new(driver): kmod configure system

Introduce a new mechanism for conditional build in the kernel module, documented in driver/README.configure.md Apply such mechanism to `ppm_access_ok`, easily detecting if `access_ok` is the old version with 3 parameters or the new one with just two. Signed-off-by: Angelo Puglisi <[email protected]>
albe19029 · Mar 5, 2024 · 942b096 · 942b096
1 parent 51faaa4
commit 942b096
Show file tree

Hide file tree

Showing 8 changed files with 169 additions and 1 deletion.
diff --git a/driver/CMakeLists.txt b/driver/CMakeLists.txt
@@ -98,6 +98,30 @@ configure_file(dkms.conf.in src/dkms.conf)
 configure_file(Makefile.in src/Makefile)
 configure_file(driver_config.h.in src/driver_config.h)
 
+#
+# Copy all the "configure" modules
+#
+file(GLOB configure_modules "${CMAKE_CURRENT_SOURCE_DIR}/configure/*")
+foreach(subdir ${configure_modules})
+	if(IS_DIRECTORY "${subdir}")
+		file(RELATIVE_PATH CONFIGURE_MODULE "${CMAKE_CURRENT_SOURCE_DIR}/configure" "${subdir}")
+		configure_file(configure/${CONFIGURE_MODULE}/test.c src/configure/${CONFIGURE_MODULE}/test.c COPYONLY)
+		configure_file(configure/Makefile src/configure/${CONFIGURE_MODULE}/Makefile COPYONLY)
+		configure_file(configure/build.sh src/configure/${CONFIGURE_MODULE}/build.sh COPYONLY)
+		configure_file(configure/Makefile.inc.in src/configure/${CONFIGURE_MODULE}/Makefile.inc)
+		if(ENABLE_DKMS)
+			install(FILES
+				"${CMAKE_CURRENT_BINARY_DIR}/src/configure/${CONFIGURE_MODULE}/build.sh"
+				"${CMAKE_CURRENT_BINARY_DIR}/src/configure/${CONFIGURE_MODULE}/test.c"
+				"${CMAKE_CURRENT_BINARY_DIR}/src/configure/${CONFIGURE_MODULE}/Makefile"
+				"${CMAKE_CURRENT_BINARY_DIR}/src/configure/${CONFIGURE_MODULE}/Makefile.inc"
+				DESTINATION "src/${DRIVER_PACKAGE_NAME}-${DRIVER_VERSION}/configure/${CONFIGURE_MODULE}"
+				COMPONENT ${DRIVER_COMPONENT_NAME})
+		endif()
+	endif()
+endforeach()
+
+
 set(DRIVER_SOURCES
 	dynamic_params_table.c
 	event_table.c

diff --git a/driver/Makefile.in b/driver/Makefile.in
@@ -12,7 +12,13 @@ ccflags-y := @KBUILD_FLAGS@
 
 KERNELDIR 		?= /lib/modules/$(shell uname -r)/build
 
+ifeq ($(strip $(MAKEFILE_LIST)),Makefile)
+#
+# If MAKEFILE_LIST is just "Makefile", it means `make` was invoked pointing to
+# this Makefile. Targets don't make any sense if the Makefile was included.
+#
 TOP := $(shell pwd)
+
 all:
 	$(MAKE) -C $(KERNELDIR) M=$(TOP) modules
 
@@ -21,3 +27,18 @@ clean:
 
 install: all
 	$(MAKE) -C $(KERNELDIR) M=$(TOP) modules_install
+else
+#
+# Get the path of the module sources
+#
+FIRST_MAKEFILE := $(firstword $(MAKEFILE_LIST))
+FIRST_MAKEFILE_FILENAME := $(notdir $(FIRST_MAKEFILE))
+FIRST_MAKEFILE_DIRNAME := $(shell basename $(dir $(FIRST_MAKEFILE)))
+ifeq ($(FIRST_MAKEFILE_DIRNAME)/$(FIRST_MAKEFILE_FILENAME), scripts/Makefile.build)
+# Build phase
+MODULE_MAKEFILE_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST))))
+MAKEFILE_INC_FILES := $(shell find $(MODULE_MAKEFILE_DIR)/configure -type f -name Makefile.inc)
+$(info Including $(MAKEFILE_INC_FILES))
+include $(MAKEFILE_INC_FILES)
+endif
+endif # $(strip $(MAKEFILE_LIST)),Makefile
diff --git a/driver/README.configure.md b/driver/README.configure.md
@@ -0,0 +1,48 @@
+# Kernel module "configure" mechanism
+
+## Rationale
+The kernel module has several `#if` directives based on the linux kernel version,
+to deal with breaking changes.
+This unfortunately doesn't work when breaking changes are being backported by kernel providers.
+Red Hat is known to do this, but they provide `RHEL_RELEASE_CODE` we can test against.
+
+Eventually we hit some backported changes within the same RHEL release that gave us some headaches.
+The last drop was EulerOS, which backports breaking changes without providing `RHEL_RELEASE_CODE` nor any other macro.
+
+## Solution
+We introduce a *configure-ish* mechanism mimicking autoconf `AC_TRY_COMPILE`.
+
+The kernel module Makefile will include all the *sub-kmod* inside `configure` folder and compile them with the host kernel headers.
+Based on the result of the compilation we'll define macros to be used in the `#if` directives.
+
+### First use-case: `access_ok()`
+Kernel change https://github.com/torvalds/linux/commit/96d4f267e introduced in 5.0 removed an argument from `access_ok()` function.
+In the past we already covered RHEL backporting it with:
+```c
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 0, 0)) || (PPM_RHEL_RELEASE_CODE > 0 && PPM_RHEL_RELEASE_CODE >= PPM_RHEL_RELEASE_VERSION(8, 1))
+#define ppm_access_ok(type, addr, size)	access_ok(addr, size)
+#else
+#define ppm_access_ok(type, addr, size)	access_ok(type, addr, size)
+#endif
+```
+What about EulerOS and alike?
+
+Now we have `ACCESS_OK_2` *sub-kmod* which is a basic kernel module calling:
+```c
+access_ok(0, 0);
+```
+If it builds, we'll add `-DHAS_ACCESS_OK_2` to `ccflags-y`.
+The kernel module code of course has been changed to:
+```c
+#ifdef HAS_ACCESS_OK_2
+#define ppm_access_ok(type, addr, size)	access_ok(addr, size)
+#else
+#define ppm_access_ok(type, addr, size)	access_ok(type, addr, size)
+#endif
+```
+
+## How to add a new "configure" check
+1. Create a new folder under `configure/` with a meaningful name. That has to be all UPPERCASE with underscores, because it will be used as a macro name, prefixed by HAS_ (e.g. `ACCESS_OK_2` generates `HAS_ACCESS_OK_2`).
+2. Name the *sub-kmod* source `test.c`. CMake and the predefined Makefile relies on the name being `test.c`.
+3. Update the kernel module code to use the new macro.
+4. Bob's your uncle.
diff --git a/driver/configure/ACCESS_OK_2/test.c b/driver/configure/ACCESS_OK_2/test.c
@@ -0,0 +1,32 @@
+/*
+
+Copyright (C) 2023 The Falco Authors.
+
+This file is dual licensed under either the MIT or GPL 2. See MIT.txt
+or GPL2.txt for full copies of the license.
+
+*/
+
+/*
+ * Check that access_ok builds with 2 parameters
+ * See https://github.com/torvalds/linux/commit/96d4f267e
+ */
+
+#include <linux/module.h>
+#include <linux/uaccess.h>
+
+MODULE_LICENSE("GPL");
+MODULE_AUTHOR("the Falco authors");
+
+static int access_ok_init(void)
+{
+	access_ok(0, 0);
+	return 0;
+}
+
+static void access_ok_exit(void)
+{
+}
+
+module_init(access_ok_init);
+module_exit(access_ok_exit);
diff --git a/driver/configure/Makefile b/driver/configure/Makefile
@@ -0,0 +1,21 @@
+#
+# Copyright (C) 2023 The Falco Authors.
+#
+# This file is dual licensed under either the MIT or GPL 2. See
+# MIT.txt or GPL.txt for full copies of the license.
+#
+
+testmod-y += test.o
+obj-m += testmod.o
+
+KERNELDIR ?= /lib/modules/$(shell uname -r)/build
+TOP := $(shell pwd)
+
+all:
+	$(MAKE) -C $(KERNELDIR) M=$(TOP) modules
+
+clean:
+	$(MAKE) -C $(KERNELDIR) M=$(TOP) clean
+
+install: all
+	$(MAKE) -C $(KERNELDIR) M=$(TOP) modules_install
diff --git a/driver/configure/Makefile.inc.in b/driver/configure/Makefile.inc.in
@@ -0,0 +1,9 @@
+MODULE_MAKEFILE_DIR := $(shell dirname $(abspath $(lastword $(MAKEFILE_LIST))))
+
+# Run the module build.sh (wrapper for make) script with an empty environment, but PATH
+HAS_@CONFIGURE_MODULE@ := $(shell env -i PATH="$(PATH)" KERNELDIR="$(KERNELDIR)" sh $(MODULE_MAKEFILE_DIR)/build.sh ; echo $$?)
+
+ifeq ($(HAS_@CONFIGURE_MODULE@),0)
+$(info Setting HAS_@CONFIGURE_MODULE@ flag)
+ccflags-y += -DHAS_@CONFIGURE_MODULE@
+endif
diff --git a/driver/configure/build.sh b/driver/configure/build.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+#
+# Copyright (C) 2023 The Falco Authors.
+#
+# This file is dual licensed under either the MIT or GPL 2. See
+# MIT.txt or GPL.txt for full copies of the license.
+#
+
+SCRIPT=$(readlink -f "$0")
+SCRIPT_DIR=$(dirname ${SCRIPT})
+
+make -C ${SCRIPT_DIR} > ${SCRIPT_DIR}/build.log 2>&1
diff --git a/driver/ppm_events.c b/driver/ppm_events.c
@@ -44,7 +44,7 @@ or GPL2.txt for full copies of the license.
 #ifdef access_ok_noprefault
 #define ppm_access_ok access_ok_noprefault
 #else
-#if (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 0, 0)) || (PPM_RHEL_RELEASE_CODE > 0 && PPM_RHEL_RELEASE_CODE >= PPM_RHEL_RELEASE_VERSION(8, 1))
+#ifdef HAS_ACCESS_OK_2
 #define ppm_access_ok(type, addr, size)	access_ok(addr, size)
 #else
 #define ppm_access_ok(type, addr, size)	access_ok(type, addr, size)