Commit Graph

725 Commits

Author SHA1 Message Date
Josh Poimboeuf
c6763e218f lookup: silence maybe-uninitialized warnings for -O2
When compiling with -O2, it fails with:

  gcc -MMD -MP -O2 -I../kmod/patch -Iinsn -Wall -g -Werror -c -o lookup.o lookup.c
  lookup.c: In function ‘lookup_open’:
  lookup.c:132:21: error: ‘file_sym’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
     table->local_syms = file_sym;
     ~~~~~~~~~~~~~~~~~~^~~~~~~~~~
  lookup.c:83:30: note: ‘file_sym’ was declared here
    struct object_symbol *sym, *file_sym;
                                ^~~~~~~~
  lookup.c:129:27: error: ‘child_sym’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
    if (in_file && !child_sym->name) {
                    ~~~~~~~~~^~~~~~
  lookup.c:85:27: note: ‘child_sym’ was declared here
    struct sym_compare_type *child_sym;
                             ^~~~~~~~~
  cc1: all warnings being treated as errors
  Makefile:17: recipe for target 'lookup.o' failed
  make[1]: *** [lookup.o] Error 1
  make[1]: Leaving directory '/home/jpoimboe/git/kpatch/kpatch-build'
  Makefile:14: recipe for target 'build-kpatch-build' failed
  make: *** [build-kpatch-build] Error 2

As far as I can tell, these are false positive warnings.  When in_file
is 1, file_sym and child_sym are properly initialized.  But silence the
warnings anyway so Gentoo users can build with -O2.

Fixes: #675
2017-06-05 11:11:55 -05:00
Jessica Yu
5a04c3395a Merge pull request #705 from vincentbernat/fix/ubuntu-get-source
kpatch-build: retrieve source package instead of linux-source
2017-05-18 20:23:21 -07:00
Vincent Bernat
998c794c7a create-diff-object: only check if kernel object starts with "vmlinux"
On Debian/Ubuntu, the `vmlinux` from `-dbg` package has a version number
appended to it. For example:
`/usr/lib/debug/boot/vmlinux-3.13.0-117-generic`. Make it work
nonetheless.
2017-05-18 08:18:14 +02:00
Vincent Bernat
0f717abf0c kpatch-build: retrieve source package instead of linux-source
On Ubuntu Trusty, HWE kernels don't come with a linux-source
package. Use dget to retrieve the source package instead. This is not
the case anymore with Xenial as the linux-source package is also
provided for the HWE kernels. For Debian, backports always come with the
linux-source package.
2017-05-17 23:24:32 +02:00
Josh Poimboeuf
2b39f7d8d8 elf: add .eh_frame* sections to debug section list
SUSE-based kernels have a DWARF unwinder, so they build with the gcc
'-fasynchronous-unwind-tables' flag, which adds .eh_frame and
.eh_frame_hdr sections.  Treat those sections like the other debug
sections.

Fixes: #703
2017-05-11 14:02:08 -05:00
Josh Poimboeuf
012ccece85 create-diff-object: don't create dynrelas for exported vmlinux symbols used by modules
Joe saw the following errors when loading Linux commit 128394eff343
("sg_write()/bsg_write() is not fit to be called under KERNEL_DS"):

  Skipped dynrela for copy_user_generic_unrolled (0xffffffffa0475942 <- 0xffffffff813211e0): the instruction has been changed already.
  Skipped dynrela for copy_user_generic_unrolled (0xffffffffa0475a57 <- 0xffffffff813211e0): the instruction has been changed already.

That is known issue #580, but it can be avoided by leaving
'copy_user_generic_unrolled' as a normal relocation instead of
converting it to a dynrela, because it's an exported symbol.

Also remove the manual check for '__fentry__' because it's covered by
the exported symbol check.

Also remove a duplicate comment about unexported global object symbols
being in another .o in the patch object.

Fixes #695.
2017-04-20 16:56:43 -05:00
Jessica Yu
f2b205b534 kpatch-build: fix small typo 2017-03-21 15:25:38 -07:00
Jessica Yu
759774eaa4 Merge pull request #687 from joe-lawrence/lib_exports
kpatch-gcc: update ignorelist to avoid foo/.lib_exports.o files
2017-03-10 10:00:32 -08:00
Joe Lawrence
d526805619 kpatch-gcc: update ignorelist to avoid foo/.lib_exports.o files
Upstream kernel commit 7f2084fa55e6 ("[kbuild] handle exports in lib-y
objects reliably") (v4.9+) added temporary dummy .lib_exports.o objects
to the kernel build.  As these ephemeral files don't contain any code,
update the kpatch-gcc glob pattern to ignore them.

(glob pattern suggested by flaming-toast)

Fixes #686.
2017-03-10 10:26:06 -05:00
Jessica Yu
2553653789 Merge pull request #682 from rosslagerwall/strip-ignored-symbols
create-diff-object: Strip kpatch_ignore_func_* symbols
2017-03-08 21:12:11 -08:00
Josh Poimboeuf
41b2364f66 Merge pull request #685 from jpoimboe/build-in-tree
kpatch-build: build the kernel in ~/.kpatch/src again
2017-03-08 07:41:03 -06:00
Josh Poimboeuf
1308787995 Merge pull request #684 from jpoimboe/find_local_syms-fix
lookup: skip discarded symbols in local symbol comparison
2017-03-07 12:38:15 -06:00
Ross Lagerwall
579ce0dfc6 create-diff-object: Strip *kpatch_ignore_*_* symbols
Strip kpatch_ignore_func_* and __UNIQUE_ID_kpatch_ignore_section_*
symbols to prevent the inclusion of .kpatch.ignore.functions and
.kpatch.ignore.sections. Mark the symbols as SAME, otherwise they are
considered NEW and are recursively included. This includes the
corresponding ignore sections and rela sections and may also create new,
unnecessary dynrelas.

Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
2017-03-07 15:01:06 +00:00
Josh Poimboeuf
23952b5ce0 lookup: minor lookup_open() cleanup
A couple of minor cleanups:

- move the `if (locals)` check to find_local_syms()

- remove the explicit initialization of `local_syms`, the entire struct
  was already previously cleared to zero.
2017-03-03 17:06:16 -06:00
Josh Poimboeuf
e1a2e4e6ad kpatch-build: make clean_cache() wipe out ~/.kpatch completely
When wiping out the ~/.kpatch cache before replacing it with a new
kernel source, there's no need to keep anything around.  Just wipe it
all out and start over.

Also, when building with the -s option, it doesn't need to touch
~/.kpatch/version or ~/.kpatch/src, so it can just skip the cleaning.
That keeps the previous cache around for the next incantation of
kpatch-build without '-s'.
2017-03-03 11:29:21 -06:00
Josh Poimboeuf
2e99d6b7a4 kpatch-build: build the kernel in ~/.kpatch/src again
Once upon a time, kpatch-build did the kernel build in three passes.
The extra pass was done without '-ffunction-sections -fdata-sections',
so it could produce the original vmlinux file.

At that time, there was no ~/.kpatch/obj directory.  The kernel was
built directly in ~/.kpatch/src.  Because the same directory was used
for both the original kernel build and the '-ffunction-sections
-fdata-sections' build, the entire tree had to be rebuilt twice for
every kpatch-build incantation, making it very slow.

That situation was improved with the following commit:

  5352d8b01a ("build objects in separate directory to fix caching")

That built the regular and special binaries in ~/.kpatch/obj and
~/.kpatch/obj2, respectively.

Since then we've simplified things so that it only does two build
passes: original and patched, both with '-ffunction-sections
-fdata-sections', and ~/.kpatch/obj2 was removed.  However,
~/.kpatch/obj still remained.  That's because we never had a reason to
change it, until now.

Recent commit aa2907df29 ("support dup file+symbol")
triggers a new warning:

  create-diff-object: ERROR: dynamic_debug.o: find_local_syms: 124: find_local_syms for dynamic_debug.c: found_none

This was actually a preexisting issue which that commit helped uncover.
The root issue is that dynamic_debug.c has some creative uses of the
`__FILE__` macro.  When building the kernel objects outside the source
tree, the macro results in a absolute path like:

  /home/jpoimboe/.kpatch/src/lib/dynamic_debug.c

But when building inside the source tree it's a relative path:

  lib/dynamic_debug.c

The Fedora kernel is built in-tree, and I would imagine most other
distros are also built that way.  So the way kpatch builds can result in
a slightly different 'original' object than the distro version, thanks
to the __FILE__ macro.

In this case, the order of the symbol table changed slightly between
vmlinux and the 'orig' object.  Presumably, the difference in string
lengths was enough to convince the compiler to shuffle things around a
bit.

So considering that bug, and the possibility of other mismatches, go
back to building the kernel in the source tree.
2017-03-03 11:29:21 -06:00
Josh Poimboeuf
4779b9c0d8 kpatch-build: make vim's syntax highlighting happy
For some reason, the backticks on this line confuse my editor's syntax
highlighter!  Make vim happy by using the other form of command
substition.

Also convert the function definition syntax to comply with the
kpatch-build coding guidelines ;-)
2017-03-03 11:29:21 -06:00
Josh Poimboeuf
85def82275 lookup: skip discarded symbols in local symbol comparison
A few symbols are discarded in the kernel linking phase, which means
they won't be in the lookup table.  Skip their comparison.

This fixes a bunch of warnings seen when building a patch which triggers
a tree-wide rebuild:

  create-diff-object: ERROR: aes_glue.o: find_local_syms: 112: find_local_syms for aes_glue.c: found_none
  create-diff-object: ERROR: aesni-intel_glue.o: find_local_syms: 112: find_local_syms for aesni-intel_glue.c: found_none
  create-diff-object: ERROR: init.o: find_local_syms: 112: find_local_syms for init.c: found_none
  create-diff-object: ERROR: iosf_mbi.o: find_local_syms: 112: find_local_syms for iosf_mbi.c: found_none
  create-diff-object: ERROR: setup.o: find_local_syms: 112: find_local_syms for setup.c: found_none
  ...

After this patch, there's still one warning remaining:

  create-diff-object: ERROR: dynamic_debug.o: find_local_syms: 133: find_local_syms for dynamic_debug.c: found_none

That one has a completely different cause, which I'll fix in another
pull request (coming soon).

Fixes: #676
2017-03-03 09:10:15 -06:00
Ross Lagerwall
09ef2457cd create-diff-object: Mark correlated static local variables the SAME initially
Normal correlated symbols are marked the SAME initially but static local
variables are correlated in a separate function. Also mark these the
SAME.

This fixes an issue where patching a function which called printk_once
(which uses a static local variable) would fail to build because the
static local variable was considered new and thus introduced a new data
member into .data..read_mostly which is not allowed to change.

Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
2017-02-28 17:44:28 +00:00
Josh Poimboeuf
fd911ab66c Merge pull request #669 from joe-lawrence/debug_atomic_sleep
detect and ignore __might_sleep line number changes
2017-02-23 16:44:01 -06:00
Josh Poimboeuf
51f1f51f87 lookup: rename find_local_syms() variables
Rename a couple of the variables in find_local_syms() to better reflect
their purpose.  The passed in 'locals' are from the childobj (e.g.
foo.o) rather than the parent (e.g. vmlinux).
2017-02-15 15:18:02 -06:00
Joe Lawrence
99f7792fdc detect and ignore might_sleep line number changes
When CONFIG_DEBUG_ATOMIC_SLEEP is enabled, might_sleep calls will add
the line number to the instruction stream.  Detect and ignore any such
changes.

Fixes: #657.
2017-02-14 16:34:48 -05:00
Joe Lawrence
337965ad71 kpatch-build: consider CONFIG_PARAVIRT optional
CONFIG_PARAVIRT is not required for building kpatch patch modules.  The
sizeof paravirt_patch_site struct was only needed to create
.parainstructions sections as part of create-diff-object.  As long as
the original objects were built without such sections then
this kernel option (and struct handling) can be considered optional.
2017-02-09 10:14:34 -05:00
Joe Lawrence
3b2c372d81 kpatch-build: CONFIG_DEBUG_INFO_SPLIT is unsupported
The CONFIG_DEBUG_INFO_SPLIT kernel .config option places debug
information into separate .dwo files.  As no known distribution is
currently shipping .dwo in their debuginfo packages, leave it as
unsupported for now.
2017-02-09 10:14:34 -05:00
Joe Lawrence
7800064bde kpatch-build: handle out of order special section data
When building a kernel with CONFIG_DEBUG_INFO_REDUCED, it was observed
that subsequent readelf -wi output may not always display structure size
information first.  The affects the kpatch-build awk script that needs
to consider readelf output like the following:

 <1><26393>: Abbrev Number: 12 (DW_TAG_structure_type)
    <26394>   DW_AT_name        : (indirect string, offset: 0x914f): alt_instr
    <26398>   DW_AT_declaration : 12
 ...

 <1><169d1b>: Abbrev Number: 13 (DW_TAG_structure_type)
    <169d1c>   DW_AT_name        : (indirect string, offset: 0x914f): alt_instr
    <169d20>   DW_AT_byte_size   : 13

Therefore the awk state machine should reset if it doesn't encounter
"DW_AT_byte_size" after given structure name match.

Fixes: #668.
2017-02-09 10:14:34 -05:00
Joe Lawrence
bcd1ee3324 kpatch-build: support older gawk regex
Support for gawk '\s' (whitespace) GNU Regexp Operator was added
somewhere between gawk 3 and 4 (RHEL6 and RHEL7).  Use the [[:space:]]
bracket expression to support older releases of gawk.
2017-02-09 10:14:34 -05:00
Zhou Chengming
aa2907df29 support dup file+symbol
We use kelf_base->symbols to find a unique matching FILE+locals combination
when we call lookup_open(). If we can't find one matching or we find more
than one matching, we error out.

If we find a unique one, we setup table->local_syms in lookup_open(),
so later lookup_local_symbol() could do its lookup based on table->local_syms.

Fixes #604.

Suggested-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Zhou Chengming <zhouchengming1@huawei.com>
2017-02-04 09:37:18 +08:00
Jessica Yu
8e1aef2893 Merge pull request #659 from joe-lawrence/4.9-unwinder
RFC - 4.9 unwinder
2017-01-30 09:57:04 -08:00
Josh Poimboeuf
ab5e1290bb lookup: use log.h version of ERROR macro
Use the log.h version of the ERROR macro so the childobj gets printed.
2017-01-25 10:03:23 -06:00
Joe Lawrence
56708b43d3 kpatch-build: skip initramfs_data.o
ERROR: initramfs_data.o: 2 unsupported section change(s)
initramfs_data.o: changed section .init.ramfs not selected for inclusion
initramfs_data.o: changed section .init.ramfs.info not selected for inclusion
/usr/local/libexec/kpatch/create-diff-object: unreconcilable difference
cmdline.o: changed function: cmdline_proc_show
ERROR: 1 error(s) encountered. Check /root/.kpatch/build.log for more details.
2017-01-24 13:32:29 -05:00
Josh Poimboeuf
44b03dec65 Merge pull request #607 from flaming-toast/4.7-changes
4.7 changes (WIP)
2017-01-24 09:11:46 -06:00
Jessica Yu
b0f5ded2b0 kpatch-intermediate.h: fix comments 2017-01-23 22:42:25 -08:00
Jessica Yu
43f8683cd7 kpatch-build: rename kpatch-tmp.ko to tmp.ko
Rename kpatch-tmp.ko to tmp.ko, since create-klp-module will run into
issues if we happen to have a patch named tmp.patch
2017-01-23 22:39:05 -08:00
Josh Poimboeuf
ac899455ab create-diff-object: convert global symbols to local
As reported in PR #658, when patching an exported function which is used
by the patch module init code, the init code will incorrectly link to
the patched version of the function and will call the patched function
before its relocations have been applied.

For example, when patching __kmalloc(), I see:

  # insmod kpatch-kmalloc.ko
  kpatch_kmalloc: module is marked as livepatch module, but livepatch support is disabled
  kernel tried to execute NX-protected page - exploit attempt? (uid: 0)
  BUG: unable to handle kernel paging request at ffffc90001d03c58
  IP: 0xffffc90001d03c58
  PGD 7c8b4067
  PUD 7c8b5067
  PMD 755f7067
  PTE 800000007ad03163
  Oops: 0011 [#1] PREEMPT SMP
  Modules linked in: kpatch_kmalloc(OE+) kpatch(OE) ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack cfg80211 rfkill ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security ip6table_raw ip6table_filter ip6_tables iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_security iptable_raw snd_hda_codec_generic ppdev crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel snd_hda_intel virtio_balloon snd_hda_codec snd_hwdep serio_raw virtio_console snd_hda_core parport_pc parport snd_pcm virtio_net snd_timer snd i2c_piix4 soundcore virtio_blk qxl drm_kms_helper ttm drm virtio_pci virtio_ring virtio ata_generic pata_acpi
  CPU: 1 PID: 1042 Comm: insmod Tainted: G           OE   4.10.0-rc5 #1
  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.1-1.fc24 04/01/2014
  task: ffff88007560d480 task.stack: ffffc90001d00000
  RIP: 0010:0xffffc90001d03c58
  RSP: 0018:ffffc90001d03c50 EFLAGS: 00010286
  RAX: 0000000000000004 RBX: 0000000000000008 RCX: 0000000000000000
  RDX: 0000000000000000 RSI: 00000000014080c0 RDI: 0000000000000008
  RBP: ffff88007ad00058 R08: 0000000000000001 R09: 0000000000000001
  R10: 0000000000000000 R11: 0000000000000001 R12: 00000000fffffff4
  R13: ffffffffa0394ef0 R14: 0000000000000000 R15: ffffc90001d03ea8
  FS:  00007f9689d74700(0000) GS:ffff88007d000000(0000) knlGS:0000000000000000
  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  CR2: ffffc90001d03c58 CR3: 000000007af1d000 CR4: 00000000001406e0
  Call Trace:
   ? kzalloc.constprop.6+0xe/0x10 [kpatch_kmalloc]
   ? patch_init+0xa6/0x1000 [kpatch_kmalloc]
   ? 0xffffffffa0399000
   ? do_one_initcall+0x52/0x1b0
   ? do_init_module+0x27/0x1fa
   ? rcu_read_lock_sched_held+0x4a/0x80
   ? kmem_cache_alloc_trace+0x28a/0x2f0
   ? do_init_module+0x5f/0x1fa
   ? load_module+0x2446/0x2b90
   ? __symbol_put+0x90/0x90
   ? vfs_read+0x137/0x180
   ? SYSC_finit_module+0xdf/0x110
   ? SyS_finit_module+0xe/0x10
   ? entry_SYSCALL_64_fastpath+0x1f/0xc2
  Code: c9 ff ff 10 00 00 00 00 00 00 00 86 02 01 00 00 00 00 00 50 3c d0 01 00 c9 ff ff 18 00 00 00 00 00 00 00 b4 33 39 a0 ff ff ff ff <a0> 3c d0 01 00 c9 ff ff a6 90 39 a0 ff ff ff ff 00 00 00 00 00
  RIP: 0xffffc90001d03c58 RSP: ffffc90001d03c50
  CR2: ffffc90001d03c58
2017-01-23 15:50:13 -06:00
Jessica Yu
b1cdc83d57 kpatch-build: build dynrelas or klp relas depending on kernel version
Introduce a second phase in the kpatch-build process that creates kpatch
modules or livepatch modules that use the new klp rela sections depending on
the kernel version being worked on. This change uses the two new programs to
either create a patch module that uses dynrelas (create-kpatch-module) or a
patch module that uses klp rela and arch sections + klp symbols marked with the
correct Elf flags (create-klp-module).

For klp patch modules, the --unique flag for ld is needed to prevent
.parainstructions and .altinstructions sections from different objects
from being merged, as arch_klp_init_object_loaded() applies these sections
per-object.
2017-01-23 12:43:43 -08:00
Jessica Yu
0cc693ba36 create-kpatch-module: add new program that creates kpatch modules
Add new program create-kpatch-module, that, given an intermediate object
outputted by create-diff-object, outputs an object (.o) that contains the
.kpatch.dynrelas section required by kpatch.
2017-01-23 12:43:34 -08:00
Jessica Yu
09d2af5cb4 create-klp-module: add new program that creates patch modules that have klp elements
Add a new program, create-klp-module, that, given a built module (.ko),
will create a patch module with klp rela sections, klp arch sections, and
klp symbols.
2017-01-23 12:43:31 -08:00
Jessica Yu
900d28fe75 kpatch-elf: add find_rela_by_offset()
Add find_rela_by_offset(), which, given a relocation section and offset,
will return the rela struct with the matching offset.
2017-01-23 12:43:27 -08:00
Jessica Yu
42902d0fcc create-diff-object: create intermediate .kpatch.arch section
In addition to .kpatch.relocations and .kpatch.symbols, have
create-diff-object create an .kpatch.arch section. This section can be used
to create .klp.arch. sections that are required for klp modules built for
versions >= 4.9. Each entry in the .kpatch.arch section represents an
arch-specific section (.altinstructions or .parainstructions) and contains
a pointer to the arch-specific section itself (see kpatch_arch struct
member 'sec') and a pointer to the objname string (see kpatch_arch struct
member 'objname'). This is enough information to be able to build
.klp.arch. sections in a later phase of kpatch-build.
2017-01-23 12:43:24 -08:00
Jessica Yu
87643703a7 create-diff-object: create .kpatch.relocations and .kpatch.symbols sections
Instead of creating dynrela sections, have create-diff-object create
intermediate sections .kpatch.relocations and .kpatch.symbols which can
then be used to build (depending on kernel version) either dynrela sections
or klp rela/klp arch sections + klp symbols in a later phase of kpatch-build.
2017-01-23 12:43:17 -08:00
Jessica Yu
58de46cb9e lookup: parse Module.symvers in lookup_open()
Have lookup_open() also parse Module.symvers and add the resulting symbols
and their objnames to the lookup table. This code was essentially
cherry-picked from Josh Poimboeuf's lookup code found here:

  8cdca59c88

That patch was modified to fix a bug in obj_read() (calling elf_end()
without strdup'ing the symbol name strings, which was causing null
dereferences) and to fix up the module name after reading it from
Module.symvers (replacing '-' with '_' and stripping the path prefixes).

Also, add lookup_exported_symbol_objname(), which looks up the objname of
an exported symbol by making use of the objname information obtained from
Module.symvers.
2017-01-23 12:43:12 -08:00
Jessica Yu
b6a15f3dd6 create-diff-object: rename 'name' variable to 'objname'
'name' isn't very descriptive, rename it to 'objname' to avoid confusion
2017-01-23 12:43:09 -08:00
Jessica Yu
52e2ad66ca kpatch-elf: add kpatch_remove_and_free_section()
Add kpatch_remove_and_free_section(), which, given a section name,
removes and frees all matching sections from the passed in kpatch_elf.
2017-01-23 12:43:05 -08:00
Jessica Yu
dac26b8cb2 kpatch-elf: for rela sections, find base section by index rather than name
If there exist multiple sections with the same name (which can happen when
using the --unique option with ld, which will be used to keep multiple
(per-object) .parainstructions and .altinstructions sections separate),
find_section_by_name() will only return the first section name match, which
leads to incorrect base section assignments for rela sections. Fix this by
using the sh_info field of the rela section to find its base section
instead, which contains the index of the section to which the relocation
applies.
2017-01-23 12:43:00 -08:00
Jessica Yu
a3108de96a kpatch-elf: fix null dereference when sym->sec is NULL
Make sure sym->sec is not NULL before checking for its rela section
(sym->sec->rela). This fixes a case where an object may have STT_FUNC
symbols whose the sections (sym->sec) were not selected for inclusion (or
are located in another object) and hence these symbols do not have sym->sec
set. This corner case only recently popped up after reusing kpatch_elf_open()
on objects that have been outputted by create-diff-object (and these
objects only contain the necessary sections needed for the patch module).

This will also automatically exclude livepatch symbols from the check,
because they do not have sections associated with them (i.e., sym->sec is
NULL). We do not have to check for fentry calls for klp (SHN_LIVEPATCH)
symbols, because [1] they do not have sections associated with them, [2]
they are not the target functions to be patched, and [3] they are
technically just placeholder symbols for symbol resolution in livepatch.
2017-01-23 12:42:56 -08:00
Jessica Yu
91909e9273 kpatch-elf: ensure SHN_LIVEPATCH syms don't get set to SHN_UNDEF when reindexing elements 2017-01-23 12:42:52 -08:00
Jessica Yu
2c3c44fec2 kpatch-elf: add kpatch_reindex_elements() and kpatch_rebuild_rela_section_data()
Move functions kpatch_reindex_elements() and kpatch_rebuild_rela_section_data()
from create-diff-object.c to kpatch-elf.c. These functions will be used
to rebuild kpatch elf data in create-klp-module and create-kpatch-module,
i.e. during the second "phase" of kpatch-build.
2017-01-23 12:42:47 -08:00
Jessica Yu
6e43062409 kpatch-elf: add livepatch related Elf constants 2017-01-23 12:42:42 -08:00
Jessica Yu
3d6ea904e8 log: include error.h
Usage of error() requires error.h
2017-01-23 12:42:35 -08:00
Josh Poimboeuf
bc76e64b8b Merge pull request #649 from kamalesh-babulal/ubuntu_bug_fix
kpatch-build: Add UTS_UBUNTU_RELEASE_ABI tag for non-stock kernel
2017-01-16 08:58:57 -06:00
Kamalesh Babulal
825cddcc45 kpatch-build: Add UTS_UBUNTU_RELEASE_ABI tag for non-stock kernel
commit eb55adc52d ("use livepatch 4.5 features in Ubuntu Xenial
kernel") will trigger following build failure, while building stock
kernel on Ubuntu:
make[2]: Entering directory '/root/.kpatch/obj'
  CC [M]  /root/.kpatch/tmp/patch/patch-hook.o
In file included from
/root/.kpatch/tmp/patch/livepatch-patch-hook.c:28:0,
                 from /root/.kpatch/tmp/patch/patch-hook.c:21:
/root/.kpatch/tmp/patch/livepatch-patch-hook.c: In functionpatch_ini:
/root/linux-4.8.15/include/generated/utsrelease.h:2:32: error: too many
decimal points in number
 #define UTS_UBUNTU_RELEASE_ABI 4.8.15
                                ^
/root/.kpatch/tmp/patch/livepatch-patch-hook.c:252:7: note: in expansion
of macro UTS_UBUNTU_RELEASE_ABI
       UTS_UBUNTU_RELEASE_ABI >= 7 ) \
       ^
Stock kernel version string might differ from the ubuntu kernel
versioning format. This patch sets UBUNTU_KERNEL flag, when kpatch
module is being build for ubuntu distro kernel and check for this
flag before echoing UTS_UBUNTU_RELEASE_ABI tag.

Signed-off-by: Kamalesh Babulal <kamalesh@linux.vnet.ibm.com>
Cc: Chris J Arges <christopherarges@gmail.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
2017-01-13 10:18:45 +05:30
Jessica Yu
11396a5943 Merge pull request #646 from joe-lawrence/sparse_smatch_2
Sparse smatch round 2
2017-01-12 17:27:00 -08:00
Joe Lawrence
7a855df172 sparse: use "NULL" for NULL pointers
Fixes sparse complaints:

  create-diff-object.c:2302:24: warning: Using plain integer as NULL pointer
  create-diff-object.c:2303:11: warning: Using plain integer as NULL pointer
  create-diff-object.c:2334:59: warning: Using plain integer as NULL pointer
  create-diff-object.c:2347:43: warning: Using plain integer as NULL pointer
2017-01-12 15:38:25 -05:00
Joe Lawrence
0193dd51bd sparse: make local symbols static
Fixes many sparse warnings like:

  warning: symbol 'foo' was not declared. Should it be static?
2017-01-12 15:38:21 -05:00
Jessica Yu
5046cc9243 Merge pull request #644 from jpoimboe/no-seg-fault
create-diff-object: print error message instead of seg faulting
2016-12-20 11:55:27 -08:00
Jessica Yu
f6918090ff Merge pull request #645 from jpoimboe/kpatch-build-debug
kpatch-build: reduce the debug firehose
2016-12-20 10:42:06 -08:00
Josh Poimboeuf
d3d8a603e2 kpatch-build: reduce the debug firehose
When passing '-d' to kpatch-build, it prints out some useful information
and keeps the related files around in ~/.kpatch/tmp.  However, it also
passes '-d' to create-diff-object, which spits out way too much
information, drowning out all the other useful messages printed by
kpatch-build.

In my experience, the create-diff-object debug info is overkill for
debugging most issues, so disable it.  The flag can still be used when
running create-diff-object manually.
2016-12-19 17:36:06 -06:00
Josh Poimboeuf
79fd538f51 create-diff-object: print error message instead of seg faulting
Related to issue #629, print a useful error message at the time of the
original error condition instead of seg faulting later.
2016-12-19 17:29:57 -06:00
Josh Poimboeuf
bfc24c745d create-diff-object: support gcc 6 per-function string tables
With older versions of gcc, string tables were stored in a few
.rodata.str1.* sections:

  # eu-readelf -S patched/fs/proc/meminfo.o |grep rodata
  [ 6] .rodata.str1.1       PROGBITS     0000000000000000 0000005c 00000008  1 AMS    0   0  1
  [11] .rodata.str1.8       PROGBITS     0000000000000000 000000a0 00000364  1 AMS    0   0  8
  [16] .rodata.meminfo_proc_fops PROGBITS     0000000000000000 000009c0 000000d8  0 A      0   0 32
  [17] .rela.rodata.meminfo_proc_fops RELA         0000000000000000 00017a58 00000060 24 I     35  16  8

With gcc 6, there can now be per-function string tables:

  # eu-readelf -S patched/kernel/fork.o |grep rodata
  [10] .rodata.trace_raw_output_task_newtask.str1.8 PROGBITS     0000000000000000 00000208 00000032  1 AMS    0   0  8
  [13] .rodata.trace_raw_output_task_rename.str1.8 PROGBITS     0000000000000000 000002b0 00000030  1 AMS    0   0  8
  [24] .rodata.mm_init.str1.1 PROGBITS     0000000000000000 0000094b 0000000e  1 AMS    0   0  1
  [29] .rodata.sighand_ctor.str1.1 PROGBITS     0000000000000000 00000ba1 00000017  1 AMS    0   0  1
  [32] .rodata.str1.1       PROGBITS     0000000000000000 00000bec 000001d9  1 AMS    0   0  1
  [33] .rodata.__mmdrop.str1.8 PROGBITS     0000000000000000 00000dc8 000000c4  1 AMS    0   0  8
  [82] .rodata.copy_process.part.30.str1.8 PROGBITS     0000000000000000 000019e0 00000098  1 AMS    0   0  8
  [83] .rodata.copy_process.part.30.str1.1 PROGBITS     0000000000000000 00001a78 0000003f  1 AMS    0   0  1
  [92] .rodata._do_fork.str1.1 PROGBITS     0000000000000000 0000372e 00000009  1 AMS    0   0  1
  [173] .init.rodata         PROGBITS     0000000000000000 00004a18 00000011  0 A      0   0  1
  [202] .rodata.str__task__trace_system_name PROGBITS     0000000000000000 00004df0 00000005  0 A      0   0  1

Fixes: #628
2016-12-19 12:01:30 -06:00
Igor Redko
8f237b1e7d kpatch-build: make patches for debug kernels too
GCC with KASAN instrumentation creates section ".rodata" with some static strings (i.e. some of them go to ".rodata.str1.1" for release build).
This change makes possible to build patch and check if it fixes issue found with KASAN, such as CVE-2016-9555.
2016-12-19 14:27:43 +03:00
Jessica Yu
e9fc979712 Merge pull request #637 from arges/636
kpatch and patch module builds fail on Ubuntu 16.04 #636
2016-12-16 10:55:45 -08:00
Chris J Arges
254e8bbe8d kpatch-build: Add UTS_UBUNTU_RELEASE_ABI symbol for utsrelease.h
The UTS_UBUNTU_RELEASE_ABI symbol is in utsrelease.h as installed by
linux-headers-`uname -r`. However when building a module with kpatch-build
utsrelease.h gets regenerated and doesn't include the ABI variable. This
patch just adds the additional define based on the input ARCHVERSION.
2016-12-16 07:05:15 -06:00
Josh Poimboeuf
20871391d9 create-diff-object: better error message for dup file+symbol
Give a slightly better error message for the dup file+symbol issue.
It's still cryptic but it's good enough to at least give us kpatch
developers a better idea about what went wrong.  This would have helped
diagnose issue #633 much more quickly.
2016-12-14 15:05:55 -06:00
Jessica Yu
f9cfd80718 Merge pull request #630 from jpoimboe/LDFLAGS_vmlinux
kpatch-build: fix 'undefined reference to kpatch_shadow_*' errors
2016-12-11 23:37:21 -08:00
Jessica Yu
a963ee76ee Merge pull request #631 from jpoimboe/treewide-rebuild-fixes
kpatch-build: fix tree-wide rebuild
2016-12-09 16:17:15 -08:00
Josh Poimboeuf
1fc364ee75 kpatch-build: fix tree-wide rebuild on RHEL 7
On RHEL 7 based kernels, copy_user_64.o misuses the .fixup section by
placing a normal function in it.  That confuses create-diff-object.

Work around it by just skipping the file altogether, which is fine to do
because it's an assembly file which should never change anyway.

Fixes #625.
2016-12-06 21:54:05 -06:00
Josh Poimboeuf
5f5fd136bb kpatch-build: fix tree-wide rebuild
For newer kernels, some new objects have been added to the 'head-y'
build target.  These objects aren't directly traceable to vmlinux so
they have to be added manually.

Fixes #626.
2016-12-05 21:13:15 -06:00
Josh Poimboeuf
1330b4a3e5 kpatch-build: fix 'undefined reference to kpatch_shadow_*' errors
When building the patched version of the kernel, vmlinux has to be
linked with the '--warn-unresolved-symbols' linker flag.  Otherwise the
link will fail if the patch uses kpatch-specific symbols like
kpatch_shadow_alloc() and friends.

As of upstream Linux commit b36fad65d61f ("kbuild: Initialize exported
variables"), LDFLAGS_vmlinux= no longer works from the command line,
resulting in '--warn-unresolved-symbols' no longer getting set.

Instead we can use kpatch-gcc to pass the flag to the linker.

Fixes #627.
2016-12-05 20:22:11 -06:00
Jessica Yu
dc3ef4d6da Merge pull request #616 from rosslagerwall/extable-addend
create-diff-object: Update fixup offsets in .rela__ex_table
2016-11-24 20:04:46 -08:00
Ross Lagerwall
13d61012f9 create-diff-object: Update fixup offsets in .rela__ex_table
When pruning entries from the fixup table, update the offsets in
.rela__ex_table otherwise the relas might point to the wrong fixup entry
or even out of the .fixup section.

Fixes #615.

Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
2016-11-24 09:15:48 +00:00
Jessica Yu
de63a856c0 kpatch-build: refresh git index during cleanup if $SRCDIR was a git repository
If $SRCDIR was a git repo, we leave the repo with a dirty index even after
reversing the patch during cleanup. This gets picked up by
scripts/setlocalversion and consequently subsequent kpatch-builds using the
same $SRCDIR end up with a '+' sign appended to the version string. Fix
this by properly refreshing the index during cleanup.
2016-11-16 02:03:25 -08:00
Josh Poimboeuf
d200d40569 kpatch-build: remove ~/.kpatch/src/.git dir on Fedora
Source RPMs for recent Fedora kernels have a '.git' subdirectory, which
causes '+' to be appended to the module version magic, causing the
module to fail to load:

  kpatch_readdir: version magic '4.8.6-201.fc24.x86_64+ SMP mod_unload ' should be '4.8.6-201.fc24.x86_64 SMP mod_unload '
2016-11-10 16:50:11 -06:00
Joe Lawrence
86ba41ee06 Add kpatch-build --skip-cleanup option
Add a switch to kpatch-build that provides an opt-out to the cleanup
portion of the script.  This can be handy when debugging $TEMPDIR or
$RPMTOPDIR contents, as well as inspecting the patched source code
itself.
2016-09-29 16:30:38 -04:00
Martin Carroll
145d1289dc kpatch-build: do not assume that TEMPDIR is unexported on entry to script
The user's environment might have TEMPDIR exported.  If so, then kpatch-build
dies with a bogus "invalid ancestor" error. If you turn those bogus errors into
warnings, then the script goes on to incorrectly put into the generated .ko file
every single function that was compiled in the *original* kernel build, thereby
producing an immense .ko file with more than 64k sections that the linux kernel
cannot load.  This fix makes sure that TEMPDIR is unexported on the build of the
original kernel.  Actually, this fix uses a separate KPATCH_GCC_TEMPDIR variable,
so that if the kernel build is interrupted, the cleanup function in the kpatch-kbuild
script will still have TEMPDIR set correctly.

Signed-off-by: Martin Carroll <martin.carroll@alcatel-lucent.com>
2016-07-25 11:02:37 -04:00
Josh Poimboeuf
6b03bc8ec0 create-diff-object: fix WARN*_ONCE detection on newer kernels
This fixes the detection of WARN_ON_ONCE, WARN_ONCE, and WARN_TAINT_ONCE
on Linux 4.6 and newer.

The signature for those macros changed with upstream Linux commit
dfbf2897d004 ("bug: set warn variable before calling WARN()").

Fixes #602.
2016-07-13 16:53:02 -05:00
Jessica Yu
a343edcff0 kpatch-elf: make is_bundleable() a static function
Since is_bundleable() is only called once by kpatch_create_symbol_list(),
and no other kpatch-build tool will need to call this function, we can
simply make it static and local to kpatch-elf.c
2016-07-12 14:45:18 -07:00
Jessica Yu
adcd4581cc kpatch-elf: introduce a common kpatch-elf and logging interface
Introduce a common kpatch elf api by moving all functions and struct
declarations related to manipulating kpatch_elf objects from
create-diff-object to kpatch-elf.{h,c}. Move logging macros to a separate
file log.h, and have kpatch-elf.h include it. These changes will generalize
the kpatch-elf and logging api and make it available to other kpatch-build
tools.
2016-07-12 14:45:16 -07:00
Jessica Yu
cfe9aff51e create-diff-object: include .altinstr_replacement if .altinstructions is included
Including the .altinstr_replacement section by itself and without
.altinstructions doesn't make sense, as it only serves as a memory area to
hold replacement instructions to be copied over when alternatives are
applied. Don't include .altinstr_replacement unconditionally and only
include it when .altinstructions is also marked as included.
2016-07-01 12:33:28 -07:00
Quey-Liang Kao
f4686ee7df kpatch-build: Add "CONFIG_DEBUG_KERNEL" kernel config checking
While the officially supported distributions all have
CONFIG_DEBUG_KERNEL enabled, this is not true for some other
distributions.
This option is necessary when kpatch-build retrieves the
SPECIAL_VARS using readelf command.

Signed-off-by: Quey-Liang Kao <s101062801@m101.nthu.edu.tw>
2016-05-03 04:49:30 +08:00
Evgenii Shatokhin
6a76da9236 kpatch-build: fix building of livepatch-based patches
kpatch-build currently requires Module.symvers for the Kpatch core
module unconditionally and fails if it is not found. This does not allow
using kpatch-build to prepare livepatch-based patches.

This patch fixes the problem.

Signed-off-by: Evgenii Shatokhin <eshatokhin@virtuozzo.com>
2016-03-22 16:14:07 +03:00
Jessica Yu
f80c2cf47e Merge pull request #582 from libin2015/process-the-patch-name
kpatch-build: process the patch name correctly
2016-03-01 15:30:36 -08:00
Li Bin
441ab87643 kpatch-build: process the patch name correctly
Process the patch name correctly that only concern the fuffix with
.patch or .diff. Otherwise if the patch name is not end with .patch
or .diff but has it as substring, the fuffix will be removed
unreasonably.

Signed-off-by: Li Bin <huawei.libin@huawei.com>
2016-02-27 11:24:27 +08:00
Chris J Arges
b64ab2b5e4 livepatch-patch-hook: add support for livepatch sympos
Support patching objects that have duplicated function names. This feature was
introduced upstream in Linux v4.5.

This patch appends the symbol position to the symbol structure when
lookup_local_symbol is called. This pos variable is then used when creating the
funcs and dynrelas sections. Finally, incorporate sympos into the livepatch
patch hook only if the kernel version is greater than v4.5. In other cases the
older format is used.

Fixes: #493

Signed-off-by: Chris J Arges <chris.j.arges@canonical.com>
2016-02-16 10:31:44 -06:00
Chris J Arges
053622b902 kpatch-build: allow external LDFLAGS
When building binaries such as create-diff-object it would be useful
to be able to pass LDFLAGS when running make from the command line.
2016-01-11 14:26:50 -06:00
Seth Jennings
b60d3acddb Merge pull request #560 from euspectre/get-kernel-version
Get kernel version from vmlinux if the kernel source tree is used
2015-11-18 15:28:42 -06:00
Seth Jennings
b781c0a843 Merge pull request #564 from jpoimboe/more-static-fixes
create-diff-object: static local uncorrelation/correlation fixes
2015-11-18 15:15:27 -06:00
Josh Poimboeuf
02d3c193ed create-diff-object: static local uncorrelation/correlation fixes
The uncorrelation logic is incomplete.  For bundled symbols, in addition
to uncorrelating the sections, it should also uncorrelate the section
symbols and any rela sections.

Similarly the correlation logic needs to correlate section symbols.  (It
already correlates rela sections.)
2015-11-18 14:56:02 -06:00
Josh Poimboeuf
707435ec62 Revert "kpatch-build: fix gcc_version_check"
This reverts commit 9fedd0d283.
2015-11-18 14:44:45 -06:00
Josh Poimboeuf
7b48c4ce12 Revert "kpatch-build: fix gcc_version_check: both "GNU" and "GCC" are possible"
This reverts commit 5737028667.
2015-11-18 14:44:26 -06:00
Josh Poimboeuf
f4b5eded0c Merge pull request #561 from euspectre/gcc-gnu-fix
kpatch-build: fix gcc_version_check: both "GNU" and "GCC" are possible
2015-11-18 10:28:18 -06:00
Josh Poimboeuf
129fb4a22b Merge pull request #551 from libin2015/reduce-dependency-on-bash-version
kpatch-build: reduce dependency on bash version >4.0
2015-11-17 08:35:52 -06:00
Evgenii Shatokhin
e169d82192 kpatch-build: get kernel version from vmlinux if source tree is used
If a kernel SRPM is used to get the kernel sources, the target kernel
version is determined from the name of the SRPM.

One cannot obtain the target kernel version this way if the source tree
is used instead of an SRPM, so let us extract that information from
vmlinux.

Signed-off-by: Evgenii Shatokhin <eshatokhin@odin.com>
2015-11-17 16:41:16 +03:00
Evgenii Shatokhin
5737028667 kpatch-build: fix gcc_version_check: both "GNU" and "GCC" are possible
This fix is an addition to 9fedd0d283 "kpatch-build: fix
gcc_version_check".

On some systems, the GCC version stored in vmlinux may have the
following format:
  (GNU) 4.8.3 20140911 (Red Hat 4.8.3-9)
while GCC returns
  (GCC) 4.8.3 20140911 (Red Hat 4.8.3-9)

As a result, binary patches cannot be built, although the compiler is
the same.

gcc_version_check() now takes this into account.

Signed-off-by: Evgenii Shatokhin <eshatokhin@odin.com>
2015-11-17 16:25:28 +03:00
Seth Jennings
f8d00bd232 Merge pull request #550 from libin2015/fix-find-parent-obj
kpatch-build: fix find_parent_obj
2015-11-16 13:29:35 -06:00
Seth Jennings
3d49e37f11 Merge pull request #548 from libin2015/fix-gcc-version-check
kpatch-build: fix gcc_version_check
2015-11-16 13:15:41 -06:00
Seth Jennings
aab5240df8 Merge pull request #555 from jpoimboe/static
create-diff-object: more static local variable rework
2015-11-16 11:55:36 -06:00
Seth Jennings
c7fd8673e9 Merge pull request #554 from jpoimboe/section-sym-gah
create-diff-object: handle reference to end of section
2015-11-16 10:37:32 -06:00
Josh Poimboeuf
fffbb85b81 create-diff-object: handle reference to end of section
Deal with a special case where gcc needs a pointer to the address at the end of
a data section.

This is usually used with a compare instruction to determine when to end a
loop.  The code doesn't actually dereference the pointer so this is "normal"
and we just replace the section reference with a reference to the last symbol
in the section.

Note that this only catches the issue when it happens at the end of a section.
It can also happen in the middle of a section.  In that case, the wrong symbol
will be associated with the reference.  But that's ok because:

1) This situation only occurs when gcc is trying to get the address of the
   symbol, not the contents of its data; and

2) Because kpatch doesn't allow data sections to change, &(var1+sizeof(var1))
   will always be the same as &var2.

Fixes: #553
2015-11-13 16:42:40 -06:00
Josh Poimboeuf
ac9020af20 create-diff-object: more static local variable rework
Refine the static local variable handling again.  This builds on a
previous patch by Zhou Chengming.

This fixes the following bugs reported by Zhou:

1.          xxx.123 ---> xxx.123 (previous correlation by coincidence)
            xxx.256 ---> xxx.256 (previous correlation by coincidence)
   But real xxx.123 ---> xxx.256

   In this case, the code doesn't work. Because when find patched_sym for
   xxx.123, the xxx.256 in patched_object hasn't been de-correlated.

2. old-object | new-object
        func1 | func1
      xxx.123 | xxx.123 (inline)
        func2 | func2
      xxx.256 | xxx.256
      xxx.123 | xxx.123 (inline)

   When find patched_sym for xxx.123, first find xxx.123 in func1 of new-object,
   But then find xxx.256 in func2 of new-object.
   So I think should not iterate the base-sections, when find one, just go out to next symbol.

Both of these problems can be fixed by splitting the code up into
multiple passes:

  1. uncorrelate all static locals
  2. correlate all static locals
  3. ensure each static local is referenced by all the same sections in
     both objects
  4. print warning on any new static locals

Fixes: #545
2015-11-13 13:56:13 -06:00
Li Bin
273ea9a06c kpatch-build: reduce dependency on bash version >4.0
Before this patch, kpatch_build dependends on bash version >4.0
that support declare -A. This patch remove this dependency by
replacing dict(declare -A) with array.

Signed-off-by: Li Bin <huawei.libin@huawei.com>
2015-11-13 17:13:39 +08:00
Li Bin
9143e88f16 kpatch-build: fix find_parent_obj
When find kobj, it should use 'cat changed_objs' to get the changed
objects, in order to process the following object format:
a/b/c/../../object.o. If using patched dir to get changed object,
the object will be a/object.o, but it is a/b/c/../../object.o in
*.cmd file.
This patch also fix the find_parent_obj that change the format
'a/b/c/../../object.o' to 'a/object.o' in deep find, otherwise
it will fail with "two parent matches for *.o".

Signed-off-by: Li Bin <huawei.libin@huawei.com>
2015-11-13 14:24:37 +08:00
Josh Poimboeuf
d529091f3b kpatch-build: cleanup on SIGHUP
Fix an issue where kpatch-build fails to clean up after hitting CTRL-C
during a remote integration test (make remote).
2015-11-12 20:39:14 -06:00
Li Bin
9fedd0d283 kpatch-build: fix gcc_version_check
gcc version string format may be 'gcc (xxx xxx) x.x.x [xxx]'
fix gcc_version_check to adapt to it.

Signed-off-by: Li Bin <huawei.libin@huawei.com>
2015-11-13 08:19:50 +08:00
Josh Poimboeuf
5429b18750 kpatch-build: s/TMPBUILDROOT/RPMTOPDIR/ 2015-11-04 12:11:26 -06:00
Josh Poimboeuf
0dec5136ee kpatch-build: clean up rpmbuild tmp directory handling
Setting HOME in a subshell is too hacky.  Instead just pass the rpmbuild
directory to the rpm and rpmbuild commands.
2015-11-03 14:35:33 -06:00
Seth Jennings
b2eeb59b8a Merge pull request #542 from jpoimboe/kpatch-build-cleanups
fix a couple of minor kpatch-build issues
2015-11-03 14:09:40 -06:00
Josh Poimboeuf
b8bc7c2812 kpatch-build: fix tempsrc directory leak
Also rename it to tmphome to more accurately describe its purpose.
2015-11-03 13:55:56 -06:00
Josh Poimboeuf
686cc4ff52 kpatch-build: put log file in $CACHEDIR
Otherwise it gets removed along with TEMPDIR if '--debug' isn't set.
2015-11-03 13:52:47 -06:00
Evgenii Shatokhin
ad6581756e kpatch-build: fix searching for the sizes of special structures
readelf -wi may output trailing spaces in the lines with section names
('alt_instr', etc.). The regexps should take this into account,
otherwise kpatch-build may fail with error:
    "can't find special struct size"
2015-11-03 12:39:39 +03:00
Seth Jennings
045a983574 Merge pull request #536 from jpoimboe/static-local-rewrite
Rewrite static local variable correlation logic
2015-11-02 11:16:55 -06:00
Chris J Arges
aaa584a856 kpatch-build: edit script description
This script works on other distros and can target source linux directories.
Adjust comments to match this.

Signed-off-by: Chris J Arges <chris.j.arges@canonical.com>
2015-10-30 17:01:27 -05:00
Josh Poimboeuf
7c88c41cfe create-diff-object: rewrite static local variable correlation logic
Rewrite the static local variable correlation logic.  The algorithm now
traverses all the static locals in the original object rather than the
patched object, ensuring that each symbol in the original object has a
twin.  It adds a new restriction that static local variables can't be
removed.

This adds support for the following:

- Multiple static locals with the same name in the same function

- Two separate static locals which happen to have the same numbered
  suffix

- Static locals which are referenced by data sections

- CSWTCH and other static locals which are sometimes unused due to
  sharing of their data sections

Fixes: #514
2015-10-29 16:52:10 -05:00
Josh Poimboeuf
bbc35bc12e Revert "create-diff-object: strip unused CSWTCH symbols"
It turns out this is a more general issue which exists for more than
just CSWTCH symbols.  The new static local handling code will handle it.

This reverts commit fd0c1bbe9c.
2015-10-29 16:51:22 -05:00
Seth Jennings
2e4dea5236 Merge pull request #525 from euspectre/no-reloc-fix
kpatch-build: revisit checking for fentry calls
2015-10-28 20:49:56 -05:00
Josh Poimboeuf
fd0c1bbe9c create-diff-object: strip unused CSWTCH symbols
Fixes: #532
2015-10-28 18:52:32 -05:00
Josh Poimboeuf
98f892b273 Revert "create-diff-object: Ignore unused CSWTCH static local symbols"
This reverts commit ce7ed7007b.
2015-10-28 18:41:50 -05:00
Seth Jennings
46732a74d3 Merge pull request #529 from jpoimboe/CSWTCH
create-diff-object: Ignore unused CSWTCH static local symbols
2015-10-28 14:47:41 -05:00
Seth Jennings
79945c3253 Merge pull request #531 from jpoimboe/vdso
kpatch-gcc: update ignore list
2015-10-28 14:46:57 -05:00
Evgenii Shatokhin
393be6f8fc kpatch-build: revisit checking for fentry calls
create-diff-object now checks if the original functions have fentry calls.
If an original function to be affected by the patch does not have the
fentry call, it cannot be patched. Error is reported in that case.

kpatch_create_mcount_sections() now also takes into account if a changed
or a new function has fentry call. If it does, mcount record is
generated for it as before. If a changed or a new function has no fentry
call, it is not an error in this case.

All this fixes the following issues.

1. If an original function has no fentry call (e.g. a "notrace" function)
but the patched function has it, the original function can not be
patched, but it would only be detected when applying the patch.

2. kpatch_create_mcount_sections() crashed if a patched function had no
relocation at all.

I observed such crashes when experimenting with a modified version of
the patch "tcp_cubic: better follow cubic curve after idle period" in
CentOS 7 x64.

Besides that, for a function with the first instruction starting with
0x0f, it would be incorrectly detemined that the function had fentry call.
The first bytes of the function would be overwritten in that case.

3. create-diff-object output an error if a new (an added) function had
no fentry call. This restriction is not necessary.

v2:

* Moved the check for fentry calls after the call to
kpatch_compare_correlated_elements() and before info about the original
ELF file is destroyed. The original symbols are now checked there (via
sym->twin) rather than the patched ones.

* Removed an excessive error check.

Signed-off-by: Evgenii Shatokhin <eshatokhin@odin.com>
2015-10-28 20:49:50 +03:00
Seth Jennings
01006814d8 Merge pull request #526 from arges/addflags
kpatch-build: consolidate build-artifacts and place into CACHEDIR
2015-10-28 12:44:18 -05:00
Chris J Arges
d0c8f43656 kpatch-build: put build artifacts into cachedir
Build artifacts are stored in $CACHEDIR/tmp instead of /tmp. This includes
files such as the build log and the temp directories used to build the patch.

In addition, allow $CACHEDIR to be set as an environment variable.

Signed-off-by: Chris J Arges <chris.j.arges@canonical.com>
2015-10-28 11:56:07 -05:00
Josh Poimboeuf
d378b245e5 kpatch-gcc: add libstub to ignore list
The firmware libstub library isn't a part of the proper runtime kernel
and can be safely ignored.

Fixes: #518
2015-10-28 11:39:55 -05:00
Josh Poimboeuf
a1d6b0d00e kpatch-gcc: update vdso location for newer kernels
With recent kernels, the vdso code has moved from arch/x86/vdso to
arch/x86/entry/vdso.

Fixes: #530
2015-10-28 11:27:15 -05:00
Josh Poimboeuf
ce7ed7007b create-diff-object: Ignore unused CSWTCH static local symbols
Fixes #519.
2015-10-28 10:06:51 -05:00
Seth Jennings
e78222e635 Merge pull request #527 from jpoimboe/werror
create-diff-object: make all warnings into errors
2015-10-27 12:07:20 -05:00
Josh Poimboeuf
1704498471 kpatch-build: detect special section group sizes
Hard-coding the special section group sizes is unreliable.  Instead,
determine them dynamically by finding the related struct definitions in
the DWARF metadata.

Fixes #517.
Fixes #523.
2015-10-27 11:31:40 -05:00
Josh Poimboeuf
2899b5c23c create-diff-object: make all warnings into errors 2015-10-27 11:29:38 -05:00
Evgenii Shatokhin
7b9629fc0a kpatch-build: do not use -ffunction-sections for a patch module itself
-ffunction-sections and -fdata-sections are needed when building the
original and the patched kernels.

It is not necessary, however, to use these options when building a
patch module itself, its functions and data are OK in the sections they
are.

Let us remove these options from KCGLAGS after the kernels have been
built.
2015-10-21 21:13:23 +03:00
Seth Jennings
1cd59c6603 Merge pull request #512 from euspectre/kpatch-build-symvers-fixes
kpatch-build: a couple of symvers-related fixes
2015-10-20 09:57:11 -05:00
Evgenii Shatokhin
9df043bc2e kpatch-build: do not clobber ~/rpmbuild directory
If a source RPM is used to obtain the kernel sources, kpatch-build
executes rpmdev-setuptree to prepare ~/rpmbuild directory tree, installs
the source RPM there. Then it calls 'rpmbuild -bp' to prepare the
kernel source tree.

All this, however, may clobber the existing contents of ~/rpmbuild,
which is very inconvenient if one uses rpmbuild to build other packages.

To avoid that, I could not find a better way than to specify a fake home
directory (~/.kpatch/tempsrc) for that portion of kpatch-build. It seems,
neither rpmdev-setuptree nor rpm have appropriate options for that.

I put the affected commands into a subshell so that the changes in $HOME
could not propagate to other parts of kpatch-build.
2015-10-19 15:45:43 +03:00
Evgenii Shatokhin
d5e3e09428 kpatch-build: look for symvers file in /lib/modules/.../kpatch too
If kpatch core module is packaged in an RPM and the package is installed,
the likely location of the module and its symvers file is
/lib/modules/<kernel_version>/extra/kpatch/.

kpatch-build checks this location too now when looking for the .symvers
file. This is convenient for distributing the Kpatch tools as RPMs and
the like.

Signed-off-by: Evgenii Shatokhin <eshatokhin@odin.com>
2015-10-19 14:23:35 +03:00
Evgenii Shatokhin
cba3081d59 kpatch-build: use Module.symvers for the target kernel
Before this fix, kpatch-build looked for Module.symvers for the core
module built for the currently running kernel. So, if one tried to build
a patch module for a kernel, different from the current one, an error
would occur. This patch fixed the problem.

Signed-off-by: Evgenii Shatokhin <eshatokhin@odin.com>
2015-10-19 13:19:09 +03:00
Seth Jennings
d444caa907 Merge pull request #510 from libin2015/support-add-new-file-v2
kpatch-build: support adding new files in patch
2015-10-16 09:29:45 -05:00
Li Bin
ef76bd9cc9 kpatch-build: support adding new files in patch
Geting the changed objects from the patched dir, in order to support
adding new files in patch.

Signed-off-by: Li Bin <huawei.libin@huawei.com>
2015-10-16 17:26:24 +08:00
Li Bin
724cac2e36 kpatch-build: support patching weak function
Before this patch, if changed function is weak symbol, it is not
be allowed to create live patch, and it will trigger the following
error:
/usr/local/libexec/kpatch/create-diff-object: ERROR: ***.o:
kpatch_create_patches_sections: 2294: lookup_global_symbol ***

And if the changed function reference the weak symbol, when loading
the patch module will trigger the following error:
module kpatch-***: overflow in relocation type *** val 0
insmod: can't insert 'kpatch-***.ko': invalid module format

This patch fix it and add support for patching weak function.

Signed-off-by: Li Bin <huawei.libin@huawei.com>
2015-10-16 13:21:00 +08:00
Seth Jennings
c8b0f18aa9 Merge pull request #504 from libin2015/section-change-fix
kpatch-build: verify bss/data/init section change properly
2015-10-15 17:05:07 -05:00
Josh Poimboeuf
beeadb8fa5 Merge pull request #503 from libin2015/master
kpatch-build: fix typo s/.rela.kpatch.patches/.rela.kpatch.funcs
2015-10-15 12:12:04 -05:00
Li Bin
5cb6a46069 kpatch-build: verify bss/data/init section change properly
kpatch_verify_patchability can detect the change of .bss or .data or
.init section, but it must be processed before verify num_changed.
Otherwise, for example, if only .init section changed, it will fail
with 'no changed functions were found', but not 'unsupported section
change(s)'.

With this patch,
for .init section: .init section will not a bundled section, so if
the section changed, not sync the function status, kpatch_verify_patchability
will give 'changed section <secname> not selected for inclusion' and
'unsupported section change(s)' error.

for .bss/.data section: kpatch_verify_patchability will ensure not
including .data or .bss section, otherwise it will give 'data section
<secname> selected for inclusion' and 'unsupported section change(s)'
error.

Signed-off-by: Li Bin <huawei.libin@huawei.com>
2015-10-13 09:29:38 +08:00
Li Bin
2722978fd6 kpatch-build: fix typo s/.rela.kpatch.patches/.rela.kpatch.funcs
Fix the kpatch_create_dynamic_rela_sections:
s/.rela.kpatch.patches/.rela.kpatch.funcs

Signed-off-by: Li Bin <huawei.libin@huawei.com>
2015-10-13 08:31:32 +08:00
Zhou ChengMing
0f556245e2 bugfix: correlate the rela sections of bundled static variables
If a static variable is a pointer, it has rela section.

Example:
	static int *p = &a;
changed to:
	static int *p = &b;
so its rela section has changed.

Then this change of data should be found and report error.
But if we don't correlate its rela section, we won't
find this change.

Signed-off-by: Zhou ChengMing <zhouchengming1@outlook.com>
2015-09-25 08:14:59 -07:00
Louis Taylor
5875032241 Fix kpatch-build failure with srpm on centos
kpatch-build was failing on centos7 with

    mv: cannot stat '/home/vagrant/rpmbuild/BUILD/kernel-*/linux-3.10.0-229.el7.x86_64': No such file or directory

in the error log. This was due to the actual directory being named
linux-3.10.0-229.el7.centos.x86_64. This patch avoids this failure by
adding a wildcard before the arch.

Signed-off-by: Louis Taylor <louis@kragniz.eu>
2015-05-31 02:47:52 +01:00
Seth Jennings
e731530ffc ensure scmversion consistency across builds
Signed-off-by: Seth Jennings <sjenning@redhat.com>
2015-01-23 16:17:09 -06:00
Xie XiuQi
6b446cba67 create-diff-object: fix a potential overflow for rela type
rela.type should be unsigned int instead of unsighed char.

/usr/include/gelf.h:#define GELF_R_TYPE(info)   ELF64_R_TYPE (info)
/usr/include/elf.h:#define ELF64_R_TYPE(i)      ((i) & 0xffffffff)

Signed-off-by: Xie XiuQi <xiexiuqi@huawei.com>
2015-01-19 22:43:26 +08:00
Josh Poimboeuf
f0ab1caad1 Merge pull request #459 from ColinIanKing/master
Fix memory leak on dest buffer on early return path
2014-10-21 10:03:09 -05:00
Josh Poimboeuf
d0697718da Merge pull request #458 from arges/master
kpatch-build: fixup source package version construction
2014-10-21 10:02:13 -05:00
Colin Ian King
a41ce8d409 Fix memory leak on dest buffer on early return path
dest is allocated but not freed on an early return path
where dest is not used

Signed-off-by: Colin Ian King <colin.king@canonical.com>
2014-10-20 09:42:44 +01:00
Chris J Arges
1831030c1d kpatch-build: fixup source package version construction
Bash doesn't correctly format the version string which causes the source
package to not be downloaded correctly.

Signed-off-by: Chris J Arges <chris.j.arges@canonical.com>
2014-10-17 15:38:05 +02:00
Seth Jennings
a31a31f184 Merge pull request #457 from jpoimboe/warn-fix
warn detection fix
2014-10-08 11:24:35 -05:00
Josh Poimboeuf
fca189152a fix review comment 2014-10-08 11:16:09 -05:00
Seth Jennings
664fb2a8a2 Merge pull request #453 from jpoimboe/rs-special-static
make _rs a "special" static local variable
2014-10-08 10:58:11 -05:00
Josh Poimboeuf
ea819a18b0 warn detection fix
The current WARN detection logic catches the majority of cases, but
there are still a lot of outliers which it doesn't catch (thanks, gcc).

I looked at a much larger sample of WARN calls and came up with a more
generic algorithm.
2014-10-07 22:01:14 -05:00
Josh Poimboeuf
128bc9fb31 fix review comments
- rela sections don't have secsyms
- add some comments
2014-10-07 19:47:38 -05:00
Josh Poimboeuf
027e2b3b4e fix review comment 2014-10-07 16:47:25 -05:00
Josh Poimboeuf
4c7fb9119a detect and ignore WARN-only changes
WARN-only function changes are very common, and a serious PITA for patch
authors.  Detect and ignore them.

Fixes #454.
2014-10-07 11:56:41 -05:00
Josh Poimboeuf
c799ecc55f make _rs a special static local
The _rs variable is used for printk ratelimiting, similar to __warned,
which makes it a logical candidate to be "special": don't correlate it,
yet don't mark a function as changed just because it references it.
2014-10-07 08:09:20 -05:00
Josh Poimboeuf
fe846f4d56 refactor is_special_static
Make is_special_static()'s implementation more generic to make it easier
to add special static variables in the future
2014-10-07 08:09:20 -05:00
Josh Poimboeuf
c705c767af change special_static_prefix to is_special_static
We no longer need to return the prefix, so change it to a boolean
function.
2014-10-07 08:09:20 -05:00
Josh Poimboeuf
0e8f1ae02d use kpatch_mangled_strcmp in rela_equal
Use kpatch_mangled_strcmp() to compare the prefixes of special static
locals.
2014-10-07 08:09:20 -05:00
Josh Poimboeuf
050d7933d7 refactor rela_equal
Make it easier to read and reduce the indent levels
2014-10-07 08:09:20 -05:00
Seth Jennings
bb6edd16f9 Merge pull request #452 from jpoimboe/module-call-external
allow patched modules to call external functions
2014-10-07 00:04:43 -05:00
Seth Jennings
31852c0dfa Merge pull request #451 from jpoimboe/sections-syms-fix
section reference replacement for references inside symbols
2014-10-07 00:01:20 -05:00
Josh Poimboeuf
f5de932b8d allow patched modules to call external functions
When patching a kernel module, if we can't find a needed dynrela symbol,
we currently assume it's exported.  However, it's also possible that
it's provided by another .o in the patch module.  Add support for that.

Fixes #445.
2014-10-06 23:16:13 -05:00
Josh Poimboeuf
2a29d8704e fix review comment 2014-10-06 22:56:53 -05:00
Josh Poimboeuf
3dd442b12d section reference replacement for references inside symbols
Currently unbundled section references are only replaced if the start of
the symbol is referenced.  It's also useful to support replacement of
references which point to inside the symbol.
2014-10-06 22:52:01 -05:00
Josh Poimboeuf
bb35e37c47 small replace_sections_syms refactor
Move this code block to a more logical place, outside of the symbol
loop.
2014-10-06 22:16:22 -05:00
Josh Poimboeuf
fb49e254cf improve static local variable correlation
Improve the static local variable correlation logic, for the case where
a static local is used by multiple functions.  For each usage of the
variable, look for a corresponding usage in the base object.  If we find
at least one matching usage, consider it a twin.
2014-10-06 14:38:46 -05:00
Seth Jennings
78b4d3c70d Merge pull request #443 from jpoimboe/func-special-static
static local fixes
2014-10-06 11:33:31 -05:00
Jessica Yu
09c39932b1 kpatch-gcc: for module patches, copy module to temp dir
For patches involving modules, copy the original module(s) to
TEMPDIR so that create-diff-object can create the correct lookup
tables
2014-10-06 01:05:36 -07:00
Josh Poimboeuf
f7c0e6849e allow static locals to be used by two functions
Allow static locals to be used by two functions.  This is possible if
the static's containing function is inlined.  We only need to find one
of them to do the correlation.
2014-10-03 16:02:16 -05:00
Josh Poimboeuf
03995e5223 make __func__ a special static local
The __func__ static local variable should be deemed "special", because
it doesn't need to be correlated and should be included when needed by
an include function.

I don't have a test case for F20, but this fixes the following types of
issues when doing a full-tree recompile on RHEL 7:

    ERROR: cifssmb.o: object size mismatch: __func__.49322
    ERROR: btmrvl_main.o: kpatch_correlate_static_local_variables: 982: static local variable __func__.44657 not used
    ERROR: iwch_qp.o: .rodata.__func__.46024 section header details differ
2014-10-03 12:27:27 -05:00
Seth Jennings
6175658196 Merge pull request #441 from jpoimboe/module-shadow
allow shadow functions to be called from modules
2014-10-02 23:22:26 -05:00
Seth Jennings
c6506ec549 Merge pull request #436 from jpoimboe/descriptor
make "descriptor" a special static local variable
2014-10-02 23:11:00 -05:00
Josh Poimboeuf
ea445c0333 allow shadow functions to be called from modules
Fixes an issue where attempting to call the shadow functions from a
module results in modpost failures:

    ERROR: "kpatch_shadow_get" [net/mac80211/mac80211.ko] undefined!
    ERROR: "kpatch_shadow_alloc" [net/mac80211/mac80211.ko] undefined!

LDFLAGS_MODULE is apparently not really needed.
2014-10-02 13:31:48 -05:00
Josh Poimboeuf
629b2eaa26 Merge pull request #439 from spartacus06/skip-gcc-check
Allow user to skip gcc version check
2014-10-01 15:46:42 -05:00
Seth Jennings
12e77bab46 fix usage formatting 2014-10-01 15:40:57 -05:00
Seth Jennings
d3abeb667a Allow user to skip gcc version check
Right now, unless the entire gcc version string, including build date
and package version, matches the distro kernel exactly, kpatch-build
won't proceed.

For some distros, it is very difficult to rollback to a previous
version of gcc and keep that version pinned on the system so that the
package manager doesn't update it.

For these user, add a --skip-gcc-check flag to kpatch-build to allow the
version check to be skipped.  If the user does this, it is assumed they
know what they are doing.  This flag is documented as "not recommended".

Signed-off-by: Seth Jennings <sjenning@redhat.com>
2014-10-01 14:25:02 -05:00
Josh Poimboeuf
51799dff2c remove "no changed functions" messages
When patching a shared header file, don't spam the user with hundreds of
lines of "no changed functions" messages.  We expect the user to be
proactive with verifying that the right functions are being patched
anyway, so this message isn't strictly necessary.
2014-10-01 14:12:25 -05:00
Seth Jennings
ac452ef175 check that logfile exists before printing message
Don't tell the user to check a log file that doesn't exist

Signed-off-by: Seth Jennings <sjenning@redhat.com>
2014-10-01 13:29:20 -05:00
Josh Poimboeuf
e27ffadce1 make "descriptor" a special static local variable
The "descriptor" static local variables and their containing __verbose
section are used for dynamic debug printks.  They should be considered
as special static local variable symbols because they have the same
requirements: they should never be correlated and they should only be
included if referenced by an included function.
2014-10-01 11:11:54 -05:00
Seth Jennings
8b1ae48d7c improve kpatch-build Makefile
Right now, the makefile has one target, create-diff-object, which
contains all the source/headers as one long list and all the source
files compiled in one command to make create-diff-object.

This doesn't scale well and doesn't accurately portray the dependencies
of each object that contribute to the final binary.

This commit renames create-diff-object.c to main.c so that it can be
compiled and linked seperately and cleanly in Make and autogenerates
dependencies for each .o. This should make it easier to add additional
object files, or refactor the very large main.o into seperate object
file, later.
2014-09-23 09:45:04 -05:00
Seth Jennings
88aae05894 Merge pull request #428 from jpoimboe/full-tree-recompile
full tree recompilation support
2014-09-15 21:22:08 -05:00
Josh Poimboeuf
a20940892a code review fixes 2014-09-15 21:11:13 -05:00
Josh Poimboeuf
46ba72b339 Merge pull request #429 from spartacus06/fix-srpm-regression
fix regression in user-specified source RPM
2014-09-15 21:08:51 -05:00
Seth Jennings
18d9e4daa9 fix regression in user-specified source RPM
A recent commit 74316588e is unconditionally setting the SRCRPM path
overwriting a user specified path.

Only set SRCRPM if SRCRPM is not already set.

Signed-off-by: Seth Jennings <sjenning@redhat.com>
2014-09-15 16:58:22 -05:00
Josh Poimboeuf
33cd945b14 new .fixup group size algorithm
The fixup_group_size() function assumes that all .fixup rela groups end
with a jmpq instruction.  That assumption turns out to be false when you
take into account the ____kvm_handle_fault_on_reboot() macro which is
used by kvm.

This is a new, more reliable method.  It turns out that each .fixup
group is referenced by the __ex_table section.  The new algorithm goes
through the __ex_table relas to figure out the size of each .fixup
group.

Also the .fixup section is now processed before __ex_table, because it
needs to access the original __ex_table relas before the unused ones
have been stripped.

Fixes the following error:

  ERROR: vmx.o: fixup_group_size: 1554: can't find jump instruction in .fixup section
2014-09-15 14:54:57 -05:00
Josh Poimboeuf
dbecef6e91 replace all unbundled section references with symbols
Currently we're checking for several special cases when deciding whether
to convert unbundled section references to their corresponding symbol
references.  We do it for all unbundled text sections as well as three
specific data sections.

There's no reason I can think of for why we shouldn't just do it for
_all_ unbundled sections.
2014-09-15 12:01:34 -05:00
Josh Poimboeuf
bfe7fca5bd rename global "objname" variable to "childobj"
There are two distinct usages of "objname" as a variable name:

- the parent object being patched (e.g. vmlinux)
- the child object being analyzed (e.g. meminfo.o)

The name of the global objname variable conflicts with several
functions' usage of a local objname variable, resulting in some error
messages of e.g., "ERROR: vmlinux:" instead of "ERROR: meminfo.o:".

Rename the global objname variable to childobj.
2014-09-15 11:36:02 -05:00
Josh Poimboeuf
ba7c905b3a process special sections after checking for changes
There's no need to process special sections if we're returning due to no
functions changing.

Also this means we don't have to deal with extra-special usage of the
.fixup section (here's looking at you arch/x86/lib/copy_user_64.S -- we
can't patch functions in .S files anyway).
2014-09-15 11:17:37 -05:00
Josh Poimboeuf
218011b268 kpatch-build: allow two parents unless the object changes
With some obscure drivers, the same object file can be linked into
multiple parent objects.  Only call this out as an error if the object
has changed, otherwise it doesn't matter.

Fixes the following issue:

    ERROR: two parent matches for drivers/media/radio/si470x/radio-si470x-common.o.
2014-09-15 11:17:37 -05:00
Josh Poimboeuf
f5dbd7816e kpatch-gcc: skip vdso files
vdso files aren't kpatch-compatible, and give errors like the following:

    ERROR: invalid ancestor arch/x86/vdso/vdso32-sysenter.so.dbg for arch/x86/vdso/vdso32/sysenter.o
2014-09-15 11:17:37 -05:00
Josh Poimboeuf
8c2792af6c kpatch-build: deep find performance improvement
If we have to do a deep find (e.g. search the entire tree) to find a
parent object, first try searching in the last successful deep find
directory.  This is a performance improvement in the case of a full tree
rebuild, because deep finds are very expensive, and it's not uncommon
for there to be multiple objects in a directory being linked into an
object in another directory.
2014-09-15 11:17:37 -05:00
Josh Poimboeuf
a851517165 kpatch-build: add more ancestors for vmlinux
There are a few more valid ancestors for vmlinux other than built-in.o.
This fixes errors similar to the following:

    ERROR: invalid ancestor arch/x86/lib/lib.a for arch/x86/lib/usercopy_64.o
2014-09-15 11:17:37 -05:00
Josh Poimboeuf
5cce81f49b kpatch-gcc: properly quote arguments
Fixes an error when the following is an argument to gcc:

'-DIPATH_IDSTR="QLogic' kernel.org 'driver"'

gcc: error: kernel.org: No such file or directory
gcc: error: driver": No such file or directory
2014-09-15 11:17:37 -05:00
Josh Poimboeuf
d254d3d0f2 fix review comments
Use the wget -P option.
2014-09-15 11:12:11 -05:00
Josh Poimboeuf
74316588e8 kpatch-build: download fedora src rpms from koji
yumdownloader is problematic because it doesn't allow you to download
anything but the latest released kernel.  It can also be slow at times.
Instead, for Fedora, download the RPMs from koji.
2014-09-15 11:12:11 -05:00
Josh Poimboeuf
6176353f8d kpatch-build: add KVER and KREL variables
Add KVER and KREL variables, and use them where appropriate.  Also
remove the setting of ARCHVERSION in the '-s' case, since it's not
actually used anywhere in that case.
2014-09-15 11:11:25 -05:00
Josh Poimboeuf
d41365fc0e process special sections after inclusion logic
The special sections should be processed after all the other inclusion
logic has run, so that should_keep_rela_group() can work properly.
Otherwise it might remove a needed rela group from a special section.
2014-09-12 14:03:10 -05:00
Seth Jennings
fef7a6ede5 check ARCHVERSION for hyphen before creating localversion
If hyphen doesn't exist in uname -r (ARCHVERSION), then it is probably a
non-distro kernel and we don't need to create the localversion file.

Fixes #376

Signed-off-by: Seth Jennings <sjenning@redhat.com>
2014-09-11 15:38:05 -05:00
Seth Jennings
93398c21ca Merge pull request #412 from jpoimboe/key-warned
support for__key and __warned special static local vars
2014-09-11 14:24:49 -05:00
Seth Jennings
a82b3d8fa0 Merge pull request #415 from jpoimboe/mangled-strcmp
fix the mangled function strcmp
2014-09-11 13:30:17 -05:00
Seth Jennings
671a30fb99 Merge pull request #413 from jpoimboe/static-fix
skip data sections when looking for users of static locals
2014-09-11 13:22:51 -05:00
Josh Poimboeuf
1553764be6 add other users of kpatch_mangled_strcmp 2014-09-11 08:27:09 -05:00
Josh Poimboeuf
0da57e8807 fix the mangled function strcmp
Fix the mangled function strcmp so that it compares all of the string
except for the numbered parts.  foo.isra.35 should match foo.isra.1, but
not foo.isra.35.part.36.

Fixes #352.
2014-09-10 21:25:30 -05:00
Josh Poimboeuf
24ea032f9f allow the user to ignore a rela section
If the user specifies KPATCH_IGNORE_SECTION for a rela section, ignore
the corresponding text section instead of corrupting memory.

Fixes #381.
2014-09-10 17:05:17 -05:00
Josh Poimboeuf
b2f47f9ef3 add another user of is_text_section 2014-09-09 15:11:09 -05:00
Josh Poimboeuf
0537ff6a6f skip data sections when looking for users of static locals
It's possible for a static local variable's data section to have
a relocation which refers to the variable symbol itself.  Fix the logic
which searches for the user of a static local variable by only looking
in text sections (i.e. functions).

Fixes #411.
2014-09-09 14:43:42 -05:00
Josh Poimboeuf
db91697542 don't convert section references to syms for debug sections
This fixes a seg fault in the test suite caused by a debug section
referencing an un-included unbundled symbol (though its section was
included).  The symbol was a __warned symbol and the section was
.data.unlikely.

For debug sections, there is no need to replace section references with
symbols because we don't compare debug sections.
2014-09-09 13:36:23 -05:00
Josh Poimboeuf
2982962549 support for__key and __warned special static local vars
Add support for the __key and __warned "special" static local variables.
I'm calling them that for lack of a better term, analagous to the
kernel's special sections that we have to deal with.

__warned: Used by WARN_ONCE et al as an indicator as to whether a
message has already been printed.  I think it makes sense (and is much
easier) to reset this counter for a given function when replacing the
function, since the user may expect the new function to warn again.

__key: Used by lockdep as an identifier for a given lock initialization
code path (see http://lwn.net/Articles/185666/ for more info).  I think
it makes sense (and is much easier) to create a new key for a given
function when replacing the function, because the locking semantics may
have changed, so it makes sense for lockdep to use a new key to validate
the new locking behavior.

So for both __warned and __key static variables, the new version of the
variable should be used when referenced by an included function.

Made the following changes to support these special variables:

- Ignore their suffixes when comparing them in rela_equal, so that gcc
  renaming them will not result in a function being marked as changed
  just because it referenced a renamed static local

- Don't ever correlate them, so that their new versions will be included
  if a changed or new function uses their corresponding symbols

Fixes #402.
2014-09-09 13:36:20 -05:00
Seth Jennings
c21cc1292f Merge pull request #398 from flaming-toast/patch-reenable
re-enable forced patch modules
2014-09-09 12:05:30 -05:00
Josh Poimboeuf
57ee537053 Merge pull request #408 from cormander/show-all-errors
die on create-diff-object when all objects have processed
2014-09-09 10:51:36 -05:00
Jessica Yu
0c9a54645c re-enable patch modules with checksum matching
In order to safely re-enable patch modules, add a special
.kpatch.checksum section containing an md5sum of a patch module's
contents. The contents of this section are exported to sysfs via
patch_init and double checked when kpatch load finds that a module of
the same name is already loaded.
2014-09-09 07:52:16 -04:00
Corey Henderson
3d9a140bfa oops, use sym->name, not sym->sec->rela->name 2014-09-08 22:44:55 -04:00
Corey Henderson
55c981d794 Give more generic failure message, and include ERROR in output 2014-09-08 22:28:00 -04:00
Corey Henderson
3e14e1859f change in wording per jpoimboe 2014-09-08 22:21:20 -04:00
Corey Henderson
96b4e099d8 Be more specific about the bad first instruction 2014-09-08 22:04:18 -04:00
Corey Henderson
c0113db4ad die on create-diff-object when all objects have processed
When working on large patches that are bound to have lots of
errors, it can be frustrating to have to re-run the build and wait
after every error you fix. With this patch, you get a chance to see
most (if not all) of the errors you'll be facing, at least across
the different object files.
2014-09-08 21:46:40 -04:00
Seth Jennings
3343eed007 Merge pull request #380 from jpoimboe/shadow-variables
add support for shadow variables
2014-09-08 14:17:37 -05:00
Josh Poimboeuf
4dee89269c add support for shadow variables
This adds support for shadow variables, which allow you to add new
"shadow" fields to existing data structures.

To allow patches to call the shadow functions in the core module, I had
to add a funky hack to use --warn-unresolved-symbols when linking, which
allows the patched vmlinux to link with the missing symbols.  I also
added greps to the log file to ensure that only unresolved symbols to
kpatch_shadow_* are allowed.  We can remove this hack once the core
module gets moved into the kernel tree.

Fixes #314.
2014-09-08 13:36:37 -05:00
Corey Henderson
1e878ed8fa just put objname inside of error for ERROR 2014-09-08 00:19:45 -04:00
Corey Henderson
af942023dc Send all error output to STDERR 2014-09-07 23:58:27 -04:00
Corey Henderson
5228e07c63 Give objname on build error 2014-09-07 23:38:04 -04:00
Corey Henderson
69cc2f7a4e Call die() instead of exit on SIGSEGV 2014-09-05 00:48:11 -04:00
Corey Henderson
aa7f14be0d Always show the $LOGFILE on build failure 2014-09-05 00:44:02 -04:00
Josh Poimboeuf
99308028d5 print new functions
Fixes #397.
2014-09-04 08:44:54 -05:00
Seth Jennings
6023e9bbde always include new global symbols
In the case that a new global symbol is defined in a file but not used
by a changed function, the symbol will currently not be included.

However, since it is global, another file in the patch my reference it,
but it will not be there.

This commit includes new global symbols so that they may be referenced
by changes in other files within the same patch.

Signed-off-by: Seth Jennings <sjenning@redhat.com>
2014-09-03 14:32:58 -05:00
Josh Poimboeuf
02fcfa506b code review fixes
Rename bundled1 to bundled and bundled2 to basebundled.
2014-09-03 13:11:04 -05:00
Josh Poimboeuf
8ac338aac4 support renaming of unbundled static locals
WARN_ON_ONCE places the __warned static local variable in the
.data.unlikely section, so it's not bundled (i.e. ignored by the
-fdata-sections gcc flag).  There's no reason why we can't rename
unbundled symbols, so add support for them.

Fixes #394.
2014-09-03 10:03:01 -05:00
Josh Poimboeuf
017c5e6395 allow multiple references to same static local var
This fixes a logic bug in the static local variable code where we don't
allow multiple relocation references to the same static local variable
symbol.
2014-09-03 09:55:40 -05:00
Seth Jennings
d0606ae91d Merge pull request #390 from jpoimboe/inter-object-call
support for calling a new function in another object
2014-09-02 11:08:55 -05:00
Seth Jennings
21c684a794 Merge pull request #378 from jpoimboe/rodata-isra
support renaming of mangled .rodata sections
2014-09-02 11:06:16 -05:00
Josh Poimboeuf
f257de7c77 support for calling a new function in another object
If a patch adds a new function in foo.c, and calls that function from
bar.c, currently it fails with something like:

    kpatch_create_dynamic_rela_sections: 2115: lookup_global_symbol failed for tpe_allow_file, needed for .text.do_mmap_pgoff

This (crudely) fixes the issue by assuming that if we can't find the
global symbol in the original vmlinux, that it will be provided by
another object in the patch module.  If that assumption is incorrect,
the module will fail to load due to the missing symbol dependency.

A (perhaps) better way to fix this is to search for the symbol in the
patched version of the vmlinux.  But I think this approach is good
enough, for now at least.

Fixes #388.
2014-09-02 10:05:49 -05:00
Seth Jennings
b369d4852a Merge pull request #383 from jpoimboe/sec2-var-rename
rename variables for better readability
2014-08-29 16:15:03 -05:00
Josh Poimboeuf
091930fc80 rename variables for better readability
The naming of variables in this function is confusing, and really threw
me for a loop: sec is first used as an iterator, then sec is reused to
point to the dynrela section, then sec2 is used as another iterator.

Instead make sec the iterator for both loops and dynsec the dynrela
section pointer.
2014-08-29 16:05:52 -05:00
Josh Poimboeuf
ffe560f565 improve KPATCH_IGNORE_SECTION error message 2014-08-29 15:16:52 -05:00
Josh Poimboeuf
ae4ad2b4f1 change format of "ignoring" messages
Change the "ignoring" message formatting to be consistent with the
"changed function:" message to make it a little easier to read.
2014-08-28 15:30:43 -05:00
Josh Poimboeuf
e7d00cb9df support renaming of mangled .rodata sections
When a function foo.isra.1 has a switch statement, it might have a
corresponding .rodata.foo.isra.1 section (in addition to its
.text.foo.isra.1 section).  If so, rename that section too.

Otherwise kpatch-build will get confused when comparing the function's
relas which reference the .rodata section, and will mark the function's
rela section as changed because the rela symbol names differ.

I found this bug when trying to build the patch from upstream Linux
commit a3c54931.  Unfortunately this issue is already fixed on F20 and I
wasn't able to come up with a similarly failing test case for the
integration test suite.
2014-08-28 14:34:19 -05:00
Terry Wang
9fcd8ba732 kpatch-build: add Oracle Linux 7 and CentOS 7 support 2014-08-19 17:38:47 +10:00
Seth Jennings
7b82b59a68 Merge pull request #360 from flaming-toast/func-sysfs-fix
kpatch-patch-hook: fix incorrect old_offsets for loadable modules
2014-08-15 21:33:45 -05:00
Jessica Yu
6a69f5f91a consolidate variables func->old_offset and func->old_addr to just old_addr
To reduce redundancy, remove/change the old_offset fields in the
kpatch_func and kpatch_patch_func structs to just old_addr. Since
old_offset is being used as a placeholder for old_addr, might as well
consolidate it to just one variable.
2014-08-15 23:42:26 -07:00
Josh Poimboeuf
543ad11ccd create-diff-object: allow new data to be included
Allow the inclusion of new global variables.
2014-08-14 01:12:27 -05:00
Seth Jennings
26ef7bfcb1 always include .rodata.str1.* sections
Signed-off-by: Seth Jennings <sjenning@redhat.com>
2014-08-13 21:26:34 -05:00
Seth Jennings
f466a60708 fix use-after-free error
Don't use rela after you just freed it!

Signed-off-by: Seth Jennings <sjenning@redhat.com>
2014-08-13 17:08:42 -05:00
Seth Jennings
7dfad2fb76 fix dynrela corruption in load/unload hooks
In kpatch_create_dynamic_rela_sections() the dest field is filled in
with either the function symbol or the section symbol that contains the
function depending on whether or not the sym field of the base section
is NULL or not (around line 2153).

In the case of the hook functions, we strip the FUNC symbol to prevent
it from being added to the kpatch.funcs section as a patched function.
However we weren't unbundling the stripped symbol from the section.
This resulted in the sym field pointing to the null symbol (index 0),
corrupting the dynrelas rela section.

Before:

Relocation section [14] '.rela.kpatch.dynrelas' for section [13] '.kpatch.dynrelas' at offset 0x8b8 contains 6 entries:
  Offset              Type            Value               Addend Name
  000000000000000000  X86_64_64       000000000000000000      +9
  0x0000000000000018  X86_64_64       000000000000000000      +8 .kpatch.strings
  0x0000000000000020  X86_64_64       000000000000000000      +0 .kpatch.strings
  0x0000000000000030  X86_64_64       000000000000000000      +9
  0x0000000000000048  X86_64_64       000000000000000000      +8 .kpatch.strings
  0x0000000000000050  X86_64_64       000000000000000000      +0 .kpatch.strings

This commit unbundles the stripped symbol from the section so that the
section symbol is used in the dynrelas rela section.

After:

Relocation section [14] '.rela.kpatch.dynrelas' for section [13] '.kpatch.dynrelas' at offset 0x8b8 contains 6 entries:
  Offset              Type            Value               Addend Name
  000000000000000000  X86_64_64       000000000000000000      +9 .text.kpatch_load_aio_max_nr
  0x0000000000000018  X86_64_64       000000000000000000      +8 .kpatch.strings
  0x0000000000000020  X86_64_64       000000000000000000      +0 .kpatch.strings
  0x0000000000000030  X86_64_64       000000000000000000      +9 .text.kpatch_unload_aio_max_nr
  0x0000000000000048  X86_64_64       000000000000000000      +8 .kpatch.strings
  0x0000000000000050  X86_64_64       000000000000000000      +0 .kpatch.strings

Signed-off-by: Seth Jennings <sjenning@redhat.com>
2014-08-13 13:40:29 -05:00
Seth Jennings
e020127eea allow patches that only contains hook functions
Fixes #357

Signed-off-by: Seth Jennings <sjenning@redhat.com>
2014-08-13 11:28:43 -05:00
Josh Poimboeuf
7b4ee86197 kpatch-gcc: fix for .tmp_* objects on RHEL 7
On RHEL 7 I see the following error when trying to patch meminfo.o:

    cp: cannot stat ‘/home/user/.kpatch/obj/fs/proc/.tmp_meminfo.o’: No such file or directory

It turns out that on RHEL 7, a given object foo.o is compiled as
.tmp_foo.o before then being linked as foo.o.  I have no idea why.  The
fix is to record .tmp_foo.o as foo.o in the changed_objs file.
2014-08-12 21:21:53 -05:00
Seth Jennings
e1e694db4b review fixups
Signed-off-by: Seth Jennings <sjenning@redhat.com>
2014-08-11 22:41:09 -05:00
Seth Jennings
a0e6dce9af cleanup kpatch_correlate_symbols()
This commit inverts some logic to reduce the max indentation

Signed-off-by: Seth Jennings <sjenning@redhat.com>
2014-08-11 17:24:05 -05:00
Seth Jennings
bf86555e06 add correlation and compare support for GROUP sections
GROUP section are rare and are a mechanism in the ELF to indicated that
certain groups of section must be included or excluded (stripped)
together.

It is valid to have more than one of these section with the same
".group" name.  This currently messes up the section correlation code
with correlates based solely on name.

This commit adds additional correlation criteria for GROUP sections;
namely, the section content must be the same.  Changing of groups
sections (i.e. reindexing of the section indexes the GROUP section
includes in their section data) is not supported and will result in a
"new/changed section not included" error.

Signed-off-by: Seth Jennings <sjenning@redhat.com>
2014-08-11 17:24:05 -05:00
Seth Jennings
e483cda793 support renaming of mangled functions in unbundled sections
Signed-off-by: Seth Jennings <sjenning@redhat.com>
2014-08-08 15:20:31 -05:00
Josh Poimboeuf
a600f1d117 kpatch-build: don't link unchanged objects
The FILES variable can contain unchanged objects, so don't use it to
determine which objects to link.  Instead, just use all the objects that
were placed in the output directory by create-diff-object.
2014-08-08 14:22:17 -05:00