From: Elias El Yandouzi <eliasely@amazon.com>
To: <xen-devel@lists.xenproject.org>
Cc: <julien@xen.org>, <pdurrant@amazon.com>, <dwmw@amazon.com>,
Julien Grall <jgrall@amazon.com>,
Stefano Stabellini <sstabellini@kernel.org>,
"Bertrand Marquis" <bertrand.marquis@arm.com>,
Michal Orzel <michal.orzel@amd.com>,
Volodymyr Babchuk <Volodymyr_Babchuk@epam.com>,
Elias El Yandouzi <eliasely@amazon.com>
Subject: [PATCH v2 (resend) 25/27] xen/arm64: mm: Use per-pCPU page-tables
Date: Tue, 16 Jan 2024 19:26:09 +0000 [thread overview]
Message-ID: <20240116192611.41112-26-eliasely@amazon.com> (raw)
In-Reply-To: <20240116192611.41112-1-eliasely@amazon.com>
From: Julien Grall <jgrall@amazon.com>
At the moment, on Arm64, every pCPU is sharing the same page-tables.
In a follow-up patch, we will allow the possibility to remove the
direct map and therefore it will be necessary to have a mapcache.
While we have plenty of spare virtual address space to reserve part
for each pCPU, it means that temporary mappings (e.g. guest memory)
could be accessible by every pCPU.
In order to increase our security posture, it would be better if
those mappings are only accessible by the pCPU doing the temporary
mapping.
In addition to that, a per-pCPU page-tables opens the way to have
per-domain mapping area.
Arm32 is already using per-pCPU page-tables so most of the code
can be re-used. Arm64 doesn't yet have support for the mapcache,
so a stub is provided (moved to its own header asm/domain_page.h).
Take the opportunity to fix a typo in a comment that is modified.
Signed-off-by: Julien Grall <jgrall@amazon.com>
Signed-off-by: Elias El Yandouzi <eliasely@amazon.com>
----
Changelog since v1:
* Rebase
* Fix typoes
diff --git a/xen/arch/arm/arm64/mmu/mm.c b/xen/arch/arm/arm64/mmu/mm.c
index d2651c9486..4f339efb7b 100644
--- a/xen/arch/arm/arm64/mmu/mm.c
+++ b/xen/arch/arm/arm64/mmu/mm.c
@@ -75,6 +75,7 @@ static void __init prepare_runtime_identity_mapping(void)
paddr_t id_addr = virt_to_maddr(_start);
lpae_t pte;
DECLARE_OFFSETS(id_offsets, id_addr);
+ lpae_t *root = this_cpu(xen_pgtable);
if ( id_offsets[0] >= IDENTITY_MAPPING_AREA_NR_L0 )
panic("Cannot handle ID mapping above %uTB\n",
@@ -85,7 +86,7 @@ static void __init prepare_runtime_identity_mapping(void)
pte.pt.table = 1;
pte.pt.xn = 0;
- write_pte(&xen_pgtable[id_offsets[0]], pte);
+ write_pte(&root[id_offsets[0]], pte);
/* Link second ID table */
pte = pte_of_xenaddr((vaddr_t)xen_second_id);
diff --git a/xen/arch/arm/domain_page.c b/xen/arch/arm/domain_page.c
index 3a43601623..ac2a6d0332 100644
--- a/xen/arch/arm/domain_page.c
+++ b/xen/arch/arm/domain_page.c
@@ -3,6 +3,8 @@
#include <xen/pmap.h>
#include <xen/vmap.h>
+#include <asm/domain_page.h>
+
/* Override macros from asm/page.h to make them work with mfn_t */
#undef virt_to_mfn
#define virt_to_mfn(va) _mfn(__virt_to_mfn(va))
diff --git a/xen/arch/arm/include/asm/arm32/mm.h b/xen/arch/arm/include/asm/arm32/mm.h
index 856f2dbec4..87a315db01 100644
--- a/xen/arch/arm/include/asm/arm32/mm.h
+++ b/xen/arch/arm/include/asm/arm32/mm.h
@@ -1,12 +1,6 @@
#ifndef __ARM_ARM32_MM_H__
#define __ARM_ARM32_MM_H__
-#include <xen/percpu.h>
-
-#include <asm/lpae.h>
-
-DECLARE_PER_CPU(lpae_t *, xen_pgtable);
-
/*
* Only a limited amount of RAM, called xenheap, is always mapped on ARM32.
* For convenience always return false.
@@ -16,8 +10,6 @@ static inline bool arch_mfns_in_directmap(unsigned long mfn, unsigned long nr)
return false;
}
-bool init_domheap_mappings(unsigned int cpu);
-
static inline void arch_setup_page_tables(void)
{
}
diff --git a/xen/arch/arm/include/asm/domain_page.h b/xen/arch/arm/include/asm/domain_page.h
new file mode 100644
index 0000000000..e9f52685e2
--- /dev/null
+++ b/xen/arch/arm/include/asm/domain_page.h
@@ -0,0 +1,13 @@
+#ifndef __ASM_ARM_DOMAIN_PAGE_H__
+#define __ASM_ARM_DOMAIN_PAGE_H__
+
+#ifdef CONFIG_ARCH_MAP_DOMAIN_PAGE
+bool init_domheap_mappings(unsigned int cpu);
+#else
+static inline bool init_domheap_mappings(unsigned int cpu)
+{
+ return true;
+}
+#endif
+
+#endif /* __ASM_ARM_DOMAIN_PAGE_H__ */
diff --git a/xen/arch/arm/include/asm/mm.h b/xen/arch/arm/include/asm/mm.h
index 9a94d7eaf7..a76578a16f 100644
--- a/xen/arch/arm/include/asm/mm.h
+++ b/xen/arch/arm/include/asm/mm.h
@@ -2,6 +2,9 @@
#define __ARCH_ARM_MM__
#include <xen/kernel.h>
+#include <xen/percpu.h>
+
+#include <asm/lpae.h>
#include <asm/page.h>
#include <public/xen.h>
#include <xen/pdx.h>
diff --git a/xen/arch/arm/include/asm/mmu/mm.h b/xen/arch/arm/include/asm/mmu/mm.h
index c5e03a66bf..c03c3a51e4 100644
--- a/xen/arch/arm/include/asm/mmu/mm.h
+++ b/xen/arch/arm/include/asm/mmu/mm.h
@@ -2,6 +2,8 @@
#ifndef __ARM_MMU_MM_H__
#define __ARM_MMU_MM_H__
+DECLARE_PER_CPU(lpae_t *, xen_pgtable);
+
/* Non-boot CPUs use this to find the correct pagetables. */
extern uint64_t init_ttbr;
diff --git a/xen/arch/arm/mmu/pt.c b/xen/arch/arm/mmu/pt.c
index a7755728ae..e772ab4e66 100644
--- a/xen/arch/arm/mmu/pt.c
+++ b/xen/arch/arm/mmu/pt.c
@@ -606,9 +606,9 @@ static int xen_pt_update(unsigned long virt,
unsigned long left = nr_mfns;
/*
- * For arm32, page-tables are different on each CPUs. Yet, they share
- * some common mappings. It is assumed that only common mappings
- * will be modified with this function.
+ * Page-tables are different on each CPU. Yet, they share some common
+ * mappings. It is assumed that only common mappings will be modified
+ * with this function.
*
* XXX: Add a check.
*/
diff --git a/xen/arch/arm/mmu/setup.c b/xen/arch/arm/mmu/setup.c
index 57f1b46499..8c81e26da3 100644
--- a/xen/arch/arm/mmu/setup.c
+++ b/xen/arch/arm/mmu/setup.c
@@ -26,17 +26,15 @@
* PCPUs.
*/
-#ifdef CONFIG_ARM_64
-DEFINE_PAGE_TABLE(xen_pgtable);
-static DEFINE_PAGE_TABLE(xen_first);
-#define THIS_CPU_PGTABLE xen_pgtable
-#else
/* Per-CPU pagetable pages */
/* xen_pgtable == root of the trie (zeroeth level on 64-bit, first on 32-bit) */
DEFINE_PER_CPU(lpae_t *, xen_pgtable);
#define THIS_CPU_PGTABLE this_cpu(xen_pgtable)
/* Root of the trie for cpu0, other CPU's PTs are dynamically allocated */
static DEFINE_PAGE_TABLE(cpu0_pgtable);
+
+#ifdef CONFIG_ARM_64
+static DEFINE_PAGE_TABLE(xen_first);
#endif
/* Common pagetable leaves */
@@ -228,19 +226,22 @@ void __init setup_pagetables(unsigned long boot_phys_offset)
lpae_t pte, *p;
int i;
+ p = cpu0_pgtable;
+
phys_offset = boot_phys_offset;
+ /* arch_setup_page_tables() may need to access the root page-tables. */
+ per_cpu(xen_pgtable, 0) = cpu0_pgtable;
+
arch_setup_page_tables();
#ifdef CONFIG_ARM_64
pte = pte_of_xenaddr((uintptr_t)xen_first);
pte.pt.table = 1;
pte.pt.xn = 0;
- xen_pgtable[zeroeth_table_offset(XEN_VIRT_START)] = pte;
+ p[zeroeth_table_offset(XEN_VIRT_START)] = pte;
- p = (void *) xen_first;
-#else
- p = (void *) cpu0_pgtable;
+ p = xen_first;
#endif
/* Map xen second level page-table */
@@ -283,19 +284,11 @@ void __init setup_pagetables(unsigned long boot_phys_offset)
pte.pt.table = 1;
xen_second[second_table_offset(FIXMAP_ADDR(0))] = pte;
-#ifdef CONFIG_ARM_64
- ttbr = (uintptr_t) xen_pgtable + phys_offset;
-#else
ttbr = (uintptr_t) cpu0_pgtable + phys_offset;
-#endif
switch_ttbr(ttbr);
xen_pt_enforce_wnx();
-
-#ifdef CONFIG_ARM_32
- per_cpu(xen_pgtable, 0) = cpu0_pgtable;
-#endif
}
void *__init arch_vmap_virt_end(void)
diff --git a/xen/arch/arm/mmu/smpboot.c b/xen/arch/arm/mmu/smpboot.c
index fb5df667ba..fdd9b9c580 100644
--- a/xen/arch/arm/mmu/smpboot.c
+++ b/xen/arch/arm/mmu/smpboot.c
@@ -7,6 +7,7 @@
#include <xen/domain_page.h>
+#include <asm/domain_page.h>
#include <asm/setup.h>
/*
@@ -68,20 +69,6 @@ static void clear_boot_pagetables(void)
clear_table(boot_third);
}
-#ifdef CONFIG_ARM_64
-int prepare_secondary_mm(int cpu)
-{
- clear_boot_pagetables();
-
- /*
- * Set init_ttbr for this CPU coming up. All CPUs share a single setof
- * pagetables, but rewrite it each time for consistency with 32 bit.
- */
- init_ttbr = virt_to_maddr(xen_pgtable);
- clean_dcache(init_ttbr);
- return 0;
-}
-#else
int prepare_secondary_mm(int cpu)
{
lpae_t *root = alloc_xenheap_page();
@@ -112,7 +99,6 @@ int prepare_secondary_mm(int cpu)
return 0;
}
-#endif
/*
* Local variables:
diff --git a/xen/arch/arm/setup.c b/xen/arch/arm/setup.c
index 7e28f62d09..3dec365c57 100644
--- a/xen/arch/arm/setup.c
+++ b/xen/arch/arm/setup.c
@@ -42,6 +42,7 @@
#include <asm/gic.h>
#include <asm/cpuerrata.h>
#include <asm/cpufeature.h>
+#include <asm/domain_page.h>
#include <asm/platform.h>
#include <asm/procinfo.h>
#include <asm/setup.h>
--
2.40.1
next prev parent reply other threads:[~2024-01-16 19:28 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-16 19:25 [PATCH v2 (resend) 00/27] Remove the directmap Elias El Yandouzi
2024-01-16 19:25 ` [PATCH v2 (resend) 01/27] xen/vmap: Check the page has been mapped in vm_init_type() Elias El Yandouzi
2024-01-25 16:14 ` Jan Beulich
2024-01-16 19:25 ` [PATCH v2 (resend) 02/27] x86/setup: Move vm_init() before acpi calls Elias El Yandouzi
2024-01-25 16:17 ` Jan Beulich
2024-02-05 22:55 ` Stefano Stabellini
2024-01-16 19:25 ` [PATCH v2 (resend) 03/27] xen/vmap: Introduce vmap_size() and use it Elias El Yandouzi
2024-01-25 16:26 ` Jan Beulich
2024-01-16 19:25 ` [PATCH v2 (resend) 04/27] acpi: vmap pages in acpi_os_alloc_memory Elias El Yandouzi
2024-01-25 16:28 ` Jan Beulich
2024-01-16 19:25 ` [PATCH v2 (resend) 05/27] xen/numa: vmap the pages for memnodemap Elias El Yandouzi
2024-01-25 16:30 ` Jan Beulich
2024-01-16 19:25 ` [PATCH v2 (resend) 06/27] x86/srat: vmap the pages for acpi_slit Elias El Yandouzi
2024-01-25 16:32 ` Jan Beulich
2024-01-16 19:25 ` [PATCH v2 (resend) 07/27] x86: Map/unmap pages in restore_all_guests Elias El Yandouzi
2024-02-20 9:51 ` Jan Beulich
2024-04-30 16:08 ` Elias El Yandouzi
2024-05-02 6:48 ` Jan Beulich
2024-01-16 19:25 ` [PATCH v2 (resend) 08/27] x86/pv: Domheap pages should be mapped while relocating initrd Elias El Yandouzi
2024-02-20 10:07 ` Jan Beulich
2024-01-16 19:25 ` [PATCH v2 (resend) 09/27] x86/pv: Rewrite how building PV dom0 handles domheap mappings Elias El Yandouzi
2024-02-20 10:28 ` Jan Beulich
2024-05-07 15:21 ` Elias El Yandouzi
2024-01-16 19:25 ` [PATCH v2 (resend) 10/27] x86/pv: Map L4 page table for shim domain Elias El Yandouzi
2024-02-20 10:37 ` Jan Beulich
2024-01-16 19:25 ` [PATCH v2 (resend) 11/27] x86: Lift mapcache variable to the arch level Elias El Yandouzi
2024-02-20 10:46 ` Jan Beulich
2024-05-07 15:22 ` Elias El Yandouzi
2024-01-16 19:25 ` [PATCH v2 (resend) 12/27] x86/mapcache: Initialise the mapcache for the idle domain Elias El Yandouzi
2024-02-20 10:51 ` Jan Beulich
2024-05-07 15:25 ` Elias El Yandouzi
2024-05-13 9:35 ` Elias El Yandouzi
2024-01-16 19:25 ` [PATCH v2 (resend) 13/27] x86: Add a boot option to enable and disable the direct map Elias El Yandouzi
2024-02-20 11:14 ` Jan Beulich
2024-05-13 10:50 ` Elias El Yandouzi
2024-01-16 19:25 ` [PATCH v2 (resend) 14/27] xen/arm: fixmap: Rename the fixmap slots to follow the x86 convention Elias El Yandouzi
2024-01-16 19:25 ` [PATCH v2 (resend) 15/27] xen/x86: Add support for the PMAP Elias El Yandouzi
2024-01-16 19:26 ` [PATCH v2 (resend) 16/27] xen/x86: Add build assertion for fixmap entries Elias El Yandouzi
2024-01-16 19:26 ` [PATCH v2 (resend) 17/27] x86/domain_page: Remove the fast paths when mfn is not in the directmap Elias El Yandouzi
2024-01-16 19:26 ` [PATCH v2 (resend) 18/27] xen/page_alloc: Add a path for xenheap when there is no direct map Elias El Yandouzi
2024-01-16 19:26 ` [PATCH v2 (resend) 19/27] x86/setup: Leave early boot slightly earlier Elias El Yandouzi
2024-01-16 19:26 ` [PATCH v2 (resend) 20/27] x86/setup: vmap heap nodes when they are outside the direct map Elias El Yandouzi
2024-01-16 19:26 ` [PATCH v2 (resend) 21/27] x86/setup: Do not create valid mappings when directmap=no Elias El Yandouzi
2024-01-16 19:26 ` [PATCH v2 (resend) 22/27] Rename mfn_to_virt() calls Elias El Yandouzi
2024-01-16 19:26 ` [PATCH v2 (resend) 23/27] Rename maddr_to_virt() calls Elias El Yandouzi
2024-01-16 19:26 ` [PATCH v2 (resend) 24/27] xen/arm32: mm: Rename 'first' to 'root' in init_secondary_pagetables() Elias El Yandouzi
2024-01-16 19:26 ` Elias El Yandouzi [this message]
2024-01-16 19:26 ` [PATCH v2 (resend) 26/27] xen/arm64: Implement a mapcache for arm64 Elias El Yandouzi
2024-01-16 19:26 ` [PATCH v2 (resend) 27/27] xen/arm64: Allow the admin to enable/disable the directmap Elias El Yandouzi
2024-01-29 8:28 ` [PATCH v2 (resend) 00/27] Remove " Jan Beulich
2024-02-05 11:11 ` Elias El Yandouzi
2024-02-16 17:17 ` Julien Grall
2024-03-25 10:31 ` Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240116192611.41112-26-eliasely@amazon.com \
--to=eliasely@amazon.com \
--cc=Volodymyr_Babchuk@epam.com \
--cc=bertrand.marquis@arm.com \
--cc=dwmw@amazon.com \
--cc=jgrall@amazon.com \
--cc=julien@xen.org \
--cc=michal.orzel@amd.com \
--cc=pdurrant@amazon.com \
--cc=sstabellini@kernel.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.