forked from Minki/linux
livepatch: Remove .klp.arch
After the previous patch, vmlinux-specific KLP relocations are now applied early during KLP module load. This means that .klp.arch sections are no longer needed for *vmlinux-specific* KLP relocations. One might think they're still needed for *module-specific* KLP relocations. If a to-be-patched module is loaded *after* its corresponding KLP module is loaded, any corresponding KLP relocations will be delayed until the to-be-patched module is loaded. If any special sections (.parainstructions, for example) rely on those relocations, their initializations (apply_paravirt) need to be done afterwards. Thus the apparent need for arch_klp_init_object_loaded() and its corresponding .klp.arch sections -- it allows some of the special section initializations to be done at a later time. But... if you look closer, that dependency between the special sections and the module-specific KLP relocations doesn't actually exist in reality. Looking at the contents of the .altinstructions and .parainstructions sections, there's not a realistic scenario in which a KLP module's .altinstructions or .parainstructions section needs to access a symbol in a to-be-patched module. It might need to access a local symbol or even a vmlinux symbol; but not another module's symbol. When a special section needs to reference a local or vmlinux symbol, a normal rela can be used instead of a KLP rela. Since the special section initializations don't actually have any real dependency on module-specific KLP relocations, .klp.arch and arch_klp_init_object_loaded() no longer have a reason to exist. So remove them. As Peter said much more succinctly: So the reason for .klp.arch was that .klp.rela.* stuff would overwrite paravirt instructions. If that happens you're doing it wrong. Those RELAs are core kernel, not module, and thus should've happened in .rela.* sections at patch-module loading time. Reverting this removes the two apply_{paravirt,alternatives}() calls from the late patching path, and means we don't have to worry about them when removing module_disable_ro(). [ jpoimboe: Rewrote patch description. Tweaked klp_init_object_loaded() error path. ] Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org> Acked-by: Joe Lawrence <joe.lawrence@redhat.com> Acked-by: Miroslav Benes <mbenes@suse.cz> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
This commit is contained in:
parent
7c8e2bdd5f
commit
1d05334d28
@ -14,8 +14,7 @@ This document outlines the Elf format requirements that livepatch modules must f
|
||||
4. Livepatch symbols
|
||||
4.1 A livepatch module's symbol table
|
||||
4.2 Livepatch symbol format
|
||||
5. Architecture-specific sections
|
||||
6. Symbol table and Elf section access
|
||||
5. Symbol table and Elf section access
|
||||
|
||||
1. Background and motivation
|
||||
============================
|
||||
@ -298,17 +297,7 @@ Examples:
|
||||
Note that the 'Ndx' (Section index) for these symbols is SHN_LIVEPATCH (0xff20).
|
||||
"OS" means OS-specific.
|
||||
|
||||
5. Architecture-specific sections
|
||||
=================================
|
||||
Architectures may override arch_klp_init_object_loaded() to perform
|
||||
additional arch-specific tasks when a target module loads, such as applying
|
||||
arch-specific sections. On x86 for example, we must apply per-object
|
||||
.altinstructions and .parainstructions sections when a target module loads.
|
||||
These sections must be prefixed with ".klp.arch.$objname." so that they can
|
||||
be easily identified when iterating through a patch module's Elf sections
|
||||
(See arch/x86/kernel/livepatch.c for a complete example).
|
||||
|
||||
6. Symbol table and Elf section access
|
||||
5. Symbol table and Elf section access
|
||||
======================================
|
||||
A livepatch module's symbol table is accessible through module->symtab.
|
||||
|
||||
|
@ -90,7 +90,6 @@ obj-$(CONFIG_X86_MPPARSE) += mpparse.o
|
||||
obj-y += apic/
|
||||
obj-$(CONFIG_X86_REBOOTFIXUPS) += reboot_fixups_32.o
|
||||
obj-$(CONFIG_DYNAMIC_FTRACE) += ftrace.o
|
||||
obj-$(CONFIG_LIVEPATCH) += livepatch.o
|
||||
obj-$(CONFIG_FUNCTION_TRACER) += ftrace_$(BITS).o
|
||||
obj-$(CONFIG_FUNCTION_GRAPH_TRACER) += ftrace.o
|
||||
obj-$(CONFIG_FTRACE_SYSCALLS) += ftrace.o
|
||||
|
@ -1,53 +0,0 @@
|
||||
// SPDX-License-Identifier: GPL-2.0-or-later
|
||||
/*
|
||||
* livepatch.c - x86-specific Kernel Live Patching Core
|
||||
*/
|
||||
|
||||
#include <linux/module.h>
|
||||
#include <linux/kallsyms.h>
|
||||
#include <linux/livepatch.h>
|
||||
#include <asm/text-patching.h>
|
||||
|
||||
/* Apply per-object alternatives. Based on x86 module_finalize() */
|
||||
void arch_klp_init_object_loaded(struct klp_patch *patch,
|
||||
struct klp_object *obj)
|
||||
{
|
||||
int cnt;
|
||||
struct klp_modinfo *info;
|
||||
Elf_Shdr *s, *alt = NULL, *para = NULL;
|
||||
void *aseg, *pseg;
|
||||
const char *objname;
|
||||
char sec_objname[MODULE_NAME_LEN];
|
||||
char secname[KSYM_NAME_LEN];
|
||||
|
||||
info = patch->mod->klp_info;
|
||||
objname = obj->name ? obj->name : "vmlinux";
|
||||
|
||||
/* See livepatch core code for BUILD_BUG_ON() explanation */
|
||||
BUILD_BUG_ON(MODULE_NAME_LEN < 56 || KSYM_NAME_LEN != 128);
|
||||
|
||||
for (s = info->sechdrs; s < info->sechdrs + info->hdr.e_shnum; s++) {
|
||||
/* Apply per-object .klp.arch sections */
|
||||
cnt = sscanf(info->secstrings + s->sh_name,
|
||||
".klp.arch.%55[^.].%127s",
|
||||
sec_objname, secname);
|
||||
if (cnt != 2)
|
||||
continue;
|
||||
if (strcmp(sec_objname, objname))
|
||||
continue;
|
||||
if (!strcmp(".altinstructions", secname))
|
||||
alt = s;
|
||||
if (!strcmp(".parainstructions", secname))
|
||||
para = s;
|
||||
}
|
||||
|
||||
if (alt) {
|
||||
aseg = (void *) alt->sh_addr;
|
||||
apply_alternatives(aseg, aseg + alt->sh_size);
|
||||
}
|
||||
|
||||
if (para) {
|
||||
pseg = (void *) para->sh_addr;
|
||||
apply_paravirt(pseg, pseg + para->sh_size);
|
||||
}
|
||||
}
|
@ -195,9 +195,6 @@ struct klp_patch {
|
||||
|
||||
int klp_enable_patch(struct klp_patch *);
|
||||
|
||||
void arch_klp_init_object_loaded(struct klp_patch *patch,
|
||||
struct klp_object *obj);
|
||||
|
||||
/* Called from the module loader during module coming/going states */
|
||||
int klp_module_coming(struct module *mod);
|
||||
void klp_module_going(struct module *mod);
|
||||
|
@ -729,12 +729,6 @@ static int klp_init_func(struct klp_object *obj, struct klp_func *func)
|
||||
func->old_sympos ? func->old_sympos : 1);
|
||||
}
|
||||
|
||||
/* Arches may override this to finish any remaining arch-specific tasks */
|
||||
void __weak arch_klp_init_object_loaded(struct klp_patch *patch,
|
||||
struct klp_object *obj)
|
||||
{
|
||||
}
|
||||
|
||||
int klp_apply_object_relocs(struct klp_patch *patch, struct klp_object *obj)
|
||||
{
|
||||
int i, ret;
|
||||
@ -764,10 +758,11 @@ static int klp_init_object_loaded(struct klp_patch *patch,
|
||||
struct klp_func *func;
|
||||
int ret;
|
||||
|
||||
mutex_lock(&text_mutex);
|
||||
module_disable_ro(patch->mod);
|
||||
|
||||
if (klp_is_module(obj)) {
|
||||
|
||||
mutex_lock(&text_mutex);
|
||||
module_disable_ro(patch->mod);
|
||||
|
||||
/*
|
||||
* Only write module-specific relocations here
|
||||
* (.klp.rela.{module}.*). vmlinux-specific relocations were
|
||||
@ -775,18 +770,14 @@ static int klp_init_object_loaded(struct klp_patch *patch,
|
||||
* itself.
|
||||
*/
|
||||
ret = klp_apply_object_relocs(patch, obj);
|
||||
if (ret) {
|
||||
module_enable_ro(patch->mod, true);
|
||||
mutex_unlock(&text_mutex);
|
||||
|
||||
module_enable_ro(patch->mod, true);
|
||||
mutex_unlock(&text_mutex);
|
||||
|
||||
if (ret)
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
|
||||
arch_klp_init_object_loaded(patch, obj);
|
||||
|
||||
module_enable_ro(patch->mod, true);
|
||||
mutex_unlock(&text_mutex);
|
||||
|
||||
klp_for_each_func(obj, func) {
|
||||
ret = klp_find_object_symbol(obj->name, func->old_name,
|
||||
func->old_sympos,
|
||||
|
Loading…
Reference in New Issue
Block a user