From 25fa864270efe3ff5699a1bf9ebdf599e96362a5 Mon Sep 17 00:00:00 2001 From: Bruce Ashfield Date: Tue, 22 Dec 2020 09:28:26 -0500 Subject: systemtap: fix on target build for 4.4 and 5.10+ The following systemtap commit: commit 7615cae790c899bc8a82841c75c8ea9c6fa54df3 Author: Frank Ch. Eigler Date: Mon Nov 9 19:18:19 2020 -0500 PR26665: relayfs-on-procfs megapatch Changes the way that capabilities are checked when compiling a systemtap probe. In our cross-build -> on target workflow, this results in a mismatch between the systemtap configuration capabilities and the kernel configuration. The result is a compilation failure since the security components are protected by two different #ifdef's, and they can be out of sync. By protecting the include and callsite with the same #ifdef, we ensure they are in sync and fix our on target problem. While this fix is oe-specific, a variant will be proposed upstream once a deeper analsysis of other options has been completed. Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie --- ...rotect-include-and-callsite-with-same-con.patch | 44 ++++++++++++++++++++++ meta/recipes-kernel/systemtap/systemtap_git.inc | 1 + 2 files changed, 45 insertions(+) create mode 100644 meta/recipes-kernel/systemtap/systemtap/0001-transport-protect-include-and-callsite-with-same-con.patch (limited to 'meta/recipes-kernel') diff --git a/meta/recipes-kernel/systemtap/systemtap/0001-transport-protect-include-and-callsite-with-same-con.patch b/meta/recipes-kernel/systemtap/systemtap/0001-transport-protect-include-and-callsite-with-same-con.patch new file mode 100644 index 0000000000..efc79f6c0f --- /dev/null +++ b/meta/recipes-kernel/systemtap/systemtap/0001-transport-protect-include-and-callsite-with-same-con.patch @@ -0,0 +1,44 @@ +From cbf27cd54071f788231e69d96dbaad563f1010d4 Mon Sep 17 00:00:00 2001 +From: Bruce Ashfield +Date: Fri, 18 Dec 2020 13:15:08 -0500 +Subject: [PATCH] transport: protect include and callsite with same conditional + +transport.c has the following code block: + + if (!debugfs_p && security_locked_down (LOCKDOWN_DEBUGFS)) + +Which is protected by the conditional STAPCONF_LOCKDOWN_DEBUGFS. + +linux/security.h provides the definition of LOCKDOWN_DEBUGFS, and +must be included or we have a compilation issue. + +The include of security.h is protected by #ifdef CONFIG_SECURITY_LOCKDOWN_LSM, +which means that in some configurations we can get out of sync with +the include and the callsite. + +If we protect the include and the callsite with the same #ifdef, we can +be sure that they will be consistent. + +Upstream-status: Inappropriate (kernel-devsrc specific) + +Signed-off-by: Bruce Ashfield +--- + runtime/transport/transport.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/runtime/transport/transport.c b/runtime/transport/transport.c +index bb4a98bd3..88e20ea28 100644 +--- a/runtime/transport/transport.c ++++ b/runtime/transport/transport.c +@@ -21,7 +21,7 @@ + #include + #include + #include +-#ifdef CONFIG_SECURITY_LOCKDOWN_LSM ++#ifdef STAPCONF_LOCKDOWN_DEBUGFS + #include + #endif + #include "../uidgid_compatibility.h" +-- +2.19.1 + diff --git a/meta/recipes-kernel/systemtap/systemtap_git.inc b/meta/recipes-kernel/systemtap/systemtap_git.inc index ae735025b7..016b423847 100644 --- a/meta/recipes-kernel/systemtap/systemtap_git.inc +++ b/meta/recipes-kernel/systemtap/systemtap_git.inc @@ -7,6 +7,7 @@ SRC_URI = "git://sourceware.org/git/systemtap.git \ file://0001-Do-not-let-configure-write-a-python-location-into-th.patch \ file://0001-Install-python-modules-to-correct-library-dir.patch \ file://0001-staprun-stapbpf-don-t-support-installing-a-non-root.patch \ + file://0001-transport-protect-include-and-callsite-with-same-con.patch \ " COMPATIBLE_HOST = '(x86_64|i.86|powerpc|arm|aarch64|microblazeel|mips).*-linux' -- cgit 1.2.3-korg