Xen project Mailing List

Re: [PATCH] livepatch: set -f{function,data}-sections compiler option

From: Roger Pau Monné <roger.pau@xxxxxxxxxx>

Date: Wed, 2 Mar 2022 16:46:56 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=iXEjprna9Jcvu5WW2tEEXwGRoTegWZp6yiwvPEdU6Uw=; b=AjTn6PXVxRylaOObRJ73zk64z/mqjYSXgYkQWTd/BIoFBUcSfY44RSSB0HyqEANeJUcE2sz7g2iT270fwACuvsM6laxBA3IE7Gg52exlPLTe56KWDpkclgAnsgfoqSzWNCrqWpWZG7XSDqVPiTR6yswDj8goOw8VBCJnRmh2PQf8KPht6B+SUc0SkasPtj4pb4EKRk6L1V/cHnMcKp5t3kWXtbJTMqZVZ9pJYSz8QJ3VZaacjZYaw4M2qu1CUxfJtZTqLoTnsGyoVIVedvJuyJ7D3Urhi1JleHWZNGZHiYJDen30hYLVsCwfMnbhc0LF61uVF1TAtiRe9+0Atv6Qsw==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mF9FOsK0xUCvHfsMQVgfsaPZso9/WzbZRHGTB+Ta58SKhtg28NRQ6ZY9fFa0n9btDZ1DN3AO/KYnFUO4zMQ/TpbYSOe14vzuIzR9it9ElAhUWrIL19ki8xJjX3/aBHOW4z2z/8LuEYBfg/uD01OwWjHWz/ZTlAc0/9kf/PgiqkhQPZh7s/nkK7kQWNn2rTvAjJoUpjVrMRJx49E5xElM19rPm1QGJYsRDB4AfJr1zfSWW0JZIiXwukXEjbOv4LWYd+BEXNTJRjSMo9s1PqzIlgO7xFzfqszud/Spo4/dmx33LfOB7eD0fwiAEMKbvMxVVCemhxq5XvJdTjM89cr8hw==

Authentication-results: esa4.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Wed, 02 Mar 2022 15:47:20 +0000

Ironport-data: A9a23:4fp476vUfLCwsjqhOvP3UxnaPOfnVKJeMUV32f8akzHdYApBsoF/q tZmKWCDP66NZmL0L9x2aN628U1VupDRzIBnGgNtpXw0EiwT+JbJXdiXEBz9bniYRiHhoOOLz Cm8hv3odp1coqr0/0/1WlTZhSAgk/nOHNIQMcacUsxLbVYMpBwJ1FQyw4bVvqYy2YLjW1jV4 4upyyHiEATNNwBcYzp8B52r8HuDjNyq0N/PlgVjDRzjlAa2e0g9VPrzF4noR5fLatA88tqBb /TC1NmEElbxpH/BPD8HfoHTKSXmSpaKVeSHZ+E/t6KK2nCurQRquko32WZ1he66RFxlkvgoo Oihu6BcRi8FHrbov88PVyVFGntwfpIX1o3KIV2W5Jn7I03uKxMAwt1rBUAye4YZ5vx2ESdF8 vlwxDIlN07ZwbjsmfTiF7cq1p9LwMrDZevzvll6yj7UF7A+SI3rSKTW/95Imjw3g6iiGN6AO JRDNmUwMnwsZTVOJ2VOOYw7g9zyqVj+Kw9ktE6xnoUetj27IAtZj+G2bYu9lsaxbc9YhFqCr 2TKuWHwGAgHNce3wCCAtHmrg4fnoyT/X44DEayiwdRjilaT2287BQUfUB2wpvzRol6zXZdTJ lIZ/gIqrLMu7wq7Q9/lRRq6rXWY+BkGVLJ4DOkS+AyLjK3O7G6xBGIJUzpAY9wOr9ItSHoh0 Vrht9H0AT1itpWFRHTb8a2bxRupIjQcJ2IGYS4CTCMG7sPlrYV1iQjAJuuPC4bs0IezQ2uph WnX8m5u3N3/kPLnyY2X3UvjpBm+oqTUR1Q7pTqGcFCo7iZQMdvNi5OT1XDX6vNJLYC8R1aHv WQZl8X20N3iHa1hhwTWHrxTQejBC+KtdWSF3AUxR8VJGyGFpib7Fb289g2SM6uA3iwsXTbyK HHetgpKjHO4FCv7NPQnC25d5ilD8EQBKTgHfq2MBjatSsIoHONiwM2ITRTKt4wKuBJx+ZzTw b/BLa6R4Y8yUMyLNgaeSeYHyqMMzSsj327VTp2T5035jeTHOibNGOlcYQHmggUFAEWs+l+9H zF3bZbi9vmieLemPnm/HXA7dzjm0kTX9bip8pcKJ4Zv0yJtGX07Cu+5/F/SU9cNokihrc+Rp ivVchYBkDLX3CSbQS3XOiELQO6+Bv5X8CNkVRHAyH71ghDPl670t/xBH3b2FJF6nNFeIQlcF KFUK53dWa0UElwqOV01NPHAkWCrTzzy7SqmNCu5ejkvOZlmQg3C4Nj/eQXzsiIJC0KKWQEW+ dVMCiuzrUI/ejlf

Ironport-hdrordr: A9a23:MHZ7TavR6tTR/bbOMn3acnrp7skCmoMji2hC6mlwRA09TyXGra +TdaUguSMc1gx9ZJhBo7G90KnpewK6yXdQ2/hqAV7CZnichILMFu9fBOTZsl/d8kHFh4tgPO JbAtVD4b7LfCZHZKTBkXCF+r8bqbHtmsDY5ts2jU0dNT2CA5sQkDuRYTzrdHGeKjM2YabQQ/ Gnl7Z6TnebCD0qR/X+IkNAc/nIptXNmp6jSRkaByQ/4A3LqT+z8rb1HzWRwx9bClp0sPwf2F mAtza8yrSosvm9xBOZ/2jP765OkN+k7tdYHsSDhuUcNz2poAe1Y4ZKXaGEoVkO0amSwWdvtO OJjwYrPsx15X+UVmapoSH10w2l6zoq42+K8y7tvVLT5ejCAB4qActIgoxUNjHD7VA7gd162K VXm0qEqpt+F3r77WjAzumNcysvulu/oHIkn+JWpWdYS5EiZLhYqpFa1F9JEa0HADnx5OkcYa RT5fnnlbhrmG6hHjHkVjEF+q3tYp1zJGbNfqE6gL3b79AM90oJjHfxx6Qk7wI9HdwGOtt5Dt //Q9RVfYF1P74rhJ1GdZQ8qOuMexvwqEH3QRSvyWqOLtB0B5uKke+z3IkI

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Wed, Mar 02, 2022 at 03:41:21PM +0100, Jan Beulich wrote: > On 02.03.2022 14:44, Roger Pau Monne wrote: > > If livepatching support is enabled build the hypervisor with > > -f{function,data}-sections compiler options, which is required by the > > livepatching tools to detect changes and create livepatches. > > > > This shouldn't result in any functional change on the hypervisor > > binary image, but does however require some changes in the linker > > script in order to handle that each function and data item will now be > > placed into its own section in object files. As a result add catch-all > > for .text, .data and .bss in order to merge each individual item > > section into the final image. > > > > The main difference will be that .text.startup will end up being part > > of .text rather than .init, and thus won't be freed. Such section only > > seems to appear when using -Os, which not the default for debug or > > production binaries. > > That's too optimistic a statement imo. I've observed it appear with -Os, > but looking at gcc's gcc/varasm.c:default_function_section() there's > ample room for this appearing for other reasons. Also you don't mention > .text.exit, which will no longer be discarded. > > > --- a/xen/Makefile > > +++ b/xen/Makefile > > @@ -269,6 +269,10 @@ else > > CFLAGS += -fomit-frame-pointer > > endif > > > > +ifeq ($(CONFIG_LIVEPATCH),y) > > +CFLAGS += -ffunction-sections -fdata-sections > > +endif > > Perhaps > > CFLAGS-$(CONFIG_LIVEPATCH) += -ffunction-sections -fdata-sections > > ? Sure. > > --- a/xen/arch/x86/xen.lds.S > > +++ b/xen/arch/x86/xen.lds.S > > @@ -88,6 +88,9 @@ SECTIONS > > > > *(.text.cold) > > *(.text.unlikely) > > +#ifdef CONFIG_LIVEPATCH > > + *(.text.*) > > +#endif > > This coming after the "cold" and "unlikely" special sections and > ahead of .fixup isn't very nice. Also from looking at the linker > scripts ld supplies I'm getting the impression that there could/ > would then also be e.g. .text.cold.* and .text.unlikely.* which > you'd want to separate. > > We may want to put the entry point in a special .text.head, put > that first, and then follow ld in putting cold/unlikely stuff ahead > of main .text. I can give that a try. > For the reason given in the description I can see why a conditional > is warranted here. But ... > > > @@ -292,6 +295,9 @@ SECTIONS > > *(.data) > > *(.data.rel) > > *(.data.rel.*) > > +#ifdef CONFIG_LIVEPATCH > > + *(.data.*) > > +#endif > > CONSTRUCTORS > > } PHDR(text) > > > > @@ -308,6 +314,9 @@ SECTIONS > > . = ALIGN(SMP_CACHE_BYTES); > > __per_cpu_data_end = .; > > *(.bss) > > +#ifdef CONFIG_LIVEPATCH > > + *(.bss.*) > > +#endif > > ... are these two really in need of being conditional? Will drop if you agree. I didn't want to risk introducing unwanted changes in the !CONFIG_LIVEPATCH case. > > --- a/xen/common/Kconfig > > +++ b/xen/common/Kconfig > > @@ -353,7 +353,9 @@ config CRYPTO > > config LIVEPATCH > > bool "Live patching support" > > default X86 > > - depends on "$(XEN_HAS_BUILD_ID)" = "y" > > + depends on "$(XEN_HAS_BUILD_ID)" = "y" && \ > > + $(cc-option,-ffunction-sections) && \ > > + $(cc-option,-fdata-sections) > > Is this for certain Clang versions? Gcc has been supporting this in > 4.1.x already (didn't check when it was introduced). I've checked clang and it seems to be prevent in at least Clang 5, which is likely enough? I've added the check just to be on the safe side. Thanks, Roger.

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.