Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/livepatching

Pull live patching infrastructure from Jiri Kosina:
 "Let me provide a bit of history first, before describing what is in
  this pile.

  Originally, there was kSplice as a standalone project that implemented
  stop_machine()-based patching for the linux kernel.  This project got
  later acquired, and the current owner is providing live patching as a
  proprietary service, without any intentions to have their
  implementation merged.

  Then, due to rising user/customer demand, both Red Hat and SUSE
  started working on their own implementation (not knowing about each
  other), and announced first versions roughly at the same time [1] [2].

  The principle difference between the two solutions is how they are
  making sure that the patching is performed in a consistent way when it
  comes to different execution threads with respect to the semantic
  nature of the change that is being introduced.

  In a nutshell, kPatch is issuing stop_machine(), then looking at
  stacks of all existing processess, and if it decides that the system
  is in a state that can be patched safely, it proceeds insterting code
  redirection machinery to the patched functions.

  On the other hand, kGraft provides a per-thread consistency during one
  single pass of a process through the kernel and performs a lazy
  contignuous migration of threads from "unpatched" universe to the
  "patched" one at safe checkpoints.

  If interested in a more detailed discussion about the consistency
  models and its possible combinations, please see the thread that
  evolved around [3].

  It pretty quickly became obvious to the interested parties that it's
  absolutely impractical in this case to have several isolated solutions
  for one task to co-exist in the kernel.  During a dedicated Live
  Kernel Patching track at LPC in Dusseldorf, all the interested parties
  sat together and came up with a joint aproach that would work for both
  distro vendors.  Steven Rostedt took notes [4] from this meeting.

  And the foundation for that aproach is what's present in this pull
  request.

  It provides a basic infrastructure for function "live patching" (i.e.
  code redirection), including API for kernel modules containing the
  actual patches, and API/ABI for userspace to be able to operate on the
  patches (look up what patches are applied, enable/disable them, etc).

  It's relatively simple and minimalistic, as it's making use of
  existing kernel infrastructure (namely ftrace) as much as possible.
  It's also self-contained, in a sense that it doesn't hook itself in
  any other kernel subsystem (it doesn't even touch any other code).
  It's now implemented for x86 only as a reference architecture, but
  support for powerpc, s390 and arm is already in the works (adding
  arch-specific support basically boils down to teaching ftrace about
  regs-saving).

  Once this common infrastructure gets merged, both Red Hat and SUSE
  have agreed to immediately start porting their current solutions on
  top of this, abandoning their out-of-tree code.  The plan basically is
  that each patch will be marked by flag(s) that would indicate which
  consistency model it is willing to use (again, the details have been
  sketched out already in the thread at [3]).

  Before this happens, the current codebase can be used to patch a large
  group of secruity/stability problems the patches for which are not too
  complex (in a sense that they don't introduce non-trivial change of
  function's return value semantics, they don't change layout of data
  structures, etc) -- this corresponds to LEAVE_FUNCTION &&
  SWITCH_FUNCTION semantics described at [3].

  This tree has been in linux-next since December.

    [1] https://lkml.org/lkml/2014/4/30/477
    [2] https://lkml.org/lkml/2014/7/14/857
    [3] https://lkml.org/lkml/2014/11/7/354
    [4] http://linuxplumbersconf.org/2014/wp-content/uploads/2014/10/LPC2014_LivePatching.txt

  [ The core code is introduced by the three commits authored by Seth
    Jennings, which got a lot of changes incorporated during numerous
    respins and reviews of the initial implementation.  All the followup
    commits have materialized only after public tree has been created,
    so they were not folded into initial three commits so that the
    public tree doesn't get rebased ]"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/livepatching:
  livepatch: add missing newline to error message
  livepatch: rename config to CONFIG_LIVEPATCH
  livepatch: fix uninitialized return value
  livepatch: support for repatching a function
  livepatch: enforce patch stacking semantics
  livepatch: change ARCH_HAVE_LIVE_PATCHING to HAVE_LIVE_PATCHING
  livepatch: fix deferred module patching order
  livepatch: handle ancient compilers with more grace
  livepatch: kconfig: use bool instead of boolean
  livepatch: samples: fix usage example comments
  livepatch: MAINTAINERS: add git tree location
  livepatch: use FTRACE_OPS_FL_IPMODIFY
  livepatch: move x86 specific ftrace handler code to arch/x86
  livepatch: samples: add sample live patching module
  livepatch: kernel: add support for live patching
  livepatch: kernel: add TAINT_LIVEPATCH

19 files changed, 1475 insertions, 1 deletions

diff --git a/Documentation/ABI/testing/sysfs-kernel-livepatch b/Documentation/ABI/testing/sysfs-kernel-livepatch
new file mode 100644
index 000000000000..5bf42a840b22
--- /dev/null
+++ b/Documentation/ABI/testing/sysfs-kernel-livepatch
@@ -0,0 +1,44 @@
+What:           /sys/kernel/livepatch
+Date:           Nov 2014
+KernelVersion:  3.19.0
+Contact:        live-patching@vger.kernel.org
+Description:
+                Interface for kernel live patching
+
+                The /sys/kernel/livepatch directory contains subdirectories for
+                each loaded live patch module.
+
+What:           /sys/kernel/livepatch/<patch>
+Date:           Nov 2014
+KernelVersion:  3.19.0
+Contact:        live-patching@vger.kernel.org
+Description:
+                The patch directory contains subdirectories for each kernel
+                object (vmlinux or a module) in which it patched functions.
+
+What:           /sys/kernel/livepatch/<patch>/enabled
+Date:           Nov 2014
+KernelVersion:  3.19.0
+Contact:        live-patching@vger.kernel.org
+Description:
+                A writable attribute that indicates whether the patched
+                code is currently applied.  Writing 0 will disable the patch
+                while writing 1 will re-enable the patch.
+
+What:           /sys/kernel/livepatch/<patch>/<object>
+Date:           Nov 2014
+KernelVersion:  3.19.0
+Contact:        live-patching@vger.kernel.org
+Description:
+                The object directory contains subdirectories for each function
+                that is patched within the object.
+
+What:           /sys/kernel/livepatch/<patch>/<object>/<function>
+Date:           Nov 2014
+KernelVersion:  3.19.0
+Contact:        live-patching@vger.kernel.org
+Description:
+                The function directory contains attributes regarding the
+                properties and state of the patched function.
+
+                There are currently no such attributes.
diff --git a/Documentation/oops-tracing.txt b/Documentation/oops-tracing.txt
index beefb9f82902..f3ac05cc23e4 100644
--- a/Documentation/oops-tracing.txt
+++ b/Documentation/oops-tracing.txt
@@ -270,6 +270,8 @@ characters, each representing a particular tainted value.
 
  15: 'L' if a soft lockup has previously occurred on the system.
 
+ 16: 'K' if the kernel has been live patched.
+
 The primary reason for the 'Tainted: ' string is to tell kernel
 debuggers if this is a clean kernel or if anything unusual has
 occurred.  Tainting is permanent: even if an offending module is
diff --git a/Documentation/sysctl/kernel.txt b/Documentation/sysctl/kernel.txt
index 75511efefc64..83ab25660fc9 100644
--- a/Documentation/sysctl/kernel.txt
+++ b/Documentation/sysctl/kernel.txt
@@ -843,6 +843,7 @@ can be ORed together:
 8192 - An unsigned module has been loaded in a kernel supporting module
        signature.
 16384 - A soft lockup has previously occurred on the system.
+32768 - The kernel has been live patched.
 
 ==============================================================
 
diff --git a/MAINTAINERS b/MAINTAINERS
index 54c7ce00d85f..71b6c4308119 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -5853,6 +5853,21 @@ F:	Documentation/misc-devices/lis3lv02d
 F:      drivers/misc/lis3lv02d/
 F:      drivers/platform/x86/hp_accel.c
 
+LIVE PATCHING
+M:      Josh Poimboeuf <jpoimboe@redhat.com>
+M:      Seth Jennings <sjenning@redhat.com>
+M:      Jiri Kosina <jkosina@suse.cz>
+M:      Vojtech Pavlik <vojtech@suse.cz>
+S:      Maintained
+F:      kernel/livepatch/
+F:      include/linux/livepatch.h
+F:      arch/x86/include/asm/livepatch.h
+F:      arch/x86/kernel/livepatch.c
+F:      Documentation/ABI/testing/sysfs-kernel-livepatch
+F:      samples/livepatch/
+L:      live-patching@vger.kernel.org
+T:      git git://git.kernel.org/pub/scm/linux/kernel/git/jikos/livepatching.git
+
 LLC (802.2)
 M:      Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
 S:      Maintained
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 019f4e5c2b75..33ce9a344e38 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -17,6 +17,7 @@ config X86_64
         depends on 64BIT
         select X86_DEV_DMA_OPS
         select ARCH_USE_CMPXCHG_LOCKREF
+        select HAVE_LIVEPATCH
 
 ### Arch settings
 config X86
@@ -2028,6 +2029,8 @@ config CMDLINE_OVERRIDE
           This is used to work around broken boot loaders.  This should
           be set to 'N' under normal conditions.
 
+source "kernel/livepatch/Kconfig"
+
 endmenu
 
 config ARCH_ENABLE_MEMORY_HOTPLUG
diff --git a/arch/x86/include/asm/livepatch.h b/arch/x86/include/asm/livepatch.h
new file mode 100644
index 000000000000..a455a53d789a
--- /dev/null
+++ b/arch/x86/include/asm/livepatch.h
@@ -0,0 +1,46 @@
+/*
+ * livepatch.h - x86-specific Kernel Live Patching Core
+ *
+ * Copyright (C) 2014 Seth Jennings <sjenning@redhat.com>
+ * Copyright (C) 2014 SUSE
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _ASM_X86_LIVEPATCH_H
+#define _ASM_X86_LIVEPATCH_H
+
+#include <linux/module.h>
+#include <linux/ftrace.h>
+
+#ifdef CONFIG_LIVEPATCH
+static inline int klp_check_compiler_support(void)
+{
+#ifndef CC_USING_FENTRY
+        return 1;
+#endif
+        return 0;
+}
+extern int klp_write_module_reloc(struct module *mod, unsigned long type,
+                                  unsigned long loc, unsigned long value);
+
+static inline void klp_arch_set_pc(struct pt_regs *regs, unsigned long ip)
+{
+        regs->ip = ip;
+}
+#else
+#error Live patching support is disabled; check CONFIG_LIVEPATCH
+#endif
+
+#endif /* _ASM_X86_LIVEPATCH_H */
diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
index 5d4502c8b983..732223496968 100644
--- a/arch/x86/kernel/Makefile
+++ b/arch/x86/kernel/Makefile
@@ -63,6 +63,7 @@ obj-$(CONFIG_X86_MPPARSE)	+= mpparse.o
 obj-y                           += apic/
 obj-$(CONFIG_X86_REBOOTFIXUPS)  += reboot_fixups_32.o
 obj-$(CONFIG_DYNAMIC_FTRACE)    += ftrace.o
+obj-$(CONFIG_LIVEPATCH)         += livepatch.o
 obj-$(CONFIG_FUNCTION_GRAPH_TRACER) += ftrace.o
 obj-$(CONFIG_FTRACE_SYSCALLS)   += ftrace.o
 obj-$(CONFIG_X86_TSC)           += trace_clock.o
diff --git a/arch/x86/kernel/livepatch.c b/arch/x86/kernel/livepatch.c
new file mode 100644
index 000000000000..ff3c3101d003
--- /dev/null
+++ b/arch/x86/kernel/livepatch.c
@@ -0,0 +1,90 @@
+/*
+ * livepatch.c - x86-specific Kernel Live Patching Core
+ *
+ * Copyright (C) 2014 Seth Jennings <sjenning@redhat.com>
+ * Copyright (C) 2014 SUSE
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <linux/module.h>
+#include <linux/uaccess.h>
+#include <asm/cacheflush.h>
+#include <asm/page_types.h>
+#include <asm/elf.h>
+#include <asm/livepatch.h>
+
+/**
+ * klp_write_module_reloc() - write a relocation in a module
+ * @mod:        module in which the section to be modified is found
+ * @type:       ELF relocation type (see asm/elf.h)
+ * @loc:        address that the relocation should be written to
+ * @value:      relocation value (sym address + addend)
+ *
+ * This function writes a relocation to the specified location for
+ * a particular module.
+ */
+int klp_write_module_reloc(struct module *mod, unsigned long type,
+                           unsigned long loc, unsigned long value)
+{
+        int ret, numpages, size = 4;
+        bool readonly;
+        unsigned long val;
+        unsigned long core = (unsigned long)mod->module_core;
+        unsigned long core_ro_size = mod->core_ro_size;
+        unsigned long core_size = mod->core_size;
+
+        switch (type) {
+        case R_X86_64_NONE:
+                return 0;
+        case R_X86_64_64:
+                val = value;
+                size = 8;
+                break;
+        case R_X86_64_32:
+                val = (u32)value;
+                break;
+        case R_X86_64_32S:
+                val = (s32)value;
+                break;
+        case R_X86_64_PC32:
+                val = (u32)(value - loc);
+                break;
+        default:
+                /* unsupported relocation type */
+                return -EINVAL;
+        }
+
+        if (loc < core || loc >= core + core_size)
+                /* loc does not point to any symbol inside the module */
+                return -EINVAL;
+
+        if (loc < core + core_ro_size)
+                readonly = true;
+        else
+                readonly = false;
+
+        /* determine if the relocation spans a page boundary */
+        numpages = ((loc & PAGE_MASK) == ((loc + size) & PAGE_MASK)) ? 1 : 2;
+
+        if (readonly)
+                set_memory_rw(loc & PAGE_MASK, numpages);
+
+        ret = probe_kernel_write((void *)loc, &val, size);
+
+        if (readonly)
+                set_memory_ro(loc & PAGE_MASK, numpages);
+
+        return ret;
+}
diff --git a/include/linux/kernel.h b/include/linux/kernel.h
index 64ce58bee6f5..e42e7dc34c68 100644
--- a/include/linux/kernel.h
+++ b/include/linux/kernel.h
@@ -471,6 +471,7 @@ extern enum system_states {
 #define TAINT_OOT_MODULE                12
 #define TAINT_UNSIGNED_MODULE           13
 #define TAINT_SOFTLOCKUP                14
+#define TAINT_LIVEPATCH                 15
 
 extern const char hex_asc[];
 #define hex_asc_lo(x)   hex_asc[((x) & 0x0f)]
diff --git a/include/linux/livepatch.h b/include/linux/livepatch.h
new file mode 100644
index 000000000000..95023fd8b00d
--- /dev/null
+++ b/include/linux/livepatch.h
@@ -0,0 +1,133 @@
+/*
+ * livepatch.h - Kernel Live Patching Core
+ *
+ * Copyright (C) 2014 Seth Jennings <sjenning@redhat.com>
+ * Copyright (C) 2014 SUSE
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _LINUX_LIVEPATCH_H_
+#define _LINUX_LIVEPATCH_H_
+
+#include <linux/module.h>
+#include <linux/ftrace.h>
+
+#if IS_ENABLED(CONFIG_LIVEPATCH)
+
+#include <asm/livepatch.h>
+
+enum klp_state {
+        KLP_DISABLED,
+        KLP_ENABLED
+};
+
+/**
+ * struct klp_func - function structure for live patching
+ * @old_name:   name of the function to be patched
+ * @new_func:   pointer to the patched function code
+ * @old_addr:   a hint conveying at what address the old function
+ *              can be found (optional, vmlinux patches only)
+ * @kobj:       kobject for sysfs resources
+ * @state:      tracks function-level patch application state
+ * @stack_node: list node for klp_ops func_stack list
+ */
+struct klp_func {
+        /* external */
+        const char *old_name;
+        void *new_func;
+        /*
+         * The old_addr field is optional and can be used to resolve
+         * duplicate symbol names in the vmlinux object.  If this
+         * information is not present, the symbol is located by name
+         * with kallsyms. If the name is not unique and old_addr is
+         * not provided, the patch application fails as there is no
+         * way to resolve the ambiguity.
+         */
+        unsigned long old_addr;
+
+        /* internal */
+        struct kobject kobj;
+        enum klp_state state;
+        struct list_head stack_node;
+};
+
+/**
+ * struct klp_reloc - relocation structure for live patching
+ * @loc:        address where the relocation will be written
+ * @val:        address of the referenced symbol (optional,
+ *              vmlinux patches only)
+ * @type:       ELF relocation type
+ * @name:       name of the referenced symbol (for lookup/verification)
+ * @addend:     offset from the referenced symbol
+ * @external:   symbol is either exported or within the live patch module itself
+ */
+struct klp_reloc {
+        unsigned long loc;
+        unsigned long val;
+        unsigned long type;
+        const char *name;
+        int addend;
+        int external;
+};
+
+/**
+ * struct klp_object - kernel object structure for live patching
+ * @name:       module name (or NULL for vmlinux)
+ * @relocs:     relocation entries to be applied at load time
+ * @funcs:      function entries for functions to be patched in the object
+ * @kobj:       kobject for sysfs resources
+ * @mod:        kernel module associated with the patched object
+ *              (NULL for vmlinux)
+ * @state:      tracks object-level patch application state
+ */
+struct klp_object {
+        /* external */
+        const char *name;
+        struct klp_reloc *relocs;
+        struct klp_func *funcs;
+
+        /* internal */
+        struct kobject *kobj;
+        struct module *mod;
+        enum klp_state state;
+};
+
+/**
+ * struct klp_patch - patch structure for live patching
+ * @mod:        reference to the live patch module
+ * @objs:       object entries for kernel objects to be patched
+ * @list:       list node for global list of registered patches
+ * @kobj:       kobject for sysfs resources
+ * @state:      tracks patch-level application state
+ */
+struct klp_patch {
+        /* external */
+        struct module *mod;
+        struct klp_object *objs;
+
+        /* internal */
+        struct list_head list;
+        struct kobject kobj;
+        enum klp_state state;
+};
+
+extern int klp_register_patch(struct klp_patch *);
+extern int klp_unregister_patch(struct klp_patch *);
+extern int klp_enable_patch(struct klp_patch *);
+extern int klp_disable_patch(struct klp_patch *);
+
+#endif /* CONFIG_LIVEPATCH */
+
+#endif /* _LINUX_LIVEPATCH_H_ */
diff --git a/kernel/Makefile b/kernel/Makefile
index a59481a3fa6c..616994f0a76f 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -26,6 +26,7 @@ obj-y += power/
 obj-y += printk/
 obj-y += irq/
 obj-y += rcu/
+obj-y += livepatch/
 
 obj-$(CONFIG_CHECKPOINT_RESTORE) += kcmp.o
 obj-$(CONFIG_FREEZER) += freezer.o
diff --git a/kernel/livepatch/Kconfig b/kernel/livepatch/Kconfig
new file mode 100644
index 000000000000..045022557936
--- /dev/null
+++ b/kernel/livepatch/Kconfig
@@ -0,0 +1,18 @@
+config HAVE_LIVEPATCH
+        bool
+        help
+          Arch supports kernel live patching
+
+config LIVEPATCH
+        bool "Kernel Live Patching"
+        depends on DYNAMIC_FTRACE_WITH_REGS
+        depends on MODULES
+        depends on SYSFS
+        depends on KALLSYMS_ALL
+        depends on HAVE_LIVEPATCH
+        help
+          Say Y here if you want to support kernel live patching.
+          This option has no runtime impact until a kernel "patch"
+          module uses the interface provided by this option to register
+          a patch, causing calls to patched functions to be redirected
+          to new function code contained in the patch module.
diff --git a/kernel/livepatch/Makefile b/kernel/livepatch/Makefile
new file mode 100644
index 000000000000..e8780c0901d9
--- /dev/null
+++ b/kernel/livepatch/Makefile
@@ -0,0 +1,3 @@
+obj-$(CONFIG_LIVEPATCH) += livepatch.o
+
+livepatch-objs := core.o
diff --git a/kernel/livepatch/core.c b/kernel/livepatch/core.c
new file mode 100644
index 000000000000..ff7f47d026ac
--- /dev/null
+++ b/kernel/livepatch/core.c
@@ -0,0 +1,1015 @@
+/*
+ * core.c - Kernel Live Patching Core
+ *
+ * Copyright (C) 2014 Seth Jennings <sjenning@redhat.com>
+ * Copyright (C) 2014 SUSE
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
+#include <linux/module.h>
+#include <linux/kernel.h>
+#include <linux/mutex.h>
+#include <linux/slab.h>
+#include <linux/ftrace.h>
+#include <linux/list.h>
+#include <linux/kallsyms.h>
+#include <linux/livepatch.h>
+
+/**
+ * struct klp_ops - structure for tracking registered ftrace ops structs
+ *
+ * A single ftrace_ops is shared between all enabled replacement functions
+ * (klp_func structs) which have the same old_addr.  This allows the switch
+ * between function versions to happen instantaneously by updating the klp_ops
+ * struct's func_stack list.  The winner is the klp_func at the top of the
+ * func_stack (front of the list).
+ *
+ * @node:       node for the global klp_ops list
+ * @func_stack: list head for the stack of klp_func's (active func is on top)
+ * @fops:       registered ftrace ops struct
+ */
+struct klp_ops {
+        struct list_head node;
+        struct list_head func_stack;
+        struct ftrace_ops fops;
+};
+
+/*
+ * The klp_mutex protects the global lists and state transitions of any
+ * structure reachable from them.  References to any structure must be obtained
+ * under mutex protection (except in klp_ftrace_handler(), which uses RCU to
+ * ensure it gets consistent data).
+ */
+static DEFINE_MUTEX(klp_mutex);
+
+static LIST_HEAD(klp_patches);
+static LIST_HEAD(klp_ops);
+
+static struct kobject *klp_root_kobj;
+
+static struct klp_ops *klp_find_ops(unsigned long old_addr)
+{
+        struct klp_ops *ops;
+        struct klp_func *func;
+
+        list_for_each_entry(ops, &klp_ops, node) {
+                func = list_first_entry(&ops->func_stack, struct klp_func,
+                                        stack_node);
+                if (func->old_addr == old_addr)
+                        return ops;
+        }
+
+        return NULL;
+}
+
+static bool klp_is_module(struct klp_object *obj)
+{
+        return obj->name;
+}
+
+static bool klp_is_object_loaded(struct klp_object *obj)
+{
+        return !obj->name || obj->mod;
+}
+
+/* sets obj->mod if object is not vmlinux and module is found */
+static void klp_find_object_module(struct klp_object *obj)
+{
+        if (!klp_is_module(obj))
+                return;
+
+        mutex_lock(&module_mutex);
+        /*
+         * We don't need to take a reference on the module here because we have
+         * the klp_mutex, which is also taken by the module notifier.  This
+         * prevents any module from unloading until we release the klp_mutex.
+         */
+        obj->mod = find_module(obj->name);
+        mutex_unlock(&module_mutex);
+}
+
+/* klp_mutex must be held by caller */
+static bool klp_is_patch_registered(struct klp_patch *patch)
+{
+        struct klp_patch *mypatch;
+
+        list_for_each_entry(mypatch, &klp_patches, list)
+                if (mypatch == patch)
+                        return true;
+
+        return false;
+}
+
+static bool klp_initialized(void)
+{
+        return klp_root_kobj;
+}
+
+struct klp_find_arg {
+        const char *objname;
+        const char *name;
+        unsigned long addr;
+        /*
+         * If count == 0, the symbol was not found. If count == 1, a unique
+         * match was found and addr is set.  If count > 1, there is
+         * unresolvable ambiguity among "count" number of symbols with the same
+         * name in the same object.
+         */
+        unsigned long count;
+};
+
+static int klp_find_callback(void *data, const char *name,
+                             struct module *mod, unsigned long addr)
+{
+        struct klp_find_arg *args = data;
+
+        if ((mod && !args->objname) || (!mod && args->objname))
+                return 0;
+
+        if (strcmp(args->name, name))
+                return 0;
+
+        if (args->objname && strcmp(args->objname, mod->name))
+                return 0;
+
+        /*
+         * args->addr might be overwritten if another match is found
+         * but klp_find_object_symbol() handles this and only returns the
+         * addr if count == 1.
+         */
+        args->addr = addr;
+        args->count++;
+
+        return 0;
+}
+
+static int klp_find_object_symbol(const char *objname, const char *name,
+                                  unsigned long *addr)
+{
+        struct klp_find_arg args = {
+                .objname = objname,
+                .name = name,
+                .addr = 0,
+                .count = 0
+        };
+
+        kallsyms_on_each_symbol(klp_find_callback, &args);
+
+        if (args.count == 0)
+                pr_err("symbol '%s' not found in symbol table\n", name);
+        else if (args.count > 1)
+                pr_err("unresolvable ambiguity (%lu matches) on symbol '%s' in object '%s'\n",
+                       args.count, name, objname);
+        else {
+                *addr = args.addr;
+                return 0;
+        }
+
+        *addr = 0;
+        return -EINVAL;
+}
+
+struct klp_verify_args {
+        const char *name;
+        const unsigned long addr;
+};
+
+static int klp_verify_callback(void *data, const char *name,
+                               struct module *mod, unsigned long addr)
+{
+        struct klp_verify_args *args = data;
+
+        if (!mod &&
+            !strcmp(args->name, name) &&
+            args->addr == addr)
+                return 1;
+
+        return 0;
+}
+
+static int klp_verify_vmlinux_symbol(const char *name, unsigned long addr)
+{
+        struct klp_verify_args args = {
+                .name = name,
+                .addr = addr,
+        };
+
+        if (kallsyms_on_each_symbol(klp_verify_callback, &args))
+                return 0;
+
+        pr_err("symbol '%s' not found at specified address 0x%016lx, kernel mismatch?\n",
+                name, addr);
+        return -EINVAL;
+}
+
+static int klp_find_verify_func_addr(struct klp_object *obj,
+                                     struct klp_func *func)
+{
+        int ret;
+
+#if defined(CONFIG_RANDOMIZE_BASE)
+        /* KASLR is enabled, disregard old_addr from user */
+        func->old_addr = 0;
+#endif
+
+        if (!func->old_addr || klp_is_module(obj))
+                ret = klp_find_object_symbol(obj->name, func->old_name,
+                                             &func->old_addr);
+        else
+                ret = klp_verify_vmlinux_symbol(func->old_name,
+                                                func->old_addr);
+
+        return ret;
+}
+
+/*
+ * external symbols are located outside the parent object (where the parent
+ * object is either vmlinux or the kmod being patched).
+ */
+static int klp_find_external_symbol(struct module *pmod, const char *name,
+                                    unsigned long *addr)
+{
+        const struct kernel_symbol *sym;
+
+        /* first, check if it's an exported symbol */
+        preempt_disable();
+        sym = find_symbol(name, NULL, NULL, true, true);
+        preempt_enable();
+        if (sym) {
+                *addr = sym->value;
+                return 0;
+        }
+
+        /* otherwise check if it's in another .o within the patch module */
+        return klp_find_object_symbol(pmod->name, name, addr);
+}
+
+static int klp_write_object_relocations(struct module *pmod,
+                                        struct klp_object *obj)
+{
+        int ret;
+        struct klp_reloc *reloc;
+
+        if (WARN_ON(!klp_is_object_loaded(obj)))
+                return -EINVAL;
+
+        if (WARN_ON(!obj->relocs))
+                return -EINVAL;
+
+        for (reloc = obj->relocs; reloc->name; reloc++) {
+                if (!klp_is_module(obj)) {
+                        ret = klp_verify_vmlinux_symbol(reloc->name,
+                                                        reloc->val);
+                        if (ret)
+                                return ret;
+                } else {
+                        /* module, reloc->val needs to be discovered */
+                        if (reloc->external)
+                                ret = klp_find_external_symbol(pmod,
+                                                               reloc->name,
+                                                               &reloc->val);
+                        else
+                                ret = klp_find_object_symbol(obj->mod->name,
+                                                             reloc->name,
+                                                             &reloc->val);
+                        if (ret)
+                                return ret;
+                }
+                ret = klp_write_module_reloc(pmod, reloc->type, reloc->loc,
+                                             reloc->val + reloc->addend);
+                if (ret) {
+                        pr_err("relocation failed for symbol '%s' at 0x%016lx (%d)\n",
+                               reloc->name, reloc->val, ret);
+                        return ret;
+                }
+        }
+
+        return 0;
+}
+
+static void notrace klp_ftrace_handler(unsigned long ip,
+                                       unsigned long parent_ip,
+                                       struct ftrace_ops *fops,
+                                       struct pt_regs *regs)
+{
+        struct klp_ops *ops;
+        struct klp_func *func;
+
+        ops = container_of(fops, struct klp_ops, fops);
+
+        rcu_read_lock();
+        func = list_first_or_null_rcu(&ops->func_stack, struct klp_func,
+                                      stack_node);
+        rcu_read_unlock();
+
+        if (WARN_ON_ONCE(!func))
+                return;
+
+        klp_arch_set_pc(regs, (unsigned long)func->new_func);
+}
+
+static int klp_disable_func(struct klp_func *func)
+{
+        struct klp_ops *ops;
+        int ret;
+
+        if (WARN_ON(func->state != KLP_ENABLED))
+                return -EINVAL;
+
+        if (WARN_ON(!func->old_addr))
+                return -EINVAL;
+
+        ops = klp_find_ops(func->old_addr);
+        if (WARN_ON(!ops))
+                return -EINVAL;
+
+        if (list_is_singular(&ops->func_stack)) {
+                ret = unregister_ftrace_function(&ops->fops);
+                if (ret) {
+                        pr_err("failed to unregister ftrace handler for function '%s' (%d)\n",
+                               func->old_name, ret);
+                        return ret;
+                }
+
+                ret = ftrace_set_filter_ip(&ops->fops, func->old_addr, 1, 0);
+                if (ret)
+                        pr_warn("function unregister succeeded but failed to clear the filter\n");
+
+                list_del_rcu(&func->stack_node);
+                list_del(&ops->node);
+                kfree(ops);
+        } else {
+                list_del_rcu(&func->stack_node);
+        }
+
+        func->state = KLP_DISABLED;
+
+        return 0;
+}
+
+static int klp_enable_func(struct klp_func *func)
+{
+        struct klp_ops *ops;
+        int ret;
+
+        if (WARN_ON(!func->old_addr))
+                return -EINVAL;
+
+        if (WARN_ON(func->state != KLP_DISABLED))
+                return -EINVAL;
+
+        ops = klp_find_ops(func->old_addr);
+        if (!ops) {
+                ops = kzalloc(sizeof(*ops), GFP_KERNEL);
+                if (!ops)
+                        return -ENOMEM;
+
+                ops->fops.func = klp_ftrace_handler;
+                ops->fops.flags = FTRACE_OPS_FL_SAVE_REGS |
+                                  FTRACE_OPS_FL_DYNAMIC |
+                                  FTRACE_OPS_FL_IPMODIFY;
+
+                list_add(&ops->node, &klp_ops);
+
+                INIT_LIST_HEAD(&ops->func_stack);
+                list_add_rcu(&func->stack_node, &ops->func_stack);
+
+                ret = ftrace_set_filter_ip(&ops->fops, func->old_addr, 0, 0);
+                if (ret) {
+                        pr_err("failed to set ftrace filter for function '%s' (%d)\n",
+                               func->old_name, ret);
+                        goto err;
+                }
+
+                ret = register_ftrace_function(&ops->fops);
+                if (ret) {
+                        pr_err("failed to register ftrace handler for function '%s' (%d)\n",
+                               func->old_name, ret);
+                        ftrace_set_filter_ip(&ops->fops, func->old_addr, 1, 0);
+                        goto err;
+                }
+
+
+        } else {
+                list_add_rcu(&func->stack_node, &ops->func_stack);
+        }
+
+        func->state = KLP_ENABLED;
+
+        return 0;
+
+err:
+        list_del_rcu(&func->stack_node);
+        list_del(&ops->node);
+        kfree(ops);
+        return ret;
+}
+
+static int klp_disable_object(struct klp_object *obj)
+{
+        struct klp_func *func;
+        int ret;
+
+        for (func = obj->funcs; func->old_name; func++) {
+                if (func->state != KLP_ENABLED)
+                        continue;
+
+                ret = klp_disable_func(func);
+                if (ret)
+                        return ret;
+        }
+
+        obj->state = KLP_DISABLED;
+
+        return 0;
+}
+
+static int klp_enable_object(struct klp_object *obj)
+{
+        struct klp_func *func;
+        int ret;
+
+        if (WARN_ON(obj->state != KLP_DISABLED))
+                return -EINVAL;
+
+        if (WARN_ON(!klp_is_object_loaded(obj)))
+                return -EINVAL;
+
+        for (func = obj->funcs; func->old_name; func++) {
+                ret = klp_enable_func(func);
+                if (ret)
+                        goto unregister;
+        }
+        obj->state = KLP_ENABLED;
+
+        return 0;
+
+unregister:
+        WARN_ON(klp_disable_object(obj));
+        return ret;
+}
+
+static int __klp_disable_patch(struct klp_patch *patch)
+{
+        struct klp_object *obj;
+        int ret;
+
+        /* enforce stacking: only the last enabled patch can be disabled */
+        if (!list_is_last(&patch->list, &klp_patches) &&
+            list_next_entry(patch, list)->state == KLP_ENABLED)
+                return -EBUSY;
+
+        pr_notice("disabling patch '%s'\n", patch->mod->name);
+
+        for (obj = patch->objs; obj->funcs; obj++) {
+                if (obj->state != KLP_ENABLED)
+                        continue;
+
+                ret = klp_disable_object(obj);
+                if (ret)
+                        return ret;
+        }
+
+        patch->state = KLP_DISABLED;
+
+        return 0;
+}
+
+/**
+ * klp_disable_patch() - disables a registered patch
+ * @patch:      The registered, enabled patch to be disabled
+ *
+ * Unregisters the patched functions from ftrace.
+ *
+ * Return: 0 on success, otherwise error
+ */
+int klp_disable_patch(struct klp_patch *patch)
+{
+        int ret;
+
+        mutex_lock(&klp_mutex);
+
+        if (!klp_is_patch_registered(patch)) {
+                ret = -EINVAL;
+                goto err;
+        }
+
+        if (patch->state == KLP_DISABLED) {
+                ret = -EINVAL;
+                goto err;
+        }
+
+        ret = __klp_disable_patch(patch);
+
+err:
+        mutex_unlock(&klp_mutex);
+        return ret;
+}
+EXPORT_SYMBOL_GPL(klp_disable_patch);
+
+static int __klp_enable_patch(struct klp_patch *patch)
+{
+        struct klp_object *obj;
+        int ret;
+
+        if (WARN_ON(patch->state != KLP_DISABLED))
+                return -EINVAL;
+
+        /* enforce stacking: only the first disabled patch can be enabled */
+        if (patch->list.prev != &klp_patches &&
+            list_prev_entry(patch, list)->state == KLP_DISABLED)
+                return -EBUSY;
+
+        pr_notice_once("tainting kernel with TAINT_LIVEPATCH\n");
+        add_taint(TAINT_LIVEPATCH, LOCKDEP_STILL_OK);
+
+        pr_notice("enabling patch '%s'\n", patch->mod->name);
+
+        for (obj = patch->objs; obj->funcs; obj++) {
+                klp_find_object_module(obj);
+
+                if (!klp_is_object_loaded(obj))
+                        continue;
+
+                ret = klp_enable_object(obj);
+                if (ret)
+                        goto unregister;
+        }
+
+        patch->state = KLP_ENABLED;
+
+        return 0;
+
+unregister:
+        WARN_ON(__klp_disable_patch(patch));
+        return ret;
+}
+
+/**
+ * klp_enable_patch() - enables a registered patch
+ * @patch:      The registered, disabled patch to be enabled
+ *
+ * Performs the needed symbol lookups and code relocations,
+ * then registers the patched functions with ftrace.
+ *
+ * Return: 0 on success, otherwise error
+ */
+int klp_enable_patch(struct klp_patch *patch)
+{
+        int ret;
+
+        mutex_lock(&klp_mutex);
+
+        if (!klp_is_patch_registered(patch)) {
+                ret = -EINVAL;
+                goto err;
+        }
+
+        ret = __klp_enable_patch(patch);
+
+err:
+        mutex_unlock(&klp_mutex);
+        return ret;
+}
+EXPORT_SYMBOL_GPL(klp_enable_patch);
+
+/*
+ * Sysfs Interface
+ *
+ * /sys/kernel/livepatch
+ * /sys/kernel/livepatch/<patch>
+ * /sys/kernel/livepatch/<patch>/enabled
+ * /sys/kernel/livepatch/<patch>/<object>
+ * /sys/kernel/livepatch/<patch>/<object>/<func>
+ */
+
+static ssize_t enabled_store(struct kobject *kobj, struct kobj_attribute *attr,
+                             const char *buf, size_t count)
+{
+        struct klp_patch *patch;
+        int ret;
+        unsigned long val;
+
+        ret = kstrtoul(buf, 10, &val);
+        if (ret)
+                return -EINVAL;
+
+        if (val != KLP_DISABLED && val != KLP_ENABLED)
+                return -EINVAL;
+
+        patch = container_of(kobj, struct klp_patch, kobj);
+
+        mutex_lock(&klp_mutex);
+
+        if (val == patch->state) {
+                /* already in requested state */
+                ret = -EINVAL;
+                goto err;
+        }
+
+        if (val == KLP_ENABLED) {
+                ret = __klp_enable_patch(patch);
+                if (ret)
+                        goto err;
+        } else {
+                ret = __klp_disable_patch(patch);
+                if (ret)
+                        goto err;
+        }
+
+        mutex_unlock(&klp_mutex);
+
+        return count;
+
+err:
+        mutex_unlock(&klp_mutex);
+        return ret;
+}
+
+static ssize_t enabled_show(struct kobject *kobj,
+                            struct kobj_attribute *attr, char *buf)
+{
+        struct klp_patch *patch;
+
+        patch = container_of(kobj, struct klp_patch, kobj);
+        return snprintf(buf, PAGE_SIZE-1, "%d\n", patch->state);
+}
+
+static struct kobj_attribute enabled_kobj_attr = __ATTR_RW(enabled);
+static struct attribute *klp_patch_attrs[] = {
+        &enabled_kobj_attr.attr,
+        NULL
+};
+
+static void klp_kobj_release_patch(struct kobject *kobj)
+{
+        /*
+         * Once we have a consistency model we'll need to module_put() the
+         * patch module here.  See klp_register_patch() for more details.
+         */
+}
+
+static struct kobj_type klp_ktype_patch = {
+        .release = klp_kobj_release_patch,
+        .sysfs_ops = &kobj_sysfs_ops,
+        .default_attrs = klp_patch_attrs,
+};
+
+static void klp_kobj_release_func(struct kobject *kobj)
+{
+}
+
+static struct kobj_type klp_ktype_func = {
+        .release = klp_kobj_release_func,
+        .sysfs_ops = &kobj_sysfs_ops,
+};
+
+/*
+ * Free all functions' kobjects in the array up to some limit. When limit is
+ * NULL, all kobjects are freed.
+ */
+static void klp_free_funcs_limited(struct klp_object *obj,
+                                   struct klp_func *limit)
+{
+        struct klp_func *func;
+
+        for (func = obj->funcs; func->old_name && func != limit; func++)
+                kobject_put(&func->kobj);
+}
+
+/* Clean up when a patched object is unloaded */
+static void klp_free_object_loaded(struct klp_object *obj)
+{
+        struct klp_func *func;
+
+        obj->mod = NULL;
+
+        for (func = obj->funcs; func->old_name; func++)
+                func->old_addr = 0;
+}
+
+/*
+ * Free all objects' kobjects in the array up to some limit. When limit is
+ * NULL, all kobjects are freed.
+ */
+static void klp_free_objects_limited(struct klp_patch *patch,
+                                     struct klp_object *limit)
+{
+        struct klp_object *obj;
+
+        for (obj = patch->objs; obj->funcs && obj != limit; obj++) {
+                klp_free_funcs_limited(obj, NULL);
+                kobject_put(obj->kobj);
+        }
+}
+
+static void klp_free_patch(struct klp_patch *patch)
+{
+        klp_free_objects_limited(patch, NULL);
+        if (!list_empty(&patch->list))
+                list_del(&patch->list);
+        kobject_put(&patch->kobj);
+}
+
+static int klp_init_func(struct klp_object *obj, struct klp_func *func)
+{
+        INIT_LIST_HEAD(&func->stack_node);
+        func->state = KLP_DISABLED;
+
+        return kobject_init_and_add(&func->kobj, &klp_ktype_func,
+                                    obj->kobj, func->old_name);
+}
+
+/* parts of the initialization that is done only when the object is loaded */
+static int klp_init_object_loaded(struct klp_patch *patch,
+                                  struct klp_object *obj)
+{
+        struct klp_func *func;
+        int ret;
+
+        if (obj->relocs) {
+                ret = klp_write_object_relocations(patch->mod, obj);
+                if (ret)
+                        return ret;
+        }
+
+        for (func = obj->funcs; func->old_name; func++) {
+                ret = klp_find_verify_func_addr(obj, func);
+                if (ret)
+                        return ret;
+        }
+
+        return 0;
+}
+
+static int klp_init_object(struct klp_patch *patch, struct klp_object *obj)
+{
+        struct klp_func *func;
+        int ret;
+        const char *name;
+
+        if (!obj->funcs)
+                return -EINVAL;
+
+        obj->state = KLP_DISABLED;
+
+        klp_find_object_module(obj);
+
+        name = klp_is_module(obj) ? obj->name : "vmlinux";
+        obj->kobj = kobject_create_and_add(name, &patch->kobj);
+        if (!obj->kobj)
+                return -ENOMEM;
+
+        for (func = obj->funcs; func->old_name; func++) {
+                ret = klp_init_func(obj, func);
+                if (ret)
+                        goto free;
+        }
+
+        if (klp_is_object_loaded(obj)) {
+                ret = klp_init_object_loaded(patch, obj);
+                if (ret)
+                        goto free;
+        }
+
+        return 0;
+
+free:
+        klp_free_funcs_limited(obj, func);
+        kobject_put(obj->kobj);
+        return ret;
+}
+
+static int klp_init_patch(struct klp_patch *patch)
+{
+        struct klp_object *obj;
+        int ret;
+
+        if (!patch->objs)
+                return -EINVAL;
+
+        mutex_lock(&klp_mutex);
+
+        patch->state = KLP_DISABLED;
+
+        ret = kobject_init_and_add(&patch->kobj, &klp_ktype_patch,
+                                   klp_root_kobj, patch->mod->name);
+        if (ret)
+                goto unlock;
+
+        for (obj = patch->objs; obj->funcs; obj++) {
+                ret = klp_init_object(patch, obj);
+                if (ret)
+                        goto free;
+        }
+
+        list_add_tail(&patch->list, &klp_patches);
+
+        mutex_unlock(&klp_mutex);
+
+        return 0;
+
+free:
+        klp_free_objects_limited(patch, obj);
+        kobject_put(&patch->kobj);
+unlock:
+        mutex_unlock(&klp_mutex);
+        return ret;
+}
+
+/**
+ * klp_unregister_patch() - unregisters a patch
+ * @patch:      Disabled patch to be unregistered
+ *
+ * Frees the data structures and removes the sysfs interface.
+ *
+ * Return: 0 on success, otherwise error
+ */
+int klp_unregister_patch(struct klp_patch *patch)
+{
+        int ret = 0;
+
+        mutex_lock(&klp_mutex);
+
+        if (!klp_is_patch_registered(patch)) {
+                ret = -EINVAL;
+                goto out;
+        }
+
+        if (patch->state == KLP_ENABLED) {
+                ret = -EBUSY;
+                goto out;
+        }
+
+        klp_free_patch(patch);
+
+out:
+        mutex_unlock(&klp_mutex);
+        return ret;
+}
+EXPORT_SYMBOL_GPL(klp_unregister_patch);
+
+/**
+ * klp_register_patch() - registers a patch
+ * @patch:      Patch to be registered
+ *
+ * Initializes the data structure associated with the patch and
+ * creates the sysfs interface.
+ *
+ * Return: 0 on success, otherwise error
+ */
+int klp_register_patch(struct klp_patch *patch)
+{
+        int ret;
+
+        if (!klp_initialized())
+                return -ENODEV;
+
+        if (!patch || !patch->mod)
+                return -EINVAL;
+
+        /*
+         * A reference is taken on the patch module to prevent it from being
+         * unloaded.  Right now, we don't allow patch modules to unload since
+         * there is currently no method to determine if a thread is still
+         * running in the patched code contained in the patch module once
+         * the ftrace registration is successful.
+         */
+        if (!try_module_get(patch->mod))
+                return -ENODEV;
+
+        ret = klp_init_patch(patch);
+        if (ret)
+                module_put(patch->mod);
+
+        return ret;
+}
+EXPORT_SYMBOL_GPL(klp_register_patch);
+
+static void klp_module_notify_coming(struct klp_patch *patch,
+                                     struct klp_object *obj)
+{
+        struct module *pmod = patch->mod;
+        struct module *mod = obj->mod;
+        int ret;
+
+        ret = klp_init_object_loaded(patch, obj);
+        if (ret)
+                goto err;
+
+        if (patch->state == KLP_DISABLED)
+                return;
+
+        pr_notice("applying patch '%s' to loading module '%s'\n",
+                  pmod->name, mod->name);
+
+        ret = klp_enable_object(obj);
+        if (!ret)
+                return;
+
+err:
+        pr_warn("failed to apply patch '%s' to module '%s' (%d)\n",
+                pmod->name, mod->name, ret);
+}
+
+static void klp_module_notify_going(struct klp_patch *patch,
+                                    struct klp_object *obj)
+{
+        struct module *pmod = patch->mod;
+        struct module *mod = obj->mod;
+        int ret;
+
+        if (patch->state == KLP_DISABLED)
+                goto disabled;
+
+        pr_notice("reverting patch '%s' on unloading module '%s'\n",
+                  pmod->name, mod->name);
+
+        ret = klp_disable_object(obj);
+        if (ret)
+                pr_warn("failed to revert patch '%s' on module '%s' (%d)\n",
+                        pmod->name, mod->name, ret);
+
+disabled:
+        klp_free_object_loaded(obj);
+}
+
+static int klp_module_notify(struct notifier_block *nb, unsigned long action,
+                             void *data)
+{
+        struct module *mod = data;
+        struct klp_patch *patch;
+        struct klp_object *obj;
+
+        if (action != MODULE_STATE_COMING && action != MODULE_STATE_GOING)
+                return 0;
+
+        mutex_lock(&klp_mutex);
+
+        list_for_each_entry(patch, &klp_patches, list) {
+                for (obj = patch->objs; obj->funcs; obj++) {
+                        if (!klp_is_module(obj) || strcmp(obj->name, mod->name))
+                                continue;
+
+                        if (action == MODULE_STATE_COMING) {
+                                obj->mod = mod;
+                                klp_module_notify_coming(patch, obj);
+                        } else /* MODULE_STATE_GOING */
+                                klp_module_notify_going(patch, obj);
+
+                        break;
+                }
+        }
+
+        mutex_unlock(&klp_mutex);
+
+        return 0;
+}
+
+static struct notifier_block klp_module_nb = {
+        .notifier_call = klp_module_notify,
+        .priority = INT_MIN+1, /* called late but before ftrace notifier */
+};
+
+static int klp_init(void)
+{
+        int ret;
+
+        ret = klp_check_compiler_support();
+        if (ret) {
+                pr_info("Your compiler is too old; turning off.\n");
+                return -EINVAL;
+        }
+
+        ret = register_module_notifier(&klp_module_nb);
+        if (ret)
+                return ret;
+
+        klp_root_kobj = kobject_create_and_add("livepatch", kernel_kobj);
+        if (!klp_root_kobj) {
+                ret = -ENOMEM;
+                goto unregister;
+        }
+
+        return 0;
+
+unregister:
+        unregister_module_notifier(&klp_module_nb);
+        return ret;
+}
+
+module_init(klp_init);
diff --git a/kernel/panic.c b/kernel/panic.c
index 4d8d6f906dec..8136ad76e5fd 100644
--- a/kernel/panic.c
+++ b/kernel/panic.c
@@ -226,6 +226,7 @@ static const struct tnt tnts[] = {
         { TAINT_OOT_MODULE,             'O', ' ' },
         { TAINT_UNSIGNED_MODULE,        'E', ' ' },
         { TAINT_SOFTLOCKUP,             'L', ' ' },
+        { TAINT_LIVEPATCH,              'K', ' ' },
 };
 
 /**
@@ -246,6 +247,7 @@ static const struct tnt tnts[] = {
  *  'O' - Out-of-tree module has been loaded.
  *  'E' - Unsigned module has been loaded.
  *  'L' - A soft lockup has previously occurred.
+ *  'K' - Kernel has been live patched.
  *
  *      The string is overwritten by the next call to print_tainted().
  */
diff --git a/samples/Kconfig b/samples/Kconfig
index 6181c2cc9ca0..224ebb46bed5 100644
--- a/samples/Kconfig
+++ b/samples/Kconfig
@@ -63,4 +63,11 @@ config SAMPLE_RPMSG_CLIENT
           to communicate with an AMP-configured remote processor over
           the rpmsg bus.
 
+config SAMPLE_LIVEPATCH
+        tristate "Build live patching sample -- loadable modules only"
+        depends on LIVEPATCH && m
+        help
+          Builds a sample live patch that replaces the procfs handler
+          for /proc/cmdline to print "this has been live patched".
+
 endif # SAMPLES
diff --git a/samples/Makefile b/samples/Makefile
index 1a60c62e2045..f00257bcc5a7 100644
--- a/samples/Makefile
+++ b/samples/Makefile
@@ -1,4 +1,4 @@
 # Makefile for Linux samples code
 
-obj-$(CONFIG_SAMPLES)   += kobject/ kprobes/ trace_events/ \
+obj-$(CONFIG_SAMPLES)   += kobject/ kprobes/ trace_events/ livepatch/ \
                            hw_breakpoint/ kfifo/ kdb/ hidraw/ rpmsg/ seccomp/
diff --git a/samples/livepatch/Makefile b/samples/livepatch/Makefile
new file mode 100644
index 000000000000..10319d7ea0b1
--- /dev/null
+++ b/samples/livepatch/Makefile
@@ -0,0 +1 @@
+obj-$(CONFIG_SAMPLE_LIVEPATCH) += livepatch-sample.o
diff --git a/samples/livepatch/livepatch-sample.c b/samples/livepatch/livepatch-sample.c
new file mode 100644
index 000000000000..fb8c8614e728
--- /dev/null
+++ b/samples/livepatch/livepatch-sample.c
@@ -0,0 +1,91 @@
+/*
+ * livepatch-sample.c - Kernel Live Patching Sample Module
+ *
+ * Copyright (C) 2014 Seth Jennings <sjenning@redhat.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <linux/module.h>
+#include <linux/kernel.h>
+#include <linux/livepatch.h>
+
+/*
+ * This (dumb) live patch overrides the function that prints the
+ * kernel boot cmdline when /proc/cmdline is read.
+ *
+ * Example:
+ *
+ * $ cat /proc/cmdline
+ * <your cmdline>
+ *
+ * $ insmod livepatch-sample.ko
+ * $ cat /proc/cmdline
+ * this has been live patched
+ *
+ * $ echo 0 > /sys/kernel/livepatch/livepatch_sample/enabled
+ * $ cat /proc/cmdline
+ * <your cmdline>
+ */
+
+#include <linux/seq_file.h>
+static int livepatch_cmdline_proc_show(struct seq_file *m, void *v)
+{
+        seq_printf(m, "%s\n", "this has been live patched");
+        return 0;
+}
+
+static struct klp_func funcs[] = {
+        {
+                .old_name = "cmdline_proc_show",
+                .new_func = livepatch_cmdline_proc_show,
+        }, { }
+};
+
+static struct klp_object objs[] = {
+        {
+                /* name being NULL means vmlinux */
+                .funcs = funcs,
+        }, { }
+};
+
+static struct klp_patch patch = {
+        .mod = THIS_MODULE,
+        .objs = objs,
+};
+
+static int livepatch_init(void)
+{
+        int ret;
+
+        ret = klp_register_patch(&patch);
+        if (ret)
+                return ret;
+        ret = klp_enable_patch(&patch);
+        if (ret) {
+                WARN_ON(klp_unregister_patch(&patch));
+                return ret;
+        }
+        return 0;
+}
+
+static void livepatch_exit(void)
+{
+        WARN_ON(klp_disable_patch(&patch));
+        WARN_ON(klp_unregister_patch(&patch));
+}
+
+module_init(livepatch_init);
+module_exit(livepatch_exit);
+MODULE_LICENSE("GPL");