1 /*
2  * Copyright (c) 2016 Oracle and/or its affiliates. All rights reserved.
3  *
4  */
5 
6 #ifndef __XEN_LIVEPATCH_H__
7 #define __XEN_LIVEPATCH_H__
8 
9 struct livepatch_elf;
10 struct livepatch_elf_sec;
11 struct livepatch_elf_sym;
12 struct xen_sysctl_livepatch_op;
13 
14 #include <xen/elfstructs.h>
15 #include <xen/errno.h> /* For -ENOSYS or -EOVERFLOW */
16 #ifdef CONFIG_LIVEPATCH
17 
18 /*
19  * We use alternative and exception table code - which by default are __init
20  * only, however we need them during runtime. These macros allows us to build
21  * the image with these functions built-in. (See the #else below).
22  */
23 #define init_or_livepatch_const
24 #define init_or_livepatch_constrel
25 #define init_or_livepatch_data
26 #define init_or_livepatch
27 
28 /* Convenience define for printk. */
29 #define LIVEPATCH             "livepatch: "
30 /* ELF payload special section names. */
31 #define ELF_LIVEPATCH_FUNC    ".livepatch.funcs"
32 #define ELF_LIVEPATCH_DEPENDS ".livepatch.depends"
33 #define ELF_BUILD_ID_NOTE      ".note.gnu.build-id"
34 /* Arbitrary limit for payload size and .bss section size. */
35 #define LIVEPATCH_MAX_SIZE     MB(2)
36 
37 struct livepatch_symbol {
38     const char *name;
39     unsigned long value;
40     unsigned int size;
41     bool_t new_symbol;
42 };
43 
44 int livepatch_op(struct xen_sysctl_livepatch_op *);
45 void check_for_livepatch_work(void);
46 unsigned long livepatch_symbols_lookup_by_name(const char *symname);
47 bool_t is_patch(const void *addr);
48 
49 /* Arch hooks. */
50 int arch_livepatch_verify_elf(const struct livepatch_elf *elf);
51 bool arch_livepatch_symbol_ok(const struct livepatch_elf *elf,
52                               const struct livepatch_elf_sym *sym);
53 bool arch_livepatch_symbol_deny(const struct livepatch_elf *elf,
54                                 const struct livepatch_elf_sym *sym);
55 int arch_livepatch_perform_rel(struct livepatch_elf *elf,
56                                const struct livepatch_elf_sec *base,
57                                const struct livepatch_elf_sec *rela);
58 int arch_livepatch_perform_rela(struct livepatch_elf *elf,
59                                 const struct livepatch_elf_sec *base,
60                                 const struct livepatch_elf_sec *rela);
61 enum va_type {
62     LIVEPATCH_VA_RX, /* .text */
63     LIVEPATCH_VA_RW, /* .data */
64     LIVEPATCH_VA_RO, /* .rodata */
65 };
66 
67 /*
68  * Function to secure the allocate pages (from arch_livepatch_alloc_payload)
69  * with the right page permissions.
70  */
71 int arch_livepatch_secure(const void *va, unsigned int pages, enum va_type types);
72 
73 void arch_livepatch_init(void);
74 
75 #include <public/sysctl.h> /* For struct livepatch_func. */
76 #include <asm/livepatch.h>
77 int arch_livepatch_verify_func(const struct livepatch_func *func);
78 
79 static inline
livepatch_insn_len(const struct livepatch_func * func)80 unsigned int livepatch_insn_len(const struct livepatch_func *func)
81 {
82     if ( !func->new_addr )
83         return func->new_size;
84 
85     return ARCH_PATCH_INSN_SIZE;
86 }
87 
livepatch_verify_distance(const struct livepatch_func * func)88 static inline int livepatch_verify_distance(const struct livepatch_func *func)
89 {
90     long offset;
91     long range = ARCH_LIVEPATCH_RANGE;
92 
93     if ( !func->new_addr ) /* Ignore NOPs. */
94         return 0;
95 
96     offset = func->old_addr - func->new_addr;
97     if ( offset < -range || offset >= range )
98         return -EOVERFLOW;
99 
100     return 0;
101 }
102 /*
103  * These functions are called around the critical region patching live code,
104  * for an architecture to take make appropratie global state adjustments.
105  */
106 int arch_livepatch_quiesce(void);
107 void arch_livepatch_revive(void);
108 
109 void arch_livepatch_apply(struct livepatch_func *func);
110 void arch_livepatch_revert(const struct livepatch_func *func);
111 void arch_livepatch_post_action(void);
112 
113 void arch_livepatch_mask(void);
114 void arch_livepatch_unmask(void);
115 #else
116 
117 /*
118  * If not compiling with Live Patch certain functionality should stay as
119  * __init.
120  */
121 #define init_or_livepatch_const       __initconst
122 #define init_or_livepatch_constrel    __initconstrel
123 #define init_or_livepatch_data        __initdata
124 #define init_or_livepatch             __init
125 
livepatch_op(struct xen_sysctl_livepatch_op * op)126 static inline int livepatch_op(struct xen_sysctl_livepatch_op *op)
127 {
128     return -ENOSYS;
129 }
130 
check_for_livepatch_work(void)131 static inline void check_for_livepatch_work(void) { };
is_patch(const void * addr)132 static inline bool_t is_patch(const void *addr)
133 {
134     return 0;
135 }
136 #endif /* CONFIG_LIVEPATCH */
137 
138 #endif /* __XEN_LIVEPATCH_H__ */
139 
140 /*
141  * Local variables:
142  * mode: C
143  * c-file-style: "BSD"
144  * c-basic-offset: 4
145  * tab-width: 4
146  * indent-tabs-mode: nil
147  * End:
148  */
149