Building data-read-mostly.patch on rhel-9.0-beta for ppc64le leads to a
segmentation fault:
Program received signal SIGSEGV, Segmentation fault.
kpatch_check_relocations (kelf=0x10040490) at create-diff-object.c:2571
2571 sdata = rela->sym->sec->data;
(gdb) bt
(gdb) p rela->sym->sec->data
Cannot access memory at address 0x160000007e
Valgrind narrows the problem down to invalid reads through rela->sym in
kpatch-check-relocations().
The culprits are kpatch_create_intermediate_sections(), which marks
symbols referenced by rela sections that are now dynrelas to be
stripped, and kpatch_strip_unneeded_syms(), which removes and frees
them.
The problem with the symbol stripping is that multiple relas may
reference the same ELF symbol. If any remaining relocation references a
shared symbol, we must keep it.
Replace the symbol->strip boolean with an enumeration:
SYMBOL_DEFAULT - initial value, symbol usage unknown
SYMBOL_USED - symbol is definitely used by a rela
SYMBOL_STRIP - symbol was only referenced by dynrela(s)
Allow transitions from SYMBOL_DEFAULT to SYMBOL_* and SYMBOL_STRIP to
SYMBOL_USED, but _not_ SYMBOL_USED to SYMBOL_*.
Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
gcc-static-local-var-4.patch is disabled on this distribution, disable
the test as well as it will always fail during 'slow' integration test
runs.
Signed-off-by: Artem Savkov <asavkov@redhat.com>
For each printk() call site, CONFIG_PRINTK_INDEX makes a static local
struct named `_entry`, and then adds a pointer to it in the
`.printk_index` section.
When regenerating the `.printk_index` section for the patch module, we
only need to include those entries which are referenced by included
functions. Luckily this is a common pattern already used by several
other "special" sections. Add `.printk_index` to the special section
handling logic.
Fixes: #1206
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
CONFIG_PRINTK_INDEX creates a static local struct variable named
`_entry` for every call site to printk(). The initializer for that
struct assigns the `__LINE__` macro to one of its fields.
Similarly to the WARN macro's usage [1] of `__LINE__`, it causes
problems because it results in the line number getting directly embedded
in the struct. If a line is added or removed higher up in the source
file, the `_entry` struct changes accordingly due to a change in the
printk() call site line number.
`_entry` is similar to other "special" static locals, in that we don't
need to correlate the patched version with the original version. We can
instead just ignore any changes to it.
Any substantial (non-line-number) change to the `_entry` struct would be
a second-order (dependent) effect of a first-order code change, which
would be detected using other means. In that case the patched version
of `_entry` will be included, due to being referenced by the changed
function.
Fixes: #1206
[1] See kpatch_line_macro_change_only()
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Update the test/integration/Makefile to pass a KPATCH_BUILD_OPTS
variable to kpatch-test. This allows the user better control over the
kpatch build process, for example, building non-atomic replace .ko files
on kernels that do support atomic-replace:
% make integration KPATCH_BUILD_OPTS="--non-replace"
Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
Rebased to kernel-4.18.0-304.el8.
Note: since RHEL-8.4 dropped klp.arch support, we can now re-enable
those tests that reference static keys defined in vmlinux.
Also, adjust for adjust for ppc64le inlining:
Building gcc-static-local-var-4.patch on ppc64le results in test
failure, as the kpatch .ko now contains a 'free_ioctx' symbol (the test
expects to NOT see one).
From the build log:
aio.o: changed function: free_ioctx
aio.o: new function: put_aio_ring_file << now un-inlined?
aio.o: changed function: aio_free_ring
aio.o: changed function: ioctx_alloc
aio.o: changed function: aio_prep_rw
aio.o: changed function: aio_read_events
aio.o: new function: kpatch_aio_foo << expected new function
and a source code change to free_ioctx():
% diff -upr \
<(objdump -D -j .text.free_ioctx ~/.kpatch/tmp/orig/fs/aio.o) \
<(objdump -D -j .text.free_ioctx ~/.kpatch/tmp/patched/fs/aio.o)
--- /dev/fd/63 2020-10-26 14:28:18.086236019 -0400
+++ /dev/fd/62 2020-10-26 14:28:18.086236019 -0400
@@ -1,5 +1,5 @@
-/root/.kpatch/tmp/orig/fs/aio.o: file format elf64-powerpcle
+/root/.kpatch/tmp/patched/fs/aio.o: file format elf64-powerpcle
Disassembly of section .text.free_ioctx:
@@ -53,7 +53,7 @@ Disassembly of section .text.free_ioctx:
b0: 00 00 82 3c addis r4,r2,0
b4: 00 00 84 e8 ld r4,0(r4)
b8: 78 fb e6 7f mr r6,r31
- bc: e0 00 63 38 addi r3,r3,224
+ bc: 38 00 63 38 addi r3,r3,56
c0: 01 00 00 48 bl c0 <free_ioctx+0xb8>
c4: 00 00 00 60 nop
c8: 70 ff ff 4b b 38 <free_ioctx+0x30>
Marking put_aio_ring_file() as __always_inline keeps the r3 / 224
offset value, leaving free_ioctx() unchanged. Since it's no longer
included in the resulting .ko, gcc-static-local-var-4.test will pass
once again.
Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
Add patches rebased on top of upstream 5.10.11 tarball. Integration
tests for these can be ran as this:
make PATCH_DIR="linux-5.10.11" KPATCHBUILD_OPTS="-s /path/to/src/linux-5.10.11" integration-slow
Signed-off-by: Artem Savkov <asavkov@redhat.com>
Rebased against kernel-3.10.0-1160.el7.
data-read-mostly.patch.disabled remains disabled as we hit several build
errors like:
"Found a jump label at __netif_receive_skb_core()+0x50, using key
netstamp_needed. Jump labels aren't supported with this kernel. Use
static_key_enabled() instead."
Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
Add a RHEL reproducer that causes a kpatch-build to fail when the final
module references a symbol with a different CRC than the original
kernel.
Signed-off-by: Julien Thierry <jthierry@redhat.com>
The kpatch-test script clears the kernel log buffer to distinguish
between old and new dmesg entries. Wiping out the old buffer may
surprise some users, but isn't too hard to avoid:
- save the last dmesg line
- run the tests
- filter out old dmesg lines until after finding the saved entry
- if no saved entry is found, the buffer most likely overflowed
- inform the user to increase the log size
Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
Defer clearing the kernel buffer until we're ready to start the tests,
otherwise we increase the likelihood of catching stray errors while
we're building the modules and preparing the tests.
Fixes#1133 ("kpatch-test should ignore older kernel log messages")
Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
The commands used to build the livepatches and to load or unload them
are currently hard-coded in kpatch-test.
This patch adds 2 options to kpatch-test to make it easier to use custom
kpatch and kpatch-build commands:
* --system-kpatch-tools - if set, 'sudo kpatch' will be used to
load/unload the patches; 'kpatch-build' - to build them.
To use custom tools here, the user can adjust $PATH.
If the option is not set, kpatch-test will assume it is in kpatch source
tree, same as before this commit, and will use the tools from there.
* --kpatch-build-opts="..." - additional options to pass to
kpatch-build.
Example:
./kpatch-test \
--system-kpatch-tools \
--kpatch-build-opts="-s ./linux-src -c ./config -v ./vmlinux" \
-d my_kpatch_tests/test/integration/v01
In this case, kpatch and kpatch-build installed in the system will be used,
and kpatch-build will look for the kernel source tree, configuration
file and vmlinux binary in the current directory.
Signed-off-by: Evgenii Shatokhin <eshatokhin@virtuozzo.com>
RHELs older than 7.7 are missing 5279631271b3 "module: fix ddebug_remove_module()"
which leads to a crash if dynamic debug is used with livepatching.
Disable recent dynamic debug addition on those distros.
Signed-off-by: Artem Savkov <asavkov@redhat.com>
Fixing the remaining warnings suggesting to quote the output subshell
invocation would hinder readability. Also the results of dirname and
"type -p" used in the subshell should return spaceless strings in kpatch
usecases.
Ignore the warnings for now.
Signed-off-by: Julien Thierry <jthierry@redhat.com>
It wouldn't be bash without pondering over what to quote or not to
quote.
Shellcheck reports a bunch of quoting issues in our scripts. Fix what
can be fixed.
Signed-off-by: Julien Thierry <jthierry@redhat.com>
Shellcheck emits the following warning:
SC2044: For loops over find output are fragile. Use find -exec or a while read loop.
Disable it for now.
Signed-off-by: Julien Thierry <jthierry@redhat.com>
Shellchecks warns about two useless commands:
SC2005: Useless echo? Instead of 'echo $(cmd)', just use 'cmd'.
SC2002: Useless cat. Consider 'cmd < file | ..' or 'cmd file | ..' instead.
Simplify that line with those suggestions.
Signed-off-by: Julien Thierry <jthierry@redhat.com>
Shellcheck emmits the following warning:
SC2035: Use ./*glob* or -- *glob* so names with dashes won't become options.
Which seems like a fair recommendation.
Signed-off-by: Julien Thierry <jthierry@redhat.com>
Shellcheck reports the following error:
SC2145: Argument mixes string and array.
Lets pretend that types are a thing in bash and use the list of
arguments as a single string instead of the array of arguments.
Signed-off-by: Julien Thierry <jthierry@redhat.com>
Shellcheck complains with the following warning:
SC2230: which is non-standard.
It is probably fair to assume that which is available for now, so just
ignore the warning.
Signed-off-by: Julien Thierry <jthierry@redhat.com>
Shellcheck complains with the following warning:
SC1091: Not following: /etc/os-release was not specified as input (see shellcheck -x)
Which is already silenced in lib.sh.
Signed-off-by: Julien Thierry <jthierry@redhat.com>
On RHEL-8, version agnostic python-devel package does not exist.
On previous RHEL releases, python-devel is for python2.
On RHEL-8, the platform-python (which provides the needed utilities)
is python3.
Assuming this will be the same for future RHEL releases, specify the
python major as part of the kpatch dependencies.
Signed-off-by: Julien Thierry <jthierry@redhat.com>
Enable dynamic debug prints in klp_try_switch_task() function before
going through with load tests and switch back to a previous state
afterwards.
Signed-off-by: Artem Savkov <asavkov@redhat.com>
For consistency, disable the shadow-newpid-LOADED integration test
script since its corresponding patch already is already disabled.
Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
Add the __mcount_loc section on ppc64le. It has pointers to all the
mcount calls. This will enable the ftrace hook to be used for patched
functions.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com> (rebased)
Patches rebased against RHEL-8.2 GA kernel-4.18.0-193.el8.
Tests disabled for errors when building against updated
4.18.0-193.3.1.el8_2.x86_64 z-stream kernel:
* data-read-mostly.patch:
dev.o: Found a jump label at __netif_receive_skb_core()+0x32, using key netstamp_needed_key. Jump labels aren't supported with this kernel. Use static_key_enabled() instead.
dev.o: Found a jump label at __netif_receive_skb_core()+0x95, using key generic_xdp_needed_key. Jump labels aren't supported with this kernel. Use static_key_enabled() instead.
dev.o: Found a jump label at __netif_receive_skb_core()+0xd0, using key ingress_needed_key. Jump labels aren't supported with this kernel. Use static_key_enabled() instead.
dev.o: Found a jump label at __netif_receive_skb_core()+0x412, using key nf_hooks_needed. Jump labels aren't supported with this kernel. Use static_key_enabled() instead.
/root/github-kpatch/kpatch-build/create-diff-object: ERROR: dev.o: kpatch_regenerate_special_section: 2344: Found 4 jump label(s) in the patched code. Jump labels aren't currently supported. Use static_key_enabled() instead.
* gcc-static-local-var-4.patch (ppc64le only):
aio.o: Found a jump label at aio_free_ring()+0x7c, using key devmap_managed_key. Jump labels aren't supported with this kernel. Use static_key_enabled() instead.
/root/github-kpatch/kpatch-build/create-diff-object: ERROR: aio.o: kpatch_regenerate_special_section: 2344: Found 1 jump label(s) in the patched code. Jump labels aren't currently supported. Use static_key_enabled() instead.
* shadow-newpid.patch:
fork.o: WARNING: unable to correlate static local variable ctr.70325 used by _do_fork, assuming variable is new
fork.o: changed function: _do_fork
exit.o: Found a jump label at do_exit()+0x6d3, using key devmap_managed_key. Jump labels aren't supported with this kernel. Use static_key_enabled() instead.
/root/github-kpatch/kpatch-build/create-diff-object: ERROR: exit.o: kpatch_regenerate_special_section: 2344: Found 1 jump label(s) in the patched code. Jump labels aren't currently supported. Use static_key_enabled() instead.
* special-static.patch:
fork.o: Found a jump label at copy_process.part.34()+0x1fc, using key memcg_kmem_enabled_key. Jump labels aren't supported with this kernel. Use static_key_enabled() instead.
fork.o: Found a jump label at copy_process.part.34()+0x21b, using key memory_cgrp_subsys_enabled_key. Jump labels aren't supported with this kernel. Use static_key_enabled() instead.
fork.o: Found a jump label at copy_process.part.34()+0x72a, using key memory_cgrp_subsys_enabled_key. Jump labels aren't supported with this kernel. Use static_key_enabled() instead.
fork.o: Found a jump label at copy_process.part.34()+0x773, using key memcg_kmem_enabled_key. Jump labels aren't supported with this kernel. Use static_key_enabled() instead
./root/github-kpatch/kpatch-build/create-diff-object: ERROR: fork.o: kpatch_regenerate_special_section: 2344: Found 4 jump label(s) in the patched code. Jump labels aren't currently supported. Use static_key_enabled() instead.
Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
Since the kernel we were testing against before is no longer available
in centos repos I've updated our test vagrant image bringing the kernel
version to 3.10.0-1127.el7. Since this is basically the rhel-7.8 kernel
and we don't want extra work maintaining extra sets of patches just
symlink centos-7 patch directory to rhel-7.8. If(when) we are in this
situation again we'll just switch the symlink to the appropriate minor
again.
Signed-off-by: Artem Savkov <asavkov@redhat.com>
ppc64le build currently fails dues to unused sched_clock variable. Move
it's declaration into ifdef block.
Signed-off-by: Artem Savkov <asavkov@redhat.com>
Some theoretically unchanged functions can have undesired changes if the
compiler decides to perform inlining in a different way (e.g. because of
newly added references). In such a case, it can be useful to discard
changes to functions that don't actually need modification.
Sadly, this currently doesn't work for functions missing the ftrace hook
(e.g. notrace code) as presence of the hook is checked before
identifying elements to ignore.
Look for functions/sections to ignore earlier.
Signed-off-by: Julien Thierry <jthierry@redhat.com>
Replace module-call-external.patch with a more fleshed-out version which
tests multiple things (including jump tables for newer kernels), and
also includes a runtime test.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Joe Lawrence
Artem Savkov
Josh Poimboeuf
Song Liu
Yannick Cote
Julien Thierry
Evgenii Shatokhin
Yannick Cote