[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH for-4.9] livepatch: Declare live patching as a supported feature





On 06/26/2017 10:07 PM, Konrad Rzeszutek Wilk wrote:
On Mon, Jun 26, 2017 at 07:29:22PM +0100, Julien Grall wrote:
Hi,

On 06/26/2017 04:36 PM, Ross Lagerwall wrote:
Xen Live Patching has been available as tech preview feature since Xen
4.7 and has now had a couple of releases to stabilize. Xen Live patching
has been used by multiple vendors to fix several real-world security
issues without any severe bugs encountered. Additionally, there are now
tests in OSSTest that test live patching to ensure that no regressions
are introduced.

Based on the amount of testing and usage it has had, we are ready to
declare live patching as a 'Supported' feature.

There are only test for x86 and amd64. We likely want to have those test

The test-cases are also for ARM32.

enabled for all architectures by default.

And the OSSTest can test all of those.

Can we enable them by default? I know that we limited the number of tests for ARM64 due to limited bandwidth. But I don't think we have anything preventing it on ARM32.


Also, I am not aware of anyone using in production livepatch on ARM64 and
ARM32. So did anyone give a good kick at the ARM implementaton?

I am not aware of anybody using it on production on ARM32 or ARM64.

The test-cases are there, the code is there, but yes nobody has kicked
the tires on ARM32/ARM64 extensively with it. I would be excited to
see vendors that use it and their reports but I am not aware of any.


If not, then we should  do it before even considering as a supported feature
for ARM.

OK. Perhaps then only for x86 until ARM operational users pipe up?

That would be my preference. My main concern is to handle security issue afterwards because we didn't give any kick at the code.

Cheers,

--
Julien Grall

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.