From mboxrd@z Thu Jan  1 00:00:00 1970
From: David Vrabel <david.vrabel@citrix.com>
Subject: Re: [PATCH 4/9] kexec: extend hypercall with improved
 load/unload ops
Date: Mon, 7 Oct 2013 10:23:09 +0100
Message-ID: <52527D7D.2020404@citrix.com>
References: <1379682655-14157-1-git-send-email-david.vrabel@citrix.com>
	<1379682655-14157-5-git-send-email-david.vrabel@citrix.com>
	<20131004212300.GH3626@debian70-amd64.local.net-space.pl>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <20131004212300.GH3626@debian70-amd64.local.net-space.pl>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Daniel Kiper <daniel.kiper@oracle.com>
Cc: kexec@list.infradead.org, Keir Fraser <keir@xen.org>, Jan Beulich <jbeulich@suse.com>, xen-devel@lists.xen.org
List-Id: xen-devel@lists.xenproject.org

On 04/10/13 22:23, Daniel Kiper wrote:
> On Fri, Sep 20, 2013 at 02:10:50PM +0100, David Vrabel wrote:
>> --- /dev/null
>> +++ b/xen/arch/x86/x86_64/kexec_reloc.S
>> @@ -0,0 +1,208 @@
[...]
>> +ENTRY(kexec_reloc)
>> +        /* %rdi - code page maddr */
>> +        /* %rsi - page table maddr */
>> +        /* %rdx - indirection page maddr */
>> +        /* %rcx - entry maddr */
>> +        /* %r8 - flags */
>> +
>> +        movq %rdx, %rbx
> 
> Delete movq %rdx, %rbx

We avoid using %rdx in case we need to re-add the UART debugging.

>> +        /* Need to switch to 32-bit mode? */
>> +        testq $KEXEC_RELOC_FLAG_COMPAT, %r8
>> +        jnz call_32_bit
>> +
>> +call_64_bit:
>> +        /* Call the image entry point.  This should never return. */
> 
> I think that all general purpose registers (including %rsi, %rdi, %rbp
> and %rsp) should be zeroed here. We should leave as little as possible
> info about previous system. Especially in kexec case. Just in case.
> Please look into linux/arch/x86/kernel/relocate_kernel_64.S
> for more details.

Not initializing the registers is a deliberate design decision so exec'd
images cannot mistakenly rely on the register values.

Clearing a handful of words when all of host memory is accessible by the
exec'd image does nothing for security (as you suggest in a later email).

>> +        callq *%rcx
> 
> Maybe we should use retq to jump into image entry point. If not
> I think that we should store image entry point address in %rax
> (just to the order).

With call if an image does try to return it will fault at a well defined
point (the following ud2) making the failure a bit easier to diagnose.
With your suggestion it will fault somewhere random.

Linux uses call.

David