From: Jan Beulich <jbeulich@suse.com>
To: Frediano Ziglio <frediano.ziglio@cloud.com>
Cc: "Andrew Cooper" <andrew.cooper3@citrix.com>,
"Roger Pau Monné" <roger.pau@citrix.com>,
xen-devel@lists.xenproject.org
Subject: Re: [PATCH v4 3/3] x86: Align output sections for UEFI CA memory mitigation requirements
Date: Tue, 24 Sep 2024 13:09:20 +0200 [thread overview]
Message-ID: <89208fd4-eef5-4bb3-b9bb-b1ee6cd0dfb0@suse.com> (raw)
In-Reply-To: <CACHz=Zh_Cr_Qfpz4vntBZfZ-HqYGH+DspEAJkVmeBKMNk_z-_g@mail.gmail.com>
On 24.09.2024 12:22, Frediano Ziglio wrote:
> There are indeed some oddities in the final executable(s):
>
> From "objdump -x":
>
> xen/normal/xen.efi: file format pei-x86-64
> xen/normal/xen.efi
> architecture: i386:x86-64, flags 0x0000013b:
> HAS_RELOC, EXEC_P, HAS_DEBUG, HAS_SYMS, HAS_LOCALS, D_PAGED
> start address 0xffff82d04062bfdc
> ...
> The Data Directory
> Entry 0 0000000000000000 00000000 Export Directory [.edata (or where
> ever we found it)]
> Entry 1 0000000000000000 00000000 Import Directory [parts of .idata]
> Entry 2 0000000000000000 00000000 Resource Directory [.rsrc]
> Entry 3 0000000000000000 00000000 Exception Directory [.pdata]
> Entry 4 0000000000000000 00000000 Security Directory
> Entry 5 00000000009489a0 000016c0 Base Relocation Directory [.reloc]
> Entry 6 00000000004871c8 0000001c Debug Directory
> Entry 7 0000000000000000 00000000 Description Directory
> Entry 8 0000000000000000 00000000 Special Directory
> ...
> There is a debug directory in .buildid at 0xffff82d0404871c8
> ...
> Sections:
> Idx Name Size VMA LMA File off Algn
> 0 .text 0018c5f6 ffff82d040200000 ffff82d040200000 00001000 2**4
> CONTENTS, ALLOC, LOAD, CODE
> 1 .rodata 000871c8 ffff82d040400000 ffff82d040400000 0018e000 2**2
> CONTENTS, ALLOC, LOAD, DATA
> 2 .buildid 00000035 ffff82d0404871c8 ffff82d0404871c8 002151e0 2**2
> CONTENTS, ALLOC, LOAD, READONLY, DATA
> 3 .init.text 0004775b ffff82d040600000 ffff82d040600000 00215220 2**2
> CONTENTS, ALLOC, LOAD, READONLY, CODE
> ....
>
> Some notes:
> 1- I don't understand why the debug directory points to .buildid section
> (I suppose that's the reason for the "There is a debug directory..." message);
Like in ELF final executables, in PE ones information like this should
be locatable by means other than looking up sections by name and then
hoping they contain what's expected. Short of program headers and
dynamic tags, this is the scheme people invented to make the build ID
actually locatable. If you look at how this works in our build system,
you'll find that this even requires passing a COFF object to the linker
(i.e. involving a little bit of trickery).
> 2- .buildid follows .rodata (this is expected);
> 3- .buildid is not page aligned but the loader I tried seems to be
> happy with that,
> I think it should be aligned;
Generally it doesn't need to be. If the secure boot stuff requires it
to be, then we need to live with that (and the wasted page). Preferably
it could continue to use (in the common case) a few bytes on the last
.rodata page. Or we could see whether folding .buildid into .rodata
works (I don't recall whether I tried that back at the time).
> 4- .rodata for some reason is not marked as READONLY, even on ELF you
> get the same issue.
I can confirm this oddity, without having an explanation. It must be
one of the inputs; I've checked that prelink.o's .rodata is r/o. So it
can only be some other constituent.
Jan
next prev parent reply other threads:[~2024-09-24 11:09 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-19 8:00 [PATCH v4 0/3] x86: Satisfy requirements for UEFI CA memory mitigation requirements Frediano Ziglio
2024-09-19 8:00 ` [PATCH v4 1/3] x86: Put trampoline in separate .init.trampoline section Frediano Ziglio
2024-09-23 15:17 ` Jan Beulich
2024-09-23 15:31 ` Frediano Ziglio
2024-09-23 15:42 ` Jan Beulich
2024-09-19 8:00 ` [PATCH v4 2/3] x86: Split output sections for UEFI CA memory mitigation requirements Frediano Ziglio
2024-09-23 15:45 ` Jan Beulich
2024-09-19 8:00 ` [PATCH v4 3/3] x86: Align " Frediano Ziglio
2024-09-23 15:54 ` Jan Beulich
2024-09-23 16:06 ` Frediano Ziglio
2024-09-24 8:14 ` Jan Beulich
2024-09-24 10:22 ` Frediano Ziglio
2024-09-24 11:09 ` Jan Beulich [this message]
2024-09-24 12:17 ` Jan Beulich
2024-09-24 12:22 ` Frediano Ziglio
2024-09-24 13:27 ` Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=89208fd4-eef5-4bb3-b9bb-b1ee6cd0dfb0@suse.com \
--to=jbeulich@suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=frediano.ziglio@cloud.com \
--cc=roger.pau@citrix.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.