Re: [Xen-devel] livepatch-build-tools regression
> On 27. Nov 2019, at 16:56, Sergey Dyasli wrote:
>
> On 27/11/2019 15:22, Wieczorkiewicz, Pawel wrote:
>>
>>
>>> On 27. Nov 2019, at 12:16, Sergey Dyasli wrote:
>>>
>>> On 26/11/2019 18:37, Wieczorkiewicz, Pawel wrote:
It looks like gcc plays the usual dirty tricks with local variables
renaming:
- xen-syms
7529: 82d0805fed50 8 OBJECT LOCAL DEFAULT 4230 lastpage.22857
- livepatch
289: 8 OBJECT GLOBAL DEFAULT UND
hvm.c#lastpage.22856
Then, symbols resolution by name fails..
Can you please try to build the livepatch module with additional option
'—prelink' and give it a try ?
>>>
>>> My LP loading error is:
>>>
>>> (XEN) livepatch: lp: Unknown symbol: .LC7
>>>
>>> When I pass --prelink to livepatch-build, it complains in a similar way:
>>>
>>> livepatch-build-tools/prelink: ERROR: output.o: livepatch_resolve_symbols:
>>> 80: lookup_local_symbol .LC7 (p2m.c)
>>>
>>
>> Could you give this testing patch a try?
>>
>> diff --git a/create-diff-object.c b/create-diff-object.c
>> index 8d63940..10807d2 100644
>> --- a/create-diff-object.c
>> +++ b/create-diff-object.c
>> @@ -839,8 +839,10 @@ static void kpatch_compare_symbols(struct list_head
>> *symlist)
>> list_for_each_entry(sym, symlist, list) {
>> if (sym->twin)
>> kpatch_compare_correlated_symbol(sym);
>> - else
>> + else {
>> sym->status = NEW;
>> + sym->include = 1;
>> + }
>>
>> log_debug("symbol %s is %s\n", sym->name,
>> status_str(sym->status));
>> }
>>
>
> Looks like this change fixed the issue for me!
> One thing to notice is that the size of a stripped LP binary increased
> from 45K to 60K.
>
Yes, this was not supposed to be a proper fix. I was merely trying to establish
if we were looking at the same issue.
I did fix it now the proper way, though. I shall send the patches soon.
> --
> Thanks,
> Sergey
Best Regards,
Pawel Wieczorkiewicz
Amazon Development Center Germany GmbH
Krausenstr. 38
10117 Berlin
Geschaeftsfuehrung: Christian Schlaeger, Ralf Herbrich
Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B
Sitz: Berlin
Ust-ID: DE 289 237 879
___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
Re: [Xen-devel] livepatch-build-tools regression
On 27/11/2019 15:22, Wieczorkiewicz, Pawel wrote:
>
>
>> On 27. Nov 2019, at 12:16, Sergey Dyasli wrote:
>>
>> On 26/11/2019 18:37, Wieczorkiewicz, Pawel wrote:
>>> It looks like gcc plays the usual dirty tricks with local variables
>>> renaming:
>>>
>>> - xen-syms
>>> 7529: 82d0805fed50 8 OBJECT LOCAL DEFAULT 4230 lastpage.22857
>>> - livepatch
>>> 289: 8 OBJECT GLOBAL DEFAULT UND
>>> hvm.c#lastpage.22856
>>>
>>> Then, symbols resolution by name fails..
>>>
>>> Can you please try to build the livepatch module with additional option
>>> '—prelink' and give it a try ?
>>
>> My LP loading error is:
>>
>>(XEN) livepatch: lp: Unknown symbol: .LC7
>>
>> When I pass --prelink to livepatch-build, it complains in a similar way:
>>
>>livepatch-build-tools/prelink: ERROR: output.o:
>> livepatch_resolve_symbols: 80: lookup_local_symbol .LC7 (p2m.c)
>>
>
> Could you give this testing patch a try?
>
> diff --git a/create-diff-object.c b/create-diff-object.c
> index 8d63940..10807d2 100644
> --- a/create-diff-object.c
> +++ b/create-diff-object.c
> @@ -839,8 +839,10 @@ static void kpatch_compare_symbols(struct list_head
> *symlist)
> list_for_each_entry(sym, symlist, list) {
> if (sym->twin)
> kpatch_compare_correlated_symbol(sym);
> - else
> + else {
> sym->status = NEW;
> + sym->include = 1;
> + }
>
> log_debug("symbol %s is %s\n", sym->name,
> status_str(sym->status));
> }
>
Looks like this change fixed the issue for me!
One thing to notice is that the size of a stripped LP binary increased
from 45K to 60K.
--
Thanks,
Sergey
___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
Re: [Xen-devel] livepatch-build-tools regression
> On 27. Nov 2019, at 12:16, Sergey Dyasli wrote:
>
> On 26/11/2019 18:37, Wieczorkiewicz, Pawel wrote:
>> It looks like gcc plays the usual dirty tricks with local variables renaming:
>>
>> - xen-syms
>> 7529: 82d0805fed50 8 OBJECT LOCAL DEFAULT 4230 lastpage.22857
>> - livepatch
>> 289: 8 OBJECT GLOBAL DEFAULT UND
>> hvm.c#lastpage.22856
>>
>> Then, symbols resolution by name fails..
>>
>> Can you please try to build the livepatch module with additional option
>> '—prelink' and give it a try ?
>
> My LP loading error is:
>
>(XEN) livepatch: lp: Unknown symbol: .LC7
>
> When I pass --prelink to livepatch-build, it complains in a similar way:
>
>livepatch-build-tools/prelink: ERROR: output.o: livepatch_resolve_symbols:
> 80: lookup_local_symbol .LC7 (p2m.c)
>
Could you give this testing patch a try?
diff --git a/create-diff-object.c b/create-diff-object.c
index 8d63940..10807d2 100644
--- a/create-diff-object.c
+++ b/create-diff-object.c
@@ -839,8 +839,10 @@ static void kpatch_compare_symbols(struct list_head
*symlist)
list_for_each_entry(sym, symlist, list) {
if (sym->twin)
kpatch_compare_correlated_symbol(sym);
- else
+ else {
sym->status = NEW;
+ sym->include = 1;
+ }
log_debug("symbol %s is %s\n", sym->name,
status_str(sym->status));
}
> --
> Thanks,
> Sergey
Best Regards,
Pawel Wieczorkiewicz
Amazon Development Center Germany GmbH
Krausenstr. 38
10117 Berlin
Geschaeftsfuehrung: Christian Schlaeger, Ralf Herbrich
Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B
Sitz: Berlin
Ust-ID: DE 289 237 879
___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
Re: [Xen-devel] livepatch-build-tools regression
On 26/11/2019 18:37, Wieczorkiewicz, Pawel wrote: > It looks like gcc plays the usual dirty tricks with local variables renaming: > > - xen-syms > 7529: 82d0805fed50 8 OBJECT LOCAL DEFAULT 4230 lastpage.22857 > - livepatch >289: 8 OBJECT GLOBAL DEFAULT UND > hvm.c#lastpage.22856 > > Then, symbols resolution by name fails.. > > Can you please try to build the livepatch module with additional option > '—prelink' and give it a try ? My LP loading error is: (XEN) livepatch: lp: Unknown symbol: .LC7 When I pass --prelink to livepatch-build, it complains in a similar way: livepatch-build-tools/prelink: ERROR: output.o: livepatch_resolve_symbols: 80: lookup_local_symbol .LC7 (p2m.c) -- Thanks, Sergey ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
Re: [Xen-devel] livepatch-build-tools regression
It looks like gcc plays the usual dirty tricks with local variables renaming: - xen-syms 7529: 82d0805fed50 8 OBJECT LOCAL DEFAULT 4230 lastpage.22857 - livepatch 289: 8 OBJECT GLOBAL DEFAULT UND hvm.c#lastpage.22856 Then, symbols resolution by name fails.. Can you please try to build the livepatch module with additional option '—prelink' and give it a try ? > On 26. Nov 2019, at 18:51, Wieczorkiewicz, Pawel wrote: > > > >> On 20. Nov 2019, at 12:42, Sergey Dyasli wrote: >> >> On 19/11/2019 17:21, Wieczorkiewicz, Pawel wrote: >>> >>> On 18. Nov 2019, at 18:41, Sergey Dyasli wrote: On 18/11/2019 17:28, Wieczorkiewicz, Pawel wrote: > > Could you build the lp with debug (-d) and provide me with the > create-diff-object.log file? > I've attached the log. Btw, I think I provided all the necessary information for others to repeat my experiment. >>> >>> Sorry for another request, but I do not seem to be able to reproduce this >>> locally. >>> Could you send me the livepatch module binary that fails to upload? >> >> That's interesting. I've attached the binary that my system produces. >> What version of gcc do you use? > > The version used was: gcc (GCC) 7.2.1 20170915 > > But I have finally managed to reproduce the issue with: > 1. gcc (Ubuntu 6.5.0-2ubuntu1~18.04) 6.5.0 20181026 > 2. gcc-7 (Ubuntu 7.4.0-1ubuntu1~18.04.1) 7.4.0 > > I think it is not related to the commit: > commit 854a7ca60e35 "create-diff-object: Do not include all .rodata sections" > > I managed to reproduce it also with earlier version commit: > "0c10457 Remove section alignment requirement" > > But this time a different symbol causes the failure: > > (XEN) livepatch: 0001-live-patch: Unknown symbol: hvm.c#lastpage.22856 > >> >> -- >> Thanks, >> Sergey >> <0001-live-patch-stripped.livepatch> > > Best Regards, > Pawel Wieczorkiewicz Best Regards, Pawel Wieczorkiewicz Amazon Development Center Germany GmbH Krausenstr. 38 10117 Berlin Geschaeftsfuehrung: Christian Schlaeger, Ralf Herbrich Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B Sitz: Berlin Ust-ID: DE 289 237 879 ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
Re: [Xen-devel] livepatch-build-tools regression
> On 20. Nov 2019, at 12:42, Sergey Dyasli wrote: > > On 19/11/2019 17:21, Wieczorkiewicz, Pawel wrote: >> >> >>> On 18. Nov 2019, at 18:41, Sergey Dyasli wrote: >>> >>> On 18/11/2019 17:28, Wieczorkiewicz, Pawel wrote: Could you build the lp with debug (-d) and provide me with the create-diff-object.log file? >>> >>> I've attached the log. Btw, I think I provided all the necessary information >>> for others to repeat my experiment. >>> >> >> Sorry for another request, but I do not seem to be able to reproduce this >> locally. >> Could you send me the livepatch module binary that fails to upload? > > That's interesting. I've attached the binary that my system produces. > What version of gcc do you use? The version used was: gcc (GCC) 7.2.1 20170915 But I have finally managed to reproduce the issue with: 1. gcc (Ubuntu 6.5.0-2ubuntu1~18.04) 6.5.0 20181026 2. gcc-7 (Ubuntu 7.4.0-1ubuntu1~18.04.1) 7.4.0 I think it is not related to the commit: commit 854a7ca60e35 "create-diff-object: Do not include all .rodata sections" I managed to reproduce it also with earlier version commit: "0c10457 Remove section alignment requirement" But this time a different symbol causes the failure: (XEN) livepatch: 0001-live-patch: Unknown symbol: hvm.c#lastpage.22856 > > -- > Thanks, > Sergey > <0001-live-patch-stripped.livepatch> Best Regards, Pawel Wieczorkiewicz Amazon Development Center Germany GmbH Krausenstr. 38 10117 Berlin Geschaeftsfuehrung: Christian Schlaeger, Ralf Herbrich Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B Sitz: Berlin Ust-ID: DE 289 237 879 ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
Re: [Xen-devel] livepatch-build-tools regression
On 19/11/2019 17:21, Wieczorkiewicz, Pawel wrote: > > >> On 18. Nov 2019, at 18:41, Sergey Dyasli wrote: >> >> On 18/11/2019 17:28, Wieczorkiewicz, Pawel wrote: >>> >>> Could you build the lp with debug (-d) and provide me with the >>> create-diff-object.log file? >>> >> >> I've attached the log. Btw, I think I provided all the necessary information >> for others to repeat my experiment. >> > > Sorry for another request, but I do not seem to be able to reproduce this > locally. > Could you send me the livepatch module binary that fails to upload? That's interesting. I've attached the binary that my system produces. What version of gcc do you use? -- Thanks, Sergey 0001-live-patch-stripped.livepatch Description: Binary data ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
Re: [Xen-devel] livepatch-build-tools regression
> On 18. Nov 2019, at 18:41, Sergey Dyasli wrote: > > On 18/11/2019 17:28, Wieczorkiewicz, Pawel wrote: >> >> Could you build the lp with debug (-d) and provide me with the >> create-diff-object.log file? >> > > I've attached the log. Btw, I think I provided all the necessary information > for others to repeat my experiment. > Sorry for another request, but I do not seem to be able to reproduce this locally. Could you send me the livepatch module binary that fails to upload? > -- > Thanks, > Sergey > Best Regards, Pawel Wieczorkiewicz Amazon Development Center Germany GmbH Krausenstr. 38 10117 Berlin Geschaeftsfuehrung: Christian Schlaeger, Ralf Herbrich Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B Sitz: Berlin Ust-ID: DE 289 237 879 ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
Re: [Xen-devel] livepatch-build-tools regression
> On 18. Nov 2019, at 18:09, Sergey Dyasli wrote: > > On 18/11/2019 16:47, Wieczorkiewicz, Pawel wrote: >> >> >>> On 18. Nov 2019, at 17:42, Sergey Dyasli wrote: >>> >>> Hello, >>> >>> Trying to build a simple version of XSA-304 Live-Patch for 4.13 gives >>> the following error during LP upload: >>> >>> (XEN) livepatch: lp: Unknown symbol: .LC7 >>> >>> Bisecting identified the first bad commit as: >>> >>> commit 854a7ca60e35 "create-diff-object: Do not include all .rodata >>> sections" >>> >>> Base version of Xen used for this experiment is d13dfb02aafab >>> The patch file used for LP is attached. >>> >>> -- >>> Thanks, >>> Sergey >>> <0001-live-patch.patch> >> >> Could you give this a try? >> >> https://patchwork.kernel.org/patch/11228191/ >> https://patchwork.kernel.org/patch/11228189/ > > Unfortunately, those patches didn't resolve the issue for me. > > Forgot to add, my gcc version is > > gcc (Ubuntu 7.4.0-1ubuntu1~18.04.1) 7.4.0 Could you build the lp with debug (-d) and provide me with the create-diff-object.log file? > > -- > Thanks, > Sergey Best Regards, Pawel Wieczorkiewicz Amazon Development Center Germany GmbH Krausenstr. 38 10117 Berlin Geschaeftsfuehrung: Christian Schlaeger, Ralf Herbrich Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B Sitz: Berlin Ust-ID: DE 289 237 879 ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
Re: [Xen-devel] livepatch-build-tools regression
On 18/11/2019 16:47, Wieczorkiewicz, Pawel wrote: > > >> On 18. Nov 2019, at 17:42, Sergey Dyasli wrote: >> >> Hello, >> >> Trying to build a simple version of XSA-304 Live-Patch for 4.13 gives >> the following error during LP upload: >> >>(XEN) livepatch: lp: Unknown symbol: .LC7 >> >> Bisecting identified the first bad commit as: >> >>commit 854a7ca60e35 "create-diff-object: Do not include all .rodata >> sections" >> >> Base version of Xen used for this experiment is d13dfb02aafab >> The patch file used for LP is attached. >> >> -- >> Thanks, >> Sergey >> <0001-live-patch.patch> > > Could you give this a try? > > https://patchwork.kernel.org/patch/11228191/ > https://patchwork.kernel.org/patch/11228189/ Unfortunately, those patches didn't resolve the issue for me. Forgot to add, my gcc version is gcc (Ubuntu 7.4.0-1ubuntu1~18.04.1) 7.4.0 -- Thanks, Sergey ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
Re: [Xen-devel] livepatch-build-tools regression
> On 18. Nov 2019, at 17:42, Sergey Dyasli wrote: > > Hello, > > Trying to build a simple version of XSA-304 Live-Patch for 4.13 gives > the following error during LP upload: > >(XEN) livepatch: lp: Unknown symbol: .LC7 > > Bisecting identified the first bad commit as: > >commit 854a7ca60e35 "create-diff-object: Do not include all .rodata > sections" > > Base version of Xen used for this experiment is d13dfb02aafab > The patch file used for LP is attached. > > -- > Thanks, > Sergey > <0001-live-patch.patch> Could you give this a try? https://patchwork.kernel.org/patch/11228191/ https://patchwork.kernel.org/patch/11228189/ Best Regards, Pawel Wieczorkiewicz Amazon Development Center Germany GmbH Krausenstr. 38 10117 Berlin Geschaeftsfuehrung: Christian Schlaeger, Ralf Herbrich Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B Sitz: Berlin Ust-ID: DE 289 237 879 ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
[Xen-devel] livepatch-build-tools regression
Hello,
Trying to build a simple version of XSA-304 Live-Patch for 4.13 gives
the following error during LP upload:
(XEN) livepatch: lp: Unknown symbol: .LC7
Bisecting identified the first bad commit as:
commit 854a7ca60e35 "create-diff-object: Do not include all .rodata
sections"
Base version of Xen used for this experiment is d13dfb02aafab
The patch file used for LP is attached.
--
Thanks,
Sergey
diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc
index 451d213c8c..5e427a1cf8 100644
--- a/docs/misc/xen-command-line.pandoc
+++ b/docs/misc/xen-command-line.pandoc
@@ -918,7 +918,7 @@ Controls for interacting with the system Extended Firmware Interface.
uncacheable.
### ept
-> `= List of [ ad=, pml= ]`
+> `= List of [ ad=, pml=, exec-sp= ]`
> Applicability: Intel
@@ -949,6 +949,31 @@ introduced with the Nehalem architecture.
disable PML. `pml=0` can be used to prevent the use of PML on otherwise
capable hardware.
+* The `exec-sp` boolean controls whether EPT superpages with execute
+permissions are permitted. In general this is good for performance.
+
+However, on processors vulnerable CVE-2018-12207, HVM guest kernels can
+use executable superpages to crash the host. By default, executable
+superpages are disabled on affected hardware.
+
+If HVM guest kernels are trusted not to mount a DoS against the system,
+this option can enabled to regain performance.
+
+This boolean may be modified at runtime using `xl set-parameters
+ept=[no-]exec-sp` to switch between fast and secure.
+
+* When switching from secure to fast, preexisting HVM domains will run
+at their current performance until they are rebooted; new domains will
+run without any overhead.
+
+* When switching from fast to secure, all HVM domains will immediately
+suffer a performance penalty.
+
+**Warning: No guarantee is made that this runtime option will be retained
+ indefinitely, or that it will retain this exact behaviour. It is
+ intended as an emergency option for people who first chose fast, then
+ change their minds to secure, and wish not to reboot.**
+
### extra_guest_irqs
> `= [][,]`
diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
index 06a7b40107..818e705fd1 100644
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -1833,6 +1833,24 @@ int hvm_hap_nested_page_fault(paddr_t gpa, unsigned long gla,
break;
}
+/*
+ * Workaround for XSA-304 / CVE-2018-12207. If we take an execution
+ * fault against a non-executable superpage, shatter it to regain
+ * execute permissions.
+ */
+if ( page_order > 0 && npfec.insn_fetch && npfec.present && !violation )
+{
+int res = p2m_set_entry(p2m, _gfn(gfn), mfn, PAGE_ORDER_4K,
+p2mt, p2ma);
+
+if ( res )
+printk(XENLOG_ERR "Failed to shatter gfn %"PRI_gfn": %d\n",
+ gfn, res);
+
+rc = !res;
+goto out_put_gfn;
+}
+
if ( violation )
{
/* Should #VE be emulated for this fault? */
diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c
index ed27e8def7..668986eeaa 100644
--- a/xen/arch/x86/hvm/vmx/vmcs.c
+++ b/xen/arch/x86/hvm/vmx/vmcs.c
@@ -67,6 +67,7 @@ integer_param("ple_window", ple_window);
static bool __read_mostly opt_ept_pml = true;
static s8 __read_mostly opt_ept_ad = -1;
+int8_t opt_ept_exec_sp = -1;
static int __init parse_ept_param(const char *s)
{
@@ -92,6 +93,40 @@ static int __init parse_ept_param(const char *s)
}
custom_param("ept", parse_ept_param);
+int parse_ept_param_runtime(const char *s)
+{
+int val;
+
+if ( !cpu_has_vmx_ept || !hvm_funcs.hap_supported ||
+ !(hvm_funcs.hap_capabilities &
+ (HVM_HAP_SUPERPAGE_2MB | HVM_HAP_SUPERPAGE_1GB)) )
+{
+printk("VMX: EPT not available, or not in use - ignoring\n");
+return 0;
+}
+
+if ( (val = parse_boolean("exec-sp", s, NULL)) < 0 )
+return -EINVAL;
+
+if ( val != opt_ept_exec_sp )
+{
+struct domain *d;
+
+opt_ept_exec_sp = val;
+
+rcu_read_lock(_read_lock);
+for_each_domain ( d )
+if ( paging_mode_hap(d) )
+p2m_change_entry_type_global(d, p2m_ram_rw, p2m_ram_rw);
+rcu_read_unlock(_read_lock);
+}
+
+printk("VMX: EPT executable superpages %sabled\n",
+ val ? "en" : "dis");
+
+return 0;
+}
+
/* Dynamic (run-time adjusted) execution control flags. */
u32 vmx_pin_based_exec_control __read_mostly;
u32 vmx_cpu_based_exec_control __read_mostly;
diff --git a/xen/arch/x86/mm/p2m-ept.c b/xen/arch/x86/mm/p2m-ept.c
index 220990f017..f06e51904a 100644
--- a/xen/arch/x86/mm/p2m-ept.c
+++ b/xen/arch/x86/mm/p2m-ept.c
@@ -174,6 +174,12 @@ static void
