From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
To: Julien Grall <julien.grall@arm.com>
Cc: sstabellini@kernel.org, ross.lagerwall@citrix.com,
Andrew Cooper <andrew.cooper3@citrix.com>,
Jan Beulich <jbeulich@suse.com>,
xen-devel@lists.xenproject.org
Subject: Re: [PATCH v5 08/16] livepatch/arm/x86: Check payload for for unwelcomed symbols.
Date: Thu, 22 Sep 2016 21:29:05 -0400 [thread overview]
Message-ID: <20160923012905.GA29985@localhost.localdomain> (raw)
In-Reply-To: <e867ee4f-c6b7-d54f-1638-7eae904e7f5c@arm.com>
> > +bool arch_livepatch_symbol_deny(const struct livepatch_elf *elf,
> > + const struct livepatch_elf_sym *sym)
> > +{
> > +#ifdef CONFIG_ARM_32
>
> Out of interest, is there any particular reason to use #ifdef rather than
> adding the function in {arm32/arm64}/livepatch.c?
I updated it be like that:
From 5fc79e4fc3c0770ee4f6e7e0ed666e593deced65 Mon Sep 17 00:00:00 2001
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Date: Tue, 13 Sep 2016 13:15:07 -0400
Subject: [PATCH v6] livepatch/arm/x86: Check payload for for unwelcomed
symbols.
Certain platforms, such as ARM [32|64] add extra mapping symbols
such as $x (for ARM64 instructions), or more interesting to
this patch: $t (for Thumb instructions). These symbols are supposed
to help the final linker to make any adjustments (such as
add an veneer). But more importantly - we do not compile Xen
with any Thumb instructions (which are variable length) - and
if we find these mapping symbols we should disallow such payload.
Reviewed-by: Julien Grall <julien.grall@arm.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
---
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: Ross Lagerwall <ross.lagerwall@citrix.com>
Cc: Stefano Stabellini <sstabellini@kernel.org>
Cc: Julien Grall <julien.grall@arm.com
Cc: Jan Beulich <jbeulich@suse.com>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>
v3: New submission.
Use &sym[i] instead of sym (as that will always be NULL).
v4: Use bool instead of int for return
Update comment in common code about ARM odd symbols.
s/_check/_deny/ to make it more clear.
v5: Also check for $t.* wildcard.
Use Julien's variant where we roll the [2] check in the return.
v6: s/suppose/supposed/ in commit description.
Move arch_livepatch_symbol_deny in arm[32|64]/livepatch.c
Added Julien's Reviewed-by.
---
xen/arch/arm/arm32/livepatch.c | 13 +++++++++++++
xen/arch/arm/arm64/livepatch.c | 7 +++++++
xen/arch/x86/livepatch.c | 7 +++++++
xen/common/livepatch_elf.c | 7 +++++++
xen/include/xen/livepatch.h | 2 ++
5 files changed, 36 insertions(+)
diff --git a/xen/arch/arm/arm32/livepatch.c b/xen/arch/arm/arm32/livepatch.c
index 80f9646..5fc2e63 100644
--- a/xen/arch/arm/arm32/livepatch.c
+++ b/xen/arch/arm/arm32/livepatch.c
@@ -20,6 +20,19 @@ int arch_livepatch_verify_elf(const struct livepatch_elf *elf)
return -EOPNOTSUPP;
}
+bool arch_livepatch_symbol_deny(const struct livepatch_elf *elf,
+ const struct livepatch_elf_sym *sym)
+{
+ /*
+ * Xen does not use Thumb instructions - and we should not see any of
+ * them. If we do, abort.
+ */
+ if ( sym->name && sym->name[0] == '$' && sym->name[1] == 't' )
+ return ( !sym->name[2] || sym->name[2] == '.' );
+
+ return false;
+}
+
int arch_livepatch_perform_rela(struct livepatch_elf *elf,
const struct livepatch_elf_sec *base,
const struct livepatch_elf_sec *rela)
diff --git a/xen/arch/arm/arm64/livepatch.c b/xen/arch/arm/arm64/livepatch.c
index 0fe73d9..0f25e1e 100644
--- a/xen/arch/arm/arm64/livepatch.c
+++ b/xen/arch/arm/arm64/livepatch.c
@@ -95,6 +95,13 @@ int arch_livepatch_verify_elf(const struct livepatch_elf *elf)
return 0;
}
+bool arch_livepatch_symbol_deny(const struct livepatch_elf *elf,
+ const struct livepatch_elf_sym *sym)
+{
+ /* No special checks on ARM 64. */
+ return false;
+}
+
enum aarch64_reloc_op {
RELOC_OP_NONE,
RELOC_OP_ABS,
diff --git a/xen/arch/x86/livepatch.c b/xen/arch/x86/livepatch.c
index 7a369a0..9663ef6 100644
--- a/xen/arch/x86/livepatch.c
+++ b/xen/arch/x86/livepatch.c
@@ -131,6 +131,13 @@ bool arch_livepatch_symbol_ok(const struct livepatch_elf *elf,
return true;
}
+bool arch_livepatch_symbol_deny(const struct livepatch_elf *elf,
+ const struct livepatch_elf_sym *sym)
+{
+ /* No special checks on x86. */
+ return false;
+}
+
int arch_livepatch_perform_rel(struct livepatch_elf *elf,
const struct livepatch_elf_sec *base,
const struct livepatch_elf_sec *rela)
diff --git a/xen/common/livepatch_elf.c b/xen/common/livepatch_elf.c
index dec904a..53b3fba 100644
--- a/xen/common/livepatch_elf.c
+++ b/xen/common/livepatch_elf.c
@@ -251,6 +251,13 @@ static int elf_get_sym(struct livepatch_elf *elf, const void *data)
sym[i].sym = s;
sym[i].name = strtab_sec->data + delta;
+ /* e.g. On ARM we should NEVER see $t* symbols. */
+ if ( arch_livepatch_symbol_deny(elf, &sym[i]) )
+ {
+ dprintk(XENLOG_ERR, LIVEPATCH "%s: Symbol '%s' should not be in payload!\n",
+ elf->name, sym[i].name);
+ return -EINVAL;
+ }
}
elf->nsym = nsym;
diff --git a/xen/include/xen/livepatch.h b/xen/include/xen/livepatch.h
index e8c67d6..98ec012 100644
--- a/xen/include/xen/livepatch.h
+++ b/xen/include/xen/livepatch.h
@@ -50,6 +50,8 @@ bool_t is_patch(const void *addr);
int arch_livepatch_verify_elf(const struct livepatch_elf *elf);
bool arch_livepatch_symbol_ok(const struct livepatch_elf *elf,
const struct livepatch_elf_sym *sym);
+bool arch_livepatch_symbol_deny(const struct livepatch_elf *elf,
+ const struct livepatch_elf_sym *sym);
int arch_livepatch_perform_rel(struct livepatch_elf *elf,
const struct livepatch_elf_sec *base,
const struct livepatch_elf_sec *rela);
--
2.4.11
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
next prev parent reply other threads:[~2016-09-23 1:29 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-09-21 17:32 [PATCH v5] Livepatch for ARM 64 and 32 Konrad Rzeszutek Wilk
2016-09-21 17:32 ` [PATCH v5 01/16] arm64: s/ALTERNATIVE/HAS_ALTERNATIVE/ Konrad Rzeszutek Wilk
2016-09-22 12:21 ` Julien Grall
2016-09-21 17:32 ` [PATCH v5 02/16] arm/x86/common: Add HAS_[ALTERNATIVE|EX_TABLE] Konrad Rzeszutek Wilk
2016-09-22 12:23 ` Julien Grall
2016-09-22 15:30 ` Ross Lagerwall
2016-09-21 17:32 ` [PATCH v5 03/16] livepatch: Reject payloads with .alternative or .ex_table if support is not built-in Konrad Rzeszutek Wilk
2016-09-23 12:47 ` Ross Lagerwall
2016-09-21 17:32 ` [PATCH v5 04/16] arm: poison initmem when it is freed Konrad Rzeszutek Wilk
2016-09-22 12:28 ` Julien Grall
2016-09-21 17:32 ` [PATCH v5 05/16] livepatch: Initial ARM64 support Konrad Rzeszutek Wilk
2016-09-22 12:49 ` Julien Grall
2016-09-23 13:38 ` Ross Lagerwall
2016-09-23 15:44 ` Konrad Rzeszutek Wilk
2016-09-27 16:42 ` Julien Grall
2016-09-21 17:32 ` [PATCH v5 06/16] livepatch: ARM/x86: Check displacement of old_addr and new_addr Konrad Rzeszutek Wilk
2016-09-22 12:55 ` Julien Grall
2016-09-23 14:36 ` Ross Lagerwall
2016-09-23 15:37 ` Konrad Rzeszutek Wilk
2016-09-23 15:59 ` Konrad Rzeszutek Wilk
2016-09-28 10:21 ` Ross Lagerwall
2016-09-21 17:32 ` [PATCH v5 07/16] livepatch: ARM 32|64: Ignore mapping symbols: $[d, a, x] Konrad Rzeszutek Wilk
2016-09-22 12:56 ` Julien Grall
2016-09-23 14:44 ` Ross Lagerwall
2016-09-23 16:13 ` Konrad Rzeszutek Wilk
2016-09-21 17:32 ` [PATCH v5 08/16] livepatch/arm/x86: Check payload for for unwelcomed symbols Konrad Rzeszutek Wilk
2016-09-22 13:00 ` Julien Grall
2016-09-23 1:29 ` Konrad Rzeszutek Wilk [this message]
2016-09-27 8:49 ` Ross Lagerwall
2016-09-23 14:49 ` Ross Lagerwall
2016-09-23 16:15 ` Konrad Rzeszutek Wilk
2016-09-21 17:32 ` [PATCH v5 09/16] livepatch: Move test-cases to their own sub-directory in test Konrad Rzeszutek Wilk
2016-09-22 13:01 ` Julien Grall
2016-09-23 14:51 ` Ross Lagerwall
2016-09-21 17:32 ` [PATCH v5 10/16] livepatch: x86, ARM, alternative: Expose FEATURE_LIVEPATCH Konrad Rzeszutek Wilk
2016-09-22 13:03 ` Julien Grall
2016-09-27 9:49 ` Ross Lagerwall
2016-09-21 17:32 ` [PATCH v5 11/16] livepatch: tests: Make them compile under ARM64 Konrad Rzeszutek Wilk
2016-09-22 13:10 ` Julien Grall
2016-09-22 19:26 ` Konrad Rzeszutek Wilk
2016-09-23 1:33 ` Konrad Rzeszutek Wilk
2016-09-23 9:50 ` Julien Grall
2016-09-27 9:49 ` Ross Lagerwall
2016-09-21 17:32 ` [PATCH v5 12/16] xen/arm32: Add an helper to invalidate all instruction caches Konrad Rzeszutek Wilk
2016-09-22 13:17 ` Julien Grall
2016-09-21 17:32 ` [PATCH v5 13/16] bug/x86/arm: Align bug_frames sections Konrad Rzeszutek Wilk
2016-09-21 17:32 ` [PATCH v5 14/16] livepatch: Initial ARM32 support Konrad Rzeszutek Wilk
2016-09-27 16:39 ` Julien Grall
2016-09-27 17:50 ` Konrad Rzeszutek Wilk
2016-09-27 23:13 ` Julien Grall
2016-09-21 17:32 ` [PATCH v5 15/16] livepatch, arm[32|64]: Share arch_livepatch_revert Konrad Rzeszutek Wilk
2016-09-23 14:59 ` Ross Lagerwall
2016-09-23 16:15 ` Konrad Rzeszutek Wilk
2016-09-21 17:32 ` [PATCH v5 16/16] livepatch: arm[32, 64], x86: NOP test-case Konrad Rzeszutek Wilk
2016-09-22 13:23 ` Julien Grall
2016-09-23 1:35 ` Konrad Rzeszutek Wilk
2016-09-23 9:53 ` Julien Grall
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160923012905.GA29985@localhost.localdomain \
--to=konrad.wilk@oracle.com \
--cc=andrew.cooper3@citrix.com \
--cc=jbeulich@suse.com \
--cc=julien.grall@arm.com \
--cc=ross.lagerwall@citrix.com \
--cc=sstabellini@kernel.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.