[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
XTF-on-ARM: Bugs
- To: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Bertrand Marquis <Bertrand.Marquis@xxxxxxx>, Michal Orzel <Michal.Orzel@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Christopher Clark <christopher.w.clark@xxxxxxxxx>, Daniel Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxx>
- From: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
- Date: Tue, 21 Jun 2022 11:27:58 +0000
- Accept-language: en-GB, en-US
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=u8556xLAMsr8uHWJ+izrfsE9G6zlPFgFu8jWVd56LJs=; b=CYpydZ66i7rVFRrmMafeqcDEi1eG4tNDGMu1cC5AWIG9b2vBz1huERS2UssrTQtW4W8gD1cKTACP97f3b7+mH/4QRl7Xy/JH+vQia1TwZvchn5E4BdjOob/8kvLSG9GUGbe/iTqt2jqslQhbyLtdJKXVwYHdf0qagajQCLfimYIVMmW/95+kiSuc+LUgnmUDJOquShGetK4Ttymi3UsjvUyc03A+6uxUtWEMpzd5zWjnIQE6UHcKVYE3YWoHhzvXaYaujloMvoVId+Gg+LpOA3PwksS2JUQNJYGAj18xOiUgYgPPlBYGDTO8sFdhfEoYS9UfFeciIcS6kRye1j6HTg==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=D0SGRcsy41tH3CYEscGrLHvTUDNRs828AOL5sTuy7Pe49o2+C6E2vyujLVQFY4UfV7e8OwfK3NhTGHfORJECT0HqJm7xpfVGcU+JX3GWKICwgfKpDFGtvOZPg68LGo94eZbiJ1ftY09ML8kld0jvzbePSLL+HsQFoPadrsTMYo3ZLhiKsZls2qc2x1TzjRWOpEi/AfMe8J4KVHrdA8V/HuWE8+k3Ze4cdv1/Xk48z42O6xvYNnHsG/ahM/HMKroVB4JdomE49EHkN3Y3iqswXC0D9CjYQqB5jW7P6OIKY+nr5WroRzGJEwn4ddvK/++XMaLbEHF3SIgL2ipIoYNaeg==
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
- Delivery-date: Tue, 21 Jun 2022 11:28:32 +0000
- Ironport-data: A9a23:56byVKBtiVI8wxVW/9Tjw5YqxClBgxIJ4kV8jC+esTYN5kpmgnZD0 zNdBG+CJ7zOJzDoOJArK70CxjoH6JfWz95hT1FprClgRi8R8pOZDN7IIkv+Y36fccPORRo3s poUMofOIs04E3TQqEykaum4pCMhif+FT+bwVb6UUswdqWGIbQ944f40s7Fj39Qw6TTAPz6wh T+bT6MzUne51iVod2sO7vnZ7Qhzof63oyIdpTTSDthH5w/Sm3dJVMkTfqrodnemGtFYQ+KzH befl+Dn8z+JpB1wBo+uyr33KBBVGO+JYVXQ2yUOUaGsjxJMrXQ8g6oyXBZwhSm7rh3Q9zwm4 IoX7cDgIetQApDxpQg9b/V5OyolN6YbpeTKfSPhvMCakxzNKirgya8zBkg/YdZDo78mUD1Cr fAWFmsAP0uJ7w6ULBNXaQXOauALdpSD0FY34yk4pd3hJa96B8iFGc0m3PcAtNsKrpkm8c32O oxIM1KDUDyaO0cVYglNUcpn9AuVriKXnwNw+Qr9SZUfuwA//CQpuFQ6GIOIEjAibZw9cnew/ goqzUygav0pHIX3JQ6+2mCtnofycRbTA+r+IlEaGslC2zV/zkRLYPEfuMDSTfOR0iZSUPoHQ 6AYF7ZHQQHfOyVHQ/GkNyBUrkJosTYlRtNcH98ozTqD6YfR6TuQH3MoSWd4PYlOWM8eHVTG1 3evtvawXXlFluLQTniQsLCJsTm1JC4Za3cYYjMJRhcE5N+lp5wvihXITZBoF6vdYt/dQGmsh WzV6ndmwexL3Kbn1I3ilbzDqxuqqoLEUUge4QLPU3j+xgh4eJSkd8qj7l2zAfNoc9rBEQja5 SNsd8621+Y8MNaEvh60HdoAFuyA6/2VKT3djgs6d3Um33H3k5K5RqhA7Tc7KEp3P8IsfT7yf FSVqQ5X/IVUPnahcelweY3ZI+4n17T6HNLpENXddMNTY4NZfRWCuippYCa4+mHmkEEo14YlK 5qfWc+2CDARDqEP5DirQ+YQ15c7yyZ4wnncLbjg1Aiu27eaYH+TSJ8GPUGIY+R/67mLyC3r9 NJYO9qP2g9oeuT0aSnK8qYeNVkPa3M8APjeoMxNd/WfJRJmFXtnFLnaxbo7eKRqmq1UkqHD+ XTVckNA01/+mX3vIB2HcGx+c6joWYtjrHU9JmonOlPA5pQ4SYOm7aNafZ1oe7AirbRn1aQtF 6hDfNicCPNSTDiB4y4acZT2sI1lclKsmB6KOC2mJjM4evaMWjD0xzMtRSO3nAFmM8Z9nZJWT 2GIvu8Dfac+eg==
- Ironport-hdrordr: A9a23:Zz+RCKu/XQArgO9yPcbjaKzQ7skC+IMji2hC6mlwRA09TyXGra +TdaUguSMc1gx9ZJh5o6H5BEGBKUmsl6KdkrNhRotKPTOW81dAQ7sSi7cKrweBJ8SczJ8W6U 4DSdkGNDSYNzET5qyVgTVUC+xQh+VvmJrYwds2pE0dKD2CHpsQiDuRfTzrdnGeKjM2ZqYRJd 653I5qtjCgcXMYYoCQHX8eRdXOoNXNidbPfQMGLwRP0njCsRqYrJrBVzSI1BYXVD1ChZ0493 LergD/7qK/99mm1x7n0XPJ5Zg+oqqs9jIDPr3CtiEmEESstu+aXvUgZ1REhkF3nAib0idlrD ALmWZjAy080QKVQoj/m2qW5+Cp6kdS15aq8y7lvVLz5cP+Xz40EMxHmMZQdQbY8VMpuJVm3L tMxH/xjesgMfpuplWM2zHkbWAfqqOPmwtUrQfTtQ0tbaIOLLtK6YAP9kJcF5kNWCr89YA8Ce FrSMXR/uxff1+WZ23Q+jAH+q3lYl0jWhOdBkQSsM2c1DZb2Hh/0ksD3cQa2nMN7og0RZVI7/ nNdq5oiLZNRMkLar8VPpZJfeKnTmjWBR7cOmObJlrqUKkBJnLWspbypK444em7EaZ4uafaWK 6xIm+wmVRCBX4GU/f+o6Gj2iq9MVmAYQ==
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
- Thread-index: AQHYhWH1+fjNtvukV0adEqGEdTB7sg==
- Thread-topic: XTF-on-ARM: Bugs
Hello,
I tried to have a half hour respite from security and push forward with XTF-on-ARM, but the result was a mess.
https://github.com/andyhhp/xtf/commit/bc86e2d271f2107da9b1c9bc55a050dbdf07c6c6 is the absolute bare minimum stub VM, which has a zImage{32,64}
header, sets up the stack, makes one
CONSOLEIO_write hypercall, and then a clean SCHEDOP_shutdown.
There are some bugs:
1) kernel_zimage32_probe() rejects relocatable binaries, but if I skip the check it works fine.
Furthermore, kernel_zimage64_probe() ignores the header and assumes the binary is relocatable. Both probe functions fail to check the endianness marker.
2) I'm using qemu-system-arm 4.2.1 (Debian 1:4.2-3ubuntu6.21), with some parameters cribbed from the Gitlab CI smoke test, but ctxt_switch_to() exploded with undef on:
WRITE_CP32(n->arch.joscr, JOSCR);
WRITE_CP32(n->arch.jmcr, JMCR);
I'm not sure what these are (beyond Jazelle conf register), but I commented them out and it made further progress. I have no idea if this is a Xen bug, qemu bug, or user error, but something is clearly wrong here.
3) For test-arm64-stub, I get this:
(XEN) d0: extended region 1: 0x70000000->0x80000000
(XEN) Loading zImage from 0000000048000000 to 0000000050000000-0000000050001012
(XEN) Loading d0 DTB to 0x0000000058000000-0x0000000058001c85
...
(XEN) *** Serial input to DOM0 (type 'CTRL-a' three times to switch input)
(XEN) Freed 324kB init memory.
(XEN) *** Got CONSOLEIO_write (18 bytes)
Hello from ARM64
(XEN) *** CONSOLEIO_write done
(XEN) arch/arm/traps.c:2054:d0v0 HSR=0x000000939f0045 pc=0x00000050000098 gva=0x80002ffc gpa=0x00000080002ffc
qemu-system-aarch64: terminating on signal 2
i.e. the CONSOLEIO_write hypercall completes successfully, but a trap occurs before the SCHEDOP_shutdown completes. The full (tiny) binaries are attached, but it seems to be faulting on:
40000098: b81fcc3f str wzr, [x1, #-4]!
which (I think) is the store of 0 to the stack for the schedop shutdown reason.
4) For test-arm32-stub under either the 32bit or 64bit Xen, I get:
(XEN) Freed 348kB init memory.
(XEN) *** Got CONSOLEIO_write (18 bytes)
(XEN) *** got fault
(XEN) *** Got SCHEDOP_shutdown, 0
(XEN) Hardware Dom0 halted: halting machine
which is weird. The CONSOLEIO_write fails to read the passed pointer, despite appearing to have a ip-relative load to find the string, while the SCHEDOP_shutdown passes its parameter fine (it's a stack relative load).
Other observations:
* There is no documented vCPU starting state.
* Qemu is infinitely easier to to use (i.e. no messing with dtb/etc) as -kernel xen -initrd test-$foo with a oneliner change to the dtb parsing to treat ramdisk and no kernel as the dom0 kernel. Maybe a better change would be to modify qemu to understand multiple
-kernel's.
* Xen can't load ELFs.
Some of these bugs might be mine, but at a minimum 1 is a bug in Xen and needs fixing. Any ideas?
~Andrew
Attachment:
test-arm64-stub-syms
Description: test-arm64-stub-syms
Attachment:
test-arm32-stub-syms
Description: test-arm32-stub-syms
|
