Xen project Mailing List

Re: [PATCH v2] livepatch: set -f{function,data}-sections compiler option

To: Roger Pau Monné <roger.pau@xxxxxxxxxx>

Date: Mon, 7 Mar 2022 18:07:00 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=shjXGSpVv5/bgyHdHpdMlgS8QQgnoymWvTKqlQGN4II=; b=VjEGz8fZFUTmbV3NH1I9FvQYkeJ8eTBU2qiJOLTnTqBt64ibpFB2snL79uPcQhB27WBdqVNXrFzyibmoqEbOEjpp6yw6QqD7Pbbkwj0ySIo/KYLLi/AbxBrkOZ4d57fZiMYGOFIPyKAMY0hXW9UleqEiljzcg4nT70mpbuJOZxc47W3b67jwHd0WO6psdVeGqO3YcvlzTvn92fyd12y/ZJRF+bXO2VHp3eqAQpzXKoIJZlc4F0oKu+AC3uy6IYJA4kzoFQ6083fZshn6IzLZA2MWycb0E7o+me4Pd5+i+LuDhix5cdAe7OhlL9izIa9duk81AuEKCNN2WDNSSVItFA==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jAOOY6BNha0qeK1EPM7TK7bow4hnl4Nmt1jbOpk0lOlsYLwlztiIekoPxxGvVMR/E99D6XWIU/NryJF0VotRAuOd/mCEGxwJ9GGJBSraKGQwJEycavUrDL07px2fJ2dhXfMgT5LNgMbekzvYNrrztfYHc/odetm+nKUiCZv3AmclNEi8AIzzhUeHgCRHhYCVp+DdrNQAAZ4bsFGvu/Mjz/YJQOVeGw8N0szMAsyfD2O25BTZmzQx1otGuzgmLtb16YHtyKPmWAzx2QaP+K4qbBMi8CJLRrIsD/E7BbzwXQ41H7w3Am2j+tLwkFYFlSXzBxu4GPqVlreTw3VYFAhGDA==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx

Delivery-date: Mon, 07 Mar 2022 17:07:20 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 07.03.2022 17:36, Roger Pau Monné wrote: > On Mon, Mar 07, 2022 at 05:28:20PM +0100, Jan Beulich wrote: >> On 07.03.2022 16:55, Roger Pau Monne wrote: >>> If livepatching support is enabled build the hypervisor with >>> -f{function,data}-sections compiler options, which is required by the >>> livepatching tools to detect changes and create livepatches. >>> >>> This shouldn't result in any functional change on the hypervisor >>> binary image, but does however require some changes in the linker >>> script in order to handle that each function and data item will now be >>> placed into its own section in object files. As a result add catch-all >>> for .text, .data and .bss in order to merge each individual item >>> section into the final image. >>> >>> The main difference will be that .text.startup will end up being part >>> of .text rather than .init, and thus won't be freed. .text.exit will >>> also be part of .text rather than dropped. Overall this could make the >>> image bigger, and package some .text code in a sub-optimal way. >>> >>> Note that placement of the sections inside of .text is also slightly >>> adjusted to be more similar to the position found in the default GNU >>> ld linker script. This requires having a separate section for the >>> header in order to place it at the begging of the output image, >>> followed with the unlikely and related sections, and finally the main >>> .text section. >>> >>> On Arm the .data.read_mostly needs to be moved ahead of the .data >>> section like it's already done on x86, and the alignment needs to be >>> set to PAGE_SIZE so it doesn't end up being placed at the tail of a >>> read-only page from the previous section. While there move the >>> alignment of the .data section ahead of the section declaration, like >>> it's done for other sections. >>> >>> The benefit of having CONFIG_LIVEPATCH enable those compiler option >>> is that the livepatch build tools no longer need to fiddle with the >>> build system in order to enable them. Note the current livepatch tools >>> are broken after the recent build changes due to the way they >>> attempt to set -f{function,data}-sections. >>> >>> Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx> >> >> The x86 part of this looks fine to me, just one other remark: >> >>> --- a/xen/common/Kconfig >>> +++ b/xen/common/Kconfig >>> @@ -350,10 +350,14 @@ source "common/sched/Kconfig" >>> config CRYPTO >>> bool >>> >>> +config CC_SPLIT_SECTIONS >>> + bool >> >> I think this wants to live higher up in the file, perhaps between >> ALTERNATIVE_CALL and HAS_ALTERNATIVE. (CRYPTO, as seen in context >> here, imo also would better live higher up.) Or alternatively it may >> want to move to xen/Kconfig, next to CC_HAS_VISIBILITY_ATTRIBUTE. > > I was tempted to place it in xen/Kconfig. The logic for the current > suggested placement is to be closer to it's current only user > (LIVEPATCH), but I'm not opposed to moving it somewhere else if > there's consensus. I guess the main question is whether this option is intended to gain a prompt. If so, xen/common/Kconfig is likely the better place. If not, I think it better fits in xen/Kconfig. Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.