From patchwork Thu May 16 13:30:04 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lukas Hruska X-Patchwork-Id: 13666216 Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 411351482E4; Thu, 16 May 2024 13:30:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.135.223.130 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715866227; cv=none; b=Iv0CHL6QJGg211jr+i2RDaPoOE4ce088TDzJoir1yzZlXW2AsR601kvd0e1H7Dkz6wLSu9fs13dJNt9sW9cgs/6C9QcN4Cf1gtSqVLij9lzJzv9xRDc80BPTbVIU8ogFJyUkPuy/LkT/p0lHI8xV/rUFN/D+4xl+9m+LRMVrarE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715866227; c=relaxed/simple; bh=yqUPjCa6qT94bXk2HmJIf+EMfPI7fuUeq+yoIITcYSI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=E8B27Q4peiQY4cPKtikXvC4ytkOjkd/S7jcMX1tG/PT2Fiogm9wX9wk+8UUaWXRXP0r5ZTKQc7Z9DpbOfMwbcU0yqQZtNwfJ6Tv462HmR7umRhbWz2AG2HZCjcICD3pgfAa+QvoYPutMLdUXt6gbUBuipPZZs1AcZOWKlBOxenA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz; spf=pass smtp.mailfrom=suse.cz; arc=none smtp.client-ip=195.135.223.130 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.cz Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [IPv6:2a07:de40:b281:104:10:150:64:97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 7F39A349E8; Thu, 16 May 2024 13:30:23 +0000 (UTC) Authentication-Results: smtp-out1.suse.de; none Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 7183F13991; Thu, 16 May 2024 13:30:23 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id SVQmG28KRmYDCAAAD6G6ig (envelope-from ); Thu, 16 May 2024 13:30:23 +0000 From: Lukas Hruska To: pmladek@suse.com, mbenes@suse.cz, jpoimboe@kernel.org Cc: joe.lawrence@redhat.com, live-patching@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kbuild@vger.kernel.org, mpdesouza@suse.com, lhruska@suse.cz, Josh Poimboeuf Subject: [PATCH v2 1/6] livepatch: Create and include UAPI headers Date: Thu, 16 May 2024 15:30:04 +0200 Message-ID: <20240516133009.20224-2-lhruska@suse.cz> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240516133009.20224-1-lhruska@suse.cz> References: <20240516133009.20224-1-lhruska@suse.cz> Precedence: bulk X-Mailing-List: linux-kbuild@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Rspamd-Action: no action X-Rspamd-Server: rspamd1.dmz-prg2.suse.org X-Spam-Level: X-Spamd-Result: default: False [-4.00 / 50.00]; REPLY(-4.00)[] X-Spam-Flag: NO X-Spam-Score: -4.00 X-Rspamd-Queue-Id: 7F39A349E8 From: Josh Poimboeuf Define klp prefixes in include/uapi/linux/livepatch.h, and use them for replacing hard-coded values in kernel/livepatch/core.c. Signed-off-by: Josh Poimboeuf Signed-off-by: Lukas Hruska Reviewed-by: Petr Mladek Reviewed-by: Marcos Paulo de Souza --- MAINTAINERS | 1 + include/uapi/linux/livepatch.h | 15 +++++++++++++++ kernel/livepatch/core.c | 5 +++-- 3 files changed, 19 insertions(+), 2 deletions(-) create mode 100644 include/uapi/linux/livepatch.h diff --git a/MAINTAINERS b/MAINTAINERS index 28e20975c26f..130b8b0bd4f7 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -12614,6 +12614,7 @@ F: Documentation/ABI/testing/sysfs-kernel-livepatch F: Documentation/livepatch/ F: arch/powerpc/include/asm/livepatch.h F: include/linux/livepatch.h +F: include/uapi/linux/livepatch.h F: kernel/livepatch/ F: kernel/module/livepatch.c F: samples/livepatch/ diff --git a/include/uapi/linux/livepatch.h b/include/uapi/linux/livepatch.h new file mode 100644 index 000000000000..e19430918a07 --- /dev/null +++ b/include/uapi/linux/livepatch.h @@ -0,0 +1,15 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ + +/* + * livepatch.h - Kernel Live Patching Core + * + * Copyright (C) 2016 Josh Poimboeuf + */ + +#ifndef _UAPI_LIVEPATCH_H +#define _UAPI_LIVEPATCH_H + +#define KLP_RELA_PREFIX ".klp.rela." +#define KLP_SYM_PREFIX ".klp.sym." + +#endif /* _UAPI_LIVEPATCH_H */ diff --git a/kernel/livepatch/core.c b/kernel/livepatch/core.c index ecbc9b6aba3a..8bde84d85263 100644 --- a/kernel/livepatch/core.c +++ b/kernel/livepatch/core.c @@ -20,6 +20,7 @@ #include #include #include +#include #include #include "core.h" #include "patch.h" @@ -226,7 +227,7 @@ static int klp_resolve_symbols(Elf_Shdr *sechdrs, const char *strtab, /* Format: .klp.sym.sym_objname.sym_name,sympos */ cnt = sscanf(strtab + sym->st_name, - ".klp.sym.%55[^.].%511[^,],%lu", + KLP_SYM_PREFIX "%55[^.].%511[^,],%lu", sym_objname, sym_name, &sympos); if (cnt != 3) { pr_err("symbol %s has an incorrectly formatted name\n", @@ -305,7 +306,7 @@ static int klp_write_section_relocs(struct module *pmod, Elf_Shdr *sechdrs, * See comment in klp_resolve_symbols() for an explanation * of the selected field width value. */ - cnt = sscanf(shstrtab + sec->sh_name, ".klp.rela.%55[^.]", + cnt = sscanf(shstrtab + sec->sh_name, KLP_RELA_PREFIX "%55[^.]", sec_objname); if (cnt != 1) { pr_err("section %s has an incorrectly formatted name\n", From patchwork Thu May 16 13:30:05 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lukas Hruska X-Patchwork-Id: 13666218 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.223.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E2E941474B5; Thu, 16 May 2024 13:30:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.135.223.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715866230; cv=none; b=gJM5ztlvwd+CUhfpUCY2ayoL+1HwW8Wq94yVHkfAP5SQhwnsrJqEDw/SAbR7bIT1DIIOxK1MCOOU6UdM2bnZI1sTcTVvkVmwMbQnDPP+cOqrYLCqddWtWHAUe0ZMq+jeVFkcdq8ihL7jf8AOy6eYrw0+VVHYJBDV8Kwc1gLYMbo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715866230; c=relaxed/simple; bh=pW+Ti4C+xOCZAMu0805Vs3muCVX5oqYd9mQYTdS+YE4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=CxfO7y/AfB34PhuOCCpNNOuNmPIi6yA30qMNX/ahZ97TasrQyJq1FndiJ1CHdyqqNBQNzFRoBiP3DTJV4o3d505plzuKk9XI83RkB5wLQ+F+iS1HA2hDQyJGB5qqmveL5Duw+keIIu0b0mk3Outkc5uA4kFf1xZe1F9wyJnGLg8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz; spf=pass smtp.mailfrom=suse.cz; arc=none smtp.client-ip=195.135.223.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.cz Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [IPv6:2a07:de40:b281:104:10:150:64:97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 1B6D75C443; Thu, 16 May 2024 13:30:25 +0000 (UTC) Authentication-Results: smtp-out2.suse.de; none Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 09D9D13991; Thu, 16 May 2024 13:30:25 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id NegNAnEKRmZjCAAAD6G6ig (envelope-from ); Thu, 16 May 2024 13:30:25 +0000 From: Lukas Hruska To: pmladek@suse.com, mbenes@suse.cz, jpoimboe@kernel.org Cc: joe.lawrence@redhat.com, live-patching@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kbuild@vger.kernel.org, mpdesouza@suse.com, lhruska@suse.cz, Josh Poimboeuf Subject: [PATCH v2 2/6] livepatch: Add klp-convert tool Date: Thu, 16 May 2024 15:30:05 +0200 Message-ID: <20240516133009.20224-3-lhruska@suse.cz> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240516133009.20224-1-lhruska@suse.cz> References: <20240516133009.20224-1-lhruska@suse.cz> Precedence: bulk X-Mailing-List: linux-kbuild@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Rspamd-Action: no action X-Rspamd-Server: rspamd1.dmz-prg2.suse.org X-Spam-Level: X-Spamd-Result: default: False [-4.00 / 50.00]; REPLY(-4.00)[] X-Spam-Flag: NO X-Spam-Score: -4.00 X-Rspamd-Queue-Id: 1B6D75C443 Livepatches need to access external symbols which can't be handled by the normal relocation mechanism. It is needed for two types of symbols: + Symbols which can be local for the original livepatched function. The alternative implementation in the livepatch sees them as external symbols. + Symbols in modules which are exported via EXPORT_SYMBOL*(). They must be handled special way otherwise the livepatch module would depend on the livepatched one. Loading such livepatch would cause loading the other module as well. The address of these symbols can be found via kallsyms. Or they can be relocated using livepatch specific relocation sections as specified in Documentation/livepatch/module-elf-format.txt. Currently, there is no trivial way to embed the required information as requested in the final livepatch elf object. klp-convert solves this problem by using annotations in the elf object to convert the relocation accordingly to the specification, enabling it to be handled by the livepatch loader. Given the above, create scripts/livepatch to hold tools developed for livepatches and add source files for klp-convert there. Allow to annotate such external symbols in the livepatch by a macro KLP_RELOC_SYMBOL(). It will create symbol with all needed metadata. For example: extern char *saved_command_line \ KLP_RELOC_SYMBOL(vmlinux, vmlinux, saved_command_line, 0); would create symbol $>readelf -r -W : Relocation section '.rela.text' at offset 0x32e60 contains 10 entries: Offset Info Type Symbol's Value Symbol's Name + Addend [...] 0000000000000068 0000003c00000002 R_X86_64_PC32 0000000000000000 .klp.sym.rela.vmlinux.vmlinux.saved_command_line,0 - 4 [...] Also add scripts/livepatch/klp-convert. The tool transforms symbols created by KLP_RELOC_SYMBOL() to object specific rela sections and rela entries which would later be proceed when the livepatch or the livepatched object is loaded. For example, klp-convert would replace the above symbol with: $> readelf -r -W Relocation section '.klp.rela.vmlinux.text' at offset 0x5cb60 contains 1 entry: Offset Info Type Symbol's Value Symbol's Name + Addend 0000000000000068 0000003c00000002 R_X86_64_PC32 0000000000000000 .klp.sym.vmlinux.saved_command_line,0 - 4 klp-convert relies on libelf and on a list implementation. Add files scripts/livepatch/elf.c and scripts/livepatch/elf.h, which are a libelf interfacing layer and scripts/livepatch/list.h, which is a list implementation. Update Makefiles to correctly support the compilation of the new tool, update MAINTAINERS file and add a .gitignore file. [jpoimboe@redhat.com: initial version] Signed-off-by: Josh Poimboeuf [joe.lawrence@redhat.com: clean-up and fixes] Signed-off-by: Joe Lawrence [lhruska@suse.cz: klp-convert code, minimal approach] Signed-off-by: Lukas Hruska Reviewed-by: Marcos Paulo de Souza --- MAINTAINERS | 1 + include/linux/livepatch.h | 19 + scripts/Makefile | 1 + scripts/livepatch/.gitignore | 1 + scripts/livepatch/Makefile | 5 + scripts/livepatch/elf.c | 817 ++++++++++++++++++++++++++++++++ scripts/livepatch/elf.h | 73 +++ scripts/livepatch/klp-convert.c | 284 +++++++++++ scripts/livepatch/klp-convert.h | 23 + scripts/livepatch/list.h | 391 +++++++++++++++ 10 files changed, 1615 insertions(+) create mode 100644 scripts/livepatch/.gitignore create mode 100644 scripts/livepatch/Makefile create mode 100644 scripts/livepatch/elf.c create mode 100644 scripts/livepatch/elf.h create mode 100644 scripts/livepatch/klp-convert.c create mode 100644 scripts/livepatch/klp-convert.h create mode 100644 scripts/livepatch/list.h diff --git a/MAINTAINERS b/MAINTAINERS index 130b8b0bd4f7..d2facc1f4e15 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -12618,6 +12618,7 @@ F: include/uapi/linux/livepatch.h F: kernel/livepatch/ F: kernel/module/livepatch.c F: samples/livepatch/ +F: scripts/livepatch/ F: tools/testing/selftests/livepatch/ LLC (802.2) diff --git a/include/linux/livepatch.h b/include/linux/livepatch.h index 9b9b38e89563..83bbcd1c43fd 100644 --- a/include/linux/livepatch.h +++ b/include/linux/livepatch.h @@ -235,6 +235,25 @@ int klp_apply_section_relocs(struct module *pmod, Elf_Shdr *sechdrs, unsigned int symindex, unsigned int secindex, const char *objname); +/** + * KLP_RELOC_SYMBOL_POS - define relocation for external symbols + * + * @LP_OBJ_NAME: name of the livepatched object where the symbol is needed + * @SYM_OBJ_NAME: name of the object where the symbol exists + * @SYM_NAME: symbol name + * @SYM_POS: position of the symbol in SYM_OBJ when there are more + * symbols of the same name. + * + * Use for annotating external symbols used in livepatches which are + * not exported in vmlinux or are in livepatched modules, see + * Documentation/livepatch/module-elf-format.rst + */ +#define KLP_RELOC_SYMBOL_POS(LP_OBJ_NAME, SYM_OBJ_NAME, SYM_NAME, SYM_POS) \ + asm("\".klp.sym.rela." #LP_OBJ_NAME "." #SYM_OBJ_NAME "." #SYM_NAME "," #SYM_POS "\"") + +#define KLP_RELOC_SYMBOL(LP_OBJ_NAME, SYM_OBJ_NAME, SYM_NAME) \ + KLP_RELOC_SYMBOL_POS(LP_OBJ_NAME, SYM_OBJ_NAME, SYM_NAME, 0) + #else /* !CONFIG_LIVEPATCH */ static inline int klp_module_coming(struct module *mod) { return 0; } diff --git a/scripts/Makefile b/scripts/Makefile index bc90520a5426..dfb1870551a6 100644 --- a/scripts/Makefile +++ b/scripts/Makefile @@ -55,6 +55,7 @@ targets += module.lds subdir-$(CONFIG_GCC_PLUGINS) += gcc-plugins subdir-$(CONFIG_MODVERSIONS) += genksyms subdir-$(CONFIG_SECURITY_SELINUX) += selinux +subdir-$(CONFIG_LIVEPATCH) += livepatch # Let clean descend into subdirs subdir- += basic dtc gdb kconfig mod diff --git a/scripts/livepatch/.gitignore b/scripts/livepatch/.gitignore new file mode 100644 index 000000000000..dc22fe4b6a5b --- /dev/null +++ b/scripts/livepatch/.gitignore @@ -0,0 +1 @@ +klp-convert diff --git a/scripts/livepatch/Makefile b/scripts/livepatch/Makefile new file mode 100644 index 000000000000..71dce0f3e893 --- /dev/null +++ b/scripts/livepatch/Makefile @@ -0,0 +1,5 @@ +hostprogs-always-y := klp-convert + +klp-convert-objs := klp-convert.o elf.o + +HOSTLDLIBS_klp-convert := -lelf diff --git a/scripts/livepatch/elf.c b/scripts/livepatch/elf.c new file mode 100644 index 000000000000..c649268a4a55 --- /dev/null +++ b/scripts/livepatch/elf.c @@ -0,0 +1,817 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * elf.c - ELF access library + * + * Adapted from kpatch (https://github.com/dynup/kpatch): + * Copyright (C) 2013-2016 Josh Poimboeuf + * Copyright (C) 2014 Seth Jennings + */ + +#include +#include +#include +#include +#include +#include +#include + +#include "elf.h" + +#define WARN(format, ...) \ + fprintf(stderr, "%s: " format "\n", elf->name, ##__VA_ARGS__) + +/* + * Fallback for systems without this "read, mmaping if possible" cmd. + */ +#ifndef ELF_C_READ_MMAP +#define ELF_C_READ_MMAP ELF_C_READ +#endif + +bool is_rela_section(struct section *sec) +{ + return (sec->sh.sh_type == SHT_RELA); +} + +struct section *find_section_by_name(struct elf *elf, const char *name) +{ + struct section *sec; + + list_for_each_entry(sec, &elf->sections, list) + if (!strcmp(sec->name, name)) + return sec; + + return NULL; +} + +static struct section *find_section_by_index(struct elf *elf, + int idx) +{ + struct section *sec; + + list_for_each_entry(sec, &elf->sections, list) + if (sec->idx == idx) + return sec; + + return NULL; +} + +static struct symbol *find_symbol_by_index(struct elf *elf, unsigned int idx) +{ + struct symbol *sym; + + list_for_each_entry(sym, &elf->symbols, list) + if (sym->idx == idx) + return sym; + + return NULL; +} + +static int read_sections(struct elf *elf) +{ + Elf_Scn *s = NULL; + struct section *sec; + size_t shstrndx, sections_nr; + size_t i; + + if (elf_getshdrnum(elf->elf, §ions_nr)) { + perror("elf_getshdrnum"); + return -1; + } + + if (elf_getshdrstrndx(elf->elf, &shstrndx)) { + perror("elf_getshdrstrndx"); + return -1; + } + + for (i = 0; i < sections_nr; i++) { + sec = calloc(1, sizeof(*sec)); + if (!sec) { + perror("calloc"); + return -1; + } + + INIT_LIST_HEAD(&sec->relas); + + list_add_tail(&sec->list, &elf->sections); + + s = elf_getscn(elf->elf, i); + if (!s) { + perror("elf_getscn"); + return -1; + } + + sec->idx = elf_ndxscn(s); + + if (!gelf_getshdr(s, &sec->sh)) { + perror("gelf_getshdr"); + return -1; + } + + sec->name = elf_strptr(elf->elf, shstrndx, sec->sh.sh_name); + if (!sec->name) { + perror("elf_strptr"); + return -1; + } + + sec->elf_data = elf_getdata(s, NULL); + if (!sec->elf_data) { + perror("elf_getdata"); + return -1; + } + + if (sec->elf_data->d_off != 0 || + sec->elf_data->d_size != sec->sh.sh_size) { + WARN("unexpected data attributes for %s", sec->name); + return -1; + } + + sec->data = sec->elf_data->d_buf; + sec->size = sec->elf_data->d_size; + } + + /* sanity check, one more call to elf_nextscn() should return NULL */ + if (elf_nextscn(elf->elf, s)) { + WARN("section entry mismatch"); + return -1; + } + + return 0; +} + +static int read_symbols(struct elf *elf) +{ + struct section *symtab; + struct symbol *sym; + int symbols_nr, i; + + symtab = find_section_by_name(elf, ".symtab"); + if (!symtab) { + WARN("missing symbol table"); + return -1; + } + + symbols_nr = symtab->sh.sh_size / symtab->sh.sh_entsize; + + for (i = 0; i < symbols_nr; i++) { + sym = calloc(1, sizeof(*sym)); + if (!sym) { + perror("calloc"); + return -1; + } + + sym->idx = i; + + if (!gelf_getsym(symtab->elf_data, i, &sym->sym)) { + perror("gelf_getsym"); + goto err; + } + + sym->name = elf_strptr(elf->elf, symtab->sh.sh_link, + sym->sym.st_name); + if (!sym->name) { + perror("elf_strptr"); + goto err; + } + + sym->type = GELF_ST_TYPE(sym->sym.st_info); + sym->bind = GELF_ST_BIND(sym->sym.st_info); + + if (sym->sym.st_shndx > SHN_UNDEF && + sym->sym.st_shndx < SHN_LORESERVE) { + sym->sec = find_section_by_index(elf, + sym->sym.st_shndx); + if (!sym->sec) { + WARN("couldn't find section for symbol %s", + sym->name); + goto err; + } + if (sym->type == STT_SECTION) { + sym->name = sym->sec->name; + sym->sec->sym = sym; + } + } + + sym->offset = sym->sym.st_value; + sym->size = sym->sym.st_size; + + list_add_tail(&sym->list, &elf->symbols); + } + + return 0; + +err: + free(sym); + return -1; +} + +static int read_relas(struct elf *elf) +{ + struct section *sec; + struct rela *rela; + int relas_nr, i; + unsigned int symndx; + + list_for_each_entry(sec, &elf->sections, list) { + if (sec->sh.sh_type != SHT_RELA) + continue; + + sec->base = find_section_by_name(elf, sec->name + 5); + if (!sec->base) { + WARN("can't find base section for rela section %s", + sec->name); + return -1; + } + + sec->base->rela = sec; + + relas_nr = sec->sh.sh_size / sec->sh.sh_entsize; + for (i = 0; i < relas_nr; i++) { + rela = calloc(1, sizeof(*rela)); + if (!rela) { + perror("calloc"); + return -1; + } + + if (!gelf_getrela(sec->elf_data, i, &rela->rela)) { + perror("gelf_getrela"); + return -1; + } + + rela->type = GELF_R_TYPE(rela->rela.r_info); + rela->addend = rela->rela.r_addend; + rela->offset = rela->rela.r_offset; + symndx = GELF_R_SYM(rela->rela.r_info); + rela->sym = find_symbol_by_index(elf, symndx); + if (!rela->sym) { + WARN("can't find rela entry symbol %u for %s", + symndx, sec->name); + return -1; + } + + list_add_tail(&rela->list, &sec->relas); + } + } + + return 0; +} + +struct section *create_rela_section(struct elf *elf, const char *name, + struct section *base) +{ + struct section *sec; + + sec = calloc(1, sizeof(*sec)); + if (!sec) { + WARN("calloc failed"); + return NULL; + } + INIT_LIST_HEAD(&sec->relas); + + sec->base = base; + sec->name = strdup(name); + if (!sec->name) { + WARN("strdup failed"); + return NULL; + } + sec->sh.sh_name = ~0; + sec->sh.sh_type = SHT_RELA; + + if (elf->elf_class == ELFCLASS32) { + sec->sh.sh_entsize = sizeof(Elf32_Rela); + sec->sh.sh_addralign = 4; + } else { + sec->sh.sh_entsize = sizeof(Elf64_Rela); + sec->sh.sh_addralign = 8; + } + sec->sh.sh_flags = SHF_ALLOC; + + sec->elf_data = calloc(1, sizeof(*sec->elf_data)); + if (!sec->elf_data) { + WARN("calloc failed"); + return NULL; + } + sec->elf_data->d_type = ELF_T_RELA; + + list_add_tail(&sec->list, &elf->sections); + + return sec; +} + +static int update_shstrtab(struct elf *elf) +{ + struct section *shstrtab, *sec; + size_t orig_size, new_size = 0, offset, len; + char *buf; + + shstrtab = find_section_by_name(elf, ".shstrtab"); + if (!shstrtab) { + WARN("can't find .shstrtab"); + return -1; + } + + orig_size = new_size = shstrtab->size; + + list_for_each_entry(sec, &elf->sections, list) { + if (sec->sh.sh_name != ~0U) + continue; + new_size += strlen(sec->name) + 1; + } + + if (new_size == orig_size) + return 0; + + buf = malloc(new_size); + if (!buf) { + WARN("malloc failed"); + return -1; + } + memcpy(buf, (void *)shstrtab->data, orig_size); + + offset = orig_size; + list_for_each_entry(sec, &elf->sections, list) { + if (sec->sh.sh_name != ~0U) + continue; + sec->sh.sh_name = offset; + len = strlen(sec->name) + 1; + memcpy(buf + offset, sec->name, len); + offset += len; + } + + shstrtab->elf_data->d_buf = shstrtab->data = buf; + shstrtab->elf_data->d_size = shstrtab->size = new_size; + shstrtab->sh.sh_size = new_size; + + return 1; +} + +static void free_shstrtab(struct elf *elf) +{ + struct section *shstrtab; + + shstrtab = find_section_by_name(elf, ".shstrtab"); + if (!shstrtab) + return; + + free(shstrtab->elf_data->d_buf); +} + +static int update_strtab(struct elf *elf) +{ + struct section *strtab; + struct symbol *sym; + size_t orig_size, new_size = 0, offset, len; + char *buf; + + strtab = find_section_by_name(elf, ".strtab"); + if (!strtab) { + WARN("can't find .strtab"); + return -1; + } + + orig_size = new_size = strtab->size; + + list_for_each_entry(sym, &elf->symbols, list) { + if (sym->sym.st_name != ~0U) + continue; + new_size += strlen(sym->name) + 1; + } + + if (new_size == orig_size) + return 0; + + buf = malloc(new_size); + if (!buf) { + WARN("malloc failed"); + return -1; + } + memcpy(buf, (void *)strtab->data, orig_size); + + offset = orig_size; + list_for_each_entry(sym, &elf->symbols, list) { + if (sym->sym.st_name != ~0U) + continue; + sym->sym.st_name = offset; + len = strlen(sym->name) + 1; + memcpy(buf + offset, sym->name, len); + offset += len; + } + + strtab->elf_data->d_buf = strtab->data = buf; + strtab->elf_data->d_size = strtab->size = new_size; + strtab->sh.sh_size = new_size; + + return 1; +} + +static void free_strtab(struct elf *elf) +{ + struct section *strtab; + + strtab = find_section_by_name(elf, ".strtab"); + if (!strtab) + return; + + if (strtab->elf_data) + free(strtab->elf_data->d_buf); +} + +static int update_symtab(struct elf *elf) +{ + struct section *symtab, *sec; + struct symbol *sym; + char *buf; + size_t size; + int offset = 0, nr_locals = 0, idx, nr_syms; + + idx = 0; + list_for_each_entry(sec, &elf->sections, list) + sec->idx = idx++; + + idx = 0; + list_for_each_entry(sym, &elf->symbols, list) { + sym->idx = idx++; + if (sym->sec) + sym->sym.st_shndx = sym->sec->idx; + } + nr_syms = idx; + + symtab = find_section_by_name(elf, ".symtab"); + if (!symtab) { + WARN("can't find symtab"); + return -1; + } + + symtab->sh.sh_link = find_section_by_name(elf, ".strtab")->idx; + + /* create new symtab buffer */ + if (elf->elf_class == ELFCLASS32) + size = nr_syms * sizeof(Elf32_Sym); + else + size = nr_syms * sizeof(Elf64_Sym); + buf = calloc(1, size); + if (!buf) { + WARN("calloc failed"); + return -1; + } + + offset = 0; + list_for_each_entry(sym, &elf->symbols, list) { + + if (elf->elf_class == ELFCLASS32) { + /* Manually convert to 32-bit Elf32_Sym */ + Elf32_Sym sym32; + + sym32.st_name = sym->sym.st_name; + sym32.st_info = sym->sym.st_info; + sym32.st_other = sym->sym.st_other; + sym32.st_shndx = sym->sym.st_shndx; + sym32.st_value = sym->sym.st_value; + sym32.st_size = sym->sym.st_size; + memcpy(buf + offset, &sym32, sizeof(Elf32_Sym)); + } else { + /* Existing 64-bit GElf_Syms are fine */ + memcpy(buf + offset, &sym->sym, sizeof(Elf64_Sym)); + } + + offset += symtab->sh.sh_entsize; + + if (sym->bind == STB_LOCAL) + nr_locals++; + } + + symtab->elf_data->d_buf = symtab->data = buf; + symtab->elf_data->d_size = symtab->size = size; + symtab->sh.sh_size = size; + + /* update symtab section header */ + symtab->sh.sh_info = nr_locals; + + return 1; +} + +static void free_symtab(struct elf *elf) +{ + struct section *symtab; + + symtab = find_section_by_name(elf, ".symtab"); + if (!symtab) + return; + + free(symtab->elf_data->d_buf); +} + +static int update_relas(struct elf *elf) +{ + struct section *sec, *symtab; + struct rela *rela; + int nr_relas, idx, size; + void *relas; + + symtab = find_section_by_name(elf, ".symtab"); + + list_for_each_entry(sec, &elf->sections, list) { + if (!is_rela_section(sec)) + continue; + + sec->sh.sh_link = symtab->idx; + if (sec->base) + sec->sh.sh_info = sec->base->idx; + + nr_relas = 0; + list_for_each_entry(rela, &sec->relas, list) + nr_relas++; + + if (elf->elf_class == ELFCLASS32) + size = nr_relas * sizeof(Elf32_Rela); + else + size = nr_relas * sizeof(Elf64_Rela); + + relas = malloc(size); + if (!relas) { + WARN("malloc failed"); + return -1; + } + + sec->elf_data->d_buf = sec->data = relas; + sec->elf_data->d_size = sec->size = size; + sec->sh.sh_size = size; + + idx = 0; + list_for_each_entry(rela, &sec->relas, list) { + if (elf->elf_class == ELFCLASS32) { + Elf32_Rela *relas32 = relas; + + relas32[idx].r_offset = rela->offset; + relas32[idx].r_addend = rela->addend; + relas32[idx].r_info = ELF32_R_INFO(rela->sym->idx, + rela->type); + } else { + Elf64_Rela *relas64 = relas; + + relas64[idx].r_offset = rela->offset; + relas64[idx].r_addend = rela->addend; + relas64[idx].r_info = ELF64_R_INFO(rela->sym->idx, + rela->type); + } + idx++; + } + } + + return 1; +} + +static void update_groups(struct elf *elf) +{ + struct section *sec, *symtab; + + symtab = find_section_by_name(elf, ".symtab"); + + list_for_each_entry(sec, &elf->sections, list) { + if (sec->sh.sh_type == SHT_GROUP) + sec->sh.sh_link = symtab->idx; + } +} + +static void free_relas(struct elf *elf) +{ + struct section *sec, *symtab; + + symtab = find_section_by_name(elf, ".symtab"); + if (!symtab) + return; + + list_for_each_entry(sec, &elf->sections, list) { + if (!is_rela_section(sec)) + continue; + + free(sec->elf_data->d_buf); + } +} + +static int write_file(struct elf *elf, const char *file) +{ + int fd; + Elf *e; + GElf_Ehdr eh, ehout; + Elf_Scn *scn; + Elf_Data *data; + GElf_Shdr sh; + struct section *sec; + + fd = creat(file, 0664); + if (fd == -1) { + WARN("couldn't create %s", file); + return -1; + } + + e = elf_begin(fd, ELF_C_WRITE, NULL); + if (!e) { + WARN("elf_begin failed"); + return -1; + } + + if (!gelf_newehdr(e, gelf_getclass(elf->elf))) { + WARN("gelf_newehdr failed"); + return -1; + } + + if (!gelf_getehdr(e, &ehout)) { + WARN("gelf_getehdr failed"); + return -1; + } + + if (!gelf_getehdr(elf->elf, &eh)) { + WARN("gelf_getehdr failed"); + return -1; + } + + memset(&ehout, 0, sizeof(ehout)); + ehout.e_ident[EI_DATA] = eh.e_ident[EI_DATA]; + ehout.e_machine = eh.e_machine; + ehout.e_flags = eh.e_flags; + ehout.e_type = eh.e_type; + ehout.e_version = EV_CURRENT; + ehout.e_shstrndx = find_section_by_name(elf, ".shstrtab")->idx; + + list_for_each_entry(sec, &elf->sections, list) { + if (!sec->idx) + continue; + scn = elf_newscn(e); + if (!scn) { + WARN("elf_newscn failed"); + return -1; + } + + data = elf_newdata(scn); + if (!data) { + WARN("elf_newdata failed"); + return -1; + } + + if (!elf_flagdata(data, ELF_C_SET, ELF_F_DIRTY)) { + WARN("elf_flagdata failed"); + return -1; + } + + data->d_type = sec->elf_data->d_type; + data->d_buf = sec->elf_data->d_buf; + data->d_size = sec->elf_data->d_size; + + if (!gelf_getshdr(scn, &sh)) { + WARN("gelf_getshdr failed"); + return -1; + } + + sh = sec->sh; + + if (!gelf_update_shdr(scn, &sh)) { + WARN("gelf_update_shdr failed"); + return -1; + } + } + + if (!gelf_update_ehdr(e, &ehout)) { + WARN("gelf_update_ehdr failed"); + return -1; + } + + if (elf_update(e, ELF_C_WRITE) < 0) { + fprintf(stderr, "%s\n", elf_errmsg(-1)); + WARN("elf_update failed"); + return -1; + } + + elf_end(e); + + return 0; +} + +int elf_write_file(struct elf *elf, const char *file) +{ + int ret_shstrtab = 0; + int ret_strtab = 0; + int ret_symtab = 0; + int ret_relas = 0; + int ret; + + ret_shstrtab = update_shstrtab(elf); + if (ret_shstrtab < 0) { + ret = ret_shstrtab; + goto out; + } + + ret_strtab = update_strtab(elf); + if (ret_strtab < 0) { + ret = ret_strtab; + goto out; + } + + ret_symtab = update_symtab(elf); + if (ret_symtab < 0) { + ret = ret_symtab; + goto out; + } + + ret_relas = update_relas(elf); + if (ret_relas < 0) { + ret = ret_relas; + goto out; + } + + update_groups(elf); + + ret = write_file(elf, file); + if (ret) + return ret; + +out: + if (ret_relas > 0) + free_relas(elf); + if (ret_symtab > 0) + free_symtab(elf); + if (ret_strtab > 0) + free_strtab(elf); + if (ret_shstrtab > 0) + free_shstrtab(elf); + + return ret; +} + +struct elf *elf_open(const char *name) +{ + struct elf *elf; + + elf_version(EV_CURRENT); + + elf = calloc(1, sizeof(*elf)); + if (!elf) { + perror("calloc"); + return NULL; + } + + INIT_LIST_HEAD(&elf->sections); + INIT_LIST_HEAD(&elf->symbols); + + elf->fd = open(name, O_RDONLY); + if (elf->fd == -1) { + perror("open"); + goto err; + } + + elf->elf = elf_begin(elf->fd, ELF_C_READ_MMAP, NULL); + if (!elf->elf) { + perror("elf_begin"); + goto err; + } + + if (!gelf_getehdr(elf->elf, &elf->ehdr)) { + perror("gelf_getehdr"); + goto err; + } + + elf->elf_class = gelf_getclass(elf->elf); + if ((elf->elf_class != ELFCLASS32) && (elf->elf_class != ELFCLASS64)) { + WARN("invalid elf class"); + goto err; + } + + if (read_sections(elf)) + goto err; + + if (read_symbols(elf)) + goto err; + + if (read_relas(elf)) + goto err; + + return elf; + +err: + elf_close(elf); + return NULL; +} + +void elf_close(struct elf *elf) +{ + struct section *sec, *tmpsec; + struct symbol *sym, *tmpsym; + struct rela *rela, *tmprela; + + list_for_each_entry_safe(sym, tmpsym, &elf->symbols, list) { + list_del(&sym->list); + free(sym); + } + list_for_each_entry_safe(sec, tmpsec, &elf->sections, list) { + list_for_each_entry_safe(rela, tmprela, &sec->relas, list) { + list_del(&rela->list); + free(rela); + } + list_del(&sec->list); + free(sec); + } + if (elf->fd > 0) + close(elf->fd); + if (elf->elf) + elf_end(elf->elf); + free(elf); +} diff --git a/scripts/livepatch/elf.h b/scripts/livepatch/elf.h new file mode 100644 index 000000000000..784cf42b01bf --- /dev/null +++ b/scripts/livepatch/elf.h @@ -0,0 +1,73 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Copyright (C) 2015-2016 Josh Poimboeuf + */ + +#ifndef _KLP_POST_ELF_H +#define _KLP_POST_ELF_H + +#include +#include +#include +#include "list.h" + +#ifdef LIBELF_USE_DEPRECATED +# define elf_getshdrnum elf_getshnum +# define elf_getshdrstrndx elf_getshstrndx +#endif + +struct section { + struct list_head list; + GElf_Shdr sh; + struct section *base, *rela; + struct list_head relas; + struct symbol *sym; + Elf_Data *elf_data; + char *name; + int idx; + void *data; + unsigned int size; +}; + +struct symbol { + struct list_head list; + GElf_Sym sym; + struct section *sec; + char *name; + unsigned int idx; + unsigned char bind, type; + unsigned long offset; + unsigned int size; +}; + +struct rela { + struct list_head list; + GElf_Rela rela; + struct symbol *sym; + unsigned int type; + unsigned long offset; + int addend; +}; + +struct elf { + Elf *elf; + GElf_Ehdr ehdr; + int fd; + char *name; + int elf_class; + struct list_head sections; + struct list_head symbols; +}; + + +struct elf *elf_open(const char *name); +bool is_rela_section(struct section *sec); +struct section *find_section_by_name(struct elf *elf, const char *name); +struct section *create_rela_section(struct elf *elf, const char *name, + struct section *base); + +void elf_close(struct elf *elf); +int elf_write_file(struct elf *elf, const char *file); + + +#endif /* _KLP_POST_ELF_H */ diff --git a/scripts/livepatch/klp-convert.c b/scripts/livepatch/klp-convert.c new file mode 100644 index 000000000000..203802be334b --- /dev/null +++ b/scripts/livepatch/klp-convert.c @@ -0,0 +1,284 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2016 Josh Poimboeuf + * Copyright (C) 2017 Joao Moreira + * Copyright (C) 2023 Lukas Hruska + */ + +#include +#include +#include +#include +#include "elf.h" +#include "list.h" +#include "klp-convert.h" + +#define KSYM_NAME_LEN 512 + +#define safe_snprintf(var, size, format, args...) \ + ({ \ + int __ret; \ + \ + __ret = snprintf(var, size, format, ##args); \ + __ret < 0 || (size_t)__ret >= size; \ + }) + +/* + * Formats name of klp rela symbol based on another given section (@oldsec) + * and object (@obj_name) name, then returns it + */ +static char *alloc_klp_rela_name(struct section *oldsec, + char *lp_obj_name, struct elf *klp_elf) +{ + char *klp_rela_name; + unsigned int length; + int err; + + /* + * Format: .klp.rela.sec_objname.section_name + * Note: ".section_name" comes from oldsec->base->name + * including the dot. + */ + length = strlen(KLP_RELA_PREFIX) + strlen(lp_obj_name) + + strlen(oldsec->base->name) + 1; + + klp_rela_name = calloc(1, length); + if (!klp_rela_name) { + WARN("Memory allocation failed (%s%s%s)\n", KLP_RELA_PREFIX, + lp_obj_name, oldsec->base->name); + return NULL; + } + + err = safe_snprintf(klp_rela_name, length, KLP_RELA_PREFIX "%s%s", + lp_obj_name, oldsec->base->name); + if (err) { + WARN("Length error (%s)", klp_rela_name); + free(klp_rela_name); + return NULL; + } + + return klp_rela_name; +} + +static int calc_digits(int num) +{ + int count = 0; + + /* It takes a digit to represent zero */ + if (!num) + return 1; + + while (num != 0) { + num /= 10; + count++; + } + + return count; +} + +/* Converts rela symbol names */ +static bool convert_symbol(struct symbol *s) +{ + char lp_obj_name[MODULE_NAME_LEN]; + char sym_obj_name[MODULE_NAME_LEN]; + char sym_name[KSYM_NAME_LEN]; + char *klp_sym_name; + unsigned long sym_pos; + int poslen; + unsigned int length; + + static_assert(MODULE_NAME_LEN >= 56 && KSYM_NAME_LEN == 512, + "Update limit in the below sscanf()"); + + if (sscanf(s->name, KLP_SYM_RELA_PREFIX "%55[^.].%55[^.].%511[^,],%lu", + lp_obj_name, sym_obj_name, sym_name, &sym_pos) != 4) { + WARN("Invalid format of symbol (%s)\n", s->name); + return false; + } + + poslen = calc_digits(sym_pos); + + length = strlen(KLP_SYM_PREFIX) + strlen(sym_obj_name) + + strlen(sym_name) + sizeof(poslen) + 3; + + klp_sym_name = calloc(1, length); + if (!klp_sym_name) { + WARN("Memory allocation failed (%s%s.%s,%lu)\n", KLP_SYM_PREFIX, + sym_obj_name, sym_name, sym_pos); + return false; + } + + if (safe_snprintf(klp_sym_name, length, KLP_SYM_PREFIX "%s.%s,%lu", + sym_obj_name, sym_name, sym_pos)) { + + WARN("Length error (%s%s.%s,%lu)", KLP_SYM_PREFIX, + sym_obj_name, sym_name, sym_pos); + free(klp_sym_name); + return false; + } + + s->name = klp_sym_name; + s->sec = NULL; + s->sym.st_name = -1; + s->sym.st_shndx = SHN_LIVEPATCH; + + return true; +} + +/* Checks if a symbols was already converted */ +static bool is_converted_symbol(struct symbol *sym) +{ + return sym->sym.st_shndx == SHN_LIVEPATCH; +} + +/* + * Finds or creates a klp rela section based on another given section (@oldsec) + * and rela's symbol name (@rela), then returns it + */ +static struct section *get_or_create_klp_rela_section(struct section *oldsec, struct rela *rela, + struct elf *klp_elf) +{ + char *klp_rela_name; + char lp_obj_name[MODULE_NAME_LEN]; + struct section *sec; + + if (sscanf(rela->sym->name, KLP_SYM_RELA_PREFIX "%55[^.]", lp_obj_name) != 1) { + WARN("Invalid relocation symbol name.\n"); + return NULL; + } + + klp_rela_name = alloc_klp_rela_name(oldsec, lp_obj_name, klp_elf); + if (!klp_rela_name) { + WARN("Can't create or access klp.rela section (%s%s)\n", + lp_obj_name, oldsec->base->name); + return NULL; + } + + sec = find_section_by_name(klp_elf, klp_rela_name); + if (!sec) + sec = create_rela_section(klp_elf, klp_rela_name, oldsec->base); + + if (sec) + sec->sh.sh_flags |= SHF_RELA_LIVEPATCH; + + free(klp_rela_name); + return sec; +} + +static void move_rela(struct rela *r, struct section *rela_sec) +{ + /* Move the rela into newly created klp rela section */ + list_del(&r->list); + list_add_tail(&r->list, &rela_sec->relas); +} + +static bool is_klp_sym_rela_symbol(struct symbol *sym) +{ + int len; + + /* skip index 0 which serves as the undefined symbol index */ + if (!sym->idx) + return false; + + len = strlen(KLP_SYM_RELA_PREFIX); + /* + * we want to resolve only symbols with format: + * .klp.sym.rela...foo,0 + */ + return strncmp(sym->name, KLP_SYM_RELA_PREFIX, len) == 0; +} + +/* Checks if a section is a klp rela section */ +static bool is_klp_rela_section(struct section *sec) +{ + if (!is_rela_section(sec)) + return false; + + int len = strlen(KLP_RELA_PREFIX); + + return strncmp(sec->name, KLP_RELA_PREFIX, len) == 0; +} + +/* + * Frees the new names and rela sections as created by + * get_or_create_klp_rela_section(), and convert_symbol() + */ +static void free_converted_resources(struct elf *klp_elf) +{ + struct symbol *sym; + struct section *sec; + + list_for_each_entry(sym, &klp_elf->symbols, list) { + if (is_converted_symbol(sym)) + free(sym->name); + } + + list_for_each_entry(sec, &klp_elf->sections, list) { + if (is_klp_rela_section(sec)) { + free(sec->elf_data); + free(sec->name); + } + } +} + +int main(int argc, const char **argv) +{ + const char *klp_in_module, *klp_out_module; + struct rela *rela, *tmprela; + struct section *sec, *rela_sec; + struct elf *klp_elf; + struct symbol *sym; + + if (argc != 3) { + WARN("Usage: %s ", argv[0]); + return -1; + } + + klp_in_module = argv[1]; + klp_out_module = argv[2]; + + klp_elf = elf_open(klp_in_module); + if (!klp_elf) { + WARN("Unable to read elf file %s\n", klp_in_module); + return -1; + } + + list_for_each_entry(sec, &klp_elf->sections, list) { + /* skip newly created sections */ + if (is_klp_rela_section(sec)) + continue; + + list_for_each_entry_safe(rela, tmprela, &sec->relas, list) { + if (!is_klp_sym_rela_symbol(rela->sym)) + continue; + + rela_sec = get_or_create_klp_rela_section(sec, rela, klp_elf); + if (!rela_sec) { + WARN("Unable to convert relocation: %s", + rela->sym->name); + return -1; + } + /* rela needs to be moved to newly created section */ + move_rela(rela, rela_sec); + } + } + + /* Rename symbols */ + list_for_each_entry(sym, &klp_elf->symbols, list) { + if (!is_klp_sym_rela_symbol(sym)) + continue; + if (!convert_symbol(sym)) { + WARN("Unable to convert symbol name (%s)\n", + sym->name); + return -1; + } + } + + if (elf_write_file(klp_elf, klp_out_module)) + return -1; + + free_converted_resources(klp_elf); + elf_close(klp_elf); + + return 0; +} diff --git a/scripts/livepatch/klp-convert.h b/scripts/livepatch/klp-convert.h new file mode 100644 index 000000000000..416b86e46598 --- /dev/null +++ b/scripts/livepatch/klp-convert.h @@ -0,0 +1,23 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Copyright (C) 2016 Josh Poimboeuf + * Copyright (C) 2017 Joao Moreira + * + */ + +#define SHN_LIVEPATCH 0xff20 +#define SHF_RELA_LIVEPATCH 0x00100000 +#define MODULE_NAME_LEN (64 - sizeof(GElf_Addr)) +#define WARN(format, ...) \ + fprintf(stderr, "klp-convert: " format "\n", ##__VA_ARGS__) + +/* + * klp-convert uses macros and structures defined in the linux sources + * package (see include/uapi/linux/livepatch.h). To prevent the + * dependency when building locally, they are defined below. Also notice + * that these should match the definitions from the targeted kernel. + */ + +#define KLP_RELA_PREFIX ".klp.rela." +#define KLP_SYM_RELA_PREFIX ".klp.sym.rela." +#define KLP_SYM_PREFIX ".klp.sym." diff --git a/scripts/livepatch/list.h b/scripts/livepatch/list.h new file mode 100644 index 000000000000..4d429120fabf --- /dev/null +++ b/scripts/livepatch/list.h @@ -0,0 +1,391 @@ +/* SPDX-License-Identifier: GPL-2.0 */ + +#ifndef _LINUX_LIST_H +#define _LINUX_LIST_H + +/* + * Simple doubly linked list implementation. + * + * Some of the internal functions ("__xxx") are useful when + * manipulating whole lists rather than single entries, as + * sometimes we already know the next/prev entries and we can + * generate better code by using them directly rather than + * using the generic single-entry routines. + */ + +#define WRITE_ONCE(a, b) (a = b) +#define READ_ONCE(a) a + +#undef offsetof +#define offsetof(TYPE, MEMBER) ((size_t) &((TYPE *)0)->MEMBER) + +/** + * container_of - cast a member of a structure out to the containing structure + * @ptr: the pointer to the member. + * @type: the type of the container struct this is embedded in. + * @member: the name of the member within the struct. + * + */ +#define container_of(ptr, type, member) ({ \ + const typeof(((type *)0)->member) * __mptr = (ptr); \ + (type *)((char *)__mptr - offsetof(type, member)); }) + +struct list_head { + struct list_head *next, *prev; +}; + +#define LIST_HEAD_INIT(name) { &(name), &(name) } + +#define LIST_HEAD(name) \ + struct list_head name = LIST_HEAD_INIT(name) + +static inline void INIT_LIST_HEAD(struct list_head *list) +{ + WRITE_ONCE(list->next, list); + list->prev = list; +} + +/* + * Insert a new entry between two known consecutive entries. + * + * This is only for internal list manipulation where we know + * the prev/next entries already! + */ +static inline void __list_add(struct list_head *new, + struct list_head *prev, + struct list_head *next) +{ + next->prev = new; + new->next = next; + new->prev = prev; + WRITE_ONCE(prev->next, new); +} + +/** + * list_add - add a new entry + * @new: new entry to be added + * @head: list head to add it after + * + * Insert a new entry after the specified head. + * This is good for implementing stacks. + */ +static inline void list_add(struct list_head *new, struct list_head *head) +{ + __list_add(new, head, head->next); +} + + +/** + * list_add_tail - add a new entry + * @new: new entry to be added + * @head: list head to add it before + * + * Insert a new entry before the specified head. + * This is useful for implementing queues. + */ +static inline void list_add_tail(struct list_head *new, struct list_head *head) +{ + __list_add(new, head->prev, head); +} + +/* + * Delete a list entry by making the prev/next entries + * point to each other. + * + * This is only for internal list manipulation where we know + * the prev/next entries already! + */ +static inline void __list_del(struct list_head *prev, struct list_head *next) +{ + next->prev = prev; + WRITE_ONCE(prev->next, next); +} + +/** + * list_del - deletes entry from list. + * @entry: the element to delete from the list. + * Note: list_empty() on entry does not return true after this, the entry is + * in an undefined state. + */ +static inline void __list_del_entry(struct list_head *entry) +{ + __list_del(entry->prev, entry->next); +} + +static inline void list_del(struct list_head *entry) +{ + __list_del(entry->prev, entry->next); +} + +/** + * list_is_last - tests whether @list is the last entry in list @head + * @list: the entry to test + * @head: the head of the list + */ +static inline int list_is_last(const struct list_head *list, + const struct list_head *head) +{ + return list->next == head; +} + +/** + * list_empty - tests whether a list is empty + * @head: the list to test. + */ +static inline int list_empty(const struct list_head *head) +{ + return READ_ONCE(head->next) == head; +} + +/** + * list_entry - get the struct for this entry + * @ptr: the &struct list_head pointer. + * @type: the type of the struct this is embedded in. + * @member: the name of the list_head within the struct. + */ +#define list_entry(ptr, type, member) \ + container_of(ptr, type, member) + +/** + * list_first_entry - get the first element from a list + * @ptr: the list head to take the element from. + * @type: the type of the struct this is embedded in. + * @member: the name of the list_head within the struct. + * + * Note, that list is expected to be not empty. + */ +#define list_first_entry(ptr, type, member) \ + list_entry((ptr)->next, type, member) + +/** + * list_last_entry - get the last element from a list + * @ptr: the list head to take the element from. + * @type: the type of the struct this is embedded in. + * @member: the name of the list_head within the struct. + * + * Note, that list is expected to be not empty. + */ +#define list_last_entry(ptr, type, member) \ + list_entry((ptr)->prev, type, member) + +/** + * list_first_entry_or_null - get the first element from a list + * @ptr: the list head to take the element from. + * @type: the type of the struct this is embedded in. + * @member: the name of the list_head within the struct. + * + * Note that if the list is empty, it returns NULL. + */ +#define list_first_entry_or_null(ptr, type, member) \ + (!list_empty(ptr) ? list_first_entry(ptr, type, member) : NULL) + +/** + * list_next_entry - get the next element in list + * @pos: the type * to cursor + * @member: the name of the list_head within the struct. + */ +#define list_next_entry(pos, member) \ + list_entry((pos)->member.next, typeof(*(pos)), member) + +/** + * list_prev_entry - get the prev element in list + * @pos: the type * to cursor + * @member: the name of the list_head within the struct. + */ +#define list_prev_entry(pos, member) \ + list_entry((pos)->member.prev, typeof(*(pos)), member) + +/** + * list_for_each - iterate over a list + * @pos: the &struct list_head to use as a loop cursor. + * @head: the head for your list. + */ +#define list_for_each(pos, head) \ + for (pos = (head)->next; pos != (head); pos = pos->next) + +/** + * list_for_each_prev - iterate over a list backwards + * @pos: the &struct list_head to use as a loop cursor. + * @head: the head for your list. + */ +#define list_for_each_prev(pos, head) \ + for (pos = (head)->prev; pos != (head); pos = pos->prev) + +/** + * list_for_each_safe - iterate over a list safe against removal of list entry + * @pos: the &struct list_head to use as a loop cursor. + * @n: another &struct list_head to use as temporary storage + * @head: the head for your list. + */ +#define list_for_each_safe(pos, n, head) \ + for (pos = (head)->next, n = pos->next; pos != (head); \ + pos = n, n = pos->next) + +/** + * list_for_each_prev_safe - iterate over a list backwards safe against removal + of list entry + * @pos: the &struct list_head to use as a loop cursor. + * @n: another &struct list_head to use as temporary storage + * @head: the head for your list. + */ +#define list_for_each_prev_safe(pos, n, head) \ + for (pos = (head)->prev, n = pos->prev; \ + pos != (head); \ + pos = n, n = pos->prev) + +/** + * list_for_each_entry - iterate over list of given type + * @pos: the type * to use as a loop cursor. + * @head: the head for your list. + * @member: the name of the list_head within the struct. + */ +#define list_for_each_entry(pos, head, member) \ + for (pos = list_first_entry(head, typeof(*pos), member); \ + &pos->member != (head); \ + pos = list_next_entry(pos, member)) + +/** + * list_for_each_entry_reverse - iterate backwards over list of given type. + * @pos: the type * to use as a loop cursor. + * @head: the head for your list. + * @member: the name of the list_head within the struct. + */ +#define list_for_each_entry_reverse(pos, head, member) \ + for (pos = list_last_entry(head, typeof(*pos), member); \ + &pos->member != (head); \ + pos = list_prev_entry(pos, member)) + +/** + * list_prepare_entry - prepare a pos entry for use in + list_for_each_entry_continue() + * @pos: the type * to use as a start point + * @head: the head of the list + * @member: the name of the list_head within the struct. + * + * Prepares a pos entry for use as a start point in + list_for_each_entry_continue(). + */ +#define list_prepare_entry(pos, head, member) \ + ((pos) ? : list_entry(head, typeof(*pos), member)) + +/** + * list_for_each_entry_continue - continue iteration over list of given type + * @pos: the type * to use as a loop cursor. + * @head: the head for your list. + * @member: the name of the list_head within the struct. + * + * Continue to iterate over list of given type, continuing after + * the current position. + */ +#define list_for_each_entry_continue(pos, head, member) \ + for (pos = list_next_entry(pos, member); \ + &pos->member != (head); \ + pos = list_next_entry(pos, member)) + +/** + * list_for_each_entry_continue_reverse - iterate backwards from the given point + * @pos: the type * to use as a loop cursor. + * @head: the head for your list. + * @member: the name of the list_head within the struct. + * + * Start to iterate over list of given type backwards, continuing after + * the current position. + */ +#define list_for_each_entry_continue_reverse(pos, head, member) \ + for (pos = list_prev_entry(pos, member); \ + &pos->member != (head); \ + pos = list_prev_entry(pos, member)) + +/** + * list_for_each_entry_from - iterate over list of given type from the current + point + * @pos: the type * to use as a loop cursor. + * @head: the head for your list. + * @member: the name of the list_head within the struct. + * + * Iterate over list of given type, continuing from current position. + */ +#define list_for_each_entry_from(pos, head, member) \ + for (; &pos->member != (head); \ + pos = list_next_entry(pos, member)) + +/** + * list_for_each_entry_safe - iterate over list of given type safe against + removal of list entry + * @pos: the type * to use as a loop cursor. + * @n: another type * to use as temporary storage + * @head: the head for your list. + * @member: the name of the list_head within the struct. + */ +#define list_for_each_entry_safe(pos, n, head, member) \ + for (pos = list_first_entry(head, typeof(*pos), member), \ + n = list_next_entry(pos, member); \ + &pos->member != (head); \ + pos = n, n = list_next_entry(n, member)) + +/** + * list_for_each_entry_safe_continue - continue list iteration safe against + * removal + * @pos: the type * to use as a loop cursor. + * @n: another type * to use as temporary storage + * @head: the head for your list. + * @member: the name of the list_head within the struct. + * + * Iterate over list of given type, continuing after current point, + * safe against removal of list entry. + */ +#define list_for_each_entry_safe_continue(pos, n, head, member) \ + for (pos = list_next_entry(pos, member), \ + n = list_next_entry(pos, member); \ + &pos->member != (head); \ + pos = n, n = list_next_entry(n, member)) + +/** + * list_for_each_entry_safe_from - iterate over list from current point safe + * against removal + * @pos: the type * to use as a loop cursor. + * @n: another type * to use as temporary storage + * @head: the head for your list. + * @member: the name of the list_head within the struct. + * + * Iterate over list of given type from current point, safe against + * removal of list entry. + */ +#define list_for_each_entry_safe_from(pos, n, head, member) \ + for (n = list_next_entry(pos, member); \ + &pos->member != (head); \ + pos = n, n = list_next_entry(n, member)) + +/** + * list_for_each_entry_safe_reverse - iterate backwards over list safe against + * removal + * @pos: the type * to use as a loop cursor. + * @n: another type * to use as temporary storage + * @head: the head for your list. + * @member: the name of the list_head within the struct. + * + * Iterate backwards over list of given type, safe against removal + * of list entry. + */ +#define list_for_each_entry_safe_reverse(pos, n, head, member) \ + for (pos = list_last_entry(head, typeof(*pos), member), \ + n = list_prev_entry(pos, member); \ + &pos->member != (head); \ + pos = n, n = list_prev_entry(n, member)) + +/** + * list_safe_reset_next - reset a stale list_for_each_entry_safe loop + * @pos: the loop cursor used in the list_for_each_entry_safe loop + * @n: temporary storage used in list_for_each_entry_safe + * @member: the name of the list_head within the struct. + * + * list_safe_reset_next is not safe to use in general if the list may be + * modified concurrently (eg. the lock is dropped in the loop body). An + * exception to this is if the cursor element (pos) is pinned in the list, + * and list_safe_reset_next is called after re-taking the lock and before + * completing the current iteration of the loop body. + */ +#define list_safe_reset_next(pos, n, member) \ + (n = list_next_entry(pos, member)) + +#endif From patchwork Thu May 16 13:30:06 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lukas Hruska X-Patchwork-Id: 13666217 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.223.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 48D1A1494DA; Thu, 16 May 2024 13:30:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.135.223.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715866230; cv=none; b=Mk/7kGIv0IvIn4HiNOl1VQvbvTJa0RrjC82smefENnx7106CFH/x/itl6M0mfj/N2sJuLMyxJw22yXXxXFziT4ICew5LGzag0M+S7sqrR2XrD5OWzhrGef6NvHMXwFqKVK/obfjNV36kkYMHmH96RlReXHs2ZX0F2oywsAv+SEc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715866230; c=relaxed/simple; bh=INqPEhsY1z2kbYZru6c0mYMdy3a4bE740P9mz200ItU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=rWKmw4eEbfqqMHAmfst85TZYx/5gCHknwrswhICtINnNhVATB3XlvXf6O/xmh0UIKDvjIJjtMkjjKPt6pcx4AXU9S0kP4oa2KT4vQIJXK7XlfSj0mEdQyYY/7tnfFRpCD5E9+hz8q1YkyxtW1lGc/EXCHWceMBoolvn71tnEOsY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz; spf=pass smtp.mailfrom=suse.cz; arc=none smtp.client-ip=195.135.223.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.cz Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [IPv6:2a07:de40:b281:104:10:150:64:97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id A349F5C442; Thu, 16 May 2024 13:30:26 +0000 (UTC) Authentication-Results: smtp-out2.suse.de; none Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 9714313991; Thu, 16 May 2024 13:30:26 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id /1pcJHIKRmbsCAAAD6G6ig (envelope-from ); Thu, 16 May 2024 13:30:26 +0000 From: Lukas Hruska To: pmladek@suse.com, mbenes@suse.cz, jpoimboe@kernel.org Cc: joe.lawrence@redhat.com, live-patching@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kbuild@vger.kernel.org, mpdesouza@suse.com, lhruska@suse.cz, Josh Poimboeuf Subject: [PATCH v2 3/6] kbuild/modpost: integrate klp-convert Date: Thu, 16 May 2024 15:30:06 +0200 Message-ID: <20240516133009.20224-4-lhruska@suse.cz> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240516133009.20224-1-lhruska@suse.cz> References: <20240516133009.20224-1-lhruska@suse.cz> Precedence: bulk X-Mailing-List: linux-kbuild@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Rspamd-Action: no action X-Rspamd-Server: rspamd1.dmz-prg2.suse.org X-Spam-Level: X-Spamd-Result: default: False [-4.00 / 50.00]; REPLY(-4.00)[] X-Spam-Flag: NO X-Spam-Score: -4.00 X-Rspamd-Queue-Id: A349F5C442 From: Josh Poimboeuf Call klp-convert for the livepatch modules after the final linking. Also update the modpost tool so that it does not warn about unresolved symbols matching the expected format which will be then resolved by klp-convert. Signed-off-by: Josh Poimboeuf Signed-off-by: Lukas Hruska Reviewed-by: Petr Mladek Reviewed-by: Marcos Paulo de Souza --- .gitignore | 1 + Makefile | 10 ++++++---- scripts/Makefile.modfinal | 15 +++++++++++++++ scripts/Makefile.modpost | 5 +++++ scripts/mod/modpost.c | 36 ++++++++++++++++++++++++++++++++++-- scripts/mod/modpost.h | 3 +++ 6 files changed, 64 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index c59dc60ba62e..9b7d492cac99 100644 --- a/.gitignore +++ b/.gitignore @@ -70,6 +70,7 @@ modules.order /Module.markers /modules.builtin /modules.builtin.modinfo +/modules.livepatch /modules.nsdeps # diff --git a/Makefile b/Makefile index 967e97878ecd..db06e5db21af 100644 --- a/Makefile +++ b/Makefile @@ -1095,6 +1095,7 @@ PHONY += prepare0 export extmod_prefix = $(if $(KBUILD_EXTMOD),$(KBUILD_EXTMOD)/) export MODORDER := $(extmod_prefix)modules.order export MODULES_NSDEPS := $(extmod_prefix)modules.nsdeps +export MODULES_LIVEPATCH := $(extmod_prefix)modules.livepatch ifeq ($(KBUILD_EXTMOD),) @@ -1453,8 +1454,8 @@ endif # # *.ko are usually independent of vmlinux, but CONFIG_DEBUG_INFO_BTF_MODULES -# is an exception. -ifdef CONFIG_DEBUG_INFO_BTF_MODULES +# and CONFIG_LIVEPATCH are exceptions. +ifneq ($(or $(CONFIG_DEBUG_INFO_BTF_MODULES),$(CONFIG_LIVEPATCH)),) KBUILD_BUILTIN := 1 modules: vmlinux endif @@ -1477,8 +1478,9 @@ endif # CONFIG_MODULES # Directories & files removed with 'make clean' CLEAN_FILES += vmlinux.symvers modules-only.symvers \ modules.builtin modules.builtin.modinfo modules.nsdeps \ - compile_commands.json .thinlto-cache rust/test \ - rust-project.json .vmlinux.objs .vmlinux.export.c + modules.livepatch compile_commands.json .thinlto-cache \ + rust/test rust-project.json .vmlinux.objs \ + .vmlinux.export.c # Directories & files removed with 'make mrproper' MRPROPER_FILES += include/config include/generated \ diff --git a/scripts/Makefile.modfinal b/scripts/Makefile.modfinal index 79fcf2731686..a2a162d204f6 100644 --- a/scripts/Makefile.modfinal +++ b/scripts/Makefile.modfinal @@ -14,6 +14,7 @@ include $(srctree)/scripts/Makefile.lib # find all modules listed in modules.order modules := $(call read-file, $(MODORDER)) +modules-klp := $(call read-file, $(MODULES_LIVEPATCH)) __modfinal: $(modules:%.o=%.ko) @: @@ -60,6 +61,20 @@ endif targets += $(modules:%.o=%.ko) $(modules:%.o=%.mod.o) +# Livepatch +# --------------------------------------------------------------------------- + +%.tmp.ko: %.o %.mod.o FORCE + +$(call if_changed,ld_ko_o) + +quiet_cmd_klp_convert = KLP $@ + cmd_klp_convert = scripts/livepatch/klp-convert $< $@ + +$(modules-klp:%.o=%.ko): %.ko: %.tmp.ko FORCE + $(call if_changed,klp_convert) + +targets += $(modules-klp:.ko=.tmp.ko) + # Add FORCE to the prequisites of a target to force it to be always rebuilt. # --------------------------------------------------------------------------- diff --git a/scripts/Makefile.modpost b/scripts/Makefile.modpost index 739402f45509..3c765c568e34 100644 --- a/scripts/Makefile.modpost +++ b/scripts/Makefile.modpost @@ -48,6 +48,7 @@ modpost-args = \ $(if $(KBUILD_MODPOST_WARN),-w) \ $(if $(KBUILD_NSDEPS),-d $(MODULES_NSDEPS)) \ $(if $(CONFIG_MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS)$(KBUILD_NSDEPS),-N) \ + $(if $(CONFIG_LIVEPATCH),-l $(MODULES_LIVEPATCH)) \ $(if $(findstring 1, $(KBUILD_EXTRA_WARN)),-W) \ -o $@ @@ -145,6 +146,10 @@ $(output-symdump): $(modpost-deps) FORCE $(call if_changed,modpost) __modpost: $(output-symdump) +ifndef CONFIG_LIVEPATCH + $(Q)rm -f $(MODULES_LIVEPATCH) + $(Q)touch $(MODULES_LIVEPATCH) +endif PHONY += FORCE FORCE: diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c index 2f5b91da5afa..15d7d2de653e 100644 --- a/scripts/mod/modpost.c +++ b/scripts/mod/modpost.c @@ -1654,6 +1654,10 @@ static void read_symbols(const char *modname) } } + /* Livepatch modules have unresolved symbols resolved by klp-convert */ + if (get_modinfo(&info, "livepatch")) + mod->is_livepatch = true; + if (extra_warn && !get_modinfo(&info, "description")) warn("missing MODULE_DESCRIPTION() in %s\n", modname); for (sym = info.symtab_start; sym < info.symtab_stop; sym++) { @@ -1742,10 +1746,18 @@ static void check_exports(struct module *mod) const char *basename; exp = find_symbol(s->name); if (!exp) { - if (!s->weak && nr_unresolved++ < MAX_UNRESOLVED_REPORTS) + if (!s->weak && nr_unresolved++ < MAX_UNRESOLVED_REPORTS) { + /* + * In case of livepatch module we allow + * unresolved symbol with a specific format + */ + if (mod->is_livepatch && + strncmp(s->name, KLP_SYM_RELA, strlen(KLP_SYM_RELA)) == 0) + break; modpost_log(warn_unresolved ? LOG_WARN : LOG_ERROR, "\"%s\" [%s.ko] undefined!\n", s->name, mod->name); + } continue; } if (exp->module == mod) { @@ -2178,6 +2190,20 @@ static void write_namespace_deps_files(const char *fname) free(ns_deps_buf.p); } +static void write_livepatch_modules(const char *fname) +{ + struct buffer buf = { }; + struct module *mod; + + list_for_each_entry(mod, &modules, list) { + if (mod->is_livepatch) + buf_printf(&buf, "%s.o\n", mod->name); + } + + write_if_changed(&buf, fname); + free(buf.p); +} + struct dump_list { struct list_head list; const char *file; @@ -2189,11 +2215,12 @@ int main(int argc, char **argv) char *missing_namespace_deps = NULL; char *unused_exports_white_list = NULL; char *dump_write = NULL, *files_source = NULL; + char *livepatch_modules = NULL; int opt; LIST_HEAD(dump_lists); struct dump_list *dl, *dl2; - while ((opt = getopt(argc, argv, "ei:MmnT:to:au:WwENd:")) != -1) { + while ((opt = getopt(argc, argv, "ei:l:MmnT:to:au:WwENd:")) != -1) { switch (opt) { case 'e': external_module = true; @@ -2206,6 +2233,9 @@ int main(int argc, char **argv) case 'M': module_enabled = true; break; + case 'l': + livepatch_modules = optarg; + break; case 'm': modversions = true; break; @@ -2285,6 +2315,8 @@ int main(int argc, char **argv) if (dump_write) write_dump(dump_write); + if (livepatch_modules) + write_livepatch_modules(livepatch_modules); if (sec_mismatch_count && !sec_mismatch_warn_only) error("Section mismatches detected.\n" "Set CONFIG_SECTION_MISMATCH_WARN_ONLY=y to allow them.\n"); diff --git a/scripts/mod/modpost.h b/scripts/mod/modpost.h index ee43c7950636..7a82460cc4d6 100644 --- a/scripts/mod/modpost.h +++ b/scripts/mod/modpost.h @@ -76,6 +76,8 @@ #define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0])) +#define KLP_SYM_RELA ".klp.sym.rela." + void *do_nofail(void *ptr, const char *expr); struct buffer { @@ -97,6 +99,7 @@ struct module { bool is_gpl_compatible; bool from_dump; /* true if module was loaded from *.symvers */ bool is_vmlinux; + bool is_livepatch; bool seen; bool has_init; bool has_cleanup; From patchwork Thu May 16 13:30:07 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lukas Hruska X-Patchwork-Id: 13666219 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.223.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 35A711482E4; Thu, 16 May 2024 13:30:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.135.223.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715866232; cv=none; b=j8A0DfHY91OSGmPpBWasgqZ0Zd1yvALiHat2QOSH2EXfHcE0492THMYnXteZe7UXODMhPkF3WxCOfbiUSsTSjsCWCg4lZzqKRyOEeI0Cc3/5ITdmi9+6y2APlyW9ta2zsOdGp9ZtS9l+hYYHWS9wOb9GZi/j69GMQKD5VAjBEDg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715866232; c=relaxed/simple; bh=/a8ibU8/gXITbtEi7U+oftRxDNY7QKjObu2iWv+fd7Y=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=lGOodRbfeQ1qc3JOhOMDTRTPlmOPtvrTv6dgun1CwX0SK2pUUvri2SOEDDaupKXMmZtAmSDn4sIQW+hGdnVXkPF9tJiz6AkQDvGNvlHuigafRe7hEQtqnL7NWlKlf6Oko/v4v4orQ1VXcvcQzEBtlOPzDVZEgGypRCgegEENznA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz; spf=pass smtp.mailfrom=suse.cz; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b=hr4AQaQM; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b=X//hLmyB; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b=hr4AQaQM; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b=X//hLmyB; arc=none smtp.client-ip=195.135.223.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.cz Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b="hr4AQaQM"; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b="X//hLmyB"; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b="hr4AQaQM"; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b="X//hLmyB" Received: from imap1.dmz-prg2.suse.org (unknown [10.150.64.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 40C805C444; Thu, 16 May 2024 13:30:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1715866228; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=lnZFo3Iy+J1iEPCpBsqGDWmm+yj4ryikbowVcS024io=; b=hr4AQaQM/lhBp2UTL7t/9BhCAZ2BNZbFA0KCAx4U9KF4u/AxFtJ/IWhnk7xpD3+63E5cGu wVv5GJ9+u0BcMyaRPj40Vkci2MsM2WadKv7/438SieArwhtZi+kA4gN0eykpKjsleLq+hM xpVKDIz42ZNjgr918xcNFsntPvO4+lA= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1715866228; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=lnZFo3Iy+J1iEPCpBsqGDWmm+yj4ryikbowVcS024io=; b=X//hLmyB9NtGZhGGvlMlLt36v97uQwEB4a0N6P1GkHk6+M5YNfqdVK+d1NPNGFD6AC5PHS 9X6JenhJupNZAOAg== Authentication-Results: smtp-out2.suse.de; none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1715866228; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=lnZFo3Iy+J1iEPCpBsqGDWmm+yj4ryikbowVcS024io=; b=hr4AQaQM/lhBp2UTL7t/9BhCAZ2BNZbFA0KCAx4U9KF4u/AxFtJ/IWhnk7xpD3+63E5cGu wVv5GJ9+u0BcMyaRPj40Vkci2MsM2WadKv7/438SieArwhtZi+kA4gN0eykpKjsleLq+hM xpVKDIz42ZNjgr918xcNFsntPvO4+lA= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1715866228; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=lnZFo3Iy+J1iEPCpBsqGDWmm+yj4ryikbowVcS024io=; b=X//hLmyB9NtGZhGGvlMlLt36v97uQwEB4a0N6P1GkHk6+M5YNfqdVK+d1NPNGFD6AC5PHS 9X6JenhJupNZAOAg== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 3637A13991; Thu, 16 May 2024 13:30:28 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id JqnbDHQKRmZ5CQAAD6G6ig (envelope-from ); Thu, 16 May 2024 13:30:28 +0000 From: Lukas Hruska To: pmladek@suse.com, mbenes@suse.cz, jpoimboe@kernel.org Cc: joe.lawrence@redhat.com, live-patching@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kbuild@vger.kernel.org, mpdesouza@suse.com, lhruska@suse.cz, Josh Poimboeuf Subject: [PATCH v2 4/6] livepatch: Add sample livepatch module Date: Thu, 16 May 2024 15:30:07 +0200 Message-ID: <20240516133009.20224-5-lhruska@suse.cz> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240516133009.20224-1-lhruska@suse.cz> References: <20240516133009.20224-1-lhruska@suse.cz> Precedence: bulk X-Mailing-List: linux-kbuild@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Spam-Flag: NO X-Spam-Score: -6.80 X-Spam-Level: X-Spamd-Result: default: False [-6.80 / 50.00]; REPLY(-4.00)[]; BAYES_HAM(-3.00)[100.00%]; MID_CONTAINS_FROM(1.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; R_MISSING_CHARSET(0.50)[]; NEURAL_HAM_SHORT(-0.20)[-1.000]; MIME_GOOD(-0.10)[text/plain]; RCPT_COUNT_SEVEN(0.00)[10]; RCVD_VIA_SMTP_AUTH(0.00)[]; MIME_TRACE(0.00)[0:+]; ARC_NA(0.00)[]; DKIM_SIGNED(0.00)[suse.cz:s=susede2_rsa,suse.cz:s=susede2_ed25519]; FUZZY_BLOCKED(0.00)[rspamd.com]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; DBL_BLOCKED_OPENRESOLVER(0.00)[suse.com:email,suse.cz:email,imap1.dmz-prg2.suse.org:helo]; RCVD_COUNT_TWO(0.00)[2]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_TLS_ALL(0.00)[] From: Josh Poimboeuf Add a new livepatch sample in samples/livepatch/ to make use of symbols that must be post-processed to enable load-time relocation resolution. As the new sample is to be used as an example, it is annotated with KLP_RELOC_SYMBOL macro. The livepatch sample updates the function cmdline_proc_show to print the string referenced by the symbol saved_command_line appended by the string "livepatch=1". Signed-off-by: Josh Poimboeuf Signed-off-by: Lukas Hruska Reviewed-by: Petr Mladek --- samples/livepatch/Makefile | 1 + samples/livepatch/livepatch-extern-symbol.c | 84 +++++++++++++++++++++ 2 files changed, 85 insertions(+) create mode 100644 samples/livepatch/livepatch-extern-symbol.c diff --git a/samples/livepatch/Makefile b/samples/livepatch/Makefile index 9f853eeb6140..f2b41f4d6c16 100644 --- a/samples/livepatch/Makefile +++ b/samples/livepatch/Makefile @@ -6,3 +6,4 @@ obj-$(CONFIG_SAMPLE_LIVEPATCH) += livepatch-shadow-fix2.o obj-$(CONFIG_SAMPLE_LIVEPATCH) += livepatch-callbacks-demo.o obj-$(CONFIG_SAMPLE_LIVEPATCH) += livepatch-callbacks-mod.o obj-$(CONFIG_SAMPLE_LIVEPATCH) += livepatch-callbacks-busymod.o +obj-$(CONFIG_SAMPLE_LIVEPATCH) += livepatch-annotated-sample.o diff --git a/samples/livepatch/livepatch-extern-symbol.c b/samples/livepatch/livepatch-extern-symbol.c new file mode 100644 index 000000000000..276a43d157b4 --- /dev/null +++ b/samples/livepatch/livepatch-extern-symbol.c @@ -0,0 +1,84 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright (C) 2014 Seth Jennings + */ + +/* + * livepatch-extern-symbol.c - Kernel Live Patching Sample Module + */ + +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt + +#include +#include +#include + +/* + * This (dumb) live patch overrides the function that prints the + * kernel boot cmdline when /proc/cmdline is read. + * + * This livepatch uses the symbol saved_command_line whose relocation + * must be resolved during load time. To enable that, this module + * must be post-processed by a tool called klp-convert, which embeds + * information to be used by the loader to solve the relocation. + * + * The module is annotated with KLP_RELOC_SYMBOL macros. + * These annotations are used by klp-convert to infer that the symbol + * saved_command_line is in the object vmlinux. + * + * Example: + * + * $ cat /proc/cmdline + * + * + * $ insmod livepatch-sample.ko + * $ cat /proc/cmdline + * livepatch=1 + * + * $ echo 0 > /sys/kernel/livepatch/livepatch_sample/enabled + * $ cat /proc/cmdline + * + */ + +extern char *saved_command_line \ + KLP_RELOC_SYMBOL(vmlinux, vmlinux, saved_command_line); + +#include +static int livepatch_cmdline_proc_show(struct seq_file *m, void *v) +{ + seq_printf(m, "%s livepatch=1\n", saved_command_line); + return 0; +} + +static struct klp_func funcs[] = { + { + .old_name = "cmdline_proc_show", + .new_func = livepatch_cmdline_proc_show, + }, { } +}; + +static struct klp_object objs[] = { + { + /* name being NULL means vmlinux */ + .funcs = funcs, + }, { } +}; + +static struct klp_patch patch = { + .mod = THIS_MODULE, + .objs = objs, +}; + +static int livepatch_init(void) +{ + return klp_enable_patch(&patch); +} + +static void livepatch_exit(void) +{ +} + +module_init(livepatch_init); +module_exit(livepatch_exit); +MODULE_LICENSE("GPL"); +MODULE_INFO(livepatch, "Y"); From patchwork Thu May 16 13:30:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lukas Hruska X-Patchwork-Id: 13666220 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.223.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8EC1E14D446; Thu, 16 May 2024 13:30:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.135.223.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715866237; cv=none; b=mfmFT5sjKdpvjgj2Oa0YwHxReFeskHsFvIBDaIIhJGz62ZjUUF4Ih8WiFRXRxPYwfc1ZEuon+GZ2rNYZXJKNL/o6U3z0fFaxB0MLb7qWz9C6dTEY1bJgW4M4XKcom6zvqU0kOl+CKNlsBR40JJEiryxcznXZPYb2orThnMhzur8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715866237; c=relaxed/simple; bh=wyqwzplBP+XVgieQKpS9endqaVKStGMZs5g8jIJu0Wc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=lMxMi/d9K2huj+mS4iT3gtsFxKoTQ9aRvxTtn8pgsbYL85eoFEWXDHWQ/zW3POZv41qwwT3+uT/CqAb+Yo3Vv0LeVSOLgL0j5LKMsSR+ZVPgv+xIKQ8+7of+BYm2hyscBdBAm5TD3a/sm736h4+6kAloJW98f1rvf7ggtBKSLdw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz; spf=pass smtp.mailfrom=suse.cz; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b=JHhrBQLu; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b=UYyQGWGQ; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b=JHhrBQLu; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b=UYyQGWGQ; arc=none smtp.client-ip=195.135.223.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.cz Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b="JHhrBQLu"; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b="UYyQGWGQ"; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b="JHhrBQLu"; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b="UYyQGWGQ" Received: from imap1.dmz-prg2.suse.org (unknown [10.150.64.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 036DF5C445; Thu, 16 May 2024 13:30:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1715866234; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=vXcaIUojiFzTn6/C8B2DBrSfDgG5AlW/ecRlVb4q+Eo=; b=JHhrBQLuSwXo1lWexQlFVf86XG7bIaPsH8UQ1UJIScgYcE5BxlLcZ194cltsq/q2SUoXVF qPti+nnUHrOocLupU6jF/EoVJB68wfeK8dTMLCOoYKyLQAfwaiuohQxKXX+vKD/1NVLEar Szsqz/bUG4o1EQI4cQrQ9xmJmWhJ2Tw= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1715866234; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=vXcaIUojiFzTn6/C8B2DBrSfDgG5AlW/ecRlVb4q+Eo=; b=UYyQGWGQojMU525jhS1gYJFAl7q8DA04Nj5VBDkLVKz3c+WeO8dpQT7hIzGKxy/XeXbHiU yoZpi9mpMU0YffCw== Authentication-Results: smtp-out2.suse.de; none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1715866234; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=vXcaIUojiFzTn6/C8B2DBrSfDgG5AlW/ecRlVb4q+Eo=; b=JHhrBQLuSwXo1lWexQlFVf86XG7bIaPsH8UQ1UJIScgYcE5BxlLcZ194cltsq/q2SUoXVF qPti+nnUHrOocLupU6jF/EoVJB68wfeK8dTMLCOoYKyLQAfwaiuohQxKXX+vKD/1NVLEar Szsqz/bUG4o1EQI4cQrQ9xmJmWhJ2Tw= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1715866234; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=vXcaIUojiFzTn6/C8B2DBrSfDgG5AlW/ecRlVb4q+Eo=; b=UYyQGWGQojMU525jhS1gYJFAl7q8DA04Nj5VBDkLVKz3c+WeO8dpQT7hIzGKxy/XeXbHiU yoZpi9mpMU0YffCw== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id EBD6D13991; Thu, 16 May 2024 13:30:33 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id Rx6yOHkKRmZJCwAAD6G6ig (envelope-from ); Thu, 16 May 2024 13:30:33 +0000 From: Lukas Hruska To: pmladek@suse.com, mbenes@suse.cz, jpoimboe@kernel.org Cc: joe.lawrence@redhat.com, live-patching@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kbuild@vger.kernel.org, mpdesouza@suse.com, lhruska@suse.cz Subject: [PATCH v2 5/6] documentation: Update on livepatch elf format Date: Thu, 16 May 2024 15:30:08 +0200 Message-ID: <20240516133009.20224-6-lhruska@suse.cz> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240516133009.20224-1-lhruska@suse.cz> References: <20240516133009.20224-1-lhruska@suse.cz> Precedence: bulk X-Mailing-List: linux-kbuild@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Spam-Flag: NO X-Spam-Score: -6.80 X-Spam-Level: X-Spamd-Result: default: False [-6.80 / 50.00]; REPLY(-4.00)[]; BAYES_HAM(-3.00)[100.00%]; NEURAL_HAM_LONG(-1.00)[-1.000]; MID_CONTAINS_FROM(1.00)[]; R_MISSING_CHARSET(0.50)[]; NEURAL_HAM_SHORT(-0.20)[-1.000]; MIME_GOOD(-0.10)[text/plain]; ARC_NA(0.00)[]; FUZZY_BLOCKED(0.00)[rspamd.com]; RCPT_COUNT_SEVEN(0.00)[9]; RCVD_VIA_SMTP_AUTH(0.00)[]; DKIM_SIGNED(0.00)[suse.cz:s=susede2_rsa,suse.cz:s=susede2_ed25519]; DBL_BLOCKED_OPENRESOLVER(0.00)[suse.cz:email,imap1.dmz-prg2.suse.org:helo,suse.com:email]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; MIME_TRACE(0.00)[0:+]; TO_DN_NONE(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_TLS_ALL(0.00)[] Add a section to Documentation/livepatch/module-elf-format.rst describing how klp-convert works for fixing relocations. Signed-off-by: Lukas Hruska Reviewed-by: Petr Mladek Reviewed-by: Marcos Paulo de Souza --- Documentation/livepatch/module-elf-format.rst | 67 +++++++++++++++++++ 1 file changed, 67 insertions(+) diff --git a/Documentation/livepatch/module-elf-format.rst b/Documentation/livepatch/module-elf-format.rst index a03ed02ec57e..2aa9b11cd806 100644 --- a/Documentation/livepatch/module-elf-format.rst +++ b/Documentation/livepatch/module-elf-format.rst @@ -300,3 +300,70 @@ symbol table, and relocation section indices, ELF information is preserved for livepatch modules and is made accessible by the module loader through module->klp_info, which is a :c:type:`klp_modinfo` struct. When a livepatch module loads, this struct is filled in by the module loader. + +6. klp-convert tool +=================== +The livepatch relocation sections might be created using +scripts/livepatch/klp-convert. It is called automatically during +the build as part of a module post processing. + +The tool is not able to find the symbols and all the metadata +automatically. Instead, all needed information must already be +part of rela entry for the given symbol. Such a rela can +be created easily by using KLP_RELOC_SYMBOL() macro after +the symbol declaration. + +KLP_RELOC_SYMBOL causes that the relocation entries for +the given symbol will be created in the following format:: + + .klp.sym.rela.lp_object.sym_object.sym_name,sympos + ^ ^ ^ ^ ^ ^ ^ ^ ^ + |___________| |_______| |________| |______| | + [A] [B] [C] [D] [E] + +[A] + The symbol name is prefixed with the string ".klp.sym.rela." + +[B] + The name of the object (i.e. "vmlinux" or name of module) which + is livepatched. + +[C] + The name of the object (i.e. "vmlinux" or name of module) to + which the symbol belongs follows immediately after the prefix. + +[D] + The actual name of the symbol. + +[E] + The position of the symbol in the object (as according to kallsyms) + This is used to differentiate duplicate symbols within the same + object. The symbol position is expressed numerically (0, 1, 2...). + The symbol position of a unique symbol is 0. + +Example: +-------- +**Livepatch source code:** + +:: + + extern char *saved_command_line \ + KLP_RELOC_SYMBOL(vmlinux, vmlinux, saved_command_line, 0); + +**`readelf -r -W` output of compiled module:** + +:: + + Relocation section '.rela.text' at offset 0x32e60 contains 10 entries: + Offset Info Type Symbol's Value Symbol's Name + Addend + ... + 0000000000000068 0000003c00000002 R_X86_64_PC32 0000000000000000 .klp.sym.rela.vmlinux.vmlinux.saved_command_line,0 - 4 + ... + +**`readelf -r -W` output of transformed module by klp-convert:** + +:: + + Relocation section '.klp.rela.vmlinux.text' at offset 0x5cb60 contains 1 entry: + Offset Info Type Symbol's Value Symbol's Name + Addend + 0000000000000068 0000003c00000002 R_X86_64_PC32 0000000000000000 .klp.sym.vmlinux.saved_command_line,0 - 4 From patchwork Thu May 16 13:30:09 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lukas Hruska X-Patchwork-Id: 13666221 Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4F38414D71A; Thu, 16 May 2024 13:30:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.135.223.130 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715866243; cv=none; b=tf3hDu3cPJX/6LpOLJysy8I/Cc7RuYONHysYB4RkqnCoMNFwSKUWDaWS5t80PmxDczbWN/JJEsRmzpQpYAijT1ji0QnRmcSSJba9ob07fHy21rq8g+aR4V0vY0en7MaQ8kml3BIcWCYOWx6CCKmI4zaAyG6r2kwd5HaQZBTHl9k= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715866243; c=relaxed/simple; bh=piBfHsdrx+bDkPiULo4ylAnu5ZGbeLfxNVM1FW2By5I=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=AS3gQFAfBSSvLbR6X0O1a8hb2eK+5rSJQlc4eDhBnX9fGHWYKL4loXQIPL4jzJrRIytsJcjIj49TmU1y/HnQaezPVI9CxXUvLfe49k5M5lN0KNUkREtFKuG9d248q9Z8VW7Gq+RSkqeCAq3Um/Movkdl9+Iknv3I45z0oCJ3ByU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz; spf=pass smtp.mailfrom=suse.cz; arc=none smtp.client-ip=195.135.223.130 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.cz Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [IPv6:2a07:de40:b281:104:10:150:64:97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 94170349E1; Thu, 16 May 2024 13:30:39 +0000 (UTC) Authentication-Results: smtp-out1.suse.de; none Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 8786113991; Thu, 16 May 2024 13:30:39 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id OYRbIH8KRmYkDQAAD6G6ig (envelope-from ); Thu, 16 May 2024 13:30:39 +0000 From: Lukas Hruska To: pmladek@suse.com, mbenes@suse.cz, jpoimboe@kernel.org Cc: joe.lawrence@redhat.com, live-patching@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kbuild@vger.kernel.org, mpdesouza@suse.com, lhruska@suse.cz Subject: [PATCH v2 6/6] selftests: livepatch: Test livepatching function using an external symbol Date: Thu, 16 May 2024 15:30:09 +0200 Message-ID: <20240516133009.20224-7-lhruska@suse.cz> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240516133009.20224-1-lhruska@suse.cz> References: <20240516133009.20224-1-lhruska@suse.cz> Precedence: bulk X-Mailing-List: linux-kbuild@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spam-Level: X-Spamd-Result: default: False [-4.00 / 50.00]; REPLY(-4.00)[] X-Spam-Flag: NO X-Spam-Score: -4.00 X-Rspamd-Queue-Id: 94170349E1 X-Rspamd-Server: rspamd2.dmz-prg2.suse.org X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Rspamd-Action: no action The test proves that klp-convert works as intended and it is possible to livepatch a function that use an external symbol. Signed-off-by: Lukas Hruska Reviewed-by: Petr Mladek Tested-by: Petr Mladek --- .../testing/selftests/livepatch/functions.sh | 16 +++++- .../selftests/livepatch/test-extern.sh | 57 +++++++++++++++++++ .../selftests/livepatch/test_modules/Makefile | 2 + .../livepatch/test_modules/test_klp_extern.c | 51 +++++++++++++++++ .../test_modules/test_klp_extern_hello.c | 36 ++++++++++++ 5 files changed, 161 insertions(+), 1 deletion(-) create mode 100755 tools/testing/selftests/livepatch/test-extern.sh create mode 100644 tools/testing/selftests/livepatch/test_modules/test_klp_extern.c create mode 100644 tools/testing/selftests/livepatch/test_modules/test_klp_extern_hello.c diff --git a/tools/testing/selftests/livepatch/functions.sh b/tools/testing/selftests/livepatch/functions.sh index fc4c6a016d38..801d55dc06ac 100644 --- a/tools/testing/selftests/livepatch/functions.sh +++ b/tools/testing/selftests/livepatch/functions.sh @@ -7,6 +7,7 @@ MAX_RETRIES=600 RETRY_INTERVAL=".1" # seconds KLP_SYSFS_DIR="/sys/kernel/livepatch" +MODULE_SYSFS_DIR="/sys/module" # Kselftest framework requirement - SKIP code is 4 ksft_skip=4 @@ -299,7 +300,7 @@ function check_result { result=$(dmesg | awk -v last_dmesg="$LAST_DMESG" 'p; $0 == last_dmesg { p=1 }' | \ grep -e 'livepatch:' -e 'test_klp' | \ grep -v '\(tainting\|taints\) kernel' | \ - sed 's/^\[[ 0-9.]*\] //') + sed 's/^\[[ 0-9.]*\] //' | sed 's/^test_klp_log: //') if [[ "$expect" == "$result" ]] ; then echo "ok" @@ -344,3 +345,16 @@ function check_sysfs_value() { die "Unexpected value in $path: $expected_value vs. $value" fi } + +# read_module_param_value(modname, param) - read module parameter value +# modname - livepatch module creating the sysfs interface +# param - parameter name +function read_module_param() { + local mod="$1"; shift + local param="$1"; shift + + local path="$MODULE_SYSFS_DIR/$mod/parameters/$param" + + log "% echo \"$mod/parameters/$param: \$(cat $path)\"" + log "$mod/parameters/$param: $(cat $path)" +} diff --git a/tools/testing/selftests/livepatch/test-extern.sh b/tools/testing/selftests/livepatch/test-extern.sh new file mode 100755 index 000000000000..3dde6cabb07c --- /dev/null +++ b/tools/testing/selftests/livepatch/test-extern.sh @@ -0,0 +1,57 @@ +#!/bin/bash +# SPDX-License-Identifier: GPL-2.0 +# Copyright (C) 2024 Lukas Hruska + +. $(dirname $0)/functions.sh + +MOD_LIVEPATCH=test_klp_extern +MOD_HELLO=test_klp_extern_hello +PARAM_HELLO=hello + +setup_config + +# - load a module to be livepatched +# - load a livepatch that modifies the output from 'hello' parameter +# of the previously loaded module and verify correct behaviour +# - unload the livepatch and make sure the patch was removed +# - unload the module that was livepatched + +start_test "livepatch with external symbol" + +load_mod $MOD_HELLO + +read_module_param $MOD_HELLO $PARAM_HELLO + +load_lp $MOD_LIVEPATCH + +read_module_param $MOD_HELLO $PARAM_HELLO + +disable_lp $MOD_LIVEPATCH +unload_lp $MOD_LIVEPATCH + +read_module_param $MOD_HELLO $PARAM_HELLO + +unload_mod $MOD_HELLO + +check_result "% insmod test_modules/$MOD_HELLO.ko +% echo \"$MOD_HELLO/parameters/$PARAM_HELLO: \$(cat /sys/module/$MOD_HELLO/parameters/$PARAM_HELLO)\" +$MOD_HELLO/parameters/$PARAM_HELLO: Hello from kernel module. +% insmod test_modules/$MOD_LIVEPATCH.ko +livepatch: enabling patch '$MOD_LIVEPATCH' +livepatch: '$MOD_LIVEPATCH': initializing patching transition +livepatch: '$MOD_LIVEPATCH': starting patching transition +livepatch: '$MOD_LIVEPATCH': completing patching transition +livepatch: '$MOD_LIVEPATCH': patching complete +% echo \"$MOD_HELLO/parameters/$PARAM_HELLO: \$(cat /sys/module/$MOD_HELLO/parameters/$PARAM_HELLO)\" +$MOD_HELLO/parameters/$PARAM_HELLO: Hello from livepatched module. +% echo 0 > /sys/kernel/livepatch/$MOD_LIVEPATCH/enabled +livepatch: '$MOD_LIVEPATCH': initializing unpatching transition +livepatch: '$MOD_LIVEPATCH': starting unpatching transition +livepatch: '$MOD_LIVEPATCH': completing unpatching transition +livepatch: '$MOD_LIVEPATCH': unpatching complete +% rmmod $MOD_LIVEPATCH +% echo \"$MOD_HELLO/parameters/$PARAM_HELLO: \$(cat /sys/module/$MOD_HELLO/parameters/$PARAM_HELLO)\" +$MOD_HELLO/parameters/$PARAM_HELLO: Hello from kernel module. +% rmmod $MOD_HELLO" + +exit 0 diff --git a/tools/testing/selftests/livepatch/test_modules/Makefile b/tools/testing/selftests/livepatch/test_modules/Makefile index e6e638c4bcba..0d6df14787da 100644 --- a/tools/testing/selftests/livepatch/test_modules/Makefile +++ b/tools/testing/selftests/livepatch/test_modules/Makefile @@ -6,6 +6,8 @@ obj-m += test_klp_atomic_replace.o \ test_klp_callbacks_demo.o \ test_klp_callbacks_demo2.o \ test_klp_callbacks_mod.o \ + test_klp_extern.o \ + test_klp_extern_hello.o \ test_klp_livepatch.o \ test_klp_state.o \ test_klp_state2.o \ diff --git a/tools/testing/selftests/livepatch/test_modules/test_klp_extern.c b/tools/testing/selftests/livepatch/test_modules/test_klp_extern.c new file mode 100644 index 000000000000..2a88ae289668 --- /dev/null +++ b/tools/testing/selftests/livepatch/test_modules/test_klp_extern.c @@ -0,0 +1,51 @@ +// SPDX-License-Identifier: GPL-2.0 +// Copyright (C) 2024 Lukas Hruska + +#define pr_fmt(fmt) "test_klp_extern_hello: " fmt + +#include +#include +#include + +extern const char *hello_msg \ + KLP_RELOC_SYMBOL(test_klp_extern_hello, test_klp_extern_hello, hello_msg); + +static int hello_get(char *buffer, const struct kernel_param *kp) +{ + return sysfs_emit(buffer, "%s livepatched module.\n", hello_msg); +} + +static struct klp_func funcs[] = { + { + .old_name = "hello_get", + .new_func = hello_get, + }, { } +}; + +static struct klp_object objs[] = { + { + .name = "test_klp_extern_hello", + .funcs = funcs, + }, { } +}; + +static struct klp_patch patch = { + .mod = THIS_MODULE, + .objs = objs, +}; + +static int test_klp_extern_init(void) +{ + return klp_enable_patch(&patch); +} + +static void test_klp_extern_exit(void) +{ +} + +module_init(test_klp_extern_init); +module_exit(test_klp_extern_exit); +MODULE_LICENSE("GPL"); +MODULE_INFO(livepatch, "Y"); +MODULE_AUTHOR("Lukas Hruska "); +MODULE_DESCRIPTION("Livepatch test: external symbol relocation"); diff --git a/tools/testing/selftests/livepatch/test_modules/test_klp_extern_hello.c b/tools/testing/selftests/livepatch/test_modules/test_klp_extern_hello.c new file mode 100644 index 000000000000..58ce4e655eee --- /dev/null +++ b/tools/testing/selftests/livepatch/test_modules/test_klp_extern_hello.c @@ -0,0 +1,36 @@ +// SPDX-License-Identifier: GPL-2.0 +// Copyright (C) 2024 Lukas Hruska + +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt + +#include +#include + +const char *hello_msg = "Hello from"; + +static int hello_get(char *buffer, const struct kernel_param *kp) +{ + return sysfs_emit(buffer, "%s kernel module.\n", hello_msg); +} + +static const struct kernel_param_ops hello_ops = { + .get = hello_get +}; + +module_param_cb(hello, &hello_ops, NULL, 0400); +MODULE_PARM_DESC(hello, "Read only parameter greeting the reader."); + +static int test_klp_extern_hello_init(void) +{ + return 0; +} + +static void test_klp_extern_hello_exit(void) +{ +} + +module_init(test_klp_extern_hello_init); +module_exit(test_klp_extern_hello_exit); +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Lukas Hruska "); +MODULE_DESCRIPTION("Livepatch test: external symbol relocation - test module");