[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v6 09/11] xen/arm64: create boot-time MPU protection regions

To: Penny Zheng <Penny.Zheng@xxxxxxx>, Wei Chen <Wei.Chen@xxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
From: Julien Grall <julien@xxxxxxx>
Date: Mon, 7 Nov 2022 09:29:46 +0000
Cc: nd <nd@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Bertrand Marquis <Bertrand.Marquis@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
Delivery-date: Mon, 07 Nov 2022 09:30:05 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 07/11/2022 06:59, Penny Zheng wrote:

Hi Julien


Hi Penny,

+
+/*
+ * In boot stage, we will use 1 MPU region:
+ * Region#0: Normal memory for Xen text + data + bss (2MB)
+ */


Are we only going to modify the MPU in head.S? If not, then I would
define the layout in config_mpu.h so there are a single point where you
can read how this works.


We will remap Xen in C codes in setup_mm().
The whole strategy is aligned with MMU: a very simple setup(map xen
with the maximum size, 2M) at start-of-the-day, and a fit map in
setup_mm.

The strategy we are using for the MMU is completely broken (notcompliant with the Arm Arm) and unnecessary. My long term goal is toactually remove the switch_ttbr() and most of setup_pagetables() for allsetup but cache coloring. This means the concept of boot pages will notexist anymore.

For the MPU, we should aim to do better than what was done for the MMU.Right now, I see no argument for switching MPUs table. I am only seenargument against it because you need to disable the cache and is quitefragile.


[...]

+
+    ldr x2, =XEN_START_ADDRESS
+    mov x3, #(XEN_START_MEM_SIZE - 1)


XEN_START_MEM_SIZE is the maximum size of Xen. IOW, Xen may be
smaller
and you will map memory that may not be part of Xen. Therefore, you
likely want to compute the real size to avoid mapping too much.


Later, in setup_mm we will map XEN components by components, such as,
one MPU memory region for read-only-executable text section, one
MPU memory region for read-only data section, etc, etc.
So in there, XEN will be mapped fitly.


But what prevents you to do this now?


IMHO, the mapping in compiler with maximum size of Xen is also what
MMU does.

Which is broken because we don't know what located after Xen binary.This could be reserved RAM, device which may requires non-cachingattribute. Mapping those regions with caching attributes is going to break.

As I hinted above, there are a very long list of issues in the MMU bootcode. So don't take that code for granted. Your MPU code should first becompliant with the Arm Arm. If it is close to the MMU code then that's abonus. But bear in mind that the code may look very different soon (see[1]).


Cheers,

[1] 20221022150422.17707-1-julien@xxxxxxx

--
Julien Grall

Follow-Ups:
- RE: [PATCH v6 09/11] xen/arm64: create boot-time MPU protection regions
  - From: Penny Zheng

References:
- [PATCH v6 00/11] xen/arm: Add Armv8-R64 MPU support to Xen - Part#1
  - From: Wei Chen
- [PATCH v6 09/11] xen/arm64: create boot-time MPU protection regions
  - From: Wei Chen
- Re: [PATCH v6 09/11] xen/arm64: create boot-time MPU protection regions
  - From: Julien Grall
- RE: [PATCH v6 09/11] xen/arm64: create boot-time MPU protection regions
  - From: Penny Zheng

Prev by Date: RE: [PATCH v6 02/11] xen/arm: add iounmap after initrd has been loaded in domain_build
Next by Date: Re: [PATCH v6 11/11] xen/arm64: add setup_fixmap and remove_identity_mapping for MPU
Previous by thread: RE: [PATCH v6 09/11] xen/arm64: create boot-time MPU protection regions
Next by thread: RE: [PATCH v6 09/11] xen/arm64: create boot-time MPU protection regions
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.