[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3 4/4] x86: Split .init section to satisfy UEFI CA memory mitigation

  • To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • From: Frediano Ziglio <freddy77@xxxxxxxxx>
  • Date: Tue, 16 Jun 2026 14:50:15 +0100
  • Arc-authentication-results: i=1; mx.google.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=9Wk1fyCcm/KEhgWxilGQEp6mZ1sQfhLzr8u6Ky01KSA=; fh=oJMX+pG19iTQBQS8RwZ4ninwvsj1Gxox465NplAJP4k=; b=Trma1eSEvWz6zvW1wr0M/4usQefiGRo+CMgn+3QNzX+qWPNJzde2nD3sugggLMleZd 7WalMhfC5zpgR+8j+xN9MC2oaObYpIhceooYF95fhPKaZx3sGpFhynlHk6lJTvFajGNc LB8QuAgaOfuTpDvAZS1WUTww56DsyWgfmsALGbMMbGI8HkcJOicwr/CZ9LP2W7xiJ7CD ubfnU1lok/TwU7dl4SCiS9C9cVI2GC2f1FeJWvPABzrBlryqD3RH0aI2HIUwlmgs2r++ P/C/gi7PkZiMVeiNobdqj0I4fRwU06q6Cw3x0DcsZHWSjx3MdQd7PqrGeSP1TPZrTFCr GxRQ==; darn=lists.xenproject.org
  • Arc-seal: i=1; a=rsa-sha256; t=1781617827; cv=none; d=google.com; s=arc-20240605; b=h1u3VfqLOD8IdUpK0M94EGcn9367CN4ID5pUD2dr8QvH/1Rp5jL0SdiwArA1V+g3Jt hzMkc0fWJBwCtxmTxSpG0RgModMEKg+HHr1OIzCQUz0koO+rGvTsI7S8BlWWHPW4xLqI kGfxnFlJS9HIgYj/kAujjDGexgaUS403J7bOP4z+NMgSsmhJJaC/wy8KyyiEB0IdhcTE zqeGYXz4iJ4+wQZIDUrcsD0jw6RUw6TrbcEgvNTOQj5EtWY9wAXmcNoecybcVMKni8FT lWO/vqIFi7N+IftiiySNdMioEqprQPHObuWnZmCGhZG8pdegrV6YmqK2eKyKk8rr8uj/ P8zg==
  • Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=20251104 header.d=gmail.com header.i="@gmail.com" header.h="Content-Transfer-Encoding:Cc:To:Subject:Message-ID:Date:From:In-Reply-To:References:MIME-Version"
  • Cc: Jan Beulich <jbeulich@xxxxxxxx>, Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx, Frediano Ziglio <frediano.ziglio@xxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Teddy Astie <teddy.astie@xxxxxxxxxx>, Frediano Ziglio <frediano.ziglio@xxxxxxxxxx>
  • Delivery-date: Tue, 16 Jun 2026 13:50:31 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Tue, 16 Jun 2026 at 13:40, Andrew Cooper <andrew.cooper3@xxxxxxxxxx> wrote:
>
> On 16/06/2026 1:30 pm, Jan Beulich wrote:
> > On 16.06.2026 13:29, Andrew Cooper wrote:
> >> On 16/06/2026 12:20 pm, Marek Marczykowski-Górecki wrote:
> >>> On Tue, Jun 16, 2026 at 11:13:36AM +0100, Frediano Ziglio wrote:
> >>>> From: Frediano Ziglio <frediano.ziglio@xxxxxxxxx>
> >>>>
> >>>> Currently .init section is both writeable and executable, split data and 
> >>>> code
> >>>> to have 2 sections satisfying W^X rule.
> >>>>
> >>>> It is a requirement for NX_COMPAT so the PE can be loaded with W^X perms
> >>>> in the pagetables.
> >>>>
> >>>> NX_COMPAT is a requirement from shim-review,
> >>>> https://github.com/rhboot/shim-review#do-you-have-the-nx-bit-set-in-your-shim-if-so-is-your-entire-boot-stack-nx-compatible-and-what-testing-have-you-done-to-ensure-such-compatibility
> >>>>
> >>>> Signed-off-by: Frediano Ziglio <frediano.ziglio@xxxxxxxxxx>
> >>> Acked-by: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>
> >>>
> >>> Is that the last piece necessary to satisfy the NX_COMPAT requirement? If
> >>> so, I suppose a subsequent patch should actually set the
> >>> IMAGE_DLLCHARACTERISTICS_NX_COMPAT bit (IIUC ld --nxcompat option), right?

At the moment we don't have downstream patches changing the nxcompat
specifically. Recent toolchains combinations are setting that flag
automatically.

> >> We need to satisfy everything in
> >> https://github.com/xenserver/xen.pg/blob/XS-9/patches/correct-sections-permissions.patch
> >>
> >> .reloc needs to be non-discardable and writeable.
> > Writable? Why?
>
> Because we take fatal pagefaults against it when it's really read-only.
>
> But as for why, I'll have to defer that to Frediano/Ross who did the
> work originally.
>

Wait, there's a bit of confusion. The .reloc section needs to be
non-discardable but read-only is fine, it's the .rodata section that
has to be writable. The reason is that some variables are "read
mostly" or "writable during init". This is consistent with what the
script is doing.

> >
> >>   This will require a very recent binutils and a patch (series?) from Jan.
> > Seeing that no patch had been submitted so far, I recently added this to my
> > todo list, yes. But really I was hoping that someone else would make the
> > small change that I expect is going to be needed.
>
> If you can explain what change is needed then maybe someone else can do it.
>
> But right now, all I know is it's a new binutils and "something".
>
> ~Andrew

The patch was not submitted as similar patches were rejected as too
"hacky" and instead was suggested to have binutils changes. On the
other hand, former binutils must continue to "work" even if they
create wrong output. So instead of having to wait 5/6 years so that
all Xen supported binutils have the features we need we have that
patch in our series.

Frediano

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.