From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Martin Pohlack <mpohlack@amazon.com>,
Konrad Rzeszutek Wilk <konrad@kernel.org>,
xen-devel@lists.xenproject.org, msw@amazon.com,
aliguori@amazon.com, amesserl@rackspace.com,
rick.harris@rackspace.com, paul.voccio@rackspace.com,
steven.wilson@rackspace.com, major.hayden@rackspace.com,
josh.kearney@rackspace.com, jinsong.liu@alibaba-inc.com,
xiantao.zxt@alibaba-inc.com, daniel.kiper@oracle.com,
elena.ufimtseva@oracle.com, bob.liu@oracle.com,
hanweidong@huawei.com, peter.huangpeng@huawei.com,
fanhenglong@huawei.com, liuyingdong@huawei.com,
john.liuqiming@huawei.com, jbeulich@suse.com, jeremy@goop.org,
dslutz@verizon.com
Subject: Re: [RFC PATCH v3.1 2/2] xsplice: Add hook for build_id
Date: Wed, 5 Aug 2015 09:58:42 +0100 [thread overview]
Message-ID: <55C1D042.9090707@citrix.com> (raw)
In-Reply-To: <55C1CE4A.8000005@amazon.com>
On 05/08/15 09:50, Martin Pohlack wrote:
> On 27.07.2015 21:20, Konrad Rzeszutek Wilk wrote:
>> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
>> ---
>> tools/libxc/xc_private.c | 3 +++
>> tools/misc/xen-xsplice.c | 25 +++++++++++++++++++++++++
>> xen/common/kernel.c | 11 +++++++++++
>> xen/common/version.c | 5 +++++
>> xen/include/public/version.h | 4 ++++
>> xen/include/xen/compile.h.in | 1 +
>> xen/include/xen/version.h | 1 +
>> 7 files changed, 50 insertions(+)
>>
>> diff --git a/tools/libxc/xc_private.c b/tools/libxc/xc_private.c
>> index 2ffebd9..7c039ca 100644
>> --- a/tools/libxc/xc_private.c
>> +++ b/tools/libxc/xc_private.c
>> @@ -713,6 +713,9 @@ int xc_version(xc_interface *xch, int cmd, void *arg)
>> case XENVER_commandline:
>> sz = sizeof(xen_commandline_t);
>> break;
>> + case XENVER_build_id:
>> + sz = sizeof(xen_build_id_t);
>> + break;
>> default:
>> ERROR("xc_version: unknown command %d\n", cmd);
>> return -EINVAL;
>> diff --git a/tools/misc/xen-xsplice.c b/tools/misc/xen-xsplice.c
>> index 7cf9879..dd8266c 100644
>> --- a/tools/misc/xen-xsplice.c
>> +++ b/tools/misc/xen-xsplice.c
>> @@ -17,6 +17,7 @@ void show_help(void)
>> " <id> An unique name of payload. Up to 40 characters.\n"
>> "Commands:\n"
>> " help display this help\n"
>> + " build-id display build-id of hypervisor.\n"
>> " upload <id> <file> upload file <cpuid> with <id> name\n"
>> " list list payloads uploaded.\n"
>> " apply <id> apply <id> patch.\n"
>> @@ -306,12 +307,36 @@ int action_func(int argc, char *argv[], unsigned int idx)
>>
>> return rc;
>> }
>> +
>> +static int build_id_func(int argc, char *argv[])
>> +{
>> + xen_build_id_t build_id;
>> +
>> + if ( argc )
>> + {
>> + show_help();
>> + return -1;
>> + }
>> +
>> + memset(build_id, 0, sizeof(*build_id));
>> +
>> + if ( xc_version(xch, XENVER_build_id, &build_id) < 0 )
>> + {
>> + printf("Failed to get build_id: %d(%s)\n", errno, strerror(errno));
>> + return -1;
>> + }
>> +
>> + printf("%s\n", build_id);
>> + return 0;
>> +}
>> +
>> struct {
>> const char *name;
>> int (*function)(int argc, char *argv[]);
>> } main_options[] = {
>> { "help", help_func },
>> { "list", list_func },
>> + { "build-id", build_id_func },
>> { "upload", upload_func },
>> };
>>
>> diff --git a/xen/common/kernel.c b/xen/common/kernel.c
>> index 6a3196a..e9d41b6 100644
>> --- a/xen/common/kernel.c
>> +++ b/xen/common/kernel.c
>> @@ -357,6 +357,17 @@ DO(xen_version)(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg)
>> if ( copy_to_guest(arg, saved_cmdline, ARRAY_SIZE(saved_cmdline)) )
>> return -EFAULT;
>> return 0;
>> +
>> + case XENVER_build_id:
>> + {
>> + xen_build_id_t build_id;
>> +
>> + memset(build_id, 0, sizeof(build_id));
>> + safe_strcpy(build_id, xen_build_id());
> You seem to want to store and transfer the build_id as a string. Any
> reason why we don't directly expose the build_id embedded by the linker
> in binary format?
>
>> + if ( copy_to_guest(arg, build_id, ARRAY_SIZE(build_id)) )
>> + return -EFAULT;
>> + return 0;
>> + }
> We should not expose the build_id to normal guests, but only to Dom0.
>
> A build_id uniquely identifies a specific build and I don't see how that
> information would be required from DomU. It might actually help an
> attacker to build his return-oriented programming exploit against a
> specific build.
>
> The normal version numbers should be enough to know about capabilities
> and API.
It will need its own XSM hook, but need not be strictly limited to just
dom0.
>
>> }
>>
>> return -ENOSYS;
>> diff --git a/xen/common/version.c b/xen/common/version.c
>> index b152e27..5c3dbb0 100644
>> --- a/xen/common/version.c
>> +++ b/xen/common/version.c
>> @@ -55,3 +55,8 @@ const char *xen_banner(void)
>> {
>> return XEN_BANNER;
>> }
>> +
>> +const char *xen_build_id(void)
>> +{
>> + return XEN_BUILD_ID;
>> +}
>> diff --git a/xen/include/public/version.h b/xen/include/public/version.h
>> index 44f26b0..c863393 100644
>> --- a/xen/include/public/version.h
>> +++ b/xen/include/public/version.h
>> @@ -83,6 +83,10 @@ typedef struct xen_feature_info xen_feature_info_t;
>> #define XENVER_commandline 9
>> typedef char xen_commandline_t[1024];
>>
>> +#define XENVER_build_id 10
>> +typedef char xen_build_id_t[1024];
>> +#define XEN_BUILD_ID_LEN (sizeof(xen_build_id_t))
>> +
>> #endif /* __XEN_PUBLIC_VERSION_H__ */
>>
>> /*
>> diff --git a/xen/include/xen/compile.h.in b/xen/include/xen/compile.h.in
>> index 440ecb2..939685e 100644
>> --- a/xen/include/xen/compile.h.in
>> +++ b/xen/include/xen/compile.h.in
>> @@ -10,4 +10,5 @@
>> #define XEN_EXTRAVERSION "@@extraversion@@"
>>
>> #define XEN_CHANGESET "@@changeset@@"
>> +#define XEN_BUILD_ID "@@changeset@@"
> That leads to a chicken and egg problem when embedding a real build_id.
> Some linker script magic seems to be required. I will try to refine
> the patch.
So funnily enough, I tried experimenting with this and it is fairly easy
to get the basics done.
Further TODO which I havn't done yet is make the --build-id optional on
finding a compatible `ld`, and some symbol magic to directly locate
.note.gnu.build-id
However, this in addition to some of Konrad's original patch is a good
start.
~Andrew
diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile
index 5f24951..10938b2 100644
--- a/xen/arch/x86/Makefile
+++ b/xen/arch/x86/Makefile
@@ -112,7 +112,7 @@ $(TARGET)-syms: prelink.o xen.lds
$(BASEDIR)/common/symbols-dummy.o
$(@D)/.$(@F).0.o -o $(@D)/.$(@F).1
$(NM) -n $(@D)/.$(@F).1 | $(BASEDIR)/tools/symbols >$(@D)/.$(@F).1.S
$(MAKE) -f $(BASEDIR)/Rules.mk $(@D)/.$(@F).1.o
- $(LD) $(LDFLAGS) -T xen.lds -N prelink.o \
+ $(LD) $(LDFLAGS) -T xen.lds -N prelink.o --build-id \
$(@D)/.$(@F).1.o -o $@
rm -f $(@D)/.$(@F).[0-9]*
diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S
index 6553cff..46e6546 100644
--- a/xen/arch/x86/xen.lds.S
+++ b/xen/arch/x86/xen.lds.S
@@ -68,6 +68,13 @@ SECTIONS
} :text
. = ALIGN(SMP_CACHE_BYTES);
+ .notes : {
+ __start_notes = .;
+ *(.note.*)
+ __end_notes = .;
+ } :text
+
+ . = ALIGN(SMP_CACHE_BYTES);
.data.read_mostly : {
/* Exception table */
__start___ex_table = .;
next prev parent reply other threads:[~2015-08-05 8:59 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-27 19:20 [RFC PATCH v3.1] xSplice design Konrad Rzeszutek Wilk
2015-07-27 19:20 ` [RFC PATCH v3.1 1/2] xsplice: rfc.v3.1 Konrad Rzeszutek Wilk
2015-07-30 16:47 ` Johannes Erdfelt
2015-07-31 15:46 ` Konrad Rzeszutek Wilk
2015-08-11 14:17 ` Jan Beulich
2015-07-27 19:20 ` [RFC PATCH v3.1 2/2] xsplice: Add hook for build_id Konrad Rzeszutek Wilk
2015-07-28 15:51 ` Andrew Cooper
2015-07-28 16:35 ` Konrad Rzeszutek Wilk
2015-08-05 8:50 ` Martin Pohlack
2015-08-05 8:58 ` Andrew Cooper [this message]
2015-08-05 13:27 ` Martin Pohlack
2015-08-05 14:06 ` (no subject) Martin Pohlack
2015-08-05 14:09 ` [PATCH] xsplice: Use ld-embedded build-ids Martin Pohlack
2015-08-11 14:12 ` Jan Beulich
2015-08-14 12:59 ` Martin Pohlack
2015-08-14 13:54 ` Jan Beulich
2015-08-14 13:57 ` Martin Pohlack
2015-09-15 18:38 ` Konrad Rzeszutek Wilk
2015-08-11 14:02 ` [RFC PATCH v3.1 2/2] xsplice: Add hook for build_id Jan Beulich
2015-08-05 8:55 ` Hotpatch construction and __LINE__ (was: [RFC PATCH v3.1] xSplice design.) Martin Pohlack
2015-08-05 13:25 ` Hotpatch construction and __LINE__ Andrew Cooper
2015-08-12 8:09 ` Jan Beulich
2015-08-12 9:55 ` Andrew Cooper
2015-11-03 18:21 ` Ross Lagerwall
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55C1D042.9090707@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=aliguori@amazon.com \
--cc=amesserl@rackspace.com \
--cc=bob.liu@oracle.com \
--cc=daniel.kiper@oracle.com \
--cc=dslutz@verizon.com \
--cc=elena.ufimtseva@oracle.com \
--cc=fanhenglong@huawei.com \
--cc=hanweidong@huawei.com \
--cc=jbeulich@suse.com \
--cc=jeremy@goop.org \
--cc=jinsong.liu@alibaba-inc.com \
--cc=john.liuqiming@huawei.com \
--cc=josh.kearney@rackspace.com \
--cc=konrad@kernel.org \
--cc=liuyingdong@huawei.com \
--cc=major.hayden@rackspace.com \
--cc=mpohlack@amazon.com \
--cc=msw@amazon.com \
--cc=paul.voccio@rackspace.com \
--cc=peter.huangpeng@huawei.com \
--cc=rick.harris@rackspace.com \
--cc=steven.wilson@rackspace.com \
--cc=xen-devel@lists.xenproject.org \
--cc=xiantao.zxt@alibaba-inc.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.