1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (C) 2019-2022 Red Hat, Inc. Daniel Bristot de Oliveira <bristot@kernel.org> 4 * 5 * Runtime reactor interface. 6 * 7 * A runtime monitor can cause a reaction to the detection of an 8 * exception on the model's execution. By default, the monitors have 9 * tracing reactions, printing the monitor output via tracepoints. 10 * But other reactions can be added (on-demand) via this interface. 11 * 12 * == Registering reactors == 13 * 14 * The struct rv_reactor defines a callback function to be executed 15 * in case of a model exception happens. The callback function 16 * receives a message to be (optionally) printed before executing 17 * the reaction. 18 * 19 * A RV reactor is registered via: 20 * int rv_register_reactor(struct rv_reactor *reactor) 21 * And unregistered via: 22 * int rv_unregister_reactor(struct rv_reactor *reactor) 23 * 24 * These functions are exported to modules, enabling reactors to be 25 * dynamically loaded. 26 * 27 * == User interface == 28 * 29 * The user interface resembles the kernel tracing interface and 30 * presents these files: 31 * 32 * "available_reactors" 33 * - List the available reactors, one per line. 34 * 35 * For example: 36 * # cat available_reactors 37 * nop 38 * panic 39 * printk 40 * 41 * "reacting_on" 42 * - It is an on/off general switch for reactors, disabling 43 * all reactions. 44 * 45 * "monitors/MONITOR/reactors" 46 * - List available reactors, with the select reaction for the given 47 * MONITOR inside []. The default one is the nop (no operation) 48 * reactor. 49 * - Writing the name of an reactor enables it to the given 50 * MONITOR. 51 * 52 * For example: 53 * # cat monitors/wip/reactors 54 * [nop] 55 * panic 56 * printk 57 * # echo panic > monitors/wip/reactors 58 * # cat monitors/wip/reactors 59 * nop 60 * [panic] 61 * printk 62 */ 63 64 #include <linux/slab.h> 65 66 #include "rv.h" 67 68 /* 69 * Interface for the reactor register. 70 */ 71 static LIST_HEAD(rv_reactors_list); 72 get_reactor_rdef_by_name(char * name)73 static struct rv_reactor_def *get_reactor_rdef_by_name(char *name) 74 { 75 struct rv_reactor_def *r; 76 77 list_for_each_entry(r, &rv_reactors_list, list) { 78 if (strcmp(name, r->reactor->name) == 0) 79 return r; 80 } 81 return NULL; 82 } 83 84 /* 85 * Available reactors seq functions. 86 */ reactors_show(struct seq_file * m,void * p)87 static int reactors_show(struct seq_file *m, void *p) 88 { 89 struct rv_reactor_def *rea_def = p; 90 91 seq_printf(m, "%s\n", rea_def->reactor->name); 92 return 0; 93 } 94 reactors_stop(struct seq_file * m,void * p)95 static void reactors_stop(struct seq_file *m, void *p) 96 { 97 mutex_unlock(&rv_interface_lock); 98 } 99 reactors_start(struct seq_file * m,loff_t * pos)100 static void *reactors_start(struct seq_file *m, loff_t *pos) 101 { 102 mutex_lock(&rv_interface_lock); 103 return seq_list_start(&rv_reactors_list, *pos); 104 } 105 reactors_next(struct seq_file * m,void * p,loff_t * pos)106 static void *reactors_next(struct seq_file *m, void *p, loff_t *pos) 107 { 108 return seq_list_next(p, &rv_reactors_list, pos); 109 } 110 111 /* 112 * available_reactors seq definition. 113 */ 114 static const struct seq_operations available_reactors_seq_ops = { 115 .start = reactors_start, 116 .next = reactors_next, 117 .stop = reactors_stop, 118 .show = reactors_show 119 }; 120 121 /* 122 * available_reactors interface. 123 */ available_reactors_open(struct inode * inode,struct file * file)124 static int available_reactors_open(struct inode *inode, struct file *file) 125 { 126 return seq_open(file, &available_reactors_seq_ops); 127 }; 128 129 static const struct file_operations available_reactors_ops = { 130 .open = available_reactors_open, 131 .read = seq_read, 132 .llseek = seq_lseek, 133 .release = seq_release 134 }; 135 136 /* 137 * Monitor's reactor file. 138 */ monitor_reactor_show(struct seq_file * m,void * p)139 static int monitor_reactor_show(struct seq_file *m, void *p) 140 { 141 struct rv_monitor_def *mdef = m->private; 142 struct rv_reactor_def *rdef = p; 143 144 if (mdef->rdef == rdef) 145 seq_printf(m, "[%s]\n", rdef->reactor->name); 146 else 147 seq_printf(m, "%s\n", rdef->reactor->name); 148 return 0; 149 } 150 151 /* 152 * available_reactors seq definition. 153 */ 154 static const struct seq_operations monitor_reactors_seq_ops = { 155 .start = reactors_start, 156 .next = reactors_next, 157 .stop = reactors_stop, 158 .show = monitor_reactor_show 159 }; 160 monitor_swap_reactors(struct rv_monitor_def * mdef,struct rv_reactor_def * rdef,bool reacting)161 static void monitor_swap_reactors(struct rv_monitor_def *mdef, struct rv_reactor_def *rdef, 162 bool reacting) 163 { 164 bool monitor_enabled; 165 166 /* nothing to do */ 167 if (mdef->rdef == rdef) 168 return; 169 170 monitor_enabled = mdef->monitor->enabled; 171 if (monitor_enabled) 172 rv_disable_monitor(mdef); 173 174 /* swap reactor's usage */ 175 mdef->rdef->counter--; 176 rdef->counter++; 177 178 mdef->rdef = rdef; 179 mdef->reacting = reacting; 180 mdef->monitor->react = rdef->reactor->react; 181 182 if (monitor_enabled) 183 rv_enable_monitor(mdef); 184 } 185 186 static ssize_t monitor_reactors_write(struct file * file,const char __user * user_buf,size_t count,loff_t * ppos)187 monitor_reactors_write(struct file *file, const char __user *user_buf, 188 size_t count, loff_t *ppos) 189 { 190 char buff[MAX_RV_REACTOR_NAME_SIZE + 2]; 191 struct rv_monitor_def *mdef; 192 struct rv_reactor_def *rdef; 193 struct seq_file *seq_f; 194 int retval = -EINVAL; 195 bool enable; 196 char *ptr; 197 int len; 198 199 if (count < 1 || count > MAX_RV_REACTOR_NAME_SIZE + 1) 200 return -EINVAL; 201 202 memset(buff, 0, sizeof(buff)); 203 204 retval = simple_write_to_buffer(buff, sizeof(buff) - 1, ppos, user_buf, count); 205 if (retval < 0) 206 return -EFAULT; 207 208 ptr = strim(buff); 209 210 len = strlen(ptr); 211 if (!len) 212 return count; 213 214 /* 215 * See monitor_reactors_open() 216 */ 217 seq_f = file->private_data; 218 mdef = seq_f->private; 219 220 mutex_lock(&rv_interface_lock); 221 222 retval = -EINVAL; 223 224 list_for_each_entry(rdef, &rv_reactors_list, list) { 225 if (strcmp(ptr, rdef->reactor->name) != 0) 226 continue; 227 228 if (rdef == get_reactor_rdef_by_name("nop")) 229 enable = false; 230 else 231 enable = true; 232 233 monitor_swap_reactors(mdef, rdef, enable); 234 235 retval = count; 236 break; 237 } 238 239 mutex_unlock(&rv_interface_lock); 240 241 return retval; 242 } 243 244 /* 245 * available_reactors interface. 246 */ monitor_reactors_open(struct inode * inode,struct file * file)247 static int monitor_reactors_open(struct inode *inode, struct file *file) 248 { 249 struct rv_monitor_def *mdef = inode->i_private; 250 struct seq_file *seq_f; 251 int ret; 252 253 ret = seq_open(file, &monitor_reactors_seq_ops); 254 if (ret < 0) 255 return ret; 256 257 /* 258 * seq_open stores the seq_file on the file->private data. 259 */ 260 seq_f = file->private_data; 261 262 /* 263 * Copy the create file "private" data to the seq_file private data. 264 */ 265 seq_f->private = mdef; 266 267 return 0; 268 }; 269 270 static const struct file_operations monitor_reactors_ops = { 271 .open = monitor_reactors_open, 272 .read = seq_read, 273 .llseek = seq_lseek, 274 .release = seq_release, 275 .write = monitor_reactors_write 276 }; 277 __rv_register_reactor(struct rv_reactor * reactor)278 static int __rv_register_reactor(struct rv_reactor *reactor) 279 { 280 struct rv_reactor_def *r; 281 282 list_for_each_entry(r, &rv_reactors_list, list) { 283 if (strcmp(reactor->name, r->reactor->name) == 0) { 284 pr_info("Reactor %s is already registered\n", reactor->name); 285 return -EINVAL; 286 } 287 } 288 289 r = kzalloc(sizeof(struct rv_reactor_def), GFP_KERNEL); 290 if (!r) 291 return -ENOMEM; 292 293 r->reactor = reactor; 294 r->counter = 0; 295 296 list_add_tail(&r->list, &rv_reactors_list); 297 298 return 0; 299 } 300 301 /** 302 * rv_register_reactor - register a rv reactor. 303 * @reactor: The rv_reactor to be registered. 304 * 305 * Returns 0 if successful, error otherwise. 306 */ rv_register_reactor(struct rv_reactor * reactor)307 int rv_register_reactor(struct rv_reactor *reactor) 308 { 309 int retval = 0; 310 311 if (strlen(reactor->name) >= MAX_RV_REACTOR_NAME_SIZE) { 312 pr_info("Reactor %s has a name longer than %d\n", 313 reactor->name, MAX_RV_MONITOR_NAME_SIZE); 314 return -EINVAL; 315 } 316 317 mutex_lock(&rv_interface_lock); 318 retval = __rv_register_reactor(reactor); 319 mutex_unlock(&rv_interface_lock); 320 return retval; 321 } 322 323 /** 324 * rv_unregister_reactor - unregister a rv reactor. 325 * @reactor: The rv_reactor to be unregistered. 326 * 327 * Returns 0 if successful, error otherwise. 328 */ rv_unregister_reactor(struct rv_reactor * reactor)329 int rv_unregister_reactor(struct rv_reactor *reactor) 330 { 331 struct rv_reactor_def *ptr, *next; 332 int ret = 0; 333 334 mutex_lock(&rv_interface_lock); 335 336 list_for_each_entry_safe(ptr, next, &rv_reactors_list, list) { 337 if (strcmp(reactor->name, ptr->reactor->name) == 0) { 338 339 if (!ptr->counter) { 340 list_del(&ptr->list); 341 } else { 342 printk(KERN_WARNING 343 "rv: the rv_reactor %s is in use by %d monitor(s)\n", 344 ptr->reactor->name, ptr->counter); 345 printk(KERN_WARNING "rv: the rv_reactor %s cannot be removed\n", 346 ptr->reactor->name); 347 ret = -EBUSY; 348 break; 349 } 350 } 351 } 352 353 mutex_unlock(&rv_interface_lock); 354 return ret; 355 } 356 357 /* 358 * reacting_on interface. 359 */ 360 static bool __read_mostly reacting_on; 361 362 /** 363 * rv_reacting_on - checks if reacting is on 364 * 365 * Returns 1 if on, 0 otherwise. 366 */ rv_reacting_on(void)367 bool rv_reacting_on(void) 368 { 369 /* Ensures that concurrent monitors read consistent reacting_on */ 370 smp_rmb(); 371 return READ_ONCE(reacting_on); 372 } 373 reacting_on_read_data(struct file * filp,char __user * user_buf,size_t count,loff_t * ppos)374 static ssize_t reacting_on_read_data(struct file *filp, 375 char __user *user_buf, 376 size_t count, loff_t *ppos) 377 { 378 char *buff; 379 380 buff = rv_reacting_on() ? "1\n" : "0\n"; 381 382 return simple_read_from_buffer(user_buf, count, ppos, buff, strlen(buff)+1); 383 } 384 turn_reacting_off(void)385 static void turn_reacting_off(void) 386 { 387 WRITE_ONCE(reacting_on, false); 388 /* Ensures that concurrent monitors read consistent reacting_on */ 389 smp_wmb(); 390 } 391 turn_reacting_on(void)392 static void turn_reacting_on(void) 393 { 394 WRITE_ONCE(reacting_on, true); 395 /* Ensures that concurrent monitors read consistent reacting_on */ 396 smp_wmb(); 397 } 398 reacting_on_write_data(struct file * filp,const char __user * user_buf,size_t count,loff_t * ppos)399 static ssize_t reacting_on_write_data(struct file *filp, const char __user *user_buf, 400 size_t count, loff_t *ppos) 401 { 402 int retval; 403 bool val; 404 405 retval = kstrtobool_from_user(user_buf, count, &val); 406 if (retval) 407 return retval; 408 409 mutex_lock(&rv_interface_lock); 410 411 if (val) 412 turn_reacting_on(); 413 else 414 turn_reacting_off(); 415 416 /* 417 * Wait for the execution of all events to finish 418 * before returning to user-space. 419 */ 420 tracepoint_synchronize_unregister(); 421 422 mutex_unlock(&rv_interface_lock); 423 424 return count; 425 } 426 427 static const struct file_operations reacting_on_fops = { 428 .open = simple_open, 429 .write = reacting_on_write_data, 430 .read = reacting_on_read_data, 431 }; 432 433 /** 434 * reactor_populate_monitor - creates per monitor reactors file 435 * @mdef: monitor's definition. 436 * 437 * Returns 0 if successful, error otherwise. 438 */ reactor_populate_monitor(struct rv_monitor_def * mdef)439 int reactor_populate_monitor(struct rv_monitor_def *mdef) 440 { 441 struct dentry *tmp; 442 443 tmp = rv_create_file("reactors", RV_MODE_WRITE, mdef->root_d, mdef, &monitor_reactors_ops); 444 if (!tmp) 445 return -ENOMEM; 446 447 /* 448 * Configure as the rv_nop reactor. 449 */ 450 mdef->rdef = get_reactor_rdef_by_name("nop"); 451 mdef->rdef->counter++; 452 mdef->reacting = false; 453 454 return 0; 455 } 456 457 /** 458 * reactor_cleanup_monitor - cleanup a monitor reference 459 * @mdef: monitor's definition. 460 */ reactor_cleanup_monitor(struct rv_monitor_def * mdef)461 void reactor_cleanup_monitor(struct rv_monitor_def *mdef) 462 { 463 lockdep_assert_held(&rv_interface_lock); 464 mdef->rdef->counter--; 465 WARN_ON_ONCE(mdef->rdef->counter < 0); 466 } 467 468 /* 469 * Nop reactor register 470 */ rv_nop_reaction(char * msg)471 static void rv_nop_reaction(char *msg) 472 { 473 } 474 475 static struct rv_reactor rv_nop = { 476 .name = "nop", 477 .description = "no-operation reactor: do nothing.", 478 .react = rv_nop_reaction 479 }; 480 init_rv_reactors(struct dentry * root_dir)481 int init_rv_reactors(struct dentry *root_dir) 482 { 483 struct dentry *available, *reacting; 484 int retval; 485 486 available = rv_create_file("available_reactors", RV_MODE_READ, root_dir, NULL, 487 &available_reactors_ops); 488 if (!available) 489 goto out_err; 490 491 reacting = rv_create_file("reacting_on", RV_MODE_WRITE, root_dir, NULL, &reacting_on_fops); 492 if (!reacting) 493 goto rm_available; 494 495 retval = __rv_register_reactor(&rv_nop); 496 if (retval) 497 goto rm_reacting; 498 499 turn_reacting_on(); 500 501 return 0; 502 503 rm_reacting: 504 rv_remove(reacting); 505 rm_available: 506 rv_remove(available); 507 out_err: 508 return -ENOMEM; 509 } 510