[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2] livepatch: account for patch offset when applying NOP patch
- To: Jan Beulich <jbeulich@xxxxxxxx>
- From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
- Date: Thu, 31 Mar 2022 10:27:33 +0200
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=OL6mNXHh4DV6Xle+Fz712zXgPoopxZ6H7L3FKtSbzRg=; b=P6zl7j0O2qZ7hoQ+L3IDopbT2uuMrIshfd5gbRjCuIPvN++vLtHYSysAO+Gz1un/B9a+hashgDSw/nLYOec5mg3pumLVrGj71QIcbsIcSRyxwMU43O2YatlEA9hpv3tmvkBQjs7eAdj3QvO5+eAZY6qqVQlIj2CDv9qSBq3v0qc2VazuO9B6IzYDsEUyZdzFebdJhIDBBHDFr2CTZ6hPcZKM8vK+LURsz7KQp7ydywvXpmJbu8ESSlkx/qBvhl6KckyZRHpUaDk0OW+Mt8LVC0TD6prjJQ0vnumL18R+Q/9WtROJJZBKu5wORtGbMsRHxItzBetR4xoQEC1nekiXmQ==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hXu/PmjHwb3W9BRjZ50vAaycUozLHruMAxZdDpQPWK/CK2KnbOKrP/g8Zdh5+XZjNWFbweFNQLdGd7T0KakJSWLkhqqmwXVF0JYeQTBiaAo/VUJm5kAyHIacmkrgIYxqdg/k1y/nL1ash3kH58cuIrIQ09FxqCHNxPv4T5luCXI2nF8icbPl8D0ya4tbLKRdulH6Dm41FK7nAQlyzpjm7zbVtSD86mHoPKUdiqlfIjeru/zqr3bZBnI+JvjjwR8joc3LFICpVEls3dJfbR03aJCVuYGThzNEzq+ygwa0ERO9jrY9pjpY70wpCEWYyCckknvT6ePwELlJB374IOAnVQ==
- Authentication-results: esa1.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
- Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>, Konrad Wilk <konrad.wilk@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Bjoern Doebel <doebel@xxxxxxxxx>
- Delivery-date: Thu, 31 Mar 2022 08:27:52 +0000
- Ironport-data: A9a23:OhBCfaxyLwjlQvSkctV6t+cOxirEfRIJ4+MujC+fZmUNrF6WrkUEz mFJCj2GOveNYWOhLopyPoyy80xX7JOBn9cySVRtqSAxQypGp/SeCIXCJC8cHc8zwu4v7q5Dx 59DAjUVBJlsFhcwnj/0bv656yMUOZigHtIQMsadUsxKbVIiGX9JZS5LwbZj2NYz2oHhWmthh PupyyHhEA79s9JLGjp8B5Kr8HuDa9yr5Vv0FnRnDRx6lAe2e0s9VfrzFonoR5fMeaFGH/bSe gr25OrRElU1XfsaIojNfr7TKiXmS1NJVOSEoiI+t6OK2nCuqsGuu0qS2TV1hUp/0l20c95NJ NplqMW/EwYoMvD2oe0DTiVaIyYgHqBA9+qSSZS/mZT7I0zudnLtx7NlDV0sPJ1e8eFyaY1M3 aVGcnZXNEnF3r/ohuLgIgVvrp1LwM3DJoQQt2sm1TjEJf0nXYrCU+PB4towMDIY2JAWRqiAO pNxhTxHYyv/ZgwfAFYuM5Msvdbv13TlKj16kQfAzUYwyzeKl1EguFT3C/LKfvSaSMMTmVyXz krK+GnzDxUyPdmW2z2DtH6h7sfMmiXhUY5UC7y89dZtmlSYwmFVAxoTPXO5q/Skjk+1W/pEN lcZvCEpqMAa5EGtC9XwQRC8iHqFpQIHHcpdFfUg7wOAwbaS5ByWblXoVRYYNoZg7pVvA2V3i BnZxLsFGACDrpWIEH3H97aY8AmLMDYIEW0yYnEnQA0KtoyLTJ4IsjrDSdNqEaiQh9LzGC3tz z3ikBXSl4n/nuZQifzloAmvbyaE48GQE1Vrvlm/sneNtFsRWWKzW2C/BbE3B95kJZ3RcFSOt WNsdyO2vLFXVsHleMBgrYww8FCVCxStbWW0bb1HRcBJG9GRF5iLJ9o4DNZWfhsBDyr8UWW1C HI/QCsIjHOpAFOkbLVsf6W6ANkwwK7rGLzND66IPoQQP8cvLlLYoUmCgHJ8OUi3yiDAdollZ P+mnTuEVy5GWcyLMhLoLwvi7VPb7n9nnj6CLXwK5x+mzaCfdBaopUQtazOzghQCxPrc+m39q o8HX+PTkkk3eLCuM0H/rN9IRXhXfCdTOHwDg5EOHgJ1ClE9Qz9J5j646e5JRrGJaIwOyL+Sp yvtCxIAoLc97FWeQTi3hrlYQOqHdb50rG4hPDxqOlCt2nM5Zp2o4rtZfJwyFYTLPsQ/pRKoZ 5Hpo/m9P8k=
- Ironport-hdrordr: A9a23:Qt5BpaPHGxzx+MBcTyP155DYdb4zR+YMi2TDiHofdfUFSKClfp 6V8cjztSWUtN4QMEtQ/uxoHJPwO080kqQFnLX5XI3SJzUO3VHHEGgM1/qB/9SNIVyaygcZ79 YdT0EcMqyAMbEZt7eC3ODQKb9Jq7PmgcOVbKXlvg9QpGlRGt9dBmxCe2Cm+yNNNW177c1TLu vi2iMLnUvpRV0nKuCAQlUVVenKoNPG0LrgfB49HhYirC2Dlymh5rLWGwWRmk52aUIE/Z4StU z+1yDp7KSqtP+2jjfaym/o9pxT3P/s0MFKCsCggtUcbh/slgGrToJ8XKDqhkF/nMifrHIR1P XcqRYpOMp+r1vXY2GOuBPonzLt1T4/gkWSvmOwsD/Gm4jUVTg6A81OicZyaR3C8Xctu9l6ze Ziw3+Zn4A/N2KOoA3No/zzEz16nEu9pnQv1cQJiWZEbIcYYLhN6aQC4UJuFosaFi6S0vFqLA BXNrCc2B9qSyLbU5iA1VMfg+BEH05DUytue3Jy9PB8iFNt7TJEJ0hx/r1qop5PzuN5d3B+3Z W2Dk1ZrsA/ciYoV9MOOA4ge7rANoWfe2OEDIqtSW6XYZ3vfUi976LK3A==
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Thu, Mar 31, 2022 at 10:13:06AM +0200, Jan Beulich wrote:
> On 31.03.2022 10:01, Roger Pau Monné wrote:
> > On Thu, Mar 31, 2022 at 08:42:47AM +0200, Jan Beulich wrote:
> >> On 30.03.2022 19:04, Roger Pau Monné wrote:
> >>> On Wed, Mar 30, 2022 at 01:05:31PM +0200,>> --- a/xen/arch/x86/livepatch.c
> >>>> +++ b/xen/arch/x86/livepatch.c
> >>>> @@ -157,9 +157,15 @@ void noinline arch_livepatch_apply(struc
> >>>> * loaded hotpatch (to avoid racing against other fixups
> >>>> adding/removing
> >>>> * ENDBR64 or similar instructions).
> >>>> */
> >>>> - if ( is_endbr64(old_ptr) || is_endbr64_poison(func->old_addr) )
> >>>> + if ( len >= ENDBR64_LEN &&
> >>>
> >>> Sorry, didn't realize before, but shouldn't this check be using
> >>> old_size instead of len (which is based on new_size)?
> >>
> >> Yes and no: In principle yes, but with len == func->new_size in the NOP
> >> case, and with arch_livepatch_verify_func() guaranteeing new_size <=
> >> old_size, the check is still fine for that case. Plus: If new_size was
> >> less than 4 _but_ there's an ENDBR64 at the start, what would we do? I
> >> think there's more that needs fixing in this regard. So I guess I'll
> >> make a v3 with this extra fix dropped and with the livepatch_insn_len()
> >> invocation simply moved. After all the primary goal is to get the
> >> stable trees unstuck.
> >
> > Right, I agree to try and get the stable trees unblocked ASAP.
> >
> > I think the check for ENDBR is only relevant when we are patching the
> > function with a jump, otherwise the new replacement code should
> > contain the ENDBR instruction already?
>
> No, the "otherwise" case is when we're NOP-ing out code, i.e. when
> there's no replacement code at all. In this case we need to leave
> intact the ENDBR, and new_size being less than 4 is bogus afaict in
> case there actually is an ENDBR.
Hm, so we never do in-place replacement of code, and we either
introduce a jump to the new code or otherwise the function is not to
be called anymore and hence we fill it with no-ops?
Shouldn't in the no-op filling case the call to add_nops be bounded by
old_size and salso the memcpy to old_addr?
I'm not sure I understand why we use new_size when memcpy'ing into
old_addr, or when filling the insn buffer.
Thanks, Roger.
|
