[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 4/6] arm/mpu: Destroy an existing entry in Xen MPU memory mapping table

  • To: Ayan Kumar Halder <ayankuma@xxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Hari Limaye <Hari.Limaye@xxxxxxx>
  • Date: Tue, 1 Jul 2025 14:56:59 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 4.158.2.129) smtp.rcpttodomain=amd.com smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=arm.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dkim=[1,1,header.d=arm.com] dmarc=[1,1,header.from=arm.com])
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
  • Arc-message-signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Jz+QEb/G87ujIIx2xds1kFR41edd5uI5Eoqgm5rvbds=; b=aZX4+KNGEKIjDscDOvN0ZFLx5Pb/BnMkGgqVpriZpTkd5e7lx96yFzZJXxG8G1eH1R0HZ3v7CG8HDGl8TMPkYPRvoh/QZYhJRa6tnVHaOgEEITufJ7PMpgw8iSPOOUQGRWcGYPYxiXmMcg0zEfkTgMYXZQXsvfCwm+TkfH85OaEclm2NaTeLU++TvR47HWpaVTBf93+9oDA4sUpC52Qxm0Fiil18nreItO5RVfmIBtDmpY1PRBqwC+OdBDxfa3m+XqVXFF8FtuKeaOv5OXpxaeftZx5StnB3Bs0uLBsfdu3GL3JHulGzJnHu9opmjYq5nMHVD8Vx10TAQgIolMOAow==
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Jz+QEb/G87ujIIx2xds1kFR41edd5uI5Eoqgm5rvbds=; b=USQLq/zdQo3iAHoD1ybrZnDpMORRdqxUcgKHwLZHHC0UNNiPLdFC6FlTMJ9EPQzBgbbcDHg6TpmWVLasLqZFvO1Yo8R1lXGwASXDejkMaIuJeF04Bsy2sjxlYYZophNPx1BQNJA/SpfCUNMZpmCdAQg1ajbTzf6c71tce64wlbZf1HKun6sdtxLIF+peallhZJ0BqZLs48Q1BocNVtVDvyuRxyfXTEC1qlzWcG/A+gW9LIpomvzxhnQBINi8vuaExjISphmapeDe/1TumkL6dsC+IK4DD3l8AiY+m17AKVTJ0iLv6DbMioDmLx2FEaJe7jZXmpdkC5ZGGGUq3BftSw==
  • Arc-seal: i=2; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass; b=nB44as3b5s4DHQW3Yql0qJM4saEsCIyrtTbr6pdE9rFsFQKlXjbofFSJ5P2xXDNSXP1cWt7v1gsbAwHmuhl6ciSFVyzISQl9gP2oLv+u9KxpBe5r0gmyFCt8khwMeMCXLkkeJbmvT+ahaao1t6aVLKlsOBWIMUadBB+F23PH1vzEU1PsmETQUPqUp0Fompk1XRylAERJ35lJ4MKmUn62yc0xzQtTJkxfmOLCSJMDFutzwMM+glYpW9hLaWwzD9BajHHb+5p8n8JTxQSAYm5xsqc/NevFHfH0dL4u+tS0Lfz1asXnBv1NoSxPfqJ3LnWhMFmGO+b2NzgFOIz/t3JQzA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=w3xIizWcnup2ibW1Uno4XrmTlpWZE9k+pmUuSMgIGzcUkw100RuW9Xg2DtX0bGW3dYLdsyXab9XvAF9w0gLTqDUq1pfuUMHCI2STu6cmvcj8LZOYfEdQVAWjRW5ODb2+Wbeas4JkJp7PvG1L4SlWc3Z3rwyjgxm7/mYI/3RJeCIuio4Cy6ig4kGZI/7LpGvKTeBGZyO1M3WrnyFddUdB3yfy4w5lrlL9TqmQwJTbH5RG+CvJdKfaTk3+w5t0/xzJV9H5xW5qA5QfKiO6ii0kNMQZXZDcLASezPhRORKAMG9Fyn5AEwMFEbxX4ciGQOpA3feBGHuqKdU4cATAMOJsbQ==
  • Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Cc: Luca Fancellu <Luca.Fancellu@xxxxxxx>, Penny Zheng <Penny.Zheng@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Bertrand Marquis <Bertrand.Marquis@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Wei Chen <Wei.Chen@xxxxxxx>
  • Delivery-date: Tue, 01 Jul 2025 14:57:54 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Thread-index: AQHb4cpciV/6CvSAB0CHD6KSA8R6qrQUHtAAgAlF/Zk=
  • Thread-topic: [PATCH 4/6] arm/mpu: Destroy an existing entry in Xen MPU memory mapping table

Hi Ayan,

 

Thank you for the review. I have just a couple of clarifications before I

re-spin the series to address all the comments:

 

> > -    if ( flags & _PAGE_PRESENT )

> > +    if ( (flags & _PAGE_PRESENT) && (MPUMAP_REGION_NOTFOUND == rc) )

> 

> Same question in this patch , why do we need to check for _PAGE_PRESENT.

> Can't we just rely on MPUMAP_REGION_XXX ?

 

The _PAGE_PRESENT flag indicates intent - whether the caller intends to create

or remove a region. The MPUMAP_REGION_XXX values only describe the current state

of the MPU map - whether the region already exists - not the caller's purpose.

 

For example, if the function is called to remove a region and it turns out to be

MPUMAP_REGION_NOTFOUND, we don't want to accidentally create it.

 

The flag is passed via the `flags` argument in calls to `map_pages_to_xen()`.

In this patch:

https://patchwork.kernel.org/project/xen-devel/patch/deccb1566ced5fa64f6de5c988ab968b76dc945a.1750411205.git.hari.limaye@xxxxxxx/

`flags` is set to PAGE_HYPERVISOR_RO, and as defined in

xen/arch/arm/include/asm/page.h, this includes _PAGE_PRESENT.

 

It is also used in a similar way in `xen_pt_update_entry()` in

xen/arch/arm/mmu/pt.c.

 

> > +static void disable_mpu_region_from_index(uint8_t index)

> > +{

> > +    ASSERT(spin_is_locked(&xen_mpumap_lock));

> > +    ASSERT(index != INVALID_REGION_IDX);

> > +

> > +    if ( !region_is_valid(&xen_mpumap[index]) )

> > +    {

> > +        printk(XENLOG_WARNING

> > +               "mpu: MPU memory region[%u] is already disabled\n", index);

> > +        return;

> > +    }

> > +

> > +    /* Zeroing the region will also zero the region enable */

> > +    memset(&xen_mpumap[index], 0, sizeof(pr_t));

> > +    clear_bit(index, xen_mpumap_mask);

> 

> NIT.

> 

> These 2 lines we can move before the if { ..}. So that the region is

> zeroed even if the region is disabled. This will add a small overhead,

> but we will be sure that the region is zeroed whenever it is disabled.

 

Thank you for the suggestion - just to clarify, unless I am missing something

I think that moving those lines above the if block would actually break the

logic.

 

The memset() call zeroes the region in the xen_mpumap data structure, and this

is what region_is_valid() inspects. So if we zero the region before calling

region_is_valid(), that check will always fail, and we would exit early without

updating the hardware.

 

It’s the subsequent lines that actually write the region to the MPU register. So

if we exit early, the hardware MPU state remains unchanged.

 

That said, I believe the current logic is sound - the early return path should

only be hit if the region is already known to be disabled both in software and

hardware. This function assumes it is the sole point of disabling regions, so

the check should be reliable.

 

Many Thanks,

Hari

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.