x86/dom0: Avoid using 1G superpages if shadowing may be necessary

The shadow code doesn't support 1G superpages, and will hand #PF[RSVD] back to
guests.

For dom0's with 512GB of RAM or more (and subject to the P2M alignment), Xen's
domain builder might use 1G superpages.

Avoid using 1G superpages (falling back to 2M superpages instead) if there is
a reasonable chance that we may have to shadow dom0.  This assumes that there
are no circumstances where we will activate logdirty mode on dom0.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>

diff --git a/xen/arch/x86/pv/dom0_build.c b/xen/arch/x86/pv/dom0_build.c
index 812b0262cb9431d978c4b86e9acc78dee7ff4509..dc3c1e1202fd63ba24af10b24b78219364a99849 100644 (file)
--- a/xen/arch/x86/pv/dom0_build.c
+++ b/xen/arch/x86/pv/dom0_build.c
@@ -148,7 +148,14 @@ static __init void setup_pv_physmap(struct domain *d, unsigned long pgtbl_pfn,
         pl3e += l3_table_offset(vphysmap_start);
         if ( !l3e_get_intpte(*pl3e) )
         {
-            if ( cpu_has_page1gb &&
+            /*
+             * 1G superpages aren't supported by the shadow code.  Avoid using
+             * them if we are liable to need to start shadowing dom0.  This
+             * assumes that there are no circumstances where we will activate
+             * logdirty mode on dom0.
+             */
+            if ( (!IS_ENABLED(CONFIG_SHADOW_PAGING) ||
+                  !d->arch.pv.check_l1tf) && cpu_has_page1gb &&
                  !(vphysmap_start & ((1UL << L3_PAGETABLE_SHIFT) - 1)) &&
                  vphysmap_end >= vphysmap_start + (1UL << L3_PAGETABLE_SHIFT) &&
                  (page = alloc_domheap_pages(d,