[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Proposal for Porting Xen to Armv8-R64 - DraftA

  • To: Julien Grall <julien@xxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>
  • From: Wei Chen <Wei.Chen@xxxxxxx>
  • Date: Fri, 4 Mar 2022 05:38:24 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=k76k4ujfYmUlE3//lAUTcg7jG/wESpqtfiKW+HWvlJ8=; b=CKtCW8npwMkROxC/dfUMQMwiEteeVg6wIFrPKg7EKx3WZAHAn3c2Me8ee40LACB1PoN3+tGVoUJqHvTSrxa1tv1l75ETGecGcFyj042hgvjr03K1ZNwE+poOXascZhkV0gOgTNGeMDGOdbhdg06/87mbbgFCSkaIZ+cbmWC+Cw1q6iaiZq6A+q1rUJP/XoGFahnjOaj2n6WZe6B/QJ5s5mYy5JoRxEZ7jLy0hNl22iU/F73qGlEbCnEYpsjQw2+AJ2YriNT355EpAF9VgolYzbI4ZXWZXB9JDqvzCFYgfdBumt+STXdAFboBQCR6qDi1B6PttjDWhqBgNYeSBA7d9w==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bIT0qKCl+tRJYFmA682ISxj9sn7xexy6UugmLkh1lp8u6Vn08+KF/tEM1QmgAJ4/DaLfYCvbVgP9wTuOTlvTVwfsttoOwrqim8g1/Vu+uAXtfcwuGz0zdjcmB/6aHEsM/E8aeLjEwLf279PqCSm38fnzETwJ1A55c25feX29bWDUQN+DzAV0OFqbIvqFGG1QpnFTyJPngJreIDoMoQW2DNfSx2Ti/0kKlc0hYnUUMFfkt3Ii+uLeHH7hlWr1nG+VFAeBmpejsmCVOw+2ffGPpIy7Oq476tqZraoMyRdLVcJ/UW7uhTTomCYrR/l/arUqSExccl7PiDZ8tTVMd72yBg==
  • Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Cc: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>, Penny Zheng <Penny.Zheng@xxxxxxx>, Henry Wang <Henry.Wang@xxxxxxx>, nd <nd@xxxxxxx>
  • Delivery-date: Fri, 04 Mar 2022 05:39:00 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Original-authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Thread-index: AdgpQxtXwh7LkfydTgiYk9bhMgU+ogBRt1sAAKse4VAAPag1gAAckyvAACYrsoAAFEbkAA==
  • Thread-topic: Proposal for Porting Xen to Armv8-R64 - DraftA
Hi Julien,

> -----Original Message-----
> From: Julien Grall <julien@xxxxxxx>
> Sent: 2022年3月4日 3:51
> To: Wei Chen <Wei.Chen@xxxxxxx>; xen-devel@xxxxxxxxxxxxxxxxxxxx; Stefano
> Stabellini <sstabellini@xxxxxxxxxx>
> Cc: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>; Penny Zheng
> <Penny.Zheng@xxxxxxx>; Henry Wang <Henry.Wang@xxxxxxx>; nd <nd@xxxxxxx>
> Subject: Re: Proposal for Porting Xen to Armv8-R64 - DraftA
> 
> Hi Wei,
> 
> On 03/03/2022 02:06, Wei Chen wrote:
> >> -----Original Message-----
> >> From: Julien Grall <julien@xxxxxxx>
> >> Sent: 2022年3月2日 20:00
> >> To: Wei Chen <Wei.Chen@xxxxxxx>; xen-devel@xxxxxxxxxxxxxxxxxxxx;
> Stefano
> >> Stabellini <sstabellini@xxxxxxxxxx>
> >> Cc: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>; Penny Zheng
> >> <Penny.Zheng@xxxxxxx>; Henry Wang <Henry.Wang@xxxxxxx>; nd <nd@xxxxxxx>
> >> Subject: Re: Proposal for Porting Xen to Armv8-R64 - DraftA
> >>
> >>
> >>
> >> On 01/03/2022 07:51, Wei Chen wrote:
> >>> Hi Julien,
> >>
> >> Hi Wei,
> >>
> >>>> -----Original Message-----
> >>>> From: Julien Grall <julien@xxxxxxx>
> >>>> Sent: 2022年2月26日 4:55
> >>>> To: Wei Chen <Wei.Chen@xxxxxxx>; xen-devel@xxxxxxxxxxxxxxxxxxxx;
> >> Stefano
> >>>> Stabellini <sstabellini@xxxxxxxxxx>
> >>>> Cc: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>; Penny Zheng
> >>>> <Penny.Zheng@xxxxxxx>; Henry Wang <Henry.Wang@xxxxxxx>; nd
> <nd@xxxxxxx>
> >>>> Subject: Re: Proposal for Porting Xen to Armv8-R64 - DraftA
> >>>>> ### 1.2. Xen Challenges with PMSA Virtualization
> >>>>> Xen is PMSA unaware Type-1 Hypervisor, it will need modifications to
> >> run
> >>>>> with an MPU and host multiple guest OSes.
> >>>>>
> >>>>> - No MMU at EL2:
> >>>>>        - No EL2 Stage 1 address translation
> >>>>>            - Xen provides fixed ARM64 virtual memory layout as basis
> of
> >>>> EL2
> >>>>>              stage 1 address translation, which is not applicable on
> >> MPU
> >>>> system,
> >>>>>              where there is no virtual addressing. As a result, any
> >>>> operation
> >>>>>              involving transition from PA to VA, like ioremap, needs
> >>>> modification
> >>>>>              on MPU system.
> >>>>>        - Xen's run-time addresses are the same as the link time
> >> addresses.
> >>>>>            - Enable PIC (position-independent code) on a real-time
> >> target
> >>>>>              processor probably very rare.
> >>>>
> >>>> Aside the assembly boot code and UEFI stub, Xen already runs at the
> >> same
> >>>> address as it was linked.
> >>>>
> >>>
> >>> But the difference is that, base on MMU, we can use the same link
> >> address
> >>> for all platforms. But on MPU system, we can't do it in the same way.
> >>
> >> I agree that we currently use the same link address for all the
> >> platforms. But this is also a problem when using MMU because EL2 has a
> >> single TTBR.
> >>
> >> At the moment we are switching page-tables with the MMU which is not
> >> safe. Instead we need to turn out the MMU off, switch page-tables and
> >> then turn on the MMU. This means we need to have an identity mapping of
> >> Xen in the page-tables. Assuming Xen is not relocated, the identity
> >> mapping may clash with Xen (or the rest of the virtual address map).
> >>
> >
> > Is this the same reason we create a dummy reloc section for EFI loader?
> 
> The relocations for the EFI loader are necessary because IIRC it is
> running with virt == phys.
> 
> But this brings to all sort of problem:
> 
> https://lore.kernel.org/all/20171221145521.29526-1-
> julien.grall@xxxxxxxxxx/
> 

It's interesting, I will have a look into that thread.

> [...]
> 
> >>>
> >>> Some callers that want to change a memory's attribute will set them.
> >> Something like
> >>> ioremap_nocache. I am not sure is this what you had asked : )
> >>
> >> I am a bit confused. If ioremap_nocache() can change the attribute,
> then
> >> why would ioremap_attr() not be able to do it?
> >>
> >
> > MMU based iorepmap_xxxx can use a new VA and new PTE to do this. But for
> > MPU, we can't do it, except you change the whole MPU region's attribute.
> > The reasons are:
> > 1. For V8R PMSA, one physical address only be existed one MPU region.
> > 2. There's not enough MPU regions for us to split one MPU region to
> >     multiple MPU regions (changed pages region and unmodified pages
> regions).
> 
> Ok. I think we should at least check the attributes requested match the
> one in the MPU.
> 

Yes, this is what we want to do.

> >
> >>>
> >>>>
> >>>>>                if ( CACHE_ATTR_need_change )
> >>>>>                    return NULL;
> >>>>>                return (void *)pa;
> >>>>>            }
> >>>>>            static inline void __iomem *ioremap_nocache(...)
> >>>>>            {
> >>>>>                return ioremap_attr(start, len,
> PAGE_HYPERVISOR_NOCACHE);
> >>>>>            }
> >>>>>            static inline void __iomem *ioremap_cache(...)
> >>>>>            {
> >>>>>                return ioremap_attr(start, len, PAGE_HYPERVISOR);
> >>>>>            }
> >>>>>            static inline void __iomem *ioremap_wc(...)
> >>>>>            {
> >>>>>                return ioremap_attr(start, len, PAGE_HYPERVISOR_WC);
> >>>>>            }
> >>>>>            void *ioremap(...)
> >>>>>            {
> >>>>>                return ioremap_attr(pa, len, PAGE_HYPERVISOR_NOCACHE);
> >>>>>            }
> >>>>>
> >>>>>            ```
> >>>>>        4. For `alternative`, it depends on `vmap` too.
> >>>>
> >>>> The only reason we depend on vmap() is because the map the sections
> >>>> *text read-only and we enforce WnX. For VMSA, it would be possible to
> >>>> avoid vmap() with some rework. I don't know for PMSA.
> >>>>
> >>>
> >>> For PMSA, we still enforce WnX. For your use case, I assume it's
> >> alternative.
> >>> It still may have some possibility to avoid vmap(). But there may be
> >> some
> >>> security issues. We had thought to disable MPU -> update xen text ->
> >> enable
> >>> MPU to copy VMSA alternative's behavior. The problem with this,
> however,
> >>> is that at some point, all memory is RWX. There maybe some security
> >> risk. > But because it's in init stage, it probably doesn't matter as
> much
> >> as
> >> I thought.
> >>
> >> For boot code, we need to ensure the code is compliant to the Arm Arm.
> >> Other than that, it is OK to have the memory RWX for a short period of
> >> time.
> >>
> >> In fact, when we originally boot Xen, we don't enforce WnX. We will
> >> start to enforce when initializing the memory. But there are no blocker
> >> to delay it (other than writing the code :)).
> >
> > Ah, ok, it seems we still can implement alternative on MPU system.
> > I will update it in new version proposal, but place it in TODO, I don't
> > want to include it before single CPU support be merged. Because current
> > patch series is huge enough : )
> 
> That's fine with me. I am not expecting you to implement everything we
> discussed here from day 1! :)
> 

Great! Thanks~

> Cheers,
> 
> --
> Julien Grall

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.