[v2,1/4] x86/trampoline: Check the size permanent trampoline at link time

Commit Message

Andrew Cooper Nov. 14, 2024, 9:08 a.m. UTC

This is a little safer than leaving it to hope.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
CC: Jan Beulich <JBeulich@suse.com>
CC: Roger Pau Monné <roger.pau@citrix.com>
CC: Daniel P. Smith <dpsmith@apertussolutions.com>
CC: Frediano Ziglio <frediano.ziglio@cloud.com>
CC: Alejandro Vallejo <alejandro.vallejo@cloud.com>

v2:
 * New.
---
 xen/arch/x86/boot/trampoline.S | 2 ++
 xen/arch/x86/xen.lds.S         | 7 +++++++
 2 files changed, 9 insertions(+)

Comments

Jan Beulich Nov. 14, 2024, 10:07 a.m. UTC | #1

On 14.11.2024 10:08, Andrew Cooper wrote:
> This is a little safer than leaving it to hope.
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Reviewed-by: Jan Beulich <jbeulich@suse.com>

Patch

diff --git a/xen/arch/x86/boot/trampoline.S b/xen/arch/x86/boot/trampoline.S
index b8ab0ffdcbb0..55e4a3e402f7 100644
--- a/xen/arch/x86/boot/trampoline.S
+++ b/xen/arch/x86/boot/trampoline.S
@@ -161,6 +161,8 @@  GLOBAL(trampoline_cpu_started)
         .equ    wakeup_stack, trampoline_start + PAGE_SIZE
         .global wakeup_stack
 
+LABEL(trampoline_perm_end, 0)
+
 /* From here on early boot only. */
 
         .code32
diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S
index 35693f6e3380..221fc2ef3f35 100644
--- a/xen/arch/x86/xen.lds.S
+++ b/xen/arch/x86/xen.lds.S
@@ -410,6 +410,13 @@  ASSERT(!SIZEOF(.plt),      ".plt non-empty")
 ASSERT(!SIZEOF(.rela),     "leftover relocations")
 #endif
 
+/*
+ * The permanent trampoline resides in a single 4k page.  Placement logic
+ * takes care to ensure that trampoline_phys is page aligned.
+ */
+ASSERT((trampoline_perm_end - trampoline_start) <= PAGE_SIZE,
+       "Permentant trampoline too large")
+
 ASSERT((trampoline_end - trampoline_start) < TRAMPOLINE_SPACE - MBI_SPACE_MIN,
     "not enough room for trampoline and mbi data")
 ASSERT((wakeup_stack - wakeup_stack_start) >= WAKEUP_STACK_MIN,