xenbits.xensource.com Git - livepatch-build-tools.git/log

Fix patch creation with GCC 6.1+

GCC 6.1+ fixed https://gcc.gnu.org/bugzilla/show_bug.cgi?id=192 which
means that .rodata.str1.[0-9]+ sections are now split by function. We
could probably be smarter about including just the sections we need, but
for now, simply include the string sections for all functions as is done
for previous versions of GCC.

Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Reported-by: M A Young <m.a.young@durham.ac.uk>

create-diff-object: Update fixup offsets in .rela.ex_table

When pruning entries from the fixup table, update the offsets in
.rela.ex_table otherwise the relas might point to the wrong fixup entry
or even out of the .fixup section.

This is a port of kpatch's commit 13d61012f9b2 ("create-diff-object:
Update fixup offsets in .rela__ex_table").

Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>

Prevent spurious rebuilding

Don't change the timestamp of arch/x86/Makefile when editing it since it
forces much of the Xen tree to be rebuilt and then requires many
invocations of create-diff-tool.

This is safe since the Makefile change only changes the final link rule,
and xen will be relinked anyway.

Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>

Fix getopt parsing of long options

Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>

Support "make install"

Add rules to support using "make install".

Use "make install DESTDIR=... PREFIX=..." to customize the installation
path.

Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>

Check .config for CONFIG_DEBUG. If not found use --xen-debug (if specified)

Xen 4.8 ditched the 'debug=y' and now has CONFIG_DEBUG in the
.config. To still support 4.7 lets just poke the .config
file and see.

Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Acked-by: Ross Lagerwall <ross.lagerwall@citrix.com>

Update README.md

Update the example and project status. Add Contributing and Maintainers
sections.

Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>

Update to use a .config file

Require the user to pass a .config file matching the original build's
.config to ensure that the build configuration is identical.

Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>

EFI build with -ffunction-sections fails.

When we build Xen with the Rules.mk modified we end up:

ld -mi386pep --subsystem=10 --image-base=0xffff82d080000000 --stack=0,0 --heap=0,0 --strip-debug --section-alignment=0x200000 --file-alignment=0x20 --major-image-version=4 --minor-image-version=8 --major-os-version=2 --minor-os-version=0 --major-subsystem-version=2 --minor-subsystem-version=0 -T efi.lds -N prelink-efi.o efi/relocs-dummy.o /home/konrad/xen/xen/common/symbols-dummy.o -o /home/konrad/xen/xen/.xen.efi.0xffff82d080000000.0 &&   ld -mi386pep --subsystem=10 --image-base=0xffff82d0c0000000 --stack=0,0 --heap=0,0 --strip-debug --section-alignment=0x200000 --file-alignment=0x20 --major-image-version=4 --minor-image-version=8 --major-os-version=2 --minor-os-version=0 --major-subsystem-version=2 --minor-subsystem-version=0 -T efi.lds -N prelink-efi.o efi/relocs-dummy.o /home/konrad/xen/xen/common/symbols-dummy.o -o /home/konrad/xen/xen/.xen.efi.0xffff82d0c0000000.0 && :
ld: Xen image overlaps stubs area
prelink-efi.o: In function `__high_start':
/home/konrad/xen/xen/arch/x86/boot/x86_64.S:6:(.text+0x23): relocation truncated to fit: R_X86_64_PC32 against `gdt_descr'
/home/konrad/xen/xen/arch/x86/boot/x86_64.S:18:(.text+0x43): relocation truncated to fit: R_X86_64_PC32 against `stack_start'
/home/konrad/xen/xen/arch/x86/boot/x86_64.S:35:(.text+0x6a): relocation truncated to fit: R_X86_64_PC32 against `.data'
/home/konrad/xen/xen/arch/x86/boot/x86_64.S:36:(.text+0x6f): relocation truncated to fit: R_X86_64_PC32 against `__start_xen'
.. and more.

Re-running it with -M on a build (the giant ld -mi386pep..) with the -ffunction-sections and without it
makes it obvious what the problem is:

With: -ffunction-sections -fdata-sections:

.data           0xffff82d291e18000       0xf8 prelink-efi.o
                0xffff82d291e18006                gdt_descr

*(.text)
.text           0xffff82d0c0100000     0x27e4 prelink-efi.o
                0xffff82d0c0100000                start
                0xffff82d0c0100020                __high_start

distance is 0x1D1D18000

Normal build:

.data           0xffff82d0c0818000     0x12e8 prelink-efi.o
                0xffff82d0c0818006                gdt_descr

.text           0xffff82d0c0100000   0x14b000
                0xffff82d0c0100000                _stext = .
*(.text)
.text          0xffff82d0c0100000   0x149243 prelink-efi.o
                0xffff82d0c0100000                start
                0xffff82d0c0100020                __high_start

where the distance is 0x718000

The 0x1D1D18000 is most certainly over the 32-bit limit and leads to the truncation.

Now if we look more closely at the map we can see that each
.text section is:

.text.domain_kill
                0xffff82d0cd200000      0x140
.text.domain_kill
                0xffff82d0cd200000      0x139 prelink-efi.o
                0xffff82d0cd200000                domain_kill

.text.domain_create
                0xffff82d0cd400000      0x520
.text.domain_create
                0xffff82d0cd400000      0x502 prelink-efi.o
                0xffff82d0cd400000                domain_create

.. seperated by 2MB!

A bit of grepping showed that the issue is with:

--section-alignment=0x200000

which is used on the linker command line and this fix
replaces the --section-alignment to be 4KB which allows the build
to complete.

Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Ross Lagerwall <ross.lagerwall@citrix.com>

Don't accept fuzz when patching

When testing and applying patches, set fuzz=0 so that patches must apply
exactly. Also set "-f" to avoid interactive questions, and reorder so
that patches are tested before the output directory is created.

Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>

Rename of xSplice to LivePatch.

s/xsplice/livepatch/
s/XSPLICE/LIVEPATCH/
s/xSplice/LivePatch/

Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>

xsplice-build-tools: replace realpath with readlink in xsplice-build

Replace realpath with readlink since '-m' option is not supported by realpath.

Signed-off-by: Dongli Zhang <dongli.zhang@oracle.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>

Require --depends

WIth the version of xSplice in Xen 4.7, the build-id dependency is required,
so require the option.

Update the layout of xsplice_patch_func

Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>

Fix patching functions which use __func__

If __func__ is used, it generates a symbol like __func__.5432
Since this is always included (see is_special_static), it will generate
duplicate symbol conflicts if GCC happens to use the same number (which
happens quite often since it doesn't appear to be random). To work
around this, rename the symbol to use a completely random number.

Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>

Update format of .xsplice.depends section

.xsplice.depends is expected to contain an ELF note, not a plain binary
checksum.

Update xsplice_patch_func layout

Update the structure layout to match the most recent hypervisor version.

Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>

Revert "Add 64 bytes of padding to xsplice_patch_funcs structure"

This reverts commit be95e2474439fbdddcd347e7ea1bd3a842927351.
It doesn't match the hypervisor structure layout in the latest xsplice
code.

Backport "handle reference to end of section"

Backport fffbb85b811e21d92f4517e78ead5fb3373185e6:
create-diff-object: handle reference to end of section
from upstream.

Also edit it to work with Xen's code because it is compiled with -fpic.

Backport static variable correlation work from upstream

Backport 7c88c41cfe3d ("create-diff-object: rewrite static local
variable correlation logic") from kpatch.

Add more sections to be bundleable

Rename xsplice back to kpatch for functions coming from kpatch

To ease porting changes from kpatch, only use xsplice for the special
section names and for newly written functions but use the kpatch
namespace for ported functions.

For Xen, treat PLT32 relocations like PC32

PLT32 relocations are only used because gcc doesn't support symbol
visibility for builtins like memcpy.

Bundle .data.rel.ro. and .data.rel.ro.local. sections

.data.rel.ro(.local). sections are (local) read only data sections with
relocations.

For example:
static const struct hvm_mmio_handler *const
hvm_mmio_handlers[HVM_MMIO_HANDLER_NR] =
{
    &hpet_mmio_handler,
    &vlapic_mmio_handler,
    &vioapic_mmio_handler,
    &msixtbl_mmio_handler,
    &iommu_mmio_handler
};

Allow these sections to be bundled so that section symbols can be
replaced with normal symbols, preventing them from being needlessly
included.

Add support for signing payloads

Use the module signing infrastructure from Linux 4.3-rc6 to allow
signing payloads.

Example:
$ cd sign
$ make
$ ./sign-file-wrapper /path/to/payload.xsplice

Mangle local symbols to match Xen's mangling

Implement run-time linking

Implement run-time linking and link at run-time by default. Still keep
the option to link at compile time.

Allow specifying a build-id dependency

Allow including a build-id on which the created patch module depends.
This will then be verified by the hypervisor during patch apply.

Add 64 bytes of padding to xsplice_patch_funcs structure

This gives the hypervisor scratch space for undo buffers and possibly
other uses.

Include a build id in xsplice modules

The build id will in future be used to uniquely identify a module and
for module dependencies.

Add support for hooks and ignore functions and sections

Fix logging from common.c

Add prelink tool

To simplify matters, prelink against a xen-syms file at compile time to
avoid having to resolve symbols at runtime. Create a prelink tool to do
this. Split out the elf loading and saving code of create-diff-object.c
into a common file which is shared by create-diff-object and prelink.

Clean up code a bit

Make functions and variables static.
Remove trailing whitespace.
Remove unused functions.

Add space for reverting the each applied function

Add an undo buffer to each xsplice_patch_func object to making reverting
functions easy.

Fail if the function is too small to patch

Add support for specifying the path to xen-syms

This allows linking against a different xen-syms from the original
built. This may be useful if the compile environment or source code is
slightly different.

Don't create "reverse" patch modules

Add project files

xsplice-build can build live patches for most XSAs. It is, however,
still prototype code.

Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>