[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2 07/70] x86: Build check for embedded endbr64 instructions
- To: Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <amc96@xxxxxxxx>
- From: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
- Date: Wed, 16 Feb 2022 11:55:04 +0000
- Accept-language: en-GB, en-US
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=w1AMShmSEkasRrcVpUKRpw8B41H7gKDFNFnrQyhxxKI=; b=Vh4RdGentRs4eN0r4J7zKMaXAjfKlWp11zFum7DpTD+jiB6HRuPvw+EvY76r9tQYmHHXMn8P5842DgxBwpSuLJjCjwTVfp/t+9p6MGzcCQdaY5TTbVrkz/IqLI3t3R+0IsOW32YeZmFhcPrcRjcB7nCcrpp+7+oVrSn0zZtnyNQcwbVxWm5q6qqQQNiU7i3VxRj16d/frNT2dQl2KLm3DzRYYW3/wuHOcFmJC7h15CcD8oU1lnXvfAdpGvEpGhGAJC2/vhkM8fPI+KyiPJNodkg5l8aa3YI8iKNLXBuP/7EqCT27VEo86J9PR6YKYhpccnUPUqMWrjcKWmvKOK9xug==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CfPzZoLYFD1FdbogjENESIGO1A1oMj6urEt/PsS80ceQI3RI+WvkJ1SyUBeQNGaGPyNU03JFBMWyLLftBSvq+AhrfCDtdv1c4oELV1Wy0Bpsj0ngLhUTxSqq+181mKmBo9OkxZvxRbU1WOseSLk5C3MsJ8K8rKjscn913C+3vLplm/hB2EvoLgnZWIV5e8f4m3qErqNzUW89l+BEOVr9T1tDBwfmJTgGPfeNcTZq5G0fcXy1OzKkE9plhKKBxX9LbRhBbDkN2dxqZJ1e6NZLfl++SZR2G22+GtgU8WVHWZZ1JP4/9GRz9jJGMsFrN+pwlUY2zXKfgjX8v/GzV2niSg==
- Authentication-results: esa3.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
- Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>
- Delivery-date: Wed, 16 Feb 2022 11:55:30 +0000
- Ironport-data: A9a23:/H0Gf6IbbCYFAwqrFE+RV5IlxSXFcZb7ZxGr2PjKsXjdYENShWQPn GsbWjiEbq2NMGrxKdwkb9jl/ExX7J7QnN8wHVRlqX01Q3x08seUXt7xwmUcns+xwm8vaGo9s q3yv/GZdJhcokcxIn5BC5C5xZVG/fjgqoHUVaiUakideSc+EH170Ug6xbZg6mJVqYPR7z2l6 IuaT/L3YDdJ6xYsWo7Dw/vewP/HlK2aVAIw5jTSV9gS1LPtvyB94KYkDbOwNxPFrrx8RYZWc QphIIaRpQs19z91Yj+sfy2SnkciGtY+NiDW4pZatjTLbrGvaUXe345iXMfwZ3u7hB2rwfF12 vIVt6aNFyQJO/3Dg/02UR9xRnQW0a1uoNcrIFC6uM2XiUbHb2Ht07NlC0Re0Y8wo7gtRzsUr LpBdW5LPkvra+GemdpXTsFFgMg5IdatF4QYonx6lhnSDOo8QICFSKLPjTNd9Gls3ZsURKyFD yYfQRVuck7sRCJpA3IOK58PvuaC2mC8SwQN/Tp5ooJoujOOnWSdyoPFINfTP9CHW8hRtkKZv X7duXT0BAkAM96SwibD9Wij7sfKlDn+UZgfF5W58OBrm1yZwmEPCBwQWkC/qPP/gUm7M/pdI UEJ/islrYAp6VemCNL6WnWQqXuP70A0QMBbHas85R3l90bPy1/HXC5eFGcHMYF48p9tLdA36 rOXt/G3JDh9l+WXc0/D1ZeR/TypIAMXK0ZXMEfoUjA5y9XkpYgyiDfGQdBiDLO5g7XJJN3g/ 9yZhHNg3utO1Kbnw43+pAma2Gz0+vAlWyZovl2/Y46z0u9uiGdJjaSM4EOT0/tPJZ3xorKp7 CldwJj2AAzj4PiweM2xrAclQenBCxWtamS0bbtT838JrWnFF5mLJ9043d2GDB01WvvogBewC KMphStf5YVIIFyhZrJtboS6BqwClPa8SYW4D6qFP4sXOPCdkTNrGgk0OCZ8OEi3ziARfVwXY 8/HIa5A815GYUiY8NZGb7hEiuJ6rszP7WjSWYr633yaPUm2PxaopUM+GALWNIgRtfrcyC2Mq oo3H5bamn13DbylCgGKoNF7ELz/BSVibXwAg5cMLbDrz8sPMDxJNsI9Npt7K9w/xPUKzL6Vl px/M2cBoGfCabT8AVziQlhoaa/1XIY5qnQ+PCc2Ok2v1WRlaoGqhJrzvbNuFVX+3OA8n/NyU dcffMCMXqZGRjjdomxPZpjhto1yMh+sgFvWbSaiZTE+eb9mRhDIpYC4Lle+qnFWA3rlr9Y6r p2hyhjfHcgJSTN9AZuEc/mo1V6w4yQQwbogQ0vSL9BPU0zw64w2eTfph/o6LphUexXOzzeXz SiMBhIcqbWfqoM56oCR16uFs52oA611GU8DRzvX6rO/NC/7+Gu/wNAfDLbULG6FDG6tofesf +RYyf34IcYrplcSvtouCatvwII/+8Dr++1QwDN7ESiZdF+sEL5hfCWLhJEdqq1Xy7ZFkgKqQ UbTqMJCMLCENc65Ql4cIA0pMraK2f0Ow2SA6P00JAPx5TNt/arBWkJXZkHehCtYJbpzEYUk3 eZ+55JGt13h0kInYoSckyRZ12WQNXhRAawou6YTDJLvlgd2mEpJZobRC3Ou7ZyCAzmW3pLG/ tNAaHL+uolh
- Ironport-hdrordr: A9a23:kWhOcKDJ3VLKttLlHegKsceALOsnbusQ8zAXPh9KJyC9I/b2qy nxppgmPEfP+UossHFJo6HlBEEZKUmstKKdkrNhQotKOzOW+FdATbsSo7cKpgeAJ8SQzJ8k6U 4NSdkdNDS0NykGsS+Y2nj6Lz9D+qj9zEnAv463pB0BLXAIV0gj1XYCNu/yKDwqeOAsP+tfKH Po3Ls/m9PWQwVwUi3UPAhhY8Hz4/nw0L72ax8PABAqrCOUiymz1bL8Gx+Emj8DTjJm294ZgC r4uj28wp/mn+Cwyxfa2WOWxY9RgsHdxtxKA9HJotQJKw/rlh2jaO1aKvi/VXEO0aWSAWQR4Z /xSiQbTp1OArTqDzmISC7Wqk7dOfAVmiTfIBGj8CHeSIfCNUwH4oJ69PNkm13imhYdVZhHod F2NyjyjesmMTrQ2Cv6/NTGTBdsiw69pmcji/caizhFXZIZc6I5l/1TwKp5KuZKIMvB0vFsLA CuNrCq2N9GNVeBK3zJtGhmx9KhGnw1AxedW0AH/siYySJfknx1x1YRgJV3pAZOyLstD51fo+ jUOKVhk79DCscQcKJmHe8EBc+6EHbETx7AOH+bZV7nCKYEMXTQrIOf2sR42Mi6PJgTiJcikp XIV11V8WY0ZkL1EMWLmIZG9xjcKV/NFQgFCvsurqSRloeMMYYDABfzPmzGyfHQ0cn3KverL8 qOBA==
- Ironport-sdr: lGI3cgPPARmTI3qObh8kIQMC/bJn2to+LbxYw9eORy9tF1Vyfj3iAktGfzmsaAE20AVlrnQGj3 hOG9Ji4uKIpPrtrCc41HwYnHSDGOawmcrJH+0oOCLHw82n3xrgYaLiIozFEFv/qNcSzQ3z8Bek RzfUI+I7ZSnv16XzVLbs05agtiBKlNqwawwCKGAXGuEr4siwCStXZBSYJSygAQZO12Bj/Rwc67 vlEgXar4DX99m+WcGx4g+OcW00IXXTTPy+gAOsggKAbw1mEj6XFDz375yPFBU2BexUl0o4z5GJ YWOEruXNdj/MkuYXC7hQR1fs
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
- Thread-index: AQHYIaGvWqdqb3ZDi0C7/EewX8xTwqyUuZIAgAAssICAAPiHAIAANgUA
- Thread-topic: [PATCH v2 07/70] x86: Build check for embedded endbr64 instructions
On 16/02/2022 08:41, Jan Beulich wrote:
>>> Any zero-padding inserted anywhere by the linker can
>>> result in an immediately following ENDBR to be missed (because
>>> sequences of zeros resemble 2-byte insns).
>> I'm not sure this is a problem. This pass is looking for everything
>> that objdump thinks is a legal endbr64 instruction, and it splits at labels.
> Oh, right - I did miss the splitting at labels aspect. Hopefully
> objdump is really consistent with this.
Certainly appears to be in my experience.
>>>> +#
>>>> +# Second, look for any endbr64 byte sequence
>>>> +# This has a couple of complications:
>>>> +#
>>>> +# 1) Grep binary search isn't VMA aware. Copy .text out as binary,
>>>> causing
>>>> +# the grep offset to be from the start of .text.
>>>> +#
>>>> +# 2) AWK can't add 64bit integers, because internally all numbers are
>>>> doubles.
>>>> +# When the upper bits are set, the exponents worth of precision is
>>>> lost in
>>>> +# the lower bits, rounding integers to the nearest 4k.
>>>> +#
>>>> +# Instead, use the fact that Xen's .text is within a 1G aligned
>>>> region, and
>>>> +# split the VMA in half so AWK's numeric addition is only working on
>>>> 32 bit
>>>> +# numbers, which don't lose precision.
>>>> +#
>>>> +eval $(${OBJDUMP} -h | awk '$2 == ".text" {printf
>>>> "vma_hi=%s\nvma_lo=%s\n", substr($4, 1, 8), substr($4, 9, 16)}')
>>>> +
>>>> +${OBJCOPY} -O binary $TEXT_BIN
>>>> +grep -aob "$(printf '\363\17\36\372')" $TEXT_BIN |
>>>> + awk -F':' '{printf "%s%x\n", "'$vma_hi'", strtonum(0x'$vma_lo') +
>>>> $1}' > $ALL
>>> None of the three options passed to grep look to be standardized.
>>> Is this going to cause problems on non-Linux systems? Should this
>>> checking perhaps be put behind a separate Kconfig option?
>> CI says that FreeBSD is entirely happy, while Alpine Linux isn't. This
>> is because Alpine has busybox's grep unless you install the GNU grep
>> package, and I'm doing a fix to our container.
>>
>> My plan to fix this is to just declare a "grep capable of binary
>> searching" a conditional build requirement for Xen. I don't think this
>> is onerous, and there no other plausible alternatives here.
>>
>> The other option is to detect the absence of support an skip the check.
>> It is after all a defence in depth scheme, and anything liable to cause
>> a problem would be caught in CI anyway.
> I'd favor the latter approach (but I wouldn't mind the conditional build
> requirement, if you and others deem that better), with a warning issued
> when the check can't be performed. I have to admit that I didn't expect
> there would be no simple and standardized binary search tool on Unix-es.
Ok, so lets do this:
1) This script gets a check for $(grep -aob) and emits a warning to
stderr but exits 0. This lets people using IBT know that something was
missing.
2) Optional build dependency of `grep -aob` for Xen. (just a tweak to
README)
3) Update the alpine containers to not miss out.
~Andrew
|
