Commit Graph

1034 Commits

Author SHA1 Message Date
Seth Jennings
f152d00a62 Merge pull request #559 from jpoimboe/patch-author-guide
doc: patch author guide, first take
2015-11-16 15:27:34 -06:00
Josh Poimboeuf
85b7a76acc doc: patch author guide, first take
Been wanting to write this forever, have to start somewhere...
2015-11-16 15:23:16 -06:00
Seth Jennings
f8d00bd232 Merge pull request #550 from libin2015/fix-find-parent-obj
kpatch-build: fix find_parent_obj
2015-11-16 13:29:35 -06:00
Seth Jennings
3d49e37f11 Merge pull request #548 from libin2015/fix-gcc-version-check
kpatch-build: fix gcc_version_check
2015-11-16 13:15:41 -06:00
Seth Jennings
aab5240df8 Merge pull request #555 from jpoimboe/static
create-diff-object: more static local variable rework
2015-11-16 11:55:36 -06:00
Seth Jennings
c7fd8673e9 Merge pull request #554 from jpoimboe/section-sym-gah
create-diff-object: handle reference to end of section
2015-11-16 10:37:32 -06:00
Seth Jennings
232b2a108d Merge pull request #549 from jpoimboe/trap-sighup
kpatch-build: cleanup on SIGHUP
2015-11-16 09:49:21 -06:00
Seth Jennings
c4967bc02b Merge pull request #557 from jpoimboe/deprecate-replace
kpatch: deprecate the replace command
2015-11-16 09:48:55 -06:00
Josh Poimboeuf
8e8de4718d kpatch: deprecate the replace command
"kpatch replace" is complex, buggy, and probably unnecessary.  And
upstream livepatch has nothing like it.

Remove it from the kpatch utility, but leave the infrastructure in place
in the patch module and the core module for now.

Fixes: #456
2015-11-16 09:38:44 -06:00
Josh Poimboeuf
fffbb85b81 create-diff-object: handle reference to end of section
Deal with a special case where gcc needs a pointer to the address at the end of
a data section.

This is usually used with a compare instruction to determine when to end a
loop.  The code doesn't actually dereference the pointer so this is "normal"
and we just replace the section reference with a reference to the last symbol
in the section.

Note that this only catches the issue when it happens at the end of a section.
It can also happen in the middle of a section.  In that case, the wrong symbol
will be associated with the reference.  But that's ok because:

1) This situation only occurs when gcc is trying to get the address of the
   symbol, not the contents of its data; and

2) Because kpatch doesn't allow data sections to change, &(var1+sizeof(var1))
   will always be the same as &var2.

Fixes: #553
2015-11-13 16:42:40 -06:00
Josh Poimboeuf
ac9020af20 create-diff-object: more static local variable rework
Refine the static local variable handling again.  This builds on a
previous patch by Zhou Chengming.

This fixes the following bugs reported by Zhou:

1.          xxx.123 ---> xxx.123 (previous correlation by coincidence)
            xxx.256 ---> xxx.256 (previous correlation by coincidence)
   But real xxx.123 ---> xxx.256

   In this case, the code doesn't work. Because when find patched_sym for
   xxx.123, the xxx.256 in patched_object hasn't been de-correlated.

2. old-object | new-object
        func1 | func1
      xxx.123 | xxx.123 (inline)
        func2 | func2
      xxx.256 | xxx.256
      xxx.123 | xxx.123 (inline)

   When find patched_sym for xxx.123, first find xxx.123 in func1 of new-object,
   But then find xxx.256 in func2 of new-object.
   So I think should not iterate the base-sections, when find one, just go out to next symbol.

Both of these problems can be fixed by splitting the code up into
multiple passes:

  1. uncorrelate all static locals
  2. correlate all static locals
  3. ensure each static local is referenced by all the same sections in
     both objects
  4. print warning on any new static locals

Fixes: #545
2015-11-13 13:56:13 -06:00
Li Bin
9143e88f16 kpatch-build: fix find_parent_obj
When find kobj, it should use 'cat changed_objs' to get the changed
objects, in order to process the following object format:
a/b/c/../../object.o. If using patched dir to get changed object,
the object will be a/object.o, but it is a/b/c/../../object.o in
*.cmd file.
This patch also fix the find_parent_obj that change the format
'a/b/c/../../object.o' to 'a/object.o' in deep find, otherwise
it will fail with "two parent matches for *.o".

Signed-off-by: Li Bin <huawei.libin@huawei.com>
2015-11-13 14:24:37 +08:00
Josh Poimboeuf
d529091f3b kpatch-build: cleanup on SIGHUP
Fix an issue where kpatch-build fails to clean up after hitting CTRL-C
during a remote integration test (make remote).
2015-11-12 20:39:14 -06:00
Li Bin
9fedd0d283 kpatch-build: fix gcc_version_check
gcc version string format may be 'gcc (xxx xxx) x.x.x [xxx]'
fix gcc_version_check to adapt to it.

Signed-off-by: Li Bin <huawei.libin@huawei.com>
2015-11-13 08:19:50 +08:00
Seth Jennings
eb54876936 Merge pull request #544 from jpoimboe/ronx-crash
kmod/core: fix crash with !CONFIG_DEBUG_SET_MODULE_RONX
2015-11-04 13:51:12 -06:00
Seth Jennings
de536b131e Merge pull request #543 from jpoimboe/kpatch-build-cleanup-2
kpatch-build: clean up rpmbuild tmp directory handling
2015-11-04 12:13:03 -06:00
Josh Poimboeuf
5429b18750 kpatch-build: s/TMPBUILDROOT/RPMTOPDIR/ 2015-11-04 12:11:26 -06:00
Josh Poimboeuf
a683f7da21 kmod/core: fix crash with !CONFIG_DEBUG_SET_MODULE_RONX
When loading a patch module on a kernel with
!CONFIG_DEBUG_SET_MODULE_RONX, the following crash occurs:

  loading core module: /root/src/kpatch/kpatch/../kmod/core/kpatch.ko
  loading patch module: kpatch-meminfo-string.ko
  BUG: unable to handle kernel paging request at ffffffffa0010cc0
  IP: [<ffffffff8125ecb0>] do_init_module+0x84/0x1af
  PGD 13d3067 PUD 13d4063 PMD 1e1ee067 PTE 1e1a0161
  Oops: 0003 [#1]
  Modules linked in: kpatch_meminfo_string(O+) kpatch(O)
  CPU: 0 PID: 149 Comm: insmod Tainted: G           O  K 4.1.0+ #1
  task: ffff88001e17b810 ti: ffff88001e1cc000 task.ti: ffff88001e1cc000
  RIP: 0010:[<ffffffff8125ecb0>]  [<ffffffff8125ecb0>] do_init_module+0x84/0x1af
  RSP: 0018:ffff88001e1cfda8  EFLAGS: 00010246
  RAX: 0000000000000000 RBX: ffffffffa0010cc0 RCX: 0000000080a02001
  RDX: 0000000000000024 RSI: 0000000000000000 RDI: ffffffff813fabe0
  RBP: 0000000000000000 R08: 0000000000000000 R09: 00000000d0000000
  R10: ffffffffa000e000 R11: 0000000000000001 R12: ffff88001eb58638
  R13: ffffffffa0010d10 R14: 0000000000000001 R15: 0000000000000000
  FS:  00007f0ae00aa700(0000) GS:ffffffff813e1000(0000) knlGS:0000000000000000
  CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
  CR2: ffffffffa0010cc0 CR3: 000000001e181000 CR4: 00000000000006b0
  Stack:
   ffff88001e1cfed8 0000000000000001 ffffffffa0010cc0 ffffffff81058aac
   ffff88001e207680 00000000810a462f ffffc90000096890 0000000000000e00
   ffffffff00000016 ffffffff8126cd40 ffff88001eaa6a08 ffff88001e1cfe48
  Call Trace:
   [<ffffffff81058aac>] ? load_module+0x18ad/0x18e9
   [<ffffffff81056290>] ? copy_module_from_fd+0x86/0xdf
   [<ffffffff81058c1e>] ? SyS_finit_module+0x56/0x61
   [<ffffffff81261854>] ? system_call_fastpath+0x12/0x6a
  Code: f8 00 00 00 74 23 49 c7 c0 80 ca 26 81 48 8d 53 18 89 c1 4c 89 c6 48 c7 c7 6d ef 36 81 31 c0 e8 16 fb ff ff e8 18 06 00 00 31 f6 <c7> 03 00 00 00 00 48 89 da 48 c7 c7 c0 c9 3f 81 e8 7e b3 dd ff
  RIP  [<ffffffff8125ecb0>] do_init_module+0x84/0x1af
   RSP <ffff88001e1cfda8>
  CR2: ffffffffa0010cc0

With !CONFIG_DEBUG_SET_MODULE_RONX, module text and rodata pages are
writable, and the debug_align() macro allows the module struct to share
a page with executable text.  When klp_write_module_reloc() calls
set_memory_ro() on the page, it effectively turns the module struct into
a read-only structure, resulting in a page fault when load_module() does
"mod->state = MODULE_STATE_LIVE".

Fixes: #497
2015-11-03 14:44:00 -06:00
Josh Poimboeuf
0dec5136ee kpatch-build: clean up rpmbuild tmp directory handling
Setting HOME in a subshell is too hacky.  Instead just pass the rpmbuild
directory to the rpm and rpmbuild commands.
2015-11-03 14:35:33 -06:00
Seth Jennings
b2eeb59b8a Merge pull request #542 from jpoimboe/kpatch-build-cleanups
fix a couple of minor kpatch-build issues
2015-11-03 14:09:40 -06:00
Josh Poimboeuf
b8bc7c2812 kpatch-build: fix tempsrc directory leak
Also rename it to tmphome to more accurately describe its purpose.
2015-11-03 13:55:56 -06:00
Josh Poimboeuf
686cc4ff52 kpatch-build: put log file in $CACHEDIR
Otherwise it gets removed along with TEMPDIR if '--debug' isn't set.
2015-11-03 13:52:47 -06:00
Seth Jennings
b412753292 Merge pull request #541 from euspectre/special-struct-size-fix
kpatch-build: fix searching for the sizes of special structures
2015-11-03 08:34:18 -06:00
Evgenii Shatokhin
ad6581756e kpatch-build: fix searching for the sizes of special structures
readelf -wi may output trailing spaces in the lines with section names
('alt_instr', etc.). The regexps should take this into account,
otherwise kpatch-build may fail with error:
    "can't find special struct size"
2015-11-03 12:39:39 +03:00
Seth Jennings
045a983574 Merge pull request #536 from jpoimboe/static-local-rewrite
Rewrite static local variable correlation logic
2015-11-02 11:16:55 -06:00
Josh Poimboeuf
3932684cb4 Merge pull request #539 from arges/minor
Minor comment changes
2015-10-30 17:13:52 -05:00
Chris J Arges
aaa584a856 kpatch-build: edit script description
This script works on other distros and can target source linux directories.
Adjust comments to match this.

Signed-off-by: Chris J Arges <chris.j.arges@canonical.com>
2015-10-30 17:01:27 -05:00
Seth Jennings
1bbd5ff365 Merge pull request #537 from jpoimboe/test-cleanups
test: integration test cleanup
2015-10-30 16:56:17 -05:00
Josh Poimboeuf
353f976312 test: integration test cleanup
- fix kpatch tool path in multiple.test
- remove "kpatch replace" tests (replace is deprecated)
2015-10-30 16:47:34 -05:00
Josh Poimboeuf
7c88c41cfe create-diff-object: rewrite static local variable correlation logic
Rewrite the static local variable correlation logic.  The algorithm now
traverses all the static locals in the original object rather than the
patched object, ensuring that each symbol in the original object has a
twin.  It adds a new restriction that static local variables can't be
removed.

This adds support for the following:

- Multiple static locals with the same name in the same function

- Two separate static locals which happen to have the same numbered
  suffix

- Static locals which are referenced by data sections

- CSWTCH and other static locals which are sometimes unused due to
  sharing of their data sections

Fixes: #514
2015-10-29 16:52:10 -05:00
Josh Poimboeuf
bbc35bc12e Revert "create-diff-object: strip unused CSWTCH symbols"
It turns out this is a more general issue which exists for more than
just CSWTCH symbols.  The new static local handling code will handle it.

This reverts commit fd0c1bbe9c.
2015-10-29 16:51:22 -05:00
Seth Jennings
2e4dea5236 Merge pull request #525 from euspectre/no-reloc-fix
kpatch-build: revisit checking for fentry calls
2015-10-28 20:49:56 -05:00
Seth Jennings
0523597ae5 Merge pull request #534 from jpoimboe/cswtch-2
CSWTCH fix, take 2
2015-10-28 20:44:13 -05:00
Josh Poimboeuf
fd0c1bbe9c create-diff-object: strip unused CSWTCH symbols
Fixes: #532
2015-10-28 18:52:32 -05:00
Josh Poimboeuf
98f892b273 Revert "create-diff-object: Ignore unused CSWTCH static local symbols"
This reverts commit ce7ed7007b.
2015-10-28 18:41:50 -05:00
Seth Jennings
46732a74d3 Merge pull request #529 from jpoimboe/CSWTCH
create-diff-object: Ignore unused CSWTCH static local symbols
2015-10-28 14:47:41 -05:00
Seth Jennings
79945c3253 Merge pull request #531 from jpoimboe/vdso
kpatch-gcc: update ignore list
2015-10-28 14:46:57 -05:00
Evgenii Shatokhin
393be6f8fc kpatch-build: revisit checking for fentry calls
create-diff-object now checks if the original functions have fentry calls.
If an original function to be affected by the patch does not have the
fentry call, it cannot be patched. Error is reported in that case.

kpatch_create_mcount_sections() now also takes into account if a changed
or a new function has fentry call. If it does, mcount record is
generated for it as before. If a changed or a new function has no fentry
call, it is not an error in this case.

All this fixes the following issues.

1. If an original function has no fentry call (e.g. a "notrace" function)
but the patched function has it, the original function can not be
patched, but it would only be detected when applying the patch.

2. kpatch_create_mcount_sections() crashed if a patched function had no
relocation at all.

I observed such crashes when experimenting with a modified version of
the patch "tcp_cubic: better follow cubic curve after idle period" in
CentOS 7 x64.

Besides that, for a function with the first instruction starting with
0x0f, it would be incorrectly detemined that the function had fentry call.
The first bytes of the function would be overwritten in that case.

3. create-diff-object output an error if a new (an added) function had
no fentry call. This restriction is not necessary.

v2:

* Moved the check for fentry calls after the call to
kpatch_compare_correlated_elements() and before info about the original
ELF file is destroyed. The original symbols are now checked there (via
sym->twin) rather than the patched ones.

* Removed an excessive error check.

Signed-off-by: Evgenii Shatokhin <eshatokhin@odin.com>
2015-10-28 20:49:50 +03:00
Seth Jennings
01006814d8 Merge pull request #526 from arges/addflags
kpatch-build: consolidate build-artifacts and place into CACHEDIR
2015-10-28 12:44:18 -05:00
Chris J Arges
d0c8f43656 kpatch-build: put build artifacts into cachedir
Build artifacts are stored in $CACHEDIR/tmp instead of /tmp. This includes
files such as the build log and the temp directories used to build the patch.

In addition, allow $CACHEDIR to be set as an environment variable.

Signed-off-by: Chris J Arges <chris.j.arges@canonical.com>
2015-10-28 11:56:07 -05:00
Josh Poimboeuf
d378b245e5 kpatch-gcc: add libstub to ignore list
The firmware libstub library isn't a part of the proper runtime kernel
and can be safely ignored.

Fixes: #518
2015-10-28 11:39:55 -05:00
Josh Poimboeuf
a1d6b0d00e kpatch-gcc: update vdso location for newer kernels
With recent kernels, the vdso code has moved from arch/x86/vdso to
arch/x86/entry/vdso.

Fixes: #530
2015-10-28 11:27:15 -05:00
Josh Poimboeuf
ce7ed7007b create-diff-object: Ignore unused CSWTCH static local symbols
Fixes #519.
2015-10-28 10:06:51 -05:00
Seth Jennings
d4d4fb2b0e Merge pull request #522 from jpoimboe/integration-test-cleanup
Integration test cleanups
2015-10-27 12:14:59 -05:00
Seth Jennings
e78222e635 Merge pull request #527 from jpoimboe/werror
create-diff-object: make all warnings into errors
2015-10-27 12:07:20 -05:00
Seth Jennings
ffb4f261dc Merge pull request #528 from jpoimboe/dynamic-group-size
kpatch-build: detect special section group sizes
2015-10-27 12:04:07 -05:00
Josh Poimboeuf
1704498471 kpatch-build: detect special section group sizes
Hard-coding the special section group sizes is unreliable.  Instead,
determine them dynamically by finding the related struct definitions in
the DWARF metadata.

Fixes #517.
Fixes #523.
2015-10-27 11:31:40 -05:00
Josh Poimboeuf
2899b5c23c create-diff-object: make all warnings into errors 2015-10-27 11:29:38 -05:00
Josh Poimboeuf
aa9f7fb1f6 test: add ability to run tests remotely
Create a "make remote" target and a poor man's ansible to allow setting
up a remote F22 system and running integration tests on it.

To run tests remotely:

  make remote SSH_HOST=my.remote.f22.box
2015-10-26 22:35:40 -05:00
Josh Poimboeuf
69b241ab38 test: fix ccache
For some reason CCACHE_HASHDIR needs to be unset for ccache to work when
building the integration tests from the kpatch-test script.
2015-10-26 22:35:40 -05:00