rpms / kpatch

Clone
Source Code
GIT

Blame SOURCES/0100-kpatch-wait-for-module-ref-counts-on-unload.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   0b18cb928a686e971f2f3c0466a78f0d310f2fda
  2.   SOURCES
  3.   0100-kpatch-wait-for-module-ref-counts-on-unload.patch
Blob History Raw
3cf1e4 
From cdee6bd650a35075515d4fe2bb67657811c9640c Mon Sep 17 00:00:00 2001
3cf1e4 
From: Joe Lawrence <joe.lawrence@redhat.com>
3cf1e4 
Date: Mon, 16 Nov 2020 15:21:59 -0500
3cf1e4 
Subject: [PATCH] kpatch: wait for module ref counts on unload
3cf1e4
3cf1e4 
There exists a very small timing window in which "kpatch unload" gets to
3cf1e4 
its "rmmod" step before the kpatch-patch module's reference count has
3cf1e4 
cleared and the "rmmod" fails.
3cf1e4
3cf1e4 
This is only a transient problem, but we can adopt code from upstream
3cf1e4 
livepatch kselftests which wait for the module refcounts to settle
3cf1e4 
before moving onto "rmmod".
3cf1e4
3cf1e4 
A small wrinkle is that this is not supported by the older kpatch.ko
3cf1e4 
core.  The price for circumventing the activeness safety check via
3cf1e4 
KPATCH_FORCE_UNSAFE is that it must leave the kpatch patch modules in
3cf1e4 
place (see e1890e627a9b ("prevent rmmod of forced modules")).
3cf1e4
3cf1e4 
Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
3cf1e4 
---
3cf1e4 
 kpatch/kpatch | 40 ++++++++++++++++++++++++++++++++++++++--
3cf1e4 
 1 file changed, 38 insertions(+), 2 deletions(-)
3cf1e4
3cf1e4 
diff --git a/kpatch/kpatch b/kpatch/kpatch
3cf1e4 
index bca8f41..b35b742 100755
3cf1e4 
--- a/kpatch/kpatch
3cf1e4 
+++ b/kpatch/kpatch
3cf1e4 
@@ -28,6 +28,7 @@ SCRIPTDIR="$(readlink -f "$(dirname "$(type -p "$0")")")"
3cf1e4 
 VERSION="0.9.2"
3cf1e4 
 POST_ENABLE_WAIT=15	# seconds
3cf1e4 
 POST_SIGNAL_WAIT=60	# seconds
3cf1e4 
+MODULE_REF_WAIT=15	# seconds
3cf1e4
3cf1e4 
 # How many times to try loading the patch if activeness safety check fails.
3cf1e4 
 MAX_LOAD_ATTEMPTS=5
3cf1e4 
@@ -125,6 +126,10 @@ find_core_module() {
3cf1e4 
 	return 1
3cf1e4 
 }
3cf1e4
3cf1e4 
+kpatch_core_loaded() {
3cf1e4 
+	grep -q -e "T kpatch_register" /proc/kallsyms
3cf1e4 
+}
3cf1e4 
+
3cf1e4 
 core_loaded () {
3cf1e4 
 	grep -q -e "T klp_enable_patch" -e "T kpatch_register" /proc/kallsyms
3cf1e4 
 }
3cf1e4 
@@ -265,6 +270,31 @@ wait_for_patch_transition() {
3cf1e4 
 	return 1
3cf1e4 
 }
3cf1e4
3cf1e4 
+module_ref_count() {
3cf1e4 
+	local modname="$1"
3cf1e4 
+	[[ $(cat "/sys/module/$modname/refcnt" 2>/dev/null) != "0" ]]
3cf1e4 
+}
3cf1e4 
+
3cf1e4 
+wait_for_zero_module_ref_count() {
3cf1e4 
+	local modname="$1"
3cf1e4 
+	local i=0
3cf1e4 
+
3cf1e4 
+	# We can't rely on a zero refcount with kpatch.ko as it
3cf1e4 
+	# implements KPATCH_FORCE_UNSAFE with an additional reference on
3cf1e4 
+	# kpatch-patch modules to avoid potential crashes.
3cf1e4 
+	kpatch_core_loaded && return 0
3cf1e4 
+
3cf1e4 
+	module_ref_count "$modname" || return 0
3cf1e4 
+
3cf1e4 
+	echo "waiting (up to $MODULE_REF_WAIT seconds) for module refcount..."
3cf1e4 
+	for (( i=0; i
3cf1e4 
+		module_ref_count "$modname" || return 0
3cf1e4 
+		sleep 1s
3cf1e4 
+	done
3cf1e4 
+
3cf1e4 
+	return 1
3cf1e4 
+}
3cf1e4 
+
3cf1e4 
 load_module () {
3cf1e4 
 	local module="$1"
3cf1e4
3cf1e4 
@@ -381,10 +411,16 @@ disable_patch_strict () {
3cf1e4 
 }
3cf1e4
3cf1e4 
 remove_module () {
3cf1e4 
-	echo "unloading patch module: $1"
3cf1e4 
+	local modname="$1"
3cf1e4 
+
3cf1e4 
+	if ! wait_for_zero_module_ref_count "$modname"; then
3cf1e4 
+		die "failed to unload module $modname (refcnt)"
3cf1e4 
+	fi
3cf1e4 
+
3cf1e4 
+	echo "unloading patch module: $modname"
3cf1e4 
 	# ignore any error here because rmmod can fail if the module used
3cf1e4 
 	# KPATCH_FORCE_UNSAFE.
3cf1e4 
-	rmmod "$1" 2> /dev/null || return 0
3cf1e4 
+	rmmod "$modname" 2> /dev/null || return 0
3cf1e4 
 }
3cf1e4
3cf1e4 
 unload_module () {
3cf1e4 
--
3cf1e4 
2.25.4
3cf1e4

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation