Commit | Line | Data |
---|---|---|
1ccea77e | 1 | // SPDX-License-Identifier: GPL-2.0-or-later |
439e7271 JL |
2 | /* |
3 | * Copyright (C) 2017 Joe Lawrence <joe.lawrence@redhat.com> | |
439e7271 JL |
4 | */ |
5 | ||
6 | /* | |
7 | * livepatch-shadow-fix1.c - Shadow variables, livepatch demo | |
8 | * | |
9 | * Purpose | |
10 | * ------- | |
11 | * | |
12 | * Fixes the memory leak introduced in livepatch-shadow-mod through the | |
13 | * use of a shadow variable. This fix demonstrates the "extending" of | |
14 | * short-lived data structures by patching its allocation and release | |
15 | * functions. | |
16 | * | |
17 | * | |
18 | * Usage | |
19 | * ----- | |
20 | * | |
21 | * This module is not intended to be standalone. See the "Usage" | |
22 | * section of livepatch-shadow-mod.c. | |
23 | */ | |
24 | ||
25 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt | |
26 | ||
27 | #include <linux/module.h> | |
28 | #include <linux/kernel.h> | |
29 | #include <linux/livepatch.h> | |
30 | #include <linux/slab.h> | |
31 | ||
32 | /* Shadow variable enums */ | |
33 | #define SV_LEAK 1 | |
34 | ||
35 | /* Allocate new dummies every second */ | |
36 | #define ALLOC_PERIOD 1 | |
37 | /* Check for expired dummies after a few new ones have been allocated */ | |
38 | #define CLEANUP_PERIOD (3 * ALLOC_PERIOD) | |
39 | /* Dummies expire after a few cleanup instances */ | |
40 | #define EXPIRE_PERIOD (4 * CLEANUP_PERIOD) | |
41 | ||
42 | struct dummy { | |
43 | struct list_head list; | |
44 | unsigned long jiffies_expire; | |
45 | }; | |
46 | ||
e91c2518 PM |
47 | /* |
48 | * The constructor makes more sense together with klp_shadow_get_or_alloc(). | |
49 | * In this example, it would be safe to assign the pointer also to the shadow | |
50 | * variable returned by klp_shadow_alloc(). But we wanted to show the more | |
51 | * complicated use of the API. | |
52 | */ | |
53 | static int shadow_leak_ctor(void *obj, void *shadow_data, void *ctor_data) | |
54 | { | |
8f6b8866 | 55 | int **shadow_leak = shadow_data; |
be6da984 | 56 | int **leak = ctor_data; |
e91c2518 | 57 | |
be6da984 PM |
58 | if (!ctor_data) |
59 | return -EINVAL; | |
60 | ||
61 | *shadow_leak = *leak; | |
e91c2518 PM |
62 | return 0; |
63 | } | |
64 | ||
b73d5dc7 | 65 | static struct dummy *livepatch_fix1_dummy_alloc(void) |
439e7271 JL |
66 | { |
67 | struct dummy *d; | |
8f6b8866 | 68 | int *leak; |
439e7271 JL |
69 | |
70 | d = kzalloc(sizeof(*d), GFP_KERNEL); | |
71 | if (!d) | |
72 | return NULL; | |
73 | ||
74 | d->jiffies_expire = jiffies + | |
75 | msecs_to_jiffies(1000 * EXPIRE_PERIOD); | |
76 | ||
77 | /* | |
78 | * Patch: save the extra memory location into a SV_LEAK shadow | |
79 | * variable. A patched dummy_free routine can later fetch this | |
80 | * pointer to handle resource release. | |
81 | */ | |
8f6b8866 | 82 | leak = kzalloc(sizeof(*leak), GFP_KERNEL); |
5f30b2e8 NMG |
83 | if (!leak) { |
84 | kfree(d); | |
85 | return NULL; | |
86 | } | |
87 | ||
e91c2518 | 88 | klp_shadow_alloc(d, SV_LEAK, sizeof(leak), GFP_KERNEL, |
be6da984 | 89 | shadow_leak_ctor, &leak); |
439e7271 JL |
90 | |
91 | pr_info("%s: dummy @ %p, expires @ %lx\n", | |
92 | __func__, d, d->jiffies_expire); | |
93 | ||
94 | return d; | |
95 | } | |
96 | ||
3b2c77d0 PM |
97 | static void livepatch_fix1_dummy_leak_dtor(void *obj, void *shadow_data) |
98 | { | |
99 | void *d = obj; | |
8f6b8866 | 100 | int **shadow_leak = shadow_data; |
3b2c77d0 PM |
101 | |
102 | kfree(*shadow_leak); | |
103 | pr_info("%s: dummy @ %p, prevented leak @ %p\n", | |
104 | __func__, d, *shadow_leak); | |
105 | } | |
106 | ||
b73d5dc7 | 107 | static void livepatch_fix1_dummy_free(struct dummy *d) |
439e7271 | 108 | { |
8f6b8866 | 109 | int **shadow_leak; |
439e7271 JL |
110 | |
111 | /* | |
112 | * Patch: fetch the saved SV_LEAK shadow variable, detach and | |
113 | * free it. Note: handle cases where this shadow variable does | |
114 | * not exist (ie, dummy structures allocated before this livepatch | |
115 | * was loaded.) | |
116 | */ | |
117 | shadow_leak = klp_shadow_get(d, SV_LEAK); | |
3b2c77d0 PM |
118 | if (shadow_leak) |
119 | klp_shadow_free(d, SV_LEAK, livepatch_fix1_dummy_leak_dtor); | |
120 | else | |
439e7271 | 121 | pr_info("%s: dummy @ %p leaked!\n", __func__, d); |
439e7271 JL |
122 | |
123 | kfree(d); | |
124 | } | |
125 | ||
126 | static struct klp_func funcs[] = { | |
127 | { | |
128 | .old_name = "dummy_alloc", | |
129 | .new_func = livepatch_fix1_dummy_alloc, | |
130 | }, | |
131 | { | |
132 | .old_name = "dummy_free", | |
133 | .new_func = livepatch_fix1_dummy_free, | |
134 | }, { } | |
135 | }; | |
136 | ||
137 | static struct klp_object objs[] = { | |
138 | { | |
139 | .name = "livepatch_shadow_mod", | |
140 | .funcs = funcs, | |
141 | }, { } | |
142 | }; | |
143 | ||
144 | static struct klp_patch patch = { | |
145 | .mod = THIS_MODULE, | |
146 | .objs = objs, | |
147 | }; | |
148 | ||
149 | static int livepatch_shadow_fix1_init(void) | |
150 | { | |
958ef1e3 | 151 | return klp_enable_patch(&patch); |
439e7271 JL |
152 | } |
153 | ||
154 | static void livepatch_shadow_fix1_exit(void) | |
155 | { | |
156 | /* Cleanup any existing SV_LEAK shadow variables */ | |
3b2c77d0 | 157 | klp_shadow_free_all(SV_LEAK, livepatch_fix1_dummy_leak_dtor); |
439e7271 JL |
158 | } |
159 | ||
160 | module_init(livepatch_shadow_fix1_init); | |
161 | module_exit(livepatch_shadow_fix1_exit); | |
162 | MODULE_LICENSE("GPL"); | |
163 | MODULE_INFO(livepatch, "Y"); |