[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Xen-devel] [PATCH v3 01/12] livepatch: Always check hypervisor build ID upon hotpatch upload
- To: Pawel Wieczorkiewicz <wipawel@xxxxxxxxx>, <xen-devel@xxxxxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>
- From: Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>
- Date: Mon, 16 Sep 2019 17:23:13 +0100
- Authentication-results: esa3.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none; spf=None smtp.pra=ross.lagerwall@xxxxxxxxxx; spf=Pass smtp.mailfrom=ross.lagerwall@xxxxxxxxxx; spf=None smtp.helo=postmaster@xxxxxxxxxxxxxxx
- Cc: wipawel@xxxxxxxxxx, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, mpohlack@xxxxxxxxxx, Tim Deegan <tim@xxxxxxx>, Julien Grall <julien.grall@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>
- Delivery-date: Mon, 16 Sep 2019 16:23:22 +0000
- Ironport-sdr: ETFRMxoG+PwKyfJHOwWiOZmBX1x9fC8TVmTrECpotdo2EIZ+x7AGBVgGc3V2VBAty1TognAkjF Z+3KZBKSfuFqmVu+y2jJeR7lzO/Ix5eDViIshvGTsn+Ax47yQMedu9+A9/LS4kHLM2j4g4j/oX mCZ7izaVneK7WMGqKxXPMsA+Vh1n6KwTizbb3ZkHyWpMHt86d4Obo+wLiiNCB/tutB7ri0dx+i 741vaqDzlVJlOFGnispO9VrSvPSV1X9RRZMniozerCO2jAh1Dgzka/e7TK17PsGSwVV3spSBk3 5w4=
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 9/16/19 11:59 AM, Pawel Wieczorkiewicz wrote:
This change is part of a independant stacked hotpatch modules
feature. This feature allows to bypass dependencies between modules
upon loading, but still verifies Xen build ID matching.
In order to prevent (up)loading any hotpatches built for different
hypervisor version as indicated by the Xen Build ID, add checking for
the payload's vs Xen's build id match.
To achieve that embed into every hotpatch another section with a
dedicated hypervisor build id in it. After the payload is loaded and
the .livepatch.xen_depends section becomes available, perform the
check and reject the payload if there is no match.
snip
+ sec = livepatch_elf_sec_by_name(elf, ELF_LIVEPATCH_XEN_DEPENDS);
+ if ( sec )
+ {
+ n = sec->load_addr;
+
+ if ( sec->sec->sh_size <= sizeof(*n) )
+ return -EINVAL;
+
+ if ( xen_build_id_check(n, sec->sec->sh_size,
+ &payload->xen_dep.p, &payload->xen_dep.len) )
+ return -EINVAL;
+
+ if ( !payload->xen_dep.len || !payload->xen_dep.p )
+ return -EINVAL;
+ }
+
/* Setup the virtual region with proper data. */
region = &payload->region;
@@ -882,6 +922,10 @@ static int load_payload_data(struct payload *payload, void *raw, size_t len)
if ( rc )
goto out;
+ rc = check_xen_build_id(payload);
+ if ( rc )
+ goto out;
+
rc = build_symbol_table(payload, &elf);
if ( rc )
goto out;
It is a bit confusing having a new function called check_xen_build_id()
when there is already a xen_build_id_check(). Perhaps the new one should
be called xen_build_id_dep() as it is analogous to the existing
build_id_dep()?
Either way,
Reviewed-by: Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel
|
