[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] livepatch-build: Check compiler version matches

  • To: Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxx
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Tue, 21 Feb 2023 14:37:59 +0000
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=MM37u8V4czHa6d+O9uK5G9EuKa9HzrnjqRj5yHHjEnM=; b=GReWcgknXAMHu+1s1Gbn1i9+dgdVFQyh4ElE17hKwwRJbcn5Jb52ZfzdoR2ImZANYiDiDko6YrNVv+HiP0+NBOv8FGbZA1nIQqQLmli4e5rGZZLgkTAtXCNAe9Fx/F+78iKgeBR/6oM/7najR3IUp2OOcQ1BNpmdKHx/c9NmitWUuD21FPs12+kW7oi48ji/S05hJaccO/khnWGV1V1wk6d3jRZ8OFh6p6GF4pVkLPAjMZ5F15KorQZA3/ppKzvhu7+D3Aq5ct6FErHqj7Ss2/R21yw82MDsfVKvohpLxrQc4ijZezk8bScpG2Yq/LtkZ7mOWIip06rykz7yqlnwqA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=I/IwsBjryVHW3GywvHXfLgKbj15XvQHUW1f2u6AnBeu8HOJQ8nk59PpjNOHkmWF05WwCvsKKW9UrlWOr3KrOmabPS/3oHD9doGPMGhOok4VZXaB/vIZ8Lcno6QX8U5ah6qnzLmLsTlWaWgY2H5eyeuvGyfpAApGz5HjJtTQoRF6cnsXaWsmgCxZtKOeqeU8f8JBGUfBDpStXKfDD5tWQW+FaZk0MNi2Euxm0xxwtrRFl1qAb3X4ExDBRohIS0iv+yi497gi8csYXBh0se/Gy22eFIUIottYrgVH0PfzijL6v9+cWbSZdAw94tzqG5H6BlWIAzuGyUSWY9pW2DKLUBw==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
  • Delivery-date: Tue, 21 Feb 2023 14:38:43 +0000
  • Ironport-data: A9a23:BRmwFqszUX36/aw4HfjBvwp5IefnVEpfMUV32f8akzHdYApBsoF/q tZmKW3TOPeNZWGjfNknOtjn90NTucSAmoNhQAFo+yk0FCIS+JbJXdiXEBz9bniYRiHhoOCLz O1FM4Wdc5pkJpP4jk3wWlQ0hSAkjclkfpKlVKiffHg3HVQ+IMsYoUoLs/YjhYJ1isSODQqIu Nfjy+XSI1bg0DNvWo4uw/vrRChH4bKj51v0gnRkPaoQ5AWEziFOZH4iDfrZw0XQE9E88tGSH 44v/JnhlkvF8hEkDM+Sk7qTWiXmlZaLYGBiIlIPM0STqkAqSh4ai87XB9JFAatjsB2bnsgZ9 Tl4ncfYpTHFnEH7sL91vxFwS0mSNEDdkVPNCSDXXce7lyUqf5ZwqhnH4Y5f0YAwo45K7W9yG fMwIgIHNxmbxMmKn7uRa+tUgu09Bc/FFdZK0p1g5Wmx4fcOZ7nmGv+PyfoGmTA6i4ZJAOrUY NcfZXx3dhPcbhZTO1ARTpUjgOOvgXq5eDpdwL6XjfNvvy6Pk0osgf60b4W9lt+iHK25mm6xo G7c8nu/KRYdLNGFkhKO8262h/+JliT+MG4XPOznrK8y0QDNroAVICU6Xl25quGLtmm/Sc5yN Q8Z9RU2sJFnoSRHSfG4BXVUukWsrhMaHtZdDeA+wAWM0bbPpRaUAC4DVDEpQN8hstU/SXo11 1uKt9TzDDdrvfueTnf1y1uPhTa7OCxQIWpcYyYBFFEB+4O6/951iQ/TRNF+FqLzlsfyBTz73 zGNqm45mqkXiskIka68+Dgrng6Rm3QAdSZtji2/Y45vxloRiFKND2Bw1WXm0A==
  • Ironport-hdrordr: A9a23:nF21JK/9E18FseMR90puk+AFI+orL9Y04lQ7vn2ZESYlC/Bxl6 iV/cjzpiWE8Ar5OUtQ5exoXZPqfZqyz+8R3WB8B9iftUzdyQ2VxeJZnPTfKl/baknDH4dmvM 8LHsRD4Z/LfD9HZK3BgDVQZuxQouVvh5rY5ts2oU0Ccem3A5sQkTuRQTzraXGeDDM2f6bROq Dsm/Z6mw==
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 21/02/2023 2:14 pm, Ross Lagerwall wrote:
> For reliable live patch generation, the compiler version used should
> match the original binary. Check that this is the case and add a
> --skip-compiler-check option to override this.
>
> Signed-off-by: Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>
> ---
>  livepatch-build | 54 +++++++++++++++++++++++++++++++++++--------------
>  1 file changed, 39 insertions(+), 15 deletions(-)
>
> diff --git a/livepatch-build b/livepatch-build
> index 91d203b..e4b4dba 100755
> --- a/livepatch-build
> +++ b/livepatch-build
> @@ -33,6 +33,7 @@ DEPENDS=
>  XEN_DEPENDS=
>  PRELINK=
>  STRIP=0
> +SKIP_COMPILER_CHECK=0
>  XENSYMS=xen-syms
>  
>  warn() {
> @@ -266,27 +267,44 @@ function create_patch()
>      objcopy --set-section-flags .livepatch.xen_depends=alloc,readonly 
> "${PATCHNAME}.livepatch"
>  }
>  
> +check_compiler() {
> +    orig_ver=$(readelf -p .comment "$XENSYMS" | grep -o 'GCC.*')

This rather breaks Clang as a toolchain, but it doesn't seem to be the
only GCC-expectation in livepatch build tools.

$ readelf -p .comment xen-syms

String dump of section '.comment':
  [     0]  Debian clang version 11.0.1-2


Irritatingly, while clang* --version always reports itself as "clang
version ..." matching the .ident it writes out, gcc* substitutes argv[0]
into it's --version.  But the way the Xen build is invoked, I think Xen
will always substituent cc for gcc, so this may not be a problem.

A build of Xen should only use a single compiler, so I think you're
better off looking for s/[     0]  \(.*\)/\1/ rather than assuming that
GCC was used.

Also, I think you should error out if we can't identify a compiler,
because very little good will come from trying to proceed.

~Andrew

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.