| Message ID | 20231101153551.11733-3-jgross@suse.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | Mini-OS: hide mini-os internal symbols | expand |
Hello, Juergen Gross, le mer. 01 nov. 2023 16:35:51 +0100, a ecrit: > The symbols in mini-os.map have been obtained via building all defined > and not failing stubdoms (caml-stubdom doesn't build). > > +++ b/mini-os.map > @@ -0,0 +1,187 @@ > +# Mini-OS symbols being externally visible > +# entry point > +_start > +# Mini-OS service functions > +alloc_fd > +alloc_file_type > +alloc_pages > +bind_virq I believe we also want bind_pirq > +block > +console_print > +create_thread Also exit_thread msleep > +do_map_frames > +free_pages > +get_file_from_fd > +hypercall_page > +event_queue > +evtchn_alloc_unbound > +evtchn_bind_interdomain > +evtchn_get_peercontext > +gntmap_fini > +gntmap_init > +gntmap_map_grant_refs > +gntmap_munmap > +gntmap_set_max_grants > +map_frames_ex I believe we also want map_frame_rw map_frame_virt unmap_frames > +mask_evtchn I believe we also want clear_evtchn > +need_pgt > +printk > +schedule > +stop_kernel > +unbind_evtchn > +unmask_evtchn > +wake > +xencons_ring_avail Only this xencons_ function? It's very surprising being alone > +xprintk > +__local_irq_restore > +__local_irq_save I guess we also want gnttab_alloc_and_grant gnttab_grant_access gnttab_grant_transfer gnttab_end_transfer gnttab_end_access gnttabop_error ioremap ioremap_nocache iounmap > +__udivdi3 > +__udivmoddi4 > +__umoddi3 Please put those in a libgcc section. > +# libc There are quite a few more that we'll want here: at least all of the string/stdio operations of include/lib.h include/posix/strings.h (for the case when we don't have newlib's libc) Also, ioctl shutdown getpeername recvfrom closelog vsyslog err errx warn warnx verr verrx vwarn vwarnx getuid geteuid getgid getegid gethostname nice _ctype malloc realloc free > +accept > +bind > +chdir > +clock_gettime > +close > +closedir > +connect > +do_exit > +dup > +dup2 > +execv > +fcntl > +fork > +fstat64 > +fsync > +ftruncate > +getpagesize > +getpid > +getsockname > +getsockopt > +gettimeofday > +htonl > +htons > +inet_aton > +inet_ntoa > +isatty > +kill > +link > +listen > +lockf > +lseek64 > +mkdir > +mmap64 > +munmap > +nanosleep > +ntohl > +ntohs > +open64 > +opendir > +openlog > +pipe > +poll > +posix_openpt > +read > +readdir > +recv > +rmdir > +sbrk > +select > +select_read_flag > +send > +sendto > +setsid > +setsockopt > +sigaction > +sleep > +socket > +stat > +sysconf > +syslog > +tcgetattr > +tcsetattr I believe we also want cfmakeraw > +umask > +unlink > +usleep > +waitpid > +write > +_exit > +_fini > +_init > +___lock_acquire > +___lock_acquire_recursive > +___lock_init_recursive > +___lock_release > +___lock_release_recursive > +# 9pfront driver > +init_9pfront > +# blkfront driver > +blkfront_aio > +blkfront_aio_poll > +blkfront_aio_push_operation > +blkfront_io > +blkfront_open > +blkfront_queue > +blkfront_sync > +init_blkfront > +shutdown_blkfront > +# fbfront driver > +fbfront_open > +fbfront_receive > +fbfront_resize > +fbfront_update > +init_fbfront > +shutdown_fbfront > +# kbdfront driver > +init_kbdfront > +kbdfront_open > +kbdfront_receive > +shutdown_kbdfront > +# netfront driver > +init_netfront > +netfront_receive > +netfront_tap_open > +netfront_xmit > +networking_set_addr > +shutdown_netfront I believe we also want netfront_get_netmask netfront_get_gateway suspend_netfront resume_netfront start_networking stop_networking networking_set_addr > +# pcifront driver > +pcifront_conf_read > +pcifront_conf_write > +pcifront_scan > +shutdown_pcifront I believe we also want init_pcifront pcifront_op pcifront_enable_msi pcifront_disable_msi pcifront_enable_msix pcifront_disable_msiX > +# tpmback driver > +init_tpmback > +shutdown_tpmback > +tpmback_get_opaque > +tpmback_get_peercontext > +tpmback_get_uuid > +tpmback_req_any > +tpmback_resp > +tpmback_set_opaque I believe we also want tpmback_req tpmback_wait_for_frontend_connect tpmback_num_frontends > +# tpmfront driver > +init_tpmfront > +shutdown_tpmfront > +tpmfront_cmd > +tpmfront_open I believe we also want tpmfront_set_locality > +# tpm_tis driver > +init_tpm_tis > +init_tpm2_tis > +tpm_tis_open > +tpm_tis_request_locality I believe we also want tpm_tis_cmd > +# xenbus driver > +xenbus_ls > +xenbus_read > +xenbus_wait_for_watch > +xenbus_watch_path_token > +xenbus_unwatch_path_token Also xenbus_wait_for_watch_return xenbus_wait_for_value xenbus_wait_for_state_change xenbus_switch_state xenbus_write xenbus_msg_reply xenbus_rm xenbus_get_perms xenbus_set_perms xenbus_transaction_start xenbus_transaction_end xenbus_read_integer xenbus_read_uuid xenbus_printf xenbus_get_self_id > +xs_daemon_open > +xs_directory > +xs_fileno > +xs_get_domain_path > +xs_read > +xs_read_watch > +xs_rm > +xs_unwatch > +xs_watch > +xs_write > -- > 2.35.3 >
On 03.11.23 03:09, Samuel Thibault wrote: > Hello, > > Juergen Gross, le mer. 01 nov. 2023 16:35:51 +0100, a ecrit: >> The symbols in mini-os.map have been obtained via building all defined >> and not failing stubdoms (caml-stubdom doesn't build). >> >> +++ b/mini-os.map >> @@ -0,0 +1,187 @@ >> +# Mini-OS symbols being externally visible >> +# entry point >> +_start >> +# Mini-OS service functions >> +alloc_fd >> +alloc_file_type >> +alloc_pages >> +bind_virq > > I believe we also want bind_pirq In general: yes to all of your remarks (thanks for looking up the missing symbols). This was a first round to see whether the approach is fine. Your answer seems to indicate that this is the case. I'll expand the list as you requested in the next version. Juergen
diff --git a/Makefile b/Makefile index 85c6db75..d4768110 100644 --- a/Makefile +++ b/Makefile @@ -164,8 +164,9 @@ endif $(OBJ_DIR)/arch/x86/minios-x86%.lds: arch/x86/minios-x86.lds.S $(CPP) $(ASFLAGS) -P $< -o $@ -$(OBJ_DIR)/$(TARGET)-kern.o: $(OBJS) arch_lib $(OBJ_DIR)/$(TARGET_ARCH_DIR)/minios-$(MINIOS_TARGET_ARCH).lds +$(OBJ_DIR)/$(TARGET)-kern.o: $(OBJS) arch_lib $(OBJ_DIR)/$(TARGET_ARCH_DIR)/minios-$(MINIOS_TARGET_ARCH).lds mini-os.map $(LD) -r $(LDFLAGS) $(HEAD_OBJ) $(OBJS) $(LDARCHLIB) -o $@ + $(OBJCOPY) -w -G $(GLOBAL_PREFIX)* --keep-global-symbols=mini-os.map $@ $@ $(OBJ_DIR)/$(TARGET): $(OBJ_DIR)/$(TARGET)-kern.o $(APP_O) $(LD) -r $(LDFLAGS) $(OBJ_DIR)/$(TARGET)-kern.o $(APP_O) $(LDLIBS) -o $@.o diff --git a/mini-os.map b/mini-os.map new file mode 100644 index 00000000..b62806e1 --- /dev/null +++ b/mini-os.map @@ -0,0 +1,187 @@ +# Mini-OS symbols being externally visible +# entry point +_start +# Mini-OS service functions +alloc_fd +alloc_file_type +alloc_pages +bind_virq +block +console_print +create_thread +do_map_frames +free_pages +get_file_from_fd +hypercall_page +event_queue +evtchn_alloc_unbound +evtchn_bind_interdomain +evtchn_get_peercontext +gntmap_fini +gntmap_init +gntmap_map_grant_refs +gntmap_munmap +gntmap_set_max_grants +map_frames_ex +mask_evtchn +need_pgt +printk +schedule +stop_kernel +unbind_evtchn +unmask_evtchn +wake +xencons_ring_avail +xprintk +__local_irq_restore +__local_irq_save +__udivdi3 +__udivmoddi4 +__umoddi3 +# libc +accept +bind +chdir +clock_gettime +close +closedir +connect +do_exit +dup +dup2 +execv +fcntl +fork +fstat64 +fsync +ftruncate +getpagesize +getpid +getsockname +getsockopt +gettimeofday +htonl +htons +inet_aton +inet_ntoa +isatty +kill +link +listen +lockf +lseek64 +mkdir +mmap64 +munmap +nanosleep +ntohl +ntohs +open64 +opendir +openlog +pipe +poll +posix_openpt +read +readdir +recv +rmdir +sbrk +select +select_read_flag +send +sendto +setsid +setsockopt +sigaction +sleep +socket +stat +sysconf +syslog +tcgetattr +tcsetattr +umask +unlink +usleep +waitpid +write +_exit +_fini +_init +___lock_acquire +___lock_acquire_recursive +___lock_init_recursive +___lock_release +___lock_release_recursive +# 9pfront driver +init_9pfront +# blkfront driver +blkfront_aio +blkfront_aio_poll +blkfront_aio_push_operation +blkfront_io +blkfront_open +blkfront_queue +blkfront_sync +init_blkfront +shutdown_blkfront +# fbfront driver +fbfront_open +fbfront_receive +fbfront_resize +fbfront_update +init_fbfront +shutdown_fbfront +# kbdfront driver +init_kbdfront +kbdfront_open +kbdfront_receive +shutdown_kbdfront +# netfront driver +init_netfront +netfront_receive +netfront_tap_open +netfront_xmit +networking_set_addr +shutdown_netfront +# pcifront driver +pcifront_conf_read +pcifront_conf_write +pcifront_scan +shutdown_pcifront +# tpmback driver +init_tpmback +shutdown_tpmback +tpmback_get_opaque +tpmback_get_peercontext +tpmback_get_uuid +tpmback_req_any +tpmback_resp +tpmback_set_opaque +# tpmfront driver +init_tpmfront +shutdown_tpmfront +tpmfront_cmd +tpmfront_open +# tpm_tis driver +init_tpm_tis +init_tpm2_tis +tpm_tis_open +tpm_tis_request_locality +# xenbus driver +xenbus_ls +xenbus_read +xenbus_wait_for_watch +xenbus_watch_path_token +xenbus_unwatch_path_token +xs_daemon_open +xs_directory +xs_fileno +xs_get_domain_path +xs_read +xs_read_watch +xs_rm +xs_unwatch +xs_watch +xs_write
Add a mini-os.map file containing all global symbols that are allowed to be referenced by an application or library. Hide all other symbols of Mini-OS from being visible externally. The symbols in mini-os.map have been obtained via building all defined and not failing stubdoms (caml-stubdom doesn't build). Signed-off-by: Juergen Gross <jgross@suse.com> --- Makefile | 3 +- mini-os.map | 187 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 189 insertions(+), 1 deletion(-) create mode 100644 mini-os.map