[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] xen: arm: zero EL2 pagetable pages before use

To: Shanker Donthineni <shankerd@xxxxxxxxxxxxxx>, Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxx
From: Julien Grall <julien.grall@xxxxxxx>
Date: Mon, 14 Mar 2016 07:37:08 +0000
Cc: Vikram Sethi <vikrams@xxxxxxxxxxxxxx>, Philip Elcan <pelcan@xxxxxxxxxxxxxx>, Ian Campbell <ian.campbell@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>
Delivery-date: Mon, 14 Mar 2016 07:37:22 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

Hi Shanker,

On 11/03/2016 05:00, Shanker Donthineni wrote:

From: Vikram Sethi <vikrams@xxxxxxxxxxxxxx>

arch/arm/mm.c has 2 uses of alloc_boot_pages which are used for
pagetables, but the allocated pages are not zeroed. This can cause
crashes on CPUs with aggressive prefetching when they find 'valid'
entries in the page tables but which are really uninitialized.
Memset the allocated pages before use.

I first thought the problem was related to break-before-make mandate bythe ARM architecture (see D4-1732 in ARM DDI 0487A.i) when the pagetables are modified in a certain way, but neither the frame table noorthe xen heap are used before the TLBs are nuked.

I would like to see more details in the commit message about the crashand why (based on the spec) clearing the page is the right solution.

Note that I think clearing the page is good to avoid polluting the TLBswith bogus entries and get better crash log.

Change-Id: I517ca45ca240766dfbf1d6884c044c377babab7d


What this line for?

Signed-off-by: Vikram Sethi <vikrams@xxxxxxxxxxxxxx>
Signed-off-by: Shanker Donthineni <shankerd@xxxxxxxxxxxxxx>
---
  xen/arch/arm/mm.c | 2 ++
  1 file changed, 2 insertions(+)

diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c
index 81f9e2e..215ec93 100644
--- a/xen/arch/arm/mm.c
+++ b/xen/arch/arm/mm.c
@@ -730,6 +730,7 @@ void __init setup_xenheap_mappings(unsigned long base_mfn,
          else
          {
              unsigned long first_mfn = alloc_boot_pages(1, 1);
+            memset(mfn_to_virt(first_mfn), 0, PAGE_SIZE);


You can move "first = mfn_to_virt(first_mfn)" earlier and re-use first here.

              pte = mfn_to_xen_entry(first_mfn, WRITEALLOC);
              pte.pt.table = 1;
              write_pte(p, pte);
@@ -771,6 +772,7 @@ void __init setup_frametable_mappings(paddr_t ps, paddr_t 
pe)
      nr_second = frametable_size >> SECOND_SHIFT;
      second_base = alloc_boot_pages(nr_second, 1);
      second = mfn_to_virt(second_base);
+    memset(second, 0, nr_second * PAGE_SIZE);
      for ( i = 0; i < nr_second; i++ )
      {
          pte = mfn_to_xen_entry(second_base + i, WRITEALLOC);


Regards,

--
Julien Grall

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- [Xen-devel] [PATCH] xen: arm: zero EL2 pagetable pages before use
  - From: Shanker Donthineni

Prev by Date: [Xen-devel] [linux-4.1 test] 86144: regressions - FAIL
Next by Date: Re: [Xen-devel] [PATCH] xen/arm64: Fix incorrect memory region size in TCR2_EL2
Previous by thread: Re: [Xen-devel] [PATCH] xen: arm: zero EL2 pagetable pages before use
Next by thread: [Xen-devel] [xen-4.3-testing test] 85872: regressions - trouble: blocked/broken/fail/pass
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.