From patchwork Tue Nov 26 10:07:49 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Wieczorkiewicz, Pawel" X-Patchwork-Id: 11261811 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 8AC6315AC for ; Tue, 26 Nov 2019 10:09:35 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 597E920895 for ; Tue, 26 Nov 2019 10:09:35 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=amazon.de header.i=@amazon.de header.b="W/F6fP+x" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 597E920895 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amazon.de Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1iZXlf-0007VT-No; Tue, 26 Nov 2019 10:08:23 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1iZXle-0007VO-W9 for xen-devel@lists.xenproject.org; Tue, 26 Nov 2019 10:08:23 +0000 X-Inumbo-ID: ad8fdaf8-1034-11ea-a39d-12813bfff9fa Received: from smtp-fw-4101.amazon.com (unknown [72.21.198.25]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id ad8fdaf8-1034-11ea-a39d-12813bfff9fa; Tue, 26 Nov 2019 10:08:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.de; i=@amazon.de; q=dns/txt; s=amazon201209; t=1574762902; x=1606298902; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=iPBJtztKt2/IJD63vjL/T+arE4MAcsmUDV6BFZVuaMo=; b=W/F6fP+x4VCNa00r56h4FJHmXy3Jmivsk3EN0hS+yMuU4DSMQVaTvoeN h8x35UnXD5SVLbPKAThKH/a5p/VrQV6jCgkH3mcFt/ps12o45DlRZ8DoX gyqsI9Rfl0XfWb2PRzG/l4/Y8PxDwRLzdJMN2FYtw7e9ELhJQ90W4qtUK 0=; IronPort-SDR: VQJs+XjiaMBLik3efsTmMa4UqX/ZW5LGHvA1m5O739p6ZaKdmPn03QeU2p/EQ4qhDOakm7HGH2 0t7L6cC1UMvw== X-IronPort-AV: E=Sophos;i="5.69,245,1571702400"; d="scan'208";a="5802335" Received: from iad6-co-svc-p1-lb1-vlan3.amazon.com (HELO email-inbound-relay-1d-f273de60.us-east-1.amazon.com) ([10.124.125.6]) by smtp-border-fw-out-4101.iad4.amazon.com with ESMTP; 26 Nov 2019 10:08:22 +0000 Received: from EX13MTAUEA001.ant.amazon.com (iad55-ws-svc-p15-lb9-vlan2.iad.amazon.com [10.40.159.162]) by email-inbound-relay-1d-f273de60.us-east-1.amazon.com (Postfix) with ESMTPS id 4CBF1A1832; Tue, 26 Nov 2019 10:08:17 +0000 (UTC) Received: from EX13D03EUC003.ant.amazon.com (10.43.164.192) by EX13MTAUEA001.ant.amazon.com (10.43.61.243) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Tue, 26 Nov 2019 10:08:17 +0000 Received: from EX13MTAUEB001.ant.amazon.com (10.43.60.96) by EX13D03EUC003.ant.amazon.com (10.43.164.192) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Tue, 26 Nov 2019 10:08:16 +0000 Received: from dev-dsk-wipawel-1a-0c4e6d58.eu-west-1.amazon.com (10.4.134.33) by mail-relay.amazon.com (10.43.60.129) with Microsoft SMTP Server id 15.0.1367.3 via Frontend Transport; Tue, 26 Nov 2019 10:08:14 +0000 From: Pawel Wieczorkiewicz To: Date: Tue, 26 Nov 2019 10:07:49 +0000 Message-ID: <20191126100801.124844-1-wipawel@amazon.de> X-Mailer: git-send-email 2.16.5 MIME-Version: 1.0 Precedence: Bulk Subject: [Xen-devel] [PATCH v6 00/12] livepatch: new features and fixes X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Stefano Stabellini , Julien Grall , Wei Liu , Konrad Rzeszutek Wilk , George Dunlap , Andrew Cooper , Ross Lagerwall , Ian Jackson , mpohlack@amazon.com, =?utf-8?q?Mar?= =?utf-8?q?ek_Marczykowski-G=C3=B3recki?= , Pawel Wieczorkiewicz , Jan Beulich Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" This series introduces new features to the livepatch functionality as briefly discussed during Xen Developer Summit 2019: [a] and [b]. It also provides a few fixes and some small improvements. Main changes in v6: - Added missing action pad field zeroing Main changes in v4: - Fix various typos and minor issues - Simplify arch_livepatch_{apply,revert} by using common_livepatch_{apply,revert} - Improve python bindings and fix few issues Main changes in v3: - Fix expectation test to work on Arm - Add test for metadata (Konrad) - Minor fixes to documentation Main changes in v2: - added new features to livepatch documentation - added livepatch tests - enabled Arm support for [5] - make .modinfo optional for [11] - fixed typos FEATURES: 1. independent modules (patches: [1], [2]) * livepatch-build-tools repo dependency [A] Livepatch enforces the following buildid-based dependency chain between hotpatch modules: 1) first module depends on given hypervisor buildid 2) every consecutive module depends on previous module's buildid This way proper hotpatch stack order is maintained and enforced. While it is important for production hotpatches it limits agility and blocks usage of testing or debug hotpatches. These kinds of hotpatch modules are typically expected to be loaded at any time irrespective of current state of the modules stack. [A] livepatch-build: Embed hypervisor build id into every hotpatch 2. pre- and post- apply|revert actions hooks (patches: [3], [4]) * livepatch-build-tools repo dependency [B] This is an implementation of 4 new livepatch module vetoing hooks, that can be optionally supplied along with modules. Hooks that currently exists in the livepatch mechanism aren't agile enough and have various limitations: * run only from within a quiescing zone * cannot conditionally prevent applying or reverting * do not have access to the module context To address these limitations the following has been implemented: 1) pre-apply hook 2) post-apply hook 3) pre-revert hook 4) post-revert hook [B] create-diff-object: Handle extra pre-|post- hooks 3. apply|revert actions replacement hooks (patches: [5], [6], [7]) * livepatch-build-tools repo dependency: [C], [D], [E] To increase hotpatching system's agility and provide more flexiable long-term hotpatch solution, allow to overwrite the default apply and revert action functions with hook-like supplied alternatives. The alternative functions are optional and the default functions are used by default. [C] create-diff-object: Do not create empty .livepatch.funcs section [D] create-diff-object: Handle optional apply|revert hooks [E] create-diff-object: Add support for applied/reverted marker 4. inline asm hotpatching expectations (patches: [8]) * livepatch-build-tools repo dependency: [F] Expectations are designed as optional feature, since the main use of them is planned for inline asm hotpatching. The payload structure is modified as each expectation structure is part of the livepatch_func structure and hence extends the payload. The payload version is bumped to 3 with this change to highlight the ABI modification and enforce proper support. The expectation is manually enabled during inline asm module construction. If enabled, expectation ensures that the expected content of memory is to be found at a given patching (old_addr) location. [F] create-diff-object: Add support for expectations 5. runtime hotpatch metadata support (patches: [9], [10], [11]) Having detailed hotpatch metadata helps to properly identify module's origin and version. It also allows to keep track of the history of hotpatch loads in the system (at least within dmesg buffer size limits). Extend the livepatch list operation to fetch also payloads' metadata. This is achieved by extending the sysctl list interface with 2 extra guest handles: * metadata - an array of arbitrary size strings * metadata_len - an array of metadata strings' lengths (uin32_t each) To unify and simplify the interface, handle the modules' name strings of arbitrary size by copying them in adhering chunks to the userland. 6. python bindings for livepatch operations (patches: [12]) Extend the XC python bindings library to support all common livepatch operations and actions: - status (pyxc_livepatch_status): - action (pyxc_livepatch_action): - upload (pyxc_livepatch_upload): - list (pyxc_livepatch_list): [a] https://wiki.xenproject.org/wiki/Design_Sessions_2019#LivePatch_improvements_and_features [b] https://lists.xenproject.org/archives/html/xen-devel/2019-07/msg00846.html Merged in v1: python: Add XC binding for Xen build ID livepatch: always print XENLOG_ERR information Pawel Wieczorkiewicz (12): livepatch: Always check hypervisor build ID upon livepatch upload livepatch: Allow to override inter-modules buildid dependency livepatch: Export payload structure via livepatch_payload.h livepatch: Implement pre-|post- apply|revert hooks livepatch: Add support for apply|revert action replacement hooks livepatch: Do not enforce ELF_LIVEPATCH_FUNC section presence livepatch: Add per-function applied/reverted state tracking marker livepatch: Add support for inline asm livepatching expectations livepatch: Add support for modules .modinfo section metadata livepatch: Handle arbitrary size names with the list operation livepatch: Add metadata runtime retrieval mechanism livepatch: Add python bindings for livepatch operations .gitignore | 6 +- docs/misc/livepatch.pandoc | 248 +++++++++- tools/libxc/include/xenctrl.h | 68 ++- tools/libxc/xc_misc.c | 163 ++++-- tools/misc/xen-livepatch.c | 257 +++++++--- tools/python/xen/lowlevel/xc/xc.c | 268 ++++++++++ xen/common/livepatch.c | 656 +++++++++++++++++++++---- xen/include/public/sysctl.h | 63 ++- xen/include/xen/livepatch.h | 43 +- xen/include/xen/livepatch_payload.h | 83 ++++ xen/test/livepatch/Makefile | 121 ++++- xen/test/livepatch/xen_action_hooks.c | 102 ++++ xen/test/livepatch/xen_action_hooks_marker.c | 112 +++++ xen/test/livepatch/xen_action_hooks_noapply.c | 136 +++++ xen/test/livepatch/xen_action_hooks_nofunc.c | 86 ++++ xen/test/livepatch/xen_action_hooks_norevert.c | 143 ++++++ xen/test/livepatch/xen_expectations.c | 41 ++ xen/test/livepatch/xen_expectations_fail.c | 42 ++ xen/test/livepatch/xen_prepost_hooks.c | 122 +++++ xen/test/livepatch/xen_prepost_hooks_fail.c | 75 +++ 20 files changed, 2556 insertions(+), 279 deletions(-) create mode 100644 xen/test/livepatch/xen_action_hooks.c create mode 100644 xen/test/livepatch/xen_action_hooks_marker.c create mode 100644 xen/test/livepatch/xen_action_hooks_noapply.c create mode 100644 xen/test/livepatch/xen_action_hooks_nofunc.c create mode 100644 xen/test/livepatch/xen_action_hooks_norevert.c create mode 100644 xen/test/livepatch/xen_expectations.c create mode 100644 xen/test/livepatch/xen_expectations_fail.c create mode 100644 xen/test/livepatch/xen_prepost_hooks.c create mode 100644 xen/test/livepatch/xen_prepost_hooks_fail.c