| Message ID | 20231214101719.18770-5-roger.pau@citrix.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | xen/x86: add testing for self modifying code and livepatch | expand |
On Thu, 13 Dec 2023, Roger Pau Monne wrote: > Introduce a new gitlab tests for livepatching, using livepatch-build-tools, > which better reflects how downstreams build live patches rather than the > in-tree tests. > > The tests applies the dummy in-tree patch example, checks that the patch is > applied correctly and then reverts and unloads it. > > Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Reviewed-by: Stefano Stabellini <sstabellini@kernel.org> > --- > Changes since v2: > - Split livepatch build into a separate script. > --- > automation/gitlab-ci/build.yaml | 9 +++ > automation/gitlab-ci/test.yaml | 8 +++ > automation/scripts/build-livepatch | 27 ++++++++ > .../scripts/qemu-alpine-x86_64-livepatch.sh | 68 +++++++++++++++++++ > 4 files changed, 112 insertions(+) > create mode 100755 automation/scripts/build-livepatch > create mode 100755 automation/scripts/qemu-alpine-x86_64-livepatch.sh > > diff --git a/automation/gitlab-ci/build.yaml b/automation/gitlab-ci/build.yaml > index 32af30ccedc9..d770bffb845e 100644 > --- a/automation/gitlab-ci/build.yaml > +++ b/automation/gitlab-ci/build.yaml > @@ -358,6 +358,15 @@ alpine-3.18-gcc-debug: > variables: > CONTAINER: alpine:3.18 > > +alpine-3.18-gcc-livepatch: > + extends: .gcc-x86-64-build > + script: > + - ./automation/scripts/build-livepatch 2>&1 | tee build.log > + variables: > + CONTAINER: alpine:3.18 > + EXTRA_XEN_CONFIG: | > + CONFIG_LIVEPATCH=y > + > debian-stretch-gcc-debug: > extends: .gcc-x86-64-build-debug > variables: > diff --git a/automation/gitlab-ci/test.yaml b/automation/gitlab-ci/test.yaml > index 6aabdb9d156f..58a90be5ed0e 100644 > --- a/automation/gitlab-ci/test.yaml > +++ b/automation/gitlab-ci/test.yaml > @@ -459,3 +459,11 @@ qemu-smoke-ppc64le-powernv9-gcc: > needs: > - qemu-system-ppc64-8.1.0-ppc64-export > - debian-bullseye-gcc-ppc64le-debug > + > +qemu-alpine-x86_64-gcc-livepatch: > + extends: .qemu-x86-64 > + script: > + - ./automation/scripts/qemu-alpine-x86_64-livepatch.sh 2>&1 | tee ${LOGFILE} > + needs: > + - *x86-64-test-needs > + - alpine-3.18-gcc-livepatch > diff --git a/automation/scripts/build-livepatch b/automation/scripts/build-livepatch > new file mode 100755 > index 000000000000..ac86b17ae5e4 > --- /dev/null > +++ b/automation/scripts/build-livepatch > @@ -0,0 +1,27 @@ > +#!/bin/bash -ex > + > +# Do a regular build first > +./automation/scripts/build > + > +# Build a test livepatch using livepatch-build-tools. > + > +if [[ "$XEN_TARGET_ARCH" != "x86_64" ]]; then > + exit 1 > +fi > + > +BASE=xen/arch/x86/test/smoc-lp.c > +ALT=xen/arch/x86/test/smoc-lp-alt.c > + > +[[ -f $BASE && -f $ALT ]] > + > +# git diff --no-index returns 0 if no differences, otherwise 1. > +git diff --no-index --output=test.patch $BASE $ALT && exit 1 > + > +BUILDID=$(readelf -Wn xen/xen-syms | sed -n -e 's/^.*Build ID: //p') > + > +git clone https://xenbits.xen.org/git-http/livepatch-build-tools.git > +cd livepatch-build-tools > +make > +./livepatch-build -s ../ -p ../test.patch -o out -c ../xen/.config \ > + --depends $BUILDID --xen-depends $BUILDID > +cp out/test.livepatch ../binaries/test.livepatch > diff --git a/automation/scripts/qemu-alpine-x86_64-livepatch.sh b/automation/scripts/qemu-alpine-x86_64-livepatch.sh > new file mode 100755 > index 000000000000..da478cac4376 > --- /dev/null > +++ b/automation/scripts/qemu-alpine-x86_64-livepatch.sh > @@ -0,0 +1,68 @@ > +#!/bin/bash > + > +set -ex > + > +cd binaries > +# initrd.tar.gz is Dom0 rootfs > +mkdir -p rootfs > +cd rootfs > +tar xvzf ../initrd.tar.gz > +mkdir proc > +mkdir run > +mkdir srv > +mkdir sys > +rm var/run > +cp -ar ../dist/install/* . > +cp ../test.livepatch ./root/ > +cat << "EOF" >> etc/local.d/xen-lp.start > +#!/bin/bash > + > +set -ex > + > +trap poweroff EXIT > + > +export LD_LIBRARY_PATH=/usr/local/lib > + > +xen-livepatch test && exit 1 || true > + > +xen-livepatch load /root/test.livepatch > + > +# Cannot fail now > +xen-livepatch test > + > +xen-livepatch revert test > +xen-livepatch unload test > + > +xen-livepatch test && exit 1 || true > + > +echo "SUCCESS" > +EOF > +chmod +x etc/local.d/xen-lp.start > +echo "rc_verbose=yes" >> etc/rc.conf > +# rebuild Dom0 rootfs > +find . |cpio -H newc -o|gzip > ../xen-rootfs.cpio.gz > +cd ../.. > + > +cat >> binaries/pxelinux.0 << EOF > +#!ipxe > + > +kernel xen console=com1 console_timestamps=boot > +module bzImage console=hvc0 > +module xen-rootfs.cpio.gz > +boot > +EOF > + > +# Run the test > +rm -f smoke.serial > +timeout -k 1 360 \ > +qemu-system-x86_64 \ > + -cpu qemu64,+svm \ > + -m 2G -smp 2 \ > + -monitor none -serial stdio \ > + -nographic \ > + -device virtio-net-pci,netdev=n0 \ > + -netdev user,id=n0,tftp=binaries,bootfile=/pxelinux.0 |& \ > + tee smoke.serial | sed 's/\r//' > + > +grep -q "SUCCESS" smoke.serial > +exit 0 > -- > 2.43.0 >
diff --git a/automation/gitlab-ci/build.yaml b/automation/gitlab-ci/build.yaml index 32af30ccedc9..d770bffb845e 100644 --- a/automation/gitlab-ci/build.yaml +++ b/automation/gitlab-ci/build.yaml @@ -358,6 +358,15 @@ alpine-3.18-gcc-debug: variables: CONTAINER: alpine:3.18 +alpine-3.18-gcc-livepatch: + extends: .gcc-x86-64-build + script: + - ./automation/scripts/build-livepatch 2>&1 | tee build.log + variables: + CONTAINER: alpine:3.18 + EXTRA_XEN_CONFIG: | + CONFIG_LIVEPATCH=y + debian-stretch-gcc-debug: extends: .gcc-x86-64-build-debug variables: diff --git a/automation/gitlab-ci/test.yaml b/automation/gitlab-ci/test.yaml index 6aabdb9d156f..58a90be5ed0e 100644 --- a/automation/gitlab-ci/test.yaml +++ b/automation/gitlab-ci/test.yaml @@ -459,3 +459,11 @@ qemu-smoke-ppc64le-powernv9-gcc: needs: - qemu-system-ppc64-8.1.0-ppc64-export - debian-bullseye-gcc-ppc64le-debug + +qemu-alpine-x86_64-gcc-livepatch: + extends: .qemu-x86-64 + script: + - ./automation/scripts/qemu-alpine-x86_64-livepatch.sh 2>&1 | tee ${LOGFILE} + needs: + - *x86-64-test-needs + - alpine-3.18-gcc-livepatch diff --git a/automation/scripts/build-livepatch b/automation/scripts/build-livepatch new file mode 100755 index 000000000000..ac86b17ae5e4 --- /dev/null +++ b/automation/scripts/build-livepatch @@ -0,0 +1,27 @@ +#!/bin/bash -ex + +# Do a regular build first +./automation/scripts/build + +# Build a test livepatch using livepatch-build-tools. + +if [[ "$XEN_TARGET_ARCH" != "x86_64" ]]; then + exit 1 +fi + +BASE=xen/arch/x86/test/smoc-lp.c +ALT=xen/arch/x86/test/smoc-lp-alt.c + +[[ -f $BASE && -f $ALT ]] + +# git diff --no-index returns 0 if no differences, otherwise 1. +git diff --no-index --output=test.patch $BASE $ALT && exit 1 + +BUILDID=$(readelf -Wn xen/xen-syms | sed -n -e 's/^.*Build ID: //p') + +git clone https://xenbits.xen.org/git-http/livepatch-build-tools.git +cd livepatch-build-tools +make +./livepatch-build -s ../ -p ../test.patch -o out -c ../xen/.config \ + --depends $BUILDID --xen-depends $BUILDID +cp out/test.livepatch ../binaries/test.livepatch diff --git a/automation/scripts/qemu-alpine-x86_64-livepatch.sh b/automation/scripts/qemu-alpine-x86_64-livepatch.sh new file mode 100755 index 000000000000..da478cac4376 --- /dev/null +++ b/automation/scripts/qemu-alpine-x86_64-livepatch.sh @@ -0,0 +1,68 @@ +#!/bin/bash + +set -ex + +cd binaries +# initrd.tar.gz is Dom0 rootfs +mkdir -p rootfs +cd rootfs +tar xvzf ../initrd.tar.gz +mkdir proc +mkdir run +mkdir srv +mkdir sys +rm var/run +cp -ar ../dist/install/* . +cp ../test.livepatch ./root/ +cat << "EOF" >> etc/local.d/xen-lp.start +#!/bin/bash + +set -ex + +trap poweroff EXIT + +export LD_LIBRARY_PATH=/usr/local/lib + +xen-livepatch test && exit 1 || true + +xen-livepatch load /root/test.livepatch + +# Cannot fail now +xen-livepatch test + +xen-livepatch revert test +xen-livepatch unload test + +xen-livepatch test && exit 1 || true + +echo "SUCCESS" +EOF +chmod +x etc/local.d/xen-lp.start +echo "rc_verbose=yes" >> etc/rc.conf +# rebuild Dom0 rootfs +find . |cpio -H newc -o|gzip > ../xen-rootfs.cpio.gz +cd ../.. + +cat >> binaries/pxelinux.0 << EOF +#!ipxe + +kernel xen console=com1 console_timestamps=boot +module bzImage console=hvc0 +module xen-rootfs.cpio.gz +boot +EOF + +# Run the test +rm -f smoke.serial +timeout -k 1 360 \ +qemu-system-x86_64 \ + -cpu qemu64,+svm \ + -m 2G -smp 2 \ + -monitor none -serial stdio \ + -nographic \ + -device virtio-net-pci,netdev=n0 \ + -netdev user,id=n0,tftp=binaries,bootfile=/pxelinux.0 |& \ + tee smoke.serial | sed 's/\r//' + +grep -q "SUCCESS" smoke.serial +exit 0
Introduce a new gitlab tests for livepatching, using livepatch-build-tools, which better reflects how downstreams build live patches rather than the in-tree tests. The tests applies the dummy in-tree patch example, checks that the patch is applied correctly and then reverts and unloads it. Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> --- Changes since v2: - Split livepatch build into a separate script. --- automation/gitlab-ci/build.yaml | 9 +++ automation/gitlab-ci/test.yaml | 8 +++ automation/scripts/build-livepatch | 27 ++++++++ .../scripts/qemu-alpine-x86_64-livepatch.sh | 68 +++++++++++++++++++ 4 files changed, 112 insertions(+) create mode 100755 automation/scripts/build-livepatch create mode 100755 automation/scripts/qemu-alpine-x86_64-livepatch.sh