diff mbox series

[for-4.13] clang: do not enable live-patching support

Message ID 20191127160108.12490-1-roger.pau@citrix.com (mailing list archive)
State New, archived
Headers show
Series [for-4.13] clang: do not enable live-patching support | expand

Commit Message

Roger Pau Monné Nov. 27, 2019, 4:01 p.m. UTC 
Live-patching requires unique symbols, and sadly the clang build
generates a lot of duplicate symbols:

Duplicate symbol 'asid.c#get_cpu_info' (ffff82d0803032c0 != ffff82d0802e0f50)
Duplicate symbol 'asid.c#get_cpu_info_from_stack' (ffff82d0802e1080 != ffff82d0803032f0)
Duplicate symbol 'ats.c#__list_add' (ffff82d080260a00 != ffff82d080267c70)
Duplicate symbol 'boot.c#constant_test_bit' (ffff82d08040ea60 != ffff82d0804372f0)
Duplicate symbol 'common.c#clear_bit' (ffff82d080332440 != ffff82d0802d33b0)
Duplicate symbol 'common.c#constant_test_bit' (ffff82d080332340 != ffff82d0802d2220)
Duplicate symbol 'common.c#cpumask_check' (ffff82d0802d3370 != ffff82d080337b60)
Duplicate symbol 'common.c#get_cpu_info' (ffff82d0802d22b0 != ffff82d080331590)
Duplicate symbol 'common.c#get_cpu_info_from_stack' (ffff82d0802d31c0 != ffff82d0803374b0)
Duplicate symbol 'common.c#pfn_to_pdx' (ffff82d0802d3270 != ffff82d080331e00)
Duplicate symbol 'common.c#test_and_set_bit' (ffff82d0802d3360 != ffff82d080332250)
Duplicate symbol 'common.c#variable_clear_bit' (ffff82d0802d2270 != ffff82d080337b50)
Duplicate symbol 'compat.c#get_cpu_info' (ffff82d08026eab0 != ffff82d080200460)
Duplicate symbol 'compat.c#get_cpu_info_from_stack' (ffff82d08026ebd0 != ffff82d080200f70)
Duplicate symbol 'cpu_idle.c#get_cpu_info' (ffff82d0802ccb00 != ffff82d08035fcc0)
[...]

For the time being disable live-patching when building with clang,
since duplicate symbols will trigger a build failure because
ENFORCE_UNIQUE_SYMBOLS is now also enabled by default in conjunction
with live-patching.

Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
---
Cc: Jürgen Groß <jgross@suse.com>
---
 Config.mk          | 2 ++
 xen/common/Kconfig | 6 +++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

Comments

Jan Beulich Nov. 27, 2019, 4:14 p.m. UTC | #1 
On 27.11.2019 17:01, Roger Pau Monne wrote:
> Live-patching requires unique symbols, and sadly the clang build
> generates a lot of duplicate symbols:
> 
> Duplicate symbol 'asid.c#get_cpu_info' (ffff82d0803032c0 != ffff82d0802e0f50)
> Duplicate symbol 'asid.c#get_cpu_info_from_stack' (ffff82d0802e1080 != ffff82d0803032f0)
> Duplicate symbol 'ats.c#__list_add' (ffff82d080260a00 != ffff82d080267c70)
> Duplicate symbol 'boot.c#constant_test_bit' (ffff82d08040ea60 != ffff82d0804372f0)
> Duplicate symbol 'common.c#clear_bit' (ffff82d080332440 != ffff82d0802d33b0)
> Duplicate symbol 'common.c#constant_test_bit' (ffff82d080332340 != ffff82d0802d2220)
> Duplicate symbol 'common.c#cpumask_check' (ffff82d0802d3370 != ffff82d080337b60)
> Duplicate symbol 'common.c#get_cpu_info' (ffff82d0802d22b0 != ffff82d080331590)
> Duplicate symbol 'common.c#get_cpu_info_from_stack' (ffff82d0802d31c0 != ffff82d0803374b0)
> Duplicate symbol 'common.c#pfn_to_pdx' (ffff82d0802d3270 != ffff82d080331e00)
> Duplicate symbol 'common.c#test_and_set_bit' (ffff82d0802d3360 != ffff82d080332250)
> Duplicate symbol 'common.c#variable_clear_bit' (ffff82d0802d2270 != ffff82d080337b50)
> Duplicate symbol 'compat.c#get_cpu_info' (ffff82d08026eab0 != ffff82d080200460)
> Duplicate symbol 'compat.c#get_cpu_info_from_stack' (ffff82d08026ebd0 != ffff82d080200f70)
> Duplicate symbol 'cpu_idle.c#get_cpu_info' (ffff82d0802ccb00 != ffff82d08035fcc0)
> [...]
> 
> For the time being disable live-patching when building with clang,
> since duplicate symbols will trigger a build failure because
> ENFORCE_UNIQUE_SYMBOLS is now also enabled by default in conjunction
> with live-patching.
> 
> Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>

To be honest, as indicated before I'm inclined to nak this patch
on the basis that a proper solution has been posted almost 3 weeks
ago (and this was already v2). Nevertheless a remark here:

> --- a/xen/common/Kconfig
> +++ b/xen/common/Kconfig
> @@ -80,6 +80,10 @@ config HAS_CHECKPOLICY
>  	string
>  	option env="XEN_HAS_CHECKPOLICY"
>  
> +config BUILD_WITH_CLANG
> +	string
> +	option env="XEN_BUILD_WITH_CLANG"

Instead of introducing a new option here, ...

> @@ -350,7 +354,7 @@ config CRYPTO
>  config LIVEPATCH
>  	bool "Live patching support"
>  	default X86
> -	depends on HAS_BUILD_ID = "y"
> +	depends on HAS_BUILD_ID = "y" && BUILD_WITH_CLANG != "y"

... seeing this, why don't you simply suppress HAS_BUILD_ID acquiring
a value of y in ./Config.mk (accompanied by a suitable comment)?

Jan
George Dunlap Nov. 27, 2019, 4:21 p.m. UTC | #2 
On 11/27/19 4:14 PM, Jan Beulich wrote:
> On 27.11.2019 17:01, Roger Pau Monne wrote:
>> Live-patching requires unique symbols, and sadly the clang build
>> generates a lot of duplicate symbols:
>>
>> Duplicate symbol 'asid.c#get_cpu_info' (ffff82d0803032c0 != ffff82d0802e0f50)
>> Duplicate symbol 'asid.c#get_cpu_info_from_stack' (ffff82d0802e1080 != ffff82d0803032f0)
>> Duplicate symbol 'ats.c#__list_add' (ffff82d080260a00 != ffff82d080267c70)
>> Duplicate symbol 'boot.c#constant_test_bit' (ffff82d08040ea60 != ffff82d0804372f0)
>> Duplicate symbol 'common.c#clear_bit' (ffff82d080332440 != ffff82d0802d33b0)
>> Duplicate symbol 'common.c#constant_test_bit' (ffff82d080332340 != ffff82d0802d2220)
>> Duplicate symbol 'common.c#cpumask_check' (ffff82d0802d3370 != ffff82d080337b60)
>> Duplicate symbol 'common.c#get_cpu_info' (ffff82d0802d22b0 != ffff82d080331590)
>> Duplicate symbol 'common.c#get_cpu_info_from_stack' (ffff82d0802d31c0 != ffff82d0803374b0)
>> Duplicate symbol 'common.c#pfn_to_pdx' (ffff82d0802d3270 != ffff82d080331e00)
>> Duplicate symbol 'common.c#test_and_set_bit' (ffff82d0802d3360 != ffff82d080332250)
>> Duplicate symbol 'common.c#variable_clear_bit' (ffff82d0802d2270 != ffff82d080337b50)
>> Duplicate symbol 'compat.c#get_cpu_info' (ffff82d08026eab0 != ffff82d080200460)
>> Duplicate symbol 'compat.c#get_cpu_info_from_stack' (ffff82d08026ebd0 != ffff82d080200f70)
>> Duplicate symbol 'cpu_idle.c#get_cpu_info' (ffff82d0802ccb00 != ffff82d08035fcc0)
>> [...]
>>
>> For the time being disable live-patching when building with clang,
>> since duplicate symbols will trigger a build failure because
>> ENFORCE_UNIQUE_SYMBOLS is now also enabled by default in conjunction
>> with live-patching.
>>
>> Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
> 
> To be honest, as indicated before I'm inclined to nak this patch
> on the basis that a proper solution has been posted almost 3 weeks
> ago (and this was already v2).

What's that patch waiting on?

 -George
Jan Beulich Nov. 27, 2019, 4:25 p.m. UTC | #3 
On 27.11.2019 17:21, George Dunlap wrote:
> On 11/27/19 4:14 PM, Jan Beulich wrote:
>> On 27.11.2019 17:01, Roger Pau Monne wrote:
>>> Live-patching requires unique symbols, and sadly the clang build
>>> generates a lot of duplicate symbols:
>>>
>>> Duplicate symbol 'asid.c#get_cpu_info' (ffff82d0803032c0 != ffff82d0802e0f50)
>>> Duplicate symbol 'asid.c#get_cpu_info_from_stack' (ffff82d0802e1080 != ffff82d0803032f0)
>>> Duplicate symbol 'ats.c#__list_add' (ffff82d080260a00 != ffff82d080267c70)
>>> Duplicate symbol 'boot.c#constant_test_bit' (ffff82d08040ea60 != ffff82d0804372f0)
>>> Duplicate symbol 'common.c#clear_bit' (ffff82d080332440 != ffff82d0802d33b0)
>>> Duplicate symbol 'common.c#constant_test_bit' (ffff82d080332340 != ffff82d0802d2220)
>>> Duplicate symbol 'common.c#cpumask_check' (ffff82d0802d3370 != ffff82d080337b60)
>>> Duplicate symbol 'common.c#get_cpu_info' (ffff82d0802d22b0 != ffff82d080331590)
>>> Duplicate symbol 'common.c#get_cpu_info_from_stack' (ffff82d0802d31c0 != ffff82d0803374b0)
>>> Duplicate symbol 'common.c#pfn_to_pdx' (ffff82d0802d3270 != ffff82d080331e00)
>>> Duplicate symbol 'common.c#test_and_set_bit' (ffff82d0802d3360 != ffff82d080332250)
>>> Duplicate symbol 'common.c#variable_clear_bit' (ffff82d0802d2270 != ffff82d080337b50)
>>> Duplicate symbol 'compat.c#get_cpu_info' (ffff82d08026eab0 != ffff82d080200460)
>>> Duplicate symbol 'compat.c#get_cpu_info_from_stack' (ffff82d08026ebd0 != ffff82d080200f70)
>>> Duplicate symbol 'cpu_idle.c#get_cpu_info' (ffff82d0802ccb00 != ffff82d08035fcc0)
>>> [...]
>>>
>>> For the time being disable live-patching when building with clang,
>>> since duplicate symbols will trigger a build failure because
>>> ENFORCE_UNIQUE_SYMBOLS is now also enabled by default in conjunction
>>> with live-patching.
>>>
>>> Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
>>
>> To be honest, as indicated before I'm inclined to nak this patch
>> on the basis that a proper solution has been posted almost 3 weeks
>> ago (and this was already v2).
> 
> What's that patch waiting on?

x86 and release acks.

Jan
Jürgen Groß Nov. 27, 2019, 4:35 p.m. UTC | #4 
On 27.11.19 17:25, Jan Beulich wrote:
> On 27.11.2019 17:21, George Dunlap wrote:
>> On 11/27/19 4:14 PM, Jan Beulich wrote:
>>> On 27.11.2019 17:01, Roger Pau Monne wrote:
>>>> Live-patching requires unique symbols, and sadly the clang build
>>>> generates a lot of duplicate symbols:
>>>>
>>>> Duplicate symbol 'asid.c#get_cpu_info' (ffff82d0803032c0 != ffff82d0802e0f50)
>>>> Duplicate symbol 'asid.c#get_cpu_info_from_stack' (ffff82d0802e1080 != ffff82d0803032f0)
>>>> Duplicate symbol 'ats.c#__list_add' (ffff82d080260a00 != ffff82d080267c70)
>>>> Duplicate symbol 'boot.c#constant_test_bit' (ffff82d08040ea60 != ffff82d0804372f0)
>>>> Duplicate symbol 'common.c#clear_bit' (ffff82d080332440 != ffff82d0802d33b0)
>>>> Duplicate symbol 'common.c#constant_test_bit' (ffff82d080332340 != ffff82d0802d2220)
>>>> Duplicate symbol 'common.c#cpumask_check' (ffff82d0802d3370 != ffff82d080337b60)
>>>> Duplicate symbol 'common.c#get_cpu_info' (ffff82d0802d22b0 != ffff82d080331590)
>>>> Duplicate symbol 'common.c#get_cpu_info_from_stack' (ffff82d0802d31c0 != ffff82d0803374b0)
>>>> Duplicate symbol 'common.c#pfn_to_pdx' (ffff82d0802d3270 != ffff82d080331e00)
>>>> Duplicate symbol 'common.c#test_and_set_bit' (ffff82d0802d3360 != ffff82d080332250)
>>>> Duplicate symbol 'common.c#variable_clear_bit' (ffff82d0802d2270 != ffff82d080337b50)
>>>> Duplicate symbol 'compat.c#get_cpu_info' (ffff82d08026eab0 != ffff82d080200460)
>>>> Duplicate symbol 'compat.c#get_cpu_info_from_stack' (ffff82d08026ebd0 != ffff82d080200f70)
>>>> Duplicate symbol 'cpu_idle.c#get_cpu_info' (ffff82d0802ccb00 != ffff82d08035fcc0)
>>>> [...]
>>>>
>>>> For the time being disable live-patching when building with clang,
>>>> since duplicate symbols will trigger a build failure because
>>>> ENFORCE_UNIQUE_SYMBOLS is now also enabled by default in conjunction
>>>> with live-patching.
>>>>
>>>> Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
>>>
>>> To be honest, as indicated before I'm inclined to nak this patch
>>> on the basis that a proper solution has been posted almost 3 weeks
>>> ago (and this was already v2).
>>
>> What's that patch waiting on?
> 
> x86 and release acks.

I plan to release ack the patch in case the missing maintainer's acks
are not coming in too late.


Juergen
George Dunlap Nov. 27, 2019, 4:42 p.m. UTC | #5 
On 11/27/19 4:35 PM, Jürgen Groß wrote:
> On 27.11.19 17:25, Jan Beulich wrote:
>> On 27.11.2019 17:21, George Dunlap wrote:
>>> On 11/27/19 4:14 PM, Jan Beulich wrote:
>>>> On 27.11.2019 17:01, Roger Pau Monne wrote:
>>>>> Live-patching requires unique symbols, and sadly the clang build
>>>>> generates a lot of duplicate symbols:
>>>>>
>>>>> Duplicate symbol 'asid.c#get_cpu_info' (ffff82d0803032c0 !=
>>>>> ffff82d0802e0f50)
>>>>> Duplicate symbol 'asid.c#get_cpu_info_from_stack' (ffff82d0802e1080
>>>>> != ffff82d0803032f0)
>>>>> Duplicate symbol 'ats.c#__list_add' (ffff82d080260a00 !=
>>>>> ffff82d080267c70)
>>>>> Duplicate symbol 'boot.c#constant_test_bit' (ffff82d08040ea60 !=
>>>>> ffff82d0804372f0)
>>>>> Duplicate symbol 'common.c#clear_bit' (ffff82d080332440 !=
>>>>> ffff82d0802d33b0)
>>>>> Duplicate symbol 'common.c#constant_test_bit' (ffff82d080332340 !=
>>>>> ffff82d0802d2220)
>>>>> Duplicate symbol 'common.c#cpumask_check' (ffff82d0802d3370 !=
>>>>> ffff82d080337b60)
>>>>> Duplicate symbol 'common.c#get_cpu_info' (ffff82d0802d22b0 !=
>>>>> ffff82d080331590)
>>>>> Duplicate symbol 'common.c#get_cpu_info_from_stack'
>>>>> (ffff82d0802d31c0 != ffff82d0803374b0)
>>>>> Duplicate symbol 'common.c#pfn_to_pdx' (ffff82d0802d3270 !=
>>>>> ffff82d080331e00)
>>>>> Duplicate symbol 'common.c#test_and_set_bit' (ffff82d0802d3360 !=
>>>>> ffff82d080332250)
>>>>> Duplicate symbol 'common.c#variable_clear_bit' (ffff82d0802d2270 !=
>>>>> ffff82d080337b50)
>>>>> Duplicate symbol 'compat.c#get_cpu_info' (ffff82d08026eab0 !=
>>>>> ffff82d080200460)
>>>>> Duplicate symbol 'compat.c#get_cpu_info_from_stack'
>>>>> (ffff82d08026ebd0 != ffff82d080200f70)
>>>>> Duplicate symbol 'cpu_idle.c#get_cpu_info' (ffff82d0802ccb00 !=
>>>>> ffff82d08035fcc0)
>>>>> [...]
>>>>>
>>>>> For the time being disable live-patching when building with clang,
>>>>> since duplicate symbols will trigger a build failure because
>>>>> ENFORCE_UNIQUE_SYMBOLS is now also enabled by default in conjunction
>>>>> with live-patching.
>>>>>
>>>>> Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
>>>>
>>>> To be honest, as indicated before I'm inclined to nak this patch
>>>> on the basis that a proper solution has been posted almost 3 weeks
>>>> ago (and this was already v2).
>>>
>>> What's that patch waiting on?
>>
>> x86 and release acks.
> 
> I plan to release ack the patch in case the missing maintainer's acks
> are not coming in too late.

I think Andy's objection was that there has been zero testing of
livepatching on gcc.  Maybe we can find someone to do a smoke-test.

 -George
Konrad Rzeszutek Wilk Dec. 2, 2019, 3:53 p.m. UTC | #6 
> > I plan to release ack the patch in case the missing maintainer's acks
> > are not coming in too late.
> 
> I think Andy's objection was that there has been zero testing of
> livepatching on gcc.  Maybe we can find someone to do a smoke-test.

As in integrate livepatch-build tools in osstest smoke-tests?
Because the livepatch test cases are in osstest, unless something went awry?
Andrew Cooper Dec. 2, 2019, 3:55 p.m. UTC | #7 
On 02/12/2019 15:53, Konrad Rzeszutek Wilk wrote:
>>> I plan to release ack the patch in case the missing maintainer's acks
>>> are not coming in too late.
>> I think Andy's objection was that there has been zero testing of
>> livepatching on gcc.  Maybe we can find someone to do a smoke-test.
> As in integrate livepatch-build tools in osstest smoke-tests?
> Because the livepatch test cases are in osstest, unless something went awry?

The sum total of livepatch testing in OSSTest is using the hand-coded
ELF objects from the tests/ directory.

This is perhaps ok for the basic mechanism, but its not representative
of actually building real livepatches using livepatch build tools.

~Andrew
Konrad Rzeszutek Wilk Dec. 2, 2019, 5:01 p.m. UTC | #8 
On Mon, Dec 02, 2019 at 03:55:04PM +0000, Andrew Cooper wrote:
> On 02/12/2019 15:53, Konrad Rzeszutek Wilk wrote:
> >>> I plan to release ack the patch in case the missing maintainer's acks
> >>> are not coming in too late.
> >> I think Andy's objection was that there has been zero testing of
> >> livepatching on gcc.  Maybe we can find someone to do a smoke-test.
> > As in integrate livepatch-build tools in osstest smoke-tests?
> > Because the livepatch test cases are in osstest, unless something went awry?
> 
> The sum total of livepatch testing in OSSTest is using the hand-coded
> ELF objects from the tests/ directory.
> 
> This is perhaps ok for the basic mechanism, but its not representative
> of actually building real livepatches using livepatch build tools.

True. But it tests the _hypervisor_ livepatch code.

I am thinking that this discussion about "oh, but livepatch-build tools don't work b/c"
is well <shrug> sucks but should never block an release as the core
livepatch functionality is OK.

Irrespective of that the testing of livepatch-build tools should be in osstest,
granted nobody has taken a step in this - but is somebody signing up for it?
[I can't, -ENOTIME]
> 
> ~Andrew
George Dunlap Dec. 3, 2019, 9:17 a.m. UTC | #9 
> On Dec 2, 2019, at 5:01 PM, Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> wrote:
> 
> On Mon, Dec 02, 2019 at 03:55:04PM +0000, Andrew Cooper wrote:
>> On 02/12/2019 15:53, Konrad Rzeszutek Wilk wrote:
>>>>> I plan to release ack the patch in case the missing maintainer's acks
>>>>> are not coming in too late.
>>>> I think Andy's objection was that there has been zero testing of
>>>> livepatching on gcc.  Maybe we can find someone to do a smoke-test.
>>> As in integrate livepatch-build tools in osstest smoke-tests?
>>> Because the livepatch test cases are in osstest, unless something went awry?
>> 
>> The sum total of livepatch testing in OSSTest is using the hand-coded
>> ELF objects from the tests/ directory.
>> 
>> This is perhaps ok for the basic mechanism, but its not representative
>> of actually building real livepatches using livepatch build tools.
> 
> True. But it tests the _hypervisor_ livepatch code.
> 
> I am thinking that this discussion about "oh, but livepatch-build tools don't work b/c"
> is well <shrug> sucks but should never block an release as the core
> livepatch functionality is OK.

I think a parallel is if Xen doesn’t build with a particular version of the compiler, or can’t build on a particular distro for some reason.  We should certainly *try* to make things work with other projects, but if the issue is clearly with the other project, we shouldn’t have to block to wait for that other project to get things sorted out.

-George
Andrew Cooper Dec. 6, 2019, 8:21 p.m. UTC | #10 
On 03/12/2019 09:17, George Dunlap wrote:
>
>> On Dec 2, 2019, at 5:01 PM, Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> wrote:
>>
>> On Mon, Dec 02, 2019 at 03:55:04PM +0000, Andrew Cooper wrote:
>>> On 02/12/2019 15:53, Konrad Rzeszutek Wilk wrote:
>>>>>> I plan to release ack the patch in case the missing maintainer's acks
>>>>>> are not coming in too late.
>>>>> I think Andy's objection was that there has been zero testing of
>>>>> livepatching on gcc.  Maybe we can find someone to do a smoke-test.
>>>> As in integrate livepatch-build tools in osstest smoke-tests?
>>>> Because the livepatch test cases are in osstest, unless something went awry?
>>> The sum total of livepatch testing in OSSTest is using the hand-coded
>>> ELF objects from the tests/ directory.
>>>
>>> This is perhaps ok for the basic mechanism, but its not representative
>>> of actually building real livepatches using livepatch build tools.
>> True. But it tests the _hypervisor_ livepatch code.
>>
>> I am thinking that this discussion about "oh, but livepatch-build tools don't work b/c"
>> is well <shrug> sucks but should never block an release as the core
>> livepatch functionality is OK.
> I think a parallel is if Xen doesn’t build with a particular version of the compiler, or can’t build on a particular distro for some reason.  We should certainly *try* to make things work with other projects, but if the issue is clearly with the other project, we shouldn’t have to block to wait for that other project to get things sorted out.

This isn't a valid comparison.

livepatch-build-tools is a concrete thing, built and maintained by us
(the Xen community), explicitly for the purpose generating livepatches
between two versions of Xen.  It lives at
https://xenbits.xen.org/gitweb/?p=livepatch-build-tools.git;a=summary on
xenbits, just like xen.git.

It *should* be used in OSSTest, have a push gate, and block breaking
changes either to Xen or to the tools themselves, before the breaking
changes get accepted into master of either repo.

Otherwise, the support statement for livepatching needs to change to be
"we don't bother testing the two parts of this supported feature together".

~Andrew
Lars Kurth Dec. 6, 2019, 8:58 p.m. UTC | #11 
> On 6 Dec 2019, at 14:21, Andrew Cooper <andrew.cooper3@citrix.com> wrote:
> 
> On 03/12/2019 09:17, George Dunlap wrote:
>> 
>>> On Dec 2, 2019, at 5:01 PM, Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> wrote:
>>> 
>>> On Mon, Dec 02, 2019 at 03:55:04PM +0000, Andrew Cooper wrote:
>>>> On 02/12/2019 15:53, Konrad Rzeszutek Wilk wrote:
>>>>>>> I plan to release ack the patch in case the missing maintainer's acks
>>>>>>> are not coming in too late.
>>>>>> I think Andy's objection was that there has been zero testing of
>>>>>> livepatching on gcc.  Maybe we can find someone to do a smoke-test.
>>>>> As in integrate livepatch-build tools in osstest smoke-tests?
>>>>> Because the livepatch test cases are in osstest, unless something went awry?
>>>> The sum total of livepatch testing in OSSTest is using the hand-coded
>>>> ELF objects from the tests/ directory.
>>>> 
>>>> This is perhaps ok for the basic mechanism, but its not representative
>>>> of actually building real livepatches using livepatch build tools.
>>> True. But it tests the _hypervisor_ livepatch code.
>>> 
>>> I am thinking that this discussion about "oh, but livepatch-build tools don't work b/c"
>>> is well <shrug> sucks but should never block an release as the core
>>> livepatch functionality is OK.
>> I think a parallel is if Xen doesn’t build with a particular version of the compiler, or can’t build on a particular distro for some reason.  We should certainly *try* to make things work with other projects, but if the issue is clearly with the other project, we shouldn’t have to block to wait for that other project to get things sorted out.
> 
> This isn't a valid comparison.
> 
> livepatch-build-tools is a concrete thing, built and maintained by us
> (the Xen community), explicitly for the purpose generating livepatches
> between two versions of Xen.  It lives at
> https://xenbits.xen.org/gitweb/?p=livepatch-build-tools.git;a=summary <https://xenbits.xen.org/gitweb/?p=livepatch-build-tools.git;a=summary> on
> xenbits, just like xen.git.


First a couple of questions: I noticed that neither Ross to xen-devel is on this thread

I agree with Andy: we got away lucky so far, as there have been few changes to the live patch-build-tools


> It *should* be used in OSSTest, have a push gate, and block breaking
> changes either to Xen or to the tools themselves, before the breaking
> changes get accepted into master of either repo.

Although I agree with you, we should not block 4.13 for it and do some manual testing for this release
But we should have a plan in place for 4.14 to address this and maybe agree to block 4.14 if that has not happened

Lars
diff mbox series

Patch

diff --git a/Config.mk b/Config.mk
index d8f90d75b3..009abda225 100644
--- a/Config.mk
+++ b/Config.mk
@@ -157,6 +157,8 @@  ifndef XEN_HAS_CHECKPOLICY
     export XEN_HAS_CHECKPOLICY
 endif
 
+export XEN_BUILD_WITH_CLANG = $(clang)
+
 # as-insn: Check whether assembler supports an instruction.
 # Usage: cflags-y += $(call as-insn,CC FLAGS,"insn",option-yes,option-no)
 as-insn = $(if $(shell echo 'void _(void) { asm volatile ( $(2) ); }' \
diff --git a/xen/common/Kconfig b/xen/common/Kconfig
index f754741972..097996fc6c 100644
--- a/xen/common/Kconfig
+++ b/xen/common/Kconfig
@@ -80,6 +80,10 @@  config HAS_CHECKPOLICY
 	string
 	option env="XEN_HAS_CHECKPOLICY"
 
+config BUILD_WITH_CLANG
+	string
+	option env="XEN_BUILD_WITH_CLANG"
+
 menu "Speculative hardening"
 
 config SPECULATIVE_HARDEN_ARRAY
@@ -350,7 +354,7 @@  config CRYPTO
 config LIVEPATCH
 	bool "Live patching support"
 	default X86
-	depends on HAS_BUILD_ID = "y"
+	depends on HAS_BUILD_ID = "y" && BUILD_WITH_CLANG != "y"
 	---help---
 	  Allows a running Xen hypervisor to be dynamically patched using
 	  binary patches without rebooting. This is primarily used to binarily