Xen project Mailing List

Re: [PATCH] x86/domain: adjust limitation on shared_info allocation below 4G

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

From: Roger Pau Monné <roger.pau@xxxxxxxxxx>

Date: Wed, 4 Feb 2026 09:52:56 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=aQUqNzThM+++QWdMuml2lvMt1NkU4HlSkQhvbexpV8U=; b=bzAs2dGmcUZyXn0sP+hGwmeoa4sBHw95v6nzpmsP3uGPRb06MMBkgS5plQIrf4usdr6h63qSpxyjswSCl9+YEL82EBFVo8Fk5RvPKfSvO3FH8PCHhouXJ0FXkojIV+ZTw+xxvaZsLWLQADorV11F32O5YW8QIwQ+nlxnKeJlO9iM8y3d854EEvtjld/6Vcc4JLvv486sBvFJwCrO3QvWb4XhW6JTcO38kuN4TOCrWFCvfDlo7IzQqAIowGWJ8t62ikE8XNPDLHpLbEKXcXc+R00UEB0kWCA1teMPZl9He9by+iWxtkye1YWaKAsgTV77nrWVstgolPZFgzZb6T+L6A==

Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Y2n477eoNcdo8yqC1oQxZhhEo0xebWOy0j7LF4VtQX9+mZ1o/udL7muhLtVn6dYtgS4kE30A/8IKQlfOCRreL9ltDv8PklU4YX/pHyV9Z6C785FCIcWviKt4Sq9UXcLPjkcubPlwcdtTPZ1eFINO6vHo5qc9NGt1I6+613Fn6hsDH210twAzXZPX7TZH/s1mYB7IxsJgAgQfHearT6BeJhr8YEQg1UYYf69T/IgKYzbJkYelPH0lRaAiACJK0LkjEsRiNs7agadm65SaOBKs3S5Fwkp4ewQv3AepC7ilrKX/bZKQg7GGHkuOI13brNWTsVaO+4arvkGISpb2O5g2YA==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;

Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, Jan Beulich <jbeulich@xxxxxxxx>

Delivery-date: Wed, 04 Feb 2026 08:53:29 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Wed, Feb 04, 2026 at 09:41:21AM +0100, Andrew Cooper wrote: > On 03/02/2026 10:20 am, Roger Pau Monné wrote: > > On Tue, Feb 03, 2026 at 11:10:17AM +0100, Roger Pau Monne wrote: > >> The limitation of shared_info being allocated below 4G to fit in the > >> start_info field only applies to 32bit PV guests. On 64bit PV guests the > >> start_info field is 64bits wide. HVM guests don't use start_info at all. > >> > >> Limit the allocation address restriction to 32bit PV guests only. > >> > >> Fixes: 3cadc0469d5c ("x86_64: shared_info must be allocated below 4GB as > >> it is advertised to 32-bit guests via a 32-bit machine address field in > >> start_info.") > >> Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx> > >> --- > >> xen/arch/x86/domain.c | 9 ++++++--- > >> 1 file changed, 6 insertions(+), 3 deletions(-) > >> > >> diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c > >> index edb76366b596..4163568043b1 100644 > >> --- a/xen/arch/x86/domain.c > >> +++ b/xen/arch/x86/domain.c > >> @@ -882,10 +882,13 @@ int arch_domain_create(struct domain *d, > >> goto fail; > >> > >> /* > >> - * The shared_info machine address must fit in a 32-bit field within a > >> - * 32-bit guest's start_info structure. Hence we specify > >> MEMF_bits(32). > >> + * For 32bit PV guests the shared_info machine address must fit in a > >> 32-bit > >> + * field within the guest's start_info structure. Hence we specify > >> + * MEMF_bits(32). > >> */ > >> - if ( (d->shared_info = alloc_xenheap_pages(0, MEMF_bits(32))) == NULL > >> ) > >> + if ( (d->shared_info = > >> + alloc_xenheap_pages(0, is_pv_32bit_domain(d) ? MEMF_bits(32) > >> + : 0)) == NULL ) > > Sorry, this is wrong, it's too early to know whether the domain is 32 > > or 64bit. > > It's probably fine to have this become an unrestricted xenhelp > allocation, and for switch_compat() to make a restricted allocation and > copy. Yeah, that's what I'm doing. It turns out to be a bit more complicated that I originally anticipated, because you also need to reset the v->vcpu_info_area.map filed to point to the new page. > When constructing a PV32 guest in practice, the set_compat hypercall is > only moments after from the domain create, and it doesn't matter if we > discover lowmem exhaustion marginally later > > That way we don't have a PV32-ism continuing to impact the all VMs. Indeed, that's my approach, just took me a bit more than expected because of the already taken references to the shared_info page by the time switch_compat() is executed. Regards, Roger.

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.