Xen project Mailing List

Re: [PATCH 1/2] x86/head: check base address alignment

To: Roger Pau Monné <roger.pau@xxxxxxxxxx>

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Tue, 2 May 2023 11:35:08 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=7jRCMgEtM32NM/MjsLxwPGxdGv3dmM0sdW8hY20jarw=; b=J1nWLPKwtrQT+uUvMEP/7UASUwy9a7/rOvSxKZQ9JXf7YelkYnMLAChJ2ODs0LQfm4bAlTouvLsLXrK4Mtbrm2KsrJUp6Oe+9C+0f1rsy/2lScLhA0UO8q/J8LoVITVeBUve+pvlf5OplwDPUoTaiOjp9iKznhABip1yDxMVnQnAlh5+Z0A6xjIlRbj+ag+YGWR2Gwih3/Inu3pj+4HW41aGMsd+QuLhvyAc+RjcRCeCzxCZDh4t5dhFMSz3tjFjkTPhBi6fkfcSngULGtiYnR/s8/skKAc0HjV7mnZEMJYy+UxV1NxSq0c93wO7YB1XDx4wudL3FRelJC+82wo7Xg==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=f335TTLAV6yBmzpReSgML1eNRD/hvsyhFK7YtZdHGMt4fmskG1rgaKWXi7XHtttp90GsaOq20irEy99MSGiIe/TqsOlRV7/ADFYuzvss6Tz00vv3xszLO+kYCdSEBEg7+XiL2p1Sc7tdOQYxmr/ZVaxRYtOOsPg+CXlJfOzmr67xHlo+JA4IHpGTX4o+FVPoknBAz7TJXqPdnQ7uxopiOBTFGX+DC/82QvSrzsgecYS5DNsFkYclWHGToYxed5neN8hHwq/6COE91NUqG9YERBrRkF/xRJX++IqVaAMvosHTmt3Bl3+QfMaZjItcZAVup/H+0EUaTmYEfxqbTXUc9w==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;

Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, Jan Beulich <jbeulich@xxxxxxxx>, Wei Liu <wl@xxxxxxx>

Delivery-date: Tue, 02 May 2023 10:35:32 +0000

Ironport-data: A9a23:Ts4MW6/iy0m4UVtnxmkvDrUDon+TJUtcMsCJ2f8bNWPcYEJGY0x3z 2AXDz3XOa6KMzb0LYhwYYi3/U0G7JPcyt4wGQc+qi08E34SpcT7XtnIdU2Y0wF+jCHgZBk+s 5hBMImowOQcFCK0SsKFa+C5xZVE/fjUAOG6UKicYXoZqTZMEE8JkQhkl/MynrlmiN24BxLlk d7pqojUNUTNNwRcawr40Ire7kI+1BjOkGlA5AdmOKgR5AW2e0Q9V/rzG4ngdxMUfaEMdgKKb 76r5K20+Grf4yAsBruN+losWhRXKlJ6FVHmZkt+A8BOsDAbzsAB+v9T2M4nQVVWk120c+VZk 72hg3ASpTABZcUgkMxFO/VR/roX0aduoNcrKlDn2SCfItGvn9IBDJyCAWlvVbD09NqbDkkep Pw9CjY3QSmNnsSN5O+mVvBOj+sKeZyD0IM34hmMzBn/JNN/G9XmfP+P4tVVmjAtmspJAPDSI dIDbiZiZwjBZBsJPUoLDJU5n6GjgXyXnz9w8QrJ4/ZopTaNilAguFTuGIO9ltiibMNZhEuH4 EnB+Hz0GEoyP92D0zuVtHmrg4cjmAuiANxCROfhraQCbFu71HVUBBwTXHeCs+inh2myRoNPc Go65X97xUQ13AnxJjXnZDWorXjBshMCVt54F+wh9BrL2qfS+xyeBGUPUnhGctNOnM08SCEu1 1SJt8j0HjEpu7qQIVqC8p+EoDX0PjIaRVLufgcBRAoBptz8+oc6i0uVSs45SPLkyNroBTv33 jaG6jAkgKkehtIK0KP9+k3bhzWrpd7CSQtdChjrY19JJzhRPOaND7FEI3CChRqcBO51lmW8g UU=

Ironport-hdrordr: A9a23:l8P3U64j5jJiDGMW/gPXwNnXdLJyesId70hD6qkRc3Fom6mj/K qTdZsgpHzJYUkqKRMdcLy7VpVoIkmxyXcW2+ks1N6ZNWHbUQCTQ72Kg7GC/9ToIVyaytJg

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 02/05/2023 11:28 am, Roger Pau Monné wrote: > On Tue, May 02, 2023 at 10:54:55AM +0100, Andrew Cooper wrote: >> On 02/05/2023 10:22 am, Roger Pau Monne wrote: >>> Ensure that the base address is 2M aligned, or else the page table >>> entries created would be corrupt as reserved bits on the PDE end up >>> set. >>> >>> We have found a broken firmware where the loader would end up loading >>> Xen at a non 2M aligned region, and that caused a very difficult to >>> debug triple fault. >> It's probably worth saying that in this case, the OEM has fixed their >> firmware. >> >>> If the alignment is not as required by the page tables print an error >>> message and stop the boot. >>> >>> The check could be performed earlier, but so far the alignment is >>> required by the page tables, and hence feels more natural that the >>> check lives near to the piece of code that requires it. >>> >>> Note that when booted as an EFI application from the PE entry point >>> the alignment check is already performed by >>> efi_arch_load_addr_check(), and hence there's no need to add another >>> check at the point where page tables get built in >>> efi_arch_memory_setup(). >>> >>> Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx> >>> --- >>> xen/arch/x86/boot/head.S | 9 +++++++++ >>> 1 file changed, 9 insertions(+) >>> >>> diff --git a/xen/arch/x86/boot/head.S b/xen/arch/x86/boot/head.S >>> index 0fb7dd3029f2..ff73c1d274c4 100644 >>> --- a/xen/arch/x86/boot/head.S >>> +++ b/xen/arch/x86/boot/head.S >>> @@ -121,6 +121,7 @@ multiboot2_header: >>> .Lbad_ldr_nst: .asciz "ERR: EFI SystemTable is not provided by bootloader!" >>> .Lbad_ldr_nih: .asciz "ERR: EFI ImageHandle is not provided by bootloader!" >>> .Lbad_efi_msg: .asciz "ERR: EFI IA-32 platforms are not supported!" >>> +.Lbag_alg_msg: .asciz "ERR: Xen must be loaded at a 2Mb boundary!" >>> >>> .section .init.data, "aw", @progbits >>> .align 4 >>> @@ -146,6 +147,9 @@ bad_cpu: >>> not_multiboot: >>> add $sym_offs(.Lbad_ldr_msg),%esi # Error message >>> jmp .Lget_vtb >>> +not_aligned: >>> + add $sym_offs(.Lbag_alg_msg),%esi # Error message >>> + jmp .Lget_vtb >>> .Lmb2_no_st: >>> /* >>> * Here we are on EFI platform. vga_text_buffer was zapped earlier >>> @@ -670,6 +674,11 @@ trampoline_setup: >>> cmp %edi, %eax >>> jb 1b >>> >>> + /* Check that the image base is aligned. */ >>> + lea sym_esi(_start), %eax >>> + and $(1 << L2_PAGETABLE_SHIFT) - 1, %eax >>> + jnz not_aligned >> You just want to check the value in %esi, which is the base of the Xen >> image. Something like: >> >> mov %esi, %eax >> and ... >> jnz >> >> No need to reference the _start label, or use sym_esi(). > The reason for using sym_esi(_start) is because that's exactly the > address used when building the PDE, so it's clearer to keep those in > sync IMO. Hmm yeah, fair point. Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, preferably with the extra note in the commit message. ~Andrew

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.