Xen project Mailing List

Re: [PATCH v5 1/3] xen/arm: mpu: Create boot-time MPU protection regions

To: Ayan Kumar Halder <ayan.kumar.halder@xxxxxxx>

From: Luca Fancellu <Luca.Fancellu@xxxxxxx>

Date: Mon, 11 Nov 2024 11:05:16 +0000

Accept-language: en-GB, en-US

Arc-authentication-results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 63.35.35.123) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=arm.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dkim=[1,1,header.d=arm.com] dmarc=[1,1,header.from=arm.com])

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none

Arc-message-signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=4Q+ixIaZQlT2NxEclvzZEL9mKTxiVGJ0d+1HKxQL4GA=; b=EbYPkcKCGv4swrdQMps99ij30ZLY8VnePW00TXBe7Lho6SMhFX3Xep/hvMQ9yNLhGDPPzG94PCRfK1IZNjuN3Uw/HmDmUvwiYeQpp+qldOjRO26KJfwe2mvtefgaI0efN7A6O5FSTP+FBvjyKuXYTKK2fpJK7CNrwaGfztAcN2pVj8UDi8VxDYttsMFKa2o/cX9LTE5CK+oAYnCAparcO8T0ueg3BvgEcMbfvgHHi2D7IjUNGgRlUZzUzitgq116U3rBu7UiGQe++vWjOCU2optkqoXWVSSGCiXqpSPMSzOgwzKUwmeVVPNnC5i7sxuVEngN9CNGWI65KzQvh7Jr6g==

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=4Q+ixIaZQlT2NxEclvzZEL9mKTxiVGJ0d+1HKxQL4GA=; b=blOu4C1jQjoPHoZFCPH87Y3dDiyYFtzBzKx6OzM7WhTl0VSuQy4oe/yjr0j2YXIyjOnAFQ/uXpvn4qCxatj/aHo4fhc6xk+9Qfe0CmDXixzBiiYe4mLvkdc2GG/f3gy1iZXFagiDqLu7V7fxxhbAzj6KkQkVgOxSiUu+qhuw1bEPQYKiKdiOAY5HwVqW6bvAv2kGevAXepOk3kt+CX/o3krtNBLyd+OIYfxDUbPlsXdXZyGE1h0CCL2n6jDyixZvVg61uL7bCTWQQPb4DcmcMIYQftkapgs3tHzIb2WHp+bYeFd8BN+KPnjWUyuubwXvekq7/A7zMTbf8G6/Hi/bPA==

Arc-seal: i=2; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass; b=CXy48S6UYRGb+jdyYiUndi9h4Wu3cI5G70/hNG8mQK37QIn9BWunjEfXPSfCS38+Te6jbE6Dok5///UsRrbVUdFPmY84abLvuOGkrvljwSFlik+djq/iWZnDxM/f03YB+4mmYbS02RPKprlwHJfr57BvmuXS78WU2TfCMNeRa00kuK4nbunKkNscLKGQ/3GqvprBDHCL/dRZBOc1KkLRmhJVSpA6bAuHitp95S5VYLin9nUVWyKZuopUKnQ09bH1j9pggkPOwOTWaklepDiJoOY82DAytWQmeVGFdlGX10qw85SC47BvSX0PylHkBSGJXF63Ld9RZNX0NMxS/J1+Ew==

Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=XRNlP0T85Qk62ndx8ZSj66TFGgiTJAYaK6VnEpU8Yp1FxytLcuTkHyK/5k2wC2xz7ayHPEK8Rntc1ReJjY7HAopwY4qJ7iwwA5fZZbdo2MHsWHB+0vBa0IlhVawwoXdEtr+zuyYAF/UMPdxlB2Fc47zPSRJsJz/NhwFxZuMau7/j4VYUEjaCMl+mYmW1N3W8Z221AvX08owyqO5WjucnyVfZSnHMbhRn99inpUOOdo1cz5hnac0H+BWadPBIVkMlA6J6WTZVnN4q3Qvjo7d/oVh2JqAkNjixJZT0eMNwjejkbEfl9vIkbi7SvA8cqeQS+1pBejMIDEJCJfd8WYf4NA==

Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;

Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Bertrand Marquis <Bertrand.Marquis@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>

Delivery-date: Mon, 11 Nov 2024 11:05:41 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Nodisclaimer: true

Original-authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;

Thread-index: AQHbMSZ/yErsGrD3s0im25m0krd8DrKx8N6A

Thread-topic: [PATCH v5 1/3] xen/arm: mpu: Create boot-time MPU protection regions

Hi Ayan,

On 7 Nov 2024, at 15:03, Ayan Kumar Halder <ayan.kumar.halder@xxxxxxx> wrote:

Define enable_boot_cpu_mm() for the Armv8-R AArch64.

Like boot-time page table in MMU system, we need a boot-time MPU protection
region configuration in MPU system so Xen can fetch code and data from normal
memory.

To do this, Xen maps the following sections of the binary as separate regions
(with permissions) :-
1. Text (Read only at EL2, execution is permitted)
2. RO data (Read only at EL2)
3. RO after init data and RW data (Read/Write at EL2)
4. Init Text (Read only at EL2, execution is permitted)
5. Init data and BSS (Read/Write at EL2)

Before creating a region, we check if the count exceeds the number defined in
MPUIR_EL2. If so, then the boot fails.

Also we check if the region is empty or not. IOW, if the start and end address
are same, we skip mapping the region.

To map a region, Xen uses the PRBAR_EL2, PRLAR_EL2 and PRSELR_EL2 registers.
One can refer to ARM DDI 0600B.a ID062922 G1.3 "General System Control
Registers", to get the definitions of these registers. Also, refer to G1.2
"Accessing MPU memory region registers", the following

```
The MPU provides two register interfaces to program the MPU regions:
- Access to any of the MPU regions via PRSELR_ELx, PRBAR<n>_ELx, and
PRLAR<n>_ELx.
```

We use the above mechanism to create the MPU memory regions.

Also, the compiler needs the flag ("-march=armv8-r") in order to build Xen for
Armv8-R AArch64 MPU based systems. There will be no need for us to explicitly
define MPU specific registers.

Signed-off-by: Ayan Kumar Halder <ayan.kumar.halder@xxxxxxx>
---

Changes looks ok to me and I’ve also built and tested, maybe one NIT below

diff --git a/xen/arch/arm/include/asm/mm.h b/xen/arch/arm/include/asm/mm.h
index 5abd4b0d1c..59b774b7b8 100644
--- a/xen/arch/arm/include/asm/mm.h
+++ b/xen/arch/arm/include/asm/mm.h
@@ -16,7 +16,7 @@

#if defined(CONFIG_MMU)
# include <asm/mmu/mm.h>
-#else
+#elif !defined(CONFIG_MPU)
# error "Unknown memory management layout"
#endif

^— maybe this change is not needed at this stage, it will be soon though

Anyway:

Reviewed-by: Luca Fancellu <luca.fancellu@xxxxxxx>

Cheers,

Luca