| // SPDX-License-Identifier: GPL-2.0-or-later |
| /* |
| * Copyright (C) 2017 Joe Lawrence <joe.lawrence@redhat.com> |
| */ |
| |
| /* |
| * livepatch-shadow-mod.c - Shadow variables, buggy module demo |
| * |
| * Purpose |
| * ------- |
| * |
| * As a demonstration of livepatch shadow variable API, this module |
| * introduces memory leak behavior that livepatch modules |
| * livepatch-shadow-fix1.ko and livepatch-shadow-fix2.ko correct and |
| * enhance. |
| * |
| * WARNING - even though the livepatch-shadow-fix modules patch the |
| * memory leak, please load these modules at your own risk -- some |
| * amount of memory may leaked before the bug is patched. |
| * |
| * |
| * Usage |
| * ----- |
| * |
| * Step 1 - Load the buggy demonstration module: |
| * |
| * insmod samples/livepatch/livepatch-shadow-mod.ko |
| * |
| * Watch dmesg output for a few moments to see new dummy being allocated |
| * and a periodic cleanup check. (Note: a small amount of memory is |
| * being leaked.) |
| * |
| * |
| * Step 2 - Load livepatch fix1: |
| * |
| * insmod samples/livepatch/livepatch-shadow-fix1.ko |
| * |
| * Continue watching dmesg and note that now livepatch_fix1_dummy_free() |
| * and livepatch_fix1_dummy_alloc() are logging messages about leaked |
| * memory and eventually leaks prevented. |
| * |
| * |
| * Step 3 - Load livepatch fix2 (on top of fix1): |
| * |
| * insmod samples/livepatch/livepatch-shadow-fix2.ko |
| * |
| * This module extends functionality through shadow variables, as a new |
| * "check" counter is added to the dummy structure. Periodic dmesg |
| * messages will log these as dummies are cleaned up. |
| * |
| * |
| * Step 4 - Cleanup |
| * |
| * Unwind the demonstration by disabling the livepatch fix modules, then |
| * removing them and the demo module: |
| * |
| * echo 0 > /sys/kernel/livepatch/livepatch_shadow_fix2/enabled |
| * echo 0 > /sys/kernel/livepatch/livepatch_shadow_fix1/enabled |
| * rmmod livepatch-shadow-fix2 |
| * rmmod livepatch-shadow-fix1 |
| * rmmod livepatch-shadow-mod |
| */ |
| |
| |
| #include <linux/kernel.h> |
| #include <linux/module.h> |
| #include <linux/sched.h> |
| #include <linux/slab.h> |
| #include <linux/stat.h> |
| #include <linux/workqueue.h> |
| |
| MODULE_LICENSE("GPL"); |
| MODULE_AUTHOR("Joe Lawrence <joe.lawrence@redhat.com>"); |
| MODULE_DESCRIPTION("Buggy module for shadow variable demo"); |
| |
| /* Allocate new dummies every second */ |
| #define ALLOC_PERIOD 1 |
| /* Check for expired dummies after a few new ones have been allocated */ |
| #define CLEANUP_PERIOD (3 * ALLOC_PERIOD) |
| /* Dummies expire after a few cleanup instances */ |
| #define EXPIRE_PERIOD (4 * CLEANUP_PERIOD) |
| |
| /* |
| * Keep a list of all the dummies so we can clean up any residual ones |
| * on module exit |
| */ |
| static LIST_HEAD(dummy_list); |
| static DEFINE_MUTEX(dummy_list_mutex); |
| |
| struct dummy { |
| struct list_head list; |
| unsigned long jiffies_expire; |
| }; |
| |
| static __used noinline struct dummy *dummy_alloc(void) |
| { |
| struct dummy *d; |
| void *leak; |
| |
| d = kzalloc(sizeof(*d), GFP_KERNEL); |
| if (!d) |
| return NULL; |
| |
| d->jiffies_expire = jiffies + |
| msecs_to_jiffies(1000 * EXPIRE_PERIOD); |
| |
| /* Oops, forgot to save leak! */ |
| leak = kzalloc(sizeof(int), GFP_KERNEL); |
| if (!leak) { |
| kfree(d); |
| return NULL; |
| } |
| |
| pr_info("%s: dummy @ %p, expires @ %lx\n", |
| __func__, d, d->jiffies_expire); |
| |
| return d; |
| } |
| |
| static __used noinline void dummy_free(struct dummy *d) |
| { |
| pr_info("%s: dummy @ %p, expired = %lx\n", |
| __func__, d, d->jiffies_expire); |
| |
| kfree(d); |
| } |
| |
| static __used noinline bool dummy_check(struct dummy *d, |
| unsigned long jiffies) |
| { |
| return time_after(jiffies, d->jiffies_expire); |
| } |
| |
| /* |
| * alloc_work_func: allocates new dummy structures, allocates additional |
| * memory, aptly named "leak", but doesn't keep |
| * permanent record of it. |
| */ |
| |
| static void alloc_work_func(struct work_struct *work); |
| static DECLARE_DELAYED_WORK(alloc_dwork, alloc_work_func); |
| |
| static void alloc_work_func(struct work_struct *work) |
| { |
| struct dummy *d; |
| |
| d = dummy_alloc(); |
| if (!d) |
| return; |
| |
| mutex_lock(&dummy_list_mutex); |
| list_add(&d->list, &dummy_list); |
| mutex_unlock(&dummy_list_mutex); |
| |
| schedule_delayed_work(&alloc_dwork, |
| msecs_to_jiffies(1000 * ALLOC_PERIOD)); |
| } |
| |
| /* |
| * cleanup_work_func: frees dummy structures. Without knownledge of |
| * "leak", it leaks the additional memory that |
| * alloc_work_func created. |
| */ |
| |
| static void cleanup_work_func(struct work_struct *work); |
| static DECLARE_DELAYED_WORK(cleanup_dwork, cleanup_work_func); |
| |
| static void cleanup_work_func(struct work_struct *work) |
| { |
| struct dummy *d, *tmp; |
| unsigned long j; |
| |
| j = jiffies; |
| pr_info("%s: jiffies = %lx\n", __func__, j); |
| |
| mutex_lock(&dummy_list_mutex); |
| list_for_each_entry_safe(d, tmp, &dummy_list, list) { |
| |
| /* Kick out and free any expired dummies */ |
| if (dummy_check(d, j)) { |
| list_del(&d->list); |
| dummy_free(d); |
| } |
| } |
| mutex_unlock(&dummy_list_mutex); |
| |
| schedule_delayed_work(&cleanup_dwork, |
| msecs_to_jiffies(1000 * CLEANUP_PERIOD)); |
| } |
| |
| static int livepatch_shadow_mod_init(void) |
| { |
| schedule_delayed_work(&alloc_dwork, |
| msecs_to_jiffies(1000 * ALLOC_PERIOD)); |
| schedule_delayed_work(&cleanup_dwork, |
| msecs_to_jiffies(1000 * CLEANUP_PERIOD)); |
| |
| return 0; |
| } |
| |
| static void livepatch_shadow_mod_exit(void) |
| { |
| struct dummy *d, *tmp; |
| |
| /* Wait for any dummies at work */ |
| cancel_delayed_work_sync(&alloc_dwork); |
| cancel_delayed_work_sync(&cleanup_dwork); |
| |
| /* Cleanup residual dummies */ |
| list_for_each_entry_safe(d, tmp, &dummy_list, list) { |
| list_del(&d->list); |
| dummy_free(d); |
| } |
| } |
| |
| module_init(livepatch_shadow_mod_init); |
| module_exit(livepatch_shadow_mod_exit); |