Xen project Mailing List

Re: [Xen-devel] [PATCH v2 1/7] livepatch-build: Embed hypervisor build id into every hotpatch

To: Pawel Wieczorkiewicz <wipawel@xxxxxxxxx>, <xen-devel@xxxxxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>

Date: Mon, 25 Nov 2019 14:04:06 +0000

Authentication-results: esa2.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none; spf=None smtp.pra=ross.lagerwall@xxxxxxxxxx; spf=Pass smtp.mailfrom=ross.lagerwall@xxxxxxxxxx; spf=None smtp.helo=postmaster@xxxxxxxxxxxxxxx

Cc: wipawel@xxxxxxxxxx, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, mpohlack@xxxxxxxxxx, Tim Deegan <tim@xxxxxxx>, Julien Grall <julien.grall@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>

Delivery-date: Mon, 25 Nov 2019 14:04:15 +0000

Ironport-sdr: wwsa9QjSyVLGzff4Y2ab6aDb17osa+9Vq3bSG83CFDP9gSPihpvHn0CzZFzK+4NmDuRiL0URhu azm68fLqqM/YwM27vef1QB+j+amBJ6KL5jWZG/d7iyRzQ2Gb5tJBK5CtgWDLORmdPeTRMpb9k1 rBpzfkl98Ay2NGcDuCkFm+STRRl5bJNgc7+9vsJxXCyuFKkSxmwRzcYyaNVpdOajzVs1wfZJxa 687TL38c9CZZR08tM6IB0FlP/hNMcLv4AGzDfyx4xVQiXlbT4WRS8aXk3MRPahvarOCA0tXb9o q+Q=

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 9/16/19 12:30 PM, Pawel Wieczorkiewicz wrote: > This change is part of a independant stacked hotpatch modules > feature. This feature allows to bypass dependencies between modules > upon loading, but still verifies Xen build ID matching. > > With stacked hotpatch modules it is essential that each and every > hotpatch is verified against the hypervisor build id upon upload. > It must not be possible to successfully upload hotpatches built for > incorrect version of the hypervisor. > > To achieve that always embed an additional ELF section: > '.livpatch.xen_depends' containing the hypervisor build id. > > The hypervisor build id must be always provided as a command line > parameter: --xen-depends. > > Signed-off-by: Pawel Wieczorkiewicz <wipawel@xxxxxxxxx> > Reviewed-by: Andra-Irina Paraschiv <andraprs@xxxxxxxxxx> > Reviewed-by: Bjoern Doebel <doebel@xxxxxxxxx> > Reviewed-by: Norbert Manthey <nmanthey@xxxxxxxxx> Reviewed-by: Ross Lagerwall <ross.lagerwall@xxxxxxxxxx> _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.