[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3 2/6] arm/mpu: Implement vmap functions for MPU

  • To: Luca Fancellu <Luca.Fancellu@xxxxxxx>
  • From: "Orzel, Michal" <michal.orzel@xxxxxxx>
  • Date: Wed, 14 Jan 2026 12:25:45 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=arm.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=P/I1xLNmBu1i03Tz1A4fr50Wly53NzflHq4T1dLHXAs=; b=p3lv0ASrxYubIND7bNk/aoK6MkV3S8DqQS8gS2VIEWh2xCsuF6VTfB1MCFo3aI4I36eQZ0sxCB0q1i6yfKICxW+xSlqrb1eXlw5qGaU5E56n7PRiD5GYASh1XMsRnsSdH0bjnceJsw/uKBX5h8AS3Je+ToZvgLvqTGYRmUk+LDCGPN1Og7fjEFqq9W/B5sOYQEvzJ3uV7zldgDMeO5TnUb7ke3wT/Jxv9gUwOA5xxvux5dxjdUnFq5RHZFEWLUPy+UFaaKH77VTFtbzKgoBIcAJoYVGNV4ChA2iclFM5l1fxrfENpUo0orR1KxcgTPE3mHoH7ojjdSyBDI07i62+Kg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Tqfp4aZ6f80qZlRPyRTidwLiioDSDVYWaWcF5jYZ7UzlGhEBAc351XwXMmWVM9IWu1yPC0QCCBCStwwuLCHwedu7IKf/LkFFe7XVMmA2HCXi0mtdLvuEwzzcWd3mSSxTY+gIanO+zPE34JO3/fle13UH+Lc59ioGiDlEB71DsJjdCob/Z5ACgxPHORkP6HXG7mZAxk6ugqCNZ5feNIak2UkCxtLcPsisU4yvyFl331FlEqX8/ADIoQqPrHyu1k76t03X83D2LaUWrCmgpZvnBIiHyQkvQqCBivk+3c7hoO/zqyJtZ3N3zJFy1D73uXF3wGMFbRbhMTRnMwiV75x/Jg==
  • Cc: Harry Ramsey <Harry.Ramsey@xxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Bertrand Marquis <Bertrand.Marquis@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
  • Delivery-date: Wed, 14 Jan 2026 11:26:07 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 14/01/2026 12:07, Luca Fancellu wrote:
> Hi Michal,
> 
>>>
>>> +/*
>>> + * Free a xen_mpumap entry given the index. A mpu region is actually 
>>> disabled
>>> + * when the refcount is 0 and the region type is MPUMAP_REGION_FOUND.
>>> + *
>>> + * @param idx                   Index of the mpumap entry.
>>> + * @param region_found_type     MPUMAP_REGION_* value.
>>> + * @return                      0 on success, otherwise negative on error.
>>> + */
>>> +static int xen_mpumap_free_entry(uint8_t idx, int region_found_type)
>>> +{
>>> +    ASSERT(spin_is_locked(&xen_mpumap_lock));
>>> +    ASSERT(idx != INVALID_REGION_IDX);
>>> +    ASSERT(MPUMAP_REGION_OVERLAP != region_found_type);
>>> +
>>> +    if ( MPUMAP_REGION_NOTFOUND == region_found_type )
>>> +    {
>>> +        printk(XENLOG_ERR "Cannot remove entry that does not exist\n");
>>> +        return -EINVAL;
>>> +    }
>>> +
>>> +    if ( xen_mpumap[idx].refcount )
>>> +    {
>>> +        xen_mpumap[idx].refcount -= 1;
>>> +        return 0;
>>> +    }
>>> +
>>> +    if ( MPUMAP_REGION_FOUND == region_found_type )
>>> +        disable_mpu_region_from_index(idx);
>>> +    else
>>> +    {
>>> +        printk(XENLOG_ERR "Cannot remove a partial region\n");
>>> +        return -EINVAL;
>>> +    }
>> NIT: Try to limit the number of if/else blocks to make the code read better.
>> Here you could do the following to remove one else:
>>    if ( MPUMAP_REGION_FOUND != region_found_type )
>>    {
>>        printk(XENLOG_ERR "Cannot remove a partial region\n");
>>        return -EINVAL;
>>    }
>>
>>    disable_mpu_region_from_index(idx);
>>
>>    return 0;
> 
> Makes sense, while we are there, shall we have also a comment above that 
> check, something like this:
> 
> /*
>  * If we reached this point, the region is due to be destroyed, as a safety
>  * check we need to ensure the API is called with the exact region, to prevent
>  * destroying a region using a partial memory range.
>  */
> 
> What do you think? Otherwise someone in the future might think it’s ok to 
> move this check
> together with the other on top.
I'm not sure. I can read this from code but if you think it will be beneficial,
I have no objections.

> 
>>>
>>>
>>> void vunmap(const void *va)
>>> {
>>> -    BUG_ON("unimplemented");
>>> +    paddr_t base = virt_to_maddr(va);
>>> +
>>> +    if ( destroy_xen_mapping_containing(base) )
>>> +        panic("Failed to vunmap region\n");
>>> }
>> Looking at this series as a whole, at the end we will end up with
>> vmap_contig/vunmap to contain the same implementation as map_domain_page and
>> alike from the last patch. Shouldn't we define ones using the others?
> 
> We can do it, the only thing is that if vunmap fails, we will get a less 
> specific error message,
> if you are ok with that we will do the change.
In the MMU case you won't get any info, so I think it's ok.

~Michal

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.