[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 4/6] arm/mpu: Introduce modify_after_init_mappings

  • To: Harry Ramsey <harry.ramsey@xxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: "Orzel, Michal" <michal.orzel@xxxxxxx>
  • Date: Tue, 16 Dec 2025 10:15:15 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=arm.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=28XlIN6rS34M0VPAhyL4saGIQkng15I5dxuQ2Uigr+k=; b=R6euw/8pQvbGlAmybZ1vBbgc9bz2it9Tp/V2URbXJc08kUHg2UsHxxbmfAISa/CPIcie9qkGAYnGionPNkU/jFqHaOuFiBtf4K36pOCj4L/HtpWq8/ZqIRVAU9dBj6I+ArSVxXOIy6x+U8tsDAvDPgr2B5WB32lo1zS4I61Du2u2RgzzZy+gJhxGVF0s2eQlZuCQnL/vJfruSqvxbaA2DzMUTjZzQJS8PI/dM1j7uuYgquDq9PfRIhwm8QSjewOn84wW7bAZX2cJVepybwm8GP+01JZeCCO91L0HGLpVLmq853lEhIBV7XEfoeDtsksUqULs5QKLNSt8tx6zNeE4sw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=cA+FifzoZdwOprvsodYyQre5YZznY8uqrrIlMWDR66kuoVWJ89gzpr5g07zSsb1G7juwsJs7mqe7vVJWbCzO9MmEDGv7zhSdrkbc99dTQNl46LlipaH6wGfQs6fEQannFKzGSSGSJMvXbqOVTyihtflKJsi3GLWxdbZYfjyjNBNq0Wt9ll55z5usdY5z+eUzsilRnGIPoCnVYrOOUiGWMXViUElvSqFd3zG/JG0ASh2geka6KbgQu49H4d/MZi5rPgzjRXAiil+dnSf4eQER7Dp4BLoswUqa+58tQ8hG21pdjuT2tJkWPfAOX0h6l97Z7N12iZlz+Ptvpfr5gPUODg==
  • Cc: <Luca.Fancellu@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Hari Limaye <hari.limaye@xxxxxxx>
  • Delivery-date: Tue, 16 Dec 2025 09:15:36 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 28/11/2025 10:58, Harry Ramsey wrote:
> From: Luca Fancellu <luca.fancellu@xxxxxxx>
> 
> During `init_done`, Xen sets the permissions of all symbols marked with
> __ro_after_init to be read-only. Currently this is achieved by calling
> `modify_xen_mappings` and will shrink the RW mapping on one side and
> extend the RO mapping on the other.
Can you be more specific about the sides you mention? How did you deduce it?
I assume you are talking about MMU part.

> 
> This does not work on MPU systems at present because part-region
> modification is not supported. Therefore introduce the function
What else is in that region?
Wouldn't it be better to have one region for this __ro_after_init so that we
don't need to shrink/extend the mappings? Is it done because of number of
regions limitation?

~Michal

> `modify_after_init_mappings` for MMU and MPU, to handle the divergent
> approaches to setting permissions of __ro_after_init symbols.
> 
> As the new function is marked with __init, it needs to be called before
> `free_init_memory`.
> 
> Signed-off-by: Luca Fancellu <luca.fancellu@xxxxxxx>
> Signed-off-by: Hari Limaye <hari.limaye@xxxxxxx>
> Signed-off-by: Harry Ramsey <harry.ramsey@xxxxxxx>
> ---
>  xen/arch/arm/include/asm/setup.h |  3 +++
>  xen/arch/arm/mmu/setup.c         | 15 ++++++++++++
>  xen/arch/arm/mpu/mm.c            |  2 +-
>  xen/arch/arm/mpu/setup.c         | 40 ++++++++++++++++++++++++++++++++
>  xen/arch/arm/setup.c             | 15 ++----------
>  5 files changed, 61 insertions(+), 14 deletions(-)
> 
> diff --git a/xen/arch/arm/include/asm/setup.h 
> b/xen/arch/arm/include/asm/setup.h
> index 005cf7be59..899e33925c 100644
> --- a/xen/arch/arm/include/asm/setup.h
> +++ b/xen/arch/arm/include/asm/setup.h
> @@ -78,6 +78,9 @@ struct init_info
>  paddr_t consider_modules(paddr_t s, paddr_t e, uint32_t size, paddr_t align,
>                           int first_mod);
>  
> +/* Modify some mappings after the init is done */
> +void modify_after_init_mappings(void);
> +
>  #endif
>  /*
>   * Local variables:
> diff --git a/xen/arch/arm/mmu/setup.c b/xen/arch/arm/mmu/setup.c
> index 9b874f8ab2..d042f73597 100644
> --- a/xen/arch/arm/mmu/setup.c
> +++ b/xen/arch/arm/mmu/setup.c
> @@ -213,6 +213,21 @@ void __init remove_early_mappings(void)
>      BUG_ON(rc);
>  }
>  
> +void __init modify_after_init_mappings(void)
> +{
> +    /*
> +     * We have finished booting. Mark the section .data.ro_after_init
> +     * read-only.
> +     */
> +    int rc = modify_xen_mappings((unsigned long)&__ro_after_init_start,
> +                                 (unsigned long)&__ro_after_init_end,
> +                                 PAGE_HYPERVISOR_RO);
> +
> +    if ( rc )
> +        panic("Unable to mark the .data.ro_after_init section read-only (rc 
> = %d)\n",
> +              rc);
> +}
> +
>  /*
>   * After boot, Xen page-tables should not contain mapping that are both
>   * Writable and eXecutables.
> diff --git a/xen/arch/arm/mpu/mm.c b/xen/arch/arm/mpu/mm.c
> index 8446dddde8..f95ba7c749 100644
> --- a/xen/arch/arm/mpu/mm.c
> +++ b/xen/arch/arm/mpu/mm.c
> @@ -32,7 +32,7 @@ DECLARE_BITMAP(xen_mpumap_mask, MAX_MPU_REGION_NR) \
>  /* EL2 Xen MPU memory region mapping table. */
>  pr_t __cacheline_aligned __section(".data") xen_mpumap[MAX_MPU_REGION_NR];
>  
> -static DEFINE_SPINLOCK(xen_mpumap_lock);
> +DEFINE_SPINLOCK(xen_mpumap_lock);
>  
>  static void __init __maybe_unused build_assertions(void)
>  {
> diff --git a/xen/arch/arm/mpu/setup.c b/xen/arch/arm/mpu/setup.c
> index ec264f54f2..55317ee318 100644
> --- a/xen/arch/arm/mpu/setup.c
> +++ b/xen/arch/arm/mpu/setup.c
> @@ -8,11 +8,14 @@
>  #include <xen/pfn.h>
>  #include <xen/types.h>
>  #include <xen/sizes.h>
> +#include <xen/spinlock.h>
>  #include <asm/setup.h>
>  
>  static paddr_t __initdata mapped_fdt_base = INVALID_PADDR;
>  static paddr_t __initdata mapped_fdt_limit = INVALID_PADDR;
>  
> +extern spinlock_t xen_mpumap_lock;
> +
>  void __init setup_pagetables(void) {}
>  
>  void * __init early_fdt_map(paddr_t fdt_paddr)
> @@ -106,6 +109,43 @@ void __init copy_from_paddr(void *dst, paddr_t paddr, 
> unsigned long len)
>          panic("Unable to unmap range for copy_from_paddr\n");
>  }
>  
> +void __init modify_after_init_mappings(void)
> +{
> +    int rc;
> +    uint8_t idx_rodata;
> +    uint8_t idx_rwdata;
> +
> +    spin_lock(&xen_mpumap_lock);
> +
> +    rc = mpumap_contains_region(xen_mpumap, max_mpu_regions,
> +                                (unsigned long)_srodata,
> +                                (unsigned long)_erodata,
> +                                &idx_rodata);
> +
> +    if ( rc < MPUMAP_REGION_FOUND )
> +        panic("Unable to find rodata section (rc = %d)\n", rc);
> +
> +    rc = mpumap_contains_region(xen_mpumap, max_mpu_regions,
> +                                (unsigned long)__ro_after_init_start,
> +                                (unsigned long)__init_begin,
> +                                &idx_rwdata);
> +
> +    if ( rc < MPUMAP_REGION_FOUND )
> +        panic("Unable to find rwdata section (rc = %d)\n", rc);
> +
> +    /* Shrink rwdata section to begin at __ro_after_init_end */
> +    pr_set_base(&xen_mpumap[idx_rwdata], (unsigned long)__ro_after_init_end);
> +
> +    /* Extend rodata section to end at __ro_after_init_end */
> +    pr_set_limit(&xen_mpumap[idx_rodata], (unsigned 
> long)__ro_after_init_end);
> +
> +    write_protection_region(&xen_mpumap[idx_rwdata], idx_rwdata);
> +    write_protection_region(&xen_mpumap[idx_rodata], idx_rodata);
> +    context_sync_mpu();
> +
> +    spin_unlock(&xen_mpumap_lock);
> +}
> +
>  void __init remove_early_mappings(void)
>  {
>      int rc = destroy_xen_mappings(round_pgdown(mapped_fdt_base),
> diff --git a/xen/arch/arm/setup.c b/xen/arch/arm/setup.c
> index 7ad870e382..6310a47d68 100644
> --- a/xen/arch/arm/setup.c
> +++ b/xen/arch/arm/setup.c
> @@ -66,23 +66,12 @@ domid_t __read_mostly max_init_domid;
>  
>  static __used void noreturn init_done(void)
>  {
> -    int rc;
> -
>      /* Must be done past setting system_state. */
>      unregister_init_virtual_region();
>  
> -    free_init_memory();
> +    modify_after_init_mappings();
>  
> -    /*
> -     * We have finished booting. Mark the section .data.ro_after_init
> -     * read-only.
> -     */
> -    rc = modify_xen_mappings((unsigned long)&__ro_after_init_start,
> -                             (unsigned long)&__ro_after_init_end,
> -                             PAGE_HYPERVISOR_RO);
> -    if ( rc )
> -        panic("Unable to mark the .data.ro_after_init section read-only (rc 
> = %d)\n",
> -              rc);
> +    free_init_memory();
>  
>      startup_cpu_idle_loop();
>  }

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.