On 01/20/2015, 04:26 PM, Josh Poimboeuf wrote:
> Only allow the topmost patch on the stack to be enabled or disabled, so
> that patches can't be removed or added in an arbitrary order.
>
> Suggested-by: Jiri Kosina <jkosina@xxxxxxx>
> Signed-off-by: Josh Poimboeuf <jpoimboe@xxxxxxxxxx>
Reviewed-by: Jiri Slaby <jslaby@xxxxxxx>
> ---
> kernel/livepatch/core.c | 10 ++++++++++
> 1 file changed, 10 insertions(+)
>
> diff --git a/kernel/livepatch/core.c b/kernel/livepatch/core.c
> index 3d9c00b..2401e7f 100644
> --- a/kernel/livepatch/core.c
> +++ b/kernel/livepatch/core.c
> @@ -379,6 +379,11 @@ static int __klp_disable_patch(struct klp_patch *patch)
> struct klp_object *obj;
> int ret;
>
> + /* enforce stacking: only the last enabled patch can be disabled */
> + if (!list_is_last(&patch->list, &klp_patches) &&
> + list_next_entry(patch, list)->state == KLP_ENABLED)
> + return -EBUSY;
> +
> pr_notice("disabling patch '%s'\n", patch->mod->name);
>
> for (obj = patch->objs; obj->funcs; obj++) {
> @@ -435,6 +440,11 @@ static int __klp_enable_patch(struct klp_patch *patch)
> if (WARN_ON(patch->state != KLP_DISABLED))
> return -EINVAL;
>
> + /* enforce stacking: only the first disabled patch can be enabled */
> + if (patch->list.prev != &klp_patches &&
> + list_prev_entry(patch, list)->state == KLP_DISABLED)
> + return -EBUSY;
> +
> pr_notice_once("tainting kernel with TAINT_LIVEPATCH\n");
> add_taint(TAINT_LIVEPATCH, LOCKDEP_STILL_OK);
>
>
thanks,
--
js
suse labs
--
To unsubscribe from this list: send the line "unsubscribe live-patching" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
