xref: /xen-4.10.0-shim-comet/docs/misc/livepatch.markdown

5 A mechanism is required to binarily patch the running hypervisor with new
21  * splice - patch in the binary code with new opcodes
22  * trampoline - a jump to a new instruction.
23  * payload - telemetries of the old code along with binary blob of the new
39 insert a trampoline to the new code to be executed - or only modify in-place
40 the code if there is sufficient space. The placement of new code has to be done
41 by hypervisor and the virtual address for the new code is allocated dynamically.
43 This implies that the hypervisor must compute the new offsets when splicing
44 in the new trampoline code. Where the trampoline is added (inside
63  * Whenever new hotpatches are installed, they should be loaded too.
72 That is replace the affected code with new code. Unfortunately the x86
79 old function with the address of the new function.
81 A third mechanism is to add a jump to the new function at the
97 while the new patched hypervisor would be:
107 This is inside the arch_do_domctl. This new change adds 21 extra
120 with a new address for where the new `arch_do_domctl` would be (this
136 with the new address where the new `do_domctl` is possible. The other
139 of the new virtual address of `arch_do_domctl`.
142  * allocating memory for the new code to live in,
144    code (computing the new offset, patching the callq with a new callq).
145  * changing the function pointer tables with the new virtual address of
146    the function (splicing in the new virtual address). Since this table
161 existing function to be patched to jump directly to the new code. This
181 with the new address where the new `do_xen_version` is possible. The other
184 of the new virtual address of `do_xen_version`.
187 old `do_xen_version' function to directly jump to the new `do_xen_version`.
200  ffff82d080112f9e:       e9 XX YY ZZ QQ          jmpq   [new do_xen_version]  
206 new replacement function which required:
207  * allocating memory for the new code to live in,
208  * inserting trampoline with new offset in the old function to point to the
209    new function.
245  * The new code that will be patched in.
324     The value **MUST** be the address of the new function in the payload file.
334     the new function (which will replace the one at `old_addr`)  in bytes.
631 data and start from scratch. It is OK for the toolstack to use the new
755 | REPLACE | CHECKED | Revert payloads and apply new  |       |   x    |
758 | REPLACE | CHECKED | Revert payloads and apply new  |   x   |        |
891  * allocate a new memory location for the string.
906 As such the ELF payload can introduce new .rodata, .bss, and .data sections.
907 Patching in the new function will end up also patching in the new .rodata
908 section and the new function will reference the new string in the new
989 f2 (because the contained BUG macro embeds the new line number).
1115 we are limited to up to 2GB of virtual address to place the new code
1151 with proper offset is used for an unconditional branch to the new code.
1158 The new code is placed in the 8M - 10M virtual address space while the

Last Index update Sun Aug 20 00:18:20 CST 2023