Sync from SUSE:SLFO:Main libpulp revision 534c6af72c6b3f90c44995cd613764cf

.gitattributes

@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text

libpulp.changes

@@ -0,0 +1,183 @@
+-------------------------------------------------------------------
+Tue Jun 27 14:23:33 UTC 2023 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Update package with libpulp-0.3.0:
+  * Add support for processes with blocked mprotect (process launched by
+    systemd, for example) (bsc#1210224, jsc#PED-2877).
+  * Add support for processes which chroots into /proc.
+  * Supports livepathcing all processes in SLE.
+
+-------------------------------------------------------------------
+Fri Jun 16 14:45:03 UTC 2023 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Update package with libpulp-0.2.11:
+  * Avoid warning on symbol read of processes which user do not have access.
+  * Fix a bug in livepatch installation counting.
+  * Fix a warning message of library not loaded when reverting all patches when
+    the library is loaded.
+  * Fix a crash when `patches` is called with invalid PID.
+  * Enable batch processing for patching a single process via PID.
+
+-------------------------------------------------------------------
+Thu Apr 13 21:47:06 UTC 2023 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Update package with libpulp-0.2.10:
+  * Fix typo which makes write_bytes fallback to ptrace mode when vm_writev is
+    available.
+  * Detect when mprotect is blocked by seccomp (process launched by systemd,
+    for example) and disable livepatching in the process (bsc#1210224,
+    jsc#PED-2877).
+
+-------------------------------------------------------------------
+Thu Mar  9 19:24:46 UTC 2023 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Update package with libpulp-0.2.9:
+  * Add mechanism to enable or disable livepatching based or environment variables
+    and in the new command `ulp set_patchable` (jsc#PED-2877).
+  * Change `patch already applied` message from error to skipped.
+
+-------------------------------------------------------------------
+Thu Feb 23 21:24:45 UTC 2023 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Update package with libpulp-0.2.8:
+   * Minor code refactoring.
+   * Fixed a bug where libpulp rejected correct ELF files as library input.
+   * Fixed a file descriptor leak when -check-stack is passed to ulp.
+   * Fixed a bug where ulp did not shown libcrypto.so.1.1 as a livepatchable library (bsc#1208575)
+
+-------------------------------------------------------------------
+Mon Jan  2 19:53:55 UTC 2023 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Update package with libpulp-0.2.7:
+   * Add support to library to JSON library dumps, Removing any requirement of
+     adding the original library .so file into the livepatch build tarball.
+   * Update the ulp post hook script for transactional systems (jsc#PED-1078).
+   * Add `setup_package.sh` as part of libpulp tools.
+
+-------------------------------------------------------------------
+Thu Nov 10 18:00:41 UTC 2022 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Update package with libpulp-0.2.6
+  * Add new `-R` option to specify a prefix root for livepatches
+    (jsc#PED-1078).
+
+-------------------------------------------------------------------
+Wed Aug 18 12:23:31 UTC 2022 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Update package with libpulp-0.2.5.
+  * Fix ulp tool not patching on highly stressed environments. The reason behind
+    it is that a 10s timeout was not enough depending of how stressed the
+    machine is. Worse cases when libpulp is running in a VM (bsc#1200316).
+  * Fix HANA testcase failures (bsc#1200129).
+  * Add support for searching for patches recursively. Previous versions only
+    searched on the path specified, ignoring subdirectories.
+  * Improve patching performance. Previous version took up to 20s ~ 25s to
+    patch 4000 processes. This version reduces this time to 6s. The way this
+    is done is reducing ptrace calls and switching to process_vm_readv/writev
+    when possible, and moving process discovery to a different thread.
+
+-------------------------------------------------------------------
+Fri Jun 24 20:10:22 UTC 2022 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Fix ulp tool not patching on high process count (bsc#1200316).
+- Implement a timeout feature in case of deadlocks.
+
+-------------------------------------------------------------------
+Thu Jun 23 00:03:18 UTC 2022 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Fix ulp tool crashing on high process count (bsc#1200316).
+- Avoid parsing /proc/<pid>/comm when not needed.
+
+-------------------------------------------------------------------
+Mon Jun 13 19:15:37 UTC 2022 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Update package with libpulp-0.2.4.
+- Fix dlsym interposition changing program behaviour (bsc#1200129)
+- Fix free call of mmap'ed buffers (bsc#1200129)
+- Fix error message when user has no permission to open livepatch.
+
+-------------------------------------------------------------------
+Thu May 12 14:53:49 UTC 2022 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Update package with libpulp-0.2.3 (jsc#SLE-20049).
+- Add support for endbr64 instructions on function beginning.
+- Fix use-after-free bug.
+- Fix compilation in Tumbleweed.
+
+-------------------------------------------------------------------
+Mon May  2 14:56:48 UTC 2022 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Update package with libpulp-0.2.2 (jsc#SLE-20049).
+- Use colored output by default (disable with --color=no)
+- Packer now reports errors in .dsc in a GCC 5+ fashion.
+- Trigger now has a summarized mode (disable with -v)
+
+-------------------------------------------------------------------
+Tue Apr 12 19:27:29 UTC 2022 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Update package with libpulp-0.2.1 (jsc#SLE-20049).
+- Fix base address load of non-library variables in target process.
+- Dump references information on `ulp dump`.
+
+-------------------------------------------------------------------
+Wed Mar 30 18:54:12 UTC 2022 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Update package with libpulp-0.2.0 (jsc#SLE-20049).
+- Embed metadata (.ulp) into livepatch container (.so).
+
+-------------------------------------------------------------------
+Fri Mar 25 13:58:11 UTC 2022 - Libor Pechacek <lpechacek@suse.com>
+
+- Add patch build macros and deployment scripts. (jsc#SLE-20049)
+
+-------------------------------------------------------------------
+Tue Feb 22 18:03:18 UTC 2022 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Update package with libpulp-0.1.1 (jsc#SLE-20049).
+- Add new command `ulp livepatchable` to check if a library is livepatchable.
+
+-------------------------------------------------------------------
+Wed Feb 16 13:50:17 UTC 2022 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Update package with newest libpulp features (jsc#SLE-20049).
+- Fix a bug which causes the ulp tool to fail if itself was loaded with libpulp.
+
+-------------------------------------------------------------------
+Fri Jan 28 15:33:12 UTC 2022 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Update package with newest libpulp features (jsc#SLE-20049).
+- Fix --revert-all when no wildcards are provided.
+- Fix batch processing of .rev files.
+- Disable lto when building libpulp.
+
+-------------------------------------------------------------------
+Fri Nov 12 15:39:24 UTC 2021 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Update libpulp with ulp_apply in trigger.
+
+-------------------------------------------------------------------
+Fri Oct 22 19:41:03 UTC 2021 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Remove gcc9 as build requirement.
+
+-------------------------------------------------------------------
+Tue Oct 12 14:59:28 UTC 2021 - Libor Pechacek <lpechacek@suse.com>
+
+- Add libpulp.rpmlintrc to the sources. (jsc#SLE-20049)
+- Refresh the .spec file with spec-cleaner.
+
+-------------------------------------------------------------------
+Tue Oct  5 18:11:08 UTC 2021 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Update libpulp .tar.gz package.
+
+-------------------------------------------------------------------
+Mon Sep 27 18:54:11 UTC 2021 - Giuliano Belinassi <gbelinassi@suse.de>
+
+- Update libpulp .tar.gz package.
+- Remove gcc9-PIE from libpulp.spec, as it is not provided anymore.
+
+-------------------------------------------------------------------
+Mon Feb  3 16:58:33 UTC 2020 - Gabriel F. T. Gomes <gagomes@suse.de>
+
+- Initial package.

libpulp.rpmlintrc

@@ -0,0 +1,14 @@
+# When a library is being live patched, the program using it is unaware
+# of the operation, so much so that it's not the application who starts
+# the live patching.  Instead, an external tool (__ulp_trigger) halts
+# the execution of every thread of the application and changes
+# trampolines to patched functions.  If some of these operations fail,
+# there's nothing the application could do to salvage the execution, so
+# it's mandatory that the live patching calls exit to kill the process.
+addFilter("W: shared-lib-calls-exit")
+
+# Libpulp is the upstream name of the project, so placing the tools
+# under libpulp-tools makes it more likely to show up on searches with
+# zypper. However, this package does not ship libraries, which cause a
+# lintian warning.
+addFilter("libpulp-tools.* shlib-policy-missing-lib");

libpulp.spec

@@ -0,0 +1,105 @@
+#
+# spec file for package libpulp
+#
+# Copyright (c) 2022 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+Name:           libpulp
+Version:        0.3.0
+Release:        0
+Summary:        Userspace live patching library and tools
+License:        LGPL-2.1-only
+Group:          Productivity/Security
+URL:            https://github.com/suse/libpulp
+Source0:        %{name}-%{version}.tar.gz
+Source1:        rpm-helper
+Source2:        macros.userspace-livepatch
+Source99:       libpulp.rpmlintrc
+# Required to hardlink identical files.
+BuildRequires:  fdupes
+# Required to run the tests.
+BuildRequires:  gcc-c++
+# Required to build the tools, which are needed to run the tests.
+BuildRequires:  libjson-c-devel
+BuildRequires:  libelf-devel
+BuildRequires:  python3-pexpect
+BuildRequires:  python3-psutil
+BuildRequires:  libseccomp-devel
+# Only available for these architectures.
+ExclusiveArch:  x86_64
+
+%description
+Library and tools for user space live patching.
+
+%package -n libpulp0
+Summary:        User space live patching library
+Group:          System/Libraries
+
+%description -n libpulp0
+Libpulp is a library (and a framework) that enables live patching of
+user space libraries.
+
+This package contains the runtime files.
+
+%package tools
+Summary:        User space live patching tools
+Group:          System/Management
+
+%description tools
+This package contains the tools to apply user-space live patches.
+
+# Disable LTO for libpulp, as it is currently not supported.
+%define _lto_cflags %{nil}
+
+%prep
+%autosetup -p1
+
+%build
+%configure
+%make_build
+
+%check
+%make_build check
+
+%install
+%make_install
+install -D -m0755 %{SOURCE1} %{buildroot}%{_prefix}/lib/userspace-livepatch/rpm-helper
+install -D -m0644 %{SOURCE2} %{buildroot}%{_prefix}/lib/rpm/macros.d/macros.userspace-livepatch
+
+# Convert identical files into hardlinks.
+%fdupes %{buildroot}/%{_prefix}
+# Remove .la and .so files.  libpulp.so is not supposed to be linked
+# against any programs or libraries, but LD_PRELOAD'ed, so do not
+# distribute it, not even in the devel package.
+find %{buildroot}/%{_prefix} -name libpulp.la -delete
+find %{buildroot}/%{_prefix} -name libpulp.so -delete
+
+%post -n libpulp0 -p /sbin/ldconfig
+%postun -n libpulp0 -p /sbin/ldconfig
+
+%files -n libpulp0
+%{_libdir}/lib*.so.*
+%doc README.md
+%license LICENSE
+
+%files tools
+%{_bindir}/*
+%{_mandir}/*/*
+%dir %{_prefix}/lib/userspace-livepatch
+%{_prefix}/lib/userspace-livepatch/*
+%{_prefix}/lib/rpm/*
+%license LICENSE
+
+%changelog

macros.userspace-livepatch

@@ -0,0 +1,9 @@
+# Hook for %post used by livepatch packages to apply a livepatch (or multiple
+# livepatches) on the system.
+#
+# The parameters are <package_name> <livepatch_version> <target_library>
+%ulp_post_hook() \
+echo "Executing ulp_post_hook(). About to execute rpm-helper..." \
+/bin/bash /usr/lib/userspace-livepatch/rpm-helper install "%1" "%2" "%3" $1 \
+echo "Done executing rpm-helper." \
+%{nil}

rpm-helper

@@ -0,0 +1,84 @@
+#!/bin/bash
+# SPDX-License-Identifier: GPL-2.0-or-later
+
+USAGE="$0 <install|remove> <package> <version> <num_packages>"
+
+if test "$1" = "-h" -o "$1" = "--help"; then
+	echo "$USAGE"
+	exit 0
+fi
+if test "$#" -lt 2; then
+	echo "$USAGE" >&2
+	exit 1
+fi
+
+# ulp trigger have problems with bash expanding its arguments. Disable that
+# and let it expand the wildcard by itself.
+shopt -s nullglob
+
+check_livepatching_env()
+{
+	[ -z "$PACKAGE" ] && return 0
+
+  echo $PACKAGE
+
+	COMPONENT=${PACKAGE%-livepatches}
+	COMPONENT=${COMPONENT^^}
+	COMPONENT=${COMPONENT/-/_}
+	CONF_VAR_NAME="LIVEPATCH_$COMPONENT"
+	eval "$CONF_VAR_NAME"=auto
+
+	# Check if a sysconfig for livepatching exists. If yes, include the file.
+	if test -f "/etc/sysconfig/livepatching"; then
+		. /etc/sysconfig/livepatching || :
+	fi
+
+	return 0
+}
+
+do_install()
+{
+  if test -e /.buildenv; then
+    echo "Skipping userspace live patches in buildroot"
+    return 0
+  fi
+
+  check_livepatching_env || return 0
+
+  # Check if we are running a transactional update. If yes, set the root
+  # accordingly.
+  if [ "$TRANSACTIONAL_UPDATE" = "true" ] && [ "x$TRANSACTIONAL_UPDATE_ROOT" != "x" ]; then
+    ROOT="-R $TRANSACTIONAL_UPDATE_ROOT"
+  fi
+
+  ulp trigger $ROOT --recursive -r 100 --timeout 200 --revert-all=target \
+    "/usr/lib64/$PACKAGE/$VER/*.so"
+
+  echo "ulp trigger executed."
+}
+
+do_remove()
+{
+	: # reserved for future use
+}
+
+if test $# -ne 5; then
+	echo 'WARNING: Unexpected number of parameters. Are the live patch RPM scripts compatible with this rpm-helper?' >&2
+fi
+
+
+# Parse first argument (install or remove).
+cmd=$1
+PACKAGE=$2
+VER=$3
+TARGET_LIB=$4
+NUM_PACKAGES=${5-0}
+case "$cmd" in
+install|remove)
+	do_$cmd
+	exit
+	;;
+*)
+	echo "$USAGE" >&2
+	exit 1
+esac