| Message ID | 8211c633eb5dceeabee2996a4db91cd971cf7c77.1671098103.git.baskov@ispras.ru |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:adf:e747:0:0:0:0:0 with SMTP id c7csp325922wrn;
Thu, 15 Dec 2022 04:39:29 -0800 (PST)
X-Google-Smtp-Source:
AA0mqf6xZRZUMYiAt/BUQif+hg0x/nooZgLeiTNpP+nJ77rExzvIX/J90h9x70BdhXwC9ciHOPGc
X-Received: by 2002:a17:902:b08b:b0:188:6ab3:20c with SMTP id
p11-20020a170902b08b00b001886ab3020cmr28473856plr.34.1671107969555;
Thu, 15 Dec 2022 04:39:29 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1671107969; cv=none;
d=google.com; s=arc-20160816;
b=X5UsDItaoPNDtgIL4pzj0IvRZ07ka1MXZKM+jgZJVcfhz+X5W4PlkFxgZdv1weusLw
J1Y7Yok9qMS2U/YTF5oLvJ0v5eNyAlUUN7QL5676uhYG/EZ+hnpWDsZWJ3au/5FuHXvo
C1cnDkDbTj/S+2N9blb/eBSdEV+Ak0py3lUxR+xVEvtzwJAlY0K7VpRo710gGdtypG+C
NTE+UeCKNmmN0Yam8rsKuWmvPypAD+PZWCRdbu0nYsv6pK3+DJms++jt1+wXi7VwAEE8
iGWlMyKtH8ekzYffuuCsNnBjCoOYrp5tptiQMxwF8jTMlKtXRegMpdUlCQFRMfPp+Gdq
5hug==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:references:in-reply-to:message-id:date:subject:cc:to:from
:dkim-signature:dkim-filter;
bh=HCT9Bqc8AfDy32Gy69bG6cmksbJB19vhwIjrpscg4oM=;
b=D8FQ927/UMnxfWX+MBEZVhcUypxQ5vSKUkxrV7Vex0cPvzbUAikeAMYas98VLH0o9a
gWUPMdNYKZKuBIKGviQJmsiiGGKe3vERcT9itgHWiQQgi2tgkAVNr7NpDozEZ96WFd69
AKQasVvNFgpXe6ZJWkyAfYan4+ZRMSvaxWzrjNgpehHBRH45rgjqauLAXYZnfa0nH23K
1pdCdgESirjzq2kWz76eAt5eOOMsu96aJ1VDRxt1tGsxYbi/tf3UFEcRSZUz/nagJGZR
IFDoaZ0DvBQbvAs/cSEP3JuF8H1FGkPV4FeYvi78avQl1zfTCu9JSNtOeZ8ssitqpdBu
4eBA==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@ispras.ru header.s=default header.b=Me3K4RFI;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ispras.ru
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
q18-20020a170902dad200b001769e08c554si6717989plx.545.2022.12.15.04.39.16;
Thu, 15 Dec 2022 04:39:29 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@ispras.ru header.s=default header.b=Me3K4RFI;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ispras.ru
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S229838AbiLOMjA (ORCPT <rfc822;jeantsuru.cumc.mandola@gmail.com>
+ 99 others); Thu, 15 Dec 2022 07:39:00 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53610 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S229734AbiLOMii (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Thu, 15 Dec 2022 07:38:38 -0500
Received: from mail.ispras.ru (mail.ispras.ru [83.149.199.84])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 85EB12EF61;
Thu, 15 Dec 2022 04:38:25 -0800 (PST)
Received: from localhost.localdomain (unknown [83.149.199.65])
by mail.ispras.ru (Postfix) with ESMTPSA id 7A286419E9FF;
Thu, 15 Dec 2022 12:38:21 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 mail.ispras.ru 7A286419E9FF
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ispras.ru;
s=default; t=1671107901;
bh=HCT9Bqc8AfDy32Gy69bG6cmksbJB19vhwIjrpscg4oM=;
h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
b=Me3K4RFI3zOA+GEY6O/L53J/ZrEO+4P8JYlfVVmXXeNKMCC2nO5F7oaz8/MYBxNGG
lFKG/klJA8o6F/rS9L36xr7uqv2cEdd/7oSnSryOLpV3KICuw61yK8utNQkWMIWvc3
gzxB2OYv8tSToGikokKrEKkxcc70QOS05hjM9il8=
From: Evgeniy Baskov <baskov@ispras.ru>
To: Ard Biesheuvel <ardb@kernel.org>
Cc: Evgeniy Baskov <baskov@ispras.ru>, Borislav Petkov <bp@alien8.de>,
Andy Lutomirski <luto@kernel.org>,
Dave Hansen <dave.hansen@linux.intel.com>,
Ingo Molnar <mingo@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
Thomas Gleixner <tglx@linutronix.de>,
Alexey Khoroshilov <khoroshilov@ispras.ru>,
Peter Jones <pjones@redhat.com>,
"Limonciello, Mario" <mario.limonciello@amd.com>,
joeyli <jlee@suse.com>, lvc-project@linuxtesting.org,
x86@kernel.org, linux-efi@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org
Subject: [PATCH v4 01/26] x86/boot: Align vmlinuz sections on page size
Date: Thu, 15 Dec 2022 15:37:52 +0300
Message-Id:
<8211c633eb5dceeabee2996a4db91cd971cf7c77.1671098103.git.baskov@ispras.ru>
X-Mailer: git-send-email 2.37.4
In-Reply-To: <cover.1671098103.git.baskov@ispras.ru>
References: <cover.1671098103.git.baskov@ispras.ru>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS
autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1752283710289349947?=
X-GMAIL-MSGID: =?utf-8?q?1752283710289349947?=
|
| Series |
x86_64: Improvements at compressed kernel stage
|
|
Commit Message
Evgeniy Baskov
Dec. 15, 2022, 12:37 p.m. UTC
To protect sections on page table level each section needs to be aligned on page size (4KB). Set sections alignment in linker script. Tested-by: Mario Limonciello <mario.limonciello@amd.com> Tested-by: Peter Jones <pjones@redhat.com> Signed-off-by: Evgeniy Baskov <baskov@ispras.ru> --- arch/x86/boot/compressed/vmlinux.lds.S | 6 ++++++ 1 file changed, 6 insertions(+)
Comments
On Thu, 15 Dec 2022 at 13:38, Evgeniy Baskov <baskov@ispras.ru> wrote: > > To protect sections on page table level each section > needs to be aligned on page size (4KB). > > Set sections alignment in linker script. > > Tested-by: Mario Limonciello <mario.limonciello@amd.com> > Tested-by: Peter Jones <pjones@redhat.com> > Signed-off-by: Evgeniy Baskov <baskov@ispras.ru> > --- > arch/x86/boot/compressed/vmlinux.lds.S | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/arch/x86/boot/compressed/vmlinux.lds.S b/arch/x86/boot/compressed/vmlinux.lds.S > index 112b2375d021..6be90f1a1198 100644 > --- a/arch/x86/boot/compressed/vmlinux.lds.S > +++ b/arch/x86/boot/compressed/vmlinux.lds.S > @@ -27,21 +27,27 @@ SECTIONS > HEAD_TEXT > _ehead = . ; > } > + . = ALIGN(PAGE_SIZE); > .rodata..compressed : { > + _compressed = .; > *(.rodata..compressed) Can you just move this bit into the rodata section below? > + _ecompressed = .; > } > + . = ALIGN(PAGE_SIZE); > .text : { Please use .text : ALIGN(PAGE_SIZE) { which marks the section as being page aligned, rather than just being placed on a 4k boundary. > _text = .; /* Text */ > *(.text) > *(.text.*) > _etext = . ; > } > + . = ALIGN(PAGE_SIZE); > .rodata : { > _rodata = . ; > *(.rodata) /* read-only data */ > *(.rodata.*) > _erodata = . ; > } > + . = ALIGN(PAGE_SIZE); > .data : { > _data = . ; > *(.data) > -- > 2.37.4 >
On 2023-03-10 17:43, Ard Biesheuvel wrote: > On Thu, 15 Dec 2022 at 13:38, Evgeniy Baskov <baskov@ispras.ru> wrote: >> >> To protect sections on page table level each section >> needs to be aligned on page size (4KB). >> >> Set sections alignment in linker script. >> >> Tested-by: Mario Limonciello <mario.limonciello@amd.com> >> Tested-by: Peter Jones <pjones@redhat.com> >> Signed-off-by: Evgeniy Baskov <baskov@ispras.ru> >> --- >> arch/x86/boot/compressed/vmlinux.lds.S | 6 ++++++ >> 1 file changed, 6 insertions(+) >> >> diff --git a/arch/x86/boot/compressed/vmlinux.lds.S >> b/arch/x86/boot/compressed/vmlinux.lds.S >> index 112b2375d021..6be90f1a1198 100644 >> --- a/arch/x86/boot/compressed/vmlinux.lds.S >> +++ b/arch/x86/boot/compressed/vmlinux.lds.S >> @@ -27,21 +27,27 @@ SECTIONS >> HEAD_TEXT >> _ehead = . ; >> } >> + . = ALIGN(PAGE_SIZE); >> .rodata..compressed : { >> + _compressed = .; >> *(.rodata..compressed) > > Can you just move this bit into the rodata section below? I don't think that easily possible, as the layout need to stay compatible with in-place extraction for non-UEFI boot. For that execution path the code in .head.text moves everything behind it to the end of the extraction buffer and extraction code overwrites compressed kernel blob progressively during extraction. And that is why we have effectively have two code sections... > >> + _ecompressed = .; >> } >> + . = ALIGN(PAGE_SIZE); >> .text : { > > Please use > > .text : ALIGN(PAGE_SIZE) { > > which marks the section as being page aligned, rather than just being > placed on a 4k boundary. Will fix in v5. > >> _text = .; /* Text */ >> *(.text) >> *(.text.*) >> _etext = . ; >> } >> + . = ALIGN(PAGE_SIZE); >> .rodata : { >> _rodata = . ; >> *(.rodata) /* read-only data */ >> *(.rodata.*) >> _erodata = . ; >> } >> + . = ALIGN(PAGE_SIZE); >> .data : { >> _data = . ; >> *(.data) >> -- >> 2.37.4 >>
On Sat, 11 Mar 2023 at 15:30, Evgeniy Baskov <baskov@ispras.ru> wrote: > > On 2023-03-10 17:43, Ard Biesheuvel wrote: > > On Thu, 15 Dec 2022 at 13:38, Evgeniy Baskov <baskov@ispras.ru> wrote: > >> > >> To protect sections on page table level each section > >> needs to be aligned on page size (4KB). > >> > >> Set sections alignment in linker script. > >> > >> Tested-by: Mario Limonciello <mario.limonciello@amd.com> > >> Tested-by: Peter Jones <pjones@redhat.com> > >> Signed-off-by: Evgeniy Baskov <baskov@ispras.ru> > >> --- > >> arch/x86/boot/compressed/vmlinux.lds.S | 6 ++++++ > >> 1 file changed, 6 insertions(+) > >> > >> diff --git a/arch/x86/boot/compressed/vmlinux.lds.S > >> b/arch/x86/boot/compressed/vmlinux.lds.S > >> index 112b2375d021..6be90f1a1198 100644 > >> --- a/arch/x86/boot/compressed/vmlinux.lds.S > >> +++ b/arch/x86/boot/compressed/vmlinux.lds.S > >> @@ -27,21 +27,27 @@ SECTIONS > >> HEAD_TEXT > >> _ehead = . ; > >> } > >> + . = ALIGN(PAGE_SIZE); > >> .rodata..compressed : { > >> + _compressed = .; > >> *(.rodata..compressed) > > > > Can you just move this bit into the rodata section below? > > I don't think that easily possible, as the layout need > to stay compatible with in-place extraction for non-UEFI boot. > For that execution path the code in .head.text moves everything > behind it to the end of the extraction buffer and extraction > code overwrites compressed kernel blob progressively during > extraction. And that is why we have effectively have two code > sections... > A right - thanks for explaining that to me. So in the end, I think it doesn't matter in any case if we just stick to a single .text section with R-X attributes and a single .data section with RW- attributes. > > > >> + _ecompressed = .; > >> } > >> + . = ALIGN(PAGE_SIZE); > >> .text : { > > > > Please use > > > > .text : ALIGN(PAGE_SIZE) { > > > > which marks the section as being page aligned, rather than just being > > placed on a 4k boundary. > > Will fix in v5. > > > > >> _text = .; /* Text */ > >> *(.text) > >> *(.text.*) > >> _etext = . ; > >> } > >> + . = ALIGN(PAGE_SIZE); > >> .rodata : { > >> _rodata = . ; > >> *(.rodata) /* read-only data */ > >> *(.rodata.*) > >> _erodata = . ; > >> } > >> + . = ALIGN(PAGE_SIZE); > >> .data : { > >> _data = . ; > >> *(.data) > >> -- > >> 2.37.4 > >>
diff --git a/arch/x86/boot/compressed/vmlinux.lds.S b/arch/x86/boot/compressed/vmlinux.lds.S index 112b2375d021..6be90f1a1198 100644 --- a/arch/x86/boot/compressed/vmlinux.lds.S +++ b/arch/x86/boot/compressed/vmlinux.lds.S @@ -27,21 +27,27 @@ SECTIONS HEAD_TEXT _ehead = . ; } + . = ALIGN(PAGE_SIZE); .rodata..compressed : { + _compressed = .; *(.rodata..compressed) + _ecompressed = .; } + . = ALIGN(PAGE_SIZE); .text : { _text = .; /* Text */ *(.text) *(.text.*) _etext = . ; } + . = ALIGN(PAGE_SIZE); .rodata : { _rodata = . ; *(.rodata) /* read-only data */ *(.rodata.*) _erodata = . ; } + . = ALIGN(PAGE_SIZE); .data : { _data = . ; *(.data)