| 1 |
___Google Summer of Code summary week 08___ |
| 2 |
|
| 3 |
|
| 4 |
What I did in this week 08 summary: |
| 5 |
|
| 6 |
elivepatch: |
| 7 |
|
| 8 |
* Working with tempfile for keeping the uncompressed configuration file using |
| 9 |
the appropiate tempfile module. |
| 10 |
* Refactoring and code cleaning. |
| 11 |
* Check if the ebuild is present in the overlay before trying to merge it. |
| 12 |
* lpatch added locally |
| 13 |
* fix ebuild directory |
| 14 |
* Static patch and config filename on send |
| 15 |
This is useful for isolating the api requests using only the uuid as |
| 16 |
session identifier |
| 17 |
* Removed livepatchStatus and lpatch class configurations. |
| 18 |
Because we need a request to only be identified by is own UUID, |
| 19 |
for isolating the transaction. |
| 20 |
* return in case the request with same uuid is already present. |
| 21 |
* Fixed livepatch output name for reflecting the static setted patch name |
| 22 |
* module install removed as not needed |
| 23 |
* debug option is now also copying the build.log to the uuid |
| 24 |
directory, for investigating failed attempt * refactored uuid\_dir |
| 25 |
with uuid in the case where uuid\_dir is not actually containing the |
| 26 |
full path |
| 27 |
* adding debug\_info to the configuration file if not already present |
| 28 |
however this setting is only needed for the livepatch creation |
| 29 |
(not tested yet) |
| 30 |
|
| 31 |
|
| 32 |
Kpatc: |
| 33 |
|
| 34 |
* Investigate about dwarf attribute problems |
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
What I need to do next time: |
| 40 |
|
| 41 |
* Finish the function for download the livepatch to the client |
| 42 |
* Testing elivepatch |
| 43 |
* Implementing the CVE patch uploader |
| 44 |
* Installing elivepatch to the Gentoo server |
| 45 |
* Fix kpatch-build for automatically work with gentoo-sources |
| 46 |
* Add more features to elivepatch |
| 47 |
|
| 48 |
--------------------------------------------------- |
| 49 |
|
| 50 |
day 33 |
| 51 |
`What was my plan for today?` |
| 52 |
|
| 53 |
* testing and improving elivepatch |
| 54 |
|
| 55 |
`What i did today?` |
| 56 |
|
| 57 |
* Working with tempfile for keeping the uncompressed configuration file using |
| 58 |
the appropiate tempfile module. |
| 59 |
* Refactoring and code cleaning. |
| 60 |
* Check if the ebuild is present in the overlay before trying to merge it. |
| 61 |
|
| 62 |
|
| 63 |
`what i will do next time?` |
| 64 |
|
| 65 |
* testing and improving elivepatch |
| 66 |
--------------------------------------------------- |
| 67 |
day 34 |
| 68 |
|
| 69 |
`What was my plan for today?` |
| 70 |
|
| 71 |
* testing and improving elivepatch |
| 72 |
|
| 73 |
`What i did today?` |
| 74 |
|
| 75 |
* lpatch added locally |
| 76 |
* fix ebuild directory |
| 77 |
* Static patch and config filename on send |
| 78 |
This is useful for isolating the api requests using only the uuid as |
| 79 |
session identifier |
| 80 |
* Removed livepatchStatus and lpatch class configurations. |
| 81 |
Because we need a request to only be identified by is own UUID, |
| 82 |
for isolating the transaction. |
| 83 |
* return in case the request with same uuid is already present. |
| 84 |
|
| 85 |
we still have problem about |
| 86 |
"can'\''t find special struct alt_instr size." |
| 87 |
|
| 88 |
I will investigate it tomorrow |
| 89 |
|
| 90 |
|
| 91 |
|
| 92 |
`what i will do next time?` |
| 93 |
|
| 94 |
* testing and improving elivepatch |
| 95 |
* Investigating the missing informations in the livepatch |
| 96 |
|
| 97 |
--------------------------------------------------- |
| 98 |
day 35 |
| 99 |
|
| 100 |
`What was my plan for today?` |
| 101 |
|
| 102 |
* testing and improving elivepatch |
| 103 |
|
| 104 |
`What i did today?` |
| 105 |
|
| 106 |
Today I investigate the missing information on the livepatch that we have |
| 107 |
when we don't have CONFIG\_DEBUG\_INFO=y in our kernel configuration. |
| 108 |
In the case we don't have debug\_info in the kernel configuration we usually |
| 109 |
get missing alt\_instr errors from kpatch-build and this is stopping elivepatch |
| 110 |
from creating a livepatch. |
| 111 |
This DEBUG\_INFO is only needed for making the livepatch and dosen't |
| 112 |
have to be setted |
| 113 |
also in production (but not tested it yet) |
| 114 |
|
| 115 |
Kpatch need some special section data for find where to inject the livepatch. |
| 116 |
This special section data existence is checked by kpatch-build in the |
| 117 |
given vmlinux file. |
| 118 |
The vmlinux file need CONFIG\_DEBUG\_INFO=y for making the debug |
| 119 |
symbols containing |
| 120 |
the special section data. |
| 121 |
This special section data is found like this: |
| 122 |
|
| 123 |
[[!pygments bash content=""" |
| 124 |
# Set state if name matches |
| 125 |
a == 0 && /DW_AT_name.* alt_instr[[:space:]]*$/ {a = 1; next} |
| 126 |
b == 0 && /DW_AT_name.* bug_entry[[:space:]]*$/ {b = 1; next} |
| 127 |
p == 0 && /DW_AT_name.* paravirt_patch_site[[:space:]]*$/ {p = 1; next} |
| 128 |
e == 0 && /DW_AT_name.* exception_table_entry[[:space:]]*$/ {e = 1; next} |
| 129 |
"""]] |
| 130 |
|
| 131 |
DW\_AT\_NAME is the dwarf attributei (AT) for the name of declaration |
| 132 |
as it appear in |
| 133 |
the source program. |
| 134 |
|
| 135 |
[[!pygments bash content=""" |
| 136 |
<1><3a75de>: Abbrev Number: 118 (DW_TAG_variable) |
| 137 |
<3a75df> DW_AT_name : (indirect string, offset: 0x2878c): |
| 138 |
__alt_instructions |
| 139 |
<3a75e3> DW_AT_decl_file : 1 |
| 140 |
<3a75e4> DW_AT_decl_line : 271 |
| 141 |
<3a75e6> DW_AT_type : <0x3a75d3> |
| 142 |
<3a75ea> DW_AT_external : 1 |
| 143 |
<3a75ea> DW_AT_declaration : 1 |
| 144 |
"""]] |
| 145 |
|
| 146 |
* decl\_file is the file containing the source declaration |
| 147 |
* type is the type of declaration |
| 148 |
* external means that the variable is visible outside of its enclosing |
| 149 |
compilation unit |
| 150 |
* declaration indicates that this entry represents a non-defining |
| 151 |
declaration of object |
| 152 |
|
| 153 |
more informations can be found here http://dwarfstd.org/doc/Dwarf3.pdf |
| 154 |
|
| 155 |
After the kpatch-build identify the various name attribute |
| 156 |
|
| 157 |
It will re build the original kernel and the patched kernel |
| 158 |
|
| 159 |
With the use of create-diff-object program, kpatch-build will |
| 160 |
extract new and modified ELF by using the dwarf data special section |
| 161 |
|
| 162 |
Finally it will create the patch module using create-kpatch-module program |
| 163 |
and by using dynamic linked objects relocation (dynrelas) symbol |
| 164 |
sections changes |
| 165 |
|
| 166 |
[continue...] |
| 167 |
|
| 168 |
`what i will do next time?` |
| 169 |
|
| 170 |
* testing and improving elivepatch |
| 171 |
* Investigating the missing informations in the livepatch |
| 172 |
|
| 173 |
|
| 174 |
--------------------------------------------------- |
| 175 |
|
| 176 |
day 36 |
| 177 |
|
| 178 |
`What was my plan for today?` |
| 179 |
|
| 180 |
* testing and improving elivepatch |
| 181 |
|
| 182 |
`What i did today?` |
| 183 |
|
| 184 |
* Fixed livepatch output name for reflecting the static setted patch name |
| 185 |
* module install removed as not needed |
| 186 |
* debug option is now also copying the build.log to the uuid |
| 187 |
directory, for investigating failed attempt * refactored uuid\_dir |
| 188 |
with uuid in the case where uuid\_dir is not actually containing the |
| 189 |
full path |
| 190 |
* adding debug\_info to the configuration file if not already present |
| 191 |
however this setting is only needed for the livepatch creation |
| 192 |
(not tested yet) |
| 193 |
|
| 194 |
`what i will do next time?` |
| 195 |
|
| 196 |
* testing and improving elivepatch |
| 197 |
|
| 198 |
[[!tag draft ]] |
| 199 |
|
| 200 |
--------------------------------------------------- |
| 201 |
|
| 202 |
-- |
| 203 |
Thanks, |
| 204 |
Alice Ferrazzi |
| 205 |
|
| 206 |
Gentoo Kernel Project Leader |
| 207 |
Mail: Alice Ferrazzi <alicef@g.o> |
| 208 |
PGP: 2E4E 0856 461C 0585 1336 F496 5621 A6B2 8638 781A |
Archives