kpatch-build: allow making Kpatch-compatible patches for newer kernels

Or, to be exact, for the kernels with CONFIG_LIVEPATCH=y. Until Livepatch matures, it may be needed to prepare Kpatch-compatible rather than Livepatch-compatible binary patches for the kernels where Livepatch is available. Currently, kpatch-build always creates Livepatch-compatible patch modules if Livepatch is available. This patch adds '--patch-format' option to kpatch-build, so that "kpatch-build --patch-format=kpatch <...>" will generate Kpatch-compatible patches unconditionally. Signed-off-by: Evgenii Shatokhin <eshatokhin@virtuozzo.com>
euspectre · Aug 6, 2018 · 84b9ba7 · 84b9ba7
1 parent dab5ebf
commit 84b9ba7
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 5 deletions.
diff --git a/kmod/patch/Makefile b/kmod/patch/Makefile
@@ -23,7 +23,14 @@ endif
 
 obj-m += $(KPATCH_NAME).o
 
-$(KPATCH_NAME)-objs += patch-hook.o kpatch.lds output.o
+KPATCH_PATCH_FORMAT ?= "default"
+ifeq ("$(KPATCH_PATCH_FORMAT)", "kpatch")
+	KPATCH_HOOK_OBJ := kpatch-patch-hook.o
+else
+	KPATCH_HOOK_OBJ := patch-hook.o
+endif
+
+$(KPATCH_NAME)-objs += $(KPATCH_HOOK_OBJ) kpatch.lds output.o
 
 all: $(KPATCH_NAME).ko
 
@@ -36,6 +43,9 @@ $(KPATCH_NAME).ko:
 patch-hook.o: patch-hook.c kpatch-patch-hook.c livepatch-patch-hook.c
 	$(KPATCH_MAKE) patch-hook.o
 
+kpatch-patch-hook.o: kpatch-patch-hook.c
+	$(KPATCH_MAKE) kpatch-patch-hook.o
+
 clean:
 	$(RM) -Rf .*.o.cmd .*.ko.cmd .tmp_versions *.o *.ko *.mod.c \
 	Module.symvers
diff --git a/kpatch-build/kpatch-build b/kpatch-build/kpatch-build
@@ -52,6 +52,7 @@ SKIPGCCCHECK=0
 ARCH_KCFLAGS=""
 declare -a PATCH_LIST
 APPLIED_PATCHES=0
+KPATCH_PATCH_FORMAT="default"
 
 [[ -z "$KPATCH_ABI_COMPATIBLE" ]] && KPATCH_ABI_COMPATIBLE=default
 
@@ -380,6 +381,7 @@ usage() {
 	echo "		-v, --vmlinux      Specify original vmlinux" >&2
 	echo "		-j, --jobs         Specify the number of make jobs" >&2
 	echo "		-t, --target       Specify custom kernel build targets" >&2
+	echo "		-f, --patch-format Generate patch in the given format (e.g. \"kpatch\")" >&2
 	echo "		-n, --name         Specify the name of the kpatch module" >&2
 	echo "		-o, --output       Specify output folder" >&2
 	echo "		-d, --debug        Enable 'xtrace' and keep scratch files" >&2
@@ -390,7 +392,7 @@ usage() {
 	echo "		                   (not recommended)" >&2
 }
 
-options="$(getopt -o ha:r:s:c:v:j:t:n:o:d -l "help,archversion:,sourcerpm:,sourcedir:,config:,vmlinux:,jobs:,target:,name:,output:,debug,skip-gcc-check,skip-cleanup" -- "$@")" || die "getopt failed"
+options="$(getopt -o ha:r:s:c:v:j:t:f:n:o:d -l "help,archversion:,sourcerpm:,sourcedir:,config:,vmlinux:,jobs:,target:,patch-format:,name:,output:,debug,skip-gcc-check,skip-cleanup" -- "$@")" || die "getopt failed"
 
 eval set -- "$options"
 
@@ -442,6 +444,10 @@ while [[ $# -gt 0 ]]; do
 		BASE="$(readlink -f "$2")"
 		shift
 		;;
+	-f|--patch-format)
+		KPATCH_PATCH_FORMAT="$2"
+		shift
+		;;
 	-d|--debug)
 		DEBUG=$((DEBUG + 1))
 		if [[ $DEBUG -eq 1 ]]; then
@@ -665,8 +671,8 @@ KPATCH_MODULE=true
 
 # kernel option checking
 grep -q "CONFIG_DEBUG_INFO=y" "$CONFIGFILE" || die "kernel doesn't have 'CONFIG_DEBUG_INFO' enabled"
-if grep -q "CONFIG_LIVEPATCH=y" "$CONFIGFILE"; then
-	# The kernel supports livepatch.
+if grep -q "CONFIG_LIVEPATCH=y" "$CONFIGFILE" && [[ "$KPATCH_PATCH_FORMAT" != "kpatch" ]]; then
+	# Livepatch-compatible patch will be created. No symvers file is needed.
 	if version_gte "${ARCHVERSION//-*/}" 4.7.0 || is_rhel "$ARCHVERSION"; then
 		# Use new .klp.rela. sections
 		KPATCH_MODULE=false
@@ -675,7 +681,7 @@ if grep -q "CONFIG_LIVEPATCH=y" "$CONFIGFILE"; then
 		fi
 	fi
 else
-	# No support for livepatch in the kernel. Kpatch core module is needed.
+	# Kpatch-compatible patch will be created. Kpatch core module is needed.
 	find_core_symvers || die "unable to find Module.symvers for kpatch core module"
 	KBUILD_EXTRA_SYMBOLS="$SYMVERSFILE"
 fi
@@ -855,6 +861,7 @@ KPATCH_BUILD="$SRCDIR" KPATCH_NAME="$MODNAME" \
 KBUILD_EXTRA_SYMBOLS="$KBUILD_EXTRA_SYMBOLS" \
 KPATCH_LDFLAGS="$KPATCH_LDFLAGS" \
 KPATCH_ABI_COMPATIBLE="$KPATCH_ABI_COMPATIBLE" \
+KPATCH_PATCH_FORMAT="$KPATCH_PATCH_FORMAT" \
 	make 2>&1 | logger || die
 
 if ! "$KPATCH_MODULE"; then

diff --git a/man/kpatch-build.1 b/man/kpatch-build.1
@@ -46,6 +46,15 @@ to work on other distros.
 -o|--output
    Specify output folder
 
+-f|--patch-format
+   Generate patch in the given format (e.g. "kpatch").
+   By default, kpatch-build generates the patch module in the
+   Livepatch-compatible format if CONFIG_LIVEPATCH is enabled
+   in the kernel configuration. The KPatch format is used otherwise.
+   If kpatch-build is called with "--patch-format=kpatch", it
+   will generate a KPatch-compatible patch module even if Livepatch
+   is enabled in the kernel.
+
 -d|--debug
    Keep scratch files in /tmp
    (can be specified multiple times)