diff options
| author |   Bruce Ashfield <bruce.ashfield@gmail.com> | 2020-12-22 09:28:26 -0500 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2020-12-24 08:18:54 +0000 |
| commit | 25fa864270efe3ff5699a1bf9ebdf599e96362a5 (patch) | |
| tree | b1f7886a98c47654219d085fca7338447e7f7558 /meta/recipes-kernel/systemtap/systemtap | |
| parent | 5f635423f00e7469e89f6729d973ca447a3ff11b (diff) | |
| download | openembedded-core-contrib-25fa864270efe3ff5699a1bf9ebdf599e96362a5.tar.gz | |
systemtap: fix on target build for 4.4 and 5.10+
The following systemtap commit:
commit 7615cae790c899bc8a82841c75c8ea9c6fa54df3
Author: Frank Ch. Eigler <fche@redhat.com>
Date: Mon Nov 9 19:18:19 2020 -0500
PR26665: relayfs-on-procfs megapatch
Changes the way that capabilities are checked when compiling
a systemtap probe.
In our cross-build -> on target workflow, this results in a
mismatch between the systemtap configuration capabilities and
the kernel configuration.
The result is a compilation failure since the security
components are protected by two different #ifdef's, and they
can be out of sync. By protecting the include and callsite with
the same #ifdef, we ensure they are in sync and fix our
on target problem.
While this fix is oe-specific, a variant will be proposed
upstream once a deeper analsysis of other options has been
completed.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-kernel/systemtap/systemtap')
| -rw-r--r-- | meta/recipes-kernel/systemtap/systemtap/0001-transport-protect-include-and-callsite-with-same-con.patch | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/meta/recipes-kernel/systemtap/systemtap/0001-transport-protect-include-and-callsite-with-same-con.patch b/meta/recipes-kernel/systemtap/systemtap/0001-transport-protect-include-and-callsite-with-same-con.patch new file mode 100644 index 0000000000..efc79f6c0f --- /dev/null +++ b/meta/recipes-kernel/systemtap/systemtap/0001-transport-protect-include-and-callsite-with-same-con.patch @@ -0,0 +1,44 @@ +From cbf27cd54071f788231e69d96dbaad563f1010d4 Mon Sep 17 00:00:00 2001 +From: Bruce Ashfield <bruce.ashfield@gmail.com> +Date: Fri, 18 Dec 2020 13:15:08 -0500 +Subject: [PATCH] transport: protect include and callsite with same conditional + +transport.c has the following code block: + + if (!debugfs_p && security_locked_down (LOCKDOWN_DEBUGFS)) + +Which is protected by the conditional STAPCONF_LOCKDOWN_DEBUGFS. + +linux/security.h provides the definition of LOCKDOWN_DEBUGFS, and +must be included or we have a compilation issue. + +The include of security.h is protected by #ifdef CONFIG_SECURITY_LOCKDOWN_LSM, +which means that in some configurations we can get out of sync with +the include and the callsite. + +If we protect the include and the callsite with the same #ifdef, we can +be sure that they will be consistent. + +Upstream-status: Inappropriate (kernel-devsrc specific) + +Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> +--- + runtime/transport/transport.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/runtime/transport/transport.c b/runtime/transport/transport.c +index bb4a98bd3..88e20ea28 100644 +--- a/runtime/transport/transport.c ++++ b/runtime/transport/transport.c +@@ -21,7 +21,7 @@ + #include <linux/namei.h> + #include <linux/delay.h> + #include <linux/mutex.h> +-#ifdef CONFIG_SECURITY_LOCKDOWN_LSM ++#ifdef STAPCONF_LOCKDOWN_DEBUGFS + #include <linux/security.h> + #endif + #include "../uidgid_compatibility.h" +-- +2.19.1 + |