From nobody Fri May 3 21:58:23 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=quarantine dis=none) header.from=suse.com ARC-Seal: i=1; a=rsa-sha256; t=1614958640; cv=none; d=zohomail.com; s=zohoarc; b=ex7+RmztgO5/DbKUJK7yOEUJsV+Gkyy5wl9i6Ty6kxXuh77ogUW+EY28Kk2z5X+8+fUj2mUIlkFiAkvD2i9/B3+VcEMh/uUVuJCB5wDvmUovp0gv3Uzqh+YmNBODkX1Cv9Unmtax57anAurxST9/YGQ+8+KbrKEyDhMRBxy5x3M= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1614958640; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=sH7fHFoNbJW0zjpZjVHFaY+IoMJaYqOtkkdLzA6ish4=; b=gYBqj3pcXYIAjxaPljmIXwISkDzzATMJ9jvPooSuQpQNWoD+yeR4WPiVGUaJW4NkuHMb2rh1E1XMhU8qHYi6bKxjndB5qJzL9f9N0cQjkkip7TnLRI3NFIXhYbmtIIsyDIbecR/u3q27QKbLNryQNsp+tUTfWz/7Fy+2WPoMeIo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=quarantine dis=none) header.from= Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1614958640843115.38012110730119; Fri, 5 Mar 2021 07:37:20 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.93849.177273 (Exim 4.92) (envelope-from ) id 1lICVn-00064R-2C; Fri, 05 Mar 2021 15:37:07 +0000 Received: by outflank-mailman (output) from mailman id 93849.177273; Fri, 05 Mar 2021 15:37:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lICVm-00064K-VG; Fri, 05 Mar 2021 15:37:06 +0000 Received: by outflank-mailman (input) for mailman id 93849; Fri, 05 Mar 2021 15:37:05 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lICVl-00064D-Oa for xen-devel@lists.xenproject.org; Fri, 05 Mar 2021 15:37:05 +0000 Received: from mx2.suse.de (unknown [195.135.220.15]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 42ba76b6-7de6-474b-b1eb-2e2f71fc828b; Fri, 05 Mar 2021 15:37:05 +0000 (UTC) Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id 353ABACCF; Fri, 5 Mar 2021 15:37:04 +0000 (UTC) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 42ba76b6-7de6-474b-b1eb-2e2f71fc828b X-Virus-Scanned: by amavisd-new at test-mx.suse.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1614958624; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=sH7fHFoNbJW0zjpZjVHFaY+IoMJaYqOtkkdLzA6ish4=; b=tzBpJXQ4S23JUuYr3Fgw/8FCEj79Sc+VyLP691NnZcutn0jAbPG9/Px7ZblJJk1sHybuOf wt1/6EY8f364BDBK1I+iASy3OVQtgt6voma8ceZrbnRdZ0jBc/ZRmD01+EfkztdPV7ctZo xX/hVUAleZuKhWXmIm9D9hK0cHESXA4= Subject: [PATCH 1/2][4.15?] x86/shadow: suppress "fast fault path" optimization when running virtualized From: Jan Beulich To: "xen-devel@lists.xenproject.org" Cc: Tim Deegan , George Dunlap , Andrew Cooper , Wei Liu , =?UTF-8?Q?Roger_Pau_Monn=c3=a9?= , Ian Jackson References: Message-ID: <3bb90ab6-22c9-31d4-88a2-39bd3d81c2d7@suse.com> Date: Fri, 5 Mar 2021 16:37:04 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @suse.com) Content-Type: text/plain; charset="utf-8" We can't make correctness of our own behavior dependent upon a hypervisor underneath us correctly telling us the true physical address with hardware uses. Without knowing this, we can't be certain reserved bit faults can actually be observed. Therefore, besides evaluating the number of address bits when deciding whether to use the optimization, also check whether we're running virtualized ourselves. Requested-by: Andrew Cooper Signed-off-by: Jan Beulich Acked-by: Andrew Cooper Acked-by: Tim Deegan --- a/xen/arch/x86/mm/shadow/types.h +++ b/xen/arch/x86/mm/shadow/types.h @@ -282,10 +282,16 @@ shadow_put_page_from_l1e(shadow_l1e_t sl * * This is only feasible for PAE and 64bit Xen: 32-bit non-PAE PTEs don't * have reserved bits that we can use for this. And even there it can only - * be used if the processor doesn't use all 52 address bits. + * be used if we can be certain the processor doesn't use all 52 address b= its. */ =20 #define SH_L1E_MAGIC 0xffffffff00000001ULL + +static inline bool sh_have_pte_rsvd_bits(void) +{ + return paddr_bits < PADDR_BITS && !cpu_has_hypervisor; +} + static inline bool sh_l1e_is_magic(shadow_l1e_t sl1e) { return (sl1e.l1 & SH_L1E_MAGIC) =3D=3D SH_L1E_MAGIC; @@ -303,7 +309,7 @@ static inline shadow_l1e_t sh_l1e_gnp(vo * On systems with no reserved physical address bits we can't engage t= he * fast fault path. */ - return paddr_bits < PADDR_BITS ? sh_l1e_gnp_raw() + return sh_have_pte_rsvd_bits() ? sh_l1e_gnp_raw() : shadow_l1e_empty(); } =20 @@ -326,7 +332,7 @@ static inline shadow_l1e_t sh_l1e_mmio(g { unsigned long gfn_val =3D MASK_INSR(gfn_x(gfn), SH_L1E_MMIO_GFN_MASK); =20 - if ( paddr_bits >=3D PADDR_BITS || + if ( !sh_have_pte_rsvd_bits() || gfn_x(gfn) !=3D MASK_EXTR(gfn_val, SH_L1E_MMIO_GFN_MASK) ) return shadow_l1e_empty(); =20 From nobody Fri May 3 21:58:23 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=quarantine dis=none) header.from=suse.com ARC-Seal: i=1; a=rsa-sha256; t=1614958682; cv=none; d=zohomail.com; s=zohoarc; b=X8DMoCpyiLvv1AsGVmrtdrwiXFsEiC3wPCoEPLxFRLFYN6JbgsOg2EzoUOmnzzmStd7uq59enn5WnaQJdAZYmExwnt4EGXQEXUwUHvwJO385W22XZG/+XhoaaRiQSptx9HPwYLL1jnKEEfx4uhOomCv1315laQEV9P7Jos4Z2JE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1614958682; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=zMJ7aPwr/7Y9nwA0xBptIGl4nEzbvFLoHnE4KtV2x+A=; b=F/ajWsVqEfDahVchxb3Yxz1+8W9Dy0ZPZypf3oRL0NVjEhd0GDoZj9/QH/Z6C8KE6mkQZGgXcbX2BgW9J63AYs1AY6nrppresrFN0OX07JJazWTx8qveHvH1zEWoC4hREgCujfo9bn5ckgzc0I6dlptfNH3KuU/sIghIz0qJeW0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=quarantine dis=none) header.from= Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1614958682654572.9169302308554; Fri, 5 Mar 2021 07:38:02 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.93852.177284 (Exim 4.92) (envelope-from ) id 1lICWS-0006BG-Bi; Fri, 05 Mar 2021 15:37:48 +0000 Received: by outflank-mailman (output) from mailman id 93852.177284; Fri, 05 Mar 2021 15:37:48 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lICWS-0006B8-8U; Fri, 05 Mar 2021 15:37:48 +0000 Received: by outflank-mailman (input) for mailman id 93852; Fri, 05 Mar 2021 15:37:46 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lICWQ-0006Az-OF for xen-devel@lists.xenproject.org; Fri, 05 Mar 2021 15:37:46 +0000 Received: from mx2.suse.de (unknown [195.135.220.15]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id 0fca5747-23c0-4527-b8fe-b8fe6166462b; Fri, 05 Mar 2021 15:37:46 +0000 (UTC) Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id 38258AED8; Fri, 5 Mar 2021 15:37:45 +0000 (UTC) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 0fca5747-23c0-4527-b8fe-b8fe6166462b X-Virus-Scanned: by amavisd-new at test-mx.suse.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1614958665; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=zMJ7aPwr/7Y9nwA0xBptIGl4nEzbvFLoHnE4KtV2x+A=; b=WJWkDrFgfrDLIz8ZsKf7H7seWQ5qFEm5ETVeVqxHnjE4eGfIimWgDnfpMc6VZxI/qg5wYO 50PjQ4BTyxssKcHJ9p/dJcF0nFtXfgPahV3Xls4cfvHbxgwT5+hdR+LGjeuWht3nbGPJQZ 27/jBhCUunOIbJam+YtXo3SSqCGiXY4= Subject: [PATCH 2/2][4.15?] x86/shadow: encode full GFN in magic MMIO entries From: Jan Beulich To: "xen-devel@lists.xenproject.org" Cc: Tim Deegan , George Dunlap , Andrew Cooper , Wei Liu , =?UTF-8?Q?Roger_Pau_Monn=c3=a9?= , Ian Jackson References: Message-ID: Date: Fri, 5 Mar 2021 16:37:45 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @suse.com) Content-Type: text/plain; charset="utf-8" Since we don't need to encode all of the PTE flags, we have enough bits in the shadow entry to store the full GFN. Don't use literal numbers - instead derive the involved values. Or, where derivation would become too ugly, sanity-check the result (invoking #error to identify failure). This then allows dropping from sh_l1e_mmio() again the guarding against too large GFNs. Signed-off-by: Jan Beulich --- I wonder if the respective check in sh_audit_l1_table() is actually useful to retain with these changes. --- a/xen/arch/x86/mm/shadow/types.h +++ b/xen/arch/x86/mm/shadow/types.h @@ -283,9 +283,17 @@ shadow_put_page_from_l1e(shadow_l1e_t sl * This is only feasible for PAE and 64bit Xen: 32-bit non-PAE PTEs don't * have reserved bits that we can use for this. And even there it can only * be used if we can be certain the processor doesn't use all 52 address b= its. + * + * For the MMIO encoding (see below) we need the bottom 4 bits for + * identifying the kind of entry and a full GFN's worth of bits to encode + * the originating frame number. Set all remaining bits to trigger + * reserved bit faults, if (see above) the hardware permits triggering suc= h. */ =20 -#define SH_L1E_MAGIC 0xffffffff00000001ULL +#define SH_L1E_MAGIC_NR_META_BITS 4 +#define SH_L1E_MAGIC_MASK ((~0ULL << (PADDR_BITS - PAGE_SHIFT + \ + SH_L1E_MAGIC_NR_META_BITS)) | \ + _PAGE_PRESENT) =20 static inline bool sh_have_pte_rsvd_bits(void) { @@ -294,7 +302,8 @@ static inline bool sh_have_pte_rsvd_bits =20 static inline bool sh_l1e_is_magic(shadow_l1e_t sl1e) { - return (sl1e.l1 & SH_L1E_MAGIC) =3D=3D SH_L1E_MAGIC; + BUILD_BUG_ON(!(PADDR_MASK & SH_L1E_MAGIC_MASK)); + return (sl1e.l1 & SH_L1E_MAGIC_MASK) =3D=3D SH_L1E_MAGIC_MASK; } =20 /* Guest not present: a single magic value */ @@ -320,20 +329,26 @@ static inline bool sh_l1e_is_gnp(shadow_ =20 /* * MMIO: an invalid PTE that contains the GFN of the equivalent guest l1e. - * We store 28 bits of GFN in bits 4:32 of the entry. + * We store the GFN in bits 4:43 of the entry. * The present bit is set, and the U/S and R/W bits are taken from the gue= st. * Bit 3 is always 0, to differentiate from gnp above. */ -#define SH_L1E_MMIO_MAGIC 0xffffffff00000001ULL -#define SH_L1E_MMIO_MAGIC_MASK 0xffffffff00000009ULL -#define SH_L1E_MMIO_GFN_MASK 0x00000000fffffff0ULL +#define SH_L1E_MMIO_MAGIC SH_L1E_MAGIC_MASK +#define SH_L1E_MMIO_MAGIC_BIT ((_PAGE_PRESENT | _PAGE_RW | _PAGE_USER) += 1) +#if SH_L1E_MMIO_MAGIC_BIT & (SH_L1E_MMIO_MAGIC_BIT - 1) +# error SH_L1E_MMIO_MAGIC_BIT needs to be a power of 2 +#endif +#if SH_L1E_MMIO_MAGIC_BIT >> SH_L1E_MAGIC_NR_META_BITS +# error SH_L1E_MMIO_MAGIC_BIT and SH_L1E_MAGIC_NR_META_BITS are out of sync +#endif +#define SH_L1E_MMIO_MAGIC_MASK (SH_L1E_MAGIC_MASK | SH_L1E_MMIO_MAGIC_BIT) +#define SH_L1E_MMIO_GFN_MASK ~(SH_L1E_MMIO_MAGIC_MASK | _PAGE_RW | _PAG= E_USER) =20 static inline shadow_l1e_t sh_l1e_mmio(gfn_t gfn, u32 gflags) { unsigned long gfn_val =3D MASK_INSR(gfn_x(gfn), SH_L1E_MMIO_GFN_MASK); =20 - if ( !sh_have_pte_rsvd_bits() || - gfn_x(gfn) !=3D MASK_EXTR(gfn_val, SH_L1E_MMIO_GFN_MASK) ) + if ( !sh_have_pte_rsvd_bits() ) return shadow_l1e_empty(); =20 return (shadow_l1e_t) { (SH_L1E_MMIO_MAGIC | gfn_val |