Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
torvalds
GitHub Repository: torvalds/linux
 Path: blob/master/samples/livepatch/livepatch-shadow-fix1.c
26278 views
1
// SPDX-License-Identifier: GPL-2.0-or-later

2
/*

3
 * Copyright (C) 2017 Joe Lawrence <[email protected]>

4
 */

5


6
/*

7
 * livepatch-shadow-fix1.c - Shadow variables, livepatch demo

8
 *

9
 * Purpose

10
 * -------

11
 *

12
 * Fixes the memory leak introduced in livepatch-shadow-mod through the

13
 * use of a shadow variable.  This fix demonstrates the "extending" of

14
 * short-lived data structures by patching its allocation and release

15
 * functions.

16
 *

17
 *

18
 * Usage

19
 * -----

20
 *

21
 * This module is not intended to be standalone.  See the "Usage"

22
 * section of livepatch-shadow-mod.c.

23
 */

24


25
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt

26


27
#include <linux/module.h>

28
#include <linux/kernel.h>

29
#include <linux/livepatch.h>

30
#include <linux/slab.h>

31


32
/* Shadow variable enums */

33
#define SV_LEAK		1

34


35
/* Allocate new dummies every second */

36
#define ALLOC_PERIOD	1

37
/* Check for expired dummies after a few new ones have been allocated */

38
#define CLEANUP_PERIOD	(3 * ALLOC_PERIOD)

39
/* Dummies expire after a few cleanup instances */

40
#define EXPIRE_PERIOD	(4 * CLEANUP_PERIOD)

41


42
struct dummy {

43
	struct list_head list;

44
	unsigned long jiffies_expire;

45
};

46


47
/*

48
 * The constructor makes more sense together with klp_shadow_get_or_alloc().

49
 * In this example, it would be safe to assign the pointer also to the shadow

50
 * variable returned by klp_shadow_alloc().  But we wanted to show the more

51
 * complicated use of the API.

52
 */

53
static int shadow_leak_ctor(void *obj, void *shadow_data, void *ctor_data)

54
{

55
	int **shadow_leak = shadow_data;

56
	int **leak = ctor_data;

57


58
	if (!ctor_data)

59
		return -EINVAL;

60


61
	*shadow_leak = *leak;

62
	return 0;

63
}

64


65
static struct dummy *livepatch_fix1_dummy_alloc(void)

66
{

67
	struct dummy *d;

68
	int *leak;

69
	int **shadow_leak;

70


71
	d = kzalloc(sizeof(*d), GFP_KERNEL);

72
	if (!d)

73
		return NULL;

74


75
	d->jiffies_expire = jiffies + secs_to_jiffies(EXPIRE_PERIOD);

76


77
	/*

78
	 * Patch: save the extra memory location into a SV_LEAK shadow

79
	 * variable.  A patched dummy_free routine can later fetch this

80
	 * pointer to handle resource release.

81
	 */

82
	leak = kzalloc(sizeof(*leak), GFP_KERNEL);

83
	if (!leak)

84
		goto err_leak;

85


86
	shadow_leak = klp_shadow_alloc(d, SV_LEAK, sizeof(leak), GFP_KERNEL,

87
				       shadow_leak_ctor, &leak);

88
	if (!shadow_leak) {

89
		pr_err("%s: failed to allocate shadow variable for the leaking pointer: dummy @ %p, leak @ %p\n",

90
		       __func__, d, leak);

91
		goto err_shadow;

92
	}

93


94
	pr_info("%s: dummy @ %p, expires @ %lx\n",

95
		__func__, d, d->jiffies_expire);

96


97
	return d;

98


99
err_shadow:

100
	kfree(leak);

101
err_leak:

102
	kfree(d);

103
	return NULL;

104
}

105


106
static void livepatch_fix1_dummy_leak_dtor(void *obj, void *shadow_data)

107
{

108
	void *d = obj;

109
	int **shadow_leak = shadow_data;

110


111
	pr_info("%s: dummy @ %p, prevented leak @ %p\n",

112
			 __func__, d, *shadow_leak);

113
	kfree(*shadow_leak);

114
}

115


116
static void livepatch_fix1_dummy_free(struct dummy *d)

117
{

118
	int **shadow_leak;

119


120
	/*

121
	 * Patch: fetch the saved SV_LEAK shadow variable, detach and

122
	 * free it.  Note: handle cases where this shadow variable does

123
	 * not exist (ie, dummy structures allocated before this livepatch

124
	 * was loaded.)

125
	 */

126
	shadow_leak = klp_shadow_get(d, SV_LEAK);

127
	if (shadow_leak)

128
		klp_shadow_free(d, SV_LEAK, livepatch_fix1_dummy_leak_dtor);

129
	else

130
		pr_info("%s: dummy @ %p leaked!\n", __func__, d);

131


132
	kfree(d);

133
}

134


135
static struct klp_func funcs[] = {

136
	{

137
		.old_name = "dummy_alloc",

138
		.new_func = livepatch_fix1_dummy_alloc,

139
	},

140
	{

141
		.old_name = "dummy_free",

142
		.new_func = livepatch_fix1_dummy_free,

143
	}, { }

144
};

145


146
static struct klp_object objs[] = {

147
	{

148
		.name = "livepatch_shadow_mod",

149
		.funcs = funcs,

150
	}, { }

151
};

152


153
static struct klp_patch patch = {

154
	.mod = THIS_MODULE,

155
	.objs = objs,

156
};

157


158
static int livepatch_shadow_fix1_init(void)

159
{

160
	return klp_enable_patch(&patch);

161
}

162


163
static void livepatch_shadow_fix1_exit(void)

164
{

165
	/* Cleanup any existing SV_LEAK shadow variables */

166
	klp_shadow_free_all(SV_LEAK, livepatch_fix1_dummy_leak_dtor);

167
}

168


169
module_init(livepatch_shadow_fix1_init);

170
module_exit(livepatch_shadow_fix1_exit);

171
MODULE_DESCRIPTION("Live patching demo for shadow variables");

172
MODULE_LICENSE("GPL");

173
MODULE_INFO(livepatch, "Y");

174


175