Xen project Mailing List

[PATCH] livepatch: set -f{function,data}-sections compiler option

From: Roger Pau Monne <roger.pau@xxxxxxxxxx>

Date: Wed, 2 Mar 2022 14:44:25 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/GuEWfnh7t7WFYhXPlf7lXrB2XILSCmjAhkM/Liht00=; b=F/ERbX3jh3zH9e1ytbr4hAE0/yl0/q5QrJM9F9SVmNPMjPwnEpUlQ7wJVfbZmEywpLmcSNcZMdfSMwkl4TBWPuFRCdrhWrY1A77nkUtALPameFBvUuQ0yMV/1Mb46IYNn8Daol54wBejKDplA14EQsXnU2ixoZfbtrb7mIWfM46E92F0vAzQfUxYkWw/UkWjTmkril+rZ2iVpYPVEvTVv+BuKXn3OTdvLmposYNZvW59XrYsJ3/hfj5ypZcFrshggcichC2xB8H8LnBBmc+Z9uIczZ1xP7GiFbocb/XD6lyy5W06qZHGoLnnRuc9iTX5Fvwpq9QnDVOYaGE6DytKnQ==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mDqVfh6oljSx4eBGR10x6EWxja3KSGkv7qSLPWofeJed+WEbd6/c86cDvFwQ16HbtPK40sxI2cYZ/q7W6gSWdn95gKgUQI6nJzYqoRpNgQvKajCsNeYztR/3VzUwrfTI7aDuX2pv1swyAtqbOzRcaNOz+5DaB9Guvp+gEDBlwsD9KTO8c5Y2tFObGu3+pzt/TdePvvRzxvsPKyNzmwh5V9CB2odqIVee/VlTWIb9wPi2P1/c8hWTVNxucdX51r9iqu0+54hmeG1axbBb6qUj+GNsAWY79NT0ptgFvDfSddM47tAD1pWO2gPtxoCtsyGkGoGcY1vkncnRovFmAk1Qzg==

Authentication-results: esa4.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com

Cc: Roger Pau Monne <roger.pau@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>

Delivery-date: Wed, 02 Mar 2022 13:45:04 +0000

Ironport-data: A9a23:GHsVbq+YRLaz+LUzroUQDrUDdH6TJUtcMsCJ2f8bNWPcYEJGY0x3z TBNXTzVOqvcYTGjLdsgbdzj9UpTsMDQxtRmHAA5qi88E34SpcT7XtnIdU2Y0wF+jyHgoOCLy +1EN7Es+ehtFie0Si+Fa+Sn9T8mvU2xbuKU5NTsY0idfic5DnZ54f5fs7Rh2NQw2oDjW1jlV e7a+KUzBnf0g1aYDUpMg06zgEsHUCPa4W5wUvQWPJinjXeG/5UnJMt3yZKZdhMUdrJ8DO+iL 9sv+Znilo/vE7XBPfv++lrzWhVirrc/pmFigFIOM0SpqkAqSiDfTs/XnRfTAKtao2zhojx/9 DlCna6cYCcPb63HoroidkZAThgvH7RZ1LCSdBBTseTLp6HHW37lwvEoB0AqJ4wIvO1wBAmi9 9RBdmpLNErawbvrnvTrEYGAhex6RCXvFJkYtXx6iynQEN4tQIzZQrWM7thdtNs1rp4RQ6+HP ppEAdZpREX9ah91Z2saMrkRgeKOuiKjcB5f72vA8MLb5ECMlVcsgdABKuH9ZdiiVchT2EGCq Qru9WnjHgsTMtDZzDOf62+tncfGhya9U4UXfJWG8fptjEyW13YkIhQcXlumotG0kke7HdlYL iQ84TEypKI/8EiqSNjVXBCipnOA+BkGVLJ4A+A8rQ2A1KfQywKYHXQfCC5MbsQ8s807TiBs0 UWG9/vrDzFytLyeSVqG66yZ6zi1PEA9L3IGZCICZRsI5Z/kuo5bs/7UZo89Sujv1ISzQGyuh WDRxMQju1kNpfwn/oWdrFDMuWyTg8fREzdkxBzIcm3wu2uVe7WZT4Cv7FHa69NJI4CYUkSNs RA4piSO0AwdJcrTzXLQGY3hCJnsvq/Ya2OE3TaDCrF8r2zFxpK1QWxHDNiSzm9NO91MRzLma VS7Veh5tM4KZyvCgUOajuuM5yUWIUrISIyNuhP8NIMmjn1NmOmvpnsGiam4hT2FraTUuftjU ap3iO71ZZrgNYxpzSCtW8AW2qIxyyY1yAv7HM6nkU35ieLPOifEE9/p1WdiiMhjtstoRy2Pr r5i2zaikU0DAIUSnAGNmWLsEbz6BSdiXs2nwyCmXuWCPhBnCAkc5wz5mtscl3het/0NzI/gp yjlMmcBkQaXrSCXeG2iNyE4AJuyDMkXkJ7OFXF1Vbpe8yN4OtjHAWZ2X8ZfQITLA8Q4la8kF 6ReIp7YahmNIxyekwkggVDGhNUKXDyghB6UPjrjZz46fpV6QBfO9MOidQzqnBTixALu3Sfii 9VMDj/mfKc=

Ironport-hdrordr: A9a23:D3HCQq+sJJCldMirI2Juk+Fldb1zdoMgy1knxilNoENuH/Bwxv rFoB1E73TJYW4qKQodcdDpAtjifZquz+8O3WBxB8buYOCCggeVxe5ZnOzfKlHbehEWs9QtrZ uIEJIOROEYb2IK6/oSiTPQe7lP/DDEytHQuQ609QYOcegeUdAF0+4PMHf/LqQZfml7LKt8MK DZyttMpjKmd3hSRN+8HGM5U+/KoMCOvI76YDYdbiRXpjWmvHeN0vrXAhKY1hARX3dk2rE561 XIlAT/++GKr+y78BnBzGXehq4m2ecJi+EzRPBkuPJlaAkEuTzYIbiJnIfy+Azdldvfq2rCVu O85CvIcf4DrU85NVvF3CcFkzOQrArGrUWShmNwyEGT3/AQSF8BerV8rJMcfR3D50U6utZglK pNwmKCrpJSSQjNhSLn+rHzJllXf+WP0AgfeMMo/gpiuLElGfZsRE0kjTZoOYZFGDi/5JEsEe FoAs2Z7PFKcUmCZ3ScumV02tSjUnk6Ax/DGyE5y4ao+ikTmGo8w1oTxcQZkHtF/JUhS4Nc7+ CBNqhzjrlBQsIfcKo4DuYcRsm8DHDLXHv3QSmvCEWiELtCN2PGqpbx7rlw7Oa2eIYQxJ93g5 jFWEMwjx9ER6svM7z74HRmyGG8fIzmZ0Wd9ih33ekLhoHB

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

If livepatching support is enabled build the hypervisor with -f{function,data}-sections compiler options, which is required by the livepatching tools to detect changes and create livepatches. This shouldn't result in any functional change on the hypervisor binary image, but does however require some changes in the linker script in order to handle that each function and data item will now be placed into its own section in object files. As a result add catch-all for .text, .data and .bss in order to merge each individual item section into the final image. The main difference will be that .text.startup will end up being part of .text rather than .init, and thus won't be freed. Such section only seems to appear when using -Os, which not the default for debug or production binaries. The benefit of having CONFIG_LIVEPATCH enable those compiler options is that the livepatch build tools no longer need to fiddle with the build system in order to enable them. Note the current livepatch tools are broken after the recent build changes due to the way they attempt to set -f{function,data}-sections. Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx> --- xen/Makefile | 4 ++++ xen/arch/arm/xen.lds.S | 9 +++++++++ xen/arch/x86/xen.lds.S | 9 +++++++++ xen/common/Kconfig | 4 +++- 4 files changed, 25 insertions(+), 1 deletion(-) diff --git a/xen/Makefile b/xen/Makefile index ed4891daf1..bf14a9bdd2 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -269,6 +269,10 @@ else CFLAGS += -fomit-frame-pointer endif +ifeq ($(CONFIG_LIVEPATCH),y) +CFLAGS += -ffunction-sections -fdata-sections +endif + CFLAGS += -nostdinc -fno-builtin -fno-common CFLAGS += -Werror -Wredundant-decls -Wno-pointer-arith $(call cc-option-add,CFLAGS,CC,-Wvla) diff --git a/xen/arch/arm/xen.lds.S b/xen/arch/arm/xen.lds.S index 08016948ab..1c7c7d5469 100644 --- a/xen/arch/arm/xen.lds.S +++ b/xen/arch/arm/xen.lds.S @@ -33,6 +33,9 @@ SECTIONS *(.text) *(.text.cold) *(.text.unlikely) +#ifdef CONFIG_LIVEPATCH + *(.text.*) +#endif *(.fixup) *(.gnu.warning) _etext = .; /* End of text section */ @@ -96,6 +99,9 @@ SECTIONS *(.data.rel) *(.data.rel.*) +#ifdef CONFIG_LIVEPATCH + *(.data.*) +#endif CONSTRUCTORS } :text @@ -208,6 +214,9 @@ SECTIONS . = ALIGN(SMP_CACHE_BYTES); __per_cpu_data_end = .; *(.bss) +#ifdef CONFIG_LIVEPATCH + *(.bss.*) +#endif . = ALIGN(POINTER_ALIGN); __bss_end = .; } :text diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index 83def6541e..81bb608151 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -88,6 +88,9 @@ SECTIONS *(.text.cold) *(.text.unlikely) +#ifdef CONFIG_LIVEPATCH + *(.text.*) +#endif *(.fixup) *(.gnu.warning) _etext = .; /* End of text section */ @@ -292,6 +295,9 @@ SECTIONS *(.data) *(.data.rel) *(.data.rel.*) +#ifdef CONFIG_LIVEPATCH + *(.data.*) +#endif CONSTRUCTORS } PHDR(text) @@ -308,6 +314,9 @@ SECTIONS . = ALIGN(SMP_CACHE_BYTES); __per_cpu_data_end = .; *(.bss) +#ifdef CONFIG_LIVEPATCH + *(.bss.*) +#endif . = ALIGN(POINTER_ALIGN); __bss_end = .; } PHDR(text) diff --git a/xen/common/Kconfig b/xen/common/Kconfig index 6443943889..2423d9f490 100644 --- a/xen/common/Kconfig +++ b/xen/common/Kconfig @@ -353,7 +353,9 @@ config CRYPTO config LIVEPATCH bool "Live patching support" default X86 - depends on "$(XEN_HAS_BUILD_ID)" = "y" + depends on "$(XEN_HAS_BUILD_ID)" = "y" && \ + $(cc-option,-ffunction-sections) && \ + $(cc-option,-fdata-sections) ---help--- Allows a running Xen hypervisor to be dynamically patched using binary patches without rebooting. This is primarily used to binarily -- 2.34.1

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.