From patchwork Thu Nov 29 11:38:35 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Julien Grall X-Patchwork-Id: 152389 Delivered-To: patch@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp2270735ljp; Thu, 29 Nov 2018 03:40:43 -0800 (PST) X-Google-Smtp-Source: AFSGD/V9ujCfc8BSHYz4MTzm5IW3YuxhJOSypZcaXRc2ZVet0dHL7cnaUWWR5PHdriCeIBqq0MM4 X-Received: by 2002:a81:6887:: with SMTP id d129mr896940ywc.303.1543491643742; Thu, 29 Nov 2018 03:40:43 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543491643; cv=none; d=google.com; s=arc-20160816; b=SZcqfmLITGHkHrKY/4LmBmoTsw5NoOSvGE85arKATWJzawp+5W1TBnNKyX2tqpFe6Z LvrJ5S4GuBD8oK6xyaspTgcCpr0vDwGOa5CdZmHqmo7lueqVdXoWZ1b8MCPFqrGjgtAY q7YMwGlsiAiPDAPKvnhmd5LGty0PCJ8jH7qUc898fcfbu6oMz3BKvcfGB2bIvaUEHIE7 Rj5jumPX9SE6ZKAq73zXbisx44f99y2t9WIu4YNOE3sDhX8v0U5f0MMb7GIUBSkU8SgX EFR+ZsYPxCyW3atpXSJxpTGkrLfbW/kywDHUZJvtOr3pp5glsm+PBPOmG+CSlnLX5s5V YPrg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:cc :list-subscribe:list-help:list-post:list-unsubscribe:list-id :precedence:subject:references:in-reply-to:message-id:date:to:from; bh=IQV+qCOGsuPL5ll+1mmb1fVHfHmTCzxCR5rG77+yWlg=; b=A2ZNvzU9nEg2Qcv1k86bXPzrtZHepgeRJY2BufZIK5WaPldl2zVkzkXwpfEwy2Hvau wIDMzC9M77i8NimuZJQULEBEi1Wzr1v05ZGqOxZBt21VkWHf2nws+6utqXM3lN2J//mv 6zEQaKfxvrFAvMDu63Uwl+lArHjqJK/jXNxwBC90TYI9bZjF/Rd+r8za2la3+rsJ0PJe nTwvnE0dvPHknaZVvh/yiLcpMOOKY53dzsVy/7vg/hYYgnjFVoD0rsgP+YuSSMLWjMsA zWI8YzaMbvY860hfr7BulQaCh5YXgKdF2o9BEDYSUekPP6wi3Nlsuh2ruHP7jTsCSUCq t0Kg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org. [192.237.175.120]) by mx.google.com with ESMTPS id y8-v6si1001614ybh.445.2018.11.29.03.40.43 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 29 Nov 2018 03:40:43 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1gSKec-00088g-A3; Thu, 29 Nov 2018 11:38:46 +0000 Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1gSKea-00088B-Ej for xen-devel@lists.xenproject.org; Thu, 29 Nov 2018 11:38:44 +0000 X-Inumbo-ID: 5345bd7f-f3cb-11e8-9a16-bc764e045a96 Received: from foss.arm.com (unknown [217.140.101.70]) by us1-rack-dfw2.inumbo.com (Halon) with ESMTP id 5345bd7f-f3cb-11e8-9a16-bc764e045a96; Thu, 29 Nov 2018 11:38:43 +0000 (UTC) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 63209EBD; Thu, 29 Nov 2018 03:38:43 -0800 (PST) Received: from e108454-lin.cambridge.arm.com (e108454-lin.cambridge.arm.com [10.1.196.50]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 99EB93F5AF; Thu, 29 Nov 2018 03:38:42 -0800 (PST) From: Julien Grall To: julien.grall@arm.com, xen-devel@lists.xenproject.org Date: Thu, 29 Nov 2018 11:38:35 +0000 Message-Id: <20181129113836.2853-2-julien.grall@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20181129113836.2853-1-julien.grall@arm.com> References: <20181129113836.2853-1-julien.grall@arm.com> Subject: [Xen-devel] [PATCH 1/2] xen/arm: mm: Set-up page permission for Xen mappings earlier on X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Stefano Stabellini MIME-Version: 1.0 Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" Xen mapping is first create using a 2MB page and then shatterred in 4KB page for fine-graine permission. However, it is not safe to break-down superpage page without going to an intermediate step invalidating the entry. As we are changing Xen mappings, we cannot go through the intermediate step. The only solution is to create Xen mapping using 4KB entries directly. As the Xen should always access the mappings according with the runtime permission, it is then possible to set-up the permissions while create the mapping. We are still playing with the fire as there are still some break-before-make issue in setup_pagetables (i.e switch between 2 sets of page-tables). But it should slightly be better than the current state. Signed-off-by: Julien Grall Reported-by: Shameerali Kolothum Thodi Reported-by: Jan-Peter Larsson Tested-by: Shameer Kolothum --- I had few reports on new platforms where Xen reliably stale as soon as SCTLR.WXN is turned on. This likely happens because of not complying with Break-Before-Make when setting-up the permission as we break-down a superpage to 4KB mappings. --- xen/arch/arm/mm.c | 49 ++++++++++++++++++++++--------------------------- 1 file changed, 22 insertions(+), 27 deletions(-) diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c index 987fcb9162..2556e57a99 100644 --- a/xen/arch/arm/mm.c +++ b/xen/arch/arm/mm.c @@ -649,11 +649,31 @@ void __init setup_pagetables(unsigned long boot_phys_offset, paddr_t xen_paddr) } #endif + /* Break up the Xen mapping into 4k pages and protect them separately. */ + for ( i = 0; i < LPAE_ENTRIES; i++ ) + { + mfn_t mfn = mfn_add(maddr_to_mfn(xen_paddr), i); + unsigned long va = XEN_VIRT_START + (i << PAGE_SHIFT); + + if ( !is_kernel(va) ) + break; + pte = mfn_to_xen_entry(mfn, MT_NORMAL); + pte.pt.table = 1; /* 4k mappings always have this bit set */ + if ( is_kernel_text(va) || is_kernel_inittext(va) ) + { + pte.pt.xn = 0; + pte.pt.ro = 1; + } + if ( is_kernel_rodata(va) ) + pte.pt.ro = 1; + xen_xenmap[i] = pte; + } + /* Initialise xen second level entries ... */ /* ... Xen's text etc */ - pte = mfn_to_xen_entry(maddr_to_mfn(xen_paddr), MT_NORMAL); - pte.pt.xn = 0;/* Contains our text mapping! */ + pte = pte_of_xenaddr((vaddr_t)xen_xenmap); + pte.pt.table = 1; xen_second[second_table_offset(XEN_VIRT_START)] = pte; /* ... Fixmap */ @@ -693,31 +713,6 @@ void __init setup_pagetables(unsigned long boot_phys_offset, paddr_t xen_paddr) clear_table(boot_second); clear_table(boot_third); - /* Break up the Xen mapping into 4k pages and protect them separately. */ - for ( i = 0; i < LPAE_ENTRIES; i++ ) - { - mfn_t mfn = mfn_add(maddr_to_mfn(xen_paddr), i); - unsigned long va = XEN_VIRT_START + (i << PAGE_SHIFT); - if ( !is_kernel(va) ) - break; - pte = mfn_to_xen_entry(mfn, MT_NORMAL); - pte.pt.table = 1; /* 4k mappings always have this bit set */ - if ( is_kernel_text(va) || is_kernel_inittext(va) ) - { - pte.pt.xn = 0; - pte.pt.ro = 1; - } - if ( is_kernel_rodata(va) ) - pte.pt.ro = 1; - write_pte(xen_xenmap + i, pte); - /* No flush required here as page table is not hooked in yet. */ - } - - pte = pte_of_xenaddr((vaddr_t)xen_xenmap); - pte.pt.table = 1; - write_pte(xen_second + second_linear_offset(XEN_VIRT_START), pte); - /* TLBFLUSH and ISB would be needed here, but wait until we set WXN */ - /* From now on, no mapping may be both writable and executable. */ WRITE_SYSREG32(READ_SYSREG32(SCTLR_EL2) | SCTLR_WXN, SCTLR_EL2); /* Flush everything after setting WXN bit. */