Xen project Mailing List

[PATCH v2] x86/domain: adjust limitation on shared_info allocation below 4G

From: Roger Pau Monne <roger.pau@xxxxxxxxxx>

Date: Wed, 4 Feb 2026 13:25:53 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=NplnYzZ49+HFc7kpIoeOhMDuB2MJKPO8C5g0pi9GxEQ=; b=vSAFcHvgaN89iUlIWQ6u70l1a775TFgCGBUSq2bXQdTytbmNaM+uxWiKjl4Cq0S2LH+R0vEFUqCyBM8LaFl/aoayVz8Lchlpvqmjuv59Z0oEPXRMUbFaNTtxi5ysblp3p8zI6yMdmAWUwGOkl+WF6kt1pSdj5+2O1P0+PVDk5vV/5X9n7w1K7Jk0MXhtAFoP8NkPARH0ws5NuS1KC0e1AEclWtI3PEul+0OgfPhF4azrcJ8E00TbYcn6fhlj14/hyljpkgflhqixuQTKy5Ur5aHGebI3KkOW0C2s9Vcox1J5aB5RiMMnOM7UWfqjFcnR+Z11obguo3ck12UNPDa+MA==

Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=REsPZ1ZnV07KYb0/3UAhK9MV41qWDcxR3KrH7tE2n6RXw4bAIta/r1nc3CjLQZo4k/EsQp7mQKVVX0TFM0xiseh0GtPdrKtkqzN4crbuVeWEiZBUVA+7b6Vma+wwdp0ZzpsHdEESM0dMB2O/5VH6wkAaxmJoW+2RMCtD4snrJOcsX4L0C7ogt1h59cGsYiuaFgE15swILHrNQeDOG/skwBjpc4z+366Lo5iHHae23a385CidqeMv6JuxNKW6EjL9hkpFkloqHQTXDjCeXnubn1txYseLvlcxSj9gGmDGONycNiOu9qHURrLmCuNwYvtc+fXi+5dGMGD94DBLSWIzKw==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;

Cc: Roger Pau Monne <roger.pau@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>

Delivery-date: Wed, 04 Feb 2026 12:26:24 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

The limitation of shared_info being allocated below 4G to fit in the start_info field only applies to 32bit PV guests. On 64bit PV guests the start_info field is 64bits wide. HVM guests don't use start_info at all. Drop the restriction in arch_domain_create() and instead free and re-allocate the page from memory below 4G if needed in switch_compat(), when the guest is set to run in 32bit PV mode. Fixes: 3cadc0469d5c ("x86_64: shared_info must be allocated below 4GB as it is advertised to 32-bit guests via a 32-bit machine address field in start_info.") Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx> --- xen/arch/x86/domain.c | 7 ++++--- xen/arch/x86/pv/domain.c | 20 ++++++++++++++++++++ xen/common/domain.c | 2 +- xen/include/xen/domain.h | 2 ++ 4 files changed, 27 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index edb76366b596..3e701f2146c9 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -882,10 +882,11 @@ int arch_domain_create(struct domain *d, goto fail; /* - * The shared_info machine address must fit in a 32-bit field within a - * 32-bit guest's start_info structure. Hence we specify MEMF_bits(32). + * For 32bit PV guests the shared_info machine address must fit in a 32-bit + * field within the guest's start_info structure. We might need to free + * and allocate later if the guest turns out to be a 32bit PV one. */ - if ( (d->shared_info = alloc_xenheap_pages(0, MEMF_bits(32))) == NULL ) + if ( (d->shared_info = alloc_xenheap_page()) == NULL ) goto fail; clear_page(d->shared_info); diff --git a/xen/arch/x86/pv/domain.c b/xen/arch/x86/pv/domain.c index 01499582d2d6..8ced3d70a52f 100644 --- a/xen/arch/x86/pv/domain.c +++ b/xen/arch/x86/pv/domain.c @@ -247,6 +247,26 @@ int switch_compat(struct domain *d) d->arch.has_32bit_shinfo = 1; d->arch.pv.is_32bit = true; + /* Check whether the shared_info page needs to be moved below 4G. */ + if ( virt_to_maddr(d->shared_info) >> 32 ) + { + shared_info_t *prev = d->shared_info; + + d->shared_info = alloc_xenheap_pages(0, MEMF_bits(32)); + if ( !d->shared_info ) + { + d->shared_info = prev; + rc = -ENOMEM; + goto undo_and_fail; + } + put_page(virt_to_page(prev)); + clear_page(d->shared_info); + share_xen_page_with_guest(virt_to_page(d->shared_info), d, SHARE_rw); + /* Ensure all references to the old shared_info page are dropped. */ + for_each_vcpu( d, v ) + vcpu_info_reset(v); + } + for_each_vcpu( d, v ) { if ( (rc = setup_compat_arg_xlat(v)) || diff --git a/xen/common/domain.c b/xen/common/domain.c index 376351b528c9..11fed22455b9 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -305,7 +305,7 @@ static void vcpu_check_shutdown(struct vcpu *v) spin_unlock(&d->shutdown_lock); } -static void vcpu_info_reset(struct vcpu *v) +void vcpu_info_reset(struct vcpu *v) { struct domain *d = v->domain; diff --git a/xen/include/xen/domain.h b/xen/include/xen/domain.h index 273717c31b3f..52cdf012c491 100644 --- a/xen/include/xen/domain.h +++ b/xen/include/xen/domain.h @@ -83,6 +83,8 @@ void cf_check free_pirq_struct(void *ptr); int arch_vcpu_create(struct vcpu *v); void arch_vcpu_destroy(struct vcpu *v); +void vcpu_info_reset(struct vcpu *v); + int map_guest_area(struct vcpu *v, paddr_t gaddr, unsigned int size, struct guest_area *area, void (*populate)(void *dst, struct vcpu *v)); -- 2.51.0

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.