Re: [PATCH v1 3/3] xen/livepatch/ARM32: Don't crash on livepatches loaded with wrong alignment.

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
To: Julien Grall <julien.grall@arm.com>
Cc: andrew.cooper3@citrix.com, sstabellini@kernel.org,
	xen-devel@lists.xenproject.org, Jan Beulich <jbeulich@suse.com>,
	ross.lagerwall@citrix.com
Subject: Re: [PATCH v1 3/3] xen/livepatch/ARM32: Don't crash on livepatches loaded with wrong alignment.
Date: Mon, 24 Jul 2017 09:14:08 -0400	[thread overview]
Message-ID: <20170724131408.GE17195@char.us.oracle.com> (raw)
In-Reply-To: <3e12fa40-c75e-d8c0-cd6c-0e53a6289950@arm.com>

On Mon, Jul 24, 2017 at 11:34:26AM +0100, Julien Grall wrote:
> Hi,
> 
> On 12/07/17 07:07, Jan Beulich wrote:
> > > > > Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> 07/11/17 10:34 PM >>>
> > > On Tue, Jul 11, 2017 at 02:06:09PM -0600, Jan Beulich wrote:
> > > > > > > Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> 07/11/17 6:53 PM >>>
> > > > > This issue was observed on ARM32 with a cross compiler for the
> > > > > livepatches. Mainly the livepatches .data section size was not
> > > > > aligned to the section alignment:
> > > > > 
> > > > > ARM32 native:
> > > > > Contents of section .rodata:
> > > >  >0000 68695f66 756e6300 63686563 6b5f666e  hi_func.check_fn
> > > >  >0010 63000000 78656e5f 65787472 615f7665  c...xen_extra_ve
> > > >  >0020 7273696f 6e000000                    rsion...
> > > > > 
> > > > > ARM32 cross compiler:
> > > > > Contents of section .rodata:
> > > >  >0000 68695f66 756e6300 63686563 6b5f666e  hi_func.check_fn
> > > >  >0010 63000000 78656e5f 65787472 615f7665  c...xen_extra_ve
> > > >  >0020 7273696f 6e00                        rsion.
> > > > > 
> > > > > And when we loaded it:
> > > > > 
> > > > > native:
> > > > > 
> > > > > (XEN) livepatch.c:413: livepatch: xen_hello_world: Loaded .text at 00a02000
> > > > > (XEN) livepatch.c:413: livepatch: xen_hello_world: Loaded .rodata at 00a04024
> > > > > (XEN) livepatch.c:413: livepatch: xen_hello_world: Loaded .altinstructions at 00a0404c
> > > > > 
> > > > > cross compiler:
> > > > > (XEN) livepatch.c:413: livepatch: xen_hello_world: Loaded .text at 00a02000
> > > > > (XEN) livepatch.c:413: livepatch: xen_hello_world: Loaded .rodata at 00a04024
> > > > > (XEN) livepatch.c:413: livepatch: xen_hello_world: Loaded .altinstructions at 00a0404a
> > > > > 
> > > > > (See 4a vs 4c)
> > > > > 
> > > > > native readelf:
> > > >   >[ 4] .rodata           PROGBITS        00000000 000164 000028 00   A  0   0  4
> > > >   >[ 5] .altinstructions  PROGBITS        00000000 00018c 00000c 00   A  0   0  1
> > > > > 
> > > > > cross compiler readelf --sections:
> > > >   >[ 4] .rodata           PROGBITS        00000000 000164 000026 00   A  0   0  4
> > > >   >[ 5] .altinstructions  PROGBITS        00000000 00018a 00000c 00   A  0   0  1
> > > > > 
> > > > > And as can be seen the .altinstructions have alignment of 1 which from
> > > > > 'man elf' is: "Values of zero and one mean no alignment is required."
> > > > > which means we can ignore it.
> > > > > 
> > > > > However ignoring this will result in a crash as when we started processing
> > > > > ".rel.altinstructions" for ".altinstructions" with a cross-compiled payload
> > > > > we would end up poking in an section that was not aligned properly in memory
> > > > > and crash.
> > > > 
> > > > Which section is it that would not be aligned properly in memory?
> > > 
> > > .altinstructions, thanks to .rodata not being padded properly.
> > > 
> > > > .altinstructions, with an alignment of 1, can be placed anywhere. You
> > > > shouldn't enforce extra alignment. If higher alignment is needed, the
> > > > code producing this section emission needs to be fixed.
> > > 
> > > And there is the path to madness :-) We would need to provide an
> > > linker map to make sure that they are with the correct alignment.
> > 
> > Why? I'd expect it to be the assembler directives creating contributions to
> > that section to simply lack a .align or alike. And indeed, there's nothing
> > like that in ARM's alternative.h. Please see commit 01fe4da624 ("x86: force
> > suitable alignment in sources rather than in linker script") for further
> > context.
> 
> FWIW, I agree with Jan here. .altinstructions section should contain the
> right alignment in the source code.

Sure.

Regardless of that  - should this code which catches errant alignments
of livepatches (say they are generated by other tools) still be in the code base?

It is extra belt and suspenders.

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

next prev parent reply	other threads:[~2017-07-24 13:14 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-07-11 16:53 [PATCH] Livepatch ARM32 fixes thanks to cross-compiler Konrad Rzeszutek Wilk
2017-07-11 16:53 ` [PATCH v1 1/3] xen/livepatch: Tighten alignment checks Konrad Rzeszutek Wilk
2017-07-11 19:54   ` Jan Beulich
2017-07-11 16:53 ` [PATCH v1 2/3] livepatch: Include sizes when an mismatch occurs Konrad Rzeszutek Wilk
2017-07-11 19:59   ` Jan Beulich
2017-07-11 16:53 ` [PATCH v1 3/3] xen/livepatch/ARM32: Don't crash on livepatches loaded with wrong alignment Konrad Rzeszutek Wilk
2017-07-11 20:06   ` Jan Beulich
2017-07-11 20:33     ` Konrad Rzeszutek Wilk
2017-07-12  6:07       ` Jan Beulich
2017-07-24 10:34         ` Julien Grall
2017-07-24 13:14           ` Konrad Rzeszutek Wilk [this message]
2017-07-24 13:17             ` Julien Grall
2017-07-12 20:39     ` Jan Beulich

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170724131408.GE17195@char.us.oracle.com \
    --to=konrad.wilk@oracle.com \
    --cc=andrew.cooper3@citrix.com \
    --cc=jbeulich@suse.com \
    --cc=julien.grall@arm.com \
    --cc=ross.lagerwall@citrix.com \
    --cc=sstabellini@kernel.org \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.