All of lore.kernel.org
 help / color / mirror / Atom feed
From: Martin Pohlack <mpohlack@amazon.com>
To: Konrad Rzeszutek Wilk <konrad@kernel.org>,
	xen-devel@lists.xenproject.org, msw@amazon.com,
	aliguori@amazon.com, amesserl@rackspace.com,
	rick.harris@rackspace.com, paul.voccio@rackspace.com,
	steven.wilson@rackspace.com, major.hayden@rackspace.com,
	josh.kearney@rackspace.com, jinsong.liu@alibaba-inc.com,
	xiantao.zxt@alibaba-inc.com, daniel.kiper@oracle.com,
	elena.ufimtseva@oracle.com, bob.liu@oracle.com,
	hanweidong@huawei.com, peter.huangpeng@huawei.com,
	fanhenglong@huawei.com, liuyingdong@huawei.com,
	john.liuqiming@huawei.com, jbeulich@suse.com,
	Andrew.Cooper3@citrix.com, jeremy@goop.org, dslutz@verizon.com
Subject: Re: [RFC PATCH v3.1 2/2] xsplice: Add hook for build_id
Date: Wed, 5 Aug 2015 10:50:18 +0200	[thread overview]
Message-ID: <55C1CE4A.8000005@amazon.com> (raw)
In-Reply-To: <1438024817-26942-3-git-send-email-konrad.wilk@oracle.com>

On 27.07.2015 21:20, Konrad Rzeszutek Wilk wrote:
> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
> ---
>  tools/libxc/xc_private.c     |  3 +++
>  tools/misc/xen-xsplice.c     | 25 +++++++++++++++++++++++++
>  xen/common/kernel.c          | 11 +++++++++++
>  xen/common/version.c         |  5 +++++
>  xen/include/public/version.h |  4 ++++
>  xen/include/xen/compile.h.in |  1 +
>  xen/include/xen/version.h    |  1 +
>  7 files changed, 50 insertions(+)
> 
> diff --git a/tools/libxc/xc_private.c b/tools/libxc/xc_private.c
> index 2ffebd9..7c039ca 100644
> --- a/tools/libxc/xc_private.c
> +++ b/tools/libxc/xc_private.c
> @@ -713,6 +713,9 @@ int xc_version(xc_interface *xch, int cmd, void *arg)
>      case XENVER_commandline:
>          sz = sizeof(xen_commandline_t);
>          break;
> +    case XENVER_build_id:
> +        sz = sizeof(xen_build_id_t);
> +        break;
>      default:
>          ERROR("xc_version: unknown command %d\n", cmd);
>          return -EINVAL;
> diff --git a/tools/misc/xen-xsplice.c b/tools/misc/xen-xsplice.c
> index 7cf9879..dd8266c 100644
> --- a/tools/misc/xen-xsplice.c
> +++ b/tools/misc/xen-xsplice.c
> @@ -17,6 +17,7 @@ void show_help(void)
>              " <id> An unique name of payload. Up to 40 characters.\n"
>              "Commands:\n"
>              "  help                 display this help\n"
> +            "  build-id             display build-id of hypervisor.\n"
>              "  upload <id> <file>   upload file <cpuid> with <id> name\n"
>              "  list                 list payloads uploaded.\n"
>              "  apply <id>           apply <id> patch.\n"
> @@ -306,12 +307,36 @@ int action_func(int argc, char *argv[], unsigned int idx)
>  
>      return rc;
>  }
> +
> +static int build_id_func(int argc, char *argv[])
> +{
> +    xen_build_id_t build_id;
> +
> +    if ( argc )
> +    {
> +        show_help();
> +        return -1;
> +    }
> +
> +    memset(build_id, 0, sizeof(*build_id));
> +
> +    if ( xc_version(xch, XENVER_build_id, &build_id) < 0 )
> +    {
> +        printf("Failed to get build_id: %d(%s)\n", errno, strerror(errno));
> +        return -1;
> +    }
> +
> +    printf("%s\n", build_id);
> +    return 0;
> +}
> +
>  struct {
>      const char *name;
>      int (*function)(int argc, char *argv[]);
>  } main_options[] = {
>      { "help", help_func },
>      { "list", list_func },
> +    { "build-id", build_id_func },
>      { "upload", upload_func },
>  };
>  
> diff --git a/xen/common/kernel.c b/xen/common/kernel.c
> index 6a3196a..e9d41b6 100644
> --- a/xen/common/kernel.c
> +++ b/xen/common/kernel.c
> @@ -357,6 +357,17 @@ DO(xen_version)(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg)
>          if ( copy_to_guest(arg, saved_cmdline, ARRAY_SIZE(saved_cmdline)) )
>              return -EFAULT;
>          return 0;
> +
> +    case XENVER_build_id:
> +    {
> +        xen_build_id_t build_id;
> +
> +        memset(build_id, 0, sizeof(build_id));
> +        safe_strcpy(build_id, xen_build_id());

You seem to want to store and transfer the build_id as a string.  Any
reason why we don't directly expose the build_id embedded by the linker
in binary format?

> +        if ( copy_to_guest(arg, build_id, ARRAY_SIZE(build_id)) )
> +            return -EFAULT;
> +        return 0;
> +    }

We should not expose the build_id to normal guests, but only to Dom0.

A build_id uniquely identifies a specific build and I don't see how that
information would be required from DomU.  It might actually help an
attacker to build his return-oriented programming exploit against a
specific build.

The normal version numbers should be enough to know about capabilities
and API.

>      }
>  
>      return -ENOSYS;
> diff --git a/xen/common/version.c b/xen/common/version.c
> index b152e27..5c3dbb0 100644
> --- a/xen/common/version.c
> +++ b/xen/common/version.c
> @@ -55,3 +55,8 @@ const char *xen_banner(void)
>  {
>      return XEN_BANNER;
>  }
> +
> +const char *xen_build_id(void)
> +{
> +    return XEN_BUILD_ID;
> +}
> diff --git a/xen/include/public/version.h b/xen/include/public/version.h
> index 44f26b0..c863393 100644
> --- a/xen/include/public/version.h
> +++ b/xen/include/public/version.h
> @@ -83,6 +83,10 @@ typedef struct xen_feature_info xen_feature_info_t;
>  #define XENVER_commandline 9
>  typedef char xen_commandline_t[1024];
>  
> +#define XENVER_build_id 10
> +typedef char xen_build_id_t[1024];
> +#define XEN_BUILD_ID_LEN (sizeof(xen_build_id_t))
> +
>  #endif /* __XEN_PUBLIC_VERSION_H__ */
>  
>  /*
> diff --git a/xen/include/xen/compile.h.in b/xen/include/xen/compile.h.in
> index 440ecb2..939685e 100644
> --- a/xen/include/xen/compile.h.in
> +++ b/xen/include/xen/compile.h.in
> @@ -10,4 +10,5 @@
>  #define XEN_EXTRAVERSION	"@@extraversion@@"
>  
>  #define XEN_CHANGESET		"@@changeset@@"
> +#define XEN_BUILD_ID        "@@changeset@@"

That leads to a chicken and egg problem when embedding a real build_id.
 Some linker script magic seems to be required.  I will try to refine
the patch.

>  #define XEN_BANNER		\
> diff --git a/xen/include/xen/version.h b/xen/include/xen/version.h
> index 81a3c7d..02f9585 100644
> --- a/xen/include/xen/version.h
> +++ b/xen/include/xen/version.h
> @@ -12,5 +12,6 @@ unsigned int xen_minor_version(void);
>  const char *xen_extra_version(void);
>  const char *xen_changeset(void);
>  const char *xen_banner(void);
> +const char *xen_build_id(void);
>  
>  #endif /* __XEN_VERSION_H__ */
> 

Amazon Development Center Germany GmbH
Krausenstr. 38
10117 Berlin
Geschaeftsfuehrer: Dr. Ralf Herbrich, Christian Schlaeger
Ust-ID: DE289237879
Eingetragen am Amtsgericht Charlottenburg HRB 149173 B

  parent reply	other threads:[~2015-08-05  8:50 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-07-27 19:20 [RFC PATCH v3.1] xSplice design Konrad Rzeszutek Wilk
2015-07-27 19:20 ` [RFC PATCH v3.1 1/2] xsplice: rfc.v3.1 Konrad Rzeszutek Wilk
2015-07-30 16:47   ` Johannes Erdfelt
2015-07-31 15:46     ` Konrad Rzeszutek Wilk
2015-08-11 14:17       ` Jan Beulich
2015-07-27 19:20 ` [RFC PATCH v3.1 2/2] xsplice: Add hook for build_id Konrad Rzeszutek Wilk
2015-07-28 15:51   ` Andrew Cooper
2015-07-28 16:35     ` Konrad Rzeszutek Wilk
2015-08-05  8:50   ` Martin Pohlack [this message]
2015-08-05  8:58     ` Andrew Cooper
2015-08-05 13:27       ` Martin Pohlack
2015-08-05 14:06         ` (no subject) Martin Pohlack
2015-08-05 14:09         ` [PATCH] xsplice: Use ld-embedded build-ids Martin Pohlack
2015-08-11 14:12           ` Jan Beulich
2015-08-14 12:59             ` Martin Pohlack
2015-08-14 13:54               ` Jan Beulich
2015-08-14 13:57                 ` Martin Pohlack
2015-09-15 18:38                   ` Konrad Rzeszutek Wilk
2015-08-11 14:02   ` [RFC PATCH v3.1 2/2] xsplice: Add hook for build_id Jan Beulich
2015-08-05  8:55 ` Hotpatch construction and __LINE__ (was: [RFC PATCH v3.1] xSplice design.) Martin Pohlack
2015-08-05 13:25   ` Hotpatch construction and __LINE__ Andrew Cooper
2015-08-12  8:09     ` Jan Beulich
2015-08-12  9:55       ` Andrew Cooper
2015-11-03 18:21   ` Ross Lagerwall

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=55C1CE4A.8000005@amazon.com \
    --to=mpohlack@amazon.com \
    --cc=Andrew.Cooper3@citrix.com \
    --cc=aliguori@amazon.com \
    --cc=amesserl@rackspace.com \
    --cc=bob.liu@oracle.com \
    --cc=daniel.kiper@oracle.com \
    --cc=dslutz@verizon.com \
    --cc=elena.ufimtseva@oracle.com \
    --cc=fanhenglong@huawei.com \
    --cc=hanweidong@huawei.com \
    --cc=jbeulich@suse.com \
    --cc=jeremy@goop.org \
    --cc=jinsong.liu@alibaba-inc.com \
    --cc=john.liuqiming@huawei.com \
    --cc=josh.kearney@rackspace.com \
    --cc=konrad@kernel.org \
    --cc=liuyingdong@huawei.com \
    --cc=major.hayden@rackspace.com \
    --cc=msw@amazon.com \
    --cc=paul.voccio@rackspace.com \
    --cc=peter.huangpeng@huawei.com \
    --cc=rick.harris@rackspace.com \
    --cc=steven.wilson@rackspace.com \
    --cc=xen-devel@lists.xenproject.org \
    --cc=xiantao.zxt@alibaba-inc.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.