From patchwork Mon Jan 6 15:35:07 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jan Beulich X-Patchwork-Id: 11319529 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9BC571395 for ; Mon, 6 Jan 2020 15:35:36 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 825262081E for ; Mon, 6 Jan 2020 15:35:36 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 825262081E Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=suse.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1ioUOf-0001UT-0s; Mon, 06 Jan 2020 15:34:25 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1ioUOe-0001UJ-1E for xen-devel@lists.xenproject.org; Mon, 06 Jan 2020 15:34:24 +0000 X-Inumbo-ID: 033fe8e6-309a-11ea-ab1f-12813bfff9fa Received: from mx2.suse.de (unknown [195.135.220.15]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id 033fe8e6-309a-11ea-ab1f-12813bfff9fa; Mon, 06 Jan 2020 15:34:23 +0000 (UTC) X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id 5034DAEAC; Mon, 6 Jan 2020 15:34:22 +0000 (UTC) From: Jan Beulich To: "xen-devel@lists.xenproject.org" References: <73ea220a-d234-7a87-464e-59683fc3d815@suse.com> Message-ID: Date: Mon, 6 Jan 2020 16:35:07 +0100 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1 MIME-Version: 1.0 In-Reply-To: <73ea220a-d234-7a87-464e-59683fc3d815@suse.com> Content-Language: en-US Subject: [Xen-devel] [PATCH v2 2/3] x86/mm: rename and tidy create_pae_xen_mappings() X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: George Dunlap , Andrew Cooper , Wei Liu , =?utf-8?q?Roger_Pau_Monn=C3=A9?= Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" After dad74b0f9e ("i386: fix handling of Xen entries in final L2 page table") and the removal of 32-bit support the function doesn't modify state anymore, and hence its name has been misleading. Change its name, constify parameters and a local variable, and make it return bool. Also drop the call to it from mod_l3_entry(): The function explicitly disallows 32-bit domains to modify slot 3. This way we also won't re-check slot 3 when a slot other than slot 3 changes. Doing so has needlessly disallowed making some L2 table recursively link back to an L2 used in some L3's 3rd slot, as we check for the type ref count to be 1. (Note that allowing dynamic changes of L3 entries in the way we do is bogus anyway, as that's not how L3s behave in the native and EPT cases: They get re-evaluated only upon CR3 reloads. NPT is different in this regard.) As a result of this we no longer need to play games to get at the start of the L3 table. Additionally move the single remaining call site, allowing to drop one is_pv_32bit_domain() invocation and a _PAGE_PRESENT check (in the function itself) as well as to exit the loop early (remaining entries have all ben set to empty just ahead of this loop). Further move a BUG_ON() such that in the common case its condition wouldn't need evaluating. Finally, since we're at it, move init_xen_pae_l2_slots() next to the renamed function, as they really belong together (in fact init_xen_pae_l2_slots() was [indirectly] broken out of this function). Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper --- v2: Refine description. Drop an ASSERT(). Add a comment ahead of the function. --- We could go further here and delete the function altogether: There are no linear mappings in a PGT_pae_xen_l2 table anymore (this was on 32-bit only). The corresponding conditional in mod_l3_entry() could then go away as well (or, more precisely, would need to be replaced by correct handling of 3rd slot updates). This would mean that a 32-bit guest functioning on new Xen may fail to work on older (possibly 32-bit) Xen. --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -1414,23 +1414,22 @@ static int promote_l1_table(struct page_ return ret; } -static int create_pae_xen_mappings(struct domain *d, l3_pgentry_t *pl3e) +/* + * Note: The checks performed by this function are just to enforce a + * legacy restriction necessary on 32-bit hosts. There's not much point in + * relaxing (dropping) this though, as 32-bit guests would still need to + * conform to the original restrictions in order to be able to run on (old) + * 32-bit Xen. + */ +static bool pae_xen_mappings_check(const struct domain *d, + const l3_pgentry_t *pl3e) { - struct page_info *page; - l3_pgentry_t l3e3; - - if ( !is_pv_32bit_domain(d) ) - return 1; - - pl3e = (l3_pgentry_t *)((unsigned long)pl3e & PAGE_MASK); - - /* 3rd L3 slot contains L2 with Xen-private mappings. It *must* exist. */ - l3e3 = pl3e[3]; - if ( !(l3e_get_flags(l3e3) & _PAGE_PRESENT) ) - { - gdprintk(XENLOG_WARNING, "PAE L3 3rd slot is empty\n"); - return 0; - } + /* + * 3rd L3 slot contains L2 with Xen-private mappings. It *must* exist, + * which our caller has already verified. + */ + l3_pgentry_t l3e3 = pl3e[3]; + const struct page_info *page = l3e_get_page(l3e3); /* * The Xen-private mappings include linear mappings. The L2 thus cannot @@ -1441,17 +1440,24 @@ static int create_pae_xen_mappings(struc * a. promote_l3_table() calls this function and this check will fail * b. mod_l3_entry() disallows updates to slot 3 in an existing table */ - page = l3e_get_page(l3e3); BUG_ON(page->u.inuse.type_info & PGT_pinned); - BUG_ON((page->u.inuse.type_info & PGT_count_mask) == 0); BUG_ON(!(page->u.inuse.type_info & PGT_pae_xen_l2)); if ( (page->u.inuse.type_info & PGT_count_mask) != 1 ) { + BUG_ON(!(page->u.inuse.type_info & PGT_count_mask)); gdprintk(XENLOG_WARNING, "PAE L3 3rd slot is shared\n"); - return 0; + return false; } - return 1; + return true; +} + +void init_xen_pae_l2_slots(l2_pgentry_t *l2t, const struct domain *d) +{ + memcpy(&l2t[COMPAT_L2_PAGETABLE_FIRST_XEN_SLOT(d)], + &compat_idle_pg_table_l2[ + l2_table_offset(HIRO_COMPAT_MPT_VIRT_START)], + COMPAT_L2_PAGETABLE_XEN_SLOTS(d) * sizeof(*l2t)); } static int promote_l2_table(struct page_info *page, unsigned long type) @@ -1592,6 +1598,16 @@ static int promote_l3_table(struct page_ l3e_get_mfn(l3e), PGT_l2_page_table | PGT_pae_xen_l2, d, partial_flags | PTF_preemptible | PTF_retain_ref_on_restart); + + if ( !rc ) + { + if ( pae_xen_mappings_check(d, pl3e) ) + { + pl3e[i] = adjust_guest_l3e(l3e, d); + break; + } + rc = -EINVAL; + } } else if ( !(l3e_get_flags(l3e) & _PAGE_PRESENT) ) { @@ -1621,8 +1637,6 @@ static int promote_l3_table(struct page_ pl3e[i] = adjust_guest_l3e(l3e, d); } - if ( !rc && !create_pae_xen_mappings(d, pl3e) ) - rc = -EINVAL; if ( rc < 0 && rc != -ERESTART && rc != -EINTR ) { gdprintk(XENLOG_WARNING, @@ -1663,14 +1677,6 @@ static int promote_l3_table(struct page_ unmap_domain_page(pl3e); return rc; } - -void init_xen_pae_l2_slots(l2_pgentry_t *l2t, const struct domain *d) -{ - memcpy(&l2t[COMPAT_L2_PAGETABLE_FIRST_XEN_SLOT(d)], - &compat_idle_pg_table_l2[ - l2_table_offset(HIRO_COMPAT_MPT_VIRT_START)], - COMPAT_L2_PAGETABLE_XEN_SLOTS(d) * sizeof(*l2t)); -} #endif /* CONFIG_PV */ /* @@ -2347,10 +2353,6 @@ static int mod_l3_entry(l3_pgentry_t *pl return -EFAULT; } - if ( likely(rc == 0) ) - if ( !create_pae_xen_mappings(d, pl3e) ) - BUG(); - put_page_from_l3e(ol3e, mfn, PTF_defer); return rc; }