d0807da78e
Immediate flag has been used to disable per-task consistency and patch all tasks immediately. It could be useful if the patch doesn't change any function or data semantics. However, it causes problems on its own. The consistency problem is currently broken with respect to immediate patches. func a patches 1i 2i 3 When the patch 3 is applied, only 2i function is checked (by stack checking facility). There might be a task sleeping in 1i though. Such task is migrated to 3, because we do not check 1i in klp_check_stack_func() at all. Coming atomic replace feature would be easier to implement and more reliable without immediate. Thus, remove immediate feature completely and save us from the problems. Note that force feature has the similar problem. However it is considered as a last resort. If used, administrator should not apply any new live patches and should plan for reboot into an updated kernel. The architectures would now need to provide HAVE_RELIABLE_STACKTRACE to fully support livepatch. Signed-off-by: Miroslav Benes <mbenes@suse.cz> Acked-by: Josh Poimboeuf <jpoimboe@redhat.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
93 lines
2.1 KiB
C
93 lines
2.1 KiB
C
/*
|
|
* livepatch-sample.c - Kernel Live Patching Sample Module
|
|
*
|
|
* Copyright (C) 2014 Seth Jennings <sjenning@redhat.com>
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License
|
|
* as published by the Free Software Foundation; either version 2
|
|
* of the License, or (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
|
|
|
|
#include <linux/module.h>
|
|
#include <linux/kernel.h>
|
|
#include <linux/livepatch.h>
|
|
|
|
/*
|
|
* This (dumb) live patch overrides the function that prints the
|
|
* kernel boot cmdline when /proc/cmdline is read.
|
|
*
|
|
* Example:
|
|
*
|
|
* $ cat /proc/cmdline
|
|
* <your cmdline>
|
|
*
|
|
* $ insmod livepatch-sample.ko
|
|
* $ cat /proc/cmdline
|
|
* this has been live patched
|
|
*
|
|
* $ echo 0 > /sys/kernel/livepatch/livepatch_sample/enabled
|
|
* $ cat /proc/cmdline
|
|
* <your cmdline>
|
|
*/
|
|
|
|
#include <linux/seq_file.h>
|
|
static int livepatch_cmdline_proc_show(struct seq_file *m, void *v)
|
|
{
|
|
seq_printf(m, "%s\n", "this has been live patched");
|
|
return 0;
|
|
}
|
|
|
|
static struct klp_func funcs[] = {
|
|
{
|
|
.old_name = "cmdline_proc_show",
|
|
.new_func = livepatch_cmdline_proc_show,
|
|
}, { }
|
|
};
|
|
|
|
static struct klp_object objs[] = {
|
|
{
|
|
/* name being NULL means vmlinux */
|
|
.funcs = funcs,
|
|
}, { }
|
|
};
|
|
|
|
static struct klp_patch patch = {
|
|
.mod = THIS_MODULE,
|
|
.objs = objs,
|
|
};
|
|
|
|
static int livepatch_init(void)
|
|
{
|
|
int ret;
|
|
|
|
ret = klp_register_patch(&patch);
|
|
if (ret)
|
|
return ret;
|
|
ret = klp_enable_patch(&patch);
|
|
if (ret) {
|
|
WARN_ON(klp_unregister_patch(&patch));
|
|
return ret;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
static void livepatch_exit(void)
|
|
{
|
|
WARN_ON(klp_unregister_patch(&patch));
|
|
}
|
|
|
|
module_init(livepatch_init);
|
|
module_exit(livepatch_exit);
|
|
MODULE_LICENSE("GPL");
|
|
MODULE_INFO(livepatch, "Y");
|