From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
To: Jan Beulich <JBeulich@suse.com>
Cc: Keir Fraser <keir@xen.org>,
ross.lagerwall@citrix.com, andrew.cooper3@citrix.com,
mpohlack@amazon.de, sasha.levin@oracle.com,
xen-devel@lists.xenproject.org
Subject: Re: [PATCH v5 23/28] xsplice: Stacking build-id dependency checking.
Date: Mon, 4 Apr 2016 16:01:41 -0400 [thread overview]
Message-ID: <20160404200141.GB9205@char.us.oracle.com> (raw)
In-Reply-To: <57029D9002000078000E2C1C@prv-mh.provo.novell.com>
On Mon, Apr 04, 2016 at 09:00:00AM -0600, Jan Beulich wrote:
> >>> On 24.03.16 at 21:00, <konrad.wilk@oracle.com> wrote:
> > @@ -929,6 +932,33 @@ being loaded and requires an hypervisor build-id to match against.
> > The old code allows much more flexibility and an additional guard,
> > but is more complex to implement.
> >
> > +The second option which requires an build-id of the hypervisor
> > +is implemented in the Xen Project hypervisor.
> > +
> > +Specifically each payload has two build-id ELF notes:
> > + * The build-id of the payload itself (generated via --build-id).
> > + * The build-id of the payload it depends on (extracted from the
> > + the previous payload or hypervisor during build time).
> > +
> > +This means that the very first payload depends on the hypervisor
> > +build-id.
>
> So this is mean to be a singly linked chain, not something with
> branches and alike, allowing independent patches to be applied
> solely based on the base build ID? Is such a restriction not going
Correct.
> to get in the way rather sooner than later?
Here is what the design doc says:
"
### xSplice interdependencies
xSplice patches interdependencies are tricky.
There are the ways this can be addressed:
* A single large patch that subsumes and replaces all previous ones.
Over the life-time of patching the hypervisor this large patch
grows to accumulate all the code changes.
* Hotpatch stack - where an mechanism exists that loads the hotpatches
in the same order they were built in. We would need an build-id
of the hypevisor to make sure the hot-patches are build against the
correct build.
* Payload containing the old code to check against that. That allows
the hotpatches to be loaded indepedently (if they don't overlap) - or
if the old code also containst previously patched code - even if they
overlap.
The disadvantage of the first large patch is that it can grow over
time and not provide an bisection mechanism to identify faulty patches.
The hot-patch stack puts stricts requirements on the order of the patches
being loaded and requires an hypervisor build-id to match against.
The old code allows much more flexibility and an additional guard,
but is more complex to implement.
The second option which requires an build-id of the hypervisor
is implemented in the Xen Project hypervisor.
"
I was all for "old_code to check against" but that would incur quite a lot
of implementation. The 'stacking' (suggested by Martin) is much easier
to implement. I am hoping that in next major milestone the 'old code' checking
can be implemented such that the admin has the choice to use both.
>
> > +# Not Yet Done
> > +
> > +This is for further development of xSplice.
> > +
> > +## Goals
> > +
> > +The implementation must also have a mechanism for:
> > +
> > + * Be able to lookup in the Xen hypervisor the symbol names of functions from the ELF payload.
> > + * Be able to patch .rodata, .bss, and .data sections.
> > + * Further safety checks (blacklist of which functions cannot be patched, check
> > + the stack, make sure the payload is built with same compiler as hypervisor,
> > + and NMI/MCE handlers and do_nmi for right now - until an safe solution is found).
> > + * NOP out the code sequence if `new_size` is zero.
> > + * Deal with other relocation types: R_X86_64_[8,16,32,32S], R_X86_64_PC[8,16,64] in payload file.
>
> Does this belong here? Doesn't this duplicate something I saw earlier?
? This is just shrinking the "TODO Goals" section and removing the:
"- * An dependency mechanism for the payloads. To use that information to load:
- - The appropiate payload. To verify that payload is built against the
- hypervisor. This can be done via the `build-id`
- or via providing an copy of the old code - so that the hypervisor can
- verify it against the code in memory.
- - To construct an appropiate order of payloads to load in case they
- depend on each other.
"
The other TODOs are not added.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
next prev parent reply other threads:[~2016-04-04 20:01 UTC|newest]
Thread overview: 190+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-24 20:00 [PATCH v5] xSplice v1 design and implementation Konrad Rzeszutek Wilk
2016-03-24 20:00 ` [PATCH v5 01/28] HYPERCALL_version_op. New hypercall mirroring XENVER_ but sane Konrad Rzeszutek Wilk
2016-03-24 20:22 ` Andrew Cooper
2016-03-24 21:07 ` Konrad Rzeszutek Wilk
2016-03-24 21:30 ` Konrad Rzeszutek Wilk
2016-03-30 15:43 ` Jan Beulich
2016-03-31 6:30 ` Jan Beulich
2016-03-31 11:43 ` Konrad Rzeszutek Wilk
2016-03-31 12:07 ` Jan Beulich
2016-03-31 13:28 ` REST MAINTAINERS feedback requested Was:Re: " Konrad Rzeszutek Wilk
2016-03-31 13:50 ` Jan Beulich
2016-04-08 16:33 ` Jan Beulich
2016-04-08 17:09 ` Konrad Rzeszutek Wilk
2016-04-08 17:13 ` Jan Beulich
2016-04-08 17:21 ` Wei Liu
2016-04-08 17:23 ` Konrad Rzeszutek Wilk
2016-04-08 17:27 ` Wei Liu
2016-04-08 17:21 ` Ian Jackson
2016-04-08 17:41 ` Andrew Cooper
2016-04-08 17:54 ` Jan Beulich
2016-04-11 10:50 ` Ian Jackson
2016-04-11 13:56 ` Konrad Rzeszutek Wilk
2016-04-11 14:22 ` Ian Jackson
2016-04-11 15:48 ` Jan Beulich
2016-04-11 16:25 ` Ian Jackson
2016-04-11 16:53 ` Konrad Rzeszutek Wilk
2016-04-11 17:06 ` Jan Beulich
2016-04-11 17:00 ` Jan Beulich
2016-04-11 17:13 ` Ian Jackson
2016-04-11 17:34 ` Jan Beulich
2016-04-11 17:46 ` Jan Beulich
2016-04-12 9:58 ` George Dunlap
2016-04-12 13:56 ` Konrad Rzeszutek Wilk
2016-04-12 14:38 ` George Dunlap
2016-04-12 15:00 ` Konrad Rzeszutek Wilk
2016-04-12 15:26 ` Ian Jackson
2016-04-13 4:21 ` Jan Beulich
2016-04-13 16:07 ` Ian Jackson
2016-04-14 15:13 ` George Dunlap
2016-04-14 15:59 ` Jan Beulich
2016-04-14 16:19 ` George Dunlap
2016-04-14 17:01 ` Jan Beulich
2016-04-14 18:11 ` REST MAINTAINERS feedback requested Was:Re: [PATCH v5 01/28] HYPERCALL_version_op. New hypercall mirroring XENVER_ but sane. [and 1 more messages] Ian Jackson
2016-04-14 19:22 ` Konrad Rzeszutek Wilk
2016-04-17 7:23 ` Jan Beulich
2016-04-15 11:23 ` REST MAINTAINERS feedback requested Was:Re: [PATCH v5 01/28] HYPERCALL_version_op. New hypercall mirroring XENVER_ but sane George Dunlap
2016-04-17 7:52 ` Jan Beulich
2016-04-12 15:31 ` Jan Beulich
2016-04-12 15:17 ` Jan Beulich
2016-04-12 15:28 ` Konrad Rzeszutek Wilk
2016-04-08 17:24 ` George Dunlap
2016-04-08 17:34 ` Jan Beulich
2016-03-24 20:00 ` [PATCH v5 02/28] libxc/libxl/python/xenstat/ocaml: Use new XEN_VERSION hypercall Konrad Rzeszutek Wilk
2016-03-24 21:24 ` Wei Liu
2016-03-25 13:21 ` Konrad Rzeszutek Wilk
2016-03-24 20:00 ` [PATCH v5 03/28] arm/x86: Use struct virtual_region to do bug, symbol, and (x86) exception tables lookup Konrad Rzeszutek Wilk
2016-03-30 16:09 ` Jan Beulich
2016-03-24 20:00 ` [PATCH v5 04/28] vmap: Add vmalloc_cb and vfree_cb Konrad Rzeszutek Wilk
2016-03-30 16:24 ` Jan Beulich
2016-03-30 16:44 ` Konrad Rzeszutek Wilk
2016-03-31 6:46 ` Jan Beulich
2016-03-31 11:49 ` Konrad Rzeszutek Wilk
2016-03-24 20:00 ` [PATCH v5 05/28] xsplice: Design document Konrad Rzeszutek Wilk
2016-03-29 9:36 ` Jan Beulich
2016-03-29 20:46 ` Konrad Rzeszutek Wilk
2016-03-24 20:00 ` [PATCH v5 06/28] xen/xsplice: Hypervisor implementation of XEN_XSPLICE_op Konrad Rzeszutek Wilk
2016-03-31 9:45 ` Jan Beulich
2016-03-24 20:00 ` [PATCH v5 07/28] libxc: Implementation of XEN_XSPLICE_op in libxc Konrad Rzeszutek Wilk
2016-03-24 20:00 ` [PATCH v5 08/28] xen-xsplice: Tool to manipulate xsplice payloads Konrad Rzeszutek Wilk
2016-03-24 20:00 ` [PATCH v5 09/28] xsplice: Add helper elf routines Konrad Rzeszutek Wilk
2016-03-31 12:03 ` Jan Beulich
2016-04-06 1:38 ` Konrad Rzeszutek Wilk
2016-04-07 0:38 ` Jan Beulich
2016-03-24 20:00 ` [PATCH v5 10/28] xsplice: Implement payload loading Konrad Rzeszutek Wilk
2016-03-31 13:45 ` Jan Beulich
2016-03-31 21:26 ` Konrad Rzeszutek Wilk
2016-04-01 9:18 ` Jan Beulich
2016-04-04 19:44 ` Konrad Rzeszutek Wilk
2016-04-05 1:57 ` Konrad Rzeszutek Wilk
2016-04-05 7:34 ` Jan Beulich
2016-04-05 15:50 ` Konrad Rzeszutek Wilk
2016-04-05 16:15 ` Jan Beulich
2016-04-05 16:45 ` Konrad Rzeszutek Wilk
2016-04-05 17:48 ` Konrad Rzeszutek Wilk
2016-04-07 0:49 ` Jan Beulich
2016-04-07 0:46 ` Jan Beulich
2016-03-24 20:00 ` [PATCH v5 11/28] xsplice: Implement support for applying/reverting/replacing patches Konrad Rzeszutek Wilk
2016-04-01 13:28 ` Jan Beulich
2016-04-01 21:04 ` Konrad Rzeszutek Wilk
2016-04-04 7:07 ` Jan Beulich
2016-04-07 3:05 ` Konrad Rzeszutek Wilk
2016-04-07 15:38 ` Jan Beulich
2016-04-09 14:42 ` Konrad Rzeszutek Wilk
2016-04-11 15:38 ` Jan Beulich
2016-04-07 3:09 ` Konrad Rzeszutek Wilk
2016-04-07 15:43 ` Jan Beulich
2016-04-10 2:36 ` Konrad Rzeszutek Wilk
2016-04-10 2:45 ` Konrad Rzeszutek Wilk
2016-04-11 15:41 ` Jan Beulich
2016-04-11 23:29 ` Konrad Rzeszutek Wilk
2016-04-10 19:47 ` Is: ARM maintainers advice ..Was:Re: " Konrad Rzeszutek Wilk
2016-04-10 20:58 ` Stefano Stabellini
2016-04-11 15:44 ` Jan Beulich
2016-04-11 15:50 ` Konrad Rzeszutek Wilk
2016-04-11 16:05 ` Jan Beulich
2016-03-24 20:00 ` [PATCH v5 12/28] x86/xen_hello_world.xsplice: Test payload for patching 'xen_extra_version' Konrad Rzeszutek Wilk
2016-04-01 13:33 ` Jan Beulich
2016-04-06 2:03 ` Konrad Rzeszutek Wilk
2016-04-07 1:03 ` Jan Beulich
2016-03-24 20:00 ` [PATCH v5 13/28] xsplice, symbols: Implement symbol name resolution on address Konrad Rzeszutek Wilk
2016-04-01 15:11 ` Jan Beulich
2016-04-07 3:14 ` Konrad Rzeszutek Wilk
2016-04-07 15:46 ` Jan Beulich
2016-04-08 1:32 ` Konrad Rzeszutek Wilk
2016-04-08 15:21 ` Jan Beulich
2016-04-08 15:27 ` Konrad Rzeszutek Wilk
2016-04-08 15:29 ` Jan Beulich
[not found] ` <5707D68A.8090006@citrix.com>
[not found] ` <5707FA8B02000078000E6178@prv-mh.provo.novell.com>
2016-04-11 8:07 ` Ross Lagerwall
2016-03-24 20:00 ` [PATCH v5 14/28] x86, xsplice: Print payload's symbol name and payload name in backtraces Konrad Rzeszutek Wilk
2016-04-01 15:23 ` Jan Beulich
2016-04-06 2:39 ` Konrad Rzeszutek Wilk
2016-04-07 1:07 ` Jan Beulich
2016-03-24 20:00 ` [PATCH v5 15/28] xsplice: Add .xsplice.hooks functions and test-case Konrad Rzeszutek Wilk
2016-04-01 15:50 ` Jan Beulich
2016-04-06 2:42 ` Konrad Rzeszutek Wilk
2016-04-06 6:39 ` Martin Pohlack
2016-04-07 1:15 ` Jan Beulich
2016-04-08 15:57 ` Ross Lagerwall
2016-04-08 17:39 ` Jan Beulich
2016-04-11 8:23 ` Ross Lagerwall
2016-04-22 13:33 ` Jan Beulich
2016-04-22 13:58 ` Jan Beulich
2016-04-22 17:32 ` Konrad Rzeszutek Wilk
2016-04-07 1:11 ` Jan Beulich
2016-03-24 20:00 ` [PATCH v5 16/28] xsplice: Add support for bug frames Konrad Rzeszutek Wilk
2016-04-01 16:00 ` Jan Beulich
2016-03-24 20:00 ` [PATCH v5 17/28] xsplice: Add support for exception tables Konrad Rzeszutek Wilk
2016-04-01 16:06 ` Jan Beulich
2016-04-06 14:41 ` Konrad Rzeszutek Wilk
2016-04-06 15:32 ` Andrew Cooper
2016-04-07 1:21 ` Jan Beulich
2016-03-24 20:00 ` [PATCH v5 18/28] xsplice: Add support for alternatives Konrad Rzeszutek Wilk
2016-04-01 16:20 ` Jan Beulich
2016-04-07 3:11 ` Konrad Rzeszutek Wilk
2016-03-24 20:00 ` [PATCH v5 19/28] build_id: Provide ld-embedded build-ids Konrad Rzeszutek Wilk
2016-04-04 12:46 ` Jan Beulich
2016-04-07 2:58 ` Konrad Rzeszutek Wilk
2016-04-08 15:49 ` Ross Lagerwall
2016-04-08 18:47 ` Konrad Rzeszutek Wilk
2016-04-08 18:54 ` Andrew Cooper
2016-04-08 19:54 ` Jan Beulich
2016-04-08 0:18 ` Konrad Rzeszutek Wilk
2016-04-08 1:52 ` Konrad Rzeszutek Wilk
2016-04-08 15:27 ` Jan Beulich
2016-04-08 17:06 ` Konrad Rzeszutek Wilk
2016-04-08 17:44 ` Jan Beulich
2016-04-08 19:23 ` Konrad Rzeszutek Wilk
2016-04-08 19:39 ` Konrad Rzeszutek Wilk
2016-04-08 20:14 ` Jan Beulich
2016-04-08 20:50 ` Konrad Rzeszutek Wilk
2016-04-08 21:11 ` Jan Beulich
2016-04-08 21:15 ` Konrad Rzeszutek Wilk
2016-04-08 15:25 ` Jan Beulich
2016-03-24 20:00 ` [PATCH v5 20/28] HYPERCALL_version_op: Add VERSION_build_id to retrieve build-id Konrad Rzeszutek Wilk
2016-03-25 16:26 ` Daniel De Graaf
2016-04-04 13:35 ` Jan Beulich
2016-03-24 20:00 ` [PATCH v5 21/28] libxl: info: Display build_id of the hypervisor using XEN_VERSION_build_id Konrad Rzeszutek Wilk
2016-03-25 13:25 ` Konrad Rzeszutek Wilk
2016-03-25 15:27 ` Wei Liu
2016-03-24 20:00 ` [PATCH v5 22/28] xsplice: Print build_id in keyhandler and on bootup Konrad Rzeszutek Wilk
2016-04-04 13:38 ` Jan Beulich
2016-03-24 20:00 ` [PATCH v5 23/28] xsplice: Stacking build-id dependency checking Konrad Rzeszutek Wilk
2016-04-04 15:00 ` Jan Beulich
2016-04-04 20:01 ` Konrad Rzeszutek Wilk [this message]
2016-04-05 7:43 ` Jan Beulich
2016-04-08 16:15 ` Ross Lagerwall
2016-04-08 17:47 ` Jan Beulich
2016-04-06 20:05 ` Konrad Rzeszutek Wilk
2016-04-07 1:24 ` Jan Beulich
2016-03-24 20:00 ` [PATCH v5 24/28] xsplice/xen_replace_world: Test-case for XSPLICE_ACTION_REPLACE Konrad Rzeszutek Wilk
2016-03-24 20:00 ` [PATCH v5 25/28] xsplice: Print dependency and payloads build_id in the keyhandler Konrad Rzeszutek Wilk
2016-04-04 15:03 ` Jan Beulich
2016-03-24 20:00 ` [PATCH v5 26/28] xsplice: Prevent duplicate payloads from being loaded Konrad Rzeszutek Wilk
2016-04-04 15:06 ` Jan Beulich
2016-04-04 19:52 ` Konrad Rzeszutek Wilk
2016-03-24 20:00 ` [PATCH v5 27/28] xsplice: Add support for shadow variables Konrad Rzeszutek Wilk
2016-04-04 15:18 ` Jan Beulich
2016-04-06 2:26 ` Konrad Rzeszutek Wilk
2016-04-08 15:58 ` Ross Lagerwall
2016-03-24 20:00 ` [PATCH v5 28/28] MAINTAINERS/xsplice: Add myself and Ross as the maintainers Konrad Rzeszutek Wilk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160404200141.GB9205@char.us.oracle.com \
--to=konrad.wilk@oracle.com \
--cc=JBeulich@suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=keir@xen.org \
--cc=mpohlack@amazon.de \
--cc=ross.lagerwall@citrix.com \
--cc=sasha.levin@oracle.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).