* [gentoo-soc] Fwd: [GSoC 2017 - week 02] Report summary
[not found] <20170611102829.GB27332@alitoo>
@ 2017-06-12 19:27 ` Alice Ferrazzi
0 siblings, 0 replies; only message in thread
From: Alice Ferrazzi @ 2017-06-12 19:27 UTC (permalink / raw
To: gentoo-soc
[-- Attachment #1.1: Type: text/plain, Size: 15445 bytes --]
---------- Forwarded message ----------
From: Alice Ferrazzi <alicef@gentoo.org>
Date: Sun, Jun 11, 2017 at 7:28 PM
Subject: [GSoC 2017 - week 02] Report summary
To: gentoo-soc@lists.gentoo.org
Cc: Mike Pagano <mpagano@gentoo.org>, Gokturk Yuksek <gokturk@gentoo.org>
Hello everyone,
Here is my week 02 report summary.
Day 04
1-What was my plan for the day?
working on kpatch packaging
2- Did I achieve it? if not, what do I intend to do to remedy
that?
Working on fixing the kpatch ebuild pull request.
I fixed the license like Gokturk said.
but also:
fixed metadata.xml indentation
sorted lexical
Added new line after HOMEPAGE
now i'm rebuilding the kernel for testing it again with some
new changes
3- what will I do next day?
Going on on fixing the kpatch package
https://github.com/gentoo/gentoo/pull/4844
The next day I will work on the review of the kpatch if there
is, trying to package ksplice maybe and making my
gitweb.gentoo.org repository.
Day 05
1-What was my plan for the day?
working on kpatch packaging
2- Did I achieve it? if not, what do I intend to do to remedy that?
Kpatch is now upstream in the gentoo repository
https://github.com/gentoo/gentoo/pull/4844
also created the repository for Gentoo Kernel Live patching system
and created the mirror repository on git.gentoo.org
now called elivepatch because I thought we can probably use it not
only for security patch but also for more general patching.
This repository will try to solve the trouble of live patching
the kernel on different Gentoo systems.
https://github.com/aliceinwire/elivepatch
3- what will I do next day?
Try to understand how Kpatch works
Day 06
1-What was my plan for the day?
use kpatch and write some documentation.
2- Did I achieve it? if not, what do I intend to do to remedy that?
Kpatch examples are bit systemd hardcode dependant but anyway
they works.
Here kpatch is using systemctl for start kpatch systemd service
https://github.com/dynup/kpatch/blob/810f9243826219cca9276d364512bb
88411aa863/kpatch/kpatch#L289
Would be nice to make it work also with openrc.
I will start making some documentation for Kpatch and add it
to the gentoo wiki.
3- what will I do next day?
Going on on working with kpatch and writing documentation.
Day 07
1-What was my plan for the day?
use kpatch and write some documentation.
2- Did I achieve it? if not, what do I intend to do to remedy that?
today I got aware that instead of unset ARCH i could just run
set_arch_to_kernel Gentoo script.
And that was one of the change of today.
I also went on starting to use kpatch and checking that everything
is working correctly.
Kpatch is actually working correctly, it could load module but I
had some problem
unloading module
kpatch - hot patch module management
loading the module:
gsoc-2017 testmod (gentoo*) # kpatch load testmod.ko
loading patch module: testmod.ko
dmesg output:
[98196.595313] kpatch: loading out-of-tree module taints kernel.
[98196.595329] kpatch: module verification failed: signature and/or
required key missing - tainting kernel
unloading the module:
gsoc-2017 testmod (gentoo*) # kpatch unload testmod.ko
kpatch: patch module testmod.ko is not loaded
but I could unload correctly using rmmod testmod
kpatch list is also working as expected:
gsoc-2017 testmod (gentoo*) # kpatch list
Loaded patch modules:
Installed patch modules:
testmod (4.9.16-gentoo)
and kpatch info
gsoc-2017 testmod (gentoo*) # kpatch info testmod
Patch information for testmod:
filename: /var/lib/kpatch/4.9.16-gentoo/testmod.ko
license: GPL
depends:
vermagic: 4.9.16-gentoo SMP mod_unload modversions
kpatch install and uninstall looks also working but is not sure
gsoc-2017 testmod (gentoo*) # kpatch install testmod.ko
installing testmod.ko (4.9.16-gentoo)
/usr/local/sbin/kpatch: line 289: systemctl: command not found
kpatch uninstall testmod.ko
uninstalling testmod.ko (4.9.16-gentoo)
The problems became more obvious by using kpatch-build
kpatch-build is the script for automatically make live patch kernel
module from
patch files.
gsoc-2017 kpatch (master) # kpatch-build -t -v
/boot/vmlinuz-4.4.44-gentoo examples/tcp_cubic-better-
follow-cubic-curve-converted.patch --skip-gcc-check
WARNING: Skipping gcc version matching check (not recommended)
ERROR: Unsupported distribution.
and that is because is hard checking the distribution from
/etc/os-release
so I started writing a patch
https://github.com/aliceinwire/kpatch/commit/
9f7f236cfe9d4592267a6b08483751ad5a1da069
but others problem come out like claming that some binary is not
there
I'm thinking that one way to go is by using the -s option Specify
kernel source directory
gsoc-2017 kpatch (gentoo) # kpatch-build/kpatch-build -t -v
/boot/vmlinuz-4.4.44-gentoo examples/tcp_cubic-better-
follow-cubic-curve-converted.patch --skip-gcc-check
WARNING: Skipping gcc version matching check (not recommended)
ERROR: kernel-debuginfo-4.9.16-gentoo not installed.
by using -s option is going on with the work but still stopping
little after
gsoc-2017 kpatch (gentoo) # kpatch-build/kpatch-build -t -s
/usr/src/linux-4.9.16-gentoo/vmlinux -v /boot/vmlinuz-4.9.16-gentoo
examples/tcp_cubic-better-follow-cubic-curve-converted.patch
--skip-gcc-check
WARNING: Skipping gcc version matching check (not recommended)
ERROR: can't find supporting tools.
and this is because of this code
The tools mentioned are the TOOLSDIR/SCRIPTDIR
118 if [[ -e "$SCRIPTDIR/create-diff-object" ]]; then
119 # git repo
120 TOOLSDIR="$SCRIPTDIR"
121 DATADIR="$(readlink -f $SCRIPTDIR/../kmod)"
122 elif [[ -e "$SCRIPTDIR/../libexec/kpatch/create-diff-object"
]]; then
123 # installation path
124 TOOLSDIR="$(readlink -f $SCRIPTDIR/../libexec/kpatch)"
125 DATADIR="$(readlink -f $SCRIPTDIR/../share/kpatch)"
126 else
127 return 1
128 fi
SCRIPTDIR="$(readlink -f $(dirname $(type -p $0)))"
+ find_dirs
+ [[ -e /root/kpatch/kpatch-build/create-diff-object ]]
+ [[ -e /root/kpatch/kpatch-build/../libexec/kpatch/create-diff-object
]]
+ return 1
+ die 'can'\''t find supporting tools'
and i'm still investigating this part
Yesterday I tried to use some real patch downloaded from linux git
and I could load also such patch after converting it with the
testing tools in the
testing folder of kpatch
but other dmesg saying I loaded the patch I couldn't understand
what it was doing
so would be better to write some fake module by myself with some
real output
like just adding some printk
printk("Module being loaded.\n");
would be enough i susptect
after changing the patch file like this
--- testmod_drv.c 2017-06-09 02:37:43.980000000 +0000
+++ testmod_drv.c.orig 2017-06-09 02:36:56.100000000 +0000
@@ -11,7 +11,7 @@ int value = 2;
static ssize_t value_show(struct kobject *kobj,
struct
kobj_attribute *attr, char *buf)
{
- return sprintf(buf, "%d\n", value+1);
+ return sprintf(buf, "%d\n", value);
}
static struct kobj_attribute testmod_value_attr =
__ATTR_RO(value);
+ @@ -29,7 +29,6 @@ static int testmod_init(void)
+ kobject_put(testmod_kobj);
+ return ret;
+ }
+ - printk("Module being loaded.\n");
+
+ return 0;
i could get correctly:
[98196.595313] kpatch: loading out-of-tree module taints kernel.
[98196.595329] kpatch: module verification failed: signature and/or
required key missing - tainting kernel
[207928.744194] Module being loaded.
generated patch
gsoc-2017 testmod (master*) # file testmod.ko
testmod.ko: ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV),
BuildID[sha1]=9f7ab4eec1a8ee28b6e0bd7850388aca35da65b6, not stripped, with
debug_info
gcc-version get checked correctly
readelf -p .comment /usr/src/linux-4.9.16-gentoo/vmlinux
String dump of section '.comment':
[ 0] GCC: (Gentoo 5.4.0-r3 p1.3, pie-0.6.5) 5.4.0
I also wondered if would be nice to try also ksplice but from what
i could see
looks like ksplice works only for kernel 3.*
if this is the case so I don't think is needed for our project
as Gentoo Kernel is moving to releasing manly Gentoo kernel 4.*
https://github.com/jirislaby/ksplice/issues/7
so in conclusion using kpatch by hand is working as far as I know
3- what will I do next day?
Going on writing script for making kpatch-build work on Gentoo
Day 08
What i have to do today?
Going on investigating using kpatch in different machine.
What i did today?
gsoc-2017 kpatch (gentoo*) # kpatch-build/kpatch-build -s
/usr/src/linux-4.9.16-gentoo/ -v /usr/src/linux-4.9.16-gentoo/vmlinux
examples/test.patch --skip-gcc-check
WARNING: Skipping gcc version matching check (not recommended)
Using source directory at /usr/src/linux-4.9.16-gentoo
Testing patch file
checking file fs/xfs/libxfs/xfs_bmap.c
Reading special section data
Building original kernel
Building patched kernel
Extracting new and modified ELF sections
xfs_bmap.o: changed function: xfs_bmap_add_extent_hole_real
xfs_bmap.o: changed function: xfs_bmap_split_extent_at
xfs_bmap.o: changed function: xfs_bmap_add_extent_unwritten_real
xfs_bmap.o: changed function: xfs_bmap_add_extent_delay_real
xfs_bmap.o: changed function: xfs_bmse_merge.isra.4.constprop.10
xfs_bmap.o: changed function: xfs_bmse_shift_one.constprop.7
xfs_bmap.o: changed function: xfs_bmap_del_extent
xfs_bmap.o: changed function: xfs_bmapi_read
xfs_bmap.o: changed function: xfs_bmapi_write
xfs_bmap.o: changed function: __xfs_bunmapi
xfs_bmap.o: changed function: xfs_bmap_shift_extents
Patched objects: vmlinux
Building patch module: kpatch-test.ko
SUCCESS
kpatch load kpatch-test.ko
dmesg:
[Jun 9 22:57] kpatch: tainting kernel with TAINT_LIVEPATCH
[ +0.000002] kpatch: loaded patch module 'kpatch_test'
looks like is a success for now!
I will start to build the patch for a different system
So I will set a second Gentoo enviroment with 4.9.16 on qemu
* CONFIG_FUNCTION_TRACER must be enabled in the kernel's config file
* CONFIG_KALLSYMS_ALL must be enabled in the kernel's config file
made the livepatch worker for elivepatch waiting compiling the kernel
https://github.com/aliceinwire/elivepatch/blob/master/elivepatch_server/
resources/livepatch.py
kernel compile is finished and I moved the kpatch.ko to a different
machine
and it dosen't work...
this are the difference in the two kernel configuration files
--- /usr/src/linux/.config 2017-06-10 19:51:48.930000000 +0000
+++ config 2017-06-10 21:01:18.340000000 +0000
@@ -621,7 +621,7 @@ CONFIG_LEGACY_VSYSCALL_EMULATE=y
# CONFIG_CMDLINE_BOOL is not set
CONFIG_MODIFY_LDT_SYSCALL=y
CONFIG_HAVE_LIVEPATCH=y
-CONFIG_LIVEPATCH=y
+# CONFIG_LIVEPATCH is not set
CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y
CONFIG_ARCH_ENABLE_MEMORY_HOTREMOVE=y
CONFIG_USE_PERCPU_NUMA_NODE_ID=y
@@ -3758,7 +3758,11 @@ CONFIG_MESSAGE_LOGLEVEL_DEFAULT=4
#
# Compile-time checks and compiler options
#
-# CONFIG_DEBUG_INFO is not set
+CONFIG_DEBUG_INFO=y
+# CONFIG_DEBUG_INFO_REDUCED is not set
+# CONFIG_DEBUG_INFO_SPLIT is not set
+CONFIG_DEBUG_INFO_DWARF4=y
+# CONFIG_GDB_SCRIPTS is not set
CONFIG_ENABLE_WARN_DEPRECATED=y
CONFIG_ENABLE_MUST_CHECK=y
CONFIG_FRAME_WARN=2048
ok Let's try with the same kernel config and then give the summary.
looks like is failing as same
kernel_dev ~ # kpatch load testmod.ko
loading core module: /usr/local/lib/kpatch/4.9.16-gentoo/kpatch.ko
insmod: ERROR: could not insert module
/usr/local/lib/kpatch/4.9.16-gentoo/kpatch.ko:
Invalid module format
kpatch: failed to load core module
Tried to use insmod:
[ 883.481889] kpatch: disagrees about version of symbol
module_layout
[ 940.346754] testmod: loading out-of-tree module taints kernel.
[ 940.346767] testmod: module verification failed: signature
and/or required key missing - tainting kernel
[ 940.346921] Module being loaded.
module being loaded. is the correct output of the live patch.
about the kpatch ebuild i divided 'make all' in src_compile and 'make
install' in src_install
on Gokturk suggestion
https://github.com/aliceinwire/elivepatch/blob/master/sys-kernel/kpatch/
kpatch-0.4.0.ebuild
Different live patch system:
kGraft
This system of live patching consist in keeping active the old
function and the new function and redirect the call to the old function to
the new one.
Not compatible with 4.x
kpatch
Is using stop_machine() for halting all the cpu and examine the
stack for check that nothing is using the function, and then use ftrace
handler for bypass the oldfunction in the new one.
Here the problem come with function that are always active and this
means that such functions cannot be changed (like irq_thread()).
LIVEPATCH
Recently introduced in the kernel is similar to kpatch but with
less feature.
kpatch code module.
For each function patched by the module we must:
Call stop_machine
Ensure that no task has the old function in its call stack
Add the new function address to kpatch_func_hash
--
アリス フェッラッツィ
Alice Ferrazzi
Gentoo Kernel Project Leader
Mail: Alice Ferrazzi <alicef@gentoo.org>
PGP: 2E4E 0856 461C 0585 1336 F496 5621 A6B2 8638 781A
[-- Attachment #1.2: Type: text/html, Size: 19880 bytes --]
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 849 bytes --]
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2017-06-12 19:27 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20170611102829.GB27332@alitoo>
2017-06-12 19:27 ` [gentoo-soc] Fwd: [GSoC 2017 - week 02] Report summary Alice Ferrazzi
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox