From ec3a161a79422575c0a37566b96ca0642fa99c9d Mon Sep 17 00:00:00 2001 From: Davide Cavalca Date: Oct 27 2023 20:12:06 +0000 Subject: Backport three upstream fixes --- diff --git a/0108-kpatch-build-Fix-setlocalversion-issue-with-6.3-kern.patch b/0108-kpatch-build-Fix-setlocalversion-issue-with-6.3-kern.patch new file mode 100644 index 0000000..4337f1b --- /dev/null +++ b/0108-kpatch-build-Fix-setlocalversion-issue-with-6.3-kern.patch @@ -0,0 +1,113 @@ +From f38c64b7e490c6de1208f277d767bd7b8029edcc Mon Sep 17 00:00:00 2001 +From: Josh Poimboeuf +Date: Mon, 13 Mar 2023 13:51:01 -0700 +Subject: [PATCH 1/3] kpatch-build: Fix setlocalversion issue with 6.3 kernel + +The kernel has a VERMAGIC_STRING, e.g. "6.2.0". The module loader uses +that string to ensure that all loaded modules' version strings match the +kernel's. + +If the kernel source is in a git tree, and if there are uncommitted +changes, the version string will have a '+' or "-dirty" appended to it, +like "6.1.0+" or "6.2.0-dirty". This dirty tree detection is done by +the setlocalversion script. + +This affects kpatch-build in a few ways. When it builds the original +kernel, in some cases there are uncommitted changes to the makefiles. +When it builds the patched kernel, there are additional uncommitted +changes due to the .patch file being applied. + +We want to avoid the VERMAGIC_STRING changing between builds. Otherwise +it would cause problems: + + - object code which uses that string would change unnecessarily, + causing a false positive change detected by create-diff-object + + - the linked patch module would report the wrong version, resulting in + the module failing to load due to version mismatch. + +Up until now, the version was prevented from changing by running +`setlocalversion --save-scmversion` before the build. That command +hard-codes the version by saving it to a file which is then +automatically read later during future invocations of the kernel build. + +Unfortunately that feature was removed in the 6.3 merge window with +commit f6e09b07cc12 ("kbuild: do not put .scmversion into the source +tarball"). So we need to come up with a new approach. + +Fix it by temporarily replacing the setlocalversion script with a +one-liner which just echo's the original version. I think this is +unfortunately the best we can do, as we really can't handle +VERMAGIC_STRING changing, either during/between kernel builds or during +the module link. + +Fixes #1335. + +Signed-off-by: Josh Poimboeuf +(cherry picked from commit 629b5acf3dab0311e1bebbffec4908999273d58d) +--- + kpatch-build/kpatch-build | 25 +++++++++++++++++++++---- + 1 file changed, 21 insertions(+), 4 deletions(-) + +diff --git a/kpatch-build/kpatch-build b/kpatch-build/kpatch-build +index 938e88f..429f214 100755 +--- a/kpatch-build/kpatch-build ++++ b/kpatch-build/kpatch-build +@@ -166,11 +166,9 @@ remove_patches() { + } + + cleanup() { +- rm -f "$BUILDDIR/.scmversion" +- + remove_patches + +- # restore original vmlinux if it was overwritten by sourcedir build ++ # restore any files that were modified for the build + [[ -e "$TEMPDIR/vmlinux" ]] && mv -f "$TEMPDIR/vmlinux" "$KERNEL_SRCDIR/" + + # restore any files that were modified for the build +@@ -178,6 +176,7 @@ cleanup() { + [[ -e "$TEMPDIR/Makefile.modfinal" ]] && mv -f "$TEMPDIR/Makefile.modfinal" "$KERNEL_SRCDIR/scripts" + [[ -e "$TEMPDIR/Makefile.build" ]] && mv -f "$TEMPDIR/Makefile.build" "$KERNEL_SRCDIR/scripts" + [[ -e "$TEMPDIR/Makefile" ]] && mv -f "$TEMPDIR/Makefile" "$KERNEL_SRCDIR" ++ [[ -e "$TEMPDIR/setlocalversion" ]] && mv -f "$TEMPDIR/setlocalversion" "$KERNEL_SRCDIR/scripts" + + [[ "$DEBUG" -eq 0 ]] && rm -rf "$TEMPDIR" + rm -rf "$RPMTOPDIR" +@@ -994,6 +993,25 @@ if [[ -z "$OOT_MODULE" && ! "$CONFIGFILE" -ef "$KERNEL_SRCDIR"/.config ]] ; then + cp -f "$CONFIGFILE" "$KERNEL_SRCDIR/.config" || die + fi + ++# When the kernel source is in a git repo, applying the patch (plus the ++# Makefile sed hacks we do) can cause it to be built with "+" or "dirty" ++# appended to the kernel version string (VERMAGIC_STRING), even if the original ++# kernel was not dirty. That can complicate both the build (create-diff-object ++# false positive changes) and the patch module link (module version mismatch ++# load failures). ++# ++# Prevent that by replacing the original setlocalversion with a friendlier one ++# which just echo's the original version. This should be done before any ++# changes to the source. ++if [[ -n "$USERSRCDIR" && -e "$KERNEL_SRCDIR/.git" ]]; then ++ cd "$KERNEL_SRCDIR" || die ++ cp -f scripts/setlocalversion "$TEMPDIR" || die ++ LOCALVERSION="$(make kernelversion)" ++ LOCALVERSION="$(KERNELVERSION="$LOCALVERSION" ./scripts/setlocalversion)" ++ [[ -n "$LOCALVERSION" ]] || die "setlocalversion failed" ++ echo "echo $LOCALVERSION" > scripts/setlocalversion ++fi ++ + # kernel option checking + + trace_off "reading .config" +@@ -1131,7 +1149,6 @@ fi + save_env + + echo "Building original source" +-[[ -n "$OOT_MODULE" ]] || ./scripts/setlocalversion --save-scmversion || die + unset KPATCH_GCC_TEMPDIR + + KPATCH_CC_PREFIX="$TOOLSDIR/kpatch-cc " +-- +2.41.0 + diff --git a/0109-kpatch-build-ignore-changes-in-.comment-section.patch b/0109-kpatch-build-ignore-changes-in-.comment-section.patch new file mode 100644 index 0000000..c32ff9c --- /dev/null +++ b/0109-kpatch-build-ignore-changes-in-.comment-section.patch @@ -0,0 +1,30 @@ +From 101bfb58f0111b3e4032645125b5b259454750d4 Mon Sep 17 00:00:00 2001 +From: Song Liu +Date: Fri, 20 Oct 2023 13:55:04 -0700 +Subject: [PATCH 2/3] kpatch-build: ignore changes in .comment section + +.comment section contains compiler version number of compiler(s) used to +generate the object file. With LTO, it is possible that cross file inlining +add/remove items to/from the .comment section. Ignore any changes in the +section in CDO. + +Signed-off-by: Song Liu +--- + kpatch-build/create-diff-object.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/kpatch-build/create-diff-object.c b/kpatch-build/create-diff-object.c +index 4e3341e..4ce0766 100644 +--- a/kpatch-build/create-diff-object.c ++++ b/kpatch-build/create-diff-object.c +@@ -2870,6 +2870,7 @@ static void kpatch_mark_ignored_sections(struct kpatch_elf *kelf) + !strncmp(sec->name, ".rela.discard", 13) || + !strncmp(sec->name, ".llvm_addrsig", 13) || + !strncmp(sec->name, ".rel.llvm.call-graph-profile", 28) || ++ !strncmp(sec->name, ".comment", 8) || + !strncmp(sec->name, ".llvm.", 6)) + sec->ignore = 1; + } +-- +2.41.0 + diff --git a/0110-kpatch-build-handle-init-version-timestamp.o.patch b/0110-kpatch-build-handle-init-version-timestamp.o.patch new file mode 100644 index 0000000..bcf4d23 --- /dev/null +++ b/0110-kpatch-build-handle-init-version-timestamp.o.patch @@ -0,0 +1,46 @@ +From 1b77c087cbaf667d9ce140a7a5885bba7cca59d1 Mon Sep 17 00:00:00 2001 +From: Yonghong Song +Date: Fri, 20 Oct 2023 14:21:30 -0700 +Subject: [PATCH 3/3] kpatch-build: handle init/version-timestamp.o + +init/version-timestamp.c is introduced after 5.19. + 2df8220cc511 kbuild: build init/built-in.a just once +The init/version-timestamp.o is built after some compilation/build has +been done, so it can have accurate version information. The +init/version-timestamp.o is used in final linking. Different build +environment, including machine or build time can make +init/version-timestamp.o different from each other. + +Make two changes in kpatch-build to avoid init/version-timestamp.o +introduced build failures. + +Signed-off-by: Yonghong Song +Signed-off-by: Song Liu +--- + kpatch-build/kpatch-build | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/kpatch-build/kpatch-build b/kpatch-build/kpatch-build +index 429f214..3af1918 100755 +--- a/kpatch-build/kpatch-build ++++ b/kpatch-build/kpatch-build +@@ -634,6 +634,7 @@ find_kobj() { + arch/x86/kernel/head*.o|\ + arch/x86/kernel/platform-quirks.o|\ + arch/x86/lib/lib.a|\ ++ init/version-timestamp.o|\ + lib/lib.a) + KOBJFILE=vmlinux + return +@@ -1287,7 +1288,7 @@ for i in $FILES; do + [[ "$DISTRO" = rhel ]] || [[ "$DISTRO" = centos ]] || [[ "$DISTRO" = ol ]] && \ + [[ "$i" = arch/x86/lib/copy_user_64.o ]] && continue + +- [[ "$i" = usr/initramfs_data.o ]] && continue ++ [[ "$i" = usr/initramfs_data.o || $i = init/version-timestamp.o ]] && continue + + mkdir -p "output/$(dirname "$i")" + cd "$BUILDDIR" || die +-- +2.41.0 + diff --git a/kpatch.spec b/kpatch.spec index 9129ff0..62037a7 100644 --- a/kpatch.spec +++ b/kpatch.spec @@ -2,7 +2,7 @@ Name: kpatch Version: 0.9.8 -Release: 1.1%{?dist} +Release: 1.2%{?dist} Summary: Dynamic kernel patch manager Group: System Environment/Kernel @@ -25,6 +25,9 @@ Patch104: 0104-kpatch-build-add-support-for-clang-pgo.patch Patch105: 0105-create-diff-object-ignore-section-.rel.llvm.call-gra.patch Patch106: 0106-kpatch-build-Run-objtool-on-thinlto-files.patch Patch107: 0107-kpatch-build-skip-more-symbols-in-locals_match.patch +Patch108: 0108-kpatch-build-Fix-setlocalversion-issue-with-6.3-kern.patch +Patch109: 0109-kpatch-build-ignore-changes-in-.comment-section.patch +Patch110: 0110-kpatch-build-handle-init-version-timestamp.o.patch # kpatch-dnf backports (inactive -- for future reference) #Patch200: 0200-foo-bar-etcetera.patch @@ -82,6 +85,9 @@ kpatch-patch packages updates. %patch105 -p1 %patch106 -p1 %patch107 -p1 +%patch108 -p1 +%patch109 -p1 +%patch110 -p1 %setup -D -T -a 1 @@ -124,6 +130,9 @@ echo "To enable automatic kpatch-patch subscription, run:" echo -e "\t$ dnf kpatch auto" %changelog +* Fri Oct 27 2023 Davide Cavalca - 0.9.8-1.2 +- Backport three upstream fixes + * Wed Mar 15 2023 Davide Cavalca - 0.9.8-1.1 - Update to 0.9.8 - Refresh clang PGO patches