From patchwork Thu Aug 25 13:37:35 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Konrad Rzeszutek Wilk X-Patchwork-Id: 9299357 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 6C45460459 for ; Thu, 25 Aug 2016 13:40:17 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5DE2D29332 for ; Thu, 25 Aug 2016 13:40:17 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 529E72933B; Thu, 25 Aug 2016 13:40:17 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 3DD1129332 for ; Thu, 25 Aug 2016 13:40:15 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bcurH-0001Fe-1O; Thu, 25 Aug 2016 13:38:15 +0000 Received: from mail6.bemta6.messagelabs.com ([193.109.254.103]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bcurF-0001Ap-L9 for xen-devel@lists.xenproject.org; Thu, 25 Aug 2016 13:38:13 +0000 Received: from [193.109.254.147] by server-4.bemta-6.messagelabs.com id FC/13-29421-4C4FEB75; Thu, 25 Aug 2016 13:38:12 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrAIsWRWlGSWpSXmKPExsUyZ7p8oO6RL/v CDZ4fFrb4vmUykwOjx+EPV1gCGKNYM/OS8isSWDPuti9jLZiWXTHtTjtzA+Nkvy5GLg4hgclM Ejd/3mCDcH4zShzePYUdwtnIKPGgfwmUM41R4t/lO6xdjBwcbAImEm9WOYLERQT6gDqObmLuY uTkYBYwkpjc+I4FpEZYwFji37pckDCLgKrEgsa37CA2r4C7xNt/e5lASiQE5CWe3a4HCXMChX 83bGYDsYUE3CS+X+pggSgXlDg58wnYRGYBdYn184QgFslLNG+dDbZUAmhR+9uLbBMYBWch6Zi F0DELSccCRuZVjOrFqUVlqUW6hnpJRZnpGSW5iZk5uoYGZnq5qcXFiempOYlJxXrJ+bmbGIEh ywAEOxh3Pnc6xCjJwaQkyqu9Yl+4EF9SfkplRmJxRnxRaU5q8SFGGQ4OJQneKZ+BcoJFqempF WmZOcDogUlLcPAoifC+AknzFhck5hZnpkOkTjEqSonzVoEkBEASGaV5cG2wiL3EKCslzMsIdI gQT0FqUW5mCar8K0ZxDkYlYd59IFN4MvNK4Ka/AlrMBLS45f5ukMUliQgpqQbG6BwlEbcnL/O 1Rd3zVl85t8hk7QkTc57iiDmRF9oec8996zrHV3LDswA52T35bo8simet7HbkL5SRWb5wqaHL T27dKDcX42LzXzbe01NaXpz0atnOvX1re+OU9HC35bNF/1rl3vJnODH32LrlF9/Idlq9/l6wU 6TVprLg9tq/7zd6mfEvWlekxFKckWioxVxUnAgArmCAc9MCAAA= X-Env-Sender: konrad.wilk@oracle.com X-Msg-Ref: server-6.tower-27.messagelabs.com!1472132290!55912514!1 X-Originating-IP: [156.151.31.81] X-SpamReason: No, hits=0.0 required=7.0 tests=sa_preprocessor: VHJ1c3RlZCBJUDogMTU2LjE1MS4zMS44MSA9PiAyODgzMzk=\n X-StarScan-Received: X-StarScan-Version: 8.84; banners=-,-,- X-VirusChecked: Checked Received: (qmail 45646 invoked from network); 25 Aug 2016 13:38:11 -0000 Received: from userp1040.oracle.com (HELO userp1040.oracle.com) (156.151.31.81) by server-6.tower-27.messagelabs.com with DHE-RSA-AES256-GCM-SHA384 encrypted SMTP; 25 Aug 2016 13:38:11 -0000 Received: from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234]) by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id u7PDc2JZ030909 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 25 Aug 2016 13:38:03 GMT Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75]) by aserv0022.oracle.com (8.14.4/8.14.4) with ESMTP id u7PDc2He009982 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 25 Aug 2016 13:38:02 GMT Received: from abhmp0017.oracle.com (abhmp0017.oracle.com [141.146.116.23]) by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id u7PDc1il017681; Thu, 25 Aug 2016 13:38:01 GMT Received: from localhost.event.rightround.com (/75.98.193.200) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Thu, 25 Aug 2016 06:38:00 -0700 From: Konrad Rzeszutek Wilk To: xen-devel@lists.xenproject.org, konrad@kernel.org, ross.lagerwall@citrix.com, sstabellini@kernel.org, julien.grall@arm.com Date: Thu, 25 Aug 2016 09:37:35 -0400 Message-Id: <1472132255-23470-21-git-send-email-konrad.wilk@oracle.com> X-Mailer: git-send-email 2.4.11 In-Reply-To: <1472132255-23470-1-git-send-email-konrad.wilk@oracle.com> References: <1472132255-23470-1-git-send-email-konrad.wilk@oracle.com> MIME-Version: 1.0 X-Source-IP: aserv0022.oracle.com [141.146.126.234] Cc: Konrad Rzeszutek Wilk Subject: [Xen-devel] [PATCH v2 20/20] livepatch: ARM32 support. X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP The patch piggybacks on: livepatch: Initial ARM64 support, which brings up all of the neccessary livepatch infrastructure pieces in. This patch adds three major pieces: 1) ELF relocations. ARM32 uses SHT_REL instead of SHT_RELA which means the adddendum had to be extracted from within the instruction. Which required parsing BL/BLX, B/BL, MOVT, and MOVW instructions. The code was written from scratch using the ARM ELF manual (and the ARM Architecture Reference Manual) 2) Inserting an trampoline. We use the B (branch to address) which uses an offset that is based on the PC value: PC + imm32. Because we insert the branch at the start of the old function we have to account for the instruction already being fetched and subtract -4 from the delta (new_addr - old_addr). 3) Allows the test-cases to be built under ARM 32. The "livepatch: tests: Make them compile under ARM64" put in the right infrastructure for it and we piggyback on it. Signed-off-by: Konrad Rzeszutek Wilk --- Cc: Julien Grall Cc: Stefano Stabellini v2: First submission. --- xen/arch/arm/arm32/livepatch.c | 252 ++++++++++++++++++++++++++++++++++++++++- xen/arch/arm/arm64/livepatch.c | 7 ++ xen/arch/arm/livepatch.c | 7 -- xen/common/Kconfig | 2 +- xen/include/xen/elfstructs.h | 24 +++- xen/test/Makefile | 2 - xen/test/livepatch/Makefile | 3 + 7 files changed, 284 insertions(+), 13 deletions(-) diff --git a/xen/arch/arm/arm32/livepatch.c b/xen/arch/arm/arm32/livepatch.c index c33b68d..63e450b 100644 --- a/xen/arch/arm/arm32/livepatch.c +++ b/xen/arch/arm/arm32/livepatch.c @@ -3,28 +3,276 @@ */ #include +#include #include #include #include +#include +#include + void arch_livepatch_apply_jmp(struct livepatch_func *func) { + uint32_t insn; + uint32_t *old_ptr; + uint32_t *new_ptr; + + BUILD_BUG_ON(PATCH_INSN_SIZE > sizeof(func->opaque)); + BUILD_BUG_ON(PATCH_INSN_SIZE != sizeof(insn)); + + ASSERT(vmap_of_xen_text); + + /* Save old one. */ + old_ptr = func->old_addr; + memcpy(func->opaque, old_ptr, PATCH_INSN_SIZE); + + if ( func->new_addr ) + { + s32 delta; + + /* + * The -4 is to account for the b instruction placed at + * the start of the func->old_addr. + */ + delta = (s32)(func->new_addr - func->old_addr - 4); + /* CPU shifts by two (left) when decoding, so we shift right by two. */ + delta = delta >> 2; + /* No thumb code and lets not modify the cond. */ + delta &= 0x00FFFFFE; + + insn = 0xea000000 | (uint32_t)delta; + } + else + insn = 0xe1a00000; /* mov r0, r0 */ + + new_ptr = func->old_addr - (void *)_start + vmap_of_xen_text; + + /* PATCH! */ + *(new_ptr) = insn; + + clean_and_invalidate_dcache_va_range(func->old_addr, sizeof(*new_ptr)); } void arch_livepatch_revert_jmp(const struct livepatch_func *func) { + uint32_t *new_ptr; + uint32_t insn; + + memcpy(&insn, func->opaque, PATCH_INSN_SIZE); + + new_ptr = func->old_addr - (void *)_start + vmap_of_xen_text; + + /* PATCH! */ + *(new_ptr) = insn; + + clean_and_invalidate_dcache_va_range(func->old_addr, sizeof(*new_ptr)); } int arch_livepatch_verify_elf(const struct livepatch_elf *elf) { - return -EOPNOTSUPP; + const Elf_Ehdr *hdr = elf->hdr; + + if ( hdr->e_machine != EM_ARM || + hdr->e_ident[EI_CLASS] != ELFCLASS32 ) + { + dprintk(XENLOG_ERR, LIVEPATCH "%s: Unsupported ELF Machine type!\n", + elf->name); + return -EOPNOTSUPP; + } + + if ( (hdr->e_flags & EF_ARM_EABI_MASK) != EF_ARM_EABI_VER5 ) + { + dprintk(XENLOG_ERR, LIVEPATCH "%s: Unsupported ELF EABI(%x)!\n", + elf->name, hdr->e_flags); + return -EOPNOTSUPP; + } + + return 0; +} + +static s32 get_addend(unsigned char type, void *dest) +{ + s32 addend = 0; + + switch ( type ) { + case R_ARM_NONE: + /* ignore */ + break; + + case R_ARM_ABS32: + addend = *(u32 *)dest; + break; + + case R_ARM_REL32: + addend = *(u32 *)dest; + break; + + case R_ARM_MOVW_ABS_NC: + case R_ARM_MOVT_ABS: + addend = (*(u32 *)dest & 0x00000FFF); + addend |= (*(u32 *)dest & 0x000F0000) >> 4; + /* Addend is to sign-extend ([19:16],[11:0]). */ + addend = (s16)addend; + break; + + case R_ARM_CALL: + case R_ARM_JUMP24: + /* Addend = sign_extend (insn[23:0]) << 2 */ + addend = ((*(u32 *)dest & 0xFFFFFF) ^ 0x800000) - 0x800000; + addend = addend << 2; + break; + } + + return addend; +} + +static int perform_rel(unsigned char type, void *dest, uint32_t val, s32 addend) +{ + + switch ( type ) { + case R_ARM_NONE: + /* ignore */ + break; + + case R_ARM_ABS32: /* (S + A) | T */ + *(u32 *)dest = (val + addend); + break; + + case R_ARM_REL32: /* ((S + A) | T) – P */ + *(u32 *)dest = (val + addend) - (uint32_t)dest; + break; + + case R_ARM_MOVW_ABS_NC: /* S + A */ + case R_ARM_MOVT_ABS: /* S + A */ + /* Clear addend if needed . */ + if ( addend ) + *(u32 *)dest &= 0xFFF0F000; + + if ( type == R_ARM_MOVT_ABS ) + { + /* + * Almost the same as MOVW except it uses the 16 bit + * high value. Putting it in insn requires shifting right by + * 16-bit (as we only have 16-bit for imm. + */ + val &= 0xFFFF0000; /* ResultMask */ + val = val >> 16; + } + else + { + /* MOVW loads 16 bits into the bottom half of a register. */ + val &= 0xFFFF; + } + /* [11:0] = Result_Mask(X) & 0xFFF,[19:16] = Result_Mask(X) >> 12 */ + *(u32 *)dest |= val & 0xFFF; + *(u32 *)dest |= (val >> 12) << 16; + break; + + case R_ARM_CALL: + case R_ARM_JUMP24: /* (S + A) - P */ + /* Clear the old addend. */ + if ( addend ) + *(u32 *)dest &= 0xFF000000; + + val += addend - (uint32_t)dest; + +#define NEGATIVE_32M ((s32)(-MB(32) - 1)) + if ( (s32)val < NEGATIVE_32M || (s32)val > (s32)MB(32) ) + return -EOVERFLOW; + + /* CPU always shifts insn by two, so complement it. */ + val = val >> 2; + val &= 0x00FFFFFE; + *(u32 *)dest |= (uint32_t)val; + break; + + default: + return -EOPNOTSUPP; + } + + return 0; +} + +int arch_livepatch_perform(struct livepatch_elf *elf, + const struct livepatch_elf_sec *base, + const struct livepatch_elf_sec *rela, + bool use_rela) +{ + const Elf_RelA *r_a; + const Elf_Rel *r; + unsigned int symndx, i; + uint32_t val; + void *dest; + int rc = 0; + + for ( i = 0; i < (rela->sec->sh_size / rela->sec->sh_entsize); i++ ) + { + unsigned char type; + s32 addend = 0; + + if ( use_rela ) + { + r_a = rela->data + i * rela->sec->sh_entsize; + symndx = ELF32_R_SYM(r_a->r_info); + type = ELF32_R_TYPE(r_a->r_info); + dest = base->load_addr + r_a->r_offset; /* P */ + addend = r_a->r_addend; + } + else + { + r = rela->data + i * rela->sec->sh_entsize; + symndx = ELF32_R_SYM(r->r_info); + type = ELF32_R_TYPE(r->r_info); + dest = base->load_addr + r->r_offset; /* P */ + } + + if ( symndx > elf->nsym ) + { + dprintk(XENLOG_ERR, LIVEPATCH "%s: Relative symbol wants symbol@%u which is past end!\n", + elf->name, symndx); + return -EINVAL; + } + + if ( !use_rela ) + addend = get_addend(type, dest); + + val = elf->sym[symndx].sym->st_value; /* S */ + + rc = perform_rel(type, dest, val, addend); + switch ( rc ) { + case -EOVERFLOW: + dprintk(XENLOG_ERR, LIVEPATCH "%s: Overflow in relocation %u in %s for %s!\n", + elf->name, i, rela->name, base->name); + break; + + case -EOPNOTSUPP: + dprintk(XENLOG_ERR, LIVEPATCH "%s: Unhandled relocation #%x\n", + elf->name, type); + break; + + default: + break; + } + + if ( rc ) + break; + } + + return rc; +} + +int arch_livepatch_perform_rel(struct livepatch_elf *elf, + const struct livepatch_elf_sec *base, + const struct livepatch_elf_sec *rela) +{ + return arch_livepatch_perform(elf, base, rela, false); } int arch_livepatch_perform_rela(struct livepatch_elf *elf, const struct livepatch_elf_sec *base, const struct livepatch_elf_sec *rela) { - return -ENOSYS; + return arch_livepatch_perform(elf, base, rela, true); } /* diff --git a/xen/arch/arm/arm64/livepatch.c b/xen/arch/arm/arm64/livepatch.c index 0809a42..660fdf9 100644 --- a/xen/arch/arm/arm64/livepatch.c +++ b/xen/arch/arm/arm64/livepatch.c @@ -172,6 +172,13 @@ static int reloc_insn_imm(enum aarch64_reloc_op op, void *dest, u64 val, return 0; } +int arch_livepatch_perform_rel(struct livepatch_elf *elf, + const struct livepatch_elf_sec *base, + const struct livepatch_elf_sec *rela) +{ + return -ENOSYS; +} + int arch_livepatch_perform_rela(struct livepatch_elf *elf, const struct livepatch_elf_sec *base, const struct livepatch_elf_sec *rela) diff --git a/xen/arch/arm/livepatch.c b/xen/arch/arm/livepatch.c index cdb8d65..00fe41f 100644 --- a/xen/arch/arm/livepatch.c +++ b/xen/arch/arm/livepatch.c @@ -117,13 +117,6 @@ int arch_is_payload_symbol(const struct livepatch_elf *elf, return 1; } -int arch_livepatch_perform_rel(struct livepatch_elf *elf, - const struct livepatch_elf_sec *base, - const struct livepatch_elf_sec *rela) -{ - return -ENOSYS; -} - int arch_livepatch_secure(const void *va, unsigned int pages, enum va_type type) { unsigned long start = (unsigned long)va; diff --git a/xen/common/Kconfig b/xen/common/Kconfig index 03e4b50..b1361d7 100644 --- a/xen/common/Kconfig +++ b/xen/common/Kconfig @@ -225,7 +225,7 @@ config CRYPTO config LIVEPATCH bool "Live patching support (TECH PREVIEW)" default n - depends on !ARM_32 && HAS_BUILD_ID = "y" + depends on HAS_BUILD_ID = "y" ---help--- Allows a running Xen hypervisor to be dynamically patched using binary patches without rebooting. This is primarily used to binarily diff --git a/xen/include/xen/elfstructs.h b/xen/include/xen/elfstructs.h index 3746268..43cec03 100644 --- a/xen/include/xen/elfstructs.h +++ b/xen/include/xen/elfstructs.h @@ -103,6 +103,15 @@ typedef uint64_t Elf64_Xword; (ehdr).e_ident[EI_MAG2] == ELFMAG2 && \ (ehdr).e_ident[EI_MAG3] == ELFMAG3) +/* e_flags */ +#define EF_ARM_EABI_MASK 0xff000000 +#define EF_ARM_EABI_UNKNOWN 0x00000000 +#define EF_ARM_EABI_VER1 0x01000000 +#define EF_ARM_EABI_VER2 0x02000000 +#define EF_ARM_EABI_VER3 0x03000000 +#define EF_ARM_EABI_VER4 0x04000000 +#define EF_ARM_EABI_VER5 0x05000000 + /* ELF Header */ typedef struct elfhdr { unsigned char e_ident[EI_NIDENT]; /* ELF Identification */ @@ -364,9 +373,22 @@ typedef struct { #define R_X86_64_PLT32 4 /* 32 bit PLT address */ /* + * ARM32 relocation types. See + * http://infocenter.arm.com/help/topic/com.arm.doc.ihi0044f/IHI0044F_aaelf.pdf * S - address of symbol. - * A - addend for relocation (r_addend) + * A - addend for relocation (r_addend or need to extract from insn) * P - address of the dest being relocated (derieved from r_offset) + */ +#define R_ARM_NONE 0 +#define R_ARM_ABS32 2 /* Direct 32-bit. S+A */ +#define R_ARM_REL32 3 /* PC relative. S+A */ +#define R_ARM_CALL 28 /* SignExtend([23:0]) << 2. S+A-P */ +#define R_ARM_JUMP24 29 /* Same as R_ARM_CALL */ +#define R_ARM_MOVW_ABS_NC 43 /* SignExtend([19:16],[11:0])&0xFFFF, S+A */ +#define R_ARM_MOVT_ABS 44 /* SignExtend([19:16],[11:0))&0xFFFF0000 */ + /* >> 16, S+A. */ + +/* * NC - No check for overflow. * * The defines also use _PREL for PC-relative address, and _NC is No Check. diff --git a/xen/test/Makefile b/xen/test/Makefile index 95c1755..d91b319 100644 --- a/xen/test/Makefile +++ b/xen/test/Makefile @@ -1,8 +1,6 @@ .PHONY: tests tests: -ifneq $(XEN_TARGET_ARCH),arm32) $(MAKE) -f $(BASEDIR)/Rules.mk -C livepatch livepatch -endif .PHONY: clean clean:: diff --git a/xen/test/livepatch/Makefile b/xen/test/livepatch/Makefile index ce09e1d..bfd63c2 100644 --- a/xen/test/livepatch/Makefile +++ b/xen/test/livepatch/Makefile @@ -6,6 +6,9 @@ endif ifeq ($(XEN_TARGET_ARCH),arm64) OBJCOPY_MAGIC := -I binary -O elf64-littleaarch64 -B aarch64 endif +ifeq ($(XEN_TARGET_ARCH),arm32) +OBJCOPY_MAGIC := -I binary -O elf32-littlearm -B arm +endif CODE_ADDR=$(shell nm --defined $(1) | grep $(2) | awk '{print "0x"$$1}') CODE_SZ=$(shell nm --defined -S $(1) | grep $(2) | awk '{ print "0x"$$2}')