Restructure kpatch's sysfs interface and mirror the sysfs tree after
livepatch's sysfs layout. With the current sysfs layout, we cannot
distinguish which object a function belongs to, and we cannot tell which
modules/objects are patched. Therefore, restructure the kpatch sysfs tree
such that module/object information is available. With the new layout, each
patched object has its own directory, with each function being a
subdirectory of its object.
Implement this by embedding a kobject struct within the kpatch_module,
kpatch_func, and kpatch_object structs and supplying their ktypes and
kobject release methods.
Before:
/sys/kernel/kpatch
└── patches
└── <patch_module>
├── checksum
├── enabled
└── functions
├── <function> # from <object1>
│ ├── new_addr
│ └── old_addr
├── <function> # from <object2>
│ ├── new_addr
│ └── old_addr
└─── <function> # from <object3>
├── new_addr
└── old_addr
After:
/sys/kernel/kpatch
└── <patch_module>
├── <object1>
│ └── <function,sympos>
│ ├── new_addr
│ └── old_addr
├── <object2>
│ └── <function,sympos>
│ ├── new_addr
│ └── old_addr
├── checksum
├── enabled
└── <object3>
└── <function,sympos>
├── new_addr
└── old_addr
If kpatch-test processes a single .patch file, it will skip creating a
COMBINED.patch.
Do the same on the testing side (instead of complaining that it "can't
find kpatch-COMBINED.ko, skipping.")
If kpatch-test looks for *.patch or *.test globs in a directory that
contains no such files, it will try to handle a single file named
"*.patch" or "*.test".
Set the global nullglob option to avoid this problem. At the same time,
stop and whine to the user if no .patch files were found.
Instead of building *.patch, allow the user to specify patch files on
the command line. For example:
kpatch-test --quick centos-7/cmdline-string.patch centos-7/data-new.patch
Update the top-level Makefile as well, so it can be similarly invoked:
PATCHES="centos-7/cmdline-string.patch centos-7/data-new.patch" make quick
If no patches are specified on the kpatch-test command line, then fall
back to the previous behavior of *.patch.
NOTE: If patches *are* specified, then only the .test files
corresponding to those patches will be executed. Provided patch paths
will also override any --directory value.
Move the integration tests Makefile up a directory level so that it can
be shared. Update the kpatch-test script to accept a patch-directory
argument and the multiple.test cases to handle this new arrangement.
Prepare for updating the integration tests and move into a standard path
(this should be easier for future automation).
The patch directory name(s) should be in the form ${ID}-${VERSION_ID}/
as defined by the target's /etc/os-release.
Create a "make remote" target and a poor man's ansible to allow setting
up a remote F22 system and running integration tests on it.
To run tests remotely:
make remote SSH_HOST=my.remote.f22.box
The integration tests are targeted for Fedora kernels, so move them to a
new f22 directory. The README file specifies the exact kernel version
they're targeted for.
The _rs variable is used for printk ratelimiting, similar to __warned,
which makes it a logical candidate to be "special": don't correlate it,
yet don't mark a function as changed just because it references it.
When patching a kernel module, if we can't find a needed dynrela symbol,
we currently assume it's exported. However, it's also possible that
it's provided by another .o in the patch module. Add support for that.
Fixes#445.
Currently unbundled section references are only replaced if the start of
the symbol is referenced. It's also useful to support replacement of
references which point to inside the symbol.
Improve the static local variable correlation logic, for the case where
a static local is used by multiple functions. For each usage of the
variable, look for a corresponding usage in the base object. If we find
at least one matching usage, consider it a twin.
Fixes an issue where attempting to call the shadow functions from a
module results in modpost failures:
ERROR: "kpatch_shadow_get" [net/mac80211/mac80211.ko] undefined!
ERROR: "kpatch_shadow_alloc" [net/mac80211/mac80211.ko] undefined!
LDFLAGS_MODULE is apparently not really needed.
The "descriptor" static local variables and their containing __verbose
section are used for dynamic debug printks. They should be considered
as special static local variable symbols because they have the same
requirements: they should never be correlated and they should only be
included if referenced by an included function.
Restore aio_max_nr to its original value when unloading.
Also move the location of the patch hunk to be not at the end of the
file. Otherwise we hit a weird combinediff bug which results in the
diff's context being removed.
The fixup_group_size() function assumes that all .fixup rela groups end
with a jmpq instruction. That assumption turns out to be false when you
take into account the ____kvm_handle_fault_on_reboot() macro which is
used by kvm.
This is a new, more reliable method. It turns out that each .fixup
group is referenced by the __ex_table section. The new algorithm goes
through the __ex_table relas to figure out the size of each .fixup
group.
Also the .fixup section is now processed before __ex_table, because it
needs to access the original __ex_table relas before the unused ones
have been stripped.
Fixes the following error:
ERROR: vmx.o: fixup_group_size: 1554: can't find jump instruction in .fixup section
Fix the mangled function strcmp so that it compares all of the string
except for the numbered parts. foo.isra.35 should match foo.isra.1, but
not foo.isra.35.part.36.
Fixes#352.
It's possible for a static local variable's data section to have
a relocation which refers to the variable symbol itself. Fix the logic
which searches for the user of a static local variable by only looking
in text sections (i.e. functions).
Fixes#411.
Add support for the __key and __warned "special" static local variables.
I'm calling them that for lack of a better term, analagous to the
kernel's special sections that we have to deal with.
__warned: Used by WARN_ONCE et al as an indicator as to whether a
message has already been printed. I think it makes sense (and is much
easier) to reset this counter for a given function when replacing the
function, since the user may expect the new function to warn again.
__key: Used by lockdep as an identifier for a given lock initialization
code path (see http://lwn.net/Articles/185666/ for more info). I think
it makes sense (and is much easier) to create a new key for a given
function when replacing the function, because the locking semantics may
have changed, so it makes sense for lockdep to use a new key to validate
the new locking behavior.
So for both __warned and __key static variables, the new version of the
variable should be used when referenced by an included function.
Made the following changes to support these special variables:
- Ignore their suffixes when comparing them in rela_equal, so that gcc
renaming them will not result in a function being marked as changed
just because it referenced a renamed static local
- Don't ever correlate them, so that their new versions will be included
if a changed or new function uses their corresponding symbols
Fixes#402.
This adds support for shadow variables, which allow you to add new
"shadow" fields to existing data structures.
To allow patches to call the shadow functions in the core module, I had
to add a funky hack to use --warn-unresolved-symbols when linking, which
allows the patched vmlinux to link with the missing symbols. I also
added greps to the log file to ensure that only unresolved symbols to
kpatch_shadow_* are allowed. We can remove this hack once the core
module gets moved into the kernel tree.
Fixes#314.
