xen/arch/arm/xen.lds.S | 1 + xen/arch/ppc/xen.lds.S | 1 + xen/arch/riscv/xen.lds.S | 1 + 3 files changed, 3 insertions(+)
GCOV instrumentation can emit executable input sections such as
.text.startup when CONFIG_COVERAGE is enabled.
At present the x86 already places .text.startup in .init.text,
but Arm, RISC-V and PPC do not. With CONFIG_COVERAGE=y .text.startup
can therefore be treated as a linker orphan on those architectures.
Constructors generated by coverage instrumentation can then point
at code outside the normal RX text mapping, leading to early boot
crashes from init_constructors():
(XEN) [ 12.331193] Instruction Abort Trap. Syndrome=0xf
(XEN) [ 12.334253] Walking Hypervisor VA 0xa00003ce000 on CPU0 via TTBR 0x000000004352d000
(XEN) [ 12.338550] 0TH[0x014] = 0x4352cf7f
(XEN) [ 12.341823] 1ST[0x000] = 0x4352bf7f
(XEN) [ 12.345124] 2ND[0x001] = 0x40000043527f7f
(XEN) [ 12.347329] 3RD[0x1ce] = 0x400000433cef7f
(XEN) [ 12.351233] CPU0: Unexpected Trap: Instruction Abort
(XEN) [ 12.357643] ----[ Xen-4.21.1 arm64 debug=n gcov=y Not tainted ]----
(XEN) [ 12.360243] CPU: 0
(XEN) [ 12.364098] PC: 00000a00003ce000 00000a00003ce000
(XEN) [ 12.375835] LR: 00000a00004802f8
(XEN) [ 12.378273] SP: 00000a00004c7e10
(XEN) [ 12.380492] CPSR: 0000000080000249 MODE:64-bit EL2h (Hypervisor, handler)
(XEN) [ 12.382785] X0: 00000a00003ce000 X1: 0000000000000000 X2: 00000a0000410fa0
(XEN) [ 12.385176] X3: 0000000000000000 X4: 0000000000000010 X5: 0000000000000001
(XEN) [ 12.387555] X6: 00000a00004e5f40 X7: 00000a00004e5f38 X8: 0000000000000000
(XEN) [ 12.390027] X9: 00000a00004e5f20 X10: 00000a00004e5f30 X11: 00000a00004e5f40
(XEN) [ 12.392510] X12: 00000a0000439748 X13: 00000a0000406938 X14: 000000000000062e
(XEN) [ 12.394954] X15: 00000a00004f3918 X16: 00000a00004c7bb5 X17: 00000000004c7bb5
(XEN) [ 12.397293] X18: 0000000000000030 X19: 000000000000001d X20: 00000000000000a9
(XEN) [ 12.399803] X21: 00000a00004c8008 X22: 00000a00003fa000 X23: 00000a00004e2000
(XEN) [ 12.402392] X24: 00000a00003f9390 X25: 00000a00003fa000 X26: 00000a00003f4ca8
(XEN) [ 12.404798] X27: 0000000000000002 X28: 00000a000057a9c0 FP: 00000000bedb6740
(XEN) [ 12.407110]
(XEN) [ 12.409442] VTCR_EL2: 0000000080023558
(XEN) [ 12.411291] VTTBR_EL2: 00000000bffc4000
(XEN) [ 12.412895]
(XEN) [ 12.414204] SCTLR_EL2: 0000000030cd183d
(XEN) [ 12.415928] HCR_EL2: 0000000000000039
(XEN) [ 12.417642] TTBR0_EL2: 000000004352d000
(XEN) [ 12.419152]
(XEN) [ 12.420327] ESR_EL2: 000000008600000f
(XEN) [ 12.422056] HPFAR_EL2: 0000000000000000
(XEN) [ 12.423809] FAR_EL2: 00000a00003ce000
...
(XEN) [ 12.485355] Xen call trace:
(XEN) [ 12.489080] [<00000a00003ce000>] 00000a00003ce000 (PC)
(XEN) [ 12.512076] [<00000a00004802f8>] init_constructors+0x38/0x50 (LR)
Observed failing symbol:
_sub_I_00100_0
called from:
init_constructors()
The issue can be diagnosed by enabling linker orphan diagnostics or
generating a linker map:
LDFLAGS += "--orphan-handling=warn"
LDFLAGS += "-Map=xen.map"
and then inspecting orphaned executable sections such as:
.text.startup
Place .text.startup in .init.text on the non-x86 linker scripts,
matching the existing x86 behavior.
Signed-off-by: Dmytro Prokopchuk <dmytro_prokopchuk1@epam.com>
---
Changes in v2:
- do not add *(.text.*) when CONFIG_COVERAGE is enables
- copy the existing x86 linker script behavior to the non-x86 linker scripts
(put .text.startup into .init.text on Arm, RISC-V and PPC)
- update commit subject and message accordingly
Link to v1:
https://patchew.org/Xen/cb8c1e0862a554f7a28347f549e9cfd0b0d6db2f.1779829545.git.dmytro._5Fprokopchuk1@epam.com/
Test CI pipeline:
https://gitlab.com/xen-project/people/dimaprkp4k/xen/-/pipelines/2561258404
---
xen/arch/arm/xen.lds.S | 1 +
xen/arch/ppc/xen.lds.S | 1 +
xen/arch/riscv/xen.lds.S | 1 +
3 files changed, 3 insertions(+)
diff --git a/xen/arch/arm/xen.lds.S b/xen/arch/arm/xen.lds.S
index 2d5f1c516d..4aab7770c9 100644
--- a/xen/arch/arm/xen.lds.S
+++ b/xen/arch/arm/xen.lds.S
@@ -125,6 +125,7 @@ SECTIONS
.init.text : {
_sinittext = .;
*(.init.text)
+ *(.text.startup)
_einittext = .;
. = ALIGN(PAGE_SIZE); /* Avoid mapping alt insns executable */
*(.altinstr_replacement)
diff --git a/xen/arch/ppc/xen.lds.S b/xen/arch/ppc/xen.lds.S
index d0f2ed43f1..de3aad0aae 100644
--- a/xen/arch/ppc/xen.lds.S
+++ b/xen/arch/ppc/xen.lds.S
@@ -98,6 +98,7 @@ SECTIONS
DECL_SECTION(.init.text) {
_sinittext = .;
*(.init.text)
+ *(.text.startup)
_einittext = .;
. = ALIGN(PAGE_SIZE); /* Avoid mapping alt insns executable */
} :text
diff --git a/xen/arch/riscv/xen.lds.S b/xen/arch/riscv/xen.lds.S
index 65f136dce9..c6f765a1c5 100644
--- a/xen/arch/riscv/xen.lds.S
+++ b/xen/arch/riscv/xen.lds.S
@@ -103,6 +103,7 @@ SECTIONS
.init.text : {
_sinittext = .;
*(.init.text)
+ *(.text.startup)
_einittext = .;
. = ALIGN(PAGE_SIZE); /* Avoid mapping alt insns executable */
} :text
--
2.43.0On 29/05/2026 9:53 am, Dmytro Prokopchuk1 wrote: > GCOV instrumentation can emit executable input sections such as > .text.startup when CONFIG_COVERAGE is enabled. > > At present the x86 already places .text.startup in .init.text, > but Arm, RISC-V and PPC do not. With CONFIG_COVERAGE=y .text.startup > can therefore be treated as a linker orphan on those architectures. > > Constructors generated by coverage instrumentation can then point > at code outside the normal RX text mapping, leading to early boot > crashes from init_constructors(): > > (XEN) [ 12.331193] Instruction Abort Trap. Syndrome=0xf > (XEN) [ 12.334253] Walking Hypervisor VA 0xa00003ce000 on CPU0 via TTBR 0x000000004352d000 > (XEN) [ 12.338550] 0TH[0x014] = 0x4352cf7f > (XEN) [ 12.341823] 1ST[0x000] = 0x4352bf7f > (XEN) [ 12.345124] 2ND[0x001] = 0x40000043527f7f > (XEN) [ 12.347329] 3RD[0x1ce] = 0x400000433cef7f > (XEN) [ 12.351233] CPU0: Unexpected Trap: Instruction Abort > (XEN) [ 12.357643] ----[ Xen-4.21.1 arm64 debug=n gcov=y Not tainted ]---- > (XEN) [ 12.360243] CPU: 0 > (XEN) [ 12.364098] PC: 00000a00003ce000 00000a00003ce000 > (XEN) [ 12.375835] LR: 00000a00004802f8 > (XEN) [ 12.378273] SP: 00000a00004c7e10 > (XEN) [ 12.380492] CPSR: 0000000080000249 MODE:64-bit EL2h (Hypervisor, handler) > (XEN) [ 12.382785] X0: 00000a00003ce000 X1: 0000000000000000 X2: 00000a0000410fa0 > (XEN) [ 12.385176] X3: 0000000000000000 X4: 0000000000000010 X5: 0000000000000001 > (XEN) [ 12.387555] X6: 00000a00004e5f40 X7: 00000a00004e5f38 X8: 0000000000000000 > (XEN) [ 12.390027] X9: 00000a00004e5f20 X10: 00000a00004e5f30 X11: 00000a00004e5f40 > (XEN) [ 12.392510] X12: 00000a0000439748 X13: 00000a0000406938 X14: 000000000000062e > (XEN) [ 12.394954] X15: 00000a00004f3918 X16: 00000a00004c7bb5 X17: 00000000004c7bb5 > (XEN) [ 12.397293] X18: 0000000000000030 X19: 000000000000001d X20: 00000000000000a9 > (XEN) [ 12.399803] X21: 00000a00004c8008 X22: 00000a00003fa000 X23: 00000a00004e2000 > (XEN) [ 12.402392] X24: 00000a00003f9390 X25: 00000a00003fa000 X26: 00000a00003f4ca8 > (XEN) [ 12.404798] X27: 0000000000000002 X28: 00000a000057a9c0 FP: 00000000bedb6740 > (XEN) [ 12.407110] > (XEN) [ 12.409442] VTCR_EL2: 0000000080023558 > (XEN) [ 12.411291] VTTBR_EL2: 00000000bffc4000 > (XEN) [ 12.412895] > (XEN) [ 12.414204] SCTLR_EL2: 0000000030cd183d > (XEN) [ 12.415928] HCR_EL2: 0000000000000039 > (XEN) [ 12.417642] TTBR0_EL2: 000000004352d000 > (XEN) [ 12.419152] > (XEN) [ 12.420327] ESR_EL2: 000000008600000f > (XEN) [ 12.422056] HPFAR_EL2: 0000000000000000 > (XEN) [ 12.423809] FAR_EL2: 00000a00003ce000 > ... > (XEN) [ 12.485355] Xen call trace: > (XEN) [ 12.489080] [<00000a00003ce000>] 00000a00003ce000 (PC) > (XEN) [ 12.512076] [<00000a00004802f8>] init_constructors+0x38/0x50 (LR) > > Observed failing symbol: > _sub_I_00100_0 > called from: > init_constructors() > The issue can be diagnosed by enabling linker orphan diagnostics or > generating a linker map: > LDFLAGS += "--orphan-handling=warn" > LDFLAGS += "-Map=xen.map" > and then inspecting orphaned executable sections such as: > .text.startup > > Place .text.startup in .init.text on the non-x86 linker scripts, > matching the existing x86 behavior. > > Signed-off-by: Dmytro Prokopchuk <dmytro_prokopchuk1@epam.com> > --- > Changes in v2: > - do not add *(.text.*) when CONFIG_COVERAGE is enables > - copy the existing x86 linker script behavior to the non-x86 linker scripts > (put .text.startup into .init.text on Arm, RISC-V and PPC) > - update commit subject and message accordingly > > Link to v1: > https://patchew.org/Xen/cb8c1e0862a554f7a28347f549e9cfd0b0d6db2f.1779829545.git.dmytro._5Fprokopchuk1@epam.com/ What about my feedback to v1 which showed that .text.startup specifically is buggy in x86, and provided a suggestion of what to do about it? ~Andrew
On 5/29/26 13:41, Andrew Cooper wrote: >> Link to v1: >> https://patchew.org/Xen/cb8c1e0862a554f7a28347f549e9cfd0b0d6db2f.1779829545.git.dmytro._5Fprokopchuk1@epam.com/ > > What about my feedback to v1 which showed that .text.startup > specifically is buggy in x86, and provided a suggestion of what to do > about it? > > ~Andrew Hello Andrew, I agree that the Linux TEXT_SECTION-style cleanup is more preferable. My goal with this patch was to fix the observed CONFIG_COVERAGE boot failure with the smallest change. And your proposal requires wider linker-script rework and randconfig validation. Unfortunately I don't have enough time to take on that right now. I'll take into account your feedback and will return to this later. BR, Dmytro.
© 2016 - 2026 Red Hat, Inc.