On 03/27/2018 12:17 PM, Ajey Kulkarni wrote: > Hi there, > > I’m trying to build a kernel live patch for Linux kernel 4.4.27 version > within a docker. > > I did use the following link to install necessary dependencies. > > https://github.com/dynup/kpatch > > Since we are building inside docker against an older kernel, my > understanding is > > Kpatch-build will try to build older format of live patch using > create-kpatch-module. > > I do see both original .o and patched .o in the relevant directories > inside docker. > > But create-kpatch-module is not being called and I'm getting an error > indicating "Makefile target missing". > > Upon further inspection (with -d oputput and from the script itself) > > + /usr/local/libexec/kpatch/create-kpatch-module > /home/xyz/.kpatch/tmp/patch/tmp_output.o > /home/xyz/.kpatch/tmp/patch/output.o > > + local to_stdout=1 > + [[ 1 -ge 2 ]] > + [[ 1 -eq 1 ]] > + tee -a /home/racker/.kpatch/build.log
If you invoke kpatch-build with --skip-cleanup, is there any interesting information provided in this ~/.kpatch/build.log file? Sometimes a backtrace is dumped into /var/log/messages as well. > + check_pipe_status create-kpatch-module > + rc=0 > + [[ 0 = 139 ]] > + cd /home/xyz/.kpatch/tmp/patch > + logger > + KPATCH_BUILD=/source/linux > + KPATCH_NAME=kpatch-4-4-0-2-modules-0-3-2-3-x86_64 > + KBUILD_EXTRA_SYMBOLS=/usr/lib/modules/4.4.0+2/extra/kpatch/Module.symvers > + KPATCH_LDFLAGS= > + make > > This is where it’s failing. The script comparison is with “139” which is > SIGSEGV. I don’t see any core files either in the working directory. You may have to adjust ulimits to get a core file. I don't know how the container was setup, but maybe [1] helps? [1] https://dev.to/mizutani/how-to-get-core-file-of-segmentation-fault-process-in-docker-22ii > Questions are > > 1. Is building live patches for older version using docker a good idea? If upstream kernels do not fully support livepatch, then kpatch-build should build a helper kpatch.ko module that provides patching functionality. Building a kpatch against a 4.4 kernel should work, so there is probably a bug here. > 2. Is building live patch on actual VM instead of docker recommended? I don't think it should really matter. The build tool might get confused if the result of the uname command isn't something that lines up with the container directory structure (ie, a Debian kernel running a container with Red Hat). > 3. Is the Makefile target missing error, known bug? I would like to > open a bug Since the pipe status is set to non-zero, I'm predicting some kind of bug in create-kpatch-module. Can you open a github issue and provide: - host kernel version - container OS - container gcc version - the kpatch-build line - attach the input patch file - re-run kpatch-build with --skip-clean and attach the last ~100 lines or so of ~/.kpatch/build.log - if you update ulimits, any backtrace from a core file would always be helpful, too Thanks! -- Joe _______________________________________________ kpatch mailing list [email protected] https://www.redhat.com/mailman/listinfo/kpatch
