[PATCH v7 00/10] livepatch: klp-convert tool
From: Joe Lawrence
Date: Mon Mar 06 2023 - 09:12:50 EST
Summary
-------
Livepatches may use symbols which are not contained in its own scope,
and, because of that, may end up compiled with relocations that will
only be resolved during module load. Yet, when the referenced symbols
are not exported, solving this relocation requires information on the
object that holds the symbol (either vmlinux or modules) and its
position inside the object, as an object may contain multiple symbols
with the same name. Providing such information must be done accordingly
to what is specified in Documentation/livepatch/module-elf-format.txt.
Currently, there is no trivial way to embed the required information as
requested in the final livepatch elf object. klp-convert solves this
problem in two different forms: (i) by relying on a symbol map, which is
built during kernel compilation, to automatically infer the relocation
targeted symbol, and, when such inference is not possible (ii) by using
annotations in the elf object to convert the relocation accordingly to
the specification, enabling it to be handled by the livepatch loader.
Given the above, add support for symbol mapping in the form of a
symbols.klp file; add klp-convert tool; integrate klp-convert tool into
kbuild; make livepatch modules discernible during kernel compilation
pipeline; add data-structure and macros to enable users to annotate
livepatch source code; make modpost stage compatible with livepatches;
update livepatch-sample and update documentation.
The patch was tested under three use-cases:
use-case 1: There is a relocation in the lp that can be automatically
resolved by klp-convert. For example. see the saved_command_line
variable in lib/livepatch/test_klp_convert2.c.
use-case 2: There is a relocation in the lp that cannot be automatically
resolved, as the name of the respective symbol appears in multiple
objects. The livepatch contains an annotation to enable a correct
relocation. See the KLP_MODULE_RELOC / KLP_SYMPOS annotation sections
in lib/livepatch/test_klp_convert{1,2}.c.
use-case 3: There is a relocation in the lp that cannot be automatically
resolved similarly as 2, but no annotation was provided in the
livepatch, triggering an error during compilation. Reproducible by
removing the KLP_MODULE_RELOC / KLP_SYMPOS annotation sections in
lib/livepatch/test_klp_convert{1,2}.c.
Selftests have been added to exercise these klp-convert use-cases
through several tests.
Testing
-------
The patchset selftests build and execute on x86_64, s390x, and ppc64le
for both default config (with added livepatch dependencies) and a larger
RHEL-9-ish config.
Using the Intel's Linux Kernel Performance tests's make.cross,
klp-convert builds and processes livepatch .ko's for x86_64 ppc64le
ppc32 s390 arm64 arches.
Summary of changes in v7
------------------------
- rebase for v6.2
- combine ("livepatch: Add klp-convert tool") with ("livepatch: Add
klp-convert annotation helpers")
- combine ("kbuild: Support for symbols.klp creation") with ("modpost:
Integrate klp-convert") to simplify Kbuild magic [Petr, Nicolas]
- klp-convert: add safe_snprintf() (-Wsign-compare)
- klp-convert: fix -Wsign-compare warnings
- klp-convert: use calloc() where appropriate
- klp-convert: copy ELF e_flags
- selftests: fix various build warnings
- klp-convert: WARN msg simplification, failed sanity checks, and sympos
comment [Marcos]
- klp-convert: fix elf_write_file() error paths [Petr]
Previous versions
-----------------
RFC:
https://lore.kernel.org/lkml/cover.1477578530.git.jpoimboe@xxxxxxxxxx/
v2:
https://lore.kernel.org/lkml/f52d29f7-7d1b-ad3d-050b-a9fa8878faf2@xxxxxxxxxx/
v3:
https://lore.kernel.org/lkml/20190410155058.9437-1-joe.lawrence@xxxxxxxxxx/
v4:
https://lore.kernel.org/lkml/20190509143859.9050-1-joe.lawrence@xxxxxxxxxx/
v5:
(not posted)
https://github.com/joe-lawrence/klp-convert-tree/tree/klp-convert-v5-devel
v6:
https://lore.kernel.org/live-patching/20220216163940.228309-1-joe.lawrence@xxxxxxxxxx/
Joe Lawrence (10):
livepatch: Create and include UAPI headers
livepatch: Add klp-convert tool
kbuild/modpost: create symbols.klp and integrate klp-convert
livepatch: Add sample livepatch module
documentation: Update on livepatch elf format
livepatch/selftests: add klp-convert
livepatch/selftests: test multiple sections
livepatch/selftests: add __asm__ symbol renaming examples
livepatch/selftests: add data relocations test
livepatch/selftests: add static keys test
.gitignore | 2 +
Documentation/dontdiff | 1 +
Documentation/livepatch/livepatch.rst | 3 +
Documentation/livepatch/module-elf-format.rst | 42 +-
MAINTAINERS | 2 +
Makefile | 16 +-
include/linux/livepatch.h | 13 +
include/uapi/linux/livepatch.h | 25 +
kernel/livepatch/core.c | 4 +-
lib/livepatch/Makefile | 12 +
lib/livepatch/test_klp_convert.h | 45 +
lib/livepatch/test_klp_convert1.c | 121 +++
lib/livepatch/test_klp_convert2.c | 110 +++
lib/livepatch/test_klp_convert_data.c | 190 ++++
lib/livepatch/test_klp_convert_keys.c | 91 ++
lib/livepatch/test_klp_convert_keys_mod.c | 52 +
lib/livepatch/test_klp_convert_mod_a.c | 31 +
lib/livepatch/test_klp_convert_mod_b.c | 19 +
lib/livepatch/test_klp_convert_mod_c.c | 36 +
lib/livepatch/test_klp_convert_sections.c | 120 +++
samples/livepatch/Makefile | 1 +
.../livepatch/livepatch-annotated-sample.c | 93 ++
scripts/Makefile | 1 +
scripts/Makefile.modfinal | 33 +
scripts/Makefile.modpost | 5 +
scripts/livepatch/.gitignore | 1 +
scripts/livepatch/Makefile | 5 +
scripts/livepatch/elf.c | 817 ++++++++++++++++
scripts/livepatch/elf.h | 74 ++
scripts/livepatch/klp-convert.c | 893 ++++++++++++++++++
scripts/livepatch/klp-convert.h | 47 +
scripts/livepatch/list.h | 391 ++++++++
scripts/mod/modpost.c | 28 +-
scripts/mod/modpost.h | 1 +
.../selftests/livepatch/test-livepatch.sh | 403 ++++++++
35 files changed, 3716 insertions(+), 12 deletions(-)
create mode 100644 include/uapi/linux/livepatch.h
create mode 100644 lib/livepatch/test_klp_convert.h
create mode 100644 lib/livepatch/test_klp_convert1.c
create mode 100644 lib/livepatch/test_klp_convert2.c
create mode 100644 lib/livepatch/test_klp_convert_data.c
create mode 100644 lib/livepatch/test_klp_convert_keys.c
create mode 100644 lib/livepatch/test_klp_convert_keys_mod.c
create mode 100644 lib/livepatch/test_klp_convert_mod_a.c
create mode 100644 lib/livepatch/test_klp_convert_mod_b.c
create mode 100644 lib/livepatch/test_klp_convert_mod_c.c
create mode 100644 lib/livepatch/test_klp_convert_sections.c
create mode 100644 samples/livepatch/livepatch-annotated-sample.c
create mode 100644 scripts/livepatch/.gitignore
create mode 100644 scripts/livepatch/Makefile
create mode 100644 scripts/livepatch/elf.c
create mode 100644 scripts/livepatch/elf.h
create mode 100644 scripts/livepatch/klp-convert.c
create mode 100644 scripts/livepatch/klp-convert.h
create mode 100644 scripts/livepatch/list.h
--
2.39.2