Re: [Xen-devel] Problems with livepatching

[Konrad Rzeszutek Wilk <konrad@xxxxxxxxxx>]

On Thu, Nov 24, 2016 at 12:13:43AM +0000, M A Young wrote:
> On Wed, 23 Nov 2016, Andrew Cooper wrote:
> 
> > On 23/11/2016 23:06, M A Young wrote:
> > > I have been experimenting with live patching with the recent batch of 
> > > security updates on Fedora xen with very limited success. I had most 
> > > attempts with a test build of xen-4.8.0-rc6, and of the updates I have 
> > > tried only xsa192.patch uploads successfully. For example with 
> > > xsa191.patch the upload fails with the output
> > > Uploading /tmp/xen-debuginfo/out1/xsa191.livepatch (1561400 bytes)
> > > Upload failed: /tmp/xen-debuginfo/out1/xsa191.livepatch, error: 2(No such 
> > > file or directory)!
> > > and in xl dmesg a long debugging output ends with the line
> > > (XEN) livepatch_elf.c:295: livepatch: xsa191: Unknown symbol: .LC0
> > > with a similar line (mostly with .LC0 but with .LC3 in one case) for the 
> > > other failed attempts. Am I doing something wrong or is there a problem 
> > > with live patching in this case?
> > 
> > This looks like a problem generating the livepatch itself, not the
> > livepatching mechanism.
> > 
> > Make sure you are completely up to date with the livepatch tools
> > userspace.  There was one bug in livepatch generation which was
> > discovered due to XSA-191 and fixed (actually a preexisting bug even in
> > Linux), but its symptoms were innocuous until you patched, at which vcpu
> > context switch blew up.
> 
> Where is this latest version available from? I had checked the git repo on 
> xenbits 
> http://xenbits.xenproject.org/gitweb/?p=livepatch-build-tools.git;a=summary 
> but the last commit was 4 months ago.

Here is the patch that Ross has been working on - it is being first reviewed
for merge in the upstream version of kpatch. Hence hasn't been posted. But
posting it here.


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel