Xen project Mailing List

Re: [PATCH v4 5/6] xen/arm: mpu: Enable MPU

To: Ayan Kumar Halder <ayan.kumar.halder@xxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx

From: Julien Grall <julien@xxxxxxx>

Date: Fri, 1 Nov 2024 14:19:39 +0000

Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>

Delivery-date: Fri, 01 Nov 2024 14:19:59 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Hi Ayan, On 28/10/2024 12:45, Ayan Kumar Halder wrote:

After the regions have been created, now we enable the MPU. For this we disable
the background region so that the new memory map created for the regions take
effect. Also, we treat all RW regions as non executable and the data cache is
enabled.

As enable_mpu() is invoked from enable_boot_cpu_mm(), one needs to save and
restore the lr.

Signed-off-by: Ayan Kumar Halder <ayan.kumar.halder@xxxxxxx>
---
Changes from :-

v2 - 1. Extracted from the previous patch into a new one.

2. Disabled background region.

v3 - 1. Removed dsb before setting SCTLR_EL2. The reason being
 From ARM DDI 0487K.a D23-7349:
"Direct writes to these registers (includes SCTLR_EL2) are not allowed to affect
any instructions appearing in program order before the direct write."
So, we don't need a synchronization barrier before writing to SCTLR_EL2.
Further, we do have synchronization barriers after writing the MPU region
registers (which happens before we read SCTLR_EL2). So, SCTLR_EL2 is written
after the MPU registers are synchronized. And, thus adding a 'isb' to flush the
instruction pipeline ensures that the subsequent instructions are fetched after
the MPU has been enabled.

2. Saved and restored lr in enable_boot_cpu_mm().

  xen/arch/arm/arm64/mpu/head.S                | 30 ++++++++++++++++++--
  xen/arch/arm/include/asm/arm64/mpu/sysregs.h |  3 ++
  2 files changed, 31 insertions(+), 2 deletions(-)

diff --git a/xen/arch/arm/arm64/mpu/head.S b/xen/arch/arm/arm64/mpu/head.S
index 9377ae778c..0edadb009c 100644
--- a/xen/arch/arm/arm64/mpu/head.S
+++ b/xen/arch/arm/arm64/mpu/head.S
@@ -68,6 +68,29 @@ FUNC_LOCAL(fail_insufficient_regions)
      b   1b
  END(fail_insufficient_regions)

+/*

+ * Enable EL2 MPU and data cache
+ * If the Background region is enabled, then the MPU uses the default memory
+ * map as the Background region for generating the memory
+ * attributes when MPU is disabled.
+ * Since the default memory map of the Armv8-R AArch64 architecture is
+ * IMPLEMENTATION DEFINED, we intend to turn off the Background region here.
+ *
+ * Clobbers x0
+ *
+ */
+FUNC_LOCAL(enable_mpu)
+    mrs   x0, SCTLR_EL2
+    bic   x0, x0, #SCTLR_ELx_BR       /* Disable Background region */
+    orr   x0, x0, #SCTLR_Axx_ELx_M    /* Enable MPU */
+    orr   x0, x0, #SCTLR_Axx_ELx_C    /* Enable D-cache */
+    orr   x0, x0, #SCTLR_Axx_ELx_WXN  /* Enable WXN */
+    msr   SCTLR_EL2, x0
+    isb
+
+    ret
+END(enable_mpu)
+
  /*
   * Maps the various sections of Xen (described in xen.lds.S) as different MPU
   * regions.
@@ -75,10 +98,11 @@ END(fail_insufficient_regions)
   * Inputs:
   *   lr : Address to return to.
   *
- * Clobbers x0 - x5
+ * Clobbers x0 - x6
   *
   */
  FUNC(enable_boot_cpu_mm)
+    mov   x6, lr

/* Get the number of regions specified in MPUIR_EL2 */

      mrs   x5, MPUIR_EL2
@@ -110,8 +134,10 @@ FUNC(enable_boot_cpu_mm)
      ldr   x2, =__bss_end
      prepare_xen_region x0, x1, x2, x3, x4, x5

- ret

+    bl    enable_mpu

+ mov lr, x6

+    ret

You should not need to save/restore 'lr'. You could write: b enable_mpu

So when enable_mpu returns, it will go back to the caller of

enable_boot_cpu_mm.

With that fixed: Acked-by: Julien Grall <jgrall@xxxxxxxxxx> Cheers, -- Julien Grall

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.