From: "Roger Pau Monné" <firstname.lastname@example.org> To: Jason Andryuk <email@example.com> Cc: xen-devel <firstname.lastname@example.org>, Ian Jackson <email@example.com>, Wei Liu <firstname.lastname@example.org>, Andrew Cooper <email@example.com>, George Dunlap <firstname.lastname@example.org>, Jan Beulich <email@example.com>, Julien Grall <firstname.lastname@example.org>, Stefano Stabellini <email@example.com> Subject: Re: [PATCH] libelf: improve PVH elfnote parsing Date: Tue, 18 May 2021 13:28:16 +0200 [thread overview] Message-ID: <YKOk0Jy+jD8xs0j5@Air-de-Roger> (raw) In-Reply-To: <CAKf6xpsyzazbY_mA0QtAuAqpOPkpuhjrZ1wid0khWy1urh4iBg@mail.gmail.com> On Fri, May 14, 2021 at 11:11:14AM -0400, Jason Andryuk wrote: > On Fri, May 14, 2021 at 9:50 AM Roger Pau Monne <firstname.lastname@example.org> wrote: > > > > Pass an hvm boolean parameter to the elf note parsing and checking > > routines, so that better checking can be done in case libelf is > > dealing with an hvm container. > > > > elf_xen_note_check shouldn't return early unless PHYS32_ENTRY is set > > and the container is of type HVM, or else the loader and version > > checks would be avoided for kernels intended to be booted as PV but > > that also have PHYS32_ENTRY set. > > > > Adjust elf_xen_addr_calc_check so that the virtual addresses are > > actually physical ones (by setting virt_base and elf_paddr_offset to > > zero) when the container is of type HVM, as that container is always > > started with paging disabled. > > Should elf_xen_addr_calc_check be changed so that PV operates on > virtual addresses and HVM operates on physical addresses? Right... I was aiming with getting away with something simpler and just assume phys == virt on HVM in order to avoid more complicated changes and the need to introduce new fields on the structure. > I worked on some patches for this a while back, but lost track when > other work pulled me away. I'll send out what I had, but I think I > had not tested many of the cases. Also, I had other questions about > the approach. Fundamentally, what notes and limits need to be checked > for PVH vs. PV? Those are only sanity checks to assert that the image is kind of fine, libelf also has checks when loading stuff to make sure a malicious elf payload cannot fool the loader. I'm unlikely to be able to do much work on this aside from this current patch. Thanks, Roger.
next prev parent reply other threads:[~2021-05-18 11:28 UTC|newest] Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-05-14 13:50 Roger Pau Monne 2021-05-14 15:11 ` Jason Andryuk 2021-05-14 15:17 ` [RFC PATCH 1/3] libelf: Introduce phys_kstart/end Jason Andryuk 2021-05-14 15:17 ` [RFC PATCH 2/3] libelf: Use flags to check pv or pvh in elf_xen_parse Jason Andryuk 2021-05-14 15:17 ` [RFC PATCH 3/3] libelf: PVH: only allow elf_paddr_offset of 0 Jason Andryuk 2021-05-18 11:28 ` Roger Pau Monné [this message] 2021-05-17 11:09 ` [PATCH] libelf: improve PVH elfnote parsing Jan Beulich 2021-05-18 11:22 ` Roger Pau Monné
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=YKOk0Jy+jD8xs0j5@Air-de-Roger \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --subject='Re: [PATCH] libelf: improve PVH elfnote parsing' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).