[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 4/6] arm/mpu: Introduce modify_after_init_mappings

  • To: Luca Fancellu <Luca.Fancellu@xxxxxxx>
  • From: "Orzel, Michal" <michal.orzel@xxxxxxx>
  • Date: Tue, 16 Dec 2025 15:26:53 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=arm.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=YPOSsHYRCeBUlJrwrhpOq3UFJCjDGk8epb5FVMtbQKY=; b=iUGEAIggxCJlL81EmVqTzR0y6dHYG1j/ccYTkf4wFjmHBJaiFvgKM5EEmOfE7WB0XDHfckzUos7J9tZnh4EeG4+6vafg3CiICNe8DS48QROk5Zq7tWEUzBbgGu1xmiwMb9UPzGXguioqTSBsox2XrcoEHAWpjqC+5OoGy61ZCbN5MTWpWKcwAaoqA9hqAnj+AGxep/MF/dJcEZOBsx0eTUyM4OEGyQUOQ9AnoESMtUdvRaT7LicW5tqaoLqFYGNbiz2Bqk1wk3f4f9gsZCPiPwp9IncfGWqEP1iLsL5D4iAXAzYRgnvwDIQclFGPGCZuQvRMfqgWLZOcVjcHBJ5QUw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=kF4ojAzgewFwDFQ1CtUEjbNVok7/Ds/LtMQuz03DhMF5dyc3UFHQpTTQXWJXhZpTxj8iYK4fPUPSt5rky3iTNr30eyLm4IH23YJ3+PL4kiJtdAXIg/C/CPaLMBtOYebMdpDnFKPB1WGyqW2UAf6hVJv7F0Lkla1i+HqW3yeCVXQFT/i/eP6wm6A1+Z2yeUrg/ZDJZdbNwdrhleGpZCc5H6u06dW029DojkxmxJTM/e0186wkrbdR0Dunik6/ebNGKiaWwW9U+wHRXCPvljFHNVBsTbsff1HAe8cKsNmgGaNN9XSolO6kpnjVjN3KS28XRh3Eqvv4wjoqGDq5oRq3uA==
  • Cc: Harry Ramsey <Harry.Ramsey@xxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Bertrand Marquis <Bertrand.Marquis@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Hari Limaye <Hari.Limaye@xxxxxxx>
  • Delivery-date: Tue, 16 Dec 2025 14:27:20 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 16/12/2025 14:11, Luca Fancellu wrote:
> Hi Michael,
> 
>> On 16 Dec 2025, at 09:15, Orzel, Michal <Michal.Orzel@xxxxxxx> wrote:
>>
>>
>>
>> On 28/11/2025 10:58, Harry Ramsey wrote:
>>> From: Luca Fancellu <luca.fancellu@xxxxxxx>
>>>
>>> During `init_done`, Xen sets the permissions of all symbols marked with
>>> __ro_after_init to be read-only. Currently this is achieved by calling
>>> `modify_xen_mappings` and will shrink the RW mapping on one side and
>>> extend the RO mapping on the other.
>> Can you be more specific about the sides you mention? How did you deduce it?
>> I assume you are talking about MMU part.
> 
> You are right, this sentence is a bit misleading.
> So what was written here was meant to say that on MPU modify_xen_mappings
> should shrink the RW mapping region and extend the RO mapping region because
> as of now they are declared like this in xen.lds.S:
> 
> read only data:
> +------------------+
> | _srodata         |
> | _erodata         |
> +-------------------+
> 
> RW data:
> +---------------------------+
> | __ro_after_init_start |
> | __ro_after_init_end  |
> | __init_begin              |
> +---------------------------+
> 
> And in head.S we map like this:
> 
> /* Xen read-only data section. */
> ldr x1, =_srodata
> ldr x2, =_erodata
> prepare_xen_region x0, x1, x2, x3, x4, x5, attr_prbar=REGION_RO_PRBAR
> 
> /* Xen read-only after init and data section. (RW data) */
> ldr x1, =__ro_after_init_start
> ldr x2, =__init_begin
> prepare_xen_region x0, x1, x2, x3, x4, x5
> 
> Now, because (__ro_after_init_start, __ro_after_init_end) needs to become RO,
> it means that RO section will be extended to (_srodata, __ro_after_init_end) 
> and
> RW section will be shrinked to (__ro_after_init_end, __init_begin):
> 
> read only data region:
> +--------------------------+
> | _srodata                  |
> | __ro_after_init_end |
> +--------------------------+
> 
> RW data region:
> +---------------------------+
> | __ro_after_init_end  |
> | __init_begin              |
> +---------------------------+
> 
> So what we’ve done is taking (__ro_after_init_start, __ro_after_init_end) from
> the RW region and attach it to the RO region.
> 
>>
>>>
>>> This does not work on MPU systems at present because part-region
>>> modification is not supported. Therefore introduce the function
>> What else is in that region?
>> Wouldn't it be better to have one region for this __ro_after_init so that we
>> don't need to shrink/extend the mappings? Is it done because of number of
>> regions limitation?
> 
> So if we do in this way we waste one region, because we will have 2 region 
> declared
> RO that are also contiguous, so easily mergeable, like how we are doing above 
> by
> Extending/shrinking.
Ok, that makes more sense. I thought the descrption in commit msg was somehow
about MMU. It's not ideal to depend on the regions layout but I guess it's ok
if we don't want to waste regions.

~Michal

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.