Xen-Devel Archive on lore.kernel.org
 help / color / Atom feed
From: Julien Grall <julien.grall@arm.com>
To: Pawel Wieczorkiewicz <wipawel@amazon.de>,
	xen-devel@lists.xen.org, xen-devel@lists.xenproject.org
Cc: "Marek Marczykowski-Górecki" <marmarek@invisiblethingslab.com>,
	wipawel@amazon.com, "Stefano Stabellini" <sstabellini@kernel.org>,
	"Wei Liu" <wl@xen.org>,
	"Konrad Rzeszutek Wilk" <konrad.wilk@oracle.com>,
	"George Dunlap" <George.Dunlap@eu.citrix.com>,
	"Andrew Cooper" <andrew.cooper3@citrix.com>,
	"Ian Jackson" <ian.jackson@eu.citrix.com>,
	mpohlack@amazon.com, "Tim Deegan" <tim@xen.org>,
	"Ross Lagerwall" <ross.lagerwall@citrix.com>,
	"Jan Beulich" <jbeulich@suse.com>,
	"Volodymyr Babchuk" <Volodymyr_Babchuk@epam.com>,
	"Roger Pau Monné" <roger.pau@citrix.com>
Subject: Re: [Xen-devel] [PATCH v2 00/12] livepatch: new features and fixes
Date: Fri, 6 Sep 2019 23:42:43 +0100
Message-ID: <19158ada-296b-9384-c5bf-a4f8e948c008@arm.com> (raw)
In-Reply-To: <20190827084624.116917-1-wipawel@amazon.de>

Hi,

Thank you for the new version. However, I nearly missed the v2 as this 
is a sub-thread of v1. May I ask you to send a new version as a new 
thread instead?

Cheers,

On 8/27/19 9:46 AM, Pawel Wieczorkiewicz wrote:
> This series introduces new features to the livepatch functionality as
> briefly discussed during Xen Developer Summit 2019: [a] and [b].
> It also provides a few fixes and some small improvements.
> 
> Main changes in v2:
> - added new features to livepatch documentation
> - added livepatch tests
> - enabled Arm support for [5]
> - make .modinfo optional for [11]
> - fixed typos
> 
> FEATURES:
> 
> 1. independent modules (patches: [1], [2])
> 
>    * livepatch-build-tools repo dependency [A]
> 
>    Livepatch enforces the following buildid-based dependency chain
>    between hotpatch modules:
>      1) first module depends on given hypervisor buildid
>      2) every consecutive module depends on previous module's buildid
>    This way proper hotpatch stack order is maintained and enforced.
>    While it is important for production hotpatches it limits agility and
>    blocks usage of testing or debug hotpatches. These kinds of hotpatch
>    modules are typically expected to be loaded at any time irrespective
>    of current state of the modules stack.
> 
>    [A] livepatch-build: Embed hypervisor build id into every hotpatch
> 
> 2. pre- and post- apply|revert actions hooks (patches: [3], [4])
> 
>    * livepatch-build-tools repo dependency [B]
> 
>    This is an implementation of 4 new livepatch module vetoing hooks,
>    that can be optionally supplied along with modules.
>    Hooks that currently exists in the livepatch mechanism aren't agile
>    enough and have various limitations:
>    * run only from within a quiescing zone
>    * cannot conditionally prevent applying or reverting
>    * do not have access to the module context
>    To address these limitations the following has been implemented:
>    1) pre-apply hook
>    2) post-apply hook
>    3) pre-revert hook
>    4) post-revert hook
> 
>    [B] create-diff-object: Handle extra pre-|post- hooks
> 
> 3. apply|revert actions replacement hooks (patches: [5], [6], [7])
> 
>    * livepatch-build-tools repo dependency: [C], [D], [E]
> 
>    To increase hotpatching system's agility and provide more flexiable
>    long-term hotpatch solution, allow to overwrite the default apply
>    and revert action functions with hook-like supplied alternatives.
>    The alternative functions are optional and the default functions are
>    used by default.
> 
>    [C] create-diff-object: Do not create empty .livepatch.funcs section
>    [D] create-diff-object: Handle optional apply|revert hooks
>    [E] create-diff-object: Add support for applied/reverted marker
> 
> 4. inline asm hotpatching expectations (patches: [8])
> 
>    * livepatch-build-tools repo dependency: [F]
> 
>    Expectations are designed as optional feature, since the main use of
>    them is planned for inline asm hotpatching.
>    The payload structure is modified as each expectation structure is
>    part of the livepatch_func structure and hence extends the payload.
>    The payload version is bumped to 3 with this change to highlight the
>    ABI modification and enforce proper support.
>    The expectation is manually enabled during inline asm module
>    construction. If enabled, expectation ensures that the expected
>    content of memory is to be found at a given patching (old_addr)
>    location.
> 
>    [F] create-diff-object: Add support for expectations
> 
> 5. runtime hotpatch metadata support (patches: [9], [10], [11])
> 
>    Having detailed hotpatch metadata helps to properly identify module's
>    origin and version. It also allows to keep track of the history of
>    hotpatch loads in the system (at least within dmesg buffer size
>    limits).
>    Extend the livepatch list operation to fetch also payloads' metadata.
>    This is achieved by extending the sysctl list interface with 2 extra
>    guest handles:
>    * metadata     - an array of arbitrary size strings
>    * metadata_len - an array of metadata strings' lengths (uin32_t each)
>    To unify and simplify the interface, handle the modules' name strings
>    of arbitrary size by copying them in adhering chunks to the userland.
> 
> 6. python bindings for livepatch operations (patches: [12])
> 
>    Extend the XC python bindings library to support all common livepatch
>    operations and actions:
>    - status (pyxc_livepatch_status):
>    - action (pyxc_livepatch_action):
>    - upload (pyxc_livepatch_upload):
>    - list (pyxc_livepatch_list):
> 
> [a] https://wiki.xenproject.org/wiki/Design_Sessions_2019#LivePatch_improvements_and_features
> [b] https://lists.xenproject.org/archives/html/xen-devel/2019-07/msg00846.html
> 
> Merged in v1:
>    python: Add XC binding for Xen build ID
>    livepatch: always print XENLOG_ERR information
> 
> Pawel Wieczorkiewicz (12):
>    [1] livepatch: Always check hypervisor build ID upon hotpatch upload
>    [2] livepatch: Allow to override inter-modules buildid dependency
>    [3] livepatch: Export payload structure via livepatch_payload.h
>    [4] livepatch: Implement pre-|post- apply|revert hooks
>    [5] livepatch: Add support for apply|revert action replacement hooks
>    [6] livepatch: Do not enforce ELF_LIVEPATCH_FUNC section presence
>    [7] livepatch: Add per-function applied/reverted state tracking marker
>    [8] livepatch: Add support for inline asm hotpatching expectations
>    [9] livepatch: Add support for modules .modinfo section metadata
>    [10] livepatch: Handle arbitrary size names with the list operation
>    [11] livepatch: Add metadata runtime retrieval mechanism
>    [12] livepatch: Add python bindings for livepatch operations
> 
>   .gitignore                                     |   6 +-
>   docs/misc/livepatch.pandoc                     | 231 ++++++++-
>   tools/libxc/include/xenctrl.h                  |  68 ++-
>   tools/libxc/xc_misc.c                          | 162 +++++--
>   tools/misc/xen-livepatch.c                     | 258 +++++++---
>   tools/python/xen/lowlevel/xc/xc.c              | 273 +++++++++++
>   xen/arch/arm/arm32/livepatch.c                 |  12 +-
>   xen/arch/arm/arm64/livepatch.c                 |  12 +-
>   xen/arch/arm/livepatch.c                       |  10 +-
>   xen/arch/x86/livepatch.c                       |  22 +-
>   xen/common/livepatch.c                         | 647 +++++++++++++++++++++----
>   xen/include/public/sysctl.h                    |  61 ++-
>   xen/include/xen/livepatch.h                    |  42 +-
>   xen/include/xen/livepatch_payload.h            |  83 ++++
>   xen/test/livepatch/Makefile                    | 113 ++++-
>   xen/test/livepatch/xen_action_hooks.c          | 102 ++++
>   xen/test/livepatch/xen_action_hooks_marker.c   | 112 +++++
>   xen/test/livepatch/xen_action_hooks_noapply.c  | 136 ++++++
>   xen/test/livepatch/xen_action_hooks_nofunc.c   |  86 ++++
>   xen/test/livepatch/xen_action_hooks_norevert.c | 143 ++++++
>   xen/test/livepatch/xen_expectations.c          |  41 ++
>   xen/test/livepatch/xen_expectations_fail.c     |  42 ++
>   xen/test/livepatch/xen_prepost_hooks.c         | 122 +++++
>   xen/test/livepatch/xen_prepost_hooks_fail.c    |  75 +++
>   24 files changed, 2579 insertions(+), 280 deletions(-)
>   create mode 100644 xen/test/livepatch/xen_action_hooks.c
>   create mode 100644 xen/test/livepatch/xen_action_hooks_marker.c
>   create mode 100644 xen/test/livepatch/xen_action_hooks_noapply.c
>   create mode 100644 xen/test/livepatch/xen_action_hooks_nofunc.c
>   create mode 100644 xen/test/livepatch/xen_action_hooks_norevert.c
>   create mode 100644 xen/test/livepatch/xen_expectations.c
>   create mode 100644 xen/test/livepatch/xen_expectations_fail.c
>   create mode 100644 xen/test/livepatch/xen_prepost_hooks.c
>   create mode 100644 xen/test/livepatch/xen_prepost_hooks_fail.c
> 

-- 
Julien Grall

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

      parent reply index

Thread overview: 66+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-08-21  8:19 [Xen-devel] [PATCH 00/14] " Pawel Wieczorkiewicz
2019-08-21  8:19 ` [Xen-devel] [PATCH 01/14] livepatch: Always check hypervisor build ID upon hotpatch upload Pawel Wieczorkiewicz
2019-08-21 18:16   ` Konrad Rzeszutek Wilk
2019-08-21  8:19 ` [Xen-devel] [PATCH 02/14] livepatch: Allow to override inter-modules buildid dependency Pawel Wieczorkiewicz
2019-08-21  8:19 ` [Xen-devel] [PATCH 03/14] python: Add XC binding for Xen build ID Pawel Wieczorkiewicz
2019-08-21  8:19 ` [Xen-devel] [PATCH 04/14] livepatch: Export payload structure via livepatch_payload.h Pawel Wieczorkiewicz
2019-08-21  8:19 ` [Xen-devel] [PATCH 05/14] livepatch: Implement pre-|post- apply|revert hooks Pawel Wieczorkiewicz
2019-08-21  8:19 ` [Xen-devel] [PATCH 06/14] livepatch: Add support for apply|revert action replacement hooks Pawel Wieczorkiewicz
2019-08-21 18:31   ` Konrad Rzeszutek Wilk
2019-08-21 19:06     ` Wieczorkiewicz, Pawel
2019-08-26 14:30       ` Konrad Rzeszutek Wilk
2019-08-21  8:19 ` [Xen-devel] [PATCH 07/14] livepatch: Do not enforce ELF_LIVEPATCH_FUNC section presence Pawel Wieczorkiewicz
2019-08-21  8:19 ` [Xen-devel] [PATCH 08/14] livepatch: always print XENLOG_ERR information Pawel Wieczorkiewicz
2019-08-21  8:19 ` [Xen-devel] [PATCH 09/14] livepatch: Add per-function applied/reverted state tracking marker Pawel Wieczorkiewicz
2019-08-21 18:28   ` Konrad Rzeszutek Wilk
2019-08-21 19:00     ` Wieczorkiewicz, Pawel
2019-08-21 21:34   ` Julien Grall
2019-08-22  7:44     ` Wieczorkiewicz, Pawel
2019-08-22 10:07       ` Julien Grall
2019-08-22 10:20         ` Wieczorkiewicz, Pawel
2019-08-22 10:43           ` Julien Grall
2019-08-22 11:15             ` Wieczorkiewicz, Pawel
2019-08-22 15:02               ` Julien Grall
2019-08-22 10:29   ` Julien Grall
2019-08-22 11:02     ` Wieczorkiewicz, Pawel
2019-08-22 15:30       ` Julien Grall
2019-08-22 15:42         ` Wieczorkiewicz, Pawel
2019-08-21  8:19 ` [Xen-devel] [PATCH 10/14] livepatch: Add support for inline asm hotpatching expectations Pawel Wieczorkiewicz
2019-08-21 18:30   ` Konrad Rzeszutek Wilk
2019-08-21 19:02     ` Wieczorkiewicz, Pawel
2019-08-22 10:31   ` Julien Grall
2019-08-22 11:03     ` Wieczorkiewicz, Pawel
2019-08-21  8:19 ` [Xen-devel] [PATCH 11/14] livepatch: Add support for modules .modinfo section metadata Pawel Wieczorkiewicz
2019-08-21  8:19 ` [Xen-devel] [PATCH 12/14] livepatch: Handle arbitrary size names with the list operation Pawel Wieczorkiewicz
2019-08-21  8:19 ` [Xen-devel] [PATCH 13/14] livepatch: Add metadata runtime retrieval mechanism Pawel Wieczorkiewicz
2019-08-21  8:19 ` [Xen-devel] [PATCH 14/14] livepatch: Add python bindings for livepatch operations Pawel Wieczorkiewicz
2019-08-22 21:55   ` Marek Marczykowski-Górecki
2019-08-27  8:46 ` [Xen-devel] [PATCH v2 00/12] livepatch: new features and fixes Pawel Wieczorkiewicz
2019-08-27  8:46   ` [Xen-devel] [PATCH v2 01/12] livepatch: Always check hypervisor build ID upon hotpatch upload Pawel Wieczorkiewicz
2019-08-27  8:46   ` [Xen-devel] [PATCH v2 02/12] livepatch: Allow to override inter-modules buildid dependency Pawel Wieczorkiewicz
2019-08-27  8:46   ` [Xen-devel] [PATCH v2 03/12] livepatch: Export payload structure via livepatch_payload.h Pawel Wieczorkiewicz
2019-08-27  8:46   ` [Xen-devel] [PATCH v2 04/12] livepatch: Implement pre-|post- apply|revert hooks Pawel Wieczorkiewicz
2019-08-27  8:46   ` [Xen-devel] [PATCH v2 05/12] livepatch: Add support for apply|revert action replacement hooks Pawel Wieczorkiewicz
2019-08-27 16:58     ` Konrad Rzeszutek Wilk
2019-08-28  7:37       ` Wieczorkiewicz, Pawel
2019-08-27  8:46   ` [Xen-devel] [PATCH v2 06/12] livepatch: Do not enforce ELF_LIVEPATCH_FUNC section presence Pawel Wieczorkiewicz
2019-08-27  8:46   ` [Xen-devel] [PATCH v2 07/12] livepatch: Add per-function applied/reverted state tracking marker Pawel Wieczorkiewicz
2019-08-27  8:46   ` [Xen-devel] [PATCH v2 08/12] livepatch: Add support for inline asm hotpatching expectations Pawel Wieczorkiewicz
2019-08-29 14:34     ` Konrad Rzeszutek Wilk
2019-08-29 15:29       ` Wieczorkiewicz, Pawel
2019-08-29 15:58     ` Konrad Rzeszutek Wilk
2019-08-29 16:16       ` Wieczorkiewicz, Pawel
2019-08-29 17:49         ` Konrad Rzeszutek Wilk
2019-08-29 19:07           ` Wieczorkiewicz, Pawel
2019-08-29 20:48             ` Konrad Rzeszutek Wilk
2019-09-05 18:05     ` Konrad Rzeszutek Wilk
2019-08-27  8:46   ` [Xen-devel] [PATCH v2 09/12] livepatch: Add support for modules .modinfo section metadata Pawel Wieczorkiewicz
2019-08-27  8:46   ` [Xen-devel] [PATCH v2 10/12] livepatch: Handle arbitrary size names with the list operation Pawel Wieczorkiewicz
2019-08-27  8:46   ` [Xen-devel] [PATCH v2 11/12] livepatch: Add metadata runtime retrieval mechanism Pawel Wieczorkiewicz
2019-08-29 20:48     ` Konrad Rzeszutek Wilk
2019-08-27  8:46   ` [Xen-devel] [PATCH v2 12/12] livepatch: Add python bindings for livepatch operations Pawel Wieczorkiewicz
2019-08-28 13:21     ` Marek Marczykowski-Górecki
2019-08-29 19:23   ` [Xen-devel] [PATCH v2 00/12] livepatch: new features and fixes Konrad Rzeszutek Wilk
2019-09-05 19:13   ` Konrad Rzeszutek Wilk
2019-09-06 22:52     ` Julien Grall
2019-09-06 22:42   ` Julien Grall [this message]

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=19158ada-296b-9384-c5bf-a4f8e948c008@arm.com \
    --to=julien.grall@arm.com \
    --cc=George.Dunlap@eu.citrix.com \
    --cc=Volodymyr_Babchuk@epam.com \
    --cc=andrew.cooper3@citrix.com \
    --cc=ian.jackson@eu.citrix.com \
    --cc=jbeulich@suse.com \
    --cc=konrad.wilk@oracle.com \
    --cc=marmarek@invisiblethingslab.com \
    --cc=mpohlack@amazon.com \
    --cc=roger.pau@citrix.com \
    --cc=ross.lagerwall@citrix.com \
    --cc=sstabellini@kernel.org \
    --cc=tim@xen.org \
    --cc=wipawel@amazon.com \
    --cc=wipawel@amazon.de \
    --cc=wl@xen.org \
    --cc=xen-devel@lists.xen.org \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Xen-Devel Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/xen-devel/0 xen-devel/git/0.git
	git clone --mirror https://lore.kernel.org/xen-devel/1 xen-devel/git/1.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 xen-devel xen-devel/ https://lore.kernel.org/xen-devel \
		xen-devel@lists.xenproject.org xen-devel@lists.xen.org
	public-inbox-index xen-devel

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.xenproject.lists.xen-devel


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git