[tip: objtool/core] livepatch/klp-build: report patch validation fuzz

[tip-bot2 for Joe Lawrence]

The following commit has been merged into the objtool/core branch of tip:

Commit-ID:     51a0b7c4ede5c775e9d362e5f465ca993e076823
Gitweb:        https://git.kernel.org/tip/51a0b7c4ede5c775e9d362e5f465ca993e076823
Author:        Joe Lawrence <joe.lawrence@xxxxxxxxxx>
AuthorDate:    Tue, 10 Mar 2026 16:37:51 -04:00
Committer:     Josh Poimboeuf <jpoimboe@xxxxxxxxxx>
CommitterDate: Mon, 16 Mar 2026 12:52:53 -07:00

livepatch/klp-build: report patch validation fuzz

Capture the output of the patch command to detect when a patch applies
with fuzz or line offsets.

If such "fuzz" is detected during the validation phase, warn the user
and display the details.  This helps identify input patches that may
need refreshing against the target source tree.

Ensure that internal patch operations (such as those in refresh_patch or
during the final build phase) can still run quietly.

Signed-off-by: Joe Lawrence <joe.lawrence@xxxxxxxxxx>
Acked-by: Song Liu <song@xxxxxxxxxx>
Link: https://patch.msgid.link/20260310203751.1479229-13-joe.lawrence@xxxxxxxxxx
Signed-off-by: Josh Poimboeuf <jpoimboe@xxxxxxxxxx>
---
 scripts/livepatch/klp-build | 24 +++++++++++++++++++-----
 1 file changed, 19 insertions(+), 5 deletions(-)

diff --git a/scripts/livepatch/klp-build b/scripts/livepatch/klp-build
index d628e2c..839f9b6 100755
--- a/scripts/livepatch/klp-build
+++ b/scripts/livepatch/klp-build
@@ -360,11 +360,24 @@ check_unsupported_patches() {
 
 apply_patch() {
 	local patch="$1"
+	shift
+	local extra_args=("$@")
+	local drift_regex="with fuzz|offset [0-9]+ line"
+	local output
+	local status
 
 	[[ ! -f "$patch" ]] && die "$patch doesn't exist"
-	patch -d "$SRC" -p1 --dry-run --silent --no-backup-if-mismatch -r /dev/null < "$patch"
-	patch -d "$SRC" -p1 --silent --no-backup-if-mismatch -r /dev/null < "$patch"
+	status=0
+	output=$(patch -d "$SRC" -p1 --dry-run --no-backup-if-mismatch -r /dev/null "${extra_args[@]}" < "$patch" 2>&1) || status=$?
+	if [[ "$status" -ne 0 ]]; then
+		echo "$output" >&2
+		die "$patch did not apply"
+	elif [[ "$output" =~ $drift_regex ]]; then
+		echo "$output" >&2
+		warn "${patch} applied with fuzz"
+	fi
 
+	patch -d "$SRC" -p1 --no-backup-if-mismatch -r /dev/null "${extra_args[@]}" --silent < "$patch"
 	APPLIED_PATCHES+=("$patch")
 }
 
@@ -383,10 +396,11 @@ revert_patch() {
 }
 
 apply_patches() {
+	local extra_args=("$@")
 	local patch
 
 	for patch in "${PATCHES[@]}"; do
-		apply_patch "$patch"
+		apply_patch "$patch" "${extra_args[@]}"
 	done
 }
 
@@ -444,7 +458,7 @@ refresh_patch() {
 	( cd "$SRC" && echo "${input_files[@]}" | xargs cp --parents --target-directory="$tmpdir/a" )
 
 	# Copy patched source files to 'b'
-	apply_patch "$patch"
+	apply_patch "$patch" "--silent"
 	( cd "$SRC" && echo "${output_files[@]}" | xargs cp --parents --target-directory="$tmpdir/b" )
 	revert_patch "$patch"
 
@@ -817,7 +831,7 @@ fi
 if (( SHORT_CIRCUIT <= 2 )); then
 	status "Fixing patch(es)"
 	fix_patches
-	apply_patches
+	apply_patches "--silent"
 	status "Building patched kernel"
 	build_kernel "patched"
 	revert_patches