[PATCH LIVEPATCH-BUILD-TOOLS v2 1/3] Update to use a .config file

[PATCH LIVEPATCH-BUILD-TOOLS v2 1/3] Update to use a .config file

[Ross Lagerwall]

Require the user to pass a .config file matching the original build's
.config to ensure that the build configuration is identical.

Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
---
 livepatch-build | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/livepatch-build b/livepatch-build
index 8dc8889..a9ac4df 100755
--- a/livepatch-build
+++ b/livepatch-build
@@ -158,6 +158,7 @@ usage() {
     echo "        -h, --help         Show this help message" >&2
     echo "        -s, --srcdir       Xen source directory" >&2
     echo "        -p, --patch        Patch file" >&2
+    echo "        -c, --config       .config file" >&2
     echo "        -o, --output       Output directory" >&2
     echo "        -j, --cpus         Number of CPUs to use" >&2
     echo "        -k, --skip         Skip build or diff phase" >&2
@@ -168,7 +169,7 @@ usage() {
     echo "        --prelink          Prelink" >&2
 }
 
-options=$(getopt -o hs:p:o:j:k:d -l "help,srcdir:patch:output:cpus:,skip:,debug,xen-debug,xen-syms:,depends:,prelink" -- "$@") || die "getopt failed"
+options=$(getopt -o hs:p:c:o:j:k:d -l "help,srcdir:patch:config:output:cpus:,skip:,debug,xen-debug,xen-syms:,depends:,prelink" -- "$@") || die "getopt failed"
 
 eval set -- "$options"
 
@@ -206,6 +207,11 @@ while [[ $# -gt 0 ]]; do
             patcharg="$1"
             shift
             ;;
+        -c|--config)
+            shift
+            configarg="$1"
+            shift
+            ;;
         -o|--output)
             shift
             outputarg="$1"
@@ -235,15 +241,18 @@ done
 
 [ -z "$srcarg" ] && die "Xen directory not given"
 [ -z "$patcharg" ] && die "Patchfile not given"
+[ -z "$configarg" ] && die ".config not given"
 [ -z "$outputarg" ] && die "Output directory not given"
 [ -z "$DEPENDS" ] && die "Build-id dependency not given"
 
 SRCDIR="$(readlink -m -- "$srcarg")"
 PATCHFILE="$(readlink -m -- "$patcharg")"
+CONFIGFILE="$(readlink -m -- "$configarg")"
 OUTPUT="$(readlink -m -- "$outputarg")"
 
 [ -d "${SRCDIR}" ] || die "Xen directory does not exist"
 [ -f "${PATCHFILE}" ] || die "Patchfile does not exist"
+[ -f "${CONFIGFILE}" ] || die ".config does not exist"
 
 PATCHNAME=$(make_patch_name "${PATCHFILE}")
 
@@ -251,16 +260,20 @@ echo "Building LivePatch patch: ${PATCHNAME}"
 echo
 echo "Xen directory: ${SRCDIR}"
 echo "Patch file: ${PATCHFILE}"
+echo ".config file: ${CONFIGFILE}"
 echo "Output directory: ${OUTPUT}"
 echo "================================================"
 echo
 
 if [ "${SKIP}" != "build" ]; then
     [ -e "${OUTPUT}" ] && die "Output directory exists"
+    grep -q 'CONFIG_LIVEPATCH=y' "${CONFIGFILE}" || die "CONFIG_LIVEPATCH must be enabled"
     cd "$SRCDIR" || die
     patch -s -N -p1 -f --fuzz=0 --dry-run < "$PATCHFILE" || die "Source patch file failed to apply"
 
     mkdir -p "${OUTPUT}" || die
+    cp -f "${CONFIGFILE}" "${OUTPUT}/.config"
+    cp -f "${OUTPUT}/.config" "xen/.config"
 
     echo "Perform full initial build with ${CPUS} CPU(s)..."
     build_full
-- 
2.7.4


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

[PATCH LIVEPATCH-BUILD-TOOLS v2 2/3] Remove --xen-debug

[Ross Lagerwall]

With Xen commit bacbf0cb7349 ("build: convert debug to Kconfig"),
the debug build is controlled via Kconfig, so drop the separate
--xen-debug option to livepatch-build.

Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
---
 livepatch-build | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/livepatch-build b/livepatch-build
index a9ac4df..e9d1e8d 100755
--- a/livepatch-build
+++ b/livepatch-build
@@ -66,7 +66,7 @@ function build_full()
 {
     cd "${SRCDIR}/xen" || die
     make "-j$CPUS" clean &> "${OUTPUT}/build_full_clean.log" || die
-    make "-j$CPUS" debug="$XEN_DEBUG" &> "${OUTPUT}/build_full_compile.log" || die
+    make "-j$CPUS" &> "${OUTPUT}/build_full_compile.log" || die
     cp xen-syms "$OUTPUT"
 }
 
@@ -86,7 +86,7 @@ function build_special()
     # Build with special GCC flags
     cd "${SRCDIR}/xen" || die
     sed -i 's/CFLAGS += -nostdinc/CFLAGS += -nostdinc -ffunction-sections -fdata-sections/' Rules.mk
-    make "-j$CPUS" debug="$XEN_DEBUG" &> "${OUTPUT}/build_${name}_compile.log" || die
+    make "-j$CPUS" &> "${OUTPUT}/build_${name}_compile.log" || die
     sed -i 's/CFLAGS += -nostdinc -ffunction-sections -fdata-sections/CFLAGS += -nostdinc/' Rules.mk
 
     unset LIVEPATCH_BUILD_DIR
@@ -163,13 +163,12 @@ usage() {
     echo "        -j, --cpus         Number of CPUs to use" >&2
     echo "        -k, --skip         Skip build or diff phase" >&2
     echo "        -d, --debug        Enable debug logging" >&2
-    echo "        --xen-debug        Build debug Xen" >&2
     echo "        --xen-syms         Build against a xen-syms" >&2
     echo "        --depends          Required build-id" >&2
     echo "        --prelink          Prelink" >&2
 }
 
-options=$(getopt -o hs:p:c:o:j:k:d -l "help,srcdir:patch:config:output:cpus:,skip:,debug,xen-debug,xen-syms:,depends:,prelink" -- "$@") || die "getopt failed"
+options=$(getopt -o hs:p:c:o:j:k:d -l "help,srcdir:patch:config:output:cpus:,skip:,debug,xen-syms:,depends:,prelink" -- "$@") || die "getopt failed"
 
 eval set -- "$options"
 
@@ -193,10 +192,6 @@ while [[ $# -gt 0 ]]; do
             DEBUG=1
             shift
             ;;
-        --xen-debug)
-            XEN_DEBUG=y
-            shift
-            ;;
         -s|--srcdir)
             shift
             srcarg="$1"
-- 
2.7.4


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

[PATCH LIVEPATCH-BUILD-TOOLS v2 3/3] Update README.md

[Ross Lagerwall]

Update the example and project status. Add Contributing and Maintainers
sections.

Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
---
 README.md | 76 ++++++++++++++++++++++++++++++++++++++++++++-------------------
 1 file changed, 53 insertions(+), 23 deletions(-)

diff --git a/README.md b/README.md
index 9fb709f..653c624 100644
--- a/README.md
+++ b/README.md
@@ -2,27 +2,34 @@ livepatch-build
 =============
 
 livepatch-build is a tool for building LivePatch patches from source code
-patches.  It takes as input, a Xen tree and a patch and outputs an
+patches.  It takes as input, a Xen tree and a patch and outputs a
 `.livepatch` module containing containing the live patch.
 
 Quick start
 -----------
 First checkout the code, and then run `make` to build it.
 
-Here is an example of building a patch for XSA-106:
+Here is an example of building a live patch for Xen for some XSA.
+First build Xen, install it on a host somewhere and reboot:
+```
+$ cp -r ~/src/xen ~/src/xenbuild
+$ cd ~/src/xen/xen
+$ make nconfig # Make sure to set CONFIG_LIVEPATCH=y
+$ make
+$ BUILDID=$(readelf -Wn xen-syms | awk '/Build ID:/ {print $3}')
+```
+
+Next, build a live patch, using a patch and the source, build ID, and
+.config from the original build:
 ```
-$ cd ~/src/xen
-$ git reset --hard
-$ git clean -x -f -d
-$ git checkout 346d4545569928b652c40c7815c1732676f8587c^
 $ cd ~/src/livepatch-build
-$ wget -q 'http://xenbits.xen.org/xsa/xsa106.patch'
-$ ./livepatch-build --xen-debug -s ~/src/xen -p xsa106.patch -o out
-Building LivePatch patch: xsa106
+$ ./livepatch-build -s ~/src/xenbuild -p ~/src/xsa.patch -o out \
+    -c ~/src/xen/xen/.config --depends $BUILDID
+Building LivePatch patch: xsa
 
-Xen directory: /home/ross/src/xen
-Patch file: /home/ross/src/livepatch-build/xsa106.patch
-Output directory: /home/ross/src/livepatch-build/out
+Xen directory: /home/ross/src/xenbuild
+Patch file: /home/ross/src/xsa.patch
+Output directory: /home/ross/src/livepatch-build-tools/out
 ================================================
 
 Testing patch file...
@@ -32,22 +39,45 @@ Unapply patch and build with 4 CPU(s)...
 Extracting new and modified ELF sections...
 Processing xen/arch/x86/x86_emulate.o
 Creating patch module...
-xsa106.livepatch created successfully
+xsa.livepatch created successfully
 
-$ ls -lh out/xsa106.livepatch
--rw-rw-r--. 1 ross ross 418K Oct 12 12:02 out/xsa106.livepatch
+$ ls -lh out/xsa.livepatch
+-rwxrwxr-x. 1 ross ross 135K Jun 10 09:32 out/xsa.livepatch
+```
+
+Finally, copy the live patch to the host and load it:
+```
+$ scp out/xsa.livepatch myhost:
+$ ssh myhost 'xen-livepatch load xsa.livepatch'
+Uploading xsa.livepatch (135840 bytes)
+Performing apply:. completed
+$ ssh myhost 'xen-livepatch list'
+ ID                                     | status
+----------------------------------------+------------
+xsa                                     | APPLIED
 ```
 
 Project Status
 --------------
-This is prototype code:
- * There's no way to apply built patches
- * Patches cannot be built for some source patches
- * The output format does not correspond to the latest LivePatch design
-
-With no source patch modifications, live patches can be built for every
-XSA that applies to x86 back to XSA-90 except for XSA-97, XSA-111,
-XSA-112, and XSA-114 (83% success rate).
+Live patches can be built and applied for many changes, including most
+XSAs; however, there are still some cases which require changing the
+source patch to allow it to be built as a live patch.
+
+This tool currently supports x86 only.
+
+It is intended that some or all of this project will merge back into
+kpatch-build rather being maintained as a fork.
+
+Contributing
+------------
+Please send patches created with `git-format-patch` and an appropriate
+Signed-off-by: line to <xen-devel@lists.xen.org>, CCing the maintainers
+listed below.
+
+Maintainers
+-----------
+* Ross Lagerwall <ross.lagerwall@citrix.com>
+* Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
 
 License
 -------
-- 
2.7.4


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel