[PATCH v7 10/10] livepatch/selftests: add static keys test

From: Joe Lawrence
Date: Mon Mar 06 2023 - 09:27:58 EST


Add a livepatch kselftest that exercises klp-convert support for static
keys:

- Use static_branch_(un)likely() on vmlinux-defined keys, forcing
.rela__jump_table klp-relocations for them.

- Use only static_key_enable() on module-defined keys, creating .text
klp-relocations for them.

Signed-off-by: Joe Lawrence <joe.lawrence@xxxxxxxxxx>
---
lib/livepatch/Makefile | 2 +
lib/livepatch/test_klp_convert.h | 8 ++
lib/livepatch/test_klp_convert_keys.c | 91 +++++++++++++
lib/livepatch/test_klp_convert_keys_mod.c | 52 +++++++
.../selftests/livepatch/test-livepatch.sh | 127 ++++++++++++++++++
5 files changed, 280 insertions(+)
create mode 100644 lib/livepatch/test_klp_convert_keys.c
create mode 100644 lib/livepatch/test_klp_convert_keys_mod.c

diff --git a/lib/livepatch/Makefile b/lib/livepatch/Makefile
index da39aaa5c8fc..a3c2ac61387f 100644
--- a/lib/livepatch/Makefile
+++ b/lib/livepatch/Makefile
@@ -11,6 +11,8 @@ obj-$(CONFIG_TEST_LIVEPATCH) += test_klp_atomic_replace.o \
test_klp_convert2.o \
test_klp_convert_data.o \
test_klp_convert_sections.o \
+ test_klp_convert_keys.o \
+ test_klp_convert_keys_mod.o \
test_klp_convert_mod.o \
test_klp_livepatch.o \
test_klp_shadow_vars.o \
diff --git a/lib/livepatch/test_klp_convert.h b/lib/livepatch/test_klp_convert.h
index 08c0f4b1dc6b..97d4c26e4c39 100644
--- a/lib/livepatch/test_klp_convert.h
+++ b/lib/livepatch/test_klp_convert.h
@@ -34,4 +34,12 @@ extern int static_const_local_large[4];
extern int static_ro_after_init;
extern int static_read_mostly;

+/* klp-convert symbols - vmlinux */
+extern struct static_key_false tracepoint_printk_key;
+
+/* klp-convert symbols - test_klp_keys_mod.ko */
+extern struct static_key_true test_klp_true_key;
+extern struct static_key_false test_klp_false_key;
+
+
#endif
diff --git a/lib/livepatch/test_klp_convert_keys.c b/lib/livepatch/test_klp_convert_keys.c
new file mode 100644
index 000000000000..90c20e84a146
--- /dev/null
+++ b/lib/livepatch/test_klp_convert_keys.c
@@ -0,0 +1,91 @@
+// SPDX-License-Identifier: GPL-2.0
+// Copyright (C) 2020 Joe Lawrence <joe.lawrence@xxxxxxxxxx>
+
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
+#include <linux/module.h>
+#include <linux/kernel.h>
+#include <linux/livepatch.h>
+#include <linux/jump_label.h>
+#include "test_klp_convert.h"
+
+/*
+ * Carry our own copy of print_key_status() as we want static key code
+ * patching updates to occur in the livepatch module as well as the
+ * target module that defines the static keys.
+ */
+static void print_key_status(char *msg)
+{
+ pr_info("%s: %s\n", __func__, msg);
+
+ /* static_key_enable() only tests the key value */
+ pr_info("static_key_enabled(&tracepoint_printk_key) is %s\n",
+ static_key_enabled(&tracepoint_printk_key) ? "true" : "false");
+ pr_info("static_key_enabled(&test_klp_true_key) is %s\n",
+ static_key_enabled(&test_klp_true_key) ? "true" : "false");
+ pr_info("static_key_enabled(&test_klp_false_key) is %s\n",
+ static_key_enabled(&test_klp_false_key) ? "true" : "false");
+
+ /*
+ * static_branch_(un)likely() requires code patching when the
+ * key value changes
+ */
+ pr_info("static_branch_unlikely(&tracepoint_printk_key) is %s\n",
+ static_branch_unlikely(&tracepoint_printk_key) ? "true" : "false");
+}
+
+/*
+ * sysfs interface to poke the key
+ */
+static bool enable_false_key;
+static int set_enable_false_key(const char *val, const struct kernel_param *kp)
+{
+ print_key_status("set_enable_false_key start");
+ static_branch_enable(&test_klp_false_key);
+ print_key_status("set_enable_false_key enabling test_klp_false_key");
+
+ return 0;
+}
+module_param_call(enable_false_key, set_enable_false_key, NULL,
+ &enable_false_key, 0644);
+MODULE_PARM_DESC(enable_false_key, "Static branch enable");
+
+
+static struct klp_func funcs[] = {
+ { }
+};
+
+static struct klp_object objs[] = {
+ {
+ .name = "test_klp_convert_keys_mod",
+ .funcs = funcs,
+ }, {}
+};
+
+static struct klp_patch patch = {
+ .mod = THIS_MODULE,
+ .objs = objs,
+};
+
+static int test_klp_convert_keys_init(void)
+{
+ int ret;
+
+ ret = klp_enable_patch(&patch);
+ if (ret)
+ return ret;
+
+ return 0;
+}
+
+static void test_klp_convert_keys_exit(void)
+{
+}
+
+module_init(test_klp_convert_keys_init);
+module_exit(test_klp_convert_keys_exit);
+
+MODULE_LICENSE("GPL");
+MODULE_AUTHOR("Joe Lawrence <joe.lawrence@xxxxxxxxxx>");
+MODULE_DESCRIPTION("Livepatch test: static keys");
+MODULE_INFO(livepatch, "Y");
diff --git a/lib/livepatch/test_klp_convert_keys_mod.c b/lib/livepatch/test_klp_convert_keys_mod.c
new file mode 100644
index 000000000000..7b11c2da09c9
--- /dev/null
+++ b/lib/livepatch/test_klp_convert_keys_mod.c
@@ -0,0 +1,52 @@
+// SPDX-License-Identifier: GPL-2.0
+// Copyright (C) 2020 Joe Lawrence <joe.lawrence@xxxxxxxxxx>
+
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
+#include <linux/module.h>
+#include <linux/kernel.h>
+#include <linux/jump_label.h>
+
+static DEFINE_STATIC_KEY_TRUE(test_klp_true_key);
+static DEFINE_STATIC_KEY_FALSE(test_klp_false_key);
+
+static void print_key_status(char *msg)
+{
+ pr_info("%s: %s\n", __func__, msg);
+
+ /* static_key_enable() only tests the key value */
+ pr_info("static_key_enabled(&test_klp_true_key) is %s\n",
+ static_key_enabled(&test_klp_true_key) ? "true" : "false");
+ pr_info("static_key_enabled(&test_klp_false_key) is %s\n",
+ static_key_enabled(&test_klp_false_key) ? "true" : "false");
+
+ /*
+ * static_branch_(un)likely() requires code patching when the
+ * key value changes
+ */
+ pr_info("static_branch_likely(&test_klp_true_key) is %s\n",
+ static_branch_likely(&test_klp_true_key) ? "true" : "false");
+ pr_info("static_branch_unlikely(&test_klp_false_key) is %s\n",
+ static_branch_unlikely(&test_klp_false_key) ? "true" : "false");
+}
+
+static int test_klp_keys_mod_init(void)
+{
+ print_key_status("initial conditions");
+ static_branch_disable(&test_klp_true_key);
+ print_key_status("disabled test_klp_true_key");
+
+ return 0;
+}
+
+static void test_klp_keys_mod_exit(void)
+{
+ print_key_status("unloading conditions");
+}
+
+module_init(test_klp_keys_mod_init);
+module_exit(test_klp_keys_mod_exit);
+
+MODULE_LICENSE("GPL");
+MODULE_AUTHOR("Joe Lawrence <joe.lawrence@xxxxxxxxxx>");
+MODULE_DESCRIPTION("Livepatch test: static keys target module");
diff --git a/tools/testing/selftests/livepatch/test-livepatch.sh b/tools/testing/selftests/livepatch/test-livepatch.sh
index 5bda36b65bb5..8ad284a57770 100755
--- a/tools/testing/selftests/livepatch/test-livepatch.sh
+++ b/tools/testing/selftests/livepatch/test-livepatch.sh
@@ -11,6 +11,8 @@ MOD_KLP_CONVERT1=test_klp_convert1
MOD_KLP_CONVERT2=test_klp_convert2
MOD_KLP_CONVERT_DATA=test_klp_convert_data
MOD_KLP_CONVERT_SECTIONS=test_klp_convert_sections
+MOD_KLP_CONVERT_KEYS_MOD=test_klp_convert_keys_mod
+MOD_KLP_CONVERT_KEYS=test_klp_convert_keys

setup_config

@@ -435,4 +437,129 @@ livepatch: '$MOD_KLP_CONVERT_DATA': unpatching complete
% rmmod $MOD_KLP_CONVERT_MOD"


+# TEST: klp-convert static keys
+# - load a module which defines static keys, updates one of the keys on
+# load (forcing jump table patching)
+# - load a livepatch that references the same keys, resolved by
+# klp-convert tool
+# - poke the livepatch sysfs interface to update one of the key (forcing
+# jump table patching again)
+# - disable and unload the livepatch
+# - remove the module
+
+start_test "klp-convert static keys"
+
+load_mod $MOD_KLP_CONVERT_KEYS_MOD
+load_lp $MOD_KLP_CONVERT_KEYS
+
+echo 1 > /sys/module/$MOD_KLP_CONVERT_KEYS/parameters/enable_false_key
+
+disable_lp $MOD_KLP_CONVERT_KEYS
+unload_lp $MOD_KLP_CONVERT_KEYS
+unload_mod $MOD_KLP_CONVERT_KEYS_MOD
+
+check_result "% modprobe $MOD_KLP_CONVERT_KEYS_MOD
+$MOD_KLP_CONVERT_KEYS_MOD: print_key_status: initial conditions
+$MOD_KLP_CONVERT_KEYS_MOD: static_key_enabled(&test_klp_true_key) is true
+$MOD_KLP_CONVERT_KEYS_MOD: static_key_enabled(&test_klp_false_key) is false
+$MOD_KLP_CONVERT_KEYS_MOD: static_branch_likely(&test_klp_true_key) is true
+$MOD_KLP_CONVERT_KEYS_MOD: static_branch_unlikely(&test_klp_false_key) is false
+$MOD_KLP_CONVERT_KEYS_MOD: print_key_status: disabled test_klp_true_key
+$MOD_KLP_CONVERT_KEYS_MOD: static_key_enabled(&test_klp_true_key) is false
+$MOD_KLP_CONVERT_KEYS_MOD: static_key_enabled(&test_klp_false_key) is false
+$MOD_KLP_CONVERT_KEYS_MOD: static_branch_likely(&test_klp_true_key) is false
+$MOD_KLP_CONVERT_KEYS_MOD: static_branch_unlikely(&test_klp_false_key) is false
+% modprobe $MOD_KLP_CONVERT_KEYS
+livepatch: enabling patch '$MOD_KLP_CONVERT_KEYS'
+livepatch: '$MOD_KLP_CONVERT_KEYS': initializing patching transition
+livepatch: '$MOD_KLP_CONVERT_KEYS': starting patching transition
+livepatch: '$MOD_KLP_CONVERT_KEYS': completing patching transition
+livepatch: '$MOD_KLP_CONVERT_KEYS': patching complete
+$MOD_KLP_CONVERT_KEYS: print_key_status: set_enable_false_key start
+$MOD_KLP_CONVERT_KEYS: static_key_enabled(&tracepoint_printk_key) is false
+$MOD_KLP_CONVERT_KEYS: static_key_enabled(&test_klp_true_key) is false
+$MOD_KLP_CONVERT_KEYS: static_key_enabled(&test_klp_false_key) is false
+$MOD_KLP_CONVERT_KEYS: static_branch_unlikely(&tracepoint_printk_key) is false
+$MOD_KLP_CONVERT_KEYS: print_key_status: set_enable_false_key enabling test_klp_false_key
+$MOD_KLP_CONVERT_KEYS: static_key_enabled(&tracepoint_printk_key) is false
+$MOD_KLP_CONVERT_KEYS: static_key_enabled(&test_klp_true_key) is false
+$MOD_KLP_CONVERT_KEYS: static_key_enabled(&test_klp_false_key) is true
+$MOD_KLP_CONVERT_KEYS: static_branch_unlikely(&tracepoint_printk_key) is false
+% echo 0 > /sys/kernel/livepatch/$MOD_KLP_CONVERT_KEYS/enabled
+livepatch: '$MOD_KLP_CONVERT_KEYS': initializing unpatching transition
+livepatch: '$MOD_KLP_CONVERT_KEYS': starting unpatching transition
+livepatch: '$MOD_KLP_CONVERT_KEYS': completing unpatching transition
+livepatch: '$MOD_KLP_CONVERT_KEYS': unpatching complete
+% rmmod $MOD_KLP_CONVERT_KEYS
+% rmmod $MOD_KLP_CONVERT_KEYS_MOD
+$MOD_KLP_CONVERT_KEYS_MOD: print_key_status: unloading conditions
+$MOD_KLP_CONVERT_KEYS_MOD: static_key_enabled(&test_klp_true_key) is false
+$MOD_KLP_CONVERT_KEYS_MOD: static_key_enabled(&test_klp_false_key) is true
+$MOD_KLP_CONVERT_KEYS_MOD: static_branch_likely(&test_klp_true_key) is false
+$MOD_KLP_CONVERT_KEYS_MOD: static_branch_unlikely(&test_klp_false_key) is true"
+
+
+# TEST: klp-convert static keys (late module patching)
+# - load a module which defines static keys, updates one of the keys on
+# load (forcing jump table patching)
+# - load a livepatch that references the same keys, resolved by
+# klp-convert tool
+# - poke the livepatch sysfs interface to update one of the key (forcing
+# jump table patching again)
+# - disable and unload the livepatch
+# - remove the module
+
+start_test "klp-convert static keys (late module patching)"
+
+load_lp $MOD_KLP_CONVERT_KEYS
+load_mod $MOD_KLP_CONVERT_KEYS_MOD
+
+echo 1 > /sys/module/$MOD_KLP_CONVERT_KEYS/parameters/enable_false_key
+
+disable_lp $MOD_KLP_CONVERT_KEYS
+unload_lp $MOD_KLP_CONVERT_KEYS
+unload_mod $MOD_KLP_CONVERT_KEYS_MOD
+
+check_result "% modprobe $MOD_KLP_CONVERT_KEYS
+livepatch: enabling patch '$MOD_KLP_CONVERT_KEYS'
+livepatch: '$MOD_KLP_CONVERT_KEYS': initializing patching transition
+livepatch: '$MOD_KLP_CONVERT_KEYS': starting patching transition
+livepatch: '$MOD_KLP_CONVERT_KEYS': completing patching transition
+livepatch: '$MOD_KLP_CONVERT_KEYS': patching complete
+% modprobe $MOD_KLP_CONVERT_KEYS_MOD
+livepatch: applying patch '$MOD_KLP_CONVERT_KEYS' to loading module '$MOD_KLP_CONVERT_KEYS_MOD'
+$MOD_KLP_CONVERT_KEYS_MOD: print_key_status: initial conditions
+$MOD_KLP_CONVERT_KEYS_MOD: static_key_enabled(&test_klp_true_key) is true
+$MOD_KLP_CONVERT_KEYS_MOD: static_key_enabled(&test_klp_false_key) is false
+$MOD_KLP_CONVERT_KEYS_MOD: static_branch_likely(&test_klp_true_key) is true
+$MOD_KLP_CONVERT_KEYS_MOD: static_branch_unlikely(&test_klp_false_key) is false
+$MOD_KLP_CONVERT_KEYS_MOD: print_key_status: disabled test_klp_true_key
+$MOD_KLP_CONVERT_KEYS_MOD: static_key_enabled(&test_klp_true_key) is false
+$MOD_KLP_CONVERT_KEYS_MOD: static_key_enabled(&test_klp_false_key) is false
+$MOD_KLP_CONVERT_KEYS_MOD: static_branch_likely(&test_klp_true_key) is false
+$MOD_KLP_CONVERT_KEYS_MOD: static_branch_unlikely(&test_klp_false_key) is false
+$MOD_KLP_CONVERT_KEYS: print_key_status: set_enable_false_key start
+$MOD_KLP_CONVERT_KEYS: static_key_enabled(&tracepoint_printk_key) is false
+$MOD_KLP_CONVERT_KEYS: static_key_enabled(&test_klp_true_key) is false
+$MOD_KLP_CONVERT_KEYS: static_key_enabled(&test_klp_false_key) is false
+$MOD_KLP_CONVERT_KEYS: static_branch_unlikely(&tracepoint_printk_key) is false
+$MOD_KLP_CONVERT_KEYS: print_key_status: set_enable_false_key enabling test_klp_false_key
+$MOD_KLP_CONVERT_KEYS: static_key_enabled(&tracepoint_printk_key) is false
+$MOD_KLP_CONVERT_KEYS: static_key_enabled(&test_klp_true_key) is false
+$MOD_KLP_CONVERT_KEYS: static_key_enabled(&test_klp_false_key) is true
+$MOD_KLP_CONVERT_KEYS: static_branch_unlikely(&tracepoint_printk_key) is false
+% echo 0 > /sys/kernel/livepatch/$MOD_KLP_CONVERT_KEYS/enabled
+livepatch: '$MOD_KLP_CONVERT_KEYS': initializing unpatching transition
+livepatch: '$MOD_KLP_CONVERT_KEYS': starting unpatching transition
+livepatch: '$MOD_KLP_CONVERT_KEYS': completing unpatching transition
+livepatch: '$MOD_KLP_CONVERT_KEYS': unpatching complete
+% rmmod $MOD_KLP_CONVERT_KEYS
+% rmmod $MOD_KLP_CONVERT_KEYS_MOD
+$MOD_KLP_CONVERT_KEYS_MOD: print_key_status: unloading conditions
+$MOD_KLP_CONVERT_KEYS_MOD: static_key_enabled(&test_klp_true_key) is false
+$MOD_KLP_CONVERT_KEYS_MOD: static_key_enabled(&test_klp_false_key) is true
+$MOD_KLP_CONVERT_KEYS_MOD: static_branch_likely(&test_klp_true_key) is false
+$MOD_KLP_CONVERT_KEYS_MOD: static_branch_unlikely(&test_klp_false_key) is true"
+
+
exit 0
--
2.39.2