Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp2246965imu; Thu, 29 Nov 2018 01:46:23 -0800 (PST) X-Google-Smtp-Source: AFSGD/WBimZBjySBYuvs4Vt2HYnyGpKGx4Xw2REiJra/mhIR5g3KXZW0ZxFq9Gxgs/oZuRYmQK3h X-Received: by 2002:a17:902:6b49:: with SMTP id g9mr770855plt.98.1543484783011; Thu, 29 Nov 2018 01:46:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543484782; cv=none; d=google.com; s=arc-20160816; b=wtVlTK6WzFEp9HB/bADaxvgYvpppp7uYNrh01/aPayWxK3jCoWZSDfSUri52laZc9I J/MFe3T8xCX1E7kGs0A1B18OH0w7RIjX4VZvf7Q6Ussygf9FWySiGsC6ehoVJSfvnM3O 9OPjT9unaF3igbh0xew3dLqpEHGEgP3o6ZCoLxE2EM1Jfq57GqztsqpuWvpB3/qqp2SM aIXGSgIzQbk/0Pjj4TOs+vFE/JYaubURdW1zn6xsjHINV1BoX7i1oz+Hwb1mx8S8JPh4 CZuzTU+KMKmAgne74wRiq7W6DLXOZzAjTDQUy8xl/joagb9CeOOLST4nFR4dv1Wse5UZ 3xeQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=7aEiBtB+SV+g5N+upVTrYD7EYMMoCOfG1oMrYeHD6SU=; b=s9rktCwfP2K2w9L+kL33EezrJM/AbNHQhybXE2DskmYuR7Nl43WdtnAfjmSx+QAmZ+ divsg0FM3fjANESMyvnwNQAbEUeLMtm+aI1rBFEjKJOHcHqIuMgk5PZINM76yShGcTaM 03fA4ibWM7rjbKkRW+8LF8rQQONOoto78RhvR+lJ0d4QrqAT/VW9Nupyrt2bGS6esgXJ WI473V+1a6luPtm4ZzL3T/eyu5xBFeECnU4voYtdMSlBeQF1SHXQi+tqJG9S9ZrJKCBT HR+U3fR+TJ2YqIekW84yXX7WdhkqcX87xWZS8o/FCqyfchcJd7R/ECDAK5WeqnpmOASp yzVQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g124si1463264pgc.568.2018.11.29.01.46.07; Thu, 29 Nov 2018 01:46:22 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728144AbeK2Ut6 (ORCPT + 99 others); Thu, 29 Nov 2018 15:49:58 -0500 Received: from mx2.suse.de ([195.135.220.15]:48092 "EHLO mx1.suse.de" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1728063AbeK2Ut5 (ORCPT ); Thu, 29 Nov 2018 15:49:57 -0500 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id B0372AE8A; Thu, 29 Nov 2018 09:45:10 +0000 (UTC) From: Petr Mladek To: Jiri Kosina , Josh Poimboeuf , Miroslav Benes Cc: Jason Baron , Joe Lawrence , Evgenii Shatokhin , live-patching@vger.kernel.org, linux-kernel@vger.kernel.org, Petr Mladek Subject: [PATCH v14 08/11] livepatch: Remove Nop structures when unused Date: Thu, 29 Nov 2018 10:44:28 +0100 Message-Id: <20181129094431.7801-9-pmladek@suse.com> X-Mailer: git-send-email 2.13.7 In-Reply-To: <20181129094431.7801-1-pmladek@suse.com> References: <20181129094431.7801-1-pmladek@suse.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Replaced patches are removed from the stack when the transition is finished. It means that Nop structures will never be needed again and can be removed. Why should we care? + Nop structures make false feeling that the function is patched even though the ftrace handler has no effect. + Ftrace handlers are not completely for free. They cause slowdown that might be visible in some workloads. The ftrace-related slowdown might actually be the reason why the function is not longer patched in the new cumulative patch. One would expect that cumulative patch would allow to solve these problems as well. + Cumulative patches are supposed to replace any earlier version of the patch. The amount of NOPs depends on which version was replaced. This multiplies the amount of scenarios that might happen. One might say that NOPs are innocent. But there are even optimized NOP instructions for different processor, for example, see arch/x86/kernel/alternative.c. And klp_ftrace_handler() is much more complicated. + It sounds natural to clean up a mess that is not longer needed. It could only be worse if we do not do it. This patch allows to unpatch and free the dynamic structures independently when the transition finishes. The free part is a bit tricky because kobject free callbacks are called asynchronously. We could not wait for them easily. Fortunately, we do not have to. Any further access can be avoided by removing them from the dynamic lists. Signed-off-by: Petr Mladek --- include/linux/livepatch.h | 6 ++++ kernel/livepatch/core.c | 64 ++++++++++++++++++++++++++++++++++++++----- kernel/livepatch/core.h | 1 + kernel/livepatch/patch.c | 31 +++++++++++++++++---- kernel/livepatch/patch.h | 1 + kernel/livepatch/transition.c | 4 ++- 6 files changed, 94 insertions(+), 13 deletions(-) diff --git a/include/linux/livepatch.h b/include/linux/livepatch.h index a44bc730cc47..ad29f17e1f55 100644 --- a/include/linux/livepatch.h +++ b/include/linux/livepatch.h @@ -180,6 +180,9 @@ struct klp_patch { #define klp_for_each_object_static(patch, obj) \ for (obj = patch->objs; obj->funcs || obj->name; obj++) +#define klp_for_each_object_safe(patch, obj, tmp_obj) \ + list_for_each_entry_safe(obj, tmp_obj, &patch->obj_list, node) + #define klp_for_each_object(patch, obj) \ list_for_each_entry(obj, &patch->obj_list, node) @@ -188,6 +191,9 @@ struct klp_patch { func->old_name || func->new_func || func->old_sympos; \ func++) +#define klp_for_each_func_safe(obj, func, tmp_func) \ + list_for_each_entry_safe(func, tmp_func, &obj->func_list, node) + #define klp_for_each_func(obj, func) \ list_for_each_entry(func, &obj->func_list, node) diff --git a/kernel/livepatch/core.c b/kernel/livepatch/core.c index 7092d288cfa6..0ce752e9e8bb 100644 --- a/kernel/livepatch/core.c +++ b/kernel/livepatch/core.c @@ -611,11 +611,20 @@ static struct kobj_type klp_ktype_func = { .sysfs_ops = &kobj_sysfs_ops, }; -static void klp_free_funcs(struct klp_object *obj) +static void __klp_free_funcs(struct klp_object *obj, bool free_all) { - struct klp_func *func; + struct klp_func *func, *tmp_func; + + klp_for_each_func_safe(obj, func, tmp_func) { + if (!free_all && !func->nop) + continue; + + /* + * Avoid double free. It would be tricky to wait for kobject + * callbacks when only NOPs are handled. + */ + list_del(&func->node); - klp_for_each_func(obj, func) { /* Might be called from klp_init_patch() error path. */ if (func->kobj_alive) { func->kobj_alive = false; @@ -641,12 +650,21 @@ static void klp_free_object_loaded(struct klp_object *obj) } } -static void klp_free_objects(struct klp_patch *patch) +static void __klp_free_objects(struct klp_patch *patch, bool free_all) { - struct klp_object *obj; + struct klp_object *obj, *tmp_obj; - klp_for_each_object(patch, obj) { - klp_free_funcs(obj); + klp_for_each_object_safe(patch, obj, tmp_obj) { + __klp_free_funcs(obj, free_all); + + if (!free_all && !obj->dynamic) + continue; + + /* + * Avoid double free. It would be tricky to wait for kobject + * callbacks when only dynamic objects are handled. + */ + list_del(&obj->node); /* Might be called from klp_init_patch() error path. */ if (obj->kobj_alive) { @@ -658,6 +676,16 @@ static void klp_free_objects(struct klp_patch *patch) } } +static void klp_free_objects(struct klp_patch *patch) +{ + __klp_free_objects(patch, true); +} + +static void klp_free_objects_dynamic(struct klp_patch *patch) +{ + __klp_free_objects(patch, false); +} + /* * This function implements the free operations that can be called safely * under klp_mutex. @@ -1089,6 +1117,28 @@ void klp_discard_replaced_patches(struct klp_patch *new_patch) } /* + * This function removes the dynamically allocated 'nop' functions. + * + * We could be pretty aggressive. NOPs do not change the existing + * behavior except for adding unnecessary delay by the ftrace handler. + * + * It is safe even when the transition was forced. The ftrace handler + * will see a valid ops->func_stack entry thanks to RCU. + * + * We could even free the NOPs structures. They must be the last entry + * in ops->func_stack. Therefore unregister_ftrace_function() is called. + * It does the same as klp_synchronize_transition() to make sure that + * nobody is inside the ftrace handler once the operation finishes. + * + * IMPORTANT: It must be called right after removing the replaced patches! + */ +void klp_discard_nops(struct klp_patch *new_patch) +{ + klp_unpatch_objects_dynamic(klp_transition_patch); + klp_free_objects_dynamic(klp_transition_patch); +} + +/* * Remove parts of patches that touch a given kernel module. The list of * patches processed might be limited. When limit is NULL, all patches * will be handled. diff --git a/kernel/livepatch/core.h b/kernel/livepatch/core.h index f6a853adcc00..e6200f38701f 100644 --- a/kernel/livepatch/core.h +++ b/kernel/livepatch/core.h @@ -9,6 +9,7 @@ extern struct list_head klp_patches; void klp_free_patch_start(struct klp_patch *patch); void klp_discard_replaced_patches(struct klp_patch *new_patch); +void klp_discard_nops(struct klp_patch *new_patch); static inline bool klp_is_object_loaded(struct klp_object *obj) { diff --git a/kernel/livepatch/patch.c b/kernel/livepatch/patch.c index fe27709d13ea..37da868859a5 100644 --- a/kernel/livepatch/patch.c +++ b/kernel/livepatch/patch.c @@ -246,15 +246,26 @@ static int klp_patch_func(struct klp_func *func) return ret; } -void klp_unpatch_object(struct klp_object *obj) +static void __klp_unpatch_object(struct klp_object *obj, bool unpatch_all) { struct klp_func *func; - klp_for_each_func(obj, func) + klp_for_each_func(obj, func) { + if (!unpatch_all && !func->nop) + continue; + if (func->patched) klp_unpatch_func(func); + } - obj->patched = false; + if (unpatch_all || obj->dynamic) + obj->patched = false; +} + + +void klp_unpatch_object(struct klp_object *obj) +{ + __klp_unpatch_object(obj, true); } int klp_patch_object(struct klp_object *obj) @@ -277,11 +288,21 @@ int klp_patch_object(struct klp_object *obj) return 0; } -void klp_unpatch_objects(struct klp_patch *patch) +static void __klp_unpatch_objects(struct klp_patch *patch, bool unpatch_all) { struct klp_object *obj; klp_for_each_object(patch, obj) if (obj->patched) - klp_unpatch_object(obj); + __klp_unpatch_object(obj, unpatch_all); +} + +void klp_unpatch_objects(struct klp_patch *patch) +{ + __klp_unpatch_objects(patch, true); +} + +void klp_unpatch_objects_dynamic(struct klp_patch *patch) +{ + __klp_unpatch_objects(patch, false); } diff --git a/kernel/livepatch/patch.h b/kernel/livepatch/patch.h index 2bc8db4e9973..ce761c5d08a6 100644 --- a/kernel/livepatch/patch.h +++ b/kernel/livepatch/patch.h @@ -30,5 +30,6 @@ struct klp_ops *klp_find_ops(void *old_func); int klp_patch_object(struct klp_object *obj); void klp_unpatch_object(struct klp_object *obj); void klp_unpatch_objects(struct klp_patch *patch); +void klp_unpatch_objects_dynamic(struct klp_patch *patch); #endif /* _LIVEPATCH_PATCH_H */ diff --git a/kernel/livepatch/transition.c b/kernel/livepatch/transition.c index aee073c8293b..aed32e09f041 100644 --- a/kernel/livepatch/transition.c +++ b/kernel/livepatch/transition.c @@ -85,8 +85,10 @@ static void klp_complete_transition(void) klp_transition_patch->mod->name, klp_target_state == KLP_PATCHED ? "patching" : "unpatching"); - if (klp_transition_patch->replace && klp_target_state == KLP_PATCHED) + if (klp_transition_patch->replace && klp_target_state == KLP_PATCHED) { klp_discard_replaced_patches(klp_transition_patch); + klp_discard_nops(klp_transition_patch); + } if (klp_target_state == KLP_UNPATCHED) { /* -- 2.13.7