Merge branch 'confidential-containers:main' into td-loader

.github/workflows/integration-tdx.yml

@@ -62,6 +62,7 @@ jobs:
           bash sh_script/integration_tdx.sh -c 2 -m 4G -f target/release/final-boot-kernel.bin
           bash sh_script/integration_tdx.sh -c 4 -m 8G -f target/release/final-boot-kernel.bin
           bash sh_script/integration_tdx.sh -c 8 -m 16G -f target/release/final-boot-kernel.bin
+          bash sh_script/integration_tdx.sh -c 16 -m 32G -f target/release/final-boot-kernel.bin
 
       - name: Build PE format payload with test TD payload
         run: bash sh_script/build_final.sh pe_test

td-loader/fuzz/fuzz_targets/fuzzlib.rs

@@ -12,9 +12,9 @@ pub fn fuzz_elf_loader(data: &[u8]) {
     let mut loaded_buffer = vec![0u8; 0x800000];
 
     elf::relocate_elf_mem_with_per_program_header(&data[..], loaded_buffer.as_mut_slice());
-    let _ = elf::parse_pre_init_array_section(data);
-    let _ = elf::parse_init_array_section(data);
-    let _ = elf::parse_finit_array_section(data);
+    let _ = elf::parse_pre_init_array_section(&loaded_buffer);
+    let _ = elf::parse_init_array_section(&loaded_buffer);
+    let _ = elf::parse_finit_array_section(&loaded_buffer);
 
     if let Some(elf) = Elf::parse(data) {
         log::info!("{:?}\n", elf.header);

td-loader/src/elf.rs

@@ -2,11 +2,10 @@
 //
 // SPDX-License-Identifier: BSD-2-Clause-Patent
 
+use core::ops::Range;
 use scroll::Pwrite;
 
-use crate::elf64::{PT_LOAD, PT_PHDR};
-
-use core::ops::Range;
+use crate::elf64;
 
 const SIZE_4KB: u64 = 0x00001000u64;
 
@@ -40,13 +39,11 @@ pub fn relocate_elf_with_per_program_header(
     let mut top: u64 = 0u64;
 
     for ph in elf.program_headers().unwrap() {
-        if ph.p_type == PT_LOAD {
-            if bottom > ph.p_vaddr {
-                bottom = ph.p_vaddr;
-            }
-            if top < ph.p_vaddr.checked_add(ph.p_memsz)? {
-                top = ph.p_vaddr + ph.p_memsz;
-            }
+        if bottom > ph.p_vaddr {
+            bottom = ph.p_vaddr;
+        }
+        if top < ph.p_vaddr.checked_add(ph.p_memsz)? {
+            top = ph.p_vaddr + ph.p_memsz;
         }
     }
 
@@ -58,7 +55,7 @@ pub fn relocate_elf_with_per_program_header(
     top = align_value(top, SIZE_4KB, false);
     // load per program header
     for ph in elf.program_headers().unwrap() {
-        if (ph.p_type == PT_LOAD || ph.p_type == PT_PHDR) && ph.p_memsz != 0 {
+        if ph.p_memsz != 0 {
             if ph.p_offset.checked_add(ph.p_filesz)? > image.len() as u64
                 || ph.p_vaddr.checked_add(ph.p_filesz)? > loaded_buffer.len() as u64
             {
@@ -92,43 +89,22 @@ pub fn relocate_elf_with_per_program_header(
     ))
 }
 
-pub fn parse_pre_init_array_section(image: &[u8]) -> Option<Range<usize>> {
-    // parser file and get the .preinit_array section, if any
-    let elf = crate::elf64::Elf::parse(image)?;
-
-    for sh in elf.section_headers().unwrap() {
-        if sh.sh_type == crate::elf64::SHT_PREINIT_ARRAY {
-            sh.sh_addr.checked_add(sh.sh_size)?;
-            return Some(sh.vm_range());
-        }
-    }
-    None
+pub fn parse_pre_init_array_section(loaded_image: &[u8]) -> Option<Range<usize>> {
+    elf64::get_init_array(
+        loaded_image,
+        elf64::DT_PREINIT_ARRAY,
+        elf64::DT_PREINIT_ARRAYSZ,
+    )
 }
 
-pub fn parse_init_array_section(image: &[u8]) -> Option<Range<usize>> {
-    // parser file and get the .init_array section, if any
-    let elf = crate::elf64::Elf::parse(image)?;
-
-    for sh in elf.section_headers().unwrap() {
-        if sh.sh_type == crate::elf64::SHT_INIT_ARRAY {
-            sh.sh_addr.checked_add(sh.sh_size)?;
-            return Some(sh.vm_range());
-        }
-    }
-    None
+/// Parse ELF binary and get the .init_array section, if any
+pub fn parse_init_array_section(loaded_image: &[u8]) -> Option<Range<usize>> {
+    elf64::get_init_array(loaded_image, elf64::DT_INIT_ARRAY, elf64::DT_INIT_ARRAYSZ)
 }
 
-pub fn parse_finit_array_section(image: &[u8]) -> Option<Range<usize>> {
-    // parser file and get the .finit_array section, if any
-    let elf = crate::elf64::Elf::parse(image)?;
-
-    for sh in elf.section_headers().unwrap() {
-        if sh.sh_type == crate::elf64::SHT_FINI_ARRAY {
-            sh.sh_addr.checked_add(sh.sh_size)?;
-            return Some(sh.vm_range());
-        }
-    }
-    None
+// Parse ELF binary and get the .finit_array section, if any
+pub fn parse_finit_array_section(loaded_image: &[u8]) -> Option<Range<usize>> {
+    elf64::get_init_array(loaded_image, elf64::DT_FINI_ARRAY, elf64::DT_FINI_ARRAYSZ)
 }
 
 /// flag true align to low address else high address

td-loader/src/elf64.rs

@@ -804,6 +804,40 @@ impl<'a> Elf<'a> {
     }
 }
 
+pub(crate) fn get_init_array(loaded_image: &[u8], tag: u64, sz_tag: u64) -> Option<Range<usize>> {
+    let elf = crate::elf64::Elf::parse(loaded_image)?;
+
+    let mut addr: Option<usize> = None;
+    let mut size: Option<usize> = None;
+    for ph in elf.program_headers()? {
+        if ph.p_type == crate::elf64::PT_DYNAMIC {
+            if ph.p_vaddr + ph.p_memsz > loaded_image.len() as u64 {
+                return None;
+            }
+
+            let dyn_entries = crate::elf64::Dyns::parse(
+                &loaded_image[ph.p_vaddr as usize..],
+                ph.p_memsz as usize,
+            )?;
+            for e in dyn_entries {
+                if e.d_tag == tag {
+                    addr = Some(e.d_val as usize);
+                } else if e.d_tag == sz_tag {
+                    size = Some(e.d_val as usize);
+                }
+            }
+            break;
+        }
+    }
+
+    let addr = addr?;
+    let size = size?;
+    Some(Range {
+        start: addr,
+        end: addr.checked_add(size)?,
+    })
+}
+
 #[cfg(test)]
 mod test_elf_loader {
     use super::*;

td-paging/src/frame.rs

@@ -122,8 +122,10 @@ impl BMFrameAllocator {
 
 unsafe impl FrameAllocator<Size4KiB> for BMFrameAllocator {
     fn allocate_frame(&mut self) -> Option<PhysFrame<Size4KiB>> {
-        self.alloc()
-            .map(|addr| PhysFrame::containing_address(PhysAddr::new(addr as u64)))
+        let addr = self.alloc()?;
+        Some(PhysFrame::containing_address(
+            PhysAddr::try_new(addr as u64).ok()?,
+        ))
     }
 }