch;



	patch = container_of(kobj, struct klp_patch, kobj);

	return snprintf(buf, PAGE_SIZE-1, "%d\n", patch->enabled);

	return sysfs_emit(buf, "%d\n", patch->enabled);

}



static ssize_t transition_show(struct kobject *kobj,
@@ -410,8 +411,7 @@ static ssize_t transition_show(struct kobject *kobj, 
	struct klp_patch *patch;



	patch = container_of(kobj, struct klp_patch, kobj);

	return snprintf(buf, PAGE_SIZE-1, "%d\n",

			patch == klp_transition_patch);

	return sysfs_emit(buf, "%d\n", patch == klp_transition_patch);

}



static ssize_t force_store(struct kobject *kobj, struct kobj_attribute *attr,
@@ -443,13 +443,24 @@ static ssize_t force_store(struct kobject *kobj, struct kobj_attribute *attr, 
	return count;

}



static ssize_t replace_show(struct kobject *kobj,

			    struct kobj_attribute *attr, char *buf)

{

	struct klp_patch *patch;



	patch = container_of(kobj, struct klp_patch, kobj);

	return sysfs_emit(buf, "%d\n", patch->replace);

}



static struct kobj_attribute enabled_kobj_attr = __ATTR_RW(enabled);

static struct kobj_attribute transition_kobj_attr = __ATTR_RO(transition);

static struct kobj_attribute force_kobj_attr = __ATTR_WO(force);

static struct kobj_attribute replace_kobj_attr = __ATTR_RO(replace);

static struct attribute *klp_patch_attrs[] = {

	&enabled_kobj_attr.attr,

	&transition_kobj_attr.attr,

	&force_kobj_attr.attr,

	&replace_kobj_attr.attr,

	NULL

};

ATTRIBUTE_GROUPS(klp_patch);

tools/testing/selftests/livepatch/test-livepatch.sh

+89 −49
Original line number Diff line number Diff line
@@ -4,7 +4,9 @@ 


. $(dirname $0)/functions.sh



MOD_LIVEPATCH=test_klp_livepatch

MOD_LIVEPATCH1=test_klp_livepatch

MOD_LIVEPATCH2=test_klp_syscall

MOD_LIVEPATCH3=test_klp_callbacks_demo

MOD_REPLACE=test_klp_atomic_replace



setup_config
@@ -16,33 +18,33 @@ setup_config 


start_test "basic function patching"



load_lp $MOD_LIVEPATCH

load_lp $MOD_LIVEPATCH1



if [[ "$(cat /proc/cmdline)" != "$MOD_LIVEPATCH: this has been live patched" ]] ; then

if [[ "$(cat /proc/cmdline)" != "$MOD_LIVEPATCH1: this has been live patched" ]] ; then

	echo -e "FAIL\n\n"

	die "livepatch kselftest(s) failed"

fi



disable_lp $MOD_LIVEPATCH

unload_lp $MOD_LIVEPATCH

disable_lp $MOD_LIVEPATCH1

unload_lp $MOD_LIVEPATCH1



if [[ "$(cat /proc/cmdline)" == "$MOD_LIVEPATCH: this has been live patched" ]] ; then

if [[ "$(cat /proc/cmdline)" == "$MOD_LIVEPATCH1: this has been live patched" ]] ; then

	echo -e "FAIL\n\n"

	die "livepatch kselftest(s) failed"

fi



check_result "% insmod test_modules/$MOD_LIVEPATCH.ko

livepatch: enabling patch '$MOD_LIVEPATCH'

livepatch: '$MOD_LIVEPATCH': initializing patching transition

livepatch: '$MOD_LIVEPATCH': starting patching transition

livepatch: '$MOD_LIVEPATCH': completing patching transition

livepatch: '$MOD_LIVEPATCH': patching complete

% echo 0 > /sys/kernel/livepatch/$MOD_LIVEPATCH/enabled

livepatch: '$MOD_LIVEPATCH': initializing unpatching transition

livepatch: '$MOD_LIVEPATCH': starting unpatching transition

livepatch: '$MOD_LIVEPATCH': completing unpatching transition

livepatch: '$MOD_LIVEPATCH': unpatching complete

% rmmod $MOD_LIVEPATCH"

check_result "% insmod test_modules/$MOD_LIVEPATCH1.ko

livepatch: enabling patch '$MOD_LIVEPATCH1'

livepatch: '$MOD_LIVEPATCH1': initializing patching transition

livepatch: '$MOD_LIVEPATCH1': starting patching transition

livepatch: '$MOD_LIVEPATCH1': completing patching transition

livepatch: '$MOD_LIVEPATCH1': patching complete

% echo 0 > /sys/kernel/livepatch/$MOD_LIVEPATCH1/enabled

livepatch: '$MOD_LIVEPATCH1': initializing unpatching transition

livepatch: '$MOD_LIVEPATCH1': starting unpatching transition

livepatch: '$MOD_LIVEPATCH1': completing unpatching transition

livepatch: '$MOD_LIVEPATCH1': unpatching complete

% rmmod $MOD_LIVEPATCH1"





# - load a livepatch that modifies the output from /proc/cmdline and
@@ -53,7 +55,7 @@ livepatch: '$MOD_LIVEPATCH': unpatching complete 


start_test "multiple livepatches"



load_lp $MOD_LIVEPATCH

load_lp $MOD_LIVEPATCH1



grep 'live patched' /proc/cmdline > /dev/kmsg

grep 'live patched' /proc/meminfo > /dev/kmsg
@@ -69,26 +71,26 @@ unload_lp $MOD_REPLACE 
grep 'live patched' /proc/cmdline > /dev/kmsg

grep 'live patched' /proc/meminfo > /dev/kmsg



disable_lp $MOD_LIVEPATCH

unload_lp $MOD_LIVEPATCH

disable_lp $MOD_LIVEPATCH1

unload_lp $MOD_LIVEPATCH1



grep 'live patched' /proc/cmdline > /dev/kmsg

grep 'live patched' /proc/meminfo > /dev/kmsg



check_result "% insmod test_modules/$MOD_LIVEPATCH.ko

livepatch: enabling patch '$MOD_LIVEPATCH'

livepatch: '$MOD_LIVEPATCH': initializing patching transition

livepatch: '$MOD_LIVEPATCH': starting patching transition

livepatch: '$MOD_LIVEPATCH': completing patching transition

livepatch: '$MOD_LIVEPATCH': patching complete

$MOD_LIVEPATCH: this has been live patched

check_result "% insmod test_modules/$MOD_LIVEPATCH1.ko

livepatch: enabling patch '$MOD_LIVEPATCH1'

livepatch: '$MOD_LIVEPATCH1': initializing patching transition

livepatch: '$MOD_LIVEPATCH1': starting patching transition

livepatch: '$MOD_LIVEPATCH1': completing patching transition

livepatch: '$MOD_LIVEPATCH1': patching complete

$MOD_LIVEPATCH1: this has been live patched

% insmod test_modules/$MOD_REPLACE.ko replace=0

livepatch: enabling patch '$MOD_REPLACE'

livepatch: '$MOD_REPLACE': initializing patching transition

livepatch: '$MOD_REPLACE': starting patching transition

livepatch: '$MOD_REPLACE': completing patching transition

livepatch: '$MOD_REPLACE': patching complete

$MOD_LIVEPATCH: this has been live patched

$MOD_LIVEPATCH1: this has been live patched

$MOD_REPLACE: this has been live patched

% echo 0 > /sys/kernel/livepatch/$MOD_REPLACE/enabled

livepatch: '$MOD_REPLACE': initializing unpatching transition
@@ -96,35 +98,57 @@ livepatch: '$MOD_REPLACE': starting unpatching transition 
livepatch: '$MOD_REPLACE': completing unpatching transition

livepatch: '$MOD_REPLACE': unpatching complete

% rmmod $MOD_REPLACE

$MOD_LIVEPATCH: this has been live patched

% echo 0 > /sys/kernel/livepatch/$MOD_LIVEPATCH/enabled

livepatch: '$MOD_LIVEPATCH': initializing unpatching transition

livepatch: '$MOD_LIVEPATCH': starting unpatching transition

livepatch: '$MOD_LIVEPATCH': completing unpatching transition

livepatch: '$MOD_LIVEPATCH': unpatching complete

% rmmod $MOD_LIVEPATCH"

$MOD_LIVEPATCH1: this has been live patched

% echo 0 > /sys/kernel/livepatch/$MOD_LIVEPATCH1/enabled

livepatch: '$MOD_LIVEPATCH1': initializing unpatching transition

livepatch: '$MOD_LIVEPATCH1': starting unpatching transition

livepatch: '$MOD_LIVEPATCH1': completing unpatching transition

livepatch: '$MOD_LIVEPATCH1': unpatching complete

% rmmod $MOD_LIVEPATCH1"





# - load a livepatch that modifies the output from /proc/cmdline and

#   verify correct behavior

# - load an atomic replace livepatch and verify that only the second is active

# - remove the first livepatch and verify that the atomic replace livepatch

#   is still active

# - load two additional livepatches and check the number of livepatch modules

#   applied

# - load an atomic replace livepatch and check that the other three modules were

#   disabled

# - remove all livepatches besides the atomic replace one and verify that the

#   atomic replace livepatch is still active

# - remove the atomic replace livepatch and verify that none are active



start_test "atomic replace livepatch"



load_lp $MOD_LIVEPATCH

load_lp $MOD_LIVEPATCH1



grep 'live patched' /proc/cmdline > /dev/kmsg

grep 'live patched' /proc/meminfo > /dev/kmsg



for mod in $MOD_LIVEPATCH2 $MOD_LIVEPATCH3; do

	load_lp "$mod"

done



mods=(/sys/kernel/livepatch/*)

nmods=${#mods[@]}

if [ "$nmods" -ne 3 ]; then

	die "Expecting three modules listed, found $nmods"

fi



load_lp $MOD_REPLACE replace=1



grep 'live patched' /proc/cmdline > /dev/kmsg

grep 'live patched' /proc/meminfo > /dev/kmsg



unload_lp $MOD_LIVEPATCH

mods=(/sys/kernel/livepatch/*)

nmods=${#mods[@]}

if [ "$nmods" -ne 1 ]; then

	die "Expecting only one moduled listed, found $nmods"

fi



# These modules were disabled by the atomic replace

for mod in $MOD_LIVEPATCH3 $MOD_LIVEPATCH2 $MOD_LIVEPATCH1; do

	unload_lp "$mod"

done



grep 'live patched' /proc/cmdline > /dev/kmsg

grep 'live patched' /proc/meminfo > /dev/kmsg
@@ -135,13 +159,27 @@ unload_lp $MOD_REPLACE 
grep 'live patched' /proc/cmdline > /dev/kmsg

grep 'live patched' /proc/meminfo > /dev/kmsg



check_result "% insmod test_modules/$MOD_LIVEPATCH.ko

livepatch: enabling patch '$MOD_LIVEPATCH'

livepatch: '$MOD_LIVEPATCH': initializing patching transition

livepatch: '$MOD_LIVEPATCH': starting patching transition

livepatch: '$MOD_LIVEPATCH': completing patching transition

livepatch: '$MOD_LIVEPATCH': patching complete

$MOD_LIVEPATCH: this has been live patched

check_result "% insmod test_modules/$MOD_LIVEPATCH1.ko

livepatch: enabling patch '$MOD_LIVEPATCH1'

livepatch: '$MOD_LIVEPATCH1': initializing patching transition

livepatch: '$MOD_LIVEPATCH1': starting patching transition

livepatch: '$MOD_LIVEPATCH1': completing patching transition

livepatch: '$MOD_LIVEPATCH1': patching complete

$MOD_LIVEPATCH1: this has been live patched

% insmod test_modules/$MOD_LIVEPATCH2.ko

livepatch: enabling patch '$MOD_LIVEPATCH2'

livepatch: '$MOD_LIVEPATCH2': initializing patching transition

livepatch: '$MOD_LIVEPATCH2': starting patching transition

livepatch: '$MOD_LIVEPATCH2': completing patching transition

livepatch: '$MOD_LIVEPATCH2': patching complete

% insmod test_modules/$MOD_LIVEPATCH3.ko

livepatch: enabling patch '$MOD_LIVEPATCH3'

livepatch: '$MOD_LIVEPATCH3': initializing patching transition

$MOD_LIVEPATCH3: pre_patch_callback: vmlinux

livepatch: '$MOD_LIVEPATCH3': starting patching transition

livepatch: '$MOD_LIVEPATCH3': completing patching transition

$MOD_LIVEPATCH3: post_patch_callback: vmlinux

livepatch: '$MOD_LIVEPATCH3': patching complete

% insmod test_modules/$MOD_REPLACE.ko replace=1

livepatch: enabling patch '$MOD_REPLACE'

livepatch: '$MOD_REPLACE': initializing patching transition
@@ -149,7 +187,9 @@ livepatch: '$MOD_REPLACE': starting patching transition 
livepatch: '$MOD_REPLACE': completing patching transition

livepatch: '$MOD_REPLACE': patching complete

$MOD_REPLACE: this has been live patched

% rmmod $MOD_LIVEPATCH

% rmmod $MOD_LIVEPATCH3

% rmmod $MOD_LIVEPATCH2

% rmmod $MOD_LIVEPATCH1

$MOD_REPLACE: this has been live patched

% echo 0 > /sys/kernel/livepatch/$MOD_REPLACE/enabled

livepatch: '$MOD_REPLACE': initializing unpatching transition

tools/testing/selftests/livepatch/test-syscall.sh

+4 −1
Original line number Diff line number Diff line
@@ -15,7 +15,10 @@ setup_config 


start_test "patch getpid syscall while being heavily hammered"



for i in $(seq 1 $(getconf _NPROCESSORS_ONLN)); do

NPROC=$(getconf _NPROCESSORS_ONLN)

MAXPROC=128



for i in $(seq 1 $(($NPROC < $MAXPROC ? $NPROC : $MAXPROC))); do

	./test_klp-call_getpid &

	pids[$i]="$!"

done

tools/testing/selftests/livepatch/test-sysfs.sh

+48 −0
Original line number Diff line number Diff line
@@ -18,6 +18,7 @@ check_sysfs_rights "$MOD_LIVEPATCH" "" "drwxr-xr-x" 
check_sysfs_rights "$MOD_LIVEPATCH" "enabled" "-rw-r--r--"

check_sysfs_value  "$MOD_LIVEPATCH" "enabled" "1"

check_sysfs_rights "$MOD_LIVEPATCH" "force" "--w-------"

check_sysfs_rights "$MOD_LIVEPATCH" "replace" "-r--r--r--"

check_sysfs_rights "$MOD_LIVEPATCH" "transition" "-r--r--r--"

check_sysfs_value  "$MOD_LIVEPATCH" "transition" "0"

check_sysfs_rights "$MOD_LIVEPATCH" "vmlinux/patched" "-r--r--r--"
@@ -83,4 +84,51 @@ test_klp_callbacks_demo: post_unpatch_callback: vmlinux 
livepatch: 'test_klp_callbacks_demo': unpatching complete

% rmmod test_klp_callbacks_demo"



start_test "sysfs test replace enabled"



MOD_LIVEPATCH=test_klp_atomic_replace

load_lp $MOD_LIVEPATCH replace=1



check_sysfs_rights "$MOD_LIVEPATCH" "replace" "-r--r--r--"

check_sysfs_value  "$MOD_LIVEPATCH" "replace" "1"



disable_lp $MOD_LIVEPATCH

unload_lp $MOD_LIVEPATCH



check_result "% insmod test_modules/$MOD_LIVEPATCH.ko replace=1

livepatch: enabling patch '$MOD_LIVEPATCH'

livepatch: '$MOD_LIVEPATCH': initializing patching transition

livepatch: '$MOD_LIVEPATCH': starting patching transition

livepatch: '$MOD_LIVEPATCH': completing patching transition

livepatch: '$MOD_LIVEPATCH': patching complete

% echo 0 > /sys/kernel/livepatch/$MOD_LIVEPATCH/enabled

livepatch: '$MOD_LIVEPATCH': initializing unpatching transition

livepatch: '$MOD_LIVEPATCH': starting unpatching transition

livepatch: '$MOD_LIVEPATCH': completing unpatching transition

livepatch: '$MOD_LIVEPATCH': unpatching complete

% rmmod $MOD_LIVEPATCH"



start_test "sysfs test replace disabled"



load_lp $MOD_LIVEPATCH replace=0



check_sysfs_rights "$MOD_LIVEPATCH" "replace" "-r--r--r--"

check_sysfs_value  "$MOD_LIVEPATCH" "replace" "0"



disable_lp $MOD_LIVEPATCH

unload_lp $MOD_LIVEPATCH



check_result "% insmod test_modules/$MOD_LIVEPATCH.ko replace=0

livepatch: enabling patch '$MOD_LIVEPATCH'

livepatch: '$MOD_LIVEPATCH': initializing patching transition

livepatch: '$MOD_LIVEPATCH': starting patching transition

livepatch: '$MOD_LIVEPATCH': completing patching transition

livepatch: '$MOD_LIVEPATCH': patching complete

% echo 0 > /sys/kernel/livepatch/$MOD_LIVEPATCH/enabled

livepatch: '$MOD_LIVEPATCH': initializing unpatching transition

livepatch: '$MOD_LIVEPATCH': starting unpatching transition

livepatch: '$MOD_LIVEPATCH': completing unpatching transition

livepatch: '$MOD_LIVEPATCH': unpatching complete

% rmmod $MOD_LIVEPATCH"



exit 0