On Wed, Sep 17, 2025 at 09:03:08AM -0700, Josh Poimboeuf wrote: > Changes since v3 > (https://lore.kernel.org/[email protected]): > > - Get rid of the SHF_MERGE+SHF_WRITE toolchain shenanigans in favor of > simple .discard.annotate_data annotations > - Fix potential double free in elf_create_reloc() > - Sync interval_tree_generic.h (Peter) > - Refactor prefix symbol creation error handling > - Rebase on tip/master and fix new issue (--checksum getting added with > --noabs) > > (v3..v4 diff below) > > ---- > > This series introduces new objtool features and a klp-build script to > generate livepatch modules using a source .patch as input. > > This builds on concepts from the longstanding out-of-tree kpatch [1] > project which began in 2012 and has been used for many years to generate > livepatch modules for production kernels. However, this is a complete > rewrite which incorporates hard-earned lessons from 12+ years of > maintaining kpatch. > > Key improvements compared to kpatch-build: > > - Integrated with objtool: Leverages objtool's existing control-flow > graph analysis to help detect changed functions. > > - Works on vmlinux.o: Supports late-linked objects, making it > compatible with LTO, IBT, and similar. > > - Simplified code base: ~3k fewer lines of code. > > - Upstream: No more out-of-tree #ifdef hacks, far less cruft. > > - Cleaner internals: Vastly simplified logic for symbol/section/reloc > inclusion and special section extraction. > > - Robust __LINE__ macro handling: Avoids false positive binary diffs > caused by the __LINE__ macro by introducing a fix-patch-lines script > which injects #line directives into the source .patch to preserve > the original line numbers at compile time. > > The primary user interface is the klp-build script which does the > following: > > - Builds an original kernel with -function-sections and > -fdata-sections, plus objtool function checksumming. > > - Applies the .patch file and rebuilds the kernel using the same > options. > > - Runs 'objtool klp diff' to detect changed functions and generate > intermediate binary diff objects. > > - Builds a kernel module which links the diff objects with some > livepatch module init code (scripts/livepatch/init.c). > > - Finalizes the livepatch module (aka work around linker wreckage) > using 'objtool klp post-link'. > > I've tested with a variety of patches on defconfig and Fedora-config > kernels with both GCC and Clang. > > These patches can also be found at: > > git://git.kernel.org/pub/scm/linux/kernel/git/jpoimboe/linux.git > klp-build-v3 > > Please test! >
For v4.1, with several dozen small, CVE input patches and gcc 14 + CentOS-Steam-10 config: Tested-off-by: Joe Lawrence <[email protected]> -- Joe
