Home Home > GIT Browse
AgeCommit message (Collapse)Author
2019-07-10Update IBS_PROJECT to correct maintenance incident after initial submissionSLE15_Update_12Miroslav Benes
Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2019-07-08New branch for SLE15_Update_12Nicolai Stange
Signed-off-by: Nicolai Stange <nstange@suse.de>
2019-03-07livepatch_main.c: Adaptation to a new livepatch APIMiroslav Benes
The atomic replace patch set among others removed the two-stage API. There is no (un)registration step needed now. SLES backport defines KLP_NOREG_API macro to easily distinguish whether the kernel provides the old or the new API. Use it and change the module init and exit functions accordingly. Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2019-02-13uname_patch: Use klp-convert macros and rely on klp-convert whereMiroslav Benes
possible Signed-off-by: Miroslav Benes <mbenes@suse.cz> Reviewed-by: Nicolai Stange <nstange@suse.de>
2019-02-13Define macros to switch easily between klp-convert and kallsymsMiroslav Benes
Kallsyms trick does not have to be used for resolving undefined symbols when klp-convert is available. It would be great though to share live patches sources between both modes of operation. Define macros to help with the task. Their definitions depend on whether USE_KLP_CONVERT macro is defined. tar-up.sh script is responsible to decide. Signed-off-by: Miroslav Benes <mbenes@suse.cz> Reviewed-by: Nicolai Stange <nstange@suse.de>
2019-02-13Use klp-convert where providedMiroslav Benes
klp-convert tool converts undefined symbols in a live patch kernel module to special relocation records which are resolved by the kernel. It allows to omit kallsyms tricks. Wire it to the spec file and let tar-up.sh script decide if it is to be used depending on a codestream. SLE15-SP1 is supported currently. Signed-off-by: Miroslav Benes <mbenes@suse.cz> Reviewed-by: Nicolai Stange <nstange@suse.de>
2018-12-11Merge branch 'master' into master-livepatchMiroslav Benes
2018-12-11uname_patch: don't hold uts_sem while accessing userspace memoryHEADmasterMiroslav Benes
Backport upstream patch 42a0cc347858 ("sys: don't hold uts_sem while accessing userspace memory"). Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2018-08-09Provide common kallsyms wrapper APINicolai Stange
With bsc#1103203, the need for disambiguating between a multiply defined symbol arose. This is something the kallsyms_lookup_name() based code snippet we used to copy&paste to every individual CVE fix can't handle. Implement a proper wrapper API for doing the kallsyms lookups. Signed-off-by: Nicolai Stange <nstange@suse.de> Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2018-07-11provide KLP_SHADOW_ID() helper macroNicolai Stange
In analogy to the KGR_SHADOW_ID() macro, introduce KLP_SHADOW_ID() for the construction of unique shadow variable id's. Signed-off-by: Nicolai Stange <nstange@suse.de> Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2018-07-10scripts/register-patches.sh: implement conditional inclusionNicolai Stange
Currently, subpatches provide a patched_funcs.csv file describing what needs to be patched. register-patches.sh inspects those to assemble one global klp_patch structure. The current format for these patched_funcs.csv's is obj old_func(,sympos) newfun However, sometimes subpatches depend on some kernel configuration values like CONFIG_X86_64 and functions shall get patched only if the target kernel configuration matches. Extends the patched_funcs.csv format to obj old_func(,sympos) newfun (cpp condition) where everything coming after 'newfun' is taken to be a CPP condition to be used for conditional inclusion. In case there's no condition specified, assign that entry the same semantics as if a '1' had been given. Make register-patches.sh guard the corresponding klp_func entries with #if pragmas. Furthermore, let it guard the enclosing klp_object instances by or'ing together all its klp_funcs' conditions. For the sake of better readability, omit redundant #if pragmas as well as condition clauses. In particular, - if a function entry hasn't got any condition explicitly specified, there won't be any #if pragma, neither at the klp_func nor at the klp_object level, - if multiple function entries for an object are protected by the same condition, it'll be or'ed in at the klp_object level only once, - if all of an object's functions share the same condition, no #if pragmas will be emitted at the klp_func level because they would only duplicate what's already there for the enclosing object and - multiple subsequent function entries sharing the same condition get collated. Signed-off-by: Nicolai Stange <nstange@suse.de> Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2018-07-10scripts/register-patches.sh: allow spaces as patched_funcs.csv separatorsNicolai Stange
Currently there's one single cut(1) usage which requires that (single) tabs are used as field separators for the patched_funcs.csv. As the rest of the code can deal with sequences of any whitespace already, this imposes an unnecessary restriction on the format. Substitute that cut(1) usage by a sed(1) invocation as appropriate. Signed-off-by: Nicolai Stange <nstange@suse.de> Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2018-06-04livepatch_main.c: Set .replace to trueMiroslav Benes
Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2018-05-14Merge branch 'master' into master-livepatchMiroslav Benes
2018-05-14scrips/create-makefile.sh: add support for assembly filesNicolai Stange
Signed-off-by: Nicolai Stange <nstange@suse.de> Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2017-12-08Revert "shadow variables: introduce upstream patch"Miroslav Benes
This reverts commit e899c4fd3fe7602ebd70f578d8475f1049de7c78.
2017-12-08Revert "shadow variables: drop EXPORT_SYMBOL()s"Miroslav Benes
This reverts commit ac6cfebd7f831213ebcd4b2690672871572ec49e.
2017-12-08Revert "shadow variables: share shadow data among KGraft modules"Miroslav Benes
This reverts commit 8e1e705d4d56981949f7ae3854d8e1cc2be7f40f.
2017-12-08Revert "shadow variables: add KGR_SHADOW_ID helper"Miroslav Benes
This reverts commit 237c8f3d13c382321d3e65d138d328eae0b82f6c.
2017-12-08livepatch_main.c: klp_patch_init(): fix error handlingNicolai Stange
In case either of the invocations of klp_register_patch() or klp_enable_patch() fails, anything which has been setup by the prior per-(sub-)patch initialiation code, i.e. the expansion of @@KLP_PATCHES_INIT_CALLS@@, won't get undone. Fix this. Also make klp_patch_init() look more like the common 'goto err' idiom and adjust scripts/register_patches.sh accordingly. Fix for commit 7e20201cdcb8 ("kGraft to livepatch migration. API change."). Signed-off-by: Nicolai Stange <nstange@suse.de> Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2017-12-08scripts/register_patches.sh: generate klp_object arrayNicolai Stange
The KLP API doesn't take a flat list of to be patched functions like KGraft did, but introduces an intermediate layer: struct klp_object. Each klp_patch instance is supposed to reference an array of klp_object's which in turn provide an array of klp_func's each. To facilitate merging, we want to generate this list of klp_object's automatically, exactly like we did for the flat function list with KGraft. For each klp_patch instance, there must be at most one klp_object entry referring to the same object. Hence care must be taken not to add an entry for the same object twice in case two different (sub-)patches both patch some functions therein. Require from each (sub-)patch to provide the list of to be patched symbols in a file named SUBPATCH/patched_funcs.csv with each line conforming to the obj old_func(,sympos) new_func pattern. Make scripts/register.sh generate an klp_object array initializer based on this and let it expand the @@KLP_PATCHES_OBJS@@ tag within livepatch_main.c accordingly. Do not replace the now obsolete @@KLP_PATCHES_FUNCS@@ anymore. Add and remove the @@KLP_PATCHES_OBJS@@ and @@KLP_PATCHES_FUNCS@@ markers to and from livepatch_main.c respectively. Signed-off-by: Nicolai Stange <nstange@suse.de> [ mb: amend copy&paste error ($newfun at the end of uname klp_func[]) ] Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2017-12-08rpm/config.sh: Use SUSE:SLE-15:GA projectMiroslav Benes
Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2017-12-08Revert "scripts: Generate ExclusiveArch in spec file dynamically"Miroslav Benes
This reverts commit 95ed856ea8f99b4e48d7d324278b3628d2ac2fa2. SLE15 will support ppc64le arch from the beginning.
2017-12-08kGraft to livepatch migration. External rename.Libor Pechacek
External rename and thus final step of kGraft -> upstream livepatch migration. kgraft-patch* modules are now livepatch* and live in /lib/modules/$(uname -r)/livepatch. References: fate#323682 Signed-off-by: Libor Pechacek <lpechacek@suse.com> [ mb: changelog ] Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2017-12-08kGraft to livepatch migration. API change.Libor Pechacek
Change from kGraft API to livepatch API. Note: error handling in _init() function is broken and fixed later. Automatic generation of klp_objects is not present at all. Added later. References: fate#323682 Signed-off-by: Libor Pechacek <lpechacek@suse.com> [ mb: changelog, patch split, whitespace errors ] Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2017-12-08kGraft to livepatch migration. Internal rename.Libor Pechacek
Internal rename in preparation for kGraft -> upstream livepatch migration. External module naming stays the same. API is not touched yet. References: fate#323682 Signed-off-by: Libor Pechacek <lpechacek@suse.com> [ mb: changelog edit ] Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2017-12-05uname_patch: fix UNAME26 for 4.0Miroslav Benes
Backport upstream commit 39afb5ee4640 ("kernel/sys.c: fix UNAME26 for 4.0"). Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2017-12-04Revert "Add compat.h to deal with changes of KGR_PATCH macro"Miroslav Benes
This reverts commit 4186bef35862029a2fd36ba4a73d5fa538992709. All currently supported kernels (that is, everything since SLE12_Update_14 and SLE12-SP1_Update_5) have sympos support. We can drop compat, because we don't need it anymore. Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2017-11-30scripts: Generate ExclusiveArch in spec file dynamicallyMiroslav Benes
ppc64le architecture kernel support is not present in all currently supported branches. It may cause problem for the maintenance team. Generate ExclusiveArch dynamically. It should be 'ppc64le x86_64' for SLE12-SP3 and 'x86_64' for the rest. Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2017-11-23shadow variables: add KGR_SHADOW_ID helperNicolai Stange
As shadow variables are supposed to be shared among different KGraft modules their id's must be compile time constants. Introduce the KGR_SHADOW_ID helper macro for generating them in a uniform manner based on the bsc# number and a local id. Signed-off-by: Nicolai Stange <nstange@suse.de> Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2017-11-23shadow variables: share shadow data among KGraft modulesNicolai Stange
As it stands, each KGraft module maintains its own set of shadow variable management structures and thus, shadow variables are not sharable between livepatch modules. This behaviour is different from the upstream implementation and, as pointed out by Miroslav Benes, it also opens up an opportunity for a small window where the system might become vulnerable again during transition as we stack new livepatches on top. Let all KGraft patches share the shadow data. Sharing is implemented by moving the management structures from a KGraft module's .data to dynamically allocated memory. Each KGraft module will have specifically named pointers, 'kgr_shadow_hash12' and 'kgr_shadow_lock12', referencing them. Upon initialization, a KGraft module will discover already existing such shadow data by kallsyms-searching all loaded modules for these pointer symbols. If none is found, a new instance is allocated. The newly introduced kgr_shadow_init() implementing this is idempotent and can thus be called from the bsc# subpatches' initializers if needed. Upon KGraft module removal, the new kgr_shadow_cleanup() will conduct another kallsyms search and deallocate the shadow data in case there are no more users. kgr_shadow_cleanup() is also idempotent. Initialization and teardown of the common shadow data is serialized with the module_mutex which has to be taken for the kallsyms search anyway. Signed-off-by: Nicolai Stange <nstange@suse.de> Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2017-11-23shadow variables: drop EXPORT_SYMBOL()sNicolai Stange
The shadow variable API will only ever get used by the KGraft module itself and thus, there's no need for exporting it. Drop all EXPORT_SYMBOL annotations. Signed-off-by: Nicolai Stange <nstange@suse.de> Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2017-11-23shadow variables: introduce upstream patchNicolai Stange
Joe Lawrence posted the sixth version of his shadow variable patch [1] implementing the association of additional out-of-band data members to existing structure instances from livepatches. Jiri Kosina has applied this to his git://git.kernel.org/pub/scm/linux/kernel/git/jikos/livepatching.git for-4.15/shadow-variables tree and thus, it's queued up and close to getting merged. The plan is to eventually backport this shadow variable support to SLE kernels, but we also want to have it usable from KGraft modules by now. Port the implementation to the kraft-patches module. Namely, - dump shadow.c in it's current upstream state as it is after commits 439e7271dc2b ("livepatch: introduce shadow variable API") 5d9da759f758 ("livepatch: __klp_shadow_get_or_alloc() is local to shadow.c") 19205da6a0da ("livepatch: Small shadow variable documentation fixes") - add a shadow.h header and declare the newly introduced functions there - and incorporate the new files into the KGraft module's build system. [1] 1504211861-19899-2-git-send-email-joe.lawrence@redhat.com ("[PATCH v6] livepatch: introduce shadow variable API") Signed-off-by: Nicolai Stange <nstange@suse.de> Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2017-11-16rpm/kgraft-patch.spec: Add ppc64le as a supported archMiroslav Benes
ppc64le is about to be supported in Live Patching product. Add it to ExclusiveArch tag. Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2017-11-16rpm/kgraft-patch.spec: Remove s390x from supported archsMiroslav Benes
s390x is not supported in Live Patching product. Remove it from ExclusiveArch. Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2017-06-14scripts/register-patches.sh: register subpatch sources in rpm specNicolai Stange
In order to reduce the manual merging work upon addition of new (sub)patches, commit 4e8dc885be22 ("scripts: create kgr_patch_main.c dynamically") introduced the register-patches.sh helper. It discovers those and tweaks the main entry point, kgr_patch_main.c, as needed. However, a remaining manual merging task is to list a (sub)patch's source archive in rpm/kgraft-patch.spec and to %setup it. Make scripts/register-patches.sh do this. Namely, - introduce the @@KGR_PATCHES_SOURCES@@ and @@KGR_PATCHES_SETUP_SOURCES@@ placeholders in rpm/kgraft-patch.spec - and make scripts/register-patches.sh expand those within a spec file to be given as an additional command line argument. Finally, adjust scripts/tar-up.sh accordingly. Signed-off-by: Nicolai Stange <nstange@suse.de>
2017-06-14scripts/register-patches.sh: don't add ','s to @@KGR_PATCHES_FUNCS@@Nicolai Stange
register-patches.sh expands kgr_patch_main.c's @@KGR_PATCHES_FUNCS@@ placeholder by concatenating all available patches' KGR_PATCH_<XY>_FUNCS together, separating them by commas. The KGR_PATCH_<XY>_FUNCS are CPP macros supposed to be provided by each patch. If one of these happens to be empty, the preprocessed expansion will contain two consecutive commas which gcc doesn't like in array initializers. Do not add any commas to the @@KGR_PATCHES_FUNCS@@ expansion but require the individual KGR_PATCH_<XY>_FUNCS macros to already contain trailing ones as needed. Fixes: 4e8dc885be22 ("scripts: create kgr_patch_main.c dynamically") Signed-off-by: Nicolai Stange <nstange@suse.de>
2017-06-08scripts: create kgr_patch_main.c dynamicallyNicolai Stange
The kgraft-patches repository has got many branches, each corresponding to a supported codestream. Each of those carries a potentially different set of live (sub)patches which are controlled through the entry points in kgr_patch_main.c. According to Miroslav, merging of a new (sub)patch based on the pristine master is a pita due to conflicts. Since all (sub)patches stick to certain conventions already, the required modifications of the merging-hotspot kgr_patch_main.c are quite mechanic. Let a script do the work. Namely, - insert some special @@-embraced placeholders at the few places depending on the actual set of (sub)patches, - let register-patches.sh discover the available (sub)patches by searching for directories - and let register-patches.sh replace those placeholders in kgr_patch_main.c Finally, add a register-patches.sh invocation to tar-up.sh. This procedure requires that a SUBPATCH located in directory SUBPATCH/ adheres to the following conventions: - It must provide a provide a SUBPATCH/kgr_patch_SUBPATCH.h header. - This header must provide declarations for kgr_patch_SUBPATCH_init() and kgr_patch_SUBPATCH_cleanup(). - This header must also #define a KGR_PATCH_SUBPATCH_FUNCS macro. It should expand to a comma separated list of KGR_PATCH*() entries, each corresponding to a function the subpatch wants to replace. Signed-off-by: Nicolai Stange <nstange@suse.de> [mbenes: fixed typos, empty line removed] Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2017-04-24Replace $(PWD) with $(CURDIR) in MakefileMiroslav Benes
CURDIR is an internal variable of make and more suitable. Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2017-04-19Create Makefile automaticallyMiroslav Benes
Introduce scripts/create-makefile.sh script to automatically create a makefile. The scripts is called from tar-up.sh or could be called manually. Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2016-10-24Better to use SUSE:SLE-12:Update than Devel:kGraft:SLE12 projectMiroslav Benes
Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2016-05-10Add compat.h to deal with changes of KGR_PATCH macroMiroslav Benes
Sympos patch set for kGraft redefined KGR_PATCH macro and added two new ones. Add new compat.h which contains macro magic so that all kGraft patches would work on both old and new kernels with the patch set merged. Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2016-05-06Fix the number of parameters of KGR_PATCH macroMiroslav Benes
New kernels contain kGraft's sympos patch set which changed number of paramaters of KGR_PATCH macro and introduced new macros. Fix it in master so it will be ok for new branches. Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2015-09-01Include the RPM version number in the module nameMichal Marek
Signed-off-by: Michal Marek <mmarek@suse.com> Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2015-08-26Remove forgotten debug option in the MakefileMiroslav Benes
Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2015-08-18Add license and copyright noticesMiroslav Benes
Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2015-07-15Remove immediate flagMiroslav Benes
Fake signal was merged to kGraft and immediate feature removed. Remove it in kGraft patches from now on too. Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2015-05-20Set immediate flag to falseMiroslav Benes
Using immediate set to true can lead to BUGs and oopses when downgrading, reverting or applying replace_all patches. There is no way how to find out if there is a process in the old code which is being removed. The module would be put, removed and the process will crash. The consistency model guarantees that there is no one in the old code when the finalization ends. Thus use it for all case to be safe. Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2015-05-12Fix description in rpm spec fileMiroslav Benes
Spec file description mentions initial kGraft patch which is only true for real initial patch. Make it more neutral. References: bsc#930408 Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2015-04-01Generate archives names automatically in tar-up.shMiroslav Benes
Signed-off-by: Miroslav Benes <mbenes@suse.cz>