diff options
author | Petr Mladek <pmladek@suse.com> | 2019-01-09 13:43:28 +0100 |
---|---|---|
committer | Jiri Kosina <jkosina@suse.cz> | 2019-01-11 20:51:24 +0100 |
commit | d67a53720966f2ef5be5c8f238d13512b8260868 (patch) | |
tree | f42526876b6b2d822611345dc219d514d60ef448 /kernel/livepatch | |
parent | c4e6874f2a2965e932f4a5cf2631bc6024e55021 (diff) | |
download | linux-d67a53720966f2ef5be5c8f238d13512b8260868.tar.gz linux-d67a53720966f2ef5be5c8f238d13512b8260868.tar.bz2 linux-d67a53720966f2ef5be5c8f238d13512b8260868.zip |
livepatch: Remove ordering (stacking) of the livepatches
The atomic replace and cumulative patches were introduced as a more secure
way to handle dependent patches. They simplify the logic:
+ Any new cumulative patch is supposed to take over shadow variables
and changes made by callbacks from previous livepatches.
+ All replaced patches are discarded and the modules can be unloaded.
As a result, there is only one scenario when a cumulative livepatch
gets disabled.
The different handling of "normal" and cumulative patches might cause
confusion. It would make sense to keep only one mode. On the other hand,
it would be rude to enforce using the cumulative livepatches even for
trivial and independent (hot) fixes.
However, the stack of patches is not really necessary any longer.
The patch ordering was never clearly visible via the sysfs interface.
Also the "normal" patches need a lot of caution anyway.
Note that the list of enabled patches is still necessary but the ordering
is not longer enforced.
Otherwise, the code is ready to disable livepatches in an random order.
Namely, klp_check_stack_func() always looks for the function from
the livepatch that is being disabled. klp_func structures are just
removed from the related func_stack. Finally, the ftrace handlers
is removed only when the func_stack becomes empty.
Signed-off-by: Petr Mladek <pmladek@suse.com>
Acked-by: Miroslav Benes <mbenes@suse.cz>
Acked-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Diffstat (limited to 'kernel/livepatch')
-rw-r--r-- | kernel/livepatch/core.c | 4 |
1 files changed, 0 insertions, 4 deletions
diff --git a/kernel/livepatch/core.c b/kernel/livepatch/core.c index 113645ee86b6..adca5cf07f7e 100644 --- a/kernel/livepatch/core.c +++ b/kernel/livepatch/core.c @@ -925,10 +925,6 @@ static int __klp_disable_patch(struct klp_patch *patch) if (klp_transition_patch) return -EBUSY; - /* enforce stacking: only the last enabled patch can be disabled */ - if (!list_is_last(&patch->list, &klp_patches)) - return -EBUSY; - klp_init_transition(patch, KLP_UNPATCHED); klp_for_each_object(patch, obj) |