[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 2/2] xen: Fix latent check-endbr.sh bug with 32bit build environments

  • To: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Mon, 18 Jul 2022 11:49:19 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=mQ5zshumVsMdkpAYtuQQKspNTbzMA87oEp5PPWkFb/s=; b=iERV8tzxGAsRsaONMCPbXIv7iaoa7nAg8mYFWEbFnHctetH1oVQc+SQSARZHTrMzVFVdhY++IVkMHul5wfgrr8jrFk57L/4xpex5NlE+iWvAGQ7vE0KtB2iXyKvLGZseeK03MQw5BSeP9wvIDDRo6xe19HzVswSNaiGLm9to1/Kr15pFeVJviKFTuiDIr5ZE9qeXVzImOsD95nWeJ1M0zURNwgUHgmsSXuiYNcgbiMvvfvCRdIp7y/n2wQqSvRtAmfz2GYlhGfOXARmQmijhqgkZPzOu53oDs6Ss3zhGkLEifE+zexv4WA9kwTGBm2El3y3vQxK6x9qzTybFY54sbQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Jgk31qrwKk2FNTfp2htxMK4tbVS71MBcNrQCOENE3olX55LyUvdwRNs2eKdbBeHI3gdG41gkNVApYqM337rQpY4pM77iffQJe+WSjy62cp4FsUOZ5NrNjgTDXrMrV8siK2KJhrPW06nAvxeYSNSL0nM6vtu8v6bAOhVgG9stCWMwkOwlQNdcc1LBurv7jbEkbJs9oonkL60jbKySTHlhGsCLqu1RjHJwEyNBMKqrtRsg1j09lV3jPWmDcG+1tkwxaishcD0mcIYx4Polf2t9GHnXJCci9o/Rw7X8pbxHOhTA/dLSEU2SVYPbhBE57gzKM0RtLwVuVwO/lL2JbwWt5w==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: George Dunlap <George.Dunlap@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Anthony Perard <anthony.perard@xxxxxxxxxx>, Luca Fancellu <Luca.Fancellu@xxxxxxx>, Mathieu Tarral <mathieu.tarral@xxxxxxxxxxxxxx>, Bertrand Marquis <Bertrand.Marquis@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Mon, 18 Jul 2022 09:49:33 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 18.07.2022 11:31, Andrew Cooper wrote:
> On 18/07/2022 10:11, Jan Beulich wrote:
>> On 15.07.2022 15:26, Andrew Cooper wrote:
>>> --- a/xen/tools/check-endbr.sh
>>> +++ b/xen/tools/check-endbr.sh
>>> @@ -61,19 +61,36 @@ ${OBJDUMP} -j .text $1 -d -w | grep '   endbr64 *$' | 
>>> cut -f 1 -d ':' > $VALID &
>>>  #    the lower bits, rounding integers to the nearest 4k.
>>>  #
>>>  #    Instead, use the fact that Xen's .text is within a 1G aligned region, 
>>> and
>>> -#    split the VMA in half so AWK's numeric addition is only working on 32 
>>> bit
>>> -#    numbers, which don't lose precision.
>>> +#    split the VMA so AWK's numeric addition is only working on <32 bit
>>> +#    numbers, which don't lose precision.  (See point 5)
>>>  #
>>>  # 4) MAWK doesn't support plain hex constants (an optional part of the 
>>> POSIX
>>>  #    spec), and GAWK and MAWK can't agree on how to work with hex 
>>> constants in
>>>  #    a string.  Use the shell to convert $vma_lo to decimal before passing 
>>> to
>>>  #    AWK.
>>>  #
>>> +# 5) Point 4 isn't fully portable.  POSIX only requires that $((0xN)) be
>>> +#    evaluated as long, which in 32bit shells turns negative if bit 31 of 
>>> the
>>> +#    VMA is set.  AWK then interprets this negative number as a double 
>>> before
>>> +#    adding the offsets from the binary grep.
>>> +#
>>> +#    Instead of doing an 8/8 split with vma_hi/lo, do a 9/7 split.
>>> +#
>>> +#    The consequence of this is that for all offsets, $vma_lo + offset 
>>> needs
>>> +#    to be less that 256M (i.e. 7 nibbles) so as to be successfully 
>>> recombined
>>> +#    with the 9 nibbles of $vma_hi.  This is fine; .text is at the start 
>>> of a
>>> +#    1G aligned region, and Xen is far far smaller than 256M, but leave 
>>> safety
>>> +#    check nevertheless.
>>> +#
>>>  eval $(${OBJDUMP} -j .text $1 -h |
>>> -    $AWK '$2 == ".text" {printf "vma_hi=%s\nvma_lo=%s\n", substr($4, 1, 
>>> 8), substr($4, 9, 16)}')
>>> +    $AWK '$2 == ".text" {printf "vma_hi=%s\nvma_lo=%s\n", substr($4, 1, 
>>> 9), substr($4, 10, 16)}')
>>>  
>>>  ${OBJCOPY} -j .text $1 -O binary $TEXT_BIN
>>>  
>>> +bin_sz=$(stat -c '%s' $TEXT_BIN)
>>> +[ "$bin_sz" -ge $(((1 << 28) - $vma_lo)) ] &&
>>> +    { echo "$MSG_PFX Error: .text offsets can exceed 256M" >&2; exit 1; }
>> ... s/can/cannot/ ?
> 
> Why?  "Can" is correct here.  If the offsets can't exceed 256M, then
> everything is good.

Hmm, the wording then indeed is ambiguous. I read "can" as "are allowed
to", when we mean "aren't allowed to". Maybe ".text is 256M or more in
size"? If you mention "offsets", then I think the check should be based
on actually observing an offset which is too large (which .text size
alone doesn't guarantee will happen).

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.