rpms/kpatch
6
0
Fork 0
Code Issues Pull Requests Releases Activity

import kpatch-0.9.4-2.el8

Browse Source
This commit is contained in:
CentOS Sources 2022-05-10 03:12:43 -04:00 committed by Stepan Oksanichenko
parent ce537c59a7
commit d1d57e4fc6
6 changed files with 17 additions and 188 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/kpatch-dnf-v0.2.tar.gz SOURCES/kpatch-dnf-v0.4.tar.gz
SOURCES/v0.9.2.tar.gz SOURCES/v0.9.4.tar.gz

4
.kpatch.metadata
View File

@ -1,2 +1,2 @@
74e3123e0edc694676a36994b23094be354f87b5 SOURCES/kpatch-dnf-v0.2.tar.gz fa86620559069e8253b5172849797a6d03b509be SOURCES/kpatch-dnf-v0.4.tar.gz
c0878679129add77d6fff57093640892ad941155 SOURCES/v0.9.2.tar.gz 1f080a31cc087b41cb4d37c514819444bd8a75ae SOURCES/v0.9.4.tar.gz

36
SOURCES/0003-kpatch-cleanup-install-directory.patch
View File

@ -1,36 +0,0 @@
From 47c1bd435a498e736a6fd3f41655c05279560bb1 Mon Sep 17 00:00:00 2001
From: Artem Savkov <artem.savkov@gmail.com>
Date: Thu, 25 Feb 2021 13:24:30 +0100
Subject: [PATCH] kpatch: cleanup install directory
On module installation kpatch utility creates a directory with kernel
version as a name in /var/lib/kpatch which is never removed. To address
this check if any files are left in this directory after each
'uninstall' call and if not - remove it.
Signed-off-by: Artem Savkov <artem.savkov@gmail.com>
---
kpatch/kpatch | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/kpatch/kpatch b/kpatch/kpatch
index ccb6914..8c34ed4 100755
--- a/kpatch/kpatch
+++ b/kpatch/kpatch
@@ -575,10 +575,12 @@ case "$1" in
fi
[[ ! -e "$MODULE" ]] && die "$PATCH is not installed for kernel $KVER"
-
echo "uninstalling $PATCH ($KVER)"
rm -f "$MODULE" || die "failed to uninstall module $PATCH"
+ rmdir --ignore-fail-on-non-empty "$INSTALLDIR/$KVER" || die "failed to remove directory $INSTALLDIR/$KVER"
+ rmdir --ignore-fail-on-non-empty "$INSTALLDIR" || die "failed to remove directory $INSTALLDIR"
+
;;
"list")
--
2.26.2

100
SOURCES/0100-kpatch-wait-for-module-ref-counts-on-unload.patch
View File

@ -1,100 +0,0 @@
From cdee6bd650a35075515d4fe2bb67657811c9640c Mon Sep 17 00:00:00 2001
From: Joe Lawrence <joe.lawrence@redhat.com>
Date: Mon, 16 Nov 2020 15:21:59 -0500
Subject: [PATCH] kpatch: wait for module ref counts on unload
There exists a very small timing window in which "kpatch unload" gets to
its "rmmod" step before the kpatch-patch module's reference count has
cleared and the "rmmod" fails.
This is only a transient problem, but we can adopt code from upstream
livepatch kselftests which wait for the module refcounts to settle
before moving onto "rmmod".
A small wrinkle is that this is not supported by the older kpatch.ko
core. The price for circumventing the activeness safety check via
KPATCH_FORCE_UNSAFE is that it must leave the kpatch patch modules in
place (see e1890e627a9b ("prevent rmmod of forced modules")).
Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
---
kpatch/kpatch | 40 ++++++++++++++++++++++++++++++++++++++--
1 file changed, 38 insertions(+), 2 deletions(-)
diff --git a/kpatch/kpatch b/kpatch/kpatch
index bca8f41..b35b742 100755
--- a/kpatch/kpatch
+++ b/kpatch/kpatch
@@ -28,6 +28,7 @@ SCRIPTDIR="$(readlink -f "$(dirname "$(type -p "$0")")")"
VERSION="0.9.2"
POST_ENABLE_WAIT=15 # seconds
POST_SIGNAL_WAIT=60 # seconds
+MODULE_REF_WAIT=15 # seconds
# How many times to try loading the patch if activeness safety check fails.
MAX_LOAD_ATTEMPTS=5
@@ -125,6 +126,10 @@ find_core_module() {
return 1
}
+kpatch_core_loaded() {
+ grep -q -e "T kpatch_register" /proc/kallsyms
+}
+
core_loaded () {
grep -q -e "T klp_enable_patch" -e "T kpatch_register" /proc/kallsyms
}
@@ -265,6 +270,31 @@ wait_for_patch_transition() {
return 1
}
+module_ref_count() {
+ local modname="$1"
+ [[ $(cat "/sys/module/$modname/refcnt" 2>/dev/null) != "0" ]]
+}
+
+wait_for_zero_module_ref_count() {
+ local modname="$1"
+ local i=0
+
+ # We can't rely on a zero refcount with kpatch.ko as it
+ # implements KPATCH_FORCE_UNSAFE with an additional reference on
+ # kpatch-patch modules to avoid potential crashes.
+ kpatch_core_loaded && return 0
+
+ module_ref_count "$modname" || return 0
+
+ echo "waiting (up to $MODULE_REF_WAIT seconds) for module refcount..."
+ for (( i=0; i<MODULE_REF_WAIT; i++ )); do
+ module_ref_count "$modname" || return 0
+ sleep 1s
+ done
+
+ return 1
+}
+
load_module () {
local module="$1"
@@ -381,10 +411,16 @@ disable_patch_strict () {
}
remove_module () {
- echo "unloading patch module: $1"
+ local modname="$1"
+
+ if ! wait_for_zero_module_ref_count "$modname"; then
+ die "failed to unload module $modname (refcnt)"
+ fi
+
+ echo "unloading patch module: $modname"
# ignore any error here because rmmod can fail if the module used
# KPATCH_FORCE_UNSAFE.
- rmmod "$1" 2> /dev/null || return 0
+ rmmod "$modname" 2> /dev/null || return 0
}
unload_module () {
--
2.25.4

39
SOURCES/0200-Makefile-set-install-permission-modes.patch
View File

@ -1,39 +0,0 @@
From 73f6d5cdb2a4ce78cec6f49517116a3c7616f393 Mon Sep 17 00:00:00 2001
From: Joe Lawrence <joe.lawrence@redhat.com>
Date: Thu, 12 Nov 2020 15:15:47 -0500
Subject: [PATCH] Makefile: set install permission modes
By default, the install command will apply rwxr-xr-x permissions (how
intuitive). Give the command expected file modes to avoid rpmbuild
complaints like this:
*** WARNING: ./usr/lib/python3.9/site-packages/dnf-plugins/kpatch.py is executable but has no shebang, removing executable bit
*** WARNING: ./etc/dnf/plugins/kpatch.conf is executable but has no shebang, removing executable bit
Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
---
Makefile | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/Makefile b/Makefile
index fb92d06..77c8eb5 100644
--- a/Makefile
+++ b/Makefile
@@ -23,11 +23,11 @@ all: $(TARGETS)
install: $(TARGETS)
install -d $(MANDIR)
- install man/dnf.kpatch.8.gz $(MANDIR)
+ install -m 644 man/dnf.kpatch.8.gz $(MANDIR)
install -d $(CONFDIR)
- install conf/kpatch.conf $(CONFDIR)
+ install -m 644 conf/kpatch.conf $(CONFDIR)
install -d $(DNFPLUGINDIR)
- install kpatch.py $(DNFPLUGINDIR)
+ install -m 644 kpatch.py $(DNFPLUGINDIR)
%.gz: %
gzip --keep $^
--
2.25.4

22
SPECS/kpatch.spec
View File

@ -1,8 +1,8 @@
%define kpatch_dnf_ver 0.2 %define kpatch_dnf_ver 0.4
Name: kpatch Name: kpatch
Version: 0.9.2 Version: 0.9.4
Release: 5%{?dist} Release: 2%{?dist}
Summary: Dynamic kernel patch manager Summary: Dynamic kernel patch manager
Group: System Environment/Kernel Group: System Environment/Kernel
@ -14,13 +14,12 @@ Source1: kpatch-dnf-v%{kpatch_dnf_ver}.tar.gz
# RHEL-only # RHEL-only
Patch0: 0001-contrib-disable-upstart-kpatch.conf-install.patch Patch0: 0001-contrib-disable-upstart-kpatch.conf-install.patch
Patch1: 0002-kpatch-clarify-unload-unsupport.patch Patch1: 0002-kpatch-clarify-unload-unsupport.patch
Patch2: 0003-kpatch-cleanup-install-directory.patch
# Upstream backports # Upstream backports
Patch100: 0100-kpatch-wait-for-module-ref-counts-on-unload.patch #Patch100: 0100-xxx.patch
# kpatch-dnf backports # kpatch-dnf backports
Patch200: 0200-Makefile-set-install-permission-modes.patch #Patch200: 0200-xxx.patch
Requires: bash kmod binutils Requires: bash kmod binutils
Recommends: kpatch-dnf Recommends: kpatch-dnf
@ -50,12 +49,9 @@ kpatch-patch packages updates.
%setup -q %setup -q
%patch0 -p1 %patch0 -p1
%patch1 -p1 %patch1 -p1
%patch2 -p1
%patch100 -p1
%setup -D -T -a 1 %setup -D -T -a 1
cd kpatch-dnf-%{kpatch_dnf_ver} cd kpatch-dnf-%{kpatch_dnf_ver}
%patch200 -p1
cd .. cd ..
%build %build
@ -67,6 +63,7 @@ make -C kpatch-dnf-%{kpatch_dnf_ver}
make install PREFIX=/usr DESTDIR=%{buildroot} -C kpatch make install PREFIX=/usr DESTDIR=%{buildroot} -C kpatch
make install PREFIX=/usr DESTDIR=%{buildroot} -C man make install PREFIX=/usr DESTDIR=%{buildroot} -C man
make install PREFIX=/usr DESTDIR=%{buildroot} -C contrib make install PREFIX=/usr DESTDIR=%{buildroot} -C contrib
mkdir -p %{buildroot}/%{_sharedstatedir}/kpatch
rm -f %{buildroot}/usr/share/man/man1/kpatch-build.1.gz rm -f %{buildroot}/usr/share/man/man1/kpatch-build.1.gz
make install PREFIX=/usr DESTDIR=%{buildroot} PYTHONSITES=%{python3_sitelib} -C kpatch-dnf-%{kpatch_dnf_ver} make install PREFIX=/usr DESTDIR=%{buildroot} PYTHONSITES=%{python3_sitelib} -C kpatch-dnf-%{kpatch_dnf_ver}
@ -74,6 +71,7 @@ make install PREFIX=/usr DESTDIR=%{buildroot} PYTHONSITES=%{python3_sitelib} -C
%files %files
%{_sbindir}/kpatch %{_sbindir}/kpatch
%{_usr}/lib/systemd/system/kpatch.service %{_usr}/lib/systemd/system/kpatch.service
%{_sharedstatedir}/kpatch
%doc %{_mandir}/man1/kpatch.1.gz %doc %{_mandir}/man1/kpatch.1.gz
%files -n kpatch-dnf %files -n kpatch-dnf
@ -87,6 +85,12 @@ echo "To enable automatic kpatch-patch subscription, run:"
echo -e "\t$ dnf kpatch auto" echo -e "\t$ dnf kpatch auto"
%changelog %changelog
* Fri Jan 14 2022 Yannick Cote <ycote@redhat.com> 0.9.4-2
- Add /usr/lib/kpatch to install and files list to appease SELinux (rhbz#2022123)
* Thu Sep 23 2021 Artem Savkov <asavkov@redhat.com> 0.9.4-1
- Update kpatch utility to 0.9.4 and kpatch-dnf to 0.4 (rhbz#2006841)
* Mon Mar 15 2021 Artem Savkov <asavkov@redhat.com> 0.9.2-5 * Mon Mar 15 2021 Artem Savkov <asavkov@redhat.com> 0.9.2-5
- Cleanup /var/lib/kpatch directory on uninstall (rhbz#1930108) - Cleanup /var/lib/kpatch directory on uninstall (rhbz#1930108)