| Message ID | 20250401130840.72119-8-roger.pau@citrix.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | x86/EFI: prevent write-execute sections | expand |
On 01.04.2025 15:08, Roger Pau Monne wrote: > --- a/xen/arch/x86/xen.lds.S > +++ b/xen/arch/x86/xen.lds.S > @@ -63,6 +63,7 @@ SECTIONS > . = __image_base__; > /DISCARD/ : { > *(.text.header) > + *(.init.multiboot) > } > #endif > > @@ -208,6 +209,7 @@ SECTIONS > _sinittext = .; > *(.init.text) > *(.text.startup) > + *(.init.multiboot) > _einittext = .; Better keep stuff that was early in .init.text early, by putting .init.multiboot first here? Then in principle: Reviewed-by: Jan Beulich <jbeulich@suse.com> However, there are then-orphan contributions to .init.rodata (maybe also to .init.data), which is at least a little odd. If they're to stay that way at least for the moment, maybe at least mention the aspect as known in the commit message? Jan
diff --git a/xen/arch/x86/boot/head.S b/xen/arch/x86/boot/head.S index 81473578fe84..774894954e44 100644 --- a/xen/arch/x86/boot/head.S +++ b/xen/arch/x86/boot/head.S @@ -151,7 +151,7 @@ vga_text_buffer: efi_platform: .byte 0 - .section .init.text, "ax", @progbits + .section .init.multiboot, "ax", @progbits early_error: /* Here to improve the disassembly. */ @@ -709,6 +709,7 @@ trampoline_setup: /* Jump into the relocated trampoline. */ lret + .section .init.text, "ax", @progbits ENTRY(trampoline_start) #include "trampoline.S" ENTRY(trampoline_end) diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index ad908539f38a..1191bf4e2ddd 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -63,6 +63,7 @@ SECTIONS . = __image_base__; /DISCARD/ : { *(.text.header) + *(.init.multiboot) } #endif @@ -208,6 +209,7 @@ SECTIONS _sinittext = .; *(.init.text) *(.text.startup) + *(.init.multiboot) _einittext = .; /* * Here are the replacement instructions. The linker sticks them
The multiboot and PVH entry points are not used in the PE binary, hence discard them in the linker script when doing a PE build. That removes some relocations that otherwise appear due to the entry point code in head.S not being position independent. No functional change intended. Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> --- We could also place the entry points in it's own isolated section and skip such section for relocations generation in mkreloc, but it seems best to just remove the code if it's unused. --- xen/arch/x86/boot/head.S | 3 ++- xen/arch/x86/xen.lds.S | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-)