[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 09/14] livepatch: Add per-function applied/reverted state tracking marker

To: "Wieczorkiewicz, Pawel" <wipawel@xxxxxxxxx>
From: Julien Grall <julien.grall@xxxxxxx>
Date: Thu, 22 Aug 2019 16:30:40 +0100
Cc: Tim Deegan <tim@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxx>, "Pohlack, Martin" <mpohlack@xxxxxxxxx>, Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
Delivery-date: Thu, 22 Aug 2019 15:30:52 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Hi Pawel,

On 22/08/2019 12:02, Wieczorkiewicz, Pawel wrote:

On 22. Aug 2019, at 12:29, Julien Grall <julien.grall@xxxxxxx<mailto:julien.grall@xxxxxxx>> wrote:
On 21/08/2019 09:19, Pawel Wieczorkiewicz wrote:
More generally, I am not very comfortable to see panic() in the middle of thecode. Could you explain why panic is the best solution over reverting the work?
Yes. Production-ready hotpatches must not contain inconsistent hooks orfunctions-to-be-applied/reverted.The goal here is to detect such hotpatches and fail hard immediatelyhighlighting the fact that such hotpatch
is broken.

Aside the len = 0 that you are going to fix. How would this condition happen?Are you going to add code that will potentially trigger the panic?

The inconsistent application of a hotpatch (some function applied, some revertedwhile other left behined) leavesthe system in a very bad state. I think the best what we could do here ispanic() to enable post-mortem analysis
of what went wrong and avoid leaking such system into production.

Thank you for the explanation here (and on IRC). May I ask some documentationregarding the panic in at least commit message? Ideally, this would explain whythe panic the most sensible solution.


Cheers,

--
Julien Grall

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH 09/14] livepatch: Add per-function applied/reverted state tracking marker
  - From: Wieczorkiewicz, Pawel

References:
- [Xen-devel] [PATCH 00/14] livepatch: new features and fixes
  - From: Pawel Wieczorkiewicz
- [Xen-devel] [PATCH 09/14] livepatch: Add per-function applied/reverted state tracking marker
  - From: Pawel Wieczorkiewicz
- Re: [Xen-devel] [PATCH 09/14] livepatch: Add per-function applied/reverted state tracking marker
  - From: Julien Grall
- Re: [Xen-devel] [PATCH 09/14] livepatch: Add per-function applied/reverted state tracking marker
  - From: Wieczorkiewicz, Pawel

Prev by Date: Re: [Xen-devel] More questions about Xen memory layout/usage, access to guest memory
Next by Date: Re: [Xen-devel] [PATCH v9 00/15] improve late microcode loading
Previous by thread: Re: [Xen-devel] [PATCH 09/14] livepatch: Add per-function applied/reverted state tracking marker
Next by thread: Re: [Xen-devel] [PATCH 09/14] livepatch: Add per-function applied/reverted state tracking marker
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.