* [PATCH v3 07/21] crypto: arm64: Move data to .rodata
From: Josh Poimboeuf @ 2026-05-13 3:34 UTC (permalink / raw)
To: x86
Cc: linux-kernel, live-patching, Peter Zijlstra, Joe Lawrence,
Song Liu, Catalin Marinas, Will Deacon, linux-arm-kernel,
Mark Rutland, Miroslav Benes, Petr Mladek
In-Reply-To: <cover.1778642120.git.jpoimboe@kernel.org>
Data embedded in .text pollutes i-cache and confuses objtool and other
tools that try to disassemble it. Move it to .rodata.
Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
---
lib/crypto/arm64/sha2-armv8.pl | 18 ++++++++++++------
1 file changed, 12 insertions(+), 6 deletions(-)
diff --git a/lib/crypto/arm64/sha2-armv8.pl b/lib/crypto/arm64/sha2-armv8.pl
index 35ec9ae99fe16..e0ee2d5367e72 100644
--- a/lib/crypto/arm64/sha2-armv8.pl
+++ b/lib/crypto/arm64/sha2-armv8.pl
@@ -207,12 +207,13 @@ $func:
___
$code.=<<___ if ($SZ==4);
#ifndef __KERNEL__
+ adrp x17,.LOPENSSL_armcap_P
+ add x17,x17,:lo12:.LOPENSSL_armcap_P
# ifdef __ILP32__
- ldrsw x16,.LOPENSSL_armcap_P
+ ldrsw x16,[x17]
# else
- ldr x16,.LOPENSSL_armcap_P
+ ldr x16,[x17]
# endif
- adr x17,.LOPENSSL_armcap_P
add x16,x16,x17
ldr w16,[x16]
tst w16,#ARMV8_SHA256
@@ -237,7 +238,8 @@ $code.=<<___;
ldp $E,$F,[$ctx,#4*$SZ]
add $num,$inp,$num,lsl#`log(16*$SZ)/log(2)` // end of input
ldp $G,$H,[$ctx,#6*$SZ]
- adr $Ktbl,.LK$BITS
+ adrp $Ktbl,.LK$BITS
+ add $Ktbl,$Ktbl,:lo12:.LK$BITS
stp $ctx,$num,[x29,#96]
.Loop:
@@ -286,6 +288,7 @@ $code.=<<___;
ret
.size $func,.-$func
+.pushsection .rodata
.align 6
.type .LK$BITS,%object
.LK$BITS:
@@ -365,6 +368,7 @@ $code.=<<___;
#endif
.asciz "SHA$BITS block transform for ARMv8, CRYPTOGAMS by <appro\@openssl.org>"
.align 2
+.popsection
___
if ($SZ==4) {
@@ -385,7 +389,8 @@ sha256_block_armv8:
add x29,sp,#0
ld1.32 {$ABCD,$EFGH},[$ctx]
- adr $Ktbl,.LK256
+ adrp $Ktbl,.LK256
+ add $Ktbl,$Ktbl,:lo12:.LK256
.Loop_hw:
ld1 {@MSG[0]-@MSG[3]},[$inp],#64
@@ -648,7 +653,8 @@ sha256_block_neon:
mov x29, sp
sub sp,sp,#16*4
- adr $Ktbl,.LK256
+ adrp $Ktbl,.LK256
+ add $Ktbl,$Ktbl,:lo12:.LK256
add $num,$inp,$num,lsl#6 // len to point at the end of inp
ld1.8 {@X[0]},[$inp], #16
--
2.53.0
^ permalink raw reply related
* [PATCH v3 08/21] objtool: Allow setting --mnop without --mcount
From: Josh Poimboeuf @ 2026-05-13 3:34 UTC (permalink / raw)
To: x86
Cc: linux-kernel, live-patching, Peter Zijlstra, Joe Lawrence,
Song Liu, Catalin Marinas, Will Deacon, linux-arm-kernel,
Mark Rutland, Miroslav Benes, Petr Mladek
In-Reply-To: <cover.1778642120.git.jpoimboe@kernel.org>
Instead of returning an error for --mnop without --mcount, just silently
ignore it. This will help simplify kbuild's handling of objtool args.
Acked-by: Song Liu <song@kernel.org>
Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
---
tools/objtool/builtin-check.c | 5 -----
1 file changed, 5 deletions(-)
diff --git a/tools/objtool/builtin-check.c b/tools/objtool/builtin-check.c
index 118c3de2f293e..bd84f5b7c9ee9 100644
--- a/tools/objtool/builtin-check.c
+++ b/tools/objtool/builtin-check.c
@@ -144,11 +144,6 @@ int cmd_parse_options(int argc, const char **argv, const char * const usage[])
static bool opts_valid(void)
{
- if (opts.mnop && !opts.mcount) {
- ERROR("--mnop requires --mcount");
- return false;
- }
-
if (opts.noinstr && !opts.link) {
ERROR("--noinstr requires --link");
return false;
--
2.53.0
^ permalink raw reply related
* [PATCH v3 09/21] kbuild: Only run objtool if there is at least one command
From: Josh Poimboeuf @ 2026-05-13 3:34 UTC (permalink / raw)
To: x86
Cc: linux-kernel, live-patching, Peter Zijlstra, Joe Lawrence,
Song Liu, Catalin Marinas, Will Deacon, linux-arm-kernel,
Mark Rutland, Miroslav Benes, Petr Mladek, Nathan Chancellor,
Nicolas Schier
In-Reply-To: <cover.1778642120.git.jpoimboe@kernel.org>
Split the objtool args into commands and options, such that if no
commands have been enabled, objtool doesn't run.
This is in preparation for enabling objtool and klp-build for arm64.
Reviewed-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Nicolas Schier <nsc@kernel.org>
Tested-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
---
arch/x86/boot/startup/Makefile | 2 +-
scripts/Makefile.build | 4 +--
scripts/Makefile.lib | 52 ++++++++++++++++++----------------
scripts/Makefile.vmlinux_o | 15 ++++------
4 files changed, 36 insertions(+), 37 deletions(-)
diff --git a/arch/x86/boot/startup/Makefile b/arch/x86/boot/startup/Makefile
index 5e499cfb29b5c..a08297829fc63 100644
--- a/arch/x86/boot/startup/Makefile
+++ b/arch/x86/boot/startup/Makefile
@@ -36,7 +36,7 @@ $(patsubst %.o,$(obj)/%.o,$(lib-y)): OBJECT_FILES_NON_STANDARD := y
# relocations, even if other objtool actions are being deferred.
#
$(pi-objs): objtool-enabled = 1
-$(pi-objs): objtool-args = $(if $(delay-objtool),--dry-run,$(objtool-args-y)) --noabs
+$(pi-objs): objtool-args = $(if $(delay-objtool),--dry-run,$(objtool-cmds-y) $(objtool-opts-y)) --noabs
#
# Confine the startup code by prefixing all symbols with __pi_ (for position
diff --git a/scripts/Makefile.build b/scripts/Makefile.build
index 3498d25b15e85..c4accfcd177d4 100644
--- a/scripts/Makefile.build
+++ b/scripts/Makefile.build
@@ -277,7 +277,7 @@ endif # CONFIG_FTRACE_MCOUNT_USE_RECORDMCOUNT
is-standard-object = $(if $(filter-out y%, $(OBJECT_FILES_NON_STANDARD_$(target-stem).o)$(OBJECT_FILES_NON_STANDARD)n),$(is-kernel-object))
ifdef CONFIG_OBJTOOL
-$(obj)/%.o: private objtool-enabled = $(if $(is-standard-object),$(if $(delay-objtool),$(is-single-obj-m),y))
+$(obj)/%.o: private objtool-enabled = $(and $(is-standard-object),$(objtool-cmds-y),$(if $(delay-objtool),$(is-single-obj-m),y))
endif
ifneq ($(findstring 1, $(KBUILD_EXTRA_WARN)),)
@@ -501,7 +501,7 @@ define rule_ld_multi_m
$(call cmd,gen_objtooldep)
endef
-$(multi-obj-m): private objtool-enabled := $(delay-objtool)
+$(multi-obj-m): private objtool-enabled := $(if $(objtool-cmds-y),$(delay-objtool))
$(multi-obj-m): private part-of-module := y
$(multi-obj-m): %.o: %.mod FORCE
$(call if_changed_rule,ld_multi_m)
diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib
index 7e216d82e9887..7f803796d20cf 100644
--- a/scripts/Makefile.lib
+++ b/scripts/Makefile.lib
@@ -183,30 +183,34 @@ ifdef CONFIG_OBJTOOL
objtool := $(objtree)/tools/objtool/objtool
-objtool-args-$(CONFIG_HAVE_JUMP_LABEL_HACK) += --hacks=jump_label
-objtool-args-$(CONFIG_HAVE_NOINSTR_HACK) += --hacks=noinstr
-objtool-args-$(CONFIG_MITIGATION_CALL_DEPTH_TRACKING) += --hacks=skylake
-objtool-args-$(CONFIG_X86_KERNEL_IBT) += --ibt
-objtool-args-$(CONFIG_CALL_PADDING) += --prefix=$(CONFIG_FUNCTION_PADDING_BYTES)
-ifdef CONFIG_CALL_PADDING
-objtool-args-$(CONFIG_CFI) += --cfi
-objtool-args-$(CONFIG_FINEIBT) += --fineibt
-endif
-objtool-args-$(CONFIG_FTRACE_MCOUNT_USE_OBJTOOL) += --mcount
-ifdef CONFIG_FTRACE_MCOUNT_USE_OBJTOOL
-objtool-args-$(CONFIG_HAVE_OBJTOOL_NOP_MCOUNT) += --mnop
-endif
-objtool-args-$(CONFIG_UNWINDER_ORC) += --orc
-objtool-args-$(CONFIG_MITIGATION_RETPOLINE) += --retpoline
-objtool-args-$(CONFIG_MITIGATION_RETHUNK) += --rethunk
-objtool-args-$(CONFIG_MITIGATION_SLS) += --sls
-objtool-args-$(CONFIG_STACK_VALIDATION) += --stackval
-objtool-args-$(CONFIG_HAVE_STATIC_CALL_INLINE) += --static-call
-objtool-args-$(CONFIG_HAVE_UACCESS_VALIDATION) += --uaccess
-objtool-args-$(or $(CONFIG_GCOV_KERNEL),$(CONFIG_KCOV)) += --no-unreachable
-objtool-args-$(CONFIG_OBJTOOL_WERROR) += --werror
+# objtool commands
+objtool-cmds-$(CONFIG_HAVE_JUMP_LABEL_HACK) += --hacks=jump_label
+objtool-cmds-$(CONFIG_HAVE_NOINSTR_HACK) += --hacks=noinstr
+objtool-cmds-$(CONFIG_MITIGATION_CALL_DEPTH_TRACKING) += --hacks=skylake
+objtool-cmds-$(CONFIG_X86_KERNEL_IBT) += --ibt
+objtool-cmds-$(CONFIG_CALL_PADDING) += --prefix=$(CONFIG_FUNCTION_PADDING_BYTES)
+objtool-cmds-$(CONFIG_FTRACE_MCOUNT_USE_OBJTOOL) += --mcount
+objtool-cmds-$(CONFIG_UNWINDER_ORC) += --orc
+objtool-cmds-$(CONFIG_MITIGATION_RETPOLINE) += --retpoline
+objtool-cmds-$(CONFIG_MITIGATION_RETHUNK) += --rethunk
+objtool-cmds-$(CONFIG_MITIGATION_SLS) += --sls
+objtool-cmds-$(CONFIG_STACK_VALIDATION) += --stackval
+objtool-cmds-$(CONFIG_HAVE_STATIC_CALL_INLINE) += --static-call
+objtool-cmds-$(CONFIG_HAVE_UACCESS_VALIDATION) += --uaccess
+objtool-cmds-y += $(OBJTOOL_ARGS)
-objtool-args = $(objtool-args-y) \
+# objtool options
+ifdef CONFIG_CALL_PADDING
+objtool-opts-$(CONFIG_CFI) += --cfi
+objtool-opts-$(CONFIG_FINEIBT) += --fineibt
+endif
+ifdef CONFIG_FTRACE_MCOUNT_USE_OBJTOOL
+objtool-opts-$(CONFIG_HAVE_OBJTOOL_NOP_MCOUNT) += --mnop
+endif
+objtool-opts-$(or $(CONFIG_GCOV_KERNEL),$(CONFIG_KCOV)) += --no-unreachable
+objtool-opts-$(CONFIG_OBJTOOL_WERROR) += --werror
+
+objtool-args = $(objtool-cmds-y) $(objtool-opts-y) \
$(if $(delay-objtool), --link) \
$(if $(part-of-module), --module)
@@ -215,7 +219,7 @@ delay-objtool := $(or $(CONFIG_LTO_CLANG),$(CONFIG_X86_KERNEL_IBT),$(CONFIG_KLP_
cmd_objtool = $(if $(objtool-enabled), ; $(objtool) $(objtool-args) $@)
cmd_gen_objtooldep = $(if $(objtool-enabled), { echo ; echo '$@: $$(wildcard $(objtool))' ; } >> $(dot-target).cmd)
-objtool-enabled := y
+objtool-enabled = $(if $(objtool-cmds-y),y)
endif # CONFIG_OBJTOOL
diff --git a/scripts/Makefile.vmlinux_o b/scripts/Makefile.vmlinux_o
index 527352c222ff6..09af33203bd8d 100644
--- a/scripts/Makefile.vmlinux_o
+++ b/scripts/Makefile.vmlinux_o
@@ -36,18 +36,13 @@ endif
# For !delay-objtool + CONFIG_NOINSTR_VALIDATION, it runs on both translation
# units and vmlinux.o, with the latter only used for noinstr/unret validation.
-objtool-enabled := $(or $(delay-objtool),$(CONFIG_NOINSTR_VALIDATION))
-
-ifeq ($(delay-objtool),y)
-vmlinux-objtool-args-y += $(objtool-args-y)
-else
-vmlinux-objtool-args-$(CONFIG_OBJTOOL_WERROR) += --werror
+ifneq ($(delay-objtool),y)
+objtool-cmds-y =
+objtool-opts-y += --link
endif
-vmlinux-objtool-args-$(CONFIG_NOINSTR_VALIDATION) += --noinstr \
- $(if $(or $(CONFIG_MITIGATION_UNRET_ENTRY),$(CONFIG_MITIGATION_SRSO)), --unret)
-
-objtool-args = $(vmlinux-objtool-args-y) --link
+objtool-cmds-$(CONFIG_NOINSTR_VALIDATION) += --noinstr \
+ $(if $(or $(CONFIG_MITIGATION_UNRET_ENTRY),$(CONFIG_MITIGATION_SRSO)), --unret)
# Link of vmlinux.o used for section mismatch analysis
# ---------------------------------------------------------------------------
--
2.53.0
^ permalink raw reply related
* [PATCH v3 10/21] objtool: Ignore jumps to the end of the function for checksum runs
From: Josh Poimboeuf @ 2026-05-13 3:34 UTC (permalink / raw)
To: x86
Cc: linux-kernel, live-patching, Peter Zijlstra, Joe Lawrence,
Song Liu, Catalin Marinas, Will Deacon, linux-arm-kernel,
Mark Rutland, Miroslav Benes, Petr Mladek
In-Reply-To: <cover.1778642120.git.jpoimboe@kernel.org>
Sometimes Clang arm64 code jumps to the end of the function for UB.
No need to make that an error for checksum runs.
Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
---
tools/objtool/check.c | 42 +++++++++++++++++++++++-------------------
1 file changed, 23 insertions(+), 19 deletions(-)
diff --git a/tools/objtool/check.c b/tools/objtool/check.c
index 10b18cf9c3608..73451aef68029 100644
--- a/tools/objtool/check.c
+++ b/tools/objtool/check.c
@@ -37,6 +37,22 @@ struct disas_context *objtool_disas_ctx;
size_t sym_name_max_len;
+static bool validate_branch_enabled(void)
+{
+ return opts.stackval ||
+ opts.orc ||
+ opts.uaccess;
+}
+
+static bool alts_needed(void)
+{
+ return validate_branch_enabled() ||
+ opts.noinstr ||
+ opts.hack_jump_label ||
+ opts.disas ||
+ opts.checksum;
+}
+
struct instruction *find_insn(struct objtool_file *file,
struct section *sec, unsigned long offset)
{
@@ -1593,10 +1609,14 @@ static int add_jump_destinations(struct objtool_file *file)
/*
* GCOV/KCOV dead code can jump to the end of
* the function/section.
+ *
+ * Clang on arm64 also does this sometimes for
+ * undefined behavior.
*/
- if (file->ignore_unreachables && func &&
- dest_sec == insn->sec &&
- dest_off == func->offset + func->len)
+ if (!validate_branch_enabled() ||
+ (file->ignore_unreachables && func &&
+ dest_sec == insn->sec &&
+ dest_off == func->offset + func->len))
continue;
ERROR_INSN(insn, "can't find jump dest instruction at %s",
@@ -2584,22 +2604,6 @@ static void mark_holes(struct objtool_file *file)
}
}
-static bool validate_branch_enabled(void)
-{
- return opts.stackval ||
- opts.orc ||
- opts.uaccess;
-}
-
-static bool alts_needed(void)
-{
- return validate_branch_enabled() ||
- opts.noinstr ||
- opts.hack_jump_label ||
- opts.disas ||
- opts.checksum;
-}
-
int decode_file(struct objtool_file *file)
{
arch_initial_func_cfi_state(&initial_func_cfi);
--
2.53.0
^ permalink raw reply related
* [PATCH v3 11/21] objtool: Allow empty alternatives
From: Josh Poimboeuf @ 2026-05-13 3:34 UTC (permalink / raw)
To: x86
Cc: linux-kernel, live-patching, Peter Zijlstra, Joe Lawrence,
Song Liu, Catalin Marinas, Will Deacon, linux-arm-kernel,
Mark Rutland, Miroslav Benes, Petr Mladek
In-Reply-To: <cover.1778642120.git.jpoimboe@kernel.org>
arm64 can have empty alternatives, which are effectively no-ops. Ignore
them. While at it, fix a memory leak.
Acked-by: Song Liu <song@kernel.org>
Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
---
tools/objtool/check.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/tools/objtool/check.c b/tools/objtool/check.c
index 73451aef68029..e05dc7a93dc1e 100644
--- a/tools/objtool/check.c
+++ b/tools/objtool/check.c
@@ -1953,6 +1953,9 @@ static int add_special_section_alts(struct objtool_file *file)
list_for_each_entry_safe(special_alt, tmp, &special_alts, list) {
+ if (special_alt->group && !special_alt->orig_len)
+ goto next;
+
orig_insn = find_insn(file, special_alt->orig_sec,
special_alt->orig_off);
if (!orig_insn) {
@@ -1973,10 +1976,6 @@ static int add_special_section_alts(struct objtool_file *file)
}
if (special_alt->group) {
- if (!special_alt->orig_len) {
- ERROR_INSN(orig_insn, "empty alternative entry");
- continue;
- }
if (handle_group_alt(file, special_alt, orig_insn, &new_insn))
return -1;
@@ -2014,6 +2013,7 @@ static int add_special_section_alts(struct objtool_file *file)
a->next = alt;
}
+next:
list_del(&special_alt->list);
free(special_alt);
}
--
2.53.0
^ permalink raw reply related
* [PATCH v3 12/21] objtool: Refactor elf_add_data() to use a growable data buffer
From: Josh Poimboeuf @ 2026-05-13 3:34 UTC (permalink / raw)
To: x86
Cc: linux-kernel, live-patching, Peter Zijlstra, Joe Lawrence,
Song Liu, Catalin Marinas, Will Deacon, linux-arm-kernel,
Mark Rutland, Miroslav Benes, Petr Mladek
In-Reply-To: <cover.1778642120.git.jpoimboe@kernel.org>
Instead of calling elf_newdata() for each new piece of data with its own
separate buffer, keep it all in the same growable buffer so the
section's entire data can be accessed if needed.
Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
---
tools/objtool/elf.c | 123 ++++++++++++++--------------
tools/objtool/include/objtool/elf.h | 13 ++-
2 files changed, 71 insertions(+), 65 deletions(-)
diff --git a/tools/objtool/elf.c b/tools/objtool/elf.c
index 33c95a74a51bd..e09bb0a63be35 100644
--- a/tools/objtool/elf.c
+++ b/tools/objtool/elf.c
@@ -1134,9 +1134,6 @@ static int read_relocs(struct elf *elf)
rsec->base->rsec = rsec;
- /* nr_alloc_relocs=0: libelf owns d_buf */
- rsec->nr_alloc_relocs = 0;
-
rsec->relocs = calloc(sec_num_entries(rsec), sizeof(*reloc));
if (!rsec->relocs) {
ERROR_GLIBC("calloc");
@@ -1395,7 +1392,7 @@ unsigned int elf_add_string(struct elf *elf, struct section *strtab, const char
void *elf_add_data(struct elf *elf, struct section *sec, const void *data, size_t size)
{
- unsigned long offset;
+ unsigned long offset, size_old, size_new, alloc_size_old, alloc_size_new;
Elf_Scn *s;
if (!sec->sh.sh_addralign) {
@@ -1409,30 +1406,55 @@ void *elf_add_data(struct elf *elf, struct section *sec, const void *data, size_
return NULL;
}
- sec->data = elf_newdata(s);
if (!sec->data) {
- ERROR_ELF("elf_newdata");
- return NULL;
+ sec->data = elf_newdata(s);
+ if (!sec->data) {
+ ERROR_ELF("elf_newdata");
+ return NULL;
+ }
+
+ sec->data->d_align = sec->sh.sh_addralign;
}
- sec->data->d_buf = calloc(1, size);
- if (!sec->data->d_buf) {
- ERROR_GLIBC("calloc");
- return NULL;
+ size_old = sec->data->d_size;
+ offset = ALIGN(size_old, sec->sh.sh_addralign);
+ size_new = offset + size;
+
+ if (!sec->data_overallocated)
+ alloc_size_old = size_old;
+ else
+ alloc_size_old = max(64UL, roundup_pow_of_two(size_old ? : 1));
+
+ alloc_size_new = max(64UL, roundup_pow_of_two(size_new ? : 1));
+
+ if (alloc_size_new > alloc_size_old) {
+ void *orig_buf = sec->data->d_buf;
+
+ sec->data->d_buf = calloc(1, alloc_size_new);
+ if (!sec->data->d_buf) {
+ ERROR_GLIBC("calloc");
+ return NULL;
+ }
+
+ if (size_old)
+ memcpy(sec->data->d_buf, orig_buf, size_old);
+
+ if (orig_buf && sec->data_owned)
+ free(orig_buf);
+
+ sec->data_owned = 1;
+ sec->data_overallocated = 1;
}
if (data)
- memcpy(sec->data->d_buf, data, size);
-
- sec->data->d_size = size;
- sec->data->d_align = sec->sh.sh_addralign;
-
- offset = ALIGN(sec_size(sec), sec->sh.sh_addralign);
- sec->sh.sh_size = offset + size;
+ memcpy(sec->data->d_buf + offset, data, size);
+ else
+ memset(sec->data->d_buf + offset, 0, size);
+ sec->data->d_size = size_new;
+ sec->sh.sh_size = size_new;
mark_sec_changed(elf, sec, true);
-
- return sec->data->d_buf;
+ return sec->data->d_buf + offset;
}
struct section *elf_create_section(struct elf *elf, const char *name,
@@ -1483,6 +1505,8 @@ struct section *elf_create_section(struct elf *elf, const char *name,
ERROR_GLIBC("calloc");
return NULL;
}
+
+ sec->data_owned = 1;
}
if (!gelf_getshdr(s, &sec->sh)) {
@@ -1533,60 +1557,33 @@ static int elf_alloc_reloc(struct elf *elf, struct section *rsec)
struct reloc *old_relocs, *old_relocs_end, *new_relocs;
unsigned int nr_relocs_old = sec_num_entries(rsec);
unsigned int nr_relocs_new = nr_relocs_old + 1;
- unsigned long nr_alloc;
+ unsigned long nr_alloc_old = 0, nr_alloc_new;
struct symbol *sym;
- if (!rsec->data) {
- rsec->data = elf_newdata(elf_getscn(elf->elf, rsec->idx));
- if (!rsec->data) {
- ERROR_ELF("elf_newdata");
- return -1;
- }
+ if (!elf_add_data(elf, rsec, NULL, elf_rela_size(elf)))
+ return -1;
- rsec->data->d_align = 1;
- rsec->data->d_type = ELF_T_RELA;
- rsec->data->d_buf = NULL;
- }
+ rsec->data->d_type = ELF_T_RELA;
- rsec->data->d_size = nr_relocs_new * elf_rela_size(elf);
- rsec->sh.sh_size = rsec->data->d_size;
+ if (rsec->relocs_overallocated)
+ nr_alloc_old = max(64UL, roundup_pow_of_two(nr_relocs_old ? : 1));
+ else
+ nr_alloc_old = nr_relocs_old;
- nr_alloc = max(64UL, roundup_pow_of_two(nr_relocs_new));
- if (nr_alloc <= rsec->nr_alloc_relocs)
+ nr_alloc_new = max(64UL, roundup_pow_of_two(nr_relocs_new ? : 1));
+
+ if (nr_alloc_old == nr_alloc_new)
return 0;
- if (rsec->data->d_buf && !rsec->nr_alloc_relocs) {
- void *orig_buf = rsec->data->d_buf;
-
- /*
- * The original d_buf is owned by libelf so it can't be
- * realloced.
- */
- rsec->data->d_buf = malloc(nr_alloc * elf_rela_size(elf));
- if (!rsec->data->d_buf) {
- ERROR_GLIBC("malloc");
- return -1;
- }
- memcpy(rsec->data->d_buf, orig_buf,
- nr_relocs_old * elf_rela_size(elf));
- } else {
- rsec->data->d_buf = realloc(rsec->data->d_buf,
- nr_alloc * elf_rela_size(elf));
- if (!rsec->data->d_buf) {
- ERROR_GLIBC("realloc");
- return -1;
- }
- }
-
- rsec->nr_alloc_relocs = nr_alloc;
-
- old_relocs = rsec->relocs;
- new_relocs = calloc(nr_alloc, sizeof(struct reloc));
+ new_relocs = calloc(nr_alloc_new, sizeof(struct reloc));
if (!new_relocs) {
ERROR_GLIBC("calloc");
return -1;
}
+ rsec->relocs_overallocated = 1;
+
+ old_relocs = rsec->relocs;
if (!old_relocs)
goto done;
@@ -1631,6 +1628,7 @@ static int elf_alloc_reloc(struct elf *elf, struct section *rsec)
}
free(old_relocs);
+
done:
rsec->relocs = new_relocs;
return 0;
@@ -1660,7 +1658,6 @@ struct section *elf_create_rela_section(struct elf *elf, struct section *sec,
if (nr_relocs) {
rsec->data->d_type = ELF_T_RELA;
- rsec->nr_alloc_relocs = nr_relocs;
rsec->relocs = calloc(nr_relocs, sizeof(struct reloc));
if (!rsec->relocs) {
ERROR_GLIBC("calloc");
diff --git a/tools/objtool/include/objtool/elf.h b/tools/objtool/include/objtool/elf.h
index d9c44df9cc76a..0801fcad516bb 100644
--- a/tools/objtool/include/objtool/elf.h
+++ b/tools/objtool/include/objtool/elf.h
@@ -58,9 +58,18 @@ struct section {
Elf_Data *data;
const char *name;
int idx;
- bool _changed, text, rodata, noinstr, init, truncate;
+ u32 _changed : 1,
+ text : 1,
+ rodata : 1,
+ noinstr : 1,
+ init : 1,
+ truncate : 1,
+ data_owned : 1,
+ data_overallocated : 1,
+ relocs_overallocated : 1;
+ /* 23 bit hole */
+
struct reloc *relocs;
- unsigned long nr_alloc_relocs;
struct section *twin;
};
--
2.53.0
^ permalink raw reply related
* [PATCH v3 13/21] objtool: Reuse string references
From: Josh Poimboeuf @ 2026-05-13 3:34 UTC (permalink / raw)
To: x86
Cc: linux-kernel, live-patching, Peter Zijlstra, Joe Lawrence,
Song Liu, Catalin Marinas, Will Deacon, linux-arm-kernel,
Mark Rutland, Miroslav Benes, Petr Mladek
In-Reply-To: <cover.1778642120.git.jpoimboe@kernel.org>
For duplicate strings, elf_add_string() just blindly adds duplicates.
That can be a problem for arm64 which often uses two consecutive
instructions (and corresponding relocations) to put an address into a
register, like:
d8: 90000001 adrp x1, 0 <meminfo_proc_show> d8: R_AARCH64_ADR_PREL_PG_HI21 .rodata.meminfo_proc_show.str1.8
dc: 91000021 add x1, x1, #0x0 dc: R_AARCH64_ADD_ABS_LO12_NC .rodata.meminfo_proc_show.str1.8
Referencing two different addresses in the ADRP+ADD pair would corrupt
the memory access. Avoid that by detecting and reusing duplicates when
cloning string relocs.
Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
---
tools/objtool/elf.c | 29 +++++++++++++++++++++++------
tools/objtool/include/objtool/elf.h | 3 ++-
tools/objtool/klp-diff.c | 4 +++-
3 files changed, 28 insertions(+), 8 deletions(-)
diff --git a/tools/objtool/elf.c b/tools/objtool/elf.c
index e09bb0a63be35..065ccfeb98288 100644
--- a/tools/objtool/elf.c
+++ b/tools/objtool/elf.c
@@ -1366,9 +1366,27 @@ struct elf *elf_create_file(GElf_Ehdr *ehdr, const char *name)
return elf;
}
-unsigned int elf_add_string(struct elf *elf, struct section *strtab, const char *str)
+int elf_find_string(struct elf *elf, struct section *strtab, const char *str)
{
- unsigned int offset;
+ char *d_buf;
+ int i;
+
+ if (!strtab->data)
+ return -1;
+
+ d_buf = strtab->data->d_buf;
+
+ for (i = 0; i < strtab->data->d_size; i += strlen(d_buf + i) + 1) {
+ if (!strcmp(d_buf + i, str))
+ return i;
+ }
+
+ return -1;
+}
+
+int elf_add_string(struct elf *elf, struct section *strtab, const char *str)
+{
+ void *data;
if (!strtab)
strtab = find_section_by_name(elf, ".strtab");
@@ -1382,12 +1400,11 @@ unsigned int elf_add_string(struct elf *elf, struct section *strtab, const char
return -1;
}
- offset = ALIGN(sec_size(strtab), strtab->sh.sh_addralign);
-
- if (!elf_add_data(elf, strtab, str, strlen(str) + 1))
+ data = elf_add_data(elf, strtab, str, strlen(str) + 1);
+ if (!data)
return -1;
- return offset;
+ return data - strtab->data->d_buf;
}
void *elf_add_data(struct elf *elf, struct section *sec, const void *data, size_t size)
diff --git a/tools/objtool/include/objtool/elf.h b/tools/objtool/include/objtool/elf.h
index 0801fcad516bb..d895023674673 100644
--- a/tools/objtool/include/objtool/elf.h
+++ b/tools/objtool/include/objtool/elf.h
@@ -187,7 +187,8 @@ struct symbol *elf_create_section_symbol(struct elf *elf, struct section *sec);
void *elf_add_data(struct elf *elf, struct section *sec, const void *data,
size_t size);
-unsigned int elf_add_string(struct elf *elf, struct section *strtab, const char *str);
+int elf_find_string(struct elf *elf, struct section *strtab, const char *str);
+int elf_add_string(struct elf *elf, struct section *strtab, const char *str);
struct reloc *elf_create_reloc(struct elf *elf, struct section *sec,
unsigned long offset, struct symbol *sym,
diff --git a/tools/objtool/klp-diff.c b/tools/objtool/klp-diff.c
index 6a1cec57dc6a3..6957292e455e4 100644
--- a/tools/objtool/klp-diff.c
+++ b/tools/objtool/klp-diff.c
@@ -1509,7 +1509,9 @@ static int clone_reloc(struct elfs *e, struct reloc *patched_reloc,
__dbg_clone("\"%s\"", escape_str(str));
- addend = elf_add_string(e->out, out_sym->sec, str);
+ addend = elf_find_string(e->out, out_sym->sec, str);
+ if (addend == -1)
+ addend = elf_add_string(e->out, out_sym->sec, str);
if (addend == -1)
return -1;
}
--
2.53.0
^ permalink raw reply related
* [PATCH v3 14/21] objtool: Prevent kCFI hashes from being decoded as instructions
From: Josh Poimboeuf @ 2026-05-13 3:34 UTC (permalink / raw)
To: x86
Cc: linux-kernel, live-patching, Peter Zijlstra, Joe Lawrence,
Song Liu, Catalin Marinas, Will Deacon, linux-arm-kernel,
Mark Rutland, Miroslav Benes, Petr Mladek
In-Reply-To: <cover.1778642120.git.jpoimboe@kernel.org>
On arm64 with CONFIG_CFI=y, Clang places a 4-byte kCFI type hash
immediately before each address-taken function entry. Since these
hashes are in the text section, objtool tries to decode them, leading to
unpredictable results (e.g., "unannotated intra-function call").
arm64 uses mapping symbols to annotate where code ends and data begins
(and vice versa). Use those to just mark such "instructions" as NOP so
objtool will ignore them.
Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
---
tools/objtool/check.c | 15 +++++++++++++++
tools/objtool/include/objtool/elf.h | 3 +++
2 files changed, 18 insertions(+)
diff --git a/tools/objtool/check.c b/tools/objtool/check.c
index e05dc7a93dc1e..2b03a2d6fc952 100644
--- a/tools/objtool/check.c
+++ b/tools/objtool/check.c
@@ -25,6 +25,7 @@
#include <linux/kernel.h>
#include <linux/static_call_types.h>
#include <linux/string.h>
+#include <linux/kconfig.h>
static unsigned long nr_cfi, nr_cfi_reused, nr_cfi_cache;
@@ -428,6 +429,8 @@ static int decode_instructions(struct objtool_file *file)
for_each_sec(file->elf, sec) {
struct instruction *insns = NULL;
+ struct symbol *map_sym;
+ bool is_data = false;
u8 prev_len = 0;
u8 idx = 0;
@@ -454,6 +457,8 @@ static int decode_instructions(struct objtool_file *file)
if (!strcmp(sec->name, ".init.text") && !opts.module)
sec->init = true;
+ map_sym = list_first_entry(&sec->symbol_list, struct symbol, list);
+
for (offset = 0; offset < sec_size(sec); offset += insn->len) {
if (!insns || idx == INSN_CHUNK_MAX) {
insns = calloc(INSN_CHUNK_SIZE, sizeof(*insn));
@@ -478,6 +483,16 @@ static int decode_instructions(struct objtool_file *file)
prev_len = insn->len;
+ /* Use mapping symbols to skip data in text sections */
+ sec_for_each_sym_from(sec, map_sym) {
+ if (map_sym->offset > offset)
+ break;
+ if (is_mapping_sym(map_sym))
+ is_data = is_data_mapping_sym(map_sym);
+ }
+ if (is_data)
+ insn->type = INSN_NOP;
+
/*
* By default, "ud2" is a dead end unless otherwise
* annotated, because GCC 7 inserts it for certain
diff --git a/tools/objtool/include/objtool/elf.h b/tools/objtool/include/objtool/elf.h
index d895023674673..9d36b14f420e2 100644
--- a/tools/objtool/include/objtool/elf.h
+++ b/tools/objtool/include/objtool/elf.h
@@ -507,6 +507,9 @@ static inline void set_sym_next_reloc(struct reloc *reloc, struct reloc *next)
#define sec_for_each_sym(sec, sym) \
list_for_each_entry(sym, &sec->symbol_list, list)
+#define sec_for_each_sym_from(sec, sym) \
+ list_for_each_entry_from(sym, &sec->symbol_list, list)
+
#define sec_prev_sym(sym) \
sym->sec && sym->list.prev != &sym->sec->symbol_list ? \
list_prev_entry(sym, list) : NULL
--
2.53.0
^ permalink raw reply related
* [PATCH v3 15/21] objtool/klp: Add arm64 support for prefix/PFE detection
From: Josh Poimboeuf @ 2026-05-13 3:34 UTC (permalink / raw)
To: x86
Cc: linux-kernel, live-patching, Peter Zijlstra, Joe Lawrence,
Song Liu, Catalin Marinas, Will Deacon, linux-arm-kernel,
Mark Rutland, Miroslav Benes, Petr Mladek
In-Reply-To: <cover.1778642120.git.jpoimboe@kernel.org>
Add arm64 support for detecting prefixed areas before functions (for
kCFI or ftrace with call ops), and __patchable_function_entries (for
ftrace with call ops or args).
Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
---
tools/objtool/arch/x86/include/arch/elf.h | 2 +
tools/objtool/elf.c | 13 ++
tools/objtool/include/objtool/elf.h | 22 +++
tools/objtool/klp-diff.c | 166 ++++++++++++++++++++--
4 files changed, 192 insertions(+), 11 deletions(-)
diff --git a/tools/objtool/arch/x86/include/arch/elf.h b/tools/objtool/arch/x86/include/arch/elf.h
index 7131f7f51a4e8..5ee0ccda7db18 100644
--- a/tools/objtool/arch/x86/include/arch/elf.h
+++ b/tools/objtool/arch/x86/include/arch/elf.h
@@ -10,4 +10,6 @@
#define R_TEXT32 R_X86_64_PC32
#define R_TEXT64 R_X86_64_PC32
+#define ARCH_HAS_PREFIX_SYMBOLS 1
+
#endif /* _OBJTOOL_ARCH_ELF */
diff --git a/tools/objtool/elf.c b/tools/objtool/elf.c
index 065ccfeb98288..9d5a926934dc2 100644
--- a/tools/objtool/elf.c
+++ b/tools/objtool/elf.c
@@ -274,6 +274,19 @@ struct symbol *find_func_containing(struct section *sec, unsigned long offset)
return NULL;
}
+struct symbol *find_data_mapping_sym(struct section *sec, unsigned long offset)
+{
+ struct rb_root_cached *tree = (struct rb_root_cached *)&sec->symbol_tree;
+ struct symbol *sym;
+
+ __sym_for_each(sym, tree, offset, offset) {
+ if (sym->offset == offset && is_data_mapping_sym(sym))
+ return sym;
+ }
+
+ return NULL;
+}
+
struct symbol *find_symbol_by_name(const struct elf *elf, const char *name)
{
struct symbol *sym;
diff --git a/tools/objtool/include/objtool/elf.h b/tools/objtool/include/objtool/elf.h
index 9d36b14f420e2..ab1d53ed23189 100644
--- a/tools/objtool/include/objtool/elf.h
+++ b/tools/objtool/include/objtool/elf.h
@@ -130,6 +130,7 @@ struct elf {
struct list_head sections;
struct list_head symbols;
unsigned long num_relocs;
+ int pfe_offset;
int symbol_bits;
int symbol_name_bits;
@@ -229,6 +230,7 @@ struct reloc *find_reloc_by_dest(const struct elf *elf, struct section *sec, uns
struct reloc *find_reloc_by_dest_range(const struct elf *elf, struct section *sec,
unsigned long offset, unsigned int len);
struct symbol *find_func_containing(struct section *sec, unsigned long offset);
+struct symbol *find_data_mapping_sym(struct section *sec, unsigned long offset);
/*
* Try to see if it's a whole archive (vmlinux.o or module).
@@ -295,6 +297,26 @@ static inline bool is_notype_sym(struct symbol *sym)
return sym->type == STT_NOTYPE;
}
+/*
+ * ARM64 mapping symbols ($d, $x, $a, __pi_$d, etc) which mark transitions
+ * between code and data.
+ */
+static inline bool is_mapping_sym(struct symbol *sym)
+{
+ return is_notype_sym(sym) && strchr(sym->name, '$');
+}
+
+static inline bool is_data_mapping_sym(struct symbol *sym)
+{
+ const char *dollar;
+
+ if (!is_mapping_sym(sym))
+ return false;
+
+ dollar = strchr(sym->name, '$');
+ return dollar && dollar[1] == 'd';
+}
+
static inline bool is_global_sym(struct symbol *sym)
{
return sym->bind == STB_GLOBAL;
diff --git a/tools/objtool/klp-diff.c b/tools/objtool/klp-diff.c
index 6957292e455e4..eb21f3bf3120b 100644
--- a/tools/objtool/klp-diff.c
+++ b/tools/objtool/klp-diff.c
@@ -20,6 +20,7 @@
#include <linux/stringify.h>
#include <linux/string.h>
#include <linux/jhash.h>
+#include <linux/kconfig.h>
#define sizeof_field(TYPE, MEMBER) sizeof((((TYPE *)0)->MEMBER))
@@ -213,6 +214,98 @@ static int read_sym_checksums(struct elf *elf)
return 0;
}
+/*
+ * For non-x86, detect the offset from the function entry point to its
+ * __patchable_function_entries (PFE) relocation target. x86 doesn't need this,
+ * it clones the __cfi/__pfx symbol instead.
+ *
+ * offset < 0 (before function entry):
+ *
+ * CONFIG_DYNAMIC_FTRACE_WITH_CALL_OPS (arm64)
+ *
+ * offset == 0 (at function entry):
+ *
+ * CONFIG_DYNAMIC_FTRACE_WITH_ARGS without BTI (arm64)
+ *
+ * offset > 0 (after function entry):
+ *
+ * CONFIG_DYNAMIC_FTRACE_WITH_ARGS with BTI (arm64)
+ */
+static int read_pfe_offset(struct elf *elf)
+{
+ bool has_pfe = false;
+ struct section *sec;
+
+ if (__is_defined(ARCH_HAS_PREFIX_SYMBOLS))
+ return 0;
+
+ for_each_sec(elf, sec) {
+ struct reloc *reloc;
+
+ if (strcmp(sec->name, "__patchable_function_entries"))
+ continue;
+ if (!sec->rsec)
+ continue;
+
+ has_pfe = true;
+
+ for_each_reloc(sec->rsec, reloc) {
+ unsigned long target = reloc->sym->offset + reloc_addend(reloc);
+ struct symbol *func;
+
+ /* arm64 func */
+ func = find_func_containing(reloc->sym->sec, target);
+ if (func) {
+ elf->pfe_offset = target - func->offset;
+ return 0;
+ }
+
+ /* arm64 CALL_OPS */
+ func = find_func_by_offset(reloc->sym->sec, target + 8);
+ if (func) {
+ elf->pfe_offset = -8;
+ return 0;
+ }
+ }
+ }
+
+ if (has_pfe) {
+ ERROR("can't find __patchable_function_entries offset");
+ return -1;
+ }
+
+ return 0;
+}
+
+/*
+ * Detect the size of the area before a function's entry point. This prefix
+ * area is used for CFI type hashes or ftrace call ops.
+ *
+ * $d mapping symbol (arm64):
+ *
+ * CONFIG_CFI
+ *
+ * PFE before function entry, no symbol (arm64):
+ *
+ * CONFIG_DYNAMIC_FTRACE_WITH_CALL_OPS
+ */
+static unsigned long func_pfx_size(struct elf *elf, struct symbol *func)
+{
+ if (__is_defined(ARCH_HAS_PREFIX_SYMBOLS))
+ return 0;
+
+ /* arm64 kCFI $d data mapping symbol */
+ if (func->offset >= 4 &&
+ find_data_mapping_sym(func->sec, func->offset - 4))
+ return 4;
+
+ /* arm64 CALL_OPS (mutually exclusive with kCFI) */
+ if (elf->pfe_offset < 0 && func->offset >= -elf->pfe_offset)
+ return -elf->pfe_offset;
+
+ return 0;
+}
+
static struct symbol *first_file_symbol(struct elf *elf)
{
struct symbol *sym;
@@ -302,6 +395,9 @@ static bool is_special_section(struct section *sec)
"__ex_table",
"__jump_table",
"__mcount_loc",
+#ifndef ARCH_HAS_PREFIX_SYMBOLS
+ "__patchable_function_entries",
+#endif
/*
* Extract .static_call_sites here to inherit non-module
@@ -931,7 +1027,7 @@ static struct symbol *__clone_symbol(struct elf *elf, struct symbol *patched_sym
bool data_too)
{
struct section *out_sec = NULL;
- unsigned long offset = 0;
+ unsigned long offset = 0, pfx_size = 0;
struct symbol *out_sym;
if (data_too && !is_undef_sym(patched_sym)) {
@@ -963,17 +1059,22 @@ static struct symbol *__clone_symbol(struct elf *elf, struct symbol *patched_sym
void *data = NULL;
size_t size;
+ /* Clone (non-x86) function prefix area */
+ pfx_size = is_func_sym(patched_sym) ? func_pfx_size(elf, patched_sym) : 0;
+
/* bss doesn't have data */
if (patched_sym->sec->data && patched_sym->sec->data->d_buf)
- data = patched_sym->sec->data->d_buf + patched_sym->offset;
+ data = patched_sym->sec->data->d_buf + patched_sym->offset - pfx_size;
if (is_sec_sym(patched_sym))
size = sec_size(patched_sym->sec);
else
- size = patched_sym->len;
+ size = patched_sym->len + pfx_size;
if (!elf_add_data(elf, out_sec, data, size))
return NULL;
+
+ offset += pfx_size;
}
}
@@ -1251,21 +1352,41 @@ static int convert_reloc_sym_to_secsym(struct elf *elf, struct reloc *reloc)
return 0;
}
+/*
+ * __patchable_function_entries relocs point to the patchable entry NOPs,
+ * which are at 'pfe_offset' bytes from the function symbol.
+ *
+ * Some entries (e.g., removed weak functions, syscall -ENOSYS stubs) don't
+ * have a corresponding function symbol. Skip those with a return value of 1.
+ */
+static int convert_pfe_reloc(struct elf *elf, struct reloc *reloc)
+{
+ struct symbol *func;
+
+ func = find_func_by_offset(reloc->sym->sec,
+ reloc->sym->offset +
+ reloc_addend(reloc) - elf->pfe_offset);
+ if (!func)
+ return 1;
+
+ reloc->sym = func;
+ set_reloc_sym(elf, reloc, func->idx);
+ set_reloc_addend(elf, reloc, elf->pfe_offset);
+ return 0;
+}
+
/* Return -1 error, 0 success, 1 skip */
static int convert_reloc_secsym_to_sym(struct elf *elf, struct reloc *reloc)
{
struct symbol *sym = reloc->sym;
struct section *sec = sym->sec;
+ if (!strcmp(reloc->sec->name, ".rela__patchable_function_entries"))
+ return convert_pfe_reloc(elf, reloc);
+
if (!is_sec_sym(sym))
return 0;
- /* If the symbol has a dedicated section, it's easy to find */
- sym = find_symbol_by_offset(sec, 0);
- if (sym && sym->len == sec_size(sec))
- goto found_sym;
-
- /* No dedicated section; find the symbol manually */
sym = find_symbol_containing_inclusive(sec, arch_adjusted_addend(reloc));
if (!sym) {
/*
@@ -1293,7 +1414,6 @@ static int convert_reloc_secsym_to_sym(struct elf *elf, struct reloc *reloc)
return -1;
}
-found_sym:
reloc->sym = sym;
set_reloc_sym(elf, reloc, sym->idx);
set_reloc_addend(elf, reloc, reloc_addend(reloc) - sym->offset);
@@ -1856,6 +1976,9 @@ static int validate_special_section_klp_reloc(struct elfs *e, struct symbol *sym
static int clone_special_section(struct elfs *e, struct section *patched_sec)
{
+ bool is_pfe = !strcmp(patched_sec->name, "__patchable_function_entries");
+ struct section *out_sec = NULL;
+ struct reloc *patched_reloc;
struct symbol *patched_sym;
/*
@@ -1863,6 +1986,7 @@ static int clone_special_section(struct elfs *e, struct section *patched_sec)
* reference included functions.
*/
sec_for_each_sym(patched_sec, patched_sym) {
+ struct symbol *out_sym;
int ret;
if (!is_object_sym(patched_sym))
@@ -1877,8 +2001,23 @@ static int clone_special_section(struct elfs *e, struct section *patched_sec)
if (ret > 0)
continue;
- if (!clone_symbol(e, patched_sym, true))
+ out_sym = clone_symbol(e, patched_sym, true);
+ if (!out_sym)
return -1;
+
+ if (!is_pfe || (out_sec && out_sec->sh.sh_link))
+ continue;
+
+ /*
+ * For reasons, the patched object has multiple PFE sections,
+ * but we only need to create one combined section for the
+ * output. Link the single PFE ouput section to a random text
+ * section to satisfy the linker for SHF_LINK_ORDER.
+ */
+ out_sec = out_sym->sec;
+ patched_reloc = find_reloc_by_dest(e->patched, patched_sec,
+ patched_sym->offset);
+ out_sec->sh.sh_link = patched_reloc->sym->clone->sec->idx;
}
return 0;
@@ -2175,6 +2314,9 @@ int cmd_klp_diff(int argc, const char **argv)
if (read_sym_checksums(e.patched))
return -1;
+ if (read_pfe_offset(e.patched))
+ return -1;
+
if (correlate_symbols(&e))
return -1;
@@ -2188,6 +2330,8 @@ int cmd_klp_diff(int argc, const char **argv)
if (!e.out)
return -1;
+ e.out->pfe_offset = e.patched->pfe_offset;
+
/*
* Special section fake symbols are needed so that individual special
* section entries can be extracted by clone_special_sections().
--
2.53.0
^ permalink raw reply related
* [PATCH v3 16/21] objtool/klp: Filter arm64 mapping symbols in find_symbol_by_offset()
From: Josh Poimboeuf @ 2026-05-13 3:34 UTC (permalink / raw)
To: x86
Cc: linux-kernel, live-patching, Peter Zijlstra, Joe Lawrence,
Song Liu, Catalin Marinas, Will Deacon, linux-arm-kernel,
Mark Rutland, Miroslav Benes, Petr Mladek
In-Reply-To: <cover.1778642120.git.jpoimboe@kernel.org>
ARM64 ELF objects contain $d/$x mapping symbols (STT_NOTYPE) at offset 0
in data/text sections. These aren't "real" symbols so filter them from
find_symbol_by_offset(), consistent with the existing section symbol
filter.
Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
---
tools/objtool/elf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/objtool/elf.c b/tools/objtool/elf.c
index 9d5a926934dc2..a4d9afa3a079c 100644
--- a/tools/objtool/elf.c
+++ b/tools/objtool/elf.c
@@ -159,7 +159,7 @@ struct symbol *find_symbol_by_offset(struct section *sec, unsigned long offset)
struct symbol *sym;
__sym_for_each(sym, tree, offset, offset) {
- if (sym->offset == offset && !is_sec_sym(sym))
+ if (sym->offset == offset && !is_sec_sym(sym) && !is_mapping_sym(sym))
return sym->alias;
}
--
2.53.0
^ permalink raw reply related
* [PATCH v3 17/21] objtool/klp: Don't correlate arm64 mapping symbols
From: Josh Poimboeuf @ 2026-05-13 3:34 UTC (permalink / raw)
To: x86
Cc: linux-kernel, live-patching, Peter Zijlstra, Joe Lawrence,
Song Liu, Catalin Marinas, Will Deacon, linux-arm-kernel,
Mark Rutland, Miroslav Benes, Petr Mladek
In-Reply-To: <cover.1778642120.git.jpoimboe@kernel.org>
ARM64 ELF files contain mapping symbols ($d, $x, $a, etc.) which mark
transitions between code and data. There are thousands of them per
object file, all sharing the same few names.
They aren't "real" symbols so there's no need to correlate them.
Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
---
tools/objtool/klp-diff.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/objtool/klp-diff.c b/tools/objtool/klp-diff.c
index eb21f3bf3120b..e1d4d94c9d77c 100644
--- a/tools/objtool/klp-diff.c
+++ b/tools/objtool/klp-diff.c
@@ -501,6 +501,7 @@ static bool dont_correlate(struct symbol *sym)
is_prefix_func(sym) ||
is_uncorrelated_static_local(sym) ||
is_local_label(sym) ||
+ is_mapping_sym(sym) ||
is_string_sec(sym->sec) ||
is_anonymous_rodata(sym) ||
is_initcall_sym(sym) ||
--
2.53.0
^ permalink raw reply related
* [PATCH v3 18/21] objtool/klp: Clone inline alternative replacements
From: Josh Poimboeuf @ 2026-05-13 3:34 UTC (permalink / raw)
To: x86
Cc: linux-kernel, live-patching, Peter Zijlstra, Joe Lawrence,
Song Liu, Catalin Marinas, Will Deacon, linux-arm-kernel,
Mark Rutland, Miroslav Benes, Petr Mladek
In-Reply-To: <cover.1778642120.git.jpoimboe@kernel.org>
Unlike x86-64, arm64 places alternative replacement instructions in
.text, immediately after the affected function.
So if the replacement instructions have PC-relative branches without
relocations, their offsets relative to the function have to remain
constant.
Achieve that by cloning the function's alternative replacements
immediately after cloning the function itself.
Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
---
tools/objtool/elf.c | 9 +++--
tools/objtool/include/objtool/elf.h | 7 +++-
tools/objtool/klp-diff.c | 63 ++++++++++++++++++++++++-----
3 files changed, 65 insertions(+), 14 deletions(-)
diff --git a/tools/objtool/elf.c b/tools/objtool/elf.c
index a4d9afa3a079c..a5b2929ea0fa9 100644
--- a/tools/objtool/elf.c
+++ b/tools/objtool/elf.c
@@ -1413,14 +1413,15 @@ int elf_add_string(struct elf *elf, struct section *strtab, const char *str)
return -1;
}
- data = elf_add_data(elf, strtab, str, strlen(str) + 1);
+ data = elf_add_data(elf, strtab, str, strlen(str) + 1, true);
if (!data)
return -1;
return data - strtab->data->d_buf;
}
-void *elf_add_data(struct elf *elf, struct section *sec, const void *data, size_t size)
+void *elf_add_data(struct elf *elf, struct section *sec, const void *data,
+ size_t size, bool align)
{
unsigned long offset, size_old, size_new, alloc_size_old, alloc_size_new;
Elf_Scn *s;
@@ -1447,7 +1448,7 @@ void *elf_add_data(struct elf *elf, struct section *sec, const void *data, size_
}
size_old = sec->data->d_size;
- offset = ALIGN(size_old, sec->sh.sh_addralign);
+ offset = ALIGN(size_old, align ? sec->sh.sh_addralign : 1);
size_new = offset + size;
if (!sec->data_overallocated)
@@ -1590,7 +1591,7 @@ static int elf_alloc_reloc(struct elf *elf, struct section *rsec)
unsigned long nr_alloc_old = 0, nr_alloc_new;
struct symbol *sym;
- if (!elf_add_data(elf, rsec, NULL, elf_rela_size(elf)))
+ if (!elf_add_data(elf, rsec, NULL, elf_rela_size(elf), true))
return -1;
rsec->data->d_type = ELF_T_RELA;
diff --git a/tools/objtool/include/objtool/elf.h b/tools/objtool/include/objtool/elf.h
index ab1d53ed23189..fba0a0e08f8b6 100644
--- a/tools/objtool/include/objtool/elf.h
+++ b/tools/objtool/include/objtool/elf.h
@@ -106,6 +106,8 @@ struct symbol {
u8 included : 1;
u8 klp : 1;
u8 dont_correlate : 1;
+ u8 fake : 1;
+ u8 unalign : 1;
struct list_head pv_target;
struct reloc *relocs;
struct section *group_sec;
@@ -186,7 +188,7 @@ struct symbol *elf_create_symbol(struct elf *elf, const char *name,
struct symbol *elf_create_section_symbol(struct elf *elf, struct section *sec);
void *elf_add_data(struct elf *elf, struct section *sec, const void *data,
- size_t size);
+ size_t size, bool align);
int elf_find_string(struct elf *elf, struct section *strtab, const char *str);
int elf_add_string(struct elf *elf, struct section *strtab, const char *str);
@@ -532,6 +534,9 @@ static inline void set_sym_next_reloc(struct reloc *reloc, struct reloc *next)
#define sec_for_each_sym_from(sec, sym) \
list_for_each_entry_from(sym, &sec->symbol_list, list)
+#define sec_for_each_sym_continue(sec, sym) \
+ list_for_each_entry_continue(sym, &sec->symbol_list, list)
+
#define sec_prev_sym(sym) \
sym->sec && sym->list.prev != &sym->sec->symbol_list ? \
list_prev_entry(sym, list) : NULL
diff --git a/tools/objtool/klp-diff.c b/tools/objtool/klp-diff.c
index e1d4d94c9d77c..b9624bd9439b9 100644
--- a/tools/objtool/klp-diff.c
+++ b/tools/objtool/klp-diff.c
@@ -1027,8 +1027,9 @@ static int clone_sym_relocs(struct elfs *e, struct symbol *patched_sym);
static struct symbol *__clone_symbol(struct elf *elf, struct symbol *patched_sym,
bool data_too)
{
- struct section *out_sec = NULL;
unsigned long offset = 0, pfx_size = 0;
+ bool align = !patched_sym->unalign;
+ struct section *out_sec = NULL;
struct symbol *out_sym;
if (data_too && !is_undef_sym(patched_sym)) {
@@ -1054,7 +1055,7 @@ static struct symbol *__clone_symbol(struct elf *elf, struct symbol *patched_sym
}
if (!is_sec_sym(patched_sym))
- offset = ALIGN(sec_size(out_sec), out_sec->sh.sh_addralign);
+ offset = ALIGN(sec_size(out_sec), align ? out_sec->sh.sh_addralign : 1);
if (patched_sym->len || is_sec_sym(patched_sym)) {
void *data = NULL;
@@ -1072,7 +1073,7 @@ static struct symbol *__clone_symbol(struct elf *elf, struct symbol *patched_sym
else
size = patched_sym->len + pfx_size;
- if (!elf_add_data(elf, out_sec, data, size))
+ if (!elf_add_data(elf, out_sec, data, size, align))
return NULL;
offset += pfx_size;
@@ -1114,6 +1115,37 @@ static const char *sym_bind(struct symbol *sym)
}
}
+static struct symbol *clone_symbol(struct elfs *e, struct symbol *patched_sym,
+ bool data_too);
+
+/*
+ * For arm64 alternatives, the replacement instructions come immediately after
+ * the function. Clone any such blocks of instructions in place to preserve
+ * their offsets relative to the function in case they have hard-coded PC
+ * relative branches.
+ */
+static int clone_inline_alternatives(struct elfs *e, struct symbol *patched_sym)
+{
+ struct symbol *next;
+
+ if (!__is_defined(ARCH_HAS_INLINE_ALTS) || !is_func_sym(patched_sym))
+ return 0;
+
+ next = patched_sym;
+ sec_for_each_sym_continue(patched_sym->sec, next) {
+ if (next->offset < (patched_sym->offset + patched_sym->len) ||
+ is_mapping_sym(next))
+ continue;
+ if (!next->fake)
+ break;
+ next->unalign = 1;
+ if (!clone_symbol(e, next, true))
+ return -1;
+ }
+
+ return 0;
+}
+
/*
* Copy a symbol to the output object, optionally including its data and
* relocations.
@@ -1138,7 +1170,13 @@ static struct symbol *clone_symbol(struct elfs *e, struct symbol *patched_sym,
if (!__clone_symbol(e->out, patched_sym, data_too))
return NULL;
- if (data_too && clone_sym_relocs(e, patched_sym))
+ if (!data_too || is_undef_sym(patched_sym))
+ return patched_sym->clone;
+
+ if (clone_sym_relocs(e, patched_sym))
+ return NULL;
+
+ if (clone_inline_alternatives(e, patched_sym))
return NULL;
return patched_sym->clone;
@@ -1551,7 +1589,7 @@ static int clone_reloc_klp(struct elfs *e, struct reloc *patched_reloc,
memset(&klp_reloc, 0, sizeof(klp_reloc));
klp_reloc.type = reloc_type(patched_reloc);
- if (!elf_add_data(e->out, klp_relocs, &klp_reloc, sizeof(klp_reloc)))
+ if (!elf_add_data(e->out, klp_relocs, &klp_reloc, sizeof(klp_reloc), true))
return -1;
/* klp_reloc.offset */
@@ -1714,6 +1752,7 @@ static int create_fake_symbol(struct elf *elf, struct section *sec,
unsigned long offset, size_t size)
{
char name[SYM_NAME_LEN];
+ struct symbol *sym;
unsigned int type;
static int ctr;
char *c;
@@ -1730,7 +1769,13 @@ static int create_fake_symbol(struct elf *elf, struct section *sec,
* while still allowing objdump to disassemble it.
*/
type = is_text_sec(sec) ? STT_NOTYPE : STT_OBJECT;
- return elf_create_symbol(elf, name, sec, STB_LOCAL, type, offset, size) ? 0 : -1;
+
+ sym = elf_create_symbol(elf, name, sec, STB_LOCAL, type, offset, size);
+ if (!sym)
+ return -1;
+
+ sym->fake = 1;
+ return 0;
}
/*
@@ -2095,7 +2140,7 @@ static int create_klp_sections(struct elfs *e)
return -1;
/* allocate klp_object_ext */
- obj_data = elf_add_data(e->out, obj_sec, NULL, obj_size);
+ obj_data = elf_add_data(e->out, obj_sec, NULL, obj_size, true);
if (!obj_data)
return -1;
@@ -2130,7 +2175,7 @@ static int create_klp_sections(struct elfs *e)
continue;
/* allocate klp_func_ext */
- func_data = elf_add_data(e->out, funcs_sec, NULL, func_size);
+ func_data = elf_add_data(e->out, funcs_sec, NULL, func_size, true);
if (!func_data)
return -1;
@@ -2276,7 +2321,7 @@ static int copy_import_ns(struct elfs *e)
}
}
- if (!elf_add_data(e->out, out_sec, import_ns, strlen(import_ns) + 1))
+ if (!elf_add_data(e->out, out_sec, import_ns, strlen(import_ns) + 1, true))
return -1;
}
--
2.53.0
^ permalink raw reply related
* [PATCH v3 19/21] objtool/klp: Introduce objtool for arm64
From: Josh Poimboeuf @ 2026-05-13 3:34 UTC (permalink / raw)
To: x86
Cc: linux-kernel, live-patching, Peter Zijlstra, Joe Lawrence,
Song Liu, Catalin Marinas, Will Deacon, linux-arm-kernel,
Mark Rutland, Miroslav Benes, Petr Mladek
In-Reply-To: <cover.1778642120.git.jpoimboe@kernel.org>
Add basic support for arm64 on objtool. Only "objtool klp" subcommands
are currently supported.
Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
---
arch/arm64/Kconfig | 2 +
tools/objtool/Makefile | 4 +
tools/objtool/arch/arm64/Build | 2 +
tools/objtool/arch/arm64/decode.c | 177 ++++++++++++++++++
.../arch/arm64/include/arch/cfi_regs.h | 11 ++
tools/objtool/arch/arm64/include/arch/elf.h | 15 ++
.../objtool/arch/arm64/include/arch/special.h | 21 +++
tools/objtool/arch/arm64/special.c | 21 +++
8 files changed, 253 insertions(+)
create mode 100644 tools/objtool/arch/arm64/Build
create mode 100644 tools/objtool/arch/arm64/decode.c
create mode 100644 tools/objtool/arch/arm64/include/arch/cfi_regs.h
create mode 100644 tools/objtool/arch/arm64/include/arch/elf.h
create mode 100644 tools/objtool/arch/arm64/include/arch/special.h
create mode 100644 tools/objtool/arch/arm64/special.c
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index fe60738e5943b..101080fd4f99e 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -210,9 +210,11 @@ config ARM64
select HAVE_HW_BREAKPOINT if PERF_EVENTS
select HAVE_IOREMAP_PROT
select HAVE_IRQ_TIME_ACCOUNTING
+ select HAVE_KLP_BUILD
select HAVE_LIVEPATCH
select HAVE_MOD_ARCH_SPECIFIC
select HAVE_NMI
+ select HAVE_OBJTOOL
select HAVE_PERF_EVENTS
select HAVE_PERF_EVENTS_NMI if ARM64_PSEUDO_NMI
select HAVE_PERF_REGS
diff --git a/tools/objtool/Makefile b/tools/objtool/Makefile
index a4484fd22a96d..94aabeee97367 100644
--- a/tools/objtool/Makefile
+++ b/tools/objtool/Makefile
@@ -11,6 +11,10 @@ ifeq ($(SRCARCH),loongarch)
BUILD_ORC := y
endif
+ifeq ($(SRCARCH),arm64)
+ ARCH_HAS_KLP := y
+endif
+
ifeq ($(ARCH_HAS_KLP),y)
HAVE_XXHASH = $(shell printf "$(pound)include <xxhash.h>\nXXH3_state_t *state;int main() {}" | \
$(HOSTCC) $(HOSTCFLAGS) -xc - -o /dev/null -lxxhash 2> /dev/null && echo y || echo n)
diff --git a/tools/objtool/arch/arm64/Build b/tools/objtool/arch/arm64/Build
new file mode 100644
index 0000000000000..d24d5636a5b84
--- /dev/null
+++ b/tools/objtool/arch/arm64/Build
@@ -0,0 +1,2 @@
+objtool-y += decode.o
+objtool-y += special.o
diff --git a/tools/objtool/arch/arm64/decode.c b/tools/objtool/arch/arm64/decode.c
new file mode 100644
index 0000000000000..47658c76e1af0
--- /dev/null
+++ b/tools/objtool/arch/arm64/decode.c
@@ -0,0 +1,177 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <objtool/check.h>
+#include <objtool/disas.h>
+#include <objtool/elf.h>
+#include <objtool/arch.h>
+#include <objtool/warn.h>
+#include <objtool/builtin.h>
+
+const char *arch_reg_name[CFI_NUM_REGS] = {};
+
+int arch_ftrace_match(const char *name)
+{
+ return 0;
+}
+
+s64 arch_insn_adjusted_addend(struct instruction *insn, struct reloc *reloc)
+{
+ return reloc_addend(reloc);
+}
+
+bool arch_callee_saved_reg(unsigned char reg)
+{
+ return false;
+}
+
+int arch_decode_hint_reg(u8 sp_reg, int *base)
+{
+ exit(-1);
+}
+
+const char *arch_nop_insn(int len)
+{
+ exit(-1);
+}
+
+const char *arch_ret_insn(int len)
+{
+ exit(-1);
+}
+
+int arch_decode_instruction(struct objtool_file *file, const struct section *sec,
+ unsigned long offset, unsigned int maxlen,
+ struct instruction *insn)
+{
+ u32 ins;
+
+ if (maxlen < 4) {
+ ERROR_INSN(insn, "can't decode instruction");
+ return -1;
+ }
+
+ /* arm64 instructions are always LE, thus no bswap_if_needed() */
+ ins = le32toh(*(u32 *)(sec->data->d_buf + offset));
+
+ /*
+ * These are the bare minimum needed for static branch detection and
+ * checksum calculations.
+ */
+ if (ins == 0xd503201f) {
+ /* NOP: static branch */
+ insn->type = INSN_NOP;
+ } else if ((ins & 0xfc000000) == 0x14000000) {
+ /* B: static branch, intra-TU sibling call */
+ insn->type = INSN_JUMP_UNCONDITIONAL;
+ insn->immediate = sign_extend64(ins & 0x03ffffff, 25);
+ } else if ((ins & 0xfc000000) == 0x94000000) {
+ /* BL: intra-TU call */
+ insn->type = INSN_CALL;
+ insn->immediate = sign_extend64(ins & 0x03ffffff, 25);
+ } else if ((ins & 0xff000000) == 0x54000000) {
+ /* B.cond: intra-TU sibling call */
+ insn->type = INSN_JUMP_CONDITIONAL;
+ insn->immediate = sign_extend64((ins >> 5) & 0x7ffff, 18);
+ } else if ((ins & 0x7e000000) == 0x34000000) {
+ /* CBZ/CBNZ: intra-TU sibling call */
+ insn->type = INSN_JUMP_CONDITIONAL;
+ insn->immediate = sign_extend64((ins >> 5) & 0x7ffff, 18);
+ } else if ((ins & 0x7e000000) == 0x36000000) {
+ /* TBZ/TBNZ: intra-TU sibling call */
+ insn->type = INSN_JUMP_CONDITIONAL;
+ insn->immediate = sign_extend64((ins >> 5) & 0x3fff, 13);
+ } else {
+ insn->type = INSN_OTHER;
+ }
+
+ insn->len = 4;
+ return 0;
+}
+
+size_t arch_jump_opcode_bytes(struct objtool_file *file, struct instruction *insn,
+ unsigned char *buf)
+{
+ u32 ins;
+
+ ins = le32toh(*(u32 *)(insn->sec->data->d_buf + insn->offset));
+
+ switch (insn->type) {
+ case INSN_JUMP_UNCONDITIONAL:
+ case INSN_CALL:
+ ins &= ~0x03ffffff;
+ break;
+ case INSN_JUMP_CONDITIONAL:
+ if ((ins & 0xff000000) == 0x54000000)
+ ins &= ~0x00ffffe0; /* B.cond */
+ else if ((ins & 0x7e000000) == 0x34000000)
+ ins &= ~0x00ffffe0; /* CBZ/CBNZ */
+ else
+ ins &= ~0x0007ffe0; /* TBZ/TBNZ */
+ break;
+ default:
+ break;
+ }
+
+ ins = htole32(ins);
+ memcpy(buf, &ins, 4);
+ return 4;
+}
+
+u64 arch_adjusted_addend(struct reloc *reloc)
+{
+ return reloc_addend(reloc);
+}
+
+unsigned long arch_jump_destination(struct instruction *insn)
+{
+ return insn->offset + (insn->immediate << 2);
+}
+
+bool arch_pc_relative_reloc(struct reloc *reloc)
+{
+ switch (reloc_type(reloc)) {
+ case R_AARCH64_PREL64:
+ case R_AARCH64_PREL32:
+ case R_AARCH64_PREL16:
+ case R_AARCH64_LD_PREL_LO19:
+ case R_AARCH64_ADR_PREL_LO21:
+ case R_AARCH64_ADR_PREL_PG_HI21:
+ case R_AARCH64_ADR_PREL_PG_HI21_NC:
+ case R_AARCH64_JUMP26:
+ case R_AARCH64_CALL26:
+ case R_AARCH64_CONDBR19:
+ case R_AARCH64_TSTBR14:
+ return true;
+ default:
+ return false;
+ }
+}
+
+void arch_initial_func_cfi_state(struct cfi_init_state *state)
+{
+ state->cfa.base = CFI_UNDEFINED;
+}
+
+unsigned int arch_reloc_size(struct reloc *reloc)
+{
+ switch (reloc_type(reloc)) {
+ case R_AARCH64_ABS64:
+ case R_AARCH64_PREL64:
+ return 8;
+ case R_AARCH64_PREL16:
+ return 2;
+ default:
+ return 4;
+ }
+}
+
+#ifdef DISAS
+int arch_disas_info_init(struct disassemble_info *dinfo)
+{
+ return disas_info_init(dinfo, bfd_arch_aarch64,
+ bfd_mach_arm_unknown, bfd_mach_aarch64,
+ NULL);
+}
+#endif /* DISAS */
diff --git a/tools/objtool/arch/arm64/include/arch/cfi_regs.h b/tools/objtool/arch/arm64/include/arch/cfi_regs.h
new file mode 100644
index 0000000000000..49c81cbb6646d
--- /dev/null
+++ b/tools/objtool/arch/arm64/include/arch/cfi_regs.h
@@ -0,0 +1,11 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later */
+#ifndef _OBJTOOL_ARCH_CFI_REGS_H
+#define _OBJTOOL_ARCH_CFI_REGS_H
+
+/* These aren't actually used for arm64 */
+#define CFI_BP 0
+#define CFI_SP 0
+#define CFI_RA 0
+#define CFI_NUM_REGS 2
+
+#endif /* _OBJTOOL_ARCH_CFI_REGS_H */
diff --git a/tools/objtool/arch/arm64/include/arch/elf.h b/tools/objtool/arch/arm64/include/arch/elf.h
new file mode 100644
index 0000000000000..418b90885c501
--- /dev/null
+++ b/tools/objtool/arch/arm64/include/arch/elf.h
@@ -0,0 +1,15 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later */
+#ifndef _OBJTOOL_ARCH_ELF_H
+#define _OBJTOOL_ARCH_ELF_H
+
+#define R_NONE R_AARCH64_NONE
+#define R_ABS64 R_AARCH64_ABS64
+#define R_ABS32 R_AARCH64_ABS32
+#define R_DATA32 R_AARCH64_PREL32
+#define R_DATA64 R_AARCH64_PREL64
+#define R_TEXT32 R_AARCH64_PREL32
+#define R_TEXT64 R_AARCH64_PREL64
+
+#define ARCH_HAS_INLINE_ALTS 1
+
+#endif /* _OBJTOOL_ARCH_ELF_H */
diff --git a/tools/objtool/arch/arm64/include/arch/special.h b/tools/objtool/arch/arm64/include/arch/special.h
new file mode 100644
index 0000000000000..8ae804a83ea49
--- /dev/null
+++ b/tools/objtool/arch/arm64/include/arch/special.h
@@ -0,0 +1,21 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later */
+#ifndef _OBJTOOL_ARCH_SPECIAL_H
+#define _OBJTOOL_ARCH_SPECIAL_H
+
+#define EX_ENTRY_SIZE 12
+#define EX_ORIG_OFFSET 0
+#define EX_NEW_OFFSET 4
+
+#define JUMP_ENTRY_SIZE 16
+#define JUMP_ORIG_OFFSET 0
+#define JUMP_NEW_OFFSET 4
+#define JUMP_KEY_OFFSET 8
+
+#define ALT_ENTRY_SIZE 12
+#define ALT_ORIG_OFFSET 0
+#define ALT_NEW_OFFSET 4
+#define ALT_FEATURE_OFFSET 8
+#define ALT_ORIG_LEN_OFFSET 10
+#define ALT_NEW_LEN_OFFSET 11
+
+#endif /* _OBJTOOL_ARCH_SPECIAL_H */
diff --git a/tools/objtool/arch/arm64/special.c b/tools/objtool/arch/arm64/special.c
new file mode 100644
index 0000000000000..6ddecd362f3dd
--- /dev/null
+++ b/tools/objtool/arch/arm64/special.c
@@ -0,0 +1,21 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+#include <objtool/special.h>
+
+bool arch_support_alt_relocation(struct special_alt *special_alt,
+ struct instruction *insn,
+ struct reloc *reloc)
+{
+ return true;
+}
+
+struct reloc *arch_find_switch_table(struct objtool_file *file,
+ struct instruction *insn,
+ unsigned long *table_size)
+{
+ return NULL;
+}
+
+const char *arch_cpu_feature_name(int feature_number)
+{
+ return NULL;
+}
--
2.53.0
^ permalink raw reply related
* [PATCH v3 20/21] klp-build: Support cross-compilation
From: Josh Poimboeuf @ 2026-05-13 3:34 UTC (permalink / raw)
To: x86
Cc: linux-kernel, live-patching, Peter Zijlstra, Joe Lawrence,
Song Liu, Catalin Marinas, Will Deacon, linux-arm-kernel,
Mark Rutland, Miroslav Benes, Petr Mladek
In-Reply-To: <cover.1778642120.git.jpoimboe@kernel.org>
Add support for cross-compilation. The user must export ARCH, and
either CROSS_COMPILE or LLVM as needed.
Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
---
scripts/livepatch/klp-build | 22 +++++++++++++++++++++-
1 file changed, 21 insertions(+), 1 deletion(-)
diff --git a/scripts/livepatch/klp-build b/scripts/livepatch/klp-build
index 911ada05673c2..e83973567c878 100755
--- a/scripts/livepatch/klp-build
+++ b/scripts/livepatch/klp-build
@@ -432,6 +432,25 @@ validate_patches() {
revert_patches
}
+cross_compile_init() {
+ if [[ -v LLVM && -n "$LLVM" ]]; then
+ local prefix=""
+ local suffix=""
+
+ if [[ "$LLVM" == */ ]]; then
+ # LLVM=/path/to/bin/
+ prefix="$LLVM"
+ elif [[ "$LLVM" == -* ]]; then
+ # LLVM=-14
+ suffix="$LLVM"
+ fi
+
+ OBJCOPY="${prefix}llvm-objcopy${suffix}"
+ else
+ OBJCOPY="${CROSS_COMPILE:-}objcopy"
+ fi
+}
+
do_init() {
# We're not yet smart enough to handle anything other than in-tree
# builds in pwd.
@@ -462,6 +481,7 @@ do_init() {
validate_config
set_module_name
set_kernelversion
+ cross_compile_init
}
# Refresh the patch hunk headers, specifically the line numbers and counts.
@@ -871,7 +891,7 @@ build_patch_module() {
cp -f "$kmod_file" "$kmod_file.orig"
# Work around issue where slight .config change makes corrupt BTF
- objcopy --remove-section=.BTF "$kmod_file"
+ "$OBJCOPY" --remove-section=.BTF "$kmod_file"
# Fix (and work around) linker wreckage for klp syms / relocs
"$OBJTOOL" klp post-link "$kmod_file" || die "objtool klp post-link failed"
--
2.53.0
^ permalink raw reply related
* [PATCH v3 21/21] klp-build: Add arm64 syscall patching macro
From: Josh Poimboeuf @ 2026-05-13 3:34 UTC (permalink / raw)
To: x86
Cc: linux-kernel, live-patching, Peter Zijlstra, Joe Lawrence,
Song Liu, Catalin Marinas, Will Deacon, linux-arm-kernel,
Mark Rutland, Miroslav Benes, Petr Mladek
In-Reply-To: <cover.1778642120.git.jpoimboe@kernel.org>
Add arm64 support for KLP_SYSCALL_DEFINEx(), mirroring the arm64
__SYSCALL_DEFINEx() pattern from arch/arm64/include/asm/syscall_wrapper.h.
Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
---
include/linux/livepatch_helpers.h | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/include/linux/livepatch_helpers.h b/include/linux/livepatch_helpers.h
index 99d68d0773fa8..4b647b83865f9 100644
--- a/include/linux/livepatch_helpers.h
+++ b/include/linux/livepatch_helpers.h
@@ -72,6 +72,25 @@
} \
static inline long __klp_do_sys##name(__MAP(x,__SC_DECL,__VA_ARGS__))
+#elif defined(CONFIG_ARM64)
+
+#define __KLP_SYSCALL_DEFINEx(x, name, ...) \
+ static long __se_sys##name(__MAP(x,__SC_LONG,__VA_ARGS__)); \
+ static inline long __klp_do_sys##name(__MAP(x,__SC_DECL,__VA_ARGS__));\
+ asmlinkage long __arm64_sys##name(const struct pt_regs *regs); \
+ asmlinkage long __arm64_sys##name(const struct pt_regs *regs) \
+ { \
+ return __se_sys##name(SC_ARM64_REGS_TO_ARGS(x,__VA_ARGS__));\
+ } \
+ static long __se_sys##name(__MAP(x,__SC_LONG,__VA_ARGS__)) \
+ { \
+ long ret = __klp_do_sys##name(__MAP(x,__SC_CAST,__VA_ARGS__));\
+ __MAP(x,__SC_TEST,__VA_ARGS__); \
+ __PROTECT(x, ret,__MAP(x,__SC_ARGS,__VA_ARGS__)); \
+ return ret; \
+ } \
+ static inline long __klp_do_sys##name(__MAP(x,__SC_DECL,__VA_ARGS__))
+
#endif
#endif /* _LINUX_LIVEPATCH_HELPERS_H */
--
2.53.0
^ permalink raw reply related
* Re: [PATCH v3 10/21] objtool: Ignore jumps to the end of the function for checksum runs
From: Peter Zijlstra @ 2026-05-13 7:36 UTC (permalink / raw)
To: Josh Poimboeuf
Cc: x86, linux-kernel, live-patching, Joe Lawrence, Song Liu,
Catalin Marinas, Will Deacon, linux-arm-kernel, Mark Rutland,
Miroslav Benes, Petr Mladek
In-Reply-To: <b3b58101e15e1bb5266e57134f0b65f7d8efdd4b.1778642120.git.jpoimboe@kernel.org>
On Tue, May 12, 2026 at 08:33:44PM -0700, Josh Poimboeuf wrote:
> Sometimes Clang arm64 code jumps to the end of the function for UB.
> No need to make that an error for checksum runs.
I'm not sure I understand the rationale. If the compiler trips UB, we
want to be complaining about that no?
Same as when clang just stops code-gen, also something we commonly see
when it hits UB.
^ permalink raw reply
* Re: [PATCH v3 11/21] objtool: Allow empty alternatives
From: Peter Zijlstra @ 2026-05-13 7:37 UTC (permalink / raw)
To: Josh Poimboeuf
Cc: x86, linux-kernel, live-patching, Joe Lawrence, Song Liu,
Catalin Marinas, Will Deacon, linux-arm-kernel, Mark Rutland,
Miroslav Benes, Petr Mladek
In-Reply-To: <3c474673ec5ddc9f27fbf5ddb1fd0f66ef6a779f.1778642120.git.jpoimboe@kernel.org>
On Tue, May 12, 2026 at 08:33:45PM -0700, Josh Poimboeuf wrote:
> arm64 can have empty alternatives, which are effectively no-ops. Ignore
> them. While at it, fix a memory leak.
How does this happen?
^ permalink raw reply
* [RFC PATCH 0/6] livepatch: Introduce replace set support
From: Yafang Shao @ 2026-05-13 14:33 UTC (permalink / raw)
To: jpoimboe, jikos, mbenes, pmladek, joe.lawrence, song
Cc: live-patching, Yafang Shao
We previously proposed a BPF+livepatch method to enable rapid
experimentation with new kernel features without interrupting production
workloads:
https://lore.kernel.org/live-patching/20260402092607.96430-1-laoar.shao@gmail.com/
In the resulting discussion, Song and Petr suggested adding a "replace set"
to support scenarios where specific livepatches can be selectively replaced
or skipped.
- Patch #1:
Adds replace set support for livepatch functions.
- Patch #2~#5:
Derived from Petr's original patchset:
https://lore.kernel.org/all/20250115082431.5550-3-pmladek@suse.com/
All the selftests are not included in this RFC.
Note: Due to a significant refactor in Patch #5, I have omitted Petr's
Signed-off-by for that specific patch. Please let me know if this is not
the preferred approach.
- Patch #6:
Adds replace set support for the shadow variable API.
Petr Mladek (3):
livepatch: Add callbacks for introducing and removing states
livepatch: Allow to handle lifetime of shadow variables using the
livepatch state
livepatch: Remove "data" from struct klp_state
Yafang Shao (3):
livepatch: Support scoped atomic replace using replace set
livepatch: Remove obsolete per-object callbacks
livepatch: Support replace_set in shadow variable API
.../livepatch/cumulative-patches.rst | 17 +-
Documentation/livepatch/livepatch.rst | 23 ++-
include/linux/livepatch.h | 30 ++--
include/linux/livepatch_external.h | 62 ++++---
kernel/livepatch/core.c | 51 ++----
kernel/livepatch/core.h | 33 ----
kernel/livepatch/shadow.c | 70 +++++---
kernel/livepatch/state.c | 165 +++++++++++++++++-
kernel/livepatch/state.h | 8 +
kernel/livepatch/transition.c | 29 +--
scripts/livepatch/init.c | 9 +-
scripts/livepatch/klp-build | 14 +-
tools/include/linux/livepatch_external.h | 62 ++++---
tools/objtool/klp-diff.c | 16 +-
14 files changed, 373 insertions(+), 216 deletions(-)
--
2.47.3
^ permalink raw reply
* [RFC PATCH 1/6] livepatch: Support scoped atomic replace using replace set
From: Yafang Shao @ 2026-05-13 14:33 UTC (permalink / raw)
To: jpoimboe, jikos, mbenes, pmladek, joe.lawrence, song
Cc: live-patching, Yafang Shao
In-Reply-To: <20260513143321.26185-1-laoar.shao@gmail.com>
Convert the replace attribute from a boolean to a u32 to function as a
"replace set." A newly loaded livepatch will now atomically replace
existing patches that belong to the same set.
This change currently supports function replacement only; support for
state and shadow variables will be introduced in subsequent patches.
Suggested-by: Song Liu <song@kernel.org>
Signed-off-by: Yafang Shao <laoar.shao@gmail.com>
---
.../livepatch/cumulative-patches.rst | 17 ++++++++------
Documentation/livepatch/livepatch.rst | 23 +++++++++++--------
include/linux/livepatch.h | 5 ++--
kernel/livepatch/core.c | 16 ++++++++-----
kernel/livepatch/state.c | 17 +++++++-------
kernel/livepatch/transition.c | 10 ++++----
scripts/livepatch/init.c | 7 +-----
scripts/livepatch/klp-build | 14 +++++------
8 files changed, 59 insertions(+), 50 deletions(-)
diff --git a/Documentation/livepatch/cumulative-patches.rst b/Documentation/livepatch/cumulative-patches.rst
index 1931f318976a..6ef49748110e 100644
--- a/Documentation/livepatch/cumulative-patches.rst
+++ b/Documentation/livepatch/cumulative-patches.rst
@@ -17,18 +17,20 @@ from all older livepatches and completely replace them in one transition.
Usage
-----
-The atomic replace can be enabled by setting "replace" flag in struct klp_patch,
-for example::
+The "replace_set" attribute in ``struct klp_patch`` acts as a **replace set**,
+defining the scope of the replacement. By default, the replace set is 1.
+
+For example::
static struct klp_patch patch = {
.mod = THIS_MODULE,
.objs = objs,
- .replace = true,
+ .replace_set = 1,
};
All processes are then migrated to use the code only from the new patch.
-Once the transition is finished, all older patches are automatically
-disabled.
+Once the transition is finished, all older patches with the same replace
+set are automatically disabled. Patches with different tags remain active.
Ftrace handlers are transparently removed from functions that are no
longer modified by the new cumulative patch.
@@ -62,9 +64,10 @@ Limitations:
------------
- Once the operation finishes, there is no straightforward way
- to reverse it and restore the replaced patches atomically.
+ to reverse it and restore the replaced patches (with the same set)
+ atomically.
- A good practice is to set .replace flag in any released livepatch.
+ A good practice is to set a consistent .replace set in related livepatches.
Then re-adding an older livepatch is equivalent to downgrading
to that patch. This is safe as long as the livepatches do _not_ do
extra modifications in (un)patching callbacks or in the module_init()
diff --git a/Documentation/livepatch/livepatch.rst b/Documentation/livepatch/livepatch.rst
index acb90164929e..07c8d5a13003 100644
--- a/Documentation/livepatch/livepatch.rst
+++ b/Documentation/livepatch/livepatch.rst
@@ -347,15 +347,20 @@ to '0'.
5.3. Replacing
--------------
-All enabled patches might get replaced by a cumulative patch that
-has the .replace flag set.
-
-Once the new patch is enabled and the 'transition' finishes then
-all the functions (struct klp_func) associated with the replaced
-patches are removed from the corresponding struct klp_ops. Also
-the ftrace handler is unregistered and the struct klp_ops is
-freed when the related function is not modified by the new patch
-and func_stack list becomes empty.
+All currently enabled patches may be superseded by a cumulative patch that
+has the same ``.replace_set`` attribute. Once the new patch is enabled and
+the transition finishes, the livepatching core identifies all existing
+patches that share the same replace set.
+
+Once the transition is complete, all functions (``struct klp_func``)
+associated with the matching replaced patches are removed from the
+corresponding ``struct klp_ops``. If a function is no longer modified by
+the new patch and its ``func_stack`` list becomes empty, the ftrace
+handler is unregistered and the ``struct klp_ops`` is freed.
+
+Patches with a different replace set are not affected by this process
+and remain active. This allows for the independent management and
+stacking of multiple, non-conflicting livepatch sets.
See Documentation/livepatch/cumulative-patches.rst for more details.
diff --git a/include/linux/livepatch.h b/include/linux/livepatch.h
index ba9e3988c07c..171c08328299 100644
--- a/include/linux/livepatch.h
+++ b/include/linux/livepatch.h
@@ -123,7 +123,8 @@ struct klp_state {
* @mod: reference to the live patch module
* @objs: object entries for kernel objects to be patched
* @states: system states that can get modified
- * @replace: replace all actively used patches
+ * @replace_set:Livepatch using the same @replace_set will get atomically
+ * replaced.
* @list: list node for global list of actively used patches
* @kobj: kobject for sysfs resources
* @obj_list: dynamic list of the object entries
@@ -137,7 +138,7 @@ struct klp_patch {
struct module *mod;
struct klp_object *objs;
struct klp_state *states;
- bool replace;
+ unsigned int replace_set;
/* internal */
struct list_head list;
diff --git a/kernel/livepatch/core.c b/kernel/livepatch/core.c
index 28d15ba58a26..9eeded1f9cf0 100644
--- a/kernel/livepatch/core.c
+++ b/kernel/livepatch/core.c
@@ -454,7 +454,7 @@ static ssize_t replace_show(struct kobject *kobj,
struct klp_patch *patch;
patch = container_of(kobj, struct klp_patch, kobj);
- return sysfs_emit(buf, "%d\n", patch->replace);
+ return sysfs_emit(buf, "%d\n", patch->replace_set);
}
static ssize_t stack_order_show(struct kobject *kobj,
@@ -621,6 +621,8 @@ static int klp_add_nops(struct klp_patch *patch)
klp_for_each_object(old_patch, old_obj) {
int err;
+ if (patch->replace_set != old_patch->replace_set)
+ continue;
err = klp_add_object_nops(patch, old_obj);
if (err)
return err;
@@ -793,6 +795,8 @@ void klp_free_replaced_patches_async(struct klp_patch *new_patch)
klp_for_each_patch_safe(old_patch, tmp_patch) {
if (old_patch == new_patch)
return;
+ if (old_patch->replace_set != new_patch->replace_set)
+ continue;
klp_free_patch_async(old_patch);
}
}
@@ -988,11 +992,9 @@ static int klp_init_patch(struct klp_patch *patch)
if (ret)
return ret;
- if (patch->replace) {
- ret = klp_add_nops(patch);
- if (ret)
- return ret;
- }
+ ret = klp_add_nops(patch);
+ if (ret)
+ return ret;
klp_for_each_object(patch, obj) {
ret = klp_init_object(patch, obj);
@@ -1195,6 +1197,8 @@ void klp_unpatch_replaced_patches(struct klp_patch *new_patch)
if (old_patch == new_patch)
return;
+ if (old_patch->replace_set != new_patch->replace_set)
+ continue;
old_patch->enabled = false;
klp_unpatch_objects(old_patch);
}
diff --git a/kernel/livepatch/state.c b/kernel/livepatch/state.c
index 2565d039ade0..a2d223f2bbc0 100644
--- a/kernel/livepatch/state.c
+++ b/kernel/livepatch/state.c
@@ -85,24 +85,25 @@ EXPORT_SYMBOL_GPL(klp_get_prev_state);
/* Check if the patch is able to deal with the existing system state. */
static bool klp_is_state_compatible(struct klp_patch *patch,
+ struct klp_patch *old_patch,
struct klp_state *old_state)
{
struct klp_state *state;
state = klp_get_state(patch, old_state->id);
- /* A cumulative livepatch must handle all already modified states. */
+ /*
+ * If the new livepatch shares a state set with an existing one, it
+ * must maintain compatibility with all states modified by the old
+ * patch.
+ */
if (!state)
- return !patch->replace;
+ return patch->replace_set != old_patch->replace_set;
return state->version >= old_state->version;
}
-/*
- * Check that the new livepatch will not break the existing system states.
- * Cumulative patches must handle all already modified states.
- * Non-cumulative patches can touch already modified states.
- */
+/* Check that the new livepatch will not break the existing system states. */
bool klp_is_patch_compatible(struct klp_patch *patch)
{
struct klp_patch *old_patch;
@@ -110,7 +111,7 @@ bool klp_is_patch_compatible(struct klp_patch *patch)
klp_for_each_patch(old_patch) {
klp_for_each_state(old_patch, old_state) {
- if (!klp_is_state_compatible(patch, old_state))
+ if (!klp_is_state_compatible(patch, old_patch, old_state))
return false;
}
}
diff --git a/kernel/livepatch/transition.c b/kernel/livepatch/transition.c
index 2351a19ac2a9..d9f5968fecdc 100644
--- a/kernel/livepatch/transition.c
+++ b/kernel/livepatch/transition.c
@@ -89,7 +89,7 @@ static void klp_complete_transition(void)
klp_transition_patch->mod->name,
klp_target_state == KLP_TRANSITION_PATCHED ? "patching" : "unpatching");
- if (klp_transition_patch->replace && klp_target_state == KLP_TRANSITION_PATCHED) {
+ if (klp_target_state == KLP_TRANSITION_PATCHED) {
klp_unpatch_replaced_patches(klp_transition_patch);
klp_discard_nops(klp_transition_patch);
}
@@ -498,7 +498,7 @@ void klp_try_complete_transition(void)
*/
if (!patch->enabled)
klp_free_patch_async(patch);
- else if (patch->replace)
+ else
klp_free_replaced_patches_async(patch);
}
@@ -720,11 +720,11 @@ void klp_force_transition(void)
klp_update_patch_state(idle_task(cpu));
/* Set forced flag for patches being removed. */
- if (klp_target_state == KLP_TRANSITION_UNPATCHED)
+ if (klp_target_state == KLP_TRANSITION_UNPATCHED) {
klp_transition_patch->forced = true;
- else if (klp_transition_patch->replace) {
+ } else {
klp_for_each_patch(patch) {
- if (patch != klp_transition_patch)
+ if (patch->replace_set == klp_transition_patch->replace_set)
patch->forced = true;
}
}
diff --git a/scripts/livepatch/init.c b/scripts/livepatch/init.c
index f14d8c8fb35f..659db21a5b53 100644
--- a/scripts/livepatch/init.c
+++ b/scripts/livepatch/init.c
@@ -72,12 +72,7 @@ static int __init livepatch_mod_init(void)
/* TODO patch->states */
-#ifdef KLP_NO_REPLACE
- patch->replace = false;
-#else
- patch->replace = true;
-#endif
-
+ patch->replace_set = KLP_REPLACE_TAG;
return klp_enable_patch(patch);
err_free_objs:
diff --git a/scripts/livepatch/klp-build b/scripts/livepatch/klp-build
index 7b82c7503c2b..66d4a0631f1b 100755
--- a/scripts/livepatch/klp-build
+++ b/scripts/livepatch/klp-build
@@ -117,7 +117,7 @@ Options:
-f, --show-first-changed Show address of first changed instruction
-j, --jobs=<jobs> Build jobs to run simultaneously [default: $JOBS]
-o, --output=<file.ko> Output file [default: livepatch-<patch-name>.ko]
- --no-replace Disable livepatch atomic replace
+ -s, --replace-set=<set> Set the atomic replace set for this livepatch
-v, --verbose Pass V=1 to kernel/module builds
Advanced Options:
@@ -142,8 +142,8 @@ process_args() {
local long
local args
- short="hfj:o:vdS:T"
- long="help,show-first-changed,jobs:,output:,no-replace,verbose,debug,short-circuit:,keep-tmp"
+ short="hfj:o:s:vdS:T"
+ long="help,show-first-changed,jobs:,output:,replace-set:,verbose,debug,short-circuit:,keep-tmp"
args=$(getopt --options "$short" --longoptions "$long" -- "$@") || {
echo; usage; exit
@@ -172,9 +172,9 @@ process_args() {
NAME="$(module_name_string "$NAME")"
shift 2
;;
- --no-replace)
- REPLACE=0
- shift
+ -s | --replace-set)
+ REPLACE="$2"
+ shift 2
;;
-v | --verbose)
VERBOSE="V=1"
@@ -759,7 +759,7 @@ build_patch_module() {
cflags=("-ffunction-sections")
cflags+=("-fdata-sections")
- [[ $REPLACE -eq 0 ]] && cflags+=("-DKLP_NO_REPLACE")
+ cflags+=("-DKLP_REPLACE_TAG=$REPLACE")
cmd=("make")
cmd+=("$VERBOSE")
--
2.47.3
^ permalink raw reply related
* [RFC PATCH 2/6] livepatch: Add callbacks for introducing and removing states
From: Yafang Shao @ 2026-05-13 14:33 UTC (permalink / raw)
To: jpoimboe, jikos, mbenes, pmladek, joe.lawrence, song
Cc: live-patching, Yafang Shao
In-Reply-To: <20260513143321.26185-1-laoar.shao@gmail.com>
From: Petr Mladek <pmladek@suse.com>
The basic livepatch functionality is to redirect problematic functions
to a fixed or improved variants. In addition, there are two features
helping with more problematic situations:
+ pre_patch(), post_patch(), pre_unpatch(), post_unpatch() callbacks
might be called before and after the respective transitions.
For example, post_patch() callback might enable some functionality
at the end of the transition when the entire system is using
the new code.
+ Shadow variables allow to add new items into structures or other
data objects.
The practice has shown that these features were hard to use with the atomic
replace feature. The new livepatch usually just adds more fixes. But it
might also remove problematic ones.
Originally, any version of the livepatch was allowed to replace any older
or newer version of the patch. It was not clear how to handle the extra
features. The new patch did not know whether to run the callbacks or
if the changes were already done by the current livepatch. Or if it has
to revert some changes or free shadow variables whey they would no longer
be supported.
It was even more complicated because only the callbacks from the newly
installed livepatch were called. It means that older livepatch might
not be able to revert changes supported only by newer livepatches.
The above problems were supposed to be solved by adding livepatch
states. Each livepatch might define which states are supported. The states
are versioned. The livepatch core checks if the newly installed livepatch
is able to handle all states used by the currently installed livepatch.
Though the practice has shown that the states API was not easy to use
either. It was not well connected with the callbacks and shadow variables.
The states are per-patch. The callbacks are per-object. The livepatch
does not know about the supported shadow variables at all.
As a first step, new per-state callbacks are introduced:
+ "pre_patch" is called before the livepatch is applied but only when
the state is new.
It might be used to allocate some memory. Or it might
check if the state change is safe on the running system.
If it fails, the patch will not be enabled.
+ "post_patch" is called after the livepatch is applied but only when
the state is new.
It might be used to enable using some functionality provided by
the livepatch after the entire system is livepatched.
+ "pre_unpatch" is called before the livepatch is disabled or replaced.
When using the atomic replace, the callback is called only when
the new livepatch does not support the related state. And it uses
the implementation from the to-be-replaced livepatch.
The to-be-replaced livepatch needed the callback to allow disabling
the livepatch anyway. The new livepatch does not need to know
anything about the state.
It might be used to disable some functionality which will no longer
be supported after the livepatch gets disabled.
+ "post_unpatch" is called after the livepatch was disabled or replaced.
There are the same rules for the atomic replace replacement as for
"pre_patch" callback.
It might be used for freeing some memory or unused shadow variables.
These callbacks are going to replace the existing ones. It would cause
some changes:
+ The new callbacks are not called when a livepatched object is
loaded or removed later.
The practice shows that per-object callbacks are not worth
supporting. In a rare case, when a per-object callback is needed.
the livepatch might register a custom module notifier.
+ The new callbacks are called only when the state is introduced
or removed. It does not handle the situation when the newly
installed livepatch continues using an existing state.
The practice shows that this is exactly what is needed. In the rare
case when this is not enough, an extra takeover might be done in
the module->init() callback.
The per-state callbacks are called in similar code paths as the per-object
ones. Especially, the ordering against the other operations is the same.
Though, there are some obvious and less obvious changes:
+ The per-state callbacks are called for the entire patch instead
of loaded object. It means that they called outside the for-each-object
cycle.
+ The per-state callbacks are called when a state is introduced
or obsoleted. Both variants might happen when the atomic replace
is used.
+ In __klp_enable_patch(), the per-state callbacks are called before
the smp_wmb() while the per-object ones are called later.
The new location makes more sense. The setup of the state should
be ready before the system processes start being transitioned.
The per-object callbacks were called after the barrier. They were
using and already existing for-cycle. Nobody though about the potential
ordering problem when it was implemented.
Signed-off-by: Petr Mladek <pmladek@suse.com>
Signed-off-by: Yafang Shao <laoar.shao@gmail.com>
---
include/linux/livepatch.h | 34 ++++++++
kernel/livepatch/core.c | 8 ++
kernel/livepatch/state.c | 144 ++++++++++++++++++++++++++++++++++
kernel/livepatch/state.h | 8 ++
kernel/livepatch/transition.c | 14 ++++
5 files changed, 208 insertions(+)
diff --git a/include/linux/livepatch.h b/include/linux/livepatch.h
index 171c08328299..f43bf2676597 100644
--- a/include/linux/livepatch.h
+++ b/include/linux/livepatch.h
@@ -106,15 +106,49 @@ struct klp_object {
bool patched;
};
+struct klp_patch;
+struct klp_state;
+
+/**
+ * struct klp_state_callbacks - callbacks manipulating the state
+ * @pre_patch: executed only when the state is being enabled
+ * before code patching
+ * @post_patch: executed only when the state is being enabled
+ * after code patching
+ * @pre_unpatch: executed only when the state is being disabled
+ * before code unpatching
+ * @post_unpatch: executed only when the state is being disabled
+ * after code unpatching
+ * @pre_patch_succeeded: internal state used by a rollback on error
+ *
+ * All callbacks are optional.
+ *
+ * @pre_patch callback returns 0 on success and an error code otherwise.
+ *
+ * Any error prevents enabling the livepatch. @post_unpatch() callbacks are
+ * then called to rollback @pre_patch callbacks which has already succeeded
+ * before. Also @post_patch callbacks are called for to-be-removed states
+ * to rollback pre_unpatch() callbacks when they were called.
+ */
+struct klp_state_callbacks {
+ int (*pre_patch)(struct klp_patch *patch, struct klp_state *state);
+ void (*post_patch)(struct klp_patch *patch, struct klp_state *state);
+ void (*pre_unpatch)(struct klp_patch *patch, struct klp_state *state);
+ void (*post_unpatch)(struct klp_patch *patch, struct klp_state *state);
+ bool pre_patch_succeeded;
+};
+
/**
* struct klp_state - state of the system modified by the livepatch
* @id: system state identifier (non-zero)
* @version: version of the change
+ * @callbacks: optional callbacks used when enabling or disabling the state
* @data: custom data
*/
struct klp_state {
unsigned long id;
unsigned int version;
+ struct klp_state_callbacks callbacks;
void *data;
};
diff --git a/kernel/livepatch/core.c b/kernel/livepatch/core.c
index 9eeded1f9cf0..95c099a8f594 100644
--- a/kernel/livepatch/core.c
+++ b/kernel/livepatch/core.c
@@ -1019,6 +1019,8 @@ static int __klp_disable_patch(struct klp_patch *patch)
klp_init_transition(patch, KLP_TRANSITION_UNPATCHED);
+ klp_states_pre_unpatch(patch);
+
klp_for_each_object(patch, obj)
if (obj->patched)
klp_pre_unpatch_callback(obj);
@@ -1054,6 +1056,12 @@ static int __klp_enable_patch(struct klp_patch *patch)
klp_init_transition(patch, KLP_TRANSITION_PATCHED);
+ ret = klp_states_pre_patch(patch);
+ if (ret)
+ goto err;
+
+ klp_states_pre_unpatch_replaced(patch);
+
/*
* Enforce the order of the func->transition writes in
* klp_init_transition() and the ops->func_stack writes in
diff --git a/kernel/livepatch/state.c b/kernel/livepatch/state.c
index a2d223f2bbc0..a90c24d79084 100644
--- a/kernel/livepatch/state.c
+++ b/kernel/livepatch/state.c
@@ -118,3 +118,147 @@ bool klp_is_patch_compatible(struct klp_patch *patch)
return true;
}
+
+static bool is_state_in_other_patches(struct klp_patch *patch,
+ struct klp_state *state)
+{
+ struct klp_patch *p;
+ struct klp_state *s;
+
+ klp_for_each_patch(p) {
+ if (p == patch)
+ continue;
+
+ klp_for_each_state(p, s) {
+ if (s->id == state->id)
+ return true;
+ }
+ }
+
+ return false;
+}
+
+int klp_states_pre_patch(struct klp_patch *patch)
+{
+ struct klp_state *state;
+
+ klp_for_each_state(patch, state) {
+ if (!is_state_in_other_patches(patch, state) &&
+ state->callbacks.pre_patch) {
+ int err;
+
+ err = state->callbacks.pre_patch(patch, state);
+ if (err)
+ return err;
+ }
+
+ state->callbacks.pre_patch_succeeded = true;
+ }
+
+ return 0;
+}
+
+void klp_states_post_patch(struct klp_patch *patch)
+{
+ struct klp_state *state;
+
+ klp_for_each_state(patch, state) {
+ if (is_state_in_other_patches(patch, state))
+ continue;
+
+ if (state->callbacks.post_patch)
+ state->callbacks.post_patch(patch, state);
+ }
+}
+
+void klp_states_pre_unpatch(struct klp_patch *patch)
+{
+ struct klp_state *state;
+
+ klp_for_each_state(patch, state) {
+ if (is_state_in_other_patches(patch, state))
+ continue;
+
+ if (state->callbacks.pre_unpatch)
+ state->callbacks.pre_unpatch(patch, state);
+ }
+}
+
+void klp_states_post_unpatch(struct klp_patch *patch)
+{
+ struct klp_state *state;
+
+ klp_for_each_state(patch, state) {
+ if (is_state_in_other_patches(patch, state))
+ continue;
+
+ /*
+ * This only occurs when a transition is canceled after
+ * a preparation step failed.
+ */
+ if (!state->callbacks.pre_patch_succeeded)
+ continue;
+
+ if (state->callbacks.post_unpatch)
+ state->callbacks.post_unpatch(patch, state);
+
+ state->callbacks.pre_patch_succeeded = 0;
+ }
+}
+
+/*
+ * Make it clear when pre_unpatch() callbacks need to be reverted
+ * in case of failure.
+ */
+static bool klp_states_pre_unpatch_replaced_called;
+
+void klp_states_pre_unpatch_replaced(struct klp_patch *patch)
+{
+ struct klp_patch *old_patch;
+
+ /* Make sure that it was cleared at the end of the last transition. */
+ WARN_ON(klp_states_pre_unpatch_replaced_called);
+
+ klp_for_each_patch(old_patch) {
+ if (old_patch->replace_set == patch->replace_set &&
+ old_patch != patch)
+ klp_states_pre_unpatch(old_patch);
+ }
+
+ klp_states_pre_unpatch_replaced_called = true;
+}
+
+void klp_states_post_unpatch_replaced(struct klp_patch *patch)
+{
+ struct klp_patch *old_patch;
+
+ klp_for_each_patch(old_patch) {
+ if (old_patch->replace_set == patch->replace_set &&
+ old_patch != patch)
+ klp_states_post_unpatch(old_patch);
+ }
+
+ /* Reset for the next transition. */
+ klp_states_pre_unpatch_replaced_called = false;
+}
+
+void klp_states_post_patch_replaced(struct klp_patch *patch)
+{
+ struct klp_patch *old_patch;
+
+ /*
+ * This only occurs when a transition is canceled after
+ * a preparation step failed.
+ */
+ if (!klp_states_pre_unpatch_replaced_called)
+ return;
+
+ klp_for_each_patch(old_patch) {
+ if (old_patch->replace_set == patch->replace_set &&
+ old_patch != patch)
+ klp_states_post_patch(old_patch);
+ }
+
+ /* Reset for the next transition. */
+ klp_states_pre_unpatch_replaced_called = false;
+}
diff --git a/kernel/livepatch/state.h b/kernel/livepatch/state.h
index 49d9c16e8762..65c0c2cde04c 100644
--- a/kernel/livepatch/state.h
+++ b/kernel/livepatch/state.h
@@ -5,5 +5,13 @@
#include <linux/livepatch.h>
bool klp_is_patch_compatible(struct klp_patch *patch);
+int klp_states_pre_patch(struct klp_patch *patch);
+void klp_states_post_patch(struct klp_patch *patch);
+void klp_states_pre_unpatch(struct klp_patch *patch);
+void klp_states_post_unpatch(struct klp_patch *patch);
+
+void klp_states_pre_unpatch_replaced(struct klp_patch *patch);
+void klp_states_post_unpatch_replaced(struct klp_patch *patch);
+void klp_states_post_patch_replaced(struct klp_patch *patch);
#endif /* _LIVEPATCH_STATE_H */
diff --git a/kernel/livepatch/transition.c b/kernel/livepatch/transition.c
index d9f5968fecdc..1a2b11be7b5a 100644
--- a/kernel/livepatch/transition.c
+++ b/kernel/livepatch/transition.c
@@ -12,6 +12,7 @@
#include <linux/static_call.h>
#include "core.h"
#include "patch.h"
+#include "state.h"
#include "transition.h"
#define MAX_STACK_ENTRIES 100
@@ -92,6 +93,7 @@ static void klp_complete_transition(void)
if (klp_target_state == KLP_TRANSITION_PATCHED) {
klp_unpatch_replaced_patches(klp_transition_patch);
klp_discard_nops(klp_transition_patch);
+ klp_states_post_unpatch_replaced(klp_transition_patch);
}
if (klp_target_state == KLP_TRANSITION_UNPATCHED) {
@@ -131,6 +133,18 @@ static void klp_complete_transition(void)
task->patch_state = KLP_TRANSITION_IDLE;
}
+ if (klp_target_state == KLP_TRANSITION_PATCHED) {
+ klp_states_post_patch(klp_transition_patch);
+ } else if (klp_target_state == KLP_TRANSITION_UNPATCHED) {
+ /*
+ * Re-enable states which should have been replaced but
+ * the transition was cancelled or reverted.
+ */
+ klp_states_post_patch_replaced(klp_transition_patch);
+
+ klp_states_post_unpatch(klp_transition_patch);
+ }
+
klp_for_each_object(klp_transition_patch, obj) {
if (!klp_is_object_loaded(obj))
continue;
--
2.47.3
^ permalink raw reply related
* [RFC PATCH 3/6] livepatch: Allow to handle lifetime of shadow variables using the livepatch state
From: Yafang Shao @ 2026-05-13 14:33 UTC (permalink / raw)
To: jpoimboe, jikos, mbenes, pmladek, joe.lawrence, song; +Cc: live-patching
In-Reply-To: <20260513143321.26185-1-laoar.shao@gmail.com>
From: Petr Mladek <pmladek@suse.com>
Managing the lifetime of shadow variables becomes challenging when atomic
replace is used. The new patch cannot determine whether a shadow variable
has already been used by a previous live patch or if there is a shadow
variable that is no longer in use.
Shadow variables are typically used alongside callbacks. At a minimum,
the @post_unpatch callback is called to free shadow variables that are
no longer needed. Additionally, @post_patch and @pre_unpatch callbacks
are sometimes used to enable or disable the use of shadow variables.
This is necessary when the shadow variable can only be used when
the entire system is capable of handling it.
The complexity increases when using the atomic replace feature,
as only the callbacks from the new live patch are executed.
Newly created live patches might manage obsolete shadow variables,
ensuring the upgrade functions correctly. However, older live
patches are unaware of shadow variables introduced later, which
could lead to leaks during a downgrade. Additionally, these
leaked variables might retain outdated information, potentially
causing issues if those variables are reused in a subsequent upgrade.
These issues are better addressed with the new callbacks associated
with a live patch state. These callbacks are triggered both when
the states are first introduced and when they become obsolete.
Additionally, the callbacks are invoked from the patch that
originally supported the state, ensuring that even downgrades are
handled safely.
Let’s formalize the process: Associate a shadow variable with a live
patch state by setting the "state.is_shadow" flag and using the same
"id" in both struct klp_shadow and struct klp_state.
The shadow variable will then share the same lifetime as the livepatch
state, allowing obsolete shadow variables to be automatically freed
without requiring an additional callback.
A generic callback will free the shadow variables using
the state->callbacks.shadow_dtor callback, if provided.
Signed-off-by: Petr Mladek <pmladek@suse.com>
---
include/linux/livepatch.h | 15 ++++++++++-----
kernel/livepatch/state.c | 3 +++
2 files changed, 13 insertions(+), 5 deletions(-)
diff --git a/include/linux/livepatch.h b/include/linux/livepatch.h
index f43bf2676597..be4584044cf4 100644
--- a/include/linux/livepatch.h
+++ b/include/linux/livepatch.h
@@ -109,6 +109,11 @@ struct klp_object {
struct klp_patch;
struct klp_state;
+typedef int (*klp_shadow_ctor_t)(void *obj,
+ void *shadow_data,
+ void *ctor_data);
+typedef void (*klp_shadow_dtor_t)(void *obj, void *shadow_data);
+
/**
* struct klp_state_callbacks - callbacks manipulating the state
* @pre_patch: executed only when the state is being enabled
@@ -119,6 +124,7 @@ struct klp_state;
* before code unpatching
* @post_unpatch: executed only when the state is being disabled
* after code unpatching
+ * @shadow_dtor: destructor for the related shadow variable
* @pre_patch_succeeded: internal state used by a rollback on error
*
* All callbacks are optional.
@@ -135,6 +141,7 @@ struct klp_state_callbacks {
void (*post_patch)(struct klp_patch *patch, struct klp_state *state);
void (*pre_unpatch)(struct klp_patch *patch, struct klp_state *state);
void (*post_unpatch)(struct klp_patch *patch, struct klp_state *state);
+ klp_shadow_dtor_t shadow_dtor;
bool pre_patch_succeeded;
};
@@ -143,12 +150,15 @@ struct klp_state_callbacks {
* @id: system state identifier (non-zero)
* @version: version of the change
* @callbacks: optional callbacks used when enabling or disabling the state
+ * @is_shadow: the state handles lifetime of a shadow variable with
+ * the same @id
* @data: custom data
*/
struct klp_state {
unsigned long id;
unsigned int version;
struct klp_state_callbacks callbacks;
+ bool is_shadow;
void *data;
};
@@ -227,11 +237,6 @@ static inline bool klp_have_reliable_stack(void)
IS_ENABLED(CONFIG_HAVE_RELIABLE_STACKTRACE);
}
-typedef int (*klp_shadow_ctor_t)(void *obj,
- void *shadow_data,
- void *ctor_data);
-typedef void (*klp_shadow_dtor_t)(void *obj, void *shadow_data);
-
void *klp_shadow_get(void *obj, unsigned long id);
void *klp_shadow_alloc(void *obj, unsigned long id,
size_t size, gfp_t gfp_flags,
diff --git a/kernel/livepatch/state.c b/kernel/livepatch/state.c
index a90c24d79084..43115e8e8453 100644
--- a/kernel/livepatch/state.c
+++ b/kernel/livepatch/state.c
@@ -202,6 +202,9 @@ void klp_states_post_unpatch(struct klp_patch *patch)
if (state->callbacks.post_unpatch)
state->callbacks.post_unpatch(patch, state);
+ if (state->is_shadow)
+ klp_shadow_free_all(state->id, state->callbacks.shadow_dtor);
+
state->callbacks.pre_patch_succeeded = 0;
}
}
--
2.47.3
^ permalink raw reply related
* [RFC PATCH 4/6] livepatch: Remove "data" from struct klp_state
From: Yafang Shao @ 2026-05-13 14:33 UTC (permalink / raw)
To: jpoimboe, jikos, mbenes, pmladek, joe.lawrence, song; +Cc: live-patching
In-Reply-To: <20260513143321.26185-1-laoar.shao@gmail.com>
From: Petr Mladek <pmladek@suse.com>
The "data" pointer in "struct klp_state" is associated with the lifetime of
the livepatch module, not the livepatch state. This means it's lost when a
livepatch is replaced, even if the new livepatch supports the same state.
Shadow variables provide a more reliable way to attach data to a livepatch
state. Their lifetime can be tied to the state's lifetime by:
- Sharing the same "id"
- Setting "is_shadow" in "struct klp_state"
Removing the "data" pointer prevents potential issues once per-object
callbacks are removed, as it cannot be used securely in that context.
Signed-off-by: Petr Mladek <pmladek@suse.com>
---
include/linux/livepatch.h | 2 --
1 file changed, 2 deletions(-)
diff --git a/include/linux/livepatch.h b/include/linux/livepatch.h
index be4584044cf4..340b04a0de83 100644
--- a/include/linux/livepatch.h
+++ b/include/linux/livepatch.h
@@ -152,14 +152,12 @@ struct klp_state_callbacks {
* @callbacks: optional callbacks used when enabling or disabling the state
* @is_shadow: the state handles lifetime of a shadow variable with
* the same @id
- * @data: custom data
*/
struct klp_state {
unsigned long id;
unsigned int version;
struct klp_state_callbacks callbacks;
bool is_shadow;
- void *data;
};
/**
--
2.47.3
^ permalink raw reply related
* [RFC PATCH 5/6] livepatch: Remove obsolete per-object callbacks
From: Yafang Shao @ 2026-05-13 14:33 UTC (permalink / raw)
To: jpoimboe, jikos, mbenes, pmladek, joe.lawrence, song
Cc: live-patching, Yafang Shao
In-Reply-To: <20260513143321.26185-1-laoar.shao@gmail.com>
This commit removes the obsolete per-object callbacks from the livepatch
framework. All selftests have been migrated to the new per-state
callbacks, making the per-object callbacks redundant.
Instead, use the new per-state callbacks. They offer improved semantics
by associating callbacks and shadow variables with a specific state,
enabling better lifetime management of changes.
Originally-by: Petr Mladek <pmladek@suse.com>
Signed-off-by: Yafang Shao <laoar.shao@gmail.com>
---
include/linux/livepatch.h | 40 ---------------
include/linux/livepatch_external.h | 62 +++++++++++++++---------
kernel/livepatch/core.c | 29 -----------
kernel/livepatch/core.h | 33 -------------
kernel/livepatch/transition.c | 9 ----
scripts/livepatch/init.c | 2 -
tools/include/linux/livepatch_external.h | 62 +++++++++++++++---------
tools/objtool/klp-diff.c | 16 +++---
8 files changed, 84 insertions(+), 169 deletions(-)
diff --git a/include/linux/livepatch.h b/include/linux/livepatch.h
index 340b04a0de83..221f176f1f51 100644
--- a/include/linux/livepatch.h
+++ b/include/linux/livepatch.h
@@ -95,7 +95,6 @@ struct klp_object {
/* external */
const char *name;
struct klp_func *funcs;
- struct klp_callbacks callbacks;
/* internal */
struct kobject kobj;
@@ -106,45 +105,6 @@ struct klp_object {
bool patched;
};
-struct klp_patch;
-struct klp_state;
-
-typedef int (*klp_shadow_ctor_t)(void *obj,
- void *shadow_data,
- void *ctor_data);
-typedef void (*klp_shadow_dtor_t)(void *obj, void *shadow_data);
-
-/**
- * struct klp_state_callbacks - callbacks manipulating the state
- * @pre_patch: executed only when the state is being enabled
- * before code patching
- * @post_patch: executed only when the state is being enabled
- * after code patching
- * @pre_unpatch: executed only when the state is being disabled
- * before code unpatching
- * @post_unpatch: executed only when the state is being disabled
- * after code unpatching
- * @shadow_dtor: destructor for the related shadow variable
- * @pre_patch_succeeded: internal state used by a rollback on error
- *
- * All callbacks are optional.
- *
- * @pre_patch callback returns 0 on success and an error code otherwise.
- *
- * Any error prevents enabling the livepatch. @post_unpatch() callbacks are
- * then called to rollback @pre_patch callbacks which has already succeeded
- * before. Also @post_patch callbacks are called for to-be-removed states
- * to rollback pre_unpatch() callbacks when they were called.
- */
-struct klp_state_callbacks {
- int (*pre_patch)(struct klp_patch *patch, struct klp_state *state);
- void (*post_patch)(struct klp_patch *patch, struct klp_state *state);
- void (*pre_unpatch)(struct klp_patch *patch, struct klp_state *state);
- void (*post_unpatch)(struct klp_patch *patch, struct klp_state *state);
- klp_shadow_dtor_t shadow_dtor;
- bool pre_patch_succeeded;
-};
-
/**
* struct klp_state - state of the system modified by the livepatch
* @id: system state identifier (non-zero)
diff --git a/include/linux/livepatch_external.h b/include/linux/livepatch_external.h
index 138af19b0f5c..d9123d0c5dff 100644
--- a/include/linux/livepatch_external.h
+++ b/include/linux/livepatch_external.h
@@ -21,33 +21,48 @@
#define KLP_PRE_UNPATCH_PREFIX __stringify(__KLP_PRE_UNPATCH_PREFIX)
#define KLP_POST_UNPATCH_PREFIX __stringify(__KLP_POST_UNPATCH_PREFIX)
-struct klp_object;
-
-typedef int (*klp_pre_patch_t)(struct klp_object *obj);
-typedef void (*klp_post_patch_t)(struct klp_object *obj);
-typedef void (*klp_pre_unpatch_t)(struct klp_object *obj);
-typedef void (*klp_post_unpatch_t)(struct klp_object *obj);
+struct klp_state;
+struct klp_patch;
+typedef int (*klp_shadow_ctor_t)(void *obj,
+ void *shadow_data,
+ void *ctor_data);
+typedef void (*klp_shadow_dtor_t)(void *obj, void *shadow_data);
/**
- * struct klp_callbacks - pre/post live-(un)patch callback structure
- * @pre_patch: executed before code patching
- * @post_patch: executed after code patching
- * @pre_unpatch: executed before code unpatching
- * @post_unpatch: executed after code unpatching
- * @post_unpatch_enabled: flag indicating if post-unpatch callback
- * should run
+ * struct klp_state_callbacks - callbacks manipulating the state
+ * @pre_patch: executed only when the state is being enabled
+ * before code patching
+ * @post_patch: executed only when the state is being enabled
+ * after code patching
+ * @pre_unpatch: executed only when the state is being disabled
+ * before code unpatching
+ * @post_unpatch: executed only when the state is being disabled
+ * after code unpatching
+ * @shadow_dtor: destructor for the related shadow variable
+ * @pre_patch_succeeded: internal state used by a rollback on error
+ *
+ * All callbacks are optional.
+ *
+ * @pre_patch callback returns 0 on success and an error code otherwise.
*
- * All callbacks are optional. Only the pre-patch callback, if provided,
- * will be unconditionally executed. If the parent klp_object fails to
- * patch for any reason, including a non-zero error status returned from
- * the pre-patch callback, no further callbacks will be executed.
+ * Any error prevents enabling the livepatch. @post_unpatch() callbacks are
+ * then called to rollback @pre_patch callbacks which has already succeeded
+ * before. Also @post_patch callbacks are called for to-be-removed states
+ * to rollback pre_unpatch() callbacks when they were called.
*/
-struct klp_callbacks {
- klp_pre_patch_t pre_patch;
- klp_post_patch_t post_patch;
- klp_pre_unpatch_t pre_unpatch;
- klp_post_unpatch_t post_unpatch;
- bool post_unpatch_enabled;
+struct klp_state_callbacks {
+ int (*pre_patch)(struct klp_patch *patch, struct klp_state *state);
+ void (*post_patch)(struct klp_patch *patch, struct klp_state *state);
+ void (*pre_unpatch)(struct klp_patch *patch, struct klp_state *state);
+ void (*post_unpatch)(struct klp_patch *patch, struct klp_state *state);
+ klp_shadow_dtor_t shadow_dtor;
+ bool pre_patch_succeeded;
+};
+
+struct klp_state_ext {
+ unsigned long id;
+ unsigned int version;
+ struct klp_state_callbacks callbacks;
};
/*
@@ -69,7 +84,6 @@ struct klp_func_ext {
struct klp_object_ext {
const char *name;
struct klp_func_ext *funcs;
- struct klp_callbacks callbacks;
unsigned int nr_funcs;
};
diff --git a/kernel/livepatch/core.c b/kernel/livepatch/core.c
index 95c099a8f594..eae807916ca0 100644
--- a/kernel/livepatch/core.c
+++ b/kernel/livepatch/core.c
@@ -1009,8 +1009,6 @@ static int klp_init_patch(struct klp_patch *patch)
static int __klp_disable_patch(struct klp_patch *patch)
{
- struct klp_object *obj;
-
if (WARN_ON(!patch->enabled))
return -EINVAL;
@@ -1021,10 +1019,6 @@ static int __klp_disable_patch(struct klp_patch *patch)
klp_states_pre_unpatch(patch);
- klp_for_each_object(patch, obj)
- if (obj->patched)
- klp_pre_unpatch_callback(obj);
-
/*
* Enforce the order of the func->transition writes in
* klp_init_transition() and the TIF_PATCH_PENDING writes in
@@ -1075,13 +1069,6 @@ static int __klp_enable_patch(struct klp_patch *patch)
if (!klp_is_object_loaded(obj))
continue;
- ret = klp_pre_patch_callback(obj);
- if (ret) {
- pr_warn("pre-patch callback failed for object '%s'\n",
- klp_is_module(obj) ? obj->name : "vmlinux");
- goto err;
- }
-
ret = klp_patch_object(obj);
if (ret) {
pr_warn("failed to patch object '%s'\n",
@@ -1253,14 +1240,10 @@ static void klp_cleanup_module_patches_limited(struct module *mod,
if (!klp_is_module(obj) || strcmp(obj->name, mod->name))
continue;
- if (patch != klp_transition_patch)
- klp_pre_unpatch_callback(obj);
-
pr_notice("reverting patch '%s' on unloading module '%s'\n",
patch->mod->name, obj->mod->name);
klp_unpatch_object(obj);
- klp_post_unpatch_callback(obj);
klp_clear_object_relocs(patch, obj);
klp_free_object_loaded(obj);
break;
@@ -1307,25 +1290,13 @@ int klp_module_coming(struct module *mod)
pr_notice("applying patch '%s' to loading module '%s'\n",
patch->mod->name, obj->mod->name);
- ret = klp_pre_patch_callback(obj);
- if (ret) {
- pr_warn("pre-patch callback failed for object '%s'\n",
- obj->name);
- goto err;
- }
-
ret = klp_patch_object(obj);
if (ret) {
pr_warn("failed to apply patch '%s' to module '%s' (%d)\n",
patch->mod->name, obj->mod->name, ret);
-
- klp_post_unpatch_callback(obj);
goto err;
}
- if (patch != klp_transition_patch)
- klp_post_patch_callback(obj);
-
break;
}
}
diff --git a/kernel/livepatch/core.h b/kernel/livepatch/core.h
index 38209c7361b6..02b8364f6779 100644
--- a/kernel/livepatch/core.h
+++ b/kernel/livepatch/core.h
@@ -23,37 +23,4 @@ static inline bool klp_is_object_loaded(struct klp_object *obj)
return !obj->name || obj->mod;
}
-static inline int klp_pre_patch_callback(struct klp_object *obj)
-{
- int ret = 0;
-
- if (obj->callbacks.pre_patch)
- ret = (*obj->callbacks.pre_patch)(obj);
-
- obj->callbacks.post_unpatch_enabled = !ret;
-
- return ret;
-}
-
-static inline void klp_post_patch_callback(struct klp_object *obj)
-{
- if (obj->callbacks.post_patch)
- (*obj->callbacks.post_patch)(obj);
-}
-
-static inline void klp_pre_unpatch_callback(struct klp_object *obj)
-{
- if (obj->callbacks.pre_unpatch)
- (*obj->callbacks.pre_unpatch)(obj);
-}
-
-static inline void klp_post_unpatch_callback(struct klp_object *obj)
-{
- if (obj->callbacks.post_unpatch_enabled &&
- obj->callbacks.post_unpatch)
- (*obj->callbacks.post_unpatch)(obj);
-
- obj->callbacks.post_unpatch_enabled = false;
-}
-
#endif /* _LIVEPATCH_CORE_H */
diff --git a/kernel/livepatch/transition.c b/kernel/livepatch/transition.c
index 1a2b11be7b5a..f844283b5423 100644
--- a/kernel/livepatch/transition.c
+++ b/kernel/livepatch/transition.c
@@ -145,15 +145,6 @@ static void klp_complete_transition(void)
klp_states_post_unpatch(klp_transition_patch);
}
- klp_for_each_object(klp_transition_patch, obj) {
- if (!klp_is_object_loaded(obj))
- continue;
- if (klp_target_state == KLP_TRANSITION_PATCHED)
- klp_post_patch_callback(obj);
- else if (klp_target_state == KLP_TRANSITION_UNPATCHED)
- klp_post_unpatch_callback(obj);
- }
-
pr_notice("'%s': %s complete\n", klp_transition_patch->mod->name,
klp_target_state == KLP_TRANSITION_PATCHED ? "patching" : "unpatching");
diff --git a/scripts/livepatch/init.c b/scripts/livepatch/init.c
index 659db21a5b53..04e8d20bab2a 100644
--- a/scripts/livepatch/init.c
+++ b/scripts/livepatch/init.c
@@ -63,8 +63,6 @@ static int __init livepatch_mod_init(void)
obj->name = obj_ext->name;
obj->funcs = funcs;
-
- memcpy(&obj->callbacks, &obj_ext->callbacks, sizeof(struct klp_callbacks));
}
patch->mod = THIS_MODULE;
diff --git a/tools/include/linux/livepatch_external.h b/tools/include/linux/livepatch_external.h
index 138af19b0f5c..d9123d0c5dff 100644
--- a/tools/include/linux/livepatch_external.h
+++ b/tools/include/linux/livepatch_external.h
@@ -21,33 +21,48 @@
#define KLP_PRE_UNPATCH_PREFIX __stringify(__KLP_PRE_UNPATCH_PREFIX)
#define KLP_POST_UNPATCH_PREFIX __stringify(__KLP_POST_UNPATCH_PREFIX)
-struct klp_object;
-
-typedef int (*klp_pre_patch_t)(struct klp_object *obj);
-typedef void (*klp_post_patch_t)(struct klp_object *obj);
-typedef void (*klp_pre_unpatch_t)(struct klp_object *obj);
-typedef void (*klp_post_unpatch_t)(struct klp_object *obj);
+struct klp_state;
+struct klp_patch;
+typedef int (*klp_shadow_ctor_t)(void *obj,
+ void *shadow_data,
+ void *ctor_data);
+typedef void (*klp_shadow_dtor_t)(void *obj, void *shadow_data);
/**
- * struct klp_callbacks - pre/post live-(un)patch callback structure
- * @pre_patch: executed before code patching
- * @post_patch: executed after code patching
- * @pre_unpatch: executed before code unpatching
- * @post_unpatch: executed after code unpatching
- * @post_unpatch_enabled: flag indicating if post-unpatch callback
- * should run
+ * struct klp_state_callbacks - callbacks manipulating the state
+ * @pre_patch: executed only when the state is being enabled
+ * before code patching
+ * @post_patch: executed only when the state is being enabled
+ * after code patching
+ * @pre_unpatch: executed only when the state is being disabled
+ * before code unpatching
+ * @post_unpatch: executed only when the state is being disabled
+ * after code unpatching
+ * @shadow_dtor: destructor for the related shadow variable
+ * @pre_patch_succeeded: internal state used by a rollback on error
+ *
+ * All callbacks are optional.
+ *
+ * @pre_patch callback returns 0 on success and an error code otherwise.
*
- * All callbacks are optional. Only the pre-patch callback, if provided,
- * will be unconditionally executed. If the parent klp_object fails to
- * patch for any reason, including a non-zero error status returned from
- * the pre-patch callback, no further callbacks will be executed.
+ * Any error prevents enabling the livepatch. @post_unpatch() callbacks are
+ * then called to rollback @pre_patch callbacks which has already succeeded
+ * before. Also @post_patch callbacks are called for to-be-removed states
+ * to rollback pre_unpatch() callbacks when they were called.
*/
-struct klp_callbacks {
- klp_pre_patch_t pre_patch;
- klp_post_patch_t post_patch;
- klp_pre_unpatch_t pre_unpatch;
- klp_post_unpatch_t post_unpatch;
- bool post_unpatch_enabled;
+struct klp_state_callbacks {
+ int (*pre_patch)(struct klp_patch *patch, struct klp_state *state);
+ void (*post_patch)(struct klp_patch *patch, struct klp_state *state);
+ void (*pre_unpatch)(struct klp_patch *patch, struct klp_state *state);
+ void (*post_unpatch)(struct klp_patch *patch, struct klp_state *state);
+ klp_shadow_dtor_t shadow_dtor;
+ bool pre_patch_succeeded;
+};
+
+struct klp_state_ext {
+ unsigned long id;
+ unsigned int version;
+ struct klp_state_callbacks callbacks;
};
/*
@@ -69,7 +84,6 @@ struct klp_func_ext {
struct klp_object_ext {
const char *name;
struct klp_func_ext *funcs;
- struct klp_callbacks callbacks;
unsigned int nr_funcs;
};
diff --git a/tools/objtool/klp-diff.c b/tools/objtool/klp-diff.c
index c2c4e4968bc2..128fbe054417 100644
--- a/tools/objtool/klp-diff.c
+++ b/tools/objtool/klp-diff.c
@@ -1606,8 +1606,8 @@ static int create_klp_sections(struct elfs *e)
reloc = find_reloc_by_dest(e->out, sym->sec, sym->offset);
if (!elf_create_reloc(e->out, obj_sec,
- offsetof(struct klp_object_ext, callbacks) +
- offsetof(struct klp_callbacks, pre_patch),
+ offsetof(struct klp_state_ext, callbacks) +
+ offsetof(struct klp_state_callbacks, pre_patch),
reloc->sym, reloc_addend(reloc), R_ABS64))
return -1;
}
@@ -1622,8 +1622,8 @@ static int create_klp_sections(struct elfs *e)
reloc = find_reloc_by_dest(e->out, sym->sec, sym->offset);
if (!elf_create_reloc(e->out, obj_sec,
- offsetof(struct klp_object_ext, callbacks) +
- offsetof(struct klp_callbacks, post_patch),
+ offsetof(struct klp_state_ext, callbacks) +
+ offsetof(struct klp_state_callbacks, post_patch),
reloc->sym, reloc_addend(reloc), R_ABS64))
return -1;
}
@@ -1638,8 +1638,8 @@ static int create_klp_sections(struct elfs *e)
reloc = find_reloc_by_dest(e->out, sym->sec, sym->offset);
if (!elf_create_reloc(e->out, obj_sec,
- offsetof(struct klp_object_ext, callbacks) +
- offsetof(struct klp_callbacks, pre_unpatch),
+ offsetof(struct klp_state_ext, callbacks) +
+ offsetof(struct klp_state_callbacks, pre_unpatch),
reloc->sym, reloc_addend(reloc), R_ABS64))
return -1;
}
@@ -1654,8 +1654,8 @@ static int create_klp_sections(struct elfs *e)
reloc = find_reloc_by_dest(e->out, sym->sec, sym->offset);
if (!elf_create_reloc(e->out, obj_sec,
- offsetof(struct klp_object_ext, callbacks) +
- offsetof(struct klp_callbacks, post_unpatch),
+ offsetof(struct klp_state_ext, callbacks) +
+ offsetof(struct klp_state_callbacks, post_unpatch),
reloc->sym, reloc_addend(reloc), R_ABS64))
return -1;
}
--
2.47.3
^ permalink raw reply related
* [RFC PATCH 6/6] livepatch: Support replace_set in shadow variable API
From: Yafang Shao @ 2026-05-13 14:33 UTC (permalink / raw)
To: jpoimboe, jikos, mbenes, pmladek, joe.lawrence, song
Cc: live-patching, Yafang Shao
In-Reply-To: <20260513143321.26185-1-laoar.shao@gmail.com>
To support more complex livepatching scenarios where multiple
replacement sets might coexist, extend the klp_shadow API to
include a 'replace_set' identifier.
To maintain compatibility with the existing 64-bit storage in
'struct klp_shadow', the internal @id is now treated as a composite
value. The 64-bit identifier is constructed by packing two 32-bit
values:
MSB (63-32) LSB (31-0)
+--------------------+--------------------+
| replace_set | original @id |
+--------------------+--------------------+
Signed-off-by: Yafang Shao <laoar.shao@gmail.com>
---
include/linux/livepatch.h | 12 ++++---
kernel/livepatch/shadow.c | 70 ++++++++++++++++++++++++---------------
kernel/livepatch/state.c | 3 +-
3 files changed, 52 insertions(+), 33 deletions(-)
diff --git a/include/linux/livepatch.h b/include/linux/livepatch.h
index 221f176f1f51..2dd9fca8c01c 100644
--- a/include/linux/livepatch.h
+++ b/include/linux/livepatch.h
@@ -195,15 +195,17 @@ static inline bool klp_have_reliable_stack(void)
IS_ENABLED(CONFIG_HAVE_RELIABLE_STACKTRACE);
}
-void *klp_shadow_get(void *obj, unsigned long id);
-void *klp_shadow_alloc(void *obj, unsigned long id,
+void *klp_shadow_get(void *obj, unsigned int replace_set, unsigned int id);
+void *klp_shadow_alloc(void *obj, unsigned int replace_set, unsigned int id,
size_t size, gfp_t gfp_flags,
klp_shadow_ctor_t ctor, void *ctor_data);
-void *klp_shadow_get_or_alloc(void *obj, unsigned long id,
+void *klp_shadow_get_or_alloc(void *obj, unsigned int replace_set, unsigned int id,
size_t size, gfp_t gfp_flags,
klp_shadow_ctor_t ctor, void *ctor_data);
-void klp_shadow_free(void *obj, unsigned long id, klp_shadow_dtor_t dtor);
-void klp_shadow_free_all(unsigned long id, klp_shadow_dtor_t dtor);
+void klp_shadow_free(void *obj, unsigned int replace_set, unsigned int id,
+ klp_shadow_dtor_t dtor);
+void klp_shadow_free_all(unsigned int replace_set, unsigned int id,
+ klp_shadow_dtor_t dtor);
struct klp_state *klp_get_state(struct klp_patch *patch, unsigned long id);
struct klp_state *klp_get_prev_state(unsigned long id);
diff --git a/kernel/livepatch/shadow.c b/kernel/livepatch/shadow.c
index c2e724d97ddf..35e507fae445 100644
--- a/kernel/livepatch/shadow.c
+++ b/kernel/livepatch/shadow.c
@@ -48,7 +48,8 @@ static DEFINE_SPINLOCK(klp_shadow_lock);
* @node: klp_shadow_hash hash table node
* @rcu_head: RCU is used to safely free this structure
* @obj: pointer to parent object
- * @id: data identifier
+ * @id: combined data identifier
+ * higher 32 bits: replace_set, lower 32 bits: resource ID
* @data: data area
*/
struct klp_shadow {
@@ -59,6 +60,11 @@ struct klp_shadow {
char data[];
};
+static unsigned long klp_shadow_combined_id(unsigned int set, unsigned int id)
+{
+ return ((unsigned long)set << 32) | id;
+}
+
/**
* klp_shadow_match() - verify a shadow variable matches given <obj, id>
* @shadow: shadow variable to match
@@ -76,11 +82,12 @@ static inline bool klp_shadow_match(struct klp_shadow *shadow, void *obj,
/**
* klp_shadow_get() - retrieve a shadow variable data pointer
* @obj: pointer to parent object
+ * @replace_set:identifier for the livepatch replacement set
* @id: data identifier
*
* Return: the shadow variable data element, NULL on failure.
*/
-void *klp_shadow_get(void *obj, unsigned long id)
+void *klp_shadow_get(void *obj, unsigned int replace_set, unsigned int id)
{
struct klp_shadow *shadow;
@@ -89,7 +96,8 @@ void *klp_shadow_get(void *obj, unsigned long id)
hash_for_each_possible_rcu(klp_shadow_hash, shadow, node,
(unsigned long)obj) {
- if (klp_shadow_match(shadow, obj, id)) {
+ if (klp_shadow_match(shadow, obj,
+ klp_shadow_combined_id(replace_set, id))) {
rcu_read_unlock();
return shadow->data;
}
@@ -101,7 +109,7 @@ void *klp_shadow_get(void *obj, unsigned long id)
}
EXPORT_SYMBOL_GPL(klp_shadow_get);
-static void *__klp_shadow_get_or_alloc(void *obj, unsigned long id,
+static void *__klp_shadow_get_or_alloc(void *obj, unsigned int set, unsigned int id,
size_t size, gfp_t gfp_flags,
klp_shadow_ctor_t ctor, void *ctor_data,
bool warn_on_exist)
@@ -111,7 +119,7 @@ static void *__klp_shadow_get_or_alloc(void *obj, unsigned long id,
unsigned long flags;
/* Check if the shadow variable already exists */
- shadow_data = klp_shadow_get(obj, id);
+ shadow_data = klp_shadow_get(obj, set, id);
if (shadow_data)
goto exists;
@@ -126,7 +134,7 @@ static void *__klp_shadow_get_or_alloc(void *obj, unsigned long id,
/* Look for <obj, id> again under the lock */
spin_lock_irqsave(&klp_shadow_lock, flags);
- shadow_data = klp_shadow_get(obj, id);
+ shadow_data = klp_shadow_get(obj, set, id);
if (unlikely(shadow_data)) {
/*
* Shadow variable was found, throw away speculative
@@ -147,8 +155,8 @@ static void *__klp_shadow_get_or_alloc(void *obj, unsigned long id,
if (err) {
spin_unlock_irqrestore(&klp_shadow_lock, flags);
kfree(new_shadow);
- pr_err("Failed to construct shadow variable <%p, %lx> (%d)\n",
- obj, id, err);
+ pr_err("Failed to construct shadow variable <%p, %x, %x> (%d)\n",
+ obj, set, id, err);
return NULL;
}
}
@@ -162,7 +170,7 @@ static void *__klp_shadow_get_or_alloc(void *obj, unsigned long id,
exists:
if (warn_on_exist) {
- WARN(1, "Duplicate shadow variable <%p, %lx>\n", obj, id);
+ WARN(1, "Duplicate shadow variable <%p, %x, %x>\n", obj, set, id);
return NULL;
}
@@ -172,6 +180,7 @@ static void *__klp_shadow_get_or_alloc(void *obj, unsigned long id,
/**
* klp_shadow_alloc() - allocate and add a new shadow variable
* @obj: pointer to parent object
+ * @replace_set:identifier for the livepatch replacement set
* @id: data identifier
* @size: size of attached data
* @gfp_flags: GFP mask for allocation
@@ -183,8 +192,8 @@ static void *__klp_shadow_get_or_alloc(void *obj, unsigned long id,
* function if it is not NULL. The new shadow variable is then added
* to the global hashtable.
*
- * If an existing <obj, id> shadow variable can be found, this routine will
- * issue a WARN, exit early and return NULL.
+ * If an existing <obj, replace_set, id> shadow variable can be found, this
+ * routine will issue a WARN, exit early and return NULL.
*
* This function guarantees that the constructor function is called only when
* the variable did not exist before. The cost is that @ctor is called
@@ -193,11 +202,11 @@ static void *__klp_shadow_get_or_alloc(void *obj, unsigned long id,
* Return: the shadow variable data element, NULL on duplicate or
* failure.
*/
-void *klp_shadow_alloc(void *obj, unsigned long id,
+void *klp_shadow_alloc(void *obj, unsigned int replace_set, unsigned int id,
size_t size, gfp_t gfp_flags,
klp_shadow_ctor_t ctor, void *ctor_data)
{
- return __klp_shadow_get_or_alloc(obj, id, size, gfp_flags,
+ return __klp_shadow_get_or_alloc(obj, replace_set, id, size, gfp_flags,
ctor, ctor_data, true);
}
EXPORT_SYMBOL_GPL(klp_shadow_alloc);
@@ -205,28 +214,29 @@ EXPORT_SYMBOL_GPL(klp_shadow_alloc);
/**
* klp_shadow_get_or_alloc() - get existing or allocate a new shadow variable
* @obj: pointer to parent object
+ * @replace_set:identifier for the livepatch replacement set
* @id: data identifier
* @size: size of attached data
* @gfp_flags: GFP mask for allocation
* @ctor: custom constructor to initialize the shadow data (optional)
* @ctor_data: pointer to any data needed by @ctor (optional)
*
- * Returns a pointer to existing shadow data if an <obj, id> shadow
+ * Returns a pointer to existing shadow data if an <obj, replace_set, id> shadow
* variable is already present. Otherwise, it creates a new shadow
* variable like klp_shadow_alloc().
*
* This function guarantees that only one shadow variable exists with the given
- * @id for the given @obj. It also guarantees that the constructor function
- * will be called only when the variable did not exist before. The cost is
- * that @ctor is called in atomic context under a spin lock.
+ * @id for the given @obj within the same replace_set. It also guarantees that
+ * the constructor function will be called only when the variable did not exist
+ * before. The cost is that @ctor is called in atomic context under a spin lock.
*
* Return: the shadow variable data element, NULL on failure.
*/
-void *klp_shadow_get_or_alloc(void *obj, unsigned long id,
- size_t size, gfp_t gfp_flags,
+void *klp_shadow_get_or_alloc(void *obj, unsigned int replace_set,
+ unsigned int id, size_t size, gfp_t gfp_flags,
klp_shadow_ctor_t ctor, void *ctor_data)
{
- return __klp_shadow_get_or_alloc(obj, id, size, gfp_flags,
+ return __klp_shadow_get_or_alloc(obj, replace_set, id, size, gfp_flags,
ctor, ctor_data, false);
}
EXPORT_SYMBOL_GPL(klp_shadow_get_or_alloc);
@@ -243,14 +253,16 @@ static void klp_shadow_free_struct(struct klp_shadow *shadow,
/**
* klp_shadow_free() - detach and free a <obj, id> shadow variable
* @obj: pointer to parent object
+ * @replace_set:identifier for the livepatch replacement set
* @id: data identifier
* @dtor: custom callback that can be used to unregister the variable
* and/or free data that the shadow variable points to (optional)
*
- * This function releases the memory for this <obj, id> shadow variable
+ * This function releases the memory for this <obj, replace_set, id> shadow variable
* instance, callers should stop referencing it accordingly.
*/
-void klp_shadow_free(void *obj, unsigned long id, klp_shadow_dtor_t dtor)
+void klp_shadow_free(void *obj, unsigned int replace_set, unsigned int id,
+ klp_shadow_dtor_t dtor)
{
struct klp_shadow *shadow;
unsigned long flags;
@@ -261,7 +273,8 @@ void klp_shadow_free(void *obj, unsigned long id, klp_shadow_dtor_t dtor)
hash_for_each_possible(klp_shadow_hash, shadow, node,
(unsigned long)obj) {
- if (klp_shadow_match(shadow, obj, id)) {
+ if (klp_shadow_match(shadow, obj,
+ klp_shadow_combined_id(replace_set, id))) {
klp_shadow_free_struct(shadow, dtor);
break;
}
@@ -272,15 +285,17 @@ void klp_shadow_free(void *obj, unsigned long id, klp_shadow_dtor_t dtor)
EXPORT_SYMBOL_GPL(klp_shadow_free);
/**
- * klp_shadow_free_all() - detach and free all <_, id> shadow variables
+ * klp_shadow_free_all() - detach and free all <_, replace_set, id> shadow variables
+ * @replace_set:identifier for the livepatch replacement set
* @id: data identifier
* @dtor: custom callback that can be used to unregister the variable
* and/or free data that the shadow variable points to (optional)
*
- * This function releases the memory for all <_, id> shadow variable
+ * This function releases the memory for all <_, replace_set, id> shadow variable
* instances, callers should stop referencing them accordingly.
*/
-void klp_shadow_free_all(unsigned long id, klp_shadow_dtor_t dtor)
+void klp_shadow_free_all(unsigned int replace_set, unsigned int id,
+ klp_shadow_dtor_t dtor)
{
struct klp_shadow *shadow;
unsigned long flags;
@@ -290,7 +305,8 @@ void klp_shadow_free_all(unsigned long id, klp_shadow_dtor_t dtor)
/* Delete all <_, id> from hash */
hash_for_each(klp_shadow_hash, i, shadow, node) {
- if (klp_shadow_match(shadow, shadow->obj, id))
+ if (klp_shadow_match(shadow, shadow->obj,
+ klp_shadow_combined_id(replace_set, id)))
klp_shadow_free_struct(shadow, dtor);
}
diff --git a/kernel/livepatch/state.c b/kernel/livepatch/state.c
index 43115e8e8453..6e3d6fb92e64 100644
--- a/kernel/livepatch/state.c
+++ b/kernel/livepatch/state.c
@@ -203,7 +203,8 @@ void klp_states_post_unpatch(struct klp_patch *patch)
state->callbacks.post_unpatch(patch, state);
if (state->is_shadow)
- klp_shadow_free_all(state->id, state->callbacks.shadow_dtor);
+ klp_shadow_free_all(patch->replace_set, state->id,
+ state->callbacks.shadow_dtor);
state->callbacks.pre_patch_succeeded = 0;
}
--
2.47.3
^ permalink raw reply related
* Sashiko patch review for live-patching?
From: Joe Lawrence @ 2026-05-13 16:13 UTC (permalink / raw)
To: live-patching
Cc: Jiri Kosina, Josh Poimboeuf, Miroslav Benes, Petr Mladek,
Song Liu
Hello live-patching maintainers,
I've noticed several references to the Sashiko (https://sashiko.dev/)
kernel review bot on this list and was wondering if there is interest in
adding live-patching to the mailing lists Sashiko tracks.
Integration appears straightforward: we can submit an MR to add our
entry to sashiko-k8s.yaml and customize the bot's email behavior in
email_policy.toml.
Full Sashiko Maintainer documentation is available here:
https://github.com/sashiko-dev/sashiko/blob/main/MAINTAINERS_GUIDE.md
Personally, I would vote to set reply_to_author. I don't have a strong
opinion on the other custom options, provided that the CC list is opt-in
rather than simply mirrored from the MAINTAINERS::LIVE PATCHING file.
Either way, I've found the Sashiko web interface very helpful in patch
review.
--
Joe
^ permalink raw reply
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox