From patchwork Fri Jun 10 11:02:45 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Lagerwall X-Patchwork-Id: 9169479 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 8F1F860573 for ; Fri, 10 Jun 2016 11:04:56 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 805B61FF45 for ; Fri, 10 Jun 2016 11:04:56 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 754CB2835A; Fri, 10 Jun 2016 11:04:56 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id DC8871FF45 for ; Fri, 10 Jun 2016 11:04:55 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bBKDQ-0003O3-L5; Fri, 10 Jun 2016 11:03:04 +0000 Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bBKDP-0003N8-C0 for xen-devel@lists.xen.org; Fri, 10 Jun 2016 11:03:03 +0000 Received: from [85.158.139.211] by server-3.bemta-5.messagelabs.com id 02/AE-08636-66E9A575; Fri, 10 Jun 2016 11:03:02 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprFIsWRWlGSWpSXmKPExsXitHSDvW7avKh wg7N3+C2WfFzM4sDocXT3b6YAxijWzLyk/IoE1oz9z2YwF5yQr2hYvoWxgXGnVBcjJ4eEgL/E 15YWFhCbTcBA4tal78wgtoiArMTqrjnsIDazQLzE+jkTWUFsYQFViYMzPzOC2CxA9pZrz8FsX gFPiQ+HjwHVcwDNlJd4drseJMwp4CXx+N8xsJFCQCX9b2+yQ9hqEm+Xn2GBaBWUODnzCQvEKg mJgy9eMEOM4Zb4220/gZFvFpKqWUiqFjAyrWJUL04tKkst0jXTSyrKTM8oyU3MzNE1NDDVy00 tLk5MT81JTCrWS87P3cQIDCcGINjBOLXB+RCjJAeTkijv5MlR4UJ8SfkplRmJxRnxRaU5qcWH GGU4OJQkeK3nAuUEi1LTUyvSMnOAgQ2TluDgURLhZQBJ8xYXJOYWZ6ZDpE4x6nLMm7TrGJMQS 15+XqqUOK8qSJEASFFGaR7cCFiUXWKUlRLmZQQ6SoinILUoN7MEVf4VozgHo5Iw79E5QFN4Mv NK4Da9AjqCCeiI5UfCQY4oSURISTUwrg9oT5ujI987RyLw+cHSjS3vIt9ERLcsFHu28nAsxwx eZbdjV/5tiCnaJqzynFnIc6O5QWRkyR/nTXrbPCZqT7TbtjyaZ86y1JIln6cHKc1v++KtXc+b X6URel7PadvOwrch+Xu/z+JdeJrpcT2P9+bfPXGKyjn3XKYeiba8q/2iPvmTN2O3EktxRqKhF nNRcSIAFW50ta0CAAA= X-Env-Sender: prvs=9624cb854=ross.lagerwall@citrix.com X-Msg-Ref: server-10.tower-206.messagelabs.com!1465556578!26996526!3 X-Originating-IP: [66.165.176.63] X-SpamReason: No, hits=0.0 required=7.0 tests=sa_preprocessor: VHJ1c3RlZCBJUDogNjYuMTY1LjE3Ni42MyA9PiAzMDYwNDg=\n, received_headers: No Received headers X-StarScan-Received: X-StarScan-Version: 8.46; banners=-,-,- X-VirusChecked: Checked Received: (qmail 27397 invoked from network); 10 Jun 2016 11:03:01 -0000 Received: from smtp02.citrix.com (HELO SMTP02.CITRIX.COM) (66.165.176.63) by server-10.tower-206.messagelabs.com with RC4-SHA encrypted SMTP; 10 Jun 2016 11:03:01 -0000 X-IronPort-AV: E=Sophos;i="5.26,449,1459814400"; d="scan'208";a="366463649" From: Ross Lagerwall To: Date: Fri, 10 Jun 2016 12:02:45 +0100 Message-ID: <1465556565-26403-3-git-send-email-ross.lagerwall@citrix.com> X-Mailer: git-send-email 2.4.11 In-Reply-To: <1465556565-26403-1-git-send-email-ross.lagerwall@citrix.com> References: <1465556565-26403-1-git-send-email-ross.lagerwall@citrix.com> MIME-Version: 1.0 X-DLP: MIA1 Cc: Ross Lagerwall Subject: [Xen-devel] [PATCH 3/3] Update README.md X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP Update the example and project status. Add Contributing and Maintainers sections. Signed-off-by: Ross Lagerwall Reviewed-by: Konrad Rzeszutek Wilk --- README.md | 76 ++++++++++++++++++++++++++++++++++++++++++++------------------- 1 file changed, 53 insertions(+), 23 deletions(-) diff --git a/README.md b/README.md index 9fb709f..653c624 100644 --- a/README.md +++ b/README.md @@ -2,27 +2,34 @@ livepatch-build ============= livepatch-build is a tool for building LivePatch patches from source code -patches. It takes as input, a Xen tree and a patch and outputs an +patches. It takes as input, a Xen tree and a patch and outputs a `.livepatch` module containing containing the live patch. Quick start ----------- First checkout the code, and then run `make` to build it. -Here is an example of building a patch for XSA-106: +Here is an example of building a live patch for Xen for some XSA. +First build Xen, install it on a host somewhere and reboot: +``` +$ cp -r ~/src/xen ~/src/xenbuild +$ cd ~/src/xen/xen +$ make nconfig # Make sure to set CONFIG_LIVEPATCH=y +$ make +$ BUILDID=$(readelf -Wn xen-syms | awk '/Build ID:/ {print $3}') +``` + +Next, build a live patch, using a patch and the source, build ID, and +.config from the original build: ``` -$ cd ~/src/xen -$ git reset --hard -$ git clean -x -f -d -$ git checkout 346d4545569928b652c40c7815c1732676f8587c^ $ cd ~/src/livepatch-build -$ wget -q 'http://xenbits.xen.org/xsa/xsa106.patch' -$ ./livepatch-build --xen-debug -s ~/src/xen -p xsa106.patch -o out -Building LivePatch patch: xsa106 +$ ./livepatch-build -s ~/src/xenbuild -p ~/src/xsa.patch -o out \ + -c ~/src/xen/xen/.config --depends $BUILDID +Building LivePatch patch: xsa -Xen directory: /home/ross/src/xen -Patch file: /home/ross/src/livepatch-build/xsa106.patch -Output directory: /home/ross/src/livepatch-build/out +Xen directory: /home/ross/src/xenbuild +Patch file: /home/ross/src/xsa.patch +Output directory: /home/ross/src/livepatch-build-tools/out ================================================ Testing patch file... @@ -32,22 +39,45 @@ Unapply patch and build with 4 CPU(s)... Extracting new and modified ELF sections... Processing xen/arch/x86/x86_emulate.o Creating patch module... -xsa106.livepatch created successfully +xsa.livepatch created successfully -$ ls -lh out/xsa106.livepatch --rw-rw-r--. 1 ross ross 418K Oct 12 12:02 out/xsa106.livepatch +$ ls -lh out/xsa.livepatch +-rwxrwxr-x. 1 ross ross 135K Jun 10 09:32 out/xsa.livepatch +``` + +Finally, copy the live patch to the host and load it: +``` +$ scp out/xsa.livepatch myhost: +$ ssh myhost 'xen-livepatch load xsa.livepatch' +Uploading xsa.livepatch (135840 bytes) +Performing apply:. completed +$ ssh myhost 'xen-livepatch list' + ID | status +----------------------------------------+------------ +xsa | APPLIED ``` Project Status -------------- -This is prototype code: - * There's no way to apply built patches - * Patches cannot be built for some source patches - * The output format does not correspond to the latest LivePatch design - -With no source patch modifications, live patches can be built for every -XSA that applies to x86 back to XSA-90 except for XSA-97, XSA-111, -XSA-112, and XSA-114 (83% success rate). +Live patches can be built and applied for many changes, including most +XSAs; however, there are still some cases which require changing the +source patch to allow it to be built as a live patch. + +This tool currently supports x86 only. + +It is intended that some or all of this project will merge back into +kpatch-build rather being maintained as a fork. + +Contributing +------------ +Please send patches created with `git-format-patch` and an appropriate +Signed-off-by: line to , CCing the maintainers +listed below. + +Maintainers +----------- +* Ross Lagerwall +* Konrad Rzeszutek Wilk License -------