1. 26 Oct, 2017 1 commit
    • Petr Mladek's avatar
      livepatch: Correctly call klp_post_unpatch_callback() in error paths · 5aaf1ab5
      Petr Mladek authored
      The post_unpatch_enabled flag in struct klp_callbacks is set when a
      pre-patch callback successfully executes, indicating that we need to
      call a corresponding post-unpatch callback when the patch is reverted.
      This is true for ordinary patch disable as well as the error paths of
      klp_patch_object() callers.
      
      As currently coded, we inadvertently execute the post-patch callback
      twice in klp_module_coming() when klp_patch_object() fails:
      
        - We explicitly call klp_post_unpatch_callback() for the failed object
        - We call it again for the same object (and all the others) via
          klp_cleanup_module_patches_limited()
      
      We should clear the flag in klp_post_unpatch_callback() to make
      sure that the callback is not called twice. It makes the API
      more safe.
      
      (We could have removed the callback from the former error path as it
      would be covered by the latter call, but I think that is is cleaner to
      clear the post_unpatch_enabled after its invoked. For example, someone
      might later decide to call the callback only when obj->patched flag is
      set.)
      
      There is another mistake in the error path of klp_coming_module() in
      which it skips the post-unpatch callback for the klp_transition_patch.
      However, the pre-patch callback was called even for this patch, so be
      sure to make the corresponding callbacks for all patches.
      
      Finally, I used this opportunity to make klp_pre_patch_callback() more
      readable.
      
      [jkosina@suse.cz: incorporate changelog wording changes proposed by Joe Lawrence]
      Signed-off-by: default avatarPetr Mladek <pmladek@suse.com>
      Acked-by: default avatarJoe Lawrence <joe.lawrence@redhat.com>
      Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
      5aaf1ab5
  2. 19 Oct, 2017 3 commits
  3. 02 Oct, 2017 1 commit
  4. 15 Sep, 2017 1 commit
  5. 14 Sep, 2017 1 commit
    • Joe Lawrence's avatar
      livepatch: introduce shadow variable API · 439e7271
      Joe Lawrence authored
      Add exported API for livepatch modules:
      
        klp_shadow_get()
        klp_shadow_alloc()
        klp_shadow_get_or_alloc()
        klp_shadow_free()
        klp_shadow_free_all()
      
      that implement "shadow" variables, which allow callers to associate new
      shadow fields to existing data structures.  This is intended to be used
      by livepatch modules seeking to emulate additions to data structure
      definitions.
      
      See Documentation/livepatch/shadow-vars.txt for a summary of the new
      shadow variable API, including a few common use cases.
      
      See samples/livepatch/livepatch-shadow-* for example modules that
      demonstrate shadow variables.
      
      [jkosina@suse.cz: fix __klp_shadow_get_or_alloc() comment as spotted by
       Josh]
      Signed-off-by: default avatarJoe Lawrence <joe.lawrence@redhat.com>
      Acked-by: default avatarJosh Poimboeuf <jpoimboe@redhat.com>
      Acked-by: default avatarMiroslav Benes <mbenes@suse.cz>
      Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
      439e7271
  6. 21 Jun, 2017 4 commits
  7. 20 Jun, 2017 3 commits
    • Petr Mladek's avatar
      livepatch: Fix stacking of patches with respect to RCU · 842c0884
      Petr Mladek authored
      rcu_read_(un)lock(), list_*_rcu(), and synchronize_rcu() are used for a secure
      access and manipulation of the list of patches that modify the same function.
      In particular, it is the variable func_stack that is accessible from the ftrace
      handler via struct ftrace_ops and klp_ops.
      
      Of course, it synchronizes also some states of the patch on the top of the
      stack, e.g. func->transition in klp_ftrace_handler.
      
      At the same time, this mechanism guards also the manipulation of
      task->patch_state. It is modified according to the state of the transition and
      the state of the process.
      
      Now, all this works well as long as RCU works well. Sadly livepatching might
      get into some corner cases when this is not true. For example, RCU is not
      watching when rcu_read_lock() is taken in idle threads.  It is because they
      might sleep and prevent reaching the grace period for too long.
      
      There are ways how to make RCU watching even in idle threads, see
      rcu_irq_enter(). But there is a small location inside RCU infrastructure when
      even this does not work.
      
      This small problematic location can be detected either before calling
      rcu_irq_enter() by rcu_irq_enter_disabled() or later by rcu_is_watching().
      Sadly, there is no safe way how to handle it.  Once we detect that RCU was not
      watching, we might see inconsistent state of the function stack and the related
      variables in klp_ftrace_handler(). Then we could do a wrong decision, use an
      incompatible implementation of the function and break the consistency of the
      system. We could warn but we could not avoid the damage.
      
      Fortunately, ftrace has similar problems and they seem to be solved well there.
      It uses a heavy weight implementation of some RCU operations. In particular, it
      replaces:
      
        + rcu_read_lock() with preempt_disable_notrace()
        + rcu_read_unlock() with preempt_enable_notrace()
        + synchronize_rcu() with schedule_on_each_cpu(sync_work)
      
      My understanding is that this is RCU implementation from a stone age. It meets
      the core RCU requirements but it is rather ineffective. Especially, it does not
      allow to batch or speed up the synchronize calls.
      
      On the other hand, it is very trivial. It allows to safely trace and/or
      livepatch even the RCU core infrastructure.  And the effectiveness is a not a
      big issue because using ftrace or livepatches on productive systems is a rare
      operation.  The safety is much more important than a negligible extra load.
      
      Note that the alternative implementation follows the RCU principles. Therefore,
           we could and actually must use list_*_rcu() variants when manipulating the
           func_stack.  These functions allow to access the pointers in the right
           order and with the right barriers. But they do not use any other
           information that would be set only by rcu_read_lock().
      
      Also note that there are actually two problems solved in ftrace:
      
      First, it cares about the consistency of RCU read sections.  It is being solved
      the way as described and used in this patch.
      
      Second, ftrace needs to make sure that nobody is inside the dynamic trampoline
      when it is being freed. For this, it also calls synchronize_rcu_tasks() in
      preemptive kernel in ftrace_shutdown().
      
      Livepatch has similar problem but it is solved by ftrace for free.
      klp_ftrace_handler() is a good guy and never sleeps. In addition, it is
      registered with FTRACE_OPS_FL_DYNAMIC. It causes that
      unregister_ftrace_function() calls:
      
      	* schedule_on_each_cpu(ftrace_sync) - always
      	* synchronize_rcu_tasks() - in preemptive kernel
      
      The effect is that nobody is neither inside the dynamic trampoline nor inside
      the ftrace handler after unregister_ftrace_function() returns.
      
      [jkosina@suse.cz: reformat changelog, fix comment]
      Signed-off-by: default avatarPetr Mladek <pmladek@suse.com>
      Acked-by: default avatarJosh Poimboeuf <jpoimboe@redhat.com>
      Acked-by: default avatarMiroslav Benes <mbenes@suse.cz>
      Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
      842c0884
    • Linus Torvalds's avatar
      Merge tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux · 9705596d
      Linus Torvalds authored
      Pull clk fixes from Stephen Boyd:
       "One build fix for an Amlogic clk driver and a handful of Allwinner clk
        driver fixes for some DT bindings and a randconfig build error that
        all came in this merge window"
      
      * tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux:
        clk: sunxi-ng: a64: Export PLL_PERIPH0 clock for the PRCM
        clk: sunxi-ng: h3: Export PLL_PERIPH0 clock for the PRCM
        dt-bindings: clock: sunxi-ccu: Add pll-periph to PRCM's needed clocks
        clk: sunxi-ng: sun5i: Fix ahb_bist_clk definition
        clk: sunxi-ng: enable SUNXI_CCU_MP for PRCM
        clk: meson: gxbb: fix build error without RESET_CONTROLLER
        clk: sunxi-ng: v3s: Fix usb otg device reset bit
        clk: sunxi-ng: a31: Correct lcd1-ch1 clock register offset
      9705596d
    • Linus Torvalds's avatar
      Merge tag 'ntb-4.12-bugfixes' of git://github.com/jonmason/ntb · 865be780
      Linus Torvalds authored
      Pull NTB fixes from Jon Mason:
       "NTB bug fixes to address the modinfo in ntb_perf, a couple of bugs in
        the NTB transport QP calculations, skx doorbells, and sleeping in
        ntb_async_tx_submit"
      
      * tag 'ntb-4.12-bugfixes' of git://github.com/jonmason/ntb:
        ntb: no sleep in ntb_async_tx_submit
        ntb: ntb_hw_intel: Skylake doorbells should be 32bits, not 64bits
        ntb_transport: fix bug calculating num_qps_mw
        ntb_transport: fix qp count bug
        NTB: ntb_test: fix bug printing ntb_perf results
        ntb: Correct modinfo usage statement for ntb_perf
      865be780
  8. 19 Jun, 2017 14 commits
  9. 18 Jun, 2017 7 commits
  10. 17 Jun, 2017 5 commits