From: Penny Zheng
This commit expands xen_mpumap_update/xen_mpumap_update_entry to include
destroying an existing entry.
We define a new helper "disable_mpu_region_from_index" to disable the MPU
region based on index. If region is within [0, 31], we could quickly
disable the MPU region through P
Hello,
This series implements a new PDX compression algorithm to cope with the
spare memory maps found on the Intel Sapphire/Granite Rapids.
Patches 1 to 7 prepare the existing code to make it easier to introduce
a new PDX compression, including generalizing the initialization and
setup functions
When not using CONFIG_BIGMEM there are some restrictions in the address
width for allocations of the domain structure, as it's PDX truncated to 32
bits it's stashed into page_info structure for domain allocated pages.
The current logic to calculate this limit is based on the internals of the
PDX c
There are four performance critical PDX conversion helpers that do the PFN
to/from PDX and the physical addresses to/from directmap offsets
translations.
In the absence of an active PDX compression, those functions would still do
the calculations needed, just to return the same input value as no
t
Hi all,
This series is the second set of patches in the ongoing work to
introduce support for MPU systems and Cortex R82 in Xen.
The patches in this series implement the necessary logic to map and
unmap the Device Tree Blob in the early stages of the boot process.
Cheers,
Hari
Luca Fancellu (4)
On 2025-06-16 04:46, Juergen Gross wrote:
Add the code and data definitions of the final kexec stage.
Put the code and related data into a dedicated section in order to be
able to copy it to another location. For this reason there must be no
absolute relocations being used in the code or data.
From: Luca Fancellu
Implement remove_early_mappings for MPU systems.
Signed-off-by: Luca Fancellu
Signed-off-by: Hari Limaye
---
xen/arch/arm/mpu/setup.c | 9 -
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/xen/arch/arm/mpu/setup.c b/xen/arch/arm/mpu/setup.c
index ab00c
On Thu, Jun 19, 2025 at 11:06 PM Marek Marczykowski-Górecki
wrote:
>
> On Thu, Jun 19, 2025 at 12:56:12PM -0700, Stefano Stabellini wrote:
> > On Thu, 19 Jun 2025, Marek Marczykowski-Górecki wrote:
> > > On Thu, Jun 19, 2025 at 03:16:51PM +0100, Ross Lagerwall wrote:
> > > > I think a section on P
On Fri, Jun 20, 2025 at 11:31 AM Roger Pau Monné wrote:
>
> On Mon, Jun 02, 2025 at 02:36:37PM +0100, Ross Lagerwall wrote:
> > From: Jennifer Herbert
> >
> > Verify livepatch signatures against the embedded public key in Xen.
> > Failing to verify does not prevent the livepatch from being loaded
On 2025-06-16 04:46, Juergen Gross wrote:
With all kexec preparations done, activate the new kernel.
Signed-off-by: Juergen Gross
Reviewed-by: Jason Andryuk
Thanks,
Jason
From: Luca Fancellu
Implement the function early_fdt_map(), which is responsible for mapping
the Device Tree Blob in the early stages of the boot process, for MPU
systems.
We make use of the map_pages_to_xen() and destroy_xen_mappings() APIs.
In particular the latter function is necessary in the
Introduce a command line option to allow disabling PDX compression. The
disabling is done by turning pfn_pdx_add_region() into a no-op, so when
attempting to initialize the selected compression algorithm the array of
ranges to compress is empty.
Signed-off-by: Roger Pau Monné
---
Changes since v
Introduce a set of unit tests for PDX compression. The unit tests contains
both real and crafted memory maps that are then compressed using the
selected PDX algorithm. Note the build system for the unit tests has been
done in a way to support adding new compression algorithms easily. That
requir
On 20.06.25 02:41, jiang.pe...@zte.com.cn wrote:
From: Peng Jiang
This patch fixes a W=1 format-string warning reported by GCC 12.3.0
by annotating xenbus_switch_fatal() and xenbus_va_dev_error()
with the __printf attribute. The attribute enables compile-time
validation of printf-style format s
Add the single arch-specific field in an "arch" subfield defined in
asm/bootfdt.h.
No functional change intended.
Signed-off-by: Alejandro Vallejo
Reviewed-by: Stefano Stabellini
---
xen/arch/x86/hvm/dom0_build.c | 2 +-
xen/arch/x86/include/asm/boot-domain.h | 33 ---
Part of an unpicking process to extract bootfdt contents independent of bootinfo
to a separate file for x86 to take.
Move functions required for early FDT parsing from device_tree.h and arm's
setup.h onto bootfdt.h
Declaration motion only. Not a functional change.
Signed-off-by: Alejandro Vallej
pipeline:
https://gitlab.com/xen-project/people/agvallejo/xen/-/pipelines/1880819044
Hi,
There are minor adjustments throughout based on feedback, and I've also dropped
the patch that allowed x86 to just pick DOM0LESS_BOOT right now until the rest
of the changes to boot a single-dom0 DTB go in.
... in alignment with the new coding style on word splitting for type
names.
This aligns its name with the largely duplicate boot_module struct
in x86. While there's no equivalent to "struct bootmodules" in x86,
changing one and not the other is just confusing. Same with various
comments and funct
These types resemble each other very closely in layout and intent,
and with "struct boot_module" already in common code it makes perfect
sense to merge them. In order to do so, add an arch-specific area for
x86-specific tidbits, and rename identical fields with conflicting
names.
No functional cha
Create a struct header within kernel_info with the contents common to
kernel_info and boot_domain, and define that header in common code. This enables
x86 to use that header as-is and drop x86's boot_domain.
Not a functional change.
Signed-off-by: Alejandro Vallejo
Reviewed-by: Stefano Stabellin
There's the unwritten convention in x86 of splitting type names using
underscores. Add such convention to the CODINNG_STYLE to make it
common and less unwritten.
Signed-off-by: Alejandro Vallejo
---
v4:
* Move new paragraph into a new "Identifiers" section
---
CODING_STYLE | 6 ++
1 file c
Moving forward the idea is for there to be:
1. Basic DT support: used by dom0less/hyperlaunch.
2. Full DT support: used for device discovery and HW setup.
Rename HAS_DEVICE_TREE to HAS_DEVICE_TREE_DISCOVERY to describe (2), while
DOM0LESS_BOOT is left to describe (1).
Signed-off-by: Alejandro
This file will eventually contain bootfdt helpers that make heavy use of
bootinfo. To simplify git history do the rename here explicitly. A later
patch extracts bootinfo-independent helpers into bootfdt.c.
Doing so here would needlessly pollute the diffs.
Not a functional change.
Signed-off-by:
device-tree.c stops requiring CONFIG_HAS_DEVICE_TREE_DISCOVERY and may
function with DOM0LESS_BOOT.
Without this, there's a clash with x86's definition of device_t. Because
x86 doesn't discover devices in the DT it can simply skip the code
to do so during the unflattening phase.
Not a functional
Part of an unpicking process to extract bootfdt contents independent of
bootinfo to a separate file for x86 to take.
With this, bootfdt.h can be cleanly included from x86. A later patch
extracts the definitions so the functions may be called too.
Not a functional change.
Signed-off-by: Alejandro
This will be required later by x86 code in order to do early identification
of boot modules when booting off a DTB.
Not a functional change.
Signed-off-by: Alejandro Vallejo
Reviewed-by: Stefano Stabellini
---
xen/common/device-tree/bootfdt.c | 18 ++
xen/common/device-tre
This effectively means that DOM0LESS_BOOT on platforms without
HAS_DEVICE_TREE_DISCOVERY (i.e: x86) acts as a selector for a
stripped-down version of DT code.
Signed-off-by: Alejandro Vallejo
---
xen/Kconfig.debug | 2 +-
xen/common/Kconfig | 3 ++-
xen/common/Makefile
Using UKI it's possible to embed Linux kernel into xen.efi file.
In this case the signature for Secure Boot is applied to the
whole xen.efi, including the kernel.
So checking for specific signature for the kernel is not
needed.
Signed-off-by: Frediano Ziglio
---
Changes since v1:
- updated commit
The current setup (pdx_init_mask() and pdx_region_mask()) and init
(pfn_pdx_hole_setup()) PDX compression functions are tailored to the
existing PDX compression algorithm.
In preparation for introducing a new compression algorithm convert the
setup and init functions to more generic interfaces tha
Move fill_mask(), pdx_region_mask() and pdx_init_mask() to the
!CONFIG_PDX_NONE section in preparation of them also being used by a newly
added PDX compression.
No functional change intended.
Signed-off-by: Roger Pau Monné
---
git is not very helpful when generating the diff here, and it ends up
With the appearance of Intel Sierra Forest and Granite Rapids it's now
possible to get a production x86 host with the following memory map:
SRAT: Node 0 PXM 0 [, 7fff]
SRAT: Node 0 PXM 0 [0001, 00807fff]
SRAT: Node 1 PXM 1 [063e8000, 06be
Rename the current CONFIG_PDX_COMPRESSION to CONFIG_PDX_MASK_COMPRESSION,
and make it part of the PDX compression choice block, in preparation for
adding further PDX compression algorithms.
No functional change intended as the PDX compression defaults should still
be the same for all architectures
On 20.06.2025 11:39, Roger Pau Monné wrote:
> On Mon, Jun 02, 2025 at 02:36:34PM +0100, Ross Lagerwall wrote:
>> From: Kevin Lampis
>>
>> Make it possible to embed a public key in Xen to be used when verifying
>> live patch payloads. Inclusion of the public key is optional.
>>
>> To avoid needing
On Mon, Jun 02, 2025 at 02:36:37PM +0100, Ross Lagerwall wrote:
> From: Jennifer Herbert
>
> Verify livepatch signatures against the embedded public key in Xen.
> Failing to verify does not prevent the livepatch from being loaded.
> In future, this will be changed for certain cases (e.g. when Sec
From: Luca Fancellu
Introduce flags_has_rwx() function that will check if a
mapping is both writable and executable when modifying
or update the mapping.
This check was already present in pt.c but since it will
be used also for MPU system, it's wrapped into a function
now.
Signed-off-by: Luca F
- Fix typo in source comment ("you can found" -> "which can be found").
- Add dsb(sy) after IMCTR write to ensure flush is complete before polling.
- Add dev_info() log in ipmmu_device_reset() to indicate the number of disabled
contexts.
These changes improve memory operation ordering, code reada
On Fri, Jun 20, 2025 at 12:09:21PM +0200, Jan Beulich wrote:
> On 20.06.2025 11:39, Roger Pau Monné wrote:
> > On Mon, Jun 02, 2025 at 02:36:34PM +0100, Ross Lagerwall wrote:
> >> From: Kevin Lampis
> >>
> >> Make it possible to embed a public key in Xen to be used when verifying
> >> live patch p
On Thu, Jun 05, 2025 at 01:19:00PM +0200, Jan Beulich wrote:
> On 02.06.2025 15:36, Ross Lagerwall wrote:
> > From: Kevin Lampis
> >
> > Make it possible to embed a public key in Xen to be used when verifying
> > live patch payloads. Inclusion of the public key is optional.
> >
> > To avoid need
From: Luca Fancellu
Implement a function to find the index of a MPU region
in the xen_mpumap MPU region array.
Signed-off-by: Luca Fancellu
Signed-off-by: Hari Limaye
---
xen/arch/arm/include/asm/mpu/mm.h | 29 ++
xen/arch/arm/mpu/mm.c | 66
From: Penny Zheng
Introduce map_pages_to_xen() that is implemented using a new helper,
xen_mpumap_update(), which is responsible for updating Xen MPU memory
mapping table(xen_mpumap), including creating a new entry, updating
or destroying an existing one, it is equivalent to xen_pt_update in MMU.
On Mon, Jun 02, 2025 at 02:36:35PM +0100, Ross Lagerwall wrote:
> In preparation for adding support for livepatch signing, add support for
> RSA crypto.
>
> The RSA code is extracted from Nettle at tag nettle_3.2_release_20160128
> (https://git.lysator.liu.se/nettle/nettle).
>
> The MPI code is e
On Mon, Jun 02, 2025 at 02:36:34PM +0100, Ross Lagerwall wrote:
> From: Kevin Lampis
>
> Make it possible to embed a public key in Xen to be used when verifying
> live patch payloads. Inclusion of the public key is optional.
>
> To avoid needing to include a DER / X.509 parser in the hypervisor,
On Fri, Jun 20, 2025 at 10:53 AM Roger Pau Monné wrote:
>
> On Mon, Jun 02, 2025 at 02:36:35PM +0100, Ross Lagerwall wrote:
> > In preparation for adding support for livepatch signing, add support for
> > RSA crypto.
> >
> > The RSA code is extracted from Nettle at tag nettle_3.2_release_20160128
On Thu, 19 Jun 2025, Alejandro Vallejo wrote:
> The DT spec declares only two number types for a property: u32 and u64,
> as per Table 2.3 in Section 2.2.4. Remove unbounded loop and replace
> with a switch statement. Default to a size of 1 cell in the nonsensical
> size case, with a warning printe
Hi all,
Regarding hardware domain and control domain separation, Ayan sent to
xen-devel an architecture specification (a design document) that I wrote
previously about the topic. This is written as safety document so it is
using a language and structure specific for that. However, it contains
much
On Fri, 20 Jun 2025, Alejandro Vallejo wrote:
> Part of an unpicking process to extract bootfdt contents independent of
> bootinfo
> to a separate file for x86 to take.
>
> Move functions required for early FDT parsing from device_tree.h and arm's
> setup.h onto bootfdt.h
>
> Declaration motion
On Fri, 20 Jun 2025, Alejandro Vallejo wrote:
> Moving forward the idea is for there to be:
> 1. Basic DT support: used by dom0less/hyperlaunch.
> 2. Full DT support: used for device discovery and HW setup.
>
> Rename HAS_DEVICE_TREE to HAS_DEVICE_TREE_DISCOVERY to describe (2), while
> DOM0LE
On Fri, Jun 20, 2025 at 09:26:05AM +0100, Frediano Ziglio wrote:
> Using UKI it's possible to embed Linux kernel into xen.efi file.
> In this case the signature for Secure Boot is applied to the
> whole xen.efi, including the kernel.
> So checking for specific signature for the kernel is not
> need
Read The Docs now requires a configuration file, which is awkward when using
RTD to render proposed changes on the list.
Provide the minimal configuration file possible, sacrificing all
reproducibility in order to hopefully not need to touch it moving forwards.
Signed-off-by: Andrew Cooper
---
C
MISRA C Directive 4.10 states that "Precautions shall be taken in order
to prevent the contents of a header file being included more than
once".
Add a SAF tag to the existing comment on top of cpufeatures.h.
Add a header inclusion guard to compile.h.
Update ECLAIR configuration to:
- extend exist
On Tue, 10 Jun 2025, Jan Beulich wrote:
> On 06.06.2025 23:04, Stefano Stabellini wrote:
> > --- a/xen/arch/x86/include/asm/cpufeatures.h
> > +++ b/xen/arch/x86/include/asm/cpufeatures.h
> > @@ -1,6 +1,6 @@
> > -/*
> > - * Explicitly intended for multiple inclusion.
> > - */
> > +/* This file is in
On Tue, 10 Jun 2025, Jan Beulich wrote:
> On 06.06.2025 22:49, Stefano Stabellini wrote:
> > On Fri, 6 Jun 2025, Nicola Vetrini wrote:
> > Signed-off-by: Alessandro Zucchelli
>
> Missing your own S-o-b.
>
> Also (nit) may I ask that you drop the full stop from the patch sub
On 2025-06-19 07:37, Juergen Gross wrote:
Suspend for PVH is doing some crazy stuff with the Xenstore and console
PFNs:
- In arch_pre_suspend() the PFNs are "translated" to MFNs, even if that
translation is a nop.
- The result is stored via start_info_ptr, which points to a struct
start_i
On 2025-06-19 07:38, Juergen Gross wrote:
The parameter of map_shared_info() is evaluated in PV mode only, and it
is always the pointer to the initial struct start_info from boot time.
By setting start_info_ptr a little bit earlier the PV variant of
map_shared_info() can just use start_info_ptr
> PS: Next time please don't send another version of a patch as a reply,
> but as a new email thread.
Got it! New threads for future patches - thanks for the heads up.Sorry for any
inconvenience caused,
and thanks again for your patience with a newcomer like me.
Best regards
Peng
On 2025-06-19 07:38, Juergen Gross wrote:
The parameter of get_console() is used only when running in PV mode,
and it always has the same value.
Drop the parameter and use start_info_ptr directly in the PV variant
of get_console().
Signed-off-by: Juergen Gross
Reviewed-by: Jason Andryuk
On 2025-06-19 07:38, Juergen Gross wrote:
Add an extern declaration for start_info_ptr when running in PV mode
and use that instead of the copy held in start_info. This allows to
drop start_info.
Signed-off-by: Juergen Gross
Reviewed-by: Jason Andryuk
On 2025-06-19 07:38, Juergen Gross wrote:
The parameter of get_xenbus() is used only when running in PV mode,
and it always has the same value.
Drop the parameter and use start_info_ptr directly in the PV variant
of get_xenbus().
Signed-off-by: Juergen Gross
Reviewed-by: Jason Andryuk
On Fri, 20 Jun 2025, Alejandro Vallejo wrote:
> device-tree.c stops requiring CONFIG_HAS_DEVICE_TREE_DISCOVERY and may
> function with DOM0LESS_BOOT.
>
> Without this, there's a clash with x86's definition of device_t. Because
> x86 doesn't discover devices in the DT it can simply skip the code
>
On Fri, 20 Jun 2025, Jan Beulich wrote:
> On 19.06.2025 02:45, Stefano Stabellini wrote:
> > On Wed, 18 Jun 2025, Jan Beulich wrote:
> >> On 18.06.2025 02:39, Stefano Stabellini wrote:
> >>> On Thu, 12 Jun 2025, Jan Beulich wrote:
> On 11.06.2025 21:07, Stefano Stabellini wrote:
> > On Wed
On Fri, 20 Jun 2025, Alejandro Vallejo wrote:
> These types resemble each other very closely in layout and intent,
> and with "struct boot_module" already in common code it makes perfect
> sense to merge them. In order to do so, add an arch-specific area for
> x86-specific tidbits, and rename ident
On Fri, 20 Jun 2025, Alejandro Vallejo wrote:
> There's the unwritten convention in x86 of splitting type names using
> underscores. Add such convention to the CODINNG_STYLE to make it
> common and less unwritten.
>
> Signed-off-by: Alejandro Vallejo
Acked-by: Stefano Stabellini
> ---
> v4:
>
On Fri, 20 Jun 2025, Alejandro Vallejo wrote:
> This effectively means that DOM0LESS_BOOT on platforms without
> HAS_DEVICE_TREE_DISCOVERY (i.e: x86) acts as a selector for a
> stripped-down version of DT code.
>
> Signed-off-by: Alejandro Vallejo
This is so much better than before. Thank you an
On 2025-06-19 07:38, Juergen Gross wrote:
Hide start_info_ptr via CONFIG_PARAVIRT in order to avoid accesses to
it form not PV specific code.
Signed-off-by: Juergen Gross
Reviewed-by: Jason Andryuk
On 6/20/25 20:41, Stefano Stabellini wrote:
> Hi all,
>
> Regarding hardware domain and control domain separation, Ayan sent to
> xen-devel an architecture specification (a design document) that I wrote
> previously about the topic. This is written as safety document so it is
> using a language an
65 matches
Mail list logo
