From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Martin Pohlack <mpohlack@amazon.com>,
Konrad Rzeszutek Wilk <konrad@kernel.org>,
xen-devel@lists.xenproject.org, msw@amazon.com,
aliguori@amazon.com, amesserl@rackspace.com,
rick.harris@rackspace.com, paul.voccio@rackspace.com,
steven.wilson@rackspace.com, major.hayden@rackspace.com,
josh.kearney@rackspace.com, jinsong.liu@alibaba-inc.com,
xiantao.zxt@alibaba-inc.com, daniel.kiper@oracle.com,
elena.ufimtseva@oracle.com, bob.liu@oracle.com,
hanweidong@huawei.com, peter.huangpeng@huawei.com,
fanhenglong@huawei.com, liuyingdong@huawei.com,
john.liuqiming@huawei.com, jbeulich@suse.com, jeremy@goop.org,
dslutz@verizon.com
Subject: Re: [RFC PATCH v3.1 2/2] xsplice: Add hook for build_id
Date: Wed, 5 Aug 2015 09:58:42 +0100 [thread overview]
Message-ID: <55C1D042.9090707@citrix.com> (raw)
In-Reply-To: <55C1CE4A.8000005@amazon.com>
On 05/08/15 09:50, Martin Pohlack wrote:
> On 27.07.2015 21:20, Konrad Rzeszutek Wilk wrote:
>> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
>> ---
>> tools/libxc/xc_private.c | 3 +++
>> tools/misc/xen-xsplice.c | 25 +++++++++++++++++++++++++
>> xen/common/kernel.c | 11 +++++++++++
>> xen/common/version.c | 5 +++++
>> xen/include/public/version.h | 4 ++++
>> xen/include/xen/compile.h.in | 1 +
>> xen/include/xen/version.h | 1 +
>> 7 files changed, 50 insertions(+)
>>
>> diff --git a/tools/libxc/xc_private.c b/tools/libxc/xc_private.c
>> index 2ffebd9..7c039ca 100644
>> --- a/tools/libxc/xc_private.c
>> +++ b/tools/libxc/xc_private.c
>> @@ -713,6 +713,9 @@ int xc_version(xc_interface *xch, int cmd, void *arg)
>> case XENVER_commandline:
>> sz = sizeof(xen_commandline_t);
>> break;
>> + case XENVER_build_id:
>> + sz = sizeof(xen_build_id_t);
>> + break;
>> default:
>> ERROR("xc_version: unknown command %d\n", cmd);
>> return -EINVAL;
>> diff --git a/tools/misc/xen-xsplice.c b/tools/misc/xen-xsplice.c
>> index 7cf9879..dd8266c 100644
>> --- a/tools/misc/xen-xsplice.c
>> +++ b/tools/misc/xen-xsplice.c
>> @@ -17,6 +17,7 @@ void show_help(void)
>> " <id> An unique name of payload. Up to 40 characters.\n"
>> "Commands:\n"
>> " help display this help\n"
>> + " build-id display build-id of hypervisor.\n"
>> " upload <id> <file> upload file <cpuid> with <id> name\n"
>> " list list payloads uploaded.\n"
>> " apply <id> apply <id> patch.\n"
>> @@ -306,12 +307,36 @@ int action_func(int argc, char *argv[], unsigned int idx)
>>
>> return rc;
>> }
>> +
>> +static int build_id_func(int argc, char *argv[])
>> +{
>> + xen_build_id_t build_id;
>> +
>> + if ( argc )
>> + {
>> + show_help();
>> + return -1;
>> + }
>> +
>> + memset(build_id, 0, sizeof(*build_id));
>> +
>> + if ( xc_version(xch, XENVER_build_id, &build_id) < 0 )
>> + {
>> + printf("Failed to get build_id: %d(%s)\n", errno, strerror(errno));
>> + return -1;
>> + }
>> +
>> + printf("%s\n", build_id);
>> + return 0;
>> +}
>> +
>> struct {
>> const char *name;
>> int (*function)(int argc, char *argv[]);
>> } main_options[] = {
>> { "help", help_func },
>> { "list", list_func },
>> + { "build-id", build_id_func },
>> { "upload", upload_func },
>> };
>>
>> diff --git a/xen/common/kernel.c b/xen/common/kernel.c
>> index 6a3196a..e9d41b6 100644
>> --- a/xen/common/kernel.c
>> +++ b/xen/common/kernel.c
>> @@ -357,6 +357,17 @@ DO(xen_version)(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg)
>> if ( copy_to_guest(arg, saved_cmdline, ARRAY_SIZE(saved_cmdline)) )
>> return -EFAULT;
>> return 0;
>> +
>> + case XENVER_build_id:
>> + {
>> + xen_build_id_t build_id;
>> +
>> + memset(build_id, 0, sizeof(build_id));
>> + safe_strcpy(build_id, xen_build_id());
> You seem to want to store and transfer the build_id as a string. Any
> reason why we don't directly expose the build_id embedded by the linker
> in binary format?
>
>> + if ( copy_to_guest(arg, build_id, ARRAY_SIZE(build_id)) )
>> + return -EFAULT;
>> + return 0;
>> + }
> We should not expose the build_id to normal guests, but only to Dom0.
>
> A build_id uniquely identifies a specific build and I don't see how that
> information would be required from DomU. It might actually help an
> attacker to build his return-oriented programming exploit against a
> specific build.
>
> The normal version numbers should be enough to know about capabilities
> and API.
It will need its own XSM hook, but need not be strictly limited to just
dom0.
>
>> }
>>
>> return -ENOSYS;
>> diff --git a/xen/common/version.c b/xen/common/version.c
>> index b152e27..5c3dbb0 100644
>> --- a/xen/common/version.c
>> +++ b/xen/common/version.c
>> @@ -55,3 +55,8 @@ const char *xen_banner(void)
>> {
>> return XEN_BANNER;
>> }
>> +
>> +const char *xen_build_id(void)
>> +{
>> + return XEN_BUILD_ID;
>> +}
>> diff --git a/xen/include/public/version.h b/xen/include/public/version.h
>> index 44f26b0..c863393 100644
>> --- a/xen/include/public/version.h
>> +++ b/xen/include/public/version.h
>> @@ -83,6 +83,10 @@ typedef struct xen_feature_info xen_feature_info_t;
>> #define XENVER_commandline 9
>> typedef char xen_commandline_t[1024];
>>
>> +#define XENVER_build_id 10
>> +typedef char xen_build_id_t[1024];
>> +#define XEN_BUILD_ID_LEN (sizeof(xen_build_id_t))
>> +
>> #endif /* __XEN_PUBLIC_VERSION_H__ */
>>
>> /*
>> diff --git a/xen/include/xen/compile.h.in b/xen/include/xen/compile.h.in
>> index 440ecb2..939685e 100644
>> --- a/xen/include/xen/compile.h.in
>> +++ b/xen/include/xen/compile.h.in
>> @@ -10,4 +10,5 @@
>> #define XEN_EXTRAVERSION "@@extraversion@@"
>>
>> #define XEN_CHANGESET "@@changeset@@"
>> +#define XEN_BUILD_ID "@@changeset@@"
> That leads to a chicken and egg problem when embedding a real build_id.
> Some linker script magic seems to be required. I will try to refine
> the patch.
So funnily enough, I tried experimenting with this and it is fairly easy
to get the basics done.
Further TODO which I havn't done yet is make the --build-id optional on
finding a compatible `ld`, and some symbol magic to directly locate
.note.gnu.build-id
However, this in addition to some of Konrad's original patch is a good
start.
~Andrew
diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile
index 5f24951..10938b2 100644
--- a/xen/arch/x86/Makefile
+++ b/xen/arch/x86/Makefile
@@ -112,7 +112,7 @@ $(TARGET)-syms: prelink.o xen.lds
$(BASEDIR)/common/symbols-dummy.o
$(@D)/.$(@F).0.o -o $(@D)/.$(@F).1
$(NM) -n $(@D)/.$(@F).1 | $(BASEDIR)/tools/symbols >$(@D)/.$(@F).1.S
$(MAKE) -f $(BASEDIR)/Rules.mk $(@D)/.$(@F).1.o
- $(LD) $(LDFLAGS) -T xen.lds -N prelink.o \
+ $(LD) $(LDFLAGS) -T xen.lds -N prelink.o --build-id \
$(@D)/.$(@F).1.o -o $@
rm -f $(@D)/.$(@F).[0-9]*
diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S
index 6553cff..46e6546 100644
--- a/xen/arch/x86/xen.lds.S
+++ b/xen/arch/x86/xen.lds.S
@@ -68,6 +68,13 @@ SECTIONS
} :text
. = ALIGN(SMP_CACHE_BYTES);
+ .notes : {
+ __start_notes = .;
+ *(.note.*)
+ __end_notes = .;
+ } :text
+
+ . = ALIGN(SMP_CACHE_BYTES);
.data.read_mostly : {
/* Exception table */
__start___ex_table = .;
next prev parent reply other threads:[~2015-08-05 8:59 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-27 19:20 [RFC PATCH v3.1] xSplice design Konrad Rzeszutek Wilk
2015-07-27 19:20 ` [RFC PATCH v3.1 1/2] xsplice: rfc.v3.1 Konrad Rzeszutek Wilk
2015-07-30 16:47 ` Johannes Erdfelt
2015-07-31 15:46 ` Konrad Rzeszutek Wilk
2015-08-11 14:17 ` Jan Beulich
2015-07-27 19:20 ` [RFC PATCH v3.1 2/2] xsplice: Add hook for build_id Konrad Rzeszutek Wilk
2015-07-28 15:51 ` Andrew Cooper
2015-07-28 16:35 ` Konrad Rzeszutek Wilk
2015-08-05 8:50 ` Martin Pohlack
2015-08-05 8:58 ` Andrew Cooper [this message]
2015-08-05 13:27 ` Martin Pohlack
2015-08-05 14:06 ` (no subject) Martin Pohlack
2015-08-05 14:09 ` [PATCH] xsplice: Use ld-embedded build-ids Martin Pohlack
2015-08-11 14:12 ` Jan Beulich
2015-08-14 12:59 ` Martin Pohlack
2015-08-14 13:54 ` Jan Beulich
2015-08-14 13:57 ` Martin Pohlack
2015-09-15 18:38 ` Konrad Rzeszutek Wilk
2015-08-11 14:02 ` [RFC PATCH v3.1 2/2] xsplice: Add hook for build_id Jan Beulich
2015-08-05 8:55 ` Hotpatch construction and __LINE__ (was: [RFC PATCH v3.1] xSplice design.) Martin Pohlack
2015-08-05 13:25 ` Hotpatch construction and __LINE__ Andrew Cooper
2015-08-12 8:09 ` Jan Beulich
2015-08-12 9:55 ` Andrew Cooper
2015-11-03 18:21 ` Ross Lagerwall
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55C1D042.9090707@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=aliguori@amazon.com \
--cc=amesserl@rackspace.com \
--cc=bob.liu@oracle.com \
--cc=daniel.kiper@oracle.com \
--cc=dslutz@verizon.com \
--cc=elena.ufimtseva@oracle.com \
--cc=fanhenglong@huawei.com \
--cc=hanweidong@huawei.com \
--cc=jbeulich@suse.com \
--cc=jeremy@goop.org \
--cc=jinsong.liu@alibaba-inc.com \
--cc=john.liuqiming@huawei.com \
--cc=josh.kearney@rackspace.com \
--cc=konrad@kernel.org \
--cc=liuyingdong@huawei.com \
--cc=major.hayden@rackspace.com \
--cc=mpohlack@amazon.com \
--cc=msw@amazon.com \
--cc=paul.voccio@rackspace.com \
--cc=peter.huangpeng@huawei.com \
--cc=rick.harris@rackspace.com \
--cc=steven.wilson@rackspace.com \
--cc=xen-devel@lists.xenproject.org \
--cc=xiantao.zxt@alibaba-inc.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).