For consistency with what the kernel does (and what we already do for
in-tree modules), if the file has any dashes ('-'), replace them with
underscores in the objname (aka KBUILD_MODNAME).
Fixes#1286.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
To support building out-of-tree kernel modules, the source tree prefix
is attempted to be stripped from change object file paths to make them
relative. However, if the path is already relative, the change can
strip a substring instead, resulting in build errors.
Ensure just the prefix is stripped instead of any substring.
Fixes: #1282
Fixes: 51a8fad34f ("Add support for building out-of-tree modules")
Recent toolchains only create a section symbol if it's needed, i.e. if
there's a reference to it. If there's a missing section symbol in
kpatch_create_intermediate_sections(), create one instead of erroring
out.
Fixes#1272.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
* Add s390 specific checks
* Identify patchable functions.
* Dont mark expolines as dynrelas. These expolines are always included
in final kernel module. This ensures that expoline functions and the
kernel itself are not too far apart and avoids out of range
relocation. However, this isnt a problem for other functions, as these
relocations are performed via R_390_PLT32DBL using gcc option
-mno-pic-data-is-text-relative.
* s390 maintains expoline tables to locate the expoline thunks. If
needed, the module loader could later replace these expoline thunks
with normal indirect branch. Each element in the expoline table is of 4
bytes. If there is a changed function in rela.s390_return*, then mark
that specific rela symbol as included. This is already performed in the
processing of special sections. Hence include it.
Signed-off-by: Sumanth Korikkar <sumanthk@linux.ibm.com>
1. -mno-pic-data-is-text-relative prevents relative addressing between
code and data. This is needed to avoid relocation error when klp text
and data are too far apart
2. Avoid generation of LANCHOR symbols through -fno-section-anchors.
kpatch-build does not handle it well.
Signed-off-by: Sumanth Korikkar <sumanthk@linux.ibm.com>
symtab_read tries to skip '.dynsym' symbol table and only
read '.symtab' symbol table. Newer readelf from binutils 2.37
now adds section names (see the diff):
--- vmlinux.symtab 2022-02-18 02:10:06.691220932 +0100
+++ vmlinux.symtab.new 2022-02-18 01:16:06.161210458 +0100
Symbol table '.dynsym' contains 1541 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND
1: 0000000000100000 0 SECTION LOCAL DEFAULT 1 .text
2: 00000000017a3ac0 4 OBJECT GLOBAL DEFAULT 19 sclp_console_pages
Symbol table '.symtab' contains 159980 entries:
Num: Value Size Type Bind Vis Ndx Name
- 41: 0000000001a93600 0 SECTION LOCAL DEFAULT 41
- 42: 0000000001a9c678 0 SECTION LOCAL DEFAULT 42
...
+ 41: 0000000001a93600 0 SECTION LOCAL DEFAULT 41 .dynsym
+ 42: 0000000001a9c678 0 SECTION LOCAL DEFAULT 42 .rela.dyn
...
54: 0000000000000000 0 FILE LOCAL DEFAULT ABS main.c
Simple matching of ".dynsym" in the line buffer is not enough anymore,
because it hits not just
Symbol table '.dynsym' contains 1541 entries:
line, but also
41: 0000000001a93600 0 SECTION LOCAL DEFAULT 41 .dynsym
skipping the rest of the file and leading to an error:
create-diff-object: ERROR: *.o: find_local_syms: 189: couldn't find matching
*.c local symbols in vmlinux symbol table
Limit matching only to lines containing "Symbol table" header.
This works with readelf from the binutils, as well as readelf from
elfutils (its output looks slightly different).
Symbol table [41] '.dynsym' contains 1541 entries:
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
If a section reference can't be converted to a symbol reference, error
out to try to prevent unexpected behavior later on.
There are a few sections for which a symbol is optional: .rodata and
string literal sections. Don't warn about those.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
rela_insn() only cares about the base section. Convert it to take a
non-rela section as its argument instead of a relasec.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Add support for R_X86_64_NONE. With an upstream kernel, it's quite
rare, only used for a few jump labels. With older kernels it was used
for fentry hooks. Either way, it should be treated like a PC-relative
relocation.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
It doesn't make sense to disassemble a data section. That just happened
to work by accident. PC-relative offsets only need adjusting when
associated with an instruction.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Several functions have a boolean semantic, but don't actually return
bool, which is confusing. Fix that.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Several functions expect to take a ".rela" section as an argument. Make
such cases more clear by renaming "sec" -> "relasec".
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
With '--debug', most of the xtrace output shows the reading of the
.config and Module.symvers files, which isn't very useful and floods the
rest of the xtrace output. Temporarily disable xtrace before reading
the files.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
As I noticed, commit eaaced191 has added
partial support for openEuler.
This patch enables usage in openEuler like:
kpatch-build xxxx.patch
I test it in openEuler 21.09, for people who
want to use kpatch in openEuler, two more steps
are needed.
1) add repo source
source rpm package of openEuler kernel are put in
two places. One is
https://repo.openeuler.org/openEuler-21.09/source/
Another one is
https://repo.openeuler.org/openEuler-21.09/update/source/
The latter one is not inclued in rpm repo lists by default.
2) compile kernel with CONFIG_LIVEPATCH_PER_TASK_CONSISTENCY enabled
openEuler has its own strategy when trying to apply patches.
We can use the klp_enable_patch function only when
CONFIG_LIVEPATCH_PER_TASK_CONSISTENCY is enabled.
Signed-off-by: anatasluo <luolongjuna@gmail.com>
The two versions are not the same (4.18.0-240.el8 vs. 4.18.0-284.el8).
But I am not quite sure which one is accurate. Remove the first one as the
second one is being used before this change.
Signed-off-by: Song Liu <song@kernel.org>
Debug sections are intended to refer to the patch module only. And in
fact, any debug section references to non-included symbols are stripped
in kpatch_include_debug_sections(). So there's no need for
need_dynrela() to even think about it.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
A seg fault was reported:
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7f18c8e in __strcmp_avx2 () from /lib64/libc.so.6
Missing separate debuginfos, use: dnf debuginfo-install elfutils-libelf-0.186-1.fc34.x86_64 zlib-1.2.11-26.fc34.x86_64
(gdb) bt
#0 0x00007ffff7f18c8e in __strcmp_avx2 () from /lib64/libc.so.6
#1 0x000000000040a0f7 in kpatch_is_core_module_symbol (name=0x0) at create-diff-object.c:3060
#2 0x000000000040a267 in need_dynrela (kelf=0x4669a0, table=0x92af30, sec=0x6d6b20, rela=0x8c7fd0) at create-diff-object.c:3117
#3 0x000000000040a4cc in kpatch_create_intermediate_sections (kelf=0x4669a0, table=0x92af30, objname=0x7fffffffcfc6 "vmlinux", pmod_name=0x7fffffffd020 "livepatch_a") at create-diff-object.c:3281
#4 0x000000000040c7c5 in main (argc=8, argv=0x7fffffffca48) at create-diff-object.c:3931
It happened because 'rela->sym->name' was NULL, and
kpatch_is_core_module_symbol() tried to dereference it.
Here's the corresponding relocation:
Relocation section [455] '.rela.debug_loclists' for section [454] '.debug_loclists' at offset 0xd0478 contains 2432 entries:
Offset Type Value Addend Name
...
0x000000000000aad6 X86_64_64 000000000000000000 +32 .LC55
...
That '.LC55' symbol lives in the following section:
[104] .rodata.btf_show_end_aggr_type.str1.8 PROGBITS 0000000000000000 00003ef0 00000021 1 AMS 0 0 8
The problem is that the symbol wasn't included in the output file
(though its corresponding section was). So it got zeroed by
kpatch_elf_teardown(), which was designed to trigger seg faults to help
find bugs like this.
The string literal sections which hold the '.LCx' string symbols are
already being included. Include their symbols as well.
Fixes#1257.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
The __LINE__ detection code looks for "printk", which on newer kernels
has been renamed to "_printk". Fix the check for newer kernels.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
For x86, we already check arg2 and arg3 for `__LINE__` immediate load
detection. For parity, do the same thing for the other two arches.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Previously, the name length was limited to 48 chars. This was then
prepended with "kpatch-" and a trailing NUL terminator to get to the 56
char limit for kernel module names. After some code rearrangement, the
48 char restriction was applied to the name after being prefixed with
kpatch-/livepatch-, limiting the length more than necessary. Increase
the name length limit back to 55 chars to restore the original limit.
Fixes: c0105ea467 ("kpatch-build: set default module prefix accordingly")
Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Technically we don't support s390 yet, but it's coming soon and there's
no harm in merging this one early. In fact this came in handy for
testing my endian fixes with #1203.
Note it doesn't actually do anything since 'kelf->arch' can't actually
get set to 'S390' yet. But it should work nicely with #1203 as it
evolves.
This is based on the patch from C. Erastus Toe in #1243, though there
may still be a few outstanding issues to look at in that PR, based on
some of the code review comments.
Originally-by: C. Erastus Toe <ctoe@redhat.com>
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
With s390 support coming, we'll soon have to worry about endianness
issues when doing cross-compiles and cross-arch unit tests. Make
insn_is_load_immediate() endian-agnostic.
Suggested-by: Joe Lawrence <joe.lawrence@redhat.com>
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Using -a/--archversion to explicitly set target kernel version was not
allowed if the kernel source directory and/or path to vmlinux with debug
info were set. This seems too strict, however.
vmlinux with debug info is used during the build to get symbol data, the
size of special structures, GCC version used to build the kernel, and the
target kernel version. As it turned out, some kernels, e.g. the ones from
OpenSUSE and derivatives, contain all that data except the Linux version
string in the file with debug info for vmlinux. Instead, that string is
present in vmlinux itself but that file does not contain debug info.
A simple workaround is to allow specifying the target kernel version
explicitly using -a/--archversion even if --sourcedir and/or --vmlinux are
set. If vmlinux with debug info does contain the Linux version string and
the version is different, kpatch-build will report an error.
Signed-off-by: Evgenii Shatokhin <evgenii.shatokhin@openvz.org>
For ppc64le, if a rela goes through the .toc, it requires an extra level
of indirection. Use toc_rela() here to ensure it gets the rela we care
about. This will be needed for the upcoming patch which checks for
`__func__`.
For non-ppc64le arches, and for ppc64le relas which don't go through the
.toc, toc_rela() is a no-op which just returns the rela. So this is
harmless for non-.toc cases.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
The arch-specific versions of kpatch_line_macro_change_only() are mostly
duplicate code. Unify them into a single implementation.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
If the only reference to the `__dyndbg` section is through a jump table
entry, the section doesn't get included and the jump table relocations
end up with a dangling reference to an UNDEF section symbol.
Make sure jump table referenced dynamic debug symbols get their sections
included.
Fixes#1253.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Symbol indexes over 64k don't fit into st_shndx and are stored in
extended symbol table. Make sure we properly handle these cases. It is
not normally useful during kpatch builds but will come up if we start
diffing linked objects.
Signed-off-by: Artem Savkov <asavkov@redhat.com>
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
