[PATCH v2] livepatch: Prevent livepatch to apply the uninitialized patch

From: Minfei Huang
Date: Tue May 12 2015 - 04:22:29 EST

The previous patches can be applied, once the corresponding module is
loaded. In general, the patch will do relocation (if necessary) and
obtain/verify function address before we start to enable patch.

In some case, the uninitialized patch can be applied to the kernel.
Following is the case to describe the scenario step by step.

1) Patch a patch to the kernel before the corresponding module being
2) Call klp_module_notify_coming to enable the patch, once the module
is loaded.
3) Do the instruction "obj->mod = mod", whatever the result of
klp_module_notify_coming is
4) Fail to call the klp_init_object_loaded or klp_enable_object
5) klp_module_notify_coming returns, now the module is working

6) Enable the patch from the userspace (disable patch firstly, then
enable the patch via sysfs)
7) Call __klp_enable_patch to enable patch
8) Pass the limitation (klp_init_object_loaded), because the value
of obj->mod is not NULL (obtain the value from step 3)
9) Patch is applied, though it is uninitialized (do not relocate
and obtain old_addr)

It is fatal to kernel, once the uninitialized patch is appled. To
fix it, obj->mod will nerver obtain the value, if livepatch fails
to call the klp_module_notify_coming.

Signed-off-by: Minfei Huang <mnfhuang@xxxxxxxxx>
- modify the commit log, describe the issue more details
kernel/livepatch/core.c | 23 +++++++++++++----------
1 file changed, 13 insertions(+), 10 deletions(-)

diff --git a/kernel/livepatch/core.c b/kernel/livepatch/core.c
index 284e269..4bbcdda 100644
--- a/kernel/livepatch/core.c
+++ b/kernel/livepatch/core.c
@@ -883,30 +883,30 @@ int klp_register_patch(struct klp_patch *patch)

-static void klp_module_notify_coming(struct klp_patch *patch,
+static int klp_module_notify_coming(struct klp_patch *patch,
struct klp_object *obj)
struct module *pmod = patch->mod;
struct module *mod = obj->mod;
- int ret;
+ int ret = 0;

ret = klp_init_object_loaded(patch, obj);
if (ret)
- goto err;
+ goto out;

if (patch->state == KLP_DISABLED)
- return;
+ goto out;

pr_notice("applying patch '%s' to loading module '%s'\n",
pmod->name, mod->name);

ret = klp_enable_object(obj);
- if (!ret)
- return;

- pr_warn("failed to apply patch '%s' to module '%s' (%d)\n",
- pmod->name, mod->name, ret);
+ if (ret)
+ pr_warn("failed to apply patch '%s' to module '%s' (%d)\n",
+ pmod->name, mod->name, ret);
+ return ret;

static void klp_module_notify_going(struct klp_patch *patch,
@@ -930,6 +930,7 @@ disabled:
static int klp_module_notify(struct notifier_block *nb, unsigned long action,
void *data)
+ int ret = 0;
struct module *mod = data;
struct klp_patch *patch;
struct klp_object *obj;
@@ -955,7 +956,9 @@ static int klp_module_notify(struct notifier_block *nb, unsigned long action,

if (action == MODULE_STATE_COMING) {
obj->mod = mod;
- klp_module_notify_coming(patch, obj);
+ ret = klp_module_notify_coming(patch, obj);
+ if (ret)
+ obj->mod = NULL;
klp_module_notify_going(patch, obj);


