scripts/livepatch/klp-build at master

tjh.dev / kernel
fork atom
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / scripts / livepatch / klp-build
at master 835 lines 18 kB view raw
wrap content
  1#!/bin/bash
  2# SPDX-License-Identifier: GPL-2.0
  3#
  4# Build a livepatch module
  5
  6# shellcheck disable=SC1090,SC2155
  7
  8if (( BASH_VERSINFO[0]  < 4 || \
  9     (BASH_VERSINFO[0] == 4 && BASH_VERSINFO[1] < 4) )); then
 10		echo "error: this script requires bash 4.4+" >&2
 11	exit 1
 12fi
 13
 14set -o errexit
 15set -o errtrace
 16set -o pipefail
 17set -o nounset
 18
 19# Allow doing 'cmd | mapfile -t array' instead of 'mapfile -t array < <(cmd)'.
 20# This helps keep execution in pipes so pipefail+errexit can catch errors.
 21shopt -s lastpipe
 22
 23unset DEBUG_CLONE DIFF_CHECKSUM SKIP_CLEANUP XTRACE
 24
 25REPLACE=1
 26SHORT_CIRCUIT=0
 27JOBS="$(getconf _NPROCESSORS_ONLN)"
 28VERBOSE="-s"
 29shopt -o xtrace | grep -q 'on' && XTRACE=1
 30
 31# Avoid removing the previous $TMP_DIR until args have been fully processed.
 32KEEP_TMP=1
 33
 34SCRIPT="$(basename "$0")"
 35SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 36FIX_PATCH_LINES="$SCRIPT_DIR/fix-patch-lines"
 37
 38SRC="$(pwd)"
 39OBJ="$(pwd)"
 40
 41CONFIG="$OBJ/.config"
 42TMP_DIR="$OBJ/klp-tmp"
 43
 44ORIG_DIR="$TMP_DIR/orig"
 45PATCHED_DIR="$TMP_DIR/patched"
 46DIFF_DIR="$TMP_DIR/diff"
 47KMOD_DIR="$TMP_DIR/kmod"
 48
 49STASH_DIR="$TMP_DIR/stash"
 50TIMESTAMP="$TMP_DIR/timestamp"
 51PATCH_TMP_DIR="$TMP_DIR/tmp"
 52
 53KLP_DIFF_LOG="$DIFF_DIR/diff.log"
 54
 55grep0() {
 56	command grep "$@" || true
 57}
 58
 59status() {
 60	echo "$*"
 61}
 62
 63warn() {
 64	echo "error: $SCRIPT: $*" >&2
 65}
 66
 67die() {
 68	warn "$@"
 69	exit 1
 70}
 71
 72declare -a STASHED_FILES
 73
 74stash_file() {
 75	local file="$1"
 76	local rel_file="${file#"$SRC"/}"
 77
 78	[[ ! -e "$file" ]] && die "no file to stash: $file"
 79
 80	mkdir -p "$STASH_DIR/$(dirname "$rel_file")"
 81	cp -f "$file" "$STASH_DIR/$rel_file"
 82
 83	STASHED_FILES+=("$rel_file")
 84}
 85
 86restore_files() {
 87	local file
 88
 89	for file in "${STASHED_FILES[@]}"; do
 90		mv -f "$STASH_DIR/$file" "$SRC/$file" || warn "can't restore file: $file"
 91	done
 92
 93	STASHED_FILES=()
 94}
 95
 96cleanup() {
 97	set +o nounset
 98	revert_patches "--recount"
 99	restore_files
100	[[ "$KEEP_TMP" -eq 0 ]] && rm -rf "$TMP_DIR"
101	return 0
102}
103
104trap_err() {
105	warn "line ${BASH_LINENO[0]}: '$BASH_COMMAND'"
106}
107
108trap cleanup  EXIT INT TERM HUP
109trap trap_err ERR
110
111__usage() {
112	cat <<EOF
113Usage: $SCRIPT [OPTIONS] PATCH_FILE(s)
114Generate a livepatch module.
115
116Options:
117   -f, --show-first-changed	Show address of first changed instruction
118   -j, --jobs=<jobs>		Build jobs to run simultaneously [default: $JOBS]
119   -o, --output=<file.ko>	Output file [default: livepatch-<patch-name>.ko]
120       --no-replace		Disable livepatch atomic replace
121   -v, --verbose		Pass V=1 to kernel/module builds
122
123Advanced Options:
124   -d, --debug			Show symbol/reloc cloning decisions
125   -S, --short-circuit=STEP	Start at build step (requires prior --keep-tmp)
126				   1|orig	Build original kernel (default)
127				   2|patched	Build patched kernel
128				   3|diff	Diff objects
129				   4|kmod	Build patch module
130   -T, --keep-tmp		Preserve tmp dir on exit
131
132EOF
133}
134
135usage() {
136	__usage >&2
137}
138
139process_args() {
140	local keep_tmp=0
141	local short
142	local long
143	local args
144
145	short="hfj:o:vdS:T"
146	long="help,show-first-changed,jobs:,output:,no-replace,verbose,debug,short-circuit:,keep-tmp"
147
148	args=$(getopt --options "$short" --longoptions "$long" -- "$@") || {
149		echo; usage; exit
150	}
151	eval set -- "$args"
152
153	while true; do
154		case "$1" in
155			-h | --help)
156				usage
157				exit 0
158				;;
159			-f | --show-first-changed)
160				DIFF_CHECKSUM=1
161				shift
162				;;
163			-j | --jobs)
164				JOBS="$2"
165				shift 2
166				;;
167			-o | --output)
168				[[ "$2" != *.ko ]] && die "output filename should end with .ko"
169				OUTFILE="$2"
170				NAME="$(basename "$OUTFILE")"
171				NAME="${NAME%.ko}"
172				NAME="$(module_name_string "$NAME")"
173				shift 2
174				;;
175			--no-replace)
176				REPLACE=0
177				shift
178				;;
179			-v | --verbose)
180				VERBOSE="V=1"
181				shift
182				;;
183			-d | --debug)
184				DEBUG_CLONE=1
185				keep_tmp=1
186				shift
187				;;
188			-S | --short-circuit)
189				[[ ! -d "$TMP_DIR" ]] && die "--short-circuit requires preserved klp-tmp dir"
190				keep_tmp=1
191				case "$2" in
192					1 | orig)	SHORT_CIRCUIT=1; ;;
193					2 | patched)	SHORT_CIRCUIT=2; ;;
194					3 | diff)	SHORT_CIRCUIT=3; ;;
195					4 | mod)	SHORT_CIRCUIT=4; ;;
196					*)		die "invalid short-circuit step '$2'" ;;
197				esac
198				shift 2
199				;;
200			-T | --keep-tmp)
201				keep_tmp=1
202				shift
203				;;
204			--)
205				shift
206				break
207				;;
208			*)
209				usage
210				exit 1
211				;;
212		esac
213	done
214
215	if [[ $# -eq 0 ]]; then
216		usage
217		exit 1
218	fi
219
220	KEEP_TMP="$keep_tmp"
221	PATCHES=("$@")
222}
223
224# temporarily disable xtrace for especially verbose code
225xtrace_save() {
226	[[ -v XTRACE ]] && set +x
227	return 0
228}
229
230xtrace_restore() {
231	[[ -v XTRACE ]] && set -x
232	return 0
233}
234
235validate_config() {
236	xtrace_save "reading .config"
237	source "$CONFIG" || die "no .config file in $(dirname "$CONFIG")"
238	xtrace_restore
239
240	[[ -v CONFIG_LIVEPATCH ]] ||			\
241		die "CONFIG_LIVEPATCH not enabled"
242
243	[[ -v CONFIG_KLP_BUILD ]] ||			\
244		die "CONFIG_KLP_BUILD not enabled"
245
246	[[ -v CONFIG_GCC_PLUGIN_LATENT_ENTROPY ]] &&	\
247		die "kernel option 'CONFIG_GCC_PLUGIN_LATENT_ENTROPY' not supported"
248
249	[[ -v CONFIG_GCC_PLUGIN_RANDSTRUCT ]] &&	\
250		die "kernel option 'CONFIG_GCC_PLUGIN_RANDSTRUCT' not supported"
251
252	[[ -v CONFIG_AS_IS_LLVM ]] &&				\
253		[[ "$CONFIG_AS_VERSION" -lt 200000 ]] &&	\
254		die "Clang assembler version < 20 not supported"
255
256	return 0
257}
258
259# Only allow alphanumerics and '_' and '-' in the module name.  Everything else
260# is replaced with '-'.  Also truncate to 55 chars so the full name + NUL
261# terminator fits in the kernel's 56-byte module name array.
262module_name_string() {
263	echo "${1//[^a-zA-Z0-9_-]/-}" | cut -c 1-55
264}
265
266# If the module name wasn't specified on the cmdline with --output, give it a
267# name based on the patch name.
268set_module_name() {
269	[[ -v NAME ]] && return 0
270
271	if [[ "${#PATCHES[@]}" -eq 1 ]]; then
272		NAME="$(basename "${PATCHES[0]}")"
273		NAME="${NAME%.*}"
274	else
275		NAME="patch"
276	fi
277
278	NAME="livepatch-$NAME"
279	NAME="$(module_name_string "$NAME")"
280
281	OUTFILE="$NAME.ko"
282}
283
284# Hardcode the value printed by the localversion script to prevent patch
285# application from appending it with '+' due to a dirty git working tree.
286set_kernelversion() {
287	local file="$SRC/scripts/setlocalversion"
288	local localversion
289
290	stash_file "$file"
291
292	localversion="$(cd "$SRC" && make --no-print-directory kernelversion)"
293	localversion="$(cd "$SRC" && KERNELVERSION="$localversion" ./scripts/setlocalversion)"
294	[[ -z "$localversion" ]] && die "setlocalversion failed"
295
296	sed -i "2i echo $localversion; exit 0" scripts/setlocalversion
297}
298
299get_patch_files() {
300	local patch="$1"
301
302	grep0 -E '^(--- |\+\+\+ )' "$patch"			\
303		| gawk '{print $2}'				\
304		| sed 's|^[^/]*/||'				\
305		| sort -u
306}
307
308# Make sure git re-stats the changed files
309git_refresh() {
310	local patch="$1"
311	local files=()
312
313	[[ ! -e "$SRC/.git" ]] && return
314
315	get_patch_files "$patch" | mapfile -t files
316
317	(
318		cd "$SRC"
319		git update-index -q --refresh -- "${files[@]}"
320	)
321}
322
323check_unsupported_patches() {
324	local patch
325
326	for patch in "${PATCHES[@]}"; do
327		local files=()
328
329		get_patch_files "$patch" | mapfile -t files
330
331		for file in "${files[@]}"; do
332			case "$file" in
333				lib/*|*.S)
334					die "unsupported patch to $file"
335					;;
336			esac
337		done
338	done
339}
340
341apply_patch() {
342	local patch="$1"
343	shift
344	local extra_args=("$@")
345
346	[[ ! -f "$patch" ]] && die "$patch doesn't exist"
347
348	(
349		cd "$SRC"
350
351		# The sed strips the version signature from 'git format-patch',
352		# otherwise 'git apply --recount' warns.
353		sed -n '/^-- /q;p' "$patch" |
354			git apply "${extra_args[@]}"
355	)
356
357	APPLIED_PATCHES+=("$patch")
358}
359
360revert_patch() {
361	local patch="$1"
362	shift
363	local extra_args=("$@")
364	local tmp=()
365
366	(
367		cd "$SRC"
368
369		sed -n '/^-- /q;p' "$patch" |
370			git apply --reverse "${extra_args[@]}"
371	)
372	git_refresh "$patch"
373
374	for p in "${APPLIED_PATCHES[@]}"; do
375		[[ "$p" == "$patch" ]] && continue
376		tmp+=("$p")
377	done
378
379	APPLIED_PATCHES=("${tmp[@]}")
380}
381
382apply_patches() {
383	local patch
384
385	for patch in "${PATCHES[@]}"; do
386		apply_patch "$patch"
387	done
388}
389
390revert_patches() {
391	local extra_args=("$@")
392	local patches=("${APPLIED_PATCHES[@]}")
393
394	for (( i=${#patches[@]}-1 ; i>=0 ; i-- )) ; do
395		revert_patch "${patches[$i]}" "${extra_args[@]}"
396	done
397
398	APPLIED_PATCHES=()
399}
400
401validate_patches() {
402	check_unsupported_patches
403	apply_patches
404	revert_patches
405}
406
407do_init() {
408	# We're not yet smart enough to handle anything other than in-tree
409	# builds in pwd.
410	[[ ! "$SRC" -ef "$SCRIPT_DIR/../.." ]] && die "please run from the kernel root directory"
411	[[ ! "$OBJ" -ef "$SCRIPT_DIR/../.." ]] && die "please run from the kernel root directory"
412
413	(( SHORT_CIRCUIT <= 1 )) && rm -rf "$TMP_DIR"
414	mkdir -p "$TMP_DIR"
415
416	APPLIED_PATCHES=()
417
418	[[ -x "$FIX_PATCH_LINES" ]] || die "can't find fix-patch-lines"
419
420	validate_config
421	set_module_name
422	set_kernelversion
423}
424
425# Refresh the patch hunk headers, specifically the line numbers and counts.
426refresh_patch() {
427	local patch="$1"
428	local tmpdir="$PATCH_TMP_DIR"
429	local files=()
430
431	rm -rf "$tmpdir"
432	mkdir -p "$tmpdir/a"
433	mkdir -p "$tmpdir/b"
434
435	# Get all source files affected by the patch
436	get_patch_files "$patch" | mapfile -t files
437
438	# Copy orig source files to 'a'
439	( cd "$SRC" && echo "${files[@]}" | xargs cp --parents --target-directory="$tmpdir/a" )
440
441	# Copy patched source files to 'b'
442	apply_patch "$patch" --recount
443	( cd "$SRC" && echo "${files[@]}" | xargs cp --parents --target-directory="$tmpdir/b" )
444	revert_patch "$patch" --recount
445
446	# Diff 'a' and 'b' to make a clean patch
447	( cd "$tmpdir" && git diff --no-index --no-prefix a b > "$patch" ) || true
448}
449
450# Copy the patches to a temporary directory, fix their lines so as not to
451# affect the __LINE__ macro for otherwise unchanged functions further down the
452# file, and update $PATCHES to point to the fixed patches.
453fix_patches() {
454	local idx
455	local i
456
457	rm -f "$TMP_DIR"/*.patch
458
459	idx=0001
460	for i in "${!PATCHES[@]}"; do
461		local old_patch="${PATCHES[$i]}"
462		local tmp_patch="$TMP_DIR/tmp.patch"
463		local patch="${PATCHES[$i]}"
464		local new_patch
465
466		new_patch="$TMP_DIR/$idx-fixed-$(basename "$patch")"
467
468		cp -f "$old_patch" "$tmp_patch"
469		refresh_patch "$tmp_patch"
470		"$FIX_PATCH_LINES" "$tmp_patch" > "$new_patch"
471		refresh_patch "$new_patch"
472
473		PATCHES[i]="$new_patch"
474
475		rm -f "$tmp_patch"
476		idx=$(printf "%04d" $(( 10#$idx + 1 )))
477	done
478}
479
480clean_kernel() {
481	local cmd=()
482
483	cmd=("make")
484	cmd+=("--silent")
485	cmd+=("-j$JOBS")
486	cmd+=("clean")
487
488	(
489		cd "$SRC"
490		"${cmd[@]}"
491	)
492}
493
494build_kernel() {
495	local log="$TMP_DIR/build.log"
496	local objtool_args=()
497	local cmd=()
498
499	objtool_args=("--checksum")
500
501	cmd=("make")
502
503	# When a patch to a kernel module references a newly created unexported
504	# symbol which lives in vmlinux or another kernel module, the patched
505	# kernel build fails with the following error:
506	#
507	#   ERROR: modpost: "klp_string" [fs/xfs/xfs.ko] undefined!
508	#
509	# The undefined symbols are working as designed in that case.  They get
510	# resolved later when the livepatch module build link pulls all the
511	# disparate objects together into the same kernel module.
512	#
513	# It would be good to have a way to tell modpost to skip checking for
514	# undefined symbols altogether.  For now, just convert the error to a
515	# warning with KBUILD_MODPOST_WARN, and grep out the warning to avoid
516	# confusing the user.
517	#
518	cmd+=("KBUILD_MODPOST_WARN=1")
519
520	cmd+=("$VERBOSE")
521	cmd+=("-j$JOBS")
522	cmd+=("KCFLAGS=-ffunction-sections -fdata-sections")
523	cmd+=("OBJTOOL_ARGS=${objtool_args[*]}")
524	cmd+=("vmlinux")
525	cmd+=("modules")
526
527	(
528		cd "$SRC"
529		"${cmd[@]}"							\
530			1> >(tee -a "$log")					\
531			2> >(tee -a "$log" | grep0 -v "modpost.*undefined!" >&2)
532	)
533}
534
535find_objects() {
536	local opts=("$@")
537
538	# Find root-level vmlinux.o and non-root-level .ko files,
539	# excluding klp-tmp/ and .git/
540	find "$OBJ" \( -path "$TMP_DIR" -o -path "$OBJ/.git" -o	-regex "$OBJ/[^/][^/]*\.ko" \) -prune -o \
541		    -type f "${opts[@]}"				\
542		    \( -name "*.ko" -o -path "$OBJ/vmlinux.o" \)	\
543		    -printf '%P\n'
544}
545
546# Copy all .o archives to $ORIG_DIR
547copy_orig_objects() {
548	local files=()
549
550	rm -rf "$ORIG_DIR"
551	mkdir -p "$ORIG_DIR"
552
553	find_objects | mapfile -t files
554
555	xtrace_save "copying orig objects"
556	for _file in "${files[@]}"; do
557		local rel_file="${_file/.ko/.o}"
558		local file="$OBJ/$rel_file"
559		local file_dir="$(dirname "$file")"
560		local orig_file="$ORIG_DIR/$rel_file"
561		local orig_dir="$(dirname "$orig_file")"
562
563		[[ ! -f "$file" ]] && die "missing $(basename "$file") for $_file"
564
565		mkdir -p "$orig_dir"
566		cp -f "$file" "$orig_dir"
567	done
568	xtrace_restore
569
570	mv -f "$TMP_DIR/build.log" "$ORIG_DIR"
571	touch "$TIMESTAMP"
572}
573
574# Copy all changed objects to $PATCHED_DIR
575copy_patched_objects() {
576	local files=()
577	local opts=()
578	local found=0
579
580	rm -rf "$PATCHED_DIR"
581	mkdir -p "$PATCHED_DIR"
582
583	# Note this doesn't work with some configs, thus the 'cmp' below.
584	opts=("-newer")
585	opts+=("$TIMESTAMP")
586
587	find_objects "${opts[@]}" | mapfile -t files
588
589	xtrace_save "copying changed objects"
590	for _file in "${files[@]}"; do
591		local rel_file="${_file/.ko/.o}"
592		local file="$OBJ/$rel_file"
593		local orig_file="$ORIG_DIR/$rel_file"
594		local patched_file="$PATCHED_DIR/$rel_file"
595		local patched_dir="$(dirname "$patched_file")"
596
597		[[ ! -f "$file" ]] && die "missing $(basename "$file") for $_file"
598
599		cmp -s "$orig_file" "$file" && continue
600
601		mkdir -p "$patched_dir"
602		cp -f "$file" "$patched_dir"
603		found=1
604	done
605	xtrace_restore
606
607	(( found == 0 )) && die "no changes detected"
608
609	mv -f "$TMP_DIR/build.log" "$PATCHED_DIR"
610}
611
612# Diff changed objects, writing output object to $DIFF_DIR
613diff_objects() {
614	local log="$KLP_DIFF_LOG"
615	local files=()
616	local opts=()
617
618	rm -rf "$DIFF_DIR"
619	mkdir -p "$DIFF_DIR"
620
621	find "$PATCHED_DIR" -type f -name "*.o" | mapfile -t files
622	[[ ${#files[@]} -eq 0 ]] && die "no changes detected"
623
624	[[ -v DEBUG_CLONE ]] && opts=("--debug")
625
626	# Diff all changed objects
627	for file in "${files[@]}"; do
628		local rel_file="${file#"$PATCHED_DIR"/}"
629		local orig_file="$rel_file"
630		local patched_file="$PATCHED_DIR/$rel_file"
631		local out_file="$DIFF_DIR/$rel_file"
632		local filter=()
633		local cmd=()
634
635		mkdir -p "$(dirname "$out_file")"
636
637		cmd=("$SRC/tools/objtool/objtool")
638		cmd+=("klp")
639		cmd+=("diff")
640		(( ${#opts[@]} > 0 )) && cmd+=("${opts[@]}")
641		cmd+=("$orig_file")
642		cmd+=("$patched_file")
643		cmd+=("$out_file")
644
645		if [[ -v DIFF_CHECKSUM ]]; then
646			filter=("grep0")
647			filter+=("-Ev")
648			filter+=("DEBUG: .*checksum: ")
649		else
650			filter=("cat")
651		fi
652
653		(
654			cd "$ORIG_DIR"
655			"${cmd[@]}"							\
656				1> >(tee -a "$log")					\
657				2> >(tee -a "$log" | "${filter[@]}" >&2) ||		\
658				die "objtool klp diff failed"
659		)
660	done
661}
662
663# For each changed object, run objtool with --debug-checksum to get the
664# per-instruction checksums, and then diff those to find the first changed
665# instruction for each function.
666diff_checksums() {
667	local orig_log="$ORIG_DIR/checksum.log"
668	local patched_log="$PATCHED_DIR/checksum.log"
669	local -A funcs
670	local cmd=()
671	local line
672	local file
673	local func
674
675	gawk '/\.o: changed function: / {
676		sub(/:$/, "", $1)
677		print $1, $NF
678	}' "$KLP_DIFF_LOG" | mapfile -t lines
679
680	for line in "${lines[@]}"; do
681		read -r file func <<< "$line"
682		if [[ ! -v funcs["$file"] ]]; then
683			funcs["$file"]="$func"
684		else
685			funcs["$file"]+=" $func"
686		fi
687	done
688
689	cmd=("$SRC/tools/objtool/objtool")
690	cmd+=("--checksum")
691	cmd+=("--link")
692	cmd+=("--dry-run")
693
694	for file in "${!funcs[@]}"; do
695		local opt="--debug-checksum=${funcs[$file]// /,}"
696
697		(
698			cd "$ORIG_DIR"
699			"${cmd[@]}" "$opt" "$file" &> "$orig_log" || \
700				( cat "$orig_log" >&2; die "objtool --debug-checksum failed" )
701
702			cd "$PATCHED_DIR"
703			"${cmd[@]}" "$opt" "$file" &> "$patched_log" ||	\
704				( cat "$patched_log" >&2; die "objtool --debug-checksum failed" )
705		)
706
707		for func in ${funcs[$file]}; do
708			diff <( grep0 -E "^DEBUG: .*checksum: $func " "$orig_log"    | sed "s|$ORIG_DIR/||")	\
709			     <( grep0 -E "^DEBUG: .*checksum: $func " "$patched_log" | sed "s|$PATCHED_DIR/||")	\
710				| gawk '/^< DEBUG: / {
711					gsub(/:/, "")
712					printf "%s: %s: %s\n", $3, $5, $6
713					exit
714			}' || true
715		done
716	done
717}
718
719# Build and post-process livepatch module in $KMOD_DIR
720build_patch_module() {
721	local makefile="$KMOD_DIR/Kbuild"
722	local log="$KMOD_DIR/build.log"
723	local kmod_file
724	local cflags=()
725	local files=()
726	local cmd=()
727
728	rm -rf "$KMOD_DIR"
729	mkdir -p "$KMOD_DIR"
730
731	cp -f "$SRC/scripts/livepatch/init.c" "$KMOD_DIR"
732
733	echo "obj-m := $NAME.o" > "$makefile"
734	echo -n "$NAME-y := init.o" >> "$makefile"
735
736	find "$DIFF_DIR" -type f -name "*.o" | mapfile -t files
737	[[ ${#files[@]} -eq 0 ]] && die "no changes detected"
738
739	for file in "${files[@]}"; do
740		local rel_file="${file#"$DIFF_DIR"/}"
741		local orig_file="$ORIG_DIR/$rel_file"
742		local orig_dir="$(dirname "$orig_file")"
743		local kmod_file="$KMOD_DIR/$rel_file"
744		local kmod_dir="$(dirname "$kmod_file")"
745		local cmd_file="$kmod_dir/.$(basename "$file").cmd"
746
747		mkdir -p "$kmod_dir"
748		cp -f "$file" "$kmod_dir"
749
750		# Tell kbuild this is a prebuilt object
751		cp -f "$file" "${kmod_file}_shipped"
752
753		# Make modpost happy
754		touch "$cmd_file"
755
756		echo -n " $rel_file" >> "$makefile"
757	done
758
759	echo >> "$makefile"
760
761	cflags=("-ffunction-sections")
762	cflags+=("-fdata-sections")
763	[[ $REPLACE -eq 0 ]] && cflags+=("-DKLP_NO_REPLACE")
764
765	cmd=("make")
766	cmd+=("$VERBOSE")
767	cmd+=("-j$JOBS")
768	cmd+=("--directory=.")
769	cmd+=("M=$KMOD_DIR")
770	cmd+=("KCFLAGS=${cflags[*]}")
771
772	# Build a "normal" kernel module with init.c and the diffed objects
773	(
774		cd "$SRC"
775		"${cmd[@]}"							\
776			1> >(tee -a "$log")					\
777			2> >(tee -a "$log" >&2)
778	)
779
780	kmod_file="$KMOD_DIR/$NAME.ko"
781
782	# Save off the intermediate binary for debugging
783	cp -f "$kmod_file" "$kmod_file.orig"
784
785	# Work around issue where slight .config change makes corrupt BTF
786	objcopy --remove-section=.BTF "$kmod_file"
787
788	# Fix (and work around) linker wreckage for klp syms / relocs
789	"$SRC/tools/objtool/objtool" klp post-link "$kmod_file" || die "objtool klp post-link failed"
790
791	cp -f "$kmod_file" "$OUTFILE"
792}
793
794
795################################################################################
796
797process_args "$@"
798do_init
799
800if (( SHORT_CIRCUIT <= 1 )); then
801	status "Validating patch(es)"
802	validate_patches
803	status "Building original kernel"
804	clean_kernel
805	build_kernel
806	status "Copying original object files"
807	copy_orig_objects
808fi
809
810if (( SHORT_CIRCUIT <= 2 )); then
811	status "Fixing patch(es)"
812	fix_patches
813	apply_patches
814	status "Building patched kernel"
815	build_kernel
816	revert_patches
817	status "Copying patched object files"
818	copy_patched_objects
819fi
820
821if (( SHORT_CIRCUIT <= 3 )); then
822	status "Diffing objects"
823	diff_objects
824	if [[ -v DIFF_CHECKSUM ]]; then
825		status "Finding first changed instructions"
826		diff_checksums
827	fi
828fi
829
830if (( SHORT_CIRCUIT <= 4 )); then
831	status "Building patch module: $OUTFILE"
832	build_patch_module
833fi
834
835status "SUCCESS"