Xen project Mailing List

Re: [PATCH v2 2/2] xen: Fix latent check-endbr.sh bug with 32bit build environments

From: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>

Date: Mon, 18 Jul 2022 09:31:45 +0000

Accept-language: en-GB, en-US

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=g6TxDv8L6D3sVlzAgOLhq2K8/C0ssrD28Etz2HezzaM=; b=Jd9cqJhPCuTqvssTg28O64NIBocJuU4uwjSNvNp3UcmfKEzADiZ1uXnv06WITBxu14uxvid8iZXpXs7bezga7bI3a+VE0ymv7+aO2jN1nNzr/H9sp6bv9hA4dVEBUPRpfJtFtogy5NoF9zkhOUssjIVH9c+S8RCzc8Xf+4j58w7lrzPX6bUcJBpmKnVl85AwgoCKsc4C8cxYegAXJe/AXGF4Wnif2z+mwhEPiIO0byCSSGwbZSHNQZv4flAl4BKNY4KUdyV9krE05F+BXflcWnD9PpZWs18wDpHMe2UtJ6cS0TyCqH/XJFTiOgW23JBtsXKWFCDiiITb6jf+l+/Oiw==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HURXq/rgyC+PfMiyS4DNgbBm06CkQqbgXbRBGO0d0mCoPuP9Zr5s53ujajKQ/qJMo/6GRk0ijMsscqqHKyJggH8PTiCpHaXVf8lXqiJX4fq/jwbkel0aEbFcgIgonJImuWZHkTUaQSO3At7bsVWjL1w17twjwVuhFK4QR3yBdVR+ltdYq2CIGBlLxbjAhmCjQbNV0RpNtl9vcCNamzOb+dnFPTpfuKvvTXWSqZK3SdCP0otZQbuENiYmEPUiHdiFJOOzXG/kyMDM0P14nzJHaCFib9cHsYSn+jUaZwH+SwQfQ/542NquJNcYWFEjvSZ9LgxIxl9yxF7cRUqiDMKaow==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;

Cc: George Dunlap <George.Dunlap@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Anthony Perard <anthony.perard@xxxxxxxxxx>, Luca Fancellu <Luca.Fancellu@xxxxxxx>, Mathieu Tarral <mathieu.tarral@xxxxxxxxxxxxxx>, Bertrand Marquis <Bertrand.Marquis@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Mon, 18 Jul 2022 09:32:04 +0000

Ironport-data: A9a23:nxA9F6veFMkVNnufsug0GxU+yufnOphVZtUHDcmfNp3fP3jJ3xfKXnsEbRFcyGXui9imYTMeS5SwoJmzjKRV9u3v4DYpZuM8h77rr09jo4IdxTGCvyVmeAIwTsNIyoBSI6Af0iPgdrLZQ2WD+PpWMVcanmDXhGfVcMvItJs5CcbsPrqLUGUPz53XtP5MjYBzlU91T8fRt5BGY92KCbBxkO8yNJ+YjCDGHyhP9/75wbiV3MhypkGfBzBQMCGFwPPiF3yiCMBpSA8O8qH3zQ5JoKbk5IqSVu/5FmMhUDud10jCyyKPJ5SZCBV+UFqt301czi4e/jBHVxRn+WOgo4+MTDloAox57B5V/1N7+FlXgeR90QOITOAb4Wd04958z8Pg+o/F+TOOrI5MpsLztEg9J/r6OeOrVVzTyiA0XYvJ+jPM8zf4wB7pVMb+kZomc2s1HX5lco/7PZkgO00dOfSw5yaGCPfVKHu479qgt+iGjUWWdfhaWCZyiZExzdQCIdaNrEYooD1kXUipgdZj/NWgAPWwvNEDmwX8qH+TSoYFu1QTwp6W6ZA4ZLsG8mwhWYOkTXAQ8egLtHpH22fF6CZCPT6mlg6lzMxCxiQpIM9YRFP9PPc1UloTX3ryZc/wb1cDY12p1ffkTPQ6lXewmAkRETPzTwuk2epTDnezphbsE/qY70Dcp58NHs+mIo4I0hYEqd58hHvyxbexZ/NhN5X1WgSM66nJ4UbeQnnSGOQeOO13rqeYJbEg3sDRV/mi4FrPug0PCXLC5HJNkdmZxWz2Fk/jz+SS+Sj3k3zOjCpQrjLpQ6/RJlj89eO66eDeoTN2cR4GCD3RPjwrJZBgNDCsM2FT1a5UHJ5BR4CZtzFvGz6dqPAe2RX52iH/TltSWJnBOB1QYMgmRDJIHxXVR6SxVtvYaWAn2wn8KKi/aANIZqGNUCDow0NGroswiu0XPOv77npS0OTuJt6dks4bLN0K1xeNc0XVIGvnFvUyFuTh3GCBfaOw0HdGScmsGZW1UNbdtMSlbJjaBmk7/3pDQloEgWBTX/K37SJhE6lxCBJrz3SQUlM9m1zFsRiplpNtCrDe6ibcykNjLGNW1y7XgNciFZD10OX8sBZ0QgBYEQ+jU4crwV6ToYq8r7RaCwvDDsP1RNaZgh6Uut8hZjGLpqaRGrBse59SxMUnLbcLX02b4y/KsdyS9SB6IIDCWUtHYNp+5b9Tt4sMLA3QQVcp8CaTDUOk1D7J8d8rGsr5i4YSVlR9L3w38sDJBanazJcvXPA6R6ew16ivVqlVPGdd0KEg+FdqzKgxTEmFmnSGOUQtJax7ySRLgiNVBxRgYJEBgSIotcR9huBymSiwerkX/g3Sz7dWa2WvNeUe5axcXNQAch7KguD1DKNPo8G26/o3obGlKRvIN5lNVAXyiRD9MY3INXQAjAL72g1KbVYsPat5BA2ZRq22RX9QxEXZeoJU5TDzR/vb1zcf4I/F3a0oj61p8vjfyRNs72sxP/E1j07WayNxPy3db2LT+4/9MHRauEIgG0JtpRk5cAQwPgl7WzvabM+jKuUzYJEmiEZXppyRH1Wi7YMw2b1mcn3iexuAvMSzB6fwBxMUMYGDQL2iEUFPbRxCs8WzF5bzJakdi5mLPiv1yfnOYcdA4FmV5fuEEu3oHn0cwTdC326Gu/waQ0+KUDHng+iSxqKwWjXF+YegukXHu2PScNoasE0hWkyF004Ozwq7bKFeHoSDf9yrTY0jg1ITwELBQ4SK0njq7Bi2Y5aWYVf6QEdNZ0oYWZcOJrkdoyeWCE0Hj7WmMhhExNM0aoxThDIxkNBLv+0NXYR9BTkYMv2INvnCHF0WTITePt2zp/H4OhLxazGLJTGnPxxqshAsaIKQydhIj6nG52z2kvnS4ZgvYpmbTNKgaSp7sX4AXjst247/IkDSxS82MX9pOISqxfsTlODrSnG1+EON7Oa7c/CJNI54ebnyOce2YJnPc1r11ba61ie2tTNSxL3h89ffLiQ/xfebVFLbXnqs1X6K2pRja32uxGzfuw2hN3rXx7d3aoxbbeJj4ZRzY4GmbpDl+zpbXTl8Ugf0mpifRw3EtCDOzpyktwsOQ79imuPzqs8UoL5xxZMmfG/bnPXF0+0OnMh9gmA+wAdpc9juUyTTB0ZewrqSiTNMfk4xwa6DxDcJtbN0WpYAe18a2pzcTEc9py1+HYlLEJ0twgRq2Co6ZESA2lTLXfvOZAoVFzLMOP6bcTBZ+hOzd8VSZo/oldLasv91EZFn3p7vfMcu/J7/3KJ9neAHSd0dNS17uoCnBRrIoQbhcEmkp1Dih8F1FD9Dk8IxH09jXcxUmB4+WKJ2rNzHfvV6ORKmco+d7O3Qc490fFz4857VghLLrHGkvSsmb+rnSuyAytuHNtkAEN9faj1xWC+nR/2nFEunjrEYdwiblE0u2qti6byXp7nJjTQpevlc5dhJEv8v91Ivczw1Gn1CHBhO4VBM2MrGlDAQ3W0CBh6t+T1OZlRmO5Om4SOqI/nUWZ7xIA51E8NPXIJRrTVM3Xc/1gy+2PGxkGcEm+J3AFfLq1/ocXbCed9CtboZzOLr0iX8v4P8Yp80uqJDeY4iRATYkmue7pl4KV7WsUFODdS0eEPHHgXnIUch0BoMC9VhtAX+sg==

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Thread-index: AQHYmE6f3nf19rITF02bMhbJMzY4w62D3CgAgAAFn4A=

Thread-topic: [PATCH v2 2/2] xen: Fix latent check-endbr.sh bug with 32bit build environments

On 18/07/2022 10:11, Jan Beulich wrote: > On 15.07.2022 15:26, Andrew Cooper wrote: >> While Xen's current VMA means it works, the mawk fix (i.e. using $((0xN)) in >> the shell) isn't portable in 32bit shells. See the code comment for the fix. >> >> The fix found a second latent bug. Recombining $vma_hi/lo should have used >> printf "%s%08x" and only worked previously because $vma_lo had bits set in >> it's top nibble. Combining with the main fix, %08x becomes %07x. >> >> Fixes: $XXX patch 1 >> Reported-by: Jan Beulich <JBeulich@xxxxxxxx> >> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> > Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> Thanks, but... > with, I guess, ... > >> --- a/xen/tools/check-endbr.sh >> +++ b/xen/tools/check-endbr.sh >> @@ -61,19 +61,36 @@ ${OBJDUMP} -j .text $1 -d -w | grep ' endbr64 *$' | >> cut -f 1 -d ':' > $VALID & >> # the lower bits, rounding integers to the nearest 4k. >> # >> # Instead, use the fact that Xen's .text is within a 1G aligned region, >> and >> -# split the VMA in half so AWK's numeric addition is only working on 32 >> bit >> -# numbers, which don't lose precision. >> +# split the VMA so AWK's numeric addition is only working on <32 bit >> +# numbers, which don't lose precision. (See point 5) >> # >> # 4) MAWK doesn't support plain hex constants (an optional part of the POSIX >> # spec), and GAWK and MAWK can't agree on how to work with hex constants >> in >> # a string. Use the shell to convert $vma_lo to decimal before passing >> to >> # AWK. >> # >> +# 5) Point 4 isn't fully portable. POSIX only requires that $((0xN)) be >> +# evaluated as long, which in 32bit shells turns negative if bit 31 of >> the >> +# VMA is set. AWK then interprets this negative number as a double >> before >> +# adding the offsets from the binary grep. >> +# >> +# Instead of doing an 8/8 split with vma_hi/lo, do a 9/7 split. >> +# >> +# The consequence of this is that for all offsets, $vma_lo + offset needs >> +# to be less that 256M (i.e. 7 nibbles) so as to be successfully >> recombined >> +# with the 9 nibbles of $vma_hi. This is fine; .text is at the start of >> a >> +# 1G aligned region, and Xen is far far smaller than 256M, but leave >> safety >> +# check nevertheless. >> +# >> eval $(${OBJDUMP} -j .text $1 -h | >> - $AWK '$2 == ".text" {printf "vma_hi=%s\nvma_lo=%s\n", substr($4, 1, 8), >> substr($4, 9, 16)}') >> + $AWK '$2 == ".text" {printf "vma_hi=%s\nvma_lo=%s\n", substr($4, 1, 9), >> substr($4, 10, 16)}') >> >> ${OBJCOPY} -j .text $1 -O binary $TEXT_BIN >> >> +bin_sz=$(stat -c '%s' $TEXT_BIN) >> +[ "$bin_sz" -ge $(((1 << 28) - $vma_lo)) ] && >> + { echo "$MSG_PFX Error: .text offsets can exceed 256M" >&2; exit 1; } > ... s/can/cannot/ ? Why? "Can" is correct here. If the offsets can't exceed 256M, then everything is good. ~Andrew

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.