Xen project Mailing List

Re: [PATCH v4] EFI: free unused boot mem in at least some cases

From: Roger Pau Monné <roger.pau@xxxxxxxxxx>

Date: Thu, 17 Sep 2020 13:17:12 +0200

Authentication-results: esa1.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none

Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "Andrew Cooper" <andrew.cooper3@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxx>, "Julien Grall" <julien@xxxxxxx>, Wei Liu <wl@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Lukasz Hawrylko <lukasz.hawrylko@xxxxxxxxxxxxxxx>

Delivery-date: Thu, 17 Sep 2020 11:17:43 +0000

Ironport-sdr: uAhjUlCX1yIBGRHTV8x0MUV/vDhRpjHp9ggIOeOHraQXEzC+Fd1IDfINddd2l0MYiPAbEQTpYF dZf6DTl31HkS4o2gM8EI3Ksx3xd1b75wi9+dWjF9kQ9iCrDPDxuRw4g8bcw/QEYNW9DuiFbU0B WUhR4AzRBbYuRNLTeK48dmWHh+coE03WZdrU6ItH3aMnTQbInQ3jzogLmgq8JLZrO1XdXNkgHY VtA5WkBaZap6eHp58BrxVYJOfKjvZX0lUXDgjmXJH+XTUa/1GJ+WJEnQtpdU3WiEVClO0fnV/P G+U=

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Thu, Sep 17, 2020 at 12:56:41PM +0200, Jan Beulich wrote: > On 17.09.2020 12:45, Roger Pau Monné wrote: > > On Wed, Sep 16, 2020 at 02:20:54PM +0200, Jan Beulich wrote: > >> --- a/xen/arch/x86/efi/stub.c > >> +++ b/xen/arch/x86/efi/stub.c > >> @@ -52,6 +52,13 @@ bool efi_enabled(unsigned int feature) > >> > >> void __init efi_init_memory(void) { } > >> > >> +bool efi_boot_mem_unused(unsigned long *start, unsigned long *end) > >> +{ > >> + if ( start || end ) > > > > Shouldn't this be start && end? > > This is consistent with "if ( !start && !end )" in the non-stub > function, which was there in v3 already. Right, I certainly didn't catch that passing one as NULL would cause a deref there also. I would be more comfortable with adding an ASSERT, but I'm not going to insist. IIRC there was a time when Xen running as a PVH guest (like in shim mode) would cause it to have a valid mapping at 0. > > Or else you might be de-referencing a NULL pointer? > > Intentionally so: I'd view it as worse if we didn't fill *start > or *end if just one gets passed as NULL. The way it's done now > it'll be a reliable crash, as the v3 issue with the shim has > shown (where the if() here was missing). > > >> @@ -1417,8 +1419,18 @@ void __init noreturn __start_xen(unsigne > >> if ( !xen_phys_start ) > >> panic("Not enough memory to relocate Xen\n"); > >> > >> + /* FIXME: Putting a hole in .bss would shatter the large page > >> mapping. */ > >> + if ( using_2M_mapping() ) > >> + efi_boot_mem_unused(NULL, NULL); > > > > This seems really weird IMO... > > What I didn't like about earlier versions was the exposure of > using_2M_mapping() outside of this CU. The way it works is > somewhat fragile, and hence I think limiting its exposure is a > win. This way there's also no x86-specific code in ebmalloc.c > anymore. > > I'm also slightly puzzled that you ask now when you had acked > this same construct in v3. It's really just the stub function > which has changed in v4. Would you mind also adding a FIXME comment in efi_boot_mem_unused that setting ebmalloc_allocated to sizeof(ebmalloc_mem) will be removed once we can properly free the region regardless of whether 2M are being used? Seems like an abuse of that the function should be doing by passing NULL pointers to it, or maybe I'm just being dense. With that: Acked-by: Roger Pau Monné <roger.pau@xxxxxxxxxx> Thanks.

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.