kpatch-build: fixup source package version construction #2
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bash doesn't correctly format the version string which causes the source package to not be downloaded correctly. Signed-off-by: Chris J Arges <chris.j.arges@canonical.com>
Owner
|
@arges Thanks! This is actually not the official kpatch repository (somebody put the wrong link on the etherpad). Can you open a PR at https://github.com/dynup/kpatch? |
dest is allocated but not freed on an early return path where dest is not used Signed-off-by: Colin Ian King <colin.king@canonical.com>
kpatch-build: fixup source package version construction
Fix memory leak on dest buffer on early return path
This warning no longer applies thanks to dynup#398.
Unload of kpatch module (and kpatch_shadow_hash table) before all shadow variables free requests are processed can lead to kernel crash. Add rcu_barrier() to kpatch_exit() to wait for all outstanding RCU callbacks to complete. Signed-off-by: Jan Stancek <jstancek@redhat.com>
wait for outstanding shadow variables free requests in kpatch_exit
bump version to 0.2.2
The "kpatch install" command is broken because the kpatch script has some missing dependencies in the initramfs. Make sure the new dependencies (readelf and awk) are added to the initramfs.
Use "inst" instead of "inst_symlink" for insmod, since insmod might not necessarily be a symlink on some distros. inst_symlink is functionally the same as inst, with an additional check to make sure that it's a symlink (which we don't care about either way).
fix dracut dependencies (and "kpatch install")
readme: add ncurses-devel to RHEL dependencies
remove obsolete warning for KPATCH_FORCE_UNSAFE
update README with some new frequently asked questions
Restrict reading old_addr and new_addr to root only
rela.type should be unsigned int instead of unsighed char. /usr/include/gelf.h:#define GELF_R_TYPE(info) ELF64_R_TYPE (info) /usr/include/elf.h:#define ELF64_R_TYPE(i) ((i) & 0xffffffff) Signed-off-by: Xie XiuQi <xiexiuqi@huawei.com>
fix two bugs
Adds a new patch module scaffold for use when building against a kernel with CONFIG_LIVE_PATCHING=y. Signed-off-by: Seth Jennings <sjenning@redhat.com>
Signed-off-by: Seth Jennings <sjenning@redhat.com>
Signed-off-by: Seth Jennings <sjenning@redhat.com>
Signed-off-by: Seth Jennings <sjenning@redhat.com>
add livepatch API support
Signed-off-by: Seth Jennings <sjenning@redhat.com>
ensure scmversion consistency across builds
Change the config name to match today's upstream change.
kpatch-build was failing on centos7 with
mv: cannot stat '/home/vagrant/rpmbuild/BUILD/kernel-*/linux-3.10.0-229.el7.x86_64': No such file or directory
in the error log. This was due to the actual directory being named
linux-3.10.0-229.el7.centos.x86_64. This patch avoids this failure by
adding a wildcard before the arch.
Signed-off-by: Louis Taylor <louis@kragniz.eu>
Fix kpatch-build failure with srpm on centos
Signed-off-by: Seth Jennings <sjenning@redhat.com>
Signed-off-by: Seth Jennings <sjenning@redhat.com>
Replace initramfs code with systemd service
README updates: patch out-of-tree modules and remove some obsolete info
If a static variable is a pointer, it has rela section. Example: static int *p = &a; changed to: static int *p = &b; so its rela section has changed. Then this change of data should be found and report error. But if we don't correlate its rela section, we won't find this change. Signed-off-by: Zhou ChengMing <zhouchengming1@outlook.com>
examples/tcp_cubic-better-follow-cubic-curve-original.patch is the original patch, combined from two mainline commits (see the description in the patch). It cannot be used with Kpatch as it is because the change is in the initialization of a global structure. examples/tcp_cubic-better-follow-cubic-curve-converted.patch is a modification of the patch that Kpatch can process. Still, this modification has its issues, see the description there. Signed-off-by: Evgenii Shatokhin <eshatokhin@odin.com>
examples: Added an example of a problematic patch with an explanation
The shadow_get function does't consider the case that 'shadow is inpace', and after the shadow->data be set to the data, it will not be the pointer. This patch fix it. Signed-off-by: Li Bin <huawei.libin@huawei.com>
kpatch-build: fix shadow_get function
Fix the kpatch_create_dynamic_rela_sections: s/.rela.kpatch.patches/.rela.kpatch.funcs Signed-off-by: Li Bin <huawei.libin@huawei.com>
kpatch_verify_patchability can detect the change of .bss or .data or .init section, but it must be processed before verify num_changed. Otherwise, for example, if only .init section changed, it will fail with 'no changed functions were found', but not 'unsupported section change(s)'. With this patch, for .init section: .init section will not a bundled section, so if the section changed, not sync the function status, kpatch_verify_patchability will give 'changed section <secname> not selected for inclusion' and 'unsupported section change(s)' error. for .bss/.data section: kpatch_verify_patchability will ensure not including .data or .bss section, otherwise it will give 'data section <secname> selected for inclusion' and 'unsupported section change(s)' error. Signed-off-by: Li Bin <huawei.libin@huawei.com>
Fixes issue dynup#494. A null pointer dereference can result with patch modules for multiple objects since the "vmlinux" patch object's "name" field is null. strcmp therefore crashes trying to compare object->name if the current object is vmlinux and the supplied "name" argument is not. Check that object->name is not null before invoking strcmp.
bugfix: correlate the rela sections of bundled static variables
kpatch-build: fix typo s/.rela.kpatch.patches/.rela.kpatch.funcs
kpatch-build: verify bss/data/init section change properly
Before this patch, if changed function is weak symbol, it is not be allowed to create live patch, and it will trigger the following error: /usr/local/libexec/kpatch/create-diff-object: ERROR: ***.o: kpatch_create_patches_sections: 2294: lookup_global_symbol *** And if the changed function reference the weak symbol, when loading the patch module will trigger the following error: module kpatch-***: overflow in relocation type *** val 0 insmod: can't insert 'kpatch-***.ko': invalid module format This patch fix it and add support for patching weak function. Signed-off-by: Li Bin <huawei.libin@huawei.com>
Geting the changed objects from the patched dir, in order to support adding new files in patch. Signed-off-by: Li Bin <huawei.libin@huawei.com>
kpatch-build: support patching weak function
livepatch-patch-hook: check for object->name before calling strcmp
kpatch-build: support adding new files in patch
Detect patching type in kpatch-build in order to set prefix for module name. In addition don't include irrelvant sections for livepatch flavor livepatches. This can be used in the future to separate livepatch and kpatch specific functionality. Signed-off-by: Chris J Arges <chris.j.arges@canonical.com>
Pass -l to indicate we want run create-diff-object in livepatch mode. Ensure kpatch-build passes this option when CONFIG_LIVEPATCH is detected. Signed-off-by: Chris J Arges <chris.j.arges@canonical.com>
jpoimboe
added a commit
that referenced
this pull request
Apr 6, 2022
A seg fault was reported: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff7f18c8e in __strcmp_avx2 () from /lib64/libc.so.6 Missing separate debuginfos, use: dnf debuginfo-install elfutils-libelf-0.186-1.fc34.x86_64 zlib-1.2.11-26.fc34.x86_64 (gdb) bt #0 0x00007ffff7f18c8e in __strcmp_avx2 () from /lib64/libc.so.6 #1 0x000000000040a0f7 in kpatch_is_core_module_symbol (name=0x0) at create-diff-object.c:3060 #2 0x000000000040a267 in need_dynrela (kelf=0x4669a0, table=0x92af30, sec=0x6d6b20, rela=0x8c7fd0) at create-diff-object.c:3117 dynup#3 0x000000000040a4cc in kpatch_create_intermediate_sections (kelf=0x4669a0, table=0x92af30, objname=0x7fffffffcfc6 "vmlinux", pmod_name=0x7fffffffd020 "livepatch_a") at create-diff-object.c:3281 dynup#4 0x000000000040c7c5 in main (argc=8, argv=0x7fffffffca48) at create-diff-object.c:3931 It happened because 'rela->sym->name' was NULL, and kpatch_is_core_module_symbol() tried to dereference it. Here's the corresponding relocation: Relocation section [455] '.rela.debug_loclists' for section [454] '.debug_loclists' at offset 0xd0478 contains 2432 entries: Offset Type Value Addend Name ... 0x000000000000aad6 X86_64_64 000000000000000000 +32 .LC55 ... That '.LC55' symbol lives in the following section: [104] .rodata.btf_show_end_aggr_type.str1.8 PROGBITS 0000000000000000 00003ef0 00000021 1 AMS 0 0 8 The problem is that the symbol wasn't included in the output file (though its corresponding section was). So it got zeroed by kpatch_elf_teardown(), which was designed to trigger seg faults to help find bugs like this. The string literal sections which hold the '.LCx' string symbols are already being included. Include their symbols as well. Fixes dynup#1257. Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
jpoimboe
added a commit
that referenced
this pull request
Apr 6, 2022
A seg fault was reported: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff7f18c8e in __strcmp_avx2 () from /lib64/libc.so.6 Missing separate debuginfos, use: dnf debuginfo-install elfutils-libelf-0.186-1.fc34.x86_64 zlib-1.2.11-26.fc34.x86_64 (gdb) bt #0 0x00007ffff7f18c8e in __strcmp_avx2 () from /lib64/libc.so.6 #1 0x000000000040a0f7 in kpatch_is_core_module_symbol (name=0x0) at create-diff-object.c:3060 #2 0x000000000040a267 in need_dynrela (kelf=0x4669a0, table=0x92af30, sec=0x6d6b20, rela=0x8c7fd0) at create-diff-object.c:3117 dynup#3 0x000000000040a4cc in kpatch_create_intermediate_sections (kelf=0x4669a0, table=0x92af30, objname=0x7fffffffcfc6 "vmlinux", pmod_name=0x7fffffffd020 "livepatch_a") at create-diff-object.c:3281 dynup#4 0x000000000040c7c5 in main (argc=8, argv=0x7fffffffca48) at create-diff-object.c:3931 It happened because 'rela->sym->name' was NULL, and kpatch_is_core_module_symbol() tried to dereference it. Here's the corresponding relocation: Relocation section [455] '.rela.debug_loclists' for section [454] '.debug_loclists' at offset 0xd0478 contains 2432 entries: Offset Type Value Addend Name ... 0x000000000000aad6 X86_64_64 000000000000000000 +32 .LC55 ... That '.LC55' symbol lives in the following section: [104] .rodata.btf_show_end_aggr_type.str1.8 PROGBITS 0000000000000000 00003ef0 00000021 1 AMS 0 0 8 The problem is that the symbol wasn't included in the output file (though its corresponding section was). So it got zeroed by kpatch_elf_teardown(), which was designed to trigger seg faults to help find bugs like this. The string literal sections which hold the '.LCx' string symbols are already being included. Include their symbols as well. Fixes dynup#1257. Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bash doesn't correctly format the version string which causes the source
package to not be downloaded correctly.
Signed-off-by: Chris J Arges chris.j.arges@canonical.com