1 // SPDX-License-Identifier: GPL-2.0
2 // error-inject.c: Function-level error injection table
3 #include <linux/error-injection.h>
4 #include <linux/debugfs.h>
5 #include <linux/kallsyms.h>
6 #include <linux/kprobes.h>
7 #include <linux/module.h>
8 #include <linux/mutex.h>
9 #include <linux/list.h>
10 #include <linux/slab.h>
11
12 /* Whitelist of symbols that can be overridden for error injection. */
13 static LIST_HEAD(error_injection_list);
14 static DEFINE_MUTEX(ei_mutex);
15 struct ei_entry {
16 struct list_head list;
17 unsigned long start_addr;
18 unsigned long end_addr;
19 int etype;
20 void *priv;
21 };
22
within_error_injection_list(unsigned long addr)23 bool within_error_injection_list(unsigned long addr)
24 {
25 struct ei_entry *ent;
26 bool ret = false;
27
28 mutex_lock(&ei_mutex);
29 list_for_each_entry(ent, &error_injection_list, list) {
30 if (addr >= ent->start_addr && addr < ent->end_addr) {
31 ret = true;
32 break;
33 }
34 }
35 mutex_unlock(&ei_mutex);
36 return ret;
37 }
38
get_injectable_error_type(unsigned long addr)39 int get_injectable_error_type(unsigned long addr)
40 {
41 struct ei_entry *ent;
42
43 list_for_each_entry(ent, &error_injection_list, list) {
44 if (addr >= ent->start_addr && addr < ent->end_addr)
45 return ent->etype;
46 }
47 return EI_ETYPE_NONE;
48 }
49
50 /*
51 * Lookup and populate the error_injection_list.
52 *
53 * For safety reasons we only allow certain functions to be overridden with
54 * bpf_error_injection, so we need to populate the list of the symbols that have
55 * been marked as safe for overriding.
56 */
populate_error_injection_list(struct error_injection_entry * start,struct error_injection_entry * end,void * priv)57 static void populate_error_injection_list(struct error_injection_entry *start,
58 struct error_injection_entry *end,
59 void *priv)
60 {
61 struct error_injection_entry *iter;
62 struct ei_entry *ent;
63 unsigned long entry, offset = 0, size = 0;
64
65 mutex_lock(&ei_mutex);
66 for (iter = start; iter < end; iter++) {
67 entry = arch_deref_entry_point((void *)iter->addr);
68
69 if (!kernel_text_address(entry) ||
70 !kallsyms_lookup_size_offset(entry, &size, &offset)) {
71 pr_err("Failed to find error inject entry at %p\n",
72 (void *)entry);
73 continue;
74 }
75
76 ent = kmalloc(sizeof(*ent), GFP_KERNEL);
77 if (!ent)
78 break;
79 ent->start_addr = entry;
80 ent->end_addr = entry + size;
81 ent->etype = iter->etype;
82 ent->priv = priv;
83 INIT_LIST_HEAD(&ent->list);
84 list_add_tail(&ent->list, &error_injection_list);
85 }
86 mutex_unlock(&ei_mutex);
87 }
88
89 /* Markers of the _error_inject_whitelist section */
90 extern struct error_injection_entry __start_error_injection_whitelist[];
91 extern struct error_injection_entry __stop_error_injection_whitelist[];
92
populate_kernel_ei_list(void)93 static void __init populate_kernel_ei_list(void)
94 {
95 populate_error_injection_list(__start_error_injection_whitelist,
96 __stop_error_injection_whitelist,
97 NULL);
98 }
99
100 #ifdef CONFIG_MODULES
module_load_ei_list(struct module * mod)101 static void module_load_ei_list(struct module *mod)
102 {
103 if (!mod->num_ei_funcs)
104 return;
105
106 populate_error_injection_list(mod->ei_funcs,
107 mod->ei_funcs + mod->num_ei_funcs, mod);
108 }
109
module_unload_ei_list(struct module * mod)110 static void module_unload_ei_list(struct module *mod)
111 {
112 struct ei_entry *ent, *n;
113
114 if (!mod->num_ei_funcs)
115 return;
116
117 mutex_lock(&ei_mutex);
118 list_for_each_entry_safe(ent, n, &error_injection_list, list) {
119 if (ent->priv == mod) {
120 list_del_init(&ent->list);
121 kfree(ent);
122 }
123 }
124 mutex_unlock(&ei_mutex);
125 }
126
127 /* Module notifier call back, checking error injection table on the module */
ei_module_callback(struct notifier_block * nb,unsigned long val,void * data)128 static int ei_module_callback(struct notifier_block *nb,
129 unsigned long val, void *data)
130 {
131 struct module *mod = data;
132
133 if (val == MODULE_STATE_COMING)
134 module_load_ei_list(mod);
135 else if (val == MODULE_STATE_GOING)
136 module_unload_ei_list(mod);
137
138 return NOTIFY_DONE;
139 }
140
141 static struct notifier_block ei_module_nb = {
142 .notifier_call = ei_module_callback,
143 .priority = 0
144 };
145
module_ei_init(void)146 static __init int module_ei_init(void)
147 {
148 return register_module_notifier(&ei_module_nb);
149 }
150 #else /* !CONFIG_MODULES */
151 #define module_ei_init() (0)
152 #endif
153
154 /*
155 * error_injection/whitelist -- shows which functions can be overridden for
156 * error injection.
157 */
ei_seq_start(struct seq_file * m,loff_t * pos)158 static void *ei_seq_start(struct seq_file *m, loff_t *pos)
159 {
160 mutex_lock(&ei_mutex);
161 return seq_list_start(&error_injection_list, *pos);
162 }
163
ei_seq_stop(struct seq_file * m,void * v)164 static void ei_seq_stop(struct seq_file *m, void *v)
165 {
166 mutex_unlock(&ei_mutex);
167 }
168
ei_seq_next(struct seq_file * m,void * v,loff_t * pos)169 static void *ei_seq_next(struct seq_file *m, void *v, loff_t *pos)
170 {
171 return seq_list_next(v, &error_injection_list, pos);
172 }
173
error_type_string(int etype)174 static const char *error_type_string(int etype)
175 {
176 switch (etype) {
177 case EI_ETYPE_NULL:
178 return "NULL";
179 case EI_ETYPE_ERRNO:
180 return "ERRNO";
181 case EI_ETYPE_ERRNO_NULL:
182 return "ERRNO_NULL";
183 default:
184 return "(unknown)";
185 }
186 }
187
ei_seq_show(struct seq_file * m,void * v)188 static int ei_seq_show(struct seq_file *m, void *v)
189 {
190 struct ei_entry *ent = list_entry(v, struct ei_entry, list);
191
192 seq_printf(m, "%pf\t%s\n", (void *)ent->start_addr,
193 error_type_string(ent->etype));
194 return 0;
195 }
196
197 static const struct seq_operations ei_seq_ops = {
198 .start = ei_seq_start,
199 .next = ei_seq_next,
200 .stop = ei_seq_stop,
201 .show = ei_seq_show,
202 };
203
ei_open(struct inode * inode,struct file * filp)204 static int ei_open(struct inode *inode, struct file *filp)
205 {
206 return seq_open(filp, &ei_seq_ops);
207 }
208
209 static const struct file_operations debugfs_ei_ops = {
210 .open = ei_open,
211 .read = seq_read,
212 .llseek = seq_lseek,
213 .release = seq_release,
214 };
215
ei_debugfs_init(void)216 static int __init ei_debugfs_init(void)
217 {
218 struct dentry *dir, *file;
219
220 dir = debugfs_create_dir("error_injection", NULL);
221 if (!dir)
222 return -ENOMEM;
223
224 file = debugfs_create_file("list", 0444, dir, NULL, &debugfs_ei_ops);
225 if (!file) {
226 debugfs_remove(dir);
227 return -ENOMEM;
228 }
229
230 return 0;
231 }
232
init_error_injection(void)233 static int __init init_error_injection(void)
234 {
235 populate_kernel_ei_list();
236
237 if (!module_ei_init())
238 ei_debugfs_init();
239
240 return 0;
241 }
242 late_initcall(init_error_injection);
243