From: Joe Lawrence <joe.lawrence@redhat.com>
To: Josh Poimboeuf <jpoimboe@kernel.org>
Cc: x86@kernel.org, linux-kernel@vger.kernel.org,
Petr Mladek <pmladek@suse.com>, Miroslav Benes <mbenes@suse.cz>,
live-patching@vger.kernel.org, Song Liu <song@kernel.org>,
laokz <laokz@foxmail.com>, Jiri Kosina <jikos@kernel.org>,
Marcos Paulo de Souza <mpdesouza@suse.com>,
Weinan Liu <wnliu@google.com>,
Fazla Mehrab <a.mehrab@bytedance.com>,
Chen Zhongjin <chenzhongjin@huawei.com>,
Puranjay Mohan <puranjay@kernel.org>,
Dylan Hatch <dylanbhatch@google.com>,
Peter Zijlstra <peterz@infradead.org>
Subject: Re: [PATCH v4 00/63] objtool,livepatch: klp-build livepatch module generation
Date: Tue, 7 Oct 2025 13:38:38 -0400 [thread overview]
Message-ID: <aOVQHknMHwBFmJeg@redhat.com> (raw)
In-Reply-To: <cover.1758067942.git.jpoimboe@kernel.org>
On Wed, Sep 17, 2025 at 09:03:08AM -0700, Josh Poimboeuf wrote:
> Changes since v3 (https://lore.kernel.org/cover.1750980516.git.jpoimboe@kernel.org):
>
> - Get rid of the SHF_MERGE+SHF_WRITE toolchain shenanigans in favor of
> simple .discard.annotate_data annotations
> - Fix potential double free in elf_create_reloc()
> - Sync interval_tree_generic.h (Peter)
> - Refactor prefix symbol creation error handling
> - Rebase on tip/master and fix new issue (--checksum getting added with --noabs)
>
> (v3..v4 diff below)
>
> ----
>
> This series introduces new objtool features and a klp-build script to
> generate livepatch modules using a source .patch as input.
>
> This builds on concepts from the longstanding out-of-tree kpatch [1]
> project which began in 2012 and has been used for many years to generate
> livepatch modules for production kernels. However, this is a complete
> rewrite which incorporates hard-earned lessons from 12+ years of
> maintaining kpatch.
>
> Key improvements compared to kpatch-build:
>
> - Integrated with objtool: Leverages objtool's existing control-flow
> graph analysis to help detect changed functions.
>
> - Works on vmlinux.o: Supports late-linked objects, making it
> compatible with LTO, IBT, and similar.
>
> - Simplified code base: ~3k fewer lines of code.
>
> - Upstream: No more out-of-tree #ifdef hacks, far less cruft.
>
> - Cleaner internals: Vastly simplified logic for symbol/section/reloc
> inclusion and special section extraction.
>
> - Robust __LINE__ macro handling: Avoids false positive binary diffs
> caused by the __LINE__ macro by introducing a fix-patch-lines script
> which injects #line directives into the source .patch to preserve
> the original line numbers at compile time.
>
> The primary user interface is the klp-build script which does the
> following:
>
> - Builds an original kernel with -function-sections and
> -fdata-sections, plus objtool function checksumming.
>
> - Applies the .patch file and rebuilds the kernel using the same
> options.
>
> - Runs 'objtool klp diff' to detect changed functions and generate
> intermediate binary diff objects.
>
> - Builds a kernel module which links the diff objects with some
> livepatch module init code (scripts/livepatch/init.c).
>
> - Finalizes the livepatch module (aka work around linker wreckage)
> using 'objtool klp post-link'.
>
> I've tested with a variety of patches on defconfig and Fedora-config
> kernels with both GCC and Clang.
>
> These patches can also be found at:
>
> git://git.kernel.org/pub/scm/linux/kernel/git/jpoimboe/linux.git klp-build-v3
>
> Please test!
>
For v4.1, with several dozen small, CVE input patches and gcc 14 +
CentOS-Steam-10 config:
Tested-off-by: Joe Lawrence <joe.lawrence@redhat.com>
--
Joe
next prev parent reply other threads:[~2025-10-07 17:38 UTC|newest]
Thread overview: 91+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-17 16:03 [PATCH v4 00/63] objtool,livepatch: klp-build livepatch module generation Josh Poimboeuf
2025-09-17 16:03 ` [PATCH v4 01/63] s390/vmlinux.lds.S: Prevent thunk functions from getting placed with normal text Josh Poimboeuf
2025-09-17 16:03 ` [PATCH v4 02/63] vmlinux.lds: Unify TEXT_MAIN, DATA_MAIN, and related macros Josh Poimboeuf
2025-12-20 16:25 ` Carlos Llamas
2025-09-17 16:03 ` [PATCH v4 03/63] x86/module: Improve relocation error messages Josh Poimboeuf
2025-09-17 16:03 ` [PATCH v4 04/63] x86/kprobes: Remove STACK_FRAME_NON_STANDARD annotation Josh Poimboeuf
2025-09-17 16:03 ` [PATCH v4 05/63] compiler: Tweak __UNIQUE_ID() naming Josh Poimboeuf
2025-09-17 16:03 ` [PATCH v4 06/63] compiler.h: Make addressable symbols less of an eyesore Josh Poimboeuf
2025-09-17 16:03 ` [PATCH v4 07/63] elfnote: Change ELFNOTE() to use __UNIQUE_ID() Josh Poimboeuf
2025-09-17 16:03 ` [PATCH v4 08/63] kbuild: Remove 'kmod_' prefix from __KBUILD_MODNAME Josh Poimboeuf
2025-10-20 12:20 ` Alexander Stein
2025-10-20 17:22 ` Josh Poimboeuf
2025-10-22 9:53 ` Anders Roxell
2025-10-20 12:59 ` Marek Szyprowski
2025-10-20 16:34 ` Mark Brown
2025-10-20 16:37 ` Cosmin Tanislav
2025-09-17 16:03 ` [PATCH v4 09/63] modpost: Ignore unresolved section bounds symbols Josh Poimboeuf
2025-09-17 16:03 ` [PATCH v4 10/63] x86/alternative: Refactor INT3 call emulation selftest Josh Poimboeuf
2025-09-17 16:03 ` [PATCH v4 11/63] interval_tree: Sync interval_tree_generic.h with tools Josh Poimboeuf
2025-09-17 16:03 ` [PATCH v4 12/63] interval_tree: Fix ITSTATIC usage for *_subtree_search() Josh Poimboeuf
2025-09-18 16:30 ` [PATCH v4.1 " Josh Poimboeuf
2025-09-17 16:03 ` [PATCH v4 13/63] objtool: Make find_symbol_containing() less arbitrary Josh Poimboeuf
2025-09-17 16:03 ` [PATCH v4 14/63] objtool: Fix broken error handling in read_symbols() Josh Poimboeuf
2025-09-17 16:03 ` [PATCH v4 15/63] objtool: Propagate elf_truncate_section() error in elf_write() Josh Poimboeuf
2025-09-17 16:03 ` [PATCH v4 16/63] objtool: Remove error handling boilerplate Josh Poimboeuf
2025-09-17 16:03 ` [PATCH v4 17/63] objtool: Add empty symbols to the symbol tree again Josh Poimboeuf
2025-09-17 16:03 ` [PATCH v4 18/63] objtool: Fix interval tree insertion for zero-length symbols Josh Poimboeuf
2025-09-17 16:03 ` [PATCH v4 19/63] objtool: Fix weak symbol detection Josh Poimboeuf
2025-09-17 16:03 ` [PATCH v4 20/63] objtool: Fix x86 addend calculation Josh Poimboeuf
2025-09-17 16:03 ` [PATCH v4 21/63] objtool: Fix __pa_symbol() relocation handling Josh Poimboeuf
2025-09-17 16:03 ` [PATCH v4 22/63] objtool: Fix "unexpected end of section" warning for alternatives Josh Poimboeuf
2025-09-17 16:03 ` [PATCH v4 23/63] objtool: Check for missing annotation entries in read_annotate() Josh Poimboeuf
2025-09-17 16:03 ` [PATCH v4 24/63] objtool: Const string cleanup Josh Poimboeuf
2025-09-17 16:03 ` [PATCH v4 25/63] objtool: Clean up compiler flag usage Josh Poimboeuf
2025-09-17 16:03 ` [PATCH v4 26/63] objtool: Remove .parainstructions reference Josh Poimboeuf
2025-09-17 16:03 ` [PATCH v4 27/63] objtool: Convert elf iterator macros to use 'struct elf' Josh Poimboeuf
2025-09-17 16:03 ` [PATCH v4 28/63] objtool: Add section/symbol type helpers Josh Poimboeuf
2025-09-17 16:03 ` [PATCH v4 29/63] objtool: Mark .cold subfunctions Josh Poimboeuf
2025-09-17 16:03 ` [PATCH v4 30/63] objtool: Fix weak symbol hole detection for .cold functions Josh Poimboeuf
2025-09-17 16:03 ` [PATCH v4 31/63] objtool: Mark prefix functions Josh Poimboeuf
2025-09-17 16:03 ` [PATCH v4 32/63] objtool: Simplify reloc offset calculation in unwind_read_hints() Josh Poimboeuf
2025-09-17 16:03 ` [PATCH v4 33/63] objtool: Avoid emptying lists for duplicate sections Josh Poimboeuf
2025-09-17 16:03 ` [PATCH v4 34/63] objtool: Rename --Werror to --werror Josh Poimboeuf
2025-09-17 16:03 ` [PATCH v4 35/63] objtool: Resurrect --backup option Josh Poimboeuf
2025-09-17 16:03 ` [PATCH v4 36/63] objtool: Reindent check_options[] Josh Poimboeuf
2025-09-17 16:03 ` [PATCH v4 37/63] objtool: Refactor add_jump_destinations() Josh Poimboeuf
2025-09-17 16:03 ` [PATCH v4 38/63] objtool: Simplify special symbol handling in elf_update_symbol() Josh Poimboeuf
2025-09-17 16:03 ` [PATCH v4 39/63] objtool: Generalize elf_create_symbol() Josh Poimboeuf
2025-09-17 16:03 ` [PATCH v4 40/63] objtool: Generalize elf_create_section() Josh Poimboeuf
2025-09-17 16:03 ` [PATCH v4 41/63] objtool: Add elf_create_data() Josh Poimboeuf
2025-09-17 16:03 ` [PATCH v4 42/63] objtool: Add elf_create_reloc() and elf_init_reloc() Josh Poimboeuf
2025-09-17 16:03 ` [PATCH v4 43/63] objtool: Add elf_create_file() Josh Poimboeuf
2025-09-17 16:03 ` [PATCH v4 44/63] objtool: Add annotype() helper Josh Poimboeuf
2025-09-17 16:03 ` [PATCH v4 45/63] objtool: Move ANNOTATE* macros to annotate.h Josh Poimboeuf
2025-09-17 16:03 ` [PATCH v4 46/63] objtool: Add ANNOTATE_DATA_SPECIAL Josh Poimboeuf
2025-09-17 16:03 ` [PATCH v4 47/63] x86/asm: Annotate special section entries Josh Poimboeuf
2025-09-17 16:03 ` [PATCH v4 48/63] objtool: Unify STACK_FRAME_NON_STANDARD entry sizes Josh Poimboeuf
2025-09-17 16:03 ` [PATCH v4 49/63] objtool/klp: Add --checksum option to generate per-function checksums Josh Poimboeuf
2025-10-27 1:19 ` Michael Kelley
2025-10-27 22:22 ` Josh Poimboeuf
2025-11-05 15:22 ` Michael Kelley
2025-11-11 20:09 ` Josh Poimboeuf
2025-11-12 1:39 ` Michael Kelley
2025-11-12 2:26 ` Michael Kelley
2025-11-12 4:04 ` Josh Poimboeuf
2025-11-12 4:32 ` Michael Kelley
2025-11-12 13:25 ` David Laight
2025-11-12 16:16 ` Josh Poimboeuf
2025-11-12 21:39 ` David Laight
2025-09-17 16:03 ` [PATCH v4 50/63] objtool/klp: Add --debug-checksum=<funcs> to show per-instruction checksums Josh Poimboeuf
2025-09-17 16:03 ` [PATCH v4 51/63] objtool/klp: Introduce klp diff subcommand for diffing object files Josh Poimboeuf
2025-10-08 14:01 ` Petr Mladek
2025-10-08 15:27 ` Josh Poimboeuf
2025-10-09 12:29 ` Petr Mladek
2025-10-09 23:19 ` Josh Poimboeuf
2025-09-17 16:04 ` [PATCH v4 52/63] objtool/klp: Add --debug option to show cloning decisions Josh Poimboeuf
2025-09-17 16:04 ` [PATCH v4 53/63] objtool/klp: Add post-link subcommand to finalize livepatch modules Josh Poimboeuf
2025-09-17 16:04 ` [PATCH v4 54/63] objtool: Refactor prefix symbol creation code Josh Poimboeuf
2025-09-17 16:04 ` [PATCH v4 55/63] objtool: Add base objtool support for livepatch modules Josh Poimboeuf
2025-09-17 16:04 ` [PATCH v4 56/63] livepatch: Add CONFIG_KLP_BUILD Josh Poimboeuf
2025-09-17 16:04 ` [PATCH v4 57/63] kbuild,objtool: Defer objtool validation step for CONFIG_KLP_BUILD Josh Poimboeuf
2025-09-17 16:04 ` [PATCH v4 58/63] livepatch/klp-build: Introduce fix-patch-lines script to avoid __LINE__ diff noise Josh Poimboeuf
2025-09-17 16:04 ` [PATCH v4 59/63] livepatch/klp-build: Add stub init code for livepatch modules Josh Poimboeuf
2025-09-17 16:04 ` [PATCH v4 60/63] livepatch/klp-build: Introduce klp-build script for generating " Josh Poimboeuf
2025-09-17 16:04 ` [PATCH v4 61/63] livepatch/klp-build: Add --debug option to show cloning decisions Josh Poimboeuf
2025-09-17 16:04 ` [PATCH v4 62/63] livepatch/klp-build: Add --show-first-changed option to show function divergence Josh Poimboeuf
2025-09-17 16:04 ` [PATCH v4 63/63] livepatch: Introduce source code helpers for livepatch modules Josh Poimboeuf
2025-09-18 16:32 ` [PATCH v4 00/63] objtool,livepatch: klp-build livepatch module generation Josh Poimboeuf
2025-10-07 17:38 ` Joe Lawrence [this message]
2025-10-10 7:30 ` Petr Mladek
2025-10-11 0:54 ` Josh Poimboeuf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aOVQHknMHwBFmJeg@redhat.com \
--to=joe.lawrence@redhat.com \
--cc=a.mehrab@bytedance.com \
--cc=chenzhongjin@huawei.com \
--cc=dylanbhatch@google.com \
--cc=jikos@kernel.org \
--cc=jpoimboe@kernel.org \
--cc=laokz@foxmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=live-patching@vger.kernel.org \
--cc=mbenes@suse.cz \
--cc=mpdesouza@suse.com \
--cc=peterz@infradead.org \
--cc=pmladek@suse.com \
--cc=puranjay@kernel.org \
--cc=song@kernel.org \
--cc=wnliu@google.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).