[OE-core] [PATCH] recipes-kernel: add kpatch dynamic kernel patching infrastructure
Ruslan Bilovol
rbilovol at cisco.com
Tue Jan 30 15:14:27 UTC 2018
On 01/29/2018 08:35 PM, Khem Raj wrote:
> On Mon, Jan 29, 2018 at 7:06 AM, Ruslan Bilovol <rbilovol at cisco.com> wrote:
>> kpatch is a Linux dynamic kernel patching infrastructure
>> which allows you to patch a running kernel without
>> rebooting or restarting any processes
>>
>> Currently it is enabled and tested on x86-64 systems,
>> although can be extended to PPC64 as well.
>>
>
> perhaps not ready for oe-core yet doesnt seem to support all core
> arches, may be meta-oe is a better place for it for now
Do you mean this should be done because Kpatch tool itself doesn't support
all core arches, or because this recipe doesn't contain support of all arches
which Kpatch support?
So to clarify support matrix, LivePatch feature in mainstream Linux
Kernel is available only for x86-64, PPC64 and S390 architectures;
patches for ARM64 support are on their way to kernel.
Kpatch tool supports only x86-64 and PPC64 architectures.
This recipe supports only x86-64 architecture because there is
no HW in openembedded-core for which I can build and test it.
E.g. there is QEMU machine for x86-64 but there is no for PPC64.
Any other way to test it?
Thanks,
Ruslan
>
>> Signed-off-by: Ruslan Bilovol <rbilovol at cisco.com>
>> ---
>> meta/recipes-kernel/kpatch/kpatch.inc | 49 ++++++++++
>> ...patch-build-add-cross-compilation-support.patch | 103 +++++++++++++++++++++
>> ...tch-build-allow-overriding-of-distro-name.patch | 62 +++++++++++++
>> meta/recipes-kernel/kpatch/kpatch_git.bb | 11 +++
>> 4 files changed, 225 insertions(+)
>> create mode 100644 meta/recipes-kernel/kpatch/kpatch.inc
>> create mode 100644 meta/recipes-kernel/kpatch/kpatch/0001-kpatch-build-add-cross-compilation-support.patch
>> create mode 100644 meta/recipes-kernel/kpatch/kpatch/0002-kpatch-build-allow-overriding-of-distro-name.patch
>> create mode 100644 meta/recipes-kernel/kpatch/kpatch_git.bb
>>
>> diff --git a/meta/recipes-kernel/kpatch/kpatch.inc b/meta/recipes-kernel/kpatch/kpatch.inc
>> new file mode 100644
>> index 0000000..b1e73e9
>> --- /dev/null
>> +++ b/meta/recipes-kernel/kpatch/kpatch.inc
>> @@ -0,0 +1,49 @@
>> +SUMMARY = "Linux dynamic kernel patching infrastructure"
>> +DESCRIPTION = "kpatch is a Linux dynamic kernel patching infrastructure which allows you to patch a running kernel without rebooting or restarting any processes."
>> +LICENSE = "GPLv2 & LGPLv2"
>> +DEPENDS = "elfutils bash"
>> +
>> +SRC_URI = "git://github.com/dynup/kpatch.git;protocol=https \
>> + file://0001-kpatch-build-add-cross-compilation-support.patch \
>> + file://0002-kpatch-build-allow-overriding-of-distro-name.patch \
>> + "
>> +
>> +EXTRA_OEMAKE = " \
>> + PREFIX=${prefix} \
>> + BINDIR=${D}${bindir} \
>> + SBINDIR=${D}${sbindir} \
>> + LIBDIR=${D}${libdir} \
>> + MANDIR=${D}${mandir}/man1 \
>> + SYSTEMDDIR=${D}${systemd_system_unitdir} \
>> + DESTDIR=${D} \
>> + BUILDMOD=no \
>> + CC='${CC}' \
>> + "
>> +
>> +S = "${WORKDIR}/git"
>> +
>> +do_install () {
>> + oe_runmake install
>> +}
>> +
>> +PACKAGES =+ "kpatch-build"
>> +PROVIDES += "kpatch-build"
>> +
>> +COMPATIBLE_HOST = "(x86_64).*-linux"
>> +
>> +RDEPENDS_${PN} = "bash binutils"
>> +RDEPENDS_kpatch-build = "bash glibc-utils"
>> +
>> +FILES_${PN} = " \
>> + ${sbindir}/kpatch \
>> + ${systemd_system_unitdir}/kpatch.service \
>> + ${mandir}/man1/kpatch.1.gz \
>> + "
>> +FILES_kpatch-build = " \
>> + ${bindir}/kpatch-build \
>> + ${libexecdir}/* \
>> + ${datadir}/kpatch \
>> + ${mandir}/man1/kpatch-build.1.gz \
>> + "
>> +
>> +SYSTEMD_SERVICE_${PN} = "kpatch.service"
>> diff --git a/meta/recipes-kernel/kpatch/kpatch/0001-kpatch-build-add-cross-compilation-support.patch b/meta/recipes-kernel/kpatch/kpatch/0001-kpatch-build-add-cross-compilation-support.patch
>> new file mode 100644
>> index 0000000..459fb21
>> --- /dev/null
>> +++ b/meta/recipes-kernel/kpatch/kpatch/0001-kpatch-build-add-cross-compilation-support.patch
>> @@ -0,0 +1,103 @@
>> +From a9a80a1f4df65892a0269295ce8a64b06f2ff61d Mon Sep 17 00:00:00 2001
>> +From: Ruslan Bilovol <rbilovol at cisco.com>
>> +Date: Tue, 19 Dec 2017 15:59:04 +0200
>> +Subject: [PATCH] kpatch-build: add cross-compilation support
>> +
>> +This patch introduces new option for kpatch-build
>> +script "--cross-compile" which can be used for
>> +specifying cross-complier prefix.
>> +It allows to build live patches not only on
>> +target system, but also on hosts for a target other
>> +than the one on which the compiler is running
>> +
>> +Also removed quotes in exec lines, so it is
>> +possible to pass multy-component strings like
>> +"ccache x86_64-xelinux-linux-" as cross-compiler
>> +
>> +Upstream-Status: Pending
>> +
>> +Signed-off-by: Ruslan Bilovol <rbilovol at cisco.com>
>> +---
>> + kpatch-build/kpatch-build | 13 +++++++++++--
>> + kpatch-build/kpatch-gcc | 4 ++--
>> + 2 files changed, 13 insertions(+), 4 deletions(-)
>> +
>> +diff --git a/kpatch-build/kpatch-build b/kpatch-build/kpatch-build
>> +index 166ecbd..af24cc4 100755
>> +--- a/kpatch-build/kpatch-build
>> ++++ b/kpatch-build/kpatch-build
>> +@@ -195,7 +195,7 @@ gcc_version_check() {
>> + # gcc --version varies between distributions therefore extract version
>> + # by compiling a test file and compare it to vmlinux's version.
>> + echo 'void main(void) {}' > "$c"
>> +- out="$(gcc -c -pg -ffunction-sections -o "$o" "$c" 2>&1)"
>> ++ out="$(${KPATCH_CROSS_COMPILE}gcc -c -pg -ffunction-sections -o "$o" "$c" 2>&1)"
>> + gccver="$(gcc_version_from_file "$o")"
>> + kgccver="$(gcc_version_from_file "$VMLINUX")"
>> + rm -f "$c" "$o"
>> +@@ -381,12 +381,14 @@ usage() {
>> + echo " -d, --debug Enable 'xtrace' and keep scratch files" >&2
>> + echo " in <CACHEDIR>/tmp" >&2
>> + echo " (can be specified multiple times)" >&2
>> ++ echo " --cross-compile Specify the prefix used for all executables" >&2
>> ++ echo " used during compilation" >&2
>> + echo " --skip-cleanup Skip post-build cleanup" >&2
>> + echo " --skip-gcc-check Skip gcc version matching check" >&2
>> + echo " (not recommended)" >&2
>> + }
>> +
>> +-options="$(getopt -o ha:r:s:c:v:j:t:n:o:d -l "help,archversion:,sourcerpm:,sourcedir:,config:,vmlinux:,jobs:,target:,name:,output:,debug,skip-gcc-check,skip-cleanup" -- "$@")" || die "getopt failed"
>> ++options="$(getopt -o ha:r:s:c:v:j:t:n:o:d -l "help,archversion:,sourcerpm:,sourcedir:,config:,vmlinux:,jobs:,target:,name:,output:,debug,cross-compile:,skip-gcc-check,skip-cleanup" -- "$@")" || die "getopt failed"
>> +
>> + eval set -- "$options"
>> +
>> +@@ -444,6 +446,10 @@ while [[ $# -gt 0 ]]; do
>> + echo "DEBUG mode enabled"
>> + fi
>> + ;;
>> ++ --cross-compile)
>> ++ KPATCH_CROSS_COMPILE="$2"
>> ++ shift
>> ++ ;;
>> + --skip-cleanup)
>> + echo "Skipping cleanup"
>> + SKIPCLEANUP=1
>> +@@ -691,6 +697,8 @@ if [[ $DEBUG -ge 4 ]]; then
>> + export KPATCH_GCC_DEBUG=1
>> + fi
>> +
>> ++export KPATCH_CROSS_COMPILE
>> ++
>> + echo "Building original kernel"
>> + ./scripts/setlocalversion --save-scmversion || die
>> + make mrproper 2>&1 | logger || die
>> +@@ -840,6 +848,7 @@ cd "$TEMPDIR/patch" || die
>> + KPATCH_BUILD="$SRCDIR" KPATCH_NAME="$MODNAME" \
>> + KBUILD_EXTRA_SYMBOLS="$KBUILD_EXTRA_SYMBOLS" \
>> + KPATCH_LDFLAGS="$KPATCH_LDFLAGS" \
>> ++CROSS_COMPILE="$KPATCH_CROSS_COMPILE" \
>> + make 2>&1 | logger || die
>> +
>> + if ! "$KPATCH_MODULE"; then
>> +diff --git a/kpatch-build/kpatch-gcc b/kpatch-build/kpatch-gcc
>> +index 6ba133c..3937948 100755
>> +--- a/kpatch-build/kpatch-gcc
>> ++++ b/kpatch-build/kpatch-gcc
>> +@@ -8,7 +8,7 @@ TOOLCHAINCMD="$1"
>> + shift
>> +
>> + if [[ -z "$KPATCH_GCC_TEMPDIR" ]]; then
>> +- exec "$TOOLCHAINCMD" "$@"
>> ++ exec ${KPATCH_CROSS_COMPILE}${TOOLCHAINCMD} "$@"
>> + fi
>> +
>> + declare -a args=("$@")
>> +@@ -80,4 +80,4 @@ elif [[ "$TOOLCHAINCMD" = "ld" ]] ; then
>> + done
>> + fi
>> +
>> +-exec "$TOOLCHAINCMD" "${args[@]}"
>> ++exec ${KPATCH_CROSS_COMPILE}${TOOLCHAINCMD} "${args[@]}"
>> +--
>> +1.9.1
>> +
>> diff --git a/meta/recipes-kernel/kpatch/kpatch/0002-kpatch-build-allow-overriding-of-distro-name.patch b/meta/recipes-kernel/kpatch/kpatch/0002-kpatch-build-allow-overriding-of-distro-name.patch
>> new file mode 100644
>> index 0000000..a9d8a7f
>> --- /dev/null
>> +++ b/meta/recipes-kernel/kpatch/kpatch/0002-kpatch-build-allow-overriding-of-distro-name.patch
>> @@ -0,0 +1,62 @@
>> +From d418d716dae1e2a05131dfb42a19a4da2fc8a85d Mon Sep 17 00:00:00 2001
>> +From: Ruslan Bilovol <rbilovol at cisco.com>
>> +Date: Tue, 2 Jan 2018 14:50:03 +0200
>> +Subject: [PATCH] kpatch-build: allow overriding of distro name
>> +
>> +It is sometimes useful to have ability to override
>> +distro name, for example during cross-compilation
>> +build when livepatch modules will be ran on the
>> +target which differs from host.
>> +
>> +This patch adds a new --distro option which
>> +implements all needed functionality
>> +
>> +Upstream-Status: Pending
>> +
>> +Signed-off-by: Ruslan Bilovol <rbilovol at cisco.com>
>> +---
>> + kpatch-build/kpatch-build | 9 +++++++--
>> + 1 file changed, 7 insertions(+), 2 deletions(-)
>> +
>> +diff --git a/kpatch-build/kpatch-build b/kpatch-build/kpatch-build
>> +index af24cc4..4f9f78d 100755
>> +--- a/kpatch-build/kpatch-build
>> ++++ b/kpatch-build/kpatch-build
>> +@@ -383,12 +383,13 @@ usage() {
>> + echo " (can be specified multiple times)" >&2
>> + echo " --cross-compile Specify the prefix used for all executables" >&2
>> + echo " used during compilation" >&2
>> ++ echo " --distro Override distro name" >&2
>> + echo " --skip-cleanup Skip post-build cleanup" >&2
>> + echo " --skip-gcc-check Skip gcc version matching check" >&2
>> + echo " (not recommended)" >&2
>> + }
>> +
>> +-options="$(getopt -o ha:r:s:c:v:j:t:n:o:d -l "help,archversion:,sourcerpm:,sourcedir:,config:,vmlinux:,jobs:,target:,name:,output:,debug,cross-compile:,skip-gcc-check,skip-cleanup" -- "$@")" || die "getopt failed"
>> ++options="$(getopt -o ha:r:s:c:v:j:t:n:o:d -l "help,archversion:,sourcerpm:,sourcedir:,config:,vmlinux:,jobs:,target:,name:,output:,debug,cross-compile:,distro:,skip-gcc-check,skip-cleanup" -- "$@")" || die "getopt failed"
>> +
>> + eval set -- "$options"
>> +
>> +@@ -450,6 +451,10 @@ while [[ $# -gt 0 ]]; do
>> + KPATCH_CROSS_COMPILE="$2"
>> + shift
>> + ;;
>> ++ --distro)
>> ++ DISTRO="$2"
>> ++ shift
>> ++ ;;
>> + --skip-cleanup)
>> + echo "Skipping cleanup"
>> + SKIPCLEANUP=1
>> +@@ -526,7 +531,7 @@ fi
>> + # Don't check external file.
>> + # shellcheck disable=SC1091
>> + source /etc/os-release
>> +-DISTRO="$ID"
>> ++DISTRO="${DISTRO:-${ID}}"
>> + if [[ "$DISTRO" = fedora ]] || [[ "$DISTRO" = rhel ]] || [[ "$DISTRO" = ol ]] || [[ "$DISTRO" = centos ]]; then
>> + [[ -z "$VMLINUX" ]] && VMLINUX="/usr/lib/debug/lib/modules/$ARCHVERSION/vmlinux"
>> + [[ -e "$VMLINUX" ]] || die "kernel-debuginfo-$ARCHVERSION not installed"
>> +--
>> +1.9.1
>> +
>> diff --git a/meta/recipes-kernel/kpatch/kpatch_git.bb b/meta/recipes-kernel/kpatch/kpatch_git.bb
>> new file mode 100644
>> index 0000000..e495e28
>> --- /dev/null
>> +++ b/meta/recipes-kernel/kpatch/kpatch_git.bb
>> @@ -0,0 +1,11 @@
>> +require kpatch.inc
>> +
>> +LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
>> +
>> +SRCREV = "db6efbb8c7e90d2b761272cf563047119072768f"
>> +
>> +PV = "0.5.0+git${SRCPV}"
>> +
>> +S = "${WORKDIR}/git"
>> +
>> +BBCLASSEXTEND = "native nativesdk"
>> --
>> 1.9.1
>>
>> --
>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core at lists.openembedded.org
>> http://lists.openembedded.org/mailman/listinfo/openembedded-core
More information about the Openembedded-core
mailing list