If a section reference can't be converted to a symbol reference, error
out to try to prevent unexpected behavior later on.
There are a few sections for which a symbol is optional: .rodata and
string literal sections. Don't warn about those.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
rela_insn() only cares about the base section. Convert it to take a
non-rela section as its argument instead of a relasec.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Add support for R_X86_64_NONE. With an upstream kernel, it's quite
rare, only used for a few jump labels. With older kernels it was used
for fentry hooks. Either way, it should be treated like a PC-relative
relocation.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
It doesn't make sense to disassemble a data section. That just happened
to work by accident. PC-relative offsets only need adjusting when
associated with an instruction.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Several functions have a boolean semantic, but don't actually return
bool, which is confusing. Fix that.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Several functions expect to take a ".rela" section as an argument. Make
such cases more clear by renaming "sec" -> "relasec".
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
With '--debug', most of the xtrace output shows the reading of the
.config and Module.symvers files, which isn't very useful and floods the
rest of the xtrace output. Temporarily disable xtrace before reading
the files.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Clean out any integration tests that no longer exercise their original
use cases.
Suggested-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
* gcc-constprop.patch
In v4.20, 33e26418193f ("y2038: make do_gettimeofday() and get_seconds()
inline"), do_gettimeofdat() no longer exists as a stand alone function
in kernel/time/timekeeping.c.
* gcc-static-local-var-4.patch
Unlike on rhel-8.4, _always_inline put_aio_ring_file() is causing too
many inlines and results in modified, but not ftrace-able,
__do_sys_io_submit() and __do_sys_io_setup(). Remove the annotation
from this function.
* module.patch
In v4.20, 9ceddd9da134 ("knfsd: Allow lockless lookups of the exports"),
the nfs_exports_op seq_operations converted to RCU protected lookups.
Calling yield() from a kpatched e_show() results in a kernel warning,
"Voluntary context switch within RCU read-side critical section!"
Substitute with single_task_running(), which does not context switch or
have any other side effects.
In v5.10, ec6347bb4339 ("x86, powerpc: Rename memcpy_mcsafe() to
copy_mc_to_{user, kernel}()") did away with the mcsafe_key. Use
another exported static key like context_tracking_enabled.
In v5.13, a0e2bf7cb700 ("x86/paravirt: Switch time pvops functions to
use static_call()"), paravirt_sched_clock() was converted from a
paravirt call to a non-exported static call. Update the x86 code to
instead call __flush_tlb_local() (which is still a paravirt call).
Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
The two versions are not the same (4.18.0-240.el8 vs. 4.18.0-284.el8).
But I am not quite sure which one is accurate. Remove the first one as the
second one is being used before this change.
Signed-off-by: Song Liu <song@kernel.org>
Attempting to patch a syscall results in an error due to a missing
fentry hook in the inner __do_sys##name() function. The fentry hook is
missing because of the 'inline' annotation, which invokes 'notrace'.
Add some kpatch-specific syscall definition macros which can be used for
patching a syscall.
These macros are copied almost verbatim from the kernel, the main
difference being a 'kpatch' prefix added to the __do_sys##name()
function name. This causes kpatch-build to treat it as a new function
(due to its new name), and its caller __se_sys##name() function is
inlined by its own caller __x64_sys##name() function, which has an
fentry hook.
To patch a syscall, just use replace the use of the SYSCALL_DEFINE1 (or
similar) macro with the "KPATCH_" prefixed version.
Fixes: #1171
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Updates of interest:
v0.9.6:
- Tue Apr 12 Joe Lawrence <joe.lawrence@redhat.com> - 0.9.6
- Allow OOT modules to be built with non-distro kernels
- Add cross-arch unit testing support
- Support ELF extended symbol section indexes
- Allow setting kernel version if --sourcedir and --vmlinux are used
- Cleanup and enhance __LINE__ macro detection for all arches
- Fix segfault on .LCx string literal symbols
- Include __dyndbg section when referenced by jump table
- Honor user provided KBUILD_EXTRA_SYMBOLS
- Support .retpoline_sites section
- Add native compiler selection via CROSS_COMPILE
Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
Debug sections are intended to refer to the patch module only. And in
fact, any debug section references to non-included symbols are stripped
in kpatch_include_debug_sections(). So there's no need for
need_dynrela() to even think about it.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
A seg fault was reported:
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7f18c8e in __strcmp_avx2 () from /lib64/libc.so.6
Missing separate debuginfos, use: dnf debuginfo-install elfutils-libelf-0.186-1.fc34.x86_64 zlib-1.2.11-26.fc34.x86_64
(gdb) bt
#0 0x00007ffff7f18c8e in __strcmp_avx2 () from /lib64/libc.so.6
#1 0x000000000040a0f7 in kpatch_is_core_module_symbol (name=0x0) at create-diff-object.c:3060
#2 0x000000000040a267 in need_dynrela (kelf=0x4669a0, table=0x92af30, sec=0x6d6b20, rela=0x8c7fd0) at create-diff-object.c:3117
#3 0x000000000040a4cc in kpatch_create_intermediate_sections (kelf=0x4669a0, table=0x92af30, objname=0x7fffffffcfc6 "vmlinux", pmod_name=0x7fffffffd020 "livepatch_a") at create-diff-object.c:3281
#4 0x000000000040c7c5 in main (argc=8, argv=0x7fffffffca48) at create-diff-object.c:3931
It happened because 'rela->sym->name' was NULL, and
kpatch_is_core_module_symbol() tried to dereference it.
Here's the corresponding relocation:
Relocation section [455] '.rela.debug_loclists' for section [454] '.debug_loclists' at offset 0xd0478 contains 2432 entries:
Offset Type Value Addend Name
...
0x000000000000aad6 X86_64_64 000000000000000000 +32 .LC55
...
That '.LC55' symbol lives in the following section:
[104] .rodata.btf_show_end_aggr_type.str1.8 PROGBITS 0000000000000000 00003ef0 00000021 1 AMS 0 0 8
The problem is that the symbol wasn't included in the output file
(though its corresponding section was). So it got zeroed by
kpatch_elf_teardown(), which was designed to trigger seg faults to help
find bugs like this.
The string literal sections which hold the '.LCx' string symbols are
already being included. Include their symbols as well.
Fixes#1257.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
The __LINE__ detection code looks for "printk", which on newer kernels
has been renamed to "_printk". Fix the check for newer kernels.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
For x86, we already check arg2 and arg3 for `__LINE__` immediate load
detection. For parity, do the same thing for the other two arches.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Previously, the name length was limited to 48 chars. This was then
prepended with "kpatch-" and a trailing NUL terminator to get to the 56
char limit for kernel module names. After some code rearrangement, the
48 char restriction was applied to the name after being prefixed with
kpatch-/livepatch-, limiting the length more than necessary. Increase
the name length limit back to 55 chars to restore the original limit.
Fixes: c0105ea467 ("kpatch-build: set default module prefix accordingly")
Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Technically we don't support s390 yet, but it's coming soon and there's
no harm in merging this one early. In fact this came in handy for
testing my endian fixes with #1203.
Note it doesn't actually do anything since 'kelf->arch' can't actually
get set to 'S390' yet. But it should work nicely with #1203 as it
evolves.
This is based on the patch from C. Erastus Toe in #1243, though there
may still be a few outstanding issues to look at in that PR, based on
some of the code review comments.
Originally-by: C. Erastus Toe <ctoe@redhat.com>
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
With s390 support coming, we'll soon have to worry about endianness
issues when doing cross-compiles and cross-arch unit tests. Make
insn_is_load_immediate() endian-agnostic.
Suggested-by: Joe Lawrence <joe.lawrence@redhat.com>
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Using -a/--archversion to explicitly set target kernel version was not
allowed if the kernel source directory and/or path to vmlinux with debug
info were set. This seems too strict, however.
vmlinux with debug info is used during the build to get symbol data, the
size of special structures, GCC version used to build the kernel, and the
target kernel version. As it turned out, some kernels, e.g. the ones from
OpenSUSE and derivatives, contain all that data except the Linux version
string in the file with debug info for vmlinux. Instead, that string is
present in vmlinux itself but that file does not contain debug info.
A simple workaround is to allow specifying the target kernel version
explicitly using -a/--archversion even if --sourcedir and/or --vmlinux are
set. If vmlinux with debug info does contain the Linux version string and
the version is different, kpatch-build will report an error.
Signed-off-by: Evgenii Shatokhin <evgenii.shatokhin@openvz.org>
