xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed
* [PATCH v2] arm: Fix asynchronous aborts (SError exceptions) due to bogus PTEs
@ 2016-03-16 19:08 Shanker Donthineni
  2016-03-21 23:18 ` Shanker Donthineni
  0 siblings, 1 reply; 5+ messages in thread
From: Shanker Donthineni @ 2016-03-16 19:08 UTC (permalink / raw)
  To: Julien Grall, xen-devel
  Cc: Philip Elcan, Vikram Sethi, Stefano Stabellini, Andrew Cooper,
	Jan Beulich, Shanker Donthineni

From: Vikram Sethi <vikrams@codeaurora.org>

ARMv8 architecture allows performing prefetch data/instructions
from memory locations marked as normal memory. Prefetch does not
mean that the data/instruction has to be used/executed in code
flow. All PTEs that appear to be valid to MMU must contain valid
physical address with proper attributes otherwise MMU table walk
might cause imprecise asynchronous aborts.

The way current XEN code is preparing page tables for frametable
and xenheap memory can create bogus PTEs. This patch fixes the
issue by clearing page table memory before populating EL2 L0/L1
PTEs. Without this patch XEN crashes on Qualcomm Technologies
server chips due to asynchronous aborts.

The speculative/prefetch feature explanation is scattered everywhere
in ARM specification but below two sections have useful information.

E2.8 Memory types and attributes
G4.12.6 External abort on a translation table walk

Signed-off-by: Vikram Sethi <vikrams@codeaurora.org>
Signed-off-by: Shanker Donthineni <shankerd@codeaurora.org>
---
Changes since v1:
    Replace memset() with clear_page()
    Edit commit description 

 xen/arch/arm/mm.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c
index 81f9e2e..3fda8f3 100644
--- a/xen/arch/arm/mm.c
+++ b/xen/arch/arm/mm.c
@@ -730,6 +730,8 @@ void __init setup_xenheap_mappings(unsigned long base_mfn,
         else
         {
             unsigned long first_mfn = alloc_boot_pages(1, 1);
+
+            clear_page(mfn_to_virt(first_mfn));
             pte = mfn_to_xen_entry(first_mfn, WRITEALLOC);
             pte.pt.table = 1;
             write_pte(p, pte);
@@ -773,6 +775,7 @@ void __init setup_frametable_mappings(paddr_t ps, paddr_t pe)
     second = mfn_to_virt(second_base);
     for ( i = 0; i < nr_second; i++ )
     {
+        clear_page(mfn_to_virt(second_base + i));
         pte = mfn_to_xen_entry(second_base + i, WRITEALLOC);
         pte.pt.table = 1;
         write_pte(&xen_first[first_table_offset(FRAMETABLE_VIRT_START)+i], pte);
-- 
Qualcomm Technologies, Inc. on behalf of Qualcomm Innovation Center, Inc. 
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, 
a Linux Foundation Collaborative Project


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH v2] arm: Fix asynchronous aborts (SError exceptions) due to bogus PTEs
  2016-03-16 19:08 [PATCH v2] arm: Fix asynchronous aborts (SError exceptions) due to bogus PTEs Shanker Donthineni
@ 2016-03-21 23:18 ` Shanker Donthineni
  2016-03-22 22:21   ` Julien Grall
  0 siblings, 1 reply; 5+ messages in thread
From: Shanker Donthineni @ 2016-03-21 23:18 UTC (permalink / raw)
  To: Julien Grall, xen-devel
  Cc: Andrew Cooper, Philip Elcan, Vikram Sethi, Jan Beulich,
	Stefano Stabellini

Hi Julien,

Do you have any other comments to be addressed?

On 03/16/2016 02:08 PM, Shanker Donthineni wrote:
> From: Vikram Sethi <vikrams@codeaurora.org>
>
> ARMv8 architecture allows performing prefetch data/instructions
> from memory locations marked as normal memory. Prefetch does not
> mean that the data/instruction has to be used/executed in code
> flow. All PTEs that appear to be valid to MMU must contain valid
> physical address with proper attributes otherwise MMU table walk
> might cause imprecise asynchronous aborts.
>
> The way current XEN code is preparing page tables for frametable
> and xenheap memory can create bogus PTEs. This patch fixes the
> issue by clearing page table memory before populating EL2 L0/L1
> PTEs. Without this patch XEN crashes on Qualcomm Technologies
> server chips due to asynchronous aborts.
>
> The speculative/prefetch feature explanation is scattered everywhere
> in ARM specification but below two sections have useful information.
>
> E2.8 Memory types and attributes
> G4.12.6 External abort on a translation table walk
>
> Signed-off-by: Vikram Sethi <vikrams@codeaurora.org>
> Signed-off-by: Shanker Donthineni <shankerd@codeaurora.org>
> ---
> Changes since v1:
>     Replace memset() with clear_page()
>     Edit commit description 
>
>  xen/arch/arm/mm.c | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c
> index 81f9e2e..3fda8f3 100644
> --- a/xen/arch/arm/mm.c
> +++ b/xen/arch/arm/mm.c
> @@ -730,6 +730,8 @@ void __init setup_xenheap_mappings(unsigned long base_mfn,
>          else
>          {
>              unsigned long first_mfn = alloc_boot_pages(1, 1);
> +
> +            clear_page(mfn_to_virt(first_mfn));
>              pte = mfn_to_xen_entry(first_mfn, WRITEALLOC);
>              pte.pt.table = 1;
>              write_pte(p, pte);
> @@ -773,6 +775,7 @@ void __init setup_frametable_mappings(paddr_t ps, paddr_t pe)
>      second = mfn_to_virt(second_base);
>      for ( i = 0; i < nr_second; i++ )
>      {
> +        clear_page(mfn_to_virt(second_base + i));
>          pte = mfn_to_xen_entry(second_base + i, WRITEALLOC);
>          pte.pt.table = 1;
>          write_pte(&xen_first[first_table_offset(FRAMETABLE_VIRT_START)+i], pte);

-- 
Shanker Donthineni
Qualcomm Technologies, Inc. on behalf of Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, a Linux Foundation Collaborative Project


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH v2] arm: Fix asynchronous aborts (SError exceptions) due to bogus PTEs
  2016-03-21 23:18 ` Shanker Donthineni
@ 2016-03-22 22:21   ` Julien Grall
  2016-03-22 22:38     ` Shanker Donthineni
  0 siblings, 1 reply; 5+ messages in thread
From: Julien Grall @ 2016-03-22 22:21 UTC (permalink / raw)
  To: Shanker Donthineni, xen-devel
  Cc: Philip Elcan, Vikram Sethi, Steve Capper, Andrew Cooper,
	Stefano Stabellini, Jan Beulich, Andre.Przywara

(CC some ARM folks)

On 21/03/2016 23:18, Shanker Donthineni wrote:
> Hi Julien,

Hello Shanker,

Sorry for the late answer.

> Do you have any other comments to be addressed?

I have a question regarding the implication for what you wrote in the 
commit.

As far as I understand, any speculative table walk might cause an 
imprecise asynchronous abort. So if a guest is using page tables that 
contain garbage, it would be possible to receive an SError. Am I right?

>
> On 03/16/2016 02:08 PM, Shanker Donthineni wrote:
>> From: Vikram Sethi <vikrams@codeaurora.org>
>>
>> ARMv8 architecture allows performing prefetch data/instructions
>> from memory locations marked as normal memory. Prefetch does not
>> mean that the data/instruction has to be used/executed in code
>> flow. All PTEs that appear to be valid to MMU must contain valid
>> physical address with proper attributes otherwise MMU table walk
>> might cause imprecise asynchronous aborts.
>>
>> The way current XEN code is preparing page tables for frametable
>> and xenheap memory can create bogus PTEs. This patch fixes the
>> issue by clearing page table memory before populating EL2 L0/L1
>> PTEs. Without this patch XEN crashes on Qualcomm Technologies
>> server chips due to asynchronous aborts.
>>
>> The speculative/prefetch feature explanation is scattered everywhere
>> in ARM specification but below two sections have useful information.
>>
>> E2.8 Memory types and attributes
>> G4.12.6 External abort on a translation table walk

As said on an earlier version of this patch, please mention the version 
of the spec when you quote it.

>>
>> Signed-off-by: Vikram Sethi <vikrams@codeaurora.org>
>> Signed-off-by: Shanker Donthineni <shankerd@codeaurora.org>
>> ---
>> Changes since v1:
>>      Replace memset() with clear_page()
>>      Edit commit description
>>
>>   xen/arch/arm/mm.c | 3 +++
>>   1 file changed, 3 insertions(+)
>>
>> diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c
>> index 81f9e2e..3fda8f3 100644
>> --- a/xen/arch/arm/mm.c
>> +++ b/xen/arch/arm/mm.c
>> @@ -730,6 +730,8 @@ void __init setup_xenheap_mappings(unsigned long base_mfn,
>>           else
>>           {
>>               unsigned long first_mfn = alloc_boot_pages(1, 1);
>> +
>> +            clear_page(mfn_to_virt(first_mfn));
>>               pte = mfn_to_xen_entry(first_mfn, WRITEALLOC);
>>               pte.pt.table = 1;
>>               write_pte(p, pte);
>> @@ -773,6 +775,7 @@ void __init setup_frametable_mappings(paddr_t ps, paddr_t pe)
>>       second = mfn_to_virt(second_base);
>>       for ( i = 0; i < nr_second; i++ )
>>       {
>> +        clear_page(mfn_to_virt(second_base + i));
>>           pte = mfn_to_xen_entry(second_base + i, WRITEALLOC);
>>           pte.pt.table = 1;
>>           write_pte(&xen_first[first_table_offset(FRAMETABLE_VIRT_START)+i], pte);
>

Regards,

-- 
Julien Grall

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH v2] arm: Fix asynchronous aborts (SError exceptions) due to bogus PTEs
  2016-03-22 22:21   ` Julien Grall
@ 2016-03-22 22:38     ` Shanker Donthineni
  2016-03-24 12:14       ` Stefano Stabellini
  0 siblings, 1 reply; 5+ messages in thread
From: Shanker Donthineni @ 2016-03-22 22:38 UTC (permalink / raw)
  To: Julien Grall, xen-devel
  Cc: Philip Elcan, Vikram Sethi, Steve Capper, Andrew Cooper,
	Stefano Stabellini, Jan Beulich, Andre.Przywara



On 03/22/2016 05:21 PM, Julien Grall wrote:
> (CC some ARM folks)
>
> On 21/03/2016 23:18, Shanker Donthineni wrote:
>> Hi Julien,
>
> Hello Shanker,
>
> Sorry for the late answer.
>
>> Do you have any other comments to be addressed?
>
> I have a question regarding the implication for what you wrote in the commit.
>
> As far as I understand, any speculative table walk might cause an imprecise asynchronous abort. So if a guest is using page tables that contain garbage, it would be possible to receive an SError. Am I right?
>

Yes, you are right (applies to EL1 TTBR0/TTBR1, EL2 TTBR0/TTBR1 and EL3 TTBR0 tables).

>>
>> On 03/16/2016 02:08 PM, Shanker Donthineni wrote:
>>> From: Vikram Sethi <vikrams@codeaurora.org>
>>>
>>> ARMv8 architecture allows performing prefetch data/instructions
>>> from memory locations marked as normal memory. Prefetch does not
>>> mean that the data/instruction has to be used/executed in code
>>> flow. All PTEs that appear to be valid to MMU must contain valid
>>> physical address with proper attributes otherwise MMU table walk
>>> might cause imprecise asynchronous aborts.
>>>
>>> The way current XEN code is preparing page tables for frametable
>>> and xenheap memory can create bogus PTEs. This patch fixes the
>>> issue by clearing page table memory before populating EL2 L0/L1
>>> PTEs. Without this patch XEN crashes on Qualcomm Technologies
>>> server chips due to asynchronous aborts.
>>>
>>> The speculative/prefetch feature explanation is scattered everywhere
>>> in ARM specification but below two sections have useful information.
>>>
>>> E2.8 Memory types and attributes
>>> G4.12.6 External abort on a translation table walk
>
> As said on an earlier version of this patch, please mention the version of the spec when you quote it.
>

Sure, should I post V3 patch mentioning ARM spec version?
>>>
>>> Signed-off-by: Vikram Sethi <vikrams@codeaurora.org>
>>> Signed-off-by: Shanker Donthineni <shankerd@codeaurora.org>
>>> ---
>>> Changes since v1:
>>>      Replace memset() with clear_page()
>>>      Edit commit description
>>>
>>>   xen/arch/arm/mm.c | 3 +++
>>>   1 file changed, 3 insertions(+)
>>>
>>> diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c
>>> index 81f9e2e..3fda8f3 100644
>>> --- a/xen/arch/arm/mm.c
>>> +++ b/xen/arch/arm/mm.c
>>> @@ -730,6 +730,8 @@ void __init setup_xenheap_mappings(unsigned long base_mfn,
>>>           else
>>>           {
>>>               unsigned long first_mfn = alloc_boot_pages(1, 1);
>>> +
>>> +            clear_page(mfn_to_virt(first_mfn));
>>>               pte = mfn_to_xen_entry(first_mfn, WRITEALLOC);
>>>               pte.pt.table = 1;
>>>               write_pte(p, pte);
>>> @@ -773,6 +775,7 @@ void __init setup_frametable_mappings(paddr_t ps, paddr_t pe)
>>>       second = mfn_to_virt(second_base);
>>>       for ( i = 0; i < nr_second; i++ )
>>>       {
>>> +        clear_page(mfn_to_virt(second_base + i));
>>>           pte = mfn_to_xen_entry(second_base + i, WRITEALLOC);
>>>           pte.pt.table = 1;
>>>           write_pte(&xen_first[first_table_offset(FRAMETABLE_VIRT_START)+i], pte);
>>
>
> Regards,
>

-- 
Shanker Donthineni
Qualcomm Technologies, Inc. on behalf of Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, a Linux Foundation Collaborative Project


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH v2] arm: Fix asynchronous aborts (SError exceptions) due to bogus PTEs
  2016-03-22 22:38     ` Shanker Donthineni
@ 2016-03-24 12:14       ` Stefano Stabellini
  0 siblings, 0 replies; 5+ messages in thread
From: Stefano Stabellini @ 2016-03-24 12:14 UTC (permalink / raw)
  To: Shanker Donthineni
  Cc: Philip Elcan, Vikram Sethi, Stefano Stabellini, Andrew Cooper,
	Steve Capper, Julien Grall, Jan Beulich, Andre.Przywara,
	xen-devel

On Tue, 22 Mar 2016, Shanker Donthineni wrote:
> On 03/22/2016 05:21 PM, Julien Grall wrote:
> > (CC some ARM folks)
> >
> > On 21/03/2016 23:18, Shanker Donthineni wrote:
> >> Hi Julien,
> >
> > Hello Shanker,
> >
> > Sorry for the late answer.
> >
> >> Do you have any other comments to be addressed?
> >
> > I have a question regarding the implication for what you wrote in the commit.
> >
> > As far as I understand, any speculative table walk might cause an imprecise asynchronous abort. So if a guest is using page tables that contain garbage, it would be possible to receive an SError. Am I right?
> >
> 
> Yes, you are right (applies to EL1 TTBR0/TTBR1, EL2 TTBR0/TTBR1 and EL3 TTBR0 tables).
> 
> >>
> >> On 03/16/2016 02:08 PM, Shanker Donthineni wrote:
> >>> From: Vikram Sethi <vikrams@codeaurora.org>
> >>>
> >>> ARMv8 architecture allows performing prefetch data/instructions
> >>> from memory locations marked as normal memory. Prefetch does not
> >>> mean that the data/instruction has to be used/executed in code
> >>> flow. All PTEs that appear to be valid to MMU must contain valid
> >>> physical address with proper attributes otherwise MMU table walk
> >>> might cause imprecise asynchronous aborts.
> >>>
> >>> The way current XEN code is preparing page tables for frametable
> >>> and xenheap memory can create bogus PTEs. This patch fixes the
> >>> issue by clearing page table memory before populating EL2 L0/L1
> >>> PTEs. Without this patch XEN crashes on Qualcomm Technologies
> >>> server chips due to asynchronous aborts.
> >>>
> >>> The speculative/prefetch feature explanation is scattered everywhere
> >>> in ARM specification but below two sections have useful information.
> >>>
> >>> E2.8 Memory types and attributes
> >>> G4.12.6 External abort on a translation table walk
> >
> > As said on an earlier version of this patch, please mention the version of the spec when you quote it.
> >
> 
> Sure, should I post V3 patch mentioning ARM spec version?

Yes, please.


> >>> Signed-off-by: Vikram Sethi <vikrams@codeaurora.org>
> >>> Signed-off-by: Shanker Donthineni <shankerd@codeaurora.org>
> >>> ---
> >>> Changes since v1:
> >>>      Replace memset() with clear_page()
> >>>      Edit commit description
> >>>
> >>>   xen/arch/arm/mm.c | 3 +++
> >>>   1 file changed, 3 insertions(+)
> >>>
> >>> diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c
> >>> index 81f9e2e..3fda8f3 100644
> >>> --- a/xen/arch/arm/mm.c
> >>> +++ b/xen/arch/arm/mm.c
> >>> @@ -730,6 +730,8 @@ void __init setup_xenheap_mappings(unsigned long base_mfn,
> >>>           else
> >>>           {
> >>>               unsigned long first_mfn = alloc_boot_pages(1, 1);
> >>> +
> >>> +            clear_page(mfn_to_virt(first_mfn));
> >>>               pte = mfn_to_xen_entry(first_mfn, WRITEALLOC);
> >>>               pte.pt.table = 1;
> >>>               write_pte(p, pte);
> >>> @@ -773,6 +775,7 @@ void __init setup_frametable_mappings(paddr_t ps, paddr_t pe)
> >>>       second = mfn_to_virt(second_base);
> >>>       for ( i = 0; i < nr_second; i++ )
> >>>       {
> >>> +        clear_page(mfn_to_virt(second_base + i));
> >>>           pte = mfn_to_xen_entry(second_base + i, WRITEALLOC);
> >>>           pte.pt.table = 1;
> >>>           write_pte(&xen_first[first_table_offset(FRAMETABLE_VIRT_START)+i], pte);
> >>
> >
> > Regards,
> >
> 
> -- 
> Shanker Donthineni
> Qualcomm Technologies, Inc. on behalf of Qualcomm Innovation Center, Inc.
> Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, a Linux Foundation Collaborative Project
> 

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2016-03-24 12:15 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-03-16 19:08 [PATCH v2] arm: Fix asynchronous aborts (SError exceptions) due to bogus PTEs Shanker Donthineni
2016-03-21 23:18 ` Shanker Donthineni
2016-03-22 22:21   ` Julien Grall
2016-03-22 22:38     ` Shanker Donthineni
2016-03-24 12:14       ` Stefano Stabellini

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).