[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Minios-devel] [UNIKRAFT PATCHv3 04/25] plat/common: Do obfuscates arithmetic for kernel image symbols

On 12/18/18 4:47 AM, Wei Chen (Arm Technology China) wrote:

Hi Julien,


Hi Wei,


-----Original Message-----
From: Julien Grall <julien.grall@xxxxxxx>
Sent: 2018年12月14日 19:14
To: Wei Chen (Arm Technology China) <Wei.Chen@xxxxxxx>; minios-
devel@xxxxxxxxxxxxxxxxxxxx; simon.kuenzer@xxxxxxxxx; florian.schmidt@xxxxxxxxx;
yuri.volchkov@xxxxxxxxx; Sharan.Santhanam@xxxxxxxxx; Felipe.Huici@xxxxxxxxx
Cc: Kaly Xin (Arm Technology China) <Kaly.Xin@xxxxxxx>; nd <nd@xxxxxxx>;
Jianyong Wu (Arm Technology China) <Jianyong.Wu@xxxxxxx>; Justin He (Arm
Technology China) <Justin.He@xxxxxxx>
Subject: Re: [Minios-devel] [UNIKRAFT PATCHv3 04/25] plat/common: Do
obfuscates arithmetic for kernel image symbols

Hi,

On 13/12/2018 09:15, Wei Chen wrote:

As we discussed in [1], the C spec states that comparing 2 pointers
belonging to distinct object is undefined [2]. In this case, we defined
macros to wrap kernel image symbols. they  will make GCC can not
recognize varirable's original type, and do further assumptions for it.

[1] https://lists.xen.org/archives/html/minios-devel/2018-11/msg00054.html
[2] https://wiki.sei.cmu.edu/confluence/display/c/ARR36-

C.+Do+not+subtract+or+compare+two+pointers+that+do+not+refer+to+the+same+array


Signed-off-by: Wei Chen <wei.chen@xxxxxxx>
---
   plat/common/include/sections.h | 32 ++++++++++++++++++++++++++++++++
   1 file changed, 32 insertions(+)

diff --git a/plat/common/include/sections.h b/plat/common/include/sections.h
index 42f41d2..b32389c 100644
--- a/plat/common/include/sections.h
+++ b/plat/common/include/sections.h
@@ -62,4 +62,36 @@ extern char __bss_start[];
   /* _end: end of kernel image */
   extern char _end[];

+
+/* The C spec states that comparing 2 pointers belonging to distinct object

is undefined:

+ * https://wiki.sei.cmu.edu/confluence/display/c/ARR36-

C.+Do+not+subtract+or+compare+two+pointers+that+do+not+refer+to+the+same+array

+ *
+ * In this case, we define following macro to access above symbols. This

will

+ * help us to avoid subtracting or comparing these symbols as distinct

pointers.

+ *
+ * This macro hide the original variable for a variable address, it will

make

+ * GCC couldn't recognize varirable's original type, and do further

assumptions

s/varirable's/variable/


+ * for it.
+ */
+#define HIDE_VAR_FOR_GCC(var, ofs)     \
+({                                     \
+       unsigned long __var;            \
+       __var = (unsigned long) (var);  \
+       (typeof(var))(__var + (ofs));   \
+})


I don't understand how this avoids GCC to "see-through". Can you explain it?


We just hide the relationship of the pointer and the object using this MACRO.


How? Do you have any details documentation on how this work?





Also, why is it GCC specific? How about compiler like Clang?


I remember I had checked with Simon, in this stage, we just need to focus on
GCC.
I don't think this is a very good idea to name a macro compiler specific. This will just make the code more akwards to read once you get Clang (or any other compiler) support. 

Cheers,

--
Julien Grall

_______________________________________________
Minios-devel mailing list
Minios-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/minios-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.