Received: by 2002:a89:48b:0:b0:1f5:f2ab:c469 with SMTP id a11csp674895lqd; Wed, 24 Apr 2024 13:25:16 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCU6vbYHZ/jJ7dv+lTiAXPOENu9BP0o9xldj8qBehvwwWrqjCJc79hl8RKMg38znOimeTL/ZSa97YDCntT/ctJtHi3W0SifVhu7T0r2ZEg== X-Google-Smtp-Source: AGHT+IHTzJaoGR6Ywk9mJkqeH0IYlCqtEFbU2bLpDcO7H0jWBFFQqBCH5m85QBt8r0tNPu8gf7gC X-Received: by 2002:ac2:5548:0:b0:51b:f9e4:7456 with SMTP id l8-20020ac25548000000b0051bf9e47456mr1861198lfk.20.1713990316369; Wed, 24 Apr 2024 13:25:16 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1713990316; cv=pass; d=google.com; s=arc-20160816; b=KVPeQIIUxPBV7pl/Z1zP1oWMKjWmwFs69TI72B2TYnYbD3pOr7n4GtBz6QqiQ1Fg7A iXkRfwAXv4VdNFNauS1pkP9AjuAhCkKQn0yTQ02nY7sHf1HtOwHu7sq8oimyKRrLvGun QsJ/qIskOiTIJmCn+GcqJDsDHrJyGqW1ZejCr6hOmfhUpHRv1E//SvdpZkwRyg3pKVEx 3BDEZ9HADKkBoscVrRBVwDRkNiLCc9mbTIsxnImrHezhsVsziRYKIVqhKsfXsZGt2hwN lY2FhYcH4m8GjD4UCRzvY7KwJEapz+1yervyFGSM2BTOeC5ld4Ycr2Or0AYPhghvFyBz yHJg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=subject:mime-version:list-unsubscribe:list-subscribe:list-id :precedence:user-agent:message-id:in-reply-to:date:references:cc:to :from; bh=QGB3Hm5N9tIt/JopFuN5abL1qbtrIgZ1FufbserQwyU=; fh=vOovI0+ArqW+RGXG7ZkYYlFyOYMXXHNU+S2hBruyUwc=; b=lx0k89rfdlzq5PWWAP/U8EqXSdYk5UJ5YIzVdzydX/++9HMPw81sUogyJpvUMquJQ0 leYfJTqMd5RI0dKLXXD5GsT2iKt9hXZOIzwdCi10MITGhYZJc9Y4qoMUSbrSRCOtiR8b dTFG4MlCEnL7UE+IPtT3ONMOjl6i5wO3URVp1389D6KVZnD/NxkaJX+lfQabsnRr2ana iBdCScZfK6a/S7tfxKuZfj0YgkGZ5/Bh6UFR5ezEsc3SvFRzdau+bBXetHCgu92JnP6P 5Gpu88th2KPX4sBYMmMPP76ACKXcirPERv12w260Sazbqq/GspGAZgEVfQ/acDI3YLpf fl9Q==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=xmission.com dmarc=pass fromdomain=xmission.com); spf=pass (google.com: domain of linux-kernel+bounces-157681-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-157681-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=xmission.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id g2-20020a50d5c2000000b005722434f632si2257788edj.565.2024.04.24.13.25.16 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Apr 2024 13:25:16 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-157681-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=xmission.com dmarc=pass fromdomain=xmission.com); spf=pass (google.com: domain of linux-kernel+bounces-157681-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-157681-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=xmission.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id E74B41F244ED for ; Wed, 24 Apr 2024 20:25:15 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id DFF1D13DDAA; Wed, 24 Apr 2024 20:25:11 +0000 (UTC) Received: from out01.mta.xmission.com (out01.mta.xmission.com [166.70.13.231]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 68E6313A3E6 for ; Wed, 24 Apr 2024 20:25:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=166.70.13.231 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713990311; cv=none; b=rH1aSE3hOQVgoxj9jhLq5Ib3Fq3wcAw/n3oto24TiWXP2U012ZmNzYl3AFNifjbrmkfNrxY0bSTiTKF5eMNkXKOYywCzXZqRpZUEI0+tRPYFGD9dexfaNIz0llLESSt7RtO6YSBtGG5WSu61oksTtOp8GNs7/xeZHI8v3rmK438= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713990311; c=relaxed/simple; bh=lHySUGua+4sJCvnfPToabXRHDk6ZdvTCJDMOG0eaCJo=; h=From:To:Cc:References:Date:In-Reply-To:Message-ID:MIME-Version: Content-Type:Subject; b=cwL1sfCZZ+vZgUNtoGqr0y+EbeZajZSdWbIrjWHleLQI839bFiaCOm+2q7xx7E10jc+snSChaf40Y65pvkT9Nn7GpWuNBVbBT9DUz7psl99yn7am71rHoLBh7sPCG1PTtqa0W3rxMfYY6jpbxr/H/xdPKnOlnfvR9T9h9Gt5Ou4= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=xmission.com; spf=pass smtp.mailfrom=xmission.com; arc=none smtp.client-ip=166.70.13.231 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=xmission.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=xmission.com Received: from in02.mta.xmission.com ([166.70.13.52]:44578) by out01.mta.xmission.com with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.93) (envelope-from ) id 1rzir3-00CtOb-8V; Wed, 24 Apr 2024 14:04:33 -0600 Received: from ip68-227-168-167.om.om.cox.net ([68.227.168.167]:56944 helo=email.froward.int.ebiederm.org.xmission.com) by in02.mta.xmission.com with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.93) (envelope-from ) id 1rzir2-00BaKD-48; Wed, 24 Apr 2024 14:04:32 -0600 From: "Eric W. Biederman" To: Ard Biesheuvel Cc: linux-kernel@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , Arnd Bergmann , kexec@lists.infradead.org, Nathan Chancellor , Nick Desaulniers , Kees Cook , Bill Wendling , Justin Stitt , Masahiro Yamada References: <20240424155309.1719454-11-ardb+git@google.com> Date: Wed, 24 Apr 2024 15:04:02 -0500 In-Reply-To: <20240424155309.1719454-11-ardb+git@google.com> (Ard Biesheuvel's message of "Wed, 24 Apr 2024 17:53:10 +0200") Message-ID: <87bk5yv87h.fsf@email.froward.int.ebiederm.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain X-XM-SPF: eid=1rzir2-00BaKD-48;;;mid=<87bk5yv87h.fsf@email.froward.int.ebiederm.org>;;;hst=in02.mta.xmission.com;;;ip=68.227.168.167;;;frm=ebiederm@xmission.com;;;spf=pass X-XM-AID: U2FsdGVkX1/ePpyQ5pyFK6twschP4ln4lEVPApbMIwA= X-SA-Exim-Connect-IP: 68.227.168.167 X-SA-Exim-Mail-From: ebiederm@xmission.com X-Spam-Level: * X-Spam-Virus: No X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.4833] * 1.5 XMNoVowels Alpha-numberic number with no vowels * 0.0 T_TM2_M_HEADER_IN_MSG BODY: No description available. * -0.0 DCC_CHECK_NEGATIVE Not listed in DCC * [sa03 1397; Body=1 Fuz1=1 Fuz2=1] * 0.4 FVGT_m_MULTI_ODD Contains multiple odd letter combinations X-Spam-DCC: XMission; sa03 1397; Body=1 Fuz1=1 Fuz2=1 X-Spam-Combo: *;Ard Biesheuvel X-Spam-Relay-Country: X-Spam-Timing: total 546 ms - load_scoreonly_sql: 0.02 (0.0%), signal_user_changed: 4.0 (0.7%), b_tie_ro: 2.8 (0.5%), parse: 0.76 (0.1%), extract_message_metadata: 18 (3.3%), get_uri_detail_list: 2.9 (0.5%), tests_pri_-2000: 33 (6.1%), tests_pri_-1000: 2.1 (0.4%), tests_pri_-950: 1.12 (0.2%), tests_pri_-900: 0.81 (0.1%), tests_pri_-90: 84 (15.4%), check_bayes: 83 (15.2%), b_tokenize: 9 (1.7%), b_tok_get_all: 11 (2.0%), b_comp_prob: 2.4 (0.4%), b_tok_touch_all: 57 (10.5%), b_finish: 0.67 (0.1%), tests_pri_0: 392 (71.8%), check_dkim_signature: 0.57 (0.1%), check_dkim_adsp: 3.0 (0.6%), poll_dns_idle: 0.79 (0.1%), tests_pri_10: 1.67 (0.3%), tests_pri_500: 6 (1.1%), rewrite_mail: 0.00 (0.0%) Subject: Re: [RFC PATCH 0/9] kexec x86 purgatory cleanup X-SA-Exim-Version: 4.2.1 (built Sat, 08 Feb 2020 21:53:50 +0000) X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com) Ard Biesheuvel writes: > From: Ard Biesheuvel > > The kexec purgatory is built like a kernel module, i.e., a partially > linked ELF object where each section is allocated and placed > individually, and all relocations need to be fixed up, even place > relative ones. > > This makes sense for kernel modules, which share the address space with > the core kernel, and contain unresolved references that need to be wired > up to symbols in other modules or the kernel itself. > > The purgatory, however, is a fully linked binary without any external > references, or any overlap with the kernel's virtual address space. So > it makes much more sense to create a fully linked ELF executable that > can just be loaded and run anywhere in memory. It does have external references that are resolved when it is loaded. Further it is at least my impression that non-PIC code is more efficient. PIC typically requires silly things like Global Offset Tables that non-PIC code does not. At first glance this looks like a code passivization. Now at lot of functionality has been stripped out of purgatory so maybe in it's stripped down this make sense, but I want to challenge the notion that this is the obvious thing to do. > The purgatory build on x86 has already switched over to position > independent codegen, which only leaves a handful of absolute references, > which can either be dropped (patch #3) or converted into a RIP-relative > one (patch #4). That leaves a purgatory executable that can run at any > offset in memory with applying any relocations whatsoever. I missed that conversation. Do you happen to have a pointer? I would think the 32bit code is where the PIC would be most costly as the 32bit x86 instruction set predates PIC being a common compilation target. > Some tweaks are needed to deal with the difference between partially > (ET_REL) and fully (ET_DYN/ET_EXEC) linked ELF objects, but with those > in place, a substantial amount of complicated ELF allocation, placement > and patching/relocation code can simply be dropped. Really? As I recall it only needed to handle a single allocation type, and there were good reasons (at least when I wrote it) to patch symbols. Again maybe the fact that people have removed 90% of the functionality makes this make sense, but that is not obvious at first glance. > The last patch in the series removes this code from the generic kexec > implementation, but this can only be done once other architectures apply > the same changes proposed here for x86 (powerpc, s390 and riscv all > implement the purgatory using the shared logic) > > Link: https://lore.kernel.org/all/CAKwvOd=3Jrzju++=Ve61=ZdeshxUM=K3-bGMNREnGOQgNw=aag@mail.gmail.com/ > Link: https://lore.kernel.org/all/20240418201705.3673200-2-ardb+git@google.com/ > > Cc: Arnd Bergmann > Cc: Eric Biederman > Cc: kexec@lists.infradead.org > Cc: Nathan Chancellor > Cc: Nick Desaulniers > Cc: Kees Cook > Cc: Bill Wendling > Cc: Justin Stitt > Cc: Masahiro Yamada > > Ard Biesheuvel (9): > x86/purgatory: Drop function entry padding from purgatory > x86/purgatory: Simplify stack handling > x86/purgatory: Drop pointless GDT switch > x86/purgatory: Avoid absolute reference to GDT > x86/purgatory: Simplify GDT and drop data segment > kexec: Add support for fully linked purgatory executables > x86/purgatory: Use fully linked PIE ELF executable > x86/purgatory: Simplify references to regs array > kexec: Drop support for partially linked purgatory executables > > arch/x86/include/asm/kexec.h | 8 - > arch/x86/kernel/kexec-bzimage64.c | 8 - > arch/x86/kernel/machine_kexec_64.c | 127 ---------- > arch/x86/purgatory/Makefile | 17 +- > arch/x86/purgatory/entry64.S | 96 ++++---- > arch/x86/purgatory/setup-x86_64.S | 31 +-- > arch/x86/purgatory/stack.S | 18 -- > include/asm-generic/purgatory.lds | 34 +++ > kernel/kexec_file.c | 255 +++----------------- > 9 files changed, 125 insertions(+), 469 deletions(-) > delete mode 100644 arch/x86/purgatory/stack.S > create mode 100644 include/asm-generic/purgatory.lds Eric