------------------------------------------------------------------- Tue Jan 29 10:30:18 CET 2019 - mbenes@suse.cz - Bump up the version number in spec file - commit 3ad965d ------------------------------------------------------------------- Mon Jan 14 15:44:01 CET 2019 - nstange@suse.de - Fix for CVE-2018-16884 ("nfs4: use-after-free in svc_process_common()") Live patch for CVE-2018-16884. Upstream commits b8be5674fa9a ("sunrpc: use SVC_NET() in svcauth_gss_* functions") and d4b09acf924b ("sunrpc: use-after-free in svc_process_common()"). KLP: CVE-2018-16884 References: bsc#1119947 CVE-2018-16884 - commit 84ed988 ------------------------------------------------------------------- Wed Dec 12 11:08:02 CET 2018 - mbenes@suse.cz - Bump up the version number in spec file - commit a03cea6 ------------------------------------------------------------------- Tue Dec 11 11:27:23 CET 2018 - mbenes@suse.cz - uname_patch: don't hold uts_sem while accessing userspace memory Backport upstream patch 42a0cc347858 ("sys: don't hold uts_sem while accessing userspace memory"). - commit d4e00de ------------------------------------------------------------------- Wed Nov 21 14:13:43 CET 2018 - nstange@suse.de - Fix for CVE-2018-5848 ("function wmi_set_ie() in net/wireless/ath/wil6210/wmi.c is affected by a buffer overflow") Live patch for CVE-2018-5848. Upstream commit b5a8ffcae410 ("wil6210: missing length check in wmi_set_ie"). KLP: CVE-2018-5848 References: bsc#1115339 CVE-2018-5848 - commit 3a1a077 ------------------------------------------------------------------- Thu Nov 1 14:22:18 CET 2018 - mbenes@suse.cz - Bump up the version number in spec file - commit 82bb1a5 ------------------------------------------------------------------- Thu Oct 25 16:30:17 CEST 2018 - nstange@suse.de - Fix for CVE-2018-5391 ("FragmentSmack (IP fragments)") Live patch for CVE-2018-5391. Upstream commits 56e2c94f055d ("inet: frag: enforce memory limits earlier") 4672694bd4f1 ("ipv4: frags: handle possible skb truesize change") 0ed4229b08c1 ("ipv6: defrag: drop non-last frags smaller than min mtu") 7969e5c40dfd ("ip: discard IPv4 datagrams with overlapping segments") 385114dec8a4 ("net: modify skb_rbtree_purge to return the truesize of all purged skbs.") fa0f527358bd ("ip: use rb trees for IP frag queue.") 70837ffe3085 ("ipv4: frags: precedence bug in ip_expire()") KLP: CVE-2018-5391 References: bsc#1103098 CVE-2018-5391 - commit 74e8371 ------------------------------------------------------------------- Fri Oct 5 11:41:51 CEST 2018 - mbenes@suse.cz - Bump up the version number in spec file - commit 499f618 ------------------------------------------------------------------- Tue Oct 2 16:38:19 CEST 2018 - mbenes@suse.cz - scripts/tar-up.sh: Add ppc64le to ExclusiveArch even for SLE12-SP2 - commit 77a8a8b ------------------------------------------------------------------- Tue Oct 2 12:11:43 CEST 2018 - nstange@suse.de - Fix for CVE-2018-17182 ("fix vmacache counter flushing") Live patch for CVE-2018-17182. Upstream commit 7a9cdebdcc17 ("mm: get rid of vmacache_flush_all() entirely"). KLP: CVE-2018-17182 References: bsc#1110233 CVE-2018-17182 - commit 073d8e1 ------------------------------------------------------------------- Tue Sep 25 10:57:44 CEST 2018 - nstange@suse.de - Fix for CVE-2018-14633 ("security flaw in iscsi target code") Live patch for CVE-2018-14633. No upstream commit yet. KLP: CVE-2018-14633 References: bsc#1107832 CVE-2018-14633 - commit 0f3c257 ------------------------------------------------------------------- Wed Sep 12 17:17:55 CEST 2018 - mbenes@suse.cz - Bump up the version number in spec file - commit 7eac70b ------------------------------------------------------------------- Tue Sep 11 11:20:28 CEST 2018 - nstange@suse.de - Fix for CVE-2018-5390 ('denial of service conditions with low rates of specially modified packets aka "SegmentSmack"') Live patch for CVE-2018-5390. Upstream commits 72cd43ba64fc ("tcp: free batches of packets in tcp_prune_ofo_queue()") f4a3313d8e2c ("tcp: avoid collapses in tcp_prune_queue() if possible") 3d4bf93ac120 ("tcp: detect malicious patterns in tcp_collapse_ofo_queue()") 8541b21e781a ("tcp: call tcp_drop() from tcp_data_queue_ofo()") 58152ecbbcc6 ("tcp: add tcp_ooo_try_coalesce() helper") KLP: CVE-2018-5390 References: bsc#1102682 CVE-2018-5390 - commit df03489 ------------------------------------------------------------------- Fri Sep 7 12:40:38 CEST 2018 - nstange@suse.de - Fix for CVE-2018-1000026 ("Improper validation in bnx2x network card driver can allow for DoS attacks via crafted packet") Live patch for CVE-2018-1000026. Upstream commit 8914a595110a ("bnx2x: disable GSO where gso_size is too big for hardware"). KLP: CVE-2018-1000026 References: bsc#1096723 CVE-2018-1000026 [ mb: make kgr_skb_gso_validate_mac_len() static ] - commit 7c947cd ------------------------------------------------------------------- Fri Sep 7 06:22:47 CEST 2018 - nstange@suse.de - Fix for CVE-2018-10938 ("infinite loop in net/ipv4/cipso_ipv4.c:cipso_v4_optptr() allows for DoS") Live patch for CVE-2018-10938. Upstream commit 40413955ee26 ("Cipso: cipso_v4_optptr enter infinite loop"). KLP: CVE-2018-10938 References: bsc#1106191 CVE-2018-10938 - commit 018b0ab ------------------------------------------------------------------- Wed Sep 5 14:08:43 CEST 2018 - nstange@suse.de - Fix for CVE-2018-10902 ("double free in midi subsystem") Live patch for CVE-2018-10902. Upstream commit 39675f7a7c7e ("ALSA: rawmidi: Change resized buffers atomically"). KLP: CVE-2018-10902 References: bsc#1105323 CVE-2018-10902 - commit 1499778 ------------------------------------------------------------------- Fri Aug 10 09:07:40 CEST 2018 - mbenes@suse.cz - scripts/register-patches.sh: Amend S variable for Source enumeration Fixes bad merge commit. - commit ed24953 ------------------------------------------------------------------- Thu Aug 9 16:25:11 CEST 2018 - mbenes@suse.cz - Bump up the version number in spec file - commit 884d814 ------------------------------------------------------------------- Wed Aug 8 16:22:04 CEST 2018 - nstange@suse.de - Fix CVE-2018-3646 ('kvm: L1 Terminal Fault -VMM aka "Foreshadow" aka "Ocean Breeze" aka "Project Ocean"') Live patch for CVE-2018-3646. No upstream commit yet. KLP: CVE-2018-3646 References: bsc#1099306 CVE-2018-3646 - commit e0870ba ------------------------------------------------------------------- Wed Aug 8 15:18:35 CEST 2018 - nstange@suse.de - Fix for CVE-2017-18344 ("The timer_create syscall implementation doesn't properly validate the sigevent->sigev_notifyfield, which leads to out-of-bounds access") Live patch for CVE-2017-18344. Upstream commit cef31d9af9082 ("posix-timer: Properly check sigevent->sigev_notify"). KLP: CVE-2017-18344 References: bsc#1103203 CVE-2017-18344 - commit 67c3fd6 ------------------------------------------------------------------- Wed Aug 8 15:07:59 CEST 2018 - nstange@suse.de - Provide common kallsyms wrapper API With bsc#1103203, the need for disambiguating between a multiply defined symbol arose. This is something the kallsyms_lookup_name() based code snippet we used to copy&paste to every individual CVE fix can't handle. Implement a proper wrapper API for doing the kallsyms lookups. - commit 4aed7d2 ------------------------------------------------------------------- Wed Jul 11 13:50:51 CEST 2018 - nstange@suse.de - Fix CVE-2018-10853 ("kvm: guest userspace to guest kernel write") Live patch for CVE-2018-10853. Upstream commit 3c9fa24ca7c9 ("kvm: x86: use correct privilege level for sgdt/sidt/fxsave/fxrstor access"). KLP: CVE-2018-10853 References: bsc#1097108 CVE-2018-10853 - commit e30fc39 ------------------------------------------------------------------- Mon Jun 25 15:06:27 CEST 2018 - mbenes@suse.cz - Bump up the version number in spec file - commit 0c24a8b ------------------------------------------------------------------- Fri Jun 15 16:26:39 CEST 2018 - nstange@suse.de - Fix CVE-2018-3665 ("kvm: Lazy FP Save/Restore") Live patch for CVE-2018-3665. Upstream commit 653f52c316a4 ("kvm,x86: load guest FPU context more eagerly"). KLP: CVE-2018-3665 References: bsc#1096740 CVE-2018-3665 - commit a208a16 ------------------------------------------------------------------- Thu Jun 14 11:15:11 CEST 2018 - nstange@suse.de - Fix CVE-2018-3665 ("kernel: Lazy FP Save/Restore") Live patch for CVE-2018-3665. Upstream commit 58122bf1d856 ("x86/fpu: Default eagerfpu=on on all CPUs"). KLP: CVE-2018-3665 References: bsc#1090338 CVE-2018-3665 - commit 617d1f5 ------------------------------------------------------------------- Wed May 16 12:21:28 CEST 2018 - nstange@suse.de - bsc#1085447: fix raw __user access in put_v4l2_window32() put_v4l2_window32() loads kp->clips directly, but kp is in userspace and this load can oops. This has already been fixed upstream in commit 85ea29f19eab ("media: v4l2-compat-ioctl32: don't oops on overlay"). Backport it. References: bsc#1085447 CVE-2017-13166 - commit 93c3ee9 ------------------------------------------------------------------- Tue May 15 17:25:12 CEST 2018 - mbenes@suse.cz - Bump up the version number in spec file - commit 8050d85 ------------------------------------------------------------------- Mon May 14 08:30:02 CEST 2018 - nstange@suse.de - Fix CVE-2018-8897 (kernel: "POP SS") Live patch for CVE-2018-8897. Upstream commit d8ba61ba58c8 ("x86/entry/64: Don't use IST entry for #BP stack"). KLP: CVE-2018-8897 References: bsc#1090368 CVE-2018-8897 - commit dcfa955 ------------------------------------------------------------------- Mon May 14 08:30:00 CEST 2018 - nstange@suse.de - scrips/create-makefile.sh: add support for assembly files - commit cf2464a ------------------------------------------------------------------- Fri May 11 16:30:10 CEST 2018 - nstange@suse.de - callbacks: kgr_subpatch_register(): always set ->parent In case kgr_subpatch_register() finds an existing instance of that subpatch ID, the to be registered subpatch's ->parent is not set. This causes a NULL pointer dereference from kgr_subpatch_unregister() later on. Fix this by making kgr_patch_register() always set ->parent. - commit 1ff8a8c ------------------------------------------------------------------- Wed May 9 16:40:49 CEST 2018 - nstange@suse.de - Fix CVE-2018-8781 ("Integer overflow in drivers/gpu/drm/udl/udl_fb.c:udl_fb_mmap()...") Live patch for CVE-2018-8781. Upstream commit 3b82a4db8eac ("drm: udl: Properly check framebuffer mmap offsets"). KLP: CVE-2018-8781 References: CVE-2018-8781 bsc#1090646 - commit 07cd0ae ------------------------------------------------------------------- Thu May 3 13:41:31 CEST 2018 - nstange@suse.de - bsc#1090869: fix indirect call to kgr_kvm_spurious_fault() The inline asm of kgr____kvm_handle_fault_on_reboot() is broken in that it doesn't do a call to the address stored in kgr_kvm_spurious_fault, but a jmp. Fix this. - commit 81d9309 ------------------------------------------------------------------- Wed May 2 15:38:55 CEST 2018 - nstange@suse.de - kGraft callbacks: provide patch state abstraction Now that the kGraft core has been live patched to invoke the kgr_patch_state_pre_replace_cb(), kgr_patch_state_pre_revert_cb() and kgr_patch_state_post_patch_cb() callbacks, let's add an abstraction API on top to make this functionality accessible in sane ways from live patches. In general, the live patching callbacks are used for achieving global consistency. As such, they provide a means for getting notifications for events such as or global patching completement or an about to happen revert. However, a kGraft patch is usually made up from several independent subpatches, one for each issue or CVE to be fixed. In general, newly applied kGraft patches will provide a different set of fixes than what has been there before. This set usually grows with higher kGraft patch versions, but note that downgrades are also possible. What we really want to do is to track the global state on a per-subpatch basis and the abstraction API introduced by this patch provides this. Fixes are identified by a globally unique ID to be assigned by the patch author. These could be derived from a bsc# or CVE number. See the KGR_SUBPATCH_ID_BSC() and KGR_SUBPATCH_ID_CVE() helpers. The basic tracking entity is a struct kgr_subpatch. A kGraft module can register one of those for each issue ID it needs to have callback functionality for. Each kgr_subpatch instance can have a number of callbacks: - post_patch() Called for a subpatch whithout a precedessor after the kGraft transition has finished. - pre_migrate_to() Called for a subpatch with a precedessor before the kGraft transition starts. - post_migrate_to() Called for a subpatch with a precedessor after the kGraft transition has finished. - pre_revert() Called for a subpatch without a successor before the kGraft transition starts. - pre_migrate_away() Called for a subpatch with a successor before the kGraft transition starts. - post_migrate_away() Called for a subpatch with a successor after the kGraft transition has finished. To further facilite communication between subpatch precedessors and successors, each subpatch instance can have some data associated with it. The callback abstraction API manages these in entities of struct kgr_subpatch_data instances. It is expected that these are in general embedded in some larger structures. A kgr_subpatch's ->alloc_data() and ->free_data() callbacks will be used to allocate and free those. A kgr_subpatch's associated data is accessible at its ->data member. It is guaranteed to remain stable for the subpatch's complete lifetime, i.e. it may be accessed from any of its kGraft-patched replacement functions, regardless of any global patch state. Associated with each kgr_subpatch_data instance is a version whose meaning is to be defined by the patch author. Upon replacement of a subpatch with a matching successor, the ->prepare_migration() callback can inspect the preexisting data and still prevent a handover from taking place. If ->prepare_migration() returns false, the replacement will be treated as if the precedessor had been reverted and the successor been applied without a precedessor. In particular, ->pre_revert() and ->post_patch() will be called rather than any of the ->{pre,post}_migrate_{away,to}(). If ->prepare_migration() returns true, it must somehow take ownership of the previous subpatch's data. It can either 1. replace its own ->data initialized with the preallocated data or 2. store a pointer to the old data somewhere within its preallocated data. In the first case, the preallocated data will be automatically freed, so ->prepare_migration() must not do it. - commit fbe8e8e ------------------------------------------------------------------- Wed May 2 15:38:54 CEST 2018 - nstange@suse.de - Fix bsc#1083125 ("KGraft: small race in reversion code") Live patches relying on callback functionality will likely be more sensitive to kGraft's otherwise quite harmless reversion race. Fix it if callbacks are used. References: bsc#1083125 - commit 67b1efe ------------------------------------------------------------------- Wed May 2 15:38:53 CEST 2018 - nstange@suse.de - Add callback functionality In order to reach global consistency, certain kGraft patches need to get notfications of patch transition events like pre-revert, pre-replace and post-patch. The kGraft core does not provide such a mechanism but fortunately it can still be implemented by livepatching kGraft itself. This works because once kGraft concludes that everything has been transitioned and calls its kgr_finalize(), in particular that call's context will also have been transitioned. It follows that the kgr_finalize() invocation will be redirected to a live patched implementation, if any. This way kgr_finalize() can be amended from a live patch to call a post-patch callback. The same line of reasoning applies to kgr_modify_kernel() and pre-replace or -revert callbacks. Right now, the callbacks are only placeholder stubs which will be filled in by a later patch adding some abstraction API on top. This upcoming API will also implement a kgr_subpatch_register() function and subpatches making any use of callbacks will call it. Make register-patches.sh grep for 'kgr_subpatch_register' and enable the callbacks patch if and only if found. - commit 306c337 ------------------------------------------------------------------- Tue May 1 14:32:30 CEST 2018 - nstange@suse.de - Fix CVE-2018-1087 ("kvm: POP SS") Live patch for CVE-2018-1087. Upstream commit 32d43cd391ba ("kvm/x86: fix icebp instruction handling"). KLP: CVE-2018-1087 References: bsc#1090869 CVE-2018-1087 [ mb: s/CONFIG_SND_PCM/CONFIG_KVM_INTEL/ ] - commit 7d43aa6 ------------------------------------------------------------------- Tue Apr 24 15:20:14 CEST 2018 - mbenes@suse.cz - Bump up the version number in spec file - commit ffe49e8 ------------------------------------------------------------------- Fri Apr 20 11:07:10 CEST 2018 - nstange@suse.de - Fix for CVE-2018-1000199 ("ptrace() bug leading to DoS or possibly corruption") Live patch for CVE-2018-1000199. Upstream commit f67b15037a7a ("perf/hwbp: Simplify the perf-hwbp code, fix documentation"). KLP: CVE-2018-1000199 References: bsc#1090036 CVE-2018-1000199 - commit 8585644 ------------------------------------------------------------------- Tue Apr 3 15:48:41 CEST 2018 - mbenes@suse.cz - Bump up the version number in spec file - commit b1efde2 ------------------------------------------------------------------- Tue Mar 27 16:25:20 CEST 2018 - nstange@suse.de - Fix for CVE-2017-13166 ("An elevation of privilege vulnerability in the kernel v4l2 video driver") Live patch for CVE-2017-13166. Upstream commit a1dfb4c48cc1 ("media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic"). KLP: CVE-2017-13166 References: bsc#1085447 CVE-2017-13166 - commit 4d56679 ------------------------------------------------------------------- Wed Mar 21 11:47:17 CET 2018 - nstange@suse.de - Fix for CVE-2018-1068 ("netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets") Live patch for CVE-2018-1068. Upstream commit b71812168571 ("netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets") and follow-up commit 932909d9b28d ("netfilter: ebtables: fix erroneous reject of last rule"). KLP: CVE-2018-1068 References: bsc#1085114 CVE-2018-1068 - commit 49c848e ------------------------------------------------------------------- Fri Mar 16 15:45:31 CET 2018 - nstange@suse.de - Fix for CVE-2018-7566 ("race condition in snd_seq_write() may lead to UAF or OOB-access") Live patch for CVE-2018-7566. Upstream commits d15d662e89fc ("ALSA: seq: Fix racy pool initializations"), d15d662e89fc ("ALSA: seq: Fix racy pool initializations") and 7bd800915677 ("ALSA: seq: More protection for concurrent write and ioctl races"). KLP: CVE-2018-7566 References: bsc#1083488 CVE-2018-7566 - commit 3975a40 ------------------------------------------------------------------- Mon Mar 5 15:44:31 CET 2018 - nstange@suse.de - shadow variables: allow for dynamic initialization Currently, the only shadow variable initialization scheme exposed by the allocation API is to let klp_shadow_alloc() resp. klp_shadow_get_or_alloc() memcpy some user provided buffer to the freshly allocated shadow variable. This is too limited for shadow structures containing pointers into themselves like list_heads or mutexes. Change the internal __klp_shadow_get_or_alloc() to take a pointer to an initializer functions and call that in place of the memcpy() operation. In order to retain former functionality of klp_shadow_alloc() and klp_shadow_get_or_alloc(), make them pass the new __klp_shadow_memcpy_init() wrapper to __klp_shadow_get_or_alloc(). Finally, introduce the new klp_shadow_alloc_with_init() and klp_shadow_get_or_alloc_with_init() which pass a user provided initializer function pointer onwards to __klp_shadow_get_or_alloc(). - commit 843c6fa ------------------------------------------------------------------- Tue Jan 30 14:29:06 CET 2018 - mbenes@suse.cz - Update IBS_PROJECT to correct maintenance incident after initial submission - commit cb7e018 ------------------------------------------------------------------- Tue Jan 9 13:01:23 CET 2018 - mbenes@suse.cz - New branch for SLE12-SP2_Update_18 - commit 71d0a59 ------------------------------------------------------------------- Tue Dec 5 16:42:04 CET 2017 - mbenes@suse.cz - uname_patch: fix UNAME26 for 4.0 Backport upstream commit 39afb5ee4640 ("kernel/sys.c: fix UNAME26 for 4.0"). - commit 5988feb ------------------------------------------------------------------- Mon Dec 4 15:25:24 CET 2017 - mbenes@suse.cz - Revert "Add compat.h to deal with changes of KGR_PATCH macro" This reverts commit 4186bef35862029a2fd36ba4a73d5fa538992709. All currently supported kernels (that is, everything since SLE12_Update_14 and SLE12-SP1_Update_5) have sympos support. We can drop compat, because we don't need it anymore. - commit 11e3220 ------------------------------------------------------------------- Thu Nov 30 15:15:20 CET 2017 - mbenes@suse.cz - scripts: Generate ExclusiveArch in spec file dynamically ppc64le architecture kernel support is not present in all currently supported branches. It may cause problem for the maintenance team. Generate ExclusiveArch dynamically. It should be 'ppc64le x86_64' for SLE12-SP3 and 'x86_64' for the rest. - commit 95ed856 ------------------------------------------------------------------- Thu Nov 16 14:27:46 CET 2017 - mbenes@suse.cz - rpm/kgraft-patch.spec: Add ppc64le as a supported arch ppc64le is about to be supported in Live Patching product. Add it to ExclusiveArch tag. - commit 8437c94 ------------------------------------------------------------------- Thu Nov 16 14:26:35 CET 2017 - mbenes@suse.cz - rpm/kgraft-patch.spec: Remove s390x from supported archs s390x is not supported in Live Patching product. Remove it from ExclusiveArch. - commit f9614f2 ------------------------------------------------------------------- Thu Oct 5 12:12:29 CEST 2017 - nstange@suse.de - shadow variables: add KGR_SHADOW_ID helper As shadow variables are supposed to be shared among different KGraft modules their id's must be compile time constants. Introduce the KGR_SHADOW_ID helper macro for generating them in a uniform manner based on the bsc# number and a local id. - commit 237c8f3 ------------------------------------------------------------------- Thu Oct 5 12:12:28 CEST 2017 - nstange@suse.de - shadow variables: share shadow data among KGraft modules As it stands, each KGraft module maintains its own set of shadow variable management structures and thus, shadow variables are not sharable between livepatch modules. This behaviour is different from the upstream implementation and, as pointed out by Miroslav Benes, it also opens up an opportunity for a small window where the system might become vulnerable again during transition as we stack new livepatches on top. Let all KGraft patches share the shadow data. Sharing is implemented by moving the management structures from a KGraft module's .data to dynamically allocated memory. Each KGraft module will have specifically named pointers, 'kgr_shadow_hash12' and 'kgr_shadow_lock12', referencing them. Upon initialization, a KGraft module will discover already existing such shadow data by kallsyms-searching all loaded modules for these pointer symbols. If none is found, a new instance is allocated. The newly introduced kgr_shadow_init() implementing this is idempotent and can thus be called from the bsc# subpatches' initializers if needed. Upon KGraft module removal, the new kgr_shadow_cleanup() will conduct another kallsyms search and deallocate the shadow data in case there are no more users. kgr_shadow_cleanup() is also idempotent. Initialization and teardown of the common shadow data is serialized with the module_mutex which has to be taken for the kallsyms search anyway. - commit 8e1e705 ------------------------------------------------------------------- Thu Oct 5 12:12:27 CEST 2017 - nstange@suse.de - shadow variables: drop EXPORT_SYMBOL()s The shadow variable API will only ever get used by the KGraft module itself and thus, there's no need for exporting it. Drop all EXPORT_SYMBOL annotations. - commit ac6cfeb ------------------------------------------------------------------- Thu Oct 5 12:12:26 CEST 2017 - nstange@suse.de - shadow variables: introduce upstream patch Joe Lawrence posted the sixth version of his shadow variable patch [1] implementing the association of additional out-of-band data members to existing structure instances from livepatches. Jiri Kosina has applied this to his git://git.kernel.org/pub/scm/linux/kernel/git/jikos/livepatching.git for-4.15/shadow-variables tree and thus, it's queued up and close to getting merged. The plan is to eventually backport this shadow variable support to SLE kernels, but we also want to have it usable from KGraft modules by now. Port the implementation to the kraft-patches module. Namely, - dump shadow.c in it's current upstream state as it is after commits 439e7271dc2b ("livepatch: introduce shadow variable API") 5d9da759f758 ("livepatch: __klp_shadow_get_or_alloc() is local to shadow.c") 19205da6a0da ("livepatch: Small shadow variable documentation fixes") - add a shadow.h header and declare the newly introduced functions there - and incorporate the new files into the KGraft module's build system. [1] 1504211861-19899-2-git-send-email-joe.lawrence@redhat.com ("[PATCH v6] livepatch: introduce shadow variable API") - commit e899c4f ------------------------------------------------------------------- Tue Jun 13 15:54:27 CEST 2017 - nstange@suse.de - scripts/register-patches.sh: register subpatch sources in rpm spec In order to reduce the manual merging work upon addition of new (sub)patches, commit 4e8dc885be22 ("scripts: create kgr_patch_main.c dynamically") introduced the register-patches.sh helper. It discovers those and tweaks the main entry point, kgr_patch_main.c, as needed. However, a remaining manual merging task is to list a (sub)patch's source archive in rpm/kgraft-patch.spec and to %setup it. Make scripts/register-patches.sh do this. Namely, - introduce the @@KGR_PATCHES_SOURCES@@ and @@KGR_PATCHES_SETUP_SOURCES@@ placeholders in rpm/kgraft-patch.spec - and make scripts/register-patches.sh expand those within a spec file to be given as an additional command line argument. Finally, adjust scripts/tar-up.sh accordingly. - commit 9eafc8a ------------------------------------------------------------------- Tue Jun 13 15:51:42 CEST 2017 - nstange@suse.de - scripts/register-patches.sh: don't add ','s to @@KGR_PATCHES_FUNCS@@ register-patches.sh expands kgr_patch_main.c's @@KGR_PATCHES_FUNCS@@ placeholder by concatenating all available patches' KGR_PATCH__FUNCS together, separating them by commas. The KGR_PATCH__FUNCS are CPP macros supposed to be provided by each patch. If one of these happens to be empty, the preprocessed expansion will contain two consecutive commas which gcc doesn't like in array initializers. Do not add any commas to the @@KGR_PATCHES_FUNCS@@ expansion but require the individual KGR_PATCH__FUNCS macros to already contain trailing ones as needed. Fixes: 4e8dc885be22 ("scripts: create kgr_patch_main.c dynamically") - commit ba41416 ------------------------------------------------------------------- Wed Jun 7 12:05:41 CEST 2017 - nstange@suse.de - scripts: create kgr_patch_main.c dynamically The kgraft-patches repository has got many branches, each corresponding to a supported codestream. Each of those carries a potentially different set of live (sub)patches which are controlled through the entry points in kgr_patch_main.c. According to Miroslav, merging of a new (sub)patch based on the pristine master is a pita due to conflicts. Since all (sub)patches stick to certain conventions already, the required modifications of the merging-hotspot kgr_patch_main.c are quite mechanic. Let a script do the work. Namely, - insert some special @@-embraced placeholders at the few places depending on the actual set of (sub)patches, - let register-patches.sh discover the available (sub)patches by searching for directories - and let register-patches.sh replace those placeholders in kgr_patch_main.c Finally, add a register-patches.sh invocation to tar-up.sh. This procedure requires that a SUBPATCH located in directory SUBPATCH/ adheres to the following conventions: - It must provide a provide a SUBPATCH/kgr_patch_SUBPATCH.h header. - This header must provide declarations for kgr_patch_SUBPATCH_init() and kgr_patch_SUBPATCH_cleanup(). - This header must also #define a KGR_PATCH_SUBPATCH_FUNCS macro. It should expand to a comma separated list of KGR_PATCH*() entries, each corresponding to a function the subpatch wants to replace. [mbenes: fixed typos, empty line removed] - commit 4e8dc88 ------------------------------------------------------------------- Mon Apr 24 16:00:54 CEST 2017 - mbenes@suse.cz - Replace $(PWD) with $(CURDIR) in Makefile CURDIR is an internal variable of make and more suitable. - commit 03bf1d5 ------------------------------------------------------------------- Wed Apr 19 14:02:27 CEST 2017 - mbenes@suse.cz - Create Makefile automatically Introduce scripts/create-makefile.sh script to automatically create a makefile. The scripts is called from tar-up.sh or could be called manually. - commit 1af6c29 ------------------------------------------------------------------- Mon Oct 24 13:26:09 CEST 2016 - mbenes@suse.cz - Better to use SUSE:SLE-12:Update than Devel:kGraft:SLE12 project - commit bdc7598 ------------------------------------------------------------------- Tue May 10 15:43:59 CEST 2016 - mbenes@suse.cz - Add compat.h to deal with changes of KGR_PATCH macro Sympos patch set for kGraft redefined KGR_PATCH macro and added two new ones. Add new compat.h which contains macro magic so that all kGraft patches would work on both old and new kernels with the patch set merged. - commit 4186bef ------------------------------------------------------------------- Fri May 6 17:01:17 CEST 2016 - mbenes@suse.cz - Fix the number of parameters of KGR_PATCH macro New kernels contain kGraft's sympos patch set which changed number of paramaters of KGR_PATCH macro and introduced new macros. Fix it in master so it will be ok for new branches. - commit 78cf676 ------------------------------------------------------------------- Tue Sep 1 13:00:23 CEST 2015 - mmarek@suse.com - Include the RPM version number in the module name - commit 8fa02c6 ------------------------------------------------------------------- Wed Aug 26 11:29:44 CEST 2015 - mbenes@suse.cz - Remove forgotten debug option in the Makefile - commit 9c24ab8 ------------------------------------------------------------------- Mon Aug 17 13:42:04 CEST 2015 - mbenes@suse.cz - Add license and copyright notices - commit d42d3aa ------------------------------------------------------------------- Wed Jul 15 15:58:35 CEST 2015 - mbenes@suse.cz - Remove immediate flag Fake signal was merged to kGraft and immediate feature removed. Remove it in kGraft patches from now on too. - commit c767ad2 ------------------------------------------------------------------- Wed May 20 16:32:17 CEST 2015 - mbenes@suse.cz - Set immediate flag to false Using immediate set to true can lead to BUGs and oopses when downgrading, reverting or applying replace_all patches. There is no way how to find out if there is a process in the old code which is being removed. The module would be put, removed and the process will crash. The consistency model guarantees that there is no one in the old code when the finalization ends. Thus use it for all case to be safe. - commit 830e1a3 ------------------------------------------------------------------- Tue May 12 15:48:07 CEST 2015 - mbenes@suse.cz - Fix description in rpm spec file Spec file description mentions initial kGraft patch which is only true for real initial patch. Make it more neutral. References: bsc#930408 - commit a55e023 ------------------------------------------------------------------- Wed Apr 1 15:36:24 CEST 2015 - mbenes@suse.cz - Generate archives names automatically in tar-up.sh - commit 1f34f18 ------------------------------------------------------------------- Wed Apr 1 13:39:26 CEST 2015 - mbenes@suse.cz - Automatically generate .changes file from git log Also add comments to tar-up.sh script to distinguish between sections. - commit 212a7ae ------------------------------------------------------------------- Thu Mar 26 14:24:21 CET 2015 - mmarek@suse.cz - Revert "Require exact kernel version in the patch" This needs to be done differently, so that modprobe --force works as expected. References: bnc#920615 This reverts commit c62c11aecd4e3f8822e1b835fea403acc3148c5a. - commit bc88dd7 ------------------------------------------------------------------- Wed Mar 25 13:10:24 CET 2015 - mmarek@suse.cz - Require exact kernel version in the patch References: bnc#920615 - commit c62c11a ------------------------------------------------------------------- Tue Mar 24 12:15:41 CET 2015 - mmarek@suse.cz - Add the git commit and branch to the package description References: bnc#920633 - commit 1ff4e48 ------------------------------------------------------------------- Wed Nov 26 10:09:14 CET 2014 - mbenes@suse.cz - Set immediate flag for the initial patch Setting immediate to true will simplify installation of the initial patch and possibly also of the further updates. References: bnc#907150 - commit 391b810 ------------------------------------------------------------------- Tue Nov 25 16:26:40 CET 2014 - mbenes@suse.cz - Add .replace_all set to true Add .replace_all flag set to true even to the initial patch. Thus we will not forget to add that later. Also .immediate is there as a comment. - commit 933e15e ------------------------------------------------------------------- Mon Nov 24 15:02:33 CET 2014 - mmarek@suse.cz - Drop the hardcoded kernel release string The updated kgraft-devel macros set this during build time, so we do not need to know the kernel release string beforehand. As a name suffix for the source packages, let's use SLE12_Test in the master branch and SLE12_Update_ in the update branches. - commit 65f7a25 ------------------------------------------------------------------- Fri Nov 21 15:48:48 CET 2014 - mmarek@suse.cz - Check that we are building against the set kernel version - commit 689e44a ------------------------------------------------------------------- Wed Nov 12 04:11:14 CET 2014 - mmarek@suse.cz - Mark the module as supported References: bnc#904970 - commit 6249314 ------------------------------------------------------------------- Tue Nov 11 17:11:28 CET 2014 - mmarek@suse.cz - Build the test packages against Devel:kGraft:SLE12 - commit c952fbb ------------------------------------------------------------------- Thu Nov 6 13:55:43 CET 2014 - mbenes@suse.cz - Add top git commit hash to uname -v Add top git commit hash to version part of uname. This makes the identification of current patch level easy (even in crash: p kgr_tag). References: fate#317769 - commit 54c9595 ------------------------------------------------------------------- Tue Nov 4 16:23:50 CET 2014 - mbenes@suse.cz - Replace @@RELEASE@@ in kgr_patch->name with @@RPMRELEASE@@ We need to replace @@RELEASE@@ in kgr_patch->name with @@RPMRELEASE@@ due to sysfs tree. @@RELEASE@@ changes with each new version of package. - commit 51fd9dd ------------------------------------------------------------------- Mon Nov 3 17:27:24 CET 2014 - mmarek@suse.cz - Add a source-timestamp file with the git commit hash and branch This is required by the bs-upload-kernel script to upload packages to the BS. It can also be used by the specfile in the future. - commit feab4f1 ------------------------------------------------------------------- Mon Nov 3 16:56:31 CET 2014 - mbenes@suse.cz - Initial commit - commit 600de9d ------------------------------------------------------------------- Mon Nov 3 14:59:46 CET 2014 - mmarek@suse.cz - Add config.sh script This tells the automatic builder which IBS project to use. - commit aa7f1cb