Xen project Mailing List

Re: [PATCH v3] livepatch: account for patch offset when applying NOP patch

To: Roger Pau Monné <roger.pau@xxxxxxxxxx>

From: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>

Date: Fri, 8 Apr 2022 08:56:44 -0400

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=QhU0EhWRD5EtPJRO9+dZowPxPurWnxgiJx8pnKnN5cI=; b=V8xV216k8pFigZOPtxXXYIOgQ4OjER4FRvxiRBlL0uttepeXnJu0T0XeHxAJckbD8VEH9QUMYw8OlHGP04aEMgYgq/286EEWaZuG1MhAMzKgm8jtccdrEytKzkA1LU/VCRvHFyNDiLoBgBXn1xJdq4bwJbGhkEbY9cLhpFjiXJOG1ccgzkhdXc8tEB4oS3ccgSEv4ZxoUxJ19HV5PAvISpSzUSseMb2raX3rAwKB5Yx/g/qsOItiG88RB1VTRdJTivNW50PPCjvHOTT6VAgWWHga+bd8pQnqfyM03VYlXsy5RBu6DIZRX5OtRzYOrCb2N4V4cYzce4rBNzI5taGC3A==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Fas4RhK+Lz+tEqQuOV5cd93JeEv2vw6Zq4IJCsdi1diu7uvc+jcdNmeBzqhPMQDdMWOkGBcH3Cy6PmDMXfPVKiGUljW1rXueQjaFUFdwppVgJeV+CSTdUE7oKLlcIFBTkXKX27Aq9walKqJfo2wZ5V/gVTTyqqjjX/tceLLfrJgpu0DOwbgqw8q14TVxRUeKXbA9fUFBmBQPMoqF1N48mLGvk4I7ugUgsgQLwoN3bceCxtl5qwDv+x/5dX4PA/GPz1Ihxta13/vgoON8S/Kc1iT33oc76PXY+Uzi6kjYjtPUTkQnn/kMszMzDHF39qtHPah7hBUHUfpQ/fry7zcOuQ==

Cc: Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Bjoern Doebel <doebel@xxxxxxxxx>

Delivery-date: Fri, 08 Apr 2022 12:57:10 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Fri, Apr 08, 2022 at 10:19:54AM +0200, Roger Pau Monné wrote: > On Thu, Apr 07, 2022 at 03:44:16PM +0000, Ross Lagerwall wrote: > > > From: Jan Beulich <jbeulich@xxxxxxxx> > > > Sent: Thursday, March 31, 2022 9:42 AM > > > To: Roger Pau Monne <roger.pau@xxxxxxxxxx> > > > Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx <xen-devel@xxxxxxxxxxxxxxxxxxxx>; Ross > > > Lagerwall <ross.lagerwall@xxxxxxxxxx>; Konrad Wilk > > > <konrad.wilk@xxxxxxxxxx>; Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>; Wei > > > Liu <wl@xxxxxxx>; Bjoern Doebel <doebel@xxxxxxxxx> > > > Subject: Re: [PATCH v3] livepatch: account for patch offset when applying > > > NOP patch > > > > > > [CAUTION - EXTERNAL EMAIL] DO NOT reply, click links, or open attachments > > > unless you have verified the sender and know the content is safe. > > > > > > On 31.03.2022 10:21, Roger Pau Monné wrote: > > > > On Thu, Mar 31, 2022 at 08:49:46AM +0200, Jan Beulich wrote: > > > >> While not triggered by the trivial xen_nop in-tree patch on > > > >> staging/master, that patch exposes a problem on the stable trees, where > > > >> all functions have ENDBR inserted. When NOP-ing out a range, we need to > > > >> account for this. Handle this right in livepatch_insn_len(). > > > >> > > > >> This requires livepatch_insn_len() to be called _after_ ->patch_offset > > > >> was set. > > > >> > > > >> Fixes: 6974c75180f1 ("xen/x86: Livepatch: support patching > > > >> CET-enhanced functions") > > > >> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> > > > > > > > > Reviewed-by: Roger Pau Monné <roger.pau@xxxxxxxxxx> > > > > > > Thanks. > > > > > > As a note to the livepatch maintainers: I'm going to put this in > > > without further waiting for suitable acks. Just in case I'll put > > > it on the 4.16 branch only for starters, to see that it actually > > > helps there (it's unusual to put something on the stable > > > branches before it having passed the push gate to master). > > > > Thanks (was on PTO and away from email). > > > > > > > > > Albeit I don't think I understand how the in-place patching is done. I > > > > would expect the !func->new_addr branch of the if in > > > > arch_livepatch_apply to fill the insn buffer with the in-place > > > > replacement instructions, but I only see the buffer getting filled > > > > with nops. I'm likely missing something (not that this patch changes > > > > any of this). > > > > > > Well, as per the v2 thread: There's no in-place patching except > > > to NOP out certain insns. > > > > Correct. FWIW I'm not really aware of a valid use case for this > > > > > > > > > I'm also having trouble figuring out how we assert that the len value > > > > (which is derived from new_size if !new_addr) is not greater than > > > > LIVEPATCH_OPAQUE_SIZE, which is the limit of the insn buffer. Maybe > > > > that's already checked elsewhere. > > > > > > That's what my 3rd post-commit-message remark was (partly) about. > > > > old_size specifies the length of the existing function to be patched. > > > > If new_addr is zero (NOP case), then new_size specifies the number of > > bytes to overwrite with NOP. That's why new_size is used as the memcpy > > length (minus patch offset). > > Sorry, maybe a naive question, but why not use old_size directly to > overwrite with NOPs? > > Is this because you could generate a patch that just removed code from > a function and then you would ideally just overwrite with NOPs the > section to be removed while leaving the rest of the function as-is (so > no jump added)? > > I wonder whether we exercise this functionality at all, as I would > imagine is quite hard to come with such payload? The original idea behind this was to do any type of changes - not just nop but other instructions too. Aka inline assembler changes. It is not something livepatch-build supports but you can handcraft those if you are in a pinch. And the test-cases just do nop as that was the easiest one to create. > > Thanks, Roger.

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.