[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v3 4/4] xen: add sysfs node for hypervisor build id

On 06/12/2017 10:21 AM, Juergen Gross wrote:
> For support of Xen hypervisor live patching the hypervisor build id is
> needed. Add a node /sys/hypervisor/properties/buildid containing the
> information.
>
> Signed-off-by: Juergen Gross <jgross@xxxxxxxx>
> ---
>  Documentation/ABI/testing/sysfs-hypervisor-xen | 11 +++++++++-
>  drivers/xen/sys-hypervisor.c                   | 29 
> ++++++++++++++++++++++++++
>  2 files changed, 39 insertions(+), 1 deletion(-)
>
> diff --git a/Documentation/ABI/testing/sysfs-hypervisor-xen 
> b/Documentation/ABI/testing/sysfs-hypervisor-xen
> index c0edb3fdd6eb..53b7b2ea7515 100644
> --- a/Documentation/ABI/testing/sysfs-hypervisor-xen
> +++ b/Documentation/ABI/testing/sysfs-hypervisor-xen
> @@ -1,5 +1,5 @@
>  What:                /sys/hypervisor/guest_type
> -Date:                May 2017
> +Date:                June 2017
>  KernelVersion:       4.13
>  Contact:     xen-devel@xxxxxxxxxxxxxxxxxxxx
>  Description: If running under Xen:
> @@ -32,3 +32,12 @@ Description:       If running under Xen:
>               Describes Xen PMU features (as an integer). A set bit indicates
>               that the corresponding feature is enabled. See
>               include/xen/interface/xenpmu.h for available features
> +
> +What:                /sys/hypervisor/properties/buildid
> +Date:                June 2017
> +KernelVersion:       4.13
> +Contact:     xen-devel@xxxxxxxxxxxxxxxxxxxx
> +Description: If running under Xen:
> +             Build id of the hypervisor, needed for hypervisor live patching.
> +             Might return "<denied>" in case of special security settings
> +             in the hypervisor.

It might? I don't see xen_deny() calls in XENVER_build_id (as I said
below, assuming that's the command you are using).

> diff --git a/drivers/xen/sys-hypervisor.c b/drivers/xen/sys-hypervisor.c
> index d641e9970d5d..92307636ed54 100644
> --- a/drivers/xen/sys-hypervisor.c
> +++ b/drivers/xen/sys-hypervisor.c
> @@ -339,12 +339,41 @@ static ssize_t features_show(struct hyp_sysfs_attr 
> *attr, char *buffer)
>  
>  HYPERVISOR_ATTR_RO(features);
>  
> +static ssize_t buildid_show(struct hyp_sysfs_attr *attr, char *buffer)
> +{
> +     ssize_t ret;
> +     struct xen_build_id dummy;
> +     struct xen_build_id *buildid;
> +
> +     dummy.len = 0;
> +     ret = HYPERVISOR_xen_version(XENVER_get_features, &dummy);

Why XENVER_get_features and not XENVER_build_id?

> +     if (ret < 0) {
> +             if (ret == -EPERM)
> +                     ret = sprintf(buffer, "<denied>");
> +             return ret;
> +     }

Assuming you meant XENVER_build_id, how is this supposed to work?
Hypervisor code specifically has

    if ( build_id.len == 0 )
                return -EINVAL;

-boris

> +
> +     buildid = kmalloc(sizeof(*buildid) + dummy.len, GFP_KERNEL);
> +     if (!buildid)
> +             return -ENOMEM;
> +
> +     ret = HYPERVISOR_xen_version(XENVER_get_features, buildid);
> +     if (ret > 0)
> +             ret = sprintf(buffer, "%s", buildid->buf);
> +     kfree(buildid);
> +
> +     return ret;
> +}
> +
> +HYPERVISOR_ATTR_RO(buildid);
> +
>  static struct attribute *xen_properties_attrs[] = {
>       &capabilities_attr.attr,
>       &changeset_attr.attr,
>       &virtual_start_attr.attr,
>       &pagesize_attr.attr,
>       &features_attr.attr,
> +     &buildid_attr.attr,
>       NULL
>  };
>  


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.