From patchwork Mon Jan  6 15:54:17 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Andrew Cooper <andrew.cooper3@citrix.com>
X-Patchwork-Id: 11319627
Return-Path: <SRS0=ufJU=23=lists.xenproject.org=xen-devel-bounces@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
 [172.30.200.123])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 8D2FE14B4
	for <patchwork-xen-devel@patchwork.kernel.org>;
 Mon,  6 Jan 2020 15:55:27 +0000 (UTC)
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 69FCB20707
	for <patchwork-xen-devel@patchwork.kernel.org>;
 Mon,  6 Jan 2020 15:55:27 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=fail reason="signature verification failed" (1024-bit key)
 header.d=citrix.com header.i=@citrix.com header.b="OPu6bOBt"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 69FCB20707
Authentication-Results: mail.kernel.org;
 dmarc=fail (p=none dis=none) header.from=citrix.com
Authentication-Results: mail.kernel.org;
 spf=none smtp.mailfrom=xen-devel-bounces@lists.xenproject.org
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.89)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1ioUi5-0003jd-LR; Mon, 06 Jan 2020 15:54:29 +0000
Received: from all-amaz-eas1.inumbo.com ([34.197.232.57]
 helo=us1-amaz-eas2.inumbo.com)
 by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from
 <SRS0=Nws7=23=citrix.com=andrew.cooper3@srs-us1.protection.inumbo.net>)
 id 1ioUi4-0003jX-4S
 for xen-devel@lists.xenproject.org; Mon, 06 Jan 2020 15:54:28 +0000
X-Inumbo-ID: d0c5a7ea-309c-11ea-ab26-12813bfff9fa
Received: from esa6.hc3370-68.iphmx.com (unknown [216.71.155.175])
 by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS
 id d0c5a7ea-309c-11ea-ab26-12813bfff9fa;
 Mon, 06 Jan 2020 15:54:27 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
 d=citrix.com; s=securemail; t=1578326067;
 h=from:to:cc:subject:date:message-id:mime-version:
 content-transfer-encoding;
 bh=FpfyDm2zCf5N6JYINPZLP/e09ECylOIZ0o5Tsem2SRg=;
 b=OPu6bOBtVb0T/F5t+BK/lL67+5qLzBN842jU1q/mviEJCKIhTFTkTq6C
 rUZQ4MZ4e3n1kfsz6d0FX15r8WYAz35SP99QgmTykBGxULi6PJybuf4ZK
 IlZRWIJjuQbYN6vuuupyVq5WtDxeasv1bTwIGO7riULwNYgT43xxrNLoW c=;
Authentication-Results: esa6.hc3370-68.iphmx.com;
 dkim=none (message not signed) header.i=none;
 spf=None smtp.pra=andrew.cooper3@citrix.com;
 spf=Pass smtp.mailfrom=Andrew.Cooper3@citrix.com;
 spf=None smtp.helo=postmaster@mail.citrix.com
Received-SPF: None (esa6.hc3370-68.iphmx.com: no sender
 authenticity information available from domain of
 andrew.cooper3@citrix.com) identity=pra;
 client-ip=162.221.158.21; receiver=esa6.hc3370-68.iphmx.com;
 envelope-from="Andrew.Cooper3@citrix.com";
 x-sender="andrew.cooper3@citrix.com";
 x-conformance=sidf_compatible
Received-SPF: Pass (esa6.hc3370-68.iphmx.com: domain of
 Andrew.Cooper3@citrix.com designates 162.221.158.21 as
 permitted sender) identity=mailfrom;
 client-ip=162.221.158.21; receiver=esa6.hc3370-68.iphmx.com;
 envelope-from="Andrew.Cooper3@citrix.com";
 x-sender="Andrew.Cooper3@citrix.com";
 x-conformance=sidf_compatible; x-record-type="v=spf1";
 x-record-text="v=spf1 ip4:209.167.231.154 ip4:178.63.86.133
 ip4:195.66.111.40/30 ip4:85.115.9.32/28 ip4:199.102.83.4
 ip4:192.28.146.160 ip4:192.28.146.107 ip4:216.52.6.88
 ip4:216.52.6.188 ip4:162.221.158.21 ip4:162.221.156.83
 ip4:168.245.78.127 ~all"
Received-SPF: None (esa6.hc3370-68.iphmx.com: no sender
 authenticity information available from domain of
 postmaster@mail.citrix.com) identity=helo;
 client-ip=162.221.158.21; receiver=esa6.hc3370-68.iphmx.com;
 envelope-from="Andrew.Cooper3@citrix.com";
 x-sender="postmaster@mail.citrix.com";
 x-conformance=sidf_compatible
IronPort-SDR: 
 1D+udhd5FLTVvSJ+0FO7sxk/1PC839qNljVF/fMTX/R6Iaf8y8Ord1qNStOTGlXvv/UTadyADp
 RrmaTBm/r58P2u7he4W87uW0s+ZpJe4uLrJQ1IlylrfgiFz+D+o21XuZQrAOXUwqTamoOLhe20
 74wTpvojvQ89FPXtFmCXWbkkGNbK2kfW0I8J0NY4jWZLdUVQbTWlQn6FZSbikDQnynWEpFUfKD
 RF5bMmCyqtekjZiAz2R4pcCX4pQk/Iv49ItfhQgVOxPomzlhU62jPg5J3NUuacnBIqJ7eVeebq
 OGQ=
X-SBRS: 2.7
X-MesageID: 10927650
X-Ironport-Server: esa6.hc3370-68.iphmx.com
X-Remote-IP: 162.221.158.21
X-Policy: $RELAYED
X-IronPort-AV: E=Sophos;i="5.69,403,1571716800"; d="scan'208";a="10927650"
From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Xen-devel <xen-devel@lists.xenproject.org>
Date: Mon, 6 Jan 2020 15:54:17 +0000
Message-ID: <20200106155423.9508-1-andrew.cooper3@citrix.com>
X-Mailer: git-send-email 2.11.0
MIME-Version: 1.0
Subject: [Xen-devel] [PATCH 0/6] x86/boot: Remove mappings at 0
X-BeenThere: xen-devel@lists.xenproject.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
Cc: Wei Liu <wl@xen.org>, Andrew Cooper <andrew.cooper3@citrix.com>,
 Julien Grall <jgrall@amazon.com>, Hongyan Xia <hongyxia@amazon.com>,
 Jan Beulich <JBeulich@suse.com>, Paul Durrant <pdurrant@amazon.com>,
 David Woodhouse <dwmw@amazon.co.uk>,
 =?utf-8?q?Roger_Pau_Monn=C3=A9?= <roger.pau@citrix.com>
Errors-To: xen-devel-bounces@lists.xenproject.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>

This is the (long overdue) series which finally removes the mapping at 0
during early boot, which has bitten us in the past.  It also removes an RWX
gadget which persists past boot in the idle pagetables.

Most of the complexity was down to the differing (and hard-to-follow) uses of
the bootmap.  I first opted to get rid of the bootmap entirely.  While this is
possible for the current Multiboot paths, it is incompatible with the EFI boot
path, and works against David's existing plans to not use the trampoline at
all.

Further ideas: (not addressed here because -ETIME on my behalf.)

1) Get PV-shim to use hypercalls for AP startup, at which point we can compile
   out the trampoline entirely.  This is probably helpful for robustness
   testing in combination with David's plans.

2) Drop BOOTSTRAP_MAP_{BASE,LIMIT} and have bootstrap_map() populate into the
   directmap, as we only request RAM mappings.  This would allow us to drop 3
   of the bootmap pagetables.  However, I'm not entirely convinced the later
   logic will cope with cacheability boundaries forcing the use of small
   mappings.

This series has had complete testing for MB and EFI boot paths.  It turns out
that grub can chainload xen.efi and test those paths.

Andrew Cooper (6):
  x86/boot: Check for E820_RAM earlier when searching the E820
  x86/boot: Map the trampoline as read-only
  x86/boot: Remove the preconstructed low 16M superpage mappings
  x86/boot: Clean up l?_bootmap[] construction
  x86/boot: Don't map 0 during boot
  x86/boot: Drop INVALID_VCPU

 xen/arch/x86/boot/head.S          | 33 +++++++++++++++++----------------
 xen/arch/x86/boot/x86_64.S        | 21 ++++++++++-----------
 xen/arch/x86/cpu/mcheck/mce.c     |  2 +-
 xen/arch/x86/domain_page.c        |  2 +-
 xen/arch/x86/efi/efi-boot.h       | 17 ++++++++++-------
 xen/arch/x86/setup.c              | 24 +++++++++++++++---------
 xen/arch/x86/tboot.c              |  2 +-
 xen/arch/x86/x86_64/asm-offsets.c |  3 ---
 xen/arch/x86/x86_64/mm.c          |  2 +-
 xen/arch/x86/xen.lds.S            |  3 +++
 xen/include/asm-x86/setup.h       |  3 ---
 11 files changed, 59 insertions(+), 53 deletions(-)