Xen project Mailing List

Re: [PATCH] hvmloader: probe memory below 4G before allocation for OVMF

From: Igor Druzhinin <igor.druzhinin@xxxxxxxxxx>

Date: Fri, 3 Apr 2020 15:26:55 +0100

Authentication-results: esa4.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none; spf=None smtp.pra=igor.druzhinin@xxxxxxxxxx; spf=Pass smtp.mailfrom=igor.druzhinin@xxxxxxxxxx; spf=None smtp.helo=postmaster@xxxxxxxxxxxxxxx

Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, roger.pau@xxxxxxxxxx, ian.jackson@xxxxxxxxxxxxx, wl@xxxxxxx, andrew.cooper3@xxxxxxxxxx

Delivery-date: Fri, 03 Apr 2020 14:27:03 +0000

Ironport-sdr: l2E2TzRhEu10W9YQR353fk4jcfvYm6ByTkoGDZJ2EyQHJRZ+KOYDOD0WbRaYNaqB3GucbNPMjn NPhszXjwnrumCC7HIggRtZEyR0Miqtz3K2u6Q/M1nd/g66gAJ0xYpYrNvkIqRoTgnUwQFcpFRd ufG/PRNus7Qw4LEnknnMsG+VJd2dQQtM01Ah+JPHI39d0wliAN1iUkLybleIhXqOIxufQdOJZ/ Ze2HZxiTWZw8NdT8yiwidzfS6NBwRZXKkZxdffXyXlMHPss215n6kepRadxVZhTfyg1JaooAxf 8Os=

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 03/04/2020 14:53, Jan Beulich wrote: > On 02.04.2020 18:18, Igor Druzhinin wrote: >> The area just below 4G where OVMF image is originally relocated is not >> necessarily a hole - it might contain pages preallocated by device model >> or the toolstack. By unconditionally populating on top of this memory >> the original pages are getting lost while still potentially foreign mapped >> in Dom0. > > When there are pre-allocated pages - have they been orphaned? If > so, shouldn't whoever populated them unpopulate rather than > orphaning them? Or if not - how is the re-use you do safe? There is no signal to the device model when that happens - it has no idea when the memory it populated and hold a mapping to becomes suddenly unmapped in the guest. Re-use is safe as the memory prepopulated before OVMF starts has not been put in use yet until after it's finished initializing. >> --- a/tools/firmware/hvmloader/util.c >> +++ b/tools/firmware/hvmloader/util.c >> @@ -398,6 +398,20 @@ int get_mem_mapping_layout(struct e820entry entries[], >> uint32_t *max_entries) >> return rc; >> } >> >> +bool mem_probe_ram(xen_pfn_t mfn) >> +{ >> + uint32_t tmp, magic = 0xdeadbeef; >> + volatile uint32_t *addr = (volatile uint32_t *)(mfn << PAGE_SHIFT); >> + >> + tmp = *addr; >> + *addr = magic; >> + if ( *addr != magic ) >> + return 0; >> + >> + *addr = tmp; >> + return 1; >> +} > > This looks to probe r/o behavior. If there was a ROM page pre-populated, > wouldn't it then be equally lost once you populate RAM over it? And what > if this is MMIO, i.e. writable but potentially with side effects? I assume if the pages behind it are not r/w there is no other way to avoid crashing immediately except go and repopulate on top. MMIO is a problematic corner case I expect device model would try to avoid. > Whether, as you suggest as an alternative, moving populating of this > space to the tool stack is feasible I don't know. If it was, I would > wonder though why it wasn't done like this in the first place. I expect one complication is to know the type of firmware at the moment domain is constructed to make sure area is populated for OVMF only. Igor

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.