include/linux/livepatch.h

0001 /* SPDX-License-Identifier: GPL-2.0-or-later */
0002 /*
0003  * livepatch.h - Kernel Live Patching Core
0004  *
0005  * Copyright (C) 2014 Seth Jennings <sjenning@redhat.com>
0006  * Copyright (C) 2014 SUSE
0007  */
0008
0009 #ifndef _LINUX_LIVEPATCH_H_
0010 #define _LINUX_LIVEPATCH_H_
0011
0012 #include <linux/module.h>
0013 #include <linux/ftrace.h>
0014 #include <linux/completion.h>
0015 #include <linux/list.h>
0016
0017 #if IS_ENABLED(CONFIG_LIVEPATCH)
0018
0019 /* task patch states */
0020 #define KLP_UNDEFINED   -1
0021 #define KLP_UNPATCHED    0
0022 #define KLP_PATCHED  1
0023
0024 /**
0025  * struct klp_func - function structure for live patching
0026  * @old_name:   name of the function to be patched
0027  * @new_func:   pointer to the patched function code
0028  * @old_sympos: a hint indicating which symbol position the old function
0029  *      can be found (optional)
0030  * @old_func:   pointer to the function being patched
0031  * @kobj:   kobject for sysfs resources
0032  * @node:   list node for klp_object func_list
0033  * @stack_node: list node for klp_ops func_stack list
0034  * @old_size:   size of the old function
0035  * @new_size:   size of the new function
0036  * @nop:        temporary patch to use the original code again; dyn. allocated
0037  * @patched:    the func has been added to the klp_ops list
0038  * @transition: the func is currently being applied or reverted
0039  *
0040  * The patched and transition variables define the func's patching state.  When
0041  * patching, a func is always in one of the following states:
0042  *
0043  *   patched=0 transition=0: unpatched
0044  *   patched=0 transition=1: unpatched, temporary starting state
0045  *   patched=1 transition=1: patched, may be visible to some tasks
0046  *   patched=1 transition=0: patched, visible to all tasks
0047  *
0048  * And when unpatching, it goes in the reverse order:
0049  *
0050  *   patched=1 transition=0: patched, visible to all tasks
0051  *   patched=1 transition=1: patched, may be visible to some tasks
0052  *   patched=0 transition=1: unpatched, temporary ending state
0053  *   patched=0 transition=0: unpatched
0054  */
0055 struct klp_func {
0056     /* external */
0057     const char *old_name;
0058     void *new_func;
0059     /*
0060      * The old_sympos field is optional and can be used to resolve
0061      * duplicate symbol names in livepatch objects. If this field is zero,
0062      * it is expected the symbol is unique, otherwise patching fails. If
0063      * this value is greater than zero then that occurrence of the symbol
0064      * in kallsyms for the given object is used.
0065      */
0066     unsigned long old_sympos;
0067
0068     /* internal */
0069     void *old_func;
0070     struct kobject kobj;
0071     struct list_head node;
0072     struct list_head stack_node;
0073     unsigned long old_size, new_size;
0074     bool nop;
0075     bool patched;
0076     bool transition;
0077 };
0078
0079 struct klp_object;
0080
0081 /**
0082  * struct klp_callbacks - pre/post live-(un)patch callback structure
0083  * @pre_patch:      executed before code patching
0084  * @post_patch:     executed after code patching
0085  * @pre_unpatch:    executed before code unpatching
0086  * @post_unpatch:   executed after code unpatching
0087  * @post_unpatch_enabled:   flag indicating if post-unpatch callback
0088  *              should run
0089  *
0090  * All callbacks are optional.  Only the pre-patch callback, if provided,
0091  * will be unconditionally executed.  If the parent klp_object fails to
0092  * patch for any reason, including a non-zero error status returned from
0093  * the pre-patch callback, no further callbacks will be executed.
0094  */
0095 struct klp_callbacks {
0096     int (*pre_patch)(struct klp_object *obj);
0097     void (*post_patch)(struct klp_object *obj);
0098     void (*pre_unpatch)(struct klp_object *obj);
0099     void (*post_unpatch)(struct klp_object *obj);
0100     bool post_unpatch_enabled;
0101 };
0102
0103 /**
0104  * struct klp_object - kernel object structure for live patching
0105  * @name:   module name (or NULL for vmlinux)
0106  * @funcs:  function entries for functions to be patched in the object
0107  * @callbacks:  functions to be executed pre/post (un)patching
0108  * @kobj:   kobject for sysfs resources
0109  * @func_list:  dynamic list of the function entries
0110  * @node:   list node for klp_patch obj_list
0111  * @mod:    kernel module associated with the patched object
0112  *      (NULL for vmlinux)
0113  * @dynamic:    temporary object for nop functions; dynamically allocated
0114  * @patched:    the object's funcs have been added to the klp_ops list
0115  */
0116 struct klp_object {
0117     /* external */
0118     const char *name;
0119     struct klp_func *funcs;
0120     struct klp_callbacks callbacks;
0121
0122     /* internal */
0123     struct kobject kobj;
0124     struct list_head func_list;
0125     struct list_head node;
0126     struct module *mod;
0127     bool dynamic;
0128     bool patched;
0129 };
0130
0131 /**
0132  * struct klp_state - state of the system modified by the livepatch
0133  * @id:     system state identifier (non-zero)
0134  * @version:    version of the change
0135  * @data:   custom data
0136  */
0137 struct klp_state {
0138     unsigned long id;
0139     unsigned int version;
0140     void *data;
0141 };
0142
0143 /**
0144  * struct klp_patch - patch structure for live patching
0145  * @mod:    reference to the live patch module
0146  * @objs:   object entries for kernel objects to be patched
0147  * @states: system states that can get modified
0148  * @replace:    replace all actively used patches
0149  * @list:   list node for global list of actively used patches
0150  * @kobj:   kobject for sysfs resources
0151  * @obj_list:   dynamic list of the object entries
0152  * @enabled:    the patch is enabled (but operation may be incomplete)
0153  * @forced: was involved in a forced transition
0154  * @free_work:  patch cleanup from workqueue-context
0155  * @finish: for waiting till it is safe to remove the patch module
0156  */
0157 struct klp_patch {
0158     /* external */
0159     struct module *mod;
0160     struct klp_object *objs;
0161     struct klp_state *states;
0162     bool replace;
0163
0164     /* internal */
0165     struct list_head list;
0166     struct kobject kobj;
0167     struct list_head obj_list;
0168     bool enabled;
0169     bool forced;
0170     struct work_struct free_work;
0171     struct completion finish;
0172 };
0173
0174 #define klp_for_each_object_static(patch, obj) \
0175     for (obj = patch->objs; obj->funcs || obj->name; obj++)
0176
0177 #define klp_for_each_object_safe(patch, obj, tmp_obj)       \
0178     list_for_each_entry_safe(obj, tmp_obj, &patch->obj_list, node)
0179
0180 #define klp_for_each_object(patch, obj) \
0181     list_for_each_entry(obj, &patch->obj_list, node)
0182
0183 #define klp_for_each_func_static(obj, func) \
0184     for (func = obj->funcs; \
0185          func->old_name || func->new_func || func->old_sympos; \
0186          func++)
0187
0188 #define klp_for_each_func_safe(obj, func, tmp_func)         \
0189     list_for_each_entry_safe(func, tmp_func, &obj->func_list, node)
0190
0191 #define klp_for_each_func(obj, func)    \
0192     list_for_each_entry(func, &obj->func_list, node)
0193
0194 int klp_enable_patch(struct klp_patch *);
0195
0196 /* Called from the module loader during module coming/going states */
0197 int klp_module_coming(struct module *mod);
0198 void klp_module_going(struct module *mod);
0199
0200 void klp_copy_process(struct task_struct *child);
0201 void klp_update_patch_state(struct task_struct *task);
0202
0203 static inline bool klp_patch_pending(struct task_struct *task)
0204 {
0205     return test_tsk_thread_flag(task, TIF_PATCH_PENDING);
0206 }
0207
0208 static inline bool klp_have_reliable_stack(void)
0209 {
0210     return IS_ENABLED(CONFIG_STACKTRACE) &&
0211            IS_ENABLED(CONFIG_HAVE_RELIABLE_STACKTRACE);
0212 }
0213
0214 typedef int (*klp_shadow_ctor_t)(void *obj,
0215                  void *shadow_data,
0216                  void *ctor_data);
0217 typedef void (*klp_shadow_dtor_t)(void *obj, void *shadow_data);
0218
0219 void *klp_shadow_get(void *obj, unsigned long id);
0220 void *klp_shadow_alloc(void *obj, unsigned long id,
0221                size_t size, gfp_t gfp_flags,
0222                klp_shadow_ctor_t ctor, void *ctor_data);
0223 void *klp_shadow_get_or_alloc(void *obj, unsigned long id,
0224                   size_t size, gfp_t gfp_flags,
0225                   klp_shadow_ctor_t ctor, void *ctor_data);
0226 void klp_shadow_free(void *obj, unsigned long id, klp_shadow_dtor_t dtor);
0227 void klp_shadow_free_all(unsigned long id, klp_shadow_dtor_t dtor);
0228
0229 struct klp_state *klp_get_state(struct klp_patch *patch, unsigned long id);
0230 struct klp_state *klp_get_prev_state(unsigned long id);
0231
0232 int klp_apply_section_relocs(struct module *pmod, Elf_Shdr *sechdrs,
0233                  const char *shstrtab, const char *strtab,
0234                  unsigned int symindex, unsigned int secindex,
0235                  const char *objname);
0236
0237 #else /* !CONFIG_LIVEPATCH */
0238
0239 static inline int klp_module_coming(struct module *mod) { return 0; }
0240 static inline void klp_module_going(struct module *mod) {}
0241 static inline bool klp_patch_pending(struct task_struct *task) { return false; }
0242 static inline void klp_update_patch_state(struct task_struct *task) {}
0243 static inline void klp_copy_process(struct task_struct *child) {}
0244
0245 static inline
0246 int klp_apply_section_relocs(struct module *pmod, Elf_Shdr *sechdrs,
0247                  const char *shstrtab, const char *strtab,
0248                  unsigned int symindex, unsigned int secindex,
0249                  const char *objname)
0250 {
0251     return 0;
0252 }
0253
0254 #endif /* CONFIG_LIVEPATCH */
0255
0256 #endif /* _LINUX_LIVEPATCH_H_ */