From: Wei Chen <Wei.Chen@arm.com>
To: Julien Grall <julien@xen.org>,
"xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>,
Stefano Stabellini <sstabellini@kernel.org>
Cc: Bertrand Marquis <Bertrand.Marquis@arm.com>,
Penny Zheng <Penny.Zheng@arm.com>,
Henry Wang <Henry.Wang@arm.com>, nd <nd@arm.com>
Subject: RE: Proposal for Porting Xen to Armv8-R64 - DraftA
Date: Fri, 4 Mar 2022 05:38:24 +0000 [thread overview]
Message-ID: <PAXPR08MB7420DAE8A51AF70882B7A8519E059@PAXPR08MB7420.eurprd08.prod.outlook.com> (raw)
In-Reply-To: <d860bbdb-c0ef-d4c4-51aa-b248a858e177@xen.org>
Hi Julien,
> -----Original Message-----
> From: Julien Grall <julien@xen.org>
> Sent: 2022年3月4日 3:51
> To: Wei Chen <Wei.Chen@arm.com>; xen-devel@lists.xenproject.org; Stefano
> Stabellini <sstabellini@kernel.org>
> Cc: Bertrand Marquis <Bertrand.Marquis@arm.com>; Penny Zheng
> <Penny.Zheng@arm.com>; Henry Wang <Henry.Wang@arm.com>; nd <nd@arm.com>
> Subject: Re: Proposal for Porting Xen to Armv8-R64 - DraftA
>
> Hi Wei,
>
> On 03/03/2022 02:06, Wei Chen wrote:
> >> -----Original Message-----
> >> From: Julien Grall <julien@xen.org>
> >> Sent: 2022年3月2日 20:00
> >> To: Wei Chen <Wei.Chen@arm.com>; xen-devel@lists.xenproject.org;
> Stefano
> >> Stabellini <sstabellini@kernel.org>
> >> Cc: Bertrand Marquis <Bertrand.Marquis@arm.com>; Penny Zheng
> >> <Penny.Zheng@arm.com>; Henry Wang <Henry.Wang@arm.com>; nd <nd@arm.com>
> >> Subject: Re: Proposal for Porting Xen to Armv8-R64 - DraftA
> >>
> >>
> >>
> >> On 01/03/2022 07:51, Wei Chen wrote:
> >>> Hi Julien,
> >>
> >> Hi Wei,
> >>
> >>>> -----Original Message-----
> >>>> From: Julien Grall <julien@xen.org>
> >>>> Sent: 2022年2月26日 4:55
> >>>> To: Wei Chen <Wei.Chen@arm.com>; xen-devel@lists.xenproject.org;
> >> Stefano
> >>>> Stabellini <sstabellini@kernel.org>
> >>>> Cc: Bertrand Marquis <Bertrand.Marquis@arm.com>; Penny Zheng
> >>>> <Penny.Zheng@arm.com>; Henry Wang <Henry.Wang@arm.com>; nd
> <nd@arm.com>
> >>>> Subject: Re: Proposal for Porting Xen to Armv8-R64 - DraftA
> >>>>> ### 1.2. Xen Challenges with PMSA Virtualization
> >>>>> Xen is PMSA unaware Type-1 Hypervisor, it will need modifications to
> >> run
> >>>>> with an MPU and host multiple guest OSes.
> >>>>>
> >>>>> - No MMU at EL2:
> >>>>> - No EL2 Stage 1 address translation
> >>>>> - Xen provides fixed ARM64 virtual memory layout as basis
> of
> >>>> EL2
> >>>>> stage 1 address translation, which is not applicable on
> >> MPU
> >>>> system,
> >>>>> where there is no virtual addressing. As a result, any
> >>>> operation
> >>>>> involving transition from PA to VA, like ioremap, needs
> >>>> modification
> >>>>> on MPU system.
> >>>>> - Xen's run-time addresses are the same as the link time
> >> addresses.
> >>>>> - Enable PIC (position-independent code) on a real-time
> >> target
> >>>>> processor probably very rare.
> >>>>
> >>>> Aside the assembly boot code and UEFI stub, Xen already runs at the
> >> same
> >>>> address as it was linked.
> >>>>
> >>>
> >>> But the difference is that, base on MMU, we can use the same link
> >> address
> >>> for all platforms. But on MPU system, we can't do it in the same way.
> >>
> >> I agree that we currently use the same link address for all the
> >> platforms. But this is also a problem when using MMU because EL2 has a
> >> single TTBR.
> >>
> >> At the moment we are switching page-tables with the MMU which is not
> >> safe. Instead we need to turn out the MMU off, switch page-tables and
> >> then turn on the MMU. This means we need to have an identity mapping of
> >> Xen in the page-tables. Assuming Xen is not relocated, the identity
> >> mapping may clash with Xen (or the rest of the virtual address map).
> >>
> >
> > Is this the same reason we create a dummy reloc section for EFI loader?
>
> The relocations for the EFI loader are necessary because IIRC it is
> running with virt == phys.
>
> But this brings to all sort of problem:
>
> https://lore.kernel.org/all/20171221145521.29526-1-
> julien.grall@linaro.org/
>
It's interesting, I will have a look into that thread.
> [...]
>
> >>>
> >>> Some callers that want to change a memory's attribute will set them.
> >> Something like
> >>> ioremap_nocache. I am not sure is this what you had asked : )
> >>
> >> I am a bit confused. If ioremap_nocache() can change the attribute,
> then
> >> why would ioremap_attr() not be able to do it?
> >>
> >
> > MMU based iorepmap_xxxx can use a new VA and new PTE to do this. But for
> > MPU, we can't do it, except you change the whole MPU region's attribute.
> > The reasons are:
> > 1. For V8R PMSA, one physical address only be existed one MPU region.
> > 2. There's not enough MPU regions for us to split one MPU region to
> > multiple MPU regions (changed pages region and unmodified pages
> regions).
>
> Ok. I think we should at least check the attributes requested match the
> one in the MPU.
>
Yes, this is what we want to do.
> >
> >>>
> >>>>
> >>>>> if ( CACHE_ATTR_need_change )
> >>>>> return NULL;
> >>>>> return (void *)pa;
> >>>>> }
> >>>>> static inline void __iomem *ioremap_nocache(...)
> >>>>> {
> >>>>> return ioremap_attr(start, len,
> PAGE_HYPERVISOR_NOCACHE);
> >>>>> }
> >>>>> static inline void __iomem *ioremap_cache(...)
> >>>>> {
> >>>>> return ioremap_attr(start, len, PAGE_HYPERVISOR);
> >>>>> }
> >>>>> static inline void __iomem *ioremap_wc(...)
> >>>>> {
> >>>>> return ioremap_attr(start, len, PAGE_HYPERVISOR_WC);
> >>>>> }
> >>>>> void *ioremap(...)
> >>>>> {
> >>>>> return ioremap_attr(pa, len, PAGE_HYPERVISOR_NOCACHE);
> >>>>> }
> >>>>>
> >>>>> ```
> >>>>> 4. For `alternative`, it depends on `vmap` too.
> >>>>
> >>>> The only reason we depend on vmap() is because the map the sections
> >>>> *text read-only and we enforce WnX. For VMSA, it would be possible to
> >>>> avoid vmap() with some rework. I don't know for PMSA.
> >>>>
> >>>
> >>> For PMSA, we still enforce WnX. For your use case, I assume it's
> >> alternative.
> >>> It still may have some possibility to avoid vmap(). But there may be
> >> some
> >>> security issues. We had thought to disable MPU -> update xen text ->
> >> enable
> >>> MPU to copy VMSA alternative's behavior. The problem with this,
> however,
> >>> is that at some point, all memory is RWX. There maybe some security
> >> risk. > But because it's in init stage, it probably doesn't matter as
> much
> >> as
> >> I thought.
> >>
> >> For boot code, we need to ensure the code is compliant to the Arm Arm.
> >> Other than that, it is OK to have the memory RWX for a short period of
> >> time.
> >>
> >> In fact, when we originally boot Xen, we don't enforce WnX. We will
> >> start to enforce when initializing the memory. But there are no blocker
> >> to delay it (other than writing the code :)).
> >
> > Ah, ok, it seems we still can implement alternative on MPU system.
> > I will update it in new version proposal, but place it in TODO, I don't
> > want to include it before single CPU support be merged. Because current
> > patch series is huge enough : )
>
> That's fine with me. I am not expecting you to implement everything we
> discussed here from day 1! :)
>
Great! Thanks~
> Cheers,
>
> --
> Julien Grall
next prev parent reply other threads:[~2022-03-04 5:39 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-24 6:01 Proposal for Porting Xen to Armv8-R64 - DraftA Wei Chen
2022-02-24 11:52 ` Ayan Kumar Halder
2022-02-25 6:33 ` Wei Chen
2022-02-25 0:55 ` Stefano Stabellini
2022-02-25 10:48 ` Wei Chen
2022-02-25 20:12 ` Julien Grall
2022-03-01 6:29 ` Wei Chen
2022-03-01 13:17 ` Julien Grall
2022-03-02 6:43 ` Wei Chen
2022-03-02 10:24 ` Julien Grall
2022-03-03 1:35 ` Wei Chen
2022-03-03 9:15 ` Julien Grall
2022-03-03 10:43 ` Wei Chen
2022-02-25 23:54 ` Stefano Stabellini
2022-03-01 12:55 ` Wei Chen
2022-03-01 23:38 ` Stefano Stabellini
2022-03-02 7:13 ` Wei Chen
2022-03-02 22:55 ` Stefano Stabellini
2022-03-03 1:05 ` Wei Chen
2022-03-03 2:03 ` Stefano Stabellini
2022-03-03 2:12 ` Wei Chen
2022-03-03 2:15 ` Stefano Stabellini
2022-02-25 20:55 ` Julien Grall
2022-03-01 7:51 ` Wei Chen
2022-03-02 7:21 ` Penny Zheng
2022-03-02 12:06 ` Julien Grall
2022-03-02 12:00 ` Julien Grall
2022-03-03 2:06 ` Wei Chen
2022-03-03 19:51 ` Julien Grall
2022-03-04 5:38 ` Wei Chen [this message]
2022-03-07 2:12 ` Wei Chen
2022-03-07 22:58 ` Stefano Stabellini
2022-03-08 7:28 ` Wei Chen
2022-03-08 19:49 ` Stefano Stabellini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=PAXPR08MB7420DAE8A51AF70882B7A8519E059@PAXPR08MB7420.eurprd08.prod.outlook.com \
--to=wei.chen@arm.com \
--cc=Bertrand.Marquis@arm.com \
--cc=Henry.Wang@arm.com \
--cc=Penny.Zheng@arm.com \
--cc=julien@xen.org \
--cc=nd@arm.com \
--cc=sstabellini@kernel.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.