Update the unit test submodule reference to include ppc64le files w/o
.eh_frame. At the same time, give additional guidance on stripping
these sections going forward.
Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
If two sections want to be the same, they need to satisfy
two conditions:
1) the result of memcmp is zero, which means they
have the same content.
2) they have the same relocation entries.
In one specific situation, two sections have the same content.
But one section has relocation entries while the other one has
no relocation entries. For example, in X86, consider the
following code:
original code
```
__noreturn noinline int kpatch_func(void)
{
while(1) {};
}
```
patched code
```
__noreturn notrace noinline int kpatch_func(void)
{
asm(".byte 0xe8, 0x00, 0x00, 0x00, 0x00");
while(1){};
}
```
Since the original code has a fentry call, these two functions have
the same compile result. But obviously, they are different functions.
Currently, kpatch would not find their differences since the patched
code has no relocation entries.
For the situation that one section has relocation entries while the
other one doesn't have, it should be set to be changed directly.
Cooperated-by: Zongwu Li <lizongwu@huawei.com>
Signed-off-by: Longjun Luo <luolongjuna@gmail.com>
After patched, rela information for some sections could
disappear. For example, a function like the following:
"
notrace noinline static int version_proc_show(struct seq_file *m,
void *v)
{
return 0;
}
"
Apart from common rela entries, trace and return thunk mechanism
will generate rela information. Use `notrace` to remove the
effect of trace. Make CONFIG_RETHUNK=n can remove the effect of
return thunk.
Discovered-by: Zongwu Li <lizongwu@huawei.com>
Signed-off-by: Longjun Luo <luolongjuna@gmail.com>
Adding a new architecture pops up time to time, since the answer remains
the same each time, provide the common question/answer in the FAQ.
Answered-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
For consistency with what the kernel does (and what we already do for
in-tree modules), if the file has any dashes ('-'), replace them with
underscores in the objname (aka KBUILD_MODNAME).
Fixes#1286.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
To support building out-of-tree kernel modules, the source tree prefix
is attempted to be stripped from change object file paths to make them
relative. However, if the path is already relative, the change can
strip a substring instead, resulting in build errors.
Ensure just the prefix is stripped instead of any substring.
Fixes: #1282
Fixes: 51a8fad34f ("Add support for building out-of-tree modules")
Kernel version specific __KPATCH_SYSCALL_DEFINEx macros were added to
kpatch-syscall.h for x86, but only single versions for other arches.
This works out for s390x, but not ppc64le for which kpatch-build support
goes back to kernel versions that require slightly different macros.
Reorder the __KPATCH_SYSCALL_DEFINEx macros to define the arch-specific
ones first (arch/.../include/asm/syscall_wrapper.h) and then fall back
to using generic ones (include/linux/syscalls.h versions).
Fixes: #1278
Fixes: 9c0b678621b9 ("macros: add syscall patching macros")
Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
Calling __flush_tlb_local() may result in a kernel warning:
STATIC_NOPV void native_flush_tlb_local(void)
{
/*
* Preemption or interrupts must be disabled to protect the access
* to the per CPU variable and to prevent being preempted between
* read_cr3() and write_cr3().
*/
WARN_ON_ONCE(preemptible());
so use another paravirt call like slow_down_io() instead.
Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
Add patches rebased on top of upstream 5.18.0.
Integration tests for these can be ran as this:
$ make PATCH_DIR="linux-5.18.0" KPATCH_BUILD_OPTS="--non-replace --sourcedir /path/to/src/linux-5.18.0" integration-slow
Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
Recent toolchains only create a section symbol if it's needed, i.e. if
there's a reference to it. If there's a missing section symbol in
kpatch_create_intermediate_sections(), create one instead of erroring
out.
Fixes#1272.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
The yum-builddep utility doesn't always install all the kernel build
dependencies. Using the --skip-unavailable flag (rhel8+) lets us skip
over packages that it can't find, but continue to install the ones it
can. (Unavailable packages are usually platform-specific or not strictly
necessary for kpatch-build's kernel build invocation.)
Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
EPEL ships an epel-release-latest-X.noarch.rpm per rhel-X major release.
Install the package matching the system release.
Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
* Add s390 specific checks
* Identify patchable functions.
* Dont mark expolines as dynrelas. These expolines are always included
in final kernel module. This ensures that expoline functions and the
kernel itself are not too far apart and avoids out of range
relocation. However, this isnt a problem for other functions, as these
relocations are performed via R_390_PLT32DBL using gcc option
-mno-pic-data-is-text-relative.
* s390 maintains expoline tables to locate the expoline thunks. If
needed, the module loader could later replace these expoline thunks
with normal indirect branch. Each element in the expoline table is of 4
bytes. If there is a changed function in rela.s390_return*, then mark
that specific rela symbol as included. This is already performed in the
processing of special sections. Hence include it.
Signed-off-by: Sumanth Korikkar <sumanthk@linux.ibm.com>
1. -mno-pic-data-is-text-relative prevents relative addressing between
code and data. This is needed to avoid relocation error when klp text
and data are too far apart
2. Avoid generation of LANCHOR symbols through -fno-section-anchors.
kpatch-build does not handle it well.
Signed-off-by: Sumanth Korikkar <sumanthk@linux.ibm.com>
symtab_read tries to skip '.dynsym' symbol table and only
read '.symtab' symbol table. Newer readelf from binutils 2.37
now adds section names (see the diff):
--- vmlinux.symtab 2022-02-18 02:10:06.691220932 +0100
+++ vmlinux.symtab.new 2022-02-18 01:16:06.161210458 +0100
Symbol table '.dynsym' contains 1541 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND
1: 0000000000100000 0 SECTION LOCAL DEFAULT 1 .text
2: 00000000017a3ac0 4 OBJECT GLOBAL DEFAULT 19 sclp_console_pages
Symbol table '.symtab' contains 159980 entries:
Num: Value Size Type Bind Vis Ndx Name
- 41: 0000000001a93600 0 SECTION LOCAL DEFAULT 41
- 42: 0000000001a9c678 0 SECTION LOCAL DEFAULT 42
...
+ 41: 0000000001a93600 0 SECTION LOCAL DEFAULT 41 .dynsym
+ 42: 0000000001a9c678 0 SECTION LOCAL DEFAULT 42 .rela.dyn
...
54: 0000000000000000 0 FILE LOCAL DEFAULT ABS main.c
Simple matching of ".dynsym" in the line buffer is not enough anymore,
because it hits not just
Symbol table '.dynsym' contains 1541 entries:
line, but also
41: 0000000001a93600 0 SECTION LOCAL DEFAULT 41 .dynsym
skipping the rest of the file and leading to an error:
create-diff-object: ERROR: *.o: find_local_syms: 189: couldn't find matching
*.c local symbols in vmlinux symbol table
Limit matching only to lines containing "Symbol table" header.
This works with readelf from the binutils, as well as readelf from
elfutils (its output looks slightly different).
Symbol table [41] '.dynsym' contains 1541 entries:
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Currently "kpatch force unload <klp_some_version>" will fail to unload
an old kernel live patch module that is no longer seeing any use, when
the "enabled" file for that module is no longer present.
Check for the presence of such modules by checking /sys/module, and
return success from disable_patch() for a module that is already
disabled.
This allows "kpatch force unload <klp_some_version>" to succeed for
already disabled modules.
Signed-off-by: Rik van Riel <riel@surriel.com>
If a section reference can't be converted to a symbol reference, error
out to try to prevent unexpected behavior later on.
There are a few sections for which a symbol is optional: .rodata and
string literal sections. Don't warn about those.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
