[v4,2/4] livepatch: introduce --force option

Message ID	20240424081957.34326-3-roger.pau@citrix.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <xen-devel-bounces@lists.xenproject.org> Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org> From: Roger Pau Monne <roger.pau@citrix.com> To: xen-devel@lists.xenproject.org Cc: Roger Pau Monne <roger.pau@citrix.com>, Anthony PERARD <anthony.perard@citrix.com>, Juergen Gross <jgross@suse.com>, Andrew Cooper <andrew.cooper3@citrix.com>, George Dunlap <george.dunlap@citrix.com>, Jan Beulich <jbeulich@suse.com>, Julien Grall <julien@xen.org>, Stefano Stabellini <sstabellini@kernel.org>, Ross Lagerwall <ross.lagerwall@citrix.com> Subject: [PATCH v4 2/4] livepatch: introduce --force option Date: Wed, 24 Apr 2024 10:19:55 +0200 Message-ID: <20240424081957.34326-3-roger.pau@citrix.com> In-Reply-To: <20240424081957.34326-1-roger.pau@citrix.com> References: <20240424081957.34326-1-roger.pau@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit
Series	livepatch: minor bug fixes and improvements \| expand [v4,0/4] livepatch: minor bug fixes and improvements [v4,1/4] xen-livepatch: fix parameter name parsing [v4,2/4] livepatch: introduce --force option [v4,3/4] livepatch: refuse to resolve symbols that belong to init sections [v4,4/4] x86/livepatch: perform sanity checks on the payload exception table contents

Message ID

20240424081957.34326-3-roger.pau@citrix.com (mailing list archive)

State

New, archived

Headers

Errors-To: xen-devel-bounces@lists.xenproject.org
Precedence: list
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
From: Roger Pau Monne <roger.pau@citrix.com>
To: xen-devel@lists.xenproject.org
Cc: Roger Pau Monne <roger.pau@citrix.com>,
	Anthony PERARD <anthony.perard@citrix.com>,
	Juergen Gross <jgross@suse.com>,
	Andrew Cooper <andrew.cooper3@citrix.com>,
	George Dunlap <george.dunlap@citrix.com>,
	Jan Beulich <jbeulich@suse.com>,
	Julien Grall <julien@xen.org>,
	Stefano Stabellini <sstabellini@kernel.org>,
	Ross Lagerwall <ross.lagerwall@citrix.com>
Subject: [PATCH v4 2/4] livepatch: introduce --force option
Date: Wed, 24 Apr 2024 10:19:55 +0200
Message-ID: <20240424081957.34326-3-roger.pau@citrix.com>
In-Reply-To: <20240424081957.34326-1-roger.pau@citrix.com>
References: <20240424081957.34326-1-roger.pau@citrix.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Series

livepatch: minor bug fixes and improvements | expand

Commit Message

Roger Pau Monné April 24, 2024, 8:19 a.m. UTC

Introduce a xen-livepatch tool --force option, that's propagated into the
hyerpvisor for livepatch operations.  The intention is for the option to be
used to bypass some checks that would otherwise prevent the patch from being
loaded.

Re purpose the pad field in xen_sysctl_livepatch_op to be a flags field that
applies to all livepatch operations.  The flag is currently only set by the
hypercall wrappers for the XEN_SYSCTL_LIVEPATCH_UPLOAD operation, as that's so
far the only one where it will be used initially.  Other uses can be added as
required.

Note that helpers would set the .pad field to 0, that's been removed since the
structure is already zero initialized at definition.

No functional usages of the new flag introduced in this patch.

Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Acked-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Anthony PERARD <anthony.perard@citrix.com>
---
Changes since v3:
 - Use strcmp instead of strncmp.

Changes since v2:
 - New in this version.
---
 tools/include/xenctrl.h     |  3 ++-
 tools/libs/ctrl/xc_misc.c   |  7 +++----
 tools/misc/xen-livepatch.c  | 21 +++++++++++++++++++--
 xen/common/livepatch.c      |  3 ++-
 xen/include/public/sysctl.h |  4 +++-
 5 files changed, 29 insertions(+), 9 deletions(-)

Comments

Jan Beulich April 26, 2024, 6:41 a.m. UTC | #1

On 24.04.2024 10:19, Roger Pau Monne wrote:
> @@ -571,6 +575,19 @@ int main(int argc, char *argv[])
>          show_help();
>          return 0;
>      }
> +
> +    if ( strcmp("--force", argv[1]) )

I guess this missing ! or "== 0" is the reason for osstest reporting a
livepatch-run failure.

Jan

> +    {
> +        if ( argc <= 2 )
> +        {
> +            show_help();
> +            return EXIT_FAILURE;
> +        }
> +        force = true;
> +        argv++;
> +        argc--;
> +    }
> +
>      for ( i = 0; i < ARRAY_SIZE(main_options); i++ )
>          if (!strcmp(main_options[i].name, argv[1]))
>              break;

Roger Pau Monné April 26, 2024, 7:15 a.m. UTC | #2

On Fri, Apr 26, 2024 at 08:41:48AM +0200, Jan Beulich wrote:
> On 24.04.2024 10:19, Roger Pau Monne wrote:
> > @@ -571,6 +575,19 @@ int main(int argc, char *argv[])
> >          show_help();
> >          return 0;
> >      }
> > +
> > +    if ( strcmp("--force", argv[1]) )
> 
> I guess this missing ! or "== 0" is the reason for osstest reporting a
> livepatch-run failure.

Bah, seems like I dropped it when changing from strncmp to strcmp, as
it's present in v3.

Will send a fix ASAP.

Thanks, Roger.

diff --git a/tools/include/xenctrl.h b/tools/include/xenctrl.h
index 2ef8b4e05422..499685594427 100644
--- a/tools/include/xenctrl.h
+++ b/tools/include/xenctrl.h
@@ -2555,7 +2555,8 @@  int xc_psr_get_hw_info(xc_interface *xch, uint32_t socket,
 #endif
 
 int xc_livepatch_upload(xc_interface *xch,
-                        char *name, unsigned char *payload, uint32_t size);
+                        char *name, unsigned char *payload, uint32_t size,
+                        bool force);
 
 int xc_livepatch_get(xc_interface *xch,
                      char *name,
diff --git a/tools/libs/ctrl/xc_misc.c b/tools/libs/ctrl/xc_misc.c
index 5ecdfa2c7934..50282fd60dcc 100644
--- a/tools/libs/ctrl/xc_misc.c
+++ b/tools/libs/ctrl/xc_misc.c
@@ -576,7 +576,8 @@  int xc_getcpuinfo(xc_interface *xch, int max_cpus,
 int xc_livepatch_upload(xc_interface *xch,
                         char *name,
                         unsigned char *payload,
-                        uint32_t size)
+                        uint32_t size,
+                        bool force)
 {
     int rc;
     struct xen_sysctl sysctl = {};
@@ -612,7 +613,7 @@  int xc_livepatch_upload(xc_interface *xch,
 
     sysctl.cmd = XEN_SYSCTL_livepatch_op;
     sysctl.u.livepatch.cmd = XEN_SYSCTL_LIVEPATCH_UPLOAD;
-    sysctl.u.livepatch.pad = 0;
+    sysctl.u.livepatch.flags = force ? LIVEPATCH_FLAG_FORCE : 0;
     sysctl.u.livepatch.u.upload.size = size;
     set_xen_guest_handle(sysctl.u.livepatch.u.upload.payload, local);
 
@@ -656,7 +657,6 @@  int xc_livepatch_get(xc_interface *xch,
 
     sysctl.cmd = XEN_SYSCTL_livepatch_op;
     sysctl.u.livepatch.cmd = XEN_SYSCTL_LIVEPATCH_GET;
-    sysctl.u.livepatch.pad = 0;
 
     sysctl.u.livepatch.u.get.status.state = 0;
     sysctl.u.livepatch.u.get.status.rc = 0;
@@ -985,7 +985,6 @@  static int _xc_livepatch_action(xc_interface *xch,
 
     sysctl.cmd = XEN_SYSCTL_livepatch_op;
     sysctl.u.livepatch.cmd = XEN_SYSCTL_LIVEPATCH_ACTION;
-    sysctl.u.livepatch.pad = 0;
     sysctl.u.livepatch.u.action.cmd = action;
     sysctl.u.livepatch.u.action.timeout = timeout;
     sysctl.u.livepatch.u.action.flags = flags;
diff --git a/tools/misc/xen-livepatch.c b/tools/misc/xen-livepatch.c
index 2c4f69e596fa..c16fb6862d6c 100644
--- a/tools/misc/xen-livepatch.c
+++ b/tools/misc/xen-livepatch.c
@@ -19,11 +19,15 @@ 
 
 static xc_interface *xch;
 
+/* Global option to disable checks. */
+static bool force;
+
 void show_help(void)
 {
     fprintf(stderr,
             "xen-livepatch: live patching tool\n"
-            "Usage: xen-livepatch <command> [args] [command-flags]\n"
+            "Usage: xen-livepatch [--force] <command> [args] [command-flags]\n"
+            " Use --force option to bypass some checks.\n"
             " <name> An unique name of payload. Up to %d characters.\n"
             "Commands:\n"
             "  help                   display this help\n"
@@ -240,7 +244,7 @@  static int upload_func(int argc, char *argv[])
         return saved_errno;
     }
     printf("Uploading %s... ", filename);
-    rc = xc_livepatch_upload(xch, name, fbuf, len);
+    rc = xc_livepatch_upload(xch, name, fbuf, len, force);
     if ( rc )
     {
         rc = errno;
@@ -571,6 +575,19 @@  int main(int argc, char *argv[])
         show_help();
         return 0;
     }
+
+    if ( strcmp("--force", argv[1]) )
+    {
+        if ( argc <= 2 )
+        {
+            show_help();
+            return EXIT_FAILURE;
+        }
+        force = true;
+        argv++;
+        argc--;
+    }
+
     for ( i = 0; i < ARRAY_SIZE(main_options); i++ )
         if (!strcmp(main_options[i].name, argv[1]))
             break;
diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c
index 351a3e0b9a60..502e264bc6fe 100644
--- a/xen/common/livepatch.c
+++ b/xen/common/livepatch.c
@@ -2125,7 +2125,8 @@  int livepatch_op(struct xen_sysctl_livepatch_op *livepatch)
 {
     int rc;
 
-    if ( livepatch->pad )
+    if ( (livepatch->flags & ~LIVEPATCH_FLAGS_MASK) &&
+         !(livepatch->flags & LIVEPATCH_FLAG_FORCE) )
         return -EINVAL;
 
     switch ( livepatch->cmd )
diff --git a/xen/include/public/sysctl.h b/xen/include/public/sysctl.h
index 9b19679caeb1..febaa4b16ab7 100644
--- a/xen/include/public/sysctl.h
+++ b/xen/include/public/sysctl.h
@@ -1139,7 +1139,9 @@  struct xen_sysctl_livepatch_action {
 
 struct xen_sysctl_livepatch_op {
     uint32_t cmd;                           /* IN: XEN_SYSCTL_LIVEPATCH_*. */
-    uint32_t pad;                           /* IN: Always zero. */
+    uint32_t flags;                         /* IN, flags. */
+#define LIVEPATCH_FLAG_FORCE      (1u << 0) /* Skip some checks. */
+#define LIVEPATCH_FLAGS_MASK      LIVEPATCH_FLAG_FORCE
     union {
         struct xen_sysctl_livepatch_upload upload;
         struct xen_sysctl_livepatch_list list;

[v4,2/4] livepatch: introduce --force option

Commit Message

Comments

Patch