Google Summer of Code summary week 08

What I did in this week 08 summary:

elivepatch:

  • Working with tempfile for keeping the uncompressed configuration file using the appropiate tempfile module.
  • Refactoring and code cleaning.
  • Check if the ebuild is present in the overlay before trying to merge it.
  • lpatch added locally
  • fix ebuild directory
  • Static patch and config filename on send This is useful for isolating the api requests using only the uuid as session identifier
  • Removed livepatchStatus and lpatch class configurations. Because we need a request to only be identified by is own UUID, for isolating the transaction.
  • return in case the request with same uuid is already present.
  • Fixed livepatch output name for reflecting the static setted patch name
  • module install removed as not needed
  • debug option is now also copying the build.log to the uuid directory, for investigating failed attempt * refactored uuid_dir with uuid in the case where uuid_dir is not actually containing the full path
  • adding debug_info to the configuration file if not already present however this setting is only needed for the livepatch creation (not tested yet)

Kpatc:

  • Investigate about dwarf attribute problems

What I need to do next time:

  • Finish the function for download the livepatch to the client
  • Testing elivepatch
  • Implementing the CVE patch uploader
  • Installing elivepatch to the Gentoo server
  • Fix kpatch-build for automatically work with gentoo-sources
  • Add more features to elivepatch

day 33 What was my plan for today?

  • testing and improving elivepatch

What i did today?

  • Working with tempfile for keeping the uncompressed configuration file using the appropiate tempfile module.
  • Refactoring and code cleaning.
  • Check if the ebuild is present in the overlay before trying to merge it.

what i will do next time?

* testing and improving elivepatch

day 34

What was my plan for today?

  • testing and improving elivepatch

What i did today?

  • lpatch added locally
  • fix ebuild directory
  • Static patch and config filename on send This is useful for isolating the api requests using only the uuid as session identifier
  • Removed livepatchStatus and lpatch class configurations. Because we need a request to only be identified by is own UUID, for isolating the transaction.
  • return in case the request with same uuid is already present.

we still have problem about "can'\''t find special struct alt_instr size."

I will investigate it tomorrow

what i will do next time?

  • testing and improving elivepatch
  • Investigating the missing informations in the livepatch

day 35

What was my plan for today?

  • testing and improving elivepatch

What i did today?

Today I investigate the missing information on the livepatch that we have when we don't have CONFIG_DEBUG_INFO=y in our kernel configuration. In the case we don't have debug_info in the kernel configuration we usually get missing alt_instr errors from kpatch-build and this is stopping elivepatch from creating a livepatch. This DEBUG_INFO is only needed for making the livepatch and dosen't have to be setted also in production (but not tested it yet)

Kpatch need some special section data for find where to inject the livepatch. This special section data existence is checked by kpatch-build in the given vmlinux file. The vmlinux file need CONFIG_DEBUG_INFO=y for making the debug symbols containing the special section data. This special section data is found like this:

# Set state if name matches
a == 0 && /DW_AT_name.* alt_instr[[:space:]]*$/ {a = 1; next}
b == 0 && /DW_AT_name.* bug_entry[[:space:]]*$/ {b = 1; next}
p == 0 && /DW_AT_name.* paravirt_patch_site[[:space:]]*$/ {p = 1; next}
e == 0 && /DW_AT_name.* exception_table_entry[[:space:]]*$/ {e = 1; next}

DW_AT_NAME is the dwarf attributei (AT) for the name of declaration as it appear in the source program.

<1><3a75de>: Abbrev Number: 118 (DW_TAG_variable)
   <3a75df>   DW_AT_name        : (indirect string, offset: 0x2878c):
__alt_instructions
   <3a75e3>   DW_AT_decl_file   : 1
   <3a75e4>   DW_AT_decl_line   : 271
   <3a75e6>   DW_AT_type        : <0x3a75d3>
   <3a75ea>   DW_AT_external    : 1
   <3a75ea>   DW_AT_declaration : 1
  • decl_file is the file containing the source declaration
  • type is the type of declaration
  • external means that the variable is visible outside of its enclosing compilation unit
  • declaration indicates that this entry represents a non-defining declaration of object

more informations can be found here http://dwarfstd.org/doc/Dwarf3.pdf

After the kpatch-build identify the various name attribute

It will re build the original kernel and the patched kernel

With the use of create-diff-object program, kpatch-build will extract new and modified ELF by using the dwarf data special section

Finally it will create the patch module using create-kpatch-module program and by using dynamic linked objects relocation (dynrelas) symbol sections changes

[continue...]

what i will do next time?

  • testing and improving elivepatch
  • Investigating the missing informations in the livepatch

day 36

What was my plan for today?

  • testing and improving elivepatch

What i did today?

  • Fixed livepatch output name for reflecting the static setted patch name
  • module install removed as not needed
  • debug option is now also copying the build.log to the uuid directory, for investigating failed attempt * refactored uuid_dir with uuid in the case where uuid_dir is not actually containing the full path
  • adding debug_info to the configuration file if not already present however this setting is only needed for the livepatch creation (not tested yet)

what i will do next time?

  • testing and improving elivepatch

day 37