1 files changed, 63 insertions, 1 deletions
diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c
index e63b80e5861c..3a4bf35c179b 100644
--- a/arch/x86/kernel/alternative.c
+++ b/arch/x86/kernel/alternative.c
@@ -7,6 +7,7 @@
 #include <linux/mm.h>
 #include <linux/vmalloc.h>
 #include <linux/memory.h>
+#include <linux/stop_machine.h>
 #include <asm/alternative.h>
 #include <asm/sections.h>
 #include <asm/pgtable.h>
@@ -205,7 +206,7 @@ void __init_or_module apply_alternatives(struct alt_instr *start,
                                         struct alt_instr *end)
 {
        struct alt_instr *a;
-        char insnbuf[MAX_PATCH_LEN];
+        u8 insnbuf[MAX_PATCH_LEN];
        DPRINTK("%s: alt table %p -> %p\n", __func__, start, end);
        for (a = start; a < end; a++) {
@@ -223,6 +224,8 @@ void __init_or_module apply_alternatives(struct alt_instr *start,
                }
 #endif
                memcpy(insnbuf, a->replacement, a->replacementlen);
+                if (*insnbuf == 0xe8 && a->replacementlen == 5)
+                    *(s32 *)(insnbuf + 1) += a->replacement - a->instr;
                add_nops(insnbuf + a->replacementlen,
                         a->instrlen - a->replacementlen);
                text_poke_early(instr, insnbuf, a->instrlen);
@@ -570,3 +573,62 @@ void *__kprobes text_poke(void *addr, const void *opcode, size_t len)
        local_irq_restore(flags);
        return addr;
 }
+/*
+ * Cross-modifying kernel text with stop_machine().
+ * This code originally comes from immediate value.
+ */
+static atomic_t stop_machine_first;
+static int wrote_text;
+struct text_poke_params {
+        void *addr;
+        const void *opcode;
+        size_t len;
+};
+static int __kprobes stop_machine_text_poke(void *data)
+{
+        struct text_poke_params *tpp = data;
+        if (atomic_dec_and_test(&stop_machine_first)) {
+                text_poke(tpp->addr, tpp->opcode, tpp->len);
+                smp_wmb();      /* Make sure other cpus see that this has run */
+                wrote_text = 1;
+        } else {
+                while (!wrote_text)
+                        cpu_relax();
+                smp_mb();       /* Load wrote_text before following execution */
+        }
+        flush_icache_range((unsigned long)tpp->addr,
+                           (unsigned long)tpp->addr + tpp->len);
+        return 0;
+}
+/**
+ * text_poke_smp - Update instructions on a live kernel on SMP
+ * @addr: address to modify
+ * @opcode: source of the copy
+ * @len: length to copy
+ *
+ * Modify multi-byte instruction by using stop_machine() on SMP. This allows
+ * user to poke/set multi-byte text on SMP. Only non-NMI/MCE code modifying
+ * should be allowed, since stop_machine() does _not_ protect code against
+ * NMI and MCE.
+ *
+ * Note: Must be called under get_online_cpus() and text_mutex.
+ */
+void *__kprobes text_poke_smp(void *addr, const void *opcode, size_t len)
+{
+        struct text_poke_params tpp;
+        tpp.addr = addr;
+        tpp.opcode = opcode;
+        tpp.len = len;
+        atomic_set(&stop_machine_first, 1);
+        wrote_text = 0;
+        stop_machine(stop_machine_text_poke, (void *)&tpp, NULL);
+        return addr;
+}

diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c index e63b80e5861c..3a4bf35c179b 100644 --- a/arch/x86/kernel/alternative.c +++ b/arch/x86/kernel/alternative.c
@@ -7,6 +7,7 @@
7	#include <linux/mm.h>	7	#include <linux/mm.h>
8	#include <linux/vmalloc.h>	8	#include <linux/vmalloc.h>
9	#include <linux/memory.h>	9	#include <linux/memory.h>
		10	#include <linux/stop_machine.h>
10	#include <asm/alternative.h>	11	#include <asm/alternative.h>
11	#include <asm/sections.h>	12	#include <asm/sections.h>
12	#include <asm/pgtable.h>	13	#include <asm/pgtable.h>
@@ -205,7 +206,7 @@ void __init_or_module apply_alternatives(struct alt_instr *start,
205	struct alt_instr *end)	206	struct alt_instr *end)
206	{	207	{
207	struct alt_instr *a;	208	struct alt_instr *a;
208	char insnbuf[MAX_PATCH_LEN];	209	u8 insnbuf[MAX_PATCH_LEN];
209		210
210	DPRINTK("%s: alt table %p -> %p\n", __func__, start, end);	211	DPRINTK("%s: alt table %p -> %p\n", __func__, start, end);
211	for (a = start; a < end; a++) {	212	for (a = start; a < end; a++) {
@@ -223,6 +224,8 @@ void __init_or_module apply_alternatives(struct alt_instr *start,
223	}	224	}
224	#endif	225	#endif
225	memcpy(insnbuf, a->replacement, a->replacementlen);	226	memcpy(insnbuf, a->replacement, a->replacementlen);
		227	if (*insnbuf == 0xe8 && a->replacementlen == 5)
		228	(s32 )(insnbuf + 1) += a->replacement - a->instr;
226	add_nops(insnbuf + a->replacementlen,	229	add_nops(insnbuf + a->replacementlen,
227	a->instrlen - a->replacementlen);	230	a->instrlen - a->replacementlen);
228	text_poke_early(instr, insnbuf, a->instrlen);	231	text_poke_early(instr, insnbuf, a->instrlen);
@@ -570,3 +573,62 @@ void __kprobes text_poke(void addr, const void *opcode, size_t len)
570	local_irq_restore(flags);	573	local_irq_restore(flags);
571	return addr;	574	return addr;
572	}	575	}
		576
		577	/*
		578	* Cross-modifying kernel text with stop_machine().
		579	* This code originally comes from immediate value.
		580	*/
		581	static atomic_t stop_machine_first;
		582	static int wrote_text;
		583
		584	struct text_poke_params {
		585	void *addr;
		586	const void *opcode;
		587	size_t len;
		588	};
		589
		590	static int __kprobes stop_machine_text_poke(void *data)
		591	{
		592	struct text_poke_params *tpp = data;
		593
		594	if (atomic_dec_and_test(&stop_machine_first)) {
		595	text_poke(tpp->addr, tpp->opcode, tpp->len);
		596	smp_wmb(); /* Make sure other cpus see that this has run */
		597	wrote_text = 1;
		598	} else {
		599	while (!wrote_text)
		600	cpu_relax();
		601	smp_mb(); /* Load wrote_text before following execution */
		602	}
		603
		604	flush_icache_range((unsigned long)tpp->addr,
		605	(unsigned long)tpp->addr + tpp->len);
		606	return 0;
		607	}
		608
		609	/**
		610	* text_poke_smp - Update instructions on a live kernel on SMP
		611	* @addr: address to modify
		612	* @opcode: source of the copy
		613	* @len: length to copy
		614	*
		615	* Modify multi-byte instruction by using stop_machine() on SMP. This allows
		616	* user to poke/set multi-byte text on SMP. Only non-NMI/MCE code modifying
		617	* should be allowed, since stop_machine() does _not_ protect code against
		618	* NMI and MCE.
		619	*
		620	* Note: Must be called under get_online_cpus() and text_mutex.
		621	*/
		622	void __kprobes text_poke_smp(void addr, const void *opcode, size_t len)
		623	{
		624	struct text_poke_params tpp;
		625
		626	tpp.addr = addr;
		627	tpp.opcode = opcode;
		628	tpp.len = len;
		629	atomic_set(&stop_machine_first, 1);
		630	wrote_text = 0;
		631	stop_machine(stop_machine_text_poke, (void *)&tpp, NULL);
		632	return addr;
		633	}
		634