The user's environment might have TEMPDIR exported. If so, then kpatch-build
dies with a bogus "invalid ancestor" error. If you turn those bogus errors into
warnings, then the script goes on to incorrectly put into the generated .ko file
every single function that was compiled in the *original* kernel build, thereby
producing an immense .ko file with more than 64k sections that the linux kernel
cannot load. This fix makes sure that TEMPDIR is unexported on the build of the
original kernel. Actually, this fix uses a separate KPATCH_GCC_TEMPDIR variable,
so that if the kernel build is interrupted, the cleanup function in the kpatch-kbuild
script will still have TEMPDIR set correctly.
Signed-off-by: Martin Carroll <martin.carroll@alcatel-lucent.com>
This fixes the detection of WARN_ON_ONCE, WARN_ONCE, and WARN_TAINT_ONCE
on Linux 4.6 and newer.
The signature for those macros changed with upstream Linux commit
dfbf2897d004 ("bug: set warn variable before calling WARN()").
Fixes#602.
Since is_bundleable() is only called once by kpatch_create_symbol_list(),
and no other kpatch-build tool will need to call this function, we can
simply make it static and local to kpatch-elf.c
Introduce a common kpatch elf api by moving all functions and struct
declarations related to manipulating kpatch_elf objects from
create-diff-object to kpatch-elf.{h,c}. Move logging macros to a separate
file log.h, and have kpatch-elf.h include it. These changes will generalize
the kpatch-elf and logging api and make it available to other kpatch-build
tools.
Including the .altinstr_replacement section by itself and without
.altinstructions doesn't make sense, as it only serves as a memory area to
hold replacement instructions to be copied over when alternatives are
applied. Don't include .altinstr_replacement unconditionally and only
include it when .altinstructions is also marked as included.
This was discovered when trying to patch a netfilter issue and resulted in the following issue:
https://github.com/dynup/kpatch/issues/599
This patch adds some documentation in case this situation is encountered in the future.
When building against a different kernel from the one that is currently
running, install the kernel module to a directory based on the version
of the target kernel rather than the currently running kernel.
Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
While the officially supported distributions all have
CONFIG_DEBUG_KERNEL enabled, this is not true for some other
distributions.
This option is necessary when kpatch-build retrieves the
SPECIAL_VARS using readelf command.
Signed-off-by: Quey-Liang Kao <s101062801@m101.nthu.edu.tw>
Upstream commit 568b329a "perf: generalize perf_callchain" modified the
return type (void -> int) of the address member of struct stacktrace_ops.
Use the void function if the kernel version is < 4.6 or return an int
otherwise.
When a patch module is loaded, the kernel facilities like alternatives
and paravirt may alter some of its instructions. This happens before
Kpatch core module is notified and tries to apply dynrelas to it. If an
instruction to apply a dynrela to has already been changed by these
facilities, an incorrect instruction might be written as a result.
The core module now detects such conditions and does not apply dynrela
to the changed instructions.
Suggested by Josh Poimboeuf in the discussion of
https://github.com/dynup/kpatch/issues/580.
Changes in v.2:
* Used pr_notice to give more emphasis to the messages.
* Added an explanation message.
Signed-off-by: Evgenii Shatokhin <eshatokhin@virtuozzo.com>
It may be convenient to be able to turn off the automatic loading of
the patches that kpatch.service does. This helps, for example, if a
buggy patch is installed and crashes the system at boot.
This commit allows to specify kpatch.enable=0 in the kernel command
line. In this case, the binary patches will not be loaded automatically,
and the users should be able to remove or replace the offending patches
after the system boots.
Signed-off-by: Evgenii Shatokhin <eshatokhin@virtuozzo.com>
kpatch-build currently requires Module.symvers for the Kpatch core
module unconditionally and fails if it is not found. This does not allow
using kpatch-build to prepare livepatch-based patches.
This patch fixes the problem.
Signed-off-by: Evgenii Shatokhin <eshatokhin@virtuozzo.com>
Process the patch name correctly that only concern the fuffix with
.patch or .diff. Otherwise if the patch name is not end with .patch
or .diff but has it as substring, the fuffix will be removed
unreasonably.
Signed-off-by: Li Bin <huawei.libin@huawei.com>
Commit 7523e4dc5057 upstream ("module: use a structure to encapsulate
layout") uses a new field to access module memory. Account for this change
and ensure backwards compatibility with kernel versions < 4.5
Support patching objects that have duplicated function names. This feature was
introduced upstream in Linux v4.5.
This patch appends the symbol position to the symbol structure when
lookup_local_symbol is called. This pos variable is then used when creating the
funcs and dynrelas sections. Finally, incorporate sympos into the livepatch
patch hook only if the kernel version is greater than v4.5. In other cases the
older format is used.
Fixes: #493
Signed-off-by: Chris J Arges <chris.j.arges@canonical.com>
In some cases when packaging it may not be useful to build kmod/core at
package build time (for example if using DKMS). Add a parameter 'BUILDMOD'
that when set to 'yes' will build kmod/core.
Signed-off-by: Chris J Arges <chris.j.arges@canonical.com>
Don't assume we are building for the current kernel. In addition print out
a proper package necessary for building the module.
Signed-off-by: Chris J Arges <chris.j.arges@canonical.com>
Some distributions prefer not to use /usr/libexec. To make things easier
for packaging, allow this directory to be set easily via environment
variables.
Signed-off-by: Chris J Arges <chris.j.arges@canonical.com>
The uncorrelation logic is incomplete. For bundled symbols, in addition
to uncorrelating the sections, it should also uncorrelate the section
symbols and any rela sections.
Similarly the correlation logic needs to correlate section symbols. (It
already correlates rela sections.)
If a kernel SRPM is used to get the kernel sources, the target kernel
version is determined from the name of the SRPM.
One cannot obtain the target kernel version this way if the source tree
is used instead of an SRPM, so let us extract that information from
vmlinux.
Signed-off-by: Evgenii Shatokhin <eshatokhin@odin.com>
