[6/7] x86/efi: do not merge all .init sections

Message ID	20250318173547.59475-7-roger.pau@citrix.com (mailing list archive)
State	New
Headers	show Return-Path: <xen-devel-bounces@lists.xenproject.org> Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org> From: Roger Pau Monne <roger.pau@citrix.com> To: xen-devel@lists.xenproject.org Cc: Roger Pau Monne <roger.pau@citrix.com>, Jan Beulich <jbeulich@suse.com>, Andrew Cooper <andrew.cooper3@citrix.com> Subject: [PATCH 6/7] x86/efi: do not merge all .init sections Date: Tue, 18 Mar 2025 18:35:46 +0100 Message-ID: <20250318173547.59475-7-roger.pau@citrix.com> In-Reply-To: <20250318173547.59475-1-roger.pau@citrix.com> References: <20250318173547.59475-1-roger.pau@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit
Series	x86: generate xen.efi image with no write-execute sections \| expand [0/7] x86: generate xen.efi image with no write-execute sections [1/7] x86/boot: clarify comment about trampoline_setup usage [2/7] x86/mkelf32: account for offset when detecting note segment placement [3/7] xen: remove -N from the linker command line [4/7] x86/boot: apply trampoline relocations at destination position [5/7] x86/mkreloc: remove warning about relocations to RO section [6/7] x86/efi: do not merge all .init sections [7/7] xen/build: warn about RWX load segments

Message ID

20250318173547.59475-7-roger.pau@citrix.com (mailing list archive)

State

New

Headers

Errors-To: xen-devel-bounces@lists.xenproject.org
Precedence: list
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
From: Roger Pau Monne <roger.pau@citrix.com>
To: xen-devel@lists.xenproject.org
Cc: Roger Pau Monne <roger.pau@citrix.com>,
	Jan Beulich <jbeulich@suse.com>,
	Andrew Cooper <andrew.cooper3@citrix.com>
Subject: [PATCH 6/7] x86/efi: do not merge all .init sections
Date: Tue, 18 Mar 2025 18:35:46 +0100
Message-ID: <20250318173547.59475-7-roger.pau@citrix.com>
In-Reply-To: <20250318173547.59475-1-roger.pau@citrix.com>
References: <20250318173547.59475-1-roger.pau@citrix.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Series

x86: generate xen.efi image with no write-execute sections | expand

Commit Message

Roger Pau Monne March 18, 2025, 5:35 p.m. UTC

As a result of relocations now being applied after the trampoline has been
copied into the low 1MB region, there's no need for a single .init section
that's writable, as .init.text is no longer modified.

Remove the bodge and fallback to the layout used by ELF images with an
.init.text and .init.data section.

The resulting PE sections are:

Sections:
Idx Name          Size      VMA               LMA               File off  Algn
  0 .text         0019072c  ffff82d040200000  ffff82d040200000  00000440  2**4
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
  1 .rodata       000884c8  ffff82d040400000  ffff82d040400000  00190b80  2**2
                  CONTENTS, ALLOC, LOAD, DATA
  2 .buildid      00000035  ffff82d0404884c8  ffff82d0404884c8  00219060  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  3 .init.text    00052866  ffff82d040600000  ffff82d040600000  002190a0  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
  4 .init.data    00059730  ffff82d040658000  ffff82d040658000  0026b920  2**2
                  CONTENTS, ALLOC, LOAD, DATA
[...]

Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
---
 xen/arch/x86/xen.lds.S | 8 --------
 1 file changed, 8 deletions(-)

Comments

Andrew Cooper March 18, 2025, 6:08 p.m. UTC | #1

On 18/03/2025 5:35 pm, Roger Pau Monne wrote:
> As a result of relocations now being applied after the trampoline has been
> copied into the low 1MB region, there's no need for a single .init section
> that's writable, as .init.text is no longer modified.
>
> Remove the bodge and fallback to the layout used by ELF images with an
> .init.text and .init.data section.
>
> The resulting PE sections are:
>
> Sections:
> Idx Name          Size      VMA               LMA               File off  Algn
>   0 .text         0019072c  ffff82d040200000  ffff82d040200000  00000440  2**4
>                   CONTENTS, ALLOC, LOAD, READONLY, CODE
>   1 .rodata       000884c8  ffff82d040400000  ffff82d040400000  00190b80  2**2
>                   CONTENTS, ALLOC, LOAD, DATA
>   2 .buildid      00000035  ffff82d0404884c8  ffff82d0404884c8  00219060  2**2
>                   CONTENTS, ALLOC, LOAD, READONLY, DATA
>   3 .init.text    00052866  ffff82d040600000  ffff82d040600000  002190a0  2**2
>                   CONTENTS, ALLOC, LOAD, READONLY, CODE
>   4 .init.data    00059730  ffff82d040658000  ffff82d040658000  0026b920  2**2
>                   CONTENTS, ALLOC, LOAD, DATA
> [...]
>
> Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>

Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>

Jan Beulich March 19, 2025, 10:39 a.m. UTC | #2

On 18.03.2025 18:35, Roger Pau Monne wrote:
> As a result of relocations now being applied after the trampoline has been
> copied into the low 1MB region, there's no need for a single .init section
> that's writable, as .init.text is no longer modified.

This builds on the confusion of the two different types of relocations that
started in the previous patch. The change here may be okay once that other
aspect was clarified; the description would need extending then, though, to
cover both kinds or relocations.

> Remove the bodge and fallback to the layout used by ELF images with an
> .init.text and .init.data section.
> 
> The resulting PE sections are:
> 
> Sections:
> Idx Name          Size      VMA               LMA               File off  Algn
>   0 .text         0019072c  ffff82d040200000  ffff82d040200000  00000440  2**4
>                   CONTENTS, ALLOC, LOAD, READONLY, CODE
>   1 .rodata       000884c8  ffff82d040400000  ffff82d040400000  00190b80  2**2
>                   CONTENTS, ALLOC, LOAD, DATA
>   2 .buildid      00000035  ffff82d0404884c8  ffff82d0404884c8  00219060  2**2
>                   CONTENTS, ALLOC, LOAD, READONLY, DATA
>   3 .init.text    00052866  ffff82d040600000  ffff82d040600000  002190a0  2**2
>                   CONTENTS, ALLOC, LOAD, READONLY, CODE
>   4 .init.data    00059730  ffff82d040658000  ffff82d040658000  0026b920  2**2
>                   CONTENTS, ALLOC, LOAD, DATA
> [...]

Just to mention it, also because Demi raised concern: This will leave us
with yet more sections with long names. We may want to consider to e.g. use
.init.t and .init.d instead. (Of course there's nothing we can really do
about the various .debug_* sections, as those can only be identified by
name. The only option I see there is to strip the binary.)

Jan

diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S
index d4dd6434c466..5ab37cefa25a 100644
--- a/xen/arch/x86/xen.lds.S
+++ b/xen/arch/x86/xen.lds.S
@@ -197,11 +197,7 @@  SECTIONS
   __2M_init_start = .;         /* Start of 2M superpages, mapped RWX (boot only). */
   . = ALIGN(PAGE_SIZE);             /* Init code and data */
   __init_begin = .;
-#ifdef EFI /* EFI wants to merge all of .init.*  ELF doesn't. */
-  DECL_SECTION(.init) {
-#else
   DECL_SECTION(.init.text) {
-#endif
        _sinittext = .;
        *(.init.text)
        *(.text.startup)
@@ -213,12 +209,8 @@  SECTIONS
         */
        *(.altinstr_replacement)
 
-#ifdef EFI /* EFI wants to merge all of .init.*  ELF doesn't. */
-       . = ALIGN(SMP_CACHE_BYTES);
-#else
   } PHDR(text)
   DECL_SECTION(.init.data) {
-#endif
        *(.init.bss.stack_aligned)
 
        . = ALIGN(POINTER_ALIGN);

[6/7] x86/efi: do not merge all .init sections

Commit Message

Comments

Patch