kpatch/kmod/core/kpatch.h

/*
 * kpatch.h
 *
 * Copyright (C) 2014 Seth Jennings <sjenning@redhat.com>
 * Copyright (C) 2013-2014 Josh Poimboeuf <jpoimboe@redhat.com>
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, see <https://www.gnu.org/licenses/>.
 *
 * Contains the API for the core kpatch module used by the patch modules
 */

#ifndef _KPATCH_H_
#define _KPATCH_H_

#include <linux/types.h>
#include <linux/module.h>

enum kpatch_op {
	KPATCH_OP_NONE,
	KPATCH_OP_PATCH,
	KPATCH_OP_UNPATCH,
};

struct kpatch_func {
	/* public */
	unsigned long new_addr;
	unsigned long new_size;
	unsigned long old_addr;
	unsigned long old_size;

	/* private */
	struct hlist_node node;
	struct kpatch_module *kpmod;
	enum kpatch_op op;
};

struct kpatch_module {
	struct module *mod;
	struct kpatch_func *funcs;
	int num_funcs;

	bool enabled;
};

extern struct kobject *kpatch_patches_kobj;

extern int kpatch_register(struct kpatch_module *kpmod, bool replace);
extern int kpatch_unregister(struct kpatch_module *kpmod);

#endif /* _KPATCH_H_ */
add documentation to core kmod files Signed-off-by: Seth Jennings <sjenning@redhat.com> 2014-02-11 20:01:00 +00:00			`/*`
			`* kpatch.h`
			`*`
			`* Copyright (C) 2014 Seth Jennings <sjenning@redhat.com>`
kmod/core: remove unused old_func_name field Not needed, we can always add it again later if needed (for sanity checks, maybe) 2014-03-13 20:08:08 +00:00			`* Copyright (C) 2013-2014 Josh Poimboeuf <jpoimboe@redhat.com>`
add documentation to core kmod files Signed-off-by: Seth Jennings <sjenning@redhat.com> 2014-02-11 20:01:00 +00:00			`*`
add GPLv2 headers to source files 2014-03-05 03:34:03 +00:00			`* This program is free software; you can redistribute it and/or`
			`* modify it under the terms of the GNU General Public License`
			`* as published by the Free Software Foundation; either version 2`
			`* of the License, or (at your option) any later version.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU General Public License`
kmod/core: checkpatch and sparse fixes - checkpatch doesn't like the FSF address since it's subject to change - checkpatch doesn't like strings split by line - whitespace fix - sparse suggested to change some variables and functions to static 2014-05-01 17:19:41 +00:00			`* along with this program; if not, see <https://www.gnu.org/licenses/>.`
add GPLv2 headers to source files 2014-03-05 03:34:03 +00:00			`*`
use consistent naming for core and patch modules 2014-02-13 16:51:00 +00:00			`* Contains the API for the core kpatch module used by the patch modules`
add documentation to core kmod files Signed-off-by: Seth Jennings <sjenning@redhat.com> 2014-02-11 20:01:00 +00:00			`*/`

major rewrite to per-section function/data model Signed-off-by: Seth Jennings <sjenning@redhat.com> 2014-02-11 16:25:48 +00:00			`#ifndef _KPATCH_H_`
			`#define _KPATCH_H_`

kmod/core: update API and use hash table My apologies for the size of this commit. I combined these two features (updating API and using a hash table) into a single commit because their implementations are tightly coupled and I didn't want to have to add support for the old kpatch_funcs array with the new API just for the sake of splitting up the commit :-) - Update the core module API to get a more clear separation between core module and patch module. This is cleaner and will help our case for getting the core module merged upstream into the kernel. - Convert the old kpatch_funcs array into a hash table. This is so much nicer performance-wise and everything-else-wise than that ugly old array. - Do the incremental patching in stop machine. This ensures that the funcs hash is up to date and we don't miss anything. - Disable preemption in the ftrace handler when accessing the func hash. That way we don't get conflicts with the stop_machine handler updating the hash. 2014-03-14 21:41:00 +00:00			`#include <linux/types.h>`
add include linux/module.h to kpatch.h Needed for the module and kobject structs. 2014-04-28 18:24:04 +00:00			`#include <linux/module.h>`
kmod/core: update API and use hash table My apologies for the size of this commit. I combined these two features (updating API and using a hash table) into a single commit because their implementations are tightly coupled and I didn't want to have to add support for the old kpatch_funcs array with the new API just for the sake of splitting up the commit :-) - Update the core module API to get a more clear separation between core module and patch module. This is cleaner and will help our case for getting the core module merged upstream into the kernel. - Convert the old kpatch_funcs array into a hash table. This is so much nicer performance-wise and everything-else-wise than that ugly old array. - Do the incremental patching in stop machine. This ensures that the funcs hash is up to date and we don't miss anything. - Disable preemption in the ftrace handler when accessing the func hash. That way we don't get conflicts with the stop_machine handler updating the hash. 2014-03-14 21:41:00 +00:00
kmod/core: make func->op an enum 2014-04-30 18:26:29 +00:00			`enum kpatch_op {`
			`KPATCH_OP_NONE,`
			`KPATCH_OP_PATCH,`
			`KPATCH_OP_UNPATCH,`
			`};`

major rewrite to per-section function/data model Signed-off-by: Seth Jennings <sjenning@redhat.com> 2014-02-11 16:25:48 +00:00			`struct kpatch_func {`
kmod/core: NMI synchronization improvements This is an attempt to both simplify and improve the correctness of the NMI synchronization code. There's a race in kpatch_ftrace_handler() between the kpatch_get_func() and kpatch_finish_status() calls which could result in func being NULL. The retry was supposed to fix this. However, this race would still be a problem in the repatching case (if the function had already been previously patched), in which case func would not be NULL, but could instead point to the previously patched version of the function. In this case it wouldn't retry and it would be possible for the previous version of the function to run. The fix is to use a memory barrier between accesses of the func hash and the status variable, and then just call kpatch_get_func() after accessing the status variable. For OP_PATCH, if status is SUCCESS, then func is guaranteed to point to the new function. If status is FAILURE, func might point to the new function, in which case we can use get_prev_func to get the previous version of the function. I also made some pretty big changes to try to simplify the design so that there are less moving parts and so that it's hopefully easier to understand. I moved the OP field into the kpatch_func struct. This allows us to merge the two global state variables (status + op) into a single global state variable (state), which helps make the code quite a bit simpler. I turned it into a proper state machine and documented the meaning of each state in the comments. Moving the OP field to the kpatch_func struct also paves the way for an upcoming pull request which will allow patch modules to be atomically replaced ("kpatch load --replace <module>"). 2014-04-28 16:41:20 +00:00			`/* public */`
kmod/core: rename some variables For the sake of consistency and readability, rename some variables. Also change func->old_addr_end to func->old_size. 2014-03-14 18:22:59 +00:00			`unsigned long new_addr;`
fix activeness safety check when unpatching When unpatching, the activeness safety logic should check for the new function on the stack, not the old one. Fixes #64. 2014-04-21 16:49:58 +00:00			`unsigned long new_size;`
kmod/core: rename some variables For the sake of consistency and readability, rename some variables. Also change func->old_addr_end to func->old_size. 2014-03-14 18:22:59 +00:00			`unsigned long old_addr;`
			`unsigned long old_size;`
kmod/core: NMI synchronization improvements This is an attempt to both simplify and improve the correctness of the NMI synchronization code. There's a race in kpatch_ftrace_handler() between the kpatch_get_func() and kpatch_finish_status() calls which could result in func being NULL. The retry was supposed to fix this. However, this race would still be a problem in the repatching case (if the function had already been previously patched), in which case func would not be NULL, but could instead point to the previously patched version of the function. In this case it wouldn't retry and it would be possible for the previous version of the function to run. The fix is to use a memory barrier between accesses of the func hash and the status variable, and then just call kpatch_get_func() after accessing the status variable. For OP_PATCH, if status is SUCCESS, then func is guaranteed to point to the new function. If status is FAILURE, func might point to the new function, in which case we can use get_prev_func to get the previous version of the function. I also made some pretty big changes to try to simplify the design so that there are less moving parts and so that it's hopefully easier to understand. I moved the OP field into the kpatch_func struct. This allows us to merge the two global state variables (status + op) into a single global state variable (state), which helps make the code quite a bit simpler. I turned it into a proper state machine and documented the meaning of each state in the comments. Moving the OP field to the kpatch_func struct also paves the way for an upcoming pull request which will allow patch modules to be atomically replaced ("kpatch load --replace <module>"). 2014-04-28 16:41:20 +00:00
			`/* private */`
kmod/core: update API and use hash table My apologies for the size of this commit. I combined these two features (updating API and using a hash table) into a single commit because their implementations are tightly coupled and I didn't want to have to add support for the old kpatch_funcs array with the new API just for the sake of splitting up the commit :-) - Update the core module API to get a more clear separation between core module and patch module. This is cleaner and will help our case for getting the core module merged upstream into the kernel. - Convert the old kpatch_funcs array into a hash table. This is so much nicer performance-wise and everything-else-wise than that ugly old array. - Do the incremental patching in stop machine. This ensures that the funcs hash is up to date and we don't miss anything. - Disable preemption in the ftrace handler when accessing the func hash. That way we don't get conflicts with the stop_machine handler updating the hash. 2014-03-14 21:41:00 +00:00			`struct hlist_node node;`
kpatch replace Allow the user to atomically replace all existing modules with a new "kpatch replace" command. This provides a safe way to do atomic upgrades for cumulative patch module updates. 2014-04-28 21:18:29 +00:00			`struct kpatch_module *kpmod;`
kmod/core: make func->op an enum 2014-04-30 18:26:29 +00:00			`enum kpatch_op op;`
major rewrite to per-section function/data model Signed-off-by: Seth Jennings <sjenning@redhat.com> 2014-02-11 16:25:48 +00:00			`};`

kmod: add new kpatch_module struct Put funcs, num_funcs, and mod in their own struct called kpatch_module. This allows us to keep patch module specific variables in one place (and we'll have more of these variables soon). 2014-04-21 16:29:01 +00:00			`struct kpatch_module {`
			`struct module *mod;`
			`struct kpatch_func *funcs;`
			`int num_funcs;`
safe kpatch unload Currently the patch module calls kpatch_unregister in the patch module exit path. If the activeness safety check fails in kpatch_unregister, it's too late for the patch module to stop exiting, so all it can do is panic. Prevent this scenario by requiring the user to disable the patch module via sysfs before allowing the module to be unloaded. The sysfs write will fail if the activeness safety check fails. An rmmod will fail if the patch is still enabled. Also add support for this new unloading model in "kpatch unload". 2014-04-26 04:05:26 +00:00
			`bool enabled;`
kmod: add new kpatch_module struct Put funcs, num_funcs, and mod in their own struct called kpatch_module. This allows us to keep patch module specific variables in one place (and we'll have more of these variables soon). 2014-04-21 16:29:01 +00:00			`};`

safe kpatch unload Currently the patch module calls kpatch_unregister in the patch module exit path. If the activeness safety check fails in kpatch_unregister, it's too late for the patch module to stop exiting, so all it can do is panic. Prevent this scenario by requiring the user to disable the patch module via sysfs before allowing the module to be unloaded. The sysfs write will fail if the activeness safety check fails. An rmmod will fail if the patch is still enabled. Also add support for this new unloading model in "kpatch unload". 2014-04-26 04:05:26 +00:00			`extern struct kobject *kpatch_patches_kobj;`

kpatch replace Allow the user to atomically replace all existing modules with a new "kpatch replace" command. This provides a safe way to do atomic upgrades for cumulative patch module updates. 2014-04-28 21:18:29 +00:00			`extern int kpatch_register(struct kpatch_module *kpmod, bool replace);`
kmod: add new kpatch_module struct Put funcs, num_funcs, and mod in their own struct called kpatch_module. This allows us to keep patch module specific variables in one place (and we'll have more of these variables soon). 2014-04-21 16:29:01 +00:00			`extern int kpatch_unregister(struct kpatch_module *kpmod);`
major rewrite to per-section function/data model Signed-off-by: Seth Jennings <sjenning@redhat.com> 2014-02-11 16:25:48 +00:00
			`#endif /* _KPATCH_H_ */`