[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 1/2] x86/boot: Avoid relocations in trampoline code to physical addresses



On Sat, Sep 14, 2024 at 7:39 AM Jan Beulich <jbeulich@xxxxxxxx> wrote:
>
> On 28.08.2024 11:19, Frediano Ziglio wrote:
> > The trampoline could have "manual" relocation entries (created
> > by assembly macros and some code to use them) and (in case of PE)
> > normal executable relocations.
> > Remove some normal executable ones. In this way we don't have to
> > worry about applying both correctly (they need proper order
> > which is hard to spot looking at the code).
>
> I don't theink the order of applying relocations matters - the overall
> outcome will be the same for any order. What does matter is ...
>
> > Specifically in efi_arch_post_exit_boot trampoline is copied after
> > fixing relocations with efi_arch_relocate_image.
>
> ... whether they're applied by the time certain operations take place.
>
> > These time dependencies
> > between different part of code are hard to spot making hard to change
> > code.
>
> Relocation and copying sitting literally next to each other makes it
> not really hard to spot, imo.
>

I was thinking that there should probably be a single function that
does the relocation and also copy the trampoline in the final spot.

> > In this case the copy is done in a state where code should be run
> > at higher locations so it would be better to reduce the code between
> > calling efi_arch_relocate_image and jumping to higher location.
> > Absolute symbols are defined by linker in order to avoid relocations.
> > These symbols use a "_PA" suffix to avoid possible clashes.
> > phys_addr macro is used to make more clear the address we want and making
> > symbol search easier.
>
> At the price of introducing more absolute symbols, which are often
> frowned upon. For example I fear this may (and the 2nd patch will)
> get in the way of us (finally) randomizing Xen's virtual position
> at load/boot time. Especially with xen.efi (where we already have
> the base relocs) this shouldn't be overly difficult to arrange - as
> long as there are no absolute symbols to take care of (ones used
> only very early are okay of course).
>

Considering that bootloaders (both GRUB and EFI) uses 1-to-1 mapping
or physical addressing and that we wrap our 64 bit ELF in a 32 bit ELF
I would assume that we want the randomization done by our code and not
by the bootloader. In this case, I would suggest designing the output
in order to use position independent code/data and do the
randomization/relocation needed. That involves doing something similar
to mkelf32 also for EFI output.
This goes quite a lot out of the target of this series, but I agree
this series clash a bit with address randomization (going in a
different direction).
I suppose I can simply respect the order of calls and drop this series.

> > --- a/xen/arch/x86/boot/head.S
> > +++ b/xen/arch/x86/boot/head.S
> > @@ -870,8 +870,10 @@ cmdline_parse_early:
> >  reloc:
> >          .incbin "reloc.bin"
> >
> > +#include "x86_64.S"
> > +
> > +        .section .init.text, "ax", @progbits
> > +
> >  ENTRY(trampoline_start)
> >  #include "trampoline.S"
> >  ENTRY(trampoline_end)
> > -
> > -#include "x86_64.S"
>
> I take it that this is superseded by the patch introducing
> .init.trampoline?
>

No, they happen to clash/conflict and looks similar because they move
the trampoline inclusion later but for completely different reasons,
one for section continuation, the other for macro preservation.

> Jan

Frediano



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.