[v2,10/11] x86/efi: do not merge all .init sections

Message ID	20250401130840.72119-11-roger.pau@citrix.com (mailing list archive)
State	New
Headers	show Return-Path: <xen-devel-bounces@lists.xenproject.org> Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org> From: Roger Pau Monne <roger.pau@citrix.com> To: xen-devel@lists.xenproject.org Cc: Roger Pau Monne <roger.pau@citrix.com>, Jan Beulich <jbeulich@suse.com>, Andrew Cooper <andrew.cooper3@citrix.com> Subject: [PATCH v2 10/11] x86/efi: do not merge all .init sections Date: Tue, 1 Apr 2025 15:08:39 +0200 Message-ID: <20250401130840.72119-11-roger.pau@citrix.com> In-Reply-To: <20250401130840.72119-1-roger.pau@citrix.com> References: <20250401130840.72119-1-roger.pau@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit
Series	x86/EFI: prevent write-execute sections \| expand [v2,00/11] x86/EFI: prevent write-execute sections [v2,01/11] automation/dockers: add to README how to rebuild all containers [v2,02/11] x86/mkreloc: fix obtaining PE image base address [v2,03/11] x86/mkreloc: use the string table to get names [v2,04/11] x86/mkreloc: print the linear address of relocations to read-only sections [v2,05/11] xen: remove -N from the linker command line [v2,06/11] x86/efi: discard .text.header for PE binary [v2,07/11] x86/efi: discard multiboot related entry code for PE binary [v2,08/11] x86/boot: place trampoline code in a non-execute section [v2,09/11] x86/efi: avoid a relocation in efi_arch_post_exit_boot() [v2,10/11] x86/efi: do not merge all .init sections [v2,11/11] automation/x86: add a xen.efi test with a strict NX OVMF build

Message ID

20250401130840.72119-11-roger.pau@citrix.com (mailing list archive)

State

New

Headers

Errors-To: xen-devel-bounces@lists.xenproject.org
Precedence: list
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
From: Roger Pau Monne <roger.pau@citrix.com>
To: xen-devel@lists.xenproject.org
Cc: Roger Pau Monne <roger.pau@citrix.com>,
	Jan Beulich <jbeulich@suse.com>,
	Andrew Cooper <andrew.cooper3@citrix.com>
Subject: [PATCH v2 10/11] x86/efi: do not merge all .init sections
Date: Tue,  1 Apr 2025 15:08:39 +0200
Message-ID: <20250401130840.72119-11-roger.pau@citrix.com>
In-Reply-To: <20250401130840.72119-1-roger.pau@citrix.com>
References: <20250401130840.72119-1-roger.pau@citrix.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Series

x86/EFI: prevent write-execute sections | expand

Commit Message

Roger Pau Monne April 1, 2025, 1:08 p.m. UTC

As a result of having no relocations against text sections, there's no need
for a single .init section that's read-write-execute, as .init.text is no
longer modified.

Remove the bodge and fallback to the layout used by ELF images with an
.init.text and .init.data section.

The resulting PE sections are:

Sections:
Idx Name          Size      VMA               LMA               File off  Algn
  0 .text         00193f6b  ffff82d040200000  ffff82d040200000  00000480  2**4
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
  1 .rodata       0008a010  ffff82d040400000  ffff82d040400000  00194400  2**2
                  CONTENTS, ALLOC, LOAD, DATA
  2 .buildid      00000035  ffff82d04048a010  ffff82d04048a010  0021e420  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  3 .init.text    00049e70  ffff82d040600000  ffff82d040600000  0021e460  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
  4 .init.data    000560a8  ffff82d040800000  ffff82d040800000  002682e0  2**2
                  CONTENTS, ALLOC, LOAD, DATA
[...]

Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
---
Changes since v1:
 - Align .init.text.
 - Clarify commit message.
---
 xen/arch/x86/xen.lds.S | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

Comments

Jan Beulich April 2, 2025, 10:28 a.m. UTC | #1

On 01.04.2025 15:08, Roger Pau Monne wrote:
> @@ -218,12 +214,15 @@ SECTIONS
>          */
>         *(.altinstr_replacement)
>  
> -#ifdef EFI /* EFI wants to merge all of .init.*  ELF doesn't. */
> -       . = ALIGN(SMP_CACHE_BYTES);
> -#else
>    } PHDR(text)
> -  DECL_SECTION(.init.data) {
> +#ifdef EFI
> +  /*
> +   * Align to prevent the data section from re-using the tail of an RX mapping
> +   * from the previous text section.
> +   */
> +  . = ALIGN(SECTION_ALIGN);

Does this need to be SECTION_ALIGN, growing image size by perhaps more than
1Mb (at least that's what I expect as an effect)? Wouldn't PAGE_SIZE suffice
for our purposes?

Jan

>  #endif
> +  DECL_SECTION(.init.data) {
>         *(.init.bss.stack_aligned)
>  
>         . = ALIGN(POINTER_ALIGN);

diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S
index 1191bf4e2ddd..852aa135a76c 100644
--- a/xen/arch/x86/xen.lds.S
+++ b/xen/arch/x86/xen.lds.S
@@ -201,11 +201,7 @@  SECTIONS
   __2M_init_start = .;         /* Start of 2M superpages, mapped RWX (boot only). */
   . = ALIGN(PAGE_SIZE);             /* Init code and data */
   __init_begin = .;
-#ifdef EFI /* EFI wants to merge all of .init.*  ELF doesn't. */
-  DECL_SECTION(.init) {
-#else
   DECL_SECTION(.init.text) {
-#endif
        _sinittext = .;
        *(.init.text)
        *(.text.startup)
@@ -218,12 +214,15 @@  SECTIONS
         */
        *(.altinstr_replacement)
 
-#ifdef EFI /* EFI wants to merge all of .init.*  ELF doesn't. */
-       . = ALIGN(SMP_CACHE_BYTES);
-#else
   } PHDR(text)
-  DECL_SECTION(.init.data) {
+#ifdef EFI
+  /*
+   * Align to prevent the data section from re-using the tail of an RX mapping
+   * from the previous text section.
+   */
+  . = ALIGN(SECTION_ALIGN);
 #endif
+  DECL_SECTION(.init.data) {
        *(.init.bss.stack_aligned)
 
        . = ALIGN(POINTER_ALIGN);

[v2,10/11] x86/efi: do not merge all .init sections

Commit Message

Comments

Patch