[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 3/3] xen/livepatch: Fix .altinstructions safety checks

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Mon, 17 Apr 2023 14:37:50 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=hVo06p7g6W0ADpYJ6P+uNakowlj4o3PlG9B9LXLpdps=; b=A+wnwrnTAhFp3FtGql7x43212dL7bnxke5VBiJV/1sUNFOS20p01K7hZhWMIuNOC9VL4nf+h8BDOORq7siNnpiol+6DBIGgXmfuANjIyV5Uk5dDzWu47pU5q9d46Yr8CMXv3ghhGDVKMvbF/kNS82ULieKmhomN3oEeuiAQ4vI0ixNw4q6K8apgtqGRMUzeqib/IAAIHp3/tOJSJ6+rthrVEW+QX5U4Pcv8ThfvkzRwEbm/sqqXlGsdYANNGaq4XMXa2D3FFJa/DcB0GyL8qfILxNXbTpZ1J0SVChQI24mBrbrYCdngtEQEAySHD19vdRoJ+3IV/6IQVG+zyDERX4w==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YIhh781JSFc8xH4hySb165ku+9EXzYBeKq6DweVq6RaIghNpTXM6FCbv9uSj+pBsc79C7+2h6KNrAJG1HUAAqcSCyR4LIiFsnDP+4MvQTQYY31JY1NKKoKBqME2RL79+FAnxTHzDOSEedH7DShbxTSc48FNopK6btPxU+xNssqRwjLQmM9pO5nUzviOU0xf0iSs3YZqQFj3qPQ1DLSGvuAnlQwbI5Uvljyame9hoTv4/keuntjbnG6noJrNQKZkxggm1ucrHYoDnwEuNXHmZInyPi1+Lmu1NuNxyd5mviLYE0i0j89vaPwV9NCZywcW81K6sy9WEF67feDw1VMrp5w==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Mon, 17 Apr 2023 13:38:13 +0000
  • Ironport-data: A9a23:u/hwnqtm122+SECUDoGTW87aROfnVGdfMUV32f8akzHdYApBsoF/q tZmKW2COKyCMDb0e990a97koE5Tv8XQmtBkS1Nvryk8Fn4W+JbJXdiXEBz9bniYRiHhoOCLz O1FM4Wdc5pkJpP4jk3wWlQ0hSAkjclkfpKlVKiffHg3HVQ+IMsYoUoLs/YjhYJ1isSODQqIu Nfjy+XSI1bg0DNvWo4uw/vrRChH4bKj6Vv0gnRkPaoQ5AOHyCFMZH4iDfrZw0XQE9E88tGSH 44v/JnhlkvF8hEkDM+Sk7qTWiXmlZaLYGBiIlIPM0STqkAqSh4ai87XB9JFAatjsB2bnsgZ9 Tl4ncfYpTHFnEH7sL91vxFwS0mSNEDdkVPNCSDXXce7lyUqf5ZwqhnH4Y5f0YAwo45K7W9yG fMwKWpWQhajjeOM55WAbM831to4DcrlM9ZK0p1g5Wmx4fcOZ7nmGv2PyfoGmTA6i4ZJAOrUY NcfZXx3dhPcbhZTO1ARTpUjgOOvgXq5eDpdwL6XjfNvvy6Pk0osgP60aIu9lt+iHK25mm6xo G7c8nu/KRYdLNGFkhKO8262h/+JliT+MG4XPOTgpqQ20QbMlgT/DjUveWWe/d28qHeGQogGB E43xxsws4I9oRnDot7VGkfQTGS/lhwWVsdUEuY6wBqQ0aeS6AGcbkAHSThbYdBgq84yRhQtz FaCm96vDjtq2JWFRHTY+rqKoDeaPSkOMXREdSICVREC4dTovMc0lB2nczp4OKu8j9mwFTSux TmP9XA6n+9K1Z9N0Lin91fahT7qvoLOUgM++gTQWCSi8x99Y4mmIYev7DA38Mp9EWpQdXHZ1 FBspiRUxLtm4U2l/MBVfNgwIQ==
  • Ironport-hdrordr: A9a23:S8oxD6hUqC7n0BMBq16uUgWUO3BQXh4ji2hC6mlwRA09TyX5ra 2TdZUgpHrJYVMqMk3I9uruBEDtex3hHP1OkOss1NWZPDUO0VHARO1fBOPZqAEIcBeOldK1u5 0AT0B/YueAd2STj6zBkXSF+wBL+qj6zEiq792usEuEVWtRGsVdB58SMHfiLqVxLjM2YqYRJd 6nyedsgSGvQngTZtTTPAh/YwCSz+e78q4PeHQ9dmca1DU=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 17/04/2023 1:35 pm, Jan Beulich wrote:
> On 17.04.2023 14:13, Andrew Cooper wrote:
>> --- a/xen/common/livepatch.c
>> +++ b/xen/common/livepatch.c
>> @@ -803,28 +803,84 @@ static int prepare_payload(struct payload *payload,
>>      if ( sec )
>>      {
>>  #ifdef CONFIG_HAS_ALTERNATIVE
>> +        /*
>> +         * (As of April 2023), Alternatives are formed of:
>> +         * - An .altinstructions section with an array of struct 
>> alt_instr's.
>> +         * - An .altinstr_replacement section containing instructions.
>> +         *
>> +         * An individual alt_instr contains:
>> +         * - An orig reference, pointing into .text with a nonzero length
>> +         * - A repl reference, pointing into .altinstr_replacement
>> +         *
>> +         * It is legal to have zero-length replacements, meaning it is legal
>> +         * for the .altinstr_replacement section to be empty too.  An
>> +         * implementation detail means that a zero-length replacement's repl
>> +         * reference will still be in the .altinstr_replacement section.
> Didn't you agree that "will" is not really true, and it's at best "may", but
> then also doesn't really matter here in the first place (suggesting that the
> sentence might best be dropped, to avoid drawing attention to something that
> might at best confuse the reader as to its relevance)?

Only that "will be at 0" wasn't actually true.

Right now, the repl reference *will* be somewhere in
altinstr_replacement.  It is discussed here because it is what the check
enforces.

As an implementation detail, it is of course free to change in the
future if needs be.

~Andrew

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.