[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3] livepatch: account for patch offset when applying NOP patch


  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Date: Thu, 31 Mar 2022 10:21:55 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=E7INZ2eQuq3ukCrCe0To8LZmNN4291FOUF3EXb4WdD4=; b=VUgWlw5BdMQBarRoq90O3jJh/P0434IZg/9nnrwqSJD2VngMfH7/JCqd6vd7p1NXzDElduDmk+x+ENl4hfwiHsXXHMsqPJNyyVHJrIVaBMBflYNR4972aunKNpTnryifrdMFivJ5Dvym5aDfX8qR2NggP+0Xh0k3BHb8fCYKrLL7JzLk6/7V8cAD12CH8cn/Cpu0NFQtlqhPeaLDsC7O+q9eVyIYC30KMyUvulauOayWemGW+uTglVoo1KxUQMswNrvaLuLN3Fqxll19RtcaNvgXxCnMm79I2guXswfpq1vxfEsqda4FHctxH7rrG7PUx9TVmp4tAh5z8tpnlKLOdg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kMFcXqU/jONp8ZWIuKtKoAJaS6BFKC8WbdOWqs/7JxwcLYTJ5PujyWnzlfMcHcdHOybT/V4ZHJPm2Q6dtAlmcOmtm4jdOYghDRdhFND+y6JV/rWp6O9xFMb+rH9Eqg5R9TywcN86IHtdj6LlMbWGpuMqqkJC3pktNuxIXKFZVD0M3MWQ/INj4Vqk7XJ4H3ahwVpjyn/8Aa6EoJIn9GjcCuadjAh9X9ibu4APhunssPNm4ZT34bAaTAMbQ0MHYI3j3HA45MNJ1ePS5XaaIZxDMENrIPiuyIlAR930uMh9gfCyUqJwhWOV2AiyfqapwWfRnz7jmurkdjy/HXAts0HO6w==
  • Authentication-results: esa3.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "Ross Lagerwall" <ross.lagerwall@xxxxxxxxxx>, Konrad Wilk <konrad.wilk@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, "Bjoern Doebel" <doebel@xxxxxxxxx>
  • Delivery-date: Thu, 31 Mar 2022 08:22:24 +0000
  • Ironport-data: A9a23:MnPSs6DgwICD/BVW/xDjw5YqxClBgxIJ4kV8jS/XYbTApDMigjwDy DAXDzuCPK2DZGSmKt9+OY7i/U9QsMKAyt9iQQY4rX1jcSlH+JHPbTi7wuYcHM8wwunrFh8PA xA2M4GYRCwMZiaA4E/raNANlFEkvU2ybuOU5NXsZ2YgHWeIdA970Ug5w7Vi29Yx6TSEK1jlV e3a8pW31GCNg1aYAkpMg05UgEoy1BhakGpwUm0WPZinjneH/5UmJMt3yZWKB2n5WuFp8tuSH I4v+l0bElTxpH/BAvv9+lryn9ZjrrT6ZWBigVIOM0Sub4QrSoXfHc/XOdJFAXq7hQllkPh9w 4xBuICudTwQEZLWweQzUAQbDA5XaPguFL/veRBTsOSWxkzCNXDt3+9vHAc9OohwFuRfWD8Us 6ZCcXZUM07F17neLLGTE4GAguw5K8bmJsUHs2xIxjDFF/c2B5vERs0m4PcGg2lq15gTTJ4yY eI9c2FNTCrCTyZ+M28RDcljwL/3n3TGJmgwRFW9+vNsvjm7IBZK+KfpGMrYfJqNX8o9tkqfq 2jL+0zwBxgIM9rZxTft2nGrgPXGkWXkWYYRPLqi//VujRuYwWl7IB8cWEa/oPK5olWjQN8ZI EsRkgI+oK53+EG1Q93VWxyjvGXCrhMaQ8BXEeAx9EeK0KW83uqCLjFaFHgbMoVg7ZJoA2xxv rOUoz/3LTBk6bGYVWyhzY67kinrOQYWMCwdSgZRGGPp/OLfiI00ixvOSPNqH6i0ksD5FFnM/ tyakMQtr+5N1JBWjs1X6XiC2mvx/caREmbZ8y2NBgqYAhVFiJlJjmBCwXzS9r5+IYmQVTFtV 1BUypHFvIji4Xxg/RFhodnh/pn0v55p0xWG2DaD+qXNERz3oRZPmqgKvFlDyL9BaJpsRNMQS Ba7VfltzJFSJmC2SqR8fpi8Dc8npYC5S4i1CK6JMYQUP8csHONiwM2ITRTKt4wKuBJx+ZzTx L/BKZr8ZZrkIfoPIMWKqxc1juZwm3FWKZL7TpHn1RW3uYdyl1bOIYrpxGCmN7hjhIvd+V292 48Ga6OilkUOOMWjM3K/2dNCcjg3wY0TWMmeRzp/LbXYfGKL2QgJVpfs/F/WU9c7x/4MzLeZo ynVt40x4AOXuEAr4D6iMxhLQLjuQYx+vTQ8OyktNkyvwH8tfcCk66J3Snf9VeBPGDBLpRKsc 8Q4Rg==
  • Ironport-hdrordr: A9a23:fB8S+q9JGxTnGyUXYcFuk+E8db1zdoMgy1knxilNoENuHPBwxv rAoB1E73PJYVYqOE3Jmbi7Sc+9qFfnhONICO4qTMuftWjdyRGVxeRZjLcKrAeQfhEWmtQtsZ uINpIOd+EYbmIK/foSgjPIa+rIqePvmMvD6Ja8vhVQpENRGtpdBm9Ce3em+yZNNXB77PQCZf 2hDp0tnUvfRZ1bVLXxOlA1G8z44/HbnpPvZhALQzYh9Qm1lDutrJr3CQKR0BsyWy5Ghe5Kyx mJryXJooGY992rwB7V0GHeq7xQhdva09NGQOiBkNIcJDnAghuhIK5hR7qBljYop/zH0idhrP D85zMbe+hj4XLYeW+45TPrxgnbyT4rr0TvzFeJ6EGT1/DRdXYfMY5slIhZehzW5w4Lp9dnyp 9G2Gqfqt5+EQ7AtD6V3amHazha0m6P5VYym+8aiHJSFaEEbqVKkIAZ9ERJVL8dASPB7pw9Gu UGNrCS2B9vSyLbU5nlhBgt/DT1NU5DXCtuA3Jy9vB96gIm3UyQlCAjtYkidnRpzuNLd3AL3Z WBDk1SrsA9ciYnV9MPOA4/e7rDNoXse2OEDIvAGyWuKEk4U0i936Ifpo9Fo92XRA==
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Thu, Mar 31, 2022 at 08:49:46AM +0200, Jan Beulich wrote:
> While not triggered by the trivial xen_nop in-tree patch on
> staging/master, that patch exposes a problem on the stable trees, where
> all functions have ENDBR inserted. When NOP-ing out a range, we need to
> account for this. Handle this right in livepatch_insn_len().
> 
> This requires livepatch_insn_len() to be called _after_ ->patch_offset
> was set.
> 
> Fixes: 6974c75180f1 ("xen/x86: Livepatch: support patching CET-enhanced 
> functions")
> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>

Reviewed-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>

Albeit I don't think I understand how the in-place patching is done. I
would expect the !func->new_addr branch of the if in
arch_livepatch_apply to fill the insn buffer with the in-place
replacement instructions, but I only see the buffer getting filled
with nops. I'm likely missing something (not that this patch changes
any of this).

I'm also having trouble figuring out how we assert that the len value
(which is derived from new_size if !new_addr) is not greater than
LIVEPATCH_OPAQUE_SIZE, which is the limit of the insn buffer. Maybe
that's already checked elsewhere.

Thanks, Roger.



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.