Difference between revisions of "LivePatch"

From Xen
(Create regression hot-patches)
(Build)
Line 30: Line 30:
 
two things:
 
two things:
   
* Xen hypervisor which supports xSplice hypercalls. See above URL for the patches.
+
* Xen hypervisor which supports xSplice hypercalls. See above URL for the patches.
* Tool to build binary fixes against hypervisor. See above URL for the tool. Note that the #xsplice.v4 patchset also includes three examples of payloads for testing/development.
+
* Tool to build binary fixes against hypervisor. See above URL for the tool. Note that the #xsplice.v4 patchset also includes three examples of payloads for testing/development.
   
 
= Hypervisor =
 
= Hypervisor =

Revision as of 18:53, 15 March 2016

Design

The patchset at xSplice v1 design and implementation includes all of the patches to make this work under Xen 4.7.

The design itself is the 11th patch.

The git code for hypervisor/toolstack currently is at:

git://xenbits.xen.org/people/konradwilk/xen.git #xsplice.v4

The generation of payload is at:

http://xenbits.xen.org/gitweb/?p=people/konradwilk/xsplice-build-tools.git

IRC

We will have monthly IRC meetings to discuss code/issues/etc.

They are on the fourth Tuesday of every month. At 10:00AM EST on #xsplice channel on irc.freenode.net

Toolstack

Things that need to be done in there:

  • xen-xsplice better smarts. Right now you need to do 'upload','check' and 'apply'. Three operations which could be folded in one - since the system admin probably want to have all of those done at once. The 'all' option does that.
  • Instead of using 'xen-xsplice' we should use 'xl'. That above mentioned logic could be part of 'xl' while 'xen-xsplice' is an accessory function for expert users?

Build

To build hot-patches aka payloads aka binary fixes against the hypervisor, you need two things:

  • Xen hypervisor which supports xSplice hypercalls. See above URL for the patches.
  • Tool to build binary fixes against hypervisor. See above URL for the tool. Note that the #xsplice.v4 patchset also includes three examples of payloads for testing/development.

Hypervisor

Currently the implementation has many TODOs implemented.

However we need to expand the hypervisor to include support for:

  • build_id support Done!
  • Need 'dl_sym' functionality in hypervisor to parse ELF payload. Do dynamic linking. (Ross) Done!
  • Lookup and insertion in the symbol table. Compute the proper offset and virtual address based on symbol name (<do_domctl>+0xf) (Ross) Done!
  • Need to either remove duplicate names from the symbol table or have the hypervisor implement proper ELF parsing - integrate the elf sections and parse that during runtime. Done!
  • Insertion of exceptions in the exception table. Also support resorting it. The hot-patch may have new exceptions that need to be dealt with.Done!
  • Code to verify signature of the ELF payload.
  • Checking the build-id against the hypervisor.Done!
  • Code to patch and revert the hot-patch (for simplicity we could boot Xen with 'cpus=1' so we don't have to worry about proper code to trigger patching)Done!
    • Patching requires saving the initial state. That needs to be saved for revert.Done!
    • Patching needs allocation of memory, putting in the code at memory.Done!
    • Doing the verification - checking if any code that uses the to-be-patched-function is in use. Save what the virtual address for the functions is - and verify the stack when patching (this incidentally is what .xsplice_section structures can have).
    • Deal with proper page table types for the modification (ro for .data, x for .text, etc).
    • Code to revert.Done!
  • Code to activate patching mechanism. On VMEXIT routine right before checking the do_softirq. Ditto for PV paths. Call the top patching mechanism - which can IPI other CPUs (or wait until all CPUs have come to the same point).Done!
  • The code for doing the patching - call from __do_softirq - can also be used for runtime microcode loading.
  • Add functionality to execute ELF code.Done!
  • Patch with NOPs if .xsplice.funcs->new_size has 0.
  • Seperate pages for .text; .rodata; .bss and .data
  • A better mechanism to "mask" NMIs during patching. The existing mechanism looses NMI if they have been sent and we don't have a mechanism to replay them. Note that this is also fixes alternative section patching.

ELF payload file

The spec details how the structures look.

The external tool:

http://xenbits.xen.org/gitweb/?p=people/konradwilk/xsplice-build-tools.git

can generate the payloads against the hypervisor.

Create regression hot-patches

There are three regression/test-cases:

  • xen_hello_world: changes xen_extra_version() to return "Hello World".
  • xen_bye_world: over-writes the xen_hello_world patch so it returns "Bye World."
  • xen_replace_world: Used to replace the two other payloads and make xen_extra_version() print "Hello Again World".

The idea is to do:

 # cd /usr/lib/debug
 # ls
 xen-syms-4.7-unstable  xen_bye_world.xsplice  xen_hello_world.xsplice  
 xen_replace_world.xsplice
 # xen-xsplice load xen_hello_world.xsplice 
 Uploading xen_hello_world.xsplice (12336 bytes)
 Performing apply:. completed
 # xl info | grep extra
 xen_extra              : Hello World
 # xen-xsplice load xen_bye_world.xsplice 
 Uploading xen_bye_world.xsplice (9244 bytes)
 Performing apply:. completed
 # xl info | grep extra
 xen_extra              : Bye World!
 # xen-xsplice upload replace_bye_and_hello xen_replace_world.xsplice 
 Uploading xen_replace_world.xsplice (9328 bytes)
 # xen-xsplice list
  ID                                     | status
 ----------------------------------------+------------
 xen_hello_world                         | APPLIED
 xen_bye_world                           | APPLIED
 replace_bye_and_hello                   | CHECKED
 # xen-xsplice replace replace_bye_and_hello
 Performing replace:. completed
 # xl info | grep extra
 xen_extra              : Hello Again World!
 # xen-xsplice list
  ID                                     | status
 ----------------------------------------+------------
 xen_hello_world                         | CHECKED
 xen_bye_world                           | CHECKED
 replace_bye_and_hello                   | APPLIED

Build hot-patches

  • Compile Xen hypervisor where the output (.o) ends up in (.o.xsplice) to make it easier to identify changes. Could be a secondary build ('make xsplice')
  • Write in scripts/ code to compare the .o and .o.xsplice files using objcopy, diff, etc to figure out if they changed. If they do, copy the 'new' and 'old' object file as '.o.xsplice.baseline' and '.o.xsplice.new'.
  • Write tool to look for '.o.xsplice.baseline' and '.o.xsplice.new' - figure out the ELF relocations, what symbols it affects, etc. Take a hard look at objmanip.c in ksplice git tree (git://repo.or.cz/ksplice.git).
  • To start with this doing C code and injecting new code can be used as a prototype to develop.
  • Look at the 30 last XSAa and use that as a measuring stick of how well the hot-patching build works.