On Tue, Jul 28, 2020 at 06:12:46PM +0100, Julien Grall wrote: > Hi Roger, > > On 28/07/2020 17:59, Roger Pau Monné wrote: > > On Tue, Jul 28, 2020 at 05:48:23PM +0100, Julien Grall wrote: > > > Hi, > > > > > > On 27/07/2020 10:13, Roger Pau Monne wrote: > > > > To be used in order to create foreign mappings. This is based on the > > > > ZONE_DEVICE facility which is used by persistent memory devices in > > > > order to create struct pages and kernel virtual mappings for the IOMEM > > > > areas of such devices. Note that on kernels without support for > > > > ZONE_DEVICE Xen will fallback to use ballooned pages in order to > > > > create foreign mappings. > > > > > > > > The newly added helpers use the same parameters as the existing > > > > {alloc/free}_xenballooned_pages functions, which allows for in-place > > > > replacement of the callers. Once a memory region has been added to be > > > > used as scratch mapping space it will no longer be released, and pages > > > > returned are kept in a linked list. This allows to have a buffer of > > > > pages and prevents resorting to frequent additions and removals of > > > > regions. > > > > > > > > If enabled (because ZONE_DEVICE is supported) the usage of the new > > > > functionality untangles Xen balloon and RAM hotplug from the usage of > > > > unpopulated physical memory ranges to map foreign pages, which is the > > > > correct thing to do in order to avoid mappings of foreign pages depend > > > > on memory hotplug. > > > I think this is going to break Dom0 on Arm if the kernel has been built with > > > hotplug. This is because you may end up to re-use region that will be used > > > for the 1:1 mapping of a foreign map. > > > > > > Note that I don't know whether hotplug has been tested on Xen on Arm yet. So > > > it might be possible to be already broken. > > > > > > Meanwhile, my suggestion would be to make the use of hotplug in the balloon > > > code conditional (maybe using CONFIG_ARM64 and CONFIG_ARM)? > > > > Right, this feature (allocation of unpopulated memory separated from > > the balloon driver) is currently gated on CONFIG_ZONE_DEVICE, which I > > think could be used on Arm. > > > > IMO the right solution seems to be to subtract the physical memory > > regions that can be used for the identity mappings of foreign pages > > (all RAM on the system AFAICT) from iomem_resource, as that would make > > this and the memory hotplug done in the balloon driver safe? > > Dom0 doesn't know the regions used for the identity mappings as this is only > managed by Xen. So there is nothing you can really do here. OK, I will add the guards to prevent this being built on Arm. > But don't you have the same issue on x86 with "magic pages"? Those are marked as reserved on the memory map, and hence I would expect them to never end up in iomem_resource. Thanks, Roger.