From: Josh Poimboeuf <jpoimboe@kernel.org>
To: live-patching@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, x86@kernel.org,
Miroslav Benes <mbenes@suse.cz>, Petr Mladek <pmladek@suse.com>,
Joe Lawrence <joe.lawrence@redhat.com>,
Jiri Kosina <jikos@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Marcos Paulo de Souza <mpdesouza@suse.com>,
Song Liu <song@kernel.org>
Subject: [RFC 00/31] objtool, livepatch: Livepatch module generation
Date: Mon, 2 Sep 2024 20:59:43 -0700 [thread overview]
Message-ID: <cover.1725334260.git.jpoimboe@kernel.org> (raw)
Hi,
Here's a new way to build livepatch modules called klp-build.
I started working on it when I realized that objtool already does 99% of
the work needed for detecting function changes.
This is similar in concept to kpatch-build, but the implementation is
much cleaner.
Personally I still have reservations about the "source-based" approach
(klp-convert and friends), including the fragility and performance
concerns of -flive-patching. I would submit that klp-build might be
considered the "official" way to make livepatch modules.
Please try it out and let me know what you think. Based on v6.10.
Also avaiable at:
git://git.kernel.org/pub/scm/linux/kernel/git/jpoimboe/linux.git klp-build-rfc
More details (cribbed from the big final patch):
------
Add a klp-build script which makes use of a new "objtool klp" subcommand
to generate livepatch modules using a source patch as input.
The concept is similar to kpatch-build which has been a successful
out-of-tree project for over a decade. It takes a source .patch as an
input, builds kernels before and after, does a binary diff, and copies
any changed functions into a new object file which is then linked into a
livepatch module.
By making use of existing objtool functionality, and taking from lessons
learned over the last decade of maintaining kpatch-build, the overall
design is much simpler. In fact, it's a complete redesign and has been
written from scratch (no copied code).
Advantages over kpatch-build:
- Runs on vmlinux.o, so it's compatible with late-linked features like
IBT and LTO
- Much simpler design: ~3k fewer LOC
- Makes use of existing objtool CFG functionality to create checksums
for trivially detecting changed functions
- Offset __LINE__ changes are no longer a problem thanks to the
adjust-patch-lines script
- In-tree means less cruft, easier maintenance, and a larger pool of
potential maintainers
To use, run the following from the kernel source root:
scripts/livepatch/klp-build /path/to/my.patch
If it succeeds, the patch module (livepatch.ko) will be created in the
current directory.
TODO:
- specify module name on cmdline
- handle edge cases like correlation of static locals
- support other arches (currently x86-64 only)
- support clang
- performance optimization
- automated testing
- documentation
Josh Poimboeuf (31):
x86/alternative: Refactor INT3 call emulation selftest
x86/module: Improve relocation error messages
x86/kprobes: Remove STACK_FRAME_NON_STANDARD annotation
kernel/sys: Don't reference UTS_RELEASE directly
x86/compiler: Tweak __UNIQUE_ID naming
elfnote: Use __UNIQUE_ID() for note symbols
kbuild: Remove "kmod" prefix from __KBUILD_MODNAME
objtool: Remove .parainstructions reference
objtool: Const string cleanup
objtool: Use 'struct elf' in elf macros
objtool: Add section/symbol type helpers
objtool: 'objname' refactoring
objtool: Support references to all symbol types in special sections
objtool: Refactor add_jump_destinations()
objtool: Interval tree cleanups
objtool: Simplify fatal error handling
objtool: Open up the elf API
objtool: Disallow duplicate prefix symbols
objtool: Add elf_create_file()
objtool: Add UD1 detection
objtool: Fix x86 addend calcuation
objtool: Make find_symbol_containing() less arbitrary
objtool: Handle __pa_symbol() relocations
objtool: Make STACK_FRAME_NON_STANDARD consistent
objtool: Fix interval tree insertion for zero-length symbols
objtool: Make interval tree functions "static inline"
objtool: Fix weak symbol detection
x86/alternative: Create symbols for special section entries
objtool: Calculate function checksums
livepatch: Enable -ffunction-sections -fdata-sections
objtool, livepatch: Livepatch module generation
.gitignore | 3 +
Makefile | 9 +
arch/x86/include/asm/alternative.h | 50 +-
arch/x86/include/asm/asm.h | 24 +-
arch/x86/include/asm/bug.h | 2 +
arch/x86/include/asm/cpufeature.h | 2 +
arch/x86/include/asm/jump_label.h | 2 +
arch/x86/kernel/alternative.c | 51 +-
arch/x86/kernel/kprobes/opt.c | 4 -
arch/x86/kernel/module.c | 15 +-
include/asm-generic/vmlinux.lds.h | 2 +-
include/linux/compiler.h | 8 +-
include/linux/elfnote.h | 12 +-
include/linux/init.h | 3 +-
include/linux/livepatch.h | 25 +-
include/linux/livepatch_ext.h | 83 ++
include/linux/livepatch_patch.h | 73 ++
include/linux/objtool.h | 38 +-
kernel/livepatch/core.c | 8 +-
kernel/sys.c | 2 +-
scripts/Makefile.lib | 5 +-
scripts/livepatch/adjust-patch-lines | 181 +++
scripts/livepatch/klp-build | 355 ++++++
scripts/livepatch/module.c | 120 ++
scripts/module.lds.S | 22 +-
tools/include/linux/livepatch_ext.h | 83 ++
tools/objtool/Build | 4 +-
tools/objtool/Makefile | 34 +-
tools/objtool/arch/loongarch/decode.c | 6 +-
tools/objtool/arch/loongarch/orc.c | 30 +-
tools/objtool/arch/powerpc/decode.c | 6 +-
tools/objtool/arch/x86/decode.c | 118 +-
tools/objtool/arch/x86/orc.c | 27 +-
tools/objtool/arch/x86/special.c | 2 +-
tools/objtool/builtin-check.c | 66 +-
tools/objtool/check.c | 1414 ++++++++++-------------
tools/objtool/elf.c | 1059 +++++++++--------
tools/objtool/include/objtool/arch.h | 5 +-
tools/objtool/include/objtool/builtin.h | 4 +-
tools/objtool/include/objtool/check.h | 5 +-
tools/objtool/include/objtool/elf.h | 156 ++-
tools/objtool/include/objtool/klp.h | 25 +
tools/objtool/include/objtool/objtool.h | 6 +-
tools/objtool/include/objtool/orc.h | 10 +-
tools/objtool/include/objtool/special.h | 2 +-
tools/objtool/include/objtool/warn.h | 50 +-
tools/objtool/klp-diff.c | 1112 ++++++++++++++++++
tools/objtool/klp-link.c | 122 ++
tools/objtool/klp.c | 57 +
tools/objtool/objtool.c | 78 +-
tools/objtool/orc_dump.c | 100 +-
tools/objtool/orc_gen.c | 48 +-
tools/objtool/special.c | 58 +-
tools/objtool/sync-check.sh | 1 +
tools/objtool/weak.c | 11 +-
55 files changed, 4076 insertions(+), 1722 deletions(-)
create mode 100644 include/linux/livepatch_ext.h
create mode 100644 include/linux/livepatch_patch.h
create mode 100755 scripts/livepatch/adjust-patch-lines
create mode 100755 scripts/livepatch/klp-build
create mode 100644 scripts/livepatch/module.c
create mode 100644 tools/include/linux/livepatch_ext.h
create mode 100644 tools/objtool/include/objtool/klp.h
create mode 100644 tools/objtool/klp-diff.c
create mode 100644 tools/objtool/klp-link.c
create mode 100644 tools/objtool/klp.c
--
2.45.2
next reply other threads:[~2024-09-03 4:00 UTC|newest]
Thread overview: 94+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-03 3:59 Josh Poimboeuf [this message]
2024-09-03 3:59 ` [RFC 01/31] x86/alternative: Refactor INT3 call emulation selftest Josh Poimboeuf
2024-09-03 3:59 ` [RFC 02/31] x86/module: Improve relocation error messages Josh Poimboeuf
2024-09-03 3:59 ` [RFC 03/31] x86/kprobes: Remove STACK_FRAME_NON_STANDARD annotation Josh Poimboeuf
2024-09-03 3:59 ` [RFC 04/31] kernel/sys: Don't reference UTS_RELEASE directly Josh Poimboeuf
2024-09-03 3:59 ` [RFC 05/31] x86/compiler: Tweak __UNIQUE_ID naming Josh Poimboeuf
2024-09-03 7:56 ` Peter Zijlstra
2024-09-04 2:01 ` Josh Poimboeuf
2024-09-08 19:43 ` David Laight
2024-09-03 3:59 ` [RFC 06/31] elfnote: Use __UNIQUE_ID() for note symbols Josh Poimboeuf
2024-09-03 3:59 ` [RFC 07/31] kbuild: Remove "kmod" prefix from __KBUILD_MODNAME Josh Poimboeuf
2024-09-03 7:58 ` Peter Zijlstra
2024-09-04 2:11 ` Josh Poimboeuf
2024-09-04 7:53 ` Peter Zijlstra
2024-09-03 3:59 ` [RFC 08/31] objtool: Remove .parainstructions reference Josh Poimboeuf
2024-09-03 3:59 ` [RFC 09/31] objtool: Const string cleanup Josh Poimboeuf
2024-09-03 3:59 ` [RFC 10/31] objtool: Use 'struct elf' in elf macros Josh Poimboeuf
2024-09-03 3:59 ` [RFC 11/31] objtool: Add section/symbol type helpers Josh Poimboeuf
2024-09-03 3:59 ` [RFC 12/31] objtool: 'objname' refactoring Josh Poimboeuf
2024-09-03 3:59 ` [RFC 13/31] objtool: Support references to all symbol types in special sections Josh Poimboeuf
2024-09-03 3:59 ` [RFC 14/31] objtool: Refactor add_jump_destinations() Josh Poimboeuf
2024-09-03 3:59 ` [RFC 15/31] objtool: Interval tree cleanups Josh Poimboeuf
2024-09-03 3:59 ` [RFC 16/31] objtool: Simplify fatal error handling Josh Poimboeuf
2024-09-03 4:00 ` [RFC 17/31] objtool: Open up the elf API Josh Poimboeuf
2024-09-03 4:00 ` [RFC 18/31] objtool: Disallow duplicate prefix symbols Josh Poimboeuf
2024-09-03 4:00 ` [RFC 19/31] objtool: Add elf_create_file() Josh Poimboeuf
2024-09-03 4:00 ` [RFC 20/31] objtool: Add UD1 detection Josh Poimboeuf
2024-09-03 8:17 ` Peter Zijlstra
2024-09-04 2:25 ` Josh Poimboeuf
2024-09-03 4:00 ` [RFC 21/31] objtool: Fix x86 addend calcuation Josh Poimboeuf
2024-09-04 9:24 ` laokz
2024-09-04 16:15 ` Josh Poimboeuf
2024-09-03 4:00 ` [RFC 22/31] objtool: Make find_symbol_containing() less arbitrary Josh Poimboeuf
2024-09-03 4:00 ` [RFC 23/31] objtool: Handle __pa_symbol() relocations Josh Poimboeuf
2024-09-03 4:00 ` [RFC 24/31] objtool: Make STACK_FRAME_NON_STANDARD consistent Josh Poimboeuf
2024-09-03 4:00 ` [RFC 25/31] objtool: Fix interval tree insertion for zero-length symbols Josh Poimboeuf
2024-09-03 4:00 ` [RFC 26/31] objtool: Make interval tree functions "static inline" Josh Poimboeuf
2024-09-03 4:00 ` [RFC 27/31] objtool: Fix weak symbol detection Josh Poimboeuf
2024-09-03 8:26 ` Peter Zijlstra
2024-09-04 3:55 ` Josh Poimboeuf
2024-09-04 7:42 ` Peter Zijlstra
2024-09-04 16:03 ` Josh Poimboeuf
2024-09-03 4:00 ` [RFC 28/31] x86/alternative: Create symbols for special section entries Josh Poimboeuf
2024-09-03 8:29 ` Peter Zijlstra
2024-09-04 4:28 ` Josh Poimboeuf
2024-09-04 8:08 ` Peter Zijlstra
2024-09-04 16:13 ` Josh Poimboeuf
2024-09-04 12:39 ` Borislav Petkov
2024-09-04 16:44 ` Josh Poimboeuf
2024-09-06 10:19 ` Borislav Petkov
2024-09-06 16:53 ` Josh Poimboeuf
2024-09-06 6:51 ` [RFC 28/31] x86/alternative: Create symbols for special section entrie Weinan Liu
2024-09-07 6:28 ` Josh Poimboeuf
2024-09-03 4:00 ` [RFC 29/31] objtool: Calculate function checksums Josh Poimboeuf
2024-09-04 7:54 ` Peter Zijlstra
2024-09-04 16:11 ` Josh Poimboeuf
2024-09-03 4:00 ` [RFC 30/31] livepatch: Enable -ffunction-sections -fdata-sections Josh Poimboeuf
2024-09-03 4:00 ` [RFC 31/31] objtool, livepatch: Livepatch module generation Josh Poimboeuf
2024-09-04 21:38 ` Jeff Johnson
2024-09-05 4:15 ` Josh Poimboeuf
2024-09-12 2:39 ` laokz
2024-09-03 17:32 ` [RFC 00/31] " Song Liu
2024-09-04 4:30 ` Josh Poimboeuf
2024-09-04 5:26 ` Song Liu
2024-09-04 6:37 ` Josh Poimboeuf
2024-09-04 7:09 ` Josh Poimboeuf
2024-09-04 20:23 ` Song Liu
2024-09-04 20:59 ` Josh Poimboeuf
2024-09-04 21:32 ` Song Liu
2024-09-05 4:13 ` Josh Poimboeuf
2024-09-05 7:13 ` Josh Poimboeuf
2024-09-05 21:34 ` Song Liu
2024-09-07 6:46 ` Josh Poimboeuf
2024-09-07 17:43 ` Song Liu
2024-09-07 20:14 ` Josh Poimboeuf
2024-09-08 5:04 ` Song Liu
2024-09-09 21:19 ` Josh Poimboeuf
2024-09-09 21:43 ` Song Liu
2024-09-06 13:56 ` Joe Lawrence
2024-09-06 17:00 ` Josh Poimboeuf
2024-09-06 21:01 ` Joe Lawrence
2024-09-06 22:45 ` Josh Poimboeuf
2024-09-07 1:47 ` Josh Poimboeuf
2024-09-07 14:17 ` Joe Lawrence
2024-09-11 7:39 ` Josh Poimboeuf
2024-09-12 13:44 ` Joe Lawrence
2024-09-13 14:39 ` Joe Lawrence
2024-09-13 23:09 ` Josh Poimboeuf
2024-09-11 13:27 ` Petr Mladek
2024-09-11 16:20 ` Josh Poimboeuf
2024-09-12 16:05 ` Song Liu
2024-09-13 18:16 ` [External] " A K M Fazla Mehrab .
2024-09-17 7:12 ` Petr Mladek
2024-09-23 2:29 ` Chen Zhongjin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1725334260.git.jpoimboe@kernel.org \
--to=jpoimboe@kernel.org \
--cc=jikos@kernel.org \
--cc=joe.lawrence@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=live-patching@vger.kernel.org \
--cc=mbenes@suse.cz \
--cc=mpdesouza@suse.com \
--cc=peterz@infradead.org \
--cc=pmladek@suse.com \
--cc=song@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).