Xen project Mailing List

Re: [PATCH v2 1/5] x86/livepatch: set function alignment to ensure minimal function size

To: Roger Pau Monné <roger.pau@xxxxxxxxxx>

Date: Fri, 1 Dec 2023 13:59:57 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=lrn6E0UtMKUsPSSAmahxhWgTogq/IBlkzFwsmU2oYeA=; b=E7L1HN236fAL4xQnMByZTfaxtTC8rVEoyrEEYtvt+4gXWbByA2yXmnEfX+F1tgG55VW5MUc/XR4hZDOmU4Dg1nXUZYCbaC1h9Gotg4rgDqi5g+EP1tD5HW54Q2wVWM2l6jhVcZ1W+2Emq423AxMTi+t9zG6NS+IfZqJy/6m7XK7bCqyyg9aPwzF462bBrvpKOyUBpWORIauFlblGdH1pKm2fhjzuM/dZBZAiGKhPCgy5aFsQc14eo/LQcv7GrDJ9FgIv12KphzQRwCu4vMri1qJeeDXu5vyAz74OXvhnSuAcByDEpWsmwhP4mGPSi6LV3EdUY27Tgj4vx1Nzj3kDIA==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gyKlqa7/x33u3vvON54ts0F+DQi+rH3+SkslL0n3MJDHwZRb5IZfPRBjiq6pY3oUbth84VbSMFrY2Oiw1iwPjijaqDrbhJIKj51Ah5C8OKDNaSYaiJU/2rkKNf7Jq0zB0rF2SNgS7q8k9+1Um9LxdwA/s4Kfiviuj6GedJ3/wY3wiUEJjj5pcsegOFZnHL6slP7b/EeSIxMouFQJIHmh0f17sW1XZug9JK4/X3PNeBbOmKHLKdhVm+C3iY36M85Wgx2ouS7b7tYEw6sQ8WrP3249Y5tzATy12F6R0NHwvVK+KlNHhK9dLN1awt9eTk+P467tKWllC/W38Cg/f+HAIw==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Autocrypt: addr=jbeulich@xxxxxxxx; keydata= xsDiBFk3nEQRBADAEaSw6zC/EJkiwGPXbWtPxl2xCdSoeepS07jW8UgcHNurfHvUzogEq5xk hu507c3BarVjyWCJOylMNR98Yd8VqD9UfmX0Hb8/BrA+Hl6/DB/eqGptrf4BSRwcZQM32aZK 7Pj2XbGWIUrZrd70x1eAP9QE3P79Y2oLrsCgbZJfEwCgvz9JjGmQqQkRiTVzlZVCJYcyGGsD /0tbFCzD2h20ahe8rC1gbb3K3qk+LpBtvjBu1RY9drYk0NymiGbJWZgab6t1jM7sk2vuf0Py O9Hf9XBmK0uE9IgMaiCpc32XV9oASz6UJebwkX+zF2jG5I1BfnO9g7KlotcA/v5ClMjgo6Gl MDY4HxoSRu3i1cqqSDtVlt+AOVBJBACrZcnHAUSuCXBPy0jOlBhxPqRWv6ND4c9PH1xjQ3NP nxJuMBS8rnNg22uyfAgmBKNLpLgAGVRMZGaGoJObGf72s6TeIqKJo/LtggAS9qAUiuKVnygo 3wjfkS9A3DRO+SpU7JqWdsveeIQyeyEJ/8PTowmSQLakF+3fote9ybzd880fSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPsJgBBMRAgAgBQJZN5xEAhsDBgsJCAcDAgQVAggDBBYC AwECHgECF4AACgkQoDSui/t3IH4J+wCfQ5jHdEjCRHj23O/5ttg9r9OIruwAn3103WUITZee e7Sbg12UgcQ5lv7SzsFNBFk3nEQQCACCuTjCjFOUdi5Nm244F+78kLghRcin/awv+IrTcIWF hUpSs1Y91iQQ7KItirz5uwCPlwejSJDQJLIS+QtJHaXDXeV6NI0Uef1hP20+y8qydDiVkv6l IreXjTb7DvksRgJNvCkWtYnlS3mYvQ9NzS9PhyALWbXnH6sIJd2O9lKS1Mrfq+y0IXCP10eS FFGg+Av3IQeFatkJAyju0PPthyTqxSI4lZYuJVPknzgaeuJv/2NccrPvmeDg6Coe7ZIeQ8Yj t0ARxu2xytAkkLCel1Lz1WLmwLstV30g80nkgZf/wr+/BXJW/oIvRlonUkxv+IbBM3dX2OV8 AmRv1ySWPTP7AAMFB/9PQK/VtlNUJvg8GXj9ootzrteGfVZVVT4XBJkfwBcpC/XcPzldjv+3 HYudvpdNK3lLujXeA5fLOH+Z/G9WBc5pFVSMocI71I8bT8lIAzreg0WvkWg5V2WZsUMlnDL9 mpwIGFhlbM3gfDMs7MPMu8YQRFVdUvtSpaAs8OFfGQ0ia3LGZcjA6Ik2+xcqscEJzNH+qh8V m5jjp28yZgaqTaRbg3M/+MTbMpicpZuqF4rnB0AQD12/3BNWDR6bmh+EkYSMcEIpQmBM51qM EKYTQGybRCjpnKHGOxG0rfFY1085mBDZCH5Kx0cl0HVJuQKC+dV2ZY5AqjcKwAxpE75MLFkr wkkEGBECAAkFAlk3nEQCGwwACgkQoDSui/t3IH7nnwCfcJWUDUFKdCsBH/E5d+0ZnMQi+G0A nAuWpQkjM1ASeQwSHEeAWPgskBQL

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx

Delivery-date: Fri, 01 Dec 2023 13:00:25 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 01.12.2023 12:31, Roger Pau Monné wrote: > On Fri, Dec 01, 2023 at 11:59:09AM +0100, Jan Beulich wrote: >> On 01.12.2023 11:21, Roger Pau Monné wrote: >>> On Fri, Dec 01, 2023 at 10:41:45AM +0100, Jan Beulich wrote: >>>> On 01.12.2023 09:50, Roger Pau Monné wrote: >>>>> On Fri, Dec 01, 2023 at 07:53:29AM +0100, Jan Beulich wrote: >>>>>> On 30.11.2023 18:37, Roger Pau Monné wrote: >>>>>>> On Thu, Nov 30, 2023 at 05:55:07PM +0100, Jan Beulich wrote: >>>>>>>> On 28.11.2023 11:03, Roger Pau Monne wrote: >>>>>>>>> The minimal function size requirements for livepatch are either 5 >>>>>>>>> bytes (for >>>>>>>>> jmp) or 9 bytes (for endbr + jmp). Ensure that functions are always >>>>>>>>> at least >>>>>>>>> that size by requesting the compiled to align the functions to 8 or >>>>>>>>> 16 bytes, >>>>>>>>> depending on whether Xen is build with IBT support. >>>>>>>> >>>>>>>> How is alignment going to enforce minimum function size? If a function >>>>>>>> is >>>>>>>> last in a section, there may not be any padding added (ahead of >>>>>>>> linking at >>>>>>>> least). The trailing padding also isn't part of the function. >>>>>>> >>>>>>> If each function lives in it's own section (by using >>>>>>> -ffunction-sections), and each section is aligned, then I think we can >>>>>>> guarantee that there will always be enough padding space? >>>>>>> >>>>>>> Even the last function/section on the .text block would still be >>>>>>> aligned, and as long as the function alignment <= SECTION_ALIGN >>>>>>> there will be enough padding left. I should add some build time >>>>>>> assert that CONFIG_CC_FUNCTION_ALIGNMENT <= SECTION_ALIGN. >>>>>> >>>>>> I'm not sure of there being a requirement for a section to be padded to >>>>>> its alignment. If the following section has smaller alignment, it could >>>>>> be made start earlier. Of course our linker scripts might guarantee >>>>>> this ... >>>>> >>>>> I do think so, given our linker script arrangements for the .text >>>>> section: >>>>> >>>>> DECL_SECTION(.text) { >>>>> [...] >>>>> } PHDR(text) = 0x9090 >>>>> >>>>> . = ALIGN(SECTION_ALIGN); >>>>> >>>>> The end of the text section is aligned to SECTION_ALIGN, so as long as >>>>> SECTION_ALIGN >= CONFIG_CC_FUNCTION_ALIGNMENT the alignment should >>>>> guarantee a minimal function size. >>>>> >>>>> Do you think it would be clearer if I add the following paragraph: >>>>> >>>>> "Given the Xen linker script arrangement of the .text section, we can >>>>> ensure that when all functions are aligned to the given boundary the >>>>> function size will always be a multiple of such alignment, even for >>>>> the last function in .text, as the linker script aligns the end of the >>>>> section to SECTION_ALIGN." >>>> >>>> I think this would be useful to have there. Beyond that, assembly code >>>> also needs considering btw. >>> >>> Assembly will get dealt with once we start to also have separate >>> sections for each assembly function. We cannot patch assembly code at >>> the moment anyway, due to lack of debug symbols. >> >> Well, yes, that's one part of it. The other is that some .text coming >> from an assembly source may follow one coming from some C source, and >> if the assembly one then isn't properly aligned, padding space again >> wouldn't necessarily be large enough. This may be alright now (where >> .text is the only thing that can come from .S and would be linked >> ahead of all .text.*, being the only thing that can come from .c), > > What about adding: > > #ifdef CONFIG_CC_SPLIT_SECTIONS > *(.text.*) > #endif > #ifdef CONFIG_CC_FUNCTION_ALIGNMENT > /* Ensure enough padding regardless of next section alignment. */ > . = ALIGN(CONFIG_CC_FUNCTION_ALIGNMENT) > #endif > > In order to assert that the end of .text.* is also aligned? Probably. >> but >> it might subtly when assembly code is also switched to per-function >> sections (you may recall that a patch to this effect is already >> pending: "common: honor CONFIG_CC_SPLIT_SECTIONS also for assembly >> functions"). > > Yes, I think such patch should also honor the required alignment > specified in CONFIG_CC_FUNCTION_ALIGNMENT. I've added a note for myself to that patch, to adjust once yours has landed (which given the state of my series is likely going to be much earlier). Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.