kpatch-elf::kpatch_write_output_elf will call the gelf_getclass()
to acquire the output elf's class. But the input parameter kelf->elf
is NULL, the gelf_getclass(kelf->elf) will return ELFCLASSNONE, not
the value we expect ELFCLASS32 or ELFCLASS64.
the gelf_getclass function code:
int
gelf_getclass (Elf *elf)
{
return elf == NULL || elf->kind != ELF_K_ELF ? ELFCLASSNONE : elf->class;
}
the gelf_newehdr fuction code:
void *
gelf_newehdr (Elf *elf, int class)
{
return (class == ELFCLASS32
? (void *) INTUSE(elf32_newehdr) (elf)
: (void *) INTUSE(elf64_newehdr) (elf));
}
Luckily, when we create a patch for x86_64 or powerpc64, if we pass the
ELFCLASSNONE for the function gelf_newehdr, it will return elf64_newehdr,
so don't cause the fault. But it's better to use the gelf_getclass(elf)
instead of gelf_getclass(kelf->elf).
Signed-off-by: chenzefeng <chenzefeng2@huawei.com>
make check using shellcheck version 0.6.0 suggests following
improvements:
In kpatch/kpatch line 160:
if [[ ! -z "$checksum" ]] && [[ -e "$SYSFS/${modname}/checksum"]] ; then
^-- SC2236: Use -n instead of ! -z.
In kpatch-build/kpatch-build line 953:
[[ ! -z "$UNDEFINED" ]] && die "Undefined symbols: $UNDEFINED"
^-- SC2236: Use -n instead of ! -z.
'-n' and '! -z' are used interchangeably across the scripts, let's use
'-n' consistently to check a non-empty string instead of using negation.
Signed-off-by: Kamalesh Babulal <kamalesh@linux.vnet.ibm.com>
Since commit c9614c4298 kpatch has support for upstart systems,
which means we should test the existence of `systemctl` before executing
it.
The command `command` is POSIX compliant, and should be widely
available.
Signed-of-by: Bruno Loreto <loretob@amazon.com>
The create-diff-object.c create intermediate ".kpatch.relocations"
sections instead of ".kpatch.dynrelas" sections, and add a new
section ".rela.kpatch.symbols", so we should update the conditions
in function kpatch_create_intermediate_sections for these changed.
Fixes: 87643703a7 ("create-diff-object: create .kpatch.relocations and .kpatch.symbols sections")
Signed-off-by: chenzefeng <chenzefeng2@huawei.com>
After changing the gcc name in a linux tree to gcc72, kpatch-build failed to
produce hotpatches with the error message "ERROR: no changed objects found."
This is due to a wrapper script called kpatch-gcc, called while kpatch-build
builds the kernel, which checks if the compiler name matches exactly gcc,
failing the check when comparing to gcc72, and thus not producing the expected
file changed_objs containing the list of changed objects.
This commit fixes this issue by loosening the check on the gcc name.
Signed-off-by: Bruno Loreto <loretob@amazon.com>
Reviewed-by: Bjoern Doebel <doebel@amazon.com>
Reviewed-by: Amit Shah <aams@amazon.com>
Reviewed-by: Pawel Wieczorkiewicz <wipawel@amazon.com>
We can no longer use klp_register_patch symbol to determine if the
kernel is livepatch-enabled. Use klp_enable_patch instead.
Signed-off-by: Artem Savkov <asavkov@redhat.com>
The kpatch-build :: find_parent_obj() function's "deep find" may
failed to find objects if they are not located in current directory:
ERROR: invalid ancestor xxx/xxx.o for xxx/xxx.o.
This is reproducable when building an out-of-tree module of the
following structure:
wwheart@linux41:~/helloworld 0 > tree -a
.
├── buffer_overflow1.ko
├── .buffer_overflow1.ko.cmd
├── buffer_overflow1.mod.c
├── buffer_overflow1.mod.o
├── .buffer_overflow1.mod.o.cmd
├── buffer_overflow1.o
├── .buffer_overflow1.o.cmd
├── hello.c
├── hello.o
├── .hello.o.cmd
├── Makefile
├── modules.order
├── Module.symvers
├── test.patch
├── .tmp_versions
│ └── buffer_overflow1.mod
└── xxx
├── xxx.c
├── xxx.h
├── xxx.o
└── .xxx.o.cmd
wwheart@linux41:~/helloworld 0 > cat test.patch
diff --git a/xxx/xxx.c b/xxx/xxx.c
index aab3c67..d81ad00 100644
--- a/xxx/xxx.c
+++ b/xxx/xxx.c
@@ -1,6 +1,7 @@
#include <linux/kernel.h>
void czf_test(void)
{
+ printk("livepatch test\n");
printk("xxx\n");
}
wwheart@linux41:~/helloworld 0 > cat Makefile
obj-m += buffer_overflow1.o
buffer_overflow1-y += hello.o xxx/xxx.o
Modify the deep find to traverse sub-directories in order to search
the entire tree instead of only the current directory.
Fixes: 8c2792af6c ("kpatch-build: deep find performance improvement")
Signed-off-by: chenzefeng <chenzefeng2@huawei.com>
In v5.1, upstream kernel commit 958ef1e39d24 ("livepatch: Simplify API
by removing registration step") removed klp_(un)register_patch(). We
only need to call klp_enable_patch() now.
Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
reason: after the function klp_unregister_patch, the lpatch must
be freed, otherwise, it would cause memory leak.
Signed-off-by: chenzefeng <chenzefeng2@huawei.com>
reason: The strdup() function returns a pointer to a new string
which is a duplicate of the string s. Memory for the
new string is obtained with malloc, and can be freed
with free.
here, fix memleak by removing the strdup.
Signed-off-by: chenzefeng <chenzefeng2@huawei.com>
reason: Firstly, in the function lookup_open use the malloc to
allocate some memory, but call the function lookup_close
to free the memory.
Secondly, table->obj_sym->name, table->exp_sym->name and
table->exp_sym->objname used the strdup, so them should
free also.
Thirdly, adjust the order of make_nodname, if not, it
will cause an exception when free(exp_sym->objname) in
lookup_close.
Signed-off-by: chenzefeng <chenzefeng2@huawei.com>
Create a minor release that includes fixes for:
- Lots of integration test work
- Better support for building out-of-tree modules
- Updated manpage options, drop deprecated distro specific mentions
- README.md updates for shadow variables, out-of-tree modules
- Fix core module compilation with CONFIG_HAVE_ARCH_PREL32_RELOCATIONS
- kpatch-build detects and abort on unsupported options
GCC_PLUGIN_LATENT_ENTROPY, GCC_PLUGIN_RANDSTRUCT
- Fix patch linking with 4.20+
- Other minor shellcheck and kpatch-build fixups
Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
Some unit tests may need debug symbols to reproduce problems (see
issue #928 for example), so skip the unit-test Makefile.include
check_stripped call for objects that include "NOSTRIP" in their
filename.
Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
This reverts commit 87c64519fc.
The jump label support doesn't work with upstream livepatch. Joe
Lawrence found the following ordering issue:
load_module
apply_relocations
/* Livepatch relocation sections are applied by livepatch */
if (info->sechdrs[i].sh_flags & SHF_RELA_LIVEPATCH)
continue;
post_relocation
module_finalize
jump_label_apply_nops << crash
...
do_init_module
do_one_initcall(mod->init)
__init patch_init [kpatch-patch]
klp_register_patch
klp_init_patch
klp_init_object
klp_init_object_loaded
klp_write_object_relocations
So jump_label_apply_nops() is called *before*
klp_write_object_relocations() has had a chance to write the klp
relocations (.klp.rela.kvm_intel.__jump_table, for example).
We need to resolve this upstream first.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
When building out-of-tree modules, gcc may be passed full source
pathnames (like /home/user/testmod/testmod.c). Adjust the filepath
filtering in kpatch-gcc to match against files relative to the
KPATCH_GCC_SRCDIR / kpatch-build SRCDIR prefix.
Fixes: #941
Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
For consistency, use the long format command line options in the
description and sample invocation. Also, use "--oot-module" and not
"--out-of-tree" as per kpatch-build sources.
Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
Add support for jump labels, also known as static jumps, static keys,
static branches, and jump tables. Luckily,
kpatch_process_special_sections() is already generic enough to make this
an easy fix.
Fixes: #931
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Add support for optional <test-name>.env files that contain additional
environment variables. This can also be used to override per-arch env
vars we have because last value assigned will be used.
Signed-off-by: Artem Savkov <asavkov@redhat.com>
When quickly loading/unloading this patch multiple times it is possible
to hit "Duplicate shadow variable" warnings since the patch doesn't have
any cleanup hooks on unload.
Switch to klp_shadow_get_or_alloc to ignore these.
Signed-off-by: Artem Savkov <asavkov@redhat.com>
For fun I tried to create a livepatch of upstream patch
ad211f3e94b314a910d4af03178a0b52a7d1ee0a for my kernel. This
caused kpatch-build to fail with a NULL pointer derefence because
base_locals was NULL (returned via kpatch_elf_locals(), which
can return a NULL pointer). This patch fixes the SIGSEGV
via a NULL check. The end result is a live patch is created
and loaded.
Signed-off-by: Balbir singh <bsingharora@gmail.com>
Hardcode a blacklist of modules in multiple.test so we can deal
with conflicts while only updating the test when those arise.
Signed-off-by: Artem Savkov <asavkov@redhat.com>
Dynamically compile module list based on -LOADED.test files in all
multiple.test scripts.
The scripts is now the same across all three directories so it might be
good to deduplicate it somehow along with other common tests.
Signed-off-by: Artem Savkov <asavkov@redhat.com>
