Re: [PATCH for-4.9] livepatch: Declare live patching as a supported feature

[Lars Kurth <lars.kurth@citrix.com>]

Hi all,

there was also a discussion on IRC, which Ian said we should formally
summarise in e-mail, just so there is no doubt. So here is my go at it. As
far as I can tell - besides the technical discussion in this thread, there
are several issues which need to be clarified:

* For Xen 4.9 we can declare live patching supported, without spinning
another RC to update the in-tree documentation: in other words, we would
apply the documentation/policy changes + to the 4.9 tree sometimes after
this discussion has been concluded. In effect this means that
docs/features/livepatching.pandoc (or similar) and associated changes to
KCONFIG options would not show up until Xen 4.9.1 is spun, but the
security team would treat live patching as supported for 4.9. In other
words for now, we can update the table in the wiki
(https://wiki.xenproject.org/wiki/Xen_Project_Release_Features) and live
with in-tree artefacts being out-of-sync with the support status for a few
months. We need to fix this anyway in-tree and there is a concrete
proposal which should be discussed at the summit.

* There was a proposal to declare live patching supported for older
releases (aka "back port" docs/features/livepatching.pandoc), but Royger
pointed out that the toolstack in question needs to support buildid. If
so, we should include back-porting requests and d

* Julien pointed out that maybe we shouldn't declare live patching as
supported for ARM32/64. I don't see an issue to declare it supported for
x86/amd64 only for now. But it is obviously up to committers to make that
call.

I think that covers the ghist of the IRC discussion

Regards
Lars

On 27/06/2017, 08:24, "Julien Grall" <julien.grall@arm.com> wrote:

>
>
>On 06/26/2017 10:07 PM, Konrad Rzeszutek Wilk wrote:
>> On Mon, Jun 26, 2017 at 07:29:22PM +0100, Julien Grall wrote:
>>> Hi,
>>>
>>> On 06/26/2017 04:36 PM, Ross Lagerwall wrote:
>>>> Xen Live Patching has been available as tech preview feature since Xen
>>>> 4.7 and has now had a couple of releases to stabilize. Xen Live
>>>>patching
>>>> has been used by multiple vendors to fix several real-world security
>>>> issues without any severe bugs encountered. Additionally, there are
>>>>now
>>>> tests in OSSTest that test live patching to ensure that no regressions
>>>> are introduced.
>>>>
>>>> Based on the amount of testing and usage it has had, we are ready to
>>>> declare live patching as a 'Supported' feature.
>>>
>>> There are only test for x86 and amd64. We likely want to have those
>>>test
>> 
>> The test-cases are also for ARM32.
>> 
>>> enabled for all architectures by default.
>> 
>> And the OSSTest can test all of those.
>
>Can we enable them by default? I know that we limited the number of
>tests for ARM64 due to limited bandwidth. But I don't think we have
>anything preventing it on ARM32.
>
>>>
>>> Also, I am not aware of anyone using in production livepatch on ARM64
>>>and
>>> ARM32. So did anyone give a good kick at the ARM implementaton?
>> 
>> I am not aware of anybody using it on production on ARM32 or ARM64.
>> 
>> The test-cases are there, the code is there, but yes nobody has kicked
>> the tires on ARM32/ARM64 extensively with it. I would be excited to
>> see vendors that use it and their reports but I am not aware of any.
>> 
>>>
>>> If not, then we should  do it before even considering as a supported
>>>feature
>>> for ARM.
>> 
>> OK. Perhaps then only for x86 until ARM operational users pipe up?
>
>That would be my preference. My main concern is to handle security issue
>afterwards because we didn't give any kick at the code.
>
>Cheers,
>
>-- 
>Julien Grall

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel