Port-xen archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Avoiding RWX segments in XEN3_DOM0/XEN3_DOMU kernels

On Sat, Oct 21, 2023 at 05:57:56PM +0200, Martin Husemann wrote:
> On Sat, Oct 21, 2023 at 05:37:01PM +0200, Manuel Bouyer wrote:
> > Doens't this ends up with bigger kernel images, with a hole between text,
> > rodata and data ? The hole would be a waste of ram.
> 
> There are 31 section headers, starting at offset 0x12037e0:
> 
> Section Headers:
>   [Nr] Name              Type             Address           Offset
>        Size              EntSize          Flags  Link  Info  Align
>   [ 0]                   NULL             0000000000000000  00000000
>        0000000000000000  0000000000000000           0     0     0
>   [ 1] .text             PROGBITS         ffffffff80200000  00001000
>        00000000009c8000  0000000000000000  AX       0     0     4096
>   [ 2] .rodata.hotpatch  PROGBITS         ffffffff80bc8000  009c9000
>        00000000000003f2  0000000000000000   A       0     0     1
>   [ 3] .rodata           PROGBITS         ffffffff80bc8400  009c9400
>        00000000003f5240  0000000000000000   A       0     0     64
>   [ 4] .eh_frame         PROGBITS         ffffffff80fbd640  00dbe640
>        000000000013e0e0  0000000000000000   A       0     0     8
>   [ 5] link_set_sdt[...] PROGBITS         ffffffff810fb720  00efc720
>        0000000000001930  0000000000000000   A       0     0     8
>   [ 6] link_set_sdt[...] PROGBITS         ffffffff810fd050  00efe050
>        00000000000008b0  0000000000000000   A       0     0     8
>   [ 7] link_set_modules  PROGBITS         ffffffff810fd900  00efe900
>        0000000000000838  0000000000000000   A       0     0     8
>   [ 8] link_set_evcnts   PROGBITS         ffffffff810fe138  00eff138
>        0000000000000138  0000000000000000   A       0     0     8
>   [ 9] link_set_sys[...] PROGBITS         ffffffff810fe270  00eff270
>        00000000000002c8  0000000000000000   A       0     0     8
>   [10] link_set_sdt[...] PROGBITS         ffffffff810fe538  00eff538
>        0000000000000030  0000000000000000   A       0     0     8
>   [11] link_set_acp[...] PROGBITS         ffffffff810fe568  00eff568
>        0000000000000010  0000000000000000   A       0     0     8
>   [12] link_set_domains  PROGBITS         ffffffff810fe578  00eff578
>        0000000000000058  0000000000000000   A       0     0     8
>   [13] link_set_iee[...] PROGBITS         ffffffff810fe5d0  00eff5d0
>        0000000000000020  0000000000000000   A       0     0     8
>   [14] link_set_ah_chips PROGBITS         ffffffff810fe5f0  00eff5f0
>        0000000000000038  0000000000000000   A       0     0     8
>   [15] link_set_ah_rfs   PROGBITS         ffffffff810fe628  00eff628
>        0000000000000038  0000000000000000   A       0     0     8
>   [16] link_set_dkw[...] PROGBITS         ffffffff810fe660  00eff660
>        0000000000000018  0000000000000000   A       0     0     8
>   [17] link_set_pro[...] PROGBITS         ffffffff810fe678  00eff678
>        0000000000000040  0000000000000000   A       0     0     8
>   [18] .data             PROGBITS         ffffffff810ff000  00f00000
>        000000000008efb8  0000000000000000  WA       0     0     64
>   [19] .data.cachel[...] PROGBITS         ffffffff8118dfc0  00f8efc0
>        000000000000ced8  0000000000000000  WA       0     0     64
>   [20] .data.read_mostly PROGBITS         ffffffff8119aec0  00f9bec0
>        00000000000012a8  0000000000000000  WA       0     0     32
>   [21] .bss              NOBITS           ffffffff8119d000  00f9d168
>        00000000001d7000  0000000000000000  WA       0     0     4096
>   [22] .note.netbsd[...] NOTE             ffffffff81374000  00f9d168
>        0000000000000018  0000000000000000           0     0     4
>   [23] .note.Xen         NOTE             ffffffff81374000  00f9d180
>        000000000000019c  0000000000000000           0     0     4
>   [24] .ident            PROGBITS         0000000000000000  00f9d31c
>        000000000001b592  0000000000000001  MS       0     0     1
>   [25] .comment          PROGBITS         0000000000000000  00fb88ae
>        0000000000000022  0000000000000001  MS       0     0     1
>   [26] .SUNW_ctf         PROGBITS         0000000000000000  00fb88d0
>        00000000000aacdb  0000000000000000           0     0     4
>   [27] .gnu_debuglink    PROGBITS         0000000000000000  010635ac
>        000000000000001c  0000000000000000           0     0     4
>   [28] .symtab           SYMTAB           0000000000000000  010635c8
>        00000000000f6120  0000000000000018          29   22739     8
>   [29] .strtab           STRTAB           0000000000000000  011596e8
>        00000000000a9f1e  0000000000000000           0     0     1
>   [30] .shstrtab         STRTAB           0000000000000000  01203606
>        00000000000001d4  0000000000000000           0     0     1
> Key to Flags:
>   W (write), A (alloc), X (execute), M (merge), S (strings), I (info),
>   L (link order), O (extra OS processing required), G (group), T (TLS),
>   C (compressed), x (unknown), o (OS specific), E (exclude),
>   D (mbind), l (large), p (processor specific)
> 
> 
> > Note that this won't change much things in practice: Xen loads this as a
> > single large blob mapped read/write, and the NetBSD bootstrap remaps
> > it RX, RO or RW based on __rodata_start and __data_start
> 
> How about putting it all in a RX segment then?

This could work; unless Xen decides to map everything R/O at startup


-- 
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
     NetBSD: 26 ans d'experience feront toujours la difference
--
Home | Main Index | Thread Index | Old Index