[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [PATCH v6 09/11] xen/arm64: create boot-time MPU protection regions


  • To: Julien Grall <julien@xxxxxxx>, Wei Chen <Wei.Chen@xxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Penny Zheng <Penny.Zheng@xxxxxxx>
  • Date: Mon, 7 Nov 2022 10:17:08 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 63.35.35.123) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dkim=[1,1,header.d=arm.com] dmarc=[1,1,header.from=arm.com])
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
  • Arc-message-signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=KBv5hnaBTQqHm/aC59NGTBldhIyrn+SCQ++O86EPYy0=; b=Ym6kBoWpqpc7eQympCjucMbhnSsW5PqAsHTrlkoivFVjMh05/97bVhPAsc5+cbLV9Yz+GZI6LHjq+d0R3o9nuDMreL32DiNUUe+ikgWxYKhzbYd1/p2KnyMq50qklxxLvLAqdMeLh3AVORSRG6iGdZwKrSi1WIg1JloICEb3Idpg9j7LtscqE3KkXBp/j0nw5XKpKzA94Mgt27FCiM/8ZBxzDi8P0b0c1AFNDWuGyJEOGRzbySNCwz76991VMY6AaG0Br5j6kE2UfyZ+iG7XsfcKpeXhFvBbE4fAil7Gz1e6evi26spb6EWsao6scyn7h65MTsdtTy18ZwgvakDDIg==
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=KBv5hnaBTQqHm/aC59NGTBldhIyrn+SCQ++O86EPYy0=; b=d/ctcfmaR/93XiOefz51Lc23bPbKJNO2cfArU9axs5R7DQs7xkM9JGoNI21eEL0rQgQgF3c8qa57d194MzI8R+VfKmalOjZB6HgJSwqWCnUGgss2V7DTxQ8TTYmDjY1tYsNU/xQOGqNutONvBsw2q50UHqhN2hOARAm/nIepFoQNstoLboI0Li1aGoQRbFmcQ2wCEgAiNbnuS9yBKqVbwmms151DemlZZ7OFNWQ4eQAT4Y3Vvs7y2WRWh1M94P7O8GhbXXPZ3YaSjj6H8lVZL+425kDFTNobUCyuMj1zvp+KsPI5amNaPMd+gTqG1rTAgEn5ykPhF+zuBmJtnpwLOQ==
  • Arc-seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass; b=lZvBsns65oPmkgZ+DGzFvLJyx3KhHmsoftJh4Y96o2qPwMlGSYxl+DKzUf439HAMrUFvI0LuL5/T8wLHyoxkXJOjf7NUW93kvgb2FFmpZTw1etk6GHavw80GJ8xV0qS8X4t5WwrVcb+m9Kz76FQQUBJPJAcoaEvPgs5oZoDA2YlgasqV6w3W7zAwKNY9vVKaa8zbhEvhuTT+nvRt4ExaQJDao0oI1lQWn4wp/u8BKm95D8PgWQI0a41eALAIbAbmq33VL127FR5GQUVc2YPbcvP0lpBH2cV4OUi/IPQDepAM6GDHAQGbfTplT+lFEJEGhKgLYkmOG8L9556VH1nqxQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YNIjrELCjp3AnxcnV1D+LnnLygsEiBeO0DJydsgmkftWar30lWLxjT1wA6KhZ3ASayq9iAizGqhhSQp0SEDbvdpGSzP3DG7ZkM0wGRHsvv5/+HXvBIxz8QG47lV51uU7mlx4aKAHkCyOTH59podhOE3BJFEQ5OduRYJmh8ex2cRzu4m5dXgDmhpKZk9CXsLEGrd972xoHLlPEgspxNGDaxOAWcRzH1w7oTFzlAuTlIuRXyu+eHpxSpCmr8+AMnODgb6ZfPXSs7ciIGpxCuhoTRZ8E2ZclqS8ilFhQHHIz4oUbrL49N1F0fbhLjZs3Zv/19uILQm+tI6lfEuRlw8spQ==
  • Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Cc: nd <nd@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Bertrand Marquis <Bertrand.Marquis@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
  • Delivery-date: Mon, 07 Nov 2022 10:17:23 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Original-authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Thread-index: AQHY8DVssS7ibAAWlEawRuPWKxX+kq4yYWYAgACZqiCAADt4AIAACYaw
  • Thread-topic: [PATCH v6 09/11] xen/arm64: create boot-time MPU protection regions

Hi Julien

> -----Original Message-----
> From: Julien Grall <julien@xxxxxxx>
> Sent: Monday, November 7, 2022 5:30 PM
> To: Penny Zheng <Penny.Zheng@xxxxxxx>; Wei Chen
> <Wei.Chen@xxxxxxx>; xen-devel@xxxxxxxxxxxxxxxxxxxx
> Cc: nd <nd@xxxxxxx>; Stefano Stabellini <sstabellini@xxxxxxxxxx>; Bertrand
> Marquis <Bertrand.Marquis@xxxxxxx>; Volodymyr Babchuk
> <Volodymyr_Babchuk@xxxxxxxx>
> Subject: Re: [PATCH v6 09/11] xen/arm64: create boot-time MPU protection
> regions
> 
> On 07/11/2022 06:59, Penny Zheng wrote:
> > Hi Julien
> 
> Hi Penny,
> 
> >>> +
> >>> +/*
> >>> + * In boot stage, we will use 1 MPU region:
> >>> + * Region#0: Normal memory for Xen text + data + bss (2MB)  */
> >>
> >> Are we only going to modify the MPU in head.S? If not, then I would
> >> define the layout in config_mpu.h so there are a single point where
> >> you can read how this works.
> >>
> >
> > We will remap Xen in C codes in setup_mm().
> > The whole strategy is aligned with MMU: a very simple setup(map xen
> > with the maximum size, 2M) at start-of-the-day, and a fit map in
> > setup_mm.
> 
> The strategy we are using for the MMU is completely broken (not compliant
> with the Arm Arm) and unnecessary. My long term goal is to actually remove
> the switch_ttbr() and most of setup_pagetables() for all setup but cache
> coloring. This means the concept of boot pages will not exist anymore.
> 
> For the MPU, we should aim to do better than what was done for the MMU.
> Right now, I see no argument for switching MPUs table. I am only seen
> argument against it because you need to disable the cache and is quite 
> fragile.
> 

> [...]
> 
> >>> +
> >>> +    ldr x2, =XEN_START_ADDRESS
> >>> +    mov x3, #(XEN_START_MEM_SIZE - 1)
> >>
> >> XEN_START_MEM_SIZE is the maximum size of Xen. IOW, Xen may be
> >> smaller and you will map memory that may not be part of Xen.
> >> Therefore, you likely want to compute the real size to avoid mapping
> >> too much.
> >>
> >
> > Later, in setup_mm we will map XEN components by components, such as,
> > one MPU memory region for read-only-executable text section, one MPU
> > memory region for read-only data section, etc, etc.
> > So in there, XEN will be mapped fitly.
> 
> But what prevents you to do this now?
> 
> >
> > IMHO, the mapping in compiler with maximum size of Xen is also what
> > MMU does.
> 
> Which is broken because we don't know what located after Xen binary.
> This could be reserved RAM, device which may requires non-caching
> attribute. Mapping those regions with caching attributes is going to break.
> 

Understood!
Then I will map Xen components by components in the compile time,
then later the first MPU/Cache disabled will be eliminated, I guess.

> 
> Cheers,
> 
> [1] 20221022150422.17707-1-julien@xxxxxxx
> 
> --
> Julien Grall

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.