memory_patcher: Add ability to detect patched memory

Rich Welch · Rich Welch · commit 438388390fe4 · 2021-10-13T00:07:37.000Z
Adapt the memory patching code to add detection logic so we can detect when
memory has already been patched. Look for this condition in patcher_open()
and relay the return code OPAL_ERR_RESOURCE_BUSY when the memory has been
previously patched. If we detect this, also unapply any patches that we've
applied.

Signed-off-by: Rich Welch &lt;rlwelch@amazon.com&gt;
diff --git a/opal/mca/memory/patcher/memory_patcher_component.c b/opal/mca/memory/patcher/memory_patcher_component.c
@@ -607,31 +607,31 @@ static int patcher_open(void)
     rc = opal_patcher->patch_symbol("mmap", (uintptr_t) intercept_mmap,
                                     (uintptr_t *) &original_mmap);
     if (OPAL_SUCCESS != rc) {
-        return rc;
+        goto err_patching;
     }
 #endif
 
 #if defined(SYS_munmap)
     rc = opal_patcher->patch_symbol("munmap", (uintptr_t) intercept_munmap,
                                     (uintptr_t *) &original_munmap);
     if (OPAL_SUCCESS != rc) {
-        return rc;
+        goto err_patching;
     }
 #endif
 
 #if defined(SYS_mremap)
     rc = opal_patcher->patch_symbol("mremap", (uintptr_t) intercept_mremap,
                                     (uintptr_t *) &original_mremap);
     if (OPAL_SUCCESS != rc) {
-        return rc;
+        goto err_patching;
     }
 #endif
 
 #if defined(SYS_madvise)
     rc = opal_patcher->patch_symbol("madvise", (uintptr_t) intercept_madvise,
                                     (uintptr_t *) &original_madvise);
     if (OPAL_SUCCESS != rc) {
-        return rc;
+        goto err_patching;
     }
 #endif
 
@@ -640,7 +640,7 @@ static int patcher_open(void)
     rc = opal_patcher->patch_symbol("shmat", (uintptr_t) intercept_shmat,
                                     (uintptr_t *) &original_shmat);
     if (OPAL_SUCCESS != rc) {
-        return rc;
+        goto err_patching;
     }
 #    endif
 #endif
@@ -650,7 +650,7 @@ static int patcher_open(void)
     rc = opal_patcher->patch_symbol("shmdt", (uintptr_t) intercept_shmdt,
                                     (uintptr_t *) &original_shmdt);
     if (OPAL_SUCCESS != rc) {
-        return rc;
+        goto err_patching;
     }
 #    endif
 #endif
@@ -659,6 +659,18 @@ static int patcher_open(void)
     rc = opal_patcher->patch_symbol("brk", (uintptr_t) intercept_brk, (uintptr_t *) &original_brk);
 #endif
 
+    if (OPAL_SUCCESS != rc) {
+        goto err_patching;
+    }
+
+    return OPAL_SUCCESS;
+
+err_patching:
+    /* In the case we had a problem patching, set this flag to 0 so we do not
+       directly return OPAL_SUCCESS if we call patcher_open() again. */
+    was_executed_already = 0;
+    opal_patcher_base_restore_all();
+
     return rc;
 }
 
diff --git a/opal/mca/patcher/base/base.h b/opal/mca/patcher/base/base.h
@@ -63,6 +63,7 @@ OBJ_CLASS_DECLARATION(mca_patcher_base_patch_t);
  */
 OPAL_DECLSPEC extern mca_base_framework_t opal_patcher_base_framework;
 OPAL_DECLSPEC int opal_patcher_base_select(void);
+OPAL_DECLSPEC int opal_patcher_base_restore_all(void);
 OPAL_DECLSPEC int mca_patcher_base_patch_hook(mca_patcher_base_module_t *module, uintptr_t hook);
 OPAL_DECLSPEC void mca_base_patcher_patch_apply_binary(mca_patcher_base_patch_t *patch);
 
diff --git a/opal/mca/patcher/base/patcher_base_frame.c b/opal/mca/patcher/base/patcher_base_frame.c
@@ -54,17 +54,35 @@ int opal_patcher_base_select(void)
     return OPAL_SUCCESS;
 }
 
-static int opal_patcher_base_close(void)
+int opal_patcher_base_restore_all(void)
 {
+    mca_patcher_base_patch_t *patch, *patch_next;
+
     if (opal_patcher == &empty_module) {
         return OPAL_SUCCESS;
     }
 
-    mca_patcher_base_patch_t *patch;
-    OPAL_LIST_FOREACH_REV (patch, &opal_patcher->patch_list, mca_patcher_base_patch_t) {
-        patch->patch_restore(patch);
+    opal_mutex_lock(&opal_patcher->patch_list_mutex);
+
+    OPAL_LIST_FOREACH_SAFE_REV(patch, patch_next, &opal_patcher->patch_list, mca_patcher_base_patch_t) {
+        patch->patch_restore (patch);
+        opal_list_remove_item(&opal_patcher->patch_list, &patch->super);
+        OBJ_RELEASE(patch);
+    }
+
+    opal_mutex_unlock(&opal_patcher->patch_list_mutex);
+
+    return OPAL_SUCCESS;
+}
+
+static int opal_patcher_base_close(void)
+{
+    if (opal_patcher == &empty_module) {
+        return OPAL_SUCCESS;
     }
 
+    opal_patcher_base_restore_all();
+
     OPAL_LIST_DESTRUCT(&opal_patcher->patch_list);
     OBJ_DESTRUCT(&opal_patcher->patch_list_mutex);
 
diff --git a/opal/mca/patcher/overwrite/patcher_overwrite_module.c b/opal/mca/patcher/overwrite/patcher_overwrite_module.c
@@ -57,7 +57,7 @@ static int mca_patcher_overwrite_apply_patch(mca_patcher_base_patch_t *patch)
     return OPAL_SUCCESS;
 }
 
-/* end of #if defined(__i386__) || defined(__x86_64__) || defined(__ia64__) */
+/* end of #if defined(__i386__) || defined(__x86_64__) */
 // ------------------------------------------------- PPC equivalent:
 #elif (OPAL_ASSEMBLY_ARCH == OPAL_POWERPC32) || (OPAL_ASSEMBLY_ARCH == OPAL_POWERPC64)
 
@@ -214,6 +214,78 @@ static int mca_patcher_overwrite_apply_patch(mca_patcher_base_patch_t *patch)
 
 #endif
 
+/*
+ * The logic in this function for each platform is based on code from
+ * mca_patcher_overwrite_apply_patch(). There are 2 general approaches:
+ * 1: Directly check constant instructions (ignoring addresses as parameters)
+ * 2: Generate a bit mask by passing min and max values to underlying helper
+ *    functions and negate the XOR'ed results. These results can be used to
+ *    mask off transient values (like addresess) and non-instruction values
+ *    (like register contents). Once the masks are applied, the results are
+ *    compared against the min values directly to check for equality. If equal,
+ *    we consider the memory to be previously patched.
+ */
+static bool mca_patcher_is_function_patched(unsigned char *target)
+{
+
+#if (OPAL_ASSEMBLY_ARCH == OPAL_IA32)
+    return (*(unsigned char *)target == 0xe9);
+#elif (OPAL_ASSEMBLY_ARCH == OPAL_X86_64)
+	return (
+		(*(unsigned short*)(target + 0) == 0xbb49) &&
+		(*(unsigned char* )(target +10) == 0x41  ) &&
+		(*(unsigned char* )(target +11) == 0xff  ) &&
+		(*(unsigned char* )(target +12) == 0xe3  )
+	);
+#elif (OPAL_ASSEMBLY_ARCH == OPAL_POWERPC32 ) || (OPAL_ASSEMBLY_ARCH == OPAL_POWERPC64)
+    const unsigned int gr_max = 0xF; //11 is used in our patching code, but is the max 4 or 5 bits?
+    const unsigned int addr_max = 0xFFFF;
+    unsigned int  addis_base = addis( 0, 0, 0);
+    unsigned int  addis_mask = ~(addis_base  ^  addis( gr_max,      0,  addr_max));
+    unsigned int    ori_base =   ori( 0, 0, 0);
+    unsigned int    ori_mask = ~(  ori_base  ^    ori( gr_max, gr_max,  addr_max));
+    unsigned int  mtspr_base = mtspr( 9, 0);    // 9 = CTR
+    unsigned int  mtspr_mask = ~(mtspr_base  ^  mtspr( 9,      gr_max));
+    unsigned int  bcctr_base = bcctr(20, 0, 0); // 20 = always
+    unsigned int  bcctr_mask = ~(bcctr_base  ^  bcctr(20,           0,         0));
+#if (OPAL_ASSEMBLY_ARCH == OPAL_POWERPC32)
+
+    return (
+        ((*(unsigned int *) (target + 0 )) &  addis_mask) ==  addis_base &&
+        ((*(unsigned int *) (target + 4 )) &    ori_mask) ==    ori_base &&
+        ((*(unsigned int *) (target + 8 )) &  mtspr_mask) ==  mtspr_base &&
+        ((*(unsigned int *) (target + 12)) &  bcctr_mask) ==  bcctr_base
+    );
+#else
+    unsigned int rldicr_base = rldicr( 0, 0, 32, 31);
+    unsigned int rldicr_mask = ~(rldicr_base ^ rldicr( gr_max, gr_max, 32, 31));
+    unsigned int   oris_base =   oris( 0, 0, 0);
+    unsigned int   oris_mask = ~(oris_base ^     oris( gr_max, gr_max,  addr_max));
+
+    return (
+        ((*(unsigned int *) (target + 0 )) &  addis_mask) ==  addis_base &&
+        ((*(unsigned int *) (target + 4 )) &    ori_mask) ==    ori_base &&
+        ((*(unsigned int *) (target + 8 )) & rldicr_mask) == rldicr_base &&
+        ((*(unsigned int *) (target + 12)) &   oris_mask) ==   oris_base &&
+        ((*(unsigned int *) (target + 16)) &    ori_mask) ==    ori_base &&
+        ((*(unsigned int *) (target + 20)) &  mtspr_mask) ==  mtspr_base &&
+        ((*(unsigned int *) (target + 24)) &  bcctr_mask) ==  bcctr_base
+    );
+#endif
+#elif defined(__aarch64__)
+    uint32_t mov_mask=~((0xFFFF << 5) | 0x1F);
+    uint32_t br_mask=~(0x1F << 5);
+
+    return (
+        ((*(uint32_t *) (target +  0)) & mov_mask) == mov(0, 3, 0) &&
+        ((*(uint32_t *) (target +  4)) & mov_mask) == movk(0, 2, 0) &&
+        ((*(uint32_t *) (target +  8)) & mov_mask) == movk(0, 1, 0) &&
+        ((*(uint32_t *) (target + 12)) & mov_mask) == movk(0, 0, 0) &&
+        ((*(uint32_t *) (target + 16)) & br_mask) == br(0)
+    );
+#endif
+}
+
 static int mca_patcher_overwrite_patch_address(uintptr_t sys_addr, uintptr_t hook_addr)
 {
     mca_patcher_base_patch_t *patch;
@@ -268,7 +340,13 @@ static int mca_patcher_overwrite_patch_symbol(const char *func_symbol_name, uint
         *func_old_addr = 0;
     }
 
-    return mca_patcher_overwrite_patch_address(old_addr, func_new_addr);
+    if (mca_patcher_is_function_patched((unsigned char*)old_addr)) {
+        opal_output_verbose(10, 0, "function %s is already patched; stopping further patching\n",
+                func_symbol_name);
+        return OPAL_ERR_RESOURCE_BUSY;
+	} else {
+        return mca_patcher_overwrite_patch_address(old_addr, func_new_addr);
+	}
 }
 
 mca_patcher_base_module_t mca_patcher_overwrite_module = {
