[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] livepatch: account for patch offset when applying NOP patch


  • To: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Wed, 30 Mar 2022 12:50:29 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ll6w83opmguGPFOBBKn2y1kp7iPDLZg905WJqgfStcc=; b=En25RqL5c2D9Yi/zbGq1YACWfT13mAXwFSMLToc/RiXeC9gaLM0AFSJLtbf6g/mZjZHAZ0eKPTgFTGAXFgnCKDx5e+K9lrXcJ6fSYH0S7KsEzDfWAJAYIREJm7HqUPBRl5hZpHc5sjzom6LVJJ2eXB8GOuLaZOlW38ktZeQ6oRyKlXoQqxVeRveQu7c7qA0gfBbl9AszPtw5zSLXzv4OlbN1e3rt2mP4B5PYqKHB+YtWtRSFJrF9zuJ97ALH6+l7JeEcIbt2bWvSCORCxpYO3bUFeSprGYiAU8Ody/pDYElXMDIvS3h5gxKkMJaKOxCuEFsVBXVT3Fpj6F2zeGBMCA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=iKd+rQL8S2EItBYLcRlfjwIzpHT9GIaxcwWdxbPy2lArT5lmd1hjUMMnpShnbQKch6KeXNA/+qkbRmhQtz2cdoOHcd8hPewq3Y8QLP35XoL7UicijxR2AyyiF48iMfKHZFf984k0DCxuAeyOKbUSVCQT1+76hCHHmsWBjMTbVfvB3wJI9qaxj39P7TiyA6v+YlkCx32QumB1NFbpHqZlT9ersq3jjrUIM+1OGLbs04vaRlyAiYoLRxuZJlgsGC/6jhup7j4o/OIMaav7bxG5fo2J9BnNejzs0KKpvj6OzkhCj0nbj5gVBSsRxq1QdMPwo/+rplERdIqzPDPNeoUVbQ==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>, Konrad Wilk <konrad.wilk@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Delivery-date: Wed, 30 Mar 2022 10:50:52 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 30.03.2022 12:43, Jan Beulich wrote:
> On 30.03.2022 12:19, Roger Pau Monné wrote:
>> On Wed, Mar 30, 2022 at 10:03:11AM +0200, Jan Beulich wrote:
>>> While not triggered by the trivial xen_nop in-tree patch on
>>> staging/master, that patch exposes a problem on the stable trees, where
>>> all functions have ENDBR inserted. When NOP-ing out a range, we need to
>>> account for this. Handle this right in livepatch_insn_len().
>>>
>>> Fixes: 6974c75180f1 ("xen/x86: Livepatch: support patching CET-enhanced 
>>> functions")
>>> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
>>> ---
>>> Only build tested, as I don't have a live patching environment available.
>>>
>>> For Arm this assumes that the patch_offset field starts out as zero; I
>>> think we can make such an assumption, yet otoh on x86 explicit
>>> initialization was added by the cited commit.
>>>
>>> --- a/xen/include/xen/livepatch.h
>>> +++ b/xen/include/xen/livepatch.h
>>> @@ -90,7 +90,7 @@ static inline
>>>  unsigned int livepatch_insn_len(const struct livepatch_func *func)
>>>  {
>>>      if ( !func->new_addr )
>>> -        return func->new_size;
>>> +        return func->new_size - func->patch_offset;
>>>  
>>>      return ARCH_PATCH_INSN_SIZE;
>>>  }
>>
>> Don't you also need to move the call to livepatch_insn_len() in
>> arch_livepatch_apply() after func->patch_offset has been adjusted to
>> account for ENDBR presence?
> 
> Oh, yes, I definitely need to.

Actually - not quite. I need to call the function a 2nd time. And
this then also points out that is_endbr64() and is_endbr64_poison()
may overrun the range pointed to by old_ptr (which I'll take care
of at the same time).

Jan




 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.