[mirror_ubuntu-kernels.git] / samples / livepatch / livepatch-shadow-mod.c

/*
 * Copyright (C) 2017 Joe Lawrence <joe.lawrence@redhat.com>
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, see <http://www.gnu.org/licenses/>.
 */

/*
 * livepatch-shadow-mod.c - Shadow variables, buggy module demo
 *
 * Purpose
 * -------
 *
 * As a demonstration of livepatch shadow variable API, this module
 * introduces memory leak behavior that livepatch modules
 * livepatch-shadow-fix1.ko and livepatch-shadow-fix2.ko correct and
 * enhance.
 *
 * WARNING - even though the livepatch-shadow-fix modules patch the
 * memory leak, please load these modules at your own risk -- some
 * amount of memory may leaked before the bug is patched.
 *
 *
 * Usage
 * -----
 *
 * Step 1 - Load the buggy demonstration module:
 *
 *   insmod samples/livepatch/livepatch-shadow-mod.ko
 *
 * Watch dmesg output for a few moments to see new dummy being allocated
 * and a periodic cleanup check.  (Note: a small amount of memory is
 * being leaked.)
 *
 *
 * Step 2 - Load livepatch fix1:
 *
 *   insmod samples/livepatch/livepatch-shadow-fix1.ko
 *
 * Continue watching dmesg and note that now livepatch_fix1_dummy_free()
 * and livepatch_fix1_dummy_alloc() are logging messages about leaked
 * memory and eventually leaks prevented.
 *
 *
 * Step 3 - Load livepatch fix2 (on top of fix1):
 *
 *   insmod samples/livepatch/livepatch-shadow-fix2.ko
 *
 * This module extends functionality through shadow variables, as a new
 * "check" counter is added to the dummy structure.  Periodic dmesg
 * messages will log these as dummies are cleaned up.
 *
 *
 * Step 4 - Cleanup
 *
 * Unwind the demonstration by disabling the livepatch fix modules, then
 * removing them and the demo module:
 *
 *   echo 0 > /sys/kernel/livepatch/livepatch_shadow_fix2/enabled
 *   echo 0 > /sys/kernel/livepatch/livepatch_shadow_fix1/enabled
 *   rmmod livepatch-shadow-fix2
 *   rmmod livepatch-shadow-fix1
 *   rmmod livepatch-shadow-mod
 */


#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/sched.h>
#include <linux/slab.h>
#include <linux/stat.h>
#include <linux/workqueue.h>

MODULE_LICENSE("GPL");
MODULE_AUTHOR("Joe Lawrence <joe.lawrence@redhat.com>");
MODULE_DESCRIPTION("Buggy module for shadow variable demo");

/* Allocate new dummies every second */
#define ALLOC_PERIOD	1
/* Check for expired dummies after a few new ones have been allocated */
#define CLEANUP_PERIOD	(3 * ALLOC_PERIOD)
/* Dummies expire after a few cleanup instances */
#define EXPIRE_PERIOD	(4 * CLEANUP_PERIOD)

/*
 * Keep a list of all the dummies so we can clean up any residual ones
 * on module exit
 */
static LIST_HEAD(dummy_list);
static DEFINE_MUTEX(dummy_list_mutex);

struct dummy {
	struct list_head list;
	unsigned long jiffies_expire;
};

static __used noinline struct dummy *dummy_alloc(void)
{
	struct dummy *d;
	void *leak;

	d = kzalloc(sizeof(*d), GFP_KERNEL);
	if (!d)
		return NULL;

	d->jiffies_expire = jiffies +
		msecs_to_jiffies(1000 * EXPIRE_PERIOD);

	/* Oops, forgot to save leak! */
	leak = kzalloc(sizeof(int), GFP_KERNEL);
	if (!leak) {
		kfree(d);
		return NULL;
	}

	pr_info("%s: dummy @ %p, expires @ %lx\n",
		__func__, d, d->jiffies_expire);

	return d;
}

static __used noinline void dummy_free(struct dummy *d)
{
	pr_info("%s: dummy @ %p, expired = %lx\n",
		__func__, d, d->jiffies_expire);

	kfree(d);
}

static __used noinline bool dummy_check(struct dummy *d,
					   unsigned long jiffies)
{
	return time_after(jiffies, d->jiffies_expire);
}

/*
 * alloc_work_func: allocates new dummy structures, allocates additional
 *                  memory, aptly named "leak", but doesn't keep
 *                  permanent record of it.
 */

static void alloc_work_func(struct work_struct *work);
static DECLARE_DELAYED_WORK(alloc_dwork, alloc_work_func);

static void alloc_work_func(struct work_struct *work)
{
	struct dummy *d;

	d = dummy_alloc();
	if (!d)
		return;

	mutex_lock(&dummy_list_mutex);
	list_add(&d->list, &dummy_list);
	mutex_unlock(&dummy_list_mutex);

	schedule_delayed_work(&alloc_dwork,
		msecs_to_jiffies(1000 * ALLOC_PERIOD));
}

/*
 * cleanup_work_func: frees dummy structures.  Without knownledge of
 *                    "leak", it leaks the additional memory that
 *                    alloc_work_func created.
 */

static void cleanup_work_func(struct work_struct *work);
static DECLARE_DELAYED_WORK(cleanup_dwork, cleanup_work_func);

static void cleanup_work_func(struct work_struct *work)
{
	struct dummy *d, *tmp;
	unsigned long j;

	j = jiffies;
	pr_info("%s: jiffies = %lx\n", __func__, j);

	mutex_lock(&dummy_list_mutex);
	list_for_each_entry_safe(d, tmp, &dummy_list, list) {

		/* Kick out and free any expired dummies */
		if (dummy_check(d, j)) {
			list_del(&d->list);
			dummy_free(d);
		}
	}
	mutex_unlock(&dummy_list_mutex);

	schedule_delayed_work(&cleanup_dwork,
		msecs_to_jiffies(1000 * CLEANUP_PERIOD));
}

static int livepatch_shadow_mod_init(void)
{
	schedule_delayed_work(&alloc_dwork,
		msecs_to_jiffies(1000 * ALLOC_PERIOD));
	schedule_delayed_work(&cleanup_dwork,
		msecs_to_jiffies(1000 * CLEANUP_PERIOD));

	return 0;
}

static void livepatch_shadow_mod_exit(void)
{
	struct dummy *d, *tmp;

	/* Wait for any dummies at work */
	cancel_delayed_work_sync(&alloc_dwork);
	cancel_delayed_work_sync(&cleanup_dwork);

	/* Cleanup residual dummies */
	list_for_each_entry_safe(d, tmp, &dummy_list, list) {
		list_del(&d->list);
		dummy_free(d);
	}
}

module_init(livepatch_shadow_mod_init);
module_exit(livepatch_shadow_mod_exit);
Commit	Line	Data
439e7271 JL	1	/*
	2	* Copyright (C) 2017 Joe Lawrence <joe.lawrence@redhat.com>
	3	*
	4	* This program is free software; you can redistribute it and/or
	5	* modify it under the terms of the GNU General Public License
	6	* as published by the Free Software Foundation; either version 2
	7	* of the License, or (at your option) any later version.
	8	*
	9	* This program is distributed in the hope that it will be useful,
	10	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	* GNU General Public License for more details.
	13	*
	14	* You should have received a copy of the GNU General Public License
	15	* along with this program; if not, see <http://www.gnu.org/licenses/>.
	16	*/
	17
	18	/*
	19	* livepatch-shadow-mod.c - Shadow variables, buggy module demo
	20	*
	21	* Purpose
	22	* -------
	23	*
	24	* As a demonstration of livepatch shadow variable API, this module
	25	* introduces memory leak behavior that livepatch modules
	26	* livepatch-shadow-fix1.ko and livepatch-shadow-fix2.ko correct and
	27	* enhance.
	28	*
	29	* WARNING - even though the livepatch-shadow-fix modules patch the
	30	* memory leak, please load these modules at your own risk -- some
	31	* amount of memory may leaked before the bug is patched.
	32	*
	33	*
	34	* Usage
	35	* -----
	36	*
	37	* Step 1 - Load the buggy demonstration module:
	38	*
	39	* insmod samples/livepatch/livepatch-shadow-mod.ko
	40	*
	41	* Watch dmesg output for a few moments to see new dummy being allocated
	42	* and a periodic cleanup check. (Note: a small amount of memory is
	43	* being leaked.)
	44	*
	45	*
	46	* Step 2 - Load livepatch fix1:
	47	*
	48	* insmod samples/livepatch/livepatch-shadow-fix1.ko
	49	*
	50	* Continue watching dmesg and note that now livepatch_fix1_dummy_free()
	51	* and livepatch_fix1_dummy_alloc() are logging messages about leaked
	52	* memory and eventually leaks prevented.
	53	*
	54	*
	55	* Step 3 - Load livepatch fix2 (on top of fix1):
	56	*
	57	* insmod samples/livepatch/livepatch-shadow-fix2.ko
	58	*
	59	* This module extends functionality through shadow variables, as a new
	60	* "check" counter is added to the dummy structure. Periodic dmesg
	61	* messages will log these as dummies are cleaned up.
	62	*
	63	*
	64	* Step 4 - Cleanup
65	*
66	* Unwind the demonstration by disabling the livepatch fix modules, then
67	* removing them and the demo module:
68	*
69	* echo 0 > /sys/kernel/livepatch/livepatch_shadow_fix2/enabled
70	* echo 0 > /sys/kernel/livepatch/livepatch_shadow_fix1/enabled
71	* rmmod livepatch-shadow-fix2
72	* rmmod livepatch-shadow-fix1
73	* rmmod livepatch-shadow-mod
74	*/
75
76
77	#include <linux/kernel.h>
78	#include <linux/module.h>
79	#include <linux/sched.h>
80	#include <linux/slab.h>
81	#include <linux/stat.h>
82	#include <linux/workqueue.h>
83
84	MODULE_LICENSE("GPL");
85	MODULE_AUTHOR("Joe Lawrence <joe.lawrence@redhat.com>");
86	MODULE_DESCRIPTION("Buggy module for shadow variable demo");
87
88	/* Allocate new dummies every second */
89	#define ALLOC_PERIOD 1
90	/* Check for expired dummies after a few new ones have been allocated */
91	#define CLEANUP_PERIOD (3 * ALLOC_PERIOD)
92	/* Dummies expire after a few cleanup instances */
93	#define EXPIRE_PERIOD (4 * CLEANUP_PERIOD)
94
95	/*
96	* Keep a list of all the dummies so we can clean up any residual ones
97	* on module exit
98	*/
b73d5dc7 NMG	99	static LIST_HEAD(dummy_list);
b73d5dc7 NMG	100	static DEFINE_MUTEX(dummy_list_mutex);
439e7271 JL	101
	102	struct dummy {
	103	struct list_head list;
	104	unsigned long jiffies_expire;
	105	};
	106
b73d5dc7	107	static __used noinline struct dummy *dummy_alloc(void)
439e7271 JL	108	{
	109	struct dummy *d;
	110	void *leak;
	111
	112	d = kzalloc(sizeof(*d), GFP_KERNEL);
	113	if (!d)
	114	return NULL;
	115
	116	d->jiffies_expire = jiffies +
	117	msecs_to_jiffies(1000 * EXPIRE_PERIOD);
	118
	119	/* Oops, forgot to save leak! */
	120	leak = kzalloc(sizeof(int), GFP_KERNEL);
5f30b2e8 NMG	121	if (!leak) {
	122	kfree(d);
	123	return NULL;
	124	}
439e7271 JL	125
	126	pr_info("%s: dummy @ %p, expires @ %lx\n",
	127	__func__, d, d->jiffies_expire);
	128
	129	return d;
	130	}
	131
b73d5dc7	132	static __used noinline void dummy_free(struct dummy *d)
439e7271 JL	133	{
	134	pr_info("%s: dummy @ %p, expired = %lx\n",
	135	__func__, d, d->jiffies_expire);
	136
	137	kfree(d);
	138	}
	139
b73d5dc7 NMG	140	static __used noinline bool dummy_check(struct dummy *d,
b73d5dc7 NMG	141	unsigned long jiffies)
439e7271 JL	142	{
	143	return time_after(jiffies, d->jiffies_expire);
	144	}
	145
	146	/*
	147	* alloc_work_func: allocates new dummy structures, allocates additional
	148	* memory, aptly named "leak", but doesn't keep
	149	* permanent record of it.
	150	*/
	151
	152	static void alloc_work_func(struct work_struct *work);
	153	static DECLARE_DELAYED_WORK(alloc_dwork, alloc_work_func);
	154
	155	static void alloc_work_func(struct work_struct *work)
	156	{
	157	struct dummy *d;
	158
	159	d = dummy_alloc();
	160	if (!d)
	161	return;
	162
	163	mutex_lock(&dummy_list_mutex);
	164	list_add(&d->list, &dummy_list);
	165	mutex_unlock(&dummy_list_mutex);
	166
	167	schedule_delayed_work(&alloc_dwork,
	168	msecs_to_jiffies(1000 * ALLOC_PERIOD));
	169	}
	170
	171	/*
	172	* cleanup_work_func: frees dummy structures. Without knownledge of
	173	* "leak", it leaks the additional memory that
	174	* alloc_work_func created.
	175	*/
	176
	177	static void cleanup_work_func(struct work_struct *work);
	178	static DECLARE_DELAYED_WORK(cleanup_dwork, cleanup_work_func);
	179
	180	static void cleanup_work_func(struct work_struct *work)
	181	{
	182	struct dummy d, tmp;
	183	unsigned long j;
	184
	185	j = jiffies;
	186	pr_info("%s: jiffies = %lx\n", __func__, j);
	187
	188	mutex_lock(&dummy_list_mutex);
	189	list_for_each_entry_safe(d, tmp, &dummy_list, list) {
	190
	191	/* Kick out and free any expired dummies */
	192	if (dummy_check(d, j)) {
	193	list_del(&d->list);
	194	dummy_free(d);
	195	}
	196	}
	197	mutex_unlock(&dummy_list_mutex);
	198
	199	schedule_delayed_work(&cleanup_dwork,
	200	msecs_to_jiffies(1000 * CLEANUP_PERIOD));
	201	}
	202
	203	static int livepatch_shadow_mod_init(void)
	204	{
	205	schedule_delayed_work(&alloc_dwork,
206	msecs_to_jiffies(1000 * ALLOC_PERIOD));
207	schedule_delayed_work(&cleanup_dwork,
208	msecs_to_jiffies(1000 * CLEANUP_PERIOD));
209
210	return 0;
211	}
212
213	static void livepatch_shadow_mod_exit(void)
214	{
215	struct dummy d, tmp;
216
217	/* Wait for any dummies at work */
218	cancel_delayed_work_sync(&alloc_dwork);
219	cancel_delayed_work_sync(&cleanup_dwork);
220
221	/* Cleanup residual dummies */
222	list_for_each_entry_safe(d, tmp, &dummy_list, list) {
223	list_del(&d->list);
224	dummy_free(d);
225	}
226	}
227
228	module_init(livepatch_shadow_mod_init);
229	module_exit(livepatch_shadow_mod_exit);