livepatch: force transition to finish

If a task sleeps in a set of patched functions uninterruptedly, it could
block the whole transition indefinitely.  Thus it may be useful to clear
its TIF_PATCH_PENDING to allow the process to finish.

Admin can do that now by writing to force sysfs attribute in livepatch
sysfs directory. TIF_PATCH_PENDING is then cleared for all tasks and the
transition can finish successfully.

Important note! Administrator should not use this feature without a
clearance from a patch distributor. It must be checked that by doing so
the consistency model guarantees are not violated. Removal (rmmod) of
patch modules is permanently disabled when the feature is used. It
cannot be guaranteed there is no task sleeping in such module.

Signed-off-by: Miroslav Benes <mbenes@suse.cz>
Acked-by: Josh Poimboeuf <jpoimboe@redhat.com>
Reviewed-by: Petr Mladek <pmladek@suse.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>

1 files changed, 34 insertions, 2 deletions

diff --git a/kernel/livepatch/transition.c b/kernel/livepatch/transition.c
index edcfcb8ebb2d..be5bfa533ee8 100644
--- a/kernel/livepatch/transition.c
+++ b/kernel/livepatch/transition.c
@@ -33,6 +33,8 @@ struct klp_patch *klp_transition_patch;
 
 static int klp_target_state = KLP_UNDEFINED;
 
+static bool klp_forced = false;
+
 /*
  * This work can be performed periodically to finish patching or unpatching any
  * "straggler" tasks which failed to transition in the first attempt.
@@ -146,9 +148,12 @@ done:
         /*
          * See complementary comment in __klp_enable_patch() for why we
          * keep the module reference for immediate patches.
+         *
+         * klp_forced or immediate_func set implies unbounded increase of
+         * module's ref count if the module is disabled/enabled in a loop.
          */
-        if (!klp_transition_patch->immediate && !immediate_func &&
-            klp_target_state == KLP_UNPATCHED) {
+        if (!klp_forced && !klp_transition_patch->immediate &&
+                !immediate_func && klp_target_state == KLP_UNPATCHED) {
                 module_put(klp_transition_patch->mod);
         }
 
@@ -649,3 +654,30 @@ void klp_send_signals(void)
         }
         read_unlock(&tasklist_lock);
 }
+
+/*
+ * Drop TIF_PATCH_PENDING of all tasks on admin's request. This forces an
+ * existing transition to finish.
+ *
+ * NOTE: klp_update_patch_state(task) requires the task to be inactive or
+ * 'current'. This is not the case here and the consistency model could be
+ * broken. Administrator, who is the only one to execute the
+ * klp_force_transitions(), has to be aware of this.
+ */
+void klp_force_transition(void)
+{
+        struct task_struct *g, *task;
+        unsigned int cpu;
+
+        pr_warn("forcing remaining tasks to the patched state\n");
+
+        read_lock(&tasklist_lock);
+        for_each_process_thread(g, task)
+                klp_update_patch_state(task);
+        read_unlock(&tasklist_lock);
+
+        for_each_possible_cpu(cpu)
+                klp_update_patch_state(idle_task(cpu));
+
+        klp_forced = true;
+}