[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3 4/4] x86/livepatch: perform sanity checks on the payload exception table contents

To: Jan Beulich <jbeulich@xxxxxxxx>
From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
Date: Tue, 23 Apr 2024 16:31:29 +0200
Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
Delivery-date: Tue, 23 Apr 2024 14:31:39 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Tue, Apr 23, 2024 at 03:51:31PM +0200, Jan Beulich wrote:
> On 23.04.2024 15:12, Roger Pau Monne wrote:
> > Ensure the entries of a payload exception table only apply to text regions 
> > in
> > the payload itself.  Since the payload exception table needs to be loaded 
> > and
> > active even before a patch is applied (because hooks might already rely on 
> > it),
> > make sure the exception table (if any) only contains fixups for the payload
> > text section.
> > 
> > Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
> 
> In principle
> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
> Still two comments:
> 
> > --- a/xen/arch/x86/extable.c
> > +++ b/xen/arch/x86/extable.c
> > @@ -228,3 +228,21 @@ unsigned long asmlinkage 
> > search_pre_exception_table(struct cpu_user_regs *regs)
> >      }
> >      return fixup;
> >  }
> > +
> > +#ifdef CONFIG_LIVEPATCH
> > +bool extable_is_between_bounds(const struct exception_table_entry 
> > *ex_start,
> 
> s/between/in/ or even s/is_between/in/? "Between", to me at least, reads
> very much like meaning "exclusive at both ends".

Oh, OK, I don't associate any boundary inclusion with 'between' or
'in'.  The result is shorter, so I like it.

> > +                               const struct exception_table_entry *ex_end,
> > +                               const void *start, const void *end)
> > +{
> > +    for ( ; ex_start < ex_end; ex_start++ )
> > +    {
> > +        const void *addr = (void *)ex_addr(ex_start);
> > +        const void *cont = (void *)ex_cont(ex_start);
> 
> Might be nicer to use _p() here, or not do the comparisons with pointers, but
> instead with unsigned long-s.

No strong opinion regarding whether to use unsigned longs or pointers.
I've used pointers because I think the function parameters should be
pointers, and that avoided doing a cast in the comparison with
obfuscates it (or introducing yet another local variable).

I can switch to _p(), that's indeed better.

Let me know if you have a strong opinion for using unsigned longs,
otherwise my preference would be to leave it with pointers.

Thanks, Roger.

Follow-Ups:
- Re: [PATCH v3 4/4] x86/livepatch: perform sanity checks on the payload exception table contents
  - From: Jan Beulich

References:
- [PATCH v3 0/4] livepatch: minor bug fixes and improvements
  - From: Roger Pau Monne
- [PATCH v3 4/4] x86/livepatch: perform sanity checks on the payload exception table contents
  - From: Roger Pau Monne
- Re: [PATCH v3 4/4] x86/livepatch: perform sanity checks on the payload exception table contents
  - From: Jan Beulich

Prev by Date: [PATCH 0/4] x86/mm: assorted adjustments
Next by Date: [PATCH 1/4] x86/P2M: write_p2m_entry() is HVM-only anyway
Previous by thread: Re: [PATCH v3 4/4] x86/livepatch: perform sanity checks on the payload exception table contents
Next by thread: Re: [PATCH v3 4/4] x86/livepatch: perform sanity checks on the payload exception table contents
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.