[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v1 3/4] xen/arm: mpu: Create boot-time MPU protection regions


  • To: Julien Grall <julien@xxxxxxx>
  • From: Luca Fancellu <Luca.Fancellu@xxxxxxx>
  • Date: Mon, 9 Sep 2024 09:28:48 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 63.35.35.123) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=arm.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dkim=[1,1,header.d=arm.com] dmarc=[1,1,header.from=arm.com])
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
  • Arc-message-signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=yjj6PpFluIEiY862ibNT5CP9eC37pKJ0mJzR2hBBfbo=; b=ZYN0j5jgL7NCX+gbb8PQDdECyhDbIl57yuvXyrKrhRx/kzwhiLFJWNC+6s+BpV72l3/ljFgdWu27397yNq1i0AXdndrzg7SgLYZP8ZSO+/RX199X54lResn4iREm8CXxIv2HK4kUksFcDHVRVtO77zob7e+5+hEyaTGw6e/bFPVSzN7RwWT/+bigAMn3eO3wSNkgulhiwOdAoNLFBIxeMLkeg9qAhyyJaoFBq2ke1yfg/78vd0QqRwFG8VHh8HceNDMzhxnm3s44s6/DDsYKYesb5gD72OQDypjWLuczvcY51UG+gswgiTJu5vWYulElCqn86jRLtafKWjR+/gyCDg==
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=yjj6PpFluIEiY862ibNT5CP9eC37pKJ0mJzR2hBBfbo=; b=dGR5YyYg8xPGVSez9jogZMU5NDPXFR/jYEM9Ak/7wzEefrM4vT1A8p/GutIpsCCwRXn622NvLA1sPzJSUwFs18B9oHlQq2+n8Bw2ZlrqWgfCi072jnK3eGOg4ZBnZA20stULZe51Yck9+ZK4s5M/pugjG8tWFetLnyfClfwNw5hiLHzVG9pkZ/1iTpb2kWWGyUSuJlSgFZiivSwas5L9KMPwTieflgG0cksTJ3xdotxiDTSJQsoF62T/HejctuZHi3whuoKLXW5Xlv8szuJ8trvdU3P6P7lNAYoj5r3cqdYaAAlPl3zOLlhmQwcQPH3etWLNpRZaOPKIIvyhzjK2IQ==
  • Arc-seal: i=2; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass; b=rB83Zh58fFXrTjRI8xuCAWUJBCiLHT8o22VBaM+FTaEHK9NRJs7hhf+ttgb9z2b1UTwFvF59/2iSzktTlkLQI3XxzQ2qn7qQPKowXlg5GHjhWW7v5/Of6sSrPRxpPUPGs6COsvG6G2pReMnGmDVLT8vIPob+bcJhba4tWn2jSHDDyXoP7VLFq3ZIrPiQEFyDn9yUoINwJHWCHlRqJidfA6zZt5V2gNQ76KrZCMOC71vqz6yVapEeXEZEBg3wMpvaqtyHMDHo8gw1iK1jYR/qDqmRSG6t78bYnEBq/zaXikjUm4Ulf0hdgxdrvJel1p2pv7Wmc48CG9jv79HDjdzRsg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=QwG+WV3+dByTbfVImzqWZQubzgp9yTlnTz9XPy//xDApUJ/ZGa8obTa7lODMlwRBRlanEvIhe/YbZ/oOBGT4TpER6sXJFLegxC1Zje9PHjhEEOZH25vS1K+Mh1OoMuq3AvCMpAJD4f3RP68liYUHOShpl1wxhJREBWIfiAuNBxmSObhsP+uqg9YLA3hlhBPRywitJELrHAYhplIQaB8ZviR3pJgOgvF11ozhmp2PL/v8mHEQe696QFd17KVoNnI7hNdS5zoEfKESVNm5yNxugN0OfajwZ5+8tgr85OhlmX4H9g/juWcSW0uxhygHDB0C4ZCW0gjbHJeb+gz686W2LQ==
  • Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Cc: Ayan Kumar Halder <ayankuma@xxxxxxx>, Ayan Kumar Halder <ayan.kumar.halder@xxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Bertrand Marquis <Bertrand.Marquis@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
  • Delivery-date: Mon, 09 Sep 2024 09:29:38 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Original-authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Thread-index: AQHa9XoHude8SoLzqU+vDRBIKLz30bI8y1SAgArTwQCABvDngIAAryqAgAAHQACAAAPxgA==
  • Thread-topic: [PATCH v1 3/4] xen/arm: mpu: Create boot-time MPU protection regions


> On 9 Sep 2024, at 10:14, Julien Grall <julien@xxxxxxx> wrote:
> 
> 
> 
> On 09/09/2024 09:48, Luca Fancellu wrote:
>> Hi Julien, Ayan,
>>>>> 
>>>>>> +    msr   PRBAR_EL2, \prbar
>>>>>> +    msr   PRLAR_EL2, \prlar
>>>>>> +    dsb   sy
>>>> This should be visible to outer shareable domain atleast. The reason being 
>>>> one can use the SH[1:0] bits in PRBAR_EL2 to set the region to outer 
>>>> shareable.
>>>> Thus, the writes to these registers should be visible to outer shareable 
>>>> domain as well.
>>> 
>>> I am a bit confused. SH[1:0] is about how the region will be accessed not 
>>> up to where should registers are visible. I was expecting that the MPU 
>>> registers only need to be visible to the MPU itself.
>>> 
>>> For instance, when using the MMU, the translation unit is in the 
>>> non-shareable domain. So a 'nsh' is sufficient regardless of the 
>>> shareability of the page/block.
>>> 
>>> This is explicitely written in the Arm Arm (see D5-4929 in ARM DDI 0487H.a) 
>>> but I can't find a similar section for the MPU yet. Although, I would be a 
>>> bit surprised if the MPU is not in the non-shareable domain... Maybe this 
>>> could be clarified with Arm?
>> I got the feedback that DSB SY is ok here
> 
> Thanks for asking. Does this mean that a "dsb nsh" would not be sufficient?

Unfortunately no one gave a straight answer on that, I was under the impression 
that nsh was sufficient, but didn’t have a confirmation.
I will try to chase more in deep.

> 
>>> 
>>> Anyway, for now, I am open to use 'dsb sy' with a TODO to revisit it.
>>> 
>>>>>> +    isb
>>> 
>>> Re-quoting the spec from you previous answer:
>>> 
>>> ```
>>> Writes to MPU registers are only guaranteed to be visible
>>> following a Context synchronization event and DSB operation.
>>> ```
>>> 
>>> So this suggests that it should be first an 'isb' and then a 'dsb'. Any 
>>> reason you wrote it the other way around?
>> I chased this internally and it was suggested the current order, dsb 
>> followed by the isb: DSB ensures the completion of prior
>> instructions before the next executes, and then ISB ensures subsequent 
>> instruction fetch observes the updated MPU state.
> 
> I am confused. "DSB" doesn't ensure any completion of instructions. It just 
> ensures memory access completion. Can you clarify?

Sorry, I meant memory access completion.

Cheers,
Luca

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.