diff mbox series

[v2,2/2] Mini-OS: keep a positive list of externally visible symbols

Message ID 20231123114504.29329-3-jgross@suse.com (mailing list archive)
State Superseded
Headers show
Series Mini-OS: hide mini-os internal symbols | expand

Commit Message

Jürgen Groß Nov. 23, 2023, 11:45 a.m. UTC 
Add a mini-os.map file containing all global symbols that are allowed
to be referenced by an application or library. Hide all other symbols
of Mini-OS from being visible externally.

Signed-off-by: Juergen Gross <jgross@suse.com>
---
V2:
- added more symbols (Samuel Thibault)
- sorted symbols in each section alphabetically
---
 Makefile    |   3 +-
 mini-os.map | 295 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 297 insertions(+), 1 deletion(-)
 create mode 100644 mini-os.map

Comments

Samuel Thibault Nov. 25, 2023, 10:21 p.m. UTC | #1 
Juergen Gross, le jeu. 23 nov. 2023 12:45:04 +0100, a ecrit:
> Add a mini-os.map file containing all global symbols that are allowed
> to be referenced by an application or library. Hide all other symbols
> of Mini-OS from being visible externally.
> 
> Signed-off-by: Juergen Gross <jgross@suse.com>

Reviewed-by: Samuel Thibault <samuel.thibault@ens-lyon.org>

Thanks!

> ---
> V2:
> - added more symbols (Samuel Thibault)
> - sorted symbols in each section alphabetically
> ---
>  Makefile    |   3 +-
>  mini-os.map | 295 ++++++++++++++++++++++++++++++++++++++++++++++++++++
>  2 files changed, 297 insertions(+), 1 deletion(-)
>  create mode 100644 mini-os.map
> 
> diff --git a/Makefile b/Makefile
> index 85c6db75..d4768110 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -164,8 +164,9 @@ endif
>  $(OBJ_DIR)/arch/x86/minios-x86%.lds:  arch/x86/minios-x86.lds.S
>  	$(CPP) $(ASFLAGS) -P $< -o $@
>  
> -$(OBJ_DIR)/$(TARGET)-kern.o: $(OBJS) arch_lib $(OBJ_DIR)/$(TARGET_ARCH_DIR)/minios-$(MINIOS_TARGET_ARCH).lds
> +$(OBJ_DIR)/$(TARGET)-kern.o: $(OBJS) arch_lib $(OBJ_DIR)/$(TARGET_ARCH_DIR)/minios-$(MINIOS_TARGET_ARCH).lds mini-os.map
>  	$(LD) -r $(LDFLAGS) $(HEAD_OBJ) $(OBJS) $(LDARCHLIB) -o $@
> +	$(OBJCOPY) -w -G $(GLOBAL_PREFIX)* --keep-global-symbols=mini-os.map $@ $@
>  
>  $(OBJ_DIR)/$(TARGET): $(OBJ_DIR)/$(TARGET)-kern.o $(APP_O)
>  	$(LD) -r $(LDFLAGS) $(OBJ_DIR)/$(TARGET)-kern.o $(APP_O) $(LDLIBS) -o $@.o
> diff --git a/mini-os.map b/mini-os.map
> new file mode 100644
> index 00000000..58a3a0ee
> --- /dev/null
> +++ b/mini-os.map
> @@ -0,0 +1,295 @@
> +# Mini-OS symbols being externally visible
> +# entry point
> +_start
> +# Mini-OS service functions
> +alloc_fd
> +alloc_file_type
> +alloc_pages
> +bind_pirq
> +bind_virq
> +block
> +clear_evtchn
> +console_print
> +create_thread
> +do_map_frames
> +event_queue
> +evtchn_alloc_unbound
> +evtchn_bind_interdomain
> +evtchn_get_peercontext
> +exit_thread
> +free_pages
> +get_domid
> +get_file_from_fd
> +gntmap_fini
> +gntmap_init
> +gntmap_map_grant_refs
> +gntmap_munmap
> +gntmap_set_max_grants
> +gnttabop_error
> +gnttab_alloc_and_grant
> +gnttab_grant_access
> +gnttab_grant_transfer
> +gnttab_end_transfer
> +gnttab_end_access
> +hypercall_page
> +ioremap
> +ioremap_nocache
> +iounmap
> +map_frames_ex
> +map_frame_rw
> +map_frame_virt
> +mask_evtchn
> +msleep
> +need_pgt
> +printk
> +schedule
> +stop_kernel
> +unbind_evtchn
> +unmap_frames
> +unmask_evtchn
> +wake
> +xencons_ring_avail
> +xprintk
> +__local_irq_restore
> +__local_irq_save
> +# libgcc
> +__divdi3
> +__moddi3
> +__qdivrem
> +__udivdi3
> +__udivmoddi4
> +__umoddi3
> +# libc
> +accept
> +bind
> +cfmakeraw
> +chdir
> +clock_gettime
> +close
> +closedir
> +closelog
> +connect
> +do_exit
> +dup
> +dup2
> +err
> +errx
> +execv
> +fcntl
> +ffs
> +ffsl
> +ffsll
> +fork
> +free
> +fstat64
> +fsync
> +ftruncate
> +getegid
> +geteuid
> +getgid
> +gethostname
> +getpagesize
> +getpeername
> +getpid
> +getsockname
> +getsockopt
> +gettimeofday
> +getuid
> +htonl
> +htons
> +inet_aton
> +inet_ntoa
> +ioctl
> +isatty
> +kill
> +link
> +listen
> +lockf
> +lseek64
> +malloc
> +memcmp
> +memcpy
> +memset
> +mkdir
> +mmap64
> +munmap
> +nanosleep
> +nice
> +ntohl
> +ntohs
> +open64
> +opendir
> +openlog
> +pipe
> +poll
> +posix_openpt
> +read
> +readdir
> +realloc
> +recv
> +recvfrom
> +rmdir
> +sbrk
> +scnprintf
> +select
> +select_read_flag
> +send
> +sendto
> +setsid
> +setsockopt
> +shutdown
> +sigaction
> +sleep
> +snprintf
> +socket
> +sprintf
> +sscanf
> +stat
> +strcat
> +strchr
> +strcmp
> +strcpy
> +strdup
> +strlen
> +strncmp
> +strncpy
> +strnlen
> +strrchr
> +strstr
> +strtoq
> +strtoul
> +strtouq
> +sysconf
> +syslog
> +tcgetattr
> +tcsetattr
> +umask
> +unlink
> +usleep
> +verr
> +verrx
> +vscnprintf
> +vsnprintf
> +vsprintf
> +vsscanf
> +vsyslog
> +vwarn
> +vwarnx
> +waitpid
> +warn
> +warnx
> +write
> +_ctype
> +_exit
> +_fini
> +_init
> +___lock_acquire
> +___lock_acquire_recursive
> +___lock_init_recursive
> +___lock_release
> +___lock_release_recursive
> +# 9pfront driver
> +init_9pfront
> +shutdown_9pfront
> +# blkfront driver
> +blkfront_aio
> +blkfront_aio_poll
> +blkfront_aio_push_operation
> +blkfront_io
> +blkfront_open
> +blkfront_queue
> +blkfront_sync
> +init_blkfront
> +shutdown_blkfront
> +# fbfront driver
> +fbfront_open
> +fbfront_receive
> +fbfront_resize
> +fbfront_update
> +init_fbfront
> +shutdown_fbfront
> +# kbdfront driver
> +init_kbdfront
> +kbdfront_open
> +kbdfront_receive
> +shutdown_kbdfront
> +# netfront driver
> +init_netfront
> +netfront_get_gateway
> +netfront_get_netmask
> +netfront_receive
> +netfront_tap_open
> +netfront_xmit
> +networking_set_addr
> +resume_netfront
> +shutdown_netfront
> +start_networking
> +stop_networking
> +suspend_netfront
> +# pcifront driver
> +init_pcifront
> +pcifront_conf_read
> +pcifront_conf_write
> +pcifront_disable_msi
> +pcifront_disable_msix
> +pcifront_enable_msi
> +pcifront_enable_msix
> +pcifront_op
> +pcifront_scan
> +shutdown_pcifront
> +# tpmback driver
> +init_tpmback
> +shutdown_tpmback
> +tpmback_get_opaque
> +tpmback_get_peercontext
> +tpmback_get_uuid
> +tpmback_num_frontends
> +tpmback_req
> +tpmback_req_any
> +tpmback_resp
> +tpmback_set_opaque
> +tpmback_wait_for_frontend_connect
> +# tpmfront driver
> +init_tpmfront
> +shutdown_tpmfront
> +tpmfront_cmd
> +tpmfront_open
> +tpmfront_set_locality
> +# tpm_tis driver
> +init_tpm_tis
> +init_tpm2_tis
> +tpm_tis_cmd
> +tpm_tis_open
> +tpm_tis_request_locality
> +# xenbus driver
> +xenbus_get_perms
> +xenbus_get_self_id
> +xenbus_ls
> +xenbus_msg_reply
> +xenbus_printf
> +xenbus_read
> +xenbus_read_integer
> +xenbus_read_uuid
> +xenbus_rm
> +xenbus_set_perms
> +xenbus_transaction_end
> +xenbus_switch_state
> +xenbus_transaction_start
> +xenbus_unwatch_path_token
> +xenbus_wait_for_state_change
> +xenbus_wait_for_value
> +xenbus_wait_for_watch
> +xenbus_wait_for_watch_return
> +xenbus_watch_path_token
> +xenbus_write
> +xenstore_buf
> +xs_daemon_open
> +xs_directory
> +xs_fileno
> +xs_get_domain_path
> +xs_read
> +xs_read_watch
> +xs_rm
> +xs_unwatch
> +xs_watch
> +xs_write
> -- 
> 2.35.3
>
Andrew Cooper Nov. 27, 2023, 12:07 p.m. UTC | #2 
On 23/11/2023 11:45 am, Juergen Gross wrote:
> diff --git a/mini-os.map b/mini-os.map
> new file mode 100644
> index 00000000..58a3a0ee
> --- /dev/null
> +++ b/mini-os.map
> @@ -0,0 +1,295 @@
> +# Mini-OS symbols being externally visible

\n

> +# entry point
> +_start

\n

etc.  A few blank lines go a long way in terms of clarity.

~Andrew
Jürgen Groß Nov. 27, 2023, 12:13 p.m. UTC | #3 
On 27.11.23 13:07, Andrew Cooper wrote:
> On 23/11/2023 11:45 am, Juergen Gross wrote:
>> diff --git a/mini-os.map b/mini-os.map
>> new file mode 100644
>> index 00000000..58a3a0ee
>> --- /dev/null
>> +++ b/mini-os.map
>> @@ -0,0 +1,295 @@
>> +# Mini-OS symbols being externally visible
> 
> \n
> 
>> +# entry point
>> +_start
> 
> \n
> 
> etc.  A few blank lines go a long way in terms of clarity.

V3 has gone out today, replacing the global list with EXPORT_SYMBOL()
directives sprinkled over the code.


Juergen
diff mbox series

Patch

diff --git a/Makefile b/Makefile
index 85c6db75..d4768110 100644
--- a/Makefile
+++ b/Makefile
@@ -164,8 +164,9 @@  endif
 $(OBJ_DIR)/arch/x86/minios-x86%.lds:  arch/x86/minios-x86.lds.S
 	$(CPP) $(ASFLAGS) -P $< -o $@
 
-$(OBJ_DIR)/$(TARGET)-kern.o: $(OBJS) arch_lib $(OBJ_DIR)/$(TARGET_ARCH_DIR)/minios-$(MINIOS_TARGET_ARCH).lds
+$(OBJ_DIR)/$(TARGET)-kern.o: $(OBJS) arch_lib $(OBJ_DIR)/$(TARGET_ARCH_DIR)/minios-$(MINIOS_TARGET_ARCH).lds mini-os.map
 	$(LD) -r $(LDFLAGS) $(HEAD_OBJ) $(OBJS) $(LDARCHLIB) -o $@
+	$(OBJCOPY) -w -G $(GLOBAL_PREFIX)* --keep-global-symbols=mini-os.map $@ $@
 
 $(OBJ_DIR)/$(TARGET): $(OBJ_DIR)/$(TARGET)-kern.o $(APP_O)
 	$(LD) -r $(LDFLAGS) $(OBJ_DIR)/$(TARGET)-kern.o $(APP_O) $(LDLIBS) -o $@.o
diff --git a/mini-os.map b/mini-os.map
new file mode 100644
index 00000000..58a3a0ee
--- /dev/null
+++ b/mini-os.map
@@ -0,0 +1,295 @@ 
+# Mini-OS symbols being externally visible
+# entry point
+_start
+# Mini-OS service functions
+alloc_fd
+alloc_file_type
+alloc_pages
+bind_pirq
+bind_virq
+block
+clear_evtchn
+console_print
+create_thread
+do_map_frames
+event_queue
+evtchn_alloc_unbound
+evtchn_bind_interdomain
+evtchn_get_peercontext
+exit_thread
+free_pages
+get_domid
+get_file_from_fd
+gntmap_fini
+gntmap_init
+gntmap_map_grant_refs
+gntmap_munmap
+gntmap_set_max_grants
+gnttabop_error
+gnttab_alloc_and_grant
+gnttab_grant_access
+gnttab_grant_transfer
+gnttab_end_transfer
+gnttab_end_access
+hypercall_page
+ioremap
+ioremap_nocache
+iounmap
+map_frames_ex
+map_frame_rw
+map_frame_virt
+mask_evtchn
+msleep
+need_pgt
+printk
+schedule
+stop_kernel
+unbind_evtchn
+unmap_frames
+unmask_evtchn
+wake
+xencons_ring_avail
+xprintk
+__local_irq_restore
+__local_irq_save
+# libgcc
+__divdi3
+__moddi3
+__qdivrem
+__udivdi3
+__udivmoddi4
+__umoddi3
+# libc
+accept
+bind
+cfmakeraw
+chdir
+clock_gettime
+close
+closedir
+closelog
+connect
+do_exit
+dup
+dup2
+err
+errx
+execv
+fcntl
+ffs
+ffsl
+ffsll
+fork
+free
+fstat64
+fsync
+ftruncate
+getegid
+geteuid
+getgid
+gethostname
+getpagesize
+getpeername
+getpid
+getsockname
+getsockopt
+gettimeofday
+getuid
+htonl
+htons
+inet_aton
+inet_ntoa
+ioctl
+isatty
+kill
+link
+listen
+lockf
+lseek64
+malloc
+memcmp
+memcpy
+memset
+mkdir
+mmap64
+munmap
+nanosleep
+nice
+ntohl
+ntohs
+open64
+opendir
+openlog
+pipe
+poll
+posix_openpt
+read
+readdir
+realloc
+recv
+recvfrom
+rmdir
+sbrk
+scnprintf
+select
+select_read_flag
+send
+sendto
+setsid
+setsockopt
+shutdown
+sigaction
+sleep
+snprintf
+socket
+sprintf
+sscanf
+stat
+strcat
+strchr
+strcmp
+strcpy
+strdup
+strlen
+strncmp
+strncpy
+strnlen
+strrchr
+strstr
+strtoq
+strtoul
+strtouq
+sysconf
+syslog
+tcgetattr
+tcsetattr
+umask
+unlink
+usleep
+verr
+verrx
+vscnprintf
+vsnprintf
+vsprintf
+vsscanf
+vsyslog
+vwarn
+vwarnx
+waitpid
+warn
+warnx
+write
+_ctype
+_exit
+_fini
+_init
+___lock_acquire
+___lock_acquire_recursive
+___lock_init_recursive
+___lock_release
+___lock_release_recursive
+# 9pfront driver
+init_9pfront
+shutdown_9pfront
+# blkfront driver
+blkfront_aio
+blkfront_aio_poll
+blkfront_aio_push_operation
+blkfront_io
+blkfront_open
+blkfront_queue
+blkfront_sync
+init_blkfront
+shutdown_blkfront
+# fbfront driver
+fbfront_open
+fbfront_receive
+fbfront_resize
+fbfront_update
+init_fbfront
+shutdown_fbfront
+# kbdfront driver
+init_kbdfront
+kbdfront_open
+kbdfront_receive
+shutdown_kbdfront
+# netfront driver
+init_netfront
+netfront_get_gateway
+netfront_get_netmask
+netfront_receive
+netfront_tap_open
+netfront_xmit
+networking_set_addr
+resume_netfront
+shutdown_netfront
+start_networking
+stop_networking
+suspend_netfront
+# pcifront driver
+init_pcifront
+pcifront_conf_read
+pcifront_conf_write
+pcifront_disable_msi
+pcifront_disable_msix
+pcifront_enable_msi
+pcifront_enable_msix
+pcifront_op
+pcifront_scan
+shutdown_pcifront
+# tpmback driver
+init_tpmback
+shutdown_tpmback
+tpmback_get_opaque
+tpmback_get_peercontext
+tpmback_get_uuid
+tpmback_num_frontends
+tpmback_req
+tpmback_req_any
+tpmback_resp
+tpmback_set_opaque
+tpmback_wait_for_frontend_connect
+# tpmfront driver
+init_tpmfront
+shutdown_tpmfront
+tpmfront_cmd
+tpmfront_open
+tpmfront_set_locality
+# tpm_tis driver
+init_tpm_tis
+init_tpm2_tis
+tpm_tis_cmd
+tpm_tis_open
+tpm_tis_request_locality
+# xenbus driver
+xenbus_get_perms
+xenbus_get_self_id
+xenbus_ls
+xenbus_msg_reply
+xenbus_printf
+xenbus_read
+xenbus_read_integer
+xenbus_read_uuid
+xenbus_rm
+xenbus_set_perms
+xenbus_transaction_end
+xenbus_switch_state
+xenbus_transaction_start
+xenbus_unwatch_path_token
+xenbus_wait_for_state_change
+xenbus_wait_for_value
+xenbus_wait_for_watch
+xenbus_wait_for_watch_return
+xenbus_watch_path_token
+xenbus_write
+xenstore_buf
+xs_daemon_open
+xs_directory
+xs_fileno
+xs_get_domain_path
+xs_read
+xs_read_watch
+xs_rm
+xs_unwatch
+xs_watch
+xs_write