From: David Vrabel <david.vrabel@citrix.com>
To: Daniel Kiper <daniel.kiper@oracle.com>
Cc: kexec@list.infradead.org, Keir Fraser <keir@xen.org>,
Jan Beulich <jbeulich@suse.com>,
xen-devel@lists.xen.org
Subject: Re: [PATCH 4/9] kexec: extend hypercall with improved load/unload ops
Date: Mon, 7 Oct 2013 10:23:09 +0100 [thread overview]
Message-ID: <52527D7D.2020404@citrix.com> (raw)
In-Reply-To: <20131004212300.GH3626@debian70-amd64.local.net-space.pl>
On 04/10/13 22:23, Daniel Kiper wrote:
> On Fri, Sep 20, 2013 at 02:10:50PM +0100, David Vrabel wrote:
>> --- /dev/null
>> +++ b/xen/arch/x86/x86_64/kexec_reloc.S
>> @@ -0,0 +1,208 @@
[...]
>> +ENTRY(kexec_reloc)
>> + /* %rdi - code page maddr */
>> + /* %rsi - page table maddr */
>> + /* %rdx - indirection page maddr */
>> + /* %rcx - entry maddr */
>> + /* %r8 - flags */
>> +
>> + movq %rdx, %rbx
>
> Delete movq %rdx, %rbx
We avoid using %rdx in case we need to re-add the UART debugging.
>> + /* Need to switch to 32-bit mode? */
>> + testq $KEXEC_RELOC_FLAG_COMPAT, %r8
>> + jnz call_32_bit
>> +
>> +call_64_bit:
>> + /* Call the image entry point. This should never return. */
>
> I think that all general purpose registers (including %rsi, %rdi, %rbp
> and %rsp) should be zeroed here. We should leave as little as possible
> info about previous system. Especially in kexec case. Just in case.
> Please look into linux/arch/x86/kernel/relocate_kernel_64.S
> for more details.
Not initializing the registers is a deliberate design decision so exec'd
images cannot mistakenly rely on the register values.
Clearing a handful of words when all of host memory is accessible by the
exec'd image does nothing for security (as you suggest in a later email).
>> + callq *%rcx
>
> Maybe we should use retq to jump into image entry point. If not
> I think that we should store image entry point address in %rax
> (just to the order).
With call if an image does try to return it will fault at a well defined
point (the following ud2) making the failure a bit easier to diagnose.
With your suggestion it will fault somewhere random.
Linux uses call.
David
next prev parent reply other threads:[~2013-10-07 9:23 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-20 13:10 [PATCHv8 0/9] Xen: extend kexec hypercall for use with pv-ops kernels David Vrabel
2013-09-20 13:10 ` [PATCH 1/9] x86: give FIX_EFI_MPF its own fixmap entry David Vrabel
2013-09-20 13:10 ` [PATCH 2/9] kexec: add public interface for improved load/unload sub-ops David Vrabel
2013-09-24 15:23 ` Jan Beulich
2013-09-20 13:10 ` [PATCH 3/9] kexec: add infrastructure for handling kexec images David Vrabel
2013-09-20 13:10 ` [PATCH 4/9] kexec: extend hypercall with improved load/unload ops David Vrabel
2013-10-04 21:23 ` Daniel Kiper
2013-10-06 18:16 ` Andrew Cooper
2013-10-07 7:47 ` Daniel Kiper
2013-10-07 9:23 ` David Vrabel [this message]
2013-10-07 10:39 ` Daniel Kiper
2013-10-07 10:55 ` David Vrabel
2013-10-07 14:49 ` Daniel Kiper
2013-10-07 17:44 ` David Vrabel
2013-10-07 20:21 ` Daniel Kiper
2013-09-20 13:10 ` [PATCH 5/9] xen: kexec crash image when dom0 crashes David Vrabel
2013-09-20 13:10 ` [PATCH 6/9] libxc: add hypercall buffer arrays David Vrabel
2013-09-20 13:10 ` [PATCH 7/9] libxc: add API for kexec hypercall David Vrabel
2013-09-20 13:10 ` [PATCH 8/9] x86: check kexec relocation code fits in a page David Vrabel
2013-09-20 13:10 ` [PATCH 9/9] MAINTAINERS: Add KEXEC maintainer David Vrabel
2013-09-22 20:20 ` [PATCHv8 0/9] Xen: extend kexec hypercall for use with pv-ops kernels Daniel Kiper
2013-10-04 11:50 ` David Vrabel
2013-09-22 20:27 ` Daniel Kiper
2013-10-04 21:40 ` Daniel Kiper
[not found] <1383749386-11891-1-git-send-email-david.vrabel@citrix.com>
2013-11-06 14:49 ` [PATCH 4/9] kexec: extend hypercall with improved load/unload ops David Vrabel
2013-11-07 20:56 ` Don Slutz
-- strict thread matches above, loose matches on Subject: below --
2013-10-08 16:55 [PATCHv9 0/9] Xen: extend kexec hypercall for use with pv-ops kernels David Vrabel
2013-10-08 16:55 ` [PATCH 4/9] kexec: extend hypercall with improved load/unload ops David Vrabel
2013-11-05 22:43 ` Don Slutz
[not found] <1379015347-21653-1-git-send-email-david.vrabel@citrix.com>
2013-09-12 19:49 ` David Vrabel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52527D7D.2020404@citrix.com \
--to=david.vrabel@citrix.com \
--cc=daniel.kiper@oracle.com \
--cc=jbeulich@suse.com \
--cc=keir@xen.org \
--cc=kexec@list.infradead.org \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).