Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Micro support #61

Merged
merged 11 commits into from
Jan 17, 2025
Merged

Micro support #61

merged 11 commits into from
Jan 17, 2025

Conversation

marcosps
Copy link
Collaborator

@marcosps marcosps commented Jan 7, 2025

No description provided.

@marcosps marcosps requested review from fgyanz and vmezzela January 7, 2025 12:32
@fgyanz
Copy link
Collaborator

fgyanz commented Jan 7, 2025

Hi, would it be possible to also include a test? As Sle Micro is kind of an exception among all the codestreams.

@marcosps
Copy link
Collaborator Author

marcosps commented Jan 7, 2025

Absolutely. I forgot to do it, but I'll prepare something in the next few days.

@marcosps
Copy link
Collaborator Author

marcosps commented Jan 8, 2025

@fgyanz @vmezzela new version! Would you like to add this one first, before the code reorganization?

@vmezzela
Copy link
Collaborator

vmezzela commented Jan 8, 2025

Sure, I can rebase #62 on top of this.

@marcosps
klp-build: Add SLE Micro support
f6f171b 
The changes are straighforward:
* Started to handle patchinfoid, along with the IBS project
* Changes in the parsing of the supported.csv due to MICRO
* Use patchinfoid when querying and download the packages
* Use the new config, symvers and vmlinux paths due to usrmerge being enabled on
  Micro

It's still disabled until kernel-livepatch-devel is built accordly.

Signed-off-by: Marcos Paulo de Souza <[email protected]>
@marcosps
Copy link
Collaborator Author

marcosps commented Jan 8, 2025

Rebased on top of current devel (after merging #63)

vmezzela
vmezzela reviewed Jan 9, 2025
View reviewed changes
klpbuild/codestream.py


@classmethod
def from_data(cls, data):
return cls(data["data_path"], data["lp_path"], data["sle"], data["sp"],
data["update"], data["rt"], data["project"], data["kernel"],
data["archs"], data["files"], data["modules"])
data["update"], data["rt"], data["project"], data["patchid"],
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FWIW, I believe this breaks when loading codestream.json files that were stored prior to this patch. I don't know if this can be an issue.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, I should have mentioned. We already had changes like this in the past, so I always suggest that people first finish their livepatch, and then apply the changes when starting to work on something new. I trully hope this is the last of the breaking changes that we need for MICRO...

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No problems on my side then!

@marcosps marcosps mentioned this pull request Jan 15, 2025
Closed
@fgyanz
Copy link
Collaborator

fgyanz commented Jan 16, 2025
edited by marcosps
Loading

Hi @marcosps ,
PR tested and it's looking pretty good. I think I've only found one issue.

  • After running:
lp-build setup --cve 2024-36971 -n bsc1226324 --conf CONFIG_IPV6 --file-funcs net/ipv6/route.c ip6_negative_advice --file-funcs net/ipv4/route.c ipv4_negative_advice --file-funcs net/xfrm/xfrm_policy.c xfrm_negative_advice --file-funcs net/core/sock.c sock_setsockopt sk_setsockopt --file-funcs net/ipv4/tcp_timer.c tcp_retransmit_timer --no-check

I noticed that the generated LP files externalize the symbols using the old method:
In klp/livepatches/bsc1226324/ccp/6.0u2/lp/bsc1226324_net_core_sock.c

static struct klp_kallsyms_reloc klp_funcs[] = {
»       { "mem_cgroup_charge_skmem", (void *)&klpe_mem_cgroup_charge_skmem },
»       { "mem_cgroup_uncharge_skmem",
»         (void *)&klpe_mem_cgroup_uncharge_skmem },
»       { "reuseport_update_incoming_cpu",
»         (void *)&klpe_reuseport_update_incoming_cpu },
»       { "sk_attach_bpf", (void *)&klpe_sk_attach_bpf },
»       { "sk_reuseport_attach_bpf", (void *)&klpe_sk_reuseport_attach_bpf },
»       { "sk_reuseport_attach_filter",
»         (void *)&klpe_sk_reuseport_attach_filter },
»       { "sock_bindtoindex_locked", (void *)&klpe_sock_bindtoindex_locked },
»       { "sock_set_timeout", (void *)&klpe_sock_set_timeout },
»       { "sock_set_timestamp", (void *)&klpe_sock_set_timestamp },
»       { "sock_set_timestamping", (void *)&klpe_sock_set_timestamping },
};

As a side note, and just for the record, I tried running scan with a new CVE, which I personally made sure it affects one Micro codestream and not the following update. The results are as expected :)

klp-build scan --cve 2024-46772
...

Skipping already patched codestreams:
	6.0rtu3 6.0u3 15.6rtu4-6 15.6u5-6
Skipping unaffected codestreams (missing backports):
	12.5u52-63 15.2u44-55 15.3u40-51 15.4u22-34 15.5u9-21
Checking filter and skips...
All affected codestreams:
	6.0rtu2 6.0u2 15.6rtu0-3 15.6u0-4

fgyanz
fgyanz reviewed Jan 16, 2025
View reviewed changes
klpbuild/templ.py Outdated Show resolved Hide resolved
@marcosps
ksrc: Enable MICRO
3342364 
The ipa-clones were built manually, so it's now possible to enable it.

Signed-off-by: Marcos Paulo de Souza <[email protected]>
@marcosps
ibs: Change push/log projects from devbuild to standard
3d6702c 
This is needed since we now have _buildenv files that are created on kgraft-patches,
and the filenames are using "standard" project, so change it accordly.

The name "devbuild" is here since forever. Let's change it and see what happens.

Signed-off-by: Marcos Paulo de Souza <[email protected]>
@marcosps
codestreams: Add MICRO version on name_full method
7b02ed0 
Signed-off-by: Marcos Paulo de Souza <[email protected]>
@marcosps
ibs: Extract all zst and xz files under /usr/lib/modules
fe67662 
This is necessay because MICRO has vmlinux.xz on /usr/lib/modules, and we need
this to be extracted in order to check for symbols when prepare-tests is called.

Signed-off-by: Marcos Paulo de Souza <[email protected]>
@marcosps
ibs: Refactor validate_livepatch_module to support MICRO
31ba44a 
This was overly complicated, and the version strings are different for
MICRO, so refactor everything to be as generic as possible.

Signed-off-by: Marcos Paulo de Souza <[email protected]>
@marcosps
templ: Add SLE MICRO6
4d1a1ae 
Signed-off-by: Marcos Paulo de Souza <[email protected]>
@marcosps
tests: Add tests for MICRO-6-0
95ae36c 
Signed-off-by: Marcos Paulo de Souza <[email protected]>
@marcosps
klp-build: Extract gz files on MICRO as well
e007ab2 
Without this fix the symvers files isn't extract on MICRO codestreams.

Signed-off-by: Marcos Paulo de Souza <[email protected]>
@marcosps
Copy link
Collaborator Author

Hi @marcosps , PR tested and it's looking pretty good. I think I've only found one issue.

  • After running:
lp-build setup --cve 2024-36971 -n bsc1226324 --conf CONFIG_IPV6 --file-funcs net/ipv6/route.c ip6_negative_advice --file-funcs net/ipv4/route.c ipv4_negative_advice --file-funcs net/xfrm/xfrm_policy.c xfrm_negative_advice --file-funcs net/core/sock.c sock_setsockopt sk_setsockopt --file-funcs net/ipv4/tcp_timer.c tcp_retransmit_timer --no-check

I noticed that the generated LP files externalize the symbols using the old method: In klp/livepatches/bsc1226324/ccp/6.0u2/lp/bsc1226324_net_core_sock.c

static struct klp_kallsyms_reloc klp_funcs[] = {
»       { "mem_cgroup_charge_skmem", (void *)&klpe_mem_cgroup_charge_skmem },
»       { "mem_cgroup_uncharge_skmem",
»         (void *)&klpe_mem_cgroup_uncharge_skmem },
»       { "reuseport_update_incoming_cpu",
»         (void *)&klpe_reuseport_update_incoming_cpu },
»       { "sk_attach_bpf", (void *)&klpe_sk_attach_bpf },
»       { "sk_reuseport_attach_bpf", (void *)&klpe_sk_reuseport_attach_bpf },
»       { "sk_reuseport_attach_filter",
»         (void *)&klpe_sk_reuseport_attach_filter },
»       { "sock_bindtoindex_locked", (void *)&klpe_sock_bindtoindex_locked },
»       { "sock_set_timeout", (void *)&klpe_sock_set_timeout },
»       { "sock_set_timestamp", (void *)&klpe_sock_set_timestamp },
»       { "sock_set_timestamping", (void *)&klpe_sock_set_timestamping },
};

As a side note, and just for the record, I tried running scan with a new CVE, which I personally made sure it affects one Micro codestream and not the following update. The results are as expected :)

klp-build scan --cve 2024-46772 ...

Skipping already patched codestreams:
	6.0rtu3 6.0u3 15.6rtu4-6 15.6u5-6
Skipping unaffected codestreams (missing backports):
	12.5u52-63 15.2u44-55 15.3u40-51 15.4u22-34 15.5u9-21
Checking filter and skips...
All affected codestreams:
	6.0rtu2 6.0u2 15.6rtu0-3 15.6u0-4

(@fgyanz Instead of quoting your comment I edited it, sorry....)

Ouch... thanks a lot for catching this mistake! MICRO also uses IBT, and I forgot to tag as such. I've fixed it in the latest push.

@marcosps
ibs: push: fetch the remote codestreams before rebasing
26b1d21 
The rebase can fail is the target branch wasn't being tracked locally
before the clone being done. When the clone succeeds, the origin remote
is set to the local directory, so it's cannot find the remote branches
on the original remote.

The fix in this case is to readd the remote and fetch all codestreams
before the rebase.

Signed-off-by: Marcos Paulo de Souza <[email protected]>
@marcosps
codestreams: Make set_archs to choose the correct archs per codestream
7cb4518 
Signed-off-by: Marcos Paulo de Souza <[email protected]>
@fgyanz
Copy link
Collaborator

fgyanz commented Jan 17, 2025

LGTM! Code reviewed and tested.

@fgyanz fgyanz merged commit 5e4b234 into SUSE:devel Jan 17, 2025
@vmezzela vmezzela mentioned this pull request Jan 17, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fgyanz fgyanz fgyanz left review comments

@vmezzela vmezzela vmezzela left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@marcosps @fgyanz @vmezzela