Xen project Mailing List

Re: [PATCH v2 5/5] automation: add x86-64 livepatching test

To: Roger Pau Monne <roger.pau@xxxxxxxxxx>

From: Stefano Stabellini <sstabellini@xxxxxxxxxx>

Date: Wed, 29 Nov 2023 19:03:10 -0800 (PST)

Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, Doug Goldstein <cardoe@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>

Delivery-date: Thu, 30 Nov 2023 03:03:22 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Tue, 28 Nov 2023, Roger Pau Monne wrote: > Introduce a new gitlab tests for livepatching, using livepatch-build-tools, > which better reflects how downstreams build live patches rather than the > in-tree tests. > > The tests applies the dummy in-tree patch example, checks that the patch is > applied correctly and then reverts and unloads it. > > Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx> > --- > automation/gitlab-ci/build.yaml | 8 +++ > automation/gitlab-ci/test.yaml | 8 +++ > automation/scripts/build | 21 ++++++ > .../scripts/qemu-alpine-x86_64-livepatch.sh | 68 +++++++++++++++++++ > 4 files changed, 105 insertions(+) > create mode 100755 automation/scripts/qemu-alpine-x86_64-livepatch.sh > > diff --git a/automation/gitlab-ci/build.yaml b/automation/gitlab-ci/build.yaml > index 32af30ccedc9..22026df51b87 100644 > --- a/automation/gitlab-ci/build.yaml > +++ b/automation/gitlab-ci/build.yaml > @@ -358,6 +358,14 @@ alpine-3.18-gcc-debug: > variables: > CONTAINER: alpine:3.18 > > +alpine-3.18-gcc-livepatch: > + extends: .gcc-x86-64-build > + variables: > + CONTAINER: alpine:3.18 > + LIVEPATCH: y > + EXTRA_XEN_CONFIG: | > + CONFIG_LIVEPATCH=y > + > debian-stretch-gcc-debug: > extends: .gcc-x86-64-build-debug > variables: > diff --git a/automation/gitlab-ci/test.yaml b/automation/gitlab-ci/test.yaml > index 6aabdb9d156f..58a90be5ed0e 100644 > --- a/automation/gitlab-ci/test.yaml > +++ b/automation/gitlab-ci/test.yaml > @@ -459,3 +459,11 @@ qemu-smoke-ppc64le-powernv9-gcc: > needs: > - qemu-system-ppc64-8.1.0-ppc64-export > - debian-bullseye-gcc-ppc64le-debug > + > +qemu-alpine-x86_64-gcc-livepatch: > + extends: .qemu-x86-64 > + script: > + - ./automation/scripts/qemu-alpine-x86_64-livepatch.sh 2>&1 | tee > ${LOGFILE} > + needs: > + - *x86-64-test-needs > + - alpine-3.18-gcc-livepatch > diff --git a/automation/scripts/build b/automation/scripts/build > index b3c71fb6fb60..0a0a6dceb08c 100755 > --- a/automation/scripts/build > +++ b/automation/scripts/build > @@ -103,3 +103,24 @@ else > cp -r dist binaries/ > if [[ -f xen/xen ]] ; then cp xen/xen binaries/xen; fi > fi > + > +if [[ "$LIVEPATCH" == "y" ]]; then > + # Build a test livepatch using livepatch-build-tools. > + > + if [[ "$XEN_TARGET_ARCH" != "x86_64" ]]; then > + exit 1 > + fi > + > + # git diff --no-index returns 0 if no differences, otherwise 1. > + git diff --no-index --output=test.patch xen/arch/x86/test-smc-lp.c \ > + xen/arch/x86/test-smc-lp-alt.c > && exit 1 > + > + BUILDID=$(readelf -Wn xen/xen-syms | sed -n -e 's/^.*Build ID: //p') > + > + git clone https://xenbits.xen.org/git-http/livepatch-build-tools.git > + cd livepatch-build-tools > + make > + ./livepatch-build -s ../ -p ../test.patch -o out -c ../xen/.config \ > + --depends $BUILDID --xen-depends $BUILDID > + cp out/test.livepatch ../binaries/test.livepatch > +fi I realize this is a matter of taste but if possible I would move this to qemu-alpine-x86_64-livepatch.sh not to make the build script too complex. Otherwise, plase create automation/scripts/livepatch and move this code there. You can call automation/scripts/livepatch from automation/scripts/build. Other than that, this is great! I'll let other review the livepatch specific changes in this series > diff --git a/automation/scripts/qemu-alpine-x86_64-livepatch.sh > b/automation/scripts/qemu-alpine-x86_64-livepatch.sh > new file mode 100755 > index 000000000000..da478cac4376 > --- /dev/null > +++ b/automation/scripts/qemu-alpine-x86_64-livepatch.sh > @@ -0,0 +1,68 @@ > +#!/bin/bash > + > +set -ex > + > +cd binaries > +# initrd.tar.gz is Dom0 rootfs > +mkdir -p rootfs > +cd rootfs > +tar xvzf ../initrd.tar.gz > +mkdir proc > +mkdir run > +mkdir srv > +mkdir sys > +rm var/run > +cp -ar ../dist/install/* . > +cp ../test.livepatch ./root/ > +cat << "EOF" >> etc/local.d/xen-lp.start > +#!/bin/bash > + > +set -ex > + > +trap poweroff EXIT > + > +export LD_LIBRARY_PATH=/usr/local/lib > + > +xen-livepatch test && exit 1 || true > + > +xen-livepatch load /root/test.livepatch > + > +# Cannot fail now > +xen-livepatch test > + > +xen-livepatch revert test > +xen-livepatch unload test > + > +xen-livepatch test && exit 1 || true > + > +echo "SUCCESS" > +EOF > +chmod +x etc/local.d/xen-lp.start > +echo "rc_verbose=yes" >> etc/rc.conf > +# rebuild Dom0 rootfs > +find . |cpio -H newc -o|gzip > ../xen-rootfs.cpio.gz > +cd ../.. > + > +cat >> binaries/pxelinux.0 << EOF > +#!ipxe > + > +kernel xen console=com1 console_timestamps=boot > +module bzImage console=hvc0 > +module xen-rootfs.cpio.gz > +boot > +EOF > + > +# Run the test > +rm -f smoke.serial > +timeout -k 1 360 \ > +qemu-system-x86_64 \ > + -cpu qemu64,+svm \ > + -m 2G -smp 2 \ > + -monitor none -serial stdio \ > + -nographic \ > + -device virtio-net-pci,netdev=n0 \ > + -netdev user,id=n0,tftp=binaries,bootfile=/pxelinux.0 |& \ > + tee smoke.serial | sed 's/\r//' > + > +grep -q "SUCCESS" smoke.serial > +exit 0 > -- > 2.43.0 >

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.