[RFC PATCH v6 02/12] kbuild: Support for symbols.klp creation

From: Joe Lawrence
Date: Wed Feb 16 2022 - 11:40:01 EST

Next message: Joe Lawrence: "[RFC PATCH v6 06/12] livepatch: Add sample livepatch module"
Previous message: Joe Lawrence: "[RFC PATCH v6 04/12] livepatch: Add klp-convert annotation helpers"
In reply to: Joe Lawrence: "[RFC PATCH v6 04/12] livepatch: Add klp-convert annotation helpers"
Next in thread: Joe Lawrence: "[RFC PATCH v6 06/12] livepatch: Add sample livepatch module"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Joao Moreira <jmoreira@xxxxxxx>

For automatic resolution of livepatch relocations, a file called
symbols.klp is used. This file maps symbols within every compiled kernel
object allowing the identification of symbols whose name is unique, thus
relocation can be automatically inferred, or providing information that
helps developers when code annotation is required for solving the
matter.

Add support for creating symbols.klp in the main Makefile. First, ensure
that built-in is compiled when CONFIG_LIVEPATCH is enabled (as required
to achieve a complete symbols.klp file). Define the command to build
symbols.klp (cmd_klp_map) and hook it in the modules rule.

As it is undesirable to have symbols from livepatch objects inside
symbols.klp, make livepatches discernible by modifying
scripts/Makefile.build to create a .livepatch file for each livepatch in
$(MODVERDIR). This file then used by cmd_klp_map to identify and bypass
livepatches.

For identifying livepatches during the build process, a flag variable
LIVEPATCH_$(basetarget).o is considered in scripts/Makefile.build. This
way, set this flag for the livepatch sample Makefile in
samples/livepatch/Makefile.

Finally, Add a clean rule to ensure that symbols.klp is removed during
clean.

Notes:

To achieve a correct symbols.klp file, all kernel objects must be
considered, thus, its construction require these objects to be priorly
built. On the other hand, invoking scripts/Makefile.modpost without
having a complete symbols.klp in place would occasionally lead to
in-tree livepatches being post-processed incorrectly. To prevent this
from becoming a circular dependency, the construction of symbols.klp
uses non-post-processed kernel objects and such does not cause harm as
the symbols normally referenced from within livepatches are visible at
this stage. Also due to these requirements, the spot in-between modules
compilation and the invocation of scripts/Makefile.modpost was picked
for hooking cmd_klp_map.

The approach based on .livepatch files was proposed as an alternative to
using MODULE_INFO statements. This approach was originally proposed by
Miroslav Benes as a workaround for identifying livepathes without
depending on modinfo during the modpost stage. It was moved to this
patch as the approach also shown to be useful while building
symbols.klp.

Signed-off-by: Joao Moreira <jmoreira@xxxxxxx>
Signed-off-by: Joe Lawrence <joe.lawrence@xxxxxxxxxx>
---
.gitignore | 1 +
Documentation/dontdiff | 1 +
Makefile | 24 ++++++++++++++++++++++--
3 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index 7afd412dadd2..50638a15a527 100644
--- a/.gitignore
+++ b/.gitignore
@@ -61,6 +61,7 @@ modules.order
/vmlinux.symvers
/vmlinux-gdb.py
/vmlinuz
+/symbols.klp
/System.map
/Module.markers
/modules.builtin
diff --git a/Documentation/dontdiff b/Documentation/dontdiff
index 910b30a2a7d9..25c656fdd99f 100644
--- a/Documentation/dontdiff
+++ b/Documentation/dontdiff
@@ -76,6 +76,7 @@ Module.markers
Module.symvers
PENDING
SCCS
+symbols.klp
System.map*
TAGS
aconf
diff --git a/Makefile b/Makefile
index 0fb4f94a6885..64ec4bc8172c 100644
--- a/Makefile
+++ b/Makefile
@@ -639,8 +639,13 @@ KBUILD_MODULES :=
KBUILD_BUILTIN := 1

# If we have only "make modules", don't compile built-in objects.
+# When we're building livepatch modules, we need to consider the
+# built-in objects during the descend as well, as built-in objects may
+# hold symbols which are referenced from livepatches and are required by
+# klp-convert post-processing tool for resolving these cases.
+
ifeq ($(MAKECMDGOALS),modules)
- KBUILD_BUILTIN :=
+ KBUILD_BUILTIN := $(if $(CONFIG_LIVEPATCH),1)
endif

# If we have "make <whatever> modules", compile modules
@@ -1487,7 +1492,7 @@ MRPROPER_FILES += include/config include/generated \
arch/$(SRCARCH)/include/generated .tmp_objdiff \
debian snap tar-install \
.config .config.old .version \
- Module.symvers \
+ Module.symvers symbols.klp \
certs/signing_key.pem \
certs/x509.genkey \
vmlinux-gdb.py \
@@ -1742,7 +1747,22 @@ PHONY += modules modules_install

ifdef CONFIG_MODULES

+quiet_cmd_klp_map = KLP symbols.klp
+
+define cmd_klp_map
+ $(shell echo "klp-convert-symbol-data.0.1" > $(objtree)/symbols.klp) \
+ $(shell echo "*vmlinux" >> $(objtree)/symbols.klp) \
+ $(shell nm -f posix $(objtree)/vmlinux | cut -d\ -f1 >> $(objtree)/symbols.klp) \
+ $(foreach ko, $(sort $(shell cat modules.order)), \
+ $(eval mod = $(patsubst %.ko,%.mod,$(ko))) \
+ $(eval obj = $(patsubst %.ko,%.o,$(ko))) \
+ $(if $(shell grep -o LIVEPATCH $(mod)),, \
+ $(shell echo "*$(shell basename -s .ko $(ko))" >> $(objtree)/symbols.klp) \
+ $(shell nm -f posix $(obj) | cut -d\ -f1 >> $(objtree)/symbols.klp)))
+endef
+
modules: modules_check
+ $(if $(CONFIG_LIVEPATCH), $(call cmd,klp_map))
$(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost

PHONY += modules_check
--
2.26.3

Next message: Joe Lawrence: "[RFC PATCH v6 06/12] livepatch: Add sample livepatch module"
Previous message: Joe Lawrence: "[RFC PATCH v6 04/12] livepatch: Add klp-convert annotation helpers"
In reply to: Joe Lawrence: "[RFC PATCH v6 04/12] livepatch: Add klp-convert annotation helpers"
Next in thread: Joe Lawrence: "[RFC PATCH v6 06/12] livepatch: Add sample livepatch module"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]