Xen project Mailing List

Re: [PATCH v3] livepatch: account for patch offset when applying NOP patch

To: Roger Pau Monné <roger.pau@xxxxxxxxxx>

Date: Thu, 31 Mar 2022 10:42:15 +0200

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Hg+QikVvGA78nenuqUw7zHf6Ghwa8wX98L1tevmyRyE=; b=VbxG5vF3JGvAcgmihI18EedemxlJwm+AZk5T6H2TKUPUjGZSHHqOF4PiNabU5SpSkPC5L9me0YxJ6Wj0BGFf0mwO3b3iXSTQUcigN279MtCDhp/mAKYd+Hong28xTTMB+ZZDIwu+1D/veywPZd1Vd7jAHr/tWv3f74IyjIJyx10R/yvaUUqMsDVV1HmwkHrUtkPXjYMPTa/+PzPkbcgP1DMzBFYTNCnErWnoJrNWp0cUjH7dXrKy6C1qcFMG05oqOkr9GStrj6F09RgsRAYBSb2cgpWnsaC2dzBLxSMalmG3UxNF8GIxPyVl+Bs11aR7EQ8jDHFnAEts7tuYE/0trw==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BR0DaytymPK50G9woauW7o3WsYTe9Um2bz94bmTHnY0jYLyzhdki3TtIWNme0431RoHq4miJzOlIwXiuZRgURmpmbSnCtAOozWLSU5jDz9Lpu9TkoACCAHcOBqsGfI6ZEqF3eI6JHi8fdKjclXuRtx43YkhwCn8WWUNvVdwW95WRK/76L0oM6Q+LOfZ0H9o/fC0LEq38YCH6ZlkU/MUlDWvJq5XDAVoFOTfaXlv0s5pK95KqtTWvdzfV13ykaAEwS5rhAakqg3Tne3RMT04Hmg8Kx9Z94f4qFU3llRqgBJxV1y3FrcyLP2yYRq5zYwhwmeW7u25SZ7wFHQxbRThvaQ==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>, Konrad Wilk <konrad.wilk@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Bjoern Doebel <doebel@xxxxxxxxx>

Delivery-date: Thu, 31 Mar 2022 08:42:29 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 31.03.2022 10:21, Roger Pau Monné wrote: > On Thu, Mar 31, 2022 at 08:49:46AM +0200, Jan Beulich wrote: >> While not triggered by the trivial xen_nop in-tree patch on >> staging/master, that patch exposes a problem on the stable trees, where >> all functions have ENDBR inserted. When NOP-ing out a range, we need to >> account for this. Handle this right in livepatch_insn_len(). >> >> This requires livepatch_insn_len() to be called _after_ ->patch_offset >> was set. >> >> Fixes: 6974c75180f1 ("xen/x86: Livepatch: support patching CET-enhanced >> functions") >> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> > > Reviewed-by: Roger Pau Monné <roger.pau@xxxxxxxxxx> Thanks. As a note to the livepatch maintainers: I'm going to put this in without further waiting for suitable acks. Just in case I'll put it on the 4.16 branch only for starters, to see that it actually helps there (it's unusual to put something on the stable branches before it having passed the push gate to master). > Albeit I don't think I understand how the in-place patching is done. I > would expect the !func->new_addr branch of the if in > arch_livepatch_apply to fill the insn buffer with the in-place > replacement instructions, but I only see the buffer getting filled > with nops. I'm likely missing something (not that this patch changes > any of this). Well, as per the v2 thread: There's no in-place patching except to NOP out certain insns. > I'm also having trouble figuring out how we assert that the len value > (which is derived from new_size if !new_addr) is not greater than > LIVEPATCH_OPAQUE_SIZE, which is the limit of the insn buffer. Maybe > that's already checked elsewhere. That's what my 3rd post-commit-message remark was (partly) about. Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.