* [PATCH] x86/domain: adjust limitation on shared_info allocation below 4G
@ 2026-02-03 10:10 Roger Pau Monne
2026-02-03 10:20 ` Roger Pau Monné
0 siblings, 1 reply; 4+ messages in thread
From: Roger Pau Monne @ 2026-02-03 10:10 UTC (permalink / raw)
To: xen-devel; +Cc: Roger Pau Monne, Jan Beulich, Andrew Cooper
The limitation of shared_info being allocated below 4G to fit in the
start_info field only applies to 32bit PV guests. On 64bit PV guests the
start_info field is 64bits wide. HVM guests don't use start_info at all.
Limit the allocation address restriction to 32bit PV guests only.
Fixes: 3cadc0469d5c ("x86_64: shared_info must be allocated below 4GB as it is advertised to 32-bit guests via a 32-bit machine address field in start_info.")
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
---
xen/arch/x86/domain.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c
index edb76366b596..4163568043b1 100644
--- a/xen/arch/x86/domain.c
+++ b/xen/arch/x86/domain.c
@@ -882,10 +882,13 @@ int arch_domain_create(struct domain *d,
goto fail;
/*
- * The shared_info machine address must fit in a 32-bit field within a
- * 32-bit guest's start_info structure. Hence we specify MEMF_bits(32).
+ * For 32bit PV guests the shared_info machine address must fit in a 32-bit
+ * field within the guest's start_info structure. Hence we specify
+ * MEMF_bits(32).
*/
- if ( (d->shared_info = alloc_xenheap_pages(0, MEMF_bits(32))) == NULL )
+ if ( (d->shared_info =
+ alloc_xenheap_pages(0, is_pv_32bit_domain(d) ? MEMF_bits(32)
+ : 0)) == NULL )
goto fail;
clear_page(d->shared_info);
--
2.51.0
^ permalink raw reply related [flat|nested] 4+ messages in thread* Re: [PATCH] x86/domain: adjust limitation on shared_info allocation below 4G 2026-02-03 10:10 [PATCH] x86/domain: adjust limitation on shared_info allocation below 4G Roger Pau Monne @ 2026-02-03 10:20 ` Roger Pau Monné 2026-02-04 8:41 ` Andrew Cooper 0 siblings, 1 reply; 4+ messages in thread From: Roger Pau Monné @ 2026-02-03 10:20 UTC (permalink / raw) To: xen-devel; +Cc: Jan Beulich, Andrew Cooper On Tue, Feb 03, 2026 at 11:10:17AM +0100, Roger Pau Monne wrote: > The limitation of shared_info being allocated below 4G to fit in the > start_info field only applies to 32bit PV guests. On 64bit PV guests the > start_info field is 64bits wide. HVM guests don't use start_info at all. > > Limit the allocation address restriction to 32bit PV guests only. > > Fixes: 3cadc0469d5c ("x86_64: shared_info must be allocated below 4GB as it is advertised to 32-bit guests via a 32-bit machine address field in start_info.") > Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> > --- > xen/arch/x86/domain.c | 9 ++++++--- > 1 file changed, 6 insertions(+), 3 deletions(-) > > diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c > index edb76366b596..4163568043b1 100644 > --- a/xen/arch/x86/domain.c > +++ b/xen/arch/x86/domain.c > @@ -882,10 +882,13 @@ int arch_domain_create(struct domain *d, > goto fail; > > /* > - * The shared_info machine address must fit in a 32-bit field within a > - * 32-bit guest's start_info structure. Hence we specify MEMF_bits(32). > + * For 32bit PV guests the shared_info machine address must fit in a 32-bit > + * field within the guest's start_info structure. Hence we specify > + * MEMF_bits(32). > */ > - if ( (d->shared_info = alloc_xenheap_pages(0, MEMF_bits(32))) == NULL ) > + if ( (d->shared_info = > + alloc_xenheap_pages(0, is_pv_32bit_domain(d) ? MEMF_bits(32) > + : 0)) == NULL ) Sorry, this is wrong, it's too early to know whether the domain is 32 or 64bit. Roger. ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] x86/domain: adjust limitation on shared_info allocation below 4G 2026-02-03 10:20 ` Roger Pau Monné @ 2026-02-04 8:41 ` Andrew Cooper 2026-02-04 8:52 ` Roger Pau Monné 0 siblings, 1 reply; 4+ messages in thread From: Andrew Cooper @ 2026-02-04 8:41 UTC (permalink / raw) To: Roger Pau Monné, xen-devel; +Cc: Andrew Cooper, Jan Beulich On 03/02/2026 10:20 am, Roger Pau Monné wrote: > On Tue, Feb 03, 2026 at 11:10:17AM +0100, Roger Pau Monne wrote: >> The limitation of shared_info being allocated below 4G to fit in the >> start_info field only applies to 32bit PV guests. On 64bit PV guests the >> start_info field is 64bits wide. HVM guests don't use start_info at all. >> >> Limit the allocation address restriction to 32bit PV guests only. >> >> Fixes: 3cadc0469d5c ("x86_64: shared_info must be allocated below 4GB as it is advertised to 32-bit guests via a 32-bit machine address field in start_info.") >> Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> >> --- >> xen/arch/x86/domain.c | 9 ++++++--- >> 1 file changed, 6 insertions(+), 3 deletions(-) >> >> diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c >> index edb76366b596..4163568043b1 100644 >> --- a/xen/arch/x86/domain.c >> +++ b/xen/arch/x86/domain.c >> @@ -882,10 +882,13 @@ int arch_domain_create(struct domain *d, >> goto fail; >> >> /* >> - * The shared_info machine address must fit in a 32-bit field within a >> - * 32-bit guest's start_info structure. Hence we specify MEMF_bits(32). >> + * For 32bit PV guests the shared_info machine address must fit in a 32-bit >> + * field within the guest's start_info structure. Hence we specify >> + * MEMF_bits(32). >> */ >> - if ( (d->shared_info = alloc_xenheap_pages(0, MEMF_bits(32))) == NULL ) >> + if ( (d->shared_info = >> + alloc_xenheap_pages(0, is_pv_32bit_domain(d) ? MEMF_bits(32) >> + : 0)) == NULL ) > Sorry, this is wrong, it's too early to know whether the domain is 32 > or 64bit. It's probably fine to have this become an unrestricted xenhelp allocation, and for switch_compat() to make a restricted allocation and copy. When constructing a PV32 guest in practice, the set_compat hypercall is only moments after from the domain create, and it doesn't matter if we discover lowmem exhaustion marginally later That way we don't have a PV32-ism continuing to impact the all VMs. ~Andrew ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] x86/domain: adjust limitation on shared_info allocation below 4G 2026-02-04 8:41 ` Andrew Cooper @ 2026-02-04 8:52 ` Roger Pau Monné 0 siblings, 0 replies; 4+ messages in thread From: Roger Pau Monné @ 2026-02-04 8:52 UTC (permalink / raw) To: Andrew Cooper; +Cc: xen-devel, Jan Beulich On Wed, Feb 04, 2026 at 09:41:21AM +0100, Andrew Cooper wrote: > On 03/02/2026 10:20 am, Roger Pau Monné wrote: > > On Tue, Feb 03, 2026 at 11:10:17AM +0100, Roger Pau Monne wrote: > >> The limitation of shared_info being allocated below 4G to fit in the > >> start_info field only applies to 32bit PV guests. On 64bit PV guests the > >> start_info field is 64bits wide. HVM guests don't use start_info at all. > >> > >> Limit the allocation address restriction to 32bit PV guests only. > >> > >> Fixes: 3cadc0469d5c ("x86_64: shared_info must be allocated below 4GB as it is advertised to 32-bit guests via a 32-bit machine address field in start_info.") > >> Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> > >> --- > >> xen/arch/x86/domain.c | 9 ++++++--- > >> 1 file changed, 6 insertions(+), 3 deletions(-) > >> > >> diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c > >> index edb76366b596..4163568043b1 100644 > >> --- a/xen/arch/x86/domain.c > >> +++ b/xen/arch/x86/domain.c > >> @@ -882,10 +882,13 @@ int arch_domain_create(struct domain *d, > >> goto fail; > >> > >> /* > >> - * The shared_info machine address must fit in a 32-bit field within a > >> - * 32-bit guest's start_info structure. Hence we specify MEMF_bits(32). > >> + * For 32bit PV guests the shared_info machine address must fit in a 32-bit > >> + * field within the guest's start_info structure. Hence we specify > >> + * MEMF_bits(32). > >> */ > >> - if ( (d->shared_info = alloc_xenheap_pages(0, MEMF_bits(32))) == NULL ) > >> + if ( (d->shared_info = > >> + alloc_xenheap_pages(0, is_pv_32bit_domain(d) ? MEMF_bits(32) > >> + : 0)) == NULL ) > > Sorry, this is wrong, it's too early to know whether the domain is 32 > > or 64bit. > > It's probably fine to have this become an unrestricted xenhelp > allocation, and for switch_compat() to make a restricted allocation and > copy. Yeah, that's what I'm doing. It turns out to be a bit more complicated that I originally anticipated, because you also need to reset the v->vcpu_info_area.map filed to point to the new page. > When constructing a PV32 guest in practice, the set_compat hypercall is > only moments after from the domain create, and it doesn't matter if we > discover lowmem exhaustion marginally later > > That way we don't have a PV32-ism continuing to impact the all VMs. Indeed, that's my approach, just took me a bit more than expected because of the already taken references to the shared_info page by the time switch_compat() is executed. Regards, Roger. ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2026-02-04 8:53 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2026-02-03 10:10 [PATCH] x86/domain: adjust limitation on shared_info allocation below 4G Roger Pau Monne 2026-02-03 10:20 ` Roger Pau Monné 2026-02-04 8:41 ` Andrew Cooper 2026-02-04 8:52 ` Roger Pau Monné
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.