[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 4/5] x86/xen: Avoid relocatable quantities in Xen ELF notes

To: Ard Biesheuvel <ardb+git@xxxxxxxxxx>, <linux-kernel@xxxxxxxxxxxxxxx>
From: Jason Andryuk <jason.andryuk@xxxxxxx>
Date: Wed, 2 Oct 2024 17:25:19 -0400
Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=google.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=5QerY6aZNBZaxaESyMpRmZVmsTez1kpiiUfAtqGL5JY=; b=C9rdLLbK57U0r/xMadnTjT+0KVmMo6onRb8jLq19MGMTOlmm58Y/qzHckjEPKIbKoruZ2En7pUxhr3O/hRA9nU/+jX7fOgT0dyN7FhE7cdXD6zGHNGBiUAIsLJOLAFFvpFGOlpWRqcZLdg9ZI/m1zF1bXNNV4fvrpGXLlI/t/taPk8u5PU0lE/R/g3C0bd0oFpVQBYTJato7834Zn+Mg/W4+EymG8NIDxGETJF7ihAvABhRrF8Qdcn0MkixZmTeYnflBa+TaELJZH6kFijHiXjUJRuy6Q12XvbV3CQ7A9N6j9NOrZA+lnF/GkMu7PlIawHZ0ntS/kDzQiocQSZE8BA==
Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=SCRvoQAodFAdKCy8xWEwOOlgxwUX3aO/Cqq68XSVLUGkZ8ZNct0DhDfCtZt0QPaX7F8cN5bnQLg/6U7CTVS9NTbSq1oegI4SYM9qloo6/pyFZcNv1j/YtgxNRCZeM+e3eYxyKnYrLb1nYDxKqTNRCOUqpPvaaKg5MvQ5QyshM5OPuol8V7QmNPOMup/kawApZdU58oyJjAoj/MZpr9Fk++sqesWDKHN3O7iZctLLX0nMZztsITqcDZ8u7ikNlNvrM8nUHEHBRTzWCOGj1aV7euHmxtAE8DHtRRz+sUHe44o05MCv1Z87cl7f5b4u/e2eCMb2MmJb3naRFozC+ZKmqA==
Cc: Ard Biesheuvel <ardb@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, "Boris Ostrovsky" <boris.ostrovsky@xxxxxxxxxx>, <x86@xxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>
Delivery-date: Wed, 02 Oct 2024 21:25:40 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 2024-09-30 03:15, Ard Biesheuvel wrote:

From: Ard Biesheuvel <ardb@xxxxxxxxxx>

Xen puts virtual and physical addresses into ELF notes that are treated
by the linker as relocatable by default. Doing so is not only pointless,
given that the ELF notes are only intended for consumption by Xen before
the kernel boots. It is also a KASLR leak, given that the kernel's ELF
notes are exposed via the world readable /sys/kernel/notes.

So emit these constants in a way that prevents the linker from marking
them as relocatable. This involves place-relative relocations (which
subtract their own virtual address from the symbol value) and linker
provided absolute symbols that add the address of the place to the
desired value.

Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx>


Tested-by: Jason Andryuk <jason.andryuk@xxxxxxx>

The generated values look ok.

---
  arch/x86/kernel/vmlinux.lds.S | 13 +++++++++++++
  arch/x86/platform/pvh/head.S  |  6 +++---
  arch/x86/tools/relocs.c       |  1 +
  arch/x86/xen/xen-head.S       |  6 ++++--
  4 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index 6726be89b7a6..2b7c8c14c6fd 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -527,3 +527,16 @@ INIT_PER_CPU(irq_stack_backing_store);
  #endif

#endif /* CONFIG_X86_64 */

+
+#ifdef CONFIG_XEN
+#ifdef CONFIG_XEN_PV
+xen_elfnote_entry_offset =
+       ABSOLUTE(xen_elfnote_entry) + ABSOLUTE(startup_xen);
+#endif
+xen_elfnote_hypercall_page_offset =
+       ABSOLUTE(xen_elfnote_hypercall_page) + ABSOLUTE(hypercall_page);
+#endif
+#ifdef CONFIG_PVH
+xen_elfnote_phys32_entry_offset =
+       ABSOLUTE(xen_elfnote_phys32_entry) + ABSOLUTE(pvh_start_xen - 
LOAD_OFFSET);
+#endif


It seems to me, these aren't really offsets, but instead an address + value.

diff --git a/arch/x86/platform/pvh/head.S b/arch/x86/platform/pvh/head.S
index 7ca51a4da217..2b0d887e0872 100644
--- a/arch/x86/platform/pvh/head.S
+++ b/arch/x86/platform/pvh/head.S

@@ -300,5 +300,5 @@ SYM_DATA_END(pvh_level2_kernel_pgt)
                     .long KERNEL_IMAGE_SIZE - 1)
  #endif

- ELFNOTE(Xen, XEN_ELFNOTE_PHYS32_ENTRY,

-                    _ASM_PTR (pvh_start_xen - __START_KERNEL_map))
+       ELFNOTE(Xen, XEN_ELFNOTE_PHYS32_ENTRY, .global xen_elfnote_phys32_entry;
+               xen_elfnote_phys32_entry: _ASM_PTR 
xen_elfnote_phys32_entry_offset - .)

So here you have `address + value - address` to put the desired value inthe elf note?


Regards,
Jason

Follow-Ups:
- Re: [PATCH v2 4/5] x86/xen: Avoid relocatable quantities in Xen ELF notes
  - From: Ard Biesheuvel

Prev by Date: Re: [PATCH 2/2] automation: add a smoke test for xen.efi on X86
Next by Date: [qemu-mainline test] 187938: regressions - FAIL
Previous by thread: [PATCH] x86/boot: Convert remaining uses of the legacy ALIGN
Next by thread: Re: [PATCH v2 4/5] x86/xen: Avoid relocatable quantities in Xen ELF notes
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.