github.com/google/syzkaller@v0.0.0-20251211124644-a066d2bc4b02/pkg/vcs/linux_patches.go (about)

     1  // Copyright 2023 syzkaller project authors. All rights reserved.
     2  // Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
     3  
     4  package vcs
     5  
     6  import "fmt"
     7  
     8  // BackportCommit describes a fix commit that must be cherry-picked to an older
     9  // kernel revision in order to enable kernel build / boot.
    10  type BackportCommit struct {
    11  	// Backport is only applied if the commit is reachable from HEAD.
    12  	GuiltyHash string `json:"guilty_hash"`
    13  	// The hash of the commit to cherry-pick.
    14  	FixHash string `json:"fix_hash"`
    15  	// The title of the commit to cherry-pick.
    16  	// It's used to determine whether the fix is already in place.
    17  	FixTitle string `json:"fix_title"`
    18  	// The field is only intended to make config files less cryptic.
    19  	Comment string `json:"comment"`
    20  }
    21  
    22  // linuxFixBackports() cherry-picks the commits necessary to compile/run older Linux kernel releases.
    23  func linuxFixBackports(repo *gitRepo, extraCommits ...BackportCommit) error {
    24  	return applyFixBackports(repo,
    25  		append(
    26  			append([]BackportCommit{}, pickLinuxCommits...),
    27  			extraCommits...,
    28  		),
    29  	)
    30  }
    31  
    32  func applyFixBackports(repo *gitRepo, commits []BackportCommit) error {
    33  	for _, info := range commits {
    34  		if info.GuiltyHash != "" {
    35  			contains, err := repo.Contains(info.GuiltyHash)
    36  			if err != nil {
    37  				return fmt.Errorf("failed to check if %s is present: %w", info.GuiltyHash, err)
    38  			}
    39  			if !contains {
    40  				// There's no reason to backport a fix.
    41  				continue
    42  			}
    43  		}
    44  		fixCommit, err := repo.GetCommitByTitle(info.FixTitle)
    45  		if err != nil {
    46  			return err
    47  		}
    48  		if fixCommit != nil {
    49  			// The fix is already present.
    50  			continue
    51  		}
    52  		_, err = repo.Run("cherry-pick", "--no-commit", info.FixHash)
    53  		if err != nil {
    54  			return err
    55  		}
    56  	}
    57  	return nil
    58  }
    59  
    60  var pickLinuxCommits = []BackportCommit{
    61  	{
    62  		// Compiling v4.6..v5.11 with a modern objtool, w/o this patch, results in the
    63  		// following issue, when compiling with clang:
    64  		// arch/x86/entry/thunk_64.o: warning: objtool: missing symbol table
    65  		// We don't bisect that far back with neither clang nor gcc, so this should be fine:
    66  		FixHash:  `1d489151e9f9d1647110277ff77282fe4d96d09b`,
    67  		FixTitle: `objtool: Don't fail on missing symbol table`,
    68  	},
    69  	{
    70  		// With newer compiler versions, kernel compilation fails with:
    71  		// subcmd-util.h:56:23: error: pointer may be used after ‘realloc’ [-Werror=use-after-free]
    72  		// 56 |                 ret = realloc(ptr, size);
    73  		// The guilty commit is from 2015, we don't bisect that far.
    74  		FixHash:  `52a9dab6d892763b2a8334a568bd4e2c1a6fde66`,
    75  		FixTitle: `libsubcmd: Fix use-after-free for realloc(..., 0)`,
    76  	},
    77  	{
    78  		// A number of old releases fail with KASAN: use-after-free in task_active_pid_ns.
    79  		// The problem was actually present so long ago that we do not need to check whether
    80  		// the guilty commit is present. We don't bisect that back (v2.*) anyway.
    81  		FixHash:  `0711f0d7050b9e07c44bc159bbc64ac0a1022c7f`,
    82  		FixTitle: "pid: take a reference when initializing `cad_pid`",
    83  	},
    84  	{
    85  		// Fixes the following error:
    86  		// check.c:2865:58: error: '%d' directive output may be truncated writing between 1 and
    87  		// 10 bytes into a region of size 9 [-Werror=format-truncation=]
    88  		GuiltyHash: `db2b0c5d7b6f19b3c2cab08c531b65342eb5252b`,
    89  		FixHash:    `82880283d7fcd0a1d20964a56d6d1a5cc0df0713`,
    90  		FixTitle:   `objtool: Fix truncated string warning`,
    91  	},
    92  	{
    93  		// Fixes `boot failed: WARNING in kvm_wait`.
    94  		GuiltyHash: `997acaf6b4b59c6a9c259740312a69ea549cc684`,
    95  		FixHash:    `f4e61f0c9add3b00bd5f2df3c814d688849b8707`,
    96  		FixTitle:   `x86/kvm: Fix broken irq restoration in kvm_wait`,
    97  	},
    98  	{
    99  		// Fixes `error: implicit declaration of function 'acpi_mps_check'`.
   100  		GuiltyHash: `342f43af70dbc74f8629381998f92c060e1763a2`,
   101  		FixHash:    `ea7b4244b3656ca33b19a950f092b5bbc718b40c`,
   102  		FixTitle:   `x86/setup: Explicitly include acpi.h`,
   103  	},
   104  	{
   105  		// Fixes `BUG: KASAN: slab-use-after-free in binder_add_device` at boot.
   106  		GuiltyHash: `12d909cac1e1c4147cc3417fee804ee12fc6b984`,
   107  		FixHash:    `e77aff5528a183462714f750e45add6cc71e276a`,
   108  		FixTitle:   `binderfs: fix use-after-free in binder_devices`,
   109  	},
   110  	{
   111  		// Fixes `unregister_netdevice: waiting for batadv0 to become free. Usage count = 3`.
   112  		// Several v6.15-rc* tags are essentially unfuzzeable because of this.
   113  		GuiltyHash: `00b35530811f2aa3d7ceec2dbada80861c7632a8`,
   114  		FixHash:    `10a77965760c6e2b3eef483be33ae407004df894`,
   115  		FixTitle:   `batman-adv: Fix double-hold of meshif when getting enabled`,
   116  	},
   117  	{
   118  		// Fixes `ld.lld: error: undefined symbol: devm_drm_of_get_bridge`.
   119  		GuiltyHash: `2a04739139b2b2761571e18937e2400e71eff664`,
   120  		FixHash:    `b12fa5e76e1463fc5a196f2717040e4564e184b6`,
   121  		FixTitle:   `drm/bridge: select DRM_KMS_HELPER for AUX_BRIDGE`,
   122  	},
   123  	{
   124  		// Fixes `undefined symbol: devm_drm_of_get_bridge referenced by nb7vpq904m.c`.
   125  		GuiltyHash: `2a04739139b2b2761571e18937e2400e71eff664`,
   126  		FixHash:    `c5d296bad640b190c52ef7508114d70e971a4bba`,
   127  		FixTitle:   `usb: typec: nb7vpq904m: switch to DRM_AUX_BRIDGE`,
   128  	},
   129  }