1 |
___Google Summer of Code summary week 08___ |
2 |
|
3 |
|
4 |
What I did in this week 08 summary: |
5 |
|
6 |
elivepatch: |
7 |
|
8 |
* Working with tempfile for keeping the uncompressed configuration file using |
9 |
the appropiate tempfile module. |
10 |
* Refactoring and code cleaning. |
11 |
* Check if the ebuild is present in the overlay before trying to merge it. |
12 |
* lpatch added locally |
13 |
* fix ebuild directory |
14 |
* Static patch and config filename on send |
15 |
This is useful for isolating the api requests using only the uuid as |
16 |
session identifier |
17 |
* Removed livepatchStatus and lpatch class configurations. |
18 |
Because we need a request to only be identified by is own UUID, |
19 |
for isolating the transaction. |
20 |
* return in case the request with same uuid is already present. |
21 |
* Fixed livepatch output name for reflecting the static setted patch name |
22 |
* module install removed as not needed |
23 |
* debug option is now also copying the build.log to the uuid |
24 |
directory, for investigating failed attempt * refactored uuid\_dir |
25 |
with uuid in the case where uuid\_dir is not actually containing the |
26 |
full path |
27 |
* adding debug\_info to the configuration file if not already present |
28 |
however this setting is only needed for the livepatch creation |
29 |
(not tested yet) |
30 |
|
31 |
|
32 |
Kpatc: |
33 |
|
34 |
* Investigate about dwarf attribute problems |
35 |
|
36 |
|
37 |
|
38 |
|
39 |
What I need to do next time: |
40 |
|
41 |
* Finish the function for download the livepatch to the client |
42 |
* Testing elivepatch |
43 |
* Implementing the CVE patch uploader |
44 |
* Installing elivepatch to the Gentoo server |
45 |
* Fix kpatch-build for automatically work with gentoo-sources |
46 |
* Add more features to elivepatch |
47 |
|
48 |
--------------------------------------------------- |
49 |
|
50 |
day 33 |
51 |
`What was my plan for today?` |
52 |
|
53 |
* testing and improving elivepatch |
54 |
|
55 |
`What i did today?` |
56 |
|
57 |
* Working with tempfile for keeping the uncompressed configuration file using |
58 |
the appropiate tempfile module. |
59 |
* Refactoring and code cleaning. |
60 |
* Check if the ebuild is present in the overlay before trying to merge it. |
61 |
|
62 |
|
63 |
`what i will do next time?` |
64 |
|
65 |
* testing and improving elivepatch |
66 |
--------------------------------------------------- |
67 |
day 34 |
68 |
|
69 |
`What was my plan for today?` |
70 |
|
71 |
* testing and improving elivepatch |
72 |
|
73 |
`What i did today?` |
74 |
|
75 |
* lpatch added locally |
76 |
* fix ebuild directory |
77 |
* Static patch and config filename on send |
78 |
This is useful for isolating the api requests using only the uuid as |
79 |
session identifier |
80 |
* Removed livepatchStatus and lpatch class configurations. |
81 |
Because we need a request to only be identified by is own UUID, |
82 |
for isolating the transaction. |
83 |
* return in case the request with same uuid is already present. |
84 |
|
85 |
we still have problem about |
86 |
"can'\''t find special struct alt_instr size." |
87 |
|
88 |
I will investigate it tomorrow |
89 |
|
90 |
|
91 |
|
92 |
`what i will do next time?` |
93 |
|
94 |
* testing and improving elivepatch |
95 |
* Investigating the missing informations in the livepatch |
96 |
|
97 |
--------------------------------------------------- |
98 |
day 35 |
99 |
|
100 |
`What was my plan for today?` |
101 |
|
102 |
* testing and improving elivepatch |
103 |
|
104 |
`What i did today?` |
105 |
|
106 |
Today I investigate the missing information on the livepatch that we have |
107 |
when we don't have CONFIG\_DEBUG\_INFO=y in our kernel configuration. |
108 |
In the case we don't have debug\_info in the kernel configuration we usually |
109 |
get missing alt\_instr errors from kpatch-build and this is stopping elivepatch |
110 |
from creating a livepatch. |
111 |
This DEBUG\_INFO is only needed for making the livepatch and dosen't |
112 |
have to be setted |
113 |
also in production (but not tested it yet) |
114 |
|
115 |
Kpatch need some special section data for find where to inject the livepatch. |
116 |
This special section data existence is checked by kpatch-build in the |
117 |
given vmlinux file. |
118 |
The vmlinux file need CONFIG\_DEBUG\_INFO=y for making the debug |
119 |
symbols containing |
120 |
the special section data. |
121 |
This special section data is found like this: |
122 |
|
123 |
[[!pygments bash content=""" |
124 |
# Set state if name matches |
125 |
a == 0 && /DW_AT_name.* alt_instr[[:space:]]*$/ {a = 1; next} |
126 |
b == 0 && /DW_AT_name.* bug_entry[[:space:]]*$/ {b = 1; next} |
127 |
p == 0 && /DW_AT_name.* paravirt_patch_site[[:space:]]*$/ {p = 1; next} |
128 |
e == 0 && /DW_AT_name.* exception_table_entry[[:space:]]*$/ {e = 1; next} |
129 |
"""]] |
130 |
|
131 |
DW\_AT\_NAME is the dwarf attributei (AT) for the name of declaration |
132 |
as it appear in |
133 |
the source program. |
134 |
|
135 |
[[!pygments bash content=""" |
136 |
<1><3a75de>: Abbrev Number: 118 (DW_TAG_variable) |
137 |
<3a75df> DW_AT_name : (indirect string, offset: 0x2878c): |
138 |
__alt_instructions |
139 |
<3a75e3> DW_AT_decl_file : 1 |
140 |
<3a75e4> DW_AT_decl_line : 271 |
141 |
<3a75e6> DW_AT_type : <0x3a75d3> |
142 |
<3a75ea> DW_AT_external : 1 |
143 |
<3a75ea> DW_AT_declaration : 1 |
144 |
"""]] |
145 |
|
146 |
* decl\_file is the file containing the source declaration |
147 |
* type is the type of declaration |
148 |
* external means that the variable is visible outside of its enclosing |
149 |
compilation unit |
150 |
* declaration indicates that this entry represents a non-defining |
151 |
declaration of object |
152 |
|
153 |
more informations can be found here http://dwarfstd.org/doc/Dwarf3.pdf |
154 |
|
155 |
After the kpatch-build identify the various name attribute |
156 |
|
157 |
It will re build the original kernel and the patched kernel |
158 |
|
159 |
With the use of create-diff-object program, kpatch-build will |
160 |
extract new and modified ELF by using the dwarf data special section |
161 |
|
162 |
Finally it will create the patch module using create-kpatch-module program |
163 |
and by using dynamic linked objects relocation (dynrelas) symbol |
164 |
sections changes |
165 |
|
166 |
[continue...] |
167 |
|
168 |
`what i will do next time?` |
169 |
|
170 |
* testing and improving elivepatch |
171 |
* Investigating the missing informations in the livepatch |
172 |
|
173 |
|
174 |
--------------------------------------------------- |
175 |
|
176 |
day 36 |
177 |
|
178 |
`What was my plan for today?` |
179 |
|
180 |
* testing and improving elivepatch |
181 |
|
182 |
`What i did today?` |
183 |
|
184 |
* Fixed livepatch output name for reflecting the static setted patch name |
185 |
* module install removed as not needed |
186 |
* debug option is now also copying the build.log to the uuid |
187 |
directory, for investigating failed attempt * refactored uuid\_dir |
188 |
with uuid in the case where uuid\_dir is not actually containing the |
189 |
full path |
190 |
* adding debug\_info to the configuration file if not already present |
191 |
however this setting is only needed for the livepatch creation |
192 |
(not tested yet) |
193 |
|
194 |
`what i will do next time?` |
195 |
|
196 |
* testing and improving elivepatch |
197 |
|
198 |
[[!tag draft ]] |
199 |
|
200 |
--------------------------------------------------- |
201 |
|
202 |
-- |
203 |
Thanks, |
204 |
Alice Ferrazzi |
205 |
|
206 |
Gentoo Kernel Project Leader |
207 |
Mail: Alice Ferrazzi <alicef@g.o> |
208 |
PGP: 2E4E 0856 461C 0585 1336 F496 5621 A6B2 8638 781A |