Commit Graph

1059 Commits

Author SHA1 Message Date
Josh Poimboeuf
a24b13cfb1 bump version to 0.3.2 2016-02-17 15:36:40 -06:00
Josh Poimboeuf
c85bb50ff7 Merge pull request #579 from flaming-toast/core_fix
kmod: core: use new module core_layout struct
2016-02-17 15:34:37 -06:00
Jessica Yu
85a055665e kmod: core: use new module core_layout struct
Commit 7523e4dc5057 upstream ("module: use a structure to encapsulate
layout") uses a new field to access module memory. Account for this change
and ensure backwards compatibility with kernel versions < 4.5
2016-02-17 13:13:46 -08:00
Josh Poimboeuf
83beb356ed Merge pull request #573 from arges/493
livepatch-patch-hook: add support for livepatch sympos structures
2016-02-17 08:57:06 -06:00
Chris J Arges
b64ab2b5e4 livepatch-patch-hook: add support for livepatch sympos
Support patching objects that have duplicated function names. This feature was
introduced upstream in Linux v4.5.

This patch appends the symbol position to the symbol structure when
lookup_local_symbol is called. This pos variable is then used when creating the
funcs and dynrelas sections. Finally, incorporate sympos into the livepatch
patch hook only if the kernel version is greater than v4.5. In other cases the
older format is used.

Fixes: #493

Signed-off-by: Chris J Arges <chris.j.arges@canonical.com>
2016-02-16 10:31:44 -06:00
Jessica Yu
08f55afa0a Merge pull request #575 from arges/packaging
Changes to make packaging easier
2016-02-10 12:12:45 -08:00
Chris J Arges
e9b9654602 Makefile: add BUILDMOD parameter to select building kmod core
In some cases when packaging it may not be useful to build kmod/core at
package build time (for example if using DKMS). Add a parameter 'BUILDMOD'
that when set to 'yes' will build kmod/core.

Signed-off-by: Chris J Arges <chris.j.arges@canonical.com>
2016-02-10 09:55:45 -06:00
Chris J Arges
3c8f5f7bfa Makefile: determine kernel release in Makefile
Don't assume we are building for the current kernel. In addition print out
a proper package necessary for building the module.

Signed-off-by: Chris J Arges <chris.j.arges@canonical.com>
2016-02-10 09:46:38 -06:00
Chris J Arges
06ad01b784 Makefile: make libexec a parameter
Some distributions prefer not to use /usr/libexec. To make things easier
for packaging, allow this directory to be set easily via environment
variables.

Signed-off-by: Chris J Arges <chris.j.arges@canonical.com>
2016-01-12 20:12:59 -06:00
Chris J Arges
053622b902 kpatch-build: allow external LDFLAGS
When building binaries such as create-diff-object it would be useful
to be able to pass LDFLAGS when running make from the command line.
2016-01-11 14:26:50 -06:00
Seth Jennings
b8c224c6c0 Merge pull request #569 from terrywang/fedora-23
readme: add support for Fedora 23
2015-12-07 09:11:27 -06:00
Terry Wang
580acabdc0 readme: update Fedora support information 2015-12-05 00:07:52 +11:00
Terry Wang
85c5cc224f readme: remove out-dated Fedora 21 2015-12-01 13:58:49 +11:00
Terry Wang
701e5c0a34 readme: add support for Fedora 23 2015-11-26 23:59:55 +11:00
Seth Jennings
b60d3acddb Merge pull request #560 from euspectre/get-kernel-version
Get kernel version from vmlinux if the kernel source tree is used
2015-11-18 15:28:42 -06:00
Seth Jennings
b781c0a843 Merge pull request #564 from jpoimboe/more-static-fixes
create-diff-object: static local uncorrelation/correlation fixes
2015-11-18 15:15:27 -06:00
Josh Poimboeuf
792a4fc537 Merge pull request #563 from jpoimboe/gcc-check
revert gcc check changes
2015-11-18 15:13:30 -06:00
Josh Poimboeuf
02d3c193ed create-diff-object: static local uncorrelation/correlation fixes
The uncorrelation logic is incomplete.  For bundled symbols, in addition
to uncorrelating the sections, it should also uncorrelate the section
symbols and any rela sections.

Similarly the correlation logic needs to correlate section symbols.  (It
already correlates rela sections.)
2015-11-18 14:56:02 -06:00
Josh Poimboeuf
707435ec62 Revert "kpatch-build: fix gcc_version_check"
This reverts commit 9fedd0d283.
2015-11-18 14:44:45 -06:00
Josh Poimboeuf
7b48c4ce12 Revert "kpatch-build: fix gcc_version_check: both "GNU" and "GCC" are possible"
This reverts commit 5737028667.
2015-11-18 14:44:26 -06:00
Josh Poimboeuf
f4b5eded0c Merge pull request #561 from euspectre/gcc-gnu-fix
kpatch-build: fix gcc_version_check: both "GNU" and "GCC" are possible
2015-11-18 10:28:18 -06:00
Josh Poimboeuf
129fb4a22b Merge pull request #551 from libin2015/reduce-dependency-on-bash-version
kpatch-build: reduce dependency on bash version >4.0
2015-11-17 08:35:52 -06:00
Evgenii Shatokhin
e169d82192 kpatch-build: get kernel version from vmlinux if source tree is used
If a kernel SRPM is used to get the kernel sources, the target kernel
version is determined from the name of the SRPM.

One cannot obtain the target kernel version this way if the source tree
is used instead of an SRPM, so let us extract that information from
vmlinux.

Signed-off-by: Evgenii Shatokhin <eshatokhin@odin.com>
2015-11-17 16:41:16 +03:00
Evgenii Shatokhin
5737028667 kpatch-build: fix gcc_version_check: both "GNU" and "GCC" are possible
This fix is an addition to 9fedd0d283 "kpatch-build: fix
gcc_version_check".

On some systems, the GCC version stored in vmlinux may have the
following format:
  (GNU) 4.8.3 20140911 (Red Hat 4.8.3-9)
while GCC returns
  (GCC) 4.8.3 20140911 (Red Hat 4.8.3-9)

As a result, binary patches cannot be built, although the compiler is
the same.

gcc_version_check() now takes this into account.

Signed-off-by: Evgenii Shatokhin <eshatokhin@odin.com>
2015-11-17 16:25:28 +03:00
Seth Jennings
f152d00a62 Merge pull request #559 from jpoimboe/patch-author-guide
doc: patch author guide, first take
2015-11-16 15:27:34 -06:00
Josh Poimboeuf
85b7a76acc doc: patch author guide, first take
Been wanting to write this forever, have to start somewhere...
2015-11-16 15:23:16 -06:00
Seth Jennings
f8d00bd232 Merge pull request #550 from libin2015/fix-find-parent-obj
kpatch-build: fix find_parent_obj
2015-11-16 13:29:35 -06:00
Seth Jennings
3d49e37f11 Merge pull request #548 from libin2015/fix-gcc-version-check
kpatch-build: fix gcc_version_check
2015-11-16 13:15:41 -06:00
Seth Jennings
aab5240df8 Merge pull request #555 from jpoimboe/static
create-diff-object: more static local variable rework
2015-11-16 11:55:36 -06:00
Seth Jennings
c7fd8673e9 Merge pull request #554 from jpoimboe/section-sym-gah
create-diff-object: handle reference to end of section
2015-11-16 10:37:32 -06:00
Seth Jennings
232b2a108d Merge pull request #549 from jpoimboe/trap-sighup
kpatch-build: cleanup on SIGHUP
2015-11-16 09:49:21 -06:00
Seth Jennings
c4967bc02b Merge pull request #557 from jpoimboe/deprecate-replace
kpatch: deprecate the replace command
2015-11-16 09:48:55 -06:00
Josh Poimboeuf
8e8de4718d kpatch: deprecate the replace command
"kpatch replace" is complex, buggy, and probably unnecessary.  And
upstream livepatch has nothing like it.

Remove it from the kpatch utility, but leave the infrastructure in place
in the patch module and the core module for now.

Fixes: #456
2015-11-16 09:38:44 -06:00
Josh Poimboeuf
fffbb85b81 create-diff-object: handle reference to end of section
Deal with a special case where gcc needs a pointer to the address at the end of
a data section.

This is usually used with a compare instruction to determine when to end a
loop.  The code doesn't actually dereference the pointer so this is "normal"
and we just replace the section reference with a reference to the last symbol
in the section.

Note that this only catches the issue when it happens at the end of a section.
It can also happen in the middle of a section.  In that case, the wrong symbol
will be associated with the reference.  But that's ok because:

1) This situation only occurs when gcc is trying to get the address of the
   symbol, not the contents of its data; and

2) Because kpatch doesn't allow data sections to change, &(var1+sizeof(var1))
   will always be the same as &var2.

Fixes: #553
2015-11-13 16:42:40 -06:00
Josh Poimboeuf
ac9020af20 create-diff-object: more static local variable rework
Refine the static local variable handling again.  This builds on a
previous patch by Zhou Chengming.

This fixes the following bugs reported by Zhou:

1.          xxx.123 ---> xxx.123 (previous correlation by coincidence)
            xxx.256 ---> xxx.256 (previous correlation by coincidence)
   But real xxx.123 ---> xxx.256

   In this case, the code doesn't work. Because when find patched_sym for
   xxx.123, the xxx.256 in patched_object hasn't been de-correlated.

2. old-object | new-object
        func1 | func1
      xxx.123 | xxx.123 (inline)
        func2 | func2
      xxx.256 | xxx.256
      xxx.123 | xxx.123 (inline)

   When find patched_sym for xxx.123, first find xxx.123 in func1 of new-object,
   But then find xxx.256 in func2 of new-object.
   So I think should not iterate the base-sections, when find one, just go out to next symbol.

Both of these problems can be fixed by splitting the code up into
multiple passes:

  1. uncorrelate all static locals
  2. correlate all static locals
  3. ensure each static local is referenced by all the same sections in
     both objects
  4. print warning on any new static locals

Fixes: #545
2015-11-13 13:56:13 -06:00
Li Bin
273ea9a06c kpatch-build: reduce dependency on bash version >4.0
Before this patch, kpatch_build dependends on bash version >4.0
that support declare -A. This patch remove this dependency by
replacing dict(declare -A) with array.

Signed-off-by: Li Bin <huawei.libin@huawei.com>
2015-11-13 17:13:39 +08:00
Li Bin
9143e88f16 kpatch-build: fix find_parent_obj
When find kobj, it should use 'cat changed_objs' to get the changed
objects, in order to process the following object format:
a/b/c/../../object.o. If using patched dir to get changed object,
the object will be a/object.o, but it is a/b/c/../../object.o in
*.cmd file.
This patch also fix the find_parent_obj that change the format
'a/b/c/../../object.o' to 'a/object.o' in deep find, otherwise
it will fail with "two parent matches for *.o".

Signed-off-by: Li Bin <huawei.libin@huawei.com>
2015-11-13 14:24:37 +08:00
Josh Poimboeuf
d529091f3b kpatch-build: cleanup on SIGHUP
Fix an issue where kpatch-build fails to clean up after hitting CTRL-C
during a remote integration test (make remote).
2015-11-12 20:39:14 -06:00
Li Bin
9fedd0d283 kpatch-build: fix gcc_version_check
gcc version string format may be 'gcc (xxx xxx) x.x.x [xxx]'
fix gcc_version_check to adapt to it.

Signed-off-by: Li Bin <huawei.libin@huawei.com>
2015-11-13 08:19:50 +08:00
Seth Jennings
eb54876936 Merge pull request #544 from jpoimboe/ronx-crash
kmod/core: fix crash with !CONFIG_DEBUG_SET_MODULE_RONX
2015-11-04 13:51:12 -06:00
Seth Jennings
de536b131e Merge pull request #543 from jpoimboe/kpatch-build-cleanup-2
kpatch-build: clean up rpmbuild tmp directory handling
2015-11-04 12:13:03 -06:00
Josh Poimboeuf
5429b18750 kpatch-build: s/TMPBUILDROOT/RPMTOPDIR/ 2015-11-04 12:11:26 -06:00
Josh Poimboeuf
a683f7da21 kmod/core: fix crash with !CONFIG_DEBUG_SET_MODULE_RONX
When loading a patch module on a kernel with
!CONFIG_DEBUG_SET_MODULE_RONX, the following crash occurs:

  loading core module: /root/src/kpatch/kpatch/../kmod/core/kpatch.ko
  loading patch module: kpatch-meminfo-string.ko
  BUG: unable to handle kernel paging request at ffffffffa0010cc0
  IP: [<ffffffff8125ecb0>] do_init_module+0x84/0x1af
  PGD 13d3067 PUD 13d4063 PMD 1e1ee067 PTE 1e1a0161
  Oops: 0003 [#1]
  Modules linked in: kpatch_meminfo_string(O+) kpatch(O)
  CPU: 0 PID: 149 Comm: insmod Tainted: G           O  K 4.1.0+ #1
  task: ffff88001e17b810 ti: ffff88001e1cc000 task.ti: ffff88001e1cc000
  RIP: 0010:[<ffffffff8125ecb0>]  [<ffffffff8125ecb0>] do_init_module+0x84/0x1af
  RSP: 0018:ffff88001e1cfda8  EFLAGS: 00010246
  RAX: 0000000000000000 RBX: ffffffffa0010cc0 RCX: 0000000080a02001
  RDX: 0000000000000024 RSI: 0000000000000000 RDI: ffffffff813fabe0
  RBP: 0000000000000000 R08: 0000000000000000 R09: 00000000d0000000
  R10: ffffffffa000e000 R11: 0000000000000001 R12: ffff88001eb58638
  R13: ffffffffa0010d10 R14: 0000000000000001 R15: 0000000000000000
  FS:  00007f0ae00aa700(0000) GS:ffffffff813e1000(0000) knlGS:0000000000000000
  CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
  CR2: ffffffffa0010cc0 CR3: 000000001e181000 CR4: 00000000000006b0
  Stack:
   ffff88001e1cfed8 0000000000000001 ffffffffa0010cc0 ffffffff81058aac
   ffff88001e207680 00000000810a462f ffffc90000096890 0000000000000e00
   ffffffff00000016 ffffffff8126cd40 ffff88001eaa6a08 ffff88001e1cfe48
  Call Trace:
   [<ffffffff81058aac>] ? load_module+0x18ad/0x18e9
   [<ffffffff81056290>] ? copy_module_from_fd+0x86/0xdf
   [<ffffffff81058c1e>] ? SyS_finit_module+0x56/0x61
   [<ffffffff81261854>] ? system_call_fastpath+0x12/0x6a
  Code: f8 00 00 00 74 23 49 c7 c0 80 ca 26 81 48 8d 53 18 89 c1 4c 89 c6 48 c7 c7 6d ef 36 81 31 c0 e8 16 fb ff ff e8 18 06 00 00 31 f6 <c7> 03 00 00 00 00 48 89 da 48 c7 c7 c0 c9 3f 81 e8 7e b3 dd ff
  RIP  [<ffffffff8125ecb0>] do_init_module+0x84/0x1af
   RSP <ffff88001e1cfda8>
  CR2: ffffffffa0010cc0

With !CONFIG_DEBUG_SET_MODULE_RONX, module text and rodata pages are
writable, and the debug_align() macro allows the module struct to share
a page with executable text.  When klp_write_module_reloc() calls
set_memory_ro() on the page, it effectively turns the module struct into
a read-only structure, resulting in a page fault when load_module() does
"mod->state = MODULE_STATE_LIVE".

Fixes: #497
2015-11-03 14:44:00 -06:00
Josh Poimboeuf
0dec5136ee kpatch-build: clean up rpmbuild tmp directory handling
Setting HOME in a subshell is too hacky.  Instead just pass the rpmbuild
directory to the rpm and rpmbuild commands.
2015-11-03 14:35:33 -06:00
Seth Jennings
b2eeb59b8a Merge pull request #542 from jpoimboe/kpatch-build-cleanups
fix a couple of minor kpatch-build issues
2015-11-03 14:09:40 -06:00
Josh Poimboeuf
b8bc7c2812 kpatch-build: fix tempsrc directory leak
Also rename it to tmphome to more accurately describe its purpose.
2015-11-03 13:55:56 -06:00
Josh Poimboeuf
686cc4ff52 kpatch-build: put log file in $CACHEDIR
Otherwise it gets removed along with TEMPDIR if '--debug' isn't set.
2015-11-03 13:52:47 -06:00
Seth Jennings
b412753292 Merge pull request #541 from euspectre/special-struct-size-fix
kpatch-build: fix searching for the sizes of special structures
2015-11-03 08:34:18 -06:00
Evgenii Shatokhin
ad6581756e kpatch-build: fix searching for the sizes of special structures
readelf -wi may output trailing spaces in the lines with section names
('alt_instr', etc.). The regexps should take this into account,
otherwise kpatch-build may fail with error:
    "can't find special struct size"
2015-11-03 12:39:39 +03:00
Seth Jennings
045a983574 Merge pull request #536 from jpoimboe/static-local-rewrite
Rewrite static local variable correlation logic
2015-11-02 11:16:55 -06:00