for-next branch of kbuild repo contains a "kbuild: rename built-in.o to
built-in.a" which renames all built-in.o instances. Filter on both .o
and .a in kpatch-gcc/kpatch-build to be prepared for this change.
Fixes#800.
Signed-off-by: Artem Savkov <asavkov@redhat.com>
Effective Kernel v4.16, the immediate flag is removed by upstream
kernel commit d0807da78e11 ("livepatch: Remove immediate feature").
Add an upper bound kernel version check for inclusion of the
immediate flag.
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Kamalesh Babulal <kamalesh@linux.vnet.ibm.com>
With kernel commit b1fca27d384 ("kernel debug: support resetting
WARN*_ONCE") the *_ONCE warnings are placed .data.once section.
Including .data.once section is valid, so add an check in
kpatch_verify_patchability() while checking for included invalid
sections.
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Kamalesh Babulal <kamalesh@linux.vnet.ibm.com>
Symbols with R_PPC64_REL24 relocation type are functions and it's
currently assumed that all functions are replaced with their respective
section symbols.
There are function whose reference are not straight forward section
symbol but section + offset. These function replacement should be
handled more like bundled sections. Remove the check, which imposes
the inital assumption.
Suggested-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Kamalesh Babulal <kamalesh@linux.vnet.ibm.com>
.toc section entries are mostly place holder for relocation entries,
specified in .rela.toc section. Sometimes, .toc section may have
constants as entries. These constants are not reference to any symbols,
but plain instructions mostly due to some arthimetics in the functions
referring them.
They are referred by the functions like normal .toc entries, these
entries can not be resolved to any symbols. This patch creates a list
of constants if available for .toc sections and compares them in
rela_equal() to ensure their is no mismatch in the generated constants
for original and patched .o files.
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Kamalesh Babulal <kamalesh@linux.vnet.ibm.com>
GCC 7.2.1 complains about the usage of the PPC64_LOCAL_ENTRY_OFFSET
macro:
create-diff-object.c: In function ‘is_gcc6_localentry_bundled_sym’:
create-diff-object.c:119:83: error: ‘<<’ in boolean context, did you mean ‘<’ ? [-Werror=int-in-bool-context]
(((1 << (((other) & STO_PPC64_LOCAL_MASK) >> STO_PPC64_LOCAL_BIT)) >> 2) << 2)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~
create-diff-object.c:140:10: note: in expansion of macro ‘PPC64_LOCAL_ENTRY_OFFSET’
return (PPC64_LOCAL_ENTRY_OFFSET(sym->sym.st_other) &&
^~~~~~~~~~~~~~~~~~~~~~~~
Fix it by explicitly treating the macro as an integer instead of a bool.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Sometimes git doesn't see that the patches have been reverted, if that
happens during ./scripts/setlocalversion call the resulting patch module
is built with a wrong vermagic because the tree is still considered
dirty.
Fix by moving git update-index call into remove_patches function so that
it is called every time the patches are reverted, not only on cleanup.
Signed-off-by: Artem Savkov <asavkov@redhat.com>
This is similar to how loading of the patches works now. Needed mostly
for the "old" kpatch, i.e. for the kernels that do not support livepatch.
If the patched functions are currently used, loading of the patch fails
with "Device or resource busy" error. kpatch script then retries the
operation several times.
In some cases, it could be convenient to do the same thing when
unloading or simply disabling the patches. One of the use cases is when
it is needed to replace a loaded cumulative patch with its previous
version, esp. if the patches have patch/unpatch hooks. It is often more
reliable to disable the loaded patches first and then load the new
patch. Disable operation may fail due to activeness safety check - so
let us retry it a few times.
v2:
As suggested in PR #790, disable_patch() no longer returns a value but
rather calls die() at the point of error.
Signed-off-by: Evgenii Shatokhin <eshatokhin@virtuozzo.com>
Found in the scope of https://github.com/dynup/kpatch/pull/755 but not
related to the main problem discussed there.
kpatch_create_patches_sections() and kpatch_create_intermediate_sections()
used 'hint' in error messages.
However, the string 'hint' refers to is owned by 'kelf_base' and is
freed before kpatch_create_*_sections() are called. As a result, if
these functions try to output errors and print 'hint',
create-diff-object will crash.
As suggested in the mentioned PR, 'hint' is actually no longer needed at
that stage, so I have removed it from kpatch_create_*_sections().
Kpatch no longer uses initrd to make sure the patch modules are loaded
at boot. The users could either install the provided systemd service
for that or come up with some other solution.
The messages mentioning initrd could confuse the users.
Signed-off-by: Evgenii Shatokhin <eshatokhin@virtuozzo.com>
A cosmetic fix.
If KPATCH_BUILD ending with 'build/' is passed to 'make', KERNELRELEASE
will become 'build' and the error message will look like:
"<...> doesn't exist. Try installing the kernel-devel-build RPM or
linux-headers-build DEB."
Let us fix that.
Signed-off-by: Evgenii Shatokhin <eshatokhin@virtuozzo.com>
... and the interval between the retries.
If activeness safety check fails and the patch fails to load, kpatch waits
for 2 seconds and then retries loading of that patch.
It may be needed to change the number of retries and the interval
between them in some cases, e.g. during stress testing of patches, etc.
Make it a bit easier by keeping these values in the variables close to
the beginning of the script.
Signed-off-by: Evgenii Shatokhin <eshatokhin@virtuozzo.com>
kpatch checks the messages output by insmod to decide if loading failed
with -EBUSY (i.e. activeness safety check failed). It looks for
"Device or resource busy" message, but one cannot guarantee it is not
output in some other language.
Let us use LC_ALL=C to be sure.
Signed-off-by: Evgenii Shatokhin <eshatokhin@virtuozzo.com>
By specifying -d, --debug multiple times, the following additional
debug modes can be enabled:
-d -d: Writes everything that is written to the logfile also to
stdout.
-d -d -d: Same as '-d -d' plus sets 'xtrace' in kpatch-build.
-d -d -d -d: Same as '-d -d -d' plus sets 'xtrace' in kpatch-gcc.
Signed-off-by: Juerg Haefliger <juerg.haefliger@canonical.com>
When loading a livepatch, wait for the patching transition to complete
within a reasonable timeframe, then poke any stalled tasks with a
signal. If the transition is still taking too long, reverse the patch
and unload the livepatch.
When re-enabling a livepatch, do the same wait and signaling. If the
expected time expires, disable the livepatch.
When unloading a livepatch, perform the wait/signaling, but only emit an
error message if the transition exceeds the time limit.
Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
Add a "signal" command line option that iterates over all processes that
may be holding up the current livepatch transition. Send such processes
a SIGSTOP / SIGCONT combination to try and expedite the transition.
Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
In 'kpatch list' output, show the current patch state: enabled,
disabled, and livepatch mid-transition states enabling... and
disabling...
Also provide a list of any tasks that are stalling a livepatch
transition.
Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
The verify_module_checksum() function reads a kpatch-specific ELF
section to compare on-disk and in-memory kernel modules. The function
only reports a miscompare if the .kpatch.checksum section actually
exists. Livepatches don't have such section, so throw away any "Section
'.kpatch.checksum' was not dumped because it does not exist!" warnings
from readelf.
Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
Add a logger funcition that can be used to log to both stdout and the
logfile or only to the logfile. This is needed for subsequent patches
where we introduce an alternate debug mode.
Since we're piping to a logger now, we need to set 'pipefail' otherwise
the return status of such a pipeline is always 0 (the exit status of the
logger) and we won't catch any errors.
From the bash manpage:
The return status of a pipeline is the exit status of the last command,
unless the pipefail option is enabled
Signed-off-by: Juerg Haefliger <juerg.haefliger@canonical.com>
This is in response to an upstream discussion for the following patch:
https://lkml.kernel.org/r/1508217523-18885-1-git-send-email-kamalesh@linux.vnet.ibm.com
This should hopefully make it a lot easier for the ppc64le kernel module
code to support klp relocations.
The gcc-common.h and gcc-generate-rtl-pass.h header files are copied
from the upstream Linux source tree.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
When searching for 'Linux version ...' in vmlinux, stop after the first
match so that we don't keep reading a potentially huge file.
Signed-off-by: Juerg Haefliger <juerg.haefliger@canonical.com>
The current checks never fail, because the first grep in the pipeline
doesn't write anything to stdout.
Signed-off-by: Juerg Haefliger <juerg.haefliger@canonical.com>
This can be used for building a kpatch module for a non-running
kernel. Note that the correct kernel and debug packages still need
to be installed.
Signed-off-by: Juerg Haefliger <juerg.haefliger@canonical.com>
When creating .kpatch.relocations, there's no reason to convert the
relocation destinations to symbols. In fact, it's actively harmful
because it makes it harder for create-klp-module to deal with the GCC 6+
8-byte localentry gap.
This also fixes a regression which was introduced in 5888f316e6, which
broke ppc64le relocations.
Fixes#754.
Fixes: 5888f316e6 ("create-klp-module: support unbundled symbols")
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
kpatch_relocation's 'dest' addend and 'offset' fields are redundant. In
fact, the 'offset' field isn't always accurate because it doesn't have a
relocation, so its value doesn't adjust when multiple .o files are
combined. Just use the 'dest' addend instead.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
