From 81008c77dba79eb311ad537051086f10ba1ccd22 Mon Sep 17 00:00:00 2001 From: Longjun Luo Date: Tue, 13 Dec 2022 16:08:45 +0800 Subject: [PATCH 01/11] kmod: make it normal when using hack-gcc without env Signed-off-by: Longjun Luo --- upatch/kmod/compiler.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/upatch/kmod/compiler.c b/upatch/kmod/compiler.c index 87cdc3e..9f45cb7 100755 --- a/upatch/kmod/compiler.c +++ b/upatch/kmod/compiler.c @@ -443,8 +443,8 @@ static int rewrite_object_path(char __user **argv, char __user **envp) ret = obtain_parameter_addr(envp, ASSEMBLER_DIR_ENV, &dir_addr, NULL); if (ret || dir_addr == 0) { - pr_warn("no valid %s found %s \n", ASSEMBLER_DIR_ENV, object_path); - ret = -EINVAL; + pr_debug("no valid %s found %s \n", ASSEMBLER_DIR_ENV, object_path); + ret = 0; goto out; } -- 2.33.0 From 024e9cd683055ca1702710a60d9c8abebfdbcbb3 Mon Sep 17 00:00:00 2001 From: snoweay Date: Wed, 14 Dec 2022 01:37:26 +0000 Subject: [PATCH 02/11] manager: Allow apply to actived kernel patch Signed-off-by: snoweay --- manager/cli/main.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/manager/cli/main.sh b/manager/cli/main.sh index 6e6c86a..8ee3bd0 100755 --- a/manager/cli/main.sh +++ b/manager/cli/main.sh @@ -167,6 +167,8 @@ function do_build() { function apply_patch() { if [ "${PATCH_TYPE}" == "kernel" ] ; then check_kversion || return 1 + [ "${PATCH_STATUS}" == "ACTIVED" ] && return + if [ "${PATCH_STATUS}" == "NOT-APPLIED" ]; then insmod "${PATCH_ROOT}/${PATCH_NAME}.ko" || return 1 fi -- 2.33.0 From 5874b79701fe7854575f710277f241a63a50afeb Mon Sep 17 00:00:00 2001 From: renoseven Date: Wed, 14 Dec 2022 03:34:01 +0800 Subject: [PATCH 03/11] build: only 'NOT-APPLIED' patch package can be removed Signed-off-by: renoseven --- build/src/package/rpm_spec_generator.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build/src/package/rpm_spec_generator.rs b/build/src/package/rpm_spec_generator.rs index 9781eb1..917e12e 100644 --- a/build/src/package/rpm_spec_generator.rs +++ b/build/src/package/rpm_spec_generator.rs @@ -115,8 +115,8 @@ impl RpmSpecGenerator { writeln!(writer)?; writeln!(writer, "%preun")?; - writeln!(writer, "if [ \"$(syscare status %{{patch_name}})\" == \"ACTIVED\" ]; then")?; - writeln!(writer, " echo \"error: cannot remove actived patch \'%{{patch_name}}\'\" >&2")?; + writeln!(writer, "if [ \"$(syscare status %{{patch_name}})\" != \"NOT-APPLIED\" ]; then")?; + writeln!(writer, " echo \"error: cannot remove applied patch \'%{{patch_name}}\'\" >&2")?; writeln!(writer, " exit 1")?; writeln!(writer, "fi")?; -- 2.33.0 From 1506b703935004b04fbf73f8875f33b5a8b8fe87 Mon Sep 17 00:00:00 2001 From: renoseven Date: Wed, 14 Dec 2022 23:50:03 +0800 Subject: [PATCH 04/11] build: fix 'kernel patch cannot be insmod during system start' issue 1. change ko file(s) security context type to 'modules_object_t' after package install, as selinux blocks loading unconfigured kernel module Signed-off-by: renoseven --- build/src/package/rpm_spec_generator.rs | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/build/src/package/rpm_spec_generator.rs b/build/src/package/rpm_spec_generator.rs index 917e12e..f76e109 100644 --- a/build/src/package/rpm_spec_generator.rs +++ b/build/src/package/rpm_spec_generator.rs @@ -114,6 +114,10 @@ impl RpmSpecGenerator { writeln!(writer, "%{{patch_root}}")?; writeln!(writer)?; + writeln!(writer, "%post")?; + writeln!(writer, "readonly KO_LIST=\"$(find %{{patch_root}} -name *.ko)\"")?; + writeln!(writer, "chcon -t modules_object_t \"${{KO_LIST}}\"")?; + writeln!(writer, "%preun")?; writeln!(writer, "if [ \"$(syscare status %{{patch_name}})\" != \"NOT-APPLIED\" ]; then")?; writeln!(writer, " echo \"error: cannot remove applied patch \'%{{patch_name}}\'\" >&2")?; -- 2.33.0 From dc73e5833888096518321e6ba15503d9806199fb Mon Sep 17 00:00:00 2001 From: Longjun Luo Date: Wed, 14 Dec 2022 12:43:46 +0800 Subject: [PATCH 05/11] kmod: adjust order of the misc device (un)register After all init finished, then provides the device for users. When exit starts, unregister the device first. Signed-off-by: Longjun Luo --- upatch/kmod/kmod.c | 10 +++++----- upatch/upatch-tool/upatch-tool.c | 1 - 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/upatch/kmod/kmod.c b/upatch/kmod/kmod.c index 3ce40ae..d31037f 100755 --- a/upatch/kmod/kmod.c +++ b/upatch/kmod/kmod.c @@ -227,16 +227,16 @@ static int __init upatch_init(void) { int ret; + ret = compiler_hack_init(); + if (ret < 0) + return ret; + ret = misc_register(&upatch_dev); if (ret) { pr_err("register misc device for %s failed\n", UPATCH_DEV_NAME); return ret; } - ret = compiler_hack_init(); - if (ret < 0) - return ret; - pr_info("upatch - %s load successfully \n", UPATCH_VERSION); return 0; @@ -244,8 +244,8 @@ static int __init upatch_init(void) static void __exit upatch_exit(void) { - compiler_hack_exit(); misc_deregister(&upatch_dev); + compiler_hack_exit(); } module_init(upatch_init); diff --git a/upatch/upatch-tool/upatch-tool.c b/upatch/upatch-tool/upatch-tool.c index c96836b..d1328aa 100644 --- a/upatch/upatch-tool/upatch-tool.c +++ b/upatch/upatch-tool/upatch-tool.c @@ -23,7 +23,6 @@ #include "upatch-manage.h" #include "upatch-ioctl.h" #include "upatch-resolve.h" -#include "upatch-manage.h" #define COMMAND_SIZE 9 char* command[COMMAND_SIZE] = -- 2.33.0 From d54264a83c2cc997ebaba0be8c32fc90682a9c04 Mon Sep 17 00:00:00 2001 From: lzwycc Date: Wed, 14 Dec 2022 19:44:23 +0800 Subject: [PATCH 06/11] kmod: unregister when rmmod upatch unregister compiler and assembler when rmmod upatch Signed-off-by: lzwycc --- upatch/kmod/compiler.c | 50 +++++++++++++++++++++++------------------- 1 file changed, 27 insertions(+), 23 deletions(-) diff --git a/upatch/kmod/compiler.c b/upatch/kmod/compiler.c index 9f45cb7..899b83f 100755 --- a/upatch/kmod/compiler.c +++ b/upatch/kmod/compiler.c @@ -135,20 +135,6 @@ void delete_elf_path(unsigned int cmd, char *name) } } -void clear_compiler_path(void) -{ - struct elf_path *ep, *tmp; - list_for_each_entry_safe(ep, tmp, &compiler_paths_list, list) - delete_elf_path(UPATCH_UNREGISTER_COMPILER, ep->name); -} - -void clear_assembler_path(void) -{ - struct elf_path *ep, *tmp; - list_for_each_entry_safe(ep, tmp, &assembler_paths_list, list) - delete_elf_path(UPATCH_UNREGISTER_ASSEMBLER, ep->name); -} - static int generate_file_name(char *buf, int buf_len) { unsigned long id; @@ -658,13 +644,13 @@ out: return ret; } -static int elf_check(const char *buf, char *elf_path, loff_t *entry_offset) +static int elf_check(char *elf_path, loff_t *entry_offset) { struct file *file; int ret; char *p; - file = filp_open(buf, O_RDONLY, 0); + file = filp_open(elf_path, O_RDONLY, 0); if (IS_ERR(file)) { ret = PTR_ERR(file); pr_err("open elf failed - %d \n", ret); @@ -688,13 +674,13 @@ out: return ret; } -static int __register_uprobe(const char *buf, unsigned int cmd, struct elf_path *ep, struct uprobe_consumer *uc) +static int __register_uprobe(unsigned int cmd, struct elf_path *ep, struct uprobe_consumer *uc) { int ret; struct path path; struct inode *inode; - ret = elf_check(buf, ep->name, &ep->entry_offset); + ret = elf_check(ep->name, &ep->entry_offset); if (ret) goto out; @@ -705,7 +691,7 @@ static int __register_uprobe(const char *buf, unsigned int cmd, struct elf_path } inode = path.dentry->d_inode; - pr_debug("register uprobe for %s \n", buf); + pr_debug("register uprobe for %s \n", ep->name); ret = uprobe_register(inode, ep->entry_offset, uc); if (ret) { pr_err("uprobe register failed - %d \n", ret); @@ -749,14 +735,14 @@ int handle_compiler_cmd(unsigned long user_addr, unsigned int cmd) ep->count = 1; ep->entry_offset = 0; list_add(&ep->list, &compiler_paths_list); - ret = __register_uprobe(path, cmd, ep, &uprobe_compiler_consumer); + ret = __register_uprobe(cmd, ep, &uprobe_compiler_consumer); } else { ep->count++; } break; case UPATCH_UNREGISTER_COMPILER: - if (ep) { + if (ep && ep->count > 0) { ep->count--; if (!ep->count) ret = __unregister_uprobe(cmd, ep, &uprobe_compiler_consumer); @@ -773,14 +759,14 @@ int handle_compiler_cmd(unsigned long user_addr, unsigned int cmd) ep->count = 1; ep->entry_offset = 0; list_add(&ep->list, &assembler_paths_list); - ret = __register_uprobe(path, cmd, ep, &uprobe_assembler_consumer); + ret = __register_uprobe(cmd, ep, &uprobe_assembler_consumer); } else { ep->count++; } break; case UPATCH_UNREGISTER_ASSEMBLER: - if (ep) { + if (ep && ep->count > 0) { ep->count--; if (!ep->count) ret = __unregister_uprobe(cmd, ep, &uprobe_assembler_consumer); @@ -812,6 +798,24 @@ out: return ret; } +void clear_compiler_path(void) +{ + struct elf_path *ep, *tmp; + list_for_each_entry_safe(ep, tmp, &compiler_paths_list, list) { + ep->count = 0; + __unregister_uprobe(UPATCH_UNREGISTER_COMPILER, ep, &uprobe_compiler_consumer); + } +} + +void clear_assembler_path(void) +{ + struct elf_path *ep, *tmp; + list_for_each_entry_safe(ep, tmp, &assembler_paths_list, list) { + ep->count = 0; + __unregister_uprobe(UPATCH_UNREGISTER_ASSEMBLER, ep, &uprobe_assembler_consumer); + } +} + void __exit compiler_hack_exit(void) { clear_compiler_path(); -- 2.33.0 From 8b8a62377a425c273c2a584ff9f299f88b70f0e5 Mon Sep 17 00:00:00 2001 From: snoweay Date: Thu, 15 Dec 2022 18:34:53 +0800 Subject: [PATCH 07/11] Revert "build: fix 'kernel patch cannot be insmod during system start' issue" This reverts commit 1506b703935004b04fbf73f8875f33b5a8b8fe87. --- build/src/package/rpm_spec_generator.rs | 4 ---- 1 file changed, 4 deletions(-) diff --git a/build/src/package/rpm_spec_generator.rs b/build/src/package/rpm_spec_generator.rs index f76e109..917e12e 100644 --- a/build/src/package/rpm_spec_generator.rs +++ b/build/src/package/rpm_spec_generator.rs @@ -114,10 +114,6 @@ impl RpmSpecGenerator { writeln!(writer, "%{{patch_root}}")?; writeln!(writer)?; - writeln!(writer, "%post")?; - writeln!(writer, "readonly KO_LIST=\"$(find %{{patch_root}} -name *.ko)\"")?; - writeln!(writer, "chcon -t modules_object_t \"${{KO_LIST}}\"")?; - writeln!(writer, "%preun")?; writeln!(writer, "if [ \"$(syscare status %{{patch_name}})\" != \"NOT-APPLIED\" ]; then")?; writeln!(writer, " echo \"error: cannot remove applied patch \'%{{patch_name}}\'\" >&2")?; -- 2.33.0 From 5171debddcbd632cb25c30d2325f0a655945c0f2 Mon Sep 17 00:00:00 2001 From: snoweay Date: Thu, 15 Dec 2022 18:37:42 +0800 Subject: [PATCH 08/11] manager: Set kpatch's scontext to modules_object_t Signed-off-by: snoweay --- manager/cli/main.sh | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/manager/cli/main.sh b/manager/cli/main.sh index 8ee3bd0..c056f62 100755 --- a/manager/cli/main.sh +++ b/manager/cli/main.sh @@ -130,7 +130,7 @@ function get_patch_type() { } function get_patch_elf_path() { - [ "${PATCH_TYPE}" == "kernel" ] && return + [ "${PATCH_TYPE}" == "kernel" ] && return 0 local patch_name="$1" local patch_root=$(get_patch_root_by_patch_name "${patch_name}") @@ -164,12 +164,21 @@ function do_build() { "${SYSCARE_PATCH_BUILD}" "$@" } +function set_kpatch_scontext() { + local getenforce_bin=$(which getenforce 2> /dev/null) + [ -n "${getenforce_bin}" ] || return 0 + + "${getenforce_bin}" | grep -q "Enforcing" 2> /dev/null || return 0 + chcon -t modules_object_t "${PATCH_ROOT}/${PATCH_NAME}.ko" +} + function apply_patch() { if [ "${PATCH_TYPE}" == "kernel" ] ; then check_kversion || return 1 - [ "${PATCH_STATUS}" == "ACTIVED" ] && return + [ "${PATCH_STATUS}" == "ACTIVED" ] && return 0 if [ "${PATCH_STATUS}" == "NOT-APPLIED" ]; then + set_kpatch_scontext insmod "${PATCH_ROOT}/${PATCH_NAME}.ko" || return 1 fi PATCH_STATUS="DEACTIVED" @@ -191,7 +200,7 @@ function apply_patch() { function remove_patch() { if [ "${PATCH_TYPE}" == "kernel" ] ; then - [ "${PATCH_STATUS}" == "NOT-APPLIED" ] && return + [ "${PATCH_STATUS}" == "NOT-APPLIED" ] && return 0 [ "${PATCH_STATUS}" == "ACTIVED" ] && deactive_patch rmmod "${PATCH_NAME}" || return 1 else @@ -306,7 +315,7 @@ function initialize_patch_info() { if [ "${PATCH_TYPE}" == "kernel" ]; then if [ ! -f "${KPATCH_STATE_FILE}" ]; then PATCH_STATUS="NOT-APPLIED" - return + return 0 fi if [ $(cat "${KPATCH_STATE_FILE}") -eq 1 ]; then -- 2.33.0 From d8ef956b6e5ee05e95c757fe79a1bde58908efb4 Mon Sep 17 00:00:00 2001 From: renoseven Date: Fri, 16 Dec 2022 19:37:53 +0800 Subject: [PATCH 09/11] upatch: file searching would not follow symlinks Signed-off-by: renoseven --- upatch/upatch-build/src/tool/fs.rs | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/upatch/upatch-build/src/tool/fs.rs b/upatch/upatch-build/src/tool/fs.rs index 17fd307..9f15dc2 100644 --- a/upatch/upatch-build/src/tool/fs.rs +++ b/upatch/upatch-build/src/tool/fs.rs @@ -61,8 +61,11 @@ pub fn list_all_files>(directory: P, recursive: bool) -> std::io: for dir_entry in std::fs::read_dir(search_path)? { if let Ok(entry) = dir_entry { let current_path = entry.path(); - let current_path_type = current_path.metadata()?.file_type(); + let current_path_type = current_path.symlink_metadata()?.file_type(); + if current_path_type.is_symlink() { + continue; + } if current_path_type.is_file() { file_list.push(self::realpath(current_path.as_path())?); } @@ -90,7 +93,12 @@ pub fn list_all_dirs>(directory: P, recursive: bool) -> std::io:: for dir_entry in std::fs::read_dir(search_path)? { if let Ok(entry) = dir_entry { let current_path = entry.path(); - if !current_path.is_dir() { + let current_path_type = current_path.symlink_metadata()?.file_type(); + + if current_path_type.is_symlink() { + continue; + } + if !current_path_type.is_dir() { continue; } dir_list.push(self::realpath(current_path.as_path())?); @@ -116,8 +124,11 @@ pub fn list_all_files_ext>(directory: P, file_ext: &str, recursiv for dir_entry in std::fs::read_dir(search_path)? { if let Ok(entry) = dir_entry { let current_path = entry.path(); - let current_path_type = current_path.metadata()?.file_type(); + let current_path_type = current_path.symlink_metadata()?.file_type(); + if current_path_type.is_symlink() { + continue; + } if current_path_type.is_file() { let current_path_ext = current_path.extension().unwrap_or_default(); if current_path_ext == file_ext { -- 2.33.0 From 7c61c25746a4f9ef82b3383d093123da7888c532 Mon Sep 17 00:00:00 2001 From: renoseven Date: Fri, 16 Dec 2022 19:42:42 +0800 Subject: [PATCH 10/11] build: file searching would not follow symlinks Signed-off-by: renoseven --- build/src/util/fs.rs | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/build/src/util/fs.rs b/build/src/util/fs.rs index 8ac2e9e..3343256 100644 --- a/build/src/util/fs.rs +++ b/build/src/util/fs.rs @@ -68,7 +68,12 @@ pub fn list_all_dirs>(directory: P, recursive: bool) -> std::io:: for dir_entry in std::fs::read_dir(search_path)? { if let Ok(entry) = dir_entry { let current_path = entry.path(); - if !current_path.is_dir() { + let current_path_type = current_path.symlink_metadata()?.file_type(); + + if current_path_type.is_symlink() { + continue; + } + if !current_path_type.is_dir() { continue; } dir_list.push(self::realpath(current_path.as_path())?); @@ -94,8 +99,11 @@ pub fn list_all_files>(directory: P, recursive: bool) -> std::io: for dir_entry in std::fs::read_dir(search_path)? { if let Ok(entry) = dir_entry { let current_path = entry.path(); - let current_path_type = current_path.metadata()?.file_type(); + let current_path_type = current_path.symlink_metadata()?.file_type(); + if current_path_type.is_symlink() { + continue; + } if current_path_type.is_file() { file_list.push(self::realpath(current_path.as_path())?); } @@ -124,8 +132,11 @@ pub fn list_all_files_ext>(directory: P, file_ext: &str, recursiv for dir_entry in std::fs::read_dir(search_path)? { if let Ok(entry) = dir_entry { let current_path = entry.path(); - let current_path_type = current_path.metadata()?.file_type(); + let current_path_type = current_path.symlink_metadata()?.file_type(); + if current_path_type.is_symlink() { + continue; + } if current_path_type.is_file() { let current_path_ext = current_path.extension().unwrap_or_default(); if current_path_ext == file_ext { -- 2.33.0 From 641b7a2cc731cf3a1fe4874ed5cfc51f328b764e Mon Sep 17 00:00:00 2001 From: renoseven Date: Sat, 17 Dec 2022 11:51:31 +0800 Subject: [PATCH 11/11] build: match release of source pkg & debuginfo pkg Signed-off-by: renoseven --- build/src/cli/cli.rs | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/build/src/cli/cli.rs b/build/src/cli/cli.rs index 79dec44..a8980c2 100644 --- a/build/src/cli/cli.rs +++ b/build/src/cli/cli.rs @@ -129,17 +129,14 @@ impl PatchBuildCLI { info!("{}", dbg_pkg_info); info!("------------------------------\n"); - let src_pkg_name = src_pkg_info.get_name(); - let src_pkg_ver = src_pkg_info.get_version(); - let dbg_pkg_name = dbg_pkg_info.get_name(); - let dbg_pkg_ver = dbg_pkg_info.get_version(); - if !dbg_pkg_name.contains(src_pkg_name) || (src_pkg_ver != dbg_pkg_ver) { + if !dbg_pkg_info.get_name().contains(src_pkg_info.get_name()) || + (src_pkg_info.get_version() != dbg_pkg_info.get_version()) || + (src_pkg_info.get_release() != dbg_pkg_info.get_release()) { return Err(std::io::Error::new( std::io::ErrorKind::InvalidInput, format!("Debuginfo package does not match the source package"), )); } - Ok(src_pkg_info) } -- 2.33.0