diff --git a/glibc.changes b/glibc.changes index 2cb7771..41f4a9c 100644 --- a/glibc.changes +++ b/glibc.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Apr 28 23:42:47 UTC 2023 - Giuliano Belinassi + +- Add support for livepatches in ASM written functions (bsc#1210777) + ------------------------------------------------------------------- Thu Mar 30 12:03:36 UTC 2023 - Andreas Schwab diff --git a/glibc.spec b/glibc.spec index a4f76a1..4049ca6 100644 --- a/glibc.spec +++ b/glibc.spec @@ -260,6 +260,8 @@ Patch15: glibc-2.3.90-langpackdir.diff Patch19: nscd-server-user.patch # PATCH-FEATURE-SLE read nsswich.conf from /usr Patch20: glibc-nsswitch-usr.diff +# PATCH-FEATURE-SLE Add ULP prologue into ASM functions +Patch21: ulp-prologue-into-asm-functions.patch ### Locale related patches # PATCH-FIX-OPENSUSE Add additional locales @@ -500,6 +502,7 @@ library in a cross compilation setting. %patch15 -p1 %patch19 -p1 %patch20 -p1 +%patch21 -p1 %patch100 -p1 %patch102 -p1 @@ -676,6 +679,9 @@ profile="--disable-profile" --with-bugurl=http://bugs.opensuse.org \ --enable-bind-now \ --disable-timezone-tools \ +%if %{with livepatching} + --enable-userspace-livepatch \ +%endif --disable-crypt || \ { rc=$?; @@ -688,7 +694,7 @@ profile="--disable-profile" %if %{build_main} && %{with livepatching} # Append necessary flags for livepatch support, if enabled. Only objects # included in shared libraries should be prepared for live patching. -echo 'CFLAGS-.os += -fpatchable-function-entry=16,14 -fdump-ipa-clones' \ +echo 'CFLAGS-.os += -fdump-ipa-clones' \ >> Makeconfig %endif diff --git a/ulp-prologue-into-asm-functions.patch b/ulp-prologue-into-asm-functions.patch new file mode 100644 index 0000000..4d63044 --- /dev/null +++ b/ulp-prologue-into-asm-functions.patch @@ -0,0 +1,270 @@ +From e3a1c61d1a69c66a5635bb23318531d5ef651e15 Mon Sep 17 00:00:00 2001 +From: Giuliano Belinassi +Date: Wed, 24 May 2023 18:03:15 -0300 +Subject: [PATCH] Add Userspace Livepatch prologue into ASM functions + +Userspace Live Patching (ULP) refers to the process of applying +patches to the libraries used by a running process, without +interrupting it. In order to archive this, functions must have +the NOP prologue. This prologue is included automatically when +compiled with -fpatchable-function-entry, but for ASM functions +this have to be included manually. This patch does this. + +Signed-off-by: Giuliano Belinassi +--- + Makeconfig | 5 +++++ + config.h.in | 3 +++ + config.make.in | 1 + + configure | 20 ++++++++++++++++++ + configure.ac | 13 ++++++++++++ + sysdeps/x86/sysdep.h | 22 ++++++++++++++++---- + sysdeps/x86_64/multiarch/strcmp-avx2.S | 5 +---- + sysdeps/x86_64/multiarch/strcmp-evex.S | 5 +---- + sysdeps/x86_64/multiarch/strcmp-sse4_2.S | 5 +---- + sysdeps/x86_64/sysdep.h | 26 ++++++++++++++++++++++++ + 10 files changed, 89 insertions(+), 16 deletions(-) + +diff --git a/Makeconfig b/Makeconfig +index 2514db35f6..37df019873 100644 +--- a/Makeconfig ++++ b/Makeconfig +@@ -961,6 +961,11 @@ endif # $(+cflags) == "" + $(+stack-protector) -fno-common + +gcc-nowarn := -w + ++# Add flags for Userspace Livepatching support. ++ifeq (yes,$(enable-userspace-livepatch)) +++cflags += -fpatchable-function-entry=16,14 ++endif ++ + # Each sysdeps directory can contain header files that both will be + # used to compile and will be installed. Each can also contain an + # include/ subdirectory, whose header files will be used to compile +diff --git a/config.h.in b/config.h.in +index 44a34072a4..430627dcaf 100644 +--- a/config.h.in ++++ b/config.h.in +@@ -199,6 +199,9 @@ + /* Define to 1 if libpthread actually resides in libc. */ + #define PTHREAD_IN_LIBC 0 + ++/* Define to 1 if support for userspace livepatching is enabled. */ ++#define ENABLE_USERSPACE_LIVEPATCH 0 ++ + /* An integer used to scale the timeout of test programs. */ + #define TIMEOUTFACTOR 1 + +diff --git a/config.make.in b/config.make.in +index 4afd37feaf..84d957cb1c 100644 +--- a/config.make.in ++++ b/config.make.in +@@ -83,6 +83,7 @@ nss-crypt = @libc_cv_nss_crypt@ + static-nss-crypt = @libc_cv_static_nss_crypt@ + + # Configuration options. ++enable-userspace-livepatch = @enable_userspace_livepatch@ + build-shared = @shared@ + build-profile = @profile@ + build-static-nss = @static_nss@ +diff --git a/configure b/configure +index f84040644b..490800c75c 100755 +--- a/configure ++++ b/configure +@@ -591,6 +591,7 @@ LIBOBJS + pthread_in_libc + RELEASE + VERSION ++enable_userspace_livepatch + mach_interface_list + DEFINES + static_nss +@@ -783,6 +784,7 @@ enable_mathvec + enable_cet + enable_scv + with_cpu ++enable_userspace_livepatch + ' + ac_precious_vars='build_alias + host_alias +@@ -1452,6 +1454,8 @@ Optional Features: + (CET), x86 only + --disable-scv syscalls will not use scv instruction, even if the + kernel supports it, powerpc only ++ --enable-userspace-livepatch ++ build with userspace livepatch support [default=no] + + Optional Packages: + --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] +@@ -6708,6 +6712,22 @@ libc_cv_multidir=`${CC-cc} $CFLAGS $CPPFLAGS -print-multi-directory` + + + ++# Check whether --enable-userspace-livepatch was given. ++if test "${enable_userspace_livepatch+set}" = set; then : ++ enableval=$enable_userspace_livepatch; enable_userspace_livepatch=$enableval ++else ++ enable_userspace_livepatch=no ++fi ++ ++ ++# Libpulp uses -fpatchable-function-entry to add padding NOPS to the ++# prologue of all functions. ++if test "x$enable_userspace_livepatch" = xyes; then ++ $as_echo "#define ENABLE_USERSPACE_LIVEPATCH 1" >>confdefs.h ++ ++fi ++ ++ + VERSION=`sed -n -e 's/^#define VERSION "\([^"]*\)"/\1/p' < $srcdir/version.h` + RELEASE=`sed -n -e 's/^#define RELEASE "\([^"]*\)"/\1/p' < $srcdir/version.h` + +diff --git a/configure.ac b/configure.ac +index 88df3e5eed..1c2983de75 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1803,6 +1803,19 @@ AC_SUBST(DEFINES) + dnl See sysdeps/mach/configure.ac for this variable. + AC_SUBST(mach_interface_list) + ++AC_ARG_ENABLE([userspace-livepatch], ++ AS_HELP_STRING([--enable-userspace-livepatch], ++ [build with userspace livepatch support @<:@default=no@:>@]), ++ [enable_userspace_livepatch=$enableval], ++ [enable_userspace_livepatch=no]) ++ ++# Libpulp uses -fpatchable-function-entry to add padding NOPS to the ++# prologue of all functions. ++if test "x$enable_userspace_livepatch" = xyes; then ++ AC_DEFINE(ENABLE_USERSPACE_LIVEPATCH) ++fi ++AC_SUBST(enable_userspace_livepatch) ++ + VERSION=`sed -n -e 's/^#define VERSION "\([^"]*\)"/\1/p' < $srcdir/version.h` + RELEASE=`sed -n -e 's/^#define RELEASE "\([^"]*\)"/\1/p' < $srcdir/version.h` + AC_SUBST(VERSION) +diff --git a/sysdeps/x86/sysdep.h b/sysdeps/x86/sysdep.h +index 0b3483a77a..329c16306e 100644 +--- a/sysdeps/x86/sysdep.h ++++ b/sysdeps/x86/sysdep.h +@@ -77,15 +77,29 @@ enum cf_protection_level + #define ALIGNARG(log2) 1<