[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v4 4/6] xen/arm: mpu: Create boot-time MPU protection regions
- To: Julien Grall <julien.grall.oss@xxxxxxxxx>
- From: Luca Fancellu <Luca.Fancellu@xxxxxxx>
- Date: Wed, 30 Oct 2024 10:08:09 +0000
- Accept-language: en-GB, en-US
- Arc-authentication-results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 63.35.35.123) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=arm.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dkim=[1,1,header.d=arm.com] dmarc=[1,1,header.from=arm.com])
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
- Arc-message-signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=upE9IaCDrPH45d35ED35SGKZdtetYYVzm4el82dTgTo=; b=aekUPiN2btp1mZGW4YzpMRXtmfdij1JWKOsq+6XlrmV6tdWiXEnF41RyXiT6/JfBRUHYHcZb5eJSUv0zJz8IrwyBs2Z9dGvlxeQHUmOktbCyzd2l6hegsKv5O9PI4B2Zi2iy/xfTMLHWtdkyH5Q5vDQxXv2I7eKYpPxlkr8C5GfE5+gn9Rm6RSJpDFHLLq2M+DqfagosrNMJZyzv4VQPKwCtAM7X67pdaRJrZyOOA9eaRBlGX4tB9HIyGtFbBSkPJxdcCq+WPJrEN4jZqfjlovR6RKi5vwK9IwbRdtzn4Nel25HKNaTAspRzegnekklO1DOQpOAK/N0FhRf8gwuvjA==
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=upE9IaCDrPH45d35ED35SGKZdtetYYVzm4el82dTgTo=; b=qJl6BjM0/BVjfJLBnCSBvv6mESTOPmtShhVMqkaYRrVXoXQ3au+KjIqi7qeNYyHO5RYRalP5q0t//+LV60C+dThpPbeHPr0x3EG20VCwy25d3YM82eEMavrN0kTarSTJmIRWTrSvLNrlXSf5edBkW5OecPHRoB3e5imUXXCuV7BPZ+SAnjv1a18a2nCGyoS2rnb8nNuapdNs9kV/P1KMZ9XgnK/MHYptPRUXHHcFiOKASdAEGyBanxx65aUKGmY02OKEtSNln/FZ9/qo7QfFv3aE05aCiVb04zbQIo6Z/s+bvBqMuyiEBC854wAE8jMPn0hsOtj12ome4y49YzB5kw==
- Arc-seal: i=2; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass; b=UtC4ziTr2XiX4IbwM+NeW9LnnK0qfLw8LVHVsPEa1/s3tgxDcgJ7QpE4cKpfIz7MFIeHiQLcUxQkIhJTJMt7wpaNi5RycXvOCmwUSVVsxZ6QH3offVQ7CIbu2veNrbuxWMtAQ/bLybzbQnhKmEQTF6whR19PkyzRfP/rBfTEky5fQVm6ySKHXJEVDQAe0HpqS0eF5LIeanUGykOnyVJGlW2P3oWRyumr8ETPhKR1e/mgraEgCLML5sDMTB8cnTVSxCVy8WP+/8JEqtQ7sDQ8ySqG6f1GQYOtElF0J4puQfhJkRV3gKr0oY79QIeQexmYIP0vRRXoWpg8iQWa9o/WMg==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=ESqhMtPgBYo0ceSj9tqHjZXbtEeXRk09kyAiUzM6DEHeXIYrdB0/0+O+x6QZTPPoMt+v1DC8Skmkl/rMYIw80jLARJ+Vl+FWmjtSMa9Arpj/hf/JAa15HKDleeaetXragHYPFnR0SYmivVmwQMvSeQ0sVbEKySyNblRFf97p1rFkVu3EpN8qPetwStzsPnFsGRK6EWXhoK/jry0IVXtNNW/BQaaoBHN3dHi5czqyaKD3RtXfcq2o//ND5zvUcbaCE2SsMHygqlKg3jsT/Qoyyce2nUYCLAsPflCta4WDMWPx0qkr9oNd9iXows4qLOYsVxUcTUzRkrK17ATWZk2Yeg==
- Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
- Cc: Ayan Kumar Halder <ayan.kumar.halder@xxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Bertrand Marquis <Bertrand.Marquis@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
- Delivery-date: Wed, 30 Oct 2024 10:08:39 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
- Nodisclaimer: true
- Original-authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
- Thread-index: AQHbKTd3r9ds8GMpC0a1KoGz65CsELKfBnMAgAAKAQCAAARNAA==
- Thread-topic: [PATCH v4 4/6] xen/arm: mpu: Create boot-time MPU protection regions
Hi Julien,
> On 30 Oct 2024, at 09:52, Julien Grall <julien.grall.oss@xxxxxxxxx> wrote:
>
> On Wed, 30 Oct 2024 at 09:17, Luca Fancellu <Luca.Fancellu@xxxxxxx> wrote:
>>
>> Hi Ayan,
>>
>> While I rebased the branch on top of your patches, I saw you’ve changed the
>> number of regions
>> mapped at boot time, can I ask why?
>
> I have asked the change. If you look at the layout...
Apologies, I didn’t see you’ve asked the change
>
>>
>> Compared to
>> https://patchwork.kernel.org/project/xen-devel/patch/20230626033443.2943270-25-Penny.Zheng@xxxxxxx/:
>
>
> ... you have two sections with the same permissions:
>
> xen_mpumap[1] : Xen read-only data
> xen_mpumap[2] : Xen read-only after init data
> xen_mpumap[3] : Xen read-write data
>
> During boot, [2] and [3] will share the same permissions. After boot,
> this will be [1] and [2]. Given the number of MPU regions is limited,
> this is a bit of a waste.
>
> We also don't want to have a hole in the middle of Xen sections. So
> folding seemed to be a good idea.
>
>>
>>> +FUNC(enable_boot_cpu_mm)
>>> +
>>> + /* Get the number of regions specified in MPUIR_EL2 */
>>> + mrs x5, MPUIR_EL2
>>> +
>>> + /* x0: region sel */
>>> + mov x0, xzr
>>> + /* Xen text section. */
>>> + ldr x1, =_stext
>>> + ldr x2, =_etext
>>> + prepare_xen_region x0, x1, x2, x3, x4, x5, attr_prbar=REGION_TEXT_PRBAR
>>> +
>>> + /* Xen read-only data section. */
>>> + ldr x1, =_srodata
>>> + ldr x2, =_erodata
>>> + prepare_xen_region x0, x1, x2, x3, x4, x5, attr_prbar=REGION_RO_PRBAR
>>> +
>>> + /* Xen read-only after init and data section. (RW data) */
>>> + ldr x1, =__ro_after_init_start
>>> + ldr x2, =__init_begin
>>> + prepare_xen_region x0, x1, x2, x3, x4, x5
>>
>> ^— this, for example, will block Xen to call init_done(void) later,
>> I understand this is earlyboot,
>> but I guess we don’t want to make subsequent changes to this
>> part when introducing the
>> patches to support start_xen()
>
> Can you be a bit more descriptive... What will block?
This call in setup.c:
rc = modify_xen_mappings((unsigned long)&__ro_after_init_start,
(unsigned long)&__ro_after_init_end,
PAGE_HYPERVISOR_RO);
Cannot work anymore because xen_mpumap[2] is wider than only
(__ro_after_init_start, __ro_after_init_end).
If that is what we want, then we could wrap the above call into something MMU
specific that will execute the above call and
something MPU specific that will modify xen_mpumap[1] from (_srodata, _erodata)
to (_srodata, __ro_after_init_end)
and xen_mpumap[2] from (__ro_after_init_start, __init_begin) to
(__ro_after_init_end, __init_begin).
Please, let me know your thoughts.
Cheers,
Luca
|