[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Arm64's xen.efi vs GNU binutils (and alike)

  • To: Jan Beulich <jbeulich@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Wei Chen <Wei.Chen@xxxxxxx>
  • Date: Mon, 18 Jul 2022 15:43:13 +0800
  • Arc-authentication-results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 63.35.35.123) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dkim=[1,1,header.d=arm.com] dmarc=[1,1,header.from=arm.com])
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
  • Arc-message-signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=dkLTIi9YPTdoER/M+4E9T371U0Kg6Br5yqlWc3SukQw=; b=WkAQUrMlLxAOsyQk5Ly13BEcmySIgTitjedCR/qtBP07jDUNHJwsyfRljVaf2kmiddO4KFuOtEUOfmUUsxnw+HisHgGQ0pQV8R99rWXwnWWJGF1UwVHp+sbqhFM8cgtf5VTkSM5j3ZlyOvOtY88P6KrlYN8oL6lYNgAXKSDiVMITlPoiPFFx10vV/q6RbDgLtkdTTNj6xAEgeatoWBWXgqhB+tROAuXJUxBtFcqbfjZHcHd21iA97DpS6ysrfQEZI/XOdKQMBbWQTbl3PZFJSBqoZOaRgMAc2tXC3LksJyIJEP79e8WgC4EjjdlNmki9WOUdFlK3cLJ3MVqFVnzSBQ==
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=dkLTIi9YPTdoER/M+4E9T371U0Kg6Br5yqlWc3SukQw=; b=Dkfa9CsKNHGkDQL7XomXaqFGIwjuSpaPd8eOgoN4mV/2VS++YRQpdoHLppQOnxBxK8PqHMS94+3pbdXbJYKgh6BPPGEesaLVovtUX/WOSc8Z1FciM/dDKRtL4aDg4gMZnLRFIiqeK9upw+0NLnejXdIBKrJ6axffAREtmlQZ3sbep22ICubvg76FmXpwxaEvu6mP5AuGc38xdWxoBHst/M259urVNU/TAO/k1k/5w/89cM+ho9vBs43AyEnSFu4joxRLyVMWoSTNYOqnLipRXZ/kbqqVn//sbW1V1DZiUIsfSr2ubYePXKoHEptPCTzdtT+xDA5GEgaCrISmjkG7VA==
  • Arc-seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass; b=iWFDq/6n8mTWKPCZEUkA3sgVgGj/XK66m9dI+Wxfp0mxuV64RSYN/3OsKwizs3yEQLgk8JpsOiZcz30iBTdVXpd6dWATtdWN8A3PkMGfpXEYstExAU+3az0HkCi0JN5oGnAmvPxGESl+9ifXeZvWs81t1fPxWzwre28AOrflglb33+RCdvaqdNDbIRCodFJqgnBGv+52OiHYtO7bed/27FJKmhFGZeSHsvdZnLd/UN6cGE6SQ8/+cdsOahSFJWqQfS50npGHZb1vPOKKnr726AgOgQRYY9V3eSG9E+TPHWodwti70kJiQ7lHU4lyUBpQBwzU5sfh4XOwzAuT4humbw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IGu6YSF+/U+LdVS3VTdjarNyiRCw8j7LMjjzRZZMoCK9ZtuRIMxaANgZGs1cToEx8hQMfR7wkrp5YSpDI2xsfEXhXJZ0pfj2CC3YTFXVmS5hnuufmMjGnjAcIJaHQJoj7+LV4oD7owPN83/XKDsPRJiX1BWViPV3zUu1iGnPqskDsFKF0t0wHftgkHTnReke+P2VyZQluqYr/GK4MTD5IL6tVA4aA1cDLtK9maAyeDltJQ7WlNxHerexBv5pGPYQG3tieqHZTvs1O01PH4RjaXZ8KIhT5h7JvXZWNX6ceioyyjqQoagqkRcCzCdswSJJs1ZiASOtVJ7nsJNJWYxsuw==
  • Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Cc: Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Volodymyr Babchuk <volodymyr_babchuk@xxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>
  • Delivery-date: Mon, 18 Jul 2022 07:43:44 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Original-authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
Hi Jan,

On 2022/7/11 22:32, Jan Beulich wrote:

Hello,

the other day I wanted to look at the basic structure of xen.efi. First
I used my own dumping tool, which didn't work. Then I used objdump,
which appeared to work. I decided that I should look into what they do
different, and whether I could make mine work as well, or whether
instead objdump is broken and shouldn't work on this sort of binary.
While I'm not fully certain yet, I'm leaning to the latter. This is
supported by GNU objcopy corrupting the binary (I assume this is known
and considered okay-ish).



Did you use x86's objcopy? AArch64 GNU objcopy does not support any
PE format file. So I'm curious about the version of objcopy you are using.


Many problems boil down to the (ab)use of the DOS executable header
fields, yielding an invalid header. The first 8 bytes are instructions,
with the first carefully chosen to produce 'MZ' in its low half.
(Oddly enough Xen and Linux use different insns there.) This doesn't
play well with the meaning of the respective fields in the DOS header.
UEFI executables are regular PE32/PE32+ images, Arm64 EFI applications use a subsystem "0xAA64". PE32/PE32+ require images to have a DOS header for option#1 backwards compatibility,or option#2 to prevent images to be run in DOS. I think Arm64 EFI applications select option#2. In this case 
I don't understand why we need a valid DOS header? For my understanding,
we just need 'MZ' for file type identify and "offset to the PE header".
Other fields have be re-used by other purpose when load Xen image as
binary. And lots of bootloaders are following this header format to load Xen (Linux, or other Arm64 OS/VMM) images. Therefore, it is not currently possible to construct a valid DOS header. 


Subsequently there are a number of .quad-s, some of which again yield
an invalid DOS header. I'm therefore inclined to submit a patch to
make objdump properly fail on this binary. But of course with both


I have not used objdump to dump xen image successfully. I always use
xen-syms for objdump.Sorry, Maybe I didn't understand your question clearly.


Xen and Linux (and who knows who else) using this hairy approach, it
may end up necessary to continue to "support" this special case,
which is why I'm seeking your input here first.
Yes, like I said above, most OSs, VMMs and bootloaders currently follow this format and boot protocol. Therefore, it is difficult for us to completely remove it all at once. 




Furthermore the fake .reloc section overlaps the file header. The
section is zero size (i.e. empty), but a reasonable PE loader might
still object to its RVA being zero.



I am not very clear about "overlaps". Is it because we are setting
PointerToRelocations to zero?

Cheers,
Wei Chen


As to objcopy: It shrinks the binary significantly in size, removes
the dummy .reloc section, re-writes fair parts of the DOS header,
and extends the NT header resulting in the file position of .text
changing. The size reduction and possibly the movement of .text may
be okay as long as the resulting binary is to only be used with UEFI
(as it's due to zapping of the embedded DTB and the unnecessary zero-
filling of .bss, afaict), but my understanding is that the other
adjustments are all fatal to the usability of the binary even on
UEFI.

I may easily have forgotten further anomalies.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.