xref: /xen-4.10.0-shim-comet/docs/features/livepatch.pandoc

27 tests in OSSTest that test live patching to ensure that no regressions
31 declare live patching as a 'Supported' feature on x86.
35 depending on the content of the live patch. Because of this, it is
38 1) Unprivileged access to live patching operations:
45    If a correct live patch is loaded but it is not applied correctly
49 3) Bugs in livepatch-build-tools creating an incorrect live patch that
51    If livepatch-build-tools creates an incorrect live patch that
53    issue. A live patch should be checked to verify that it is valid
56 4) Loading an incorrect live patch that results in an insecure host or
58    If a live patch (whether created using livepatch-build-tools or some
60    crash due to the content of the live patch being incorrect or the
61    issue being inappropriate to live patch, this is not considered as a
64 5) Bugs in the live patch parsing code (the ELF loader):
65    Bugs in the live patch parsing code such as out-of-bounds reads
70    A guest should not be able to prevent the application of a live
72    of a live patch despite pausing it (xl pause ...), it shall be
75 Note: It is expected that live patches are tested in a test environment
83 The new live patching sysctl subops are only accessible to privileged
85 There is a caveat -- an incorrect live patch can introduce a guest->host
90 No, although an incorrect live patch can introduce a guest user->guest
95 The new live patching sysctl subops are only accessible to privileged
97 list of loaded live patches. This is tested by OSSTest with an XTF test.
98 There is a caveat -- an incorrect live patch can introduce an
103 There are no known ways that an unprivileged guest can prevent a live
105 Once again, there is a caveat that an incorrect live patch can introduce

Last Index update Sun Aug 20 00:18:20 CST 2023