From mboxrd@z Thu Jan 1 00:00:00 1970 From: Konrad Rzeszutek Wilk Subject: Re: [RFC v2] xSplice design Date: Fri, 12 Jun 2015 10:06:08 -0400 Message-ID: <20150612140608.GH15651@l.oracle.com> References: <20150515194440.GA24313@l.oracle.com> <555CA418.6080707@amazon.com> <20150605150029.GC10207@l.oracle.com> <5575A8F7.3070006@amazon.com> <20150608151945.GO15682@l.oracle.com> <557AC7AC.8050902@amazon.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1Z3Pbc-0000mj-Hy for xen-devel@lists.xenproject.org; Fri, 12 Jun 2015 14:06:48 +0000 Content-Disposition: inline In-Reply-To: <557AC7AC.8050902@amazon.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Martin Pohlack Cc: Elena Ufimtseva , jeremy@goop.org, hanweidong@huawei.com, jbeulich@suse.com, john.liuqiming@huawei.com, Paul Voccio , Daniel Kiper , Major Hayden , liuyingdong@huawei.com, aliguori@amazon.com, xiantao.zxt@alibaba-inc.com, lars.kurth@citrix.com, Steven Wilson , peter.huangpeng@huawei.com, msw@amazon.com, xen-devel@lists.xenproject.org, Rick Harris , boris.ostrovsky@oracle.com, Josh Kearney , jinsong.liu@alibaba-inc.com, Antony Messerli , konrad@darnok.org, fanhenglong@huawei.com, andrew.cooper3@citrix.com List-Id: xen-devel@lists.xenproject.org On Fri, Jun 12, 2015 at 01:51:08PM +0200, Martin Pohlack wrote: > On 08.06.2015 17:19, Konrad Rzeszutek Wilk wrote:q Heh - ":q", well now I know what editor camp you are in :-) > [...] > >>> There is a nice part of the old code check - you > >>> can check (and deal with) patching an already patched code. > >>> As in, if the payload was configured to be applied on top of an already > >>> patched function it would patch nicely. But if the payload is against > >>> the virgin code - and the hypervisor is running an older patch, we would > >>> bail out. > >> > >> You can do that too with the build IDs if there is some mechanism that > >> loads hotpatches in the same order as they were built in (if they > >> overlap). The simplest approach that comes to mind is a hotpatch stack, > >> instead of independent patches. > > > > True. Murphy law though says somebody will do this in reverse order :-) > > And that is my worry - some system admin will reverse the order, or pick > > an patch out of order, and we end up patching .. and things eventually > > break and blow up. > > Right, I can see how this might be useful as an additional guard. > > There are some additional benefits to using build IDs, beyond preventing > loading patches for the wrong hypervisor. They can also help locate > patches for the currently running hypervisor if laid out correspondingly > on disk, e.g.: > > /some/path//nnnnn-patch1.mod > > A userland tool would query for the specific build ID of the currently > running hypervisor and only attempt to load hotpatches designated for > it. This is a stronger protection than relying on the RPM version or a > similar mechanism. > > * build ID > * Prevent loading of wrong hotpatches (intended for other builds) > * Allow to identify suitable hotpatches on disk and help with runtime > tooling (if laid out using build ID) > > * Comparing old code > * Prevent loading of dynamically incompatible hotpatches Having them both sounds sensible.