File kgr.sh of Package kgraft

#!/bin/bash

# Check kGraft patching status
# Libor Pechacek <lpechacek@suse.com>

unset VERBOSE

function kgr_in_progress() {
    for p in /sys/kernel/livepatch/*; do
        [ 0$(cat "$p/transition" 2>/dev/null) -ne 0 ] && return 0
    done
}

function kgr_poke_processes() {
    if [[ $EUID -ne 0 ]]; then
       echo "Warning: running as non-root user, only this user's processes will be poked" >&2
    fi

    for PROC in /proc/[0-9]*; do
	if [ 0$(cat $PROC/kgr_in_progress 2>/dev/null) -ne 0 ]; then
	    PID=$(echo $PROC | cut -d/ -f3)
	    if [ -n "$VERBOSE" ]; then
		echo "sending $PID STOP/CONT"
	    fi
	    kill -STOP $PID
	    # give kernel time to distribute the signal to all threads
	    sleep .1
	    kill -CONT $PID
	fi
    done
}

function kgr_dump_blocking_processes() {
    local OPTIND
    local THREADS

    if [[ $EUID -ne 0 ]]; then
       echo "Warning: running as non-root user, display will be limited" >&2
    fi

    while getopts t opt; do
	case $opt in
	t) THREADS='yes' ;;
	*) echo "Warning: $FUNCNAME: ignoring unknown option \'$opt\'" >&2 ;;
	esac
    done

    unset PIDS

    TRANSITIONING_PATCH="$(grep -l '^1$' /sys/kernel/livepatch/*/transition | head -n1)"

    if [ -n "$TRANSITIONING_PATCH" ]; then
	TRANSITION_DIRECTION=$(cat "${TRANSITIONING_PATCH/%\/transition/\/enabled}")

	for PROC in /proc/[0-9]*${THREADS:+/task/[0-9]*}; do
            DIR=${PROC%/kgr_in_progress}
	    PATCH_STATE=$(cat $DIR/patch_state 2>/dev/null)
	    if [ -n "$PATCH_STATE" ] && [ "$PATCH_STATE" -ge 0 \
		-a "$PATCH_STATE" -ne "$TRANSITION_DIRECTION" ]; then
		PID=${DIR#/proc/}
		PID=${PID%/task/*}
		TID=${DIR#*/task/}
		if [ -n "$VERBOSE" ]; then
		    COMM="$(cat $DIR/cmdline 2>/dev/null | tr \\0 \ )"
		    # fallback to the command name, for example for kernel threads
		    [ -z "$COMM" ] && COMM="[$(cat $DIR/comm 2>/dev/null | tr \\0 \ )]"
		    if [ ${VERBOSE:-0} -gt 1 ]; then
			STACK=$(cat $DIR/stack 2>/dev/null | sed 's/^/  /')
		    fi
		    # don't write out anything in case the process has exited
		    if [ -e "$DIR" ]; then
			    echo "$PID ${THREADS:+$TID }$COMM"
			    [ ${VERBOSE:-0} -gt 1 ] && echo "$STACK"
		    fi
		else
		    echo $PID ${THREADS:+$TID}
		fi
		PIDS="$PIDS $PID"
	    fi
	done
    fi

    if [ -z "$PIDS" -a -n "$VERBOSE" ]; then
	echo "no processes with kgr_in_progress set"
    fi
}

function kgr_status() {
    if kgr_in_progress ; then
	echo "in_progress"
    else
	echo "ready"
    fi
}

function kgr_check() {
    if kgr_in_progress ; then
	echo "Following processes have not finished a previous kGraft patch yet:"
	VERBOSE=2 kgr_dump_blocking_processes -t
	return 1
    fi
}

function kgr_patches() {
    unset PATCHES_FOUND
    for d in /sys/kernel/livepatch/*; do
	[ ! -d "$d" ] && continue
	PATCH_NAME=${d#/sys/kernel/livepatch/}
	PATCH_MOD=${PATCH_NAME}
	echo "${PATCH_MOD}"
	if [ -n "$VERBOSE" ]; then
	    kgr_detailed_patch_info "${PATCH_MOD}" | sed 's/^/    /'
	    echo
	fi
	PATCHES_FOUND=1
    done
    if [ -z "$PATCHES_FOUND" -a -n "$VERBOSE" ]; then
	echo "no patch"
    fi
}

function kgr_detailed_patch_info() {
    REFCNT=$(cat "/sys/module/$1/refcnt")
    ACTIVE=$([[ "$REFCNT" -eq 0 ]]; echo $?)

    echo "active: ${ACTIVE}"

    # srcversion is the link between loaded kernel module and its RPM
    SRCVERSION=$(cat "/sys/module/$1/srcversion")

    # exit when the module cannot be tracked down
    MODPATH=$(/usr/sbin/modinfo -n "$1" 2>/dev/null) || exit
    MODSRCVERSION=$(/usr/sbin/modinfo -F srcversion "$1")

    if [ "$SRCVERSION" != "$MODSRCVERSION" ]; then
	echo "Warning: patch module srcversion does not match the on-disk checksum:" \
	     "$1 ($SRCVERSION/$MODSRCVERSION)" >&2
        exit 1
    fi

    RPMNAME=$(rpm -qf "${MODPATH}" 2>/dev/null) || exit
    echo "RPM: ${RPMNAME}"
    REFS=($(rpm -q --changelog "${RPMNAME}" | \
	sed 's/^[[:space:]]*KLP:[[:space:]]*\(.*\)/\1/;t b;d;:b s/[[:space:]]/\n/g' | \
	sort -ru))
    declare -a CVES
    declare -a BUGS_FATES
    for REF in "${REFS[@]}"; do
        if [ ${REF:0:3} = 'CVE' ]; then
             CVES+=($REF)
        else
             BUGS_FATES+=($REF)
        fi
    done
    echo -n "CVE: "
    if [ ${#CVES[*]} -gt 0 ]; then
	echo ${CVES[*]}
    else
        echo -n "(none"
        [ ${#BUGS_FATES[*]} -eq 0 ] && echo -n " - this is an initial kGraft patch"
        echo ")"
    fi
    echo -n "bug fixes and enhancements: "
    if [ ${#BUGS_FATES[*]} -gt 0 ]; then
	echo ${BUGS_FATES[*]}
    else
	echo "(none)"
    fi
}

USAGE="Usage: $0 [-h][-v] COMMAND
Query and manipulate kGraft patching status.

Commands:
	status:    display the overall status of kGraft patching
	patches:   display the list of loaded patches
	blocking:  list processes that are preventing kGraft patching
		   from finishing
        blocking_threads: list execution threads that are preventing kGraft
                   patching from finishing
	poke:      move forward with the kGraft patching by sending
		   STOP and CONT signal to the pending processes

Options:
	-h	   print this help
	-v	   more detailed output

Report bugs at https://bugzilla.suse.com/"
PKGVERSION="@@VERSION@@"

while getopts vh-: opt
do
    case $opt$OPTARG in
    -help|h)
	exec echo "$USAGE" ;;
    -version)
	exec echo "kgr $PKGVERSION" ;;
    v) VERBOSE=$((${VERBOSE:-0} + 1)) ;;
    *)
	echo "$0: try '$0 --help'" >&2; exit 1 ;;
    esac
done

shift `expr $OPTIND - 1`

if [ $# -ne 1 ]; then
    echo -e "Error: no command provided\n" >&2
    echo "$USAGE"
    exit 1
fi

case $1 in
    blocking) kgr_dump_blocking_processes ;;
    blocking_threads) kgr_dump_blocking_processes -t ;;
    poke) kgr_poke_processes ;;
    status) kgr_status ;;
    check) kgr_check ;;
    patches) kgr_patches ;;
    *) echo "Error: unknown command \`$1'"; exit 1 ;;
esac

# vim: ai sw=4 et sts=4 ft=sh
openSUSE Build Service is sponsored by