From nobody Mon Feb 9 17:23:27 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=quarantine dis=none) header.from=suse.com ARC-Seal: i=1; a=rsa-sha256; t=1614958682; cv=none; d=zohomail.com; s=zohoarc; b=X8DMoCpyiLvv1AsGVmrtdrwiXFsEiC3wPCoEPLxFRLFYN6JbgsOg2EzoUOmnzzmStd7uq59enn5WnaQJdAZYmExwnt4EGXQEXUwUHvwJO385W22XZG/+XhoaaRiQSptx9HPwYLL1jnKEEfx4uhOomCv1315laQEV9P7Jos4Z2JE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1614958682; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=zMJ7aPwr/7Y9nwA0xBptIGl4nEzbvFLoHnE4KtV2x+A=; b=F/ajWsVqEfDahVchxb3Yxz1+8W9Dy0ZPZypf3oRL0NVjEhd0GDoZj9/QH/Z6C8KE6mkQZGgXcbX2BgW9J63AYs1AY6nrppresrFN0OX07JJazWTx8qveHvH1zEWoC4hREgCujfo9bn5ckgzc0I6dlptfNH3KuU/sIghIz0qJeW0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=quarantine dis=none) header.from= Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1614958682654572.9169302308554; Fri, 5 Mar 2021 07:38:02 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.93852.177284 (Exim 4.92) (envelope-from ) id 1lICWS-0006BG-Bi; Fri, 05 Mar 2021 15:37:48 +0000 Received: by outflank-mailman (output) from mailman id 93852.177284; Fri, 05 Mar 2021 15:37:48 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lICWS-0006B8-8U; Fri, 05 Mar 2021 15:37:48 +0000 Received: by outflank-mailman (input) for mailman id 93852; Fri, 05 Mar 2021 15:37:46 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lICWQ-0006Az-OF for xen-devel@lists.xenproject.org; Fri, 05 Mar 2021 15:37:46 +0000 Received: from mx2.suse.de (unknown [195.135.220.15]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id 0fca5747-23c0-4527-b8fe-b8fe6166462b; Fri, 05 Mar 2021 15:37:46 +0000 (UTC) Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id 38258AED8; Fri, 5 Mar 2021 15:37:45 +0000 (UTC) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 0fca5747-23c0-4527-b8fe-b8fe6166462b X-Virus-Scanned: by amavisd-new at test-mx.suse.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1614958665; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=zMJ7aPwr/7Y9nwA0xBptIGl4nEzbvFLoHnE4KtV2x+A=; b=WJWkDrFgfrDLIz8ZsKf7H7seWQ5qFEm5ETVeVqxHnjE4eGfIimWgDnfpMc6VZxI/qg5wYO 50PjQ4BTyxssKcHJ9p/dJcF0nFtXfgPahV3Xls4cfvHbxgwT5+hdR+LGjeuWht3nbGPJQZ 27/jBhCUunOIbJam+YtXo3SSqCGiXY4= Subject: [PATCH 2/2][4.15?] x86/shadow: encode full GFN in magic MMIO entries From: Jan Beulich To: "xen-devel@lists.xenproject.org" Cc: Tim Deegan , George Dunlap , Andrew Cooper , Wei Liu , =?UTF-8?Q?Roger_Pau_Monn=c3=a9?= , Ian Jackson References: Message-ID: Date: Fri, 5 Mar 2021 16:37:45 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @suse.com) Content-Type: text/plain; charset="utf-8" Since we don't need to encode all of the PTE flags, we have enough bits in the shadow entry to store the full GFN. Don't use literal numbers - instead derive the involved values. Or, where derivation would become too ugly, sanity-check the result (invoking #error to identify failure). This then allows dropping from sh_l1e_mmio() again the guarding against too large GFNs. Signed-off-by: Jan Beulich --- I wonder if the respective check in sh_audit_l1_table() is actually useful to retain with these changes. --- a/xen/arch/x86/mm/shadow/types.h +++ b/xen/arch/x86/mm/shadow/types.h @@ -283,9 +283,17 @@ shadow_put_page_from_l1e(shadow_l1e_t sl * This is only feasible for PAE and 64bit Xen: 32-bit non-PAE PTEs don't * have reserved bits that we can use for this. And even there it can only * be used if we can be certain the processor doesn't use all 52 address b= its. + * + * For the MMIO encoding (see below) we need the bottom 4 bits for + * identifying the kind of entry and a full GFN's worth of bits to encode + * the originating frame number. Set all remaining bits to trigger + * reserved bit faults, if (see above) the hardware permits triggering suc= h. */ =20 -#define SH_L1E_MAGIC 0xffffffff00000001ULL +#define SH_L1E_MAGIC_NR_META_BITS 4 +#define SH_L1E_MAGIC_MASK ((~0ULL << (PADDR_BITS - PAGE_SHIFT + \ + SH_L1E_MAGIC_NR_META_BITS)) | \ + _PAGE_PRESENT) =20 static inline bool sh_have_pte_rsvd_bits(void) { @@ -294,7 +302,8 @@ static inline bool sh_have_pte_rsvd_bits =20 static inline bool sh_l1e_is_magic(shadow_l1e_t sl1e) { - return (sl1e.l1 & SH_L1E_MAGIC) =3D=3D SH_L1E_MAGIC; + BUILD_BUG_ON(!(PADDR_MASK & SH_L1E_MAGIC_MASK)); + return (sl1e.l1 & SH_L1E_MAGIC_MASK) =3D=3D SH_L1E_MAGIC_MASK; } =20 /* Guest not present: a single magic value */ @@ -320,20 +329,26 @@ static inline bool sh_l1e_is_gnp(shadow_ =20 /* * MMIO: an invalid PTE that contains the GFN of the equivalent guest l1e. - * We store 28 bits of GFN in bits 4:32 of the entry. + * We store the GFN in bits 4:43 of the entry. * The present bit is set, and the U/S and R/W bits are taken from the gue= st. * Bit 3 is always 0, to differentiate from gnp above. */ -#define SH_L1E_MMIO_MAGIC 0xffffffff00000001ULL -#define SH_L1E_MMIO_MAGIC_MASK 0xffffffff00000009ULL -#define SH_L1E_MMIO_GFN_MASK 0x00000000fffffff0ULL +#define SH_L1E_MMIO_MAGIC SH_L1E_MAGIC_MASK +#define SH_L1E_MMIO_MAGIC_BIT ((_PAGE_PRESENT | _PAGE_RW | _PAGE_USER) += 1) +#if SH_L1E_MMIO_MAGIC_BIT & (SH_L1E_MMIO_MAGIC_BIT - 1) +# error SH_L1E_MMIO_MAGIC_BIT needs to be a power of 2 +#endif +#if SH_L1E_MMIO_MAGIC_BIT >> SH_L1E_MAGIC_NR_META_BITS +# error SH_L1E_MMIO_MAGIC_BIT and SH_L1E_MAGIC_NR_META_BITS are out of sync +#endif +#define SH_L1E_MMIO_MAGIC_MASK (SH_L1E_MAGIC_MASK | SH_L1E_MMIO_MAGIC_BIT) +#define SH_L1E_MMIO_GFN_MASK ~(SH_L1E_MMIO_MAGIC_MASK | _PAGE_RW | _PAG= E_USER) =20 static inline shadow_l1e_t sh_l1e_mmio(gfn_t gfn, u32 gflags) { unsigned long gfn_val =3D MASK_INSR(gfn_x(gfn), SH_L1E_MMIO_GFN_MASK); =20 - if ( !sh_have_pte_rsvd_bits() || - gfn_x(gfn) !=3D MASK_EXTR(gfn_val, SH_L1E_MMIO_GFN_MASK) ) + if ( !sh_have_pte_rsvd_bits() ) return shadow_l1e_empty(); =20 return (shadow_l1e_t) { (SH_L1E_MMIO_MAGIC | gfn_val |