[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] xen/common: Do not allocate magic pages 1:1 for direct mapped domains

To: Julien Grall <julien@xxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>
From: Henry Wang <xin.wang2@xxxxxxx>
Date: Tue, 27 Feb 2024 21:17:06 +0800
Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=xen.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=3jfcnZbpTwT0k2X+HU8w9stp1k0F2Txx7SkiWNsvG7U=; b=EXfakeevXh9mdjEhzMotmhTMIViLDxEL9bpFS0rwx7K4yFKg3gq2U5nUO2+bUOy0MKrqSP8MX2EuG+R7q2n3LrPfHgX4Eq6j3Pjp4oywrQ38cTC4BtP5lOAna4V3KxXDvDtEsXfs2hTIfC/3k5t2C7CnZg6Ft3QZT4MNVCOwmm7thxerxGYzTM2MgnPnvXHGGd5h3bE9FWf1Vz3XzqSiRSZBvjCNfPKUVy19mJcE1qQfYE3uVuGrjDZQ7XuPBEEiIyoA5hvJwJiz6mhrZDXIT0RU4ZmYwWELoKPVyvR5HRhJfl3Bc0SiGnrrB44LE6grW2fHAyosqwvhGmfEIy3hcw==
Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=W+qkmM/ZRNcE5ghQLAXSYGGP0BOuVkDvfPm6V+Ch9WYGSdNulONqYHRJz9OLN3eM1YlTUGNWwC46Ogt1UoMs02pFNZaFepnfCROn+lk+9XNVu676baqpGadREbXQhUKFXhvMDa29Q4QyMii29WZXraPGWyYdxoPM0EXgO0wQ1N20IkhN9FuY1RBvuo7h6UDuXDDqYXSQf7S/lUlGUWlS5otIpVa5Dh5uo96rf/BbEj9MXB3E9qCTRRwkxQuqTCa0Ndsbe1fdXx1R7lJFlE1cZt2bgKEwpvukxA1fJjGb9NpmP6+0Xukqg830D3LWVtjDToEW98UCSbJEXbYfC4QSAQ==
Cc: Anthony PERARD <anthony.perard@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, "Stefano Stabellini" <sstabellini@xxxxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, "Volodymyr Babchuk" <Volodymyr_Babchuk@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Alec Kwapis <alec.kwapis@xxxxxxxxxxxxx>
Delivery-date: Tue, 27 Feb 2024 13:17:26 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

(-RISC-V and PPC people to avoid spamming their inbox as this is quiteArm specific)


Hi Julien,

On 2/26/2024 5:13 PM, Julien Grall wrote:

Hi Henry,

Welcome back!


Thanks!

On 26/02/2024 01:19, Henry Wang wrote:

An error message can seen from the init-dom0less application on
direct-mapped 1:1 domains:
```
Allocating magic pages
memory.c:238:d0v0 mfn 0x39000 doesn't belong to d1
Error on alloc magic pages
```

This is because populate_physmap() automatically assumes gfn == mfn
for direct mapped domains. This cannot be true for the magic pages
that are allocated later for Dom0less DomUs from the init-dom0less
helper application executed in Dom0.

Force populate_physmap to take the "normal" memory allocation route for
the magic pages even for 1:1 Dom0less DomUs. This should work as long
as the 1:1 Dom0less DomU doesn't have anything else mapped at the same
guest address as the magic pages:
- gfn 0x39000 address 0x39000000
- gfn 0x39001 address 0x39001000
- gfn 0x39002 address 0x39002000
- gfn 0x39003 address 0x39003000

This is very fragile. You are making the assumption that the magicpages are not clashing with any RAM region. The layout defined inarch-arm.h has been designed for guest where Xen is in full control ofthe layout. This is not the case for directmapped domain. I don'tthink it is correct to try to re-use part of the layout.

Apologies for the (a bit) late reply, it took a bit longer for me tounderstand the story about directmap stuff, and yes, now I agree withyou, for those directmapped domains we should not reuse the guest layoutdirectly.

If you want to use 1:1 dom0less with xenstore & co, then you shouldfind a different place in memory for the magic pages (TDB how to findthat area).

Yes, and maybe we can use similar strategy in find_unallocated_memory()or find_domU_holes() to do that.

You will still have the problem of the 1:1 allocation, but I thinkthis could be solved bty adding a flag to force a non-1:1 allocation.

After checking the code flow, below rough plan came to my mind, I thinkwhat we need to do is:

(1) Find a range of un-used memory using similar method infind_unallocated_memory()/find_domU_holes()

(2) Change the base address, i.e. GUEST_MAGIC_BASE in alloc_xs_page() ininit-dom0less.c to point to the address in (1) if static mem or 11directmap. (I think this is a bit tricky though, do you have any methodthat in your mind?)

(3) Use a flag or combination of existing flags (CDF_staticmem +CDF_directmap) in populate_physmap() to force the allocation of thesemagic pages using alloc_domheap_pages() - i.e. the "else" condition inthe bottom


Would you mind sharing some thoughts on that? Thanks!

Create helper is_magic_gpfn() for Arm to assist this and stub helpers
for non-Arm architectures to avoid #ifdef. Move the definition of the
magic pages on Arm to a more common place.

Note that the init-dom0less application of the diffenent Xen version


s/diffenent/different/


Oops, will correct this in v2, thanks for spotting it.

+
  #endif /* __ASM_X86_MM_H__ */
diff --git a/xen/common/memory.c b/xen/common/memory.c
index b3b05c2ec0..ab4bad79e2 100644
--- a/xen/common/memory.c
+++ b/xen/common/memory.c
@@ -219,7 +219,7 @@ static void populate_physmap(struct memop_args *a)
          }
          else
          {
-            if ( is_domain_direct_mapped(d) )
+            if ( is_domain_direct_mapped(d) && !is_magic_gpfn(gpfn) )

This path will also be reached by dom0. Effectively, this will preventdom0 to allocate the memory 1:1 for the magic GPFN (which is guestspecific).


I think above proposal will solve this issue.

Also, why are you only checking the first GFN? What if the caller passan overlapped region?

I am a bit confused. My understanding is at this point we are handlingone page at a time.

              {
                  mfn = _mfn(gpfn);
diff --git a/xen/include/public/arch-arm.hb/xen/include/public/arch-arm.h
index a25e87dbda..58aa6ff05b 100644
--- a/xen/include/public/arch-arm.h
+++ b/xen/include/public/arch-arm.h
@@ -476,6 +476,12 @@ typedef uint64_t xen_callback_t;
  #define GUEST_MAGIC_BASE  xen_mk_ullong(0x39000000)
  #define GUEST_MAGIC_SIZE  xen_mk_ullong(0x01000000)
  +#define NR_MAGIC_PAGES 4
+#define CONSOLE_PFN_OFFSET 0
+#define XENSTORE_PFN_OFFSET 1
+#define MEMACCESS_PFN_OFFSET 2
+#define VUART_PFN_OFFSET 3
Regardless of what I wrote above, it is not clear to me why you needto move these macros in public header. Just above, we are defining themagic region (see GUEST_MAGIC_BASE and GUEST_MAGIC_SIZE). This shouldbe sufficient to detect whether a GFN belongs to the magic region.


You are correct, I will undo the code movement in v2.

Kind regards,
Henry

Follow-Ups:
- Re: [PATCH] xen/common: Do not allocate magic pages 1:1 for direct mapped domains
  - From: Julien Grall

References:
- [PATCH] xen/common: Do not allocate magic pages 1:1 for direct mapped domains
  - From: Henry Wang
- Re: [PATCH] xen/common: Do not allocate magic pages 1:1 for direct mapped domains
  - From: Julien Grall

Prev by Date: Re: [PATCH v2 1/5] xen/livepatch: register livepatch regions when loaded
Next by Date: preparations for 4.18.1
Previous by thread: Re: [PATCH] xen/common: Do not allocate magic pages 1:1 for direct mapped domains
Next by thread: Re: [PATCH] xen/common: Do not allocate magic pages 1:1 for direct mapped domains
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.