tree: import rhel-9.0.0-alpha files from latest rhel-8 branch

The rhel-9.0.0-alpha branch is empty, so bring in all the files from the
rhel-8.4.0 branch.

Resolves: rhbz#1901593
Acked-by: Artem Savkov <asavkov@redhat.com>
Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>

0001-contrib-disable-upstart-kpatch.conf-install.patch

@@ -0,0 +1,46 @@
+From f056d60fb309896a52882fd3fc10fb5305f5a47e Mon Sep 17 00:00:00 2001
+From: Joe Lawrence <joe.lawrence@redhat.com>
+Date: Thu, 21 Jun 2018 15:40:20 -0400
+Subject: [PATCH] contrib: disable upstart kpatch.conf install
+
+Do not install the upstart configuration file to avoid this rhpkg
+build complaint:
+
+  Checking for unpackaged file(s): /usr/lib/rpm/check-files /builddir/build/BUILDROOT/kpatch-0.6.1-1.el7.noarch
+  error: Installed (but unpackaged) file(s) found:
+     /etc/init/kpatch.conf
+      Installed (but unpackaged) file(s) found:
+     /etc/init/kpatch.conf
+
+We'll need to think of a better way to do this upstream, but for now,
+just skip the unneeded file on RHEL.
+
+Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
+---
+ contrib/Makefile | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/contrib/Makefile b/contrib/Makefile
+index 0b0eeeb23a56..e873f27d6eae 100644
+--- a/contrib/Makefile
++++ b/contrib/Makefile
+@@ -6,12 +6,12 @@ install: all
+ 	$(INSTALL) -d $(SYSTEMDDIR)
+ 	$(INSTALL) -m 0644 kpatch.service $(SYSTEMDDIR)
+ 	sed -i 's~PREFIX~$(PREFIX)~' $(SYSTEMDDIR)/kpatch.service
+-	$(INSTALL) -d $(UPSTARTDIR)
+-	$(INSTALL) -m 0644 kpatch.conf $(UPSTARTDIR)
+-	sed -i 's~PREFIX~$(PREFIX)~' $(UPSTARTDIR)/kpatch.conf
++#	$(INSTALL) -d $(UPSTARTDIR)
++#	$(INSTALL) -m 0644 kpatch.conf $(UPSTARTDIR)
++#	sed -i 's~PREFIX~$(PREFIX)~' $(UPSTARTDIR)/kpatch.conf
+ 
+ uninstall:
+ 	$(RM) $(SYSTEMDDIR)/kpatch.service
+-	$(RM) $(UPSTARTDIR)/kpatch.conf
++#	$(RM) $(UPSTARTDIR)/kpatch.conf
+ 
+ clean:
+-- 
+1.8.3.1
+

0002-kpatch-clarify-unload-unsupport.patch

@@ -0,0 +1,78 @@
+kpatch: clarify that "kpatch unload" isn't supported
+
+Add a user-prompt to the kpatch unload subcommand and make a similiar
+mention in the manual page.
+
+Provide an undocumented force option so that QE and dev scripts can
+still run unload kpatch modules from scripts.
+
+RHEL-only.
+
+Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
+diff -Nupr kpatch-0.6.1.old/kpatch/kpatch kpatch-0.6.1/kpatch/kpatch
+--- kpatch-0.9.2.old/kpatch/kpatch	2019-08-28 10:35:01.191259434 -0400
++++ kpatch-0.9.2/kpatch/kpatch	2019-08-28 16:11:13.067926576 -0400
+@@ -49,8 +49,8 @@ usage () {
+ 	echo >&2
+ 	usage_cmd "load --all" "load all installed patch modules into the running kernel"
+ 	usage_cmd "load <module>" "load patch module into the running kernel"
+-	usage_cmd "unload --all" "unload all patch modules from the running kernel"
+-	usage_cmd "unload <module>" "unload patch module from the running kernel"
++	usage_cmd "unload --all (UNSUPPORTED)" "unload all patch modules from the running kernel"
++	usage_cmd "unload <module> (UNSUPPORTED)" "unload patch module from the running kernel"
+ 	echo >&2
+ 	usage_cmd "info <module>" "show information about a patch module"
+ 	echo >&2
+@@ -71,6 +71,16 @@ die() {
+ 	exit 1
+ }
+ 
++confirm_prompt() {
++	local prompt="$1"
++	local answer
++	while true; do
++		read -rp "$prompt [Y/N] " answer
++		[[ $answer == 'Y' || $answer == 'y' ]] && return 0
++		[[ $answer == 'N' || $answer == 'n' ]] && return 1
++	done
++}
++
+ __find_module () {
+ 	MODULE="$1"
+ 	[[ -f "$MODULE" ]] && return
+@@ -406,6 +416,19 @@ unset MODULE
+ init_sysfs_var
+ 
+ [[ "$#" -lt 1 ]] && usage
++
++# RHEL-specific support options
++case "$1" in
++"force")
++	# For scripting purposes, support "kpatch force unload".
++	# Shift out the "force" to avoid the user-prompt check below.
++	shift
++	;;
++"unload")
++	confirm_prompt "WARNING: Red Hat doesn't support unloading of kpatches, continue anyway?" || exit 1
++	;;
++esac
++
+ case "$1" in
+ "load")
+ 	[[ "$#" -ne 2 ]] && usage
+diff -Nupr kpatch-0.6.1.old/man/kpatch.1 kpatch-0.6.1/man/kpatch.1
+--- kpatch-0.9.2.old/man/kpatch.1	2019-08-28 10:35:01.191259434 -0400
++++ kpatch-0.9.2/man/kpatch.1	2019-08-28 14:51:23.268198897 -0400
+@@ -23,10 +23,10 @@ load --all
+ load <module>
+        load patch module into the running kernel
+ 
+-unload --all
++unload --all (UNSUPPORTED)
+        unload all patch modules from the running kernel
+ 
+-unload <module>
++unload <module> (UNSUPPORTED)
+        unload patch module from the running kernel
+ 
+ info <module>

0100-kpatch-wait-for-module-ref-counts-on-unload.patch

@@ -0,0 +1,100 @@
+From cdee6bd650a35075515d4fe2bb67657811c9640c Mon Sep 17 00:00:00 2001
+From: Joe Lawrence <joe.lawrence@redhat.com>
+Date: Mon, 16 Nov 2020 15:21:59 -0500
+Subject: [PATCH] kpatch: wait for module ref counts on unload
+
+There exists a very small timing window in which "kpatch unload" gets to
+its "rmmod" step before the kpatch-patch module's reference count has
+cleared and the "rmmod" fails.
+
+This is only a transient problem, but we can adopt code from upstream
+livepatch kselftests which wait for the module refcounts to settle
+before moving onto "rmmod".
+
+A small wrinkle is that this is not supported by the older kpatch.ko
+core.  The price for circumventing the activeness safety check via
+KPATCH_FORCE_UNSAFE is that it must leave the kpatch patch modules in
+place (see e1890e627a9b ("prevent rmmod of forced modules")).
+
+Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
+---
+ kpatch/kpatch | 40 ++++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 38 insertions(+), 2 deletions(-)
+
+diff --git a/kpatch/kpatch b/kpatch/kpatch
+index bca8f41..b35b742 100755
+--- a/kpatch/kpatch
++++ b/kpatch/kpatch
+@@ -28,6 +28,7 @@ SCRIPTDIR="$(readlink -f "$(dirname "$(type -p "$0")")")"
+ VERSION="0.9.2"
+ POST_ENABLE_WAIT=15	# seconds
+ POST_SIGNAL_WAIT=60	# seconds
++MODULE_REF_WAIT=15	# seconds
+ 
+ # How many times to try loading the patch if activeness safety check fails.
+ MAX_LOAD_ATTEMPTS=5
+@@ -125,6 +126,10 @@ find_core_module() {
+ 	return 1
+ }
+ 
++kpatch_core_loaded() {
++	grep -q -e "T kpatch_register" /proc/kallsyms
++}
++
+ core_loaded () {
+ 	grep -q -e "T klp_enable_patch" -e "T kpatch_register" /proc/kallsyms
+ }
+@@ -265,6 +270,31 @@ wait_for_patch_transition() {
+ 	return 1
+ }
+ 
++module_ref_count() {
++	local modname="$1"
++	[[ $(cat "/sys/module/$modname/refcnt" 2>/dev/null) != "0" ]]
++}
++
++wait_for_zero_module_ref_count() {
++	local modname="$1"
++	local i=0
++
++	# We can't rely on a zero refcount with kpatch.ko as it
++	# implements KPATCH_FORCE_UNSAFE with an additional reference on
++	# kpatch-patch modules to avoid potential crashes.
++	kpatch_core_loaded && return 0
++
++	module_ref_count "$modname" || return 0
++
++	echo "waiting (up to $MODULE_REF_WAIT seconds) for module refcount..."
++	for (( i=0; i<MODULE_REF_WAIT; i++ )); do
++		module_ref_count "$modname" || return 0
++		sleep 1s
++	done
++
++	return 1
++}
++
+ load_module () {
+ 	local module="$1"
+ 
+@@ -381,10 +411,16 @@ disable_patch_strict () {
+ }
+ 
+ remove_module () {
+-	echo "unloading patch module: $1"
++	local modname="$1"
++
++	if ! wait_for_zero_module_ref_count "$modname"; then
++		die "failed to unload module $modname (refcnt)"
++	fi
++
++	echo "unloading patch module: $modname"
+ 	# ignore any error here because rmmod can fail if the module used
+ 	# KPATCH_FORCE_UNSAFE.
+-	rmmod "$1" 2> /dev/null || return 0
++	rmmod "$modname" 2> /dev/null || return 0
+ }
+ 
+ unload_module () {
+-- 
+2.25.4
+

0200-Makefile-set-install-permission-modes.patch

@@ -0,0 +1,39 @@
+From 73f6d5cdb2a4ce78cec6f49517116a3c7616f393 Mon Sep 17 00:00:00 2001
+From: Joe Lawrence <joe.lawrence@redhat.com>
+Date: Thu, 12 Nov 2020 15:15:47 -0500
+Subject: [PATCH] Makefile: set install permission modes
+
+By default, the install command will apply rwxr-xr-x permissions (how
+intuitive).  Give the command expected file modes to avoid rpmbuild
+complaints like this:
+
+  *** WARNING: ./usr/lib/python3.9/site-packages/dnf-plugins/kpatch.py is executable but has no shebang, removing executable bit
+  *** WARNING: ./etc/dnf/plugins/kpatch.conf is executable but has no shebang, removing executable bit
+
+Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
+---
+ Makefile | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index fb92d06..77c8eb5 100644
+--- a/Makefile
++++ b/Makefile
+@@ -23,11 +23,11 @@ all: $(TARGETS)
+ 
+ install: $(TARGETS)
+ 	install -d $(MANDIR)
+-	install man/dnf.kpatch.8.gz $(MANDIR)
++	install -m 644 man/dnf.kpatch.8.gz $(MANDIR)
+ 	install -d $(CONFDIR)
+-	install conf/kpatch.conf $(CONFDIR)
++	install -m 644 conf/kpatch.conf $(CONFDIR)
+ 	install -d $(DNFPLUGINDIR)
+-	install kpatch.py $(DNFPLUGINDIR)
++	install -m 644 kpatch.py $(DNFPLUGINDIR)
+ 
+ %.gz: %
+ 	gzip --keep $^
+-- 
+2.25.4
+

gating.yaml

@@ -0,0 +1,6 @@
+--- !Policy
+product_versions:
+  - rhel-9
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: kernel-qe.kernel-ci.general-kpatch.tier0.functional}

kpatch.spec

@@ -0,0 +1,90 @@
+%define kpatch_dnf_ver	0.2
+
+Name:		kpatch
+Version:	0.9.2
+Release:	1%{?dist}
+Summary:	Dynamic kernel patch manager
+
+Group:		System Environment/Kernel
+License:	GPLv2
+URL:		https://github.com/dynup/kpatch
+Source0:	https://github.com/dynup/kpatch/archive/v%{version}.tar.gz
+Source1:	kpatch-dnf-v%{kpatch_dnf_ver}.tar.gz
+
+# RHEL-only
+Patch0:		0001-contrib-disable-upstart-kpatch.conf-install.patch
+Patch1:		0002-kpatch-clarify-unload-unsupport.patch
+
+# Upstream backports
+Patch100:	0100-kpatch-wait-for-module-ref-counts-on-unload.patch
+
+# kpatch-dnf backports
+Patch200:	0200-Makefile-set-install-permission-modes.patch
+
+Requires:	bash kmod binutils
+Recommends:	kpatch-dnf
+
+BuildArch:	noarch
+
+
+%description
+kpatch is a live kernel patch module manager.  It allows the user to manage
+a collection of binary kernel patch modules which can be used to dynamically
+patch the kernel without rebooting.
+
+
+%package -n kpatch-dnf
+Summary:	kpatch-patch manager plugin for DNF
+Version:	%kpatch_dnf_ver
+Release:	2%{?dist}
+BuildRequires:	python3-devel python3-dnf
+Requires:	python3 python3-dnf python3-hawkey
+Provides:	kpatch-dnf
+
+%description -n kpatch-dnf
+kpatch-dnf is a DNF plugin than manages subcription to kpatch-patch updates.
+When enabled, kernel packages are automatically subscribed to corresponding
+kpatch-patch packages updates.
+
+%prep
+%setup -q
+%patch0 -p1
+%patch1 -p1
+%patch100 -p1
+
+%setup -D -T -a 1
+cd kpatch-dnf-%{kpatch_dnf_ver}
+%patch200 -p1
+cd ..
+
+%build
+make -C man
+
+make -C kpatch-dnf-%{kpatch_dnf_ver}
+
+%install
+make install PREFIX=/usr DESTDIR=%{buildroot} -C kpatch
+make install PREFIX=/usr DESTDIR=%{buildroot} -C man
+make install PREFIX=/usr DESTDIR=%{buildroot} -C contrib
+rm -f %{buildroot}/usr/share/man/man1/kpatch-build.1.gz
+
+make install PREFIX=/usr DESTDIR=%{buildroot} PYTHONSITES=%{python3_sitelib} -C kpatch-dnf-%{kpatch_dnf_ver}
+
+%files
+%{_sbindir}/kpatch
+%{_usr}/lib/systemd/system/kpatch.service
+%doc %{_mandir}/man1/kpatch.1.gz
+
+%files -n kpatch-dnf
+%{python3_sitelib}/dnf-plugins/kpatch.py
+%{python3_sitelib}/dnf-plugins/__pycache__
+%config(noreplace) %{_sysconfdir}/dnf/plugins/kpatch.conf
+%doc %{_mandir}/man8/dnf.kpatch.8.gz
+
+%post -n kpatch-dnf
+echo "To enable automatic kpatch-patch subscription, run:"
+echo -e "\t$ dnf kpatch auto"
+
+%changelog
+* Wed Dec 2 2020 Joe Lawrence <joe.lawrence@redhat.com> 0.9.2-1
+- initial kpatch utility build for rhel-9.0.0 (rhbz#1901593)

sources

@@ -0,0 +1,2 @@
+7290837c74e9d758f867e81d87035afa  v0.9.2.tar.gz
+3d9859136686aa6b691ec8b0d8be6e92  kpatch-dnf-v0.2.tar.gz