[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 01/14] livepatch: Always check hypervisor build ID upon hotpatch upload
On 8/21/19 4:19 AM, Pawel Wieczorkiewicz wrote: This change is part of a independant stacked hotpatch modules feature. This feature allows to bypass dependencies between modules upon loading, but still verifies Xen build ID matching. In order to prevent (up)loading any hotpatches built for different hypervisor version as indicated by the Xen Build ID, add checking for the payload's vs Xen's build id match. To achieve that embed into every hotpatch another section with a dedicated hypervisor build id in it. After the payload is loaded and the .livepatch.xen_depends section becomes available, perform the check and reject the payload if there is no match. Signed-off-by: Pawel Wieczorkiewicz <wipawel@xxxxxxxxx> Reviewed-by: Andra-Irina Paraschiv <andraprs@xxxxxxxxxx> Reviewed-by: Bjoern Doebel <doebel@xxxxxxxxx> Reviewed-by: Eslam Elnikety <elnikety@xxxxxxxxx> Reviewed-by: Martin Pohlack <mpohlack@xxxxxxxxx> +# This one always fails upon upload, because it deliberetely I think that is spelled a bit different :-) But besides that looks perfect. Ross, you Ok with this one too? _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |