From: Trammell Hudson <hudson@trmm.net>
To: xen-devel@lists.xenproject.org
Subject: kexec and xen/arch/x86/boot/head.S trampoline
Date: Wed, 28 Feb 2018 07:08:40 -0700 [thread overview]
Message-ID: <20180228140840.GA20376@chishio.swcp.com> (raw)
This is a belated followup to my post in 2016, which was a followup to a
post by Ward Vandewege in 2008 about problems introduced by Xen 3.1.3's
changes in the trampoline allocation code:
https://lists.xenproject.org/archives/html/xen-devel/2016-08/msg01208.html
I've been maintaining an out-of-tree patch for using Xen with coreboot
and the Heads runtime since my previous post and finally decided to track
down what in coreboot was causing the issue. It turns out that it is
not a coreboot problem, but caused by kexec.
kexec allocates a 1 page segment at 0x0 and memsets most of it to zero,
wiping out coreboot's EBDA structure, which xen's head.S consulted to
allocate the trampoline. Xen's code looks like this:
/* Set up trampoline segment 64k below EBDA */
movzwl 0x40e,%ecx /* EBDA segment */
cmp $0xa000,%ecx /* sanity check (high) */
jae 0f
cmp $0x4000,%ecx /* sanity check (low) */
jae 1f
0:
movzwl 0x413,%ecx /* use base memory size on failure */
shl $10-4,%ecx
1:
/*
* Compare the value in the BDA with the information from the
* multiboot structure (if available) and use the smallest.
*/
testb $MBI_MEMLIMITS,(%ebx)
jz 2f /* not available? BDA value will be fine */
mov MB_mem_lower(%ebx),%edx
cmp $0x100,%edx /* is the multiboot value too small? */
jb 2f /* if so, do not use it */
shl $10-4,%edx
cmp %ecx,%edx /* compare with BDA value */
cmovb %edx,%ecx /* and use the smaller */
2: /* Reserve 64kb for the trampoline */
sub $0x1000,%ecx
Since 0x40e is zero, it goes into the base memory size fallback,
which also results in %ecx being zero. Since zero is less than whatever
is in the MBI, Xen decides to use minus 0x1000 for the trampoline and faults
soon afterwards as a result.
Are there reasons to prefer EBDA over mbi->mem_lower?
If not, it seems that easiest way to patch it would be always trust the
mbi lower memory value if the memlimits bit is set (which is what my
out-of-tree patch did) and only fall back to EBDA data if the mbi->flags
MEMLIMITS bit is not set. And even then it would be good to to duplicate
the guard for %ecx < 0x4000 || %ecx > 0xa000 when reading from 0x413
and signal an error rather than faulting.
--
Trammell
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
next reply other threads:[~2018-02-28 14:08 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-28 14:08 Trammell Hudson [this message]
2018-02-28 15:07 ` kexec and xen/arch/x86/boot/head.S trampoline Andrew Cooper
2018-02-28 16:27 ` Trammell Hudson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180228140840.GA20376@chishio.swcp.com \
--to=hudson@trmm.net \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).