Merge tag 'objtool-core-2025-12-01' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull objtool updates from Ingo Molnar:

- klp-build livepatch module generation (Josh Poimboeuf)

Int

Merge tag 'objtool-core-2025-12-01' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull objtool updates from Ingo Molnar:

- klp-build livepatch module generation (Josh Poimboeuf)

Introduce new objtool features and a klp-build script to generate
livepatch modules using a source .patch as input.

This builds on concepts from the longstanding out-of-tree kpatch
project which began in 2012 and has been used for many years to
generate livepatch modules for production kernels. However, this is a
complete rewrite which incorporates hard-earned lessons from 12+
years of maintaining kpatch.

Key improvements compared to kpatch-build:

- Integrated with objtool: Leverages objtool's existing control-flow
graph analysis to help detect changed functions.

- Works on vmlinux.o: Supports late-linked objects, making it
compatible with LTO, IBT, and similar.

- Simplified code base: ~3k fewer lines of code.

- Upstream: No more out-of-tree #ifdef hacks, far less cruft.

- Cleaner internals: Vastly simplified logic for
symbol/section/reloc inclusion and special section extraction.

- Robust __LINE__ macro handling: Avoids false positive binary diffs
caused by the __LINE__ macro by introducing a fix-patch-lines
script which injects #line directives into the source .patch to
preserve the original line numbers at compile time.

- Disassemble code with libopcodes instead of running objdump
(Alexandre Chartre)

- Disassemble support (-d option to objtool) by Alexandre Chartre,
which supports the decoding of various Linux kernel code generation
specials such as alternatives:

17ef: sched_balance_find_dst_group+0x62f mov 0x34(%r9),%edx
17f3: sched_balance_find_dst_group+0x633 | <alternative.17f3> | X86_FEATURE_POPCNT
17f3: sched_balance_find_dst_group+0x633 | call 0x17f8 <__sw_hweight64> | popcnt %rdi,%rax
17f8: sched_balance_find_dst_group+0x638 cmp %eax,%edx

... jump table alternatives:

1895: sched_use_asym_prio+0x5 test $0x8,%ch
1898: sched_use_asym_prio+0x8 je 0x18a9 <sched_use_asym_prio+0x19>
189a: sched_use_asym_prio+0xa | <jump_table.189a> | JUMP
189a: sched_use_asym_prio+0xa | jmp 0x18ae <sched_use_asym_prio+0x1e> | nop2
189c: sched_use_asym_prio+0xc mov $0x1,%eax
18a1: sched_use_asym_prio+0x11 and $0x80,%ecx

... exception table alternatives:

native_read_msr:
5b80: native_read_msr+0x0 mov %edi,%ecx
5b82: native_read_msr+0x2 | <ex_table.5b82> | EXCEPTION
5b82: native_read_msr+0x2 | rdmsr | resume at 0x5b84 <native_read_msr+0x4>
5b84: native_read_msr+0x4 shl $0x20,%rdx

.... x86 feature flag decoding (also see the X86_FEATURE_POPCNT
example in sched_balance_find_dst_group() above):

2faaf: start_thread_common.constprop.0+0x1f jne 0x2fba4 <start_thread_common.constprop.0+0x114>
2fab5: start_thread_common.constprop.0+0x25 | <alternative.2fab5> | X86_FEATURE_ALWAYS | X86_BUG_NULL_SEG
2fab5: start_thread_common.constprop.0+0x25 | jmp 0x2faba <.altinstr_aux+0x2f4> | jmp 0x4b0 <start_thread_common.constprop.0+0x3f> | nop5
2faba: start_thread_common.constprop.0+0x2a mov $0x2b,%eax

... NOP sequence shortening:

1048e2: snapshot_write_finalize+0xc2 je 0x104917 <snapshot_write_finalize+0xf7>
1048e4: snapshot_write_finalize+0xc4 nop6
1048ea: snapshot_write_finalize+0xca nop11
1048f5: snapshot_write_finalize+0xd5 nop11
104900: snapshot_write_finalize+0xe0 mov %rax,%rcx
104903: snapshot_write_finalize+0xe3 mov 0x10(%rdx),%rax

... and much more.

- Function validation tracing support (Alexandre Chartre)

- Various -ffunction-sections fixes (Josh Poimboeuf)

- Clang AutoFDO (Automated Feedback-Directed Optimizations) support
(Josh Poimboeuf)

- Misc fixes and cleanups (Borislav Petkov, Chen Ni, Dylan Hatch, Ingo
Molnar, John Wang, Josh Poimboeuf, Pankaj Raghav, Peter Zijlstra,
Thorsten Blum)

* tag 'objtool-core-2025-12-01' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (129 commits)
objtool: Fix segfault on unknown alternatives
objtool: Build with disassembly can fail when including bdf.h
objtool: Trim trailing NOPs in alternative
objtool: Add wide output for disassembly
objtool: Compact output for alternatives with one instruction
objtool: Improve naming of group alternatives
objtool: Add Function to get the name of a CPU feature
objtool: Provide access to feature and flags of group alternatives
objtool: Fix address references in alternatives
objtool: Disassemble jump table alternatives
objtool: Disassemble exception table alternatives
objtool: Print addresses with alternative instructions
objtool: Disassemble group alternatives
objtool: Print headers for alternatives
objtool: Preserve alternatives order
objtool: Add the --disas=<function-pattern> action
objtool: Do not validate IBT for .return_sites and .call_sites
objtool: Improve tracing of alternative instructions
objtool: Add functions to better name alternatives
objtool: Identify the different types of alternatives
...

show more ...

Merge branch 'objtool/core'

Bring in the UDB and objtool data annotations to avoid conflicts while further extending the bug exceptions.

Signed-off-by: Peter Zijlstra <peterz@infradead.org>

objtool/klp: Only enable --checksum when needed

With CONFIG_KLP_BUILD enabled, checksums are only needed during a
klp-build run. There's no need to enable them for normal kernel builds.

This also

objtool/klp: Only enable --checksum when needed

With CONFIG_KLP_BUILD enabled, checksums are only needed during a
klp-build run. There's no need to enable them for normal kernel builds.

This also has the benefit of softening the xxhash dependency.

Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Tested-by: Michael Kelley <mhklinux@outlook.com>
Link: https://patch.msgid.link/edbb1ca215e4926e02edb493b68b9d6d063e902f.1762990139.git.jpoimboe@kernel.org

show more ...

Merge branch 'objtool/core' of https://git.kernel.org/pub/scm/linux/kernel/git/jpoimboe/linux

This series introduces new objtool features and a klp-build script to
generate livepatch modules using a

Merge branch 'objtool/core' of https://git.kernel.org/pub/scm/linux/kernel/git/jpoimboe/linux

This series introduces new objtool features and a klp-build script to
generate livepatch modules using a source .patch as input.

This builds on concepts from the longstanding out-of-tree kpatch [1]
project which began in 2012 and has been used for many years to generate
livepatch modules for production kernels. However, this is a complete
rewrite which incorporates hard-earned lessons from 12+ years of
maintaining kpatch.

Key improvements compared to kpatch-build:

- Integrated with objtool: Leverages objtool's existing control-flow
graph analysis to help detect changed functions.

- Works on vmlinux.o: Supports late-linked objects, making it
compatible with LTO, IBT, and similar.

- Simplified code base: ~3k fewer lines of code.

- Upstream: No more out-of-tree #ifdef hacks, far less cruft.

- Cleaner internals: Vastly simplified logic for symbol/section/reloc
inclusion and special section extraction.

- Robust __LINE__ macro handling: Avoids false positive binary diffs
caused by the __LINE__ macro by introducing a fix-patch-lines script
which injects #line directives into the source .patch to preserve
the original line numbers at compile time.

The primary user interface is the klp-build script which does the
following:

- Builds an original kernel with -function-sections and
-fdata-sections, plus objtool function checksumming.

- Applies the .patch file and rebuilds the kernel using the same
options.

- Runs 'objtool klp diff' to detect changed functions and generate
intermediate binary diff objects.

- Builds a kernel module which links the diff objects with some
livepatch module init code (scripts/livepatch/init.c).

- Finalizes the livepatch module (aka work around linker wreckage)
using 'objtool klp post-link'.

I've tested with a variety of patches on defconfig and Fedora-config
kernels with both GCC and Clang.

show more ...

livepatch/klp-build: Add --show-first-changed option to show function divergence

Add a --show-first-changed option to identify where changed functions
begin to diverge:

- Parse 'objtool klp diff'

livepatch/klp-build: Add --show-first-changed option to show function divergence

Add a --show-first-changed option to identify where changed functions
begin to diverge:

- Parse 'objtool klp diff' output to find changed functions.

- Run objtool again on each object with --debug-checksum=<funcs>.

- Diff the per-instruction checksum debug output to locate the first
differing instruction.

This can be useful for quickly determining where and why a function
changed.

Acked-by: Petr Mladek <pmladek@suse.com>
Tested-by: Joe Lawrence <joe.lawrence@redhat.com>
Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>

show more ...

livepatch/klp-build: Add --debug option to show cloning decisions

Add a --debug option which gets passed to "objtool klp diff" to enable
debug output related to cloning decisions.

Acked-by: Petr Ml

livepatch/klp-build: Add --debug option to show cloning decisions

Add a --debug option which gets passed to "objtool klp diff" to enable
debug output related to cloning decisions.

Acked-by: Petr Mladek <pmladek@suse.com>
Tested-by: Joe Lawrence <joe.lawrence@redhat.com>
Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>

show more ...

livepatch/klp-build: Introduce klp-build script for generating livepatch modules

Add a klp-build script which automates the generation of a livepatch
module from a source .patch file by performing t

livepatch/klp-build: Introduce klp-build script for generating livepatch modules

Add a klp-build script which automates the generation of a livepatch
module from a source .patch file by performing the following steps:

- Builds an original kernel with -function-sections and
-fdata-sections, plus objtool function checksumming.

- Applies the .patch file and rebuilds the kernel using the same
options.

- Runs 'objtool klp diff' to detect changed functions and generate
intermediate binary diff objects.

- Builds a kernel module which links the diff objects with some
livepatch module init code (scripts/livepatch/init.c).

- Finalizes the livepatch module (aka work around linker wreckage)
using 'objtool klp post-link'.

Acked-by: Petr Mladek <pmladek@suse.com>
Tested-by: Joe Lawrence <joe.lawrence@redhat.com>
Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>

show more ...