[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 1/3] x86/boot: Drop pte_update_limit from physical relocation logic

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
  • Date: Fri, 9 Dec 2022 20:36:40 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=DfF5fXyAJTGLV7Gwt4T347yPWa80m0/jmAOxM/3Hzm4=; b=UxRFwP0CWz9oEglIdTw9Q6fvAHLGrWwarN9E84kTGfaxtW7nBbGIMMYogTHjaxmOreyKTNg/EMjQNhhEcE/L2g7K2sriQVnzGeshhscjk4uK1EYtBMRCkF6gnBiLtJEHi6fZnEN5EvmNlpV5KOovcKLVH9Y1rwF0k+VjvukGCU/C5GlM0MAuiqF0xe825XlXJnbdsH3gu1alfOH0NN+Btr+zQbBMBB8mxpDu7t7Vvs8HsFXKs5TRXsPK2wgv1yI65/iTQfCPeFP4Z6mXw8sIbNzLXCJVNoEg18CzPp7nS8gfHUulEg9qdrPEVxR2wJ1UbNR7ZqAQ3A3MN7gEkcKmHg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=d7Cfn3Bd7rsUME2eiHaMjwDDwVpYmjAU0E49gyIzyJ0rofbz6NJVVfiv6UdOvABcaFZdk9X8LQ6ypjSrOdEkR2b/qRuBP5DJ63a6DMDyspf9pVKUfiXJaSi+P/d6sVXpw+jiwQqg/jy7Aip0kLLudaHU2RQ9qhXAF+9dT8xdQjmbGn8rk+GAeuMbxTs4rMsiJrOySCYEPKOCGbiVMnfgwB9aHERvZOnVW1EMQX4cyDIaPivfZ0DSfj0w44QDfLYEVLZJ+wmC9YQrPfUipzs/HriAkYHo48+7zV9+oCbx8era5me+hWkVui1Rbmr6MwmWzIyG11z3z9NaThRXVl4C5g==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Roger Pau Monne <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Fri, 09 Dec 2022 20:37:18 +0000
  • Ironport-data: A9a23:H0q5G65JC6uyNAToDaxC7gxRtBrGchMFZxGqfqrLsTDasY5as4F+v mEdCD3VOP/fZzP2c9wkPNuwpxwHucKBydRhGwduq3sxHi5G8cbLO4+Ufxz6V8+wwm8vb2o8t plDNYOQRCwQZiWBzvt4GuG59RGQ7YnRGvynTraBYnoqLeNdYH9JoQp5nOIkiZJfj9G8Agec0 fv/uMSaM1K+s9JOGjt8B5mr9VU+4pwehBtC5gZkPKoT7QeF/5UoJMl3yZ+ZfiOQrrZ8RoZWd 86bpJml82XQ+QsaC9/Nut4XpWVTH9Y+lSDX4pZnc/DKbipq/0Te4Y5iXBYoUm9Fii3hojxE4 I4lWapc6+seFvakdOw1C3G0GszlVEFM0OevzXOX6aR/w6BaGpdFLjoH4EweZOUlFuhL7W5m0 vdbcGgoMhO/pMmL8a64Tc1BjOkIBZy+VG8fkikIITDxK98DGMqGb4CUoNhS0XE3m9xEGuvYa 4wBcz1zYR/cYhpJfFAKFJY5m+TujX76G9FagAvN+exrvC6OnUooj+OF3Nn9I7RmQe18mEqCq 32A1GP+GhwAb/SUyCaf82LqjejK9c/+cNJMSuTjrK426LGV7m5LFywycVilmMaatG+cC9RNc U8JwCV7+MDe82TuFLERRSaQonSJoxodUNp4CPAh5UeGza+8yxmdLngJSHhGctNOnN87Q3km2 0GEm/vtBCdzq/uFRHSF7LCWoDiufy8PIgc/iTQsSAIE55zvpd81hxeWFNJ7Svfq1ZvyBC36x C2MoG4mnbIPgMUX1qK9u1fanzaroZuPRQkwjunKYl+YAspCTNbNT+SVBZLzt56s8K7xooG9g UU5
  • Ironport-hdrordr: A9a23:4sEWk65E/A1vXA6v7gPXwPLXdLJyesId70hD6qkmc20zTiX+rb HMoB1773/JYVkqM03I9errBEDiexLhHPxOjrX5Zo3SODUO0VHARL2Ki7GO/9SKIUPDH4BmuZ uJ3MJFebvN5fQRt7eZ3OEYeexQpeW6zA==
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHX61jGXr4kBoFGFkuXJLE+nUmCrawm5uIAgAOIWgCAAOYAAII87/QA
  • Thread-topic: [PATCH 1/3] x86/boot: Drop pte_update_limit from physical relocation logic
On 10/12/2021 07:17, Jan Beulich wrote:
> On 09.12.2021 18:34, Andrew Cooper wrote:
>> On 07/12/2021 11:37, Jan Beulich wrote:
>>> On 07.12.2021 11:53, Andrew Cooper wrote:
>>>> --- a/xen/arch/x86/setup.c
>>>> +++ b/xen/arch/x86/setup.c
>>>> @@ -1230,7 +1230,6 @@ void __init noreturn __start_xen(unsigned long mbi_p)
>>>>              l3_pgentry_t *pl3e;
>>>>              l2_pgentry_t *pl2e;
>>>>              int i, j, k;
>>>> -            unsigned long pte_update_limit;
>>>>  
>>>>              /* Select relocation address. */
>>>>              xen_phys_start = end - reloc_size;
>>>> @@ -1238,14 +1237,6 @@ void __init noreturn __start_xen(unsigned long 
>>>> mbi_p)
>>>>              bootsym(trampoline_xen_phys_start) = xen_phys_start;
>>>>  
>>>>              /*
>>>> -             * No PTEs pointing above this address are candidates for 
>>>> relocation.
>>>> -             * Due to possibility of partial overlap of the end of source 
>>>> image
>>>> -             * and the beginning of region for destination image some 
>>>> PTEs may
>>>> -             * point to addresses in range [e, e + XEN_IMG_OFFSET).
>>>> -             */
>>>> -            pte_update_limit = PFN_DOWN(e);
>>> ... considering the comment here: Isn't it 0d31d1680868 ("x86/setup: do
>>> not relocate Xen over current Xen image placement") where need for this
>>> disappeared? Afaict the non-overlap of source and destination is the
>>> crucial factor here, yet your description doesn't mention this aspect at
>>> all. I'd therefore like to ask for an adjustment there.
>> I don't consider that commit relevant.
>>
>> There is no circumstance ever where you can relocate Xen with
>> actually-overlapping ranges, because one way or another, you'd end up
>> copying non-pagetable data over the live pagetables.
> That was fragile, yes. I think I (vaguely!) recall a discussion I had
> with Keir about this, with him pointing out that the logic builds upon
> all necessary mappings being held in the TLB. If you strictly think
> that's not worthwhile to consider or mention, then so be it.

Ok, I'll tweak the commit message.  But having come back to this after
more than a year away, I think it's worth pointing out that the details
in 0d31d1680868 demonstrate that the "partial overlap" logic was indeed
buggy.

In a VM, a vcpu migration at just the wrong moment will empty the TLB
under your feet.  So will a whole slew of micro-architectural
conditions, or a poorly timed SMI. 

Whatever people have tried to call it in the past, it was broken plain
and simple.

~Andrew

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.