Xen project Mailing List

Re: [PATCH v4 4/6] xen/arm: mpu: Create boot-time MPU protection regions

From: Luca Fancellu <Luca.Fancellu@xxxxxxx>

Date: Wed, 30 Oct 2024 10:51:12 +0000

Accept-language: en-GB, en-US

Arc-authentication-results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 63.35.35.123) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=arm.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dkim=[1,1,header.d=arm.com] dmarc=[1,1,header.from=arm.com])

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none

Arc-message-signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=iufWWRFZhYo+XxtfAwDAOoMohFr9S+PMW8q/2XvrvRE=; b=XM9bi6HuGvyLVRJc7omiu7+GT++nAI9VR3WCdS2WQD4fZ0yxMYaSGHPu2buOy2k4iipdD4GzHGgEuGGO2VJnpT5XNhg443AcMaBYV14SIJ5SSkEMc3D/h2QiMlnO7jxSZdOl3FhdhdbmxkygWTqjMJi9anIQgmjCrcsEskmvzgxxM+vdHOHy4r7Kwi/wdLDxn7SpWbpGahI1kbexOAxrlqC3tMT0eO021jfCd60mY3Dcr5mRBbpytNnwhV4jaA9ZXtkNW9Jo/ur2SrG1QTuk3CT9Ar77iqnAxRJbE8ezXQ0+CJH0aXT7w/qZvUrtDeYAymk4qQDM0VfgAfaewuWW+A==

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=iufWWRFZhYo+XxtfAwDAOoMohFr9S+PMW8q/2XvrvRE=; b=O9fMfwsy1YIYOm0rtCCIx8JNXAhmPRGcYmzidmQK1U4kALQVc2uyzR0uhO81mq4cKs51L4b+B1O4xTyeYex17eIEbWemwkp8m+DwizXb22EQT++0NCgt5Cg9Td+tAZw4wyj+YYnOXtglYHRHbwTmZEMjrWIWVGABCQsTpcXBZO2zUB0QxKtzT6guEPQZvmY3Ud+mltmRMmQ9OYty+yuy4BJFiY3ZfHCWviV03s9iL3HzaveVGwJimV6dTkEgxFnnkCQq3OHYrZatoQ9MgH0eer0KKamIey0D3xZEkMEZUjO8yHmoLgkxtTqLdrwnqsm6nMm8aVea8YinZBTIeHGYcw==

Arc-seal: i=2; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass; b=tQlpfEnjcNyGDyk6Nh32ig3NMllJQ79YTyVHfOUu7WSUozCqYRV9DUOOIoe7V5ZsWR5fUi/ntK08z+knN7+HZsYp9ekniIJfUDyA1Oq+JJbOheoQESQArrl9bgbTQP6M271OBKhVlHOEubJ5H7bh/vVKvi78t54qtic9Zva6sowJFgC0uQDU6R8s39X5UrYXyVScO+qOEyeVX52pB2pX84iL4h/PMuswyZe6Q6e//nWlX3fpYHbU52lGS80f2DAgslgd4c167cpqlwc8BkAeuMJh9++qWjLFs+chIXTqZWiY/KD6iwpY5rm9sX6NURu2McJQ4OBMQJbdqdHD9VL25Q==

Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=SACBeeu15SwGJPDOsiVshEQv6io9B9G0UIj2UbGhanX7GXcZCjHL8w0W8YDJKRD3uaxprH50Gt6omoKtRCWbB2xqJy18tON/FGY3Sk43ymBDrqQo4FA+ZU9bk/65yX8YaOftOec3yKtavvpvrhF2bLE/3mCZgXaPOojwWrY9KYYkLGXXSN+NOuZqkxEF3mRUeW27CoCxSjI7O6GGYC6LZHYyXz5NyLqIHKujdx1GwTP/IssuFcT+aNcvWQ8UogALoWSPHI3KlybpDhcjBagt83RAVS0cXjaX7xdCmi2+7wzePQt23hsaXxyPCHMQRWpzU7F78GgUkSOZO6CyCH47NA==

Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;

Cc: Julien Grall <julien.grall.oss@xxxxxxxxx>, Ayan Kumar Halder <ayan.kumar.halder@xxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Bertrand Marquis <Bertrand.Marquis@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>

Delivery-date: Wed, 30 Oct 2024 10:52:29 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Nodisclaimer: true

Original-authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;

Thread-index: AQHbKTd3r9ds8GMpC0a1KoGz65CsELKfBnMAgAAKAQCAAARNAIAABs8AgAAFJgA=

Thread-topic: [PATCH v4 4/6] xen/arm: mpu: Create boot-time MPU protection regions

Hi Julien, > On 30 Oct 2024, at 10:32, Julien Grall <julien@xxxxxxx> wrote: > > On 30/10/2024 10:08, Luca Fancellu wrote: >> Hi Julien, >>> On 30 Oct 2024, at 09:52, Julien Grall <julien.grall.oss@xxxxxxxxx> wrote: >>> >>> On Wed, 30 Oct 2024 at 09:17, Luca Fancellu <Luca.Fancellu@xxxxxxx> wrote: >>>> >>>> Hi Ayan, >>>> >>>> While I rebased the branch on top of your patches, I saw you’ve changed >>>> the number of regions >>>> mapped at boot time, can I ask why? >>> >>> I have asked the change. If you look at the layout... >> Apologies, I didn’t see you’ve asked the change > > No need to apologies! I think I asked a few revisions ago. > >>> >>>> >>>> Compared to >>>> https://patchwork.kernel.org/project/xen-devel/patch/20230626033443.2943270-25-Penny.Zheng@xxxxxxx/: >>> >>> >>> ... you have two sections with the same permissions: >>> >>> xen_mpumap[1] : Xen read-only data >>> xen_mpumap[2] : Xen read-only after init data >>> xen_mpumap[3] : Xen read-write data >>> >>> During boot, [2] and [3] will share the same permissions. After boot, >>> this will be [1] and [2]. Given the number of MPU regions is limited, >>> this is a bit of a waste. >>> >>> We also don't want to have a hole in the middle of Xen sections. So >>> folding seemed to be a good idea. >>> >>>> >>>>> +FUNC(enable_boot_cpu_mm) >>>>> + >>>>> + /* Get the number of regions specified in MPUIR_EL2 */ >>>>> + mrs x5, MPUIR_EL2 >>>>> + >>>>> + /* x0: region sel */ >>>>> + mov x0, xzr >>>>> + /* Xen text section. */ >>>>> + ldr x1, =_stext >>>>> + ldr x2, =_etext >>>>> + prepare_xen_region x0, x1, x2, x3, x4, x5, >>>>> attr_prbar=REGION_TEXT_PRBAR >>>>> + >>>>> + /* Xen read-only data section. */ >>>>> + ldr x1, =_srodata >>>>> + ldr x2, =_erodata >>>>> + prepare_xen_region x0, x1, x2, x3, x4, x5, attr_prbar=REGION_RO_PRBAR >>>>> + >>>>> + /* Xen read-only after init and data section. (RW data) */ >>>>> + ldr x1, =__ro_after_init_start >>>>> + ldr x2, =__init_begin >>>>> + prepare_xen_region x0, x1, x2, x3, x4, x5 >>>> >>>> ^— this, for example, will block Xen to call init_done(void) >>>> later, I understand this is earlyboot, >>>> but I guess we don’t want to make subsequent changes to this >>>> part when introducing the >>>> patches to support start_xen() >>> >>> Can you be a bit more descriptive... What will block? >> This call in setup.c: >> rc = modify_xen_mappings((unsigned long)&__ro_after_init_start, >> (unsigned long)&__ro_after_init_end, >> PAGE_HYPERVISOR_RO); >> Cannot work anymore because xen_mpumap[2] is wider than only >> (__ro_after_init_start, __ro_after_init_end). > > Is this because the implementation of modify_xen_mappings() is only able to > modify a full region? IOW, it would not be able to split regions and/or merge > them? Yes, the code is, at the moment, not smart enough to do that, it will only modify a full region. > >> If that is what we want, then we could wrap the above call into something >> MMU specific that will execute the above call and >> something MPU specific that will modify xen_mpumap[1] from (_srodata, >> _erodata) to (_srodata, __ro_after_init_end) >> and xen_mpumap[2] from (__ro_after_init_start, __init_begin) to >> (__ro_after_init_end, __init_begin). > > I think it would make sense to have the call mmu/mpu specific. This would > allow to limit the number of MPU regions used by Xen itself. > > The only problem is IIRC the region is not fixed because we will skip empty > regions during earlyboot. Yes, but I think we can assume that X(_srodata, _erodata) and Y(__ro_after_init_start, __init_begin) won’t never be empty for Xen? In that case, the call to mpumap_contain_region() should be able to retrieve the full region X and the partial region Y and a specific function could modify the ranges of both given the respective indexes. Code in my branch: https://gitlab.com/xen-project/people/lucafancellu/xen/-/blob/r82_rebased/xen/arch/arm/mpu/mm.c#L382

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.