Xen project Mailing List

Re: [PATCH][4.17] EFI: don't convert memory marked for runtime use to ordinary RAM

From: Roger Pau Monné <roger.pau@xxxxxxxxxx>

Date: Tue, 4 Oct 2022 16:01:27 +0200

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=iGgqx1lqiO12eGMjUZ8a3OBh//MxmppzY7+ROgOLLFI=; b=jGmBfQ/t+y8xnqahcBercMYBIXr/+QW5m60CKmXHEjEoakon6uFJdxSQxZnMA5ZMDiCDgmoq6QR4CxvkTrK1zCRTJJkxuYdisLEyeA58nh+m6+2py73QfMEdfTCnx4As0rF2Jlt2beR2AFuJaxw7O6JaImdxXfwX5JCZvhwvPLKmOnA+CIMpW1F4lpB3Ji2yRQlwhj5Ekp25CbPVIVgGWEdgeOhx88b377MCuPTJZcEBIxzWf8EyO3lFbcutZvh2CwJOoyZsjkFIyOTCMGXR1WM0lfSg9I6iBxH+K4E1BlwoANhrgES8TZ9OoCJ6mdKzPj5aIIwYBSM23/i7svaCVg==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XgzgGVvZazqY80Gm7DN/kwrVv1bSOjHOnsO52L18dszXbc7jOarZP8SHhUCfAjH6B/9JqmhhNJU15cVUDFZh9/QzlKD14K13Q86M4By1HLUgkdaiiAz1w3njBBZJZ0FP/w8zvGZlRU2zZ+teexVdIpd+Ki7Wq2p7kpAGh9QO+aAciGK0lhPdgquzTLe7+WZSsuYrLe4lcT2CJLJA9NEbzJNLMqbpdxM0tnZoV/Sne6pGLdxrQ0dZ2QkVokp9PMm7ubVJ3/uCyrm0GIfIgIu0mK99hzKRN3OHo19+IhgsICKcrsRuNBHdoSGzvOuGdFVKm+sJ4+/CvLYA37xk1m5rkw==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;

Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Volodymyr Babchuk <volodymyr_babchuk@xxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Henry Wang <Henry.Wang@xxxxxxx>

Delivery-date: Tue, 04 Oct 2022 14:01:45 +0000

Ironport-data: A9a23:yGzR86OsT4LtZsrvrXNrnJbM+UGnJRDYMC5AMhGNyHUsbckhNZNtJIGfuHABrxKzqlm3KX5etJlLxnKJdwjsjhDGtqeqGrOJGgSNmMmLc1UII77QgL6/Gy6PkQCkrA7wfCPPG9J3oalglSoQp2622bilpUdc/+IK6CkDrJ9pEX+80R9g1w6OGMqrOHdfSBf3NafZjqw4Ea3OgGKTBc02S9PaUa1OWUgebZ88SCABZ9bivDKJEGHr4y3KW+LG/DuF2OXuyTsI0y/kqqTEWkPcghDFyQ5rucQiQVAwir+/oBv7wPUoUbPRxbtmDTxWFdwAqeJewywrlZZTcScS0hQvTXVySEyTdeqSw+mT2p/EaiOLf/Lc3vGBIGF60KrSN194eUFOFX0/7cnzImKUwtSQerWBGxSZtxCtZPEv8GJdmDtVFAhmHKk577g9HQoZ/rs+n/ku2wxWLBTOEyH/6dvkbt13+aNCVpqcs29rvi2FNnTI8zEZosByK2wUF7qvJ8lpZJzX3fuyJxsCT/YtqEE7tZQ0qT4/hGaEjpJ/XKzX5BGUZFnMjUYnWOcNijHt1Jk2QDrdCPNhSq8v2Zf3HaZ5IUzp8cKJCFBMfcnVsPe5FTIWIRifCwYZXG8hOQwgOA8wAbKJ8uY9+XgWveOb8sE7onTGSqsDFuwTAkeUd5UKldp60WGvEhevAwysSVtrMR0PocQqItzWwczUsn3noGBRCO0Lw7UA8F+2csng2L8qRGhithSoLwd6S8H3eCmPLThT44Xa6xzUZkW0UUJRdlFkQS8iQNFwVhwo4H/0KZSY9/52KCB+OLdRZ8K9APXYOzfHPNCXk/EEYG8myZ5NRg7AMwv776+NT73PyWKdEWeU6jH9lRYWAmSYX32uxHEwS4vHkyspkoWhmdmXEt3C8oAWH9KC3TUmp9g16+zw6iggdeYk33DgTTTV2tbcl95acRs0GF15HA2aY8gUs31GitUAs1egdTSH7xMK3lpHyogfvfIR+20k4WSGB64+0JToKqReVkBVeJ85br6I7MCp3eyy5ggA9VVI02p1TxwL62nuPTS6AIRQjfghJQSj1bqC2Vc9ip+UkkxNT5fm1M6NeGl5TFJ7rcWeGLJXaFRqvFs6NRkT5jZWocaDGTFMfMRtiTSKeyh6OBVBWfdsq80NjTbf4w+LwPCCTJ6FOH+Z454ybMd9gnVYt7ovybxAdBH5K+axc8aKTX6yX/oujPz6xP2C0X0XDFPMR2Ce0tp8axQolRv39gj/KDF1cKy7W9tIvFV39umHPtn1pgzqOEyR9mvL+9nlNJ/WVQMzaHgYut6oEJRcjBi6iGm2F6wcNbDTs2ZXytttdM7IFQq98tm/uibKR0Msupsusy+8u63l0sFBee/hkikFxUDNpkJ1OnHY/1D841ytGQhDa+lRL3KELGVaagWvS3qcKKAQXZXvl1nC8FMZt8MEsiN0hELuTiNElpKkfi3E77+jARnnYBUMXi8Xkc9WWXYwrrG4s9egIF69RplTgaEkASrdu7WYm3Z8SNIT5+dYmi2AKKgt6V8dVPyej8RlyEQ5OCAAtq28xBjIa31LpsLYK2GDp6yeZGrOk9ox/gfKb9pvxoUva6tCgAmxCMWd94OnPllW7CF1Wadtzp1zHt8KJn2t7FNEjQO9B5nFrgnsLR0nX3edRFNvDoiQhEMEmtd416leWOMP/N+xnl9oFPniY9H5Ke4ZJ0/Ei0C5Kej73ql28q1/bQcWDcaMXbvXVOO7GjpBLkQpwPEyqwrj3t0bGigRfOJr83OSAqLVKu3JNjiTVXHSRWL494vwZsbU0JZrBAHCWt+jhyYTAMY8arrnBiewwjuhj3IRgENMUEGhwgbB98l6MBE8pE9N5E0n271VvEPfARZiQPi0KktI3tFlQRhbX+fPlEWnMGeF5qYoUU7o8VKUj5Qutkh7eCxMmjgLdTCyq0cCxWS/ETLaOPth169C7v38Sj2hW3trxRmowRzlwqoCK+b1z0gbHRCHo+9vPgXKiVAlvfOC1k43MxZgR5qn10T2i8r8KzW586REHynW3lJgLJ7w1aXXfmxDFuWhRU/3MnLsKq3LuIXe/L4reFVpn3Z6L3VFpAIhy1NAkl1WKcA1oQzytccuCf6LrHO4EmnohWJL+teY6Y0zxWWmdAlaQJtH/lGtC+C5xH9Ms+TYIrXZqpP1OKzVQjMSgwLOlCH/0XLSkWp9WM5DKC2pXAQ/2zih9ipfpUBqijuRM69W89fGGT/77oltOzY1X6mOUvmc4xo/ldLrZGSRF+bXSAbLQneXcOr1iwJIolZuG2dfWAoZyVPxCHp2JEf18qPJMYQHKfc8bvQ3V6KbGHg7n0VraZ+K/4hn8hp9tkSv3hs2zalAaTD0ZpFESB9erbJMsIPuKPwSHOjgudHZQ179lvhPWK6Ezj6vpbXrroB4bgvCQImvlKT1D2UqsWjs/U+3bt88fa6/OYql5PleyEBCfmI7hmH9SEGLi2FWosSWR2rD/97VepL9xw8OJ0EAuRAnFNea27KCCEIx7x8vgbT/3PsfDnvQDvlMVrn7K/+mI8w97xvmEA6BQzSVm25FKM1tNG841+pUgNj46JjPCVbayOtFqelZZjCv8LewCIkIdcDXiMDNqWEV78zD6i81/ytqyEUjW/6DyboU+s8Tvk+/n5EU0eL/SMqLLQ==

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Tue, Oct 04, 2022 at 03:10:57PM +0200, Jan Beulich wrote: > On 04.10.2022 14:52, Roger Pau Monné wrote: > > On Tue, Oct 04, 2022 at 02:18:31PM +0200, Jan Beulich wrote: > >> On 04.10.2022 12:54, Roger Pau Monné wrote: > >>> On Tue, Oct 04, 2022 at 12:44:16PM +0200, Jan Beulich wrote: > >>>> On 04.10.2022 12:38, Roger Pau Monné wrote: > >>>>> On Tue, Oct 04, 2022 at 12:23:23PM +0200, Jan Beulich wrote: > >>>>>> On 04.10.2022 11:33, Roger Pau Monné wrote: > >>>>>>> On Tue, Oct 04, 2022 at 10:06:36AM +0200, Jan Beulich wrote: > >>>>>>>> On 30.09.2022 16:28, Roger Pau Monné wrote: > >>>>>>>>> On Fri, Sep 30, 2022 at 09:50:40AM +0200, Jan Beulich wrote: > >>>>>>>>>> efi_init_memory() in both relevant places is treating > >>>>>>>>>> EFI_MEMORY_RUNTIME > >>>>>>>>>> higher priority than the type of the range. To avoid accessing > >>>>>>>>>> memory at > >>>>>>>>>> runtime which was re-used for other purposes, make > >>>>>>>>>> efi_arch_process_memory_map() follow suit. While on x86 in theory > >>>>>>>>>> the > >>>>>>>>>> same would apply to EfiACPIReclaimMemory, we don't actually > >>>>>>>>>> "reclaim" > >>>>>>>>>> E820_ACPI memory there and hence that type's handling can be left > >>>>>>>>>> alone. > >>>>>>>>> > >>>>>>>>> What about dom0? Should it be translated to E820_RESERVED so that > >>>>>>>>> dom0 doesn't try to use it either? > >>>>>>>> > >>>>>>>> I'm afraid I don't understand the questions. Not the least because I > >>>>>>>> think "it" can't really mean "dom0" from the earlier sentence. > >>>>>>> > >>>>>>> Sorry, let me try again: > >>>>>>> > >>>>>>> The memory map provided to dom0 will contain E820_ACPI entries for > >>>>>>> memory ranges with the EFI_MEMORY_RUNTIME attributes in the EFI memory > >>>>>>> map. Is there a risk from dom0 reclaiming such E820_ACPI ranges, > >>>>>>> overwriting the data needed for runtime services? > >>>>>> > >>>>>> How would Dom0 go about doing so? It has no control over what we hand > >>>>>> to the page allocator - it can only free pages which were actually > >>>>>> allocated to it. E820_ACPI and E820_RESERVED pages are assigned to > >>>>>> DomIO - Dom0 can map and access them, but it cannot free them. > >>>>> > >>>>> Maybe I'm very confused, but what about dom0 overwriting the data > >>>>> there, won't it cause issues to runtime services? > >>>> > >>>> If it overwrites it, of course there are going to be issues. Just like > >>>> there are going to be problems from anything else Dom0 does wrong. > >>> > >>> But would dom0 know it's doing something wrong? > >> > >> Yes. Please also see my reply to Andrew. > >> > >>> The region is just marked as E820_ACPI from dom0 PoV, so it doesn't > >>> know it's required by EFI runtime services, and dom0 could > >>> legitimately overwrite the region once it considers all ACPI parsing > >>> done from it's side. > >> > >> PV Dom0 won't ever see E820_ACPI in the relevant E820 map; this type can > >> only appear in the machine E820. In how far PVH Dom0 might need to take > >> special care I can't tell right now (but at least for kexec purposes I > >> expect Linux isn't going to recycle E820_ACPI regions even going forward). > > > > Even if unlikely, couldn't some dom0 OS look at the machine map after > > processing ACPI and just decide to overwrite the ACPI regions? > > > > Not that it's useful from an OS PoV, but also we have no statement > > saying that E820_ACPI in the machine memory map shouldn't be > > overwritten. > > There are many things we have no statements for, yet we imply certain > behavior or restrictions. The machine memory map, imo, clearly isn't > intended for this kind of use. There isn't much I can say then. I do feel we are creating rules out of thin air. I do think the commit message should mention that we rely on dom0 not overwriting the data in the E820_ACPI regions on the machine memory map. Thanks, Roger.

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.