Commit Graph

62 Commits

Author SHA1 Message Date
Josh Poimboeuf
8e8de4718d kpatch: deprecate the replace command
"kpatch replace" is complex, buggy, and probably unnecessary.  And
upstream livepatch has nothing like it.

Remove it from the kpatch utility, but leave the infrastructure in place
in the patch module and the core module for now.

Fixes: #456
2015-11-16 09:38:44 -06:00
Josh Poimboeuf
99be07a372 readme: remove some obsolete information 2015-06-24 16:29:29 -05:00
Josh Poimboeuf
22d60ad60e readme: patching out-of-tree modules 2015-06-24 16:29:02 -05:00
Josh Poimboeuf
abdaa96c18 readme: update dependencies for f21
Change the supported Fedora version to F21 and add a new dependency.

For some reason, numactl-devel is needed by "rpmbuild -bp kernel", but
isn't detected by "yum-builddep kernel".
2015-04-29 11:50:23 -05:00
Josh Poimboeuf
d50b0b9218 README livepatch update 2015-03-25 17:17:09 -05:00
Seth Jennings
c163bf5c2e Merge pull request #464 from jpoimboe/readme-force-unsafe
update README with some new frequently asked questions
2015-01-05 11:12:52 -06:00
Josh Poimboeuf
f4ee5d2a3a readme: add ncurses-devel to RHEL dependencies 2014-12-18 14:55:16 -06:00
Josh Poimboeuf
0fbb7856e4 update README with some new frequently asked questions 2014-10-31 11:45:48 -05:00
Josh Poimboeuf
bd2b499509 readme: get ccache from EPEL for RHEL 7 2014-09-29 21:32:27 -05:00
Josh Poimboeuf
2203cf5b7d readme: enable RHEL 7 optional repo
needed for pesign, newt-devel, pciutils-devel, asciidoc
2014-09-29 21:21:43 -05:00
Josh Poimboeuf
74316588e8 kpatch-build: download fedora src rpms from koji
yumdownloader is problematic because it doesn't allow you to download
anything but the latest released kernel.  It can also be slow at times.
Instead, for Fedora, download the RPMs from koji.
2014-09-15 11:12:11 -05:00
Josh Poimboeuf
3b8361333a readme: add openssl to F20 dependencies 2014-09-15 10:47:43 -05:00
Josh Poimboeuf
aee8c445a1 Merge pull request #340 from goldyfruit/master
REAME.md: add g++ package to the Debian Wheezy procedure
2014-08-20 11:04:58 -05:00
Seth Jennings
e6e15340ef Merge pull request #368 from jpoimboe/readme-rhel7-typo
readme: fix RHEL 7 prereq typo
2014-08-19 09:31:17 -05:00
Josh Poimboeuf
ffda1aaf59 readme: fix RHEL 7 prereq typo 2014-08-19 09:17:29 -05:00
Terry Wang
cd5e136169 readme: add support for Oracle Linux 7 and CentOS 7 2014-08-19 20:56:02 +10:00
Gaetan Trellu
bae1682a67 REAME.md: add g++ package to the Debian Wheezy procedure 2014-07-30 13:51:45 -04:00
Terry Wang
a56d48e19d kpatch-build: remove unneeded comments readme: roll back unneeded changes 2014-07-30 20:08:17 +10:00
Terry Wang
d5bb38d42d readme: update, add RHEL 7 as supported distro, break up long lines and beautify using GitHub flavored markdown 2014-07-28 21:23:08 +10:00
Gaetan Trellu
f69a9400eb readme.md: add support for Debian GNU/Linux Wheezy (7.x) 2014-07-20 22:53:50 -04:00
Josh Poimboeuf
576ee09442 Merge pull request #312 from spartacus06/add-rhel-install-doc
add install documentation for RHEL
2014-07-15 12:19:49 -05:00
Seth Jennings
00ebeb0b0d add install documentation for RHEL
Fixes #253

Signed-off-by: Seth Jennings <sjenning@redhat.com>
2014-07-15 12:09:04 -05:00
Seth Jennings
3025ce1dae remove mentry mention in kernel version requirement
There are more reasons besides mentry support for 3.9 being the
minimum supported kernel version.  There are also API changes that
happened in 3.9 that make the core module incompatible with previous
versions.

Rather than spelling all that out, just simply state the minimum
version.

Signed-off-by: Seth Jennings <sjenning@redhat.com>
2014-07-15 11:38:20 -05:00
Seth Jennings
d325e69c3c update supported kernel version
Some of the kernel APIs that are used by the core kernel module where
updated in 3.9 and are incompatible with previous kernel versions.

Update the README to reflect this.

Fixes #257

Signed-off-by: Seth Jennings <sjenning@redhat.com>
2014-07-15 11:26:03 -05:00
Josh Poimboeuf
4d1ea6f4d1 readme: add links to more videos 2014-07-11 09:54:25 -05:00
Gaetan Trellu
dfa19166b3 README.md: add build-essential package 2014-07-08 13:25:29 -04:00
Gaetan Trellu
9dadc6ef2e README.md: add debian support 2014-07-08 13:21:47 -04:00
Gaetan Trellu
d70ee821ef readme: update the mandatory gcc version 2014-06-26 10:22:52 -04:00
Josh Poimboeuf
53c3bbe278 readme: several updates
- replace the old low-level video with the new high-level one, and place
  it with screenshot prominently at the top

- increase default ccache size

- remove obsolete NOTEs

- add blurb about patching modules and -t

- "trampoline" -> "handler"

- more details about ftrace, perf, tracepoints compatibility

- add recommended practice re: single cumulative module vs multiple
  independent modules
2014-06-18 14:42:03 -05:00
Seth Jennings
138eeb1c32 Merge pull request #244 from flaming-toast/readme
Update readme
2014-06-16 09:01:31 -05:00
Jessica Yu
4dc2555e99 README: fix formatting and typos 2014-06-15 22:03:39 -07:00
Jessica Yu
7a541bbd6a README: Update outdated readme
kpatch-build no longer uses add-patches-section and link-vmlinux-syms.
2014-06-15 21:32:08 -07:00
Josh Poimboeuf
6c8366d414 kpatch-build: kpatch-build module patching support
This adds support to kpatch-build for patching modules.  It builds the
entire kernel tree, vmlinux and modules, in a single pass and then
detects which modules need to be patched.  This is the easiest case
(since the user doesn't need to care about which binaries are affected)
and the safest (since the user could be wrong).

The first build with no ccache takes a long time, but after the cache is
populated, it only takes about two minutes on my laptop.  It does take
up a TON of space in the cache now though (~/.kpatch/obj is now 8GB).

Next we can add the '-t' cmdline option for advanced users to specify
build targets.
2014-06-13 17:46:51 -05:00
Seth Jennings
7fdc142d18 Merge pull request #205 from terrywang/doc
Add missing dependencies & vmlinux symbolic link for Ubuntu
2014-06-03 10:47:47 -05:00
Terry Wang
1b182d92b2 readme: add missing dependencies for Ubuntu 2014-06-03 23:01:47 +10:00
Jan Stancek
65d4c4977f readme: patches for vdso are not supported
Signed-off-by: Jan Stancek <jstancek@redhat.com>
2014-06-03 13:52:37 +02:00
Josh Poimboeuf
5c98ec65a0 kpatch-build: use original vmlinux
There's at least one case in the kernel (ddebug_proc_show) where the
compiled instructions are affected by the source file path given to gcc.
Which means that compiling the kernel with O= will result in many of the
function addresses changing.  This causes a mismatch between the locally
compiled vmlinux and the original vmlinux, which is very dangerous,
since we need the addresses to be correct.

The easy fix is just to use the original vmlinux for all the function
addresses.

Other potential ways to fix it which we might want to consider in the
future:

- use a combination of the old System.map and the new vmlinux to find
  the addresses.  The function ordering should be the same.  For
  non-duplicate symbols, use System.map.  For duplicate symbols, use
  vmlinux to find what order the symbol comes in.  e.g. the 2nd
  occurrence of foo() in System.map.  It adds a little complexity to the
  lookup code, but seems safe and wouldn't require the kernel debuginfo
  package.  However, this may not help us for patching modules.

- do something similar at runtime, i.e. use kallsyms_lookup_name for
  non-dups and kallsyms_on_each_symbol for dups, and look for the nth
  occurrence of the symbol (value of n is decided at build time).  This
  has the complexity of the previous option but it's done at runtime
  rather than build time, so... why?  Doing it at build time is better.

- compile the kernel in place.  This basically means no more caching
  because recompiling with --function-sections causes everything to be
  recompiled again.  This is bad for kpatch developers' SSDs...
2014-05-16 21:19:25 -05:00
Josh Poimboeuf
9f69d1fe61 readme: give a more concrete patch example
I think a more concrete example makes it a little easier to grok.
2014-05-02 22:53:04 -05:00
Udo Seidel
6ea2a2ffcb correct build requirements for Fedora 20; yum-utils was missing 2014-05-02 12:18:36 +02:00
Josh Poimboeuf
b5de5a8b25 kmod/core: checkpatch and sparse fixes
- checkpatch doesn't like the FSF address since it's subject to change
- checkpatch doesn't like strings split by line
- whitespace fix
- sparse suggested to change some variables and functions to static
2014-05-01 12:31:33 -05:00
Josh Poimboeuf
d76ba0b9a7 readme: taint clarifications 2014-05-01 12:15:58 -05:00
Josh Poimboeuf
c85467db04 readme: kpatch is an infrastructure, not a tool 2014-05-01 12:15:30 -05:00
Seth Jennings
86ee4d188f update docs for Ubuntu support
Signed-off-by: Seth Jennings <sjenning@redhat.com>
2014-04-29 13:33:02 -05:00
Josh Poimboeuf
d854e7f695 readme: add irc channel info
Fixes #142.
2014-04-28 21:13:50 -05:00
Josh Poimboeuf
b7a2862f90 safe kpatch unload
Currently the patch module calls kpatch_unregister in the patch module
exit path.  If the activeness safety check fails in kpatch_unregister,
it's too late for the patch module to stop exiting, so all it can do is
panic.

Prevent this scenario by requiring the user to disable the patch module
via sysfs before allowing the module to be unloaded.  The sysfs write
will fail if the activeness safety check fails.  An rmmod will fail if
the patch is still enabled.

Also add support for this new unloading model in "kpatch unload".
2014-04-25 23:05:26 -05:00
Josh Poimboeuf
7cb574aa22 readme: document WARN macro behavior
Document the WARN behavior, along with a few other updates about the
taint flag and kprobes incompatibility.

Fixes #112.
2014-04-23 14:34:05 -05:00
Josh Poimboeuf
d1d79084a3 readme: recommend use of the kpatch utility
The kpatch utility is now user friendly enough that it can be used
instead of direct insmods.  We should encourage people to use it, since
we will soon be adding user space functionality above and beyond
insmod/rmmod when loading and unloading.
2014-04-21 21:44:40 -05:00
Josh Poimboeuf
a7efb05c81 update patch module terminology
Try to be more consistent with the terminology.  In various places we
call it a "hotpatch module", "hot patch module", or "patch module".  How
about we just call it a "patch module" everywhere?
2014-04-15 13:47:56 -05:00
Josh Poimboeuf
710a72e1ab readme: add more detail to limitations section 2014-03-21 14:57:52 -05:00
Josh Poimboeuf
8834d25564 readme: small clarification about contributing 2014-03-19 10:29:07 -05:00