[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 5/5] x86: Rollback relocation in case of EFI multiboot


  • To: Frediano Ziglio <frediano.ziglio@xxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Tue, 20 Aug 2024 15:32:17 +0200
  • Autocrypt: addr=jbeulich@xxxxxxxx; keydata= xsDiBFk3nEQRBADAEaSw6zC/EJkiwGPXbWtPxl2xCdSoeepS07jW8UgcHNurfHvUzogEq5xk hu507c3BarVjyWCJOylMNR98Yd8VqD9UfmX0Hb8/BrA+Hl6/DB/eqGptrf4BSRwcZQM32aZK 7Pj2XbGWIUrZrd70x1eAP9QE3P79Y2oLrsCgbZJfEwCgvz9JjGmQqQkRiTVzlZVCJYcyGGsD /0tbFCzD2h20ahe8rC1gbb3K3qk+LpBtvjBu1RY9drYk0NymiGbJWZgab6t1jM7sk2vuf0Py O9Hf9XBmK0uE9IgMaiCpc32XV9oASz6UJebwkX+zF2jG5I1BfnO9g7KlotcA/v5ClMjgo6Gl MDY4HxoSRu3i1cqqSDtVlt+AOVBJBACrZcnHAUSuCXBPy0jOlBhxPqRWv6ND4c9PH1xjQ3NP nxJuMBS8rnNg22uyfAgmBKNLpLgAGVRMZGaGoJObGf72s6TeIqKJo/LtggAS9qAUiuKVnygo 3wjfkS9A3DRO+SpU7JqWdsveeIQyeyEJ/8PTowmSQLakF+3fote9ybzd880fSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPsJgBBMRAgAgBQJZN5xEAhsDBgsJCAcDAgQVAggDBBYC AwECHgECF4AACgkQoDSui/t3IH4J+wCfQ5jHdEjCRHj23O/5ttg9r9OIruwAn3103WUITZee e7Sbg12UgcQ5lv7SzsFNBFk3nEQQCACCuTjCjFOUdi5Nm244F+78kLghRcin/awv+IrTcIWF hUpSs1Y91iQQ7KItirz5uwCPlwejSJDQJLIS+QtJHaXDXeV6NI0Uef1hP20+y8qydDiVkv6l IreXjTb7DvksRgJNvCkWtYnlS3mYvQ9NzS9PhyALWbXnH6sIJd2O9lKS1Mrfq+y0IXCP10eS FFGg+Av3IQeFatkJAyju0PPthyTqxSI4lZYuJVPknzgaeuJv/2NccrPvmeDg6Coe7ZIeQ8Yj t0ARxu2xytAkkLCel1Lz1WLmwLstV30g80nkgZf/wr+/BXJW/oIvRlonUkxv+IbBM3dX2OV8 AmRv1ySWPTP7AAMFB/9PQK/VtlNUJvg8GXj9ootzrteGfVZVVT4XBJkfwBcpC/XcPzldjv+3 HYudvpdNK3lLujXeA5fLOH+Z/G9WBc5pFVSMocI71I8bT8lIAzreg0WvkWg5V2WZsUMlnDL9 mpwIGFhlbM3gfDMs7MPMu8YQRFVdUvtSpaAs8OFfGQ0ia3LGZcjA6Ik2+xcqscEJzNH+qh8V m5jjp28yZgaqTaRbg3M/+MTbMpicpZuqF4rnB0AQD12/3BNWDR6bmh+EkYSMcEIpQmBM51qM EKYTQGybRCjpnKHGOxG0rfFY1085mBDZCH5Kx0cl0HVJuQKC+dV2ZY5AqjcKwAxpE75MLFkr wkkEGBECAAkFAlk3nEQCGwwACgkQoDSui/t3IH7nnwCfcJWUDUFKdCsBH/E5d+0ZnMQi+G0A nAuWpQkjM1ASeQwSHEeAWPgskBQL
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>, Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • Delivery-date: Tue, 20 Aug 2024 13:32:37 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 14.08.2024 10:34, Frediano Ziglio wrote:
> In case EFI not multiboot rolling back relocation is done in
> efi_arch_post_exit_boot, called by efi_start however this is
> not done in multiboot code path.
> Do it also for this path to make it work correctly.
> 
> Signed-off-by: Frediano Ziglio <frediano.ziglio@xxxxxxxxx>
> ---
>  xen/arch/x86/boot/Makefile          |  2 +-
>  xen/arch/x86/boot/efi-reloc-image.c | 40 ++++++++++++++
>  xen/arch/x86/boot/efi-reloc-image.h | 85 +++++++++++++++++++++++++++++
>  xen/arch/x86/boot/head.S            | 44 ++++++++++++---
>  xen/arch/x86/efi/efi-boot.h         | 64 ++--------------------
>  5 files changed, 168 insertions(+), 67 deletions(-)
>  create mode 100644 xen/arch/x86/boot/efi-reloc-image.c
>  create mode 100644 xen/arch/x86/boot/efi-reloc-image.h

Would there be anything wrong with using just efi-reloc.[ch]? I'm sorry, but
I'm a little averse to long names when shorter ones are as unambiguous.

> --- /dev/null
> +++ b/xen/arch/x86/boot/efi-reloc-image.c
> @@ -0,0 +1,40 @@
> +/*
> + * efi-reloc-image.c
> + *
> + * 32-bit flat memory-map routines for relocating back PE executable.
> + * This is done with paging disabled to avoid permission issues.
> + *
> + * Copyright (c) 2024, Citrix Systems, Inc.
> + */

Just curious: Is "Citrix" still the right name to use in places like this one?

> +/*
> + * This entry point is entered from xen/arch/x86/boot/head.S with:
> + *   - 0x04(%esp) = __XEN_VIRT_START - xen_phys_start

This could to with adding "(two slots)" or "(64 bits)".

> + *   - 0x0c(%esp) = xen_phys_start
> + *   - 0x10(%esp) = __base_relocs_start
> + *   - 0x14(%esp) = __base_relocs_end
> + */
> +asm (
> +    "    .text                         \n"
> +    "    .globl _start                 \n"
> +    "_start:                           \n"
> +    "    jmp    reloc_pe_back          \n"
> +    );
> +
> +#include "defs.h"
> +
> +/* Do not patch page tables. */
> +#define in_page_tables(v) false

If you want what the comment says, this can't yield "false" for every
possible input. Didn't you even have page table related logic in v1?

> --- /dev/null
> +++ b/xen/arch/x86/boot/efi-reloc-image.h
> @@ -0,0 +1,85 @@
> +/*
> + * efi-reloc-image.h
> + *
> + * Code for relocating back PE executable.
> + * This code is common between 64 bit and 32 bit.
> + *
> + * Copyright (c) 2024, Citrix Systems, Inc.
> + */
> +
> +#if EFI_RELOC_IMAGE_EARLY != 0 && EFI_RELOC_IMAGE_EARLY != 1
> +#error EFI_RELOC_IMAGE_EARLY must be defined either 0 or 1
> +#endif

Depending on compiler type and version, EFI_RELOC_IMAGE_EARLY simply not
being defined may or may not raise a warning, but would otherwise satisfy
EFI_RELOC_IMAGE_EARLY == 0. I think you want to also guard against
un-defined-ness.

> +typedef struct pe_base_relocs {
> +    uint32_t rva;
> +    uint32_t size;
> +    uint16_t entries[];
> +} pe_base_relocs;
> +
> +#define PE_BASE_RELOC_ABS      0
> +#define PE_BASE_RELOC_HIGHLOW  3
> +#define PE_BASE_RELOC_DIR64   10
> +
> +#if EFI_RELOC_IMAGE_EARLY
> +bool __stdcall
> +#else
> +static bool
> +#endif
> +reloc_pe_back(long long delta,
> +              unsigned long xen_phys_start,
> +              const pe_base_relocs *__base_relocs_start,
> +              const pe_base_relocs *__base_relocs_end)
> +{
> +    const struct pe_base_relocs *base_relocs;
> +
> +    for ( base_relocs = __base_relocs_start; base_relocs < 
> __base_relocs_end; )
> +    {
> +        unsigned int i = 0, n;
> +
> +        n = (base_relocs->size - sizeof(*base_relocs)) /
> +            sizeof(*base_relocs->entries);
> +
> +        for ( ; i < n; ++i )
> +        {
> +            unsigned long addr = xen_phys_start + base_relocs->rva +
> +                                 (base_relocs->entries[i] & 0xfff);
> +
> +            switch ( base_relocs->entries[i] >> 12 )
> +            {
> +            case PE_BASE_RELOC_ABS:
> +                break;
> +            case PE_BASE_RELOC_HIGHLOW:
> +                if ( delta )
> +                {
> +                    *(uint32_t *)addr += delta;
> +                    if ( in_page_tables(addr) )
> +                        *(uint32_t *)addr += xen_phys_start;
> +                }
> +                break;
> +            case PE_BASE_RELOC_DIR64:
> +                if ( delta )
> +                {
> +                    *(uint64_t *)addr += delta;
> +                    if ( in_page_tables(addr) )
> +                        *(uint64_t *)addr += xen_phys_start;
> +                }
> +                break;
> +            default:
> +                return false;
> +            }

As you're moving this code, please put blank lines between case blocks.

> +        }
> +        base_relocs = (const void *)(base_relocs->entries + i + (i & 1));
> +    }
> +    return true;
> +}

Nit: Blank line please ahead of a function's main "return".

> --- a/xen/arch/x86/boot/head.S
> +++ b/xen/arch/x86/boot/head.S
> @@ -332,7 +332,8 @@ __efi64_mb2_start:
>           */
>          and     $~15,%rsp
>  
> -        /* Save Multiboot2 magic on the stack. */
> +        /* Save Multiboot2 magic on the stack for a later 32bit call */
> +        shl     $32, %rax
>          push    %rax

I see you're now extending the comment here. However, ...

> @@ -363,11 +364,25 @@ __efi64_mb2_start:
>          /* Just pop an item from the stack. */
>          pop     %rax
>  
> -        /* Restore Multiboot2 magic. */

... this comment shouldn't be lost (wants to move down), and ...

> -        pop     %rax
> +        /*
> +         * Prepare stack for relocation call.
> +         * Note that we are in 64bit mode but we are going to call a
> +         * function in 32bit mode so the stack is not written with
> +         * push instructions.
> +         */
> +        sub     $16, %rsp
> +        lea     __base_relocs_end(%rip), %ecx
> +        mov     %ecx, 16(%rsp)

... the re-using of half a 64-bit slot here still isn't present in
commentary (in fact the comment is slightly wrong as is, because that
re-used half slot _is_ written by a PUSH, just higher up).

> --- a/xen/arch/x86/efi/efi-boot.h
> +++ b/xen/arch/x86/efi/efi-boot.h
> @@ -36,69 +36,15 @@ extern const intpte_t __page_tables_start[], 
> __page_tables_end[];
>  #define in_page_tables(v) ((intpte_t *)(v) >= __page_tables_start && \
>                             (intpte_t *)(v) < __page_tables_end)
>  
> -#define PE_BASE_RELOC_ABS      0
> -#define PE_BASE_RELOC_HIGHLOW  3
> -#define PE_BASE_RELOC_DIR64   10
> +#define EFI_RELOC_IMAGE_EARLY 0
> +#include "../boot/efi-reloc-image.h"
>  
> -extern const struct pe_base_relocs {
> -    u32 rva;
> -    u32 size;
> -    u16 entries[];
> -} __base_relocs_start[], __base_relocs_end[];
> +extern pe_base_relocs __base_relocs_start[], __base_relocs_end[];

You've lost the const.

>  static void __init efi_arch_relocate_image(unsigned long delta)
>  {
> -    const struct pe_base_relocs *base_relocs;
> -
> -    for ( base_relocs = __base_relocs_start; base_relocs < 
> __base_relocs_end; )
> -    {
> -        unsigned int i = 0, n;
> -
> -        n = (base_relocs->size - sizeof(*base_relocs)) /
> -            sizeof(*base_relocs->entries);
> -
> -        /*
> -         * Relevant l{2,3}_bootmap entries get initialized explicitly in
> -         * efi_arch_memory_setup(), so we must not apply relocations there.
> -         * l2_directmap's first slot, otoh, should be handled normally, as
> -         * efi_arch_memory_setup() won't touch it (xen_phys_start should
> -         * never be zero).
> -         */
> -        if ( xen_phys_start + base_relocs->rva == (unsigned long)l3_bootmap 
> ||
> -             xen_phys_start + base_relocs->rva == (unsigned long)l2_bootmap )
> -            i = n;

I can't spot the replacement for this code.

> -        for ( ; i < n; ++i )
> -        {
> -            unsigned long addr = xen_phys_start + base_relocs->rva +
> -                                 (base_relocs->entries[i] & 0xfff);
> -
> -            switch ( base_relocs->entries[i] >> 12 )
> -            {
> -            case PE_BASE_RELOC_ABS:
> -                break;
> -            case PE_BASE_RELOC_HIGHLOW:
> -                if ( delta )
> -                {
> -                    *(u32 *)addr += delta;
> -                    if ( in_page_tables(addr) )
> -                        *(u32 *)addr += xen_phys_start;
> -                }
> -                break;
> -            case PE_BASE_RELOC_DIR64:
> -                if ( delta )
> -                {
> -                    *(u64 *)addr += delta;
> -                    if ( in_page_tables(addr) )
> -                        *(u64 *)addr += xen_phys_start;
> -                }
> -                break;
> -            default:
> -                blexit(L"Unsupported relocation type");
> -            }
> -        }
> -        base_relocs = (const void *)(base_relocs->entries + i + (i & 1));
> -    }
> +    if (!reloc_pe_back(delta, xen_phys_start, __base_relocs_start, 
> __base_relocs_end))

Nit: Style.

> +        blexit(L"Unsupported relocation type");
>  }
>  
>  extern const s32 __trampoline_rel_start[], __trampoline_rel_stop[];




 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.