[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3 4/6] xen/arm: mpu: Create boot-time MPU protection regions


  • To: Julien Grall <julien@xxxxxxx>, Ayan Kumar Halder <ayan.kumar.halder@xxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • From: Ayan Kumar Halder <ayankuma@xxxxxxx>
  • Date: Mon, 21 Oct 2024 16:07:32 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=vK0gOMX5GY3wYuzkvhrqd3XvZMD6GY+H+a4JObZ05fk=; b=DhsB+b4/v7y5BY8uQuomocbeT63Db1/oKEJwW8pDy8m9qiLfHDllO8mOhOWf6rL/UK9U6bvS7emhiXg8sKYg1Wv3stYmkrQ2+7LBP0/hEgEi72bjCUq5/RljVwXCcmFW4n9Apph7rFfppj5vPB5l8Mjqm0Et3qMLf/8BGYjmSV8bxALQnnHCv2cq+vPqQDUlt/ByIO4eCOLpby23tNomRfrOQx+TMNdVJcqTefVDwlLicBGC2S56MsdF1721vSGP0O9WbpoagWOvI/ejjnYBiGUzesKO4Zr2or9Foaovzhto8yurY5YrlfS12JPoHFHvpFERZ3W+qc7cRkTFv8fyHg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=lJ0kVrIRDio9aSUlHJMQ2xc8vs+WPEaZSsnqrUnuoOefWD+X2GXLWmINvILZt2whZpexYvMJWv2OT9uLzbYf3NDmpm++OJHJyEfIHnZMsKFqYGq19TwbEkBfApjMGyOtK5JE7+N10+PoqXI0iWTanK2kj1evHPBB5IUFCbx4/HIKsvtxdR/oputoXRiVtOTF49dX09iCL01Rj5E8njymRIu1fHjA3MWPg/AOgngGw/9g15nw4yi2+k5hlF+LrE1qNTASRTrXjXX2pM5CW9uOQ4hj+xGk7vBdIcDCIMThwwGP5VQ3F5sf30vXrN4Nc8Jm2N4G0p4/+JfzwYXFpMSf9g==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amd.com;
  • Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
  • Delivery-date: Mon, 21 Oct 2024 15:07:50 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>


On 18/10/2024 23:13, Julien Grall wrote:
Hi Ayan,

Hi Julien,

Just one clarification.


On 10/10/2024 15:03, Ayan Kumar Halder wrote:
diff --git a/xen/arch/arm/arm64/mpu/Makefile b/xen/arch/arm/arm64/mpu/Makefile
new file mode 100644
index 0000000000..3340058c08
--- /dev/null
+++ b/xen/arch/arm/arm64/mpu/Makefile
@@ -0,0 +1 @@
+obj-y += head.o
diff --git a/xen/arch/arm/arm64/mpu/head.S b/xen/arch/arm/arm64/mpu/head.S
new file mode 100644
index 0000000000..4a21bc815c
--- /dev/null
+++ b/xen/arch/arm/arm64/mpu/head.S
@@ -0,0 +1,130 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+/*
+ * Start-of-day code for an Armv8-R MPU system.
+ */
+
+#include <asm/mm.h>
+#include <asm/arm64/mpu/sysregs.h>
+
+#define REGION_TEXT_PRBAR       0x38    /* SH=11 AP=10 XN=00 */
+#define REGION_RO_PRBAR         0x3A    /* SH=11 AP=10 XN=10 */
+#define REGION_DATA_PRBAR       0x32    /* SH=11 AP=00 XN=10 */
+
+#define REGION_NORMAL_PRLAR     0x0f    /* NS=0 ATTR=111 EN=1 */
+
+/*
+ * Macro to prepare and set a EL2 MPU memory region.
+ * We will also create an according MPU memory region entry, which
+ * is a structure of pr_t,  in table \prmap.
+ *
+ * Inputs:
+ * sel:         region selector
+ * base:        reg storing base address (should be page-aligned)
+ * limit:       reg storing limit address
+ * prbar:       store computed PRBAR_EL2 value
+ * prlar:       store computed PRLAR_EL2 value
+ * maxcount:    maximum number of EL2 regions supported
+ * attr_prbar:  PRBAR_EL2-related memory attributes. If not specified it will be
+ *              REGION_DATA_PRBAR
+ * attr_prlar:  PRLAR_EL2-related memory attributes. If not specified it will be
+ *              REGION_NORMAL_PRLAR
+ */
+.macro prepare_xen_region, sel, base, limit, prbar, prlar, maxcount, attr_prbar=REGION_DATA_PRBAR, attr_prlar=REGION_NORMAL_PRLAR
+
+    /* Check if the number of regions exceeded the count specified in MPUIR_EL2 */
+    add   \sel, \sel, #1
+    cmp   \sel, \maxcount
+    bgt   fail
+
+    /* Prepare value for PRBAR_EL2 reg and preserve it in \prbar.*/
+    and   \base, \base, #MPU_REGION_MASK
+    mov   \prbar, #\attr_prbar
+    orr   \prbar, \prbar, \base
+
+    /* Limit address should be inclusive */
+    sub   \limit, \limit, #1
+    and   \limit, \limit, #MPU_REGION_MASK
+    mov   \prlar, #\attr_prlar
+    orr   \prlar, \prlar, \limit
+
+    msr   PRSELR_EL2, \sel
+    isb
+    msr   PRBAR_EL2, \prbar
+    msr   PRLAR_EL2, \prlar
+    dsb   sy
+    isb
+.endm
+
+/* Load the physical address of a symbol into xb */
+.macro load_paddr xb, sym
+    ldr \xb, =\sym
+    add \xb, \xb, x20       /* x20 - Phys offset */

Sorry I didn't spot this until now. Xen will be linked to a specific physical address, so why do we need to add an offset?
Yes, this needs to be removed. x20 contains 0.

+.endm
+
+/*
+ * Maps the various sections of Xen (described in xen.lds.S) as different MPU
+ * regions.
+ *
+ * Inputs:
+ *   lr : Address to return to.
+ *
+ * Clobbers x0 - x5
+ *
+ */
+FUNC(enable_boot_cpu_mm)
+
+    /* Check if the number of regions exceeded the count specified in MPUIR_EL2 */

AFAIU, this doesn't match what the instruction is doing below.
Sorry, this needs to be removed.

+    mrs   x5, MPUIR_EL2
+
+    /* x0: region sel */
+    mov   x0, xzr
+    /* Xen text section. */
+    load_paddr x1, _stext
+    load_paddr x2, _etext
+    cmp x1, x2
+    beq 1f

This check seems to be excessive... I can't think of a reason why there would be no text at all... Same for a lot of the checks below.
Is it ok if we have this excess check ? The downsides are only a small increase in code size and boot time. Otherwise, I need to justify why we have this checks in some places, but not in others.

+    prepare_xen_region x0, x1, x2, x3, x4, x5, attr_prbar=REGION_TEXT_PRBAR
+
+1:  /* Xen read-only data section. */
+    load_paddr x1, _srodata
+    load_paddr x2, _erodata
+    cmp x1, x2
+    beq 2f
+    prepare_xen_region x0, x1, x2, x3, x4, x5, attr_prbar=REGION_RO_PRBAR
+
+2:  /* Xen read-only after init and data section. (RW data) */
+    load_paddr x1, __ro_after_init_start
+    load_paddr x2, __init_begin
+    cmp x1, x2
+    beq 3f
+    prepare_xen_region x0, x1, x2, x3, x4, x5
+
+3:  /* Xen code section. */
+    load_paddr x1, __init_begin
+    load_paddr x2, __init_data_begin
+    cmp x1, x2
+    beq 4f
+    prepare_xen_region x0, x1, x2, x3, x4, x5, attr_prbar=REGION_TEXT_PRBAR
+
+4:  /* Xen data and BSS section. */
+    load_paddr x1, __init_data_begin
+    load_paddr x2, __bss_end
+    cmp x1, x2
+    beq 5f
+    prepare_xen_region x0, x1, x2, x3, x4, x5
+
+5:
+    ret
+
+fail:

This name is a bit too generic given you use within a macro. Also, I think it should be its own local function because the macro can be used anywhere.

Ack. I will convert this to a function.

- Ayan




 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.