diff --git a/0100-kpatch-wait-for-module-ref-counts-on-unload.patch b/0100-kpatch-wait-for-module-ref-counts-on-unload.patch deleted file mode 100644 index 2b10e15..0000000 --- a/0100-kpatch-wait-for-module-ref-counts-on-unload.patch +++ /dev/null @@ -1,100 +0,0 @@ -From cdee6bd650a35075515d4fe2bb67657811c9640c Mon Sep 17 00:00:00 2001 -From: Joe Lawrence -Date: Mon, 16 Nov 2020 15:21:59 -0500 -Subject: [PATCH] kpatch: wait for module ref counts on unload - -There exists a very small timing window in which "kpatch unload" gets to -its "rmmod" step before the kpatch-patch module's reference count has -cleared and the "rmmod" fails. - -This is only a transient problem, but we can adopt code from upstream -livepatch kselftests which wait for the module refcounts to settle -before moving onto "rmmod". - -A small wrinkle is that this is not supported by the older kpatch.ko -core. The price for circumventing the activeness safety check via -KPATCH_FORCE_UNSAFE is that it must leave the kpatch patch modules in -place (see e1890e627a9b ("prevent rmmod of forced modules")). - -Signed-off-by: Joe Lawrence ---- - kpatch/kpatch | 40 ++++++++++++++++++++++++++++++++++++++-- - 1 file changed, 38 insertions(+), 2 deletions(-) - -diff --git a/kpatch/kpatch b/kpatch/kpatch -index bca8f41..b35b742 100755 ---- a/kpatch/kpatch -+++ b/kpatch/kpatch -@@ -28,6 +28,7 @@ SCRIPTDIR="$(readlink -f "$(dirname "$(type -p "$0")")")" - VERSION="0.9.2" - POST_ENABLE_WAIT=15 # seconds - POST_SIGNAL_WAIT=60 # seconds -+MODULE_REF_WAIT=15 # seconds - - # How many times to try loading the patch if activeness safety check fails. - MAX_LOAD_ATTEMPTS=5 -@@ -125,6 +126,10 @@ find_core_module() { - return 1 - } - -+kpatch_core_loaded() { -+ grep -q -e "T kpatch_register" /proc/kallsyms -+} -+ - core_loaded () { - grep -q -e "T klp_enable_patch" -e "T kpatch_register" /proc/kallsyms - } -@@ -265,6 +270,31 @@ wait_for_patch_transition() { - return 1 - } - -+module_ref_count() { -+ local modname="$1" -+ [[ $(cat "/sys/module/$modname/refcnt" 2>/dev/null) != "0" ]] -+} -+ -+wait_for_zero_module_ref_count() { -+ local modname="$1" -+ local i=0 -+ -+ # We can't rely on a zero refcount with kpatch.ko as it -+ # implements KPATCH_FORCE_UNSAFE with an additional reference on -+ # kpatch-patch modules to avoid potential crashes. -+ kpatch_core_loaded && return 0 -+ -+ module_ref_count "$modname" || return 0 -+ -+ echo "waiting (up to $MODULE_REF_WAIT seconds) for module refcount..." -+ for (( i=0; i /dev/null || return 0 -+ rmmod "$modname" 2> /dev/null || return 0 - } - - unload_module () { --- -2.25.4 - diff --git a/0200-Makefile-set-install-permission-modes.patch b/0200-Makefile-set-install-permission-modes.patch deleted file mode 100644 index aecd225..0000000 --- a/0200-Makefile-set-install-permission-modes.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 73f6d5cdb2a4ce78cec6f49517116a3c7616f393 Mon Sep 17 00:00:00 2001 -From: Joe Lawrence -Date: Thu, 12 Nov 2020 15:15:47 -0500 -Subject: [PATCH] Makefile: set install permission modes - -By default, the install command will apply rwxr-xr-x permissions (how -intuitive). Give the command expected file modes to avoid rpmbuild -complaints like this: - - *** WARNING: ./usr/lib/python3.9/site-packages/dnf-plugins/kpatch.py is executable but has no shebang, removing executable bit - *** WARNING: ./etc/dnf/plugins/kpatch.conf is executable but has no shebang, removing executable bit - -Signed-off-by: Joe Lawrence ---- - Makefile | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/Makefile b/Makefile -index fb92d06..77c8eb5 100644 ---- a/Makefile -+++ b/Makefile -@@ -23,11 +23,11 @@ all: $(TARGETS) - - install: $(TARGETS) - install -d $(MANDIR) -- install man/dnf.kpatch.8.gz $(MANDIR) -+ install -m 644 man/dnf.kpatch.8.gz $(MANDIR) - install -d $(CONFDIR) -- install conf/kpatch.conf $(CONFDIR) -+ install -m 644 conf/kpatch.conf $(CONFDIR) - install -d $(DNFPLUGINDIR) -- install kpatch.py $(DNFPLUGINDIR) -+ install -m 644 kpatch.py $(DNFPLUGINDIR) - - %.gz: % - gzip --keep $^ --- -2.25.4 - diff --git a/kpatch.spec b/kpatch.spec index 2aa7c53..d3c6b87 100644 --- a/kpatch.spec +++ b/kpatch.spec @@ -1,8 +1,8 @@ -%define kpatch_dnf_ver 0.2 +%define kpatch_dnf_ver 0.3 Name: kpatch -Version: 0.9.2 -Release: 5%{?dist} +Version: 0.9.3 +Release: 1%{?dist} Summary: Dynamic kernel patch manager Group: System Environment/Kernel @@ -15,11 +15,11 @@ Source1: kpatch-dnf-v%{kpatch_dnf_ver}.tar.gz Patch0: 0001-contrib-disable-upstart-kpatch.conf-install.patch Patch1: 0002-kpatch-clarify-unload-unsupport.patch -# Upstream backports -Patch100: 0100-kpatch-wait-for-module-ref-counts-on-unload.patch +# Upstream backports (inactive -- for future reference) +#Patch100: 0100-kpatch-wait-for-module-ref-counts-on-unload.patch -# kpatch-dnf backports -Patch200: 0200-Makefile-set-install-permission-modes.patch +# kpatch-dnf backports (inactive -- for future reference) +#Patch200: 0200-foo-bar-etcetera.patch Requires: bash kmod binutils Recommends: kpatch-dnf @@ -49,12 +49,15 @@ kpatch-patch packages updates. %setup -q %patch0 -p1 %patch1 -p1 -%patch100 -p1 +# Use this to apply upstream patches to kpatch (inactive) +#%patch100 -p1 %setup -D -T -a 1 -cd kpatch-dnf-%{kpatch_dnf_ver} -%patch200 -p1 -cd .. + +# Use this to apply patches to kpatch-dnf (inactive) +#cd kpatch-dnf-%{kpatch_dnf_ver} +#%patch200 -p1 +#cd .. %build make -C man @@ -85,6 +88,9 @@ echo "To enable automatic kpatch-patch subscription, run:" echo -e "\t$ dnf kpatch auto" %changelog +* Tue May 18 2021 Joel Savitz - 0.9.3-1 +- Rebase to latest upstream + * Fri Apr 16 2021 Mohan Boddu - 0.9.2-5 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937