[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] libelf: improve PVH elfnote parsing

  • To: Jason Andryuk <jandryuk@xxxxxxxxx>
  • From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Date: Tue, 18 May 2021 13:28:16 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3IkFluejZckp15DsuWXvgNhQs8OSc1Ee5IBdC3fu5XE=; b=hXOf7U7r0VnHzwKo1xh7mz8IddAaOluqRCWkm1gqeCdK30FnnQSN20+rIgFnWw0Y1ctNI7he9Je4mEfaS4f3l47UFwDbSWcDNPic9N0E4SLTnWzZ11dj73aY8I/LZt/ZSHbN8iUP3yNnG4eLvR1a8z0rsim5WV4jKeC/U64JGholfYLjXSaN80Mnmw/vMrrndxsLU2faPd4QKH6t7uTIumojbmHgDbgnnim/52osoWeIQ6zX6ysisnT+CsJm7untzyn8e3aYF7kmISx0s152oRF/puvZSt0sTmB/2Jj7p3Xu/Cmdsb1kAAcYInUALHiOUHPvizvxAawjmxLagwMZUQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GDsgHiJNAMKb6aIQqzDNEKwqkfpAbr1GG4pZzakX4Yv3sOfpjH5LLSlF+zw1aEeivFc8Jbf8dxv8Cq3FVgAGE5z6n3w9NjZ5j7rLDD2GA6F/g/r9vr9zOrO0Imuyp3GthTOJo9hwLoUCPMZC3R9A3W1SmaqaUsVvofbTvqqSV1EunaOFa7JPWewnyGvdbqzhlc/6XcFTf29x9oKegPRvqkaOH39lw+RCs2Tfv+wC3le1vhIt5X/SUtrtwXIOGyNLxksF96dEE9mnmE3okQOcDR5F5JCkWlt2fd0lEvQKiGrJ/7NbGGQ3PEfFQJJmid/3FNyvVB4Q+8sW2bS1BNkHOA==
  • Authentication-results: esa3.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Ian Jackson <iwj@xxxxxxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>
  • Delivery-date: Tue, 18 May 2021 11:28:32 +0000
  • Ironport-hdrordr: A9a23:eLFey6uT79B7LhryqG6ezXqp7skCdoMji2hC6mlwRA09TyXGra +TdaUguSMc1gx9ZJhBo7G90KnpewK6yXdQ2/hqAV7CZnichILMFu9fBOTZsl/d8kHFh4tgPO JbAtVD4b7LfClHZKTBkXCF+r8bqbHtmsDY5pas854ud3ATV0gJ1XYGNu/xKDwReOApP+tcKH LKjfA32AZINE5nI/hSaRI+LqT+juyOsKijTQ8NBhYh5gXLpyiv8qTGHx+R2Qpbey9TwJ85mF K10jDR1+GGibWW2xXc32jc49B9g9360OZOA8SKl4w8NijssAC1f45sMofy8gzdmNvfq2rCre O84SvJZ69ImjbslyCO0FTQMjDboXYTAySI8y7dvZOLyvaJNA7TCKJ69Mpkm1Ximg0dVHwV6t M944ujjesjMfr3plW12zH5bWAZqqOKmwtXrQcytQ0VbWJMUs4akWQglHklZqvoSxiKlLzPVt MeSv3h2A==
  • Ironport-sdr: UM99sqw0VpGoJXcXcETiBYoAtSMXZbyNmEfoecWmXOTWE6aUzumN8YSXpf3UQGI4RswR1KhePC +bDwx8sU0tsMCzesAkTLuMXClm394aR2o/cVRPQg+Fto84EwfTrTf+tq9pn/p8u/JCij6UDyzj IJZsJ/cH6T4cip61OG9Eef2visZpMBWG35PFSP35Ni7Jq+MR0Pyb7UbbvJG86A5qhSpN/GPIY+ DpDuMvyaF1BCDS9EW4XHLsmW8wFsdh9/ZVv9Xm4S148ei6q4qugrpKzmoOnDsfrMdWUfkHlmwg pdY=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Fri, May 14, 2021 at 11:11:14AM -0400, Jason Andryuk wrote:
> On Fri, May 14, 2021 at 9:50 AM Roger Pau Monne <roger.pau@xxxxxxxxxx> wrote:
> >
> > Pass an hvm boolean parameter to the elf note parsing and checking
> > routines, so that better checking can be done in case libelf is
> > dealing with an hvm container.
> >
> > elf_xen_note_check shouldn't return early unless PHYS32_ENTRY is set
> > and the container is of type HVM, or else the loader and version
> > checks would be avoided for kernels intended to be booted as PV but
> > that also have PHYS32_ENTRY set.
> >
> > Adjust elf_xen_addr_calc_check so that the virtual addresses are
> > actually physical ones (by setting virt_base and elf_paddr_offset to
> > zero) when the container is of type HVM, as that container is always
> > started with paging disabled.
> Should elf_xen_addr_calc_check be changed so that PV operates on
> virtual addresses and HVM operates on physical addresses?

Right... I was aiming with getting away with something simpler and
just assume phys == virt on HVM in order to avoid more complicated
changes and the need to introduce new fields on the structure.

> I worked on some patches for this a while back, but lost track when
> other work pulled me away.  I'll send out what I had, but I think I
> had not tested many of the cases.  Also, I had other questions about
> the approach.  Fundamentally, what notes and limits need to be checked
> for PVH vs. PV?

Those are only sanity checks to assert that the image is kind of fine,
libelf also has checks when loading stuff to make sure a malicious elf
payload cannot fool the loader.

I'm unlikely to be able to do much work on this aside from this
current patch.

Thanks, Roger.



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.