From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AF7833ACA49 for ; Thu, 14 May 2026 21:20:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778793648; cv=none; b=DAYTXSwPR0bL16Mf/3+fDmuD4WOxeqJX76QPNxD43/EYIIabs4oIIugMGXBd4twQQjW+8tygreywaqgcxvMqYr/twfB565/VIsUXC0nSub3fN0pWDgY4zFRJO9fu/RtVscRX67JocVrrqMKIbQN2E673GGv2K7agFUV7NUcaITQ= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778793648; c=relaxed/simple; bh=84ssf85RHyd57W/mX4XadrQEfKmAMsHwjpfUq65pAX4=; h=From:Subject:To:Cc:In-Reply-To:References:Content-Type:Date: Message-Id; b=W8oVHMoWYn1YDRfhiPCZBLWVBxTsOeOhiG9o643pTeL7QsAkDn+1tnkqFtQqpO/3GpqonwnK/05fc2/FfgsIGXNdHf9HOzw1Oz5Hg3836xpRMm6odQ/tC+zZYDUGXy9XQpV2z2DDrVKcMSHzpdxKlrcjrnOeiPET9T/h0M7ivns= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=QnZRMLGb; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="QnZRMLGb" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5431CC2BCB3; Thu, 14 May 2026 21:20:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1778793648; bh=84ssf85RHyd57W/mX4XadrQEfKmAMsHwjpfUq65pAX4=; h=From:Subject:Reply-To:To:Cc:In-Reply-To:References:Date:From; b=QnZRMLGbW+PJ47jjRL6R3eO4/zph6ycJjmHrhEomMQr2E2KZTsO184/T75hwy8S3w UebTTZZk+l3NyYcB0cO8/D/TlYHX8Biwz/NyipqKfVUW83x8HqElM+GjZCjsJEfCxh eCuZ1MWnAiz0urDmpgSgB1Kz62f7rgxsnvn4A6txSb/Jx/iDNn8/fsebF9Vp+fw4Lc Zib6yhTwct/LGRWPNmY5DxvTYGSH1QgzDYaiARQHT+a2sCBYCTYEAspNNz9lkGs92h r8x+wVVexzI54fW5XQEOAvQ8wQHWH4xsWCvGMwBSeQDxHjyHAQBhTBXy9n8KugS4Ye AP9XJMNrxdpMg== From: sashiko-bot@kernel.org Subject: Re: [RFC 4/4] livepatch/klp-build: add basic out-of-tree module patching support Reply-To: sashiko-reviews@lists.linux.dev To: live-patching@vger.kernel.org Cc: "Petr Mladek" , "Miroslav Benes" , "Josh Poimboeuf" , "Song Liu" In-Reply-To: <20260512221102.2720763-5-joe.lawrence@redhat.com> References: <20260512221102.2720763-5-joe.lawrence@redhat.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Date: Thu, 14 May 2026 21:20:47 +0000 Message-Id: <20260514212048.5431CC2BCB3@smtp.kernel.org> Precedence: bulk X-Mailing-List: live-patching@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Thank you for your contribution! Sashiko AI review found 2 potential issue(= s) to consider: - [Medium] The script hardcodes the temporary directory (klp-tmp) and defau= lt output file to the kernel root directory ($PWD), which breaks building o= ut-of-tree modules against read-only system headers. - [Medium] The commit message incorrectly states that 'make modules_prepare= ' is sufficient to prepare the kernel tree for out-of-tree patching. -- commit c21e20dbe33c0ce1976f54b57ae6fc8cea53b65b Author: Joe Lawrence livepatch/klp-build: add basic out-of-tree module patching support This commit introduces a module-dir option to klp-build to support generating livepatches for out-of-tree kernel modules. It performs two builds of the out-of-tree module to generate the original and patched objects. > klp-build is currently limited to patching in-tree kernel modules. > Introduce a -M/--module-dir option to enable livepatch generation for > basic out-of-tree (OOT) modules. This requires the associated kernel > tree to be pre-configured (e.g., 'make modules_prepare'). The commit message states that running 'make modules_prepare' is sufficient to prepare the tree. Is this description accurate? Looking at do_init(), the script explicitly checks for Module.symvers: [[ -f "$PWD/Module.symvers" ]] || die "kernel must be built first (no Module.symvers in $PWD)" Running 'make modules_prepare' on a clean kernel source tree prepares configuration and headers but does not generate Module.symvers. Could the commit message be updated to clarify that a full build is required? > diff --git a/scripts/livepatch/klp-build b/scripts/livepatch/klp-build > index c4a7acf8edc3f..aef3b47db4f24 100755 > --- a/scripts/livepatch/klp-build > +++ b/scripts/livepatch/klp-build [ ... ] > @@ -433,8 +451,6 @@ validate_patches() { > } > =20 > do_init() { > - # We're not yet smart enough to handle anything other than in-tree > - # builds in pwd. > [[ ! "$PWD" -ef "$SCRIPT_DIR/../.." ]] && die "please run from the kern= el root directory" [ ... ] > + if [[ -n "$MODULE_DIR" ]]; then > + [[ -d "$MODULE_DIR" ]] || die "module directory not found: $MODULE_DIR" > + MODULE_DIR=3D"$(realpath "$MODULE_DIR")" > + [[ -f "$MODULE_DIR/Kbuild" || -f "$MODULE_DIR/Makefile" ]] || > + die "no Kbuild or Makefile in $MODULE_DIR" > + [[ -f "$PWD/Module.symvers" ]] || > + die "kernel must be built first (no Module.symvers in $PWD)" > + fi > + > (( SHORT_CIRCUIT <=3D 1 )) && rm -rf "$TMP_DIR" > mkdir -p "$TMP_DIR" Does creating the temporary directory in the kernel root directory cause permission regressions when building out-of-tree modules? Out-of-tree modules are often built against system-installed kernel headers, which are typically read-only for standard users. Since the script mandates running from the kernel root directory, creating the temporary working directory and default output file inside the present working directory will cause permission denied errors. Could the script use the module directory or a user-specified path for temporary files and the default output instead? --=20 Sashiko AI review =C2=B7 https://sashiko.dev/#/patchset/20260512221102.2720= 763-1-joe.lawrence@redhat.com?part=3D4