This fixes the following issue for a patch which changes a module:
kpatch_create_mcount_sections: 1968: bad first rela in .rela.text.e_show
The first rela is "bad" because the real first rela was converted to a
dynrela and then removed from the rela list.
This is a temporary fix. The more permanent fix should be to allow
lookups in vmlinux for patched modules so we don't create any
unnecessary dynrelas.
Some functions in the kernel are always on the stack of some thread
in the system. Attempts to patch these function will currently always
fail the activeness safety check.
However, through human inspection, it can be determined that, for a
particular function, consistency is maintained even if the old and new
versions of the function run concurrently.
This commit introduces a KPATCH_FORCE_UNSAFE() macro to define patched
functions that such be exempted from the activeness safety check.
Signed-off-by: Seth Jennings <sjenning@redhat.com>
For ftrace to be able to trace a patched function, it requires that the
__mcount_loc section contains a pointer to the function, and that the
first instruction of the function is "callq __fentry__".
Normally that work is done by the recordmcount script, but it ignores
functions that aren't in a few standard sections (.text and a few
others).
This commit enables the ability to create user-defined hooks as part of
the normal code patch that can do preparatory work for the application
of the patch. This work could include, but is not limited to, changing
data structure semantics.
The user may define a new function as part of the patch and mark it as a
load-time or unload-time hook with the kpatch_load_hook() and
kpatch_unload_hook() macros. These macros are in an include file that
gets copied into the source tree at include/linux/kpatch-hooks.h at
patch build time. The signature for both hooks is "int kpatch_unload_hook(void)".
For now, the return code is ignored. The hooks may not fail. They also
run in stop_machine() context and may not sleep. These hooks, more or
less, must follow all the rules of interrupt context code.
The original logic in the inclusion tree code worked under the
assumption that it was the only code path marking symbols for inclusion.
Therefore, if the symbol had been marked as included, it could be safely
assumed that we also already called kpatch_include_symbol() on it. With
the special section handling marking symbols as included, however, this
assumption is not valid.
We should call kpatch_include_symbol() regardless of whether or not the
symbol has already been marked as included or not in order to possible
include the symbol's entire bundle.
Signed-off-by: Seth Jennings <sjenning@redhat.com>
With the inclusion of the debug sections, the debug output is so verbose
that it becomes less useful.
This commit reduces the verbosity by skipping rela listings of debug
sections.
It includes a new helper function, is_debug_section(), to consolidate
the logic for detecting debug sections.
Signed-off-by: Seth Jennings <sjenning@redhat.com>
This is useful if ~/.kpatch is a symlink or a tmpfs mount.
- move SRCDIR/OBJDIR/OBJDIR2 initialization to the top
- create new VERSIONFILE variable
- create new clean_cache function which doesn't remove ~/.kpatch
Fixes#261.
In my experience this is a much more useful implementation of the
"--sourcedir" option:
- use the source tree in-place rather than first copying it to
~/.kpatch/src. In my case this avoids a 5GB copy, including the
entire .git subdirectory, and allows ccache to be reused.
- find the vmlinux and .config files in the sourcedir
- autodetect the ARCHVERSION
Add -d option to create-diff-object when DEBUG is set. That way for
weird kpatch-build issues we can just tell people to use the -d flag and
then provide the build log.
When patching module A, if one of the new function's relas reference a
symbol in module B, we currently just leave it as a normal rela. But if
module B hasn't been loaded yet, the patch module will fail to load due
to the rela's reference to an undefined symbol.
The fix is to convert these relas to dynrelas, which can be resolved
later in the module notifier when A is loaded.
Also added support for the R_X86_64_NONE relocation type, needed for
dynrelas which reference __fentry__.
This commit adds basic debuginfo support. It is "basic" in as much as
it does not try to parse the DWARF data to figure out which parts
pertain to the changed code. It simply includes all .debug_ and
.rela.debug_ section and strips out any rela entries that reference
unchanged symbols. This corrupts the debuginfo for unchanged symbols
but since they are not going to be included anyway, there should be no
way to reference that information.
Signed-off-by: Seth Jennings <sjenning@redhat.com>
The recent module patching code has exposed some problems with our data
structures. We currently patch the funcs and dynrelas individually,
which is kind of scary now that different objects can be patched at
different times. Instead it's cleaner and safer to group them by
patched object.
This patch implements per-object patching and relocations by refactoring
the interfaces:
- Completely separate the create-diff-object <-> patch module interface
from the patch module <-> core module interface. create-diff-object
will include "kpatch-patch.h" but not "kpatch.h". Thus,
create-diff-object has no knowledge about the core module's
interfaces, and the core module has no knowledge about the patch
module's special sections.
- Newly added kpatch-patch.h defines the format of the patch module
special sections. It's used by create-diff-object to create the
special sections and used by the patch module to read them.
- kpatch.h still defines the core module interfaces. Each kpatch_module
has a list of kpatch_objects for each module object to be patched.
Each kpatch_object has a list of kpatch_funcs and a list of
kpatch_dynrelas. The patch module creates these lists when populating
kpatch_module.
This way of structuring the data allows us to patch funcs and dynrelas
on a per patched object basis, which will allow us to catch more error
scenarios and make the code easier to manage going forward. It also
allows the use of much more common code between kpatch_register() and
kpatch_module_notify().
This adds support to kpatch-build for patching modules. It builds the
entire kernel tree, vmlinux and modules, in a single pass and then
detects which modules need to be patched. This is the easiest case
(since the user doesn't need to care about which binaries are affected)
and the safest (since the user could be wrong).
The first build with no ccache takes a long time, but after the cache is
populated, it only takes about two minutes on my laptop. It does take
up a TON of space in the cache now though (~/.kpatch/obj is now 8GB).
Next we can add the '-t' cmdline option for advanced users to specify
build targets.
Revert the previous kpatch-build module building interface commits to
prepare for a completely different approach which builds vmlinux and all
the modules in a single pass.
This reverts commit fac9d70612.
This reverts commit d166fb4379.
This allows a patch module to contain patched functions for modules
which haven't been loaded yet. If/when the module is loaded later, it
will be patched from the module notifier function.
On Ubuntu, the ccache symlinks aren't automatically added to the PATH,
so update PATH accordingly.
On Fedora, the PATH is updated automatically when installing ccache.
_But_, it requires a new bash session to be created after installing
ccache before the new PATH takes effect. So it's a good idea to fix it
for Fedora as well.
kpatch load fails on Ubuntu with:
kpatch: unable to find module 'vmlinux_3'
The root cause is that the vmlinux file on Ubuntu is named
vmlinux-3.13.0-24-generic instead of just vmlinux.
Let's just call it "vmlinux" in the objname field.
