From nobody Sat May 30 11:15:11 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1780068982; cv=none; d=zohomail.com; s=zohoarc; b=fDROPZn1MGjnPv2jN1XkjOvthoC2Th700KkLpFfGfo92w+uGMbTMSBVIRRengloDU5Y3rA2HwCWiDhxyW1rX+0MnJbkozFw61gGIWMx5bLIRRIhkDDWQ2DK7KHnMZtJYipshrF9Uv+tK6Sxy4dc+7suu59jBctbGYLt4H5yRiL4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1780068982; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=d7y/l1jkvao4JMT1QOIgQemLNRAXdtSrjRi0t8AYbkM=; b=Fjo9Uzg0akFUV7D2e8wAYgfCMYZM0sdxsyZs4B2VsN9G9MwhFzVVxm1rPX7F/+LyZEIaODAouNMeEFbzguiQ3GOJgwyp4j6L5hGiQMeipir3IJNBoaYXmSweyfe5iiJ6ke9XFW00yuNFo+dQQEjjJTrW/JRvnC1yVwC1hrf6MMw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 178006898283768.7511765772474; Fri, 29 May 2026 08:36:22 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1322625.1588914 (Exim 4.92) (envelope-from ) id 1wSzFh-00044p-Qu; Fri, 29 May 2026 15:36:01 +0000 Received: by outflank-mailman (output) from mailman id 1322625.1588914; Fri, 29 May 2026 15:36:01 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wSzFh-00044i-O6; Fri, 29 May 2026 15:36:01 +0000 Received: by outflank-mailman (input) for mailman id 1322625; Fri, 29 May 2026 15:36:00 +0000 Received: from mx.expurgate.net ([195.190.135.10]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wSzFg-0003s3-Pb for xen-devel@lists.xenproject.org; Fri, 29 May 2026 15:36:00 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1wSzFg-005xlZ-6D for xen-devel@lists.xenproject.org; Fri, 29 May 2026 17:36:00 +0200 Received: from [10.42.69.12] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 6a19b25d-e002-0a2a0a5209dd-0a2a450ceb80-10 for ; Fri, 29 May 2026 17:36:00 +0200 Received: from [209.85.128.51] (helo=mail-wm1-f51.google.com) by tlsNG-d25034.mxtls.expurgate.net with ESMTPS (eXpurgate 4.56.1) (envelope-from ) id 6a19b260-62f1-0a2a450c0019-d1558033e08c-3 for ; Fri, 29 May 2026 17:36:00 +0200 Received: by mail-wm1-f51.google.com with SMTP id 5b1f17b1804b1-49050ff7cbdso66630565e9.2 for ; Fri, 29 May 2026 08:36:00 -0700 (PDT) Received: from localhost.localdomain (5.116.208.46.dyn.plus.net. [46.208.116.5]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-45ef34b834esm4196196f8f.11.2026.05.29.08.35.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 29 May 2026 08:35:59 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Authentication-Results: eu.smtp.expurgate.cloud; dkim=pass header.s=20251104 header.d=gmail.com header.i="@gmail.com" header.h="Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1780068959; x=1780673759; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=d7y/l1jkvao4JMT1QOIgQemLNRAXdtSrjRi0t8AYbkM=; b=SszpiI2364pQlPHUk2HMyfcalgxKbZBzO0QJYS4LZ5XjxuyCLjHwkHRUMyXQrCghTv ucFU2JTCtX/40iTW4uHTE2YMuoyYcWEieCLXH4OSFRXXxeTODoK+jRXz5vGk8J/0Gjtu mhgch1SSKW7omRw7P62SZ1BtjAgU2r/GfqOWbIVC36WaUFKRxWbGa5HrEk74WFkCjoWH OY4AGi3EmC5mb4GKVMvzo7taqzojNXH+s+pU2q9HzR+8mbczmVYr/x9eeWzD12PXTNl1 gOTn065L7eXvQa+KMun8Skh4f4fC3ya5Dp824OogBNmQMoKJqu/YhGd1lG3W44fSPrBf 8N2Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780068959; x=1780673759; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=d7y/l1jkvao4JMT1QOIgQemLNRAXdtSrjRi0t8AYbkM=; b=ov7V40gwkk3cm5z3FJl89MTldiFQTkVWfEA2g9rNT7wLMMljaFs5qNE2CsxBDzC21Q xqvtMn8MlQP6Wtiz6exy7tKas0NIyOJ6LopSaET4LwmPgGidGZpeWXRyk47TFGsNDC7W LhDBf4porCrFQv1ILvuKRRwPlkHyLkbWSLpYAs7xeaWise6EE2vmznP54H0wfZqUlhr5 r7qxRTVEVmbDwKgcqqPRfvJq+SCZwmQeUnhrhofWG8ufJQ0XiGmT+HrSoDSGu87pozAb V+IgAzG/neeTlVTI9LSF5kzKjXajte+qxe+KuDWZGDQ835KIFGQaPrq5wIhSfGNAApzw 4wEQ== X-Gm-Message-State: AOJu0Yw84hFq49HNi2LD4fTz3exn3kujJXbP385c8zTG+9YOWwXENAys +VGyK704IVkaNunwpZrijI7Zd0XddXHWxz41Pmwe+Dv2tqRhPibJxgn4zYfMlKaJ X-Gm-Gg: Acq92OGt7Lrp7kJczY35DK9anyic15BzvSutGGaVmNHqCPXBYoCenpzmJPwO/Dmp1LK peazJsV4wWNi+jZ97GfNY0JV9dBRqG1zu0T2jTy/bF59WNuSx3ZzU7MfVV6wGi3Jaf7BuzxEVWQ nPNxo44cF9NK92M+b9E+M9FOavUZ27mMlPk5G/8ROnQalzjXU4SvpA0l47+297dS+SVXnaZrX8Q 5jen2Wi3xu+nV0oUtE9p4yhLtppWnDLQNZwag+J8LSLDLpOpvojVpj4YQ37ho/fGj51LE1+iZyC ZYtHRwQGE5aePbdnlyrCdul6anCCyw7qZBT7b2xgdRbml9EfaucEAZeI0In65gU0grbmPk6k+OG R0+BajxGExFWk3nH6AoEsEeGs/pjJ/5x0T+8rSiBoC76la5CJxjV+Jfof5F03vUCXtnIeCNDOgW VRpuSwgBW6DYMxYpVFQp1Fac3KmCGbFOa7B3zV86pHSHozGwD3IhZ9gHVATyA9XZ6SKedll+dVm XHh4KEzMDcy6i2WLmad02cDndiK2lkOAiWb X-Received: by 2002:a7b:c854:0:b0:490:9699:4428 with SMTP id 5b1f17b1804b1-490a2964057mr1043865e9.26.1780068959478; Fri, 29 May 2026 08:35:59 -0700 (PDT) From: Frediano Ziglio X-Google-Original-From: Frediano Ziglio To: xen-devel@lists.xenproject.org Cc: Gerald Elder-Vass , Jan Beulich , Andrew Cooper , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Teddy Astie , Anthony PERARD , Michal Orzel , Julien Grall , Stefano Stabellini , =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= , Frediano Ziglio Subject: [PATCH 1/6] Add SBAT section to the PE binary Date: Fri, 29 May 2026 16:35:26 +0100 Message-ID: <20260529153531.1341542-2-frediano.ziglio@cloud.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260529153531.1341542-1-frediano.ziglio@cloud.com> References: <20260529153531.1341542-1-frediano.ziglio@cloud.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-purgate-ID: tlsNG-d25034/1780068960-D956FCF5-82D053DB/0/0 X-purgate-type: clean X-purgate-size: 2794 X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1780068984962154100 Content-Type: text/plain; charset="utf-8" From: Gerald Elder-Vass The SBAT section provides a way for the binary to declare a generation id for its upstream source and any vendor changes applied. A compatible loader can then revoke vulnerable binaries by generation, using the binary's declared generation id(s) to determine if it is safe to load. More information about SBAT is available here: https://github.com/rhboot/shim/blob/main/SBAT.md Populate the SBAT section in the Xen binary by using the information in xen/arch/x86/sbat.csv. On XenServer, the version and release fields are populated by the spec file during the build process. Signed-off-by: Gerald Elder-Vass Signed-off-by: Frediano Ziglio --- xen/arch/x86/Makefile | 4 ++++ xen/arch/x86/xen.lds.S | 2 ++ xen/include/xen/xen.lds.h | 3 ++- 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index 47dd6c50fe..a2bdcb6f44 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -71,6 +71,7 @@ obj-$(CONFIG_TBOOT) +=3D tboot.o obj-y +=3D hpet.o obj-$(CONFIG_VM_EVENT) +=3D vm_event.o obj-y +=3D xstate.o +obj-y +=3D sbat_data.o =20 ifneq ($(CONFIG_PV_SHIM_EXCLUSIVE),y) obj-y +=3D domctl.o @@ -275,6 +276,9 @@ $(obj)/efi.lds: AFLAGS-y +=3D -DEFI $(obj)/xen.lds $(obj)/efi.lds: $(src)/xen.lds.S FORCE $(call if_changed_dep,cpp_lds_S) =20 +$(obj)/sbat_data.o: $(src)/sbat.csv + $(OBJCOPY) -I binary -O elf64-x86-64 --rename-section .data=3D.sbat,reado= nly,data,contents --add-section .note.GNU-stack=3D/dev/null $(srcdir)/sbat.= csv $@ + clean-files :=3D \ include/asm/asm-macros.* \ $(objtree)/.xen-syms.[0-9]* \ diff --git a/xen/arch/x86/sbat.csv b/xen/arch/x86/sbat.csv new file mode 100644 index 000000000000..1573604e2f10 --- /dev/null +++ b/xen/arch/x86/sbat.csv @@ -0,0 +1,1 @@ +sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index b9e888e596..c2b9b5a893 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -354,6 +354,8 @@ SECTIONS PROVIDE(ALT_START =3D 0); VIRT_START &=3D 0; ALT_START &=3D 0; + + .sbat (NOLOAD) : { *(.sbat) } #elif defined(XEN_BUILD_EFI) /* * Due to the way EFI support is currently implemented, these two symbols diff --git a/xen/include/xen/xen.lds.h b/xen/include/xen/xen.lds.h index ea11e3fb62..c9aa1b7fae 100644 --- a/xen/include/xen/xen.lds.h +++ b/xen/include/xen/xen.lds.h @@ -118,7 +118,8 @@ *(.comment.*) \ *(.note.*) #else -#define DISCARD_EFI_SECTIONS +#define DISCARD_EFI_SECTIONS \ + *(.sbat) #endif =20 /* Sections to be discarded. */ --=20 2.43.0 From nobody Sat May 30 11:15:11 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1780068989; cv=none; d=zohomail.com; s=zohoarc; b=IKTrfLuGQ8vkGUIDNoN8wMBFaaLUxXPY1LbC6tA0zljJGXX6Y83UDHevczbPOM86zJpVQkLfH4Q4FBsTM/ag2JAW5eePtIdzf1hpETCxKp16MCipFothUpWm8wc1NJ0JybjE1XBXDu8ykuhDcD8qfXKrJeJqotdxeSlsWreqaGs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1780068989; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=Zg3HXLBO+yd+ORauW4PbC9LGDAXskiNfJy3pkzAKf9E=; b=T7nhHXnesmeC3vl1xweMa2aYYjK6Px+ORG/3cYFfln4syZNwm/aBs1z2/jAgt4y15d2h01LrvSiUpwEMiXOW/QIkvU+LilZv0cYEzhd1r37nQSW9Cs4J8rMC4lh89Q9THT5gaT97GXqsbc1+IXBbkZqoEEB8umM6IQmDLvtDABw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1780068989967979.7173166594042; Fri, 29 May 2026 08:36:29 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1322626.1588923 (Exim 4.92) (envelope-from ) id 1wSzFj-0004IO-5j; Fri, 29 May 2026 15:36:03 +0000 Received: by outflank-mailman (output) from mailman id 1322626.1588923; Fri, 29 May 2026 15:36:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wSzFj-0004IF-2G; Fri, 29 May 2026 15:36:03 +0000 Received: by outflank-mailman (input) for mailman id 1322626; Fri, 29 May 2026 15:36:01 +0000 Received: from mx.expurgate.net ([195.190.135.10]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wSzFh-00044h-TC for xen-devel@lists.xenproject.org; Fri, 29 May 2026 15:36:01 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1wSzFh-005xlZ-9l for xen-devel@lists.xenproject.org; Fri, 29 May 2026 17:36:01 +0200 Received: from [10.42.69.12] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 6a19b25d-e002-0a2a0a5209dd-0a2a450ceb80-14 for ; Fri, 29 May 2026 17:36:01 +0200 Received: from [209.85.221.53] (helo=mail-wr1-f53.google.com) by tlsNG-d25034.mxtls.expurgate.net with ESMTPS (eXpurgate 4.56.1) (envelope-from ) id 6a19b260-62f1-0a2a450c0019-d155dd35e4fe-3 for ; Fri, 29 May 2026 17:36:01 +0200 Received: by mail-wr1-f53.google.com with SMTP id ffacd0b85a97d-45ef372c58aso423330f8f.0 for ; Fri, 29 May 2026 08:36:01 -0700 (PDT) Received: from localhost.localdomain (5.116.208.46.dyn.plus.net. [46.208.116.5]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-45ef34b834esm4196196f8f.11.2026.05.29.08.35.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 29 May 2026 08:35:59 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Authentication-Results: eu.smtp.expurgate.cloud; dkim=pass header.s=20251104 header.d=gmail.com header.i="@gmail.com" header.h="Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1780068960; x=1780673760; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Zg3HXLBO+yd+ORauW4PbC9LGDAXskiNfJy3pkzAKf9E=; b=q63tDZWp8SdzjKZ9vLupXnqhdYQmPNWFY4xittC1N7PP5AebdRyJAIObMdVm4AOEtA Izm6PU5xyQnZoO7So+CNAaONW8Um5SK4yikZ3A9PO97/CyMN2vyFzpXqXT8FsMkh16Au QxJtVv1u3xU5HMNse5ClqjmLFcmIIM6IEn+s3EAvHr0S16dvDUbEa8Rr/iC9YVCSDE/x y708hprYw8JeeLNAax48zN+u3UH8FMVMavK996qCzYaShK4wJtQ1ixN4GQfHXIEocKK2 hWUCEaiT/TDlSPyAWpQIL/heL/Sg617cLdb7u96UMTOaemETZoVTOlJKw8FbNr7TWoOa mGXQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780068960; x=1780673760; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=Zg3HXLBO+yd+ORauW4PbC9LGDAXskiNfJy3pkzAKf9E=; b=YW9Q+xDwHlBW/EM52Ko8kV/i82ZAbdY1Q5xBosWbU+PYpXGCBWNMYi47R4/tem7bXr VBQ6CeubYSG0m7Lygv7njIB6C4eNHsvU3Zb2xLvF4SsvnOnWJF3ojvTl6fxwj3IzzfdT JrMmglNm4r2VeDi/FXg5SrqusB6z6uVVWZ7xFaqLR1z8cCaigqKq4a4RUplwBoy5k9nL 8wInZgEV14D5mBfAh4ywx9Wvb4IQX7zv4MpgkcQmpCbu/VWZMU0CyiQ9Xs1sx4Ixqnpp BWyr/k2tnDng00DCb+NCPou1HqT1hc4m8uQ3XaK89as0z8NqZuIhEqtowpKLo1ecZ3PC 2u6g== X-Gm-Message-State: AOJu0Yzw73eI5pF9/PADeSZvuzxO3wBUEhkSMla5IlYI+gxtqGXwgx/2 Az2o0PxhThpZpIi3UBCL8BVkDtbnibOpVGjwD1v0XGlieHatMLSh7/kyOTuKUImu X-Gm-Gg: Acq92OFsq2KoQgjv31LpqjjiynIKokZpvjI7lHMFzstnVX3liATD/8tmqv9zq9SaRpI USsvkK/kBUABpAQAf9+2UNJNnMt7EfGglqwoN79YgTxFXnHwXig/YBj+cYkjpiLHO5rdvDZyWWW Sw5mySWxay60q0ea3h2GwIqN/AT7GRIxhDwbqi2W8ta36K8H2ckywWGahc2BQPnWoreLRQd12LR pwgE9p9/YsvAY9OM4vBvfzQvhO5f7JA6nwKv43TfTIrXdtaZ/NGqwnMGSs0d9ArdIPFl6ZfNPAk apPVFv7zy43TZ5bQM9qyPWxxo5oGkdafEDbcHHjN+YGJaRK8c2vMQZBaOYD6FmzAripyOJAY4+F fDH0Jx3SQa4GBx+ZkOshmHKaw19G3rPclAlslXC03jaUt0FNSlDueAk7aTFKmpBu09aqVy5WR+j DqqZaAbwR0c6LDbLv3IN/qeUOJk4C3bfL7WbK0R7TFesg82U+trqeuIylZQPonntLrhr2s+dTPp veIRfgPJ5u1zHjl69iw1uurKC6Y0bAx7ds8 X-Received: by 2002:adf:e510:0:b0:45e:f271:5019 with SMTP id ffacd0b85a97d-45ef6b1f0d2mr578264f8f.14.1780068960367; Fri, 29 May 2026 08:36:00 -0700 (PDT) From: Frediano Ziglio X-Google-Original-From: Frediano Ziglio To: xen-devel@lists.xenproject.org Cc: Frediano Ziglio , Jan Beulich , Andrew Cooper , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Teddy Astie , =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Subject: [PATCH 2/6] Align all sections to 4KB Date: Fri, 29 May 2026 16:35:27 +0100 Message-ID: <20260529153531.1341542-3-frediano.ziglio@cloud.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260529153531.1341542-1-frediano.ziglio@cloud.com> References: <20260529153531.1341542-1-frediano.ziglio@cloud.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-purgate-ID: tlsNG-d25034/1780068961-F5386CF5-ED813B1B/0/0 X-purgate-type: clean X-purgate-size: 1086 X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1780068991812158500 Content-Type: text/plain; charset="utf-8" Required by UEFI CA memory mitigation. Signed-off-by: Frediano Ziglio --- xen/arch/x86/xen.lds.S | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index c2b9b5a893..322c116a04 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -162,8 +162,8 @@ SECTIONS __note_gnu_build_id_end =3D .; } PHDR(note) PHDR(text) #elif defined(BUILD_ID_EFI) - /* Workaround bug in binutils < 2.36 */ - . =3D ALIGN(32); + /* align to satisfy UEFI CA memory mitigation */ + . =3D ALIGN(PAGE_SIZE); DECL_SECTION(.buildid) { __note_gnu_build_id_start =3D .; *(.buildid) @@ -330,6 +330,7 @@ SECTIONS __2M_rwdata_end =3D ALIGN(SECTION_ALIGN); =20 #ifdef EFI + . =3D ALIGN(PAGE_SIZE); .reloc ALIGN(4) : { __base_relocs_start =3D .; *(.reloc) @@ -355,6 +356,7 @@ SECTIONS VIRT_START &=3D 0; ALT_START &=3D 0; =20 + . =3D ALIGN(PAGE_SIZE); .sbat (NOLOAD) : { *(.sbat) } #elif defined(XEN_BUILD_EFI) /* --=20 2.43.0 From nobody Sat May 30 11:15:11 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1780068979; cv=none; d=zohomail.com; s=zohoarc; b=hYn0scN8EHjGPWU95PyrHNcvtCsIrmTDrayq/Pfr4TQo+MgvAVhooPTELmtzRF+RgyeGEeQ1UBIbtLBjZ6FFvtWKLCgJM0wEuoybXKyVX2QAIfHbReWdwZSSUQ0DeaTlG4l9zAwbYfTa8oCuGbukvOBdeO+n8NdtlFPoPYtfbUQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1780068979; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=U2VlHJG57rsaQzgMOBqSKZ1RV77ipqV8St5qs6awVP4=; b=EZxulygJzsrkvpWsdfYcYUJyX0S7kr/pZtrk8lYqTN8TgKfiy1Is+E0qgObL9spzMiPad4VWgciBeHPkkEhP8mCYSB2MHGaWY2N+HuEa7GTdxWEfGOYvm4FWMORACw2rP6pMc60E2hTCkKilaXl/BPk0yPgWtfDyTMqUdrRLq50= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1780068979103613.765021332776; Fri, 29 May 2026 08:36:19 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1322627.1588933 (Exim 4.92) (envelope-from ) id 1wSzFk-0004Vz-DC; Fri, 29 May 2026 15:36:04 +0000 Received: by outflank-mailman (output) from mailman id 1322627.1588933; Fri, 29 May 2026 15:36:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wSzFk-0004Vs-A7; Fri, 29 May 2026 15:36:04 +0000 Received: by outflank-mailman (input) for mailman id 1322627; Fri, 29 May 2026 15:36:02 +0000 Received: from mx.expurgate.net ([195.190.135.10]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wSzFi-0004Cl-Hm for xen-devel@lists.xenproject.org; Fri, 29 May 2026 15:36:02 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1wSzFh-0016pT-TZ for xen-devel@lists.xenproject.org; Fri, 29 May 2026 17:36:01 +0200 Received: from [10.42.69.6] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 6a19b253-5cb7-0a2a0a5109dd-0a2a4506e07c-28 for ; Fri, 29 May 2026 17:36:01 +0200 Received: from [209.85.221.45] (helo=mail-wr1-f45.google.com) by tlsNG-16d1c6.mxtls.expurgate.net with ESMTPS (eXpurgate 4.56.1) (envelope-from ) id 6a19b261-7371-0a2a45060019-d155dd2ddd00-3 for ; Fri, 29 May 2026 17:36:01 +0200 Received: by mail-wr1-f45.google.com with SMTP id ffacd0b85a97d-44a74032ff8so10542963f8f.1 for ; Fri, 29 May 2026 08:36:01 -0700 (PDT) Received: from localhost.localdomain (5.116.208.46.dyn.plus.net. [46.208.116.5]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-45ef34b834esm4196196f8f.11.2026.05.29.08.36.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 29 May 2026 08:36:00 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Authentication-Results: eu.smtp.expurgate.cloud; dkim=pass header.s=20251104 header.d=gmail.com header.i="@gmail.com" header.h="Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1780068961; x=1780673761; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=U2VlHJG57rsaQzgMOBqSKZ1RV77ipqV8St5qs6awVP4=; b=nyAueNjRsM/7AEHF6OPLVknduAkb+rU/4T43uHJnNP7fNXXjEY8o2pxsQrR1eH9K7J /cUV6yjI3AGtELnyarR0/ZWeLqhuoFi8HIaowLNzSuszijGqhHD5M+Jpr423GysejADt O4v9LEIMztSMmRmU0k9DyEV75m8D4uZ43C5scyZnavp4DC5pIgyBg/zAA8PxE+3t7hWq nd9rtD7ACruIVMYYTtrOqJni96JFgon/Btan0CEQ5/obopyPEKY+a2ziLkJkPwof6aHH JJqLapx9LynHrD9W8lJnm9pQX2rdNMBuauZ3eJiSGLb0cUrYYbVknutmbRBzeiYygWRt bugg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780068961; x=1780673761; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=U2VlHJG57rsaQzgMOBqSKZ1RV77ipqV8St5qs6awVP4=; b=jqy+ZKL27wliEEOhwSmZoJl5BDQ8ff6WQyU2Ilrd01nVjKEs7K88Z/zzKzgWlX1tHu JJe2+HTcGxjdrxaR2azQGxSaK+l4r18ahZxrT31DivCU8YxggJkNfKazJXB5SzJ7mRMM 3Q1OmQmVOc+pioTiQFJrk+nUDcEZuH/6T3JB5BSScuJP3hF0C5la3szBWScclp0H5y0e aF1zcRF4kXLk//9+jteU9xDtIbj3XyD2uENffbIAuA8CBmUnX+8j3P8QQhNX65c4geui Ev1+ZwJUrTz52w3piQ4F7bRrmwPsZhyrWQJEVOfmq95z/OvVx8egCZGVhAHbNIdp2cim h6Iw== X-Gm-Message-State: AOJu0YxA/MLqRI3bgKlTKl70BJm+NXqTwItFrmkk0NZfXRVbo1ZmOIW+ WAx1uuup8x66VTkpC0y5aY8KeYWFrxKRCdJe1jqF74h1Tb9qPQi1QiRp7biWcBw7 X-Gm-Gg: Acq92OGN40YKbXcMQqyaYkZ2xBgCerzK62bQTE0JY8MH7amECtwveUDPJnIVf48hcuK ivnPQDKA+EapLu/2WrOcc/10ZrSTn4fbv0VQjFACRvsy2zPbpoLhozSdn5zvAQhLK7m2XIY//u8 jG1UIuPbPChEEeHpGrJ7RrrB+k7mBx4in3ZSOJ8m0KHnvngRe9yFUsz6pkQVgKBsbxs3qbxAEfr m1nFfA6D3orZmC9VZnBSYyk7c6Bwm2oIN9qIU8ZzVIe5uLf7VyuZuFHf5eMeSAKNI4MviiAZneA DFEBCR3iup1NjqfhgZiITICo5TdPxp6RpB8MRRBK80g0A6DP7GtiZWAUUBoRTRr0j4skt/BKx6K UNBhpaEk7G/t1MkBe7gdqbEftCPaX4ZGuIQ4pIaDhXjAgaxFLSo1zCN+lLBDq1pEHVFyKZyqtUI PONcvD82SYxIc/2OOXgzfz2oBgtRWpsBSsZUolattsaHaABXBv8wavBTPuCwGtMVyug+iQz1RVA JDrymukpzJ99aEQJIsBthp/0gVzuEFzLpgY X-Received: by 2002:a5d:6f12:0:b0:45d:41e0:467b with SMTP id ffacd0b85a97d-45ef6ae9644mr615156f8f.3.1780068961218; Fri, 29 May 2026 08:36:01 -0700 (PDT) From: Frediano Ziglio X-Google-Original-From: Frediano Ziglio To: xen-devel@lists.xenproject.org Cc: =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Jan Beulich , Andrew Cooper , Teddy Astie , =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Subject: [PATCH 3/6] x86/efi: discard .text.header for PE binary Date: Fri, 29 May 2026 16:35:28 +0100 Message-ID: <20260529153531.1341542-4-frediano.ziglio@cloud.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260529153531.1341542-1-frediano.ziglio@cloud.com> References: <20260529153531.1341542-1-frediano.ziglio@cloud.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-purgate-ID: tlsNG-16d1c6/1780068961-86B75D75-43334F0C/0/0 X-purgate-type: clean X-purgate-size: 803 X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1780068980829154100 From: Roger Pau Monn=C3=A9 The multiboot headers are not consumed in the PE binary, hence discard them in the linker script when doing a PE build. That removes some relocations that otherwise appear due to the usage of the start and __efi64_mb2_start symbols in the multiboot2 header. No functional change intended. Signed-off-by: Roger Pau Monn=C3=A9 --- xen/arch/x86/xen.lds.S | 3 +++ 1 file changed, 3 insertions(+) diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index 322c116a04..907f826ae0 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -57,6 +57,9 @@ SECTIONS __image_base__ =3D .; #else . =3D __image_base__; + /DISCARD/ : { + *(.text.header) + } #endif =20 #if 0 --=20 2.43.0 From nobody Sat May 30 11:15:11 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1780068994; cv=none; d=zohomail.com; s=zohoarc; b=N7YmnOIFfZN0QYpmWCJqtYGaFRZD04D2TGwKqPC+kH9ddmJ+UXpfgXUEV+GhM1EGgcOa2okPffAljj5Ij1lk551I9AsO/ivGJsCCe0xK+0SXO6lFz0X67MysCcGXdu9gPiqOcMlc9DAF36lPIYLBVa9NQeWVt+QSRGpJ+4SnKUQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1780068994; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=Hg/OjpvMkex/VsN4w/g7ONkFyHjBg9XMQ+S/ZB+OhsE=; b=neKXrZTEuyEYInQRdqg/FSJ4I5eTElU0DShZV/aGkgNy/UMWqsaeTE9FO/xpXbn7BryzYBfSAMK28QyUoDlfaXlzi/hjwt6B+s9ufrROr3RTZnhujvRjEyroSEMwKXkvhOJmjCHdjGTOAhTjrRdUc0gxHGVhH+YAKnrqWrhk9Ao= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1780068994331689.3545135035346; Fri, 29 May 2026 08:36:34 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1322630.1588959 (Exim 4.92) (envelope-from ) id 1wSzFp-0005Ie-6K; Fri, 29 May 2026 15:36:09 +0000 Received: by outflank-mailman (output) from mailman id 1322630.1588959; Fri, 29 May 2026 15:36:09 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wSzFp-0005IP-20; Fri, 29 May 2026 15:36:09 +0000 Received: by outflank-mailman (input) for mailman id 1322630; Fri, 29 May 2026 15:36:07 +0000 Received: from mx.expurgate.net ([195.190.135.10]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wSzFn-000528-J1 for xen-devel@lists.xenproject.org; Fri, 29 May 2026 15:36:07 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1wSzFm-002zYi-W5 for xen-devel@lists.xenproject.org; Fri, 29 May 2026 17:36:07 +0200 Received: from [10.42.69.7] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 6a19b25d-2eae-0a2a0a5409dd-0a2a4507bef8-18 for ; Fri, 29 May 2026 17:36:06 +0200 Received: from [209.85.221.49] (helo=mail-wr1-f49.google.com) by tlsNG-ef75cf.mxtls.expurgate.net with ESMTPS (eXpurgate 4.56.1) (envelope-from ) id 6a19b262-229c-0a2a45070019-d155dd31ac4e-3 for ; Fri, 29 May 2026 17:36:03 +0200 Received: by mail-wr1-f49.google.com with SMTP id ffacd0b85a97d-45ef6565cfdso145168f8f.0 for ; Fri, 29 May 2026 08:36:03 -0700 (PDT) Received: from localhost.localdomain (5.116.208.46.dyn.plus.net. [46.208.116.5]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-45ef34b834esm4196196f8f.11.2026.05.29.08.36.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 29 May 2026 08:36:01 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Authentication-Results: eu.smtp.expurgate.cloud; dkim=pass header.s=20251104 header.d=gmail.com header.i="@gmail.com" header.h="Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1780068962; x=1780673762; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Hg/OjpvMkex/VsN4w/g7ONkFyHjBg9XMQ+S/ZB+OhsE=; b=W3ml5erUf2gRuY9MbN1QYL2WFx5eEHS57lG8d7jTE4PYy8QGsUzPKe0k91Vjw1Bcm7 V74JRbZgxhjK+9OP7c5SVRl80RXH3PusIvNvfqKg8RfGTqz0popi4gbDhCFJLSaUIWMn hsUTyL4kW/deRWqMcmbZ5E9b9DNRbaSrmxp5L2pUef9bUsofmUdScggC0ro5QRsUWbnM GZVVx1dWVBJjhBn6PEfbyPJrA7hiqii71TJfrq75rEZ1iCAE5d/SapF6KZtrI43HGCZk PcehbWILnCH8YxJVXtzhzQYUKUUJcUCtpU66s7c9gmIsldyzyFrFH7Q90AXTpKIpKB74 fiuw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780068962; x=1780673762; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=Hg/OjpvMkex/VsN4w/g7ONkFyHjBg9XMQ+S/ZB+OhsE=; b=JMA016Fy3nz76OWFNs0v2AMeURNQHwyFHBWmGPnhEPKHiGDBNytWSMgQedgcJyO1Na clmQm9lKFt1fGjxrPkOTWizX2Bd5I3odvQM8VRK4IDw2ELGIUb81yHukuLBjIGHxXEgZ zcKoT0GldTalN0mNsRL7QmaEdYey67TxBu/l+4GwP9I+FGLHjTd+Y1TIBJZmUm74RmzA RpF9lSxWfJ/wbaVjBUbTJVKXPoapsD+UBmKRHKArWRnpM2Esa8G6rttuokAnqRf3z+T1 uDAKTMKJ3yoEzODBP75IaaZD3oMygH5z4OX5aPF0mQyI9T1eIJIjDrWmSGC/xcHkt/1S T0Rg== X-Gm-Message-State: AOJu0YxytOujly3QJPqxF9vfZjqxWv55HYhd+wmowT2V3xV5Rm6La0Sk hFiRe4grXnY3QK7PMCnx1FkZWW0tMItcDpbFKqkqd8/kJcHmr+HcPOQm/c0dtrz+ X-Gm-Gg: Acq92OGxNx5Oz2E9+cmFOttui8Jn3+4KArsN7mbCOSY5lrRMJPi8r9HVf5616+whaL7 dwpvu+cC6H8bxT+UPj30GjV6adon5K8yGWlI8WXzyZusk6tNVEHDpN+rwOxUztv/Y8jZxCi4sGF p+vUm4i9QwplmpcdDVHpO3I0FtRmkOrqcutuIA2uxkyEHxI12MG33q7X7KFlLnyb3AUbpcspZ5+ 9dmP1ZqiGf0lUx4DhM+/6Bv+3g6ET/05ZvEuUKW2HILdFwvdd/ASxL/HccRBFaa/2Ya23ghb+vl zl8mPybS6dpiiFY4JzILDSiJIpOJxkKuLkOQpSinRY5r7RF2ZRWNtk9ItzBRzmXoF00E6eS3EBK sdwvyPC329Px934kpc0Ws9IZTDvbXJJQ6r4awSNkNjc2M2FN1ZxD7sSTplAyBOx8usQDioixa29 KSBimtwNCEXbdG71DWaw+jpv5zKmxstB9iiRSngSTEkYBtvhmXLEXY+wj3kQm43lEHl3q2EiDWq AjgfIaD4TiNLBRTA/9DCtTLo0evA0mLaxDu X-Received: by 2002:a5d:634a:0:b0:43c:fdd:ea96 with SMTP id ffacd0b85a97d-45ef6b5e032mr387230f8f.26.1780068962441; Fri, 29 May 2026 08:36:02 -0700 (PDT) From: Frediano Ziglio X-Google-Original-From: Frediano Ziglio To: xen-devel@lists.xenproject.org Cc: =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Jan Beulich , Andrew Cooper , Teddy Astie , =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Subject: [PATCH 4/6] x86/efi: discard multiboot related entry code for PE binary Date: Fri, 29 May 2026 16:35:29 +0100 Message-ID: <20260529153531.1341542-5-frediano.ziglio@cloud.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260529153531.1341542-1-frediano.ziglio@cloud.com> References: <20260529153531.1341542-1-frediano.ziglio@cloud.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-purgate-ID: tlsNG-ef75cf/1780068963-0956BC48-80DAF02E/0/0 X-purgate-type: clean X-purgate-size: 1711 X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1780068996031158500 From: Roger Pau Monn=C3=A9 The multiboot and PVH entry points are not used in the PE binary, hence discard them in the linker script when doing a PE build. That removes some relocations that otherwise appear due to the entry point code in head.S not being position independent. No functional change intended. Signed-off-by: Roger Pau Monn=C3=A9 --- xen/arch/x86/boot/head.S | 3 ++- xen/arch/x86/xen.lds.S | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/boot/head.S b/xen/arch/x86/boot/head.S index 77bb7a9e21..90faf411b9 100644 --- a/xen/arch/x86/boot/head.S +++ b/xen/arch/x86/boot/head.S @@ -152,7 +152,7 @@ vga_text_buffer: efi_platform: .byte 0 =20 - .section .init.text, "ax", @progbits + .section .init.multiboot, "ax", @progbits =20 early_error: /* Here to improve the disassembly. */ =20 @@ -710,6 +710,7 @@ trampoline_setup: /* Jump into the relocated trampoline. */ lret =20 + .section .init.text, "ax", @progbits ENTRY(trampoline_start) #include "trampoline.S" ENTRY(trampoline_end) diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index 907f826ae0..a5a85e9b8a 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -59,6 +59,7 @@ SECTIONS . =3D __image_base__; /DISCARD/ : { *(.text.header) + *(.init.multiboot) } #endif =20 @@ -200,6 +201,7 @@ SECTIONS _sinittext =3D .; *(.init.text) *(.text.startup) + *(.init.multiboot) _einittext =3D .; /* * Here are the replacement instructions. The linker sticks them --=20 2.43.0 From nobody Sat May 30 11:15:11 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1780068989; cv=none; d=zohomail.com; s=zohoarc; b=Hl2ZBznl/p95AE6Ml9EYFskLilRXX77Kz4uWlz4OP/YsWMlouzgaXXvoV1JPnrBBXymEWtrCnIyIfdDHaMhD0Tb2xY7wkb7FllzSNT//2SZQTq1Uggsgr+dmSODtheYf+fuxcXjZ1X/f+QwTcQ1FJ+ixAqXoCycLW4f5JSZk7gY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1780068989; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=9wf3y14NPqhrBND7m76mJz5c5h7xyT91mnaBZEnOl+A=; b=VfpNRbtUUPGbrv14uXZbipm/V/CXWzd1pghc+yBsNzBVUJgmTwyCMGuOMFumcyCnjFjKkosoh+OYOnOThKJ2Paa35bcqOYNiOV33/z1l1sH9YGBoCoHr04A1axjTEnUFvZWagry/MoMA3wrEIwd3TUvSrtWxkMPDZ7Okc/LZi58= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1780068989472220.06517261205522; Fri, 29 May 2026 08:36:29 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1322628.1588943 (Exim 4.92) (envelope-from ) id 1wSzFm-0004nP-M4; Fri, 29 May 2026 15:36:06 +0000 Received: by outflank-mailman (output) from mailman id 1322628.1588943; Fri, 29 May 2026 15:36:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wSzFm-0004nE-GH; Fri, 29 May 2026 15:36:06 +0000 Received: by outflank-mailman (input) for mailman id 1322628; Fri, 29 May 2026 15:36:04 +0000 Received: from mx.expurgate.net ([195.190.135.10]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wSzFk-0004a8-QC for xen-devel@lists.xenproject.org; Fri, 29 May 2026 15:36:04 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1wSzFk-0016uA-78 for xen-devel@lists.xenproject.org; Fri, 29 May 2026 17:36:04 +0200 Received: from [10.42.69.6] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 6a19b253-5cb7-0a2a0a5109dd-0a2a4506e07c-32 for ; Fri, 29 May 2026 17:36:04 +0200 Received: from [209.85.221.52] (helo=mail-wr1-f52.google.com) by tlsNG-16d1c6.mxtls.expurgate.net with ESMTPS (eXpurgate 4.56.1) (envelope-from ) id 6a19b264-7371-0a2a45060019-d155dd34e8bf-3 for ; Fri, 29 May 2026 17:36:04 +0200 Received: by mail-wr1-f52.google.com with SMTP id ffacd0b85a97d-45ef42dfb26so245206f8f.2 for ; Fri, 29 May 2026 08:36:04 -0700 (PDT) Received: from localhost.localdomain (5.116.208.46.dyn.plus.net. [46.208.116.5]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-45ef34b834esm4196196f8f.11.2026.05.29.08.36.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 29 May 2026 08:36:02 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Authentication-Results: eu.smtp.expurgate.cloud; dkim=pass header.s=20251104 header.d=gmail.com header.i="@gmail.com" header.h="Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1780068964; x=1780673764; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=9wf3y14NPqhrBND7m76mJz5c5h7xyT91mnaBZEnOl+A=; b=psxg2t1ookUP9cn0s5UrzMuqkBA9+/n6Ta7FR8wZTOgfcV84M13HAyO0+kkNi8zjD3 pFDw4f7EpMfsOVOaOH+nInTgzpsfqdcVMLJwvtIW7U6ElnNX9dQbGVlqswXFwVTPEVBp vXyw9uQzhJmK8s9onG6PXaA6mHtRdpX22Mvc+2xtH+EHlqlxPlGHP1VjLMHsFO34a+bm PLwW0UCiQoRI/2AXZxleezTmaJA4Zd1mjC64rnVkpoHXHKH+Ex2Zun4Trge1atHGL3cl YPGjCLiZ03+xfcF94nGrwSXBklTkNQEMsL9MjtECa4+XYra0zPzobiJ42GRF2NFzkZJH o+vg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780068964; x=1780673764; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=9wf3y14NPqhrBND7m76mJz5c5h7xyT91mnaBZEnOl+A=; b=WRj/XPpelgUsGZ7tjsUvEDAVVt7liw0SknpPXZUIlT/DHVzqdven5VEk1gHI/9sc2S 43zcIOyZLjlHaNeQrkauct+Ht8b4A4it36JrmhY18YlLEIf/CnePr/8EuVFX0kDfgyYW zaLWe4EAf6EaJO3/e7dh+Ffhtj8YGDq3zxsrsBYVQFNvlxacFkKMw9djTSJ4NiubQ1xg bAcTGi9YooUZuxHZNwcv7e4TjBklnGv7r+AkdKLo1ccFB8zYLNdPA4+NGm2SWp1ldkMU NvXpeTOpKsMPPkQpZjiN0aYLCw3Tyvl/V9zC2KGzLsUz+GDL//dSBnvGMdlrYaCYMqZc GvrQ== X-Gm-Message-State: AOJu0Yzu982LTgqWXkkyJ7oj9qRvP2AwrLLXupExO+Kvf8zA2fIZZmcR fbNFJGF4+QyVlLSkIenJ9OWh7e2QbgL9Ckmgb/6/CSE8/8cUKStKM1kBtWdQXpNa X-Gm-Gg: Acq92OFKBOPAoExMvQwnIQwZ3QV8WifMi9wAuq/3IWrem7ftERbT/4qUkN1hzQDEbJb LY4bjEk1ecYt4ZaJlKIFqVtUWlRdaypC3zvrXGLZVTV7Q+OIvUtyz97r143COnUaUbXtN/BM4si gWTXIXz8o+AqXTQdZQVB8ZnahCJYZKThy6nGHrnzPUnGm2krDbp2G2U1VVwkcSfSdbrk7OZNP8U cp9JIFGduYMnbabxBGvjyKHTdMwk6YWn/ly25S6vpl8VzipexiF/1/SX5koNRzbRookETaSehIC q1CPUGbcUkC1IPHc+gZC6DyCIsk5hA6SJzGEmSIP4B/oIWwFyGFKbR8+taKGDKLEyrMRIUpPoq+ I4ebUgRNafetqVtTH3i5FDi3EB2YLJuNW0n/OLBiXWioyXyg+bPGvhsu22n+Vt2aOFiTvpVl4jG m0nHWvsHKlKnzKZuzcgcA4bA1XZcTCkpIOyEq8uAjncmpTeYJlH3X0w+PHvv2zCiZf7o9MvDxBx JgfkkgHyFSb8mlunAgqlm40fF9y8EsSM3yo X-Received: by 2002:a05:6000:21c6:b0:45e:7418:a3f2 with SMTP id ffacd0b85a97d-45ef6b718c1mr357738f8f.26.1780068963494; Fri, 29 May 2026 08:36:03 -0700 (PDT) From: Frediano Ziglio X-Google-Original-From: Frediano Ziglio To: xen-devel@lists.xenproject.org Cc: =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , "Daniel P. Smith" , =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= , Jan Beulich , Andrew Cooper , Teddy Astie Subject: [PATCH 5/6] x86/efi: avoid a relocation in efi_arch_post_exit_boot() Date: Fri, 29 May 2026 16:35:30 +0100 Message-ID: <20260529153531.1341542-6-frediano.ziglio@cloud.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260529153531.1341542-1-frediano.ziglio@cloud.com> References: <20260529153531.1341542-1-frediano.ziglio@cloud.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-purgate-ID: tlsNG-16d1c6/1780068964-87170D75-8A821924/0/0 X-purgate-type: clean X-purgate-size: 1646 X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1780068989912158500 From: Roger Pau Monn=C3=A9 Instead of using the absolute __start_xen address, calculate it as an offset from the current instruction pointer. The relocation would be problematic if the loader has acknowledged the Xen image section attributes, and mapped .init.text with just read and execute permissions. No functional change intended. Signed-off-by: Roger Pau Monn=C3=A9 --- xen/arch/x86/efi/efi-boot.h | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/efi/efi-boot.h b/xen/arch/x86/efi/efi-boot.h index d738b839ee..b983f054b5 100644 --- a/xen/arch/x86/efi/efi-boot.h +++ b/xen/arch/x86/efi/efi-boot.h @@ -270,7 +270,9 @@ static void __init noreturn efi_arch_post_exit_boot(voi= d) =20 /* Jump to higher mappings. */ "mov stack_start(%%rip), %%rsp\n\t" - "movabs $__start_xen, %[rip]\n\t" + "lea __start_xen(%%rip), %[rip]\n\t" + "add %[offset], %[rip]\n\t" + "push %[cs]\n\t" "push %[rip]\n\t" "lretq" @@ -278,7 +280,8 @@ static void __init noreturn efi_arch_post_exit_boot(voi= d) [cr4] "+&r" (cr4) : [cr3] "r" (idle_pg_table), [cs] "i" (__HYPERVISOR_CS), - [ds] "r" (__HYPERVISOR_DS) + [ds] "r" (__HYPERVISOR_DS), + [offset] "r" (__XEN_VIRT_START - xen_phys_start) : "memory" ); unreachable(); } --=20 2.43.0 From nobody Sat May 30 11:15:11 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1780068988; cv=none; d=zohomail.com; s=zohoarc; b=NrCbkruXozr9x4znO0sd4PwJyDGlTcMJO9MEew5IdukmKjaZ7BHzQWC7uVVvwDkdqS0UPqoy8+tZEJTbkPV2XQUkp6GwH3Wxs/BmlDt0gZhRzinFVfTWs7zocofFUPDjkqkSpNdlZcaKB+uG3I9mg/5rPDubEarwGAqoAwpUcFo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1780068988; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=dbvjQGIXrgh2VZV7pqCGHyTdh0FdQdlsGVZavBAbEBI=; b=n49li2QTqd1XIf36HjCA4u7PH3u/K4a9lZJFKak2OWUlR1Xu30cxOeAaTsM+qqc9SFaYu40rA2wArIZM0QibjWQzEsBeOSwJLpKm3j2unTR6BfudnXfkfcGi8LCnlG/2q1i6DwOFuAIhCAlqtghojvOFj9lxUuVplfFmiFUV1bQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1780068988145480.87545419449805; Fri, 29 May 2026 08:36:28 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1322629.1588947 (Exim 4.92) (envelope-from ) id 1wSzFn-0004r6-1A; Fri, 29 May 2026 15:36:07 +0000 Received: by outflank-mailman (output) from mailman id 1322629.1588947; Fri, 29 May 2026 15:36:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wSzFm-0004pj-PU; Fri, 29 May 2026 15:36:06 +0000 Received: by outflank-mailman (input) for mailman id 1322629; Fri, 29 May 2026 15:36:05 +0000 Received: from mx.expurgate.net ([195.190.135.10]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wSzFl-0004iq-Hv for xen-devel@lists.xenproject.org; Fri, 29 May 2026 15:36:05 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1wSzFk-0016uA-Uu for xen-devel@lists.xenproject.org; Fri, 29 May 2026 17:36:04 +0200 Received: from [10.42.69.6] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 6a19b253-5cb7-0a2a0a5109dd-0a2a4506e07c-36 for ; Fri, 29 May 2026 17:36:04 +0200 Received: from [209.85.221.47] (helo=mail-wr1-f47.google.com) by tlsNG-16d1c6.mxtls.expurgate.net with ESMTPS (eXpurgate 4.56.1) (envelope-from ) id 6a19b264-7371-0a2a45060019-d155dd2fbdc3-3 for ; Fri, 29 May 2026 17:36:04 +0200 Received: by mail-wr1-f47.google.com with SMTP id ffacd0b85a97d-45e6a4d0be0so6412131f8f.1 for ; Fri, 29 May 2026 08:36:04 -0700 (PDT) Received: from localhost.localdomain (5.116.208.46.dyn.plus.net. [46.208.116.5]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-45ef34b834esm4196196f8f.11.2026.05.29.08.36.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 29 May 2026 08:36:03 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Authentication-Results: eu.smtp.expurgate.cloud; dkim=pass header.s=20251104 header.d=gmail.com header.i="@gmail.com" header.h="Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1780068964; x=1780673764; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=dbvjQGIXrgh2VZV7pqCGHyTdh0FdQdlsGVZavBAbEBI=; b=R4zv9jQGJ0ynoZ3jc57s7oa+hDDND4CXOJHQ8pgjmuZceSi5EYsgIZ6/AmeECmJRTT EhmmV9ZpOoy1aWhG5wRvBkzaLOIE343l9zisn1VqTV/0aZI7MfHKfD/pG76e1ja4qtEJ c+PfvM4xV8TUrWLBUPQ8po0RPd58OgRevN5/jYRA7iog5ler48A5TMEzkGMOGvy2/47y c8dknMjK8JHSYqaBIE6gxU2T/ybTUJqP2z7f1K+RKgxUBsygdSuDGVl1FOPFN15E77IG Z6O34oiGXzVTABxhFveZj200nUKCw8FLYoeDcHm+kw3Lhw1LEg7TTYQsdtZUFJFSkb9l BRPw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780068964; x=1780673764; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=dbvjQGIXrgh2VZV7pqCGHyTdh0FdQdlsGVZavBAbEBI=; b=NTPgp5ws11ytPBiqkg5qkCB4NdSxFOEVpC9NW72ZDuYvY+W84ARDlT9+ZcpvhJPPJO 7u4hC1Q5/8l+QsUn4tf1iyGh0sWD9mVnkbpxoZwoq3JhUf7xQk/fXAZdkzC5u2yyRH/W J7JYVMz7czVkNpuTcQ5i2Aye11J/0bkKHSPyHFDmxee4/qd7Y3miDKC0AcbNByanCSdK fwxZRij+MSOhfj8b2mg4n4hSMTs01OPFKBsb0GvU/wWlsCzi0IPmIFWrKK2yNQD3gCoU X7MUcAfWnV6VzbsXSjK8TZ/fgis0ph6OZ6KzCeQ5k6d3KCxIzZK+H92E6Gn1xpVmEkKr mV9A== X-Gm-Message-State: AOJu0YyeoyspDlnnOuxjhynjdnMEHRZ0y28xOP7+ArlbIOFwGR1P7rcD L7JFen8gMRgMpsQOt+wzc08pSCXwj7NFWAPviKzzVgtJED3UlbnqgdlZnSh3qPOQ X-Gm-Gg: Acq92OGdHPhpRfEKwCxtcQaCEQ1MTsSjUSGy7MfNGOTQcpbXNCBE4ebQ3zSPwoLNvg3 2BuRQ7p3IlDnbYn+RoCRt56XL9owDPyyALxW5AT0DLmfswktypzExD4T5NyNZgwooG4el8tC7PM yOZRjma218zP7fKpMpfHnUpus0oALRWWyhVbKRzRCZjME92mq30niTBenF+QwfVF57+qvlAw6Gj nXhsmUSdDM9+NpFV7Dmpn3p8Gte7hYlgSnyQ6lj94V4GHl7PDzjq5Y1Q5CNo1Xny5lwjXApc8UM bmadc6rCwt80Ka9av4hcq2pKzEByVyemIzgOhqgA2/2eM/tnPsLyhJyABlfKeZ8Wp+XCubS3Yxt IBwyDFzX4/nW25SbKVgcBJWsaGQVJMMa+pXLKYCnHBtrzQAeWOHZ6HYZCCrCqCqfJBl3m1KcSEG NDAwahCjBKHh68OanGNU01ndHSTQrWzoeTeLe7OTCLurWzLP+k8RNEmFlfa8kRPg2zrq+b89Zmz xymTp+8eDyYTbT/KjbzwK6wX1JRRvZ09epA X-Received: by 2002:a5d:6e89:0:b0:45e:73eb:1ff7 with SMTP id ffacd0b85a97d-45ef6af6c21mr490829f8f.3.1780068964295; Fri, 29 May 2026 08:36:04 -0700 (PDT) From: Frediano Ziglio X-Google-Original-From: Frediano Ziglio To: xen-devel@lists.xenproject.org Cc: Frediano Ziglio , Jan Beulich , Andrew Cooper , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Teddy Astie , =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Subject: [PATCH 6/6] x86: Split .init section to satisfy UEFI CA memory mitigation Date: Fri, 29 May 2026 16:35:31 +0100 Message-ID: <20260529153531.1341542-7-frediano.ziglio@cloud.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260529153531.1341542-1-frediano.ziglio@cloud.com> References: <20260529153531.1341542-1-frediano.ziglio@cloud.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-purgate-ID: tlsNG-16d1c6/1780068964-84767D75-1041D615/0/0 X-purgate-type: clean X-purgate-size: 1327 X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1780068989911158500 Content-Type: text/plain; charset="utf-8" Currently .init section is both writeable and executable, split data and co= de to have 2 sections satisfying W^X rule. Signed-off-by: Frediano Ziglio --- xen/arch/x86/xen.lds.S | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index a5a85e9b8a..7f892cb2fa 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -193,11 +193,7 @@ SECTIONS __2M_init_start =3D .; /* Start of 2M superpages, mapped RWX (bo= ot only). */ . =3D ALIGN(PAGE_SIZE); /* Init code and data */ __init_begin =3D .; -#ifdef EFI /* EFI wants to merge all of .init.* ELF doesn't. */ - DECL_SECTION(.init) { -#else DECL_SECTION(.init.text) { -#endif _sinittext =3D .; *(.init.text) *(.text.startup) @@ -210,12 +206,12 @@ SECTIONS */ *(.altinstr_replacement) =20 -#ifdef EFI /* EFI wants to merge all of .init.* ELF doesn't. */ - . =3D ALIGN(SMP_CACHE_BYTES); -#else } PHDR(text) - DECL_SECTION(.init.data) { +#ifdef EFI + /* align to satisfy UEFI CA memory mitigation */ + . =3D ALIGN(SECTION_ALIGN); #endif + DECL_SECTION(.init.data) { *(.init.bss.stack_aligned) *(.init.data.page_aligned) =20 --=20 2.43.0