|
Packit |
c71e3f |
#!/bin/bash
|
|
Packit |
c71e3f |
#
|
|
Packit |
c71e3f |
# kpatch hot patch module management script
|
|
Packit |
c71e3f |
#
|
|
Packit |
c71e3f |
# Copyright (C) 2014 Seth Jennings <sjenning@redhat.com>
|
|
Packit |
c71e3f |
# Copyright (C) 2014 Josh Poimboeuf <jpoimboe@redhat.com>
|
|
Packit |
c71e3f |
#
|
|
Packit |
c71e3f |
# This program is free software; you can redistribute it and/or
|
|
Packit |
c71e3f |
# modify it under the terms of the GNU General Public License
|
|
Packit |
c71e3f |
# as published by the Free Software Foundation; either version 2
|
|
Packit |
c71e3f |
# of the License, or (at your option) any later version.
|
|
Packit |
c71e3f |
#
|
|
Packit |
c71e3f |
# This program is distributed in the hope that it will be useful,
|
|
Packit |
c71e3f |
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
c71e3f |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
Packit |
c71e3f |
# GNU General Public License for more details.
|
|
Packit |
c71e3f |
#
|
|
Packit |
c71e3f |
# You should have received a copy of the GNU General Public License
|
|
Packit |
c71e3f |
# along with this program; if not, write to the Free Software
|
|
Packit |
c71e3f |
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA,
|
|
Packit |
c71e3f |
# 02110-1301, USA.
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
# This is the kpatch user script that manages installing, loading, and
|
|
Packit |
c71e3f |
# displaying information about kernel patch modules installed on the system.
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
INSTALLDIR=/var/lib/kpatch
|
|
Packit |
c71e3f |
SCRIPTDIR="$(readlink -f "$(dirname "$(type -p "$0")")")"
|
|
Packit |
c71e3f |
VERSION="0.6.1"
|
|
Packit |
c71e3f |
POST_ENABLE_WAIT=15 # seconds
|
|
Packit |
c71e3f |
POST_SIGNAL_WAIT=60 # seconds
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
# How many times to try loading the patch if activeness safety check fails.
|
|
Packit |
c71e3f |
MAX_LOAD_ATTEMPTS=5
|
|
Packit |
c71e3f |
# How long to wait before retry, in seconds.
|
|
Packit |
c71e3f |
RETRY_INTERVAL=2
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
usage_cmd() {
|
|
Packit |
c71e3f |
printf ' %-20s\n %s\n' "$1" "$2" >&2
|
|
Packit |
c71e3f |
}
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
usage () {
|
|
Packit |
c71e3f |
# ATTENTION ATTENTION ATTENTION ATTENTION ATTENTION ATTENTION
|
|
Packit |
c71e3f |
# When changing this, please also update the man page. Thanks!
|
|
Packit |
c71e3f |
echo "usage: kpatch <command> [<args>]" >&2
|
|
Packit |
c71e3f |
echo >&2
|
|
Packit |
c71e3f |
echo "Valid commands:" >&2
|
|
Packit |
c71e3f |
usage_cmd "install [-k|--kernel-version=<kernel version>] <module>" "install patch module to be loaded at boot"
|
|
Packit |
c71e3f |
usage_cmd "uninstall [-k|--kernel-version=<kernel version>] <module>" "uninstall patch module"
|
|
Packit |
c71e3f |
echo >&2
|
|
Packit |
c71e3f |
usage_cmd "load --all" "load all installed patch modules into the running kernel"
|
|
Packit |
c71e3f |
usage_cmd "load <module>" "load patch module into the running kernel"
|
|
Packit |
c71e3f |
usage_cmd "unload --all" "unload all patch modules from the running kernel"
|
|
Packit |
c71e3f |
usage_cmd "unload <module>" "unload patch module from the running kernel"
|
|
Packit |
c71e3f |
echo >&2
|
|
Packit |
c71e3f |
usage_cmd "info <module>" "show information about a patch module"
|
|
Packit |
c71e3f |
echo >&2
|
|
Packit |
c71e3f |
usage_cmd "list" "list installed patch modules"
|
|
Packit |
c71e3f |
echo >&2
|
|
Packit |
c71e3f |
usage_cmd "signal" "signal/poke any process stalling the current patch transition"
|
|
Packit |
c71e3f |
echo >&2
|
|
Packit |
c71e3f |
usage_cmd "version" "display the kpatch version"
|
|
Packit |
c71e3f |
exit 1
|
|
Packit |
c71e3f |
}
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
warn() {
|
|
Packit |
c71e3f |
echo "kpatch: $*" >&2
|
|
Packit |
c71e3f |
}
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
die() {
|
|
Packit |
c71e3f |
warn "$@"
|
|
Packit |
c71e3f |
exit 1
|
|
Packit |
c71e3f |
}
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
__find_module () {
|
|
Packit |
c71e3f |
MODULE="$1"
|
|
Packit |
c71e3f |
[[ -f "$MODULE" ]] && return
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
MODULE="$INSTALLDIR/$(uname -r)/$1"
|
|
Packit |
c71e3f |
[[ -f "$MODULE" ]] && return
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
return 1
|
|
Packit |
c71e3f |
}
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
mod_name () {
|
|
Packit |
c71e3f |
MODNAME="$(basename "$1")"
|
|
Packit |
c71e3f |
MODNAME="${MODNAME%.ko}"
|
|
Packit |
c71e3f |
MODNAME="${MODNAME//-/_}"
|
|
Packit |
c71e3f |
}
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
find_module () {
|
|
Packit |
c71e3f |
arg="$1"
|
|
Packit |
c71e3f |
if [[ "$arg" =~ \.ko ]]; then
|
|
Packit |
c71e3f |
__find_module "$arg" || return 1
|
|
Packit |
c71e3f |
mod_name "$MODULE"
|
|
Packit |
c71e3f |
return
|
|
Packit |
c71e3f |
else
|
|
Packit |
c71e3f |
for i in "$INSTALLDIR/$(uname -r)"/*; do
|
|
Packit |
c71e3f |
mod_name "$i"
|
|
Packit |
c71e3f |
if [[ "$MODNAME" == "$arg" ]]; then
|
|
Packit |
c71e3f |
MODULE="$i"
|
|
Packit |
c71e3f |
return
|
|
Packit |
c71e3f |
fi
|
|
Packit |
c71e3f |
done
|
|
Packit |
c71e3f |
fi
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
return 1
|
|
Packit |
c71e3f |
}
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
find_core_module() {
|
|
Packit |
c71e3f |
COREMOD="$SCRIPTDIR"/../kmod/core/kpatch.ko
|
|
Packit |
c71e3f |
[[ -f "$COREMOD" ]] && return
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
COREMOD="/usr/local/lib/kpatch/$(uname -r)/kpatch.ko"
|
|
Packit |
c71e3f |
[[ -f "$COREMOD" ]] && return
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
COREMOD="/usr/lib/kpatch/$(uname -r)/kpatch.ko"
|
|
Packit |
c71e3f |
[[ -f "$COREMOD" ]] && return
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
COREMOD="/usr/local/lib/modules/$(uname -r)/extra/kpatch/kpatch.ko"
|
|
Packit |
c71e3f |
[[ -f "$COREMOD" ]] && return
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
COREMOD="/usr/lib/modules/$(uname -r)/extra/kpatch/kpatch.ko"
|
|
Packit |
c71e3f |
[[ -f "$COREMOD" ]] && return
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
return 1
|
|
Packit |
c71e3f |
}
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
core_loaded () {
|
|
Packit |
c71e3f |
grep -q -e "T klp_register_patch" -e "T kpatch_register" /proc/kallsyms
|
|
Packit |
c71e3f |
}
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
get_module_name () {
|
|
Packit |
c71e3f |
readelf -p .gnu.linkonce.this_module "$1" | grep '\[.*\]' | awk '{print $3}'
|
|
Packit |
c71e3f |
}
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
init_sysfs_var() {
|
|
Packit |
c71e3f |
# If the kernel is configured with CONFIG_LIVEPATCH, use that.
|
|
Packit |
c71e3f |
# Otherwise, use the kpatch core module (kpatch.ko).
|
|
Packit |
c71e3f |
if [[ -e /sys/kernel/livepatch ]] ; then
|
|
Packit |
c71e3f |
# livepatch ABI
|
|
Packit |
c71e3f |
SYSFS="/sys/kernel/livepatch"
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
elif [[ -e /sys/kernel/kpatch/patches ]] ; then
|
|
Packit |
c71e3f |
# kpatch pre-0.4 ABI
|
|
Packit |
c71e3f |
SYSFS="/sys/kernel/kpatch/patches"
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
else
|
|
Packit |
c71e3f |
# kpatch 0.4 ABI
|
|
Packit |
c71e3f |
SYSFS="/sys/kernel/kpatch"
|
|
Packit |
c71e3f |
fi
|
|
Packit |
c71e3f |
}
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
verify_module_checksum () {
|
|
Packit |
c71e3f |
modname="$(get_module_name "$1")"
|
|
Packit |
c71e3f |
[[ -z "$modname" ]] && return 1
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
checksum="$(readelf -p .kpatch.checksum "$1" 2>&1 | grep '\[.*\]' | awk '{print $3}')"
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
# Fail checksum match only if both exist and diverge
|
|
Packit |
c71e3f |
if [[ ! -z "$checksum" ]] && [[ -e "$SYSFS/${modname}/checksum" ]] ; then
|
|
Packit |
c71e3f |
sysfs_checksum="$(cat "$SYSFS/${modname}/checksum")"
|
|
Packit |
c71e3f |
[[ "$checksum" == "$sysfs_checksum" ]] || return 1
|
|
Packit |
c71e3f |
fi
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
return 0
|
|
Packit |
c71e3f |
}
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
in_transition() {
|
|
Packit |
c71e3f |
local moddir="$SYSFS/$1"
|
|
Packit |
c71e3f |
[[ $(cat "$moddir/transition" 2>/dev/null) == "1" ]] && return 0
|
|
Packit |
c71e3f |
return 1
|
|
Packit |
c71e3f |
}
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
is_stalled() {
|
|
Packit |
c71e3f |
local module="$1"
|
|
Packit |
c71e3f |
local pid="$2"
|
|
Packit |
c71e3f |
local patch_enabled
|
|
Packit |
c71e3f |
local patch_state
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
patch_enabled="$(cat "$SYSFS/$module/enabled" 2>/dev/null)"
|
|
Packit |
c71e3f |
patch_state="$(cat "/proc/$pid/patch_state" 2>/dev/null)"
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
# No patch transition in progress
|
|
Packit |
c71e3f |
[[ "$patch_state" == "-1" ]] && return 1
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
[[ -z "$patch_enabled" ]] || [[ -z "$patch_state" ]] && return 1
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
# Stalls can be determined if the process state does not match
|
|
Packit |
c71e3f |
# the transition target (ie, "enabled" and "patched", "disabled"
|
|
Packit |
c71e3f |
# and "unpatched"). The state value enumerations match, so we
|
|
Packit |
c71e3f |
# can just compare them directly:
|
|
Packit |
c71e3f |
[[ "$patch_enabled" != "$patch_state" ]] && return 0
|
|
Packit |
c71e3f |
return 1
|
|
Packit |
c71e3f |
}
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
get_transition_patch() {
|
|
Packit |
c71e3f |
local module
|
|
Packit |
c71e3f |
local modname
|
|
Packit |
c71e3f |
for module in "$SYSFS"/*; do
|
|
Packit |
c71e3f |
modname=$(basename "$module")
|
|
Packit |
c71e3f |
if in_transition "$modname" ; then
|
|
Packit |
c71e3f |
echo "$modname"
|
|
Packit |
c71e3f |
return
|
|
Packit |
c71e3f |
fi
|
|
Packit |
c71e3f |
done
|
|
Packit |
c71e3f |
}
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
show_stalled_processes() {
|
|
Packit |
c71e3f |
local module
|
|
Packit |
c71e3f |
local proc_task
|
|
Packit |
c71e3f |
local tid
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
module=$(get_transition_patch)
|
|
Packit |
c71e3f |
[[ -z "$module" ]] && return
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
echo ""
|
|
Packit |
c71e3f |
echo "Stalled processes:"
|
|
Packit |
c71e3f |
for proc_task in /proc/[0-9]*/task/[0-9]*; do
|
|
Packit |
c71e3f |
tid=${proc_task#*/task/}
|
|
Packit |
c71e3f |
is_stalled "$module" "$tid" && echo "$tid $(cat "$proc_task"/comm 2>/dev/null)"
|
|
Packit |
c71e3f |
done
|
|
Packit |
c71e3f |
}
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
signal_stalled_processes() {
|
|
Packit |
c71e3f |
local module
|
|
Packit |
c71e3f |
local proc_task
|
|
Packit |
c71e3f |
local tid
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
module=$(get_transition_patch)
|
|
Packit |
c71e3f |
[[ -z "$module" ]] && return
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
if [[ -e "/sys/kernel/livepatch/$module/signal" ]] ; then
|
|
Packit |
c71e3f |
echo 1 > "/sys/kernel/livepatch/$module/signal"
|
|
Packit |
c71e3f |
else
|
|
Packit |
c71e3f |
for proc_task in /proc/[0-9]*/task/[0-9]*; do
|
|
Packit |
c71e3f |
tid=${proc_task#*/task/}
|
|
Packit |
c71e3f |
if is_stalled "$module" "$tid" ; then
|
|
Packit |
c71e3f |
if [[ "$tid" -eq "$$" ]] ; then
|
|
Packit |
c71e3f |
echo "skipping pid $tid $(cat "$proc_task"/comm 2>/dev/null)"
|
|
Packit |
c71e3f |
else
|
|
Packit |
c71e3f |
echo "signaling pid $tid $(cat "$proc_task"/comm 2>/dev/null)"
|
|
Packit |
c71e3f |
kill -SIGSTOP "$tid"
|
|
Packit |
c71e3f |
sleep .1
|
|
Packit |
c71e3f |
kill -SIGCONT "$tid"
|
|
Packit |
c71e3f |
fi
|
|
Packit |
c71e3f |
fi
|
|
Packit |
c71e3f |
done
|
|
Packit |
c71e3f |
fi
|
|
Packit |
c71e3f |
}
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
wait_for_patch_transition() {
|
|
Packit |
c71e3f |
local module="$1"
|
|
Packit |
c71e3f |
local i
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
in_transition "$module" || return 0
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
echo "waiting (up to $POST_ENABLE_WAIT seconds) for patch transition to complete..."
|
|
Packit |
c71e3f |
for (( i=0; i
|
|
Packit |
c71e3f |
if ! in_transition "$module" ; then
|
|
Packit |
c71e3f |
echo "transition complete ($i seconds)"
|
|
Packit |
c71e3f |
return 0
|
|
Packit |
c71e3f |
fi
|
|
Packit |
c71e3f |
sleep 1s
|
|
Packit |
c71e3f |
done
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
echo "patch transition has stalled, signaling stalled process(es):"
|
|
Packit |
c71e3f |
signal_stalled_processes
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
echo "waiting (up to $POST_SIGNAL_WAIT seconds) for patch transition to complete..."
|
|
Packit |
c71e3f |
for (( i=0; i
|
|
Packit |
c71e3f |
if ! in_transition "$module" ; then
|
|
Packit |
c71e3f |
echo "transition complete ($i seconds)"
|
|
Packit |
c71e3f |
return 0
|
|
Packit |
c71e3f |
fi
|
|
Packit |
c71e3f |
sleep 1s
|
|
Packit |
c71e3f |
done
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
return 1
|
|
Packit |
c71e3f |
}
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
load_module () {
|
|
Packit |
c71e3f |
local module="$1"
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
if ! core_loaded; then
|
|
Packit |
c71e3f |
if modprobe -q kpatch; then
|
|
Packit |
c71e3f |
echo "loaded core module"
|
|
Packit |
c71e3f |
else
|
|
Packit |
c71e3f |
find_core_module || die "can't find core module"
|
|
Packit |
c71e3f |
echo "loading core module: $COREMOD"
|
|
Packit |
c71e3f |
insmod "$COREMOD" || die "failed to load core module"
|
|
Packit |
c71e3f |
fi
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
# Now that the core module has been loaded, set $SYSFS to the
|
|
Packit |
c71e3f |
# correct value based on the loaded core module's ABI.
|
|
Packit |
c71e3f |
init_sysfs_var
|
|
Packit |
c71e3f |
fi
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
local modname
|
|
Packit |
c71e3f |
modname="$(get_module_name "$module")"
|
|
Packit |
c71e3f |
local moddir="$SYSFS/$modname"
|
|
Packit |
c71e3f |
if [[ -d "$moddir" ]] ; then
|
|
Packit |
c71e3f |
if [[ "$(cat "${moddir}/enabled")" -eq 0 ]]; then
|
|
Packit |
c71e3f |
if verify_module_checksum "$module"; then # same checksum
|
|
Packit |
c71e3f |
echo "module already loaded, re-enabling"
|
|
Packit |
c71e3f |
echo 1 > "${moddir}/enabled" || die "failed to re-enable module $modname"
|
|
Packit |
c71e3f |
if ! wait_for_patch_transition "$modname" ; then
|
|
Packit |
c71e3f |
echo "module $modname did not complete its transition, disabling..."
|
|
Packit |
c71e3f |
echo 0 > "${moddir}/enabled" || die "failed to disable module $modname"
|
|
Packit |
c71e3f |
wait_for_patch_transition "$modname"
|
|
Packit |
c71e3f |
die "error: failed to re-enable module $modname (transition stalled), patch disabled"
|
|
Packit |
c71e3f |
fi
|
|
Packit |
c71e3f |
return
|
|
Packit |
c71e3f |
else
|
|
Packit |
c71e3f |
die "error: cannot re-enable patch module $modname, cannot verify checksum match"
|
|
Packit |
c71e3f |
fi
|
|
Packit |
c71e3f |
else
|
|
Packit |
c71e3f |
die "error: module named $modname already loaded and enabled"
|
|
Packit |
c71e3f |
fi
|
|
Packit |
c71e3f |
fi
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
echo "loading patch module: $module"
|
|
Packit |
c71e3f |
local i=0
|
|
Packit |
c71e3f |
while true; do
|
|
Packit |
c71e3f |
out="$(LC_ALL=C insmod "$module" 2>&1)"
|
|
Packit |
c71e3f |
[[ -z "$out" ]] && break
|
|
Packit |
c71e3f |
echo "$out" 1>&2
|
|
Packit |
c71e3f |
[[ ! "$out" =~ "Device or resource busy" ]] &&
|
|
Packit |
c71e3f |
die "failed to load module $module"
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
# "Device or resource busy" means the activeness safety check
|
|
Packit |
c71e3f |
# failed. Retry in a few seconds.
|
|
Packit |
c71e3f |
i=$((i+1))
|
|
Packit |
c71e3f |
if [[ $i -eq $MAX_LOAD_ATTEMPTS ]]; then
|
|
Packit |
c71e3f |
die "failed to load module $module"
|
|
Packit |
c71e3f |
break
|
|
Packit |
c71e3f |
else
|
|
Packit |
c71e3f |
warn "retrying..."
|
|
Packit |
c71e3f |
sleep $RETRY_INTERVAL
|
|
Packit |
c71e3f |
fi
|
|
Packit |
c71e3f |
done
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
if ! wait_for_patch_transition "$modname" ; then
|
|
Packit |
c71e3f |
echo "module $modname did not complete its transition, unloading..."
|
|
Packit |
c71e3f |
unload_module "$modname"
|
|
Packit |
c71e3f |
die "error: failed to load module $modname (transition stalled)"
|
|
Packit |
c71e3f |
fi
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
return 0
|
|
Packit |
c71e3f |
}
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
disable_patch () {
|
|
Packit |
c71e3f |
local modname="$1"
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
local enabled="$SYSFS/$modname/enabled"
|
|
Packit |
c71e3f |
[[ -e "$enabled" ]] || die "patch module $1 is not loaded"
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
if [[ "$(cat "$enabled")" -eq 1 ]]; then
|
|
Packit |
c71e3f |
echo "disabling patch module: $modname"
|
|
Packit |
c71e3f |
local i=0
|
|
Packit |
c71e3f |
while true; do
|
|
Packit |
c71e3f |
out="$(export LC_ALL=C; sh -c "echo 0 > $enabled" 2>&1)"
|
|
Packit |
c71e3f |
[[ -z "$out" ]] && break
|
|
Packit |
c71e3f |
echo "$out" 1>&2
|
|
Packit |
c71e3f |
if [[ ! "$out" =~ "Device or resource busy" ]]; then
|
|
Packit |
c71e3f |
die "failed to disable module $modname"
|
|
Packit |
c71e3f |
fi
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
# "Device or resource busy" means the activeness safety check
|
|
Packit |
c71e3f |
# failed. Retry in a few seconds.
|
|
Packit |
c71e3f |
i=$((i+1))
|
|
Packit |
c71e3f |
if [[ $i -eq $MAX_LOAD_ATTEMPTS ]]; then
|
|
Packit |
c71e3f |
die "failed to disable module $modname"
|
|
Packit |
c71e3f |
else
|
|
Packit |
c71e3f |
warn "retrying..."
|
|
Packit |
c71e3f |
sleep $RETRY_INTERVAL
|
|
Packit |
c71e3f |
fi
|
|
Packit |
c71e3f |
done
|
|
Packit |
c71e3f |
fi
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
if ! wait_for_patch_transition "$modname" ; then
|
|
Packit |
c71e3f |
die "transition stalled for $modname"
|
|
Packit |
c71e3f |
fi
|
|
Packit |
c71e3f |
}
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
unload_module () {
|
|
Packit |
c71e3f |
PATCH="${1//-/_}"
|
|
Packit |
c71e3f |
PATCH="${PATCH%.ko}"
|
|
Packit |
c71e3f |
disable_patch "$PATCH"
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
echo "unloading patch module: $PATCH"
|
|
Packit |
c71e3f |
# ignore any error here because rmmod can fail if the module used
|
|
Packit |
c71e3f |
# KPATCH_FORCE_UNSAFE.
|
|
Packit |
c71e3f |
rmmod "$PATCH" 2> /dev/null || return 0
|
|
Packit |
c71e3f |
}
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
get_module_version() {
|
|
Packit |
c71e3f |
MODVER="$(modinfo -F vermagic "$1")" || return 1
|
|
Packit |
c71e3f |
MODVER="${MODVER/ */}"
|
|
Packit |
c71e3f |
}
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
unset MODULE
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
# Initialize the $SYSFS var. This only works if the core module has been
|
|
Packit |
c71e3f |
# loaded. Otherwise, the value of $SYSFS doesn't matter at this point anyway,
|
|
Packit |
c71e3f |
# and we'll have to call this function again after loading it.
|
|
Packit |
c71e3f |
init_sysfs_var
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
[[ "$#" -lt 1 ]] && usage
|
|
Packit |
c71e3f |
case "$1" in
|
|
Packit |
c71e3f |
"load")
|
|
Packit |
c71e3f |
[[ "$#" -ne 2 ]] && usage
|
|
Packit |
c71e3f |
case "$2" in
|
|
Packit |
c71e3f |
"--all")
|
|
Packit |
c71e3f |
for i in "$INSTALLDIR/$(uname -r)"/*.ko; do
|
|
Packit |
c71e3f |
[[ -e "$i" ]] || continue
|
|
Packit |
c71e3f |
load_module "$i" || die "failed to load module $i"
|
|
Packit |
c71e3f |
done
|
|
Packit |
c71e3f |
;;
|
|
Packit |
c71e3f |
*)
|
|
Packit |
c71e3f |
PATCH="$2"
|
|
Packit |
c71e3f |
find_module "$PATCH" || die "can't find $PATCH"
|
|
Packit |
c71e3f |
load_module "$MODULE" || die "failed to load module $PATCH"
|
|
Packit |
c71e3f |
;;
|
|
Packit |
c71e3f |
esac
|
|
Packit |
c71e3f |
;;
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
"unload")
|
|
Packit |
c71e3f |
[[ "$#" -ne 2 ]] && usage
|
|
Packit |
c71e3f |
case "$2" in
|
|
Packit |
c71e3f |
"--all")
|
|
Packit |
c71e3f |
for module in "$SYSFS"/*; do
|
|
Packit |
c71e3f |
[[ -e "$module" ]] || continue
|
|
Packit |
c71e3f |
unload_module "$(basename "$module")" || die "failed to unload module $module"
|
|
Packit |
c71e3f |
done
|
|
Packit |
c71e3f |
;;
|
|
Packit |
c71e3f |
*)
|
|
Packit |
c71e3f |
unload_module "$(basename "$2")" || die "failed to unload module $2"
|
|
Packit |
c71e3f |
;;
|
|
Packit |
c71e3f |
esac
|
|
Packit |
c71e3f |
;;
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
"install")
|
|
Packit |
c71e3f |
KVER="$(uname -r)"
|
|
Packit |
c71e3f |
shift
|
|
Packit |
c71e3f |
options="$(getopt -o k: -l "kernel-version:" -- "$@")" || die "getopt failed"
|
|
Packit |
c71e3f |
eval set -- "$options"
|
|
Packit |
c71e3f |
while [[ $# -gt 0 ]]; do
|
|
Packit |
c71e3f |
case "$1" in
|
|
Packit |
c71e3f |
-k|--kernel-version)
|
|
Packit |
c71e3f |
KVER="$2"
|
|
Packit |
c71e3f |
shift
|
|
Packit |
c71e3f |
;;
|
|
Packit |
c71e3f |
--)
|
|
Packit |
c71e3f |
[[ -z "$2" ]] && die "no module file specified"
|
|
Packit |
c71e3f |
PATCH="$2"
|
|
Packit |
c71e3f |
;;
|
|
Packit |
c71e3f |
esac
|
|
Packit |
c71e3f |
shift
|
|
Packit |
c71e3f |
done
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
[[ ! -e "$PATCH" ]] && die "$PATCH doesn't exist"
|
|
Packit |
c71e3f |
[[ "${PATCH: -3}" == ".ko" ]] || die "$PATCH isn't a .ko file"
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
get_module_version "$PATCH" || die "modinfo failed"
|
|
Packit |
c71e3f |
[[ "$KVER" != "$MODVER" ]] && die "invalid module version $MODVER for kernel $KVER"
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
[[ -e "$INSTALLDIR/$KVER/$(basename "$PATCH")" ]] && die "$PATCH is already installed"
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
echo "installing $PATCH ($KVER)"
|
|
Packit |
c71e3f |
mkdir -p "$INSTALLDIR/$KVER" || die "failed to create install directory"
|
|
Packit |
c71e3f |
cp -f "$PATCH" "$INSTALLDIR/$KVER" || die "failed to install module $PATCH"
|
|
Packit |
c71e3f |
systemctl enable kpatch.service
|
|
Packit |
c71e3f |
;;
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
"uninstall")
|
|
Packit |
c71e3f |
KVER="$(uname -r)"
|
|
Packit |
c71e3f |
shift
|
|
Packit |
c71e3f |
options="$(getopt -o k: -l "kernel-version:" -- "$@")" || die "getopt failed"
|
|
Packit |
c71e3f |
eval set -- "$options"
|
|
Packit |
c71e3f |
while [[ $# -gt 0 ]]; do
|
|
Packit |
c71e3f |
case "$1" in
|
|
Packit |
c71e3f |
-k|--kernel-version)
|
|
Packit |
c71e3f |
KVER="$2"
|
|
Packit |
c71e3f |
shift
|
|
Packit |
c71e3f |
;;
|
|
Packit |
c71e3f |
--)
|
|
Packit |
c71e3f |
[[ -z "$2" ]] && die "no module file specified"
|
|
Packit |
c71e3f |
PATCH="$2"
|
|
Packit |
c71e3f |
[[ "$PATCH" != "$(basename "$PATCH")" ]] && die "please supply patch module name without path"
|
|
Packit |
c71e3f |
;;
|
|
Packit |
c71e3f |
esac
|
|
Packit |
c71e3f |
shift
|
|
Packit |
c71e3f |
done
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
MODULE="$INSTALLDIR/$KVER/$PATCH"
|
|
Packit |
c71e3f |
if [[ ! -f "$MODULE" ]]; then
|
|
Packit |
c71e3f |
mod_name "$PATCH"
|
|
Packit |
c71e3f |
PATCHNAME="$MODNAME"
|
|
Packit |
c71e3f |
for i in "$INSTALLDIR/$KVER"/*; do
|
|
Packit |
c71e3f |
mod_name "$i"
|
|
Packit |
c71e3f |
if [[ "$MODNAME" == "$PATCHNAME" ]]; then
|
|
Packit |
c71e3f |
MODULE="$i"
|
|
Packit |
c71e3f |
break
|
|
Packit |
c71e3f |
fi
|
|
Packit |
c71e3f |
done
|
|
Packit |
c71e3f |
fi
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
[[ ! -e "$MODULE" ]] && die "$PATCH is not installed for kernel $KVER"
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
echo "uninstalling $PATCH ($KVER)"
|
|
Packit |
c71e3f |
rm -f "$MODULE" || die "failed to uninstall module $PATCH"
|
|
Packit |
c71e3f |
;;
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
"list")
|
|
Packit |
c71e3f |
[[ "$#" -ne 1 ]] && usage
|
|
Packit |
c71e3f |
echo "Loaded patch modules:"
|
|
Packit |
c71e3f |
for module in "$SYSFS"/*; do
|
|
Packit |
c71e3f |
if [[ -e "$module" ]]; then
|
|
Packit |
c71e3f |
modname=$(basename "$module")
|
|
Packit |
c71e3f |
if [[ "$(cat "$module/enabled" 2>/dev/null)" -eq 1 ]]; then
|
|
Packit |
c71e3f |
in_transition "$modname" && state="enabling..." \
|
|
Packit |
c71e3f |
|| state="enabled"
|
|
Packit |
c71e3f |
else
|
|
Packit |
c71e3f |
in_transition "$modname" && state="disabling..." \
|
|
Packit |
c71e3f |
|| state="disabled"
|
|
Packit |
c71e3f |
fi
|
|
Packit |
c71e3f |
echo "$modname [$state]"
|
|
Packit |
c71e3f |
fi
|
|
Packit |
c71e3f |
done
|
|
Packit |
c71e3f |
show_stalled_processes
|
|
Packit |
c71e3f |
echo ""
|
|
Packit |
c71e3f |
echo "Installed patch modules:"
|
|
Packit |
c71e3f |
for kdir in "$INSTALLDIR"/*; do
|
|
Packit |
c71e3f |
[[ -e "$kdir" ]] || continue
|
|
Packit |
c71e3f |
for module in "$kdir"/*.ko; do
|
|
Packit |
c71e3f |
[[ -e "$module" ]] || continue
|
|
Packit |
c71e3f |
mod_name "$module"
|
|
Packit |
c71e3f |
echo "$MODNAME ($(basename "$kdir"))"
|
|
Packit |
c71e3f |
done
|
|
Packit |
c71e3f |
done
|
|
Packit |
c71e3f |
;;
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
"info")
|
|
Packit |
c71e3f |
[[ "$#" -ne 2 ]] && usage
|
|
Packit |
c71e3f |
PATCH="$2"
|
|
Packit |
c71e3f |
find_module "$PATCH" || die "can't find $PATCH"
|
|
Packit |
c71e3f |
echo "Patch information for $PATCH:"
|
|
Packit |
c71e3f |
modinfo "$MODULE" || die "failed to get info for module $PATCH"
|
|
Packit |
c71e3f |
;;
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
"signal")
|
|
Packit |
c71e3f |
[[ "$#" -ne 1 ]] && usage
|
|
Packit |
c71e3f |
signal_stalled_processes
|
|
Packit |
c71e3f |
;;
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
"help"|"-h"|"--help")
|
|
Packit |
c71e3f |
usage
|
|
Packit |
c71e3f |
;;
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
"version"|"-v"|"--version")
|
|
Packit |
c71e3f |
echo "$VERSION"
|
|
Packit |
c71e3f |
;;
|
|
Packit |
c71e3f |
|
|
Packit |
c71e3f |
*)
|
|
Packit |
c71e3f |
echo "subcommand $1 not recognized"
|
|
Packit |
c71e3f |
usage
|
|
Packit |
c71e3f |
;;
|
|
Packit |
c71e3f |
esac
|