From nobody Tue Dec 16 12:37:06 2025 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4080829A9CE; Fri, 9 May 2025 20:18:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1746821903; cv=none; b=KWSR4l77IwkyQZ7y6GD6bZ+cdcczOiOtVZEopbQoRGt2ur8XCa0UcaZ7dzSbd85GeyE321BvunD9x0ZShGdoz+C/sp2ikP6XxMR69jtObZcuMEi+CDd/z6RcEhwflWBkbM2pkugi6bNS65EcEttOwA3CPJg1SCwau4z7BnM7Nfc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1746821903; c=relaxed/simple; bh=1U4IJV0uW78vO8Khu5J+rxPyIScDURWKxt92jsNcq3M=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=QkUKjy57MvrBv7Jjg9x/9SIewHwP0+RuvcoQqnNY6feRj03DIW52zvNxVtJjrU3JjdwXdt4OQcCZ8BVJNsoWF039f2smJybBicn/J43dI2/tadU3zrNiKUnydCS3ETeg/lZBP/CDtHRuGnv1REiaSneBhkowy+aohoQIyuiW6Ac= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=iYezD6EM; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="iYezD6EM" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8E94EC4CEEF; Fri, 9 May 2025 20:18:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1746821903; bh=1U4IJV0uW78vO8Khu5J+rxPyIScDURWKxt92jsNcq3M=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=iYezD6EM7c019vsHC5knMU2p7mnxHzSM/OWTD2tbcCZCfXEOSBDhMRaUUUf0A8L+B 2LF1IJozDXbuTFW7ot+giaFnWtblD0AAkjeage5IV0BSf/yhQ4cGK/2Nz3Okflu0kG vHsQdO6jBR53RdQfWXPs9uaautUwlrFqB+tg9WgvjIU8i6DN26nqQQ+YBnX4HRNyQF dsWtPAUE3CfzqY/j8kq0QsoMd8mXda/cdMJTkFOUAI1Wsf6iRmm2zkCyEWwTvkOa04 E5wRkzPciH4aNQua8MtDer9VnBgz7yZLEKUR5IXnofkQoCSBsV34aaHZDLF1JPuoUD a5BFQoKMJa2xQ== From: Josh Poimboeuf To: x86@kernel.org Cc: linux-kernel@vger.kernel.org, Petr Mladek , Miroslav Benes , Joe Lawrence , live-patching@vger.kernel.org, Song Liu , laokz , Jiri Kosina , Marcos Paulo de Souza , Weinan Liu , Fazla Mehrab , Chen Zhongjin , Puranjay Mohan Subject: [PATCH v2 54/62] objtool/klp: Add post-link subcommand to finalize livepatch modules Date: Fri, 9 May 2025 13:17:18 -0700 Message-ID: X-Mailer: git-send-email 2.49.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Livepatch needs some ELF magic which linkers don't like: - Two relocation sections (.rela*, .klp.rela*) for the same text section. - Use of SHN_LIVEPATCH to mark livepatch symbols. Unfortunately linkers tend to mangle such things. To work around that, klp diff generates a linker-compliant intermediate binary which encodes the relevant KLP section/reloc/symbol metadata. After module linking, the .ko then needs to be converted to an actual livepatch module. Introduce a new klp post-link subcommand to do so. Signed-off-by: Josh Poimboeuf --- tools/objtool/Build | 2 +- tools/objtool/builtin-klp.c | 1 + tools/objtool/include/objtool/klp.h | 4 + tools/objtool/klp-post-link.c | 165 ++++++++++++++++++++++++++++ 4 files changed, 171 insertions(+), 1 deletion(-) create mode 100644 tools/objtool/klp-post-link.c diff --git a/tools/objtool/Build b/tools/objtool/Build index 0b01657671d7..8cd71b9a5eef 100644 --- a/tools/objtool/Build +++ b/tools/objtool/Build @@ -9,7 +9,7 @@ objtool-y +=3D elf.o objtool-y +=3D objtool.o =20 objtool-$(BUILD_ORC) +=3D orc_gen.o orc_dump.o -objtool-$(BUILD_KLP) +=3D builtin-klp.o klp-diff.o +objtool-$(BUILD_KLP) +=3D builtin-klp.o klp-diff.o klp-post-link.o =20 objtool-y +=3D libstring.o objtool-y +=3D libctype.o diff --git a/tools/objtool/builtin-klp.c b/tools/objtool/builtin-klp.c index 9b13dd1182af..56d5a5b92f72 100644 --- a/tools/objtool/builtin-klp.c +++ b/tools/objtool/builtin-klp.c @@ -14,6 +14,7 @@ struct subcmd { =20 static struct subcmd subcmds[] =3D { { "diff", "Generate binary diff of two object files", cmd_klp_diff, }, + { "post-link", "Finalize klp symbols/relocs after module linking", cmd_k= lp_post_link, }, }; =20 static void cmd_klp_usage(void) diff --git a/tools/objtool/include/objtool/klp.h b/tools/objtool/include/ob= jtool/klp.h index 07928fac059b..ad830a7ce55b 100644 --- a/tools/objtool/include/objtool/klp.h +++ b/tools/objtool/include/objtool/klp.h @@ -2,6 +2,9 @@ #ifndef _OBJTOOL_KLP_H #define _OBJTOOL_KLP_H =20 +#define SHF_RELA_LIVEPATCH 0x00100000 +#define SHN_LIVEPATCH 0xff20 + /* * __klp_objects and __klp_funcs are created by klp diff and used by the p= atch * module init code to build the klp_patch, klp_object and klp_func structs @@ -27,5 +30,6 @@ struct klp_reloc { }; =20 int cmd_klp_diff(int argc, const char **argv); +int cmd_klp_post_link(int argc, const char **argv); =20 #endif /* _OBJTOOL_KLP_H */ diff --git a/tools/objtool/klp-post-link.c b/tools/objtool/klp-post-link.c new file mode 100644 index 000000000000..05be6251e35f --- /dev/null +++ b/tools/objtool/klp-post-link.c @@ -0,0 +1,165 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Read the intermediate KLP reloc/symbol representations created by klp d= iff + * and convert them to the proper format required by livepatch. This need= s to + * run last to avoid linker wreckage. Linkers don't tend to handle the "t= wo + * rela sections for a single base section" case very well, nor do they li= ke + * SHN_LIVEPATCH. + * + * This is the final tool in the livepatch module generation pipeline: + * + * kernel builds -> objtool klp diff -> module link -> objtool klp post-= link + */ + +#include +#include +#include +#include +#include +#include + +static int fix_klp_relocs(struct elf *elf) +{ + struct section *symtab, *klp_relocs; + + klp_relocs =3D find_section_by_name(elf, KLP_RELOCS_SEC); + if (!klp_relocs) + return 0; + + symtab =3D find_section_by_name(elf, ".symtab"); + if (!symtab) { + ERROR("missing .symtab"); + return -1; + } + + for (int i =3D 0; i < sec_size(klp_relocs) / sizeof(struct klp_reloc); i+= +) { + struct klp_reloc *klp_reloc; + unsigned long klp_reloc_off; + struct section *sec, *tmp, *klp_rsec; + unsigned long offset; + struct reloc *reloc; + char sym_modname[64]; + char rsec_name[SEC_NAME_LEN]; + u64 addend; + struct symbol *sym, *klp_sym; + + klp_reloc_off =3D i * sizeof(*klp_reloc); + klp_reloc =3D klp_relocs->data->d_buf + klp_reloc_off; + + /* + * Read __klp_relocs[i]: + */ + + /* klp_reloc.sec_offset */ + reloc =3D find_reloc_by_dest(elf, klp_relocs, + klp_reloc_off + offsetof(struct klp_reloc, offset)); + if (!reloc) { + ERROR("malformed " KLP_RELOCS_SEC " section"); + return -1; + } + + sec =3D reloc->sym->sec; + offset =3D reloc_addend(reloc); + + /* klp_reloc.sym */ + reloc =3D find_reloc_by_dest(elf, klp_relocs, + klp_reloc_off + offsetof(struct klp_reloc, sym)); + if (!reloc) { + ERROR("malformed " KLP_RELOCS_SEC " section"); + return -1; + } + + klp_sym =3D reloc->sym; + addend =3D reloc_addend(reloc); + + /* symbol format: .klp.sym.modname.sym_name,sympos */ + if (sscanf(klp_sym->name + strlen(KLP_SYM_PREFIX), "%55[^.]", sym_modnam= e) !=3D 1) + ERROR("can't find modname in klp symbol '%s'", klp_sym->name); + + /* + * Create the KLP rela: + */ + + /* section format: .klp.rela.sec_objname.section_name */ + snprintf(rsec_name, SEC_NAME_LEN, KLP_RELOC_SEC_PREFIX "%s.%s", + sym_modname, sec->name); + + klp_rsec =3D find_section_by_name(elf, rsec_name); + if (!klp_rsec) { + klp_rsec =3D elf_create_section(elf, rsec_name, 0, + elf_rela_size(elf), + SHT_RELA, elf_addr_size(elf), + SHF_ALLOC | SHF_INFO_LINK | SHF_RELA_LIVEPATCH); + if (!klp_rsec) + return -1; + + klp_rsec->sh.sh_link =3D symtab->idx; + klp_rsec->sh.sh_info =3D sec->idx; + klp_rsec->base =3D sec; + } + + tmp =3D sec->rsec; + sec->rsec =3D klp_rsec; + if (!elf_create_reloc(elf, sec, offset, klp_sym, addend, klp_reloc->type= )) + return -1; + sec->rsec =3D tmp; + + /* + * Fix up the corresponding KLP symbol: + */ + + klp_sym->sym.st_shndx =3D SHN_LIVEPATCH; + if (!gelf_update_sym(symtab->data, klp_sym->idx, &klp_sym->sym)) { + ERROR_ELF("gelf_update_sym"); + return -1; + } + + /* + * Disable the original non-KLP reloc by converting it to R_*_NONE: + */ + + reloc =3D find_reloc_by_dest(elf, sec, offset); + sym =3D reloc->sym; + sym->sym.st_shndx =3D SHN_LIVEPATCH; + set_reloc_type(elf, reloc, 0); + if (!gelf_update_sym(symtab->data, sym->idx, &sym->sym)) { + ERROR_ELF("gelf_update_sym"); + return -1; + } + } + + return 0; +} + +/* + * This runs on the livepatch module after all other linking has been done= . It + * converts the intermediate __klp_relocs section into proper KLP relocs t= o be + * processed by livepatch. This needs to run last to avoid linker wreckag= e. + * Linkers don't tend to handle the "two rela sections for a single base + * section" case very well, nor do they appreciate SHN_LIVEPATCH. + */ +int cmd_klp_post_link(int argc, const char **argv) +{ + struct elf *elf; + + argc--; + argv++; + + if (argc !=3D 1) { + fprintf(stderr, "%d\n", argc); + fprintf(stderr, "usage: objtool link \n"); + return -1; + } + + elf =3D elf_open_read(argv[0], O_RDWR); + if (!elf) + return -1; + + if (fix_klp_relocs(elf)) + return -1; + + if (elf_write(elf)) + return -1; + + return elf_close(elf); +} --=20 2.49.0