[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2] livepatch: account for patch offset when applying NOP patch

  • To: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Thu, 31 Mar 2022 10:36:58 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=vAdUUPg4fzOSX/Xe0jWn0k7lti2vs1FU2xej0K/ol9o=; b=jBbmXWC2NxOt8ooq6F40HgFfRTphLRJa74kLH9BIKqbNSdWoe3LMKOa3+Ev6YK7y6d28/fWtRIiSfdNNDTV5tm88NyeN4UZ+695/l5Pa995icD8EQCFYEq8TieMiSo9UQifOW0xdEP9n+V4vRjIl/DuKR0EKwSsbVo7rnhnauHMWqhipXmH+HzDPC0i80I7WJUsGF1IEqF3FcYUmAEJF3pNuUFG41sx6goQtbmMFDsLF5fTyJE3wYkQME37xQA7Oyzjez8UzzIuTdhcikBF0qv7NVryhraCY5Atc9tr+evIN/pZEUpn83pxtGPX7DUnGnVyfLriQ6G4lHT57NRI8yQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=j+GTSjRJ7TpwVfwo+/Ptov95SnHegv0gCGUd27z9kvXx+rM5YvATy2k+h9eJ5/lK9Pn7nHCY/QI9KT5j78PErOKwm1DE62EZLWuxcLH3uspimkDjiT9J7odjUgtVVYFunfNHr/XjkJ2UP7GXwNkJncE3VU8agNln8zLx0lZAtMhQRqntabCVH5KygGzZsPzemYJqfheQjqqDZJsfD9U1wFYpjYf2I48XsyTTiCdSgVlzf1nEJxwBWbS6pKP5Mb2axoJ9fr71DA+zyUBICpI+ogtYtZpFq7jhw9Hpuqs3V+CzUSrVeM0jj1eSoi6+s7EV3Km9DaGPuO4v6p/OfAdgJQ==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>, Konrad Wilk <konrad.wilk@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Bjoern Doebel <doebel@xxxxxxxxx>
  • Delivery-date: Thu, 31 Mar 2022 08:37:10 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 31.03.2022 10:27, Roger Pau Monné wrote:
> On Thu, Mar 31, 2022 at 10:13:06AM +0200, Jan Beulich wrote:
>> On 31.03.2022 10:01, Roger Pau Monné wrote:
>>> On Thu, Mar 31, 2022 at 08:42:47AM +0200, Jan Beulich wrote:
>>>> On 30.03.2022 19:04, Roger Pau Monné wrote:
>>>>> On Wed, Mar 30, 2022 at 01:05:31PM +0200,>> --- a/xen/arch/x86/livepatch.c
>>>>>> +++ b/xen/arch/x86/livepatch.c
>>>>>> @@ -157,9 +157,15 @@ void noinline arch_livepatch_apply(struc
>>>>>>       * loaded hotpatch (to avoid racing against other fixups 
>>>>>> adding/removing
>>>>>>       * ENDBR64 or similar instructions).
>>>>>>       */
>>>>>> -    if ( is_endbr64(old_ptr) || is_endbr64_poison(func->old_addr) )
>>>>>> +    if ( len >= ENDBR64_LEN &&
>>>>>
>>>>> Sorry, didn't realize before, but shouldn't this check be using
>>>>> old_size instead of len (which is based on new_size)?
>>>>
>>>> Yes and no: In principle yes, but with len == func->new_size in the NOP
>>>> case, and with arch_livepatch_verify_func() guaranteeing new_size <=
>>>> old_size, the check is still fine for that case. Plus: If new_size was
>>>> less than 4 _but_ there's an ENDBR64 at the start, what would we do? I
>>>> think there's more that needs fixing in this regard. So I guess I'll
>>>> make a v3 with this extra fix dropped and with the livepatch_insn_len()
>>>> invocation simply moved. After all the primary goal is to get the
>>>> stable trees unstuck.
>>>
>>> Right, I agree to try and get the stable trees unblocked ASAP.
>>>
>>> I think the check for ENDBR is only relevant when we are patching the
>>> function with a jump, otherwise the new replacement code should
>>> contain the ENDBR instruction already?
>>
>> No, the "otherwise" case is when we're NOP-ing out code, i.e. when
>> there's no replacement code at all. In this case we need to leave
>> intact the ENDBR, and new_size being less than 4 is bogus afaict in
>> case there actually is an ENDBR.
> 
> Hm, so we never do in-place replacement of code, and we either
> introduce a jump to the new code or otherwise the function is not to
> be called anymore and hence we fill it with no-ops?

If it wasn't to be called anymore, it would be better to fill the
space with INT3, not NOP. I think the purpose isn't really to nop
out entire functions; it's just that the NOP testcase in the tree
does so.

> Shouldn't in the no-op filling case the call to add_nops be bounded by
> old_size and salso the memcpy to old_addr?
> 
> I'm not sure I understand why we use new_size when memcpy'ing into
> old_addr, or when filling the insn buffer.

I was wondering too - it would have seemed more natural to either
require old_size == new_size in this case, or to demand new_size == 0
matching new_addr == NULL. I'm afraid I have to rely on the livepatch
maintainers to answer your questions.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.