[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3 0/5] Support Secure Boot for multiboot2 Xen

On 22.01.2021 22:18, Bobby Eshleman wrote:
> On Fri, Jan 22, 2021 at 10:39:28AM +0100, Jan Beulich wrote:
>> On 22.01.2021 01:51, Bobby Eshleman wrote:
>>> I followed with v2 feedback and attempted to convert the PE/COFF header
>>> into C instead of ASM.  Unfortunately, this was only possible for the
>>> first part (Legacy) of the PE/COFF header.  The other parts required
>>> addresses only available at link time (such as __2M_rwdata_end,
>>> __pe_SizeOfImage, efi_mb_start address, etc...), which effectively ruled
>>> out C.
>> I don't follow the conclusion drawn, so would you mind going into
>> further detail?
> No problem at all, bad explanation on my part.  The core issue is
> actually about the legality of casting 64-bit addresses to 32-bit values
> in constant expressions, which then is sometimes complained about by GCC
> in terms of load-time computability...
> Taking __2M_rwdata_end as an example.  Attempting to use it in
> the PE/COFF optional header in C looks something like:
> extern const char __2M_rwdata_end[];
> extern const char efi_pe_head_end[];
> struct optional_header optional_header = {
> ...
>     .code_size = (uint32_t)((unsigned long)&__2M_rwdata_end) -
>                     (uint32_t)((unsigned long)&efi_pe_head_end,
> ...
> }
> GCC throws "error: initializer element is not constant" because casting
> a 64-bit address to a 32-bit value is not a legal constant expression
> for static storage class objects, even though we know that in practice
> the address wouldn't ever be above 4GB.
> efi_pe_head_end could potentially be calculated by header struct sizes,
> but doing that predictably yields the same error.
> If we drop the explicit casting, GCC throws 'error: initializer element
> is not computable at load time'.

Ah yes, I see now, and I'm aware of the compiler shortcoming.
Even with the not really necessary uint32_t casts dropped the
problem would still be there. So for your description this
means it's not "required addresses only available at link time"
but "required differences of addresses not computable or
expressable at compile time".


> tl;dr:
> I could not find a way to derive code size (data sections and all)
> without using a symbol location, which is an illegal constant expression
> operand for initializing static storage class objects... and I could not
> find a way to define the header in C without using an object of static
> storage class (global variable or static variable).
> -Bob



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.