------------------------------------------------------------------- Fri May 20 08:55:56 CEST 2022 - nstange@suse.de - Bump up the version number in spec file - commit 5ece25e ------------------------------------------------------------------- Thu May 12 09:02:14 CEST 2022 - nstange@suse.de - Fix for CVE-2022-1280 ("concurrency uaf between drm_setmaster_ioctl and drm_mode_getresources") Live patch for CVE-2022-1280. Upstream commits - 869e76f7a918 ("drm: avoid circular locks in drm_mode_getconnector"), - 5eff9585de22 ("drm: avoid blocking in drm_clients_info's rcu section"), - 1f7ef07cfa14 ("drm: add a locked version of drm_is_current_master"), - 0b0860a3cf5e ("drm: serialize drm_file.master with a new spinlock"), - 56f0729a510f ("drm: protect drm_master pointers in drm_lease.c") and - 28be2405fb75 ("drm: use the lookup lock in drm_is_current_master"). KLP: CVE-2022-1280 References: bsc#1198590 CVE-2022-1280 - commit 7faa039 ------------------------------------------------------------------- Fri May 6 09:08:07 CEST 2022 - nstange@suse.de - Bump up the version number in spec file - commit 33f110b ------------------------------------------------------------------- Fri Apr 29 15:37:37 CEST 2022 - nstange@suse.de - Fix for CVE-2022-1158 ("cmpxchg_gpte mishandles VM_IO|VM_PFNMAP page") Live patch for CVE-2022-1158. Upstream commit 2a8859f373b0 ("KVM: x86/mmu: do compare-and-exchange of gPTE via the user address"). KLP: CVE-2022-1158 References: bsc#1198133 CVE-2022-1158 - commit 9b2bb9b ------------------------------------------------------------------- Wed Apr 27 10:27:11 CEST 2022 - nstange@suse.de - Fix for CVE-2022-0330 ("Security sensitive bug in the i915 kernel driver") Live patch for CVE-2022-0330. Upstream commit 7938d61591d3 ("drm/i915: Flush TLBs before releasing backing store"). KLP: CVE-2022-0330 References: bsc#1195950 CVE-2022-0330 - commit 95a0aab ------------------------------------------------------------------- Fri Apr 22 08:55:43 CEST 2022 - nstange@suse.de - Bump up the version number in spec file - commit e968574 ------------------------------------------------------------------- Tue Apr 19 10:07:22 CEST 2022 - nstange@suse.de - Fix for CVE-2022-1016 ("uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM") Live patch for CVE-2022-1016. Upstream commit 4c905f6740a3 ("netfilter: nf_tables: initialize registers in nft_do_chain()"). KLP: CVE-2022-1016 References: bsc#1197335 CVE-2022-1016 - commit 6b05cd5 ------------------------------------------------------------------- Mon Apr 18 20:41:38 CEST 2022 - mpdesouza@suse.com - Fix for CVE-2022-1055 ("use-after-free in tc_new_tfilter") Live patch for CVE-2022-1055. Upstream commit 04c2a47ffb13 ("net: sched: fix use-after-free in tc_new_tfilter()"). KLP: CVE-2022-1055 References: bsc#1197705 CVE-2022-1055 - commit 4df5eae ------------------------------------------------------------------- Wed Apr 13 12:19:54 CEST 2022 - nstange@suse.de - Fix for CVE-2022-1011 ("FUSE allows UAF reads of write() buffers, allowing theft of (partial) /etc/shadow hashes") Live patch for CVE-2022-1011. Upstream commit 0c4bcfdecb1a ("fuse: fix pipe buffer lifetime for direct_io"). KLP: CVE-2022-1011 References: bsc#1197344 CVE-2022-1011 - commit bd11476 ------------------------------------------------------------------- Fri Apr 8 09:18:16 CEST 2022 - nstange@suse.de - Bump up the version number in spec file - commit e650d65 ------------------------------------------------------------------- Fri Apr 1 06:36:26 CEST 2022 - mpdesouza@suse.com - Fix for CVE-2022-0886 ("buffer overflow in IPsec ESP transformation code") Live patch for CVE-2022-0886. Upstream commit ebe48d368e97 ("esp: Fix possible buffer overflow in ESP transformation"). KLP: CVE-2022-0886 References: bsc#1197133 CVE-2022-0886 - commit 0fc032a ------------------------------------------------------------------- Tue Mar 29 14:15:44 CEST 2022 - nstange@suse.de - Fix for CVE-2021-39698 ("use-after-free due to missing POLLFREE handling in aio") Live patch for CVE-2021-39698. Upstream commits - 42288cb44c4b ("wait: add wake_up_pollfree()"), - a880b28a71e3 ("binder: use wake_up_pollfree()"), - 9537bae0da1f ("signalfd: use wake_up_pollfree()"), - 363bee27e258 ("aio: keep poll requests on waitqueue until completed"), - 50252e4b5e98 ("aio: fix use-after-free due to missing POLLFREE handling") and - 791f3465c4af ("io_uring: fix UAF due to missing POLLFREE handling"). KLP: CVE-2021-39698 References: bsc#1196959 CVE-2021-39698 - commit ca892e6 ------------------------------------------------------------------- Mon Mar 28 17:00:51 CEST 2022 - mpdesouza@suse.com - Fix for CVE-2022-22942 ("Vulnerability in the vmwgfx driver") Live patch for CVE-2022-22942. Upstream commit a0f90c881570 ("drm/vmwgfx: Fix stale file descriptors on failed usercopy"). KLP: CVE-2022-22942 References: bsc#1195951 CVE-2022-22942 - commit c122483 ------------------------------------------------------------------- Fri Mar 25 07:20:43 CET 2022 - nstange@suse.de - Bump up the version number in spec file - commit 7b74769 ------------------------------------------------------------------- Fri Mar 4 16:02:56 CET 2022 - mpdesouza@suse.com - Fix for CVE-2022-0492 ("cgroups v1 release_agent missing capabilities check") Live patch for CVE-2022-0492. Upstream commit 24f600856418 ("cgroup-v1: Require capabilities to set release_agent"). KLP: CVE-2022-0492 References: bsc#1195908 CVE-2022-0492 - commit 0aa76c4 ------------------------------------------------------------------- Fri Feb 25 13:52:52 CET 2022 - nstange@suse.de - Fix for CVE-2022-0487 ("A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove") Live patch for CVE-2022-0487. Upstream commit 42933c8aa14b ("memstick: rtsx_usb_ms: fix UAF"). KLP: CVE-2022-0487 References: bsc#1195949 CVE-2022-0487 - commit ab054d4 ------------------------------------------------------------------- Thu Feb 24 13:33:17 CET 2022 - nstange@suse.de - Bump up the version number in spec file - commit f918af4 ------------------------------------------------------------------- Thu Feb 17 13:03:51 CET 2022 - nstange@suse.de - Fix for CVE-2022-0516 ("KVM: s390: missing check in ioctl allows kernel memory read/write") Live patch for CVE-2022-0516. Upstream commit 2c212e1baedc ("KVM: s390: Return error on SIDA memop on normal guest"). KLP: CVE-2022-0516 References: bsc#1195947 CVE-2022-0516 - commit c040a44 ------------------------------------------------------------------- Tue Feb 15 14:27:01 CET 2022 - mpdesouza@suse.com - Fix for CVE-2021-0920 ("Use After Free in unix_gc() which could result in a local privilege escalation") Live patch for CVE-2021-0920. Upstream commit cbcf01128d0a ("af_unix: fix garbage collect vs MSG_PEEK"). KLP: CVE-2021-0920 References: bsc#1194463 CVE-2021-0920 - commit 4511cec ------------------------------------------------------------------- Fri Feb 11 20:58:00 CET 2022 - mpdesouza@suse.com - Fix for CVE-2021-22600 ("A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service") Live patch for CVE-2021-22600. Upstream commit ec6af094ea28 ("net/packet: rx_owner_map depends on pg_vec"). KLP: CVE-2021-22600 References: bsc#1195307 CVE-2021-22600 - commit 44af5c3 ------------------------------------------------------------------- Thu Feb 10 14:54:18 CET 2022 - nstange@suse.de - Bump up the version number in spec file - commit e982a87 ------------------------------------------------------------------- Fri Feb 4 16:31:58 CET 2022 - nstange@suse.de - Fix for CVE-2021-4202 ("Race condition in nci_request() leads to use after free while the device is getting removed") Live patch for CVE-2021-4202. Upstream commits - 86cdf8e38792 ("NFC: reorganize the functions in nci_request"), - 48b71a9e66c2 ("NFC: add NCI_UNREG flag to eliminate the race") and - 3e3b5dfcd16a ("NFC: reorder the logic in nfc_{un,}register_device"). KLP: CVE-2021-4202 References: bsc#1194533 CVE-2021-4202 - commit 4cc65f0 ------------------------------------------------------------------- Thu Feb 3 15:04:13 CET 2022 - nstange@suse.de - Fix for CVE-2022-0435 ("tipc: Remote Stack Overflow in Linux Kernel") Live patch for CVE-2022-0435. No upstream commit yet. KLP: CVE-2022-0435 References: bsc#1195308 CVE-2022-0435 - commit 3f2aa35 ------------------------------------------------------------------- Wed Feb 2 05:03:08 CET 2022 - mpdesouza@suse.com - Fix for CVE-2021-4083 ("fget: check that the fd still exists after getting a ref to it") Live patch for CVE-2021-4083. Upstream commits 054aa8d439b9 ("fget: check that the fd still exists after getting a ref to it") and e386dfc56f83 ("fget: clarify and improve __fget_files() implementation"). KLP: CVE-2021-4083 References: bsc#1194460 CVE-2021-4083 - commit 1172f17 ------------------------------------------------------------------- Thu Jan 27 09:20:54 CET 2022 - nstange@suse.de - Bump up the version number in spec file - commit 1a84a48 ------------------------------------------------------------------- Thu Jan 20 15:02:22 CET 2022 - nstange@suse.de - Fix for CVE-2022-0185 ("overflow bug in legacy_parse_param") Live patch for CVE-2022-0185. Upstream commit 722d94847de2 ("vfs: fs_context: fix up param length parsing in legacy_parse_param"). KLP: CVE-2022-0185 References: bsc#1194737 CVE-2022-0185 - commit 3ee19de ------------------------------------------------------------------- Thu Jan 20 13:05:41 CET 2022 - nstange@suse.de - Fix for CVE-2021-4154 ("security issue in cgroups") Live patch for CVE-2021-4154. Upstream commit 3b0462726e7e ("cgroup: verify that source is a string"). KLP: CVE-2021-4154 References: bsc#1194461 CVE-2021-4154 - commit d77466f ------------------------------------------------------------------- Tue Jan 18 13:05:14 CET 2022 - nstange@suse.de - Fix for CVE-2020-3702 ("ath9k patches to stable") Live patch for CVE-2020-3702. Upstream commits - 56c5485c9e44 ("ath: Use safer key clearing with key cache entries"), - 73488cb2fa3b ("ath9k: Clear key cache explicitly on disabling hardware"), - d2d3e36498dd ("ath: Export ath_hw_keysetmac()"), - 144cd24dbc36 ("ath: Modify ath_key_delete() to not need full key entry"), - ca2848022c12 ("ath9k: Postpone key cache entry deletion for TXQ frames reference it"). KLP: CVE-2020-3702 References: bsc#1191529 CVE-2020-3702 - commit 5aa1686 ------------------------------------------------------------------- Thu Dec 9 12:41:56 CET 2021 - nstange@suse.de - Bump up the version number in spec file - commit e3509e0 ------------------------------------------------------------------- Tue Dec 7 14:08:52 CET 2021 - mpdesouza@suse.com - Fix for CVE-2021-42739 ("media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt()") Live patch for CVE-2021-42739. Upstream commit 35d2969ea3c7 ("media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt()"). KLP: CVE-2021-42739 References: bsc#1192036 CVE-2021-42739 - commit 1dbc248 ------------------------------------------------------------------- Fri Nov 26 17:05:27 CET 2021 - nstange@suse.de - Fix for CVE-2021-20322 ("new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies") Live patch for CVE-2021-20322. Upstream commits - 6457378fe796 ("ipv4: use siphash instead of Jenkins in fnhe_hashfun()"), - 67d6d681e15b ("ipv4: make exception cache less predictible"), - 4785305c05b2 ("ipv6: use siphash in rt6_exception_hash()") and - a00df2caffed ("ipv6: make exception cache less predictible"). KLP: CVE-2021-20322 References: bsc#1191813 CVE-2021-20322 - commit b1d6d5c ------------------------------------------------------------------- Thu Nov 11 13:35:47 CET 2021 - nstange@suse.de - Bump up the version number in spec file - commit c57b5bf ------------------------------------------------------------------- Tue Oct 12 15:43:24 CEST 2021 - nstange@suse.de - Fix for CVE-2021-41864 ("eBPF multiplication integer overflow in prealloc_elems_and_freelist()") Live patch for CVE-2021-41864. Upstream commit 30e29a9a2bc6 ("bpf: Fix integer overflow in prealloc_elems_and_freelist()"). KLP: CVE-2021-41864 References: bsc#1191318 CVE-2021-41864 - commit 1162ab7 ------------------------------------------------------------------- Fri Oct 8 02:51:45 CEST 2021 - nstange@suse.de - Bump up the version number in spec file - commit 6b1de90 ------------------------------------------------------------------- Wed Sep 15 12:21:30 CEST 2021 - nstange@suse.de - Fix for CVE-2021-38160 ("data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c") Live patch for CVE-2021-38160. Upstream commit d00d8da5869a ("virtio_console: Assure used length from device is limited"). KLP: CVE-2021-38160 References: bsc#1190118 CVE-2021-38160 - commit c78617a ------------------------------------------------------------------- Tue Sep 14 11:02:53 CEST 2021 - nstange@suse.de - Fix for CVE-2021-3640 ("Use-After-Free vulnerability in function sco_sock_sendmsg()") Live patch for CVE-2021-3640. Upstream commits - ba316be1b6a0 ("Bluetooth: schedule SCO timeouts with delayed_work") - 734bc5ff7831 ("Bluetooth: avoid circular locks in sco_sock_connect") - 27c24fda62b6 ("Bluetooth: switch to lock_sock in SCO") - 99c23da0eed4 ("Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()") KLP: CVE-2021-3640 References: bsc#1188613 CVE-2021-3640 - commit 730e7a6 ------------------------------------------------------------------- Mon Sep 13 15:01:05 CEST 2021 - nstange@suse.de - Fix for CVE-2021-3573 ("Use-After-Free vulnerability in function hci_sock_bound_ioctl()") Live patch for CVE-2021-3573. Upstream commit e04480920d1e ("Bluetooth: defer cleanup of resources in hci_unregister_dev()"). KLP: CVE-2021-3573 References: bsc#1187054 CVE-2021-3573 - commit c82cf7b ------------------------------------------------------------------- Fri Sep 10 07:20:30 CEST 2021 - nstange@suse.de - Bump up the version number in spec file - commit 9a6d231 ------------------------------------------------------------------- Fri Aug 27 13:13:36 CEST 2021 - nstange@suse.de - Fix for CVE-2021-3653 ("kvm: missing validation of the `int_ctl` VMCB field and allows a malicious L1 guest to enable AVIC support for the L2 guest") Live patch for CVE-2021-3653. Upstream commit 0f923e07124d ("KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653)"). KLP: CVE-2021-3653 References: bsc#1189420 CVE-2021-3653 - commit ce1ae9f ------------------------------------------------------------------- Fri Aug 20 14:58:11 CEST 2021 - nstange@suse.de - Fix for CVE-2021-3656 ("missing validation of the the `virt_ext` VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest") Live patch for CVE-2021-3656. Upstream commit c7dfa4009965 ("KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656)"). KLP: CVE-2021-3656 References: bsc#1189418 CVE-2021-3656 - commit 65bcb03 ------------------------------------------------------------------- Tue Aug 17 10:44:51 CEST 2021 - nstange@suse.de - Fix for CVE-2021-38198 ("arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access permissions of a shadow page") Live patch for CVE-2021-38198. Upstream commit b1bd5cba3306 ("KVM: X86: MMU: Use the correct inherited permissions to get shadow page"). KLP: CVE-2021-38198 References: bsc#1189278 CVE-2021-38198 - commit 93b6b4a ------------------------------------------------------------------- Mon Aug 9 16:30:27 CEST 2021 - nstange@suse.de - Bump up the version number in spec file - commit 3686396 ------------------------------------------------------------------- Thu Aug 5 16:50:11 CEST 2021 - nstange@suse.de - scripts/register-patches.sh: fix issue with per-klp_object #if-guards scripts/register-patches.sh is supposed to #if-guard each constructed klp_object instance by the logical or of the individual functions' associated conditions as specified in the corresponding patched_funcs.csv entries. If only one such function entry doesn't have a condition associated with it, the compound logical || would always evaluate to true though and thus, register-patches.sh should skip the per-klp_object #if-guard alltogether in this case. To this end, the inner loop iterating over the function entries resets the array o_conds of unique conditions seen for the current object and breaks out upon encountering an unconditional patch entry, i.e. one w/o an empty condition field. The problem is that the break from the inner loop has no effect on the outer loop over the different patched_funcs.csv's and thus, the emptied o_conds array can get populated again in the course of processing a later patched_funcs.csv. Later code would then find the non-empty o_conds and guard the currently constructed klp_object by oring its individual entries together rather than omitting the #if-guard as a whole as it should. Fix this by introducing the boolean variable "any_unconds", flip it to true upon encountering an unconditional function entry and force the o_conds array to empty if any_unconds is found to be set once the outer loop has completed. - commit dae55a1 ------------------------------------------------------------------- Fri Jul 30 15:07:13 CEST 2021 - nstange@suse.de - Fix for CVE-2021-22543 ("/dev/kvm LPE") Live patch for CVE-2021-22543. Upstream commits - bd2fae8da794 ("KVM: do not assume PTE is writable after follow_pfn") - a9545779ee9e ("KVM: Use kvm_pfn_t for local PFN variable in hva_to_pfn_remapped()") - f8be156be163 ("KVM: do not allow mapping valid but non-reference-counted pages") KLP: CVE-2021-22543 References: bsc#1186483 CVE-2021-22543 - commit dfbdd7b ------------------------------------------------------------------- Fri Jul 30 11:55:07 CEST 2021 - nstange@suse.de - Fix for CVE-2021-37576 ("powerpc: KVM guest OS users can cause host OS memory corruption") Live patch for CVE-2021-37576. Upstream commit f62f3c20647e ("KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow"). KLP: CVE-2021-37576 References: bsc#1188842 CVE-2021-37576 - commit 3d10b8f ------------------------------------------------------------------- Thu Jul 22 08:46:29 CEST 2021 - nstange@suse.de - Bump up the version number in spec file - commit f456bf3 ------------------------------------------------------------------- Tue Jul 20 13:33:47 CEST 2021 - nstange@suse.de - Fix for CVE-2021-3609 ("net/can: race condition in net/can/bcm.c leads to local privilege escalation") Live patch for CVE-2021-3609. Upstream commit d5f9023fa61e ("can: bcm: delay release of struct bcm_op after synchronize_rcu()"). KLP: CVE-2021-3609 References: bsc#1188323 CVE-2021-3609 - commit 4cee7c3 ------------------------------------------------------------------- Fri Jul 16 09:51:47 CEST 2021 - nstange@suse.de - Fix for CVE-2021-33909 ("size_t-to-int vulnerability in Linux's filesystem layer") Live patch for CVE-2021-33909. No upstream commit yet. KLP: CVE-2021-33909 References: bsc#1188257 CVE-2021-33909 - commit f87a220 ------------------------------------------------------------------- Thu Jul 15 12:19:40 CEST 2021 - nstange@suse.de - Fix for CVE-2021-22555 ("out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c") Live patch for CVE-2021-22555. Upstream commit b29c457a6511 ("netfilter: x_tables: fix compat match/target pad out-of-bound write"). KLP: CVE-2021-22555 References: bsc#1188117 CVE-2021-22555 - commit 280f6c6 ------------------------------------------------------------------- Wed Jul 7 14:09:25 CEST 2021 - mbenes@suse.cz - Update IBS_PROJECT to correct maintenance incident after initial submission - commit 9aec925 ------------------------------------------------------------------- Thu Jul 1 10:22:10 CEST 2021 - nstange@suse.de - New branch for SLE15-SP2_Update_16 - commit 1152471 ------------------------------------------------------------------- Wed Jan 13 11:41:32 CET 2021 - nstange@suse.de - klp_syscalls.h: fix syscall prototype mismatch on s390x for kernels >= 4.17 The __SYSCALL_DEFINEx(x, name, ...) macro as defined in arch/s390/include/asm/syscall_wrapper.h declares two protoypes for a given syscall: __s390x_sys##name() and __se_sys##name(). The former symbol is made to be an alias to the latter and the function arguments are of the "real" type as specified in the macro invocation whereas the latter's argument types are transformed into longs. Currently the KLP_SYSCALL_SYM() helper macro from our klp_syscalls.h evaluates to the __s390x_sys##name() variant, but its expansion result is intended to be used with KLP_SYSCALL_DECLx(), which does the transformation of the arguments' types to longs. This results in compilation errors due to the syscall prototype declaration from KLP_SYSCALL_DECLx() confliciting with the one from __SYSCALL_DEFINEx(), if visible. The current behaviour of KLP_SYSCALL_DECLx() should be retained in order to keep it working for the compatibility stubs, i.e. with KLP_SYSCALL_COMPAT_STUB_SYM(). So fix the issue by making KLP_SYSCALL_SYM() to evaluate to the __se_sys##name() variant on 390x for kernel versions >= 4.17. - commit 862bd77 ------------------------------------------------------------------- Tue Jan 12 13:38:00 CET 2021 - nstange@suse.de - scripts/register-patches.sh: stringify klp_funcs' ->old_name In order to enable the use of e.g. KLP_SYSCALL_SYM() for the to be livepatched function's name in patched_funcs.csv, make register-patches.sh wrap the emitted klp_funcs' ->old_name initialization values with __stringify() rather than writing string tokens directly. - commit f54c4d6 ------------------------------------------------------------------- Tue May 19 15:01:34 CEST 2020 - mbenes@suse.cz - scripts: Disable use of klp-convert klp-convert tool was introduced to improve a situation with unexported symbols while preparing live patches. However, it is still not stable enough and upstream still needs to decide the purpose of the tool. Given that it is used only for uname patch and only on SLE15-SP1 it is better to just disable it for now. At the same, leave the infrastructure in place, because we might use it in the future. - commit 3397b3e ------------------------------------------------------------------- Wed Apr 8 10:14:20 CEST 2020 - nstange@suse.de - scripts: enable s390x for SLE12-SP4 The initial live patch shall be built on s390x for future SLE12-SP4 kernel releases. Make tar-up.sh add s390x to ExclusiveArch from the (not yet existing) SLE12-SP4_Update_13 onwards. - commit f49a99e ------------------------------------------------------------------- Mon Mar 30 11:59:20 CEST 2020 - nstange@suse.de - scripts: enable s390x for SLE15-SP2 - commit 933574a ------------------------------------------------------------------- Wed Mar 25 10:45:50 CET 2020 - nstange@suse.de - scripts: Generate ExclusiveArch in spec file dynamically s390x support is slowly being introduced for newly created master-livepatch based branches. In order to avoid problems with existing branches for e.g. the maintenance team, don't add s390x to the hard-coded list of ExclusiveArchs, but let tar-up.sh enable it dynamically depending on the codestream in question. For now, s390x builds will be enabled on SLE12-SP5, beginning with SLE12-SP5_Update_3 onwards. - commit 27b683d ------------------------------------------------------------------- Mon Dec 2 13:49:24 CET 2019 - mbenes@suse.cz - Revert "shadow variables: allow for dynamic initialization" This reverts commit 843c6fa42429afc1682cdb39119e7a011af2abc9. - commit 23d37c8 ------------------------------------------------------------------- Mon Dec 2 13:40:37 CET 2019 - mbenes@suse.cz - Revert "shadow variables: introduce upstream patch" This reverts commit e899c4fd3fe7602ebd70f578d8475f1049de7c78. - commit c1be24c ------------------------------------------------------------------- Mon Dec 2 13:38:18 CET 2019 - mbenes@suse.cz - Revert "shadow variables: drop EXPORT_SYMBOL()s" This reverts commit ac6cfebd7f831213ebcd4b2690672871572ec49e. - commit 5771a4b ------------------------------------------------------------------- Mon Dec 2 13:38:04 CET 2019 - mbenes@suse.cz - Revert "shadow variables: share shadow data among KGraft modules" This reverts commit 8e1e705d4d56981949f7ae3854d8e1cc2be7f40f. - commit 1c87412 ------------------------------------------------------------------- Mon Dec 2 13:37:30 CET 2019 - mbenes@suse.cz - Revert "shadow variables: add KGR_SHADOW_ID helper" This reverts commit 237c8f3d13c382321d3e65d138d328eae0b82f6c. - commit 41936fd ------------------------------------------------------------------- Sat Sep 7 18:53:16 CEST 2019 - nstange@suse.de - uname_patch: convert to the syscall stub wrapper macros from klp_syscalls.h In order to make the live patch to the newuname() syscall work on kernels >= 4.17 again, convert it to the KLP_SYSCALL_*() wrapper macros provided by klp_syscalls.h. References: bsc#1149841 - commit b5af38e ------------------------------------------------------------------- Sat Sep 7 18:53:15 CEST 2019 - nstange@suse.de - Provide wrapper macros for syscall naming Live patching syscall stubs is a common task, for example any live patch package modifies the newuname syscall. For the actual definitions of the live patched syscall stubs, the __SYSCALL_DEFINEx() name can always be (and often has been) used like e.g. __SYSCALL_DEFINEx(3, _klp_timer_create, const clockid_t, which_clock, struct sigevent __user *, timer_event_spec, timer_t __user *, created_timer_id) { /* New implementation */ } Up to kernel 4.16, this used to define a function named "SyS_klp_timer_create" which could then be used to live patch the "SyS_timer_create". However, beginning with kernel version 4.17, resp. upstream commits - fa697140f9a2 ("syscalls/x86: Use 'struct pt_regs' based syscall calling convention for 64-bit syscalls") - e145242ea0df ("syscalls/core, syscalls/x86: Clean up syscall stub naming convention") - d5a00528b58c ("syscalls/core, syscalls/x86: Rename struct pt_regs-based sys_*() to __x64_sys_*()"), things became more complex: - The naming of the resulting stubs now varies across architecture. - Some architectures (x86_64, s390x) instantiate an additional compat stub for syscalls sharing a common implementation between 32 and 64 bits. (The 32 bit entry code used to convert from the 32 bit ABI to 64 bit and simply call the 64 bit syscall stub afterwards. That's handled by the new 32 bit stubs now.) - The stubs' signatures have changed: each argument used to get mapped to either long or long long, but on x86_64, the stubs are now receiving a single struct pt_regs only -- it's their responsibility to extract the arguments as appropriate. In order to not require each and every live patch touching syscalls to include an insane amount of ifdeffery, provide a set of #defines hiding it: 1.) KLP_SYSCALL_SYM(name) expands to the syscall stub name for 64 bits as defined by _SYSCALL_DEFINEx(x, _name, ...). 2.) If the architeture requires 32bit specific stubs for syscalls sharing a common implementation between 32 and 64bits, the KLP_ARCH_HAS_SYSCALL_COMPAT_STUBS macro is defined. 3.) If KLP_ARCH_HAS_SYSCALL_COMPAT_STUBS is defined, then KLP_SYSCALL_COMPAT_STUB_SYM(name) expands to the syscall stub name for 32 bits as defined by _SYSCALL_DEFINEx(x, _name, ...). 4.) For syscalls not sharing a common implementation between 32 and 64 bits, i.e. those defined by COMPAT_SYSCALL_DEFINEx(), the macro KLP_COMPAT_SYSCALL_SYM(name) expands to the stub name defined as defined by COMPAT_SYSCALL_DEFINEx(x, _name, ...). 5.) Finally, for hiding differences between the signatures, provide the macro KLP_SYSCALL_DECLx(x, sym, ...) which expands to a declaration of sym, with the x arguments either mapped to long resp. long long each, or collapsed to a single struct pt_regs argument as appropriate for the architecture. Note that these macros are defined as appropriate on kernels before and after 4.17, so that live patch code can be shared. References: bsc#1149841 - commit da7b9a5 ------------------------------------------------------------------- Sat Aug 24 19:06:03 CEST 2019 - nstange@suse.de - scripts/create-makefile.sh: add -I flag for toplevel directory to ccflags-y Since upstream commit 58156ba4468f ("kbuild: skip 'addtree' and 'flags' magic for external module build") Kbuild won't add an -I flag for an external module's toplevel source directory to the compilation flags anymore. This results in compilation errors like the following: uname_patch/livepatch_uname.c:36:10: fatal error: klp_convert.h: No such file or directory #include "klp_convert.h" ^~~~~~~~~~~~~~~ Fix this by appending '-I$(obj)' to ccflags-y within the Makefile created by scripts/create-makefile.sh. Note that "$(obj)" is set to the current source directory before the Makefile is sourced by Kbuild. - commit b30a48e ------------------------------------------------------------------- Thu Mar 7 15:23:42 CET 2019 - mbenes@suse.cz - livepatch_main.c: Adaptation to a new livepatch API The atomic replace patch set among others removed the two-stage API. There is no (un)registration step needed now. SLES backport defines KLP_NOREG_API macro to easily distinguish whether the kernel provides the old or the new API. Use it and change the module init and exit functions accordingly. - commit 060163b ------------------------------------------------------------------- Thu Feb 7 14:13:00 CET 2019 - mbenes@suse.cz - uname_patch: Use klp-convert macros and rely on klp-convert where possible - commit 4c9eb70 ------------------------------------------------------------------- Wed Feb 6 14:12:44 CET 2019 - mbenes@suse.cz - Define macros to switch easily between klp-convert and kallsyms Kallsyms trick does not have to be used for resolving undefined symbols when klp-convert is available. It would be great though to share live patches sources between both modes of operation. Define macros to help with the task. Their definitions depend on whether USE_KLP_CONVERT macro is defined. tar-up.sh script is responsible to decide. - commit e3a42b7 ------------------------------------------------------------------- Wed Feb 6 10:53:44 CET 2019 - mbenes@suse.cz - Use klp-convert where provided klp-convert tool converts undefined symbols in a live patch kernel module to special relocation records which are resolved by the kernel. It allows to omit kallsyms tricks. Wire it to the spec file and let tar-up.sh script decide if it is to be used depending on a codestream. SLE15-SP1 is supported currently. - commit 3efd330 ------------------------------------------------------------------- Tue Dec 11 11:27:23 CET 2018 - mbenes@suse.cz - uname_patch: don't hold uts_sem while accessing userspace memory Backport upstream patch 42a0cc347858 ("sys: don't hold uts_sem while accessing userspace memory"). - commit d4e00de ------------------------------------------------------------------- Tue Oct 2 16:38:19 CEST 2018 - mbenes@suse.cz - scripts/tar-up.sh: Add ppc64le to ExclusiveArch even for SLE12-SP2 - commit 77a8a8b ------------------------------------------------------------------- Wed Aug 8 15:08:00 CEST 2018 - nstange@suse.de - Provide common kallsyms wrapper API With bsc#1103203, the need for disambiguating between a multiply defined symbol arose. This is something the kallsyms_lookup_name() based code snippet we used to copy&paste to every individual CVE fix can't handle. Implement a proper wrapper API for doing the kallsyms lookups. - commit bd113d8 ------------------------------------------------------------------- Wed Aug 8 15:07:59 CEST 2018 - nstange@suse.de - Provide common kallsyms wrapper API With bsc#1103203, the need for disambiguating between a multiply defined symbol arose. This is something the kallsyms_lookup_name() based code snippet we used to copy&paste to every individual CVE fix can't handle. Implement a proper wrapper API for doing the kallsyms lookups. - commit 4aed7d2 ------------------------------------------------------------------- Wed Jul 11 13:55:14 CEST 2018 - nstange@suse.de - provide KGR_SHADOW_ID() helper macro - provide KLP_SHADOW_ID() helper macro In analogy to the KGR_SHADOW_ID() macro, introduce KLP_SHADOW_ID() for the construction of unique shadow variable id's. - commit 7325c49 ------------------------------------------------------------------- Sun Jul 8 13:02:18 CEST 2018 - nstange@suse.de - scripts/register-patches.sh: implement conditional inclusion Currently, subpatches provide a patched_funcs.csv file describing what needs to be patched. register-patches.sh inspects those to assemble one global klp_patch structure. The current format for these patched_funcs.csv's is obj old_func(,sympos) newfun However, sometimes subpatches depend on some kernel configuration values like CONFIG_X86_64 and functions shall get patched only if the target kernel configuration matches. Extends the patched_funcs.csv format to obj old_func(,sympos) newfun (cpp condition) where everything coming after 'newfun' is taken to be a CPP condition to be used for conditional inclusion. In case there's no condition specified, assign that entry the same semantics as if a '1' had been given. Make register-patches.sh guard the corresponding klp_func entries with #if pragmas. Furthermore, let it guard the enclosing klp_object instances by or'ing together all its klp_funcs' conditions. For the sake of better readability, omit redundant #if pragmas as well as condition clauses. In particular, - if a function entry hasn't got any condition explicitly specified, there won't be any #if pragma, neither at the klp_func nor at the klp_object level, - if multiple function entries for an object are protected by the same condition, it'll be or'ed in at the klp_object level only once, - if all of an object's functions share the same condition, no #if pragmas will be emitted at the klp_func level because they would only duplicate what's already there for the enclosing object and - multiple subsequent function entries sharing the same condition get collated. - commit 56f0729 ------------------------------------------------------------------- Sun Jul 8 13:02:17 CEST 2018 - nstange@suse.de - scripts/register-patches.sh: allow spaces as patched_funcs.csv separators Currently there's one single cut(1) usage which requires that (single) tabs are used as field separators for the patched_funcs.csv. As the rest of the code can deal with sequences of any whitespace already, this imposes an unnecessary restriction on the format. Substitute that cut(1) usage by a sed(1) invocation as appropriate. - commit 9852661 ------------------------------------------------------------------- Mon Jun 4 15:20:08 CEST 2018 - mbenes@suse.cz - livepatch_main.c: Set .replace to true - commit 643f04c ------------------------------------------------------------------- Mon May 14 08:30:00 CEST 2018 - nstange@suse.de - scrips/create-makefile.sh: add support for assembly files - commit cf2464a ------------------------------------------------------------------- Mon Mar 5 15:44:31 CET 2018 - nstange@suse.de - shadow variables: allow for dynamic initialization Currently, the only shadow variable initialization scheme exposed by the allocation API is to let klp_shadow_alloc() resp. klp_shadow_get_or_alloc() memcpy some user provided buffer to the freshly allocated shadow variable. This is too limited for shadow structures containing pointers into themselves like list_heads or mutexes. Change the internal __klp_shadow_get_or_alloc() to take a pointer to an initializer functions and call that in place of the memcpy() operation. In order to retain former functionality of klp_shadow_alloc() and klp_shadow_get_or_alloc(), make them pass the new __klp_shadow_memcpy_init() wrapper to __klp_shadow_get_or_alloc(). Finally, introduce the new klp_shadow_alloc_with_init() and klp_shadow_get_or_alloc_with_init() which pass a user provided initializer function pointer onwards to __klp_shadow_get_or_alloc(). - commit 843c6fa ------------------------------------------------------------------- Wed Dec 6 14:40:14 CET 2017 - mbenes@suse.cz - Revert "shadow variables: introduce upstream patch" This reverts commit e899c4fd3fe7602ebd70f578d8475f1049de7c78. - commit a27c66a ------------------------------------------------------------------- Wed Dec 6 14:37:09 CET 2017 - mbenes@suse.cz - Revert "shadow variables: drop EXPORT_SYMBOL()s" This reverts commit ac6cfebd7f831213ebcd4b2690672871572ec49e. - commit 40d0ba6 ------------------------------------------------------------------- Wed Dec 6 14:37:06 CET 2017 - mbenes@suse.cz - Revert "shadow variables: share shadow data among KGraft modules" This reverts commit 8e1e705d4d56981949f7ae3854d8e1cc2be7f40f. - commit d184b38 ------------------------------------------------------------------- Wed Dec 6 14:36:56 CET 2017 - mbenes@suse.cz - Revert "shadow variables: add KGR_SHADOW_ID helper" This reverts commit 237c8f3d13c382321d3e65d138d328eae0b82f6c. - commit 22d6153 ------------------------------------------------------------------- Wed Dec 6 12:18:06 CET 2017 - mbenes@suse.cz - rpm/config.sh: Use SUSE:SLE-15:GA project - commit ff32fc9 ------------------------------------------------------------------- Wed Dec 6 12:14:17 CET 2017 - mbenes@suse.cz - Revert "scripts: Generate ExclusiveArch in spec file dynamically" This reverts commit 95ed856ea8f99b4e48d7d324278b3628d2ac2fa2. SLE15 will support ppc64le arch from the beginning. - commit 92e9bdb ------------------------------------------------------------------- Tue Dec 5 16:42:04 CET 2017 - mbenes@suse.cz - uname_patch: fix UNAME26 for 4.0 Backport upstream commit 39afb5ee4640 ("kernel/sys.c: fix UNAME26 for 4.0"). - commit 5988feb ------------------------------------------------------------------- Mon Dec 4 15:25:24 CET 2017 - mbenes@suse.cz - Revert "Add compat.h to deal with changes of KGR_PATCH macro" This reverts commit 4186bef35862029a2fd36ba4a73d5fa538992709. All currently supported kernels (that is, everything since SLE12_Update_14 and SLE12-SP1_Update_5) have sympos support. We can drop compat, because we don't need it anymore. - commit 11e3220 ------------------------------------------------------------------- Thu Nov 30 15:15:20 CET 2017 - mbenes@suse.cz - scripts: Generate ExclusiveArch in spec file dynamically ppc64le architecture kernel support is not present in all currently supported branches. It may cause problem for the maintenance team. Generate ExclusiveArch dynamically. It should be 'ppc64le x86_64' for SLE12-SP3 and 'x86_64' for the rest. - commit 95ed856 ------------------------------------------------------------------- Thu Nov 16 14:27:46 CET 2017 - mbenes@suse.cz - rpm/kgraft-patch.spec: Add ppc64le as a supported arch ppc64le is about to be supported in Live Patching product. Add it to ExclusiveArch tag. - commit 8437c94 ------------------------------------------------------------------- Thu Nov 16 14:26:35 CET 2017 - mbenes@suse.cz - rpm/kgraft-patch.spec: Remove s390x from supported archs s390x is not supported in Live Patching product. Remove it from ExclusiveArch. - commit f9614f2 ------------------------------------------------------------------- Tue Oct 31 10:34:53 CET 2017 - nstange@suse.de - livepatch_main.c: klp_patch_init(): fix error handling In case either of the invocations of klp_register_patch() or klp_enable_patch() fails, anything which has been setup by the prior per-(sub-)patch initialiation code, i.e. the expansion of @@KLP_PATCHES_INIT_CALLS@@, won't get undone. Fix this. Also make klp_patch_init() look more like the common 'goto err' idiom and adjust scripts/register_patches.sh accordingly. Fix for commit 7e20201cdcb8 ("kGraft to livepatch migration. API change."). - commit 6552b44 ------------------------------------------------------------------- Tue Oct 31 10:34:52 CET 2017 - nstange@suse.de - scripts/register_patches.sh: generate klp_object array The KLP API doesn't take a flat list of to be patched functions like KGraft did, but introduces an intermediate layer: struct klp_object. Each klp_patch instance is supposed to reference an array of klp_object's which in turn provide an array of klp_func's each. To facilitate merging, we want to generate this list of klp_object's automatically, exactly like we did for the flat function list with KGraft. For each klp_patch instance, there must be at most one klp_object entry referring to the same object. Hence care must be taken not to add an entry for the same object twice in case two different (sub-)patches both patch some functions therein. Require from each (sub-)patch to provide the list of to be patched symbols in a file named SUBPATCH/patched_funcs.csv with each line conforming to the obj old_func(,sympos) new_func pattern. Make scripts/register.sh generate an klp_object array initializer based on this and let it expand the @@KLP_PATCHES_OBJS@@ tag within livepatch_main.c accordingly. Do not replace the now obsolete @@KLP_PATCHES_FUNCS@@ anymore. Add and remove the @@KLP_PATCHES_OBJS@@ and @@KLP_PATCHES_FUNCS@@ markers to and from livepatch_main.c respectively. [ mb: amend copy&paste error ($newfun at the end of uname klp_func[]) ] - commit 0fe721b ------------------------------------------------------------------- Thu Oct 26 13:54:06 CEST 2017 - lpechacek@suse.com - kGraft to livepatch migration. External rename. External rename and thus final step of kGraft -> upstream livepatch migration. kgraft-patch* modules are now livepatch* and live in /lib/modules/$(uname -r)/livepatch. References: fate#323682 [ mb: changelog ] - commit f842fd5 ------------------------------------------------------------------- Thu Oct 5 12:12:29 CEST 2017 - nstange@suse.de - shadow variables: add KGR_SHADOW_ID helper As shadow variables are supposed to be shared among different KGraft modules their id's must be compile time constants. Introduce the KGR_SHADOW_ID helper macro for generating them in a uniform manner based on the bsc# number and a local id. - commit 237c8f3 ------------------------------------------------------------------- Thu Oct 5 12:12:28 CEST 2017 - nstange@suse.de - shadow variables: share shadow data among KGraft modules As it stands, each KGraft module maintains its own set of shadow variable management structures and thus, shadow variables are not sharable between livepatch modules. This behaviour is different from the upstream implementation and, as pointed out by Miroslav Benes, it also opens up an opportunity for a small window where the system might become vulnerable again during transition as we stack new livepatches on top. Let all KGraft patches share the shadow data. Sharing is implemented by moving the management structures from a KGraft module's .data to dynamically allocated memory. Each KGraft module will have specifically named pointers, 'kgr_shadow_hash12' and 'kgr_shadow_lock12', referencing them. Upon initialization, a KGraft module will discover already existing such shadow data by kallsyms-searching all loaded modules for these pointer symbols. If none is found, a new instance is allocated. The newly introduced kgr_shadow_init() implementing this is idempotent and can thus be called from the bsc# subpatches' initializers if needed. Upon KGraft module removal, the new kgr_shadow_cleanup() will conduct another kallsyms search and deallocate the shadow data in case there are no more users. kgr_shadow_cleanup() is also idempotent. Initialization and teardown of the common shadow data is serialized with the module_mutex which has to be taken for the kallsyms search anyway. - commit 8e1e705 ------------------------------------------------------------------- Thu Oct 5 12:12:27 CEST 2017 - nstange@suse.de - shadow variables: drop EXPORT_SYMBOL()s The shadow variable API will only ever get used by the KGraft module itself and thus, there's no need for exporting it. Drop all EXPORT_SYMBOL annotations. - commit ac6cfeb ------------------------------------------------------------------- Thu Oct 5 12:12:26 CEST 2017 - nstange@suse.de - shadow variables: introduce upstream patch Joe Lawrence posted the sixth version of his shadow variable patch [1] implementing the association of additional out-of-band data members to existing structure instances from livepatches. Jiri Kosina has applied this to his git://git.kernel.org/pub/scm/linux/kernel/git/jikos/livepatching.git for-4.15/shadow-variables tree and thus, it's queued up and close to getting merged. The plan is to eventually backport this shadow variable support to SLE kernels, but we also want to have it usable from KGraft modules by now. Port the implementation to the kraft-patches module. Namely, - dump shadow.c in it's current upstream state as it is after commits 439e7271dc2b ("livepatch: introduce shadow variable API") 5d9da759f758 ("livepatch: __klp_shadow_get_or_alloc() is local to shadow.c") 19205da6a0da ("livepatch: Small shadow variable documentation fixes") - add a shadow.h header and declare the newly introduced functions there - and incorporate the new files into the KGraft module's build system. [1] 1504211861-19899-2-git-send-email-joe.lawrence@redhat.com ("[PATCH v6] livepatch: introduce shadow variable API") - commit e899c4f ------------------------------------------------------------------- Wed Jul 12 11:14:40 CEST 2017 - lpechacek@suse.com - kGraft to livepatch migration. API change. Change from kGraft API to livepatch API. Note: error handling in _init() function is broken and fixed later. Automatic generation of klp_objects is not present at all. Added later. References: fate#323682 [ mb: changelog, patch split, whitespace errors ] - commit 7e20201 ------------------------------------------------------------------- Wed Jul 12 11:08:57 CEST 2017 - lpechacek@suse.com - kGraft to livepatch migration. Internal rename. Internal rename in preparation for kGraft -> upstream livepatch migration. External module naming stays the same. API is not touched yet. References: fate#323682 [ mb: changelog edit ] - commit 28a04a2 ------------------------------------------------------------------- Tue Jun 13 15:54:27 CEST 2017 - nstange@suse.de - scripts/register-patches.sh: register subpatch sources in rpm spec In order to reduce the manual merging work upon addition of new (sub)patches, commit 4e8dc885be22 ("scripts: create kgr_patch_main.c dynamically") introduced the register-patches.sh helper. It discovers those and tweaks the main entry point, kgr_patch_main.c, as needed. However, a remaining manual merging task is to list a (sub)patch's source archive in rpm/kgraft-patch.spec and to %setup it. Make scripts/register-patches.sh do this. Namely, - introduce the @@KGR_PATCHES_SOURCES@@ and @@KGR_PATCHES_SETUP_SOURCES@@ placeholders in rpm/kgraft-patch.spec - and make scripts/register-patches.sh expand those within a spec file to be given as an additional command line argument. Finally, adjust scripts/tar-up.sh accordingly. - commit 9eafc8a ------------------------------------------------------------------- Tue Jun 13 15:51:42 CEST 2017 - nstange@suse.de - scripts/register-patches.sh: don't add ','s to @@KGR_PATCHES_FUNCS@@ register-patches.sh expands kgr_patch_main.c's @@KGR_PATCHES_FUNCS@@ placeholder by concatenating all available patches' KGR_PATCH__FUNCS together, separating them by commas. The KGR_PATCH__FUNCS are CPP macros supposed to be provided by each patch. If one of these happens to be empty, the preprocessed expansion will contain two consecutive commas which gcc doesn't like in array initializers. Do not add any commas to the @@KGR_PATCHES_FUNCS@@ expansion but require the individual KGR_PATCH__FUNCS macros to already contain trailing ones as needed. Fixes: 4e8dc885be22 ("scripts: create kgr_patch_main.c dynamically") - commit ba41416 ------------------------------------------------------------------- Wed Jun 7 12:05:41 CEST 2017 - nstange@suse.de - scripts: create kgr_patch_main.c dynamically The kgraft-patches repository has got many branches, each corresponding to a supported codestream. Each of those carries a potentially different set of live (sub)patches which are controlled through the entry points in kgr_patch_main.c. According to Miroslav, merging of a new (sub)patch based on the pristine master is a pita due to conflicts. Since all (sub)patches stick to certain conventions already, the required modifications of the merging-hotspot kgr_patch_main.c are quite mechanic. Let a script do the work. Namely, - insert some special @@-embraced placeholders at the few places depending on the actual set of (sub)patches, - let register-patches.sh discover the available (sub)patches by searching for directories - and let register-patches.sh replace those placeholders in kgr_patch_main.c Finally, add a register-patches.sh invocation to tar-up.sh. This procedure requires that a SUBPATCH located in directory SUBPATCH/ adheres to the following conventions: - It must provide a provide a SUBPATCH/kgr_patch_SUBPATCH.h header. - This header must provide declarations for kgr_patch_SUBPATCH_init() and kgr_patch_SUBPATCH_cleanup(). - This header must also #define a KGR_PATCH_SUBPATCH_FUNCS macro. It should expand to a comma separated list of KGR_PATCH*() entries, each corresponding to a function the subpatch wants to replace. [mbenes: fixed typos, empty line removed] - commit 4e8dc88 ------------------------------------------------------------------- Mon Apr 24 16:00:54 CEST 2017 - mbenes@suse.cz - Replace $(PWD) with $(CURDIR) in Makefile CURDIR is an internal variable of make and more suitable. - commit 03bf1d5 ------------------------------------------------------------------- Wed Apr 19 14:02:27 CEST 2017 - mbenes@suse.cz - Create Makefile automatically Introduce scripts/create-makefile.sh script to automatically create a makefile. The scripts is called from tar-up.sh or could be called manually. - commit 1af6c29 ------------------------------------------------------------------- Mon Oct 24 13:26:09 CEST 2016 - mbenes@suse.cz - Better to use SUSE:SLE-12:Update than Devel:kGraft:SLE12 project - commit bdc7598 ------------------------------------------------------------------- Tue May 10 15:43:59 CEST 2016 - mbenes@suse.cz - Add compat.h to deal with changes of KGR_PATCH macro Sympos patch set for kGraft redefined KGR_PATCH macro and added two new ones. Add new compat.h which contains macro magic so that all kGraft patches would work on both old and new kernels with the patch set merged. - commit 4186bef ------------------------------------------------------------------- Fri May 6 17:01:17 CEST 2016 - mbenes@suse.cz - Fix the number of parameters of KGR_PATCH macro New kernels contain kGraft's sympos patch set which changed number of paramaters of KGR_PATCH macro and introduced new macros. Fix it in master so it will be ok for new branches. - commit 78cf676 ------------------------------------------------------------------- Tue Sep 1 13:00:23 CEST 2015 - mmarek@suse.com - Include the RPM version number in the module name - commit 8fa02c6 ------------------------------------------------------------------- Wed Aug 26 11:29:44 CEST 2015 - mbenes@suse.cz - Remove forgotten debug option in the Makefile - commit 9c24ab8 ------------------------------------------------------------------- Mon Aug 17 13:42:04 CEST 2015 - mbenes@suse.cz - Add license and copyright notices - commit d42d3aa ------------------------------------------------------------------- Wed Jul 15 15:58:35 CEST 2015 - mbenes@suse.cz - Remove immediate flag Fake signal was merged to kGraft and immediate feature removed. Remove it in kGraft patches from now on too. - commit c767ad2 ------------------------------------------------------------------- Wed May 20 16:32:17 CEST 2015 - mbenes@suse.cz - Set immediate flag to false Using immediate set to true can lead to BUGs and oopses when downgrading, reverting or applying replace_all patches. There is no way how to find out if there is a process in the old code which is being removed. The module would be put, removed and the process will crash. The consistency model guarantees that there is no one in the old code when the finalization ends. Thus use it for all case to be safe. - commit 830e1a3 ------------------------------------------------------------------- Tue May 12 15:48:07 CEST 2015 - mbenes@suse.cz - Fix description in rpm spec file Spec file description mentions initial kGraft patch which is only true for real initial patch. Make it more neutral. References: bsc#930408 - commit a55e023 ------------------------------------------------------------------- Wed Apr 1 15:36:24 CEST 2015 - mbenes@suse.cz - Generate archives names automatically in tar-up.sh - commit 1f34f18 ------------------------------------------------------------------- Wed Apr 1 13:39:26 CEST 2015 - mbenes@suse.cz - Automatically generate .changes file from git log Also add comments to tar-up.sh script to distinguish between sections. - commit 212a7ae ------------------------------------------------------------------- Thu Mar 26 14:24:21 CET 2015 - mmarek@suse.cz - Revert "Require exact kernel version in the patch" This needs to be done differently, so that modprobe --force works as expected. References: bnc#920615 This reverts commit c62c11aecd4e3f8822e1b835fea403acc3148c5a. - commit bc88dd7 ------------------------------------------------------------------- Wed Mar 25 13:10:24 CET 2015 - mmarek@suse.cz - Require exact kernel version in the patch References: bnc#920615 - commit c62c11a ------------------------------------------------------------------- Tue Mar 24 12:15:41 CET 2015 - mmarek@suse.cz - Add the git commit and branch to the package description References: bnc#920633 - commit 1ff4e48 ------------------------------------------------------------------- Wed Nov 26 10:09:14 CET 2014 - mbenes@suse.cz - Set immediate flag for the initial patch Setting immediate to true will simplify installation of the initial patch and possibly also of the further updates. References: bnc#907150 - commit 391b810 ------------------------------------------------------------------- Tue Nov 25 16:26:40 CET 2014 - mbenes@suse.cz - Add .replace_all set to true Add .replace_all flag set to true even to the initial patch. Thus we will not forget to add that later. Also .immediate is there as a comment. - commit 933e15e ------------------------------------------------------------------- Mon Nov 24 15:02:33 CET 2014 - mmarek@suse.cz - Drop the hardcoded kernel release string The updated kgraft-devel macros set this during build time, so we do not need to know the kernel release string beforehand. As a name suffix for the source packages, let's use SLE12_Test in the master branch and SLE12_Update_ in the update branches. - commit 65f7a25 ------------------------------------------------------------------- Fri Nov 21 15:48:48 CET 2014 - mmarek@suse.cz - Check that we are building against the set kernel version - commit 689e44a ------------------------------------------------------------------- Wed Nov 12 04:11:14 CET 2014 - mmarek@suse.cz - Mark the module as supported References: bnc#904970 - commit 6249314 ------------------------------------------------------------------- Tue Nov 11 17:11:28 CET 2014 - mmarek@suse.cz - Build the test packages against Devel:kGraft:SLE12 - commit c952fbb ------------------------------------------------------------------- Thu Nov 6 13:55:43 CET 2014 - mbenes@suse.cz - Add top git commit hash to uname -v Add top git commit hash to version part of uname. This makes the identification of current patch level easy (even in crash: p kgr_tag). References: fate#317769 - commit 54c9595 ------------------------------------------------------------------- Tue Nov 4 16:23:50 CET 2014 - mbenes@suse.cz - Replace @@RELEASE@@ in kgr_patch->name with @@RPMRELEASE@@ We need to replace @@RELEASE@@ in kgr_patch->name with @@RPMRELEASE@@ due to sysfs tree. @@RELEASE@@ changes with each new version of package. - commit 51fd9dd ------------------------------------------------------------------- Mon Nov 3 17:27:24 CET 2014 - mmarek@suse.cz - Add a source-timestamp file with the git commit hash and branch This is required by the bs-upload-kernel script to upload packages to the BS. It can also be used by the specfile in the future. - commit feab4f1 ------------------------------------------------------------------- Mon Nov 3 16:56:31 CET 2014 - mbenes@suse.cz - Initial commit - commit 600de9d ------------------------------------------------------------------- Mon Nov 3 14:59:46 CET 2014 - mmarek@suse.cz - Add config.sh script This tells the automatic builder which IBS project to use. - commit aa7f1cb