kpatch load fails on Ubuntu with:
kpatch: unable to find module 'vmlinux_3'
The root cause is that the vmlinux file on Ubuntu is named
vmlinux-3.13.0-24-generic instead of just vmlinux.
Let's just call it "vmlinux" in the objname field.
The previous commit did not adjust the indentation to ease with
reviewing. This commit corrects the indentation. Purely whitespace
change.
Signed-off-by: Seth Jennings <sjenning@redhat.com>
This commit adds support for module patching with kpatch-build.
It introduces a new option, -t/--targets, that allows the user to
specify kernel make targets that are impacted by the patch. These
targets will be examined by kpatch-build for changes.
While this approach requires the user to provide more information to
kpatch-build about what exactly has changed, it is better that
rebuilding the entire source tree (make vmlinux && make modules) which
would dramatically increase the runtime and disk space requirements of
using kpatch-build.
Future improvements could include a script that will independently
generate the targets list file.
Signed-off-by: Seth Jennings <sjenning@redhat.com>
With test/integration/data-read-mostly.patch, create-diff-object
includes the __verbose section but not the .rela__verbose section, which
is a bug, resulting in the following printk during the integration
tests:
[13740.801920] dynamic debug error adding module: (null)
If a non-bundled section is included, its rela section should also be
included. Also add support for converting those relas to dynrelas.
When renaming a foo.isra.1 function, there might also be a foo_bar
function which would be falsely matched with the current strchr logic.
Instead of matching the "foo" prefix, match "foo.isra".
This commit adds module patching support to create-diff-object by:
1) generalizing the vmlinux CLI parameter
2) adding the kernel object name to each patch and dynrela
3) adding slightly different logic for vmlinux/module in the dynrela
creation
Signed-off-by: Seth Jennings <sjenning@redhat.com>
Rather than keep the logic in sync between the counting and processing
code in kpatch_create_dynamic_rela_sections() just do a "dumb" count
establishing an upper bound and allocating the buffer, then determine
the actual size (i.e. number of dynrelas) in the processing section.
No functional change intended.
Signed-off-by: Seth Jennings <sjenning@redhat.com>
Make old addresses relative to the start address of the relocatable
kernel or module.
This commit has no functional effect; it just prepares the code for
future acceptance of the module patching support.
Signed-off-by: Seth Jennings <sjenning@redhat.com>
The current approach of trying to include the tracepoint-related
sections doesn't work at all. The new tracepoints don't show up in
"perf list".
And also, with one patch (issue #219) I've seen a panic in
jump_label_del_module(). I suspect it's because the kernel is confused
by dynamic relocations' changing of the jump table after it was
registered with the jump table code.
I think the best approach for now is to just always exclude these
sections. It should be harmless, with the only consequence being that
tracepoints and jump labels can't be enabled in patched functions (which
is already the case with the current code anyway).
Fixes#221.
For a rela with type X86_64_PC32, the addend of the needed symbol is
relative to the address of the instruction _after_ the one which is the
target of the relocation.
We need a disassembler library to help with converting data section
relocation references to their corresponding symbols. Unfortunately,
the only library I could find that's widely available in enterprise
Linux distros was libopcodes, which is part of binutils. But its
interface is far too clunky for our needs.
The best alternative I can find is to just copy the kernel's
disassembler library code from arch/x86/lib.
When a changed function needs relocations for special data sections like
.data..percpu or .data..read_mostly, it's possible for those sections to
get included. We try to avoid that situation by converting section
references to data symbol references in kpatch_replace_sections_syms(),
but the conversion success rate isn't 100%, and we could be forgetting
about some other sections, so ensure that it never happens in
kpatch_verify_patchability().
Abstract out the common functionality for dealing with special sections
into a new kpatch_process_special_sections() function.
The base sections are partitioned into "groups". Only those groups
whose relas reference a changed function are kept. The only difference
in the logic for handling each special section is determining the size
of a given group. Each section has its own group_size() callback for
this. It's a callback instead of an integer because one of the
soon-to-be-supported special sections requires that its group sizes be
dynamically determined.
For a local non-included function or object which is needed by an
included function, its symbol table entry will still refer to a local
section index. Instead it should be changed to SHN_UNDEF.
The -fdata-sections gcc flag doesn't work with objects in the
.data..percpu section. Any function which uses a percpu variable
references this section, causing the section to get incorrectly included
in the patch module.
Manually convert these section references to object symbol references so
that the needed symbol can be found in vmlinux.
Also, the core module symbol verification code will fail when looking up
a percpu variable, because sprint_symbol doesn't think a percpu address
is a valid kernel address. So rewrite the symbol verification code to
use kallsyms_on_each_symbol() instead. It's not ideal performance-wise:
it seems to cost about 1ms per symbol lookup. I think that's acceptable
for now. In the future we may want to try to get a better upstream
kallsyms interface.
Both unpatched and patched objects may contain FILE
symbol with empty name. This is unexpected for
create-diff-object and could correlate 2 symbols
with same (empty) name but different types:
sym 00, type 0, bind 0, ndx 00, name (SAME)
...
sym 425, type 4, bind 0, ndx 65521, name (SAME)
...
signal.o: changed function: do_rt_tgsigqueueinfo
signal.o: changed function: do_rt_sigqueueinfo
signal.o: changed function: get_signal_to_deliver
signal.o: signal.o: changed section .rela__jump_table not selected for inclusion
signal.o: 1 unsupported section change(s)
/root/kpatch/kpatch-build/create-diff-object: unreconcilable difference
Introduce condition to match symbols also by type.
Signed-off-by: Jan Stancek <jstancek@redhat.com>
The inventory based testing for create-diff-object was introduced at a
time when create-diff-object only needed the two object files to operate.
Now, it requires vmlinux as well. This makes the inventory testing (a
unit testing framework for create-diff-object) obsolete and difficult to
update in it's current form.
This commit removes the inventory test framework.
Signed-off-by: Seth Jennings <sjenning@redhat.com>
This commit introduces functionality to verify the location of symbols
used in both the patch and dynrelas sections. It adds significant
protection from mismatches between the base and running kernels.
Signed-off-by: Seth Jennings <sjenning@redhat.com>
Right now the matching criteria for the NULL sym is type LOCAL and shndx
UNDEF. Unfortunately, that would also match any new LOCAL symbol
added to the symbol table with uninit'd sym.* fields i.e. the upcoming
__kpatch_strings and .kpatch.strings symbols.
Change the matching criteria to be symbols that have a zero-length name;
a property unique to the NULL sym.
Signed-off-by: Seth Jennings <sjenning@redhat.com>
kpatch_migrate_included_symbols() is called from
kpatch_reorder_symbols() now, not kpatch_migrate_included_elements().
The difference is the kpatch_reorder_symbols() is operating on the
output kpatch_elf structure, and thus all symbols are by definition
included.
Remove the check and rename the function since it is redundant.
Signed-off-by: Seth Jennings <sjenning@redhat.com>
This fixes the weird ld errors we've been seeing lately.
According to the "ELF-64 Object File Format" spec, the symtab sh_info
field should contain "Index of first non-local symbol (i.e., number of
local symbols)".
Right now, reindexing of the included sections and symbols is done
when they migrate to the output kpatch_elf structure. However, due
to recently added features, the section and symbol list is not
final at this point, leading to constant tracking of the indexes for
addition sections and symbols added after this point. Additionally,
symbols have to be in a particular order, adding to the complexity.
This commit delays the reindexing and symbol reordering until the
section and symbol lists are finalized, removing the need to
track indexes and placeholders in the symbol list.
Signed-off-by: Seth Jennings <sjenning@redhat.com>
Since we only ever have one cache at a time, move the kernel source from
~/.kpatch/$(uname -r)/src to ~/.kpatch/src. This allows ccache to work
between kernel version changes, making it less painful to build for
multiple kernels. The cache's kernel version is stored in
~/.kpatch/version.
Because create-diff-object is a one-shot program (not a long lived
process) we haven't really bothered with cleaning up and freeing any
allocated memory. However, freeing data when it passes out of the
logical scope does have debugging benefits.
This commit adds two new functions for tearing down and freeing the
primary struct kpatch_elf data structures. The idea is the if a stale
pointer still references the old data structure that has passed out of
the logical scope, an issue will be more immediately apparent (i.e. NULL
references).
Signed-off-by: Seth Jennings <sjenning@redhat.com>
We rebuild the rela section data buffer in kpatch_create_rela_section()
just to rebuild it again later in kpatch_rebuild_rela_section_data()
before writing the output ELF file.
This commit removes the redundant rebuild while retaining the update
for the section header data.
Signed-off-by: Seth Jennings <sjenning@redhat.com>
This adds dynamic linking support for the patch modules. It is the
first step toward supporting patching module code and relocatable
kernels.
Rela entries that reference non-included local and non-exported global
symbols are converted to "dynrelas". These dynrelas are relocations
that are done by the core module, not the kernel module linker. This
allows the core module to apply offsets to the base addresses found
in the base vmlinux or module.
Signed-off-by: Seth Jennings <sjenning@redhat.com>
Conflicts:
kpatch-build/kpatch-build
In preparation for dynamic symbol linking, the symbol lookup logic
is going to move into create-diff-obj anyway. We might as well
minimize the code duplication and pull this into create-diff-obj.
This avoids having to re-parse the ELF file modify it in-place.
Signed-off-by: Seth Jennings <sjenning@redhat.com>
Conflicts:
kpatch-build/kpatch-build
Right now, there is a case where a symbol is included but not its
section. This is the case when the symbol is a rela dependency of
another section by the symbol section (the object or function) has not
changed. When we migrate the included symbols over to the output kelf
structure however, these symbols are still referencing their old
non-included section via their sec fields. This is a bug.
This commit adds code to the symbol migration to test whether the
symbol's section was also included. If so, it updates the symbol's
section index. If not it sets the section index to UNDEF and its sec
field to NULL.
Signed-off-by: Seth Jennings <sjenning@redhat.com>
There's at least one case in the kernel (ddebug_proc_show) where the
compiled instructions are affected by the source file path given to gcc.
Which means that compiling the kernel with O= will result in many of the
function addresses changing. This causes a mismatch between the locally
compiled vmlinux and the original vmlinux, which is very dangerous,
since we need the addresses to be correct.
The easy fix is just to use the original vmlinux for all the function
addresses.
Other potential ways to fix it which we might want to consider in the
future:
- use a combination of the old System.map and the new vmlinux to find
the addresses. The function ordering should be the same. For
non-duplicate symbols, use System.map. For duplicate symbols, use
vmlinux to find what order the symbol comes in. e.g. the 2nd
occurrence of foo() in System.map. It adds a little complexity to the
lookup code, but seems safe and wouldn't require the kernel debuginfo
package. However, this may not help us for patching modules.
- do something similar at runtime, i.e. use kallsyms_lookup_name for
non-dups and kallsyms_on_each_symbol for dups, and look for the nth
occurrence of the symbol (value of n is decided at build time). This
has the complexity of the previous option but it's done at runtime
rather than build time, so... why? Doing it at build time is better.
- compile the kernel in place. This basically means no more caching
because recompiling with --function-sections causes everything to be
recompiled again. This is bad for kpatch developers' SSDs...
We merged PR #186 a little too hastily. It seg faults with the new
parainstructions-section.patch in the integration test suite. Reverting
it for now until we get it figured out.
This reverts commit e1177e3a03.
This reverts commit 880e271841.
This reverts commit 2de5f6cbfb.
This reverts commit 38b7ac74ad.
This reverts commit 108cd9f95e.
The kpatch_regenerate_* functions use a local list_head to construct the
new list. While the local list_head is copied to the sec->relas after
it is built, the neighboring nodes in the list are not updated, leading
to list corruption.
This commit uses list_replace() which updates the neighbor nodes properly.
Regression introduced by PR #1175d36dd1.
Fixes#185.
Signed-off-by: Seth Jennings <sjenning@redhat.com>
This adds dynamic linking support for the patch modules. It is the
first step toward supporting patching module code and relocatable
kernels.
Rela entries that reference non-included local and non-exported global
symbols are converted to "dynrelas". These dynrelas are relocations
that are done by the core module, not the kernel module linker. This
allows the core module to apply offsets to the base addresses found
in the base vmlinux or module.
Signed-off-by: Seth Jennings <sjenning@redhat.com>
In preparation for dynamic symbol linking, the symbol lookup logic
is going to move into create-diff-obj anyway. We might as well
minimize the code duplication and pull this into create-diff-obj.
This avoids having to re-parse the ELF file modify it in-place.
Signed-off-by: Seth Jennings <sjenning@redhat.com>
Make kpatch_funs truly internal by:
Defining it in core.c
Adding a struct kpatch_internal, declared in kpatch.h and defined in
core.c, that contains per patch module internal data.
Adding an "internal" field to struct kpatch_modules.
Allocating internal and funcs data in core.c, not in the patch module,
since the patch module has no knowledge of kpatch_func anymore.
Adding a "patch" field to kpatch_func that points directly to the
kpatch_patch provided by the module (rather than a field-by-field copy)
Signed-off-by: Seth Jennings <sjenning@redhat.com>
Having a '.' in the kmod name confuses lsmod, which prints "Size" and
"Used by" values of -2. Prevent any special characters other than '_'
and '-', so that our patch module names will be consistent with typical
kmod names.
This reverts commit 5852ddb6a2.
The __jump_table section is more complex than the initial analysis
determined. The __jump_table has three relocs per entry that must
be pulled in together and one of the relocs is to symbols contained
in the __tracepoints section whose rela section references the
__tracepoint_strings section. So it's more complex and should just
fail rather than appear that it is being handled properly.
Signed-off-by: Seth Jennings <sjenning@redhat.com>
Almost a line-for-line copy/paste of the smp locks function. The only
differences are the section name, and an offset increment of 8 instead
of 4.
Fixes#157.
If a patch changes a single function which is in a special section that
we don't support, create-diff-object reports "no changed functions were
found". Give a clearer error message in that case, by checking
reachability errors before unchanged errors and by printing all
reachability errors errors instead of the first one it encounters.
Fixes#150.
At this point the module does build (i.e. kpatch-build is correct);
however, the addresses in the generated vmlinux don't match that
of the running kernel so the modules fail to load with an ftrace
registration error. So that is something to be investigated.
Signed-off-by: Seth Jennings <sjenning@redhat.com>
During the test whether the patch applies, if it partially applies, the
patch utility returns an error but leaves the source tree in a partially
patched state. Use --dry-run instead.
Currently the patch module calls kpatch_unregister in the patch module
exit path. If the activeness safety check fails in kpatch_unregister,
it's too late for the patch module to stop exiting, so all it can do is
panic.
Prevent this scenario by requiring the user to disable the patch module
via sysfs before allowing the module to be unloaded. The sysfs write
will fail if the activeness safety check fails. An rmmod will fail if
the patch is still enabled.
Also add support for this new unloading model in "kpatch unload".
Following in the same solution, regenerate [.rela].parainstructions
sections if table entries contain relocations that reference changed
functions (if any).
Fixes#135
Signed-off-by: Seth Jennings <sjenning@redhat.com>
The initial commit had a bug where the offset field of the
.rela.smp_locks entries was not updated to reflect the correct
offset in the truncated .smp_locks section.
Signed-off-by: Seth Jennings <sjenning@redhat.com>
This commit uses the same approach as the bug table support,
mangling the .smp_locks and .rela.smp_locks sections so that
they only contain entries for changed functions (if any).
Fixes#107
Signed-off-by: Seth Jennings <sjenning@redhat.com>
While debugging the code for the bug table logic, I found it useful to
know which rela section and entry the error occurred on.
Signed-off-by: Seth Jennings <sjenning@redhat.com>
This commit adds a new function to properly handle the bug table.
It works by going through .rela__bug_table, after the changed
function symbols have already been marked, and rewrites the section
including only the relocations pertaining to bug entries for
changed functions.
The __bug_table section itself is not modified resulting in
"blank" bug entries: ones whose IP and filename pointers will
not be relocated and, therefore, will be zero. While a waste
of space, it simplifies the code not to remove these blank
entries. They do no harm.
Signed-off-by: Seth Jennings <sjenning@redhat.com>
The section header size is calculated at output time by libelf
and we use it as a read-only value from read files.
With the next patch we are changing the size of the .rela__bug_table
section. Lets use d_size instead since it is the value that tells
libelf how to calculate sh_size at output time.
Signed-off-by: Seth Jennings <sjenning@redhat.com>
Allow bundling of .bss.* sections that are the result of -fdata-sections
so that rela sections referencing data in bss sections by section symbol
can be replaced with the object symbol so it can be linked to the existing
data object in the kernel.
Signed-off-by: Seth Jennings <sjenning@redhat.com>
For log_normal and DIFF_FATAL messages, prefix them with the object name
to give more context, which is useful for patches which change multiple
objects. Also, no need to add the function and line number to
DIFF_FATAL messages, as the error strings already give enough
information.
Example messages:
meminfo.o: changed function: meminfo_proc_show
cmdline.o: no changed functions were found
This reverts commit ab29b1ff59.
Reverting this commit because it causes kpatch-build to ignore any
errors reported by create-diff-object, treating all errors as meaning
that no changes occurred, which is a dangerous assumption to make.
Consider following patch: https://lkml.org/lkml/diff/2014/1/7/637/1
Kpatch-build will generate two objects for it. however mlock.o has no
changed function and will cause kpatch-build die.
Signed-off-by: Madper Xie <cxie@redhat.com>
Create the applied-patch file only after the patch has been verified.
Otherwise if you accidentally supply a patch which had already been
applied to the source, the cleanup trap won't reverse apply it when
exiting the script.
If the patch had already been mistakenly applied to the source tree,
don't ask the user if it should be reverse applied. Instead, just exit
with an error.
Cleanup the kpatch-build argument parsing a little bit:
- gracefully handle no args
- allow white space in filenames
- use 'eval set -- $options' to allow use of $1 and $2 variables
When debugging kpatch-build failures it can be
beneficial to have the scratch files in /tmp that
kpatch-build was operating on. These are
removed by default, as they can quickly fill /tmp.
However, for debugging reasons, the option should
exist to keep them around.
Signed-off-by: Seth Jennings <sjenning@redhat.com>
When CONFIG_MODVERSIONS is enabled, loading of the patch module fails
with "no symbol version for kpatch_register". When building the patch
module, we need to point it to the core module's Module.symvers file.
This also works when CONFIG_MODVERSIONS is disabled, since
Module.symvers is created regardless.
There are many cases where a section may have
changed due to soure-level change but the inclusion
logic has not selected it for output. Some of these
cases are real no-go situations like changing data
structures. Some are just situations that
create-diff-object isn't smart enough to figure out
(yet).
Either way, it should be considered fatal when a
changed section hasn't been selected for output.
Signed-off-by: Seth Jennings <sjenning@redhat.com>
In some environments, some files in scripts/mod (devicetable-offsets.s
and file2alias.o) are always getting rebuilt, and thus get incorrectly
added to the changed_objs file, resulting in the following error:
strip:/root/.kpatch/3.10.0-115.el7.x86_64/obj2/scripts/mod/devicetable-offsets.s: File format not recognized
The indexes are in order when being read from the
table. Just index directly into the table; a benefit
of using an array for this structure instead of a linked
list.
Removes another hot path during the rela table initialization.
Signed-off-by: Seth Jennings <sjenning@redhat.com>
remove "ughs" by changing macro to start at symbol
index 1. new for_each_symbol_zero will start at zero
for rare cases that need it.
Signed-off-by: Seth Jennings <sjenning@redhat.com>
Upon realizing that there is no point in correlating rela entries,
I also realized that tracking the status of rela entries is also
not needed.
Additionally, the rela section correlation path (really misnamed
as it is the rela section _comparison path) is VERY hot. Particularly
on files like fs/ext4/ext4.o (which create-diff-object currently can't
successfully parse entirely):
Samples: 40K of event 'cycles', Event count (approx.): 36516578362
49.49% create-diff-obj create-diff-object [.] rela_equal
31.85% create-diff-obj create-diff-object [.] kpatch_correlate_relas
16.22% create-diff-obj create-diff-object [.] find_symbol_by_index
The refactor does a few things:
- replaces nested for loops with single for loop when comparing rela entries
- removes status field for rela entires
- compares rela and nonrela sections in the same path
- removes unnecessary setting of status fields as the inclusion tree
will include them even if the section status isn't set to CHANGED. This is
even better as unchanged sections won't appear as CHANGED just because
their partner .text or .rela section is CHANGED.
This drastically reduced runtime for larger objects and cooled the rela
comparison path:
87.64% create-diff-obj create-diff-object [.] find_symbol_by_index
6.98% create-diff-obj libc-2.18.so [.] __GI___strcmp_ssse3
1.33% create-diff-obj create-diff-object [.] find_section_by_index
1.16% create-diff-obj create-diff-object [.] kpatch_correlate_symbols
0.61% create-diff-obj create-diff-object [.] kpatch_create_rela_table
0.52% create-diff-obj create-diff-object [.] kpatch_correlate_sections
Signed-off-by: Seth Jennings <sjenning@redhat.com>
I've created a test designed to exercise the ability
of create-diff-object to parse, compare, and return
"no changed functions" for the entire kernel source
tree one file at a time by passing the same file as
both the original and patched file.
Through this process, I realized that excluding every
special case from being bundled it not feasible. There
are many sections in the kernel that don't honor
-ffunction|data-sections, not just __ksymtab_strings and
.init.text.
Plus, excluding situations is not the best way. We are
really only looking for sections that _were_ the result
of -f[function|data]-sections for bundling.
To that end, this commit looks to bundle only symbol/section
pairs that should be bundled ensuringthe .text/.data suffix
and the FUNC/OBJECT symbol name match.
Signed-off-by: Seth Jennings <sjenning@redhat.com>
A local changed function will not appear with a "changed function"
notice if it is a dependency of another changed function and that
function occurs before it in the symbol table.
Rearrange some logic to print the notice regardless of whether or not
the function symbols has already been selected for inclusion.
Signed-off-by: Seth Jennings <sjenning@redhat.com>
When linking function bundles (.text/.rela/section sym/func sym)
ignore __init functions as they do not honor -ffunction-sections
and violate the one-to-one func/section assumption of the
function bundling.
Signed-off-by: Seth Jennings <sjenning@redhat.com>
In some circumstances, the kernel is built outside from the source tree,
thus we should specify the .config file of build path.
This patch changes the basic option parsing by using getopt, and add more
information in usage().
Signed-off-by: Jincheng Miao <jincheng.miao@gmail.com>
Create a new function kpatch_copy_symbols() that copies symbols from
one kelf to another if the "select" function to return true for the
symbol.
Signed-off-by: Seth Jennings <sjenning@redhat.com>
ld drops FUNC syms that appear after the last SECTION
sym in the symbol table.
Make sure we order the FUNC syms before the SECTION syms.
Signed-off-by: Seth Jennings <sjenning@redhat.com>
Like in add-patches-section, we should continue to
search the vmlinux symbol table to see if there
is a duplicate global symbol. This normally would
not be possible, however, because create-diff-object
modifies unchanged local functions to be global
as a hack so they can be linked, there is a chance
that these symbols could collide with an existing
global symbol. We should detect this case and error
out.
Hopefully we can figure out a way to avoid this
situation altogether. But for now, this is a
protection against improper linking.
Signed-off-by: Seth Jennings <sjenning@redhat.com>
My apologies for the size of this commit. I combined these two features
(updating API and using a hash table) into a single commit because their
implementations are tightly coupled and I didn't want to have to add
support for the old kpatch_funcs array with the new API just for the
sake of splitting up the commit :-)
- Update the core module API to get a more clear separation between core
module and patch module. This is cleaner and will help our case for
getting the core module merged upstream into the kernel.
- Convert the old kpatch_funcs array into a hash table. This is so much
nicer performance-wise and everything-else-wise than that ugly old
array.
- Do the incremental patching in stop machine. This ensures that the
funcs hash is up to date and we don't miss anything.
- Disable preemption in the ftrace handler when accessing the func hash.
That way we don't get conflicts with the stop_machine handler updating
the hash.
Currently, add-patches-section just blindly looks in vmlinux
for a function symbol matching the name of the patched function
in the input object file. However, for local symbols, they may
appear multiple times in the vmlinux symbol table since the symbol
name may be reused locally in different files.
This commit add support for "file hinting". It tracks what
file the symbol is in and searches for local symbols within
that file in vmlinux first. If it doesn't find one, it then
searches globally like it always has.
Fixes issue #53
Signed-off-by: Seth Jennings <sjenning@redhat.com>
The current solution doesn't work because "$?" will always be 0, even if
there were no "CC" lines in the build log. Instead, just make sure the
changed_objs file isn't empty.
Add a patch testing step before compiling the kernel, so that users
don't have to wait for the kernel to compile before seeing if the patch
applies cleanly.
Also allow the printing of the patch command's stdout/stderr to make it
clear what files are being patched and whether there's any fuzz.
If the patch file fails to apply, it "corrupts" the cache by leaving the
old applied-patch file around. Fix that by always cleaning up after
ourselves.
Allow the user to supply a custom kernel source directory. This copies
the directory to ~/.kpatch/src instead of using it in place. Otherwise
the "make mrproper" (which is needed for compiling objects in a separate
tree) would modify the original source tree and remove its .config file.
There's currently no caching support for this option. If needed, we
could implement that pretty easily by calculating an md5sum of the
original source directory.
kpatch-build is outgrowing the kpatch script and probably is a better
fit as its own utility instead of being wrapped by kpatch. Install
kpatch-build into /usr/local/bin, remove the kpatch wrapper around it,
and update the README accordingly.
For a local object or function symbol, we expect that
the section offset, sym.st_value, be 0 because we used
-ffunction-sections and -fdata-section during compile.
If value != 0, it undermines assumptions we make and
should return an error. Exceptions should be handled
on a case by case basis, like __ksymtab_strings.
Signed-off-by: Seth Jennings <sjenning@redhat.com>
In preparation for adding an automated test framework,
add an ability to create-object-diff that will create
a human readable list of included sections and symbols
with type and bind information so that the test framework
can compare against a known-good reference list with the
expected set of sections and symbols.
The file is created when the -i/--inventory option is
used. The inventory filename is the user supplied output
file name suffixed by .inventory
Signed-off-by: Seth Jennings <sjenning@redhat.com>
I'm tired of setting CFLAGS and people shouldn't have to
recompile to get debug output. This lays the foundations
proper option handling and logging levels.
Signed-off-by: Seth Jennings <sjenning@redhat.com>
- Fixup debug messages
- Remove dead code
- No more DEPENDENCY state
- Reachability test is now the "Inclusion tree" for determining
which syms/sections will be included in the output
- 'reachable' field is now and 'include' and is the sole
consideration in including sections/symbols (no more complex
conditional checks)
- Order LOCAL before GLOBAL in the symbol table. Apparently, after
a FILE sym, all LOCAL symbols should precede GLOBAL syms or readelf
shows <corrupt>
- Handle __ksymtab_strings section and __ksymtab_* syms
Signed-off-by: Seth Jennings <sjenning@redhat.com>
The kernel Makefile look for localversion in the source tree,
not the object tree. The absense from the source tree results
in a patch module that will not load because the kernel versions
don't match.
Signed-off-by: Seth Jennings <sjenning@redhat.com>
Setting KCFLAGS="-ffunction-sections -fdata-sections" causes make to
invalidate all the kernel objects, resulting in all the objects getting
rebuilt on the next pass, thus no build caching.
To fix that, build the objects in a separate directory (obj) for normal
builds, and another separate directory (obj2) for the builds with added
cflags.
The compression of the cache during initial build time and
the removal and (re)decompression of the cache for subsequent
builds takes a large amount of time and causes significant I/O.
This commit removes the compressed cache and, instead, keeps
the cache uncompressed and maintained in a known state. If
the "applied-patch" file does not exist, then the cache is
in the unpatched state. If the file does exist, the cache is
in a patched state and can be returned to an unpatched state
with "patch -R -p1 < applied-patch".
The if cache is detected and is in the patched state, the patch
is removed and vmlinux is rebuilt to obtain the base vmlinux.
Signed-off-by: Seth Jennings <sjenning@redhat.com>
Right now kpatch-build fails when more than one object
file has changed because the quotes around the for loop
arrays cause the for loop to execute only once for all
elements in a single string.
Remove the quotes around the for loop arrays so that the
for loop is execute for each element.
Signed-off-by: Seth Jennings <sjenning@redhat.com>
When calling kpatch-build from the git directory, the patch kmod build
fails because it can't find kpatch.h because the symlink is broken.
Copy the kpatch.h file (instead of the symlink) to TEMPDIR.
bash gets confused when a command and its args are quoted:
/usr/local/libexec/kpatch/kpatch-build: line 131: strip -d --keep-file-symbols: command not found
Build and install the kpatch core module with make and make install,
rather than building it every time with kpatch build.
The only downside to this approach is that the user has to make and make
install kpatch every time they get a new kernel. But this is only
temporary, until the kpatch module is delivered in an RPM.
The source tree directory structure should be maintained
in the TEMPDIR while building the hotpatch module so that
changed objects in different directories with the same
name don't collide during the build process.
Signed-off-by: Seth Jennings <sjenning@redhat.com>
We need to keep the file symbols around for add-patches-section
and link-vmlinux-syms to resolve ambigous symbols in vmlinux.
Signed-off-by: Seth Jennings <sjenning@redhat.com>
Use relative paths so that kpatch and kpatch-build will find the tools
and data they need, regardless of the installation prefix. Also add
support for running them straight from the git repo.
Be more consistent with the patch metaphor (as opposed to modules):
- change load/unload to apply/remove
- strip "kpatch-" prefix from the module name, so that patch name "foo"
corresponds to module "kpatch-foo.ko"
Before adding any more features to the scripts, standardize the bash
style. I prefer something close to the google shell style guidelines:
http://google-styleguide.googlecode.com/svn/trunk/shell.xml
- change [[ to [ (more robust)
- put variable references in quotes (more robust)
- put "then" on same line as "if" (more C-like, readable)
- print error messages on stdout
- avoid using external utilities like ls
Also added a few error handling improvements, including using a die
function where appropriate.
- setup the makefiles to support "make" and "make install", which builds
the kpatch-build tools and installs everything in /usr/local.
- update kpatch-build to support new paths
- add "kpatch build" wrapper around kpatch-build
NOBITS section may have a non-zero size, however, the have no data and
the data descriptor will have d_buf set to NULL.
This commit fixes as segfault that occurs from trying to compare the
data of such sections.
Signed-off-by: Seth Jennings <sjenning@redhat.com>
There are cases in which the compiler will create symbols with NOTYPE
that map to a non-zero offset inside an .rodata section. In that case, there
may not be a one-to-one relationship between that symbol and section as
the section may contains the data for multiple NOTYPE symbols.
This commit checks for this case and does not assign the symbol pointer of the
section that contains its data to avoid multiple symbols referring to the same
section from overwriting one another. It also adds a check ensuring that all
symbols whose type is !NOTYPE start at offset 0 within the section. This
should be guarenteed by the -ffunction-sections and -fdata-sections options
compiler options.
Signed-off-by: Seth Jennings <sjenning@redhat.com>
