From: "Roger Pau Monné" <roger.pau@citrix.com>
To: Ian Campbell <ian.campbell@citrix.com>, xen-devel@lists.xenproject.org
Cc: Wei Liu <wei.liu2@citrix.com>,
Andrew Cooper <andrew.cooper3@citrix.com>,
Ian Jackson <ian.jackson@eu.citrix.com>,
Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Subject: Re: [PATCH v8 05/32] libxc: introduce a domain loader for HVM guest firmware
Date: Thu, 8 Oct 2015 12:43:43 +0200 [thread overview]
Message-ID: <561648DF.8020201@citrix.com> (raw)
In-Reply-To: <1444299145.1410.137.camel@citrix.com>
El 08/10/15 a les 12.12, Ian Campbell ha escrit:
> On Wed, 2015-10-07 at 18:55 +0200, Roger Pau Monne wrote:
>> Introduce a very simple (and dummy) domain loader to be used to load the
>> firmware (hvmloader) into HVM guests. Since hmvloader is just a 32bit elf
>> executable the loader is fairly simple.
>>
>> Since the order in which loaders are tested cannot be arranged, prevent the
>> current elfloader from trying to boot a kernel that doesn't contain Xen
>> ELFNOTES.
>
> I think it relies (probably implicitly and probably not very defined) on
> the link order.
>
> It is possible to control this (somewhat) because the __init used on
> register_loader turns into __attribute__((constructor)), which takes an
> (optional) priority. You can also (I think) use __attribute__
> ((init_priority (2000))).
>
> All of which is enormous faff. Having xc_dom_register_loader() take a
> priority, or putting one in struct xc_dom_loader would be less so.
>
> Apart fromall that, I'm happy with the idea that the elfloader shouldn't be
> selected to load things which it cannot work with.
>
> However I'm unsure that the presence or absence of ELF notes is sufficient,
> since there is at least the legacy SHT_NOTE section and then __xen_guest
> section (see the tail of elf_xen_parse) as well.
AFAICT NetBSD still uses the __xen_guest section, and it works fine with
this change:
http://cvsweb.netbsd.org/bsdweb.cgi/~checkout~/src/sys/arch/amd64/amd64/locore.S?rev=1.78&content-type=text/plain&only_with_tag=MAIN
elfloader recognizes the kernel and it's able to load it without issues.
xc_dom_parse_elf_kernel already calls elf_xen_parse later on, while
trying to load the kernel, so the functionality it's exactly the same,
it's just that we now simply refuse to try to load a kernel without
elfnotes with elfloader.
Without this change the elfloader would try to load a kernel without
elfnotes just to fail later while parsing it.
> It may well be that the code you've got actually covers these cases and
> it's just the commentary which doesn't. I think this is probably the case
> (since elf_xen_parse calls elf_xen_note_check after handling all those
> cases).
>
> There is an additional subtlety with ARM not having notes, but I think your
> checks will pass and therefore to the right thing.
>>
>> Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
>> Cc: Ian Jackson <ian.jackson@eu.citrix.com>
>> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
>> Cc: Ian Campbell <ian.campbell@citrix.com>
>> Cc: Wei Liu <wei.liu2@citrix.com>
>> Cc: Andrew Cooper <andrew.cooper3@citrix.com>
>> ---
>> Changes since v7:
>> - Prevent elfloader from loading kernels that don't have Xen elfnotes.
>> Another solution is to force an order in the way loaders are tested,
>> but that's a more complex solution.
>>
>> Changes since v3:
>> - s/__FUNCTION__/__func__/g
>> - Fix style errors in xc_dom_hvmloader.c.
>> - Add Andrew Cooper Reviewed-by.
>> - Add Wei Acked-by.
>> ---
>> tools/libxc/Makefile | 1 +
>> tools/libxc/include/xc_dom.h | 8 ++
>> tools/libxc/xc_dom_elfloader.c | 22 ++-
>> tools/libxc/xc_dom_hvmloader.c | 313
>> +++++++++++++++++++++++++++++++++++++++++
>> xen/include/xen/libelf.h | 1 +
>> 5 files changed, 344 insertions(+), 1 deletion(-)
>> create mode 100644 tools/libxc/xc_dom_hvmloader.c
>>
>> diff --git a/tools/libxc/Makefile b/tools/libxc/Makefile
>> index a0f899b..baaadd6 100644
>> --- a/tools/libxc/Makefile
>> +++ b/tools/libxc/Makefile
>> @@ -84,6 +84,7 @@ GUEST_SRCS-y += xc_dom_core.c
>> xc_dom_boot.c
>> GUEST_SRCS-y += xc_dom_elfloader.c
>> GUEST_SRCS-$(CONFIG_X86) += xc_dom_bzimageloader.c
>> GUEST_SRCS-$(CONFIG_X86) += xc_dom_decompress_lz4.c
>> +GUEST_SRCS-$(CONFIG_X86) += xc_dom_hvmloader.c
>> GUEST_SRCS-$(CONFIG_ARM) += xc_dom_armzimageloader.c
>> GUEST_SRCS-y += xc_dom_binloader.c
>> GUEST_SRCS-y += xc_dom_compat_linux.c
>> diff --git a/tools/libxc/include/xc_dom.h b/tools/libxc/include/xc_dom.h
>> index 30fa8c5..88c5c80 100644
>> --- a/tools/libxc/include/xc_dom.h
>> +++ b/tools/libxc/include/xc_dom.h
>> @@ -14,6 +14,7 @@
>> */
>>
>> #include <xen/libelf/libelf.h>
>> +#include <xenguest.h>
>>
>> #define INVALID_P2M_ENTRY ((xen_pfn_t)-1)
>>
>> @@ -183,6 +184,13 @@ struct xc_dom_image {
>> XC_DOM_PV_CONTAINER,
>> XC_DOM_HVM_CONTAINER,
>> } container_type;
>> +
>> + /* HVM specific fields. */
>> + /* Extra ACPI tables passed to HVMLOADER */
>> + struct xc_hvm_firmware_module acpi_module;
>> +
>> + /* Extra SMBIOS structures passed to HVMLOADER */
>> + struct xc_hvm_firmware_module smbios_module;
>> };
>>
>> /* --- pluggable kernel loader ------------------------------------- */
>> diff --git a/tools/libxc/xc_dom_elfloader.c
>> b/tools/libxc/xc_dom_elfloader.c
>> index 82524c9..36a115e 100644
>> --- a/tools/libxc/xc_dom_elfloader.c
>> +++ b/tools/libxc/xc_dom_elfloader.c
>> @@ -106,7 +106,27 @@ static elf_negerrnoval check_elf_kernel(struct
>> xc_dom_image *dom, bool verbose)
>>
>> static elf_negerrnoval xc_dom_probe_elf_kernel(struct xc_dom_image *dom)
>> {
>> - return check_elf_kernel(dom, 0);
>> + struct elf_binary elf;
>> + int rc;
>> +
>> + rc = check_elf_kernel(dom, 0);
>> + if ( rc != 0 )
>> + return rc;
>> +
>> + rc = elf_init(&elf, dom->kernel_blob, dom->kernel_size);
>> + if ( rc != 0 )
>> + return rc;
>> +
>> + /*
>> + * We need to check that it contains Xen ELFNOTES,
>> + * or else we might be trying to load a plain ELF.
>> + */
>> + elf_parse_binary(&elf);
>> + rc = elf_xen_parse(&elf, &dom->parms);
>> + if ( rc != 0 )
>> + return rc;
>
> Can you confirm that I'm right and there is no need to cleanup of free this
> elf object?
AFAICT yes, there's no function to free an elf object, and I haven't
spotted any memory allocations in the functions called
(elf_init/elf_parse_binary/elf_xen_parse).
> It's a bit of a shame to now have to parse the ELF twice. How abusive would
> to be to declare that when a xc_dom ->probe hook returns success it is
> entitled to rely on the contents of dom->loader_private being preserved
> until ->parse is called. In turn this would imply that the first successful
> probe would be used rather than e.g. probing everything and then picking a
> winner from the successful applicants.
We already do this, we stop testing once a probe returns 0 (see
xc_dom_find_loader), and use that as the loader, so there's no
functional change in this aspect. IMHO, this approach is not very
intrusive, would you like me implement it in a followup patch or rather
do it in the series?
Roger.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
next prev parent reply other threads:[~2015-10-08 10:43 UTC|newest]
Thread overview: 105+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-02 15:48 [PATCH v7 00/32] Introduce HVM without dm and new boot ABI Roger Pau Monne
2015-10-02 15:48 ` [PATCH v7 01/32] xen/vcpu: add missing dummy_vcpu_info to compat VCPUOP_initialise Roger Pau Monne
2015-10-02 18:21 ` Andrew Cooper
2015-10-05 10:05 ` Jan Beulich
2015-10-05 16:18 ` Roger Pau Monné
2015-10-02 15:48 ` [PATCH v7 02/32] libxc: split x86 HVM setup_guest into smaller logical functions Roger Pau Monne
2015-10-02 15:48 ` [PATCH v7 03/32] libxc: unify xc_dom_p2m_{host/guest} Roger Pau Monne
2015-10-02 15:48 ` [PATCH v7 04/32] libxc: introduce the notion of a container type Roger Pau Monne
2015-10-02 15:48 ` [PATCH v7 05/32] libxc: introduce a domain loader for HVM guest firmware Roger Pau Monne
2015-10-07 16:55 ` [PATCH v8 " Roger Pau Monne
2015-10-08 9:22 ` Ian Campbell
2015-10-08 9:26 ` Roger Pau Monné
2015-10-08 10:12 ` Ian Campbell
2015-10-08 10:43 ` Roger Pau Monné [this message]
2015-10-08 11:04 ` Ian Campbell
2015-10-08 11:12 ` Andrew Cooper
2015-10-08 11:13 ` Wei Liu
2015-10-02 15:48 ` [PATCH v7 06/32] libxc: make arch_setup_meminit a xc_dom_arch hook Roger Pau Monne
2015-10-02 15:48 ` [PATCH v7 07/32] libxc: make arch_setup_boot{init/late} xc_dom_arch hooks Roger Pau Monne
2015-10-02 15:48 ` [PATCH v7 08/32] libxc: rework BSP initialization Roger Pau Monne
2015-10-02 15:48 ` [PATCH v7 09/32] libxc: introduce a xc_dom_arch for hvm-3.0-x86_32 guests Roger Pau Monne
2015-10-02 15:48 ` [PATCH v7 10/32] libxl: switch HVM domain building to use xc_dom_* helpers Roger Pau Monne
2015-10-02 15:48 ` [PATCH v7 11/32] libxc: remove dead HVM building code Roger Pau Monne
2015-10-02 15:48 ` [PATCH v7 12/32] xen/x86: add bitmap of enabled emulated devices Roger Pau Monne
2015-10-05 9:34 ` Andrew Cooper
2015-10-05 16:40 ` Roger Pau Monné
2015-10-05 16:43 ` Andrew Cooper
2015-10-06 11:05 ` George Dunlap
2015-10-07 11:55 ` Roger Pau Monné
2015-10-07 12:15 ` Jan Beulich
2015-10-07 13:32 ` George Dunlap
2015-10-07 14:01 ` Andrew Cooper
2015-10-08 9:13 ` Roger Pau Monné
2015-10-08 10:23 ` Jan Beulich
2015-10-08 10:35 ` Roger Pau Monné
2015-10-15 1:48 ` Boris Ostrovsky
2015-10-15 7:34 ` Jan Beulich
2015-10-30 12:00 ` Roger Pau Monné
2015-10-02 15:48 ` [PATCH v7 13/32] xen/vlapic: fixes for HVM code when running without a vlapic Roger Pau Monne
2015-10-02 18:23 ` Andrew Cooper
2015-10-05 10:14 ` Jan Beulich
2015-10-02 20:33 ` Boris Ostrovsky
2015-10-08 10:36 ` Jan Beulich
2015-10-02 15:48 ` [PATCH v7 14/32] xen/x86: allow disabling the emulated local apic Roger Pau Monne
2015-10-05 9:41 ` Andrew Cooper
2015-10-14 14:33 ` Jan Beulich
2015-10-02 15:48 ` [PATCH v7 15/32] xen/x86: allow disabling the emulated HPET Roger Pau Monne
2015-10-02 15:48 ` [PATCH v7 16/32] xen/x86: allow disabling the pmtimer Roger Pau Monne
2015-10-05 9:42 ` Andrew Cooper
2015-10-14 14:37 ` Jan Beulich
2015-10-30 12:50 ` Roger Pau Monné
2015-10-30 13:16 ` Jan Beulich
2015-10-30 15:36 ` Andrew Cooper
2015-11-03 7:21 ` Jan Beulich
2015-11-03 10:57 ` Andrew Cooper
2015-11-03 12:41 ` Jan Beulich
2015-11-04 16:05 ` Roger Pau Monné
2015-11-04 16:17 ` Jan Beulich
2015-11-05 14:13 ` Andrew Cooper
2015-11-05 14:12 ` Andrew Cooper
2015-10-02 15:48 ` [PATCH v7 17/32] xen/x86: allow disabling the emulated RTC Roger Pau Monne
2015-10-02 15:48 ` [PATCH v7 18/32] xen/x86: allow disabling the emulated IO APIC Roger Pau Monne
2015-10-02 15:48 ` [PATCH v7 19/32] xen/x86: allow disabling the emulated PIC Roger Pau Monne
2015-10-02 15:48 ` [PATCH v7 20/32] xen/x86: set the vPMU interface based on the presence of a lapic Roger Pau Monne
2015-10-14 14:41 ` Jan Beulich
2015-10-14 14:59 ` Boris Ostrovsky
2015-10-14 15:06 ` Roger Pau Monné
2015-10-14 15:10 ` Boris Ostrovsky
2015-10-02 15:48 ` [PATCH v7 21/32] xen/x86: allow disabling the emulated VGA Roger Pau Monne
2015-10-02 15:48 ` [PATCH v7 22/32] xen/x86: allow disabling the emulated IOMMU Roger Pau Monne
2015-10-02 15:48 ` [PATCH v7 23/32] xen/x86: make sure the HVM callback vector is correctly set Roger Pau Monne
2015-10-02 18:37 ` Andrew Cooper
2015-10-05 16:44 ` Roger Pau Monné
2015-10-14 15:54 ` Jan Beulich
2015-10-14 16:01 ` Andrew Cooper
2015-10-15 11:30 ` Paul Durrant
2015-10-30 15:34 ` Roger Pau Monné
2015-10-30 15:38 ` Andrew Cooper
2015-10-02 15:48 ` [PATCH v7 24/32] xen/x86: allow disabling all emulated devices inside of Xen Roger Pau Monne
2015-10-19 14:23 ` Jan Beulich
2015-10-30 16:20 ` Roger Pau Monné
2015-10-30 16:27 ` Jan Beulich
2015-10-02 15:48 ` [PATCH v7 25/32] elfnotes: intorduce a new PHYS_ENTRY elfnote Roger Pau Monne
2015-10-02 15:48 ` [PATCH v7 26/32] libxc: allow creating domains without emulated devices Roger Pau Monne
2015-10-02 15:48 ` [PATCH v7 27/32] xen/x86: allow HVM guests to use hypercalls to bring up vCPUs Roger Pau Monne
2015-10-05 10:28 ` Andrew Cooper
2015-10-08 13:35 ` Roger Pau Monné
2015-10-08 15:21 ` Jan Beulich
2015-10-08 15:33 ` Andrew Cooper
2015-10-19 15:48 ` Jan Beulich
2015-11-05 12:06 ` Roger Pau Monné
2015-10-02 15:48 ` [PATCH v7 28/32] xenconsole: try to attach to PV console if HVM fails Roger Pau Monne
2015-10-02 15:49 ` [PATCH v7 29/32] libxc/xen: introduce a start info structure for HVMlite guests Roger Pau Monne
2015-10-05 10:36 ` Andrew Cooper
2015-10-05 16:47 ` Roger Pau Monné
2015-10-06 9:26 ` Wei Liu
2015-10-02 15:49 ` [PATCH v7 30/32] libxc: switch xc_dom_elfloader to be used with HVMlite domains Roger Pau Monne
2015-10-02 15:49 ` [PATCH v7 31/32] libxl: allow the creation of HVM domains without a device model Roger Pau Monne
2015-10-08 14:36 ` Ian Campbell
2015-10-08 16:27 ` Roger Pau Monné
2015-10-08 16:39 ` Ian Campbell
2015-10-02 15:49 ` [PATCH v7 32/32] libxl: add support for migrating HVM guests " Roger Pau Monne
2015-10-02 18:56 ` Andrew Cooper
2015-10-08 16:10 ` Roger Pau Monné
2015-10-08 11:46 ` [PATCH v7 00/32] Introduce HVM without dm and new boot ABI Ian Campbell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=561648DF.8020201@citrix.com \
--to=roger.pau@citrix.com \
--cc=andrew.cooper3@citrix.com \
--cc=ian.campbell@citrix.com \
--cc=ian.jackson@eu.citrix.com \
--cc=stefano.stabellini@eu.citrix.com \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).