From patchwork Wed Feb 15 14:54:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Jan Beulich X-Patchwork-Id: 13141759 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 7CF08C636D4 for ; Wed, 15 Feb 2023 14:54:58 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.496019.766523 (Exim 4.92) (envelope-from ) id 1pSJAp-0008UL-Go; Wed, 15 Feb 2023 14:54:19 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 496019.766523; Wed, 15 Feb 2023 14:54:19 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pSJAp-0008UE-EA; Wed, 15 Feb 2023 14:54:19 +0000 Received: by outflank-mailman (input) for mailman id 496019; Wed, 15 Feb 2023 14:54:18 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pSJAo-0008U6-0r for xen-devel@lists.xenproject.org; Wed, 15 Feb 2023 14:54:18 +0000 Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on20615.outbound.protection.outlook.com [2a01:111:f400:7d00::615]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 9d9a8b67-ad40-11ed-933c-83870f6b2ba8; Wed, 15 Feb 2023 15:54:16 +0100 (CET) Received: from VE1PR04MB6560.eurprd04.prod.outlook.com (2603:10a6:803:122::25) by PAXPR04MB9489.eurprd04.prod.outlook.com (2603:10a6:102:2c1::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6086.26; Wed, 15 Feb 2023 14:54:13 +0000 Received: from VE1PR04MB6560.eurprd04.prod.outlook.com ([fe80::e138:4fc3:705c:d178]) by VE1PR04MB6560.eurprd04.prod.outlook.com ([fe80::e138:4fc3:705c:d178%7]) with mapi id 15.20.6086.026; Wed, 15 Feb 2023 14:54:13 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 9d9a8b67-ad40-11ed-933c-83870f6b2ba8 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jCHWvI6SPHmBM+QHw8gd8htG9zGzrYZy3hJa07Kw5PgoZCuzWsprkjqByrkN0YgRwwASG8WGF+fCEJpJFrA3DyvPy8tKpoz8jAw2kvq6DquMvwuIF3G6jK8snk1se3V3qzGNmUtorCgRQB80eWWLYNdbYgG2Bon+ddtjOIVsJAqZOy7HjziwONkBXBOpLlfF1xxIh0pOAlXtQMQM9e4eQk0o5sY5x1Gwr09dlNrcFVkvmuPWRTdPkeNxBPrw44AIxAtXP+l/3OTe4sjrZH2VBrjLC8FYgYw/t1bG/EWat3DQogzshHA/7PIg3T2FDx+4UK5LGcsbqZ4CWDKYNzujyw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=YGuwNLop/ql4FzbLLIEGIhrzXrHY2ndkGysncLs6Gr4=; b=bfXl6kL1bn66VmSwobQwUThJYlU5QShPXe80DpAzJC+VzLAx3h/YzY+gaPytoFS0yX2YZ7j+DFsjh9IKlN7ZFj87webg8ajflQHrCiao7ZGeoHGG0OeGVV9Zu15UgawzSN0qG4VzPwU8WyPhMohmObocKzCVpSsWH9RlSt9Ysv/BGE7lsGbGYxZItj09sHGTCeILFxI7UH/PtCiErhaJTHX2FJdxq7CLWNng6G1OJJYvWqb6URbsS0EtKqwqWEo3d41R4yYF1yjbXXlYOh6o8Fd/6MgotX0/2FyHzWgAb0K0edmyXfrjrRETohHinGfAwNChiaHkzK0bompl838wXg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YGuwNLop/ql4FzbLLIEGIhrzXrHY2ndkGysncLs6Gr4=; b=X7SNHeRW08K/IztEJkwR5SPCznXurtTzGtc8O2b6ZIEI8ZR5pGESfuGLBugxbMxEzwKRdHnMCOHnu/LtrKqKmPFMXu2Nthpe0wjeji+9R/Y1f+k+7ppj53fNV2jHYfUtTM4uGIZWzHOvfOird7q3blWA0BUcYuos7cEtnONX8ry+N9YmmbaCXuDC7tuMX/hxXZuI/kQpO3zJ054FyDlS5CvqJ/2yzIRua6WgrzUsCfNQTT09kHGgjGYbyVK2+Fio0londh29tDQ6gd0LFgTWG/pJ363OQ2vWQR3GphUvrHUc+DttczNXYzmlBr5Aq9fgGvSQf468Ee+jiSpYyRQaPA== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com; Message-ID: <47ab9000-68f6-8925-d814-a3a955b7f6cc@suse.com> Date: Wed, 15 Feb 2023 15:54:11 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.7.2 Content-Language: en-US To: "xen-devel@lists.xenproject.org" Cc: Andrew Cooper , Wei Liu , =?utf-8?q?Roger_Pau_Monn=C3=A9?= From: Jan Beulich Subject: [PATCH] x86/PV32: restore PAE-extended-CR3 logic X-ClientProxiedBy: FR3P281CA0209.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:a5::8) To VE1PR04MB6560.eurprd04.prod.outlook.com (2603:10a6:803:122::25) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: VE1PR04MB6560:EE_|PAXPR04MB9489:EE_ X-MS-Office365-Filtering-Correlation-Id: 41ff7ecb-6600-4e50-b70b-08db0f648090 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: bsk3jRPTKhs+c5u8IdElT0q1DYI98m1iGnvqZYjlCT8Dg6jQUWPCRa4M1BPj45uU5C8zrIg2hc9IDOZZA8LIJBshETyODH/bECYVOsomVBvkmKQBMBcbNFgHZGG1AJyhLKTek+77jwf/n1mDsHg02vMXNEhq9TJQSKeNagu7W1bwqUnl4aX1EHZtf8nCVdSUwG9yUFBYBDU0+QlNVl+GlEfrTWjnmhgta8vGsWhzfFKlt5C3W9fmhuEEiuIURo2ppoQ4QqgeeSgmI7ztpTWAJlc+CteSKKycUGlJrFYg2h7MJQwte4RABA5S5dKGEZuvOWq8mkAH4v6TF4zvttbAFmamTnR06vd9miwMWTZob60/OEdYXm0I50b94j+ePR/2Z0RVpnxGsYDRGf7g5gqAuAoM0kPdylT4vBkp8AbJ/tGxjSYzmnytLT8hjwGHhJyKzrKmXIeTmlaKEZi4fjZvs/OZCJmJ3+pM4KN4plyS+By52Ai9xqPqraGMQ+uKC6HaaJSNkUKU4lT13zxkBQARjqkRrYJfETT2HyEjYOMOP/xzK4HUquC9VE1woWo1Vqd2N8BSYHpmRsUnKwGa2Z2lGqRhOkf+I+KK9PbPv5yRJU9qCG6KdlXBS6jdzD9IgOGNVtumKKpgx631esQgtI+CIppSprlYo/gvoycaS/Yrc47z/15sib9pWLkdWl/IrpE9/y8VetvpPSEjDzVWvL8gkGrCdrIKiGaJ8W2bu7i6pjs= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:VE1PR04MB6560.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230025)(396003)(136003)(376002)(366004)(346002)(39860400002)(451199018)(66899018)(83380400001)(54906003)(86362001)(31696002)(36756003)(26005)(186003)(6512007)(6506007)(2616005)(31686004)(66946007)(2906002)(5660300002)(8676002)(66476007)(4326008)(6916009)(66556008)(41300700001)(6486002)(478600001)(8936002)(38100700002)(316002)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?ucwjT1BtEMcoMrQEDiJg9txshDmJ?= =?utf-8?q?RuN/ScGksvVrAZpINpoICHHhy0LDEHeVr23t5HGTcgoEIWqRSAnF0/cuTlKbHSl7d?= =?utf-8?q?3MUXXfCT2gzYyhHE5zlK2RtpCeUBdRcRON1yvHRXaybUvrtmPpNkicvsixdiuy0Cv?= =?utf-8?q?GoYa6UYI7UbtiVJM1Oegc1WGb3w24mxA82iFSYN2zvJnsj7gqklTVjkTOKgZtXJs1?= =?utf-8?q?H1UMRBpkje+iNSXK2LuaBdkB4rRqkNCbONnHXMELr2biGUZA8SntcdRELzq/82jFe?= =?utf-8?q?6O9RsJobmJRn5AIHNEtBXD7CWKjJN6F7u4vCtm7BNmPhHyRTJdWn5iVMZX18aiays?= =?utf-8?q?5ftumSrw3XWxgHRL+MPf5HgrrSh908i/9iCJlIBiWNlj8FwZrCuMkaSEc4OoEArXG?= =?utf-8?q?o+Y6H7rX8y/AsZMeeBRwq9fRp/GSDotDHHOa5ux7VI6tpT5iMX2iInv53PRPUKOEY?= =?utf-8?q?3twTYzNa1R7vNHzUG0SiTfZQIFagr+1Zkvyqi231vCsIP611uMClUGtyaDpJGrl2e?= =?utf-8?q?OxmF5fNVA2VK+NUOslbD1lED3RDRZ3ftwu8GstgPPMPFCr5GGIfTPKyzXYQLZew7/?= =?utf-8?q?iRF3J9vI3SaZXsbRLrRTt8CHlbftNX5ZAv0UNF2DnMs9YaN/JvhVlCq2Jh8MDsx+k?= =?utf-8?q?M/8BBmslXPXo0JvMit1LNmlv+G5ON4s+htX0ndbNsSJBn3eK5ZPOywMWWSWtLGfv9?= =?utf-8?q?wAlSjXysf53c6rznFoZFBw4PwUXIVSWYKXcs6B7532nMiFpBRJmqybePtvqfRQk/d?= =?utf-8?q?MC2tIRUcNzKbK3QEUDX5UZvaYqmPujZkh4CVjZyOZu5sgjh/8P59neE1yMNatpDhI?= =?utf-8?q?F9TnefxPLAvfji7CLrXwMX0Q8BoMn66PkxfZddo/8lIzuNDFAl5lG2OqN75ULdM2r?= =?utf-8?q?TSHVgo5vJ7UbjYTPOkGF8goRfYhetRhPCghR9KSyU0exUXKvvdwDeb3FR2MMyw5uG?= =?utf-8?q?TxUyouZTuLhxnAs7qVbPS5kgeVdnjRzXsE0qACGODclCTZdU7SaCL0j3jvbTjTBIO?= =?utf-8?q?WbEVpH+qo1Xjp0nCedNULXry8nj5mjEEt+EeOV2zecFIRV/0uhqu3NMFHk0n4AaHt?= =?utf-8?q?heWC5EzT1UwnhVVf41do7X46+KkPPMfAbggB1H1DzKCuwKFOtIg1KS1HOLIvDMMb8?= =?utf-8?q?gI+9DwKMjOK7HFCuRNUVCjPHGFPMBwD7D4Jql+EIYRbGGNmTQJZJtbQtkRQaWEDtL?= =?utf-8?q?3tGoXvK2WuJXk1bZ8hXLktl2emAWYIP9QdxGxfJTc+OPLN35EgTvZFbwU50j83MPI?= =?utf-8?q?acVAEqskaZfRcWX8lDZ7BBgs/D2vo6Xh6ZGPzUw3Nt86iBCAs8GrF3PodY05oBpCJ?= =?utf-8?q?9gPthZA6y+ZxS9T08jfAa907I1TKECTor2dNztfD9xe4WNbAoM+YJ+UtSrzSfpBaO?= =?utf-8?q?lIyLC72VCnwtTBn/GC3d3pbV/lV6448aJLcDClJ627/G00HNYI9kaLfBeo6HsBAxr?= =?utf-8?q?6D02cfeilKL9XI7dekGqOodNk7RhqqUfjxncbStGPSxphuOG5rc0RoUWgsfuBqa+k?= =?utf-8?q?rcuE0xi6nN/O?= X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: 41ff7ecb-6600-4e50-b70b-08db0f648090 X-MS-Exchange-CrossTenant-AuthSource: VE1PR04MB6560.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Feb 2023 14:54:13.2733 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Q8fonOxPpJgfbBVcgTEhbvtZ0Tsa09VoFzQVkSRANZSP0SWC/+1ji6cTuUPNT9XXaQ80XA7arwcQ311EodttQA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXPR04MB9489 While the PAE-extended-CR3 VM assist is a 32-bit only concept, it still applies to guests also when run on a 64-bit hypervisor: The "extended CR3" format has to be used there as well, to fit the address in the only 32-bit wide register there. As a result it was a mistake that the check was never enabled for that case, and was then mistakenly deleted in the course of removal of 32-bit-Xen code (218adf199e68 ["x86: We can assume CONFIG_PAGING_LEVELS==4"]). Similarly during Dom0 construction kernel awareness needs to be taken into account, and respective code was again mistakenly never enabled for 32-bit Dom0 when running on 64-bit Xen (and thus wrongly deleted by 5d1181a5ea5e ["xen: Remove x86_32 build target"]). At the same time restrict enabling of the assist for Dom0 to just the 32-bit case. Furthermore there's no need for an atomic update there. Signed-off-by: Jan Beulich Acked-by: Roger Pau Monné --- I was uncertain whether to add a check to the CR3 guest read path, raising e.g. #GP(0) when the value read wouldn't fit but also may not be converted to "extended" format (overflow is possible there in principle because of the control tools "slack" in promote_l3_table()). In that context I was puzzled to find no check on the CR3 guest write path even in 4.2: A guest (bogusly) setting the PCD or PWT bits (or any of the low reserved ones) could observe anomalous behavior rather than plain failure. As to a Fixes: tag - it's pretty unclear which of the many original 32-on-64 changes to blame. I don't think the two cited commits should be referenced there, as they didn't break anything that wasn't already broken. --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -1520,6 +1520,23 @@ static int promote_l3_table(struct page_ unsigned int partial_flags = page->partial_flags; l3_pgentry_t l3e = l3e_empty(); + /* + * PAE pgdirs above 4GB are unacceptable if a 32-bit guest does not + * understand the weird 'extended cr3' format for dealing with high-order + * address bits. We cut some slack for control tools (before vcpu0 is + * initialised). + */ + if ( is_pv_32bit_domain(d) && + unlikely(!VM_ASSIST(d, pae_extended_cr3)) && + mfn_x(l3mfn) >= 0x100000 && + d->vcpu[0] && d->vcpu[0]->is_initialised ) + { + gdprintk(XENLOG_WARNING, + "PAE pgd must be below 4GB (%#lx >= 0x100000)", + mfn_x(l3mfn)); + return -ERANGE; + } + pl3e = map_domain_page(l3mfn); /* --- a/xen/arch/x86/pv/dom0_build.c +++ b/xen/arch/x86/pv/dom0_build.c @@ -490,12 +490,12 @@ int __init dom0_construct_pv(struct doma nr_pages = dom0_compute_nr_pages(d, &parms, initrd_len); - if ( parms.pae == XEN_PAE_EXTCR3 ) - set_bit(VMASST_TYPE_pae_extended_cr3, &d->vm_assist); - #ifdef CONFIG_PV32 if ( elf_32bit(&elf) ) { + if ( parms.pae == XEN_PAE_EXTCR3 ) + __set_bit(VMASST_TYPE_pae_extended_cr3, &d->vm_assist); + if ( !pv_shim && (parms.virt_hv_start_low != UNSET_ADDR) ) { unsigned long value = ROUNDUP(parms.virt_hv_start_low, @@ -594,7 +594,10 @@ int __init dom0_construct_pv(struct doma vphysmap_start = parms.p2m_base; vphysmap_end = vphysmap_start + nr_pages * sizeof(unsigned long); } - page = alloc_domheap_pages(d, order, MEMF_no_scrub); + page = alloc_domheap_pages(d, order, + MEMF_no_scrub | + (VM_ASSIST(d, pae_extended_cr3) || + !compat ? 0 : MEMF_bits(32))); if ( page == NULL ) panic("Not enough RAM for domain 0 allocation\n"); alloc_spfn = mfn_x(page_to_mfn(page));