Xen project Mailing List

Re: [PATCH v2 1/2] x86: annotate entry points with type and size

From: Roger Pau Monné <roger.pau@xxxxxxxxxx>

Date: Tue, 30 May 2023 17:15:48 +0200

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=64Ja1OIWGKAGq3lZEQgphsue4Bzy238t+MhdZ6MqwEg=; b=AAX2j4rTcTdXGI9TmxpX2H8jq2MXiyg8xP8XCdg8qurAM/OqsqiI6ahkgntxFc8bm+8j+j9XWzk0FuVNxy634HSFN/ZMnje2810+4HoDFXWK2VB8gw5ZHpdubSZChgc1Ihz4wZQKtic5f3tC4+l4q6Y/4XAApx2QXJNDPLZOEZdN1GQ9Lvrdoo/7MJr8YdqPM3u9Plr2iofhDUGPforsonPEngaDK0J7kHissFDgcZRCz5TgcMLECAG5IBV+mhNGOyyttdXSguiEWXNnijjwkA5rDCiHXP2SqlvGnbupCg0ZII+BMOMH/DWMSWCmpcVm/RZq0zessOLYmdMh888V6g==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=f/S4Xy+Mah9H8/CuE8lwQrq7eBLl/xisuAWmlfGoSKFjeDNhP4qzL5S8Us0Okwx20fUYDMpmaWXdjOpClOGFDvwQSnKOxxRHujNkr45cneo+Eyq7UZY8A74VTD7ZdLBn1ZImrlu5DaSt3AuBGy61CusFlT4v4vrkda0+WA7tVDD4WycH7mDr+FTIBBib6+P8KeuemelWXHPZ0YHe/GQr+uUqsqPBrClHtNqF3Ixd7JdqgnDQf/1bK3yfppkvTCs24rtBEH246ei9tCczskL+I7YvtEjuEpKV5OoUiIKo5cmNAZJJODpNGQFHD3f1z+UcUz2RXjiufLiXcUh9bhwIaQ==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;

Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Volodymyr Babchuk <volodymyr_babchuk@xxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Bobby Eshleman <bobbyeshleman@xxxxxxxxx>, Alistair Francis <alistair.francis@xxxxxxx>, Connor Davis <connojdavis@xxxxxxxxx>

Delivery-date: Tue, 30 May 2023 15:17:14 +0000

Ironport-data: A9a23:3YZqXq4KuzoxuBehOehYAgxRtHDHchMFZxGqfqrLsTDasY5as4F+v mNLXDuEaPmKNDPyKIggbI7noB8PvsfRzII2QAptr3thHi5G8cbLO4+Ufxz6V8+wwm8vb2o8t plDNYOQRCwQZiWBzvt4GuG59RGQ7YnRGvynTraCYnsrLeNdYH9JoQp5nOIkiZJfj9G8Agec0 fv/uMSaM1K+s9JOGjt8B5mr9lU35JwehBtC5gZlPa0Q5AeE/5UoJMl3yZ+ZfiOQrrZ8RoZWd 86bpJml82XQ+QsaC9/Nut4XpWVTH9Y+lSDX4pZnc/DKbipq/0Te4Y5iXBYoUm9Fii3hojxE4 I4lWapc6+seFvakdOw1C3G0GszlVEFM0OevzXOX6aR/w6BaGpdFLjoH4EweZOUlFuhL7W5mt qYUKyxKbT64h8G64LeYaeNFq+59FZy+VG8fkikIITDxK98DGMmGaYOaoNhS0XE3m9xEGuvYa 4wBcz1zYR/cYhpJfFAKFJY5m+TujX76G9FagAvN+exrvC6OnEoojuiF3Nn9I7RmQe1PmUmVv CTe9nnRCRAGLt2PjzGC9xpAg8eWxHinAthLSefQGvhC3FiuzTJCJzAsRVqp5sCU11S6WepdN BlBksYphe1onKCxdfH/VRClpH+PvjYHRsFdVeY97Wml2qfSpgqUGGUAZjpAc8A98t87QyQw0 V2ElM+vAiZg2JWKTVqN+7HSqim9UQAXMGsDaCksXQYDpd75r+kblQnTR9xuFKq0iNzdGjzqx T2O6i8kiN07k8kP0Kmq+EHdtDilrJPJUw0d6x3eWySu6QYRTISofZCy4F7Xq/NJNp+ET0Kpt WIB3cOZ6YgmB5aHnj2AW+UJEbSg4d6KNTTdhRhkGJxJ3z2p+mW/dIFKpj9kLUFiM90sZjPiJ kTUvGt575hVOnyoYaZpYpmZBMEjzKymHtPgPs04dfJLa5l1MQWBrCdnYBfJ23i3yRZ816YiJ Z2cbMCgS24ADrhqxya3QOFb1qI3wic5xiXYQpWTIwmb7IdyrUW9Ed8tWGZipMhgt/vsTNn9m zqHC/a39g==

Ironport-hdrordr: A9a23:ClmYCq5EtYSzjCLMKwPXwOPXdLJyesId70hD6qkRc20xTiX8ra rCoB1173PJYVoqN03I4OrwQZVoIkmsl6Kdg7NwAV7KZmCPhILPFu9fBODZsl7d8kPFl9K14p 0QF5SWWOeaMbGjt7eA3OBjKadH/DBbytHOuQ4D9QYUcei1UdAb0ztE

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Tue, May 30, 2023 at 04:23:21PM +0200, Jan Beulich wrote: > On 30.05.2023 15:21, Roger Pau Monné wrote: > > On Tue, May 30, 2023 at 10:06:27AM +0200, Jan Beulich wrote: > >> On 29.05.2023 15:34, Roger Pau Monné wrote: > >>> On Tue, May 23, 2023 at 01:30:51PM +0200, Jan Beulich wrote: > >>>> Note that the FB-label in autogen_stubs() cannot be converted just yet: > >>>> Such labels cannot be used with .type. We could further diverge from > >>>> Linux'es model and avoid setting STT_NOTYPE explicitly (that's the type > >>>> labels get by default anyway). > >>>> > >>>> Note that we can't use ALIGN() (in place of SYM_ALIGN()) as long as we > >>>> still have ALIGN. > >>> > >>> FWIW, as I'm looking into using the newly added macros in order to add > >>> annotations suitable for live-patching, I would need to switch some of > >>> the LABEL usages into it's own functions, as it's not possible to > >>> livepatch a function that has labels jumped into from code paths > >>> outside of the function. > >> > >> Hmm, I'm not sure what the best way is to overcome that restriction. I'm > >> not convinced we want to arbitrarily name things "functions". > > > > Any external entry point in the middle of a function-like block will > > prevent it from being live patched. > > Is there actually any particular reason for this restriction? As long > as old and new code has the same external entry points, redirecting > all old ones to their new counterparts would seem feasible. Yes, that was another option, we could force asm patching to always be done with a jump (instead of in-place) and then add jumps at the old entry point addresses in order to redirect to the new addresses. Or assert that the addresses of any symbols inside the function is not changed in order to do in-place replacement of code. > > If you want I can try to do a pass on top of your patch and see how > > that would end up looking. I'm attempting to think about other > > solutions, but every other solution seems quite horrible. > > Right, but splitting functions into piecemeal fragments isn't going > to be very nice either. I'm not sure how much splitting would be required TBH. > >>>> + > >>>> +#define FUNC(name, algn...) \ > >>>> + SYM(name, FUNC, GLOBAL, LAST(16, ## algn), 0x90) > >>> > >>> A rant, should the alignment of functions use a different padding? > >>> (ie: ret or ud2?) In order to prevent stray jumps falling in the > >>> padding and fall trough into the next function. That would also > >>> prevent the implicit fall trough used in some places. > >> > >> Yes, but that's a separate topic (for which iirc patches are pending > >> as well, just of course not integrated with the work here. There's > >> the slight risk of overlooking some "fall-through" case ... > > > > Oh, OK, wasn't aware patches are floating for this already, just came > > across it while reviewing. > > Well, those don't cover padding yet, but they deal with straight-line > speculation past RET or JMP. Introducing the helpers does make it easy to convert the padding for all the existing users at least. > >>>> sti > >>>> call do_softirq > >>>> jmp compat_test_all_events > >>>> > >>>> - ALIGN > >>>> /* %rbx: struct vcpu, %rdx: struct trap_bounce */ > >>>> -.Lcompat_process_trapbounce: > >>>> +LABEL_LOCAL(.Lcompat_process_trapbounce) > >>> > >>> It's my understanding that here the '.L' prefix is pointless, since > >>> LABEL_LOCAL() will forcefully create a symbol for the label due to the > >>> usage of .type? > >> > >> I don't think .type has this effect. There's certainly no such label in > >> the symbol table of the object file I have as a result. > > > > I was expecting .type to force the creation of a symbol, so the '.L' > > prefix does prevent the symbol from being created even if .type is > > specified. > > > > Shouldn't the assembler complain that we are attempting to set a type > > for a not present symbol? > > But .L symbols are still normal symbols to gas, just that it knows to not > emit them to the symbol table (unless there's a need, e.g. through a use > in a relocation that cannot be expressed as section-relative one). It > could flag the pointless use, but then it may get this wrong if in the > end the symbol does need emitting. Thanks for the explanation. Roger.

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.