x86/EFI: avoid IOMMU faults on [_end,__2M_rwdata_end)

Commit c9a4a1c419 ("x86/layout: Correct Xen's idea of its own memory
layout") didn't go far enough with the conversion, causing IOMMU faults
when memory from that range was handed to a domain. We must not make
this memory available for allocation (the change is benign to xen.gz at
this point in time).

Note that the change to tboot_shutdown() is fixing another issue at
once: As it looks, the function so far skipped all memory below the Xen
image.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
master commit: d522571a408a7dd21a06705f6dd51cdafd2db4fc
master date: 2017-03-20 09:25:36 +0100

diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c
index 8dbf36c7e4504c5089ff52e89c9b4ba6499713ef..10e846fe9ca9092d7cc76385ed9954ba4cc5908e 100644 (file)
--- a/xen/arch/x86/setup.c
+++ b/xen/arch/x86/setup.c
@@ -925,7 +925,7 @@ void __init noreturn __start_xen(unsigned long mbi_p)
                      1UL << (PAGE_SHIFT + 32)) )
             e = min(HYPERVISOR_VIRT_END - DIRECTMAP_VIRT_START,
                     1UL << (PAGE_SHIFT + 32));
-#define reloc_size ((__pa(&_end) + mask) & ~mask)
+#define reloc_size ((__pa(__2M_rwdata_end) + mask) & ~mask)
         /* Is the region suitable for relocating Xen? */
         if ( !xen_phys_start && e <= limit )
         {
@@ -1122,8 +1122,10 @@ void __init noreturn __start_xen(unsigned long mbi_p)
 
     if ( !xen_phys_start )
         panic("Not enough memory to relocate Xen.");
-    reserve_e820_ram(&boot_e820, efi_enabled ? mbi->mem_upper : __pa(&_start),
-                     __pa(&_end));
+
+    /* This needs to remain in sync with xen_in_range(). */
+    reserve_e820_ram(&boot_e820, efi_enabled ? mbi->mem_upper : __pa(_stext),
+                     __pa(__2M_rwdata_end));
 
     /* Late kexec reservation (dynamic start address). */
     kexec_reserve_area(&boot_e820);
@@ -1683,6 +1685,14 @@ int __hwdom_init xen_in_range(unsigned long mfn)
         /* S3 resume code (and other real mode trampoline code) */
         xen_regions[region_s3].s = bootsym_phys(trampoline_start);
         xen_regions[region_s3].e = bootsym_phys(trampoline_end);
+
+        /*
+         * This needs to remain in sync with the uses of the same symbols in
+         * - __start_xen() (above)
+         * - is_xen_fixed_mfn()
+         * - tboot_shutdown()
+         */
+
         /* hypervisor .text + .rodata */
         xen_regions[region_ro].s = __pa(&_stext);
         xen_regions[region_ro].e = __pa(&__2M_rodata_end);

diff --git a/xen/arch/x86/tboot.c b/xen/arch/x86/tboot.c
index 3c00cfc21bb622a1ef3077d34b9541bf08b40b27..562efcdb973e61863f334cccc61338f835b9759f 100644 (file)
--- a/xen/arch/x86/tboot.c
+++ b/xen/arch/x86/tboot.c
@@ -283,7 +283,7 @@ static void tboot_gen_xenheap_integrity(const uint8_t key[TB_KEY_SIZE],
 
         if ( !mfn_valid(mfn) )
             continue;
-        if ( (mfn << PAGE_SHIFT) < __pa(&_end) )
+        if ( is_xen_fixed_mfn(mfn) )
             continue; /* skip Xen */
         if ( (mfn >= PFN_DOWN(g_tboot_shared->tboot_base - 3 * PAGE_SIZE))
              && (mfn < PFN_UP(g_tboot_shared->tboot_base
@@ -364,7 +364,8 @@ void tboot_shutdown(uint32_t shutdown_type)
     if ( shutdown_type == TB_SHUTDOWN_S3 )
     {
         /*
-         * Xen regions for tboot to MAC
+         * Xen regions for tboot to MAC. This needs to remain in sync with
+         * xen_in_range().
          */
         g_tboot_shared->num_mac_regions = 3;
         /* S3 resume code (and other real mode trampoline code) */

diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S
index 7676de9c9e4f5e04fe867c703361a9471cd86f05..11549964c0cb7ad6b36524139aa2fe7a776ddbe8 100644 (file)
--- a/xen/arch/x86/xen.lds.S
+++ b/xen/arch/x86/xen.lds.S
@@ -299,7 +299,7 @@ SECTIONS
 }
 
 ASSERT(__image_base__ > XEN_VIRT_START ||
-       _end <= XEN_VIRT_END - NR_CPUS * PAGE_SIZE,
+       __2M_rwdata_end <= XEN_VIRT_END - NR_CPUS * PAGE_SIZE,
        "Xen image overlaps stubs area")
 
 #ifdef CONFIG_KEXEC

diff --git a/xen/include/asm-x86/mm.h b/xen/include/asm-x86/mm.h
index 1b4d1c336a6857323732924746b579ac573dad65..6687dbc985ed8eedbef691d65f83500e86fbae7b 100644 (file)
--- a/xen/include/asm-x86/mm.h
+++ b/xen/include/asm-x86/mm.h
@@ -253,8 +253,8 @@ struct spage_info
 #define is_xen_heap_mfn(mfn) \
     (__mfn_valid(mfn) && is_xen_heap_page(__mfn_to_page(mfn)))
 #define is_xen_fixed_mfn(mfn)                     \
-    ((((mfn) << PAGE_SHIFT) >= __pa(&_start)) &&  \
-     (((mfn) << PAGE_SHIFT) <= __pa(&_end)))
+    ((((mfn) << PAGE_SHIFT) >= __pa(&_stext)) &&  \
+     (((mfn) << PAGE_SHIFT) <= __pa(&__2M_rwdata_end)))
 
 #define PRtype_info "016lx"/* should only be used for printk's */