Sync from SUSE:ALP:Source:Standard:1.0 kernel-livepatch-MICRO-6-0_Update_3 revision 50def70bb264e3123718330c12f0cc9d

This commit is contained in:
Adrian Schröter 2024-11-05 10:25:12 +01:00
commit ae0d953551
14 changed files with 1730 additions and 0 deletions

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

14
Makefile Normal file
View File

@ -0,0 +1,14 @@
KDIR ?= /lib/modules/`uname -r`/build
ccflags-y += -I$(obj)
obj-m := livepatch-@@RPMRELEASE@@.o
livepatch-@@RPMRELEASE@@-y := kallsyms_relocs.o livepatch_main.o uname_patch/livepatch_uname.o
default:
$(MAKE) -C $(KDIR) M=$(CURDIR) modules
clean:
$(MAKE) -C $(KDIR) M=$(CURDIR) clean

1
config.sh Normal file
View File

@ -0,0 +1 @@
IBS_PROJECT=SUSE:ALP:Source:Standard:Core:1.0:Build

129
kallsyms_relocs.c Normal file
View File

@ -0,0 +1,129 @@
/*
* kallsyms_relocs.c - resolve non-exported symbols
*
* Copyright (C) 2018 SUSE
* Author: Nicolai Stange <nstange@suse.de>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/kallsyms.h>
#include "kallsyms_relocs.h"
struct find_args
{
struct klp_kallsyms_reloc reloc;
unsigned long match_count;
};
static int __find_callback(void *data, const char *name, unsigned long addr)
{
struct find_args *args = data;
if (strcmp(args->reloc.symname, name))
return 0;
args->match_count++;
/*
* Finish the search when the symbol is found for the desired
* position or the position is not defined.
*/
if (!args->reloc.sympos || args->match_count == args->reloc.sympos) {
*args->reloc.addr = (void *)addr;
return 1;
}
return 0;
}
static
int (*klpe_module_kallsyms_on_each_symbol)(const char *modname,
int (*fn)(void *, const char *,
unsigned long),
void *data);
static int __klp_resolve_kallsyms_relocs(struct klp_kallsyms_reloc *relocs,
unsigned long count)
{
unsigned long i;
struct find_args args;
for (i = 0; i < count; ++i) {
*relocs[i].addr = NULL;
args.reloc = relocs[i];
args.match_count = 0;
if (args.reloc.objname) {
klpe_module_kallsyms_on_each_symbol(args.reloc.objname,
__find_callback,
&args);
} else {
kallsyms_on_each_symbol(__find_callback, &args);
}
if (!*relocs[i].addr) {
if (relocs[i].objname) {
pr_err("livepatch: symbol %s:%s not resolved\n",
relocs[i].objname, relocs[i].symname);
} else {
pr_err("livepatch: symbol %s not resolved\n",
relocs[i].symname);
}
return -ENOENT;
}
}
return 0;
}
struct module *(*klpe_find_module)(const char *name);
/* Bootstrap: resolve non-exported module_kallsyms_on_each_symbol() */
int klp_kallsyms_relocs_init(void)
{
static struct klp_kallsyms_reloc bootstrap_relocs[] = {
{ "module_kallsyms_on_each_symbol",
(void *)&klpe_module_kallsyms_on_each_symbol },
{ "find_module", (void *)&klpe_find_module },
};
/* Already initialized? */
if (klpe_module_kallsyms_on_each_symbol)
return 0;
/*
* All relocations are against symbols from vmlinux, the yet
* unresolved klpe_module_kallsyms_on_each_symbol() will not
* get invoked and the call below will work fine at this stage
* already.
*/
return __klp_resolve_kallsyms_relocs(bootstrap_relocs,
ARRAY_SIZE(bootstrap_relocs));
}
int klp_resolve_kallsyms_relocs(struct klp_kallsyms_reloc *relocs,
unsigned long count)
{
int ret;
ret = klp_kallsyms_relocs_init();
if (ret)
return ret;
return __klp_resolve_kallsyms_relocs(relocs, count);
}

19
kallsyms_relocs.h Normal file
View File

@ -0,0 +1,19 @@
#ifndef _KLP_KALLSYMS_RELOCS
#define _KLP_KALLSYMS_RELOCS
struct klp_kallsyms_reloc
{
const char *symname;
void **addr;
const char *objname;
unsigned long sympos;
};
int klp_kallsyms_relocs_init(void);
int klp_resolve_kallsyms_relocs(struct klp_kallsyms_reloc *relocs,
unsigned long count);
extern struct module *(*klpe_find_module)(const char *name);
#endif /* _KLP_KALLSYMS_RELOCS */

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,101 @@
#
# spec file for package Kernel live patch module
#
# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# needssslcertforbuild
%define variant %{nil}
Name: kernel-livepatch-MICRO-6-0_Update_3
Version: 1
Release: 1
%define module_num %(echo %version-%release | sed 'y/\./_/')
License: GPL-2.0
Summary: Kernel live patch module
Group: System/Kernel
Source0: uname_patch.tar.bz2
Source1: Makefile
Source2: livepatch_main.c
Source3: config.sh
Source4: source-timestamp
Source5: shadow.h
Source6: kallsyms_relocs.h
Source7: kallsyms_relocs.c
Source8: klp_convert.h
Source9: klp_syscalls.h
Source10: klp_trace.h
# Auto expanded KLP_PATCHES_SOURCES:
BuildRequires: kernel-syms%{variant} kernel-livepatch-tools-devel libelf-devel
%if 0%{?use_klp_convert}
%if "%{?variant}"
BuildRequires: kernel%{variant}-livepatch-devel
%else
BuildRequires: kernel-default-livepatch-devel
%endif
%endif
ExclusiveArch: x86_64 s390x
%klp_module_package
%description
This is a live patch for SUSE Linux Enterprise Server kernel.
Source timestamp: 2024-09-30 17:57:42 +0200
GIT Revision: f95a323f762f7473c999e35e7104ddccdc398462
GIT Branch: MICRO-6-0_Update_3
%prep
%setup -c
# Auto expanded KLP_PATCHES_SETUP_SOURCES:
cp %_sourcedir/livepatch_main.c .
cp %_sourcedir/shadow.h .
cp %_sourcedir/kallsyms_relocs.h .
cp %_sourcedir/kallsyms_relocs.c .
cp %_sourcedir/Makefile .
cp %_sourcedir/klp_convert.h .
cp %_sourcedir/klp_syscalls.h .
cp %_sourcedir/klp_trace.h .
%build
sed -i 's/@@RPMRELEASE@@/%module_num/g' Makefile
sed -i 's/@@RPMRELEASE@@/%module_num/g' livepatch_main.c
echo 'livepatch-%module_num' >Module.supported
set -- *
for flavor in %flavors_to_build; do
mkdir -p "obj/$flavor"
cp -r "$@" "obj/$flavor"
make -C %{kernel_source $flavor} M="$PWD/obj/$flavor" modules
%if 0%{?use_klp_convert}
module=$(find "obj/$flavor" -name 'livepatch*.ko' -printf '%f')
klp-convert /usr/src/linux-obj/%_target_cpu/$flavor/Symbols.list \
obj/$flavor/$module obj/$flavor/${module}_converted
mv obj/$flavor/${module}_converted obj/$flavor/$module
%endif
done
%install
export INSTALL_MOD_DIR=livepatch
export INSTALL_MOD_PATH=%buildroot
for flavor in %flavors_to_build; do
make -C %{kernel_source $flavor} M="$PWD/obj/$flavor" modules_install
done
%changelog

16
klp_convert.h Normal file
View File

@ -0,0 +1,16 @@
#ifndef _KLP_KLPCONVERT_H
#define _KLP_KLPCONVERT_H
#ifdef USE_KLP_CONVERT
#define KLP_SYM_LINKAGE extern
#define KLP_SYM(sym) sym
#else
#define KLP_SYM_LINKAGE static
#define KLP_SYM(sym) (*klp_##sym)
#endif
#endif

111
klp_syscalls.h Normal file
View File

@ -0,0 +1,111 @@
#ifndef _KLP_SYSCALLS_H
#define _KLP_SYSCALLS_H
#include <linux/version.h>
#include <linux/syscalls.h>
/*
* For kernels after 4.17.0, syscalls' symbol names as constructed by
* the kernel's __SYSCALL_DEFINEx macro depend on kernel version and
* architecture.
*/
#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 17, 0)
/* C.f. include/linux/syscalls.h */
#define KLP_SYSCALL_SYM(name) SyS_ ## name
#ifdef CONFIG_COMPAT
/* What comes out of COMPAT_SYSCALL_DEFINEx(). */
#define KLP_COMPAT_SYSCALL_SYM(name) compat_SyS_ ## name
#define KLP_SYSCALL_DECLx(x, sym, ...) \
asmlinkage long sym(__MAP(x,__SC_LONG,__VA_ARGS__))
#endif /* CONFIG_COMPAT */
#else /* LINUX_VERSION_CODE < KERNEL_VERSION(4, 17, 0) */
#if defined(CONFIG_X86_64)
/* C.f. arch/x86/include/asm/syscall_wrapper.h */
#define KLP_SYSCALL_SYM(name) __x64_sys_ ## name
#ifdef CONFIG_IA32_EMULATION
#define KLP_ARCH_HAS_SYSCALL_COMPAT_STUBS 1
/* Compat stub for common syscalls. */
#define KLP_SYSCALL_COMPAT_STUB_SYM(name) __ia32_sys_ ## name
#endif /* CONFIG_IA32_EMULATION */
#ifdef CONFIG_COMPAT
/* What comes out of COMPAT_SYSCALL_DEFINEx(). */
#define KLP_COMPAT_SYSCALL_SYM(name) __ia32_compat_sys_ ## name
#endif /* CONFIG_COMPAT */
#define KLP_SYSCALL_DECLx(x, sym, ...) \
asmlinkage long sym(const struct pt_regs *)
#elif defined(CONFIG_S390)
/* C.f. arch/s390/include/asm/syscall_wrapper.h */
#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 3, 0)
#define KLP_SYSCALL_SYM(name) __se_sys_ ## name
#ifdef CONFIG_COMPAT
#define KLP_ARCH_HAS_SYSCALL_COMPAT_STUBS 1
/* Compat stub for common syscalls. */
#define KLP_SYSCALL_COMPAT_STUB_SYM(name) __s390_sys_ ## name
#define KLP_COMPAT_SYSCALL_SYM(name) __se_compat_sys_ ## name
#endif /* CONFIG_COMPAT */
#else /* LINUX_VERSION_CODE < KERNEL_VERSION(6, 3, 0) */
#define KLP_SYSCALL_SYM(name) __s390x_sys_ ## name
#ifdef CONFIG_COMPAT
#define KLP_ARCH_HAS_SYSCALL_COMPAT_STUBS 1
/* Compat stub for common syscalls. */
#define KLP_SYSCALL_COMPAT_STUB_SYM(name) __s390_sys_ ## name
#define KLP_COMPAT_SYSCALL_SYM(name) __s390_compat_sys_ ## name
#endif /* CONFIG_COMPAT */
#endif /* LINUX_VERSION_CODE < KERNEL_VERSION(6, 3, 0) */
#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 12, 0)
#define KLP_SYSCALL_DECLx(x, sym, ...) \
asmlinkage long sym(__MAP(x,__SC_LONG,__VA_ARGS__))
#else
#define KLP_SYSCALL_DECLx(x, sym, ...) \
long sym(struct pt_regs *regs)
#endif
#elif defined(CONFIG_PPC64)
#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 1, 0)
/* C.f. include/linux/syscalls.h */
#define KLP_SYSCALL_SYM(name) __se_sys_ ## name
#ifdef CONFIG_COMPAT
#define KLP_COMPAT_SYSCALL_SYM(name) __se_compat_sys_ ## name
#endif /* CONFIG_COMPAT */
#define KLP_SYSCALL_DECLx(x, sym, ...) \
asmlinkage long sym(__MAP(x,__SC_LONG,__VA_ARGS__))
#else /* LINUX_VERSION_CODE < KERNEL_VERSION(6, 1, 0) */
/* C.f. arch/powerpc/include/asm/syscalls_wrapper.h */
#define KLP_SYSCALL_SYM(name) sys_ ## name
#ifdef CONFIG_COMPAT
/* C.f. include/linux/compat.h */
#define KLP_COMPAT_SYSCALL_SYM(name) __se_compat_sys_ ## name
#endif /* CONFIG_COMPAT */
#define KLP_SYSCALL_DECLx(x, sym, ...) \
long sym(const struct pt_regs *regs)
#endif /* LINUX_VERSION_CODE < KERNEL_VERSION(6, 1, 0) */
#else
#error "Architecture not supported."
#endif
#endif /* LINUX_VERSION_CODE < KERNEL_VERSION(4, 17, 0) */
#endif /* _KLP_SYSCALLS_H */

101
klp_trace.h Normal file
View File

@ -0,0 +1,101 @@
#ifndef _KLP_TRACE_H
#define _KLP_TRACE_H
#include <linux/tracepoint.h>
#include <linux/version.h>
/*
* Since kernel 5.12, the data_args was removed from __DECLARE_TRACE.
* Since kernel 5.10, the __tracepoint_iter_ symbols were renamed to
* __traceiter_ in order to have shorter symbol names.
* As we currently support kernels from 5.3 and then 5.14, we don't need special
* ifdefery for kernel 5.10.
*/
#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 12, 0)
#define KLPR___DECLARE_TRACE(name, proto, args, cond, data_proto, data_args) \
static struct tracepoint (*klpe___tracepoint_##name); \
static inline void klpr_trace_##name(proto) \
{ \
if (unlikely(static_key_enabled(&(*klpe___tracepoint_##name).key))) \
__DO_TRACE(&(*klpe___tracepoint_##name), \
TP_PROTO(data_proto), \
TP_ARGS(data_args), \
TP_CONDITION(cond), 0); \
if (IS_ENABLED(CONFIG_LOCKDEP) && (cond)) { \
rcu_read_lock_sched_notrace(); \
rcu_dereference_sched((*klpe___tracepoint_##name).funcs); \
rcu_read_unlock_sched_notrace(); \
} \
} \
#define KLPR_DECLARE_TRACE(name, proto, args) \
KLPR___DECLARE_TRACE(name, PARAMS(proto), PARAMS(args), \
cpu_online(raw_smp_processor_id()), \
PARAMS(void *__data, proto), \
PARAMS(__data, args))
#else /* LINUX_VERSION_CODE < KERNEL_VERSION(5, 12, 0) */
#define KLPR___DO_TRACE_CALL(name, args) (*klpe___traceiter_##name)(NULL, args)
#define KLPR___DO_TRACE(name, args, cond, rcuidle) \
do { \
int __maybe_unused __idx = 0; \
\
if (!(cond)) \
return; \
\
/* srcu can't be used from NMI */ \
WARN_ON_ONCE(rcuidle && in_nmi()); \
\
/* keep srcu and sched-rcu usage consistent */ \
preempt_disable_notrace(); \
\
/* \
* For rcuidle callers, use srcu since sched-rcu \
* doesn't work from the idle path. \
*/ \
if (rcuidle) { \
__idx = srcu_read_lock_notrace(&tracepoint_srcu);\
rcu_irq_enter_irqson(); \
} \
\
KLPR___DO_TRACE_CALL(name, TP_ARGS(args)); \
\
if (rcuidle) { \
rcu_irq_exit_irqson(); \
srcu_read_unlock_notrace(&tracepoint_srcu, __idx);\
} \
\
preempt_enable_notrace(); \
} while (0)
#define KLPR___DECLARE_TRACE(name, proto, args, cond, data_proto) \
static int (*klpe___traceiter_##name)(data_proto); \
static struct tracepoint (*klpe___tracepoint_##name); \
static inline void klpr_trace_##name(proto) \
{ \
if (static_key_enabled(&(*klpe___tracepoint_##name).key)) \
KLPR___DO_TRACE(name, \
TP_ARGS(args), \
TP_CONDITION(cond), 0); \
if (IS_ENABLED(CONFIG_LOCKDEP) && (cond)) { \
rcu_read_lock_sched_notrace(); \
rcu_dereference_sched((*klpe___tracepoint_##name).funcs);\
rcu_read_unlock_sched_notrace(); \
} \
} \
#define KLPR_DECLARE_TRACE(name, proto, args) \
KLPR___DECLARE_TRACE(name, PARAMS(proto), PARAMS(args), \
cpu_online(raw_smp_processor_id()), \
PARAMS(void *__data, proto))
#endif /* LINUX_VERSION_CODE < KERNEL_VERSION(5, 12, 0) */
#define KLPR_TRACE_EVENT(name, proto, args) \
KLPR_DECLARE_TRACE(name, PARAMS(proto), PARAMS(args))
#endif /* _KLP_TRACE_H */

92
livepatch_main.c Normal file
View File

@ -0,0 +1,92 @@
/*
* livepatch_main.c - kernel live patch main infrastructure
*
* Copyright (c) 2014 SUSE
* Author: Miroslav Benes <mbenes@suse.cz>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#include <linux/livepatch.h>
#include <linux/module.h>
#include <linux/types.h>
#include "uname_patch/livepatch_uname.h"
/* Auto expanded KLP_PATCHES_INCLUDES: */
static struct klp_object objs[] = {
/* Auto expanded KLP_PATCHES_OBJS: */
{
.name = NULL,
.funcs = (struct klp_func[]) {
{
.old_name = __stringify(KLP_SYSCALL_SYM(newuname)),
.new_func = KLP_SYSCALL_SYM(klp_newuname),
},
#ifdef KLP_ARCH_HAS_SYSCALL_COMPAT_STUBS
{
.old_name = __stringify(KLP_SYSCALL_COMPAT_STUB_SYM(newuname)),
.new_func = KLP_SYSCALL_COMPAT_STUB_SYM(klp_newuname),
},
#endif
{ }
}
},
{ }
};
static struct klp_patch patch = {
.mod = THIS_MODULE,
.objs = objs,
.replace = true,
};
static int __init klp_patch_init(void)
{
int retval;
pr_info("livepatch: initializing\n");
retval = klp_patch_uname_init();
if (retval)
return retval;
/* Auto expanded KLP_PATCHES_INIT_CALLS: */
retval = klp_enable_patch(&patch);
if (!retval)
return retval;
/* Auto expanded KLP_PATCHES_INIT_ERR_HANDLERS: */
return retval;
}
static void __exit klp_patch_cleanup(void)
{
pr_info("livepatch: removed\n");
/* Auto expanded KLP_PATCHES_CLEANUP_CALLS: */
}
module_init(klp_patch_init);
module_exit(klp_patch_cleanup);
MODULE_LICENSE("GPL");
MODULE_INFO(livepatch, "Y");
MODULE_INFO(klpgitrev, "f95a323f762f7473c999e35e7104ddccdc398462");

6
shadow.h Normal file
View File

@ -0,0 +1,6 @@
#ifndef _KLP_SHADOW_H
#define _KLP_SHADOW_H
#define KLP_SHADOW_ID(bsc, id) (((unsigned long)(bsc) << 6) | id)
#endif

3
source-timestamp Normal file
View File

@ -0,0 +1,3 @@
2024-09-30 17:57:42 +0200
GIT Revision: f95a323f762f7473c999e35e7104ddccdc398462
GIT Branch: MICRO-6-0_Update_3

BIN
uname_patch.tar.bz2 (Stored with Git LFS) Normal file

Binary file not shown.