Re: [PATCH v2 59/62] livepatch/klp-build: Introduce klp-build script for generating livepatch modules

Mon, 09 Jun 2025 19:06:25 -0700 

On Mon, Jun 09, 2025 at 04:59:37PM -0700, Josh Poimboeuf wrote:
> On Mon, Jun 09, 2025 at 05:20:53PM -0400, Joe Lawrence wrote:
> > If you touch sound/soc/sof/intel/, klp-build will error out with:
> > 
> >   Building patch module: livepatch-unCVE-2024-58012.ko
> >   ERROR: modpost: module livepatch-unCVE-2024-58012 uses symbol 
> > hda_dai_config from namespace SND_SOC_SOF_INTEL_HDA_COMMON, but does not 
> > import it.
> >   ERROR: modpost: module livepatch-unCVE-2024-58012 uses symbol 
> > hdac_bus_eml_sdw_map_stream_ch from namespace SND_SOC_SOF_HDA_MLINK, but 
> > does not import it.
> >   make[2]: *** [scripts/Makefile.modpost:145: 
> > /home/jolawren/src/centos-stream-10/klp-tmp/kmod/Module.symvers] Error 1
> >   make[1]: *** [/home/jolawren/src/centos-stream-10/Makefile:1936: modpost] 
> > Error 2
> >   make: *** [Makefile:236: __sub-make] Error 2
> > 
> > since the diff objects do not necessarily carry forward the namespace
> > import.
> 
> Nice, thanks for finding that.  I completely forgot about export
> namespaces.
> 
> Can you send me the patch for testing?  Is this the default centos10
> config?
> 

Yeah, cs-10 sets CONFIG_NAMESPACES=y.

The hack I posted earlier abused modinfo to get the namespaces.  You
could just dump the import_ns= strings in the .modinfo section with
readelf like (lightly tested):

diff --git a/scripts/livepatch/klp-build b/scripts/livepatch/klp-build
index f7d88726ed4f..671d1d07fd08 100755
--- a/scripts/livepatch/klp-build
+++ b/scripts/livepatch/klp-build
@@ -687,7 +687,9 @@ build_patch_module() {
        cp -f "$SRC/scripts/livepatch/init.c" "$KMOD_DIR"
 
        echo "obj-m := $NAME.o" > "$makefile"
-       echo -n "$NAME-y := init.o" >> "$makefile"
+       echo -n "$NAME-y := init.o namespaces.o" >> "$makefile"
+
+       echo "#include <linux/module.h>" >> "$KMOD_DIR/namespaces.c"
 
        find "$DIFF_DIR" -type f -name "*.o" | mapfile -t files
        [[ ${#files[@]} -eq 0 ]] && die "no changes detected"
@@ -695,8 +697,16 @@ build_patch_module() {
        for file in "${files[@]}"; do
                local rel_file="${file#"$DIFF_DIR"/}"
                local kmod_file="$KMOD_DIR/$rel_file"
+               local namespaces=()
                local cmd_file
 
+               # Copy symbol namespace
+               readelf -p .modinfo "$ORIG_DIR/$rel_file" | \
+                       gawk -F= '/\<import_ns=/ {print $2}' | mapfile -t 
namespaces
+               for ns in "${namespaces[@]}"; do
+                       echo "MODULE_IMPORT_NS(\"$ns\");" >> 
"$KMOD_DIR/namespaces.c"
+               done
+
                mkdir -p "$(dirname "$kmod_file")"
                cp -f "$file" "$kmod_file"

Reply via email to