From: "Jan Beulich" <JBeulich@suse.com>
To: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: Keir Fraser <keir@xen.org>,
ross.lagerwall@citrix.com, andrew.cooper3@citrix.com,
mpohlack@amazon.de, sasha.levin@oracle.com,
xen-devel@lists.xenproject.org
Subject: Re: [PATCH v5 23/28] xsplice: Stacking build-id dependency checking.
Date: Mon, 04 Apr 2016 09:00:00 -0600 [thread overview]
Message-ID: <57029D9002000078000E2C1C@prv-mh.provo.novell.com> (raw)
In-Reply-To: <1458849640-22588-24-git-send-email-konrad.wilk@oracle.com>
>>> On 24.03.16 at 21:00, <konrad.wilk@oracle.com> wrote:
> @@ -929,6 +932,33 @@ being loaded and requires an hypervisor build-id to match against.
> The old code allows much more flexibility and an additional guard,
> but is more complex to implement.
>
> +The second option which requires an build-id of the hypervisor
> +is implemented in the Xen Project hypervisor.
> +
> +Specifically each payload has two build-id ELF notes:
> + * The build-id of the payload itself (generated via --build-id).
> + * The build-id of the payload it depends on (extracted from the
> + the previous payload or hypervisor during build time).
> +
> +This means that the very first payload depends on the hypervisor
> +build-id.
So this is mean to be a singly linked chain, not something with
branches and alike, allowing independent patches to be applied
solely based on the base build ID? Is such a restriction not going
to get in the way rather sooner than later?
> +# Not Yet Done
> +
> +This is for further development of xSplice.
> +
> +## Goals
> +
> +The implementation must also have a mechanism for:
> +
> + * Be able to lookup in the Xen hypervisor the symbol names of functions from the ELF payload.
> + * Be able to patch .rodata, .bss, and .data sections.
> + * Further safety checks (blacklist of which functions cannot be patched, check
> + the stack, make sure the payload is built with same compiler as hypervisor,
> + and NMI/MCE handlers and do_nmi for right now - until an safe solution is found).
> + * NOP out the code sequence if `new_size` is zero.
> + * Deal with other relocation types: R_X86_64_[8,16,32,32S], R_X86_64_PC[8,16,64] in payload file.
Does this belong here? Doesn't this duplicate something I saw earlier?
> --- a/xen/common/version.c
> +++ b/xen/common/version.c
> @@ -70,10 +70,29 @@ const char *xen_deny(void)
> /* Defined in linker script. */
> extern const Elf_Note __note_gnu_build_id_start[],
> __note_gnu_build_id_end[];
>
> +int xen_build_id_check(const Elf_Note *n, const void **p, unsigned int *len)
> +{
> + /* Check if we really have a build-id. */
> + if ( NT_GNU_BUILD_ID != n->type )
> + return -ENODATA;
> +
> + /* Sanity check, name should be "GNU" for ld-generated build-id. */
> + if ( strncmp(ELFNOTE_NAME(n), "GNU", n->namesz) != 0 )
> + return -ENODATA;
For the embedded notes this suffices as verification, but I question
this being enough for a patch module: No part of the note should
exceed the containing section. And maybe there are other things.
> #else
>
> +int xen_build_id_check(const Elf_Note *n, const void **p, unsigned int *len)
> +{
> + return -ENODATA;
> +}
What case is this needed for, considering that only xSplice code
should be calling it, and that code depends on build ID availability.
> +static int build_id_dep(struct payload *payload, bool_t ignore)
> +{
> + const void *id = NULL;
> + unsigned int len = 0;
> + int rc;
> + const char *name = "hypervisor";
> +
> + ASSERT(payload->dep.len && payload->dep.p);
> +
> + /* First time user is against hypervisor. */
> + if ( ignore || list_empty(&applied_list) )
"ignore" is perhaps not the most descriptive name, as you aren't
ignoring anything here. Maybe "internal"? And then maybe have
the caller pass the argument using list_empty(&applied_list)
instead of you checking it here?
> --- a/xen/include/xen/version.h
> +++ b/xen/include/xen/version.h
> @@ -17,4 +17,7 @@ const char *xen_deny(void);
> #include <xen/types.h>
> int xen_build_id(const void **p, unsigned int *len);
>
> +#include <xen/elfstructs.h>
> +int xen_build_id_check(const Elf_Note *n, const void **p, unsigned int *len);
The #include is misplaced again, and I'm rather hesitant to see
version.h gain this dependency. Couldn't this go into xen/elf.h?
> --- a/xen/include/xen/xsplice.h
> +++ b/xen/include/xen/xsplice.h
> @@ -40,6 +40,11 @@ struct xsplice_symbol {
> bool_t new_symbol;
> };
>
> +struct xsplice_build_id {
> + const void *p;
> + unsigned int len;
> +};
This isn't being used outside of xsplice.c, so please define the
structure there.
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
next prev parent reply other threads:[~2016-04-04 15:00 UTC|newest]
Thread overview: 190+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-24 20:00 [PATCH v5] xSplice v1 design and implementation Konrad Rzeszutek Wilk
2016-03-24 20:00 ` [PATCH v5 01/28] HYPERCALL_version_op. New hypercall mirroring XENVER_ but sane Konrad Rzeszutek Wilk
2016-03-24 20:22 ` Andrew Cooper
2016-03-24 21:07 ` Konrad Rzeszutek Wilk
2016-03-24 21:30 ` Konrad Rzeszutek Wilk
2016-03-30 15:43 ` Jan Beulich
2016-03-31 6:30 ` Jan Beulich
2016-03-31 11:43 ` Konrad Rzeszutek Wilk
2016-03-31 12:07 ` Jan Beulich
2016-03-31 13:28 ` REST MAINTAINERS feedback requested Was:Re: " Konrad Rzeszutek Wilk
2016-03-31 13:50 ` Jan Beulich
2016-04-08 16:33 ` Jan Beulich
2016-04-08 17:09 ` Konrad Rzeszutek Wilk
2016-04-08 17:13 ` Jan Beulich
2016-04-08 17:21 ` Wei Liu
2016-04-08 17:23 ` Konrad Rzeszutek Wilk
2016-04-08 17:27 ` Wei Liu
2016-04-08 17:21 ` Ian Jackson
2016-04-08 17:41 ` Andrew Cooper
2016-04-08 17:54 ` Jan Beulich
2016-04-11 10:50 ` Ian Jackson
2016-04-11 13:56 ` Konrad Rzeszutek Wilk
2016-04-11 14:22 ` Ian Jackson
2016-04-11 15:48 ` Jan Beulich
2016-04-11 16:25 ` Ian Jackson
2016-04-11 16:53 ` Konrad Rzeszutek Wilk
2016-04-11 17:06 ` Jan Beulich
2016-04-11 17:00 ` Jan Beulich
2016-04-11 17:13 ` Ian Jackson
2016-04-11 17:34 ` Jan Beulich
2016-04-11 17:46 ` Jan Beulich
2016-04-12 9:58 ` George Dunlap
2016-04-12 13:56 ` Konrad Rzeszutek Wilk
2016-04-12 14:38 ` George Dunlap
2016-04-12 15:00 ` Konrad Rzeszutek Wilk
2016-04-12 15:26 ` Ian Jackson
2016-04-13 4:21 ` Jan Beulich
2016-04-13 16:07 ` Ian Jackson
2016-04-14 15:13 ` George Dunlap
2016-04-14 15:59 ` Jan Beulich
2016-04-14 16:19 ` George Dunlap
2016-04-14 17:01 ` Jan Beulich
2016-04-14 18:11 ` REST MAINTAINERS feedback requested Was:Re: [PATCH v5 01/28] HYPERCALL_version_op. New hypercall mirroring XENVER_ but sane. [and 1 more messages] Ian Jackson
2016-04-14 19:22 ` Konrad Rzeszutek Wilk
2016-04-17 7:23 ` Jan Beulich
2016-04-15 11:23 ` REST MAINTAINERS feedback requested Was:Re: [PATCH v5 01/28] HYPERCALL_version_op. New hypercall mirroring XENVER_ but sane George Dunlap
2016-04-17 7:52 ` Jan Beulich
2016-04-12 15:31 ` Jan Beulich
2016-04-12 15:17 ` Jan Beulich
2016-04-12 15:28 ` Konrad Rzeszutek Wilk
2016-04-08 17:24 ` George Dunlap
2016-04-08 17:34 ` Jan Beulich
2016-03-24 20:00 ` [PATCH v5 02/28] libxc/libxl/python/xenstat/ocaml: Use new XEN_VERSION hypercall Konrad Rzeszutek Wilk
2016-03-24 21:24 ` Wei Liu
2016-03-25 13:21 ` Konrad Rzeszutek Wilk
2016-03-24 20:00 ` [PATCH v5 03/28] arm/x86: Use struct virtual_region to do bug, symbol, and (x86) exception tables lookup Konrad Rzeszutek Wilk
2016-03-30 16:09 ` Jan Beulich
2016-03-24 20:00 ` [PATCH v5 04/28] vmap: Add vmalloc_cb and vfree_cb Konrad Rzeszutek Wilk
2016-03-30 16:24 ` Jan Beulich
2016-03-30 16:44 ` Konrad Rzeszutek Wilk
2016-03-31 6:46 ` Jan Beulich
2016-03-31 11:49 ` Konrad Rzeszutek Wilk
2016-03-24 20:00 ` [PATCH v5 05/28] xsplice: Design document Konrad Rzeszutek Wilk
2016-03-29 9:36 ` Jan Beulich
2016-03-29 20:46 ` Konrad Rzeszutek Wilk
2016-03-24 20:00 ` [PATCH v5 06/28] xen/xsplice: Hypervisor implementation of XEN_XSPLICE_op Konrad Rzeszutek Wilk
2016-03-31 9:45 ` Jan Beulich
2016-03-24 20:00 ` [PATCH v5 07/28] libxc: Implementation of XEN_XSPLICE_op in libxc Konrad Rzeszutek Wilk
2016-03-24 20:00 ` [PATCH v5 08/28] xen-xsplice: Tool to manipulate xsplice payloads Konrad Rzeszutek Wilk
2016-03-24 20:00 ` [PATCH v5 09/28] xsplice: Add helper elf routines Konrad Rzeszutek Wilk
2016-03-31 12:03 ` Jan Beulich
2016-04-06 1:38 ` Konrad Rzeszutek Wilk
2016-04-07 0:38 ` Jan Beulich
2016-03-24 20:00 ` [PATCH v5 10/28] xsplice: Implement payload loading Konrad Rzeszutek Wilk
2016-03-31 13:45 ` Jan Beulich
2016-03-31 21:26 ` Konrad Rzeszutek Wilk
2016-04-01 9:18 ` Jan Beulich
2016-04-04 19:44 ` Konrad Rzeszutek Wilk
2016-04-05 1:57 ` Konrad Rzeszutek Wilk
2016-04-05 7:34 ` Jan Beulich
2016-04-05 15:50 ` Konrad Rzeszutek Wilk
2016-04-05 16:15 ` Jan Beulich
2016-04-05 16:45 ` Konrad Rzeszutek Wilk
2016-04-05 17:48 ` Konrad Rzeszutek Wilk
2016-04-07 0:49 ` Jan Beulich
2016-04-07 0:46 ` Jan Beulich
2016-03-24 20:00 ` [PATCH v5 11/28] xsplice: Implement support for applying/reverting/replacing patches Konrad Rzeszutek Wilk
2016-04-01 13:28 ` Jan Beulich
2016-04-01 21:04 ` Konrad Rzeszutek Wilk
2016-04-04 7:07 ` Jan Beulich
2016-04-07 3:05 ` Konrad Rzeszutek Wilk
2016-04-07 15:38 ` Jan Beulich
2016-04-09 14:42 ` Konrad Rzeszutek Wilk
2016-04-11 15:38 ` Jan Beulich
2016-04-07 3:09 ` Konrad Rzeszutek Wilk
2016-04-07 15:43 ` Jan Beulich
2016-04-10 2:36 ` Konrad Rzeszutek Wilk
2016-04-10 2:45 ` Konrad Rzeszutek Wilk
2016-04-11 15:41 ` Jan Beulich
2016-04-11 23:29 ` Konrad Rzeszutek Wilk
2016-04-10 19:47 ` Is: ARM maintainers advice ..Was:Re: " Konrad Rzeszutek Wilk
2016-04-10 20:58 ` Stefano Stabellini
2016-04-11 15:44 ` Jan Beulich
2016-04-11 15:50 ` Konrad Rzeszutek Wilk
2016-04-11 16:05 ` Jan Beulich
2016-03-24 20:00 ` [PATCH v5 12/28] x86/xen_hello_world.xsplice: Test payload for patching 'xen_extra_version' Konrad Rzeszutek Wilk
2016-04-01 13:33 ` Jan Beulich
2016-04-06 2:03 ` Konrad Rzeszutek Wilk
2016-04-07 1:03 ` Jan Beulich
2016-03-24 20:00 ` [PATCH v5 13/28] xsplice, symbols: Implement symbol name resolution on address Konrad Rzeszutek Wilk
2016-04-01 15:11 ` Jan Beulich
2016-04-07 3:14 ` Konrad Rzeszutek Wilk
2016-04-07 15:46 ` Jan Beulich
2016-04-08 1:32 ` Konrad Rzeszutek Wilk
2016-04-08 15:21 ` Jan Beulich
2016-04-08 15:27 ` Konrad Rzeszutek Wilk
2016-04-08 15:29 ` Jan Beulich
[not found] ` <5707D68A.8090006@citrix.com>
[not found] ` <5707FA8B02000078000E6178@prv-mh.provo.novell.com>
2016-04-11 8:07 ` Ross Lagerwall
2016-03-24 20:00 ` [PATCH v5 14/28] x86, xsplice: Print payload's symbol name and payload name in backtraces Konrad Rzeszutek Wilk
2016-04-01 15:23 ` Jan Beulich
2016-04-06 2:39 ` Konrad Rzeszutek Wilk
2016-04-07 1:07 ` Jan Beulich
2016-03-24 20:00 ` [PATCH v5 15/28] xsplice: Add .xsplice.hooks functions and test-case Konrad Rzeszutek Wilk
2016-04-01 15:50 ` Jan Beulich
2016-04-06 2:42 ` Konrad Rzeszutek Wilk
2016-04-06 6:39 ` Martin Pohlack
2016-04-07 1:15 ` Jan Beulich
2016-04-08 15:57 ` Ross Lagerwall
2016-04-08 17:39 ` Jan Beulich
2016-04-11 8:23 ` Ross Lagerwall
2016-04-22 13:33 ` Jan Beulich
2016-04-22 13:58 ` Jan Beulich
2016-04-22 17:32 ` Konrad Rzeszutek Wilk
2016-04-07 1:11 ` Jan Beulich
2016-03-24 20:00 ` [PATCH v5 16/28] xsplice: Add support for bug frames Konrad Rzeszutek Wilk
2016-04-01 16:00 ` Jan Beulich
2016-03-24 20:00 ` [PATCH v5 17/28] xsplice: Add support for exception tables Konrad Rzeszutek Wilk
2016-04-01 16:06 ` Jan Beulich
2016-04-06 14:41 ` Konrad Rzeszutek Wilk
2016-04-06 15:32 ` Andrew Cooper
2016-04-07 1:21 ` Jan Beulich
2016-03-24 20:00 ` [PATCH v5 18/28] xsplice: Add support for alternatives Konrad Rzeszutek Wilk
2016-04-01 16:20 ` Jan Beulich
2016-04-07 3:11 ` Konrad Rzeszutek Wilk
2016-03-24 20:00 ` [PATCH v5 19/28] build_id: Provide ld-embedded build-ids Konrad Rzeszutek Wilk
2016-04-04 12:46 ` Jan Beulich
2016-04-07 2:58 ` Konrad Rzeszutek Wilk
2016-04-08 15:49 ` Ross Lagerwall
2016-04-08 18:47 ` Konrad Rzeszutek Wilk
2016-04-08 18:54 ` Andrew Cooper
2016-04-08 19:54 ` Jan Beulich
2016-04-08 0:18 ` Konrad Rzeszutek Wilk
2016-04-08 1:52 ` Konrad Rzeszutek Wilk
2016-04-08 15:27 ` Jan Beulich
2016-04-08 17:06 ` Konrad Rzeszutek Wilk
2016-04-08 17:44 ` Jan Beulich
2016-04-08 19:23 ` Konrad Rzeszutek Wilk
2016-04-08 19:39 ` Konrad Rzeszutek Wilk
2016-04-08 20:14 ` Jan Beulich
2016-04-08 20:50 ` Konrad Rzeszutek Wilk
2016-04-08 21:11 ` Jan Beulich
2016-04-08 21:15 ` Konrad Rzeszutek Wilk
2016-04-08 15:25 ` Jan Beulich
2016-03-24 20:00 ` [PATCH v5 20/28] HYPERCALL_version_op: Add VERSION_build_id to retrieve build-id Konrad Rzeszutek Wilk
2016-03-25 16:26 ` Daniel De Graaf
2016-04-04 13:35 ` Jan Beulich
2016-03-24 20:00 ` [PATCH v5 21/28] libxl: info: Display build_id of the hypervisor using XEN_VERSION_build_id Konrad Rzeszutek Wilk
2016-03-25 13:25 ` Konrad Rzeszutek Wilk
2016-03-25 15:27 ` Wei Liu
2016-03-24 20:00 ` [PATCH v5 22/28] xsplice: Print build_id in keyhandler and on bootup Konrad Rzeszutek Wilk
2016-04-04 13:38 ` Jan Beulich
2016-03-24 20:00 ` [PATCH v5 23/28] xsplice: Stacking build-id dependency checking Konrad Rzeszutek Wilk
2016-04-04 15:00 ` Jan Beulich [this message]
2016-04-04 20:01 ` Konrad Rzeszutek Wilk
2016-04-05 7:43 ` Jan Beulich
2016-04-08 16:15 ` Ross Lagerwall
2016-04-08 17:47 ` Jan Beulich
2016-04-06 20:05 ` Konrad Rzeszutek Wilk
2016-04-07 1:24 ` Jan Beulich
2016-03-24 20:00 ` [PATCH v5 24/28] xsplice/xen_replace_world: Test-case for XSPLICE_ACTION_REPLACE Konrad Rzeszutek Wilk
2016-03-24 20:00 ` [PATCH v5 25/28] xsplice: Print dependency and payloads build_id in the keyhandler Konrad Rzeszutek Wilk
2016-04-04 15:03 ` Jan Beulich
2016-03-24 20:00 ` [PATCH v5 26/28] xsplice: Prevent duplicate payloads from being loaded Konrad Rzeszutek Wilk
2016-04-04 15:06 ` Jan Beulich
2016-04-04 19:52 ` Konrad Rzeszutek Wilk
2016-03-24 20:00 ` [PATCH v5 27/28] xsplice: Add support for shadow variables Konrad Rzeszutek Wilk
2016-04-04 15:18 ` Jan Beulich
2016-04-06 2:26 ` Konrad Rzeszutek Wilk
2016-04-08 15:58 ` Ross Lagerwall
2016-03-24 20:00 ` [PATCH v5 28/28] MAINTAINERS/xsplice: Add myself and Ross as the maintainers Konrad Rzeszutek Wilk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=57029D9002000078000E2C1C@prv-mh.provo.novell.com \
--to=jbeulich@suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=keir@xen.org \
--cc=konrad.wilk@oracle.com \
--cc=mpohlack@amazon.de \
--cc=ross.lagerwall@citrix.com \
--cc=sasha.levin@oracle.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).