If a source RPM is used to obtain the kernel sources, kpatch-build
executes rpmdev-setuptree to prepare ~/rpmbuild directory tree, installs
the source RPM there. Then it calls 'rpmbuild -bp' to prepare the
kernel source tree.
All this, however, may clobber the existing contents of ~/rpmbuild,
which is very inconvenient if one uses rpmbuild to build other packages.
To avoid that, I could not find a better way than to specify a fake home
directory (~/.kpatch/tempsrc) for that portion of kpatch-build. It seems,
neither rpmdev-setuptree nor rpm have appropriate options for that.
I put the affected commands into a subshell so that the changes in $HOME
could not propagate to other parts of kpatch-build.
Before this patch, if changed function is weak symbol, it is not
be allowed to create live patch, and it will trigger the following
error:
/usr/local/libexec/kpatch/create-diff-object: ERROR: ***.o:
kpatch_create_patches_sections: 2294: lookup_global_symbol ***
And if the changed function reference the weak symbol, when loading
the patch module will trigger the following error:
module kpatch-***: overflow in relocation type *** val 0
insmod: can't insert 'kpatch-***.ko': invalid module format
This patch fix it and add support for patching weak function.
Signed-off-by: Li Bin <huawei.libin@huawei.com>
Fixes issue #494. A null pointer dereference can result with patch
modules for multiple objects since the "vmlinux" patch object's "name"
field is null. strcmp therefore crashes trying to compare object->name
if the current object is vmlinux and the supplied "name" argument is
not. Check that object->name is not null before invoking strcmp.
kpatch_verify_patchability can detect the change of .bss or .data or
.init section, but it must be processed before verify num_changed.
Otherwise, for example, if only .init section changed, it will fail
with 'no changed functions were found', but not 'unsupported section
change(s)'.
With this patch,
for .init section: .init section will not a bundled section, so if
the section changed, not sync the function status, kpatch_verify_patchability
will give 'changed section <secname> not selected for inclusion' and
'unsupported section change(s)' error.
for .bss/.data section: kpatch_verify_patchability will ensure not
including .data or .bss section, otherwise it will give 'data section
<secname> selected for inclusion' and 'unsupported section change(s)'
error.
Signed-off-by: Li Bin <huawei.libin@huawei.com>
The shadow_get function does't consider the case that
'shadow is inpace', and after the shadow->data be set to the data,
it will not be the pointer. This patch fix it.
Signed-off-by: Li Bin <huawei.libin@huawei.com>
examples/tcp_cubic-better-follow-cubic-curve-original.patch is the
original patch, combined from two mainline commits (see the description
in the patch). It cannot be used with Kpatch as it is because the
change is in the initialization of a global structure.
examples/tcp_cubic-better-follow-cubic-curve-converted.patch is a
modification of the patch that Kpatch can process. Still, this
modification has its issues, see the description there.
Signed-off-by: Evgenii Shatokhin <eshatokhin@odin.com>
If a static variable is a pointer, it has rela section.
Example:
static int *p = &a;
changed to:
static int *p = &b;
so its rela section has changed.
Then this change of data should be found and report error.
But if we don't correlate its rela section, we won't
find this change.
Signed-off-by: Zhou ChengMing <zhouchengming1@outlook.com>
kpatch-build was failing on centos7 with
mv: cannot stat '/home/vagrant/rpmbuild/BUILD/kernel-*/linux-3.10.0-229.el7.x86_64': No such file or directory
in the error log. This was due to the actual directory being named
linux-3.10.0-229.el7.centos.x86_64. This patch avoids this failure by
adding a wildcard before the arch.
Signed-off-by: Louis Taylor <louis@kragniz.eu>
Change the supported Fedora version to F21 and add a new dependency.
For some reason, numactl-devel is needed by "rpmbuild -bp kernel", but
isn't detected by "yum-builddep kernel".
Remove the dracut support for adding the kpatch modules to the
initramfs. This creates a sizeable delay in installation time and
doesn't offer any added protect over just applying the patches at boot
time using a systemd service. Additional, we are seeing more platforms,
namely atomic and netboot environments, where changing the initramfs
can't be done.
Signed-off-by: Seth Jennings <sjenning@redhat.com>
Adds a new patch module scaffold for use when building against a kernel
with CONFIG_LIVE_PATCHING=y.
Signed-off-by: Seth Jennings <sjenning@redhat.com>
