------------------------------------------------------------------- Mon Aug 9 16:30:27 CEST 2021 - nstange@suse.de - Bump up the version number in spec file - commit 4a795c8 ------------------------------------------------------------------- Thu Aug 5 16:50:11 CEST 2021 - nstange@suse.de - scripts/register-patches.sh: fix issue with per-klp_object #if-guards scripts/register-patches.sh is supposed to #if-guard each constructed klp_object instance by the logical or of the individual functions' associated conditions as specified in the corresponding patched_funcs.csv entries. If only one such function entry doesn't have a condition associated with it, the compound logical || would always evaluate to true though and thus, register-patches.sh should skip the per-klp_object #if-guard alltogether in this case. To this end, the inner loop iterating over the function entries resets the array o_conds of unique conditions seen for the current object and breaks out upon encountering an unconditional patch entry, i.e. one w/o an empty condition field. The problem is that the break from the inner loop has no effect on the outer loop over the different patched_funcs.csv's and thus, the emptied o_conds array can get populated again in the course of processing a later patched_funcs.csv. Later code would then find the non-empty o_conds and guard the currently constructed klp_object by oring its individual entries together rather than omitting the #if-guard as a whole as it should. Fix this by introducing the boolean variable "any_unconds", flip it to true upon encountering an unconditional function entry and force the o_conds array to empty if any_unconds is found to be set once the outer loop has completed. - commit dae55a1 ------------------------------------------------------------------- Fri Jul 30 15:07:13 CEST 2021 - nstange@suse.de - Fix for CVE-2021-22543 ("/dev/kvm LPE") Live patch for CVE-2021-22543. Upstream commits - bd2fae8da794 ("KVM: do not assume PTE is writable after follow_pfn") - a9545779ee9e ("KVM: Use kvm_pfn_t for local PFN variable in hva_to_pfn_remapped()") - f8be156be163 ("KVM: do not allow mapping valid but non-reference-counted pages") KLP: CVE-2021-22543 References: bsc#1186483 CVE-2021-22543 - commit dfbdd7b ------------------------------------------------------------------- Fri Jul 30 11:55:07 CEST 2021 - nstange@suse.de - Fix for CVE-2021-37576 ("powerpc: KVM guest OS users can cause host OS memory corruption") Live patch for CVE-2021-37576. Upstream commit f62f3c20647e ("KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow"). KLP: CVE-2021-37576 References: bsc#1188842 CVE-2021-37576 - commit 3d10b8f ------------------------------------------------------------------- Thu Jul 22 08:46:29 CEST 2021 - nstange@suse.de - Bump up the version number in spec file - commit c927ec5 ------------------------------------------------------------------- Tue Jul 20 13:33:47 CEST 2021 - nstange@suse.de - Fix for CVE-2021-3609 ("net/can: race condition in net/can/bcm.c leads to local privilege escalation") Live patch for CVE-2021-3609. Upstream commit d5f9023fa61e ("can: bcm: delay release of struct bcm_op after synchronize_rcu()"). KLP: CVE-2021-3609 References: bsc#1188323 CVE-2021-3609 - commit 4cee7c3 ------------------------------------------------------------------- Fri Jul 16 09:51:47 CEST 2021 - nstange@suse.de - Fix for CVE-2021-33909 ("size_t-to-int vulnerability in Linux's filesystem layer") Live patch for CVE-2021-33909. No upstream commit yet. KLP: CVE-2021-33909 References: bsc#1188257 CVE-2021-33909 - commit f87a220 ------------------------------------------------------------------- Thu Jul 15 12:19:40 CEST 2021 - nstange@suse.de - Fix for CVE-2021-22555 ("out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c") Live patch for CVE-2021-22555. Upstream commit b29c457a6511 ("netfilter: x_tables: fix compat match/target pad out-of-bound write"). KLP: CVE-2021-22555 References: bsc#1188117 CVE-2021-22555 - commit 280f6c6 ------------------------------------------------------------------- Fri Jul 9 11:42:25 CEST 2021 - nstange@suse.de - Bump up the version number in spec file - commit dab6d11 ------------------------------------------------------------------- Tue Jul 6 15:15:06 CEST 2021 - nstange@suse.de - Fix for CVE-2020-36385 ("An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma") Live patch for CVE-2020-36385. Upstream commit f5449e74802c ("RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy"). KLP: CVE-2020-36385 References: bsc#1187052 CVE-2020-36385 - commit 3e80a60 ------------------------------------------------------------------- Wed Jun 30 15:04:03 CEST 2021 - nstange@suse.de - Fix for CVE-2021-0512 ("out-of-bounds write due to a heap buffer overflow in __hidinput_change_resolution_multipliers() of hid-input.c") Live patch for CVE-2021-0512. Upstream commit ed9be64eefe2 ("HID: make arrays usage and value to be the same"). KLP: CVE-2021-0512 References: bsc#1187597 CVE-2021-0512 - commit cdb7307 ------------------------------------------------------------------- Fri Jun 18 15:11:38 CEST 2021 - nstange@suse.de - Fix for CVE-2021-23133 ("sctp_destroy_sock list_del race condition") Live patch for CVE-2021-23133. Upstream commit 34e5b0118685 ("sctp: delay auto_asconf init until binding the first addr"). KLP: CVE-2021-23133 References: bsc#1185901 CVE-2021-23133 - commit b852146 ------------------------------------------------------------------- Fri Jun 11 12:12:40 CEST 2021 - nstange@suse.de - Bump up the version number in spec file - commit e2afee7 ------------------------------------------------------------------- Thu May 27 16:21:39 CEST 2021 - nstange@suse.de - Fix for bsc#1185847 ("Data loss/corruption occurs any time there is a write error on an md/raid array") Live patch for bsc#1185847. Upstream commit 2417b9869b81 ("md/raid1: properly indicate failure when ending a failed write request"). KLP: bsc#1185847 References: bsc#1185847 - commit ae1eb6e ------------------------------------------------------------------- Wed May 26 12:45:00 CEST 2021 - nstange@suse.de - Fix for CVE-2021-33034 ("use-after-free when destroying an hci_chan") Live patch for CVE-2021-33034. Upstream commit 5c4c8c954409 ("Bluetooth: verify AMP hci_chan before amp_destroy"). KLP: CVE-2021-33034 References: bsc#1186285 CVE-2021-33034 - commit 2964ef1 ------------------------------------------------------------------- Mon May 17 16:57:31 CEST 2021 - nstange@suse.de - Fix for CVE-2021-32399 ("Linux device detach race condition") Live patch for CVE-2021-32399. Upstream commit e2cb6b891ad2 ("bluetooth: eliminate the potential race condition when removing the HCI controller"). KLP: CVE-2021-32399 References: bsc#1185899 CVE-2021-32399 - commit d15ab33 ------------------------------------------------------------------- Thu May 13 17:40:26 CEST 2021 - nstange@suse.de - Bump up the version number in spec file - commit 75d24a2 ------------------------------------------------------------------- Thu Apr 29 09:35:25 CEST 2021 - nstange@suse.de - Fix for CVE-2020-36322 ("FUSE driver can confuse kernel by changing inode type") Live patch for CVE-2020-36322. Upstream commits 5d069dbe8aaf ("fuse: fix bad inode") and 775c5033a0d1 ("fuse: fix live lock in fuse_iget()"). KLP: CVE-2020-36322 References: bsc#1184952 CVE-2020-36322 - commit 72307e8 ------------------------------------------------------------------- Thu Apr 22 16:41:52 CEST 2021 - nstange@suse.de - Fix for CVE-2021-29154 ("LPE due to incorrect BPF JIT branch displacement computation") Live patch for CVE-2021-29154. Upstream commit e4d4d456436b ("bpf, x86: Validate computation of branch displacements for x86-64"). KLP: CVE-2021-29154 References: bsc#1184710 CVE-2021-29154 - commit 346cb03 ------------------------------------------------------------------- Tue Apr 20 09:49:20 CEST 2021 - nstange@suse.de - Bump up the version number in spec file - commit ba12697 ------------------------------------------------------------------- Fri Apr 9 15:31:48 CEST 2021 - nstange@suse.de - Fix for CVE-2021-3444 ("Linux kernel bpf verifier incorrect mod32 truncation") Live patch for CVE-2021-3444. Upstream commits - f6b1b3bf0d5f ("bpf: fix subprog verifier bypass by div/mod by 0 exception"), - e88b2c6e5a4d ("bpf: Fix 32 bit src register truncation on div/mod") and - 9b00f1b78809 ("bpf: Fix truncation handling for mod32 dst reg wrt zero"). KLP: CVE-2021-3444 References: bsc#1184171 CVE-2021-3444 - commit 403daf6 ------------------------------------------------------------------- Wed Apr 7 15:45:19 CEST 2021 - nstange@suse.de - Fix for CVE-2021-28660 ("memory overwrite in rtl8188eu") Live patch for CVE-2021-28660. Upstream commit 74b6b20df8cf ("staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()"). KLP: CVE-2021-28660 References: bsc#1183658 CVE-2021-28660 - commit 0677567 ------------------------------------------------------------------- Fri Mar 19 16:07:01 CET 2021 - nstange@suse.de - Bump up the version number in spec file - commit 45e9664 ------------------------------------------------------------------- Tue Mar 16 15:27:19 CET 2021 - nstange@suse.de - Fix for CVE-2021-27365 ("iscsi_host_get_param() allows sysfs params larger than 4k") Live patch for CVE-2021-27365. Upstream commits ec98ea7070e9 ("scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE") and f9dbdf97a5bd ("scsi: iscsi: Verify lengths on passthrough PDUs"). KLP: CVE-2021-27365 References: bsc#1183491 CVE-2021-27365 - commit 0c5be31 ------------------------------------------------------------------- Wed Mar 10 13:58:23 CET 2021 - nstange@suse.de - Fix for CVE-2021-26930 ("error handling issues in blkback's grant mapping (XSA-365 v3)") Live patch for CVE-2021-26931, CVE-2021-26930 and CVE-2021-28688. Upstream commits - 5a264285ed1c ("xen-blkback: don't "handle" error by BUG()") - 871997bc9e42 ("xen-blkback: fix error handling in xen_blkbk_map()") and - a846738f8c37 ("xen-blkback: don't leak persistent grants from xen_blkbk_map()"). KLP: CVE-2021-26931 CVE-2021-26930 CVE-2021-28688 References: bsc#1182294 CVE-2021-26931 CVE-2021-26930 CVE-2021-28688 XSA-362 XSA-365 XSA-371 - commit 7945da5 ------------------------------------------------------------------- Tue Mar 9 11:03:44 CET 2021 - nstange@suse.de - Fix for CVE-2021-27363 + CVE-2021-27364 ("show_transport_handle() shows iSCSI transport handle to non-root users") Live patch for CVE-2021-27363 and CVE-2021-27364. Upstream commit 688e8128b7a9 ("scsi: iscsi: Restrict sessions and handles to admin capabilities"). KLP: CVE-2021-27363 CVE-2021-27364 References: bsc#1183120 CVE-2021-27363 CVE-2021-27364 - commit b4f6af3 ------------------------------------------------------------------- Wed Mar 3 09:11:53 CET 2021 - nstange@suse.de - Bump up the version number in spec file - commit 905239a ------------------------------------------------------------------- Wed Feb 24 13:35:07 CET 2021 - nstange@suse.de - bsc#1179664: apply follow-up upstream fix Apply upstream follow-up commit 1c2f67308af4 ("mm: thp: fix MADV_REMOVE deadlock on shmem THP") to the livepatch for bsc#1179664, CVE-2020-29368. References: bsc#1179664 - commit 4436d53 ------------------------------------------------------------------- Wed Feb 10 16:50:02 CET 2021 - nstange@suse.de - Fix for CVE-2021-3347 ("UAF in futex") Live patch for CVE-2021-3347. Upstream commits 12bb3f7f1b03 ("futex: Ensure the correct return value from futex_lock_pi()") 04b79c55201f ("futex: Replace pointless printk in fixup_owner()") c5cade200ab9 ("futex: Provide and use pi_state_update_owner()") 2156ac193416 ("rtmutex: Remove unused argument from rt_mutex_proxy_unlock()") 6ccc84f917d3 ("futex: Use pi_state_update_owner() in put_pi_state()") f2dac39d9398 ("futex: Simplify fixup_pi_state_owner()") 34b1a1ce1458 ("futex: Handle faults correctly for PI futexes") KLP: CVE-2021-3347 References: bsc#1181553 CVE-2021-3347 - commit 09bdba6 ------------------------------------------------------------------- Fri Jan 29 15:24:57 CET 2021 - nstange@suse.de - Fix for CVE-2020-28374 ("LIO security issue") Live patch for CVE-2020-28374. Upstream commit 2896c93811e3 ("scsi: target: Fix XCOPY NAA identifier lookup"). KLP: CVE-2020-28374 References: bsc#1178684 CVE-2020-28374 - commit 5614a47 ------------------------------------------------------------------- Thu Jan 28 15:55:30 CET 2021 - nstange@suse.de - Bump up the version number in spec file - commit 36236f5 ------------------------------------------------------------------- Tue Jan 19 13:44:10 CET 2021 - nstange@suse.de - Fix for CVE-2020-29373 ("unsafely handling of the root directory during path lookups in fs/io_uring.c") Live patch for CVE-2020-29373. Upstream commit cac68d12c531 ("io_uring: grab ->fs as part of async offload") from stable 5.4 tree. KLP: CVE-2020-29373 References: bsc#1179779 CVE-2020-29373 - commit ce9fd87 ------------------------------------------------------------------- Mon Jan 18 11:16:24 CET 2021 - nstange@suse.de - Fix for CVE-2020-36158 ("RCE via a long SSID value in mwifiex_cmd_802_11_ad_hoc_start marvell/mwifiex/join.c") Live patch for CVE-2020-36158. Upstream commit 5c455c5ab332 ("mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start"). KLP: CVE-2020-36158 References: bsc#1180562 CVE-2020-36158 - commit 465afeb ------------------------------------------------------------------- Wed Jan 13 11:41:32 CET 2021 - nstange@suse.de - klp_syscalls.h: fix syscall prototype mismatch on s390x for kernels >= 4.17 The __SYSCALL_DEFINEx(x, name, ...) macro as defined in arch/s390/include/asm/syscall_wrapper.h declares two protoypes for a given syscall: __s390x_sys##name() and __se_sys##name(). The former symbol is made to be an alias to the latter and the function arguments are of the "real" type as specified in the macro invocation whereas the latter's argument types are transformed into longs. Currently the KLP_SYSCALL_SYM() helper macro from our klp_syscalls.h evaluates to the __s390x_sys##name() variant, but its expansion result is intended to be used with KLP_SYSCALL_DECLx(), which does the transformation of the arguments' types to longs. This results in compilation errors due to the syscall prototype declaration from KLP_SYSCALL_DECLx() confliciting with the one from __SYSCALL_DEFINEx(), if visible. The current behaviour of KLP_SYSCALL_DECLx() should be retained in order to keep it working for the compatibility stubs, i.e. with KLP_SYSCALL_COMPAT_STUB_SYM(). So fix the issue by making KLP_SYSCALL_SYM() to evaluate to the __se_sys##name() variant on 390x for kernel versions >= 4.17. - commit 862bd77 ------------------------------------------------------------------- Wed Jan 13 10:58:37 CET 2021 - nstange@suse.de - Fix for CVE-2020-0466 ("In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error.") Live patch for CVE-2020-0466. Upstream commits a9ed4a6560b8 ("epoll: Keep a reference on files added to the check list"), 52c479697c9b ("do_epoll_ctl(): clean the failure exits up a bit"), 77f4689de17c ('fix regression in "epoll: Keep a reference on files added to the check list"'). KLP: CVE-2020-0466 References: bsc#1180032 CVE-2020-0466 - commit 30485e2 ------------------------------------------------------------------- Tue Jan 12 13:38:00 CET 2021 - nstange@suse.de - scripts/register-patches.sh: stringify klp_funcs' ->old_name In order to enable the use of e.g. KLP_SYSCALL_SYM() for the to be livepatched function's name in patched_funcs.csv, make register-patches.sh wrap the emitted klp_funcs' ->old_name initialization values with __stringify() rather than writing string tokens directly. - commit f54c4d6 ------------------------------------------------------------------- Thu Jan 7 13:27:24 CET 2021 - nstange@suse.de - Fix for CVE-2020-29569 ("Use after free triggered by block frontend in Linux blkback (XSA-350 v3)") Live patch for CVE-2020-29569. Upstream commit 1c728719a4da ("xen-blkback: set ring->xenblkd to NULL after kthread_stop()"). KLP: CVE-2020-29569 References: bsc#1180008 CVE-2020-29569 - commit 50ff765 ------------------------------------------------------------------- Wed Jan 6 12:32:28 CET 2021 - nstange@suse.de - Fix for CVE-2020-29660, CVE-2020-29661 ("[tty] hole/race in pgrp & session handling") Live patch for CVE-2020-29660 and CVE-2020-29661. Upstream commits 54ffccbf053b ("tty: Fix ->pgrp locking in tiocspgrp()") and c8bcd9c5be24 ("tty: Fix ->session locking"). KLP: CVE-2020-29660 CVE-2020-29661 References: bsc#1179877 CVE-2020-29660 CVE-2020-29661 - commit f7ce304 ------------------------------------------------------------------- Wed Dec 9 11:14:24 CET 2020 - nstange@suse.de - Fix for CVE-2020-29368 ("the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check") Live patch for CVE-2020-29368. Upstream commit c444eb564fb1 ("mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked()"). KLP: CVE-2020-29368 References: bsc#1179664 CVE-2020-29368 - commit 00ed2a9 ------------------------------------------------------------------- Wed Dec 2 14:44:58 CET 2020 - mbenes@suse.cz - Update IBS_PROJECT to correct maintenance incident after initial submission - commit d58461f ------------------------------------------------------------------- Mon Nov 30 12:26:40 CET 2020 - nstange@suse.de - New branch for SLE15-SP2_Update_8 - commit d8c91ab ------------------------------------------------------------------- Tue May 19 15:01:34 CEST 2020 - mbenes@suse.cz - scripts: Disable use of klp-convert klp-convert tool was introduced to improve a situation with unexported symbols while preparing live patches. However, it is still not stable enough and upstream still needs to decide the purpose of the tool. Given that it is used only for uname patch and only on SLE15-SP1 it is better to just disable it for now. At the same, leave the infrastructure in place, because we might use it in the future. - commit 3397b3e ------------------------------------------------------------------- Wed Apr 8 10:14:20 CEST 2020 - nstange@suse.de - scripts: enable s390x for SLE12-SP4 The initial live patch shall be built on s390x for future SLE12-SP4 kernel releases. Make tar-up.sh add s390x to ExclusiveArch from the (not yet existing) SLE12-SP4_Update_13 onwards. - commit f49a99e ------------------------------------------------------------------- Mon Mar 30 11:59:20 CEST 2020 - nstange@suse.de - scripts: enable s390x for SLE15-SP2 - commit 933574a ------------------------------------------------------------------- Wed Mar 25 10:45:50 CET 2020 - nstange@suse.de - scripts: Generate ExclusiveArch in spec file dynamically s390x support is slowly being introduced for newly created master-livepatch based branches. In order to avoid problems with existing branches for e.g. the maintenance team, don't add s390x to the hard-coded list of ExclusiveArchs, but let tar-up.sh enable it dynamically depending on the codestream in question. For now, s390x builds will be enabled on SLE12-SP5, beginning with SLE12-SP5_Update_3 onwards. - commit 27b683d ------------------------------------------------------------------- Mon Dec 2 13:49:24 CET 2019 - mbenes@suse.cz - Revert "shadow variables: allow for dynamic initialization" This reverts commit 843c6fa42429afc1682cdb39119e7a011af2abc9. - commit 23d37c8 ------------------------------------------------------------------- Mon Dec 2 13:40:37 CET 2019 - mbenes@suse.cz - Revert "shadow variables: introduce upstream patch" This reverts commit e899c4fd3fe7602ebd70f578d8475f1049de7c78. - commit c1be24c ------------------------------------------------------------------- Mon Dec 2 13:38:18 CET 2019 - mbenes@suse.cz - Revert "shadow variables: drop EXPORT_SYMBOL()s" This reverts commit ac6cfebd7f831213ebcd4b2690672871572ec49e. - commit 5771a4b ------------------------------------------------------------------- Mon Dec 2 13:38:04 CET 2019 - mbenes@suse.cz - Revert "shadow variables: share shadow data among KGraft modules" This reverts commit 8e1e705d4d56981949f7ae3854d8e1cc2be7f40f. - commit 1c87412 ------------------------------------------------------------------- Mon Dec 2 13:37:30 CET 2019 - mbenes@suse.cz - Revert "shadow variables: add KGR_SHADOW_ID helper" This reverts commit 237c8f3d13c382321d3e65d138d328eae0b82f6c. - commit 41936fd ------------------------------------------------------------------- Sat Sep 7 18:53:16 CEST 2019 - nstange@suse.de - uname_patch: convert to the syscall stub wrapper macros from klp_syscalls.h In order to make the live patch to the newuname() syscall work on kernels >= 4.17 again, convert it to the KLP_SYSCALL_*() wrapper macros provided by klp_syscalls.h. References: bsc#1149841 - commit b5af38e ------------------------------------------------------------------- Sat Sep 7 18:53:15 CEST 2019 - nstange@suse.de - Provide wrapper macros for syscall naming Live patching syscall stubs is a common task, for example any live patch package modifies the newuname syscall. For the actual definitions of the live patched syscall stubs, the __SYSCALL_DEFINEx() name can always be (and often has been) used like e.g. __SYSCALL_DEFINEx(3, _klp_timer_create, const clockid_t, which_clock, struct sigevent __user *, timer_event_spec, timer_t __user *, created_timer_id) { /* New implementation */ } Up to kernel 4.16, this used to define a function named "SyS_klp_timer_create" which could then be used to live patch the "SyS_timer_create". However, beginning with kernel version 4.17, resp. upstream commits - fa697140f9a2 ("syscalls/x86: Use 'struct pt_regs' based syscall calling convention for 64-bit syscalls") - e145242ea0df ("syscalls/core, syscalls/x86: Clean up syscall stub naming convention") - d5a00528b58c ("syscalls/core, syscalls/x86: Rename struct pt_regs-based sys_*() to __x64_sys_*()"), things became more complex: - The naming of the resulting stubs now varies across architecture. - Some architectures (x86_64, s390x) instantiate an additional compat stub for syscalls sharing a common implementation between 32 and 64 bits. (The 32 bit entry code used to convert from the 32 bit ABI to 64 bit and simply call the 64 bit syscall stub afterwards. That's handled by the new 32 bit stubs now.) - The stubs' signatures have changed: each argument used to get mapped to either long or long long, but on x86_64, the stubs are now receiving a single struct pt_regs only -- it's their responsibility to extract the arguments as appropriate. In order to not require each and every live patch touching syscalls to include an insane amount of ifdeffery, provide a set of #defines hiding it: 1.) KLP_SYSCALL_SYM(name) expands to the syscall stub name for 64 bits as defined by _SYSCALL_DEFINEx(x, _name, ...). 2.) If the architeture requires 32bit specific stubs for syscalls sharing a common implementation between 32 and 64bits, the KLP_ARCH_HAS_SYSCALL_COMPAT_STUBS macro is defined. 3.) If KLP_ARCH_HAS_SYSCALL_COMPAT_STUBS is defined, then KLP_SYSCALL_COMPAT_STUB_SYM(name) expands to the syscall stub name for 32 bits as defined by _SYSCALL_DEFINEx(x, _name, ...). 4.) For syscalls not sharing a common implementation between 32 and 64 bits, i.e. those defined by COMPAT_SYSCALL_DEFINEx(), the macro KLP_COMPAT_SYSCALL_SYM(name) expands to the stub name defined as defined by COMPAT_SYSCALL_DEFINEx(x, _name, ...). 5.) Finally, for hiding differences between the signatures, provide the macro KLP_SYSCALL_DECLx(x, sym, ...) which expands to a declaration of sym, with the x arguments either mapped to long resp. long long each, or collapsed to a single struct pt_regs argument as appropriate for the architecture. Note that these macros are defined as appropriate on kernels before and after 4.17, so that live patch code can be shared. References: bsc#1149841 - commit da7b9a5 ------------------------------------------------------------------- Sat Aug 24 19:06:03 CEST 2019 - nstange@suse.de - scripts/create-makefile.sh: add -I flag for toplevel directory to ccflags-y Since upstream commit 58156ba4468f ("kbuild: skip 'addtree' and 'flags' magic for external module build") Kbuild won't add an -I flag for an external module's toplevel source directory to the compilation flags anymore. This results in compilation errors like the following: uname_patch/livepatch_uname.c:36:10: fatal error: klp_convert.h: No such file or directory #include "klp_convert.h" ^~~~~~~~~~~~~~~ Fix this by appending '-I$(obj)' to ccflags-y within the Makefile created by scripts/create-makefile.sh. Note that "$(obj)" is set to the current source directory before the Makefile is sourced by Kbuild. - commit b30a48e ------------------------------------------------------------------- Thu Mar 7 15:23:42 CET 2019 - mbenes@suse.cz - livepatch_main.c: Adaptation to a new livepatch API The atomic replace patch set among others removed the two-stage API. There is no (un)registration step needed now. SLES backport defines KLP_NOREG_API macro to easily distinguish whether the kernel provides the old or the new API. Use it and change the module init and exit functions accordingly. - commit 060163b ------------------------------------------------------------------- Thu Feb 7 14:13:00 CET 2019 - mbenes@suse.cz - uname_patch: Use klp-convert macros and rely on klp-convert where possible - commit 4c9eb70 ------------------------------------------------------------------- Wed Feb 6 14:12:44 CET 2019 - mbenes@suse.cz - Define macros to switch easily between klp-convert and kallsyms Kallsyms trick does not have to be used for resolving undefined symbols when klp-convert is available. It would be great though to share live patches sources between both modes of operation. Define macros to help with the task. Their definitions depend on whether USE_KLP_CONVERT macro is defined. tar-up.sh script is responsible to decide. - commit e3a42b7 ------------------------------------------------------------------- Wed Feb 6 10:53:44 CET 2019 - mbenes@suse.cz - Use klp-convert where provided klp-convert tool converts undefined symbols in a live patch kernel module to special relocation records which are resolved by the kernel. It allows to omit kallsyms tricks. Wire it to the spec file and let tar-up.sh script decide if it is to be used depending on a codestream. SLE15-SP1 is supported currently. - commit 3efd330 ------------------------------------------------------------------- Tue Dec 11 11:27:23 CET 2018 - mbenes@suse.cz - uname_patch: don't hold uts_sem while accessing userspace memory Backport upstream patch 42a0cc347858 ("sys: don't hold uts_sem while accessing userspace memory"). - commit d4e00de ------------------------------------------------------------------- Tue Oct 2 16:38:19 CEST 2018 - mbenes@suse.cz - scripts/tar-up.sh: Add ppc64le to ExclusiveArch even for SLE12-SP2 - commit 77a8a8b ------------------------------------------------------------------- Wed Aug 8 15:08:00 CEST 2018 - nstange@suse.de - Provide common kallsyms wrapper API With bsc#1103203, the need for disambiguating between a multiply defined symbol arose. This is something the kallsyms_lookup_name() based code snippet we used to copy&paste to every individual CVE fix can't handle. Implement a proper wrapper API for doing the kallsyms lookups. - commit bd113d8 ------------------------------------------------------------------- Wed Aug 8 15:07:59 CEST 2018 - nstange@suse.de - Provide common kallsyms wrapper API With bsc#1103203, the need for disambiguating between a multiply defined symbol arose. This is something the kallsyms_lookup_name() based code snippet we used to copy&paste to every individual CVE fix can't handle. Implement a proper wrapper API for doing the kallsyms lookups. - commit 4aed7d2 ------------------------------------------------------------------- Wed Jul 11 13:55:14 CEST 2018 - nstange@suse.de - provide KGR_SHADOW_ID() helper macro - provide KLP_SHADOW_ID() helper macro In analogy to the KGR_SHADOW_ID() macro, introduce KLP_SHADOW_ID() for the construction of unique shadow variable id's. - commit 7325c49 ------------------------------------------------------------------- Sun Jul 8 13:02:18 CEST 2018 - nstange@suse.de - scripts/register-patches.sh: implement conditional inclusion Currently, subpatches provide a patched_funcs.csv file describing what needs to be patched. register-patches.sh inspects those to assemble one global klp_patch structure. The current format for these patched_funcs.csv's is obj old_func(,sympos) newfun However, sometimes subpatches depend on some kernel configuration values like CONFIG_X86_64 and functions shall get patched only if the target kernel configuration matches. Extends the patched_funcs.csv format to obj old_func(,sympos) newfun (cpp condition) where everything coming after 'newfun' is taken to be a CPP condition to be used for conditional inclusion. In case there's no condition specified, assign that entry the same semantics as if a '1' had been given. Make register-patches.sh guard the corresponding klp_func entries with #if pragmas. Furthermore, let it guard the enclosing klp_object instances by or'ing together all its klp_funcs' conditions. For the sake of better readability, omit redundant #if pragmas as well as condition clauses. In particular, - if a function entry hasn't got any condition explicitly specified, there won't be any #if pragma, neither at the klp_func nor at the klp_object level, - if multiple function entries for an object are protected by the same condition, it'll be or'ed in at the klp_object level only once, - if all of an object's functions share the same condition, no #if pragmas will be emitted at the klp_func level because they would only duplicate what's already there for the enclosing object and - multiple subsequent function entries sharing the same condition get collated. - commit 56f0729 ------------------------------------------------------------------- Sun Jul 8 13:02:17 CEST 2018 - nstange@suse.de - scripts/register-patches.sh: allow spaces as patched_funcs.csv separators Currently there's one single cut(1) usage which requires that (single) tabs are used as field separators for the patched_funcs.csv. As the rest of the code can deal with sequences of any whitespace already, this imposes an unnecessary restriction on the format. Substitute that cut(1) usage by a sed(1) invocation as appropriate. - commit 9852661 ------------------------------------------------------------------- Mon Jun 4 15:20:08 CEST 2018 - mbenes@suse.cz - livepatch_main.c: Set .replace to true - commit 643f04c ------------------------------------------------------------------- Mon May 14 08:30:00 CEST 2018 - nstange@suse.de - scrips/create-makefile.sh: add support for assembly files - commit cf2464a ------------------------------------------------------------------- Mon Mar 5 15:44:31 CET 2018 - nstange@suse.de - shadow variables: allow for dynamic initialization Currently, the only shadow variable initialization scheme exposed by the allocation API is to let klp_shadow_alloc() resp. klp_shadow_get_or_alloc() memcpy some user provided buffer to the freshly allocated shadow variable. This is too limited for shadow structures containing pointers into themselves like list_heads or mutexes. Change the internal __klp_shadow_get_or_alloc() to take a pointer to an initializer functions and call that in place of the memcpy() operation. In order to retain former functionality of klp_shadow_alloc() and klp_shadow_get_or_alloc(), make them pass the new __klp_shadow_memcpy_init() wrapper to __klp_shadow_get_or_alloc(). Finally, introduce the new klp_shadow_alloc_with_init() and klp_shadow_get_or_alloc_with_init() which pass a user provided initializer function pointer onwards to __klp_shadow_get_or_alloc(). - commit 843c6fa ------------------------------------------------------------------- Wed Dec 6 14:40:14 CET 2017 - mbenes@suse.cz - Revert "shadow variables: introduce upstream patch" This reverts commit e899c4fd3fe7602ebd70f578d8475f1049de7c78. - commit a27c66a ------------------------------------------------------------------- Wed Dec 6 14:37:09 CET 2017 - mbenes@suse.cz - Revert "shadow variables: drop EXPORT_SYMBOL()s" This reverts commit ac6cfebd7f831213ebcd4b2690672871572ec49e. - commit 40d0ba6 ------------------------------------------------------------------- Wed Dec 6 14:37:06 CET 2017 - mbenes@suse.cz - Revert "shadow variables: share shadow data among KGraft modules" This reverts commit 8e1e705d4d56981949f7ae3854d8e1cc2be7f40f. - commit d184b38 ------------------------------------------------------------------- Wed Dec 6 14:36:56 CET 2017 - mbenes@suse.cz - Revert "shadow variables: add KGR_SHADOW_ID helper" This reverts commit 237c8f3d13c382321d3e65d138d328eae0b82f6c. - commit 22d6153 ------------------------------------------------------------------- Wed Dec 6 12:18:06 CET 2017 - mbenes@suse.cz - rpm/config.sh: Use SUSE:SLE-15:GA project - commit ff32fc9 ------------------------------------------------------------------- Wed Dec 6 12:14:17 CET 2017 - mbenes@suse.cz - Revert "scripts: Generate ExclusiveArch in spec file dynamically" This reverts commit 95ed856ea8f99b4e48d7d324278b3628d2ac2fa2. SLE15 will support ppc64le arch from the beginning. - commit 92e9bdb ------------------------------------------------------------------- Tue Dec 5 16:42:04 CET 2017 - mbenes@suse.cz - uname_patch: fix UNAME26 for 4.0 Backport upstream commit 39afb5ee4640 ("kernel/sys.c: fix UNAME26 for 4.0"). - commit 5988feb ------------------------------------------------------------------- Mon Dec 4 15:25:24 CET 2017 - mbenes@suse.cz - Revert "Add compat.h to deal with changes of KGR_PATCH macro" This reverts commit 4186bef35862029a2fd36ba4a73d5fa538992709. All currently supported kernels (that is, everything since SLE12_Update_14 and SLE12-SP1_Update_5) have sympos support. We can drop compat, because we don't need it anymore. - commit 11e3220 ------------------------------------------------------------------- Thu Nov 30 15:15:20 CET 2017 - mbenes@suse.cz - scripts: Generate ExclusiveArch in spec file dynamically ppc64le architecture kernel support is not present in all currently supported branches. It may cause problem for the maintenance team. Generate ExclusiveArch dynamically. It should be 'ppc64le x86_64' for SLE12-SP3 and 'x86_64' for the rest. - commit 95ed856 ------------------------------------------------------------------- Thu Nov 16 14:27:46 CET 2017 - mbenes@suse.cz - rpm/kgraft-patch.spec: Add ppc64le as a supported arch ppc64le is about to be supported in Live Patching product. Add it to ExclusiveArch tag. - commit 8437c94 ------------------------------------------------------------------- Thu Nov 16 14:26:35 CET 2017 - mbenes@suse.cz - rpm/kgraft-patch.spec: Remove s390x from supported archs s390x is not supported in Live Patching product. Remove it from ExclusiveArch. - commit f9614f2 ------------------------------------------------------------------- Tue Oct 31 10:34:53 CET 2017 - nstange@suse.de - livepatch_main.c: klp_patch_init(): fix error handling In case either of the invocations of klp_register_patch() or klp_enable_patch() fails, anything which has been setup by the prior per-(sub-)patch initialiation code, i.e. the expansion of @@KLP_PATCHES_INIT_CALLS@@, won't get undone. Fix this. Also make klp_patch_init() look more like the common 'goto err' idiom and adjust scripts/register_patches.sh accordingly. Fix for commit 7e20201cdcb8 ("kGraft to livepatch migration. API change."). - commit 6552b44 ------------------------------------------------------------------- Tue Oct 31 10:34:52 CET 2017 - nstange@suse.de - scripts/register_patches.sh: generate klp_object array The KLP API doesn't take a flat list of to be patched functions like KGraft did, but introduces an intermediate layer: struct klp_object. Each klp_patch instance is supposed to reference an array of klp_object's which in turn provide an array of klp_func's each. To facilitate merging, we want to generate this list of klp_object's automatically, exactly like we did for the flat function list with KGraft. For each klp_patch instance, there must be at most one klp_object entry referring to the same object. Hence care must be taken not to add an entry for the same object twice in case two different (sub-)patches both patch some functions therein. Require from each (sub-)patch to provide the list of to be patched symbols in a file named SUBPATCH/patched_funcs.csv with each line conforming to the obj old_func(,sympos) new_func pattern. Make scripts/register.sh generate an klp_object array initializer based on this and let it expand the @@KLP_PATCHES_OBJS@@ tag within livepatch_main.c accordingly. Do not replace the now obsolete @@KLP_PATCHES_FUNCS@@ anymore. Add and remove the @@KLP_PATCHES_OBJS@@ and @@KLP_PATCHES_FUNCS@@ markers to and from livepatch_main.c respectively. [ mb: amend copy&paste error ($newfun at the end of uname klp_func[]) ] - commit 0fe721b ------------------------------------------------------------------- Thu Oct 26 13:54:06 CEST 2017 - lpechacek@suse.com - kGraft to livepatch migration. External rename. External rename and thus final step of kGraft -> upstream livepatch migration. kgraft-patch* modules are now livepatch* and live in /lib/modules/$(uname -r)/livepatch. References: fate#323682 [ mb: changelog ] - commit f842fd5 ------------------------------------------------------------------- Thu Oct 5 12:12:29 CEST 2017 - nstange@suse.de - shadow variables: add KGR_SHADOW_ID helper As shadow variables are supposed to be shared among different KGraft modules their id's must be compile time constants. Introduce the KGR_SHADOW_ID helper macro for generating them in a uniform manner based on the bsc# number and a local id. - commit 237c8f3 ------------------------------------------------------------------- Thu Oct 5 12:12:28 CEST 2017 - nstange@suse.de - shadow variables: share shadow data among KGraft modules As it stands, each KGraft module maintains its own set of shadow variable management structures and thus, shadow variables are not sharable between livepatch modules. This behaviour is different from the upstream implementation and, as pointed out by Miroslav Benes, it also opens up an opportunity for a small window where the system might become vulnerable again during transition as we stack new livepatches on top. Let all KGraft patches share the shadow data. Sharing is implemented by moving the management structures from a KGraft module's .data to dynamically allocated memory. Each KGraft module will have specifically named pointers, 'kgr_shadow_hash12' and 'kgr_shadow_lock12', referencing them. Upon initialization, a KGraft module will discover already existing such shadow data by kallsyms-searching all loaded modules for these pointer symbols. If none is found, a new instance is allocated. The newly introduced kgr_shadow_init() implementing this is idempotent and can thus be called from the bsc# subpatches' initializers if needed. Upon KGraft module removal, the new kgr_shadow_cleanup() will conduct another kallsyms search and deallocate the shadow data in case there are no more users. kgr_shadow_cleanup() is also idempotent. Initialization and teardown of the common shadow data is serialized with the module_mutex which has to be taken for the kallsyms search anyway. - commit 8e1e705 ------------------------------------------------------------------- Thu Oct 5 12:12:27 CEST 2017 - nstange@suse.de - shadow variables: drop EXPORT_SYMBOL()s The shadow variable API will only ever get used by the KGraft module itself and thus, there's no need for exporting it. Drop all EXPORT_SYMBOL annotations. - commit ac6cfeb ------------------------------------------------------------------- Thu Oct 5 12:12:26 CEST 2017 - nstange@suse.de - shadow variables: introduce upstream patch Joe Lawrence posted the sixth version of his shadow variable patch [1] implementing the association of additional out-of-band data members to existing structure instances from livepatches. Jiri Kosina has applied this to his git://git.kernel.org/pub/scm/linux/kernel/git/jikos/livepatching.git for-4.15/shadow-variables tree and thus, it's queued up and close to getting merged. The plan is to eventually backport this shadow variable support to SLE kernels, but we also want to have it usable from KGraft modules by now. Port the implementation to the kraft-patches module. Namely, - dump shadow.c in it's current upstream state as it is after commits 439e7271dc2b ("livepatch: introduce shadow variable API") 5d9da759f758 ("livepatch: __klp_shadow_get_or_alloc() is local to shadow.c") 19205da6a0da ("livepatch: Small shadow variable documentation fixes") - add a shadow.h header and declare the newly introduced functions there - and incorporate the new files into the KGraft module's build system. [1] 1504211861-19899-2-git-send-email-joe.lawrence@redhat.com ("[PATCH v6] livepatch: introduce shadow variable API") - commit e899c4f ------------------------------------------------------------------- Wed Jul 12 11:14:40 CEST 2017 - lpechacek@suse.com - kGraft to livepatch migration. API change. Change from kGraft API to livepatch API. Note: error handling in _init() function is broken and fixed later. Automatic generation of klp_objects is not present at all. Added later. References: fate#323682 [ mb: changelog, patch split, whitespace errors ] - commit 7e20201 ------------------------------------------------------------------- Wed Jul 12 11:08:57 CEST 2017 - lpechacek@suse.com - kGraft to livepatch migration. Internal rename. Internal rename in preparation for kGraft -> upstream livepatch migration. External module naming stays the same. API is not touched yet. References: fate#323682 [ mb: changelog edit ] - commit 28a04a2 ------------------------------------------------------------------- Tue Jun 13 15:54:27 CEST 2017 - nstange@suse.de - scripts/register-patches.sh: register subpatch sources in rpm spec In order to reduce the manual merging work upon addition of new (sub)patches, commit 4e8dc885be22 ("scripts: create kgr_patch_main.c dynamically") introduced the register-patches.sh helper. It discovers those and tweaks the main entry point, kgr_patch_main.c, as needed. However, a remaining manual merging task is to list a (sub)patch's source archive in rpm/kgraft-patch.spec and to %setup it. Make scripts/register-patches.sh do this. Namely, - introduce the @@KGR_PATCHES_SOURCES@@ and @@KGR_PATCHES_SETUP_SOURCES@@ placeholders in rpm/kgraft-patch.spec - and make scripts/register-patches.sh expand those within a spec file to be given as an additional command line argument. Finally, adjust scripts/tar-up.sh accordingly. - commit 9eafc8a ------------------------------------------------------------------- Tue Jun 13 15:51:42 CEST 2017 - nstange@suse.de - scripts/register-patches.sh: don't add ','s to @@KGR_PATCHES_FUNCS@@ register-patches.sh expands kgr_patch_main.c's @@KGR_PATCHES_FUNCS@@ placeholder by concatenating all available patches' KGR_PATCH__FUNCS together, separating them by commas. The KGR_PATCH__FUNCS are CPP macros supposed to be provided by each patch. If one of these happens to be empty, the preprocessed expansion will contain two consecutive commas which gcc doesn't like in array initializers. Do not add any commas to the @@KGR_PATCHES_FUNCS@@ expansion but require the individual KGR_PATCH__FUNCS macros to already contain trailing ones as needed. Fixes: 4e8dc885be22 ("scripts: create kgr_patch_main.c dynamically") - commit ba41416 ------------------------------------------------------------------- Wed Jun 7 12:05:41 CEST 2017 - nstange@suse.de - scripts: create kgr_patch_main.c dynamically The kgraft-patches repository has got many branches, each corresponding to a supported codestream. Each of those carries a potentially different set of live (sub)patches which are controlled through the entry points in kgr_patch_main.c. According to Miroslav, merging of a new (sub)patch based on the pristine master is a pita due to conflicts. Since all (sub)patches stick to certain conventions already, the required modifications of the merging-hotspot kgr_patch_main.c are quite mechanic. Let a script do the work. Namely, - insert some special @@-embraced placeholders at the few places depending on the actual set of (sub)patches, - let register-patches.sh discover the available (sub)patches by searching for directories - and let register-patches.sh replace those placeholders in kgr_patch_main.c Finally, add a register-patches.sh invocation to tar-up.sh. This procedure requires that a SUBPATCH located in directory SUBPATCH/ adheres to the following conventions: - It must provide a provide a SUBPATCH/kgr_patch_SUBPATCH.h header. - This header must provide declarations for kgr_patch_SUBPATCH_init() and kgr_patch_SUBPATCH_cleanup(). - This header must also #define a KGR_PATCH_SUBPATCH_FUNCS macro. It should expand to a comma separated list of KGR_PATCH*() entries, each corresponding to a function the subpatch wants to replace. [mbenes: fixed typos, empty line removed] - commit 4e8dc88 ------------------------------------------------------------------- Mon Apr 24 16:00:54 CEST 2017 - mbenes@suse.cz - Replace $(PWD) with $(CURDIR) in Makefile CURDIR is an internal variable of make and more suitable. - commit 03bf1d5 ------------------------------------------------------------------- Wed Apr 19 14:02:27 CEST 2017 - mbenes@suse.cz - Create Makefile automatically Introduce scripts/create-makefile.sh script to automatically create a makefile. The scripts is called from tar-up.sh or could be called manually. - commit 1af6c29 ------------------------------------------------------------------- Mon Oct 24 13:26:09 CEST 2016 - mbenes@suse.cz - Better to use SUSE:SLE-12:Update than Devel:kGraft:SLE12 project - commit bdc7598 ------------------------------------------------------------------- Tue May 10 15:43:59 CEST 2016 - mbenes@suse.cz - Add compat.h to deal with changes of KGR_PATCH macro Sympos patch set for kGraft redefined KGR_PATCH macro and added two new ones. Add new compat.h which contains macro magic so that all kGraft patches would work on both old and new kernels with the patch set merged. - commit 4186bef ------------------------------------------------------------------- Fri May 6 17:01:17 CEST 2016 - mbenes@suse.cz - Fix the number of parameters of KGR_PATCH macro New kernels contain kGraft's sympos patch set which changed number of paramaters of KGR_PATCH macro and introduced new macros. Fix it in master so it will be ok for new branches. - commit 78cf676 ------------------------------------------------------------------- Tue Sep 1 13:00:23 CEST 2015 - mmarek@suse.com - Include the RPM version number in the module name - commit 8fa02c6 ------------------------------------------------------------------- Wed Aug 26 11:29:44 CEST 2015 - mbenes@suse.cz - Remove forgotten debug option in the Makefile - commit 9c24ab8 ------------------------------------------------------------------- Mon Aug 17 13:42:04 CEST 2015 - mbenes@suse.cz - Add license and copyright notices - commit d42d3aa ------------------------------------------------------------------- Wed Jul 15 15:58:35 CEST 2015 - mbenes@suse.cz - Remove immediate flag Fake signal was merged to kGraft and immediate feature removed. Remove it in kGraft patches from now on too. - commit c767ad2 ------------------------------------------------------------------- Wed May 20 16:32:17 CEST 2015 - mbenes@suse.cz - Set immediate flag to false Using immediate set to true can lead to BUGs and oopses when downgrading, reverting or applying replace_all patches. There is no way how to find out if there is a process in the old code which is being removed. The module would be put, removed and the process will crash. The consistency model guarantees that there is no one in the old code when the finalization ends. Thus use it for all case to be safe. - commit 830e1a3 ------------------------------------------------------------------- Tue May 12 15:48:07 CEST 2015 - mbenes@suse.cz - Fix description in rpm spec file Spec file description mentions initial kGraft patch which is only true for real initial patch. Make it more neutral. References: bsc#930408 - commit a55e023 ------------------------------------------------------------------- Wed Apr 1 15:36:24 CEST 2015 - mbenes@suse.cz - Generate archives names automatically in tar-up.sh - commit 1f34f18 ------------------------------------------------------------------- Wed Apr 1 13:39:26 CEST 2015 - mbenes@suse.cz - Automatically generate .changes file from git log Also add comments to tar-up.sh script to distinguish between sections. - commit 212a7ae ------------------------------------------------------------------- Thu Mar 26 14:24:21 CET 2015 - mmarek@suse.cz - Revert "Require exact kernel version in the patch" This needs to be done differently, so that modprobe --force works as expected. References: bnc#920615 This reverts commit c62c11aecd4e3f8822e1b835fea403acc3148c5a. - commit bc88dd7 ------------------------------------------------------------------- Wed Mar 25 13:10:24 CET 2015 - mmarek@suse.cz - Require exact kernel version in the patch References: bnc#920615 - commit c62c11a ------------------------------------------------------------------- Tue Mar 24 12:15:41 CET 2015 - mmarek@suse.cz - Add the git commit and branch to the package description References: bnc#920633 - commit 1ff4e48 ------------------------------------------------------------------- Wed Nov 26 10:09:14 CET 2014 - mbenes@suse.cz - Set immediate flag for the initial patch Setting immediate to true will simplify installation of the initial patch and possibly also of the further updates. References: bnc#907150 - commit 391b810 ------------------------------------------------------------------- Tue Nov 25 16:26:40 CET 2014 - mbenes@suse.cz - Add .replace_all set to true Add .replace_all flag set to true even to the initial patch. Thus we will not forget to add that later. Also .immediate is there as a comment. - commit 933e15e ------------------------------------------------------------------- Mon Nov 24 15:02:33 CET 2014 - mmarek@suse.cz - Drop the hardcoded kernel release string The updated kgraft-devel macros set this during build time, so we do not need to know the kernel release string beforehand. As a name suffix for the source packages, let's use SLE12_Test in the master branch and SLE12_Update_ in the update branches. - commit 65f7a25 ------------------------------------------------------------------- Fri Nov 21 15:48:48 CET 2014 - mmarek@suse.cz - Check that we are building against the set kernel version - commit 689e44a ------------------------------------------------------------------- Wed Nov 12 04:11:14 CET 2014 - mmarek@suse.cz - Mark the module as supported References: bnc#904970 - commit 6249314 ------------------------------------------------------------------- Tue Nov 11 17:11:28 CET 2014 - mmarek@suse.cz - Build the test packages against Devel:kGraft:SLE12 - commit c952fbb ------------------------------------------------------------------- Thu Nov 6 13:55:43 CET 2014 - mbenes@suse.cz - Add top git commit hash to uname -v Add top git commit hash to version part of uname. This makes the identification of current patch level easy (even in crash: p kgr_tag). References: fate#317769 - commit 54c9595 ------------------------------------------------------------------- Tue Nov 4 16:23:50 CET 2014 - mbenes@suse.cz - Replace @@RELEASE@@ in kgr_patch->name with @@RPMRELEASE@@ We need to replace @@RELEASE@@ in kgr_patch->name with @@RPMRELEASE@@ due to sysfs tree. @@RELEASE@@ changes with each new version of package. - commit 51fd9dd ------------------------------------------------------------------- Mon Nov 3 17:27:24 CET 2014 - mmarek@suse.cz - Add a source-timestamp file with the git commit hash and branch This is required by the bs-upload-kernel script to upload packages to the BS. It can also be used by the specfile in the future. - commit feab4f1 ------------------------------------------------------------------- Mon Nov 3 16:56:31 CET 2014 - mbenes@suse.cz - Initial commit - commit 600de9d ------------------------------------------------------------------- Mon Nov 3 14:59:46 CET 2014 - mmarek@suse.cz - Add config.sh script This tells the automatic builder which IBS project to use. - commit aa7f1cb