From xen-changelog-bounces@lists.xenproject.org Tue Aug 03 09:44:12 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 03 Aug 2021 09:44:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.163345.299235 (Exim 4.92) (envelope-from ) id 1mAqxz-0007dq-51; Tue, 03 Aug 2021 09:44:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 163345.299235; Tue, 03 Aug 2021 09:44:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mAqxz-0007di-1z; Tue, 03 Aug 2021 09:44:07 +0000 Received: by outflank-mailman (input) for mailman id 163345; Tue, 03 Aug 2021 09:44:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mAqxx-0007dW-Sf for xen-changelog@lists.xenproject.org; Tue, 03 Aug 2021 09:44:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mAqxx-0000t2-Rs for xen-changelog@lists.xenproject.org; Tue, 03 Aug 2021 09:44:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mAqxx-0000gR-R0 for xen-changelog@lists.xenproject.org; Tue, 03 Aug 2021 09:44:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=mwvofJC7MHrIR8GoXCqZ2l/2ABMjkV1ol/6B0nejsQo=; b=QydZK//OLFphZO3udyw4/eUu58 D+utmd+wINcA5Dhr7HAJlj/EYIWPR7R0buO+eQKzoTHno+N9zYZVvDIGiWXF4DrEMVvzGfbzF1TeH eLXMXPFJrEal7vwTWVRIIZmAfIycVdwatHTqzjYpigHDk/xgXbZRHVkCbx3psNVtuDLM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen: do not return -EEXIST if iommu_add_dt_device is called twice Message-Id: Date: Tue, 03 Aug 2021 09:44:05 +0000 commit 3be443e726626913e328a9a7123cdd19f1c49edb Author: Stefano Stabellini AuthorDate: Mon Aug 2 17:24:07 2021 -0700 Commit: Julien Grall CommitDate: Tue Aug 3 10:38:55 2021 +0100 xen: do not return -EEXIST if iommu_add_dt_device is called twice iommu_add_dt_device() returns -EEXIST if the device was already registered. At the moment, this can only happen if the device was already assigned to a domain (either dom0 at boot or via XEN_DOMCTL_assign_device). In a follow-up patch, we will convert the SMMU driver to use the FW spec. When the legacy bindings are used, all the devices will be registered at probe. Therefore, iommu_add_dt_device() will always returns -EEXIST. Currently, one caller (XEN_DOMCTL_assign_device) will check the return and ignore -EEXIST. All the other will fail because it was technically a programming error. However, there is no harm to call iommu_add_dt_device() twice, so we can simply return 0. With that in place the caller doesn't need to check -EEXIST anymore, so remove the check. Signed-off-by: Stefano Stabellini Acked-by: Julien Grall --- xen/drivers/passthrough/device_tree.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/xen/drivers/passthrough/device_tree.c b/xen/drivers/passthrough/device_tree.c index 999b831d90..9249f21c01 100644 --- a/xen/drivers/passthrough/device_tree.c +++ b/xen/drivers/passthrough/device_tree.c @@ -140,8 +140,12 @@ int iommu_add_dt_device(struct dt_device_node *np) if ( !ops ) return -EINVAL; + /* + * The device may already have been registered. As there is no harm in + * it just return success early. + */ if ( dev_iommu_fwspec_get(dev) ) - return -EEXIST; + return 0; /* * According to the Documentation/devicetree/bindings/iommu/iommu.txt @@ -249,12 +253,7 @@ int iommu_do_dt_domctl(struct xen_domctl *domctl, struct domain *d, return -EINVAL; ret = iommu_add_dt_device(dev); - /* - * Ignore "-EEXIST" error code as it would mean that the device is - * already added to the IOMMU (positive result). Such happens after - * re-creating guest domain. - */ - if ( ret < 0 && ret != -EEXIST ) + if ( ret < 0 ) { printk(XENLOG_G_ERR "Failed to add %s to the IOMMU\n", dt_node_full_name(dev)); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Aug 03 09:44:17 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 03 Aug 2021 09:44:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.163346.299238 (Exim 4.92) (envelope-from ) id 1mAqy9-0007gT-6K; Tue, 03 Aug 2021 09:44:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 163346.299238; Tue, 03 Aug 2021 09:44:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mAqy9-0007gK-3V; Tue, 03 Aug 2021 09:44:17 +0000 Received: by outflank-mailman (input) for mailman id 163346; Tue, 03 Aug 2021 09:44:16 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mAqy7-0007g6-W0 for xen-changelog@lists.xenproject.org; Tue, 03 Aug 2021 09:44:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mAqy7-0000t8-V9 for xen-changelog@lists.xenproject.org; Tue, 03 Aug 2021 09:44:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mAqy7-0000hh-UO for xen-changelog@lists.xenproject.org; Tue, 03 Aug 2021 09:44:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=7h7Ible8cpSv733WjrJDDK/evYBIqE7w3dkH/Re3B5I=; b=piNqCO/3NXxba9aL7I1mJKEtdJ UQgO+B7eVYFOcSuXKMLV9s2uXCWIhGaUTTsMPlrW7ixuLmgUd9tWEyaCbHKoG0mVvYzbNmE9yhqBx k/Hoaj9/pk3uUgF7l9tzZcmCvSY7K4tyoPpZ4zTAye7fNZapb3kDlP/rvuTCBFQaIt1g=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] arm,smmu: switch to using iommu_fwspec functions Message-Id: Date: Tue, 03 Aug 2021 09:44:15 +0000 commit 4a692732105bc6357c64e5af93785bbfa28d6704 Author: Brian Woods AuthorDate: Mon Aug 2 17:24:06 2021 -0700 Commit: Julien Grall CommitDate: Tue Aug 3 10:38:55 2021 +0100 arm,smmu: switch to using iommu_fwspec functions Modify the smmu driver so that it uses the iommu_fwspec helper functions. This means both ARM IOMMU drivers will both use the iommu_fwspec helper functions, making enabling generic device tree bindings in the SMMU driver much cleaner. Signed-off-by: Brian Woods Signed-off-by: Stefano Stabellini Reviewed-by: Rahul Singh Acked-by: Julien Grall --- xen/drivers/passthrough/arm/smmu.c | 75 ++++++++++++++++++++++++++------------ 1 file changed, 51 insertions(+), 24 deletions(-) diff --git a/xen/drivers/passthrough/arm/smmu.c b/xen/drivers/passthrough/arm/smmu.c index 658c40433c..09773702c3 100644 --- a/xen/drivers/passthrough/arm/smmu.c +++ b/xen/drivers/passthrough/arm/smmu.c @@ -32,6 +32,9 @@ * - 4k and 64k pages, with contiguous pte hints. * - Up to 48-bit addressing (dependent on VA_BITS) * - Context fault reporting + * + * Changes compared to Linux driver: + * - support for fwspec */ @@ -49,6 +52,7 @@ #include #include #include +#include #include /* Xen: The below defines are redefined within the file. Undef it */ @@ -617,13 +621,11 @@ struct arm_smmu_smr { struct arm_smmu_master_cfg { struct arm_smmu_device *smmu; - int num_streamids; - u16 streamids[MAX_MASTER_STREAMIDS]; s16 smendx[MAX_MASTER_STREAMIDS]; }; #define INVALID_SMENDX -1 -#define for_each_cfg_sme(cfg, i, idx) \ - for (i = 0; idx = cfg->smendx[i], i < cfg->num_streamids; ++i) +#define for_each_cfg_sme(cfg, i, idx, num) \ + for (i = 0; idx = cfg->smendx[i], i < num; ++i) struct arm_smmu_master { struct device_node *of_node; @@ -713,6 +715,14 @@ static struct arm_smmu_option_prop arm_smmu_options[] = { { 0, NULL}, }; +static inline struct iommu_fwspec * +arm_smmu_get_fwspec(struct arm_smmu_master_cfg *cfg) +{ + struct arm_smmu_master *master = container_of(cfg, + struct arm_smmu_master, cfg); + return dev_iommu_fwspec_get(&master->of_node->dev); +} + static void parse_driver_options(struct arm_smmu_device *smmu) { int i = 0; @@ -806,8 +816,9 @@ static int register_smmu_master(struct arm_smmu_device *smmu, struct device *dev, struct of_phandle_args *masterspec) { - int i; + int i, ret = 0; struct arm_smmu_master *master; + struct iommu_fwspec *fwspec; master = find_smmu_master(smmu, masterspec->np); if (master) { @@ -817,24 +828,30 @@ static int register_smmu_master(struct arm_smmu_device *smmu, return -EBUSY; } - if (masterspec->args_count > MAX_MASTER_STREAMIDS) { - dev_err(dev, - "reached maximum number (%d) of stream IDs for master device %s\n", - MAX_MASTER_STREAMIDS, masterspec->np->name); - return -ENOSPC; - } - master = devm_kzalloc(dev, sizeof(*master), GFP_KERNEL); if (!master) return -ENOMEM; + master->of_node = masterspec->np; - master->of_node = masterspec->np; - master->cfg.num_streamids = masterspec->args_count; + ret = iommu_fwspec_init(&master->of_node->dev, smmu->dev); + if (ret) { + kfree(master); + return ret; + } + + /* adding the ids here */ + ret = iommu_fwspec_add_ids(&masterspec->np->dev, + masterspec->args, + masterspec->args_count); + if (ret) + return ret; + + fwspec = dev_iommu_fwspec_get(dev); /* Xen: Let Xen know that the device is protected by an SMMU */ dt_device_set_protected(masterspec->np); - for (i = 0; i < master->cfg.num_streamids; ++i) { + for (i = 0; i < fwspec->num_ids; ++i) { u16 streamid = masterspec->args[i]; if (!(smmu->features & ARM_SMMU_FEAT_STREAM_MATCH) && @@ -844,7 +861,6 @@ static int register_smmu_master(struct arm_smmu_device *smmu, masterspec->np->name, smmu->num_mapping_groups); return -ERANGE; } - master->cfg.streamids[i] = streamid; master->cfg.smendx[i] = INVALID_SMENDX; } return insert_smmu_master(smmu, master); @@ -1500,22 +1516,23 @@ static int arm_smmu_master_alloc_smes(struct device *dev) struct arm_smmu_device *smmu = cfg->smmu; struct arm_smmu_smr *smrs = smmu->smrs; int i, idx, ret; + struct iommu_fwspec *fwspec = arm_smmu_get_fwspec(cfg); spin_lock(&smmu->stream_map_lock); /* Figure out a viable stream map entry allocation */ - for_each_cfg_sme(cfg, i, idx) { + for_each_cfg_sme(cfg, i, idx, fwspec->num_ids) { if (idx != INVALID_SMENDX) { ret = -EEXIST; goto out_err; } - ret = arm_smmu_find_sme(smmu, cfg->streamids[i], 0); + ret = arm_smmu_find_sme(smmu, fwspec->ids[i], 0); if (ret < 0) goto out_err; idx = ret; if (smrs && smmu->s2crs[idx].count == 0) { - smrs[idx].id = cfg->streamids[i]; + smrs[idx].id = fwspec->ids[i]; smrs[idx].mask = 0; /* We don't currently share SMRs */ smrs[idx].valid = true; } @@ -1524,7 +1541,7 @@ static int arm_smmu_master_alloc_smes(struct device *dev) } /* It worked! Now, poke the actual hardware */ - for_each_cfg_sme(cfg, i, idx) { + for_each_cfg_sme(cfg, i, idx, fwspec->num_ids) { arm_smmu_write_sme(smmu, idx); } @@ -1544,9 +1561,10 @@ static void arm_smmu_master_free_smes(struct arm_smmu_master_cfg *cfg) { struct arm_smmu_device *smmu = cfg->smmu; int i, idx; + struct iommu_fwspec *fwspec = arm_smmu_get_fwspec(cfg); spin_lock(&smmu->stream_map_lock); - for_each_cfg_sme(cfg, i, idx) { + for_each_cfg_sme(cfg, i, idx, fwspec->num_ids) { if (arm_smmu_free_sme(smmu, idx)) arm_smmu_write_sme(smmu, idx); cfg->smendx[i] = INVALID_SMENDX; @@ -1562,8 +1580,9 @@ static int arm_smmu_domain_add_master(struct arm_smmu_domain *smmu_domain, enum arm_smmu_s2cr_type type = S2CR_TYPE_TRANS; u8 cbndx = smmu_domain->cfg.cbndx; int i, idx; + struct iommu_fwspec *fwspec = arm_smmu_get_fwspec(cfg); - for_each_cfg_sme(cfg, i, idx) { + for_each_cfg_sme(cfg, i, idx, fwspec->num_ids) { if (type == s2cr[idx].type && cbndx == s2cr[idx].cbndx) continue; @@ -1962,6 +1981,7 @@ static int arm_smmu_add_device(struct device *dev) struct arm_smmu_master_cfg *cfg; struct iommu_group *group; void (*releasefn)(void *) = NULL; + int ret; smmu = find_smmu_for_device(dev); if (!smmu) @@ -1969,19 +1989,26 @@ static int arm_smmu_add_device(struct device *dev) if (dev_is_pci(dev)) { struct pci_dev *pdev = to_pci_dev(dev); + struct iommu_fwspec *fwspec; cfg = kzalloc(sizeof(*cfg), GFP_KERNEL); if (!cfg) { return -ENOMEM; } - cfg->num_streamids = 1; + ret = iommu_fwspec_init(dev, smmu->dev); + if (ret) { + kfree(cfg); + return ret; + } + fwspec = dev_iommu_fwspec_get(dev); + /* * Assume Stream ID == Requester ID for now. * We need a way to describe the ID mappings in FDT. */ pci_for_each_dma_alias(pdev, __arm_smmu_get_pci_sid, - &cfg->streamids[0]); + &fwspec->ids[0]); releasefn = __arm_smmu_release_pci_iommudata; cfg->smmu = smmu; } else { -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Aug 03 09:44:27 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 03 Aug 2021 09:44:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.163347.299243 (Exim 4.92) (envelope-from ) id 1mAqyJ-0007jI-8M; Tue, 03 Aug 2021 09:44:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 163347.299243; Tue, 03 Aug 2021 09:44:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mAqyJ-0007jA-57; Tue, 03 Aug 2021 09:44:27 +0000 Received: by outflank-mailman (input) for mailman id 163347; Tue, 03 Aug 2021 09:44:26 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mAqyI-0007iy-2q for xen-changelog@lists.xenproject.org; Tue, 03 Aug 2021 09:44:26 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mAqyI-0000tS-1x for xen-changelog@lists.xenproject.org; Tue, 03 Aug 2021 09:44:26 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mAqyI-0000k1-1H for xen-changelog@lists.xenproject.org; Tue, 03 Aug 2021 09:44:26 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=8lYyTl2fwRGZD8L23zrQIGhZiDdjf98hC77jfCGYqo8=; b=JM81FU4GpADuKy7+RrNAo6jkas HmN9nl4Bf7sDWhCam6Ybedk6c5RbViOfYiOotX5pPbSPbCJas79t/DHfcW6+TzsQB89vROqby4xPL 3iRiPlrseYwWPMj9Xw/WHyKMp3I3YyXOxvpOx8G/FbulTltbc8qLAHH+YXCAt1ZWclF4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] arm,smmu: restructure code in preparation to new bindings support Message-Id: Date: Tue, 03 Aug 2021 09:44:26 +0000 commit 029760630a9023b2b49833a00a4768b541ff50d4 Author: Brian Woods AuthorDate: Mon Aug 2 17:24:08 2021 -0700 Commit: Julien Grall CommitDate: Tue Aug 3 10:38:55 2021 +0100 arm,smmu: restructure code in preparation to new bindings support Restructure some of the code and add supporting functions for adding generic device tree (DT) binding support. This will allow for using current Linux device trees with just modifying the chosen field to enable Xen. Signed-off-by: Brian Woods Signed-off-by: Stefano Stabellini Reviewed-by: Rahul Singh Acked-by: Julien Grall --- xen/drivers/passthrough/arm/smmu.c | 62 +++++++++++++++++++++----------------- 1 file changed, 34 insertions(+), 28 deletions(-) diff --git a/xen/drivers/passthrough/arm/smmu.c b/xen/drivers/passthrough/arm/smmu.c index 09773702c3..4aa3ecec57 100644 --- a/xen/drivers/passthrough/arm/smmu.c +++ b/xen/drivers/passthrough/arm/smmu.c @@ -812,53 +812,36 @@ static int insert_smmu_master(struct arm_smmu_device *smmu, return 0; } -static int register_smmu_master(struct arm_smmu_device *smmu, - struct device *dev, - struct of_phandle_args *masterspec) +static int arm_smmu_dt_add_device_legacy(struct arm_smmu_device *smmu, + struct device *dev, + struct iommu_fwspec *fwspec) { - int i, ret = 0; + int i; struct arm_smmu_master *master; - struct iommu_fwspec *fwspec; + struct device_node *dev_node = dev_get_dev_node(dev); - master = find_smmu_master(smmu, masterspec->np); + master = find_smmu_master(smmu, dev_node); if (master) { dev_err(dev, "rejecting multiple registrations for master device %s\n", - masterspec->np->name); + dev_node->name); return -EBUSY; } master = devm_kzalloc(dev, sizeof(*master), GFP_KERNEL); if (!master) return -ENOMEM; - master->of_node = masterspec->np; - - ret = iommu_fwspec_init(&master->of_node->dev, smmu->dev); - if (ret) { - kfree(master); - return ret; - } - - /* adding the ids here */ - ret = iommu_fwspec_add_ids(&masterspec->np->dev, - masterspec->args, - masterspec->args_count); - if (ret) - return ret; - - fwspec = dev_iommu_fwspec_get(dev); + master->of_node = dev_node; /* Xen: Let Xen know that the device is protected by an SMMU */ - dt_device_set_protected(masterspec->np); + dt_device_set_protected(dev_node); for (i = 0; i < fwspec->num_ids; ++i) { - u16 streamid = masterspec->args[i]; - if (!(smmu->features & ARM_SMMU_FEAT_STREAM_MATCH) && - (streamid >= smmu->num_mapping_groups)) { + (fwspec->ids[i] >= smmu->num_mapping_groups)) { dev_err(dev, "stream ID for master device %s greater than maximum allowed (%d)\n", - masterspec->np->name, smmu->num_mapping_groups); + dev_node->name, smmu->num_mapping_groups); return -ERANGE; } master->cfg.smendx[i] = INVALID_SMENDX; @@ -866,6 +849,29 @@ static int register_smmu_master(struct arm_smmu_device *smmu, return insert_smmu_master(smmu, master); } +static int register_smmu_master(struct arm_smmu_device *smmu, + struct device *dev, + struct of_phandle_args *masterspec) +{ + int ret = 0; + struct iommu_fwspec *fwspec; + + ret = iommu_fwspec_init(&masterspec->np->dev, smmu->dev); + if (ret) + return ret; + + ret = iommu_fwspec_add_ids(&masterspec->np->dev, + masterspec->args, + masterspec->args_count); + if (ret) + return ret; + + fwspec = dev_iommu_fwspec_get(&masterspec->np->dev); + return arm_smmu_dt_add_device_legacy(smmu, + &masterspec->np->dev, + fwspec); +} + static struct arm_smmu_device *find_smmu_for_device(struct device *dev) { struct arm_smmu_device *smmu; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Aug 03 09:44:37 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 03 Aug 2021 09:44:37 +0000 Received: from list by lists.xenproject.org with outflank-mailman.163348.299247 (Exim 4.92) (envelope-from ) id 1mAqyT-0007m2-9P; Tue, 03 Aug 2021 09:44:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 163348.299247; Tue, 03 Aug 2021 09:44:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mAqyT-0007lv-6c; Tue, 03 Aug 2021 09:44:37 +0000 Received: by outflank-mailman (input) for mailman id 163348; Tue, 03 Aug 2021 09:44:36 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mAqyS-0007ll-6Q for xen-changelog@lists.xenproject.org; Tue, 03 Aug 2021 09:44:36 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mAqyS-0000u2-5c for xen-changelog@lists.xenproject.org; Tue, 03 Aug 2021 09:44:36 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mAqyS-0000lE-4V for xen-changelog@lists.xenproject.org; Tue, 03 Aug 2021 09:44:36 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=LeQlsBL8y5QcQ48cy1g+PI+NqLR7aZBoM68RSnsh9z8=; b=VMQUVvKcw8Geq7JKMN2jsWgO+o 2s56E5Nr+x4HGEX2WZbaCHPjBVTKR5KQkOdjlwAomwyJsBe5FKHHs3XhirG7M4/TmByu3Jn9qok1g 68bwNO9bvd/rDm/3AeMy09DSz1TwyGVVDZpTWXtOTBySG4gSR+frVAdVpzZwcTCEhJxI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] arm,smmu: add support for generic DT bindings. Implement add_device and dt_xlate. Message-Id: Date: Tue, 03 Aug 2021 09:44:36 +0000 commit 2278d2cbb0b7c1b48b298c6c4c6a7de2271ac928 Author: Brian Woods AuthorDate: Mon Aug 2 17:24:09 2021 -0700 Commit: Julien Grall CommitDate: Tue Aug 3 10:38:55 2021 +0100 arm,smmu: add support for generic DT bindings. Implement add_device and dt_xlate. For the legacy path, arm_smmu_dt_add_device_legacy is called by register_smmu_master scanning mmu-masters (a fwspec entry is also created.) For the generic path, arm_smmu_dt_add_device_generic gets called instead. Then, arm_smmu_dt_add_device_generic calls arm_smmu_dt_add_device_legacy afterwards, shared with the legacy path. This way most of the low level implementation is shared between the two paths. If both legacy bindings and generic bindings are present in device tree, the legacy bindings are the ones that are used. That's because mmu-masters is parsed by xen/drivers/passthrough/arm/smmu.c:arm_smmu_device_dt_probe which is called by arm_smmu_dt_init. It happens very early. iommus is parsed by xen/drivers/passthrough/device_tree.c:iommu_add_dt_device which is called by xen/arch/arm/domain_build.c:handle_device and happens afterwards. arm_smmu_dt_xlate_generic is a verbatim copy from Linux (drivers/iommu/arm/arm-smmu/arm-smmu.c:arm_smmu_of_xlate, version v5.10). A workaround was introduced by cf4af9d6d6c (xen/arm: boot with device trees with "mmu-masters" and "iommus") because the SMMU driver only supported the legacy bindings. Remove it now. Signed-off-by: Brian Woods Signed-off-by: Stefano Stabellini Reviewed-by: Rahul Singh Acked-by: Julien Grall --- xen/drivers/passthrough/arm/smmu.c | 40 ++++++++++++++++++++++++++++++++++- xen/drivers/passthrough/device_tree.c | 17 +-------------- 2 files changed, 40 insertions(+), 17 deletions(-) diff --git a/xen/drivers/passthrough/arm/smmu.c b/xen/drivers/passthrough/arm/smmu.c index 4aa3ecec57..c234ad9c7f 100644 --- a/xen/drivers/passthrough/arm/smmu.c +++ b/xen/drivers/passthrough/arm/smmu.c @@ -256,6 +256,8 @@ struct iommu_group atomic_t ref; }; +static struct arm_smmu_device *find_smmu(const struct device *dev); + static struct iommu_group *iommu_group_alloc(void) { struct iommu_group *group = xzalloc(struct iommu_group); @@ -444,6 +446,8 @@ static struct iommu_group *iommu_group_get(struct device *dev) #define SMR_VALID (1U << 31) #define SMR_MASK_SHIFT 16 #define SMR_ID_SHIFT 0 +#define SMR_ID_MASK 0x7fff +#define SMR_MASK_MASK 0x7fff #define ARM_SMMU_GR0_S2CR(n) (0xc00 + ((n) << 2)) #define S2CR_CBNDX_SHIFT 0 @@ -872,6 +876,38 @@ static int register_smmu_master(struct arm_smmu_device *smmu, fwspec); } +static int arm_smmu_dt_add_device_generic(u8 devfn, struct device *dev) +{ + struct arm_smmu_device *smmu; + struct iommu_fwspec *fwspec; + + fwspec = dev_iommu_fwspec_get(dev); + if (fwspec == NULL) + return -ENXIO; + + smmu = find_smmu(fwspec->iommu_dev); + if (smmu == NULL) + return -ENXIO; + + return arm_smmu_dt_add_device_legacy(smmu, dev, fwspec); +} + +static int arm_smmu_dt_xlate_generic(struct device *dev, + const struct dt_phandle_args *spec) +{ + uint32_t mask, fwid = 0; + + if (spec->args_count > 0) + fwid |= (SMR_ID_MASK & spec->args[0]) << SMR_ID_SHIFT; + + if (spec->args_count > 1) + fwid |= (SMR_MASK_MASK & spec->args[1]) << SMR_MASK_SHIFT; + else if (!of_property_read_u32(spec->np, "stream-match-mask", &mask)) + fwid |= (SMR_MASK_MASK & mask) << SMR_MASK_SHIFT; + + return iommu_fwspec_add_ids(dev, &fwid, 1); +} + static struct arm_smmu_device *find_smmu_for_device(struct device *dev) { struct arm_smmu_device *smmu; @@ -2837,6 +2873,7 @@ static void arm_smmu_iommu_domain_teardown(struct domain *d) static const struct iommu_ops arm_smmu_iommu_ops = { .init = arm_smmu_iommu_domain_init, .hwdom_init = arm_smmu_iommu_hwdom_init, + .add_device = arm_smmu_dt_add_device_generic, .teardown = arm_smmu_iommu_domain_teardown, .iotlb_flush = arm_smmu_iotlb_flush, .iotlb_flush_all = arm_smmu_iotlb_flush_all, @@ -2844,9 +2881,10 @@ static const struct iommu_ops arm_smmu_iommu_ops = { .reassign_device = arm_smmu_reassign_dev, .map_page = arm_iommu_map_page, .unmap_page = arm_iommu_unmap_page, + .dt_xlate = arm_smmu_dt_xlate_generic, }; -static __init const struct arm_smmu_device *find_smmu(const struct device *dev) +static struct arm_smmu_device *find_smmu(const struct device *dev) { struct arm_smmu_device *smmu; bool found = false; diff --git a/xen/drivers/passthrough/device_tree.c b/xen/drivers/passthrough/device_tree.c index 9249f21c01..98f2aa0dad 100644 --- a/xen/drivers/passthrough/device_tree.c +++ b/xen/drivers/passthrough/device_tree.c @@ -159,22 +159,7 @@ int iommu_add_dt_device(struct dt_device_node *np) * these callback implemented. */ if ( !ops->add_device || !ops->dt_xlate ) - { - /* - * Some Device Trees may expose both legacy SMMU and generic - * IOMMU bindings together. However, the SMMU driver is only - * supporting the former and will protect them during the - * initialization. So we need to skip them and not return - * error here. - * - * XXX: This can be dropped when the SMMU is able to deal - * with generic bindings. - */ - if ( dt_device_is_protected(np) ) - return 0; - else - return -EINVAL; - } + return -EINVAL; if ( !dt_device_is_available(iommu_spec.np) ) break; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Aug 03 23:33:07 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 03 Aug 2021 23:33:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.163638.299708 (Exim 4.92) (envelope-from ) id 1mB3uB-0006zi-2D; Tue, 03 Aug 2021 23:33:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 163638.299708; Tue, 03 Aug 2021 23:33:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mB3uA-0006zZ-VG; Tue, 03 Aug 2021 23:33:02 +0000 Received: by outflank-mailman (input) for mailman id 163638; Tue, 03 Aug 2021 23:33:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mB3u9-0006zS-NJ for xen-changelog@lists.xenproject.org; Tue, 03 Aug 2021 23:33:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mB3u9-0005Ko-MS for xen-changelog@lists.xenproject.org; Tue, 03 Aug 2021 23:33:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mB3u9-0007Fi-LI for xen-changelog@lists.xenproject.org; Tue, 03 Aug 2021 23:33:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=uS8IRULQSI9MmeAdqsK2xT7++/4RegLuF3sbYQFel0U=; b=eeqTxRUJD56YVm4vJM4oSIA581 aijkIpyxYI9Dufs2UHsC1mXo+PVKQZXfc8tX8uZ2fHm1IXsUUnFKsx6suycblmLFtVcmzoZMKi/3C dopAiRTMGRYbc6GVygpOeLXKNRFWHSB+g8GL0k9XsQm9AJBuwqQ+gDkjvSJ5i3cyWZ5s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen: do not return -EEXIST if iommu_add_dt_device is called twice Message-Id: Date: Tue, 03 Aug 2021 23:33:01 +0000 commit 3be443e726626913e328a9a7123cdd19f1c49edb Author: Stefano Stabellini AuthorDate: Mon Aug 2 17:24:07 2021 -0700 Commit: Julien Grall CommitDate: Tue Aug 3 10:38:55 2021 +0100 xen: do not return -EEXIST if iommu_add_dt_device is called twice iommu_add_dt_device() returns -EEXIST if the device was already registered. At the moment, this can only happen if the device was already assigned to a domain (either dom0 at boot or via XEN_DOMCTL_assign_device). In a follow-up patch, we will convert the SMMU driver to use the FW spec. When the legacy bindings are used, all the devices will be registered at probe. Therefore, iommu_add_dt_device() will always returns -EEXIST. Currently, one caller (XEN_DOMCTL_assign_device) will check the return and ignore -EEXIST. All the other will fail because it was technically a programming error. However, there is no harm to call iommu_add_dt_device() twice, so we can simply return 0. With that in place the caller doesn't need to check -EEXIST anymore, so remove the check. Signed-off-by: Stefano Stabellini Acked-by: Julien Grall --- xen/drivers/passthrough/device_tree.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/xen/drivers/passthrough/device_tree.c b/xen/drivers/passthrough/device_tree.c index 999b831d90..9249f21c01 100644 --- a/xen/drivers/passthrough/device_tree.c +++ b/xen/drivers/passthrough/device_tree.c @@ -140,8 +140,12 @@ int iommu_add_dt_device(struct dt_device_node *np) if ( !ops ) return -EINVAL; + /* + * The device may already have been registered. As there is no harm in + * it just return success early. + */ if ( dev_iommu_fwspec_get(dev) ) - return -EEXIST; + return 0; /* * According to the Documentation/devicetree/bindings/iommu/iommu.txt @@ -249,12 +253,7 @@ int iommu_do_dt_domctl(struct xen_domctl *domctl, struct domain *d, return -EINVAL; ret = iommu_add_dt_device(dev); - /* - * Ignore "-EEXIST" error code as it would mean that the device is - * already added to the IOMMU (positive result). Such happens after - * re-creating guest domain. - */ - if ( ret < 0 && ret != -EEXIST ) + if ( ret < 0 ) { printk(XENLOG_G_ERR "Failed to add %s to the IOMMU\n", dt_node_full_name(dev)); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Aug 03 23:33:13 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 03 Aug 2021 23:33:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.163639.299712 (Exim 4.92) (envelope-from ) id 1mB3uL-000733-3b; Tue, 03 Aug 2021 23:33:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 163639.299712; Tue, 03 Aug 2021 23:33:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mB3uL-00072v-0U; Tue, 03 Aug 2021 23:33:13 +0000 Received: by outflank-mailman (input) for mailman id 163639; Tue, 03 Aug 2021 23:33:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mB3uJ-00071q-Qy for xen-changelog@lists.xenproject.org; Tue, 03 Aug 2021 23:33:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mB3uJ-0005M1-QE for xen-changelog@lists.xenproject.org; Tue, 03 Aug 2021 23:33:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mB3uJ-0007HC-P8 for xen-changelog@lists.xenproject.org; Tue, 03 Aug 2021 23:33:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=J+3mgiBBIAsjwM4MLkp2/gfti2LSoMPktVuKK7ZMZgc=; b=xd3Jfdd+feJJ2zpgkDWls27vOl F7Mtjq/7D+DHfECpqemqM4NOpSMlWaToQHJuE9KJ2R46CahiUUE8Dcp79g8kOnCVzq0MZS+TxducF z4pI3gLMKvYBzNhswhVq9FzXgb4+3AyV2MmtIIB0vWhGkMF9RBwopAdEjO3TVObeHdD8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] arm,smmu: switch to using iommu_fwspec functions Message-Id: Date: Tue, 03 Aug 2021 23:33:11 +0000 commit 4a692732105bc6357c64e5af93785bbfa28d6704 Author: Brian Woods AuthorDate: Mon Aug 2 17:24:06 2021 -0700 Commit: Julien Grall CommitDate: Tue Aug 3 10:38:55 2021 +0100 arm,smmu: switch to using iommu_fwspec functions Modify the smmu driver so that it uses the iommu_fwspec helper functions. This means both ARM IOMMU drivers will both use the iommu_fwspec helper functions, making enabling generic device tree bindings in the SMMU driver much cleaner. Signed-off-by: Brian Woods Signed-off-by: Stefano Stabellini Reviewed-by: Rahul Singh Acked-by: Julien Grall --- xen/drivers/passthrough/arm/smmu.c | 75 ++++++++++++++++++++++++++------------ 1 file changed, 51 insertions(+), 24 deletions(-) diff --git a/xen/drivers/passthrough/arm/smmu.c b/xen/drivers/passthrough/arm/smmu.c index 658c40433c..09773702c3 100644 --- a/xen/drivers/passthrough/arm/smmu.c +++ b/xen/drivers/passthrough/arm/smmu.c @@ -32,6 +32,9 @@ * - 4k and 64k pages, with contiguous pte hints. * - Up to 48-bit addressing (dependent on VA_BITS) * - Context fault reporting + * + * Changes compared to Linux driver: + * - support for fwspec */ @@ -49,6 +52,7 @@ #include #include #include +#include #include /* Xen: The below defines are redefined within the file. Undef it */ @@ -617,13 +621,11 @@ struct arm_smmu_smr { struct arm_smmu_master_cfg { struct arm_smmu_device *smmu; - int num_streamids; - u16 streamids[MAX_MASTER_STREAMIDS]; s16 smendx[MAX_MASTER_STREAMIDS]; }; #define INVALID_SMENDX -1 -#define for_each_cfg_sme(cfg, i, idx) \ - for (i = 0; idx = cfg->smendx[i], i < cfg->num_streamids; ++i) +#define for_each_cfg_sme(cfg, i, idx, num) \ + for (i = 0; idx = cfg->smendx[i], i < num; ++i) struct arm_smmu_master { struct device_node *of_node; @@ -713,6 +715,14 @@ static struct arm_smmu_option_prop arm_smmu_options[] = { { 0, NULL}, }; +static inline struct iommu_fwspec * +arm_smmu_get_fwspec(struct arm_smmu_master_cfg *cfg) +{ + struct arm_smmu_master *master = container_of(cfg, + struct arm_smmu_master, cfg); + return dev_iommu_fwspec_get(&master->of_node->dev); +} + static void parse_driver_options(struct arm_smmu_device *smmu) { int i = 0; @@ -806,8 +816,9 @@ static int register_smmu_master(struct arm_smmu_device *smmu, struct device *dev, struct of_phandle_args *masterspec) { - int i; + int i, ret = 0; struct arm_smmu_master *master; + struct iommu_fwspec *fwspec; master = find_smmu_master(smmu, masterspec->np); if (master) { @@ -817,24 +828,30 @@ static int register_smmu_master(struct arm_smmu_device *smmu, return -EBUSY; } - if (masterspec->args_count > MAX_MASTER_STREAMIDS) { - dev_err(dev, - "reached maximum number (%d) of stream IDs for master device %s\n", - MAX_MASTER_STREAMIDS, masterspec->np->name); - return -ENOSPC; - } - master = devm_kzalloc(dev, sizeof(*master), GFP_KERNEL); if (!master) return -ENOMEM; + master->of_node = masterspec->np; - master->of_node = masterspec->np; - master->cfg.num_streamids = masterspec->args_count; + ret = iommu_fwspec_init(&master->of_node->dev, smmu->dev); + if (ret) { + kfree(master); + return ret; + } + + /* adding the ids here */ + ret = iommu_fwspec_add_ids(&masterspec->np->dev, + masterspec->args, + masterspec->args_count); + if (ret) + return ret; + + fwspec = dev_iommu_fwspec_get(dev); /* Xen: Let Xen know that the device is protected by an SMMU */ dt_device_set_protected(masterspec->np); - for (i = 0; i < master->cfg.num_streamids; ++i) { + for (i = 0; i < fwspec->num_ids; ++i) { u16 streamid = masterspec->args[i]; if (!(smmu->features & ARM_SMMU_FEAT_STREAM_MATCH) && @@ -844,7 +861,6 @@ static int register_smmu_master(struct arm_smmu_device *smmu, masterspec->np->name, smmu->num_mapping_groups); return -ERANGE; } - master->cfg.streamids[i] = streamid; master->cfg.smendx[i] = INVALID_SMENDX; } return insert_smmu_master(smmu, master); @@ -1500,22 +1516,23 @@ static int arm_smmu_master_alloc_smes(struct device *dev) struct arm_smmu_device *smmu = cfg->smmu; struct arm_smmu_smr *smrs = smmu->smrs; int i, idx, ret; + struct iommu_fwspec *fwspec = arm_smmu_get_fwspec(cfg); spin_lock(&smmu->stream_map_lock); /* Figure out a viable stream map entry allocation */ - for_each_cfg_sme(cfg, i, idx) { + for_each_cfg_sme(cfg, i, idx, fwspec->num_ids) { if (idx != INVALID_SMENDX) { ret = -EEXIST; goto out_err; } - ret = arm_smmu_find_sme(smmu, cfg->streamids[i], 0); + ret = arm_smmu_find_sme(smmu, fwspec->ids[i], 0); if (ret < 0) goto out_err; idx = ret; if (smrs && smmu->s2crs[idx].count == 0) { - smrs[idx].id = cfg->streamids[i]; + smrs[idx].id = fwspec->ids[i]; smrs[idx].mask = 0; /* We don't currently share SMRs */ smrs[idx].valid = true; } @@ -1524,7 +1541,7 @@ static int arm_smmu_master_alloc_smes(struct device *dev) } /* It worked! Now, poke the actual hardware */ - for_each_cfg_sme(cfg, i, idx) { + for_each_cfg_sme(cfg, i, idx, fwspec->num_ids) { arm_smmu_write_sme(smmu, idx); } @@ -1544,9 +1561,10 @@ static void arm_smmu_master_free_smes(struct arm_smmu_master_cfg *cfg) { struct arm_smmu_device *smmu = cfg->smmu; int i, idx; + struct iommu_fwspec *fwspec = arm_smmu_get_fwspec(cfg); spin_lock(&smmu->stream_map_lock); - for_each_cfg_sme(cfg, i, idx) { + for_each_cfg_sme(cfg, i, idx, fwspec->num_ids) { if (arm_smmu_free_sme(smmu, idx)) arm_smmu_write_sme(smmu, idx); cfg->smendx[i] = INVALID_SMENDX; @@ -1562,8 +1580,9 @@ static int arm_smmu_domain_add_master(struct arm_smmu_domain *smmu_domain, enum arm_smmu_s2cr_type type = S2CR_TYPE_TRANS; u8 cbndx = smmu_domain->cfg.cbndx; int i, idx; + struct iommu_fwspec *fwspec = arm_smmu_get_fwspec(cfg); - for_each_cfg_sme(cfg, i, idx) { + for_each_cfg_sme(cfg, i, idx, fwspec->num_ids) { if (type == s2cr[idx].type && cbndx == s2cr[idx].cbndx) continue; @@ -1962,6 +1981,7 @@ static int arm_smmu_add_device(struct device *dev) struct arm_smmu_master_cfg *cfg; struct iommu_group *group; void (*releasefn)(void *) = NULL; + int ret; smmu = find_smmu_for_device(dev); if (!smmu) @@ -1969,19 +1989,26 @@ static int arm_smmu_add_device(struct device *dev) if (dev_is_pci(dev)) { struct pci_dev *pdev = to_pci_dev(dev); + struct iommu_fwspec *fwspec; cfg = kzalloc(sizeof(*cfg), GFP_KERNEL); if (!cfg) { return -ENOMEM; } - cfg->num_streamids = 1; + ret = iommu_fwspec_init(dev, smmu->dev); + if (ret) { + kfree(cfg); + return ret; + } + fwspec = dev_iommu_fwspec_get(dev); + /* * Assume Stream ID == Requester ID for now. * We need a way to describe the ID mappings in FDT. */ pci_for_each_dma_alias(pdev, __arm_smmu_get_pci_sid, - &cfg->streamids[0]); + &fwspec->ids[0]); releasefn = __arm_smmu_release_pci_iommudata; cfg->smmu = smmu; } else { -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Aug 03 23:33:23 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 03 Aug 2021 23:33:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.163640.299716 (Exim 4.92) (envelope-from ) id 1mB3uV-00076B-4w; Tue, 03 Aug 2021 23:33:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 163640.299716; Tue, 03 Aug 2021 23:33:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mB3uV-000763-24; Tue, 03 Aug 2021 23:33:23 +0000 Received: by outflank-mailman (input) for mailman id 163640; Tue, 03 Aug 2021 23:33:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mB3uT-00075t-Uf for xen-changelog@lists.xenproject.org; Tue, 03 Aug 2021 23:33:21 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mB3uT-0005MB-Tr for xen-changelog@lists.xenproject.org; Tue, 03 Aug 2021 23:33:21 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mB3uT-0007Hx-Sr for xen-changelog@lists.xenproject.org; Tue, 03 Aug 2021 23:33:21 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=j544omLZdtM/Zul9j3cdreEcBIRN2ZRBe/SD8Rq5nT8=; b=QuvvinhYzQY8AluntBge4c3yve 6/fLt7F9mHX38+GgAuO5fQ9Xp+p9w7A7LcnnXzjwZIrLRzlb6q3ERXyA+UTumLoY7KYj+aFukLDty py8bE0hhWchMq02KGQAKlHP4zSoAYsVuW6VOVUC+/ITuBBaRyhJEIa5OqpuAk+kO+7AM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] arm,smmu: restructure code in preparation to new bindings support Message-Id: Date: Tue, 03 Aug 2021 23:33:21 +0000 commit 029760630a9023b2b49833a00a4768b541ff50d4 Author: Brian Woods AuthorDate: Mon Aug 2 17:24:08 2021 -0700 Commit: Julien Grall CommitDate: Tue Aug 3 10:38:55 2021 +0100 arm,smmu: restructure code in preparation to new bindings support Restructure some of the code and add supporting functions for adding generic device tree (DT) binding support. This will allow for using current Linux device trees with just modifying the chosen field to enable Xen. Signed-off-by: Brian Woods Signed-off-by: Stefano Stabellini Reviewed-by: Rahul Singh Acked-by: Julien Grall --- xen/drivers/passthrough/arm/smmu.c | 62 +++++++++++++++++++++----------------- 1 file changed, 34 insertions(+), 28 deletions(-) diff --git a/xen/drivers/passthrough/arm/smmu.c b/xen/drivers/passthrough/arm/smmu.c index 09773702c3..4aa3ecec57 100644 --- a/xen/drivers/passthrough/arm/smmu.c +++ b/xen/drivers/passthrough/arm/smmu.c @@ -812,53 +812,36 @@ static int insert_smmu_master(struct arm_smmu_device *smmu, return 0; } -static int register_smmu_master(struct arm_smmu_device *smmu, - struct device *dev, - struct of_phandle_args *masterspec) +static int arm_smmu_dt_add_device_legacy(struct arm_smmu_device *smmu, + struct device *dev, + struct iommu_fwspec *fwspec) { - int i, ret = 0; + int i; struct arm_smmu_master *master; - struct iommu_fwspec *fwspec; + struct device_node *dev_node = dev_get_dev_node(dev); - master = find_smmu_master(smmu, masterspec->np); + master = find_smmu_master(smmu, dev_node); if (master) { dev_err(dev, "rejecting multiple registrations for master device %s\n", - masterspec->np->name); + dev_node->name); return -EBUSY; } master = devm_kzalloc(dev, sizeof(*master), GFP_KERNEL); if (!master) return -ENOMEM; - master->of_node = masterspec->np; - - ret = iommu_fwspec_init(&master->of_node->dev, smmu->dev); - if (ret) { - kfree(master); - return ret; - } - - /* adding the ids here */ - ret = iommu_fwspec_add_ids(&masterspec->np->dev, - masterspec->args, - masterspec->args_count); - if (ret) - return ret; - - fwspec = dev_iommu_fwspec_get(dev); + master->of_node = dev_node; /* Xen: Let Xen know that the device is protected by an SMMU */ - dt_device_set_protected(masterspec->np); + dt_device_set_protected(dev_node); for (i = 0; i < fwspec->num_ids; ++i) { - u16 streamid = masterspec->args[i]; - if (!(smmu->features & ARM_SMMU_FEAT_STREAM_MATCH) && - (streamid >= smmu->num_mapping_groups)) { + (fwspec->ids[i] >= smmu->num_mapping_groups)) { dev_err(dev, "stream ID for master device %s greater than maximum allowed (%d)\n", - masterspec->np->name, smmu->num_mapping_groups); + dev_node->name, smmu->num_mapping_groups); return -ERANGE; } master->cfg.smendx[i] = INVALID_SMENDX; @@ -866,6 +849,29 @@ static int register_smmu_master(struct arm_smmu_device *smmu, return insert_smmu_master(smmu, master); } +static int register_smmu_master(struct arm_smmu_device *smmu, + struct device *dev, + struct of_phandle_args *masterspec) +{ + int ret = 0; + struct iommu_fwspec *fwspec; + + ret = iommu_fwspec_init(&masterspec->np->dev, smmu->dev); + if (ret) + return ret; + + ret = iommu_fwspec_add_ids(&masterspec->np->dev, + masterspec->args, + masterspec->args_count); + if (ret) + return ret; + + fwspec = dev_iommu_fwspec_get(&masterspec->np->dev); + return arm_smmu_dt_add_device_legacy(smmu, + &masterspec->np->dev, + fwspec); +} + static struct arm_smmu_device *find_smmu_for_device(struct device *dev) { struct arm_smmu_device *smmu; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Aug 03 23:33:33 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 03 Aug 2021 23:33:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.163641.299720 (Exim 4.92) (envelope-from ) id 1mB3uf-000799-6T; Tue, 03 Aug 2021 23:33:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 163641.299720; Tue, 03 Aug 2021 23:33:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mB3uf-000791-3X; Tue, 03 Aug 2021 23:33:33 +0000 Received: by outflank-mailman (input) for mailman id 163641; Tue, 03 Aug 2021 23:33:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mB3ue-00078q-23 for xen-changelog@lists.xenproject.org; Tue, 03 Aug 2021 23:33:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mB3ue-0005ML-1D for xen-changelog@lists.xenproject.org; Tue, 03 Aug 2021 23:33:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mB3ue-0007Ii-0F for xen-changelog@lists.xenproject.org; Tue, 03 Aug 2021 23:33:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=nfiKt/YVYGFv7pXwLa5bzSHFOvrvsZ/UiwXd8Woy6DQ=; b=kSeFwZ08PH5YCR9HPyNczaFXaz 0TAdsQI/84YYbryP5td85zu2z8yoRu5996MMSCJ1ILiJmhRBaunQfqJjpshpP53SoClIpzNYPPHiB rskvy1I+h94BNingDm/SxEAC52JLFvMtIsDTL7mfKoOPWJTaqL1xUp3wHcOjRajwFzq8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] arm,smmu: add support for generic DT bindings. Implement add_device and dt_xlate. Message-Id: Date: Tue, 03 Aug 2021 23:33:32 +0000 commit 2278d2cbb0b7c1b48b298c6c4c6a7de2271ac928 Author: Brian Woods AuthorDate: Mon Aug 2 17:24:09 2021 -0700 Commit: Julien Grall CommitDate: Tue Aug 3 10:38:55 2021 +0100 arm,smmu: add support for generic DT bindings. Implement add_device and dt_xlate. For the legacy path, arm_smmu_dt_add_device_legacy is called by register_smmu_master scanning mmu-masters (a fwspec entry is also created.) For the generic path, arm_smmu_dt_add_device_generic gets called instead. Then, arm_smmu_dt_add_device_generic calls arm_smmu_dt_add_device_legacy afterwards, shared with the legacy path. This way most of the low level implementation is shared between the two paths. If both legacy bindings and generic bindings are present in device tree, the legacy bindings are the ones that are used. That's because mmu-masters is parsed by xen/drivers/passthrough/arm/smmu.c:arm_smmu_device_dt_probe which is called by arm_smmu_dt_init. It happens very early. iommus is parsed by xen/drivers/passthrough/device_tree.c:iommu_add_dt_device which is called by xen/arch/arm/domain_build.c:handle_device and happens afterwards. arm_smmu_dt_xlate_generic is a verbatim copy from Linux (drivers/iommu/arm/arm-smmu/arm-smmu.c:arm_smmu_of_xlate, version v5.10). A workaround was introduced by cf4af9d6d6c (xen/arm: boot with device trees with "mmu-masters" and "iommus") because the SMMU driver only supported the legacy bindings. Remove it now. Signed-off-by: Brian Woods Signed-off-by: Stefano Stabellini Reviewed-by: Rahul Singh Acked-by: Julien Grall --- xen/drivers/passthrough/arm/smmu.c | 40 ++++++++++++++++++++++++++++++++++- xen/drivers/passthrough/device_tree.c | 17 +-------------- 2 files changed, 40 insertions(+), 17 deletions(-) diff --git a/xen/drivers/passthrough/arm/smmu.c b/xen/drivers/passthrough/arm/smmu.c index 4aa3ecec57..c234ad9c7f 100644 --- a/xen/drivers/passthrough/arm/smmu.c +++ b/xen/drivers/passthrough/arm/smmu.c @@ -256,6 +256,8 @@ struct iommu_group atomic_t ref; }; +static struct arm_smmu_device *find_smmu(const struct device *dev); + static struct iommu_group *iommu_group_alloc(void) { struct iommu_group *group = xzalloc(struct iommu_group); @@ -444,6 +446,8 @@ static struct iommu_group *iommu_group_get(struct device *dev) #define SMR_VALID (1U << 31) #define SMR_MASK_SHIFT 16 #define SMR_ID_SHIFT 0 +#define SMR_ID_MASK 0x7fff +#define SMR_MASK_MASK 0x7fff #define ARM_SMMU_GR0_S2CR(n) (0xc00 + ((n) << 2)) #define S2CR_CBNDX_SHIFT 0 @@ -872,6 +876,38 @@ static int register_smmu_master(struct arm_smmu_device *smmu, fwspec); } +static int arm_smmu_dt_add_device_generic(u8 devfn, struct device *dev) +{ + struct arm_smmu_device *smmu; + struct iommu_fwspec *fwspec; + + fwspec = dev_iommu_fwspec_get(dev); + if (fwspec == NULL) + return -ENXIO; + + smmu = find_smmu(fwspec->iommu_dev); + if (smmu == NULL) + return -ENXIO; + + return arm_smmu_dt_add_device_legacy(smmu, dev, fwspec); +} + +static int arm_smmu_dt_xlate_generic(struct device *dev, + const struct dt_phandle_args *spec) +{ + uint32_t mask, fwid = 0; + + if (spec->args_count > 0) + fwid |= (SMR_ID_MASK & spec->args[0]) << SMR_ID_SHIFT; + + if (spec->args_count > 1) + fwid |= (SMR_MASK_MASK & spec->args[1]) << SMR_MASK_SHIFT; + else if (!of_property_read_u32(spec->np, "stream-match-mask", &mask)) + fwid |= (SMR_MASK_MASK & mask) << SMR_MASK_SHIFT; + + return iommu_fwspec_add_ids(dev, &fwid, 1); +} + static struct arm_smmu_device *find_smmu_for_device(struct device *dev) { struct arm_smmu_device *smmu; @@ -2837,6 +2873,7 @@ static void arm_smmu_iommu_domain_teardown(struct domain *d) static const struct iommu_ops arm_smmu_iommu_ops = { .init = arm_smmu_iommu_domain_init, .hwdom_init = arm_smmu_iommu_hwdom_init, + .add_device = arm_smmu_dt_add_device_generic, .teardown = arm_smmu_iommu_domain_teardown, .iotlb_flush = arm_smmu_iotlb_flush, .iotlb_flush_all = arm_smmu_iotlb_flush_all, @@ -2844,9 +2881,10 @@ static const struct iommu_ops arm_smmu_iommu_ops = { .reassign_device = arm_smmu_reassign_dev, .map_page = arm_iommu_map_page, .unmap_page = arm_iommu_unmap_page, + .dt_xlate = arm_smmu_dt_xlate_generic, }; -static __init const struct arm_smmu_device *find_smmu(const struct device *dev) +static struct arm_smmu_device *find_smmu(const struct device *dev) { struct arm_smmu_device *smmu; bool found = false; diff --git a/xen/drivers/passthrough/device_tree.c b/xen/drivers/passthrough/device_tree.c index 9249f21c01..98f2aa0dad 100644 --- a/xen/drivers/passthrough/device_tree.c +++ b/xen/drivers/passthrough/device_tree.c @@ -159,22 +159,7 @@ int iommu_add_dt_device(struct dt_device_node *np) * these callback implemented. */ if ( !ops->add_device || !ops->dt_xlate ) - { - /* - * Some Device Trees may expose both legacy SMMU and generic - * IOMMU bindings together. However, the SMMU driver is only - * supporting the former and will protect them during the - * initialization. So we need to skip them and not return - * error here. - * - * XXX: This can be dropped when the SMMU is able to deal - * with generic bindings. - */ - if ( dt_device_is_protected(np) ) - return 0; - else - return -EINVAL; - } + return -EINVAL; if ( !dt_device_is_available(iommu_spec.np) ) break; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Aug 05 23:33:12 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 05 Aug 2021 23:33:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.164602.300900 (Exim 4.92) (envelope-from ) id 1mBmrJ-0001DB-Tg; Thu, 05 Aug 2021 23:33:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 164602.300900; Thu, 05 Aug 2021 23:33:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mBmrJ-0001D3-Qm; Thu, 05 Aug 2021 23:33:05 +0000 Received: by outflank-mailman (input) for mailman id 164602; Thu, 05 Aug 2021 23:33:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mBmrI-0001Cx-T2 for xen-changelog@lists.xenproject.org; Thu, 05 Aug 2021 23:33:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mBmrI-0006G2-Qd for xen-changelog@lists.xenproject.org; Thu, 05 Aug 2021 23:33:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mBmrI-0000Zi-PQ for xen-changelog@lists.xenproject.org; Thu, 05 Aug 2021 23:33:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=P6DuQnJ1Ok79f+JmgsQzaajMQjUto6j7aKBWBcgNGXw=; b=covEObkqWT2/R3Q3f4VBhEH6q1 pZUny9NsZI27lj4ws3Yz04gvSpEf74sHTK2cFSjhlyXyRQXpTN+Vvt5ruQ16BFs7FdcTGdZJ5Tlji R7WAvNXJoJwuEQ9wfeT4/uLb07p3jdnoV+1XYOcQKLt/6E7pFOxA3Qh818+t0+s8sZSs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: Do not invalidate the P2M when the PT is shared with the IOMMU Message-Id: Date: Thu, 05 Aug 2021 23:33:04 +0000 commit 2b45ff60301a988badec526846e77b538383ae63 Author: Stefano Stabellini AuthorDate: Wed Aug 4 13:57:07 2021 -0700 Commit: Stefano Stabellini CommitDate: Thu Aug 5 16:27:52 2021 -0700 xen/arm: Do not invalidate the P2M when the PT is shared with the IOMMU Set/Way flushes never work correctly in a virtualized environment. Our current implementation is based on clearing the valid bit in the p2m pagetable to track guest memory accesses. This technique doesn't work when the IOMMU is enabled for the domain and the pagetable is shared between IOMMU and MMU because it triggers IOMMU faults. Specifically, p2m_invalidate_root causes IOMMU faults if iommu_use_hap_pt returns true for the domain. Add a check in p2m_set_way_flush: if a set/way instruction is used and iommu_use_hap_pt returns true, rather than failing with obscure IOMMU faults, inject an undef exception straight away into the guest, and print a verbose error message to explain the problem. Also add an ASSERT in p2m_invalidate_root to make sure we don't inadvertently stumble across this problem again in the future. Signed-off-by: Stefano Stabellini Reviewed-by: Julien Grall --- xen/arch/arm/arm64/vsysreg.c | 2 +- xen/arch/arm/p2m.c | 17 ++++++++++++++++- xen/arch/arm/vcpreg.c | 2 +- xen/include/asm-arm/p2m.h | 4 +++- 4 files changed, 21 insertions(+), 4 deletions(-) diff --git a/xen/arch/arm/arm64/vsysreg.c b/xen/arch/arm/arm64/vsysreg.c index caf17174b8..887266dd46 100644 --- a/xen/arch/arm/arm64/vsysreg.c +++ b/xen/arch/arm/arm64/vsysreg.c @@ -106,7 +106,7 @@ void do_sysreg(struct cpu_user_regs *regs, case HSR_SYSREG_DCCSW: case HSR_SYSREG_DCCISW: if ( !hsr.sysreg.read ) - p2m_set_way_flush(current); + p2m_set_way_flush(current, regs, hsr); break; /* diff --git a/xen/arch/arm/p2m.c b/xen/arch/arm/p2m.c index d414c4feb9..eff9a105e7 100644 --- a/xen/arch/arm/p2m.c +++ b/xen/arch/arm/p2m.c @@ -11,6 +11,7 @@ #include #include #include +#include #define MAX_VMID_8_BIT (1UL << 8) #define MAX_VMID_16_BIT (1UL << 16) @@ -1166,11 +1167,16 @@ static void p2m_invalidate_table(struct p2m_domain *p2m, mfn_t mfn) /* * Invalidate all entries in the root page-tables. This is * useful to get fault on entry and do an action. + * + * p2m_invalid_root() should not be called when the P2M is shared with + * the IOMMU because it will cause IOMMU fault. */ void p2m_invalidate_root(struct p2m_domain *p2m) { unsigned int i; + ASSERT(!iommu_use_hap_pt(p2m->domain)); + p2m_write_lock(p2m); for ( i = 0; i < P2M_ROOT_LEVEL; i++ ) @@ -1815,11 +1821,20 @@ void p2m_flush_vm(struct vcpu *v) * * - Once the caches are enabled, we stop trapping VM ops. */ -void p2m_set_way_flush(struct vcpu *v) +void p2m_set_way_flush(struct vcpu *v, struct cpu_user_regs *regs, + const union hsr hsr) { /* This function can only work with the current vCPU. */ ASSERT(v == current); + if ( iommu_use_hap_pt(current->domain) ) + { + gprintk(XENLOG_ERR, + "The cache should be flushed by VA rather than by set/way.\n"); + inject_undef_exception(regs, hsr); + return; + } + if ( !(v->arch.hcr_el2 & HCR_TVM) ) { v->arch.need_flush_to_ram = true; diff --git a/xen/arch/arm/vcpreg.c b/xen/arch/arm/vcpreg.c index e3ce56d875..33259c4194 100644 --- a/xen/arch/arm/vcpreg.c +++ b/xen/arch/arm/vcpreg.c @@ -232,7 +232,7 @@ void do_cp15_32(struct cpu_user_regs *regs, const union hsr hsr) case HSR_CPREG32(DCCSW): case HSR_CPREG32(DCCISW): if ( !cp32.read ) - p2m_set_way_flush(current); + p2m_set_way_flush(current, regs, hsr); break; /* diff --git a/xen/include/asm-arm/p2m.h b/xen/include/asm-arm/p2m.h index 4f8b3b0ec7..6a2108398f 100644 --- a/xen/include/asm-arm/p2m.h +++ b/xen/include/asm-arm/p2m.h @@ -7,6 +7,7 @@ #include #include +#include #define paddr_bits PADDR_BITS @@ -272,7 +273,8 @@ void p2m_invalidate_root(struct p2m_domain *p2m); */ int p2m_cache_flush_range(struct domain *d, gfn_t *pstart, gfn_t end); -void p2m_set_way_flush(struct vcpu *v); +void p2m_set_way_flush(struct vcpu *v, struct cpu_user_regs *regs, + const union hsr hsr); void p2m_toggle_cache(struct vcpu *v, bool was_enabled); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Aug 06 20:11:09 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 06 Aug 2021 20:11:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.164783.301149 (Exim 4.92) (envelope-from ) id 1mC6BL-0006bQ-Qo; Fri, 06 Aug 2021 20:11:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 164783.301149; Fri, 06 Aug 2021 20:11:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mC6BL-0006bH-Nd; Fri, 06 Aug 2021 20:11:03 +0000 Received: by outflank-mailman (input) for mailman id 164783; Fri, 06 Aug 2021 20:11:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mC6BK-0006bB-CE for xen-changelog@lists.xenproject.org; Fri, 06 Aug 2021 20:11:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mC6BK-0007uM-9M for xen-changelog@lists.xenproject.org; Fri, 06 Aug 2021 20:11:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mC6BK-0008Cq-8F for xen-changelog@lists.xenproject.org; Fri, 06 Aug 2021 20:11:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=4grJzFqC4pURs/yaGinFGHNnslrere7tUEwtlgPjvSs=; b=MgQJ5g6z88bcnENRsHYzXPIexQ KrbSvmY93yAmUz+iFBBnkikGY3Kpi5g/3iE0DpOXt28RRX0OyRijZmFizb2z03Bxpz8EaD8cv/jAS DDOkEozW5PObUKrimFusox/tyuDVUqRnJ3aLFlEndp58KcoNy+T7SXugyuzG/QPe504M=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: Do not invalidate the P2M when the PT is shared with the IOMMU Message-Id: Date: Fri, 06 Aug 2021 20:11:02 +0000 commit 2b45ff60301a988badec526846e77b538383ae63 Author: Stefano Stabellini AuthorDate: Wed Aug 4 13:57:07 2021 -0700 Commit: Stefano Stabellini CommitDate: Thu Aug 5 16:27:52 2021 -0700 xen/arm: Do not invalidate the P2M when the PT is shared with the IOMMU Set/Way flushes never work correctly in a virtualized environment. Our current implementation is based on clearing the valid bit in the p2m pagetable to track guest memory accesses. This technique doesn't work when the IOMMU is enabled for the domain and the pagetable is shared between IOMMU and MMU because it triggers IOMMU faults. Specifically, p2m_invalidate_root causes IOMMU faults if iommu_use_hap_pt returns true for the domain. Add a check in p2m_set_way_flush: if a set/way instruction is used and iommu_use_hap_pt returns true, rather than failing with obscure IOMMU faults, inject an undef exception straight away into the guest, and print a verbose error message to explain the problem. Also add an ASSERT in p2m_invalidate_root to make sure we don't inadvertently stumble across this problem again in the future. Signed-off-by: Stefano Stabellini Reviewed-by: Julien Grall --- xen/arch/arm/arm64/vsysreg.c | 2 +- xen/arch/arm/p2m.c | 17 ++++++++++++++++- xen/arch/arm/vcpreg.c | 2 +- xen/include/asm-arm/p2m.h | 4 +++- 4 files changed, 21 insertions(+), 4 deletions(-) diff --git a/xen/arch/arm/arm64/vsysreg.c b/xen/arch/arm/arm64/vsysreg.c index caf17174b8..887266dd46 100644 --- a/xen/arch/arm/arm64/vsysreg.c +++ b/xen/arch/arm/arm64/vsysreg.c @@ -106,7 +106,7 @@ void do_sysreg(struct cpu_user_regs *regs, case HSR_SYSREG_DCCSW: case HSR_SYSREG_DCCISW: if ( !hsr.sysreg.read ) - p2m_set_way_flush(current); + p2m_set_way_flush(current, regs, hsr); break; /* diff --git a/xen/arch/arm/p2m.c b/xen/arch/arm/p2m.c index d414c4feb9..eff9a105e7 100644 --- a/xen/arch/arm/p2m.c +++ b/xen/arch/arm/p2m.c @@ -11,6 +11,7 @@ #include #include #include +#include #define MAX_VMID_8_BIT (1UL << 8) #define MAX_VMID_16_BIT (1UL << 16) @@ -1166,11 +1167,16 @@ static void p2m_invalidate_table(struct p2m_domain *p2m, mfn_t mfn) /* * Invalidate all entries in the root page-tables. This is * useful to get fault on entry and do an action. + * + * p2m_invalid_root() should not be called when the P2M is shared with + * the IOMMU because it will cause IOMMU fault. */ void p2m_invalidate_root(struct p2m_domain *p2m) { unsigned int i; + ASSERT(!iommu_use_hap_pt(p2m->domain)); + p2m_write_lock(p2m); for ( i = 0; i < P2M_ROOT_LEVEL; i++ ) @@ -1815,11 +1821,20 @@ void p2m_flush_vm(struct vcpu *v) * * - Once the caches are enabled, we stop trapping VM ops. */ -void p2m_set_way_flush(struct vcpu *v) +void p2m_set_way_flush(struct vcpu *v, struct cpu_user_regs *regs, + const union hsr hsr) { /* This function can only work with the current vCPU. */ ASSERT(v == current); + if ( iommu_use_hap_pt(current->domain) ) + { + gprintk(XENLOG_ERR, + "The cache should be flushed by VA rather than by set/way.\n"); + inject_undef_exception(regs, hsr); + return; + } + if ( !(v->arch.hcr_el2 & HCR_TVM) ) { v->arch.need_flush_to_ram = true; diff --git a/xen/arch/arm/vcpreg.c b/xen/arch/arm/vcpreg.c index e3ce56d875..33259c4194 100644 --- a/xen/arch/arm/vcpreg.c +++ b/xen/arch/arm/vcpreg.c @@ -232,7 +232,7 @@ void do_cp15_32(struct cpu_user_regs *regs, const union hsr hsr) case HSR_CPREG32(DCCSW): case HSR_CPREG32(DCCISW): if ( !cp32.read ) - p2m_set_way_flush(current); + p2m_set_way_flush(current, regs, hsr); break; /* diff --git a/xen/include/asm-arm/p2m.h b/xen/include/asm-arm/p2m.h index 4f8b3b0ec7..6a2108398f 100644 --- a/xen/include/asm-arm/p2m.h +++ b/xen/include/asm-arm/p2m.h @@ -7,6 +7,7 @@ #include #include +#include #define paddr_bits PADDR_BITS @@ -272,7 +273,8 @@ void p2m_invalidate_root(struct p2m_domain *p2m); */ int p2m_cache_flush_range(struct domain *d, gfn_t *pstart, gfn_t end); -void p2m_set_way_flush(struct vcpu *v); +void p2m_set_way_flush(struct vcpu *v, struct cpu_user_regs *regs, + const union hsr hsr); void p2m_toggle_cache(struct vcpu *v, bool was_enabled); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Aug 10 07:33:12 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 10 Aug 2021 07:33:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.165279.302059 (Exim 4.92) (envelope-from ) id 1mDMG2-0002OA-DM; Tue, 10 Aug 2021 07:33:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 165279.302059; Tue, 10 Aug 2021 07:33:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mDMG2-0002O2-AT; Tue, 10 Aug 2021 07:33:06 +0000 Received: by outflank-mailman (input) for mailman id 165279; Tue, 10 Aug 2021 07:33:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mDMG1-0002Nw-MU for xen-changelog@lists.xenproject.org; Tue, 10 Aug 2021 07:33:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mDMG1-0007sE-I9 for xen-changelog@lists.xenproject.org; Tue, 10 Aug 2021 07:33:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mDMG1-0002tD-H2 for xen-changelog@lists.xenproject.org; Tue, 10 Aug 2021 07:33:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=6ameVnN6G0As71SR9t6EGToDzK77YjDBoMBPGvi4LNc=; b=OQ6EvYgDOT4mYJoE5d466+fqho pA30PVz4FCTS6wa80rrShPecFZ3D9rjGCGBxymbBCnq1ALSRr6QGp+otZyNn4WuFKvNZftblsJRnf wcXN15yx9/WZMGjTK915K4bwtM1MipIVYDz7u3QNWy52vqE+u3UqHjwEkTw2DoxpCLTA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] build: rework .banner generation Message-Id: Date: Tue, 10 Aug 2021 07:33:05 +0000 commit 44b9ec5a5c9c7a32cd75efd09e5693016b78e5c3 Author: Anthony PERARD AuthorDate: Tue Aug 10 09:27:13 2021 +0200 Commit: Jan Beulich CommitDate: Tue Aug 10 09:27:13 2021 +0200 build: rework .banner generation Avoid depending on Makefile but still allow to rebuild the banner when $(XEN_FULLVERSION) changes. Also add a dependency on tools/xen.flf, even if not expected to change. Signed-off-by: Anthony PERARD Reviewed-by: Jan Beulich --- xen/Makefile | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/xen/Makefile b/xen/Makefile index 8023680ffb..94e8371826 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -378,13 +378,19 @@ delete-unfresh-files: rm -f include/xen/compile.h; \ fi -.banner: Makefile - @if which figlet >/dev/null 2>&1 ; then \ - echo " Xen $(XEN_FULLVERSION)" | figlet -f tools/xen.flf > $@.tmp; \ - else \ - echo " Xen $(XEN_FULLVERSION)" > $@.tmp; \ - fi - @mv -f $@.tmp $@ +quiet_cmd_banner = BANNER $@ +define cmd_banner + if which figlet >/dev/null 2>&1 ; then \ + echo " Xen $(XEN_FULLVERSION)" | figlet -f $< > $@.tmp; \ + else \ + echo " Xen $(XEN_FULLVERSION)" > $@.tmp; \ + fi; \ + mv -f $@.tmp $@ +endef + +.banner: tools/xen.flf FORCE + $(call if_changed,banner) +targets += .banner # compile.h contains dynamic build info. Rebuilt on every 'make' invocation. include/xen/compile.h: include/xen/compile.h.in .banner -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Aug 10 07:33:16 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 10 Aug 2021 07:33:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.165280.302063 (Exim 4.92) (envelope-from ) id 1mDMGC-0002QP-Ex; Tue, 10 Aug 2021 07:33:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 165280.302063; Tue, 10 Aug 2021 07:33:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mDMGC-0002QH-Bz; Tue, 10 Aug 2021 07:33:16 +0000 Received: by outflank-mailman (input) for mailman id 165280; Tue, 10 Aug 2021 07:33:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mDMGB-0002Q4-MN for xen-changelog@lists.xenproject.org; Tue, 10 Aug 2021 07:33:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mDMGB-0007sK-La for xen-changelog@lists.xenproject.org; Tue, 10 Aug 2021 07:33:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mDMGB-0002uP-KJ for xen-changelog@lists.xenproject.org; Tue, 10 Aug 2021 07:33:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Zj7wQTiqAbH/uZP/b0QcJCWo7J2ekLh0A0CfZbc5iMw=; b=DMrm368MFX50N4/Z2srn+Bdpse thL9nMyIsopnrU15Z/IECzceK0owcpoIgPacL9t8rTIYa3jkj9vmjYW2wGlCgHzk3rD7xD77C7S7c eH3une0CvoeJe38EA3Rh2RV3+21bUTMLRl0ZGd/hTnRVyROOylHxSwF9HsB4lZgEs0dQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] build: remove unneeded deps of x86_emulate.o Message-Id: Date: Tue, 10 Aug 2021 07:33:15 +0000 commit 107be709150eb900c64b31c2b1a0d4b6ff0075c9 Author: Anthony PERARD AuthorDate: Tue Aug 10 09:28:31 2021 +0200 Commit: Jan Beulich CommitDate: Tue Aug 10 09:28:31 2021 +0200 build: remove unneeded deps of x86_emulate.o Those two dependencies already exist so make doesn't need to know about them. The dependency will be generated by $(CC). Signed-off-by: Anthony PERARD Reviewed-by: Jan Beulich --- xen/arch/x86/Makefile | 1 - 1 file changed, 1 deletion(-) diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index 2ec883456e..fe38cfd544 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -83,7 +83,6 @@ extra-y += asm-macros.i ifneq ($(CONFIG_HVM),y) x86_emulate.o: CFLAGS-y += -Wno-unused-label endif -x86_emulate.o: x86_emulate/x86_emulate.c x86_emulate/x86_emulate.h efi-y := $(shell if [ ! -r $(BASEDIR)/include/xen/compile.h -o \ -O $(BASEDIR)/include/xen/compile.h ]; then \ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Aug 10 07:33:26 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 10 Aug 2021 07:33:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.165281.302067 (Exim 4.92) (envelope-from ) id 1mDMGM-0002TN-GR; Tue, 10 Aug 2021 07:33:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 165281.302067; Tue, 10 Aug 2021 07:33:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mDMGM-0002TD-DQ; Tue, 10 Aug 2021 07:33:26 +0000 Received: by outflank-mailman (input) for mailman id 165281; Tue, 10 Aug 2021 07:33:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mDMGL-0002Sz-Pq for xen-changelog@lists.xenproject.org; Tue, 10 Aug 2021 07:33:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mDMGL-0007sw-P2 for xen-changelog@lists.xenproject.org; Tue, 10 Aug 2021 07:33:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mDMGL-0002vP-Nw for xen-changelog@lists.xenproject.org; Tue, 10 Aug 2021 07:33:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=pOBw14yQ1q2gIGmR15x9odg/bZYJpuh/rLgkPno2CQo=; b=DhVAPcaokDvfqzffieAa5664KA p7SUqwFLVSaWr2ck5qpU6H8qzq0iIlKSI7l2nsNTu2SJ239ggIPUY2/MbjTUgSnLszcntod25l1xS G1cpItAsGUXz3JLLHd1ExWXeH9Ds7PFI997styURHiFB2v+iisP9JFFKuSISIfEQIuTQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] credit2: avoid picking a spurious idle unit when caps are used Message-Id: Date: Tue, 10 Aug 2021 07:33:25 +0000 commit 0f742839ae57e10687e7a573070c37430f31068c Author: Dario Faggioli AuthorDate: Tue Aug 10 09:29:10 2021 +0200 Commit: Jan Beulich CommitDate: Tue Aug 10 09:29:10 2021 +0200 credit2: avoid picking a spurious idle unit when caps are used Commit 07b0eb5d0ef0 ("credit2: make sure we pick a runnable unit from the runq if there is one") did not fix completely the problem of potentially selecting a scheduling unit that will then not be able to run. In fact, in case caps are used and the unit we are currently looking at, during the runqueue scan, does not have enough budget for being run, we should continue looking instead than giving up and picking the idle unit. Suggested-by: George Dunlap Signed-off-by: Dario Faggioli Reviewed-by: Jan Beulich --- xen/common/sched/credit2.c | 32 +++++++++++++++++++++++++------- 1 file changed, 25 insertions(+), 7 deletions(-) diff --git a/xen/common/sched/credit2.c b/xen/common/sched/credit2.c index ebb09ea43a..6396b38e04 100644 --- a/xen/common/sched/credit2.c +++ b/xen/common/sched/credit2.c @@ -3463,6 +3463,15 @@ runq_candidate(struct csched2_runqueue_data *rqd, (unsigned char *)&d); } + /* + * If the unit in the runqueue has more credits than current (or than + * idle, if current is not runnable) or if current is yielding, we may + * want to pick it up. Otherwise, there's no need to keep scanning the + * runqueue any further. + */ + if ( !yield && svc->credit <= snext->credit ) + break; + /* Skip non runnable units that we (temporarily) have in the runq */ if ( unlikely(!unit_runnable_state(svc->unit)) ) continue; @@ -3494,16 +3503,25 @@ runq_candidate(struct csched2_runqueue_data *rqd, } /* - * If the one in the runqueue has more credit than current (or idle, - * if current is not runnable), or if current is yielding, and also - * if the one in runqueue either is not capped, or is capped but has - * some budget, then choose it. + * If we are here, we are almost sure we want to pick the unit in + * the runqueue. Last thing we need to check is that it either is + * not capped or, if it is, it has some budget. + * + * Note that budget availability must be the very last check that + * we do in this loop, due to the side effects that unit_grab_budget() + * causes. + * + * In fact, if there is budget available in the unit's domain's + * budget pool, the function will pick some for running this unit. + * And we clearly want to do that only if we're otherwise sure that + * the unit will actually run, consume it, and return the leftover + * (if any) in the usual way. */ - if ( (yield || svc->credit > snext->credit) && - (!has_cap(svc) || unit_grab_budget(svc)) ) - snext = svc; + if ( has_cap(svc) && !unit_grab_budget(svc) ) + continue; /* In any case, if we got this far, break. */ + snext = svc; break; } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Aug 10 07:33:37 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 10 Aug 2021 07:33:37 +0000 Received: from list by lists.xenproject.org with outflank-mailman.165282.302071 (Exim 4.92) (envelope-from ) id 1mDMGX-0002WW-IG; Tue, 10 Aug 2021 07:33:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 165282.302071; Tue, 10 Aug 2021 07:33:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mDMGX-0002WO-F1; Tue, 10 Aug 2021 07:33:37 +0000 Received: by outflank-mailman (input) for mailman id 165282; Tue, 10 Aug 2021 07:33:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mDMGV-0002WB-T4 for xen-changelog@lists.xenproject.org; Tue, 10 Aug 2021 07:33:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mDMGV-0007t7-SI for xen-changelog@lists.xenproject.org; Tue, 10 Aug 2021 07:33:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mDMGV-0002we-RL for xen-changelog@lists.xenproject.org; Tue, 10 Aug 2021 07:33:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=3mHjCW8b19faoe8Z6a4/XCGDPj+QixbSnkzxDDjK+bc=; b=4wH7L4c+tE+N/u9Ua5FJrijYHY guz89XGw4Wyn1LKER9J3CwC9P95E6shlav75QAhUEgOx875p/SNd678NGTmIU8xtTgjMyznz8Jxcz Mbi9SaMbze18PDVuqpXguSeeeydKdvakTpLc89LRnAa/TQedjgbUIikD4r1D0bsRMgDk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] bitmap: make bitmap_long_to_byte() and bitmap_byte_to_long() static Message-Id: Date: Tue, 10 Aug 2021 07:33:35 +0000 commit 25da9455f1bb8a6d33039575a7b28bdfc4e3fcfe Author: Jane Malalane AuthorDate: Tue Aug 10 09:29:52 2021 +0200 Commit: Jan Beulich CommitDate: Tue Aug 10 09:29:52 2021 +0200 bitmap: make bitmap_long_to_byte() and bitmap_byte_to_long() static Functions made static as there are no external callers. Suggested-by: Andrew Cooper Signed-off-by: Jane Malalane Acked-by: Jan Beulich --- xen/common/bitmap.c | 8 ++++---- xen/include/xen/bitmap.h | 3 --- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/xen/common/bitmap.c b/xen/common/bitmap.c index b7aa2db7c7..bbc3554ae1 100644 --- a/xen/common/bitmap.c +++ b/xen/common/bitmap.c @@ -338,7 +338,7 @@ EXPORT_SYMBOL(bitmap_allocate_region); #ifdef __BIG_ENDIAN -void bitmap_long_to_byte(uint8_t *bp, const unsigned long *lp, int nbits) +static void bitmap_long_to_byte(uint8_t *bp, const unsigned long *lp, int nbits) { unsigned long l; int i, j, b; @@ -354,7 +354,7 @@ void bitmap_long_to_byte(uint8_t *bp, const unsigned long *lp, int nbits) clamp_last_byte(bp, nbits); } -void bitmap_byte_to_long(unsigned long *lp, const uint8_t *bp, int nbits) +static void bitmap_byte_to_long(unsigned long *lp, const uint8_t *bp, int nbits) { unsigned long l; int i, j, b; @@ -371,13 +371,13 @@ void bitmap_byte_to_long(unsigned long *lp, const uint8_t *bp, int nbits) #elif defined(__LITTLE_ENDIAN) -void bitmap_long_to_byte(uint8_t *bp, const unsigned long *lp, int nbits) +static void bitmap_long_to_byte(uint8_t *bp, const unsigned long *lp, int nbits) { memcpy(bp, lp, (nbits+7)/8); clamp_last_byte(bp, nbits); } -void bitmap_byte_to_long(unsigned long *lp, const uint8_t *bp, int nbits) +static void bitmap_byte_to_long(unsigned long *lp, const uint8_t *bp, int nbits) { /* We may need to pad the final longword with zeroes. */ if (nbits & (BITS_PER_LONG-1)) diff --git a/xen/include/xen/bitmap.h b/xen/include/xen/bitmap.h index 634a259645..e9175ab54a 100644 --- a/xen/include/xen/bitmap.h +++ b/xen/include/xen/bitmap.h @@ -270,9 +270,6 @@ static inline void bitmap_clear(unsigned long *map, unsigned int start, #undef bitmap_switch #undef bitmap_bytes -void bitmap_long_to_byte(uint8_t *bp, const unsigned long *lp, int nbits); -void bitmap_byte_to_long(unsigned long *lp, const uint8_t *bp, int nbits); - struct xenctl_bitmap; int xenctl_bitmap_to_bitmap(unsigned long *bitmap, const struct xenctl_bitmap *xenctl_bitmap, -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Aug 10 21:00:10 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 10 Aug 2021 21:00:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.165478.302399 (Exim 4.92) (envelope-from ) id 1mDYqx-00052U-W8; Tue, 10 Aug 2021 21:00:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 165478.302399; Tue, 10 Aug 2021 21:00:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mDYqx-00052M-SL; Tue, 10 Aug 2021 21:00:03 +0000 Received: by outflank-mailman (input) for mailman id 165478; Tue, 10 Aug 2021 21:00:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mDYqw-0004rp-Ks for xen-changelog@lists.xenproject.org; Tue, 10 Aug 2021 21:00:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mDYqw-0006Jx-K0 for xen-changelog@lists.xenproject.org; Tue, 10 Aug 2021 21:00:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mDYqw-0003C4-GR for xen-changelog@lists.xenproject.org; Tue, 10 Aug 2021 21:00:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=1QoSOMidsA4b2Qf5NMvuzC31sNQf+67sceE2KKsKn60=; b=4B4hXF8sflUFaskF6OI/SIKbxy ZJpS9wTM8hCRAQQvCyoukW3zPzofwjqgC7XqoevnIKP/jTzIIlobR/tuLsR1bUaYKU6gCUUf/0TdD ePLBk2LQ5h53EJ7F7/1/EdBGQMSDL5Q/FXq6+Q9wRCXYFUZOYbj3cXJ/Sr+xhi3duTvg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] build: rework .banner generation Message-Id: Date: Tue, 10 Aug 2021 21:00:02 +0000 commit 44b9ec5a5c9c7a32cd75efd09e5693016b78e5c3 Author: Anthony PERARD AuthorDate: Tue Aug 10 09:27:13 2021 +0200 Commit: Jan Beulich CommitDate: Tue Aug 10 09:27:13 2021 +0200 build: rework .banner generation Avoid depending on Makefile but still allow to rebuild the banner when $(XEN_FULLVERSION) changes. Also add a dependency on tools/xen.flf, even if not expected to change. Signed-off-by: Anthony PERARD Reviewed-by: Jan Beulich --- xen/Makefile | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/xen/Makefile b/xen/Makefile index 8023680ffb..94e8371826 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -378,13 +378,19 @@ delete-unfresh-files: rm -f include/xen/compile.h; \ fi -.banner: Makefile - @if which figlet >/dev/null 2>&1 ; then \ - echo " Xen $(XEN_FULLVERSION)" | figlet -f tools/xen.flf > $@.tmp; \ - else \ - echo " Xen $(XEN_FULLVERSION)" > $@.tmp; \ - fi - @mv -f $@.tmp $@ +quiet_cmd_banner = BANNER $@ +define cmd_banner + if which figlet >/dev/null 2>&1 ; then \ + echo " Xen $(XEN_FULLVERSION)" | figlet -f $< > $@.tmp; \ + else \ + echo " Xen $(XEN_FULLVERSION)" > $@.tmp; \ + fi; \ + mv -f $@.tmp $@ +endef + +.banner: tools/xen.flf FORCE + $(call if_changed,banner) +targets += .banner # compile.h contains dynamic build info. Rebuilt on every 'make' invocation. include/xen/compile.h: include/xen/compile.h.in .banner -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Aug 10 21:00:14 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 10 Aug 2021 21:00:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.165479.302403 (Exim 4.92) (envelope-from ) id 1mDYr8-0005XD-0v; Tue, 10 Aug 2021 21:00:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 165479.302403; Tue, 10 Aug 2021 21:00:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mDYr7-0005X5-U2; Tue, 10 Aug 2021 21:00:13 +0000 Received: by outflank-mailman (input) for mailman id 165479; Tue, 10 Aug 2021 21:00:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mDYr6-0005UF-P3 for xen-changelog@lists.xenproject.org; Tue, 10 Aug 2021 21:00:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mDYr6-0006Lb-OE for xen-changelog@lists.xenproject.org; Tue, 10 Aug 2021 21:00:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mDYr6-0003Dt-MY for xen-changelog@lists.xenproject.org; Tue, 10 Aug 2021 21:00:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=i4/T7dfoJe4rtM2e+1UXDw78pbVFD6k09jIM0QezGxU=; b=eI+coAbIwO/REyqYx1m/B8jNas fNpXSyaQSdbk6G7vgicemLjB4aypGmYnVU760/xNNe9EF5ILSgKngMG6QPPZoAK8/k/+n1oNpaPAI iS/Uk65976Uj6kJRwWrNVLBTmzCbBJ93FdVMPXEwzeCBW/1kGrmWbUdNyQQ0Y7UMDEeI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] build: remove unneeded deps of x86_emulate.o Message-Id: Date: Tue, 10 Aug 2021 21:00:12 +0000 commit 107be709150eb900c64b31c2b1a0d4b6ff0075c9 Author: Anthony PERARD AuthorDate: Tue Aug 10 09:28:31 2021 +0200 Commit: Jan Beulich CommitDate: Tue Aug 10 09:28:31 2021 +0200 build: remove unneeded deps of x86_emulate.o Those two dependencies already exist so make doesn't need to know about them. The dependency will be generated by $(CC). Signed-off-by: Anthony PERARD Reviewed-by: Jan Beulich --- xen/arch/x86/Makefile | 1 - 1 file changed, 1 deletion(-) diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index 2ec883456e..fe38cfd544 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -83,7 +83,6 @@ extra-y += asm-macros.i ifneq ($(CONFIG_HVM),y) x86_emulate.o: CFLAGS-y += -Wno-unused-label endif -x86_emulate.o: x86_emulate/x86_emulate.c x86_emulate/x86_emulate.h efi-y := $(shell if [ ! -r $(BASEDIR)/include/xen/compile.h -o \ -O $(BASEDIR)/include/xen/compile.h ]; then \ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Aug 10 21:00:24 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 10 Aug 2021 21:00:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.165483.302407 (Exim 4.92) (envelope-from ) id 1mDYrI-0005f5-2v; Tue, 10 Aug 2021 21:00:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 165483.302407; Tue, 10 Aug 2021 21:00:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mDYrH-0005ex-Vq; Tue, 10 Aug 2021 21:00:23 +0000 Received: by outflank-mailman (input) for mailman id 165483; Tue, 10 Aug 2021 21:00:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mDYrG-0005eU-Sf for xen-changelog@lists.xenproject.org; Tue, 10 Aug 2021 21:00:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mDYrG-0006MH-Rh for xen-changelog@lists.xenproject.org; Tue, 10 Aug 2021 21:00:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mDYrG-0003Ep-Ql for xen-changelog@lists.xenproject.org; Tue, 10 Aug 2021 21:00:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=jpB9sbDMuz/V861B4RCHMvfZcseBWcVgrCDtNfZQXVw=; b=krShjvERCTLlU7yaaEv6bcr7F2 z+O1fVjxDMitUb6BTeGcroQ7kuvPlSY6p8TQCj4YRarPZoaTacqYxOcDnHxa3WOgXiNkdz1CVPfJL JXurpC+Kejk/K2EzhhEtjZnzo6SlHCC//CvIHAOh6BoAyZhVXu7iMtz8qODUm9P08g6k=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] credit2: avoid picking a spurious idle unit when caps are used Message-Id: Date: Tue, 10 Aug 2021 21:00:22 +0000 commit 0f742839ae57e10687e7a573070c37430f31068c Author: Dario Faggioli AuthorDate: Tue Aug 10 09:29:10 2021 +0200 Commit: Jan Beulich CommitDate: Tue Aug 10 09:29:10 2021 +0200 credit2: avoid picking a spurious idle unit when caps are used Commit 07b0eb5d0ef0 ("credit2: make sure we pick a runnable unit from the runq if there is one") did not fix completely the problem of potentially selecting a scheduling unit that will then not be able to run. In fact, in case caps are used and the unit we are currently looking at, during the runqueue scan, does not have enough budget for being run, we should continue looking instead than giving up and picking the idle unit. Suggested-by: George Dunlap Signed-off-by: Dario Faggioli Reviewed-by: Jan Beulich --- xen/common/sched/credit2.c | 32 +++++++++++++++++++++++++------- 1 file changed, 25 insertions(+), 7 deletions(-) diff --git a/xen/common/sched/credit2.c b/xen/common/sched/credit2.c index ebb09ea43a..6396b38e04 100644 --- a/xen/common/sched/credit2.c +++ b/xen/common/sched/credit2.c @@ -3463,6 +3463,15 @@ runq_candidate(struct csched2_runqueue_data *rqd, (unsigned char *)&d); } + /* + * If the unit in the runqueue has more credits than current (or than + * idle, if current is not runnable) or if current is yielding, we may + * want to pick it up. Otherwise, there's no need to keep scanning the + * runqueue any further. + */ + if ( !yield && svc->credit <= snext->credit ) + break; + /* Skip non runnable units that we (temporarily) have in the runq */ if ( unlikely(!unit_runnable_state(svc->unit)) ) continue; @@ -3494,16 +3503,25 @@ runq_candidate(struct csched2_runqueue_data *rqd, } /* - * If the one in the runqueue has more credit than current (or idle, - * if current is not runnable), or if current is yielding, and also - * if the one in runqueue either is not capped, or is capped but has - * some budget, then choose it. + * If we are here, we are almost sure we want to pick the unit in + * the runqueue. Last thing we need to check is that it either is + * not capped or, if it is, it has some budget. + * + * Note that budget availability must be the very last check that + * we do in this loop, due to the side effects that unit_grab_budget() + * causes. + * + * In fact, if there is budget available in the unit's domain's + * budget pool, the function will pick some for running this unit. + * And we clearly want to do that only if we're otherwise sure that + * the unit will actually run, consume it, and return the leftover + * (if any) in the usual way. */ - if ( (yield || svc->credit > snext->credit) && - (!has_cap(svc) || unit_grab_budget(svc)) ) - snext = svc; + if ( has_cap(svc) && !unit_grab_budget(svc) ) + continue; /* In any case, if we got this far, break. */ + snext = svc; break; } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Aug 10 21:00:34 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 10 Aug 2021 21:00:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.165484.302411 (Exim 4.92) (envelope-from ) id 1mDYrS-0005jD-4R; Tue, 10 Aug 2021 21:00:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 165484.302411; Tue, 10 Aug 2021 21:00:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mDYrS-0005j5-1E; Tue, 10 Aug 2021 21:00:34 +0000 Received: by outflank-mailman (input) for mailman id 165484; Tue, 10 Aug 2021 21:00:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mDYrQ-0005in-Vw for xen-changelog@lists.xenproject.org; Tue, 10 Aug 2021 21:00:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mDYrQ-0006Mw-VA for xen-changelog@lists.xenproject.org; Tue, 10 Aug 2021 21:00:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mDYrQ-0003Fs-U7 for xen-changelog@lists.xenproject.org; Tue, 10 Aug 2021 21:00:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=osnJWllyYctTCh6BpjWoEguAULSFtmrargny2XTXjAA=; b=nGw3Sh8CXJUepNKQ36r7wikGWQ Tb0uXFtZlmkO5mCENJCVC0AxAZP1b0yiN7WRGVgCQQqg5ZGMuFJsy8syyzesrk0LA/vkCQ01escEE vRB2vSsZcQ8cAQoigj6RJYLfApxcKD3K9fhCQeWRcTri4YzmFSfB5pZLtYox4cOObxOQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] bitmap: make bitmap_long_to_byte() and bitmap_byte_to_long() static Message-Id: Date: Tue, 10 Aug 2021 21:00:32 +0000 commit 25da9455f1bb8a6d33039575a7b28bdfc4e3fcfe Author: Jane Malalane AuthorDate: Tue Aug 10 09:29:52 2021 +0200 Commit: Jan Beulich CommitDate: Tue Aug 10 09:29:52 2021 +0200 bitmap: make bitmap_long_to_byte() and bitmap_byte_to_long() static Functions made static as there are no external callers. Suggested-by: Andrew Cooper Signed-off-by: Jane Malalane Acked-by: Jan Beulich --- xen/common/bitmap.c | 8 ++++---- xen/include/xen/bitmap.h | 3 --- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/xen/common/bitmap.c b/xen/common/bitmap.c index b7aa2db7c7..bbc3554ae1 100644 --- a/xen/common/bitmap.c +++ b/xen/common/bitmap.c @@ -338,7 +338,7 @@ EXPORT_SYMBOL(bitmap_allocate_region); #ifdef __BIG_ENDIAN -void bitmap_long_to_byte(uint8_t *bp, const unsigned long *lp, int nbits) +static void bitmap_long_to_byte(uint8_t *bp, const unsigned long *lp, int nbits) { unsigned long l; int i, j, b; @@ -354,7 +354,7 @@ void bitmap_long_to_byte(uint8_t *bp, const unsigned long *lp, int nbits) clamp_last_byte(bp, nbits); } -void bitmap_byte_to_long(unsigned long *lp, const uint8_t *bp, int nbits) +static void bitmap_byte_to_long(unsigned long *lp, const uint8_t *bp, int nbits) { unsigned long l; int i, j, b; @@ -371,13 +371,13 @@ void bitmap_byte_to_long(unsigned long *lp, const uint8_t *bp, int nbits) #elif defined(__LITTLE_ENDIAN) -void bitmap_long_to_byte(uint8_t *bp, const unsigned long *lp, int nbits) +static void bitmap_long_to_byte(uint8_t *bp, const unsigned long *lp, int nbits) { memcpy(bp, lp, (nbits+7)/8); clamp_last_byte(bp, nbits); } -void bitmap_byte_to_long(unsigned long *lp, const uint8_t *bp, int nbits) +static void bitmap_byte_to_long(unsigned long *lp, const uint8_t *bp, int nbits) { /* We may need to pad the final longword with zeroes. */ if (nbits & (BITS_PER_LONG-1)) diff --git a/xen/include/xen/bitmap.h b/xen/include/xen/bitmap.h index 634a259645..e9175ab54a 100644 --- a/xen/include/xen/bitmap.h +++ b/xen/include/xen/bitmap.h @@ -270,9 +270,6 @@ static inline void bitmap_clear(unsigned long *map, unsigned int start, #undef bitmap_switch #undef bitmap_bytes -void bitmap_long_to_byte(uint8_t *bp, const unsigned long *lp, int nbits); -void bitmap_byte_to_long(unsigned long *lp, const uint8_t *bp, int nbits); - struct xenctl_bitmap; int xenctl_bitmap_to_bitmap(unsigned long *bitmap, const struct xenctl_bitmap *xenctl_bitmap, -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Aug 12 15:22:13 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 12 Aug 2021 15:22:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.166513.303898 (Exim 4.92) (envelope-from ) id 1mECX1-0005Qv-CO; Thu, 12 Aug 2021 15:22:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 166513.303898; Thu, 12 Aug 2021 15:22:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mECX1-0005Qn-9W; Thu, 12 Aug 2021 15:22:07 +0000 Received: by outflank-mailman (input) for mailman id 166513; Thu, 12 Aug 2021 15:22:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mECWz-0005Qh-C7 for xen-changelog@lists.xenproject.org; Thu, 12 Aug 2021 15:22:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mECWz-0008Ue-B8 for xen-changelog@lists.xenproject.org; Thu, 12 Aug 2021 15:22:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mECWz-000340-9u for xen-changelog@lists.xenproject.org; Thu, 12 Aug 2021 15:22:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ZMocQswcrl9e9mcnUi6i3KANx6kdea3Qb5v4npqc/W0=; b=MS6s+q3p4h33VXDXuGCq2naTo+ mba3L6au2EMGLmCTmOJS0c/V/xxhj83r6NDsDH0AFeaf6KCcwa1aAxymFLeWUuBNaOsyUC156CkEv WLMgAb6bonaEYBlVF4tFdv0tL47wNSR0ec40XG1lKsAVokvEBYPzCvB8g/t0M0bMeJqA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] kexec: remove use of TRUE/FALSE Message-Id: Date: Thu, 12 Aug 2021 15:22:05 +0000 commit b8848c001f39224340767900ad0365f81aaeeff4 Author: Kevin Stefanov AuthorDate: Thu Aug 12 17:10:23 2021 +0200 Commit: Jan Beulich CommitDate: Thu Aug 12 17:10:23 2021 +0200 kexec: remove use of TRUE/FALSE Whilst fixing this, also changed bool_t to bool, and use __read_mostly. Suggested-by: Andrew Cooper Signed-off-by: Kevin Stefanov Acked-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/common/kexec.c | 6 +++--- xen/include/xen/kexec.h | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/xen/common/kexec.c b/xen/common/kexec.c index ebeee6405a..c63db618a7 100644 --- a/xen/common/kexec.c +++ b/xen/common/kexec.c @@ -35,7 +35,7 @@ #include #endif -bool_t kexecing = FALSE; +bool __read_mostly kexecing; /* Memory regions to store the per cpu register state etc. on a crash. */ typedef struct { Elf_Note * start; size_t size; } crash_note_range_t; @@ -383,7 +383,7 @@ void kexec_crash(enum crash_reason reason) if ( !test_bit(KEXEC_IMAGE_CRASH_BASE + pos, &kexec_flags) ) return; - kexecing = TRUE; + kexecing = true; if ( kexec_common_shutdown() != 0 ) return; @@ -399,7 +399,7 @@ static long kexec_reboot(void *_image) { struct kexec_image *image = _image; - kexecing = TRUE; + kexecing = true; kexec_common_shutdown(); machine_reboot_kexec(image); diff --git a/xen/include/xen/kexec.h b/xen/include/xen/kexec.h index 9f7a912e97..e66eb6a8e5 100644 --- a/xen/include/xen/kexec.h +++ b/xen/include/xen/kexec.h @@ -17,7 +17,7 @@ typedef struct xen_kexec_reserve { extern xen_kexec_reserve_t kexec_crash_area; extern paddr_t kexec_crash_area_limit; -extern bool_t kexecing; +extern bool kexecing; void set_kexec_crash_area_size(u64 system_ram); @@ -81,7 +81,7 @@ void vmcoreinfo_append_str(const char *fmt, ...) #else /* !CONFIG_KEXEC */ #define crashinfo_maxaddr_bits 0 -#define kexecing 0 +#define kexecing false static inline void kexec_early_calculations(void) {} static inline void kexec_crash(enum crash_reason reason) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Aug 12 15:22:16 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 12 Aug 2021 15:22:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.166514.303903 (Exim 4.92) (envelope-from ) id 1mECXA-0005UA-EI; Thu, 12 Aug 2021 15:22:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 166514.303903; Thu, 12 Aug 2021 15:22:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mECXA-0005Tz-Av; Thu, 12 Aug 2021 15:22:16 +0000 Received: by outflank-mailman (input) for mailman id 166514; Thu, 12 Aug 2021 15:22:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mECX9-0005Tr-FY for xen-changelog@lists.xenproject.org; Thu, 12 Aug 2021 15:22:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mECX9-0008Ui-Ef for xen-changelog@lists.xenproject.org; Thu, 12 Aug 2021 15:22:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mECX9-000355-DW for xen-changelog@lists.xenproject.org; Thu, 12 Aug 2021 15:22:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=WrSvZ8y4DQA0157VhfVvfDV0xKSfKgZpdC227WtCVL4=; b=w8xUKmnCJ8DlQWDNnKRclv1ovN W2HXg7o9w7XgmMzcKnhFhLn/hS61zNj/fDJXjM8y7VAIGdbTBy5V5UkY/JQcC6XKyDWltTJI/SqFq 3Eydh/0ykUBxh4JNBJweTOjjHJiuySc4/tKWKqDfLwTblXzu4DIzNOu4JhlENRGOzEFw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/bitmap: don't open code DIV_ROUND_UP() Message-Id: Date: Thu, 12 Aug 2021 15:22:15 +0000 commit 5a88d524857e5bf78b077d30ea515fcaac061bfc Author: Jane Malalane AuthorDate: Thu Aug 12 17:14:25 2021 +0200 Commit: Jan Beulich CommitDate: Thu Aug 12 17:14:25 2021 +0200 xen/bitmap: don't open code DIV_ROUND_UP() Also, change bitmap_long_to_byte() and bitmap_byte_to_long() to take 'unsigned int' instead of 'int' number of bits, to match the type of their callers. Suggested-by: Andrew Cooper Signed-off-by: Jane Malalane Reviewed-by: Jan Beulich --- xen/common/bitmap.c | 31 +++++++++++++++++++------------ 1 file changed, 19 insertions(+), 12 deletions(-) diff --git a/xen/common/bitmap.c b/xen/common/bitmap.c index bbc3554ae1..7d4551f782 100644 --- a/xen/common/bitmap.c +++ b/xen/common/bitmap.c @@ -11,6 +11,7 @@ #include #include #include +#include #include /* @@ -338,7 +339,8 @@ EXPORT_SYMBOL(bitmap_allocate_region); #ifdef __BIG_ENDIAN -static void bitmap_long_to_byte(uint8_t *bp, const unsigned long *lp, int nbits) +static void bitmap_long_to_byte(uint8_t *bp, const unsigned long *lp, + unsigned int nbits) { unsigned long l; int i, j, b; @@ -354,7 +356,8 @@ static void bitmap_long_to_byte(uint8_t *bp, const unsigned long *lp, int nbits) clamp_last_byte(bp, nbits); } -static void bitmap_byte_to_long(unsigned long *lp, const uint8_t *bp, int nbits) +static void bitmap_byte_to_long(unsigned long *lp, const uint8_t *bp, + unsigned int nbits) { unsigned long l; int i, j, b; @@ -371,18 +374,20 @@ static void bitmap_byte_to_long(unsigned long *lp, const uint8_t *bp, int nbits) #elif defined(__LITTLE_ENDIAN) -static void bitmap_long_to_byte(uint8_t *bp, const unsigned long *lp, int nbits) +static void bitmap_long_to_byte(uint8_t *bp, const unsigned long *lp, + unsigned int nbits) { - memcpy(bp, lp, (nbits+7)/8); + memcpy(bp, lp, DIV_ROUND_UP(nbits, BITS_PER_BYTE)); clamp_last_byte(bp, nbits); } -static void bitmap_byte_to_long(unsigned long *lp, const uint8_t *bp, int nbits) +static void bitmap_byte_to_long(unsigned long *lp, const uint8_t *bp, + unsigned int nbits) { /* We may need to pad the final longword with zeroes. */ if (nbits & (BITS_PER_LONG-1)) lp[BITS_TO_LONGS(nbits)-1] = 0; - memcpy(lp, bp, (nbits+7)/8); + memcpy(lp, bp, DIV_ROUND_UP(nbits, BITS_PER_BYTE)); } #endif @@ -393,13 +398,14 @@ int bitmap_to_xenctl_bitmap(struct xenctl_bitmap *xenctl_bitmap, unsigned int guest_bytes, copy_bytes, i; uint8_t zero = 0; int err = 0; - uint8_t *bytemap = xmalloc_array(uint8_t, (nbits + 7) / 8); + unsigned int xen_bytes = DIV_ROUND_UP(nbits, BITS_PER_BYTE); + uint8_t *bytemap = xmalloc_array(uint8_t, xen_bytes); if ( !bytemap ) return -ENOMEM; - guest_bytes = (xenctl_bitmap->nr_bits + 7) / 8; - copy_bytes = min(guest_bytes, (nbits + 7) / 8); + guest_bytes = DIV_ROUND_UP(xenctl_bitmap->nr_bits, BITS_PER_BYTE); + copy_bytes = min(guest_bytes, xen_bytes); bitmap_long_to_byte(bytemap, bitmap, nbits); @@ -422,13 +428,14 @@ int xenctl_bitmap_to_bitmap(unsigned long *bitmap, { unsigned int guest_bytes, copy_bytes; int err = 0; - uint8_t *bytemap = xzalloc_array(uint8_t, (nbits + 7) / 8); + unsigned int xen_bytes = DIV_ROUND_UP(nbits, BITS_PER_BYTE); + uint8_t *bytemap = xzalloc_array(uint8_t, xen_bytes); if ( !bytemap ) return -ENOMEM; - guest_bytes = (xenctl_bitmap->nr_bits + 7) / 8; - copy_bytes = min(guest_bytes, (nbits + 7) / 8); + guest_bytes = DIV_ROUND_UP(xenctl_bitmap->nr_bits, BITS_PER_BYTE); + copy_bytes = min(guest_bytes, xen_bytes); if ( copy_bytes ) { -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Aug 13 10:44:08 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 13 Aug 2021 10:44:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.166730.304316 (Exim 4.92) (envelope-from ) id 1mEUfT-0008Mi-0v; Fri, 13 Aug 2021 10:44:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 166730.304316; Fri, 13 Aug 2021 10:44:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mEUfS-0008Ma-UA; Fri, 13 Aug 2021 10:44:02 +0000 Received: by outflank-mailman (input) for mailman id 166730; Fri, 13 Aug 2021 10:44:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mEUfR-0008MU-KF for xen-changelog@lists.xenproject.org; Fri, 13 Aug 2021 10:44:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mEUfR-0003nB-IN for xen-changelog@lists.xenproject.org; Fri, 13 Aug 2021 10:44:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mEUfR-0005Hx-HN for xen-changelog@lists.xenproject.org; Fri, 13 Aug 2021 10:44:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=PxkX1WtYRFsk1/NNTBFQF2iKAFWvfWuQwktBNl+sltQ=; b=i8kKZFxLmZI2pgSnJ4zfgcQjgx Fw3bXBQTil5eo/oCkWqxj2keSYej/Epm3vbgTEPrwhfiyOOkkH1gqmJ4y1SWrANwCRwuNT1VIzm2n XQcxVF8d7DgLXIFE8QZPI1kONvwWAsF7dPR0G3QNKrSxfYlZiDW15qr84W7vIzfTFins=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] kexec: remove use of TRUE/FALSE Message-Id: Date: Fri, 13 Aug 2021 10:44:01 +0000 commit b8848c001f39224340767900ad0365f81aaeeff4 Author: Kevin Stefanov AuthorDate: Thu Aug 12 17:10:23 2021 +0200 Commit: Jan Beulich CommitDate: Thu Aug 12 17:10:23 2021 +0200 kexec: remove use of TRUE/FALSE Whilst fixing this, also changed bool_t to bool, and use __read_mostly. Suggested-by: Andrew Cooper Signed-off-by: Kevin Stefanov Acked-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/common/kexec.c | 6 +++--- xen/include/xen/kexec.h | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/xen/common/kexec.c b/xen/common/kexec.c index ebeee6405a..c63db618a7 100644 --- a/xen/common/kexec.c +++ b/xen/common/kexec.c @@ -35,7 +35,7 @@ #include #endif -bool_t kexecing = FALSE; +bool __read_mostly kexecing; /* Memory regions to store the per cpu register state etc. on a crash. */ typedef struct { Elf_Note * start; size_t size; } crash_note_range_t; @@ -383,7 +383,7 @@ void kexec_crash(enum crash_reason reason) if ( !test_bit(KEXEC_IMAGE_CRASH_BASE + pos, &kexec_flags) ) return; - kexecing = TRUE; + kexecing = true; if ( kexec_common_shutdown() != 0 ) return; @@ -399,7 +399,7 @@ static long kexec_reboot(void *_image) { struct kexec_image *image = _image; - kexecing = TRUE; + kexecing = true; kexec_common_shutdown(); machine_reboot_kexec(image); diff --git a/xen/include/xen/kexec.h b/xen/include/xen/kexec.h index 9f7a912e97..e66eb6a8e5 100644 --- a/xen/include/xen/kexec.h +++ b/xen/include/xen/kexec.h @@ -17,7 +17,7 @@ typedef struct xen_kexec_reserve { extern xen_kexec_reserve_t kexec_crash_area; extern paddr_t kexec_crash_area_limit; -extern bool_t kexecing; +extern bool kexecing; void set_kexec_crash_area_size(u64 system_ram); @@ -81,7 +81,7 @@ void vmcoreinfo_append_str(const char *fmt, ...) #else /* !CONFIG_KEXEC */ #define crashinfo_maxaddr_bits 0 -#define kexecing 0 +#define kexecing false static inline void kexec_early_calculations(void) {} static inline void kexec_crash(enum crash_reason reason) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Aug 13 10:44:13 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 13 Aug 2021 10:44:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.166731.304320 (Exim 4.92) (envelope-from ) id 1mEUfd-0008PK-2N; Fri, 13 Aug 2021 10:44:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 166731.304320; Fri, 13 Aug 2021 10:44:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mEUfc-0008PC-Vk; Fri, 13 Aug 2021 10:44:12 +0000 Received: by outflank-mailman (input) for mailman id 166731; Fri, 13 Aug 2021 10:44:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mEUfb-0008Oy-Md for xen-changelog@lists.xenproject.org; Fri, 13 Aug 2021 10:44:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mEUfb-0003nY-Lc for xen-changelog@lists.xenproject.org; Fri, 13 Aug 2021 10:44:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mEUfb-0005JS-Kg for xen-changelog@lists.xenproject.org; Fri, 13 Aug 2021 10:44:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+e7Su/L+MelnwzmdE2sa3UUr+kSLr2MI9/7GdF2k8Oc=; b=DLVrsoLAy/B6Wrw5SO1z5JvIGh 9srO7fdCwxiZIUn/oqFLeS6GJZpGRZS3tLugnvw9/B8kY5OKRC6tUEa2osxBeqVgrz1j6Ktz9Eg3C 7BZfifJoFOlKDDh15OnTeh0mjquhqzj78b94IJYs49wK41yOtEHu2VvkiYnatMUbNQpo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/bitmap: don't open code DIV_ROUND_UP() Message-Id: Date: Fri, 13 Aug 2021 10:44:11 +0000 commit 5a88d524857e5bf78b077d30ea515fcaac061bfc Author: Jane Malalane AuthorDate: Thu Aug 12 17:14:25 2021 +0200 Commit: Jan Beulich CommitDate: Thu Aug 12 17:14:25 2021 +0200 xen/bitmap: don't open code DIV_ROUND_UP() Also, change bitmap_long_to_byte() and bitmap_byte_to_long() to take 'unsigned int' instead of 'int' number of bits, to match the type of their callers. Suggested-by: Andrew Cooper Signed-off-by: Jane Malalane Reviewed-by: Jan Beulich --- xen/common/bitmap.c | 31 +++++++++++++++++++------------ 1 file changed, 19 insertions(+), 12 deletions(-) diff --git a/xen/common/bitmap.c b/xen/common/bitmap.c index bbc3554ae1..7d4551f782 100644 --- a/xen/common/bitmap.c +++ b/xen/common/bitmap.c @@ -11,6 +11,7 @@ #include #include #include +#include #include /* @@ -338,7 +339,8 @@ EXPORT_SYMBOL(bitmap_allocate_region); #ifdef __BIG_ENDIAN -static void bitmap_long_to_byte(uint8_t *bp, const unsigned long *lp, int nbits) +static void bitmap_long_to_byte(uint8_t *bp, const unsigned long *lp, + unsigned int nbits) { unsigned long l; int i, j, b; @@ -354,7 +356,8 @@ static void bitmap_long_to_byte(uint8_t *bp, const unsigned long *lp, int nbits) clamp_last_byte(bp, nbits); } -static void bitmap_byte_to_long(unsigned long *lp, const uint8_t *bp, int nbits) +static void bitmap_byte_to_long(unsigned long *lp, const uint8_t *bp, + unsigned int nbits) { unsigned long l; int i, j, b; @@ -371,18 +374,20 @@ static void bitmap_byte_to_long(unsigned long *lp, const uint8_t *bp, int nbits) #elif defined(__LITTLE_ENDIAN) -static void bitmap_long_to_byte(uint8_t *bp, const unsigned long *lp, int nbits) +static void bitmap_long_to_byte(uint8_t *bp, const unsigned long *lp, + unsigned int nbits) { - memcpy(bp, lp, (nbits+7)/8); + memcpy(bp, lp, DIV_ROUND_UP(nbits, BITS_PER_BYTE)); clamp_last_byte(bp, nbits); } -static void bitmap_byte_to_long(unsigned long *lp, const uint8_t *bp, int nbits) +static void bitmap_byte_to_long(unsigned long *lp, const uint8_t *bp, + unsigned int nbits) { /* We may need to pad the final longword with zeroes. */ if (nbits & (BITS_PER_LONG-1)) lp[BITS_TO_LONGS(nbits)-1] = 0; - memcpy(lp, bp, (nbits+7)/8); + memcpy(lp, bp, DIV_ROUND_UP(nbits, BITS_PER_BYTE)); } #endif @@ -393,13 +398,14 @@ int bitmap_to_xenctl_bitmap(struct xenctl_bitmap *xenctl_bitmap, unsigned int guest_bytes, copy_bytes, i; uint8_t zero = 0; int err = 0; - uint8_t *bytemap = xmalloc_array(uint8_t, (nbits + 7) / 8); + unsigned int xen_bytes = DIV_ROUND_UP(nbits, BITS_PER_BYTE); + uint8_t *bytemap = xmalloc_array(uint8_t, xen_bytes); if ( !bytemap ) return -ENOMEM; - guest_bytes = (xenctl_bitmap->nr_bits + 7) / 8; - copy_bytes = min(guest_bytes, (nbits + 7) / 8); + guest_bytes = DIV_ROUND_UP(xenctl_bitmap->nr_bits, BITS_PER_BYTE); + copy_bytes = min(guest_bytes, xen_bytes); bitmap_long_to_byte(bytemap, bitmap, nbits); @@ -422,13 +428,14 @@ int xenctl_bitmap_to_bitmap(unsigned long *bitmap, { unsigned int guest_bytes, copy_bytes; int err = 0; - uint8_t *bytemap = xzalloc_array(uint8_t, (nbits + 7) / 8); + unsigned int xen_bytes = DIV_ROUND_UP(nbits, BITS_PER_BYTE); + uint8_t *bytemap = xzalloc_array(uint8_t, xen_bytes); if ( !bytemap ) return -ENOMEM; - guest_bytes = (xenctl_bitmap->nr_bits + 7) / 8; - copy_bytes = min(guest_bytes, (nbits + 7) / 8); + guest_bytes = DIV_ROUND_UP(xenctl_bitmap->nr_bits, BITS_PER_BYTE); + copy_bytes = min(guest_bytes, xen_bytes); if ( copy_bytes ) { -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Aug 13 14:55:11 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 13 Aug 2021 14:55:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.166832.304528 (Exim 4.92) (envelope-from ) id 1mEYaP-0006w4-Rc; Fri, 13 Aug 2021 14:55:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 166832.304528; Fri, 13 Aug 2021 14:55:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mEYaP-0006vw-Oj; Fri, 13 Aug 2021 14:55:05 +0000 Received: by outflank-mailman (input) for mailman id 166832; Fri, 13 Aug 2021 14:55:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mEYaO-0006vo-Uv for xen-changelog@lists.xenproject.org; Fri, 13 Aug 2021 14:55:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mEYaO-000877-Tz for xen-changelog@lists.xenproject.org; Fri, 13 Aug 2021 14:55:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mEYaO-0005es-Su for xen-changelog@lists.xenproject.org; Fri, 13 Aug 2021 14:55:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OGBXUwTwM/zDm7afb4CDYLnCJvuE5Xk2nrah7SD9dyc=; b=1l8jtKYIVWltRPuSbpaKXED4pC s+8gYYNjqPHID2ujwBBfYMe5sj6qTKl6nWX1+uAYf3wdAx5y8ToKNw2oUGvQckOyHM50dpxZrgqgw RF950xhF6XsYQU9p/FIU/t/emEWebNdcPrAvv6DEUJjwhqt3SojboYbhQ0yCPrSPr3zw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] libxenguest: complete loops in xc_map_domain_meminfo() Message-Id: Date: Fri, 13 Aug 2021 14:55:04 +0000 commit 1a838bf72584788310496ba5f3d865457c80727f Author: Jan Beulich AuthorDate: Fri Aug 13 16:49:10 2021 +0200 Commit: Jan Beulich CommitDate: Fri Aug 13 16:49:10 2021 +0200 libxenguest: complete loops in xc_map_domain_meminfo() minfo->p2m_size may have more than 31 significant bits. Change the induction variable to unsigned long, and (largely for signed-ness consistency) a helper variable to unsigned int. While there also avoid open-coding min(). Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- tools/libs/guest/xg_domain.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/tools/libs/guest/xg_domain.c b/tools/libs/guest/xg_domain.c index 155e337427..f0e7748449 100644 --- a/tools/libs/guest/xg_domain.c +++ b/tools/libs/guest/xg_domain.c @@ -40,7 +40,7 @@ int xc_map_domain_meminfo(xc_interface *xch, uint32_t domid, xc_dominfo_t info; shared_info_any_t *live_shinfo; xen_capabilities_info_t xen_caps = ""; - int i; + unsigned long i; /* Only be initialized once */ if ( minfo->pfn_type || minfo->p2m_table ) @@ -116,12 +116,11 @@ int xc_map_domain_meminfo(xc_interface *xch, uint32_t domid, /* Retrieve PFN types in batches */ for ( i = 0; i < minfo->p2m_size ; i+=1024 ) { - int count = ((minfo->p2m_size - i ) > 1024 ) ? - 1024: (minfo->p2m_size - i); + unsigned int count = min(minfo->p2m_size - i, 1024UL); if ( xc_get_pfn_type_batch(xch, domid, count, minfo->pfn_type + i) ) { - PERROR("Could not get %d-eth batch of PFN types", (i+1)/1024); + PERROR("Could not get batch %lu of PFN types", (i + 1) / 1024); goto failed; } } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Aug 13 14:55:15 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 13 Aug 2021 14:55:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.166833.304532 (Exim 4.92) (envelope-from ) id 1mEYaZ-0006z3-T0; Fri, 13 Aug 2021 14:55:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 166833.304532; Fri, 13 Aug 2021 14:55:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mEYaZ-0006yw-QB; Fri, 13 Aug 2021 14:55:15 +0000 Received: by outflank-mailman (input) for mailman id 166833; Fri, 13 Aug 2021 14:55:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mEYaZ-0006ym-2E for xen-changelog@lists.xenproject.org; Fri, 13 Aug 2021 14:55:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mEYaZ-000884-1P for xen-changelog@lists.xenproject.org; Fri, 13 Aug 2021 14:55:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mEYaZ-0005g5-0N for xen-changelog@lists.xenproject.org; Fri, 13 Aug 2021 14:55:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=76O11mBIkE5HZ+JN3ny+Y6QQ+rL3uQJ4ZBPdfFx2vUk=; b=dN5DVlEhBlkgX+wDCrkTqW85R0 WZxv1mPuPPIJIDswFlnDJCO9NIwUffjlI2In75cXkYIqKJmC2ZI8kkuXVulg+gAkeETsKdGFes778 zrWOj3VvXt4iT7NQNyrnbgmZEqveW+zrie8D+mbNtf1mE79in0t4BtcuIER/0+YzNglc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] libxenguest: fix off-by-1 in colo-secondary-bitmap merging Message-Id: Date: Fri, 13 Aug 2021 14:55:15 +0000 commit e241d15f1c8a8a02baa401af857393f9ada5aeb3 Author: Jan Beulich AuthorDate: Fri Aug 13 16:49:46 2021 +0200 Commit: Jan Beulich CommitDate: Fri Aug 13 16:49:46 2021 +0200 libxenguest: fix off-by-1 in colo-secondary-bitmap merging Valid GFNs (having a representation in the dirty bitmap) need to be strictly below p2m_size. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper --- tools/libs/guest/xg_sr_save.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/libs/guest/xg_sr_save.c b/tools/libs/guest/xg_sr_save.c index 3fce41b6cf..0266e0a94a 100644 --- a/tools/libs/guest/xg_sr_save.c +++ b/tools/libs/guest/xg_sr_save.c @@ -614,7 +614,7 @@ static int colo_merge_secondary_dirty_bitmap(struct xc_sr_context *ctx) for ( i = 0; i < count; i++ ) { pfn = pfns[i]; - if ( pfn > ctx->save.p2m_size ) + if ( pfn >= ctx->save.p2m_size ) { PERROR("Invalid pfn 0x%" PRIx64, pfn); rc = -1; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Aug 13 14:55:25 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 13 Aug 2021 14:55:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.166834.304536 (Exim 4.92) (envelope-from ) id 1mEYaj-00072J-Uq; Fri, 13 Aug 2021 14:55:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 166834.304536; Fri, 13 Aug 2021 14:55:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mEYaj-00072B-Ry; Fri, 13 Aug 2021 14:55:25 +0000 Received: by outflank-mailman (input) for mailman id 166834; Fri, 13 Aug 2021 14:55:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mEYaj-00071z-5w for xen-changelog@lists.xenproject.org; Fri, 13 Aug 2021 14:55:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mEYaj-00088L-54 for xen-changelog@lists.xenproject.org; Fri, 13 Aug 2021 14:55:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mEYaj-0005gy-3i for xen-changelog@lists.xenproject.org; Fri, 13 Aug 2021 14:55:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=3pcYjWqIFd2O7VE8QozLX1EQVhRAwNeCqrspuDKQMrE=; b=b2dUcmwG/hZp4lbpIT7isdgdPu LRaJaXYJw69tR0XCn+Mo8isTMB5dQRLfRbx54/NQekiMC4zGm12vVpD4kP81JdVtRNgbv47yQ1qO4 5AHaEoV5qDs0/DqkFvTGJrdsjsaPPjUkF07QyeURMeyO2sd5o/0VWh9FKWZjb5PAZ6EE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] libxc: simplify HYPERCALL_BUFFER() Message-Id: Date: Fri, 13 Aug 2021 14:55:25 +0000 commit 5c34b9af05b9e5abd25d88efc4fb783136547810 Author: Jan Beulich AuthorDate: Fri Aug 13 16:50:09 2021 +0200 Commit: Jan Beulich CommitDate: Fri Aug 13 16:50:09 2021 +0200 libxc: simplify HYPERCALL_BUFFER() _hcbuf_buf1 has been there only for a pointer comparison to validate type compatibility. The same can be achieved by not using typeof() on the definition of what so far was _hcbuf_buf2, as the initializer has to also be type-compatible. Drop _hcbuf_buf1 and the comaprison; rename _hcbuf_buf2. Since we're already using compiler extensions here, don't be shy and also omit the middle operand of the involved ?: operator. Bring line continuation character placement in line with that of related macros. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- tools/include/xenctrl.h | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/tools/include/xenctrl.h b/tools/include/xenctrl.h index 14adaa0c10..b77726eab7 100644 --- a/tools/include/xenctrl.h +++ b/tools/include/xenctrl.h @@ -247,13 +247,10 @@ typedef struct xc_hypercall_buffer xc_hypercall_buffer_t; /* * Returns the hypercall_buffer associated with a variable. */ -#define HYPERCALL_BUFFER(_name) \ - ({ xc_hypercall_buffer_t _hcbuf_buf1; \ - typeof(XC__HYPERCALL_BUFFER_NAME(_name)) *_hcbuf_buf2 = \ - &XC__HYPERCALL_BUFFER_NAME(_name); \ - (void)(&_hcbuf_buf1 == _hcbuf_buf2); \ - (_hcbuf_buf2)->param_shadow ? \ - (_hcbuf_buf2)->param_shadow : (_hcbuf_buf2); \ +#define HYPERCALL_BUFFER(_name) \ + ({ xc_hypercall_buffer_t *_hcbuf_buf = \ + &XC__HYPERCALL_BUFFER_NAME(_name); \ + _hcbuf_buf->param_shadow ?: _hcbuf_buf; \ }) #define HYPERCALL_BUFFER_INIT_NO_BOUNCE .dir = 0, .sz = 0, .ubuf = (void *)-1 -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Aug 16 13:22:11 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 16 Aug 2021 13:22:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.167344.305443 (Exim 4.92) (envelope-from ) id 1mFcZ4-0004NZ-5M; Mon, 16 Aug 2021 13:22:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 167344.305443; Mon, 16 Aug 2021 13:22:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mFcZ4-0004NR-28; Mon, 16 Aug 2021 13:22:06 +0000 Received: by outflank-mailman (input) for mailman id 167344; Mon, 16 Aug 2021 13:22:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mFcZ3-0004NL-Hs for xen-changelog@lists.xenproject.org; Mon, 16 Aug 2021 13:22:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mFcZ3-0005ue-FR for xen-changelog@lists.xenproject.org; Mon, 16 Aug 2021 13:22:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mFcZ3-00019Q-ED for xen-changelog@lists.xenproject.org; Mon, 16 Aug 2021 13:22:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=lCQMkqEv/vZJkXDmuWm8b190c2fMS37CGWrchh4NfJk=; b=akRYZv5jyyg4U83s9B4HzdIzzk YDgTTA7fHkCxChgjvyp1Wref5WZ9wAHh4h96EJu0oYPKucBxyaMWmvP5xeqavZvDJE+Rvugy8I93J RLOid35w893LecAECfaZylMoWcBj7blzqA0XpwV+t0EHyo1bgQQV3PCQC/270xC6+wOo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] ns16550: do not override fifo size if explicitly set Message-Id: Date: Mon, 16 Aug 2021 13:22:05 +0000 commit 60a9d8d2fc9c4a524c7342499580a88aaa3a2b55 Author: Marek Marczykowski-Górecki AuthorDate: Mon Aug 16 15:14:37 2021 +0200 Commit: Jan Beulich CommitDate: Mon Aug 16 15:14:37 2021 +0200 ns16550: do not override fifo size if explicitly set If fifo size is already set via uart_params, do not force it to 16 - which may not match the actual hardware. Specifically Exar cards have fifo of 256 bytes. Signed-off-by: Marek Marczykowski-Górecki Reviewed-by: Jan Beulich --- xen/drivers/char/ns16550.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/xen/drivers/char/ns16550.c b/xen/drivers/char/ns16550.c index 16a73d0c0e..97b85b0225 100644 --- a/xen/drivers/char/ns16550.c +++ b/xen/drivers/char/ns16550.c @@ -357,7 +357,8 @@ static void __init ns16550_init_preirq(struct serial_port *port) ns16550_setup_preirq(uart); /* Check this really is a 16550+. Otherwise we have no FIFOs. */ - if ( ((ns_read_reg(uart, UART_IIR) & 0xc0) == 0xc0) && + if ( uart->fifo_size <= 1 && + ((ns_read_reg(uart, UART_IIR) & 0xc0) == 0xc0) && ((ns_read_reg(uart, UART_FCR) & UART_FCR_TRG14) == UART_FCR_TRG14) ) uart->fifo_size = 16; } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Aug 16 13:22:17 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 16 Aug 2021 13:22:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.167345.305447 (Exim 4.92) (envelope-from ) id 1mFcZF-0004Qy-6j; Mon, 16 Aug 2021 13:22:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 167345.305447; Mon, 16 Aug 2021 13:22:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mFcZF-0004Qq-3o; Mon, 16 Aug 2021 13:22:17 +0000 Received: by outflank-mailman (input) for mailman id 167345; Mon, 16 Aug 2021 13:22:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mFcZD-0004Qg-Jo for xen-changelog@lists.xenproject.org; Mon, 16 Aug 2021 13:22:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mFcZD-0005ul-J5 for xen-changelog@lists.xenproject.org; Mon, 16 Aug 2021 13:22:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mFcZD-0001An-I4 for xen-changelog@lists.xenproject.org; Mon, 16 Aug 2021 13:22:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xGkWv6StUzAPSUdIOLF86L0jh6adDJ3M2FMX894WuzQ=; b=Wv32qypn7uZFEio5HDj4KMZR/E 14ujV+XlehVVeq+myswuhGOrrzyYU7MRL/tMnlkkUx9WIRqY0c4McoKe8fXrFKp4PGL/SDqC4fU50 0+r8vLkIvxFRm/WHdVdGgCxSkzM59b25ALZY/g6b4Hl2BV13TH90Ie7OEqRoI/W7IZkg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/pv: remove unnecessary use of goto out in construct_dom0() Message-Id: Date: Mon, 16 Aug 2021 13:22:15 +0000 commit c53aa9e655e7c615283e9e9637376c2b865e9dae Author: Jane Malalane AuthorDate: Mon Aug 16 15:15:43 2021 +0200 Commit: Jan Beulich CommitDate: Mon Aug 16 15:15:43 2021 +0200 x86/pv: remove unnecessary use of goto out in construct_dom0() elf_check_broken() only needs to be invoked after elf_xen_parse() and after elf_load_binary(). Suggested-by: Jan Beulich Signed-off-by: Jane Malalane Reviewed-by: Jan Beulich --- xen/arch/x86/pv/dom0_build.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/pv/dom0_build.c b/xen/arch/x86/pv/dom0_build.c index af47615b22..8712baccc1 100644 --- a/xen/arch/x86/pv/dom0_build.c +++ b/xen/arch/x86/pv/dom0_build.c @@ -400,8 +400,7 @@ int __init dom0_construct_pv(struct domain *d, if ( !compatible ) { printk("Mismatch between Xen and DOM0 kernel\n"); - rc = -EINVAL; - goto out; + return -EINVAL; } if ( parms.elf_notes[XEN_ELFNOTE_SUPPORTED_FEATURES].type != XEN_ENT_NONE ) @@ -409,8 +408,7 @@ int __init dom0_construct_pv(struct domain *d, if ( !pv_shim && !test_bit(XENFEAT_dom0, parms.f_supported) ) { printk("Kernel does not support Dom0 operation\n"); - rc = -EINVAL; - goto out; + return -EINVAL; } } @@ -607,8 +605,7 @@ int __init dom0_construct_pv(struct domain *d, : (v_start < HYPERVISOR_VIRT_END) && (v_end > HYPERVISOR_VIRT_START) ) { printk("DOM0 image overlaps with Xen private area.\n"); - rc = -EINVAL; - goto out; + return -EINVAL; } if ( compat ) @@ -753,8 +750,7 @@ int __init dom0_construct_pv(struct domain *d, mapcache_override_current(NULL); switch_cr3_cr4(current->arch.cr3, read_cr4()); printk("Invalid HYPERCALL_PAGE field in ELF notes.\n"); - rc = -EINVAL; - goto out; + return -EINVAL; } init_hypercall_page(d, _p(parms.virt_hypercall)); } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Aug 16 13:22:27 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 16 Aug 2021 13:22:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.167346.305451 (Exim 4.92) (envelope-from ) id 1mFcZP-0004UG-8O; Mon, 16 Aug 2021 13:22:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 167346.305451; Mon, 16 Aug 2021 13:22:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mFcZP-0004U6-5P; Mon, 16 Aug 2021 13:22:27 +0000 Received: by outflank-mailman (input) for mailman id 167346; Mon, 16 Aug 2021 13:22:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mFcZN-0004Tp-Nb for xen-changelog@lists.xenproject.org; Mon, 16 Aug 2021 13:22:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mFcZN-0005uv-Mc for xen-changelog@lists.xenproject.org; Mon, 16 Aug 2021 13:22:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mFcZN-0001CK-LZ for xen-changelog@lists.xenproject.org; Mon, 16 Aug 2021 13:22:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=gBa2tboajd5UCnQhWAkb5l7Q7nzQSZhifDRMLU9QH00=; b=zJOcW9+8T9Df9Q8LMn6NbDCctd XMeyl6E8nkKN7LlnqjU7Ri+GNtOcz+9K+kT3sk8Hwtg4F+onuxXJDA5SeBV1o8Y0MeAxVxewIsXcW dVrHr62d39UNZDnm7eWdSfcoKPosJ0PzSDkvNZwkwh+GB4hNlcV/T9GhpDQu+BCPg7yI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/pv: provide more helpful error when CONFIG_PV32 is absent Message-Id: Date: Mon, 16 Aug 2021 13:22:25 +0000 commit 2e5512d1ffd2e720f25c376df12db8a914117589 Author: Jane Malalane AuthorDate: Mon Aug 16 15:16:20 2021 +0200 Commit: Jan Beulich CommitDate: Mon Aug 16 15:16:20 2021 +0200 x86/pv: provide more helpful error when CONFIG_PV32 is absent Currently, when booting a 32bit dom0 kernel, the message isn't very helpful: (XEN) Xen kernel: 64-bit, lsb (XEN) Dom0 kernel: 32-bit, PAE, lsb, paddr 0x100000 -> 0x112000 (XEN) Mismatch between Xen and DOM0 kernel (XEN) (XEN) **************************************** (XEN) Panic on CPU 0: (XEN) Could not construct domain 0 (XEN) **************************************** With this adjustment, it now looks like this: (XEN) Xen kernel: 64-bit, lsb (XEN) Found 32-bit PV kernel, but CONFIG_PV32 missing (XEN) (XEN) **************************************** (XEN) Panic on CPU 0: (XEN) Could not construct domain 0 (XEN) **************************************** Suggested-by: Andrew Cooper Signed-off-by: Jane Malalane Reviewed-by: Jan Beulich --- xen/arch/x86/pv/dom0_build.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/pv/dom0_build.c b/xen/arch/x86/pv/dom0_build.c index 8712baccc1..d5a1a6a4e2 100644 --- a/xen/arch/x86/pv/dom0_build.c +++ b/xen/arch/x86/pv/dom0_build.c @@ -362,9 +362,9 @@ int __init dom0_construct_pv(struct domain *d, compatible = false; machine = elf_uval(&elf, elf.ehdr, e_machine); -#ifdef CONFIG_PV32 if ( elf_32bit(&elf) ) { +#ifdef CONFIG_PV32 if ( parms.pae == XEN_PAE_BIMODAL ) parms.pae = XEN_PAE_EXTCR3; if ( parms.pae && machine == EM_386 ) @@ -377,8 +377,11 @@ int __init dom0_construct_pv(struct domain *d, compatible = true; } - } +#else + printk("Found 32-bit PV kernel, but CONFIG_PV32 missing\n"); + return -EOPNOTSUPP; #endif + } compat = is_pv_32bit_domain(d); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Aug 16 13:22:37 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 16 Aug 2021 13:22:37 +0000 Received: from list by lists.xenproject.org with outflank-mailman.167347.305455 (Exim 4.92) (envelope-from ) id 1mFcZZ-0004XP-9y; Mon, 16 Aug 2021 13:22:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 167347.305455; Mon, 16 Aug 2021 13:22:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mFcZZ-0004XH-74; Mon, 16 Aug 2021 13:22:37 +0000 Received: by outflank-mailman (input) for mailman id 167347; Mon, 16 Aug 2021 13:22:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mFcZX-0004Wy-Rc for xen-changelog@lists.xenproject.org; Mon, 16 Aug 2021 13:22:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mFcZX-0005v7-Qf for xen-changelog@lists.xenproject.org; Mon, 16 Aug 2021 13:22:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mFcZX-0001Dm-PV for xen-changelog@lists.xenproject.org; Mon, 16 Aug 2021 13:22:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ahLOg8KzC+gUxkeqZvZAx7jpV6SjE5EblWOzf9J8VPg=; b=JVJRh8NPgY6jqr4uxlO9oiXfnI Hiw4vqla0P8fe7Q1apkKGn7zxam6qo0AJUtc1o1LB8eKxn380Wz2lDGmyMhDAcGiXOUyCHZ5D6Pi1 K1rJbRR60PzqwlyCDC2Cq3KnuenHl18CLBURJ1qSzZjwyGWxK44aOTJVX02vyel1Kq1I=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/ioapic: remove use of TRUE/FALSE/1/0 Message-Id: Date: Mon, 16 Aug 2021 13:22:35 +0000 commit 274c5e79c792ce0331d0d8cd9a01545dea5a48fd Author: Kevin Stefanov AuthorDate: Mon Aug 16 15:16:56 2021 +0200 Commit: Jan Beulich CommitDate: Mon Aug 16 15:16:56 2021 +0200 x86/ioapic: remove use of TRUE/FALSE/1/0 Also fix stray usage in VT-d. Suggested-by: Andrew Cooper Signed-off-by: Kevin Stefanov Reviewed-by: Jan Beulich --- xen/arch/x86/io_apic.c | 38 +++++++++++++++++----------------- xen/drivers/passthrough/vtd/intremap.c | 6 +++--- xen/drivers/passthrough/vtd/utils.c | 2 +- 3 files changed, 23 insertions(+), 23 deletions(-) diff --git a/xen/arch/x86/io_apic.c b/xen/arch/x86/io_apic.c index 58b26d962c..c3ad9efac8 100644 --- a/xen/arch/x86/io_apic.c +++ b/xen/arch/x86/io_apic.c @@ -289,7 +289,7 @@ static void __io_apic_eoi(unsigned int apic, unsigned int vector, unsigned int p { /* If vector is unknown, read it from the IO-APIC */ if ( vector == IRQ_VECTOR_UNASSIGNED ) - vector = __ioapic_read_entry(apic, pin, TRUE).vector; + vector = __ioapic_read_entry(apic, pin, true).vector; *(IO_APIC_BASE(apic)+16) = vector; } @@ -300,28 +300,28 @@ static void __io_apic_eoi(unsigned int apic, unsigned int vector, unsigned int p struct IO_APIC_route_entry entry; bool need_to_unmask = false; - entry = __ioapic_read_entry(apic, pin, TRUE); + entry = __ioapic_read_entry(apic, pin, true); if ( ! entry.mask ) { /* If entry is not currently masked, mask it and make * a note to unmask it later */ entry.mask = 1; - __ioapic_write_entry(apic, pin, TRUE, entry); + __ioapic_write_entry(apic, pin, true, entry); need_to_unmask = true; } /* Flip the trigger mode to edge and back */ entry.trigger = 0; - __ioapic_write_entry(apic, pin, TRUE, entry); + __ioapic_write_entry(apic, pin, true, entry); entry.trigger = 1; - __ioapic_write_entry(apic, pin, TRUE, entry); + __ioapic_write_entry(apic, pin, true, entry); if ( need_to_unmask ) { /* Unmask if neccesary */ entry.mask = 0; - __ioapic_write_entry(apic, pin, TRUE, entry); + __ioapic_write_entry(apic, pin, true, entry); } } } @@ -344,7 +344,7 @@ int save_IO_APIC_setup(struct IO_APIC_route_entry **ioapic_entries) return -ENOMEM; for (pin = 0; pin < nr_ioapic_entries[apic]; pin++) - ioapic_entries[apic][pin] = __ioapic_read_entry(apic, pin, 1); + ioapic_entries[apic][pin] = __ioapic_read_entry(apic, pin, true); } return 0; @@ -374,7 +374,7 @@ void mask_IO_APIC_setup(struct IO_APIC_route_entry **ioapic_entries) if (!entry.mask) { entry.mask = 1; - ioapic_write_entry(apic, pin, 1, entry); + ioapic_write_entry(apic, pin, true, entry); } } } @@ -1047,7 +1047,7 @@ static void __init setup_IO_APIC_irqs(void) SET_DEST(entry, logical, cpu_mask_to_apicid(TARGET_CPUS)); spin_lock_irqsave(&ioapic_lock, flags); - __ioapic_write_entry(apic, pin, 0, entry); + __ioapic_write_entry(apic, pin, false, entry); spin_unlock_irqrestore(&ioapic_lock, flags); } } @@ -1091,7 +1091,7 @@ static void __init setup_ExtINT_IRQ0_pin(unsigned int apic, unsigned int pin, in /* * Add it to the IO-APIC irq-routing table: */ - ioapic_write_entry(apic, pin, 0, entry); + ioapic_write_entry(apic, pin, false, entry); enable_8259A_irq(irq_to_desc(0)); } @@ -1203,7 +1203,7 @@ static void /*__init*/ __print_IO_APIC(bool boot) for (i = 0; i <= reg_01.bits.entries; i++) { struct IO_APIC_route_entry entry; - entry = ioapic_read_entry(apic, i, 0); + entry = ioapic_read_entry(apic, i, false); if ( x2apic_enabled && iommu_intremap ) printk(KERN_DEBUG " %02x %08x", i, entry.dest.dest32); @@ -1290,7 +1290,7 @@ static void __init enable_IO_APIC(void) int pin; /* See if any of the pins is in ExtINT mode */ for (pin = 0; pin < nr_ioapic_entries[apic]; pin++) { - struct IO_APIC_route_entry entry = ioapic_read_entry(apic, pin, 0); + struct IO_APIC_route_entry entry = ioapic_read_entry(apic, pin, false); /* If the interrupt line is enabled and in ExtInt mode * I have found the pin where the i8259 is connected. @@ -1361,7 +1361,7 @@ void disable_IO_APIC(void) /* * Add it to the IO-APIC irq-routing table: */ - ioapic_write_entry(ioapic_i8259.apic, ioapic_i8259.pin, 0, entry); + ioapic_write_entry(ioapic_i8259.apic, ioapic_i8259.pin, false, entry); } disconnect_bsp_APIC(ioapic_i8259.pin != -1); } @@ -1841,7 +1841,7 @@ static void __init unlock_ExtINT_logic(void) if ( pin == -1 || apic == -1 ) return; - entry0 = ioapic_read_entry(apic, pin, 0); + entry0 = ioapic_read_entry(apic, pin, false); clear_IO_APIC_pin(apic, pin); memset(&entry1, 0, sizeof(entry1)); @@ -1854,7 +1854,7 @@ static void __init unlock_ExtINT_logic(void) entry1.trigger = 0; entry1.vector = 0; - ioapic_write_entry(apic, pin, 0, entry1); + ioapic_write_entry(apic, pin, false, entry1); save_control = CMOS_READ(RTC_CONTROL); save_freq_select = CMOS_READ(RTC_FREQ_SELECT); @@ -1873,7 +1873,7 @@ static void __init unlock_ExtINT_logic(void) CMOS_WRITE(save_freq_select, RTC_FREQ_SELECT); clear_IO_APIC_pin(apic, pin); - ioapic_write_entry(apic, pin, 0, entry0); + ioapic_write_entry(apic, pin, false, entry0); } /* @@ -2287,7 +2287,7 @@ int io_apic_set_pci_routing (int ioapic, int pin, int irq, int edge_level, int a disable_8259A_irq(desc); spin_lock_irqsave(&ioapic_lock, flags); - __ioapic_write_entry(ioapic, pin, 0, entry); + __ioapic_write_entry(ioapic, pin, false, entry); spin_unlock(&ioapic_lock); spin_lock(&desc->lock); @@ -2476,7 +2476,7 @@ int ioapic_guest_write(unsigned long physbase, unsigned int reg, u32 val) rte.mask = 1; } - __ioapic_write_entry(apic, pin, 0, rte); + __ioapic_write_entry(apic, pin, false, rte); spin_unlock_irqrestore(&ioapic_lock, flags); @@ -2529,7 +2529,7 @@ void dump_ioapic_irq_info(void) printk(" Apic 0x%02x, Pin %2d: ", entry->apic, pin); - rte = ioapic_read_entry(entry->apic, pin, 0); + rte = ioapic_read_entry(entry->apic, pin, false); printk("vec=%02x delivery=%-5s dest=%c status=%d " "polarity=%d irr=%d trig=%c mask=%d dest_id:%0*x\n", diff --git a/xen/drivers/passthrough/vtd/intremap.c b/xen/drivers/passthrough/vtd/intremap.c index d0f70d90eb..01152f2006 100644 --- a/xen/drivers/passthrough/vtd/intremap.c +++ b/xen/drivers/passthrough/vtd/intremap.c @@ -427,7 +427,7 @@ unsigned int io_apic_read_remap_rte( ( (index = apic_pin_2_ir_idx[apic][ioapic_pin]) < 0 ) ) return __io_apic_read(apic, reg); - old_rte = __ioapic_read_entry(apic, ioapic_pin, 1); + old_rte = __ioapic_read_entry(apic, ioapic_pin, true); if ( remap_entry_to_ioapic_rte(iommu, index, &old_rte) ) return __io_apic_read(apic, reg); @@ -448,7 +448,7 @@ void io_apic_write_remap_rte( struct vtd_iommu *iommu = ioapic_to_iommu(IO_APIC_ID(apic)); int saved_mask; - old_rte = __ioapic_read_entry(apic, ioapic_pin, 1); + old_rte = __ioapic_read_entry(apic, ioapic_pin, true); remap_rte = (struct IO_APIC_route_remap_entry *) &old_rte; @@ -468,7 +468,7 @@ void io_apic_write_remap_rte( __io_apic_write(apic, reg & ~1, *(u32 *)&old_rte); } else - __ioapic_write_entry(apic, ioapic_pin, 1, old_rte); + __ioapic_write_entry(apic, ioapic_pin, true, old_rte); } static void set_msi_source_id(struct pci_dev *pdev, struct iremap_entry *ire) diff --git a/xen/drivers/passthrough/vtd/utils.c b/xen/drivers/passthrough/vtd/utils.c index 4febcf506d..70add3cc8e 100644 --- a/xen/drivers/passthrough/vtd/utils.c +++ b/xen/drivers/passthrough/vtd/utils.c @@ -281,7 +281,7 @@ void vtd_dump_iommu_info(unsigned char key) for ( i = 0; i <= reg_01.bits.entries; i++ ) { struct IO_APIC_route_entry rte = - __ioapic_read_entry(apic, i, TRUE); + __ioapic_read_entry(apic, i, true); remap = (struct IO_APIC_route_remap_entry *) &rte; if ( !remap->format ) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Aug 16 15:11:13 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 16 Aug 2021 15:11:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.167386.305528 (Exim 4.92) (envelope-from ) id 1mFeGZ-00010j-Px; Mon, 16 Aug 2021 15:11:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 167386.305528; Mon, 16 Aug 2021 15:11:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mFeGZ-00010b-Mu; Mon, 16 Aug 2021 15:11:07 +0000 Received: by outflank-mailman (input) for mailman id 167386; Mon, 16 Aug 2021 15:11:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mFeGX-00010V-KO for xen-changelog@lists.xenproject.org; Mon, 16 Aug 2021 15:11:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mFeGX-0007t1-Gx for xen-changelog@lists.xenproject.org; Mon, 16 Aug 2021 15:11:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mFeGX-000601-Fs for xen-changelog@lists.xenproject.org; Mon, 16 Aug 2021 15:11:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=8LEjbEwF9K7I8NHL0wPwXvLuDxKoHkkzfOaeTVa6hq4=; b=BcMkGFzab0tNsQx2X6A+bjVNbm /tyJu5o3CyA47VF1CMo38QqDEuamiDfXudorg9Lip8xbEkfJlmcLAcOHgbEfYhVA04yvlN+OwEJgw Z4EJeDxmJxyl2zSOUJQoFwtPyBObqdQc0+jtXhWVnomBfLpMoAivA34YLUyCUYa7IU7A=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] MAINTAINERS: Fix file path for kexec headers Message-Id: Date: Mon, 16 Aug 2021 15:11:05 +0000 commit 6928bc511399fd8f593fe49a3241212860a6a1b5 Author: Andrew Cooper AuthorDate: Thu Aug 12 14:49:57 2021 +0100 Commit: Andrew Cooper CommitDate: Mon Aug 16 15:57:30 2021 +0100 MAINTAINERS: Fix file path for kexec headers Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- MAINTAINERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MAINTAINERS b/MAINTAINERS index 56d16e4328..9be4ad653a 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -370,7 +370,7 @@ KEXEC M: Andrew Cooper S: Supported F: xen/common/{kexec,kimage}.c -F: xen/include/{kexec,kimage}.h +F: xen/include/xen/{kexec,kimage}.h F: xen/arch/x86/machine_kexec.c F: xen/arch/x86/x86_64/kexec_reloc.S -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Aug 16 15:11:17 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 16 Aug 2021 15:11:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.167387.305534 (Exim 4.92) (envelope-from ) id 1mFeGj-00012Y-SP; Mon, 16 Aug 2021 15:11:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 167387.305534; Mon, 16 Aug 2021 15:11:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mFeGj-00012Q-OM; Mon, 16 Aug 2021 15:11:17 +0000 Received: by outflank-mailman (input) for mailman id 167387; Mon, 16 Aug 2021 15:11:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mFeGh-00012B-Lk for xen-changelog@lists.xenproject.org; Mon, 16 Aug 2021 15:11:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mFeGh-0007t5-Kp for xen-changelog@lists.xenproject.org; Mon, 16 Aug 2021 15:11:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mFeGh-00061Z-Jh for xen-changelog@lists.xenproject.org; Mon, 16 Aug 2021 15:11:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=iyyv9gTEc97Ko24SHGjk+gInpvWFU4wV9YaJnv80Zw0=; b=5lxCvUxViZrhoZBwAUqs4fy1Zp Fvt+VYAmkWtY8esaUg9nGjYlsmnLju8e58bPCxQWOGZ6kKofmjnSKigYizj5fvB6WyKoulS9aZNnU 7cSudsGfSwBUjZwoEpGZD68wvU/2hlos130Ie5hTet+qkdBAkVYUTvwa7cWlgg3yBZvY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/ACPI: Insert missing newlines into FACS error messages Message-Id: Date: Mon, 16 Aug 2021 15:11:15 +0000 commit bc141e8ca56200bdd0a12e04a6ebff3c19d6c27b Author: Andrew Cooper AuthorDate: Mon Aug 16 14:24:44 2021 +0100 Commit: Andrew Cooper CommitDate: Mon Aug 16 15:58:31 2021 +0100 x86/ACPI: Insert missing newlines into FACS error messages Booting Xen as a PVH guest currently yields: (XEN) ACPI: SLEEP INFO: pm1x_cnt[1:b004,1:0], pm1x_evt[1:b000,1:0] (XEN) ACPI: FACS is not 64-byte aligned: 0xfc001010<2>ACPI: wakeup_vec[fc00101c], vec_size[20] (XEN) ACPI: Local APIC address 0xfee00000 Insert newlines as appropriate. Fixes: d3faf9badf52 ("[host s3] Retrieve necessary sleep information from plain-text ACPI tables (FADT/FACS), and keep one hypercall remained for sleep notification.") Fixes: 0f089bbf43ec ("x86/ACPI: fix S3 wakeup vector mapping") Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/acpi/boot.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/acpi/boot.c b/xen/arch/x86/acpi/boot.c index ff4685279f..8fe2d6fe0f 100644 --- a/xen/arch/x86/acpi/boot.c +++ b/xen/arch/x86/acpi/boot.c @@ -432,19 +432,19 @@ acpi_fadt_parse_sleep_info(const struct acpi_table_fadt *fadt) } if (facs->length < 24) { - printk(KERN_ERR PREFIX "Invalid FACS table length: %#x", + printk(KERN_ERR PREFIX "Invalid FACS table length: %#x\n", facs->length); goto done; } if (facs->length < 64) printk(KERN_WARNING PREFIX - "FACS is shorter than ACPI spec allow: %#x", + "FACS is shorter than ACPI spec allow: %#x\n", facs->length); if (facs_pa % 64) printk(KERN_WARNING PREFIX - "FACS is not 64-byte aligned: %#lx", + "FACS is not 64-byte aligned: %#lx\n", facs_pa); acpi_sinfo.wakeup_vector = facs_pa + -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Aug 16 15:11:27 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 16 Aug 2021 15:11:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.167388.305536 (Exim 4.92) (envelope-from ) id 1mFeGt-000164-TH; Mon, 16 Aug 2021 15:11:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 167388.305536; Mon, 16 Aug 2021 15:11:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mFeGt-00015u-Pw; Mon, 16 Aug 2021 15:11:27 +0000 Received: by outflank-mailman (input) for mailman id 167388; Mon, 16 Aug 2021 15:11:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mFeGr-00015R-PS for xen-changelog@lists.xenproject.org; Mon, 16 Aug 2021 15:11:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mFeGr-0007tK-Of for xen-changelog@lists.xenproject.org; Mon, 16 Aug 2021 15:11:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mFeGr-000632-Nd for xen-changelog@lists.xenproject.org; Mon, 16 Aug 2021 15:11:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=GbrFaa3An8CklYEaKM1Ddszmw6sFJAFg1u7Eu/rBjd8=; b=SbfmP8jjX63WeCw4DY+KYmP5Pl d5zbSIqxGlqFY1syn8iX8C/E3PLXdbTYOoL6iC1hPhjqbmbNnOnIoKykAd6icg/xfIGBN/hfDemAz lIHllTpboaSsanHTuG+CxEEftBu8ur2CcGlmXiGiO90AxN7SZqD1xaiLy/VXQWQPJuXk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/cet: Fix shskt manipulation error with BUGFRAME_{warn,run_fn} Message-Id: Date: Mon, 16 Aug 2021 15:11:25 +0000 commit 35727551c0703493a2240e967cffc3063b13d49c Author: Andrew Cooper AuthorDate: Thu Aug 12 17:39:16 2021 +0100 Commit: Andrew Cooper CommitDate: Mon Aug 16 16:03:20 2021 +0100 x86/cet: Fix shskt manipulation error with BUGFRAME_{warn,run_fn} This was a clear oversight in the original CET work. The BUGFRAME_run_fn and BUGFRAME_warn paths update regs->rip without an equivalent adjustment to the shadow stack, causing IRET to suffer #CP because of the mismatch. One subtle, and therefore fragile, aspect of extable_shstk_fixup() was that it required regs->rip to have its old value as a cross-check that the right word in the shadow stack was being edited. Rework extable_shstk_fixup() into fixup_exception_return() which takes ownership of the update to both the regular and shadow stacks, ensuring that the regs->rip update is ordered correctly. Use the new fixup_exception_return() for BUGFRAME_run_fn and BUGFRAME_warn to ensure that the shadow stack is updated too. Fixes: 209fb9919b50 ("x86/extable: Adjust extable handling to be shadow stack compatible") Reported-by: Marek Marczykowski-Górecki Signed-off-by: Andrew Cooper Tested-by: Marek Marczykowski-Górecki Reviewed-by: Jan Beulich --- xen/arch/x86/traps.c | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index e60af16ddd..30eefbad48 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -777,13 +777,15 @@ static void do_reserved_trap(struct cpu_user_regs *regs) trapnr, vec_name(trapnr), regs->error_code); } -static void extable_shstk_fixup(struct cpu_user_regs *regs, unsigned long fixup) +static void fixup_exception_return(struct cpu_user_regs *regs, + unsigned long fixup) { +#ifdef CONFIG_XEN_SHSTK unsigned long ssp, *ptr, *base; asm ( "rdsspq %0" : "=r" (ssp) : "0" (1) ); if ( ssp == 1 ) - return; + goto shstk_done; ptr = _p(ssp); base = _p(get_shstk_bottom(ssp)); @@ -814,7 +816,7 @@ static void extable_shstk_fixup(struct cpu_user_regs *regs, unsigned long fixup) asm ( "wrssq %[fix], %[stk]" : [stk] "=m" (ptr[0]) : [fix] "r" (fixup) ); - return; + goto shstk_done; } } @@ -824,6 +826,12 @@ static void extable_shstk_fixup(struct cpu_user_regs *regs, unsigned long fixup) * executing the interrupted context. */ BUG(); + + shstk_done: +#endif /* CONFIG_XEN_SHSTK */ + + /* Fixup the regular stack. */ + regs->rip = fixup; } static bool extable_fixup(struct cpu_user_regs *regs, bool print) @@ -842,10 +850,7 @@ static bool extable_fixup(struct cpu_user_regs *regs, bool print) vec_name(regs->entry_vector), regs->error_code, _p(regs->rip), _p(regs->rip), _p(fixup)); - if ( IS_ENABLED(CONFIG_XEN_SHSTK) ) - extable_shstk_fixup(regs, fixup); - - regs->rip = fixup; + fixup_exception_return(regs, fixup); this_cpu(last_extable_addr) = regs->rip; return true; @@ -1138,7 +1143,7 @@ void do_invalid_op(struct cpu_user_regs *regs) void (*fn)(struct cpu_user_regs *) = bug_ptr(bug); fn(regs); - regs->rip = (unsigned long)eip; + fixup_exception_return(regs, (unsigned long)eip); return; } @@ -1159,7 +1164,7 @@ void do_invalid_op(struct cpu_user_regs *regs) case BUGFRAME_warn: printk("Xen WARN at %s%s:%d\n", prefix, filename, lineno); show_execution_state(regs); - regs->rip = (unsigned long)eip; + fixup_exception_return(regs, (unsigned long)eip); return; case BUGFRAME_bug: -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Aug 17 12:11:13 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 17 Aug 2021 12:11:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.167806.306340 (Exim 4.92) (envelope-from ) id 1mFxvu-000761-O5; Tue, 17 Aug 2021 12:11:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 167806.306340; Tue, 17 Aug 2021 12:11:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mFxvu-00075t-LC; Tue, 17 Aug 2021 12:11:06 +0000 Received: by outflank-mailman (input) for mailman id 167806; Tue, 17 Aug 2021 12:11:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mFxvt-00075n-8Y for xen-changelog@lists.xenproject.org; Tue, 17 Aug 2021 12:11:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mFxvt-000573-6v for xen-changelog@lists.xenproject.org; Tue, 17 Aug 2021 12:11:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mFxvt-0001aK-5h for xen-changelog@lists.xenproject.org; Tue, 17 Aug 2021 12:11:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=22B9kpIbXfnKsWCVrf6mw4owRMbMF9mkMflMxR8tmCA=; b=7Cd/TeZ7+VJ8TPFEIgidUFo9Vi S8g/b0CYne9EK2YP+z91H6zSM28dZeUT9iSlxd0cLL5zjbvXmhJN3WN3qsMm190A7v1qHXK/kOx1j Z5nsFkw7zR4fEcafEP5FopQgdd5WEfGL7KkiFfiH6PKdArBe7WozdsjX5YjJxB9S1t80=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/cet: Fix build on newer versions of GCC Message-Id: Date: Tue, 17 Aug 2021 12:11:05 +0000 commit 54c9736382e0d558a6acd820e44185e020131c48 Author: Andrew Cooper AuthorDate: Tue Aug 17 11:38:07 2021 +0100 Commit: Andrew Cooper CommitDate: Tue Aug 17 12:55:48 2021 +0100 x86/cet: Fix build on newer versions of GCC Some versions of GCC complain with: traps.c:405:22: error: 'get_shstk_bottom' defined but not used [-Werror=unused-function] static unsigned long get_shstk_bottom(unsigned long sp) ^~~~~~~~~~~~~~~~ cc1: all warnings being treated as errors Change #ifdef to if ( IS_ENABLED(...) ) to make the sole user of get_shstk_bottom() visible to the compiler. Fixes: 35727551c070 ("x86/cet: Fix shskt manipulation error with BUGFRAME_{warn,run_fn}") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich Compile-tested-by: Jan Beulich Tested-by: Marek Marczykowski-Górecki --- xen/arch/x86/traps.c | 83 ++++++++++++++++++++++++++-------------------------- 1 file changed, 42 insertions(+), 41 deletions(-) diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index 30eefbad48..4a0e498b4c 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -780,55 +780,56 @@ static void do_reserved_trap(struct cpu_user_regs *regs) static void fixup_exception_return(struct cpu_user_regs *regs, unsigned long fixup) { -#ifdef CONFIG_XEN_SHSTK - unsigned long ssp, *ptr, *base; + if ( IS_ENABLED(CONFIG_XEN_SHSTK) ) + { + unsigned long ssp, *ptr, *base; - asm ( "rdsspq %0" : "=r" (ssp) : "0" (1) ); - if ( ssp == 1 ) - goto shstk_done; + asm ( "rdsspq %0" : "=r" (ssp) : "0" (1) ); + if ( ssp == 1 ) + goto shstk_done; - ptr = _p(ssp); - base = _p(get_shstk_bottom(ssp)); + ptr = _p(ssp); + base = _p(get_shstk_bottom(ssp)); - for ( ; ptr < base; ++ptr ) - { - /* - * Search for %rip. The shstk currently looks like this: - * - * ... [Likely pointed to by SSP] - * %cs [== regs->cs] - * %rip [== regs->rip] - * SSP [Likely points to 3 slots higher, above %cs] - * ... [call tree to this function, likely 2/3 slots] - * - * and we want to overwrite %rip with fixup. There are two - * complications: - * 1) We cant depend on SSP values, because they won't differ by 3 - * slots if the exception is taken on an IST stack. - * 2) There are synthetic (unrealistic but not impossible) scenarios - * where %rip can end up in the call tree to this function, so we - * can't check against regs->rip alone. - * - * Check for both regs->rip and regs->cs matching. - */ - if ( ptr[0] == regs->rip && ptr[1] == regs->cs ) + for ( ; ptr < base; ++ptr ) { - asm ( "wrssq %[fix], %[stk]" - : [stk] "=m" (ptr[0]) - : [fix] "r" (fixup) ); - goto shstk_done; + /* + * Search for %rip. The shstk currently looks like this: + * + * ... [Likely pointed to by SSP] + * %cs [== regs->cs] + * %rip [== regs->rip] + * SSP [Likely points to 3 slots higher, above %cs] + * ... [call tree to this function, likely 2/3 slots] + * + * and we want to overwrite %rip with fixup. There are two + * complications: + * 1) We cant depend on SSP values, because they won't differ by + * 3 slots if the exception is taken on an IST stack. + * 2) There are synthetic (unrealistic but not impossible) + * scenarios where %rip can end up in the call tree to this + * function, so we can't check against regs->rip alone. + * + * Check for both regs->rip and regs->cs matching. + */ + if ( ptr[0] == regs->rip && ptr[1] == regs->cs ) + { + asm ( "wrssq %[fix], %[stk]" + : [stk] "=m" (ptr[0]) + : [fix] "r" (fixup) ); + goto shstk_done; + } } - } - /* - * We failed to locate and fix up the shadow IRET frame. This could be - * due to shadow stack corruption, or bad logic above. We cannot continue - * executing the interrupted context. - */ - BUG(); + /* + * We failed to locate and fix up the shadow IRET frame. This could + * be due to shadow stack corruption, or bad logic above. We cannot + * continue executing the interrupted context. + */ + BUG(); + } shstk_done: -#endif /* CONFIG_XEN_SHSTK */ /* Fixup the regular stack. */ regs->rip = fixup; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Aug 18 07:44:13 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 18 Aug 2021 07:44:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.168124.306939 (Exim 4.92) (envelope-from ) id 1mGGF5-0001Mo-38; Wed, 18 Aug 2021 07:44:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 168124.306939; Wed, 18 Aug 2021 07:44:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGGF5-0001Mg-0H; Wed, 18 Aug 2021 07:44:07 +0000 Received: by outflank-mailman (input) for mailman id 168124; Wed, 18 Aug 2021 07:44:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGGF3-0001Ma-Cu for xen-changelog@lists.xenproject.org; Wed, 18 Aug 2021 07:44:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGGF3-0008Vp-BL for xen-changelog@lists.xenproject.org; Wed, 18 Aug 2021 07:44:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mGGF3-0005jX-9W for xen-changelog@lists.xenproject.org; Wed, 18 Aug 2021 07:44:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=s8fvRO15ZafHCvc7BH4MD/bNnNbjoBHkfQKWxPKr7ZI=; b=HBe5VGD1OoNurSxm+4UMUtoa8o JxJgY1WKMAYaVYAB1GasWULpj0nvSgNvf3Gp7p8NMGqluBUWpDbXCAiVg6CBUTldIWWaccwzBZ4IH sh/1bIh+kEwztTsaOYD23UmsbUs4++icTntcfVSXo7Vecm5xkbZeTYhYus+dIGzvq+DY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/PV: suppress unnecessary Dom0 construction output Message-Id: Date: Wed, 18 Aug 2021 07:44:05 +0000 commit 4c0a19991465fc19c5afa9bc3f304bae6044314e Author: Jan Beulich AuthorDate: Wed Aug 18 09:39:08 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 18 09:39:08 2021 +0200 x86/PV: suppress unnecessary Dom0 construction output v{xenstore,console}_{start,end} can only ever be zero in PV shim configurations. Similarly reporting just zeros for an unmapped (or absent) initrd is not useful. Particularly in case video is the only output configured, space is scarce: Split the printk() and omit lines carrying no information at all. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- xen/arch/x86/pv/dom0_build.c | 34 +++++++++++++++------------------- 1 file changed, 15 insertions(+), 19 deletions(-) diff --git a/xen/arch/x86/pv/dom0_build.c b/xen/arch/x86/pv/dom0_build.c index d5a1a6a4e2..778c863ea4 100644 --- a/xen/arch/x86/pv/dom0_build.c +++ b/xen/arch/x86/pv/dom0_build.c @@ -575,25 +575,21 @@ int __init dom0_construct_pv(struct domain *d, printk("\n Init. ramdisk: %"PRIpaddr"->%"PRIpaddr, mpt_alloc, mpt_alloc + initrd_len); } - printk("\nVIRTUAL MEMORY ARRANGEMENT:\n" - " Loaded kernel: %p->%p\n" - " Init. ramdisk: %p->%p\n" - " Phys-Mach map: %p->%p\n" - " Start info: %p->%p\n" - " Xenstore ring: %p->%p\n" - " Console ring: %p->%p\n" - " Page tables: %p->%p\n" - " Boot stack: %p->%p\n" - " TOTAL: %p->%p\n", - _p(vkern_start), _p(vkern_end), - _p(vinitrd_start), _p(vinitrd_end), - _p(vphysmap_start), _p(vphysmap_end), - _p(vstartinfo_start), _p(vstartinfo_end), - _p(vxenstore_start), _p(vxenstore_end), - _p(vconsole_start), _p(vconsole_end), - _p(vpt_start), _p(vpt_end), - _p(vstack_start), _p(vstack_end), - _p(v_start), _p(v_end)); + + printk("\nVIRTUAL MEMORY ARRANGEMENT:\n"); + printk(" Loaded kernel: %p->%p\n", _p(vkern_start), _p(vkern_end)); + if ( vinitrd_end > vinitrd_start ) + printk(" Init. ramdisk: %p->%p\n", _p(vinitrd_start), _p(vinitrd_end)); + printk(" Phys-Mach map: %p->%p\n", _p(vphysmap_start), _p(vphysmap_end)); + printk(" Start info: %p->%p\n", _p(vstartinfo_start), _p(vstartinfo_end)); + if ( pv_shim ) + { + printk(" Xenstore ring: %p->%p\n", _p(vxenstore_start), _p(vxenstore_end)); + printk(" Console ring: %p->%p\n", _p(vconsole_start), _p(vconsole_end)); + } + printk(" Page tables: %p->%p\n", _p(vpt_start), _p(vpt_end)); + printk(" Boot stack: %p->%p\n", _p(vstack_start), _p(vstack_end)); + printk(" TOTAL: %p->%p\n", _p(v_start), _p(v_end)); printk(" ENTRY ADDRESS: %p\n", _p(parms.virt_entry)); process_pending_softirqs(); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Aug 18 07:44:17 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 18 Aug 2021 07:44:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.168125.306943 (Exim 4.92) (envelope-from ) id 1mGGFF-0001OZ-4f; Wed, 18 Aug 2021 07:44:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 168125.306943; Wed, 18 Aug 2021 07:44:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGGFF-0001OR-1i; Wed, 18 Aug 2021 07:44:17 +0000 Received: by outflank-mailman (input) for mailman id 168125; Wed, 18 Aug 2021 07:44:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGGFD-0001OF-GQ for xen-changelog@lists.xenproject.org; Wed, 18 Aug 2021 07:44:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGGFD-0008Vx-Fd for xen-changelog@lists.xenproject.org; Wed, 18 Aug 2021 07:44:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mGGFD-0005kQ-EG for xen-changelog@lists.xenproject.org; Wed, 18 Aug 2021 07:44:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=mI5pY2NGQqE7WwQSadbt5+5dWBaZ1WQwLo90Y5LXHYo=; b=cJGdkN4Cl4ckjABCHiVYFCb/03 fvKutHTP2jT0nnhdBmQ2Y5NqYfCjSk8Q0u+fSyE74tW2eyU4igJXT5qhAZZfnZxSbiw0Tm5IHbGyu hy8TAX1iuo7mH6PaPTa3T13KRdtF5IuCW4fFsKai9X52ix8pvo4TuUR9SQ0aEj144U8E=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/PV: assert page state in mark_pv_pt_pages_rdonly() Message-Id: Date: Wed, 18 Aug 2021 07:44:15 +0000 commit 6b1ca51b1a91d002636518afe4a8a50ba7212495 Author: Jan Beulich AuthorDate: Wed Aug 18 09:40:08 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 18 09:40:08 2021 +0200 x86/PV: assert page state in mark_pv_pt_pages_rdonly() About every time I look at dom0_construct_pv()'s "calculation" of nr_pt_pages I question (myself) whether the result is precise or merely an upper bound. I think it is meant to be precise, but I think we would be better off having some checking in place. Hence add ASSERT()s to verify that - all pages have a valid L1...Ln (currently L4) page table type and - no other bits are set, in particular the type refcount is still zero. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper --- xen/arch/x86/pv/dom0_build.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/xen/arch/x86/pv/dom0_build.c b/xen/arch/x86/pv/dom0_build.c index 778c863ea4..6145d4320b 100644 --- a/xen/arch/x86/pv/dom0_build.c +++ b/xen/arch/x86/pv/dom0_build.c @@ -59,6 +59,16 @@ static __init void mark_pv_pt_pages_rdonly(struct domain *d, l1e_remove_flags(*pl1e, _PAGE_RW); page = mfn_to_page(l1e_get_mfn(*pl1e)); + /* + * Verify that + * - all pages have a valid L1...Ln page table type and + * - no other bits are set, in particular the type refcount is still + * zero. + */ + ASSERT((page->u.inuse.type_info & PGT_type_mask) >= PGT_l1_page_table); + ASSERT((page->u.inuse.type_info & PGT_type_mask) <= PGT_root_page_table); + ASSERT(!(page->u.inuse.type_info & ~PGT_type_mask)); + /* Read-only mapping + PGC_allocated + page-table page. */ page->count_info = PGC_allocated | 3; page->u.inuse.type_info |= PGT_validated | 1; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Aug 18 07:55:09 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 18 Aug 2021 07:55:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.168131.306958 (Exim 4.92) (envelope-from ) id 1mGGPj-0002wX-72; Wed, 18 Aug 2021 07:55:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 168131.306958; Wed, 18 Aug 2021 07:55:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGGPj-0002wP-4C; Wed, 18 Aug 2021 07:55:07 +0000 Received: by outflank-mailman (input) for mailman id 168131; Wed, 18 Aug 2021 07:55:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGGPh-0002wJ-75 for xen-changelog@lists.xenproject.org; Wed, 18 Aug 2021 07:55:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGGPh-0000IT-4j for xen-changelog@lists.xenproject.org; Wed, 18 Aug 2021 07:55:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mGGPh-0006lk-3b for xen-changelog@lists.xenproject.org; Wed, 18 Aug 2021 07:55:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=HvcUXVVMFSEl8QPJDiz0I2GBgW3gpa54tIkUitjQ2t8=; b=fzanzHiUU6MDSWrS8Q1uiys32n At6yeewUa1aN6Qo2E8v6AOCQU6pJUUt2sJH7gGbgrnnvrsLnjdKNUL+0zBJQGru9WW9xRME5VSl1O RamTvo26qEZ7vQlUOaPxaJSTxVDBD8dAM6xqHHKlbvfjcIu7iNnKT7Vn0IhWF2jHBDLQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] VT-d: Tylersburg errata apply to further steppings Message-Id: Date: Wed, 18 Aug 2021 07:55:05 +0000 commit 517a90d1ca09ce00e50d46ac25566cc3bd2eb34d Author: Jan Beulich AuthorDate: Wed Aug 18 09:44:14 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 18 09:44:14 2021 +0200 VT-d: Tylersburg errata apply to further steppings While for 5500 and 5520 chipsets only B3 and C2 are mentioned in the spec update, X58's also mentions B2, and searching the internet suggests systems with this stepping are actually in use. Even worse, for X58 erratum #69 is marked applicable even to C2. Split the check to cover all applicable steppings and to also report applicable errata numbers in the log message. The splitting requires using the DMI port instead of the System Management Registers device, but that's then in line (also revision checking wise) with the spec updates. Fixes: 6890cebc6a98 ("VT-d: deal with 5500/5520/X58 errata") Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian --- xen/drivers/passthrough/vtd/quirks.c | 34 +++++++++++++++++++++++++--------- 1 file changed, 25 insertions(+), 9 deletions(-) diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c index 8a81d9c930..2ad76a0ae7 100644 --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -268,26 +268,42 @@ static int __init parse_snb_timeout(const char *s) } custom_param("snb_igd_quirk", parse_snb_timeout); -/* 5500/5520/X58 Chipset Interrupt remapping errata, for stepping B-3. - * Fixed in stepping C-2. */ +/* + * 5500/5520/X58 chipset interrupt remapping errata, for steppings B2 and B3. + * Fixed in stepping C2 except on X58. + */ static void __init tylersburg_intremap_quirk(void) { - uint32_t bus, device; + unsigned int bus; uint8_t rev; for ( bus = 0; bus < 0x100; bus++ ) { - /* Match on System Management Registers on Device 20 Function 0 */ - device = pci_conf_read32(PCI_SBDF(0, bus, 20, 0), PCI_VENDOR_ID); - rev = pci_conf_read8(PCI_SBDF(0, bus, 20, 0), PCI_REVISION_ID); + /* Match on DMI port (Device 0 Function 0) */ + rev = pci_conf_read8(PCI_SBDF(0, bus, 0, 0), PCI_REVISION_ID); - if ( rev == 0x13 && device == 0x342e8086 ) + switch ( pci_conf_read32(PCI_SBDF(0, bus, 0, 0), PCI_VENDOR_ID) ) { + default: + continue; + + case 0x34038086: case 0x34068086: + if ( rev >= 0x22 ) + continue; + printk(XENLOG_WARNING VTDPREFIX + "Disabling IOMMU due to Intel 5500/5520 chipset errata #47 and #53\n"); + iommu_enable = false; + break; + + case 0x34058086: printk(XENLOG_WARNING VTDPREFIX - "Disabling IOMMU due to Intel 5500/5520/X58 Chipset errata #47, #53\n"); - iommu_enable = 0; + "Disabling IOMMU due to Intel X58 chipset %s\n", + rev < 0x22 ? "errata #62 and #69" : "erratum #69"); + iommu_enable = false; break; } + + break; } } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Aug 19 11:44:12 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 19 Aug 2021 11:44:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.168566.307761 (Exim 4.92) (envelope-from ) id 1mGgSt-0005Iv-Am; Thu, 19 Aug 2021 11:44:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 168566.307761; Thu, 19 Aug 2021 11:44:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGgSt-0005In-7m; Thu, 19 Aug 2021 11:44:07 +0000 Received: by outflank-mailman (input) for mailman id 168566; Thu, 19 Aug 2021 11:44:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGgSr-0005Ih-Mv for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 11:44:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGgSr-0006G4-KY for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 11:44:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mGgSr-0006Cx-JL for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 11:44:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Gcu/q1v78fB69SjJV/eIGN6gLpGW6oYiv7zJqmOOw3A=; b=Os8xNQ0IudTaZPnBrHQCOitumt Mv5SbsjeeI5UEaCCFVxx+Rgdu9O+hTv8qJ+vTzHicmW6nt59L2q3joDcNhaja5/+j51sCFyG38rzS oNeb8wzd6pesAuStoUp9NofvlumfI8rg50EmbLFgWVssMwP4vRbNVEq426YQigWv8mA8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86: mark compat hypercall regs clobbering for intended fall-through Message-Id: Date: Thu, 19 Aug 2021 11:44:05 +0000 commit dd635cebd1eefc7f90bbe3d5df2524a2a3a94f88 Author: Jan Beulich AuthorDate: Thu Aug 19 13:36:54 2021 +0200 Commit: Jan Beulich CommitDate: Thu Aug 19 13:36:54 2021 +0200 x86: mark compat hypercall regs clobbering for intended fall-through Oddly enough in the original report Coverity only complained about the native hypercall related switch() statements. Now that it has seen those fixed, it complains about (only HVM) compat ones. Hence the CIDs below are all for the HVM side of things, yet while at it take care of the PV side as well. Coverity-ID: 1487105, 1487106, 1487107, 1487108, 1487109. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- xen/arch/x86/hvm/hypercall.c | 20 ++++++++++---------- xen/arch/x86/pv/hypercall.c | 20 ++++++++++---------- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/xen/arch/x86/hvm/hypercall.c b/xen/arch/x86/hvm/hypercall.c index 263d5407ea..261d8ee8a4 100644 --- a/xen/arch/x86/hvm/hypercall.c +++ b/xen/arch/x86/hvm/hypercall.c @@ -292,11 +292,11 @@ int hvm_hypercall(struct cpu_user_regs *regs) /* Deliberately corrupt parameter regs not used by this hypercall. */ switch ( hypercall_args_table[eax].compat ) { - case 0: ebx = 0xdeadf00d; - case 1: ecx = 0xdeadf00d; - case 2: edx = 0xdeadf00d; - case 3: esi = 0xdeadf00d; - case 4: edi = 0xdeadf00d; + case 0: ebx = 0xdeadf00d; fallthrough; + case 1: ecx = 0xdeadf00d; fallthrough; + case 2: edx = 0xdeadf00d; fallthrough; + case 3: esi = 0xdeadf00d; fallthrough; + case 4: edi = 0xdeadf00d; fallthrough; case 5: ebp = 0xdeadf00d; } #endif @@ -312,11 +312,11 @@ int hvm_hypercall(struct cpu_user_regs *regs) /* Deliberately corrupt parameter regs used by this hypercall. */ switch ( hypercall_args_table[eax].compat ) { - case 6: regs->rbp = 0xdeadf00d; - case 5: regs->rdi = 0xdeadf00d; - case 4: regs->rsi = 0xdeadf00d; - case 3: regs->rdx = 0xdeadf00d; - case 2: regs->rcx = 0xdeadf00d; + case 6: regs->rbp = 0xdeadf00d; fallthrough; + case 5: regs->rdi = 0xdeadf00d; fallthrough; + case 4: regs->rsi = 0xdeadf00d; fallthrough; + case 3: regs->rdx = 0xdeadf00d; fallthrough; + case 2: regs->rcx = 0xdeadf00d; fallthrough; case 1: regs->rbx = 0xdeadf00d; } } diff --git a/xen/arch/x86/pv/hypercall.c b/xen/arch/x86/pv/hypercall.c index 03939bdfcf..9765e674cf 100644 --- a/xen/arch/x86/pv/hypercall.c +++ b/xen/arch/x86/pv/hypercall.c @@ -197,11 +197,11 @@ void pv_hypercall(struct cpu_user_regs *regs) /* Deliberately corrupt parameter regs not used by this hypercall. */ switch ( hypercall_args_table[eax].compat ) { - case 0: ebx = 0xdeadf00d; - case 1: ecx = 0xdeadf00d; - case 2: edx = 0xdeadf00d; - case 3: esi = 0xdeadf00d; - case 4: edi = 0xdeadf00d; + case 0: ebx = 0xdeadf00d; fallthrough; + case 1: ecx = 0xdeadf00d; fallthrough; + case 2: edx = 0xdeadf00d; fallthrough; + case 3: esi = 0xdeadf00d; fallthrough; + case 4: edi = 0xdeadf00d; fallthrough; case 5: ebp = 0xdeadf00d; } #endif @@ -223,11 +223,11 @@ void pv_hypercall(struct cpu_user_regs *regs) /* Deliberately corrupt parameter regs used by this hypercall. */ switch ( hypercall_args_table[eax].compat ) { - case 6: regs->ebp = 0xdeadf00d; - case 5: regs->edi = 0xdeadf00d; - case 4: regs->esi = 0xdeadf00d; - case 3: regs->edx = 0xdeadf00d; - case 2: regs->ecx = 0xdeadf00d; + case 6: regs->ebp = 0xdeadf00d; fallthrough; + case 5: regs->edi = 0xdeadf00d; fallthrough; + case 4: regs->esi = 0xdeadf00d; fallthrough; + case 3: regs->edx = 0xdeadf00d; fallthrough; + case 2: regs->ecx = 0xdeadf00d; fallthrough; case 1: regs->ebx = 0xdeadf00d; } } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Aug 19 11:44:17 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 19 Aug 2021 11:44:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.168567.307765 (Exim 4.92) (envelope-from ) id 1mGgT3-0005LF-CP; Thu, 19 Aug 2021 11:44:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 168567.307765; Thu, 19 Aug 2021 11:44:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGgT3-0005L7-9F; Thu, 19 Aug 2021 11:44:17 +0000 Received: by outflank-mailman (input) for mailman id 168567; Thu, 19 Aug 2021 11:44:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGgT1-0005Kh-PG for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 11:44:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGgT1-0006G8-OT for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 11:44:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mGgT1-0006E7-NH for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 11:44:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=wTpoWSMlUPhrdkL03DNm6dkjY/vkCEEdb60hEPSP1vw=; b=L6PsQk3gThPMK9ZVt+RywfsmVn vghwkc9rl2H7O+dxe+LFBTPuvxavIfoxBSycJBa99iWjuV4B2VCZwyDKgTXQUDJzr7ar4dUau40kK 7H4MJ/jJDyqcPeJWGLRTgnR4elHbEcbbdQh3BoBoQKL26YAiOeU7HIUi7KUX+S9WOuI8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] Arm: relax iomem_access_permitted() check Message-Id: Date: Thu, 19 Aug 2021 11:44:15 +0000 commit 475715d65a1084fd38c5baa12c18d1e2f5f74ea0 Author: Jan Beulich AuthorDate: Thu Aug 19 13:37:42 2021 +0200 Commit: Jan Beulich CommitDate: Thu Aug 19 13:37:42 2021 +0200 Arm: relax iomem_access_permitted() check Ranges checked by iomem_access_permitted() are inclusive; to permit a mapping there's no need for access to also have been granted for the subsequent page. Fixes: 80f9c3167084 ("xen/arm: acpi: Map MMIO on fault in stage-2 page table for the hardware domain") Signed-off-by: Jan Beulich Reviewed-by: Julien Grall --- xen/arch/arm/traps.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c index 4ccb6e7d18..219ab3c3fb 100644 --- a/xen/arch/arm/traps.c +++ b/xen/arch/arm/traps.c @@ -1893,7 +1893,7 @@ static bool try_map_mmio(gfn_t gfn) return false; /* The hardware domain can only map permitted MMIO regions */ - if ( !iomem_access_permitted(d, mfn_x(mfn), mfn_x(mfn) + 1) ) + if ( !iomem_access_permitted(d, mfn_x(mfn), mfn_x(mfn)) ) return false; return !map_regions_p2mt(d, gfn, 1, mfn, p2m_mmio_direct_c); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Aug 19 11:44:26 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 19 Aug 2021 11:44:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.168568.307769 (Exim 4.92) (envelope-from ) id 1mGgTC-0005O6-E8; Thu, 19 Aug 2021 11:44:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 168568.307769; Thu, 19 Aug 2021 11:44:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGgTC-0005Nz-B2; Thu, 19 Aug 2021 11:44:26 +0000 Received: by outflank-mailman (input) for mailman id 168568; Thu, 19 Aug 2021 11:44:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGgTB-0005Ns-T1 for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 11:44:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGgTB-0006GJ-SI for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 11:44:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mGgTB-0006F1-Qz for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 11:44:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xVkZM0mQzIP4itpx/M4uiH7G/ssaAIZAnl0LltUqn08=; b=jTZNswu0E+ooOe6ejqjT5EW0W0 zHQiakM3EyMsh7lZHDhLZMdUdu1dk5k3QKhAJF5+Od5E2yPFoYlwJ1uYUhu3qx/T8WEZvmVOI7Or4 07Zaq8hNgZPrVrkOeE+ssFX0UPdUWKg7fif/6bcHt+m51wx/5Yulng6ERBtYYoGTpyt8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/sched: fix get_cpu_idle_time() for smt=0 suspend/resume Message-Id: Date: Thu, 19 Aug 2021 11:44:25 +0000 commit 5293470a77ad980dce2af9b7e6c3f11eeebf1b64 Author: Juergen Gross AuthorDate: Thu Aug 19 13:38:31 2021 +0200 Commit: Jan Beulich CommitDate: Thu Aug 19 13:38:31 2021 +0200 xen/sched: fix get_cpu_idle_time() for smt=0 suspend/resume With smt=0 during a suspend/resume cycle of the machine the threads which have been parked before will briefly come up again. This can result in problems e.g. with cpufreq driver being active as this will call into get_cpu_idle_time() for a cpu without initialized scheduler data. Fix that by letting get_cpu_idle_time() deal with this case. Drop a redundant check in exchange. Fixes: 132cbe8f35632fb2 ("sched: fix get_cpu_idle_time() with core scheduling") Reported-by: Marek Marczykowski-Górecki Signed-off-by: Juergen Gross Tested-by: Marek Marczykowski-Górecki Reviewed-by: Jan Beulich Acked-by: Dario Faggioli --- xen/common/sched/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/common/sched/core.c b/xen/common/sched/core.c index 6d34764d38..8d178baf3d 100644 --- a/xen/common/sched/core.c +++ b/xen/common/sched/core.c @@ -337,7 +337,7 @@ uint64_t get_cpu_idle_time(unsigned int cpu) struct vcpu_runstate_info state = { 0 }; const struct vcpu *v = idle_vcpu[cpu]; - if ( cpu_online(cpu) && v ) + if ( cpu_online(cpu) && get_sched_res(cpu) ) vcpu_runstate_get(v, &state); return state.time[RUNSTATE_running]; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Aug 19 13:11:08 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 19 Aug 2021 13:11:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.168781.308161 (Exim 4.92) (envelope-from ) id 1mGhp2-00021m-H6; Thu, 19 Aug 2021 13:11:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 168781.308161; Thu, 19 Aug 2021 13:11:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGhp2-00021e-Do; Thu, 19 Aug 2021 13:11:04 +0000 Received: by outflank-mailman (input) for mailman id 168781; Thu, 19 Aug 2021 13:11:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGhp0-0001z1-Iu for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 13:11:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGhp0-00086t-I7 for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 13:11:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mGhp0-00077k-H8 for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 13:11:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=wZJb5vPLWd6bwprusXyrJvRljiD0QV2529j0cbRn/so=; b=wPkDT1oujQ9D3holFBQnL8NLww HfMjJa4ghdevKLXCLMlNqHG1lUtnzXmNNx3+YnxPsDF0d8oxoV08r64+JWwBVOYLvvxGcOiunTdSH niwd1gy9Mvde8zoXPaKRSuz6xEkLO1sZbMV+rM7vAX8vcxqXojetWhh0olIQ6rx3leQI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] libxenguest: complete loops in xc_map_domain_meminfo() Message-Id: Date: Thu, 19 Aug 2021 13:11:02 +0000 commit 1a838bf72584788310496ba5f3d865457c80727f Author: Jan Beulich AuthorDate: Fri Aug 13 16:49:10 2021 +0200 Commit: Jan Beulich CommitDate: Fri Aug 13 16:49:10 2021 +0200 libxenguest: complete loops in xc_map_domain_meminfo() minfo->p2m_size may have more than 31 significant bits. Change the induction variable to unsigned long, and (largely for signed-ness consistency) a helper variable to unsigned int. While there also avoid open-coding min(). Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- tools/libs/guest/xg_domain.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/tools/libs/guest/xg_domain.c b/tools/libs/guest/xg_domain.c index 155e337427..f0e7748449 100644 --- a/tools/libs/guest/xg_domain.c +++ b/tools/libs/guest/xg_domain.c @@ -40,7 +40,7 @@ int xc_map_domain_meminfo(xc_interface *xch, uint32_t domid, xc_dominfo_t info; shared_info_any_t *live_shinfo; xen_capabilities_info_t xen_caps = ""; - int i; + unsigned long i; /* Only be initialized once */ if ( minfo->pfn_type || minfo->p2m_table ) @@ -116,12 +116,11 @@ int xc_map_domain_meminfo(xc_interface *xch, uint32_t domid, /* Retrieve PFN types in batches */ for ( i = 0; i < minfo->p2m_size ; i+=1024 ) { - int count = ((minfo->p2m_size - i ) > 1024 ) ? - 1024: (minfo->p2m_size - i); + unsigned int count = min(minfo->p2m_size - i, 1024UL); if ( xc_get_pfn_type_batch(xch, domid, count, minfo->pfn_type + i) ) { - PERROR("Could not get %d-eth batch of PFN types", (i+1)/1024); + PERROR("Could not get batch %lu of PFN types", (i + 1) / 1024); goto failed; } } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Aug 19 13:11:14 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 19 Aug 2021 13:11:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.168782.308166 (Exim 4.92) (envelope-from ) id 1mGhpC-00024g-Io; Thu, 19 Aug 2021 13:11:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 168782.308166; Thu, 19 Aug 2021 13:11:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGhpC-00024Y-FN; Thu, 19 Aug 2021 13:11:14 +0000 Received: by outflank-mailman (input) for mailman id 168782; Thu, 19 Aug 2021 13:11:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGhpA-00024H-Ny for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 13:11:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGhpA-0008A0-NE for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 13:11:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mGhpA-00078o-Kt for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 13:11:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=o34tZ+//3qNNIle5Rv6Yz7EJIam+9h8FXt/mP0hi9LE=; b=XokmciS+gPHp71ItwLNGgTjrXA CLHuBnbvg7VGSB73gswun8lzjGkpOuUz+dg3lpKy5JzBhneXwyRcIx187d1VfYT/KEyAQMRqdCnhy 6xNLn3AYdGX/PiImnGRLbmzF3Ovqg07rFrvowoJlLsL8gJ0bAdGG+aB2fFuEFGyDPlWQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] libxenguest: fix off-by-1 in colo-secondary-bitmap merging Message-Id: Date: Thu, 19 Aug 2021 13:11:12 +0000 commit e241d15f1c8a8a02baa401af857393f9ada5aeb3 Author: Jan Beulich AuthorDate: Fri Aug 13 16:49:46 2021 +0200 Commit: Jan Beulich CommitDate: Fri Aug 13 16:49:46 2021 +0200 libxenguest: fix off-by-1 in colo-secondary-bitmap merging Valid GFNs (having a representation in the dirty bitmap) need to be strictly below p2m_size. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper --- tools/libs/guest/xg_sr_save.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/libs/guest/xg_sr_save.c b/tools/libs/guest/xg_sr_save.c index 3fce41b6cf..0266e0a94a 100644 --- a/tools/libs/guest/xg_sr_save.c +++ b/tools/libs/guest/xg_sr_save.c @@ -614,7 +614,7 @@ static int colo_merge_secondary_dirty_bitmap(struct xc_sr_context *ctx) for ( i = 0; i < count; i++ ) { pfn = pfns[i]; - if ( pfn > ctx->save.p2m_size ) + if ( pfn >= ctx->save.p2m_size ) { PERROR("Invalid pfn 0x%" PRIx64, pfn); rc = -1; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Aug 19 13:11:24 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 19 Aug 2021 13:11:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.168783.308169 (Exim 4.92) (envelope-from ) id 1mGhpM-000289-Jp; Thu, 19 Aug 2021 13:11:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 168783.308169; Thu, 19 Aug 2021 13:11:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGhpM-000281-Gv; Thu, 19 Aug 2021 13:11:24 +0000 Received: by outflank-mailman (input) for mailman id 168783; Thu, 19 Aug 2021 13:11:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGhpK-00027m-RU for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 13:11:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGhpK-0008AM-Qk for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 13:11:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mGhpK-00079j-Pt for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 13:11:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=qrGXJLIoCAowRUm8tI5hURksp0uui3/HQMdhZrwPv58=; b=luJXr3ETQMldXRa38M2H08WfDk 2tA4QFdKsjpwE63UBAK2eXc9hsolitJlcwuD/1JSDzF0oNyTKVNxHii7OWzRfFOwvpZxKz/NNK1J5 aAXMbOynZKXnkHlwp9V13MfAiYFRpeSjaJBj7AHWj27+x91Nm9x0zBItqzI48FlZumcc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] libxc: simplify HYPERCALL_BUFFER() Message-Id: Date: Thu, 19 Aug 2021 13:11:22 +0000 commit 5c34b9af05b9e5abd25d88efc4fb783136547810 Author: Jan Beulich AuthorDate: Fri Aug 13 16:50:09 2021 +0200 Commit: Jan Beulich CommitDate: Fri Aug 13 16:50:09 2021 +0200 libxc: simplify HYPERCALL_BUFFER() _hcbuf_buf1 has been there only for a pointer comparison to validate type compatibility. The same can be achieved by not using typeof() on the definition of what so far was _hcbuf_buf2, as the initializer has to also be type-compatible. Drop _hcbuf_buf1 and the comaprison; rename _hcbuf_buf2. Since we're already using compiler extensions here, don't be shy and also omit the middle operand of the involved ?: operator. Bring line continuation character placement in line with that of related macros. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- tools/include/xenctrl.h | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/tools/include/xenctrl.h b/tools/include/xenctrl.h index 14adaa0c10..b77726eab7 100644 --- a/tools/include/xenctrl.h +++ b/tools/include/xenctrl.h @@ -247,13 +247,10 @@ typedef struct xc_hypercall_buffer xc_hypercall_buffer_t; /* * Returns the hypercall_buffer associated with a variable. */ -#define HYPERCALL_BUFFER(_name) \ - ({ xc_hypercall_buffer_t _hcbuf_buf1; \ - typeof(XC__HYPERCALL_BUFFER_NAME(_name)) *_hcbuf_buf2 = \ - &XC__HYPERCALL_BUFFER_NAME(_name); \ - (void)(&_hcbuf_buf1 == _hcbuf_buf2); \ - (_hcbuf_buf2)->param_shadow ? \ - (_hcbuf_buf2)->param_shadow : (_hcbuf_buf2); \ +#define HYPERCALL_BUFFER(_name) \ + ({ xc_hypercall_buffer_t *_hcbuf_buf = \ + &XC__HYPERCALL_BUFFER_NAME(_name); \ + _hcbuf_buf->param_shadow ?: _hcbuf_buf; \ }) #define HYPERCALL_BUFFER_INIT_NO_BOUNCE .dir = 0, .sz = 0, .ubuf = (void *)-1 -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Aug 19 13:11:34 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 19 Aug 2021 13:11:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.168784.308173 (Exim 4.92) (envelope-from ) id 1mGhpW-0002Az-LI; Thu, 19 Aug 2021 13:11:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 168784.308173; Thu, 19 Aug 2021 13:11:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGhpW-0002Ar-IM; Thu, 19 Aug 2021 13:11:34 +0000 Received: by outflank-mailman (input) for mailman id 168784; Thu, 19 Aug 2021 13:11:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGhpU-0002Ah-VL for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 13:11:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGhpU-0008Ab-UZ for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 13:11:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mGhpU-0007AI-TR for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 13:11:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=fs4We/5Aq+aat4UxB83Jazw2ImVOZ67kmbW4OC9M6Tc=; b=4LEHsc6UHG+OYcAkOIYsMZveOM Hy8CubejiuwvwhnDXkNHjMR2i3G2aSyzTx2JQDRp8X4UGCVfuHJ0AGnDDpXNVB2UCcF1sPXFz24iC FDUFTw8gENbPaQpVBOArFYygKyxMD72aZGsxir5Zrn3puBFUD044Xvojpf9h+nYrRc80=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] ns16550: do not override fifo size if explicitly set Message-Id: Date: Thu, 19 Aug 2021 13:11:32 +0000 commit 60a9d8d2fc9c4a524c7342499580a88aaa3a2b55 Author: Marek Marczykowski-Górecki AuthorDate: Mon Aug 16 15:14:37 2021 +0200 Commit: Jan Beulich CommitDate: Mon Aug 16 15:14:37 2021 +0200 ns16550: do not override fifo size if explicitly set If fifo size is already set via uart_params, do not force it to 16 - which may not match the actual hardware. Specifically Exar cards have fifo of 256 bytes. Signed-off-by: Marek Marczykowski-Górecki Reviewed-by: Jan Beulich --- xen/drivers/char/ns16550.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/xen/drivers/char/ns16550.c b/xen/drivers/char/ns16550.c index 16a73d0c0e..97b85b0225 100644 --- a/xen/drivers/char/ns16550.c +++ b/xen/drivers/char/ns16550.c @@ -357,7 +357,8 @@ static void __init ns16550_init_preirq(struct serial_port *port) ns16550_setup_preirq(uart); /* Check this really is a 16550+. Otherwise we have no FIFOs. */ - if ( ((ns_read_reg(uart, UART_IIR) & 0xc0) == 0xc0) && + if ( uart->fifo_size <= 1 && + ((ns_read_reg(uart, UART_IIR) & 0xc0) == 0xc0) && ((ns_read_reg(uart, UART_FCR) & UART_FCR_TRG14) == UART_FCR_TRG14) ) uart->fifo_size = 16; } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Aug 19 13:11:44 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 19 Aug 2021 13:11:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.168785.308177 (Exim 4.92) (envelope-from ) id 1mGhpg-0002EC-Mn; Thu, 19 Aug 2021 13:11:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 168785.308177; Thu, 19 Aug 2021 13:11:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGhpg-0002E2-Jv; Thu, 19 Aug 2021 13:11:44 +0000 Received: by outflank-mailman (input) for mailman id 168785; Thu, 19 Aug 2021 13:11:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGhpf-0002DY-3J for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 13:11:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGhpf-0008B6-2Z for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 13:11:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mGhpf-0007BL-1X for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 13:11:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=oYX8dgI4pg36XbKlvgpooyDDLgwDSrDRr1yHJ7Ft1Es=; b=fUSawKnqjN0akx1MFa/Q80xGSL cLQr4W3OMO9LCHJKKXsLBtGpKMXw/GUHKfkVN5qryp0m1EBAjPwsSDzocssTbjyyg4qepNsOuSzhJ 6njGN8Th4DoPl0dZvmQbbv8rhlNGr1iV8rRA6+hqm01+6rlQdJm3vRXtXeI3ZWFTNquA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/pv: remove unnecessary use of goto out in construct_dom0() Message-Id: Date: Thu, 19 Aug 2021 13:11:43 +0000 commit c53aa9e655e7c615283e9e9637376c2b865e9dae Author: Jane Malalane AuthorDate: Mon Aug 16 15:15:43 2021 +0200 Commit: Jan Beulich CommitDate: Mon Aug 16 15:15:43 2021 +0200 x86/pv: remove unnecessary use of goto out in construct_dom0() elf_check_broken() only needs to be invoked after elf_xen_parse() and after elf_load_binary(). Suggested-by: Jan Beulich Signed-off-by: Jane Malalane Reviewed-by: Jan Beulich --- xen/arch/x86/pv/dom0_build.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/pv/dom0_build.c b/xen/arch/x86/pv/dom0_build.c index af47615b22..8712baccc1 100644 --- a/xen/arch/x86/pv/dom0_build.c +++ b/xen/arch/x86/pv/dom0_build.c @@ -400,8 +400,7 @@ int __init dom0_construct_pv(struct domain *d, if ( !compatible ) { printk("Mismatch between Xen and DOM0 kernel\n"); - rc = -EINVAL; - goto out; + return -EINVAL; } if ( parms.elf_notes[XEN_ELFNOTE_SUPPORTED_FEATURES].type != XEN_ENT_NONE ) @@ -409,8 +408,7 @@ int __init dom0_construct_pv(struct domain *d, if ( !pv_shim && !test_bit(XENFEAT_dom0, parms.f_supported) ) { printk("Kernel does not support Dom0 operation\n"); - rc = -EINVAL; - goto out; + return -EINVAL; } } @@ -607,8 +605,7 @@ int __init dom0_construct_pv(struct domain *d, : (v_start < HYPERVISOR_VIRT_END) && (v_end > HYPERVISOR_VIRT_START) ) { printk("DOM0 image overlaps with Xen private area.\n"); - rc = -EINVAL; - goto out; + return -EINVAL; } if ( compat ) @@ -753,8 +750,7 @@ int __init dom0_construct_pv(struct domain *d, mapcache_override_current(NULL); switch_cr3_cr4(current->arch.cr3, read_cr4()); printk("Invalid HYPERCALL_PAGE field in ELF notes.\n"); - rc = -EINVAL; - goto out; + return -EINVAL; } init_hypercall_page(d, _p(parms.virt_hypercall)); } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Aug 19 13:11:54 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 19 Aug 2021 13:11:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.168786.308181 (Exim 4.92) (envelope-from ) id 1mGhpq-0002Go-OM; Thu, 19 Aug 2021 13:11:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 168786.308181; Thu, 19 Aug 2021 13:11:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGhpq-0002Gg-LQ; Thu, 19 Aug 2021 13:11:54 +0000 Received: by outflank-mailman (input) for mailman id 168786; Thu, 19 Aug 2021 13:11:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGhpp-0002GT-78 for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 13:11:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGhpp-0008BG-6J for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 13:11:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mGhpp-0007CT-5T for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 13:11:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Tu8qpInTvUANamFLrdU6UZqBJSkeAGfGiU4ZUtzGipE=; b=L0YqCugRNioqGYLvo347nCHXkb M2TB5nFu8VJOTMxQx5bnaTiJ0cJSGgHlhqQTcujT/SlJnMASOwrhMgiUBaPBEYj7BIxMmkW7oMjZU xnFg5FsuFDXW1z2I6CQu03ccaklZID73rh06s0rfzZaijwh6r1VHr75wDZWNeeFi6EWw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/pv: provide more helpful error when CONFIG_PV32 is absent Message-Id: Date: Thu, 19 Aug 2021 13:11:53 +0000 commit 2e5512d1ffd2e720f25c376df12db8a914117589 Author: Jane Malalane AuthorDate: Mon Aug 16 15:16:20 2021 +0200 Commit: Jan Beulich CommitDate: Mon Aug 16 15:16:20 2021 +0200 x86/pv: provide more helpful error when CONFIG_PV32 is absent Currently, when booting a 32bit dom0 kernel, the message isn't very helpful: (XEN) Xen kernel: 64-bit, lsb (XEN) Dom0 kernel: 32-bit, PAE, lsb, paddr 0x100000 -> 0x112000 (XEN) Mismatch between Xen and DOM0 kernel (XEN) (XEN) **************************************** (XEN) Panic on CPU 0: (XEN) Could not construct domain 0 (XEN) **************************************** With this adjustment, it now looks like this: (XEN) Xen kernel: 64-bit, lsb (XEN) Found 32-bit PV kernel, but CONFIG_PV32 missing (XEN) (XEN) **************************************** (XEN) Panic on CPU 0: (XEN) Could not construct domain 0 (XEN) **************************************** Suggested-by: Andrew Cooper Signed-off-by: Jane Malalane Reviewed-by: Jan Beulich --- xen/arch/x86/pv/dom0_build.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/pv/dom0_build.c b/xen/arch/x86/pv/dom0_build.c index 8712baccc1..d5a1a6a4e2 100644 --- a/xen/arch/x86/pv/dom0_build.c +++ b/xen/arch/x86/pv/dom0_build.c @@ -362,9 +362,9 @@ int __init dom0_construct_pv(struct domain *d, compatible = false; machine = elf_uval(&elf, elf.ehdr, e_machine); -#ifdef CONFIG_PV32 if ( elf_32bit(&elf) ) { +#ifdef CONFIG_PV32 if ( parms.pae == XEN_PAE_BIMODAL ) parms.pae = XEN_PAE_EXTCR3; if ( parms.pae && machine == EM_386 ) @@ -377,8 +377,11 @@ int __init dom0_construct_pv(struct domain *d, compatible = true; } - } +#else + printk("Found 32-bit PV kernel, but CONFIG_PV32 missing\n"); + return -EOPNOTSUPP; #endif + } compat = is_pv_32bit_domain(d); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Aug 19 13:12:05 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 19 Aug 2021 13:12:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.168787.308186 (Exim 4.92) (envelope-from ) id 1mGhq0-0002KB-R5; Thu, 19 Aug 2021 13:12:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 168787.308186; Thu, 19 Aug 2021 13:12:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGhq0-0002K1-Mv; Thu, 19 Aug 2021 13:12:04 +0000 Received: by outflank-mailman (input) for mailman id 168787; Thu, 19 Aug 2021 13:12:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGhpz-0002Jp-Bn for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 13:12:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGhpz-0008Bk-A5 for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 13:12:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mGhpz-0007Ds-9B for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 13:12:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=edeFW/w8pI9otgTNgjMSGiNq6mMOoT5HEEvoNs7VeBM=; b=NH+x8prM34Oq8YfrI0u6L8Us6j LR7/NGTvGae/ZyKrlS4+McCM53C1h0pJ3t/bb+riMGQjnR4PWoP/WP0XTck0P1QSIVM+jYwnB+7PX NFKXDJPdpCHG8IeYIun5Xw28LpWh6P4To4l3UDRAuPRLTDqKD3/Eg7D2upJ4y5ddkaoQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/ioapic: remove use of TRUE/FALSE/1/0 Message-Id: Date: Thu, 19 Aug 2021 13:12:03 +0000 commit 274c5e79c792ce0331d0d8cd9a01545dea5a48fd Author: Kevin Stefanov AuthorDate: Mon Aug 16 15:16:56 2021 +0200 Commit: Jan Beulich CommitDate: Mon Aug 16 15:16:56 2021 +0200 x86/ioapic: remove use of TRUE/FALSE/1/0 Also fix stray usage in VT-d. Suggested-by: Andrew Cooper Signed-off-by: Kevin Stefanov Reviewed-by: Jan Beulich --- xen/arch/x86/io_apic.c | 38 +++++++++++++++++----------------- xen/drivers/passthrough/vtd/intremap.c | 6 +++--- xen/drivers/passthrough/vtd/utils.c | 2 +- 3 files changed, 23 insertions(+), 23 deletions(-) diff --git a/xen/arch/x86/io_apic.c b/xen/arch/x86/io_apic.c index 58b26d962c..c3ad9efac8 100644 --- a/xen/arch/x86/io_apic.c +++ b/xen/arch/x86/io_apic.c @@ -289,7 +289,7 @@ static void __io_apic_eoi(unsigned int apic, unsigned int vector, unsigned int p { /* If vector is unknown, read it from the IO-APIC */ if ( vector == IRQ_VECTOR_UNASSIGNED ) - vector = __ioapic_read_entry(apic, pin, TRUE).vector; + vector = __ioapic_read_entry(apic, pin, true).vector; *(IO_APIC_BASE(apic)+16) = vector; } @@ -300,28 +300,28 @@ static void __io_apic_eoi(unsigned int apic, unsigned int vector, unsigned int p struct IO_APIC_route_entry entry; bool need_to_unmask = false; - entry = __ioapic_read_entry(apic, pin, TRUE); + entry = __ioapic_read_entry(apic, pin, true); if ( ! entry.mask ) { /* If entry is not currently masked, mask it and make * a note to unmask it later */ entry.mask = 1; - __ioapic_write_entry(apic, pin, TRUE, entry); + __ioapic_write_entry(apic, pin, true, entry); need_to_unmask = true; } /* Flip the trigger mode to edge and back */ entry.trigger = 0; - __ioapic_write_entry(apic, pin, TRUE, entry); + __ioapic_write_entry(apic, pin, true, entry); entry.trigger = 1; - __ioapic_write_entry(apic, pin, TRUE, entry); + __ioapic_write_entry(apic, pin, true, entry); if ( need_to_unmask ) { /* Unmask if neccesary */ entry.mask = 0; - __ioapic_write_entry(apic, pin, TRUE, entry); + __ioapic_write_entry(apic, pin, true, entry); } } } @@ -344,7 +344,7 @@ int save_IO_APIC_setup(struct IO_APIC_route_entry **ioapic_entries) return -ENOMEM; for (pin = 0; pin < nr_ioapic_entries[apic]; pin++) - ioapic_entries[apic][pin] = __ioapic_read_entry(apic, pin, 1); + ioapic_entries[apic][pin] = __ioapic_read_entry(apic, pin, true); } return 0; @@ -374,7 +374,7 @@ void mask_IO_APIC_setup(struct IO_APIC_route_entry **ioapic_entries) if (!entry.mask) { entry.mask = 1; - ioapic_write_entry(apic, pin, 1, entry); + ioapic_write_entry(apic, pin, true, entry); } } } @@ -1047,7 +1047,7 @@ static void __init setup_IO_APIC_irqs(void) SET_DEST(entry, logical, cpu_mask_to_apicid(TARGET_CPUS)); spin_lock_irqsave(&ioapic_lock, flags); - __ioapic_write_entry(apic, pin, 0, entry); + __ioapic_write_entry(apic, pin, false, entry); spin_unlock_irqrestore(&ioapic_lock, flags); } } @@ -1091,7 +1091,7 @@ static void __init setup_ExtINT_IRQ0_pin(unsigned int apic, unsigned int pin, in /* * Add it to the IO-APIC irq-routing table: */ - ioapic_write_entry(apic, pin, 0, entry); + ioapic_write_entry(apic, pin, false, entry); enable_8259A_irq(irq_to_desc(0)); } @@ -1203,7 +1203,7 @@ static void /*__init*/ __print_IO_APIC(bool boot) for (i = 0; i <= reg_01.bits.entries; i++) { struct IO_APIC_route_entry entry; - entry = ioapic_read_entry(apic, i, 0); + entry = ioapic_read_entry(apic, i, false); if ( x2apic_enabled && iommu_intremap ) printk(KERN_DEBUG " %02x %08x", i, entry.dest.dest32); @@ -1290,7 +1290,7 @@ static void __init enable_IO_APIC(void) int pin; /* See if any of the pins is in ExtINT mode */ for (pin = 0; pin < nr_ioapic_entries[apic]; pin++) { - struct IO_APIC_route_entry entry = ioapic_read_entry(apic, pin, 0); + struct IO_APIC_route_entry entry = ioapic_read_entry(apic, pin, false); /* If the interrupt line is enabled and in ExtInt mode * I have found the pin where the i8259 is connected. @@ -1361,7 +1361,7 @@ void disable_IO_APIC(void) /* * Add it to the IO-APIC irq-routing table: */ - ioapic_write_entry(ioapic_i8259.apic, ioapic_i8259.pin, 0, entry); + ioapic_write_entry(ioapic_i8259.apic, ioapic_i8259.pin, false, entry); } disconnect_bsp_APIC(ioapic_i8259.pin != -1); } @@ -1841,7 +1841,7 @@ static void __init unlock_ExtINT_logic(void) if ( pin == -1 || apic == -1 ) return; - entry0 = ioapic_read_entry(apic, pin, 0); + entry0 = ioapic_read_entry(apic, pin, false); clear_IO_APIC_pin(apic, pin); memset(&entry1, 0, sizeof(entry1)); @@ -1854,7 +1854,7 @@ static void __init unlock_ExtINT_logic(void) entry1.trigger = 0; entry1.vector = 0; - ioapic_write_entry(apic, pin, 0, entry1); + ioapic_write_entry(apic, pin, false, entry1); save_control = CMOS_READ(RTC_CONTROL); save_freq_select = CMOS_READ(RTC_FREQ_SELECT); @@ -1873,7 +1873,7 @@ static void __init unlock_ExtINT_logic(void) CMOS_WRITE(save_freq_select, RTC_FREQ_SELECT); clear_IO_APIC_pin(apic, pin); - ioapic_write_entry(apic, pin, 0, entry0); + ioapic_write_entry(apic, pin, false, entry0); } /* @@ -2287,7 +2287,7 @@ int io_apic_set_pci_routing (int ioapic, int pin, int irq, int edge_level, int a disable_8259A_irq(desc); spin_lock_irqsave(&ioapic_lock, flags); - __ioapic_write_entry(ioapic, pin, 0, entry); + __ioapic_write_entry(ioapic, pin, false, entry); spin_unlock(&ioapic_lock); spin_lock(&desc->lock); @@ -2476,7 +2476,7 @@ int ioapic_guest_write(unsigned long physbase, unsigned int reg, u32 val) rte.mask = 1; } - __ioapic_write_entry(apic, pin, 0, rte); + __ioapic_write_entry(apic, pin, false, rte); spin_unlock_irqrestore(&ioapic_lock, flags); @@ -2529,7 +2529,7 @@ void dump_ioapic_irq_info(void) printk(" Apic 0x%02x, Pin %2d: ", entry->apic, pin); - rte = ioapic_read_entry(entry->apic, pin, 0); + rte = ioapic_read_entry(entry->apic, pin, false); printk("vec=%02x delivery=%-5s dest=%c status=%d " "polarity=%d irr=%d trig=%c mask=%d dest_id:%0*x\n", diff --git a/xen/drivers/passthrough/vtd/intremap.c b/xen/drivers/passthrough/vtd/intremap.c index d0f70d90eb..01152f2006 100644 --- a/xen/drivers/passthrough/vtd/intremap.c +++ b/xen/drivers/passthrough/vtd/intremap.c @@ -427,7 +427,7 @@ unsigned int io_apic_read_remap_rte( ( (index = apic_pin_2_ir_idx[apic][ioapic_pin]) < 0 ) ) return __io_apic_read(apic, reg); - old_rte = __ioapic_read_entry(apic, ioapic_pin, 1); + old_rte = __ioapic_read_entry(apic, ioapic_pin, true); if ( remap_entry_to_ioapic_rte(iommu, index, &old_rte) ) return __io_apic_read(apic, reg); @@ -448,7 +448,7 @@ void io_apic_write_remap_rte( struct vtd_iommu *iommu = ioapic_to_iommu(IO_APIC_ID(apic)); int saved_mask; - old_rte = __ioapic_read_entry(apic, ioapic_pin, 1); + old_rte = __ioapic_read_entry(apic, ioapic_pin, true); remap_rte = (struct IO_APIC_route_remap_entry *) &old_rte; @@ -468,7 +468,7 @@ void io_apic_write_remap_rte( __io_apic_write(apic, reg & ~1, *(u32 *)&old_rte); } else - __ioapic_write_entry(apic, ioapic_pin, 1, old_rte); + __ioapic_write_entry(apic, ioapic_pin, true, old_rte); } static void set_msi_source_id(struct pci_dev *pdev, struct iremap_entry *ire) diff --git a/xen/drivers/passthrough/vtd/utils.c b/xen/drivers/passthrough/vtd/utils.c index 4febcf506d..70add3cc8e 100644 --- a/xen/drivers/passthrough/vtd/utils.c +++ b/xen/drivers/passthrough/vtd/utils.c @@ -281,7 +281,7 @@ void vtd_dump_iommu_info(unsigned char key) for ( i = 0; i <= reg_01.bits.entries; i++ ) { struct IO_APIC_route_entry rte = - __ioapic_read_entry(apic, i, TRUE); + __ioapic_read_entry(apic, i, true); remap = (struct IO_APIC_route_remap_entry *) &rte; if ( !remap->format ) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Aug 19 13:12:14 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 19 Aug 2021 13:12:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.168788.308188 (Exim 4.92) (envelope-from ) id 1mGhq9-0002Oo-Td; Thu, 19 Aug 2021 13:12:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 168788.308188; Thu, 19 Aug 2021 13:12:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGhq9-0002Og-QX; Thu, 19 Aug 2021 13:12:13 +0000 Received: by outflank-mailman (input) for mailman id 168788; Thu, 19 Aug 2021 13:12:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGhq9-0002OX-F2 for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 13:12:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGhq9-0008Bv-EA for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 13:12:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mGhq9-0007F0-DG for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 13:12:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=QOzsVx1R1PBae8OXEcbiJEjl2QALiRQDv6zTzToVrdQ=; b=NJKxLMTX1XNSRVykrWg9kmr6za tUUxSztfyNk6mlJSyxOXfDWdXYsLkfYsarvI6TSB4omregc53pndzf27bNas1unvzxHGUJ64a2kLH Rg9mkcgiOj7E6HGzzXES71DetKlcu3OxlEtZdeinCQFOb+k2kQrQFnct3OmkawGNn6IU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] MAINTAINERS: Fix file path for kexec headers Message-Id: Date: Thu, 19 Aug 2021 13:12:13 +0000 commit 6928bc511399fd8f593fe49a3241212860a6a1b5 Author: Andrew Cooper AuthorDate: Thu Aug 12 14:49:57 2021 +0100 Commit: Andrew Cooper CommitDate: Mon Aug 16 15:57:30 2021 +0100 MAINTAINERS: Fix file path for kexec headers Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- MAINTAINERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MAINTAINERS b/MAINTAINERS index 56d16e4328..9be4ad653a 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -370,7 +370,7 @@ KEXEC M: Andrew Cooper S: Supported F: xen/common/{kexec,kimage}.c -F: xen/include/{kexec,kimage}.h +F: xen/include/xen/{kexec,kimage}.h F: xen/arch/x86/machine_kexec.c F: xen/arch/x86/x86_64/kexec_reloc.S -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Aug 19 13:12:23 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 19 Aug 2021 13:12:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.168789.308192 (Exim 4.92) (envelope-from ) id 1mGhqJ-0002S0-Uv; Thu, 19 Aug 2021 13:12:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 168789.308192; Thu, 19 Aug 2021 13:12:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGhqJ-0002Rs-S7; Thu, 19 Aug 2021 13:12:23 +0000 Received: by outflank-mailman (input) for mailman id 168789; Thu, 19 Aug 2021 13:12:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGhqJ-0002Rm-IC for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 13:12:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGhqJ-0008C9-HW for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 13:12:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mGhqJ-0007Fv-Gd for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 13:12:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=g68wbMtN7HmLngELH/n97igYpoJdrPOXgDg76JAdEO0=; b=sfA3JkCVaDtL+0fkvkCuUVg/7g EVxaBp6e/CzheyU5cUsi94Edc2ugItZ6UV+dBDy988ZZeZOADrNxv8YVtvmXZ4Vlnld31FwYo7xRt tTb8hU4MgYP2wHkU+UdwOMYAEshLuQ9BAPB8O2FPA5/ej7nzbXdgy8KFDWuyEiKH0OQg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/ACPI: Insert missing newlines into FACS error messages Message-Id: Date: Thu, 19 Aug 2021 13:12:23 +0000 commit bc141e8ca56200bdd0a12e04a6ebff3c19d6c27b Author: Andrew Cooper AuthorDate: Mon Aug 16 14:24:44 2021 +0100 Commit: Andrew Cooper CommitDate: Mon Aug 16 15:58:31 2021 +0100 x86/ACPI: Insert missing newlines into FACS error messages Booting Xen as a PVH guest currently yields: (XEN) ACPI: SLEEP INFO: pm1x_cnt[1:b004,1:0], pm1x_evt[1:b000,1:0] (XEN) ACPI: FACS is not 64-byte aligned: 0xfc001010<2>ACPI: wakeup_vec[fc00101c], vec_size[20] (XEN) ACPI: Local APIC address 0xfee00000 Insert newlines as appropriate. Fixes: d3faf9badf52 ("[host s3] Retrieve necessary sleep information from plain-text ACPI tables (FADT/FACS), and keep one hypercall remained for sleep notification.") Fixes: 0f089bbf43ec ("x86/ACPI: fix S3 wakeup vector mapping") Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/acpi/boot.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/acpi/boot.c b/xen/arch/x86/acpi/boot.c index ff4685279f..8fe2d6fe0f 100644 --- a/xen/arch/x86/acpi/boot.c +++ b/xen/arch/x86/acpi/boot.c @@ -432,19 +432,19 @@ acpi_fadt_parse_sleep_info(const struct acpi_table_fadt *fadt) } if (facs->length < 24) { - printk(KERN_ERR PREFIX "Invalid FACS table length: %#x", + printk(KERN_ERR PREFIX "Invalid FACS table length: %#x\n", facs->length); goto done; } if (facs->length < 64) printk(KERN_WARNING PREFIX - "FACS is shorter than ACPI spec allow: %#x", + "FACS is shorter than ACPI spec allow: %#x\n", facs->length); if (facs_pa % 64) printk(KERN_WARNING PREFIX - "FACS is not 64-byte aligned: %#lx", + "FACS is not 64-byte aligned: %#lx\n", facs_pa); acpi_sinfo.wakeup_vector = facs_pa + -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Aug 19 13:12:35 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 19 Aug 2021 13:12:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.168790.308197 (Exim 4.92) (envelope-from ) id 1mGhqV-0002V3-0N; Thu, 19 Aug 2021 13:12:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 168790.308197; Thu, 19 Aug 2021 13:12:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGhqU-0002Uv-Tl; Thu, 19 Aug 2021 13:12:34 +0000 Received: by outflank-mailman (input) for mailman id 168790; Thu, 19 Aug 2021 13:12:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGhqT-0002UY-La for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 13:12:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGhqT-0008CK-Kr for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 13:12:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mGhqT-0007Gn-K5 for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 13:12:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=26cdObpStWkHR1rhNsEMXfvvhKJ2eS9A12YvckAhxLk=; b=zEr6Hr+9yxvSMprXKVyFX4auRC ZQG4Tau7AOn0k7JOdHhvnoRzREeHQNv7MXbOtl6dchZdVa/d+T6yiN4/k1F2m9mwVNW/tO29aCncK f9cecvZwh6+9ndGwVshElL5jm5hu0eqeYbN5m8Y8++Xd9776S4MiFYYIhfWpKLKhXfbo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/cet: Fix shskt manipulation error with BUGFRAME_{warn,run_fn} Message-Id: Date: Thu, 19 Aug 2021 13:12:33 +0000 commit 35727551c0703493a2240e967cffc3063b13d49c Author: Andrew Cooper AuthorDate: Thu Aug 12 17:39:16 2021 +0100 Commit: Andrew Cooper CommitDate: Mon Aug 16 16:03:20 2021 +0100 x86/cet: Fix shskt manipulation error with BUGFRAME_{warn,run_fn} This was a clear oversight in the original CET work. The BUGFRAME_run_fn and BUGFRAME_warn paths update regs->rip without an equivalent adjustment to the shadow stack, causing IRET to suffer #CP because of the mismatch. One subtle, and therefore fragile, aspect of extable_shstk_fixup() was that it required regs->rip to have its old value as a cross-check that the right word in the shadow stack was being edited. Rework extable_shstk_fixup() into fixup_exception_return() which takes ownership of the update to both the regular and shadow stacks, ensuring that the regs->rip update is ordered correctly. Use the new fixup_exception_return() for BUGFRAME_run_fn and BUGFRAME_warn to ensure that the shadow stack is updated too. Fixes: 209fb9919b50 ("x86/extable: Adjust extable handling to be shadow stack compatible") Reported-by: Marek Marczykowski-Górecki Signed-off-by: Andrew Cooper Tested-by: Marek Marczykowski-Górecki Reviewed-by: Jan Beulich --- xen/arch/x86/traps.c | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index e60af16ddd..30eefbad48 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -777,13 +777,15 @@ static void do_reserved_trap(struct cpu_user_regs *regs) trapnr, vec_name(trapnr), regs->error_code); } -static void extable_shstk_fixup(struct cpu_user_regs *regs, unsigned long fixup) +static void fixup_exception_return(struct cpu_user_regs *regs, + unsigned long fixup) { +#ifdef CONFIG_XEN_SHSTK unsigned long ssp, *ptr, *base; asm ( "rdsspq %0" : "=r" (ssp) : "0" (1) ); if ( ssp == 1 ) - return; + goto shstk_done; ptr = _p(ssp); base = _p(get_shstk_bottom(ssp)); @@ -814,7 +816,7 @@ static void extable_shstk_fixup(struct cpu_user_regs *regs, unsigned long fixup) asm ( "wrssq %[fix], %[stk]" : [stk] "=m" (ptr[0]) : [fix] "r" (fixup) ); - return; + goto shstk_done; } } @@ -824,6 +826,12 @@ static void extable_shstk_fixup(struct cpu_user_regs *regs, unsigned long fixup) * executing the interrupted context. */ BUG(); + + shstk_done: +#endif /* CONFIG_XEN_SHSTK */ + + /* Fixup the regular stack. */ + regs->rip = fixup; } static bool extable_fixup(struct cpu_user_regs *regs, bool print) @@ -842,10 +850,7 @@ static bool extable_fixup(struct cpu_user_regs *regs, bool print) vec_name(regs->entry_vector), regs->error_code, _p(regs->rip), _p(regs->rip), _p(fixup)); - if ( IS_ENABLED(CONFIG_XEN_SHSTK) ) - extable_shstk_fixup(regs, fixup); - - regs->rip = fixup; + fixup_exception_return(regs, fixup); this_cpu(last_extable_addr) = regs->rip; return true; @@ -1138,7 +1143,7 @@ void do_invalid_op(struct cpu_user_regs *regs) void (*fn)(struct cpu_user_regs *) = bug_ptr(bug); fn(regs); - regs->rip = (unsigned long)eip; + fixup_exception_return(regs, (unsigned long)eip); return; } @@ -1159,7 +1164,7 @@ void do_invalid_op(struct cpu_user_regs *regs) case BUGFRAME_warn: printk("Xen WARN at %s%s:%d\n", prefix, filename, lineno); show_execution_state(regs); - regs->rip = (unsigned long)eip; + fixup_exception_return(regs, (unsigned long)eip); return; case BUGFRAME_bug: -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Aug 19 13:12:45 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 19 Aug 2021 13:12:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.168791.308201 (Exim 4.92) (envelope-from ) id 1mGhqf-0002YD-2D; Thu, 19 Aug 2021 13:12:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 168791.308201; Thu, 19 Aug 2021 13:12:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGhqe-0002Y5-VM; Thu, 19 Aug 2021 13:12:44 +0000 Received: by outflank-mailman (input) for mailman id 168791; Thu, 19 Aug 2021 13:12:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGhqd-0002Xa-PD for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 13:12:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGhqd-0008Cm-OW for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 13:12:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mGhqd-0007Hq-NU for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 13:12:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=FCcRQpeiEZ4ONyfdWfeegkHrwHed8aWCMFg8QK9rsiY=; b=jHp9+KASR1CFtznLg2r5siREra YX9Nm3enCgFHjCoJDLUI+MjV3hJbEPy5JZvms9YyLzdAQip7j8qcwzPZW+Ydkr6n7Wb0e9Zb1siKL iE5uZK6+NBuyBztVxhEXeVAMG88hHya854MUheAtQ1/doNvvlIrQjtGxs9SFk6wud4wU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/cet: Fix build on newer versions of GCC Message-Id: Date: Thu, 19 Aug 2021 13:12:43 +0000 commit 54c9736382e0d558a6acd820e44185e020131c48 Author: Andrew Cooper AuthorDate: Tue Aug 17 11:38:07 2021 +0100 Commit: Andrew Cooper CommitDate: Tue Aug 17 12:55:48 2021 +0100 x86/cet: Fix build on newer versions of GCC Some versions of GCC complain with: traps.c:405:22: error: 'get_shstk_bottom' defined but not used [-Werror=unused-function] static unsigned long get_shstk_bottom(unsigned long sp) ^~~~~~~~~~~~~~~~ cc1: all warnings being treated as errors Change #ifdef to if ( IS_ENABLED(...) ) to make the sole user of get_shstk_bottom() visible to the compiler. Fixes: 35727551c070 ("x86/cet: Fix shskt manipulation error with BUGFRAME_{warn,run_fn}") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich Compile-tested-by: Jan Beulich Tested-by: Marek Marczykowski-Górecki --- xen/arch/x86/traps.c | 83 ++++++++++++++++++++++++++-------------------------- 1 file changed, 42 insertions(+), 41 deletions(-) diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index 30eefbad48..4a0e498b4c 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -780,55 +780,56 @@ static void do_reserved_trap(struct cpu_user_regs *regs) static void fixup_exception_return(struct cpu_user_regs *regs, unsigned long fixup) { -#ifdef CONFIG_XEN_SHSTK - unsigned long ssp, *ptr, *base; + if ( IS_ENABLED(CONFIG_XEN_SHSTK) ) + { + unsigned long ssp, *ptr, *base; - asm ( "rdsspq %0" : "=r" (ssp) : "0" (1) ); - if ( ssp == 1 ) - goto shstk_done; + asm ( "rdsspq %0" : "=r" (ssp) : "0" (1) ); + if ( ssp == 1 ) + goto shstk_done; - ptr = _p(ssp); - base = _p(get_shstk_bottom(ssp)); + ptr = _p(ssp); + base = _p(get_shstk_bottom(ssp)); - for ( ; ptr < base; ++ptr ) - { - /* - * Search for %rip. The shstk currently looks like this: - * - * ... [Likely pointed to by SSP] - * %cs [== regs->cs] - * %rip [== regs->rip] - * SSP [Likely points to 3 slots higher, above %cs] - * ... [call tree to this function, likely 2/3 slots] - * - * and we want to overwrite %rip with fixup. There are two - * complications: - * 1) We cant depend on SSP values, because they won't differ by 3 - * slots if the exception is taken on an IST stack. - * 2) There are synthetic (unrealistic but not impossible) scenarios - * where %rip can end up in the call tree to this function, so we - * can't check against regs->rip alone. - * - * Check for both regs->rip and regs->cs matching. - */ - if ( ptr[0] == regs->rip && ptr[1] == regs->cs ) + for ( ; ptr < base; ++ptr ) { - asm ( "wrssq %[fix], %[stk]" - : [stk] "=m" (ptr[0]) - : [fix] "r" (fixup) ); - goto shstk_done; + /* + * Search for %rip. The shstk currently looks like this: + * + * ... [Likely pointed to by SSP] + * %cs [== regs->cs] + * %rip [== regs->rip] + * SSP [Likely points to 3 slots higher, above %cs] + * ... [call tree to this function, likely 2/3 slots] + * + * and we want to overwrite %rip with fixup. There are two + * complications: + * 1) We cant depend on SSP values, because they won't differ by + * 3 slots if the exception is taken on an IST stack. + * 2) There are synthetic (unrealistic but not impossible) + * scenarios where %rip can end up in the call tree to this + * function, so we can't check against regs->rip alone. + * + * Check for both regs->rip and regs->cs matching. + */ + if ( ptr[0] == regs->rip && ptr[1] == regs->cs ) + { + asm ( "wrssq %[fix], %[stk]" + : [stk] "=m" (ptr[0]) + : [fix] "r" (fixup) ); + goto shstk_done; + } } - } - /* - * We failed to locate and fix up the shadow IRET frame. This could be - * due to shadow stack corruption, or bad logic above. We cannot continue - * executing the interrupted context. - */ - BUG(); + /* + * We failed to locate and fix up the shadow IRET frame. This could + * be due to shadow stack corruption, or bad logic above. We cannot + * continue executing the interrupted context. + */ + BUG(); + } shstk_done: -#endif /* CONFIG_XEN_SHSTK */ /* Fixup the regular stack. */ regs->rip = fixup; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Aug 19 16:55:13 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 19 Aug 2021 16:55:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.168967.308574 (Exim 4.92) (envelope-from ) id 1mGlJr-0003Du-4Q; Thu, 19 Aug 2021 16:55:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 168967.308574; Thu, 19 Aug 2021 16:55:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlJr-0003Dm-1R; Thu, 19 Aug 2021 16:55:07 +0000 Received: by outflank-mailman (input) for mailman id 168967; Thu, 19 Aug 2021 16:55:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlJp-0003Db-TL for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:55:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlJp-0004gP-Q1 for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:55:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mGlJp-0002I3-P8 for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:55:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=dnz0Sfw5i3WerhwgrC0B6JaAAwe+Lfssn9GgEzc1jy0=; b=SuisQfK4yS0bPpm3lwEQajLAvN 2l0IMg2SwvAF3Ri5YP8hDP8in8yvBLPDo8r+bYMPXeBZ7xDOgIFvOrpqMYSt++HjK92h8eUTFDVVf MS9iQ3mPEGikoZho6njyWi6rqFQlphVOPVPubRNZWaW7na6aMweripHmlT4uGmgm0jrY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] tools/libs/ctrl: fix xc_core_arch_map_p2m() to support linear p2m table Message-Id: Date: Thu, 19 Aug 2021 16:55:05 +0000 commit 2b23bb664ff661eb5ca8bb79498b9df55c4d59cf Author: Juergen Gross AuthorDate: Fri Jul 2 16:29:44 2021 +0200 Commit: Ian Jackson CommitDate: Thu Aug 19 17:12:10 2021 +0100 tools/libs/ctrl: fix xc_core_arch_map_p2m() to support linear p2m table The core of a pv linux guest produced via "xl dump-core" is not usable as since kernel 4.14 only the linear p2m table is kept if Xen indicates it is supporting that. Unfortunately xc_core_arch_map_p2m() is still supporting the 3-level p2m tree only. Fix that by copying the functionality of map_p2m() from libxenguest to libxenctrl. Additionally the mapped p2m isn't of a fixed length now, so the interface to the mapping functions needs to be adapted. In order not to add even more parameters, expand struct domain_info_context and use a pointer to that as a parameter. This is a backport of upstream commit bd7a29c3d0b937ab542a. As the original patch includes a modification of a data structure passed via pointer to a library function, the related function in the library is renamed in order to be able to spot any external users of that function. Note that it is extremely unlikely any such users outside the Xen git tree are existing, so the risk to break any existing programs is very unlikely. In case such a user is existing, changing the name of xc_map_domain_meminfo() will at least avoid silent breakage. Fixes: dc6d60937121 ("libxc: set flag for support of linear p2m list in domain builder") Signed-off-by: Juergen Gross Reviewed-by: Ian Jackson --- tools/include/xenguest.h | 2 + tools/libs/ctrl/xc_core.c | 5 +- tools/libs/ctrl/xc_core.h | 8 +- tools/libs/ctrl/xc_core_arm.c | 23 ++-- tools/libs/ctrl/xc_core_x86.c | 256 ++++++++++++++++++++++++++++++++++-------- tools/libs/ctrl/xc_private.h | 1 + tools/libs/guest/xg_domain.c | 17 +-- 7 files changed, 234 insertions(+), 78 deletions(-) diff --git a/tools/include/xenguest.h b/tools/include/xenguest.h index 217022b6e7..36a26deba4 100644 --- a/tools/include/xenguest.h +++ b/tools/include/xenguest.h @@ -700,8 +700,10 @@ struct xc_domain_meminfo { xen_pfn_t *pfn_type; xen_pfn_t *p2m_table; unsigned long p2m_size; + unsigned int p2m_frames; }; +#define xc_map_domain_meminfo xc_map_domain_meminfo_mod int xc_map_domain_meminfo(xc_interface *xch, uint32_t domid, struct xc_domain_meminfo *minfo); diff --git a/tools/libs/ctrl/xc_core.c b/tools/libs/ctrl/xc_core.c index b47ab2f6d8..9576bec5a3 100644 --- a/tools/libs/ctrl/xc_core.c +++ b/tools/libs/ctrl/xc_core.c @@ -574,8 +574,7 @@ xc_domain_dumpcore_via_callback(xc_interface *xch, goto out; } - sts = xc_core_arch_map_p2m(xch, dinfo->guest_width, &info, live_shinfo, - &p2m, &dinfo->p2m_size); + sts = xc_core_arch_map_p2m(xch, dinfo, &info, live_shinfo, &p2m); if ( sts != 0 ) goto out; @@ -945,7 +944,7 @@ out: if ( memory_map != NULL ) free(memory_map); if ( p2m != NULL ) - munmap(p2m, PAGE_SIZE * P2M_FL_ENTRIES); + munmap(p2m, PAGE_SIZE * dinfo->p2m_frames); if ( p2m_array != NULL ) free(p2m_array); if ( pfn_array != NULL ) diff --git a/tools/libs/ctrl/xc_core.h b/tools/libs/ctrl/xc_core.h index 36fb755da2..8ea1f93a10 100644 --- a/tools/libs/ctrl/xc_core.h +++ b/tools/libs/ctrl/xc_core.h @@ -138,14 +138,14 @@ int xc_core_arch_memory_map_get(xc_interface *xch, xc_dominfo_t *info, shared_info_any_t *live_shinfo, xc_core_memory_map_t **mapp, unsigned int *nr_entries); -int xc_core_arch_map_p2m(xc_interface *xch, unsigned int guest_width, +int xc_core_arch_map_p2m(xc_interface *xch, struct domain_info_context *dinfo, xc_dominfo_t *info, shared_info_any_t *live_shinfo, - xen_pfn_t **live_p2m, unsigned long *pfnp); + xen_pfn_t **live_p2m); -int xc_core_arch_map_p2m_writable(xc_interface *xch, unsigned int guest_width, +int xc_core_arch_map_p2m_writable(xc_interface *xch, struct domain_info_context *dinfo, xc_dominfo_t *info, shared_info_any_t *live_shinfo, - xen_pfn_t **live_p2m, unsigned long *pfnp); + xen_pfn_t **live_p2m); int xc_core_arch_get_scratch_gpfn(xc_interface *xch, uint32_t domid, xen_pfn_t *gpfn); diff --git a/tools/libs/ctrl/xc_core_arm.c b/tools/libs/ctrl/xc_core_arm.c index 7b587b4cc5..93765a565f 100644 --- a/tools/libs/ctrl/xc_core_arm.c +++ b/tools/libs/ctrl/xc_core_arm.c @@ -66,33 +66,24 @@ xc_core_arch_memory_map_get(xc_interface *xch, struct xc_core_arch_context *unus static int xc_core_arch_map_p2m_rw(xc_interface *xch, struct domain_info_context *dinfo, xc_dominfo_t *info, - shared_info_any_t *live_shinfo, xen_pfn_t **live_p2m, - unsigned long *pfnp, int rw) + shared_info_any_t *live_shinfo, xen_pfn_t **live_p2m, int rw) { errno = ENOSYS; return -1; } int -xc_core_arch_map_p2m(xc_interface *xch, unsigned int guest_width, xc_dominfo_t *info, - shared_info_any_t *live_shinfo, xen_pfn_t **live_p2m, - unsigned long *pfnp) +xc_core_arch_map_p2m(xc_interface *xch, struct domain_info_context *dinfo, xc_dominfo_t *info, + shared_info_any_t *live_shinfo, xen_pfn_t **live_p2m) { - struct domain_info_context _dinfo = { .guest_width = guest_width }; - struct domain_info_context *dinfo = &_dinfo; - return xc_core_arch_map_p2m_rw(xch, dinfo, info, - live_shinfo, live_p2m, pfnp, 0); + return xc_core_arch_map_p2m_rw(xch, dinfo, info, live_shinfo, live_p2m, 0); } int -xc_core_arch_map_p2m_writable(xc_interface *xch, unsigned int guest_width, xc_dominfo_t *info, - shared_info_any_t *live_shinfo, xen_pfn_t **live_p2m, - unsigned long *pfnp) +xc_core_arch_map_p2m_writable(xc_interface *xch, struct domain_info_context *dinfo, xc_dominfo_t *info, + shared_info_any_t *live_shinfo, xen_pfn_t **live_p2m) { - struct domain_info_context _dinfo = { .guest_width = guest_width }; - struct domain_info_context *dinfo = &_dinfo; - return xc_core_arch_map_p2m_rw(xch, dinfo, info, - live_shinfo, live_p2m, pfnp, 1); + return xc_core_arch_map_p2m_rw(xch, dinfo, info, live_shinfo, live_p2m, 1); } int diff --git a/tools/libs/ctrl/xc_core_x86.c b/tools/libs/ctrl/xc_core_x86.c index cb76e6207b..c8f71d4b75 100644 --- a/tools/libs/ctrl/xc_core_x86.c +++ b/tools/libs/ctrl/xc_core_x86.c @@ -17,6 +17,7 @@ * */ +#include #include "xc_private.h" #include "xc_core.h" #include @@ -65,34 +66,169 @@ xc_core_arch_memory_map_get(xc_interface *xch, struct xc_core_arch_context *unus return 0; } -static int -xc_core_arch_map_p2m_rw(xc_interface *xch, struct domain_info_context *dinfo, xc_dominfo_t *info, - shared_info_any_t *live_shinfo, xen_pfn_t **live_p2m, - unsigned long *pfnp, int rw) +static inline bool is_canonical_address(uint64_t vaddr) { - /* Double and single indirect references to the live P2M table */ - xen_pfn_t *live_p2m_frame_list_list = NULL; - xen_pfn_t *live_p2m_frame_list = NULL; - /* Copies of the above. */ - xen_pfn_t *p2m_frame_list_list = NULL; - xen_pfn_t *p2m_frame_list = NULL; + return ((int64_t)vaddr >> 47) == ((int64_t)vaddr >> 63); +} - uint32_t dom = info->domid; - int ret = -1; - int err; - int i; +/* Virtual address ranges reserved for hypervisor. */ +#define HYPERVISOR_VIRT_START_X86_64 0xFFFF800000000000ULL +#define HYPERVISOR_VIRT_END_X86_64 0xFFFF87FFFFFFFFFFULL - if ( xc_domain_nr_gpfns(xch, info->domid, &dinfo->p2m_size) < 0 ) +#define HYPERVISOR_VIRT_START_X86_32 0x00000000F5800000ULL +#define HYPERVISOR_VIRT_END_X86_32 0x00000000FFFFFFFFULL + +static xen_pfn_t * +xc_core_arch_map_p2m_list_rw(xc_interface *xch, struct domain_info_context *dinfo, + uint32_t dom, shared_info_any_t *live_shinfo, + uint64_t p2m_cr3) +{ + uint64_t p2m_vaddr, p2m_end, mask, off; + xen_pfn_t p2m_mfn, mfn, saved_mfn, max_pfn; + uint64_t *ptes = NULL; + xen_pfn_t *mfns = NULL; + unsigned int fpp, n_pages, level, n_levels, shift, + idx_start, idx_end, idx, saved_idx; + + p2m_vaddr = GET_FIELD(live_shinfo, arch.p2m_vaddr, dinfo->guest_width); + fpp = PAGE_SIZE / dinfo->guest_width; + dinfo->p2m_frames = (dinfo->p2m_size - 1) / fpp + 1; + p2m_end = p2m_vaddr + dinfo->p2m_frames * PAGE_SIZE - 1; + + if ( dinfo->guest_width == 8 ) { - ERROR("Could not get maximum GPFN!"); - goto out; + mask = 0x0000ffffffffffffULL; + n_levels = 4; + p2m_mfn = p2m_cr3 >> 12; + if ( !is_canonical_address(p2m_vaddr) || + !is_canonical_address(p2m_end) || + p2m_end < p2m_vaddr || + (p2m_vaddr <= HYPERVISOR_VIRT_END_X86_64 && + p2m_end > HYPERVISOR_VIRT_START_X86_64) ) + { + ERROR("Bad virtual p2m address range %#" PRIx64 "-%#" PRIx64, + p2m_vaddr, p2m_end); + errno = ERANGE; + goto out; + } + } + else + { + mask = 0x00000000ffffffffULL; + n_levels = 3; + if ( p2m_cr3 & ~mask ) + p2m_mfn = ~0UL; + else + p2m_mfn = (uint32_t)((p2m_cr3 >> 12) | (p2m_cr3 << 20)); + if ( p2m_vaddr > mask || p2m_end > mask || p2m_end < p2m_vaddr || + (p2m_vaddr <= HYPERVISOR_VIRT_END_X86_32 && + p2m_end > HYPERVISOR_VIRT_START_X86_32) ) + { + ERROR("Bad virtual p2m address range %#" PRIx64 "-%#" PRIx64, + p2m_vaddr, p2m_end); + errno = ERANGE; + goto out; + } } - if ( dinfo->p2m_size < info->nr_pages ) + mfns = malloc(sizeof(*mfns)); + if ( !mfns ) { - ERROR("p2m_size < nr_pages -1 (%lx < %lx", dinfo->p2m_size, info->nr_pages - 1); + ERROR("Cannot allocate memory for array of %u mfns", 1); goto out; } + mfns[0] = p2m_mfn; + off = 0; + saved_mfn = 0; + idx_start = idx_end = saved_idx = 0; + + for ( level = n_levels; level > 0; level-- ) + { + n_pages = idx_end - idx_start + 1; + ptes = xc_map_foreign_pages(xch, dom, PROT_READ, mfns, n_pages); + if ( !ptes ) + { + PERROR("Failed to map %u page table pages for p2m list", n_pages); + goto out; + } + free(mfns); + + shift = level * 9 + 3; + idx_start = ((p2m_vaddr - off) & mask) >> shift; + idx_end = ((p2m_end - off) & mask) >> shift; + idx = idx_end - idx_start + 1; + mfns = malloc(sizeof(*mfns) * idx); + if ( !mfns ) + { + ERROR("Cannot allocate memory for array of %u mfns", idx); + goto out; + } + + for ( idx = idx_start; idx <= idx_end; idx++ ) + { + mfn = (ptes[idx] & 0x000ffffffffff000ULL) >> PAGE_SHIFT; + if ( mfn == 0 ) + { + ERROR("Bad mfn %#lx during page table walk for vaddr %#" PRIx64 " at level %d of p2m list", + mfn, off + ((uint64_t)idx << shift), level); + errno = ERANGE; + goto out; + } + mfns[idx - idx_start] = mfn; + + /* Maximum pfn check at level 2. Same reasoning as for p2m tree. */ + if ( level == 2 ) + { + if ( mfn != saved_mfn ) + { + saved_mfn = mfn; + saved_idx = idx - idx_start; + } + } + } + + if ( level == 2 ) + { + if ( saved_idx == idx_end ) + saved_idx++; + max_pfn = ((xen_pfn_t)saved_idx << 9) * fpp; + if ( max_pfn < dinfo->p2m_size ) + { + dinfo->p2m_size = max_pfn; + dinfo->p2m_frames = (dinfo->p2m_size + fpp - 1) / fpp; + p2m_end = p2m_vaddr + dinfo->p2m_frames * PAGE_SIZE - 1; + idx_end = idx_start + saved_idx; + } + } + + munmap(ptes, n_pages * PAGE_SIZE); + ptes = NULL; + off = p2m_vaddr & ((mask >> shift) << shift); + } + + return mfns; + + out: + free(mfns); + if ( ptes ) + munmap(ptes, n_pages * PAGE_SIZE); + + return NULL; +} + +static xen_pfn_t * +xc_core_arch_map_p2m_tree_rw(xc_interface *xch, struct domain_info_context *dinfo, + uint32_t dom, shared_info_any_t *live_shinfo) +{ + /* Double and single indirect references to the live P2M table */ + xen_pfn_t *live_p2m_frame_list_list; + xen_pfn_t *live_p2m_frame_list = NULL; + /* Copies of the above. */ + xen_pfn_t *p2m_frame_list_list = NULL; + xen_pfn_t *p2m_frame_list; + + int err; + int i; live_p2m_frame_list_list = xc_map_foreign_range(xch, dom, PAGE_SIZE, PROT_READ, @@ -151,10 +287,60 @@ xc_core_arch_map_p2m_rw(xc_interface *xch, struct domain_info_context *dinfo, xc for ( i = P2M_FL_ENTRIES - 1; i >= 0; i-- ) p2m_frame_list[i] = ((uint32_t *)p2m_frame_list)[i]; + dinfo->p2m_frames = P2M_FL_ENTRIES; + + return p2m_frame_list; + + out: + err = errno; + + if ( live_p2m_frame_list_list ) + munmap(live_p2m_frame_list_list, PAGE_SIZE); + + if ( live_p2m_frame_list ) + munmap(live_p2m_frame_list, P2M_FLL_ENTRIES * PAGE_SIZE); + + free(p2m_frame_list_list); + + errno = err; + + return NULL; +} + +static int +xc_core_arch_map_p2m_rw(xc_interface *xch, struct domain_info_context *dinfo, xc_dominfo_t *info, + shared_info_any_t *live_shinfo, xen_pfn_t **live_p2m, int rw) +{ + xen_pfn_t *p2m_frame_list = NULL; + uint64_t p2m_cr3; + uint32_t dom = info->domid; + int ret = -1; + int err; + + if ( xc_domain_nr_gpfns(xch, info->domid, &dinfo->p2m_size) < 0 ) + { + ERROR("Could not get maximum GPFN!"); + goto out; + } + + if ( dinfo->p2m_size < info->nr_pages ) + { + ERROR("p2m_size < nr_pages -1 (%lx < %lx", dinfo->p2m_size, info->nr_pages - 1); + goto out; + } + + p2m_cr3 = GET_FIELD(live_shinfo, arch.p2m_cr3, dinfo->guest_width); + + p2m_frame_list = p2m_cr3 ? xc_core_arch_map_p2m_list_rw(xch, dinfo, dom, live_shinfo, p2m_cr3) + : xc_core_arch_map_p2m_tree_rw(xch, dinfo, dom, live_shinfo); + + if ( !p2m_frame_list ) + goto out; + *live_p2m = xc_map_foreign_pages(xch, dom, rw ? (PROT_READ | PROT_WRITE) : PROT_READ, p2m_frame_list, - P2M_FL_ENTRIES); + dinfo->p2m_frames); if ( !*live_p2m ) { @@ -162,21 +348,11 @@ xc_core_arch_map_p2m_rw(xc_interface *xch, struct domain_info_context *dinfo, xc goto out; } - *pfnp = dinfo->p2m_size; - ret = 0; out: err = errno; - if ( live_p2m_frame_list_list ) - munmap(live_p2m_frame_list_list, PAGE_SIZE); - - if ( live_p2m_frame_list ) - munmap(live_p2m_frame_list, P2M_FLL_ENTRIES * PAGE_SIZE); - - free(p2m_frame_list_list); - free(p2m_frame_list); errno = err; @@ -184,25 +360,17 @@ out: } int -xc_core_arch_map_p2m(xc_interface *xch, unsigned int guest_width, xc_dominfo_t *info, - shared_info_any_t *live_shinfo, xen_pfn_t **live_p2m, - unsigned long *pfnp) +xc_core_arch_map_p2m(xc_interface *xch, struct domain_info_context *dinfo, xc_dominfo_t *info, + shared_info_any_t *live_shinfo, xen_pfn_t **live_p2m) { - struct domain_info_context _dinfo = { .guest_width = guest_width }; - struct domain_info_context *dinfo = &_dinfo; - return xc_core_arch_map_p2m_rw(xch, dinfo, info, - live_shinfo, live_p2m, pfnp, 0); + return xc_core_arch_map_p2m_rw(xch, dinfo, info, live_shinfo, live_p2m, 0); } int -xc_core_arch_map_p2m_writable(xc_interface *xch, unsigned int guest_width, xc_dominfo_t *info, - shared_info_any_t *live_shinfo, xen_pfn_t **live_p2m, - unsigned long *pfnp) +xc_core_arch_map_p2m_writable(xc_interface *xch, struct domain_info_context *dinfo, xc_dominfo_t *info, + shared_info_any_t *live_shinfo, xen_pfn_t **live_p2m) { - struct domain_info_context _dinfo = { .guest_width = guest_width }; - struct domain_info_context *dinfo = &_dinfo; - return xc_core_arch_map_p2m_rw(xch, dinfo, info, - live_shinfo, live_p2m, pfnp, 1); + return xc_core_arch_map_p2m_rw(xch, dinfo, info, live_shinfo, live_p2m, 1); } int diff --git a/tools/libs/ctrl/xc_private.h b/tools/libs/ctrl/xc_private.h index f0b5f83ac8..8ebc0b59da 100644 --- a/tools/libs/ctrl/xc_private.h +++ b/tools/libs/ctrl/xc_private.h @@ -79,6 +79,7 @@ struct iovec { struct domain_info_context { unsigned int guest_width; + unsigned int p2m_frames; unsigned long p2m_size; }; diff --git a/tools/libs/guest/xg_domain.c b/tools/libs/guest/xg_domain.c index 5019c84e0e..dd7db2cbd8 100644 --- a/tools/libs/guest/xg_domain.c +++ b/tools/libs/guest/xg_domain.c @@ -24,13 +24,9 @@ int xc_unmap_domain_meminfo(xc_interface *xch, struct xc_domain_meminfo *minfo) { - struct domain_info_context _di = { .guest_width = minfo->guest_width, - .p2m_size = minfo->p2m_size}; - struct domain_info_context *dinfo = &_di; - free(minfo->pfn_type); if ( minfo->p2m_table ) - munmap(minfo->p2m_table, P2M_FL_ENTRIES * PAGE_SIZE); + munmap(minfo->p2m_table, minfo->p2m_frames * PAGE_SIZE); minfo->p2m_table = NULL; return 0; @@ -40,7 +36,6 @@ int xc_map_domain_meminfo(xc_interface *xch, uint32_t domid, struct xc_domain_meminfo *minfo) { struct domain_info_context _di; - struct domain_info_context *dinfo = &_di; xc_dominfo_t info; shared_info_any_t *live_shinfo; @@ -96,16 +91,16 @@ int xc_map_domain_meminfo(xc_interface *xch, uint32_t domid, return -1; } - if ( xc_core_arch_map_p2m_writable(xch, minfo->guest_width, &info, - live_shinfo, &minfo->p2m_table, - &minfo->p2m_size) ) + if ( xc_core_arch_map_p2m_writable(xch, &_di, &info, + live_shinfo, &minfo->p2m_table) ) { PERROR("Could not map the P2M table"); munmap(live_shinfo, PAGE_SIZE); return -1; } munmap(live_shinfo, PAGE_SIZE); - _di.p2m_size = minfo->p2m_size; + minfo->p2m_size = _di.p2m_size; + minfo->p2m_frames = _di.p2m_frames; /* Make space and prepare for getting the PFN types */ minfo->pfn_type = calloc(sizeof(*minfo->pfn_type), minfo->p2m_size); @@ -141,7 +136,7 @@ failed: } if ( minfo->p2m_table ) { - munmap(minfo->p2m_table, P2M_FL_ENTRIES * PAGE_SIZE); + munmap(minfo->p2m_table, minfo->p2m_frames * PAGE_SIZE); minfo->p2m_table = NULL; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Aug 19 16:55:17 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 19 Aug 2021 16:55:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.168970.308589 (Exim 4.92) (envelope-from ) id 1mGlK1-0003XX-Eo; Thu, 19 Aug 2021 16:55:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 168970.308589; Thu, 19 Aug 2021 16:55:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlK1-0003XO-Bn; Thu, 19 Aug 2021 16:55:17 +0000 Received: by outflank-mailman (input) for mailman id 168970; Thu, 19 Aug 2021 16:55:16 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlJz-0003TT-V1 for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:55:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlJz-0004gl-U3 for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:55:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mGlJz-0002KX-T4 for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:55:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=tm4HO49nvN1hvFySXQNEIyL/mOWGYXHEOP8Er3nCXyg=; b=5aU6qI/0nNS76WQ5+sqo9c24Sa 3S/EbJ+Cx6Bimq+55N8DtaipUw3mZPvMDyFdI2UtUshM8yivMnM0uvm4a5ByBe/rcl9XOouM4hYM3 B2w1lvouRshqZAYjWKktpx6z2FNT7eKuA7U+5GjVlHvnqeH0cMId0frMOhj8l71goy9s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] libxl: Replace deprecated QMP command by "query-cpus-fast" Message-Id: Date: Thu, 19 Aug 2021 16:55:15 +0000 commit 99633c514ddc3a719d3af5ef9e8184ed6d2f44ab Author: Anthony PERARD AuthorDate: Tue May 11 10:28:03 2021 +0100 Commit: Ian Jackson CommitDate: Thu Aug 19 17:16:41 2021 +0100 libxl: Replace deprecated QMP command by "query-cpus-fast" We use the deprecated QMP command "query-cpus" which is removed in the QEMU 6.0 release. There's a replacement which is "query-cpus-fast", and have been available since QEMU 2.12 (April 2018). This patch try the new command first and when the command isn't available, it fall back to the deprecated one so libxl still works with older QEMU versions. Signed-off-by: Anthony PERARD Reviewed-by: Jason Andryuk Backport-requested-by: Anthony PERARD Acked-by: Ian Jackson --- tools/libs/light/libxl_domain.c | 103 ++++++++++++++++++++++++++++++++++++++-- 1 file changed, 98 insertions(+), 5 deletions(-) diff --git a/tools/libs/light/libxl_domain.c b/tools/libs/light/libxl_domain.c index 5d4ec90711..8c003aa7cb 100644 --- a/tools/libs/light/libxl_domain.c +++ b/tools/libs/light/libxl_domain.c @@ -1740,6 +1740,35 @@ out: return rc; } +static int qmp_parse_query_cpus_fast(libxl__gc *gc, + libxl_domid domid, + const libxl__json_object *response, + libxl_bitmap *const map) +{ + int i; + const libxl__json_object *cpu; + + libxl_bitmap_set_none(map); + /* Parse response to QMP command "query-cpus-fast": + * [ { 'cpu-index': 'int',...} ] + */ + for (i = 0; (cpu = libxl__json_array_get(response, i)); i++) { + unsigned int cpu_index; + const libxl__json_object *o; + + o = libxl__json_map_get("cpu-index", cpu, JSON_INTEGER); + if (!o) { + LOGD(ERROR, domid, "Failed to retrieve CPU index."); + return ERROR_QEMU_API; + } + + cpu_index = libxl__json_object_get_integer(o); + libxl_bitmap_set(map, cpu_index); + } + + return 0; +} + static int qmp_parse_query_cpus(libxl__gc *gc, libxl_domid domid, const libxl__json_object *response, @@ -1778,8 +1807,13 @@ typedef struct set_vcpuonline_state { int index; /* for loop on final_map */ } set_vcpuonline_state; +static void set_vcpuonline_qmp_cpus_fast_queried(libxl__egc *, + libxl__ev_qmp *, const libxl__json_object *, int rc); static void set_vcpuonline_qmp_cpus_queried(libxl__egc *, libxl__ev_qmp *, const libxl__json_object *, int rc); +static void set_vcpuonline_qmp_query_cpus_parse(libxl__egc *, + libxl__ev_qmp *qmp, const libxl__json_object *, + bool query_cpus_fast, int rc); static void set_vcpuonline_qmp_add_cpu(libxl__egc *, libxl__ev_qmp *, const libxl__json_object *response, int rc); static void set_vcpuonline_timeout(libxl__egc *egc, @@ -1840,8 +1874,8 @@ int libxl_set_vcpuonline(libxl_ctx *ctx, uint32_t domid, set_vcpuonline_timeout, LIBXL_QMP_CMD_TIMEOUT * 1000); if (rc) goto out; - qmp->callback = set_vcpuonline_qmp_cpus_queried; - rc = libxl__ev_qmp_send(egc, qmp, "query-cpus", NULL); + qmp->callback = set_vcpuonline_qmp_cpus_fast_queried; + rc = libxl__ev_qmp_send(egc, qmp, "query-cpus-fast", NULL); if (rc) goto out; return AO_INPROGRESS; default: @@ -1860,11 +1894,39 @@ out: return AO_INPROGRESS; } +static void set_vcpuonline_qmp_cpus_fast_queried(libxl__egc *egc, + libxl__ev_qmp *qmp, const libxl__json_object *response, int rc) +{ + EGC_GC; + set_vcpuonline_state *svos = CONTAINER_OF(qmp, *svos, qmp); + + if (rc == ERROR_QMP_COMMAND_NOT_FOUND) { + /* Try again, we probably talking to a QEMU older than 2.12 */ + qmp->callback = set_vcpuonline_qmp_cpus_queried; + rc = libxl__ev_qmp_send(egc, qmp, "query-cpus", NULL); + if (rc) goto out; + return; + } + +out: + set_vcpuonline_qmp_query_cpus_parse(egc, qmp, response, true, rc); +} + static void set_vcpuonline_qmp_cpus_queried(libxl__egc *egc, libxl__ev_qmp *qmp, const libxl__json_object *response, int rc) { EGC_GC; set_vcpuonline_state *svos = CONTAINER_OF(qmp, *svos, qmp); + + set_vcpuonline_qmp_query_cpus_parse(egc, qmp, response, false, rc); +} + +static void set_vcpuonline_qmp_query_cpus_parse(libxl__egc *egc, + libxl__ev_qmp *qmp, const libxl__json_object *response, + bool query_cpus_fast, int rc) +{ + EGC_GC; + set_vcpuonline_state *svos = CONTAINER_OF(qmp, *svos, qmp); int i; libxl_bitmap current_map; @@ -1876,7 +1938,11 @@ static void set_vcpuonline_qmp_cpus_queried(libxl__egc *egc, if (rc) goto out; libxl_bitmap_alloc(CTX, ¤t_map, svos->info.vcpu_max_id + 1); - rc = qmp_parse_query_cpus(gc, qmp->domid, response, ¤t_map); + if (query_cpus_fast) { + rc = qmp_parse_query_cpus_fast(gc, qmp->domid, response, ¤t_map); + } else { + rc = qmp_parse_query_cpus(gc, qmp->domid, response, ¤t_map); + } if (rc) goto out; libxl_bitmap_copy_alloc(CTX, final_map, svos->cpumap); @@ -2121,6 +2187,9 @@ typedef struct { static void retrieve_domain_configuration_lock_acquired( libxl__egc *egc, libxl__ev_slowlock *, int rc); +static void retrieve_domain_configuration_cpu_fast_queried( + libxl__egc *egc, libxl__ev_qmp *qmp, + const libxl__json_object *response, int rc); static void retrieve_domain_configuration_cpu_queried( libxl__egc *egc, libxl__ev_qmp *qmp, const libxl__json_object *response, int rc); @@ -2198,8 +2267,8 @@ static void retrieve_domain_configuration_lock_acquired( if (rc) goto out; libxl_bitmap_alloc(CTX, &rdcs->qemuu_cpus, d_config->b_info.max_vcpus); - rdcs->qmp.callback = retrieve_domain_configuration_cpu_queried; - rc = libxl__ev_qmp_send(egc, &rdcs->qmp, "query-cpus", NULL); + rdcs->qmp.callback = retrieve_domain_configuration_cpu_fast_queried; + rc = libxl__ev_qmp_send(egc, &rdcs->qmp, "query-cpus-fast", NULL); if (rc) goto out; has_callback = true; } @@ -2210,6 +2279,30 @@ out: retrieve_domain_configuration_end(egc, rdcs, rc); } +static void retrieve_domain_configuration_cpu_fast_queried( + libxl__egc *egc, libxl__ev_qmp *qmp, + const libxl__json_object *response, int rc) +{ + EGC_GC; + retrieve_domain_configuration_state *rdcs = + CONTAINER_OF(qmp, *rdcs, qmp); + + if (rc == ERROR_QMP_COMMAND_NOT_FOUND) { + /* Try again, we probably talking to a QEMU older than 2.12 */ + rdcs->qmp.callback = retrieve_domain_configuration_cpu_queried; + rc = libxl__ev_qmp_send(egc, &rdcs->qmp, "query-cpus", NULL); + if (rc) goto out; + return; + } + + if (rc) goto out; + + rc = qmp_parse_query_cpus_fast(gc, qmp->domid, response, &rdcs->qemuu_cpus); + +out: + retrieve_domain_configuration_end(egc, rdcs, rc); +} + static void retrieve_domain_configuration_cpu_queried( libxl__egc *egc, libxl__ev_qmp *qmp, const libxl__json_object *response, int rc) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Aug 19 16:55:27 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 19 Aug 2021 16:55:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.168971.308593 (Exim 4.92) (envelope-from ) id 1mGlKB-0003fh-Go; Thu, 19 Aug 2021 16:55:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 168971.308593; Thu, 19 Aug 2021 16:55:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlKB-0003fX-Dn; Thu, 19 Aug 2021 16:55:27 +0000 Received: by outflank-mailman (input) for mailman id 168971; Thu, 19 Aug 2021 16:55:26 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlKA-0003el-2i for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:55:26 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlKA-0004hJ-1k for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:55:26 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mGlKA-0002Yb-0q for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:55:26 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=y/GZvgJ7X+KGJmI+zXenrNDGhWICFsaEmyyUk/u3MZI=; b=PCxrPUckPQq0HlxU3SkjvUzsQ+ /D3gD+XuXKQpOZTeqTI/AKhzFYwCPqR9NkUsUiGEaEpBS41j80Bull6+2O13deOat3/70/VbAQmw8 Rz60OO+j5YRWCXOijoay2vy5tdpNO+bJLC60W0i6degm77WDlrd3BkY/ZnHz/SPXsbwc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] libxl: Replace QEMU's command line short-form boolean option Message-Id: Date: Thu, 19 Aug 2021 16:55:26 +0000 commit 17dca162e08ad5bdbd96f7e4e2ff274fc2b83104 Author: Anthony PERARD AuthorDate: Tue May 11 10:28:04 2021 +0100 Commit: Ian Jackson CommitDate: Thu Aug 19 17:17:43 2021 +0100 libxl: Replace QEMU's command line short-form boolean option Short-form boolean options are deprecated in QEMU 6.0. Upstream commit that deprecate those: ccd3b3b8112b ("qemu-option: warn for short-form boolean options"). Signed-off-by: Anthony PERARD Reviewed-by: Jason Andryuk --- tools/libs/light/libxl_dm.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tools/libs/light/libxl_dm.c b/tools/libs/light/libxl_dm.c index 5309496c58..21fe33d3e2 100644 --- a/tools/libs/light/libxl_dm.c +++ b/tools/libs/light/libxl_dm.c @@ -977,14 +977,14 @@ static char *dm_spice_options(libxl__gc *gc, if (spice->host) opt = GCSPRINTF("%s,addr=%s", opt, spice->host); if (libxl_defbool_val(spice->disable_ticketing)) - opt = GCSPRINTF("%s,disable-ticketing", opt); + opt = GCSPRINTF("%s,disable-ticketing=on", opt); else opt = GCSPRINTF("%s,password=%s", opt, spice->passwd); opt = GCSPRINTF("%s,agent-mouse=%s", opt, libxl_defbool_val(spice->agent_mouse) ? "on" : "off"); if (!libxl_defbool_val(spice->clipboard_sharing)) - opt = GCSPRINTF("%s,disable-copy-paste", opt); + opt = GCSPRINTF("%s,disable-copy-paste=on", opt); if (spice->image_compression) opt = GCSPRINTF("%s,image-compression=%s", opt, @@ -1224,7 +1224,7 @@ static int libxl__build_device_model_args_new(libxl__gc *gc, flexarray_append(dm_args, "-chardev"); if (state->dm_monitor_fd >= 0) { flexarray_append(dm_args, - GCSPRINTF("socket,id=libxl-cmd,fd=%d,server,nowait", + GCSPRINTF("socket,id=libxl-cmd,fd=%d,server=on,wait=off", state->dm_monitor_fd)); /* @@ -1237,7 +1237,7 @@ static int libxl__build_device_model_args_new(libxl__gc *gc, } else { flexarray_append(dm_args, GCSPRINTF("socket,id=libxl-cmd," - "path=%s,server,nowait", + "path=%s,server=on,wait=off", libxl__qemu_qmp_path(gc, guest_domid))); } @@ -1247,7 +1247,7 @@ static int libxl__build_device_model_args_new(libxl__gc *gc, flexarray_append(dm_args, "-chardev"); flexarray_append(dm_args, GCSPRINTF("socket,id=libxenstat-cmd," - "path=%s/qmp-libxenstat-%d,server,nowait", + "path=%s/qmp-libxenstat-%d,server=on,wait=off", libxl__run_dir_path(), guest_domid)); flexarray_append(dm_args, "-mon"); @@ -1264,7 +1264,7 @@ static int libxl__build_device_model_args_new(libxl__gc *gc, case LIBXL_CHANNEL_CONNECTION_SOCKET: path = guest_config->channels[i].u.socket.path; chardev = GCSPRINTF("socket,id=libxl-channel%d,path=%s," - "server,nowait", devid, path); + "server=on,wait=off", devid, path); break; default: /* We've forgotten to add the clause */ @@ -1577,7 +1577,7 @@ static int libxl__build_device_model_args_new(libxl__gc *gc, nics[i].colo_##sock_port) { \ flexarray_append(dm_args, "-chardev"); \ flexarray_append(dm_args, \ - GCSPRINTF("socket,id=%s,host=%s,port=%s,server,nowait", \ + GCSPRINTF("socket,id=%s,host=%s,port=%s,server=on,wait=off", \ nics[i].colo_##sock_id, \ nics[i].colo_##sock_ip, \ nics[i].colo_##sock_port)); \ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Aug 19 16:55:37 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 19 Aug 2021 16:55:37 +0000 Received: from list by lists.xenproject.org with outflank-mailman.168972.308597 (Exim 4.92) (envelope-from ) id 1mGlKL-0003qf-IV; Thu, 19 Aug 2021 16:55:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 168972.308597; Thu, 19 Aug 2021 16:55:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlKL-0003qV-FQ; Thu, 19 Aug 2021 16:55:37 +0000 Received: by outflank-mailman (input) for mailman id 168972; Thu, 19 Aug 2021 16:55:36 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlKK-0003pz-7F for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:55:36 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlKK-0004hc-6O for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:55:36 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mGlKK-0002jt-55 for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:55:36 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=sj+LjmS/Don1DqukRUtkiL7sIL6nnIhLyrNjp5FCpG4=; b=P1qlPAPo3vZ8SxfxP916Vy0AAA ojwN6HlAi+cTuUIsDKPiNPt3zoGeDY3nDwPrjAgYIMtXTeqriE3fVtXA3dQ1G1uASLHqYOFeV/Z2j X4QlEw9dfm4t+Oh01M9eS5gdNVzUvIqaCZbfT7rtSMOt+yOL/sKh+hnuLGWtIQDsvCss=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] libxl: Replace deprecated "cpu-add" QMP command by "device_add" Message-Id: Date: Thu, 19 Aug 2021 16:55:36 +0000 commit da659f61c79f3adb7a4ab23e64fd21d2d9f801c1 Author: Anthony PERARD AuthorDate: Tue May 11 10:28:05 2021 +0100 Commit: Ian Jackson CommitDate: Thu Aug 19 17:18:04 2021 +0100 libxl: Replace deprecated "cpu-add" QMP command by "device_add" The command "cpu-add" for CPU hotplug is deprecated and has been removed from QEMU 6.0 (April 2021). We need to add cpus with the command "device_add" now. In order to find out which parameters to pass to "device_add" we first make a call to "query-hotpluggable-cpus" which list the cpus drivers and properties. The algorithm to figure out which CPU to add, and by extension if any CPU needs to be hotplugged, is in the function that adds the cpus. Because of that, the command "query-hotpluggable-cpus" is always called, even when not needed. In case we are using a version of QEMU older than 2.7 (Sept 2016) which don't have "query-hotpluggable-cpus", we fallback to using "cpu-add". Signed-off-by: Anthony PERARD Reviewed-by: Jason Andryuk Backport-requested-by: Anthony PERARD Acked-by: Ian Jackson --- tools/libs/light/libxl_domain.c | 89 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 87 insertions(+), 2 deletions(-) diff --git a/tools/libs/light/libxl_domain.c b/tools/libs/light/libxl_domain.c index 8c003aa7cb..c00c36c928 100644 --- a/tools/libs/light/libxl_domain.c +++ b/tools/libs/light/libxl_domain.c @@ -1805,6 +1805,7 @@ typedef struct set_vcpuonline_state { libxl_dominfo info; libxl_bitmap final_map; int index; /* for loop on final_map */ + const char *cpu_driver; } set_vcpuonline_state; static void set_vcpuonline_qmp_cpus_fast_queried(libxl__egc *, @@ -1814,6 +1815,10 @@ static void set_vcpuonline_qmp_cpus_queried(libxl__egc *, static void set_vcpuonline_qmp_query_cpus_parse(libxl__egc *, libxl__ev_qmp *qmp, const libxl__json_object *, bool query_cpus_fast, int rc); +static void set_vcpuonline_qmp_query_hotpluggable_cpus(libxl__egc *egc, + libxl__ev_qmp *qmp, const libxl__json_object *response, int rc); +static void set_vcpuonline_qmp_device_add_cpu(libxl__egc *, + libxl__ev_qmp *, const libxl__json_object *response, int rc); static void set_vcpuonline_qmp_add_cpu(libxl__egc *, libxl__ev_qmp *, const libxl__json_object *response, int rc); static void set_vcpuonline_timeout(libxl__egc *egc, @@ -1951,13 +1956,54 @@ static void set_vcpuonline_qmp_query_cpus_parse(libxl__egc *egc, libxl_bitmap_reset(final_map, i); } + qmp->callback = set_vcpuonline_qmp_query_hotpluggable_cpus; + rc = libxl__ev_qmp_send(egc, qmp, "query-hotpluggable-cpus", NULL); + out: libxl_bitmap_dispose(¤t_map); + if (rc) + set_vcpuonline_done(egc, svos, rc); /* must be last */ +} + +static void set_vcpuonline_qmp_query_hotpluggable_cpus(libxl__egc *egc, + libxl__ev_qmp *qmp, const libxl__json_object *response, int rc) +{ + set_vcpuonline_state *svos = CONTAINER_OF(qmp, *svos, qmp); + const libxl__json_object *cpu; + const libxl__json_object *cpu_driver; + + if (rc == ERROR_QMP_COMMAND_NOT_FOUND) { + /* We are probably connected to a version of QEMU older than 2.7, + * let's fallback to using "cpu-add" command. */ + svos->index = -1; + set_vcpuonline_qmp_add_cpu(egc, qmp, NULL, 0); /* must be last */ + return; + } + + if (rc) goto out; + + /* Parse response to QMP command "query-hotpluggable-cpus" + * [ { 'type': 'str', ... ] + * + * We are looking for the driver name for CPU to be hotplug. We'll + * assume that cpus property are core-id=0, thread-id=0 and + * socket-id=$cpu_index, as we start qemu with "-smp %d,maxcpus=%d", so + * we don't parse the properties listed for each hotpluggable cpus. + */ + + cpu = libxl__json_array_get(response, 0); + cpu_driver = libxl__json_map_get("type", cpu, JSON_STRING); + svos->cpu_driver = libxl__json_object_get_string(cpu_driver); + + if (!svos->cpu_driver) + rc = ERROR_QEMU_API; + +out: svos->index = -1; - set_vcpuonline_qmp_add_cpu(egc, qmp, NULL, rc); /* must be last */ + set_vcpuonline_qmp_device_add_cpu(egc, qmp, NULL, rc); /* must be last */ } -static void set_vcpuonline_qmp_add_cpu(libxl__egc *egc, +static void set_vcpuonline_qmp_device_add_cpu(libxl__egc *egc, libxl__ev_qmp *qmp, const libxl__json_object *response, int rc) { STATE_AO_GC(qmp->ao); @@ -1969,6 +2015,45 @@ static void set_vcpuonline_qmp_add_cpu(libxl__egc *egc, if (rc) goto out; + while (libxl_bitmap_cpu_valid(map, ++svos->index)) { + if (libxl_bitmap_test(map, svos->index)) { + qmp->callback = set_vcpuonline_qmp_device_add_cpu; + libxl__qmp_param_add_string(gc, &args, "id", GCSPRINTF("cpu-%d", svos->index)); + libxl__qmp_param_add_string(gc, &args, "driver", svos->cpu_driver); + /* We'll assume that we start QEMU with -smp %d,maxcpus=%d, so + * that "core-id" and "thread-id" are always 0 so that + * "socket-id" correspond the cpu index. + * Those properties are otherwise listed by + * "query-hotpluggable-cpus". */ + libxl__qmp_param_add_integer(gc, &args, "socket-id", svos->index); + libxl__qmp_param_add_integer(gc, &args, "core-id", 0); + libxl__qmp_param_add_integer(gc, &args, "thread-id", 0); + rc = libxl__ev_qmp_send(egc, qmp, "device_add", args); + if (rc) goto out; + return; + } + } + +out: + set_vcpuonline_done(egc, svos, rc); +} + +/* Fallback function for QEMU older than 2.7, when + * 'query-hotpluggable-cpus' wasn't available and vcpu object couldn't be + * added with 'device_add'. */ +static void set_vcpuonline_qmp_add_cpu(libxl__egc *egc, libxl__ev_qmp *qmp, + const libxl__json_object *response, + int rc) +{ + STATE_AO_GC(qmp->ao); + set_vcpuonline_state *svos = CONTAINER_OF(qmp, *svos, qmp); + libxl__json_object *args = NULL; + + /* Convenience aliases */ + libxl_bitmap *map = &svos->final_map; + + if (rc) goto out; + while (libxl_bitmap_cpu_valid(map, ++svos->index)) { if (libxl_bitmap_test(map, svos->index)) { qmp->callback = set_vcpuonline_qmp_add_cpu; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Aug 19 16:55:47 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 19 Aug 2021 16:55:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.168976.308601 (Exim 4.92) (envelope-from ) id 1mGlKV-0003yx-Js; Thu, 19 Aug 2021 16:55:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 168976.308601; Thu, 19 Aug 2021 16:55:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlKV-0003yp-Gx; Thu, 19 Aug 2021 16:55:47 +0000 Received: by outflank-mailman (input) for mailman id 168976; Thu, 19 Aug 2021 16:55:46 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlKU-0003yJ-Ay for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:55:46 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlKU-0004iB-AD for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:55:46 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mGlKU-0002ml-9V for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:55:46 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=KF7nw5pLCHFxoT3GxV269CsmcTntzLfhJJknhrtBVSM=; b=q8DCU1TSdpyAC9cOkyv2IpPUjB AQo2vC5Uv7nVhYrR/XzSjHjRWJjnOy7wEfsAC5hL2GWrK57IU2Sa7QHNFjGCTBAlI1lVMjxVJAzCe VUG4UYDnYd3wn0Q7KcB8a3YJ12g8aYVquTcpEdueUEkg1b7wJevSTiJyb/MSlGbBdCbo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] libxl: Use -device for cd-rom drives Message-Id: Date: Thu, 19 Aug 2021 16:55:46 +0000 commit 6165dcfe7e5283c7776f3f40cc905f29ed39486c Author: Anthony PERARD AuthorDate: Tue May 11 10:28:06 2021 +0100 Commit: Ian Jackson CommitDate: Thu Aug 19 17:18:07 2021 +0100 libxl: Use -device for cd-rom drives This allows to set an `id` on the device instead of only the drive. We are going to need the `id` with the "eject" and "blockdev-change-media" QMP command as using `device` parameter on those is deprecated. (`device` is the `id` of the `-drive` on the command line). We set the same `id` on both -device and -drive as QEMU doesn't complain and we can then either do "eject id=$id" or "eject device=$id". Using "-drive + -device" instead of only "-drive" has been available since at least QEMU 0.15, and seems to be the preferred way as it separates the host part (-drive which describe the disk image location and format) from the guest part (-device which describe the emulated device). More information in qemu.git/docs/qdev-device-use.txt . Changing the command line during migration for the cdrom seems fine. Also the documentation about migration in QEMU explains that the device state ID is "been formed from a bus name and device address", so second IDE bus and first device address on bus is still thus and doesn't matter if written "-drive if=ide,index=2" or "-drive ide-cd,bus=ide.1,unit=0". See qemu.git/docs/devel/migration.rst . Signed-off-by: Anthony PERARD Reviewed-by: Jason Andryuk Backport-requested-by: Anthony PERARD Acked-by: Ian Jackson --- tools/libs/light/libxl_dm.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/tools/libs/light/libxl_dm.c b/tools/libs/light/libxl_dm.c index 21fe33d3e2..1e16f9e5b6 100644 --- a/tools/libs/light/libxl_dm.c +++ b/tools/libs/light/libxl_dm.c @@ -1913,6 +1913,7 @@ static int libxl__build_device_model_args_new(libxl__gc *gc, } if (disks[i].is_cdrom) { + const char *drive_id; if (disk > 4) { LOGD(WARN, guest_domid, "Emulated CDROM can be only one of the first 4 disks.\n" "Disk %s will be available via PV drivers but not as an " @@ -1920,13 +1921,22 @@ static int libxl__build_device_model_args_new(libxl__gc *gc, disks[i].vdev); continue; } - drive = libxl__sprintf(gc, - "if=ide,index=%d,readonly=on,media=cdrom,id=ide-%i", - disk, dev_number); + + drive_id = GCSPRINTF("ide-%i", dev_number); + drive = GCSPRINTF("if=none,readonly=on,id=%s", drive_id); if (target_path) drive = libxl__sprintf(gc, "%s,file=%s,format=%s", drive, target_path, format); + + flexarray_vappend(dm_args, + "-drive", drive, + "-device", + GCSPRINTF("ide-cd,id=%s,drive=%s,bus=ide.%u,unit=%u", + drive_id, drive_id, + disk / 2, disk % 2), + NULL); + continue; } else { /* * Explicit sd disks are passed through as is. -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Aug 19 16:55:57 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 19 Aug 2021 16:55:57 +0000 Received: from list by lists.xenproject.org with outflank-mailman.168977.308605 (Exim 4.92) (envelope-from ) id 1mGlKf-00042E-LL; Thu, 19 Aug 2021 16:55:57 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 168977.308605; Thu, 19 Aug 2021 16:55:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlKf-000426-IM; Thu, 19 Aug 2021 16:55:57 +0000 Received: by outflank-mailman (input) for mailman id 168977; Thu, 19 Aug 2021 16:55:56 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlKe-00041m-Jn for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:55:56 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlKe-0004iM-Iz for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:55:56 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mGlKe-0003GS-Gw for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:55:56 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=anQuG3/giFeRgF1ih5SOlReLk9YSBWmrXkCwJOd2GQg=; b=a9C0KNysDhV+a6RxY54nxnHZlY /0ltYU4Lp6ct1KUIr1+9Zum91c+3rlDDr+i4OKM+3bQlSsY+F8YHV5/xtmVwuBHMyB7juA3xEbyt/ z/Z79Yfndf+iVz8/lkBaJYrifHX+N6B4U8uoiWkw4yfLGgKnJy0o44SHsaLatn70EUDE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] libxl: Assert qmp_ev's state in qmp_ev_qemu_compare_version Message-Id: Date: Thu, 19 Aug 2021 16:55:56 +0000 commit 9cb597a5456fb88f1a3b48090e914bd05a60e740 Author: Anthony PERARD AuthorDate: Tue May 11 10:28:07 2021 +0100 Commit: Ian Jackson CommitDate: Thu Aug 19 17:18:09 2021 +0100 libxl: Assert qmp_ev's state in qmp_ev_qemu_compare_version We are supposed to read the version information only when qmp_ev is in state "Connected" (that correspond to state==qmp_state_connected), assert it so that the function isn't used too early. Signed-off-by: Anthony PERARD Reviewed-by: Jason Andryuk Backport-requested-by: Anthony PERARD Acked-by: Ian Jackson --- tools/libs/light/libxl_qmp.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/libs/light/libxl_qmp.c b/tools/libs/light/libxl_qmp.c index 9b638e6f54..d0967c9f02 100644 --- a/tools/libs/light/libxl_qmp.c +++ b/tools/libs/light/libxl_qmp.c @@ -292,6 +292,8 @@ static int qmp_handle_response(libxl__gc *gc, libxl__qmp_handler *qmp, static int qmp_ev_qemu_compare_version(libxl__ev_qmp *ev, int major, int minor, int micro) { + assert(ev->state == qmp_state_connected); + #define CHECK_VERSION(level) do { \ if (ev->qemu_version.level > (level)) return +1; \ if (ev->qemu_version.level < (level)) return -1; \ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Aug 19 16:56:08 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 19 Aug 2021 16:56:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.168978.308610 (Exim 4.92) (envelope-from ) id 1mGlKq-00046p-OQ; Thu, 19 Aug 2021 16:56:08 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 168978.308610; Thu, 19 Aug 2021 16:56:08 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlKq-00046e-LE; Thu, 19 Aug 2021 16:56:08 +0000 Received: by outflank-mailman (input) for mailman id 168978; Thu, 19 Aug 2021 16:56:06 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlKo-00046D-QH for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:56:06 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlKo-0004ik-PQ for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:56:06 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mGlKo-0003Oy-OY for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:56:06 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=C8o8CeRTbWe0SSoFSyqUcdNgjM/4MXqakU220fW1WBU=; b=Bre/9vNzQTn1S0gtZkCq+d4lpT CDy5g0OTxhMIwbeIqNRp3D6EucfC4nu3XMG3VCQNnSM7Wiwkp+2Vmk6TjLoJlHTxhBmoRXWrpMgU9 RhIo6IFCLPxcEQA6X8rXwfYIlGDmqoHhZClPlxgb9jXuDj81+EKwauEQChRHjVMM6aGs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] libxl: Export libxl__qmp_ev_qemu_compare_version Message-Id: Date: Thu, 19 Aug 2021 16:56:06 +0000 commit e949445ce9d8075ff6c784c31f59bac224c1d8e7 Author: Anthony PERARD AuthorDate: Tue May 11 10:28:08 2021 +0100 Commit: Ian Jackson CommitDate: Thu Aug 19 17:18:12 2021 +0100 libxl: Export libxl__qmp_ev_qemu_compare_version We are going to want to check QEMU's version in other places where we can use libxl__ev_qmp_send. Signed-off-by: Anthony PERARD Reviewed-by: Jason Andryuk Backport-requested-by: Anthony PERARD Acked-by: Ian Jackson --- tools/libs/light/libxl_internal.h | 8 ++++++++ tools/libs/light/libxl_qmp.c | 4 ++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/tools/libs/light/libxl_internal.h b/tools/libs/light/libxl_internal.h index c6a4a187f5..c114f6d399 100644 --- a/tools/libs/light/libxl_internal.h +++ b/tools/libs/light/libxl_internal.h @@ -492,6 +492,14 @@ _hidden int libxl__ev_qmp_send(libxl__egc *egc, libxl__ev_qmp *ev, const char *cmd, libxl__json_object *args); _hidden void libxl__ev_qmp_dispose(libxl__gc *gc, libxl__ev_qmp *ev); +/* return values: + * < 0 if qemu's version < asked version + * = 0 if qemu's version == asked version + * > 0 if qemu's version > asked version + */ +_hidden int libxl__qmp_ev_qemu_compare_version(libxl__ev_qmp *ev, int major, + int minor, int micro); + typedef enum { /* initial state */ qmp_state_disconnected = 1, diff --git a/tools/libs/light/libxl_qmp.c b/tools/libs/light/libxl_qmp.c index d0967c9f02..fb146a54cb 100644 --- a/tools/libs/light/libxl_qmp.c +++ b/tools/libs/light/libxl_qmp.c @@ -289,7 +289,7 @@ static int qmp_handle_response(libxl__gc *gc, libxl__qmp_handler *qmp, * = 0 if qemu's version == asked version * > 0 if qemu's version > asked version */ -static int qmp_ev_qemu_compare_version(libxl__ev_qmp *ev, int major, +int libxl__qmp_ev_qemu_compare_version(libxl__ev_qmp *ev, int major, int minor, int micro) { assert(ev->state == qmp_state_connected); @@ -1073,7 +1073,7 @@ static void dm_state_save_to_fdset(libxl__egc *egc, libxl__ev_qmp *ev, int fdset /* The `live` parameter was added to QEMU 2.11. It signals QEMU that * the save operation is for a live migration rather than for taking a * snapshot. */ - if (qmp_ev_qemu_compare_version(ev, 2, 11, 0) >= 0) + if (libxl__qmp_ev_qemu_compare_version(ev, 2, 11, 0) >= 0) libxl__qmp_param_add_bool(gc, &args, "live", dsps->live); QMP_PARAMETERS_SPRINTF(&args, "filename", "/dev/fdset/%d", fdset); rc = libxl__ev_qmp_send(egc, ev, "xen-save-devices-state", args); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Aug 19 16:56:18 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 19 Aug 2021 16:56:18 +0000 Received: from list by lists.xenproject.org with outflank-mailman.168979.308613 (Exim 4.92) (envelope-from ) id 1mGlL0-0004AV-Pq; Thu, 19 Aug 2021 16:56:18 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 168979.308613; Thu, 19 Aug 2021 16:56:18 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlL0-0004AN-Me; Thu, 19 Aug 2021 16:56:18 +0000 Received: by outflank-mailman (input) for mailman id 168979; Thu, 19 Aug 2021 16:56:17 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlKz-00049x-0t for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:56:17 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlKy-0004iu-WF for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:56:17 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mGlKy-0003QQ-V9 for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:56:16 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xqFUPvEPXQy9py+G0jg30kCHTOFs1LU+ysSYF1mhIBQ=; b=mvJp2s6QiF8tpUqg1xQ8pVrqVL 6k1GBiT0zy9M/dDJ03dQzyKyvB0i7U5cUZegeaMU5IRuREBqUFecfX3yCbwF2ql6mTR6fC1ylowEG 8kdwCelAN8CBb7p1YJ2oCrnifBFz7lyxiMcyHUrHXHmvj8PtiyBO7x/vnyMkp6EbWIrg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] libxl: Use `id` with the "eject" QMP command Message-Id: Date: Thu, 19 Aug 2021 16:56:16 +0000 commit 4b60715241f2beec1d243ba41476d6e2b7d5c6e5 Author: Anthony PERARD AuthorDate: Tue May 11 10:28:09 2021 +0100 Commit: Ian Jackson CommitDate: Thu Aug 19 17:18:15 2021 +0100 libxl: Use `id` with the "eject" QMP command `device` parameter is deprecated since QEMU 2.8. This requires changes to the command line introduced by: "libxl: Use -device for cd-rom drives" Signed-off-by: Anthony PERARD Reviewed-by: Jason Andryuk Backport-requested-by: Anthony PERARD Acked-by: Ian Jackson --- tools/libs/light/libxl_disk.c | 43 ++++++++++++++++++++++++++++++++++++------- 1 file changed, 36 insertions(+), 7 deletions(-) diff --git a/tools/libs/light/libxl_disk.c b/tools/libs/light/libxl_disk.c index 411ffeaca6..faabdea7a4 100644 --- a/tools/libs/light/libxl_disk.c +++ b/tools/libs/light/libxl_disk.c @@ -656,6 +656,8 @@ typedef struct { static void cdrom_insert_lock_acquired(libxl__egc *, libxl__ev_slowlock *, int rc); +static void cdrom_insert_qmp_connected(libxl__egc *, libxl__ev_qmp *, + const libxl__json_object *, int rc); static void cdrom_insert_ejected(libxl__egc *egc, libxl__ev_qmp *, const libxl__json_object *, int rc); static void cdrom_insert_addfd_cb(libxl__egc *egc, libxl__ev_qmp *, @@ -770,13 +772,12 @@ static void cdrom_insert_lock_acquired(libxl__egc *egc, */ if (cis->dm_ver == LIBXL_DEVICE_MODEL_VERSION_QEMU_XEN) { - libxl__json_object *args = NULL; - int devid = libxl__device_disk_dev_number(cis->disk->vdev, - NULL, NULL); - - QMP_PARAMETERS_SPRINTF(&args, "device", "ide-%i", devid); - cis->qmp.callback = cdrom_insert_ejected; - rc = libxl__ev_qmp_send(egc, &cis->qmp, "eject", args); + /* Before running the "eject" command, we need to know QEMU's + * version to find out which command to issue. + * cis->qmp isn't in Connected state yet, so run a dummy command + * to have QEMU's version available. */ + cis->qmp.callback = cdrom_insert_qmp_connected; + rc = libxl__ev_qmp_send(egc, &cis->qmp, "query-version", NULL); if (rc) goto out; } else { cdrom_insert_ejected(egc, &cis->qmp, NULL, 0); /* must be last */ @@ -787,6 +788,34 @@ out: cdrom_insert_done(egc, cis, rc); /* must be last */ } +static void cdrom_insert_qmp_connected(libxl__egc *egc, libxl__ev_qmp *qmp, + const libxl__json_object *response, + int rc) +{ + libxl__cdrom_insert_state *cis = CONTAINER_OF(qmp, *cis, qmp); + STATE_AO_GC(cis->ao); + libxl__json_object *args = NULL; + int devid = libxl__device_disk_dev_number(cis->disk->vdev, + NULL, NULL); + + if (rc) goto out; + + /* Using `device` parameter is deprecated since QEMU 2.8, we should + * use `id` now. They both have different meaning but we set the + * same `id` on -drive and -device on the command line. + */ + if (libxl__qmp_ev_qemu_compare_version(qmp, 2, 8, 0) >= 0) + QMP_PARAMETERS_SPRINTF(&args, "id", "ide-%i", devid); + else + QMP_PARAMETERS_SPRINTF(&args, "device", "ide-%i", devid); + qmp->callback = cdrom_insert_ejected; + rc = libxl__ev_qmp_send(egc, qmp, "eject", args); + if (rc) goto out; + return; +out: + cdrom_insert_done(egc, cis, rc); /* must be last */ +} + static void cdrom_insert_ejected(libxl__egc *egc, libxl__ev_qmp *qmp, const libxl__json_object *response, -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Aug 19 16:56:28 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 19 Aug 2021 16:56:28 +0000 Received: from list by lists.xenproject.org with outflank-mailman.168981.308623 (Exim 4.92) (envelope-from ) id 1mGlLA-0004I5-9Y; Thu, 19 Aug 2021 16:56:28 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 168981.308623; Thu, 19 Aug 2021 16:56:28 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlLA-0004HX-4x; Thu, 19 Aug 2021 16:56:28 +0000 Received: by outflank-mailman (input) for mailman id 168981; Thu, 19 Aug 2021 16:56:27 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlL9-0004Dc-5i for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:56:27 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlL9-0004jC-4r for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:56:27 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mGlL9-0003Rp-3e for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:56:27 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=E0Fm9l30SCsqwGSnZV58qYN/yQqR+k6QhYwhlsioW3U=; b=RXJNEaugeWa43QFvPEXCN62kpD +03007hFQ8psbDlxLR924K2NkqP1HsWF0MNSa/CrJsFQXFYWTtxbVEOhheSbt46KjMCzMRY4rj1aZ ZDAIPBjDU3GgIE9ipEQZveC7+wf+KFXqUXWAy9C47oVJ9Xc552Cr9LHeP+BtH7HdB7/E=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] libxl: Replace QMP command "change" by "blockdev-change-media" Message-Id: Date: Thu, 19 Aug 2021 16:56:27 +0000 commit e3f5318546c2ecde18184f3b4a9ff1685cf3fe30 Author: Anthony PERARD AuthorDate: Tue May 11 10:28:10 2021 +0100 Commit: Ian Jackson CommitDate: Thu Aug 19 17:18:17 2021 +0100 libxl: Replace QMP command "change" by "blockdev-change-media" "change" command as been removed in QEMU 6.0. We can use "blockdev-change-medium" instead. Using `id` with "blockdev-change-medium" requires a change to the QEMU command line, introduced by: "libxl: Use -device for cd-rom drives" Signed-off-by: Anthony PERARD Reviewed-by: Jason Andryuk Backport-requested-by: Anthony PERARD Acked-by: Ian Jackson --- tools/libs/light/libxl_disk.c | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/tools/libs/light/libxl_disk.c b/tools/libs/light/libxl_disk.c index faabdea7a4..93936d0dd0 100644 --- a/tools/libs/light/libxl_disk.c +++ b/tools/libs/light/libxl_disk.c @@ -962,12 +962,26 @@ static void cdrom_insert_addfd_cb(libxl__egc *egc, fdset = libxl__json_object_get_integer(o); devid = libxl__device_disk_dev_number(disk->vdev, NULL, NULL); - QMP_PARAMETERS_SPRINTF(&args, "device", "ide-%i", devid); - QMP_PARAMETERS_SPRINTF(&args, "target", "/dev/fdset/%d", fdset); - libxl__qmp_param_add_string(gc, &args, "arg", - libxl__qemu_disk_format_string(disk->format)); qmp->callback = cdrom_insert_inserted; - rc = libxl__ev_qmp_send(egc, qmp, "change", args); + + /* "change" is deprecated since QEMU 2.5 and the `device` parameter for + * for "blockdev-change-medium" is deprecated in QEMU 2.8. + * But `id` is only available in 2.8 we'll start using the new command + * with `id` with QEMU 2.8. + */ + if (libxl__qmp_ev_qemu_compare_version(qmp, 2, 8, 0) >= 0) { + QMP_PARAMETERS_SPRINTF(&args, "id", "ide-%i", devid); + QMP_PARAMETERS_SPRINTF(&args, "filename", "/dev/fdset/%d", fdset); + libxl__qmp_param_add_string(gc, &args, "format", + libxl__qemu_disk_format_string(disk->format)); + rc = libxl__ev_qmp_send(egc, qmp, "blockdev-change-medium", args); + } else { + QMP_PARAMETERS_SPRINTF(&args, "device", "ide-%i", devid); + QMP_PARAMETERS_SPRINTF(&args, "target", "/dev/fdset/%d", fdset); + libxl__qmp_param_add_string(gc, &args, "arg", + libxl__qemu_disk_format_string(disk->format)); + rc = libxl__ev_qmp_send(egc, qmp, "change", args); + } out: if (rc) cdrom_insert_done(egc, cis, rc); /* must be last */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Aug 19 16:56:38 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 19 Aug 2021 16:56:38 +0000 Received: from list by lists.xenproject.org with outflank-mailman.168982.308633 (Exim 4.92) (envelope-from ) id 1mGlLK-0004dN-Ab; Thu, 19 Aug 2021 16:56:38 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 168982.308633; Thu, 19 Aug 2021 16:56:38 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlLK-0004dD-6z; Thu, 19 Aug 2021 16:56:38 +0000 Received: by outflank-mailman (input) for mailman id 168982; Thu, 19 Aug 2021 16:56:37 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlLJ-0004cY-9L for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:56:37 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlLJ-0004jT-8Y for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:56:37 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mGlLJ-0003T1-7k for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:56:37 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=d0/s7amllgAXFBE7UsA8s5S1w5tGH37fGQOEPVSDay4=; b=f+eY6XXH0gDpX6GmVl1FwnYRPS N0wlD6mXYA6Zsc60He+hSrk0sirdxv2WowYF++qf79TgR9FP0leUB2/VYOi6k9QJkBJqaxEvtXnj3 H3oPYyR+wEOy9NZTyGIM3bWkFpIWDP91mv6A6Zrh2NVH8atzhlu6ZStk3C2PaBLsZhVI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] libxl: Replace short-form boolean for QEMU's -vnc Message-Id: Date: Thu, 19 Aug 2021 16:56:37 +0000 commit 0e419e446f1d8e75bf27c35d4e82906168499d23 Author: Anthony PERARD AuthorDate: Mon Jun 28 11:01:56 2021 +0100 Commit: Ian Jackson CommitDate: Thu Aug 19 17:19:38 2021 +0100 libxl: Replace short-form boolean for QEMU's -vnc f3f778c81769 forgot one boolean parameter. Fixes: f3f778c81769 ("libxl: Replace QEMU's command line short-form boolean option") Signed-off-by: Anthony PERARD Reviewed-by: Jason Andryuk (cherry picked from commit 217eef30f7b9b85ba6e27c81a791dae8f6fcdbe7) Backport-requested-by: Anthony PERARD Acked-by: Ian Jackson --- tools/libs/light/libxl_dm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/libs/light/libxl_dm.c b/tools/libs/light/libxl_dm.c index 1e16f9e5b6..0b4c6be3f9 100644 --- a/tools/libs/light/libxl_dm.c +++ b/tools/libs/light/libxl_dm.c @@ -1324,7 +1324,7 @@ static int libxl__build_device_model_args_new(libxl__gc *gc, vncarg = GCSPRINTF("127.0.0.1:%d", vnc->display); if (vnc->passwd && vnc->passwd[0]) { - vncarg = GCSPRINTF("%s,password", vncarg); + vncarg = GCSPRINTF("%s,password=on", vncarg); } if (libxl_defbool_val(vnc->findunused)) { -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Aug 19 16:56:48 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 19 Aug 2021 16:56:48 +0000 Received: from list by lists.xenproject.org with outflank-mailman.168983.308636 (Exim 4.92) (envelope-from ) id 1mGlLU-0004pM-Bu; Thu, 19 Aug 2021 16:56:48 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 168983.308636; Thu, 19 Aug 2021 16:56:48 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlLU-0004pA-8X; Thu, 19 Aug 2021 16:56:48 +0000 Received: by outflank-mailman (input) for mailman id 168983; Thu, 19 Aug 2021 16:56:47 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlLT-0004om-DA for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:56:47 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlLT-0004k2-CH for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:56:47 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mGlLT-0003UR-BU for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:56:47 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=I8FidD3+2xu0uH32CBiWlvIcFg9uY5sEwQEiS/m1WVk=; b=I0Tas66l+EtWOQsvZFoePCsrt1 2kFMEryl5SZBP691FbBFyp3sfqkHHTzRI11N2dgRYu+qUJn2tOYHRZq5HHj2WGC9EHdB/KIjsAuDx JKu7fuS1f6pYveC+e/SYRSUX8e68r3zI0ZAnAPGhvQjry3QzEEFt/9nlHWRkgrUPgS24=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] libxl: Fix QEMU cmdline for scsi device Message-Id: Date: Thu, 19 Aug 2021 16:56:47 +0000 commit 00bd594d6c686b8cd6dbe8868932f1884ab640fe Author: Anthony PERARD AuthorDate: Mon Jun 28 11:01:57 2021 +0100 Commit: Ian Jackson CommitDate: Thu Aug 19 17:19:48 2021 +0100 libxl: Fix QEMU cmdline for scsi device Usage of 'scsi-disk' device is deprecated and removed from QEMU, instead we need to use 'scsi-hd' for hard drives. See QEMU 879be3af49 (hw/scsi: remove 'scsi-disk' device) Signed-off-by: Anthony PERARD Reviewed-by: Jason Andryuk (cherry picked from commit 3bc3be978fd61f8099797864136c5f447c0e4aae) Backport-requested-by: Anthony PERARD Acked-by: Ian Jackson --- tools/libs/light/libxl_dm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/libs/light/libxl_dm.c b/tools/libs/light/libxl_dm.c index 0b4c6be3f9..9949632eb8 100644 --- a/tools/libs/light/libxl_dm.c +++ b/tools/libs/light/libxl_dm.c @@ -1972,7 +1972,7 @@ static int libxl__build_device_model_args_new(libxl__gc *gc, &drive_id), flexarray_vappend(dm_args, "-drive", drive, - "-device", GCSPRINTF("scsi-disk,drive=%s,scsi-id=%d", + "-device", GCSPRINTF("scsi-hd,drive=%s,scsi-id=%d", drive_id, disk), NULL); continue; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Aug 19 16:56:59 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 19 Aug 2021 16:56:59 +0000 Received: from list by lists.xenproject.org with outflank-mailman.168988.308642 (Exim 4.92) (envelope-from ) id 1mGlLf-00050Z-EO; Thu, 19 Aug 2021 16:56:59 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 168988.308642; Thu, 19 Aug 2021 16:56:59 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlLf-00050Q-AO; Thu, 19 Aug 2021 16:56:59 +0000 Received: by outflank-mailman (input) for mailman id 168988; Thu, 19 Aug 2021 16:56:58 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlLe-00050A-0e for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:56:58 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlLd-0004kK-W4 for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:56:57 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mGlLd-0003WC-RP for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:56:57 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=GDbDkWhnwNSMIr7gaw84lI6LLE+gCZiAm7/Oz7Vweqs=; b=LXPAzOc2+eKBVTXlXI5KNinhzP a/dP8IoTRMcorWnpMMkISPBgINUi8lSWpzogIQFXCeQvHSjx8vqrws/1OTFePY7NM7S5hrKC9sIH0 IbCb1KgZ1wR/EXTUoSSectviUT8KpCdC9Nsko3fgfk+OIJGUvEsIxSlaWr2Cl8M/5+Q0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/HVM: wire up multicalls Message-Id: Date: Thu, 19 Aug 2021 16:56:57 +0000 commit 0f1002d40644841295578b2189c1489b0a9276ec Author: Jan Beulich AuthorDate: Thu Jun 24 16:35:39 2021 +0200 Commit: Ian Jackson CommitDate: Thu Aug 19 17:33:28 2021 +0100 x86/HVM: wire up multicalls To be able to use them from, in particular, the tool stack, they need to be supported for all guest types. Note that xc_resource_op() already does, so would not work without this on PVH Dom0. Signed-off-by: Jan Beulich Begrudingly acked-by: Andrew Cooper Acked-by: Ian Jackson Backport-requested-by: Jan Beulich (cherry picked from commit 198a2bc6f149ca41e16d90fc73de2c81affe4490) --- xen/arch/x86/hvm/hypercall.c | 35 +++++++++++++++++++++++++++++++++++ xen/arch/x86/hypercall.c | 14 ++++++++++---- xen/arch/x86/pv/hypercall.c | 3 ++- xen/include/asm-x86/multicall.h | 12 ++++++++++++ 4 files changed, 59 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/hvm/hypercall.c b/xen/arch/x86/hvm/hypercall.c index b084afcbce..01846b0718 100644 --- a/xen/arch/x86/hvm/hypercall.c +++ b/xen/arch/x86/hvm/hypercall.c @@ -26,6 +26,7 @@ #include #include #include +#include #include #include @@ -123,6 +124,7 @@ static long hvm_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) static const hypercall_table_t hvm_hypercall_table[] = { HVM_CALL(memory_op), + COMPAT_CALL(multicall), #ifdef CONFIG_GRANT_TABLE HVM_CALL(grant_table_op), #endif @@ -332,6 +334,39 @@ int hvm_hypercall(struct cpu_user_regs *regs) return curr->hcall_preempted ? HVM_HCALL_preempted : HVM_HCALL_completed; } +enum mc_disposition hvm_do_multicall_call(struct mc_state *state) +{ + struct vcpu *curr = current; + hypercall_fn_t *func = NULL; + + if ( hvm_guest_x86_mode(curr) == 8 ) + { + struct multicall_entry *call = &state->call; + + if ( call->op < ARRAY_SIZE(hvm_hypercall_table) ) + func = array_access_nospec(hvm_hypercall_table, call->op).native; + if ( func ) + call->result = func(call->args[0], call->args[1], call->args[2], + call->args[3], call->args[4], call->args[5]); + else + call->result = -ENOSYS; + } + else + { + struct compat_multicall_entry *call = &state->compat_call; + + if ( call->op < ARRAY_SIZE(hvm_hypercall_table) ) + func = array_access_nospec(hvm_hypercall_table, call->op).compat; + if ( func ) + call->result = func(call->args[0], call->args[1], call->args[2], + call->args[3], call->args[4], call->args[5]); + else + call->result = -ENOSYS; + } + + return !hvm_get_cpl(curr) ? mc_continue : mc_preempt; +} + /* * Local variables: * mode: C diff --git a/xen/arch/x86/hypercall.c b/xen/arch/x86/hypercall.c index 14da9bc4ad..791b4c7585 100644 --- a/xen/arch/x86/hypercall.c +++ b/xen/arch/x86/hypercall.c @@ -20,6 +20,7 @@ */ #include +#include #define ARGS(x, n) \ [ __HYPERVISOR_ ## x ] = { n, n } @@ -264,13 +265,18 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int nr, return rc; } -#ifndef CONFIG_PV -/* Stub for arch_do_multicall_call */ -enum mc_disposition arch_do_multicall_call(struct mc_state *mc) +enum mc_disposition arch_do_multicall_call(struct mc_state *state) { + const struct domain *currd = current->domain; + + if ( is_pv_domain(currd) ) + return pv_do_multicall_call(state); + + if ( is_hvm_domain(currd) ) + return hvm_do_multicall_call(state); + return mc_exit; } -#endif /* * Local variables: diff --git a/xen/arch/x86/pv/hypercall.c b/xen/arch/x86/pv/hypercall.c index 20795b4b57..73ccbe05ce 100644 --- a/xen/arch/x86/pv/hypercall.c +++ b/xen/arch/x86/pv/hypercall.c @@ -23,6 +23,7 @@ #include #include #include +#include #include #define HYPERCALL(x) \ @@ -237,7 +238,7 @@ void pv_hypercall(struct cpu_user_regs *regs) perfc_incr(hypercalls); } -enum mc_disposition arch_do_multicall_call(struct mc_state *state) +enum mc_disposition pv_do_multicall_call(struct mc_state *state) { struct vcpu *curr = current; unsigned long op; diff --git a/xen/include/asm-x86/multicall.h b/xen/include/asm-x86/multicall.h new file mode 100644 index 0000000000..7e1d4c121a --- /dev/null +++ b/xen/include/asm-x86/multicall.h @@ -0,0 +1,12 @@ +/****************************************************************************** + * asm-x86/multicall.h + */ + +#ifndef __ASM_X86_MULTICALL_H__ +#define __ASM_X86_MULTICALL_H__ + +#include + +typeof(arch_do_multicall_call) pv_do_multicall_call, hvm_do_multicall_call; + +#endif /* __ASM_X86_MULTICALL_H__ */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Aug 19 16:57:10 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 19 Aug 2021 16:57:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.168990.308644 (Exim 4.92) (envelope-from ) id 1mGlLq-00056p-GK; Thu, 19 Aug 2021 16:57:10 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 168990.308644; Thu, 19 Aug 2021 16:57:10 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlLq-00056h-DF; Thu, 19 Aug 2021 16:57:10 +0000 Received: by outflank-mailman (input) for mailman id 168990; Thu, 19 Aug 2021 16:57:09 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlLo-00055f-Vx for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:57:08 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlLo-0004ko-VE for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:57:08 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mGlLo-0003YG-Ru for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:57:08 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=hsSyVILu08nAGizjWyafqJczIWUQxwRdNHvgdPu33B8=; b=nm9VUOm5T9jtq5v71MUhTRFHA7 23pLMLFifnirhjcqnliJsE5tfMYJv8nGDr9ZslEXwBIdvVu6KNFQ/9VDP4j+4xXXaw3X3A1CHwcKQ aKm9UVQwaIhbeSmw3pvpgQZH6088QEw/8O3CoI8welv0NVYVYj9C1OOmeGe5Mhlosako=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] libxencall: osdep_hypercall() should return long Message-Id: Date: Thu, 19 Aug 2021 16:57:08 +0000 commit c773053bdbf3780cd2aa2ebe61837afc3de36bd0 Author: Jan Beulich AuthorDate: Thu Jun 24 16:38:37 2021 +0200 Commit: Ian Jackson CommitDate: Thu Aug 19 17:33:40 2021 +0100 libxencall: osdep_hypercall() should return long Some hypercalls, memory-op in particular, can return values requiring more than 31 bits to represent. Hence the underlying layers need to make sure they won't truncate such values. (Note that for Solaris the function also gets renamed, to match the other OSes.) Due to them merely propagating ioctl()'s return value, this change is benign on Linux and Solaris. IOW there's an actual effect here only for the BSDs and MiniOS, but even then further adjustments are needed at the xencall() level. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper Acked-by: Ian Jackson Backport-requested-by: Jan Beulich (cherry picked from commit 6409210a5f51860cb17b5e0f97debe164dab26d7) --- tools/libs/call/freebsd.c | 2 +- tools/libs/call/linux.c | 2 +- tools/libs/call/minios.c | 2 +- tools/libs/call/netbsd.c | 2 +- tools/libs/call/private.h | 2 +- tools/libs/call/solaris.c | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/tools/libs/call/freebsd.c b/tools/libs/call/freebsd.c index 28bfd852c1..6d2e8704b3 100644 --- a/tools/libs/call/freebsd.c +++ b/tools/libs/call/freebsd.c @@ -62,7 +62,7 @@ int osdep_xencall_close(xencall_handle *xcall) return close(fd); } -int osdep_hypercall(xencall_handle *xcall, privcmd_hypercall_t *hypercall) +long osdep_hypercall(xencall_handle *xcall, privcmd_hypercall_t *hypercall) { int fd = xcall->fd; int ret; diff --git a/tools/libs/call/linux.c b/tools/libs/call/linux.c index 51fa4899eb..6d588e6bea 100644 --- a/tools/libs/call/linux.c +++ b/tools/libs/call/linux.c @@ -80,7 +80,7 @@ int osdep_xencall_close(xencall_handle *xcall) return 0; } -int osdep_hypercall(xencall_handle *xcall, privcmd_hypercall_t *hypercall) +long osdep_hypercall(xencall_handle *xcall, privcmd_hypercall_t *hypercall) { return ioctl(xcall->fd, IOCTL_PRIVCMD_HYPERCALL, hypercall); } diff --git a/tools/libs/call/minios.c b/tools/libs/call/minios.c index 9f7a96995f..3f33b83578 100644 --- a/tools/libs/call/minios.c +++ b/tools/libs/call/minios.c @@ -38,7 +38,7 @@ int osdep_xencall_close(xencall_handle *xcall) return 0; } -int osdep_hypercall(xencall_handle *xcall, privcmd_hypercall_t *hypercall) +long osdep_hypercall(xencall_handle *xcall, privcmd_hypercall_t *hypercall) { multicall_entry_t call; int i, ret; diff --git a/tools/libs/call/netbsd.c b/tools/libs/call/netbsd.c index 4dcc2919ba..91ae68357e 100644 --- a/tools/libs/call/netbsd.c +++ b/tools/libs/call/netbsd.c @@ -96,7 +96,7 @@ void osdep_free_pages(xencall_handle *xcall, void *ptr, size_t npages) free(ptr); } -int osdep_hypercall(xencall_handle *xcall, privcmd_hypercall_t *hypercall) +long osdep_hypercall(xencall_handle *xcall, privcmd_hypercall_t *hypercall) { int fd = xcall->fd; int error = ioctl(fd, IOCTL_PRIVCMD_HYPERCALL, hypercall); diff --git a/tools/libs/call/private.h b/tools/libs/call/private.h index 7944ac5baf..9c3aa432ef 100644 --- a/tools/libs/call/private.h +++ b/tools/libs/call/private.h @@ -55,7 +55,7 @@ struct xencall_handle { int osdep_xencall_open(xencall_handle *xcall); int osdep_xencall_close(xencall_handle *xcall); -int osdep_hypercall(xencall_handle *xcall, privcmd_hypercall_t *hypercall); +long osdep_hypercall(xencall_handle *xcall, privcmd_hypercall_t *hypercall); void *osdep_alloc_pages(xencall_handle *xcall, size_t nr_pages); void osdep_free_pages(xencall_handle *xcall, void *p, size_t nr_pages); diff --git a/tools/libs/call/solaris.c b/tools/libs/call/solaris.c index c63b6a329a..304262bd05 100644 --- a/tools/libs/call/solaris.c +++ b/tools/libs/call/solaris.c @@ -80,7 +80,7 @@ void osdep_free_hypercall_buffer(xencall_handle *xcall, void *ptr, free(ptr); } -int do_xen_hypercall(xencall_handle *xcall, privcmd_hypercall_t *hypercall) +long osdep_hypercall(xencall_handle *xcall, privcmd_hypercall_t *hypercall) { int fd = xcall->fd; return ioctl(fd, IOCTL_PRIVCMD_HYPERCALL, hypercall); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Aug 19 16:57:20 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 19 Aug 2021 16:57:20 +0000 Received: from list by lists.xenproject.org with outflank-mailman.168991.308648 (Exim 4.92) (envelope-from ) id 1mGlM0-0005As-Hn; Thu, 19 Aug 2021 16:57:20 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 168991.308648; Thu, 19 Aug 2021 16:57:20 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlM0-0005Al-Er; Thu, 19 Aug 2021 16:57:20 +0000 Received: by outflank-mailman (input) for mailman id 168991; Thu, 19 Aug 2021 16:57:19 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlLz-0005AY-Q6 for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:57:19 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlLz-0004kz-PM for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:57:19 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mGlLz-0003ZO-Jv for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:57:19 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=kQW7ZZV19pgY1YwbpMPJ6N8HofAUTaEDXa/njT6Q3Fk=; b=rpILqaFytxuQLkqntGQQnpJUt7 kO3hywu9kENTt65NtbrxUzs5dHFHmyvwFUO4v7EEgbWcqkWXKi8OO7zy0ZbpulFciVhUzRAb2ssSp BvOAhwmS7ZLsDLqm2xX7EqYNn+JNpzVbUaIf4Q5PHhhnsOeBmtdonhnRa7Bc9y/1GE3g=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] libxencall: introduce variant of xencall2() returning long Message-Id: Date: Thu, 19 Aug 2021 16:57:19 +0000 commit e0da171fc15557ebdf4ee75638cbea81a5d47f0a Author: Jan Beulich AuthorDate: Thu Jun 24 16:39:02 2021 +0200 Commit: Ian Jackson CommitDate: Thu Aug 19 17:33:40 2021 +0100 libxencall: introduce variant of xencall2() returning long Some hypercalls, memory-op in particular, can return values requiring more than 31 bits to represent. Hence the underlying layers need to make sure they won't truncate such values. Signed-off-by: Jan Beulich Acked-by: Ian Jackson Acked-by: Andrew Cooper Backport-requested-by: Jan Beulich (cherry picked from commit bef64f2c0019f828824a67f918604fe40768b1de) --- tools/include/xencall.h | 4 ++++ tools/libs/call/core.c | 11 +++++++++++ tools/libs/call/libxencall.map | 5 +++++ 3 files changed, 20 insertions(+) diff --git a/tools/include/xencall.h b/tools/include/xencall.h index 2d0c42ad5e..fc95ed0fe5 100644 --- a/tools/include/xencall.h +++ b/tools/include/xencall.h @@ -113,6 +113,10 @@ int xencall5(xencall_handle *xcall, unsigned int op, uint64_t arg1, uint64_t arg2, uint64_t arg3, uint64_t arg4, uint64_t arg5); +/* Variant(s) of the above, as needed, returning "long" instead of "int". */ +long xencall2L(xencall_handle *xcall, unsigned int op, + uint64_t arg1, uint64_t arg2); + /* * Allocate and free memory which is suitable for use as a pointer * argument to a hypercall. diff --git a/tools/libs/call/core.c b/tools/libs/call/core.c index 57d3a33e6b..02c4f8e1ae 100644 --- a/tools/libs/call/core.c +++ b/tools/libs/call/core.c @@ -127,6 +127,17 @@ int xencall2(xencall_handle *xcall, unsigned int op, return osdep_hypercall(xcall, &call); } +long xencall2L(xencall_handle *xcall, unsigned int op, + uint64_t arg1, uint64_t arg2) +{ + privcmd_hypercall_t call = { + .op = op, + .arg = { arg1, arg2 }, + }; + + return osdep_hypercall(xcall, &call); +} + int xencall3(xencall_handle *xcall, unsigned int op, uint64_t arg1, uint64_t arg2, uint64_t arg3) { diff --git a/tools/libs/call/libxencall.map b/tools/libs/call/libxencall.map index 6922b96511..ad7518b0e0 100644 --- a/tools/libs/call/libxencall.map +++ b/tools/libs/call/libxencall.map @@ -27,3 +27,8 @@ VERS_1.2 { global: xencall_fd; } VERS_1.1; + +VERS_1.3 { + global: + xencall2L; +} VERS_1.2; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Aug 19 16:57:31 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 19 Aug 2021 16:57:31 +0000 Received: from list by lists.xenproject.org with outflank-mailman.168992.308652 (Exim 4.92) (envelope-from ) id 1mGlMB-0005Ex-J9; Thu, 19 Aug 2021 16:57:31 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 168992.308652; Thu, 19 Aug 2021 16:57:31 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlMB-0005Ep-GK; Thu, 19 Aug 2021 16:57:31 +0000 Received: by outflank-mailman (input) for mailman id 168992; Thu, 19 Aug 2021 16:57:30 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlMA-0005EX-NF for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:57:30 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlMA-0004lA-MP for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:57:30 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mGlMA-0003af-IW for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:57:30 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=cOiuwMm/zrsLk7O4dU0nouNeV2OzLqOgTP6NQ6IzQFg=; b=dDB3VeHKWCOfXFwMamUjCLweOD TPWnVDaj3BdNLZOaMykZYwnzRtwwRlhR1jBEk/Q9AZruVsfNwpY0FYY7jgVO6hGnqdXjddsoHGy+n 9SZG4qrQunWCxO+XUQ+8AF7u4yBCPJn4l0nM+NmXv4JlcFCTH3kfMzZWs4u6xa/wsRFw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] libxencall: Bump SONAME following new functionality Message-Id: Date: Thu, 19 Aug 2021 16:57:30 +0000 commit c3cf33b071081cab85c9bcea2e87f2db49dc644d Author: Andrew Cooper AuthorDate: Thu Jun 24 18:49:14 2021 +0100 Commit: Ian Jackson CommitDate: Thu Aug 19 17:33:40 2021 +0100 libxencall: Bump SONAME following new functionality Fixes: bef64f2c00 ("libxencall: introduce variant of xencall2() returning long") Signed-off-by: Andrew Cooper Reviewed-by: Ian Jackson Backport-requested-by: Jan Beulich (cherry picked from commit 01a2d001dea2219c9702afbe2d6fd1b0af539203) --- tools/libs/call/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/libs/call/Makefile b/tools/libs/call/Makefile index 4ed201b3b3..93d404b79e 100644 --- a/tools/libs/call/Makefile +++ b/tools/libs/call/Makefile @@ -2,7 +2,7 @@ XEN_ROOT = $(CURDIR)/../../.. include $(XEN_ROOT)/tools/Rules.mk MAJOR = 1 -MINOR = 2 +MINOR = 3 SRCS-y += core.c buffer.c SRCS-$(CONFIG_Linux) += linux.c -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Aug 19 16:57:42 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 19 Aug 2021 16:57:42 +0000 Received: from list by lists.xenproject.org with outflank-mailman.168993.308656 (Exim 4.92) (envelope-from ) id 1mGlMM-0005Id-Ky; Thu, 19 Aug 2021 16:57:42 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 168993.308656; Thu, 19 Aug 2021 16:57:42 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlMM-0005IV-Hn; Thu, 19 Aug 2021 16:57:42 +0000 Received: by outflank-mailman (input) for mailman id 168993; Thu, 19 Aug 2021 16:57:41 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlML-0005IF-Lh for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:57:41 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlML-0004le-Kx for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:57:41 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mGlML-0003c4-FN for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:57:41 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=jA6FbmNN6hOeXP8Ce4tB+/RJ/TDfASwYTpAlHVubAb8=; b=D1oZlNqDriONxAzmUFrCNQiRqz NluNitjmu/lWbobyufpMBujKrAMoEZVyLPmCRfOOBzdr50/Uw5FXXeNI68QsyANg18bv4aqmXikbC BTK4kuYUeBonqC+wWCWH+41cFqK7EFOwz0EB7jPproc7UAULCGOdZvD6baMM2ugLYAQ0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] libxc: use multicall for memory-op on Linux (and Solaris) Message-Id: Date: Thu, 19 Aug 2021 16:57:41 +0000 commit abfbb29830a25ddf31298d0eebd60e1d576a33c5 Author: Jan Beulich AuthorDate: Thu Jun 24 16:39:26 2021 +0200 Commit: Ian Jackson CommitDate: Thu Aug 19 17:33:40 2021 +0100 libxc: use multicall for memory-op on Linux (and Solaris) Some sub-functions, XENMEM_maximum_gpfn and XENMEM_maximum_ram_page in particular, can return values requiring more than 31 bits to represent. Hence we cannot issue the hypercall directly when the return value of ioctl() is used to propagate this value. This is the case for Linux and Solaris (and hence needs changing), while the BSDs avoid using the return value for dual purposes altogether, and MiniOS already wraps all hypercalls in a multicall. Suggested-by: Jürgen Groß Signed-off-by: Jan Beulich Acked-by: Ian Jackson Acked-by: Andrew Cooper Backport-requested-by: Jan Beulich (cherry picked from commit 6f02d1ea4a109a32f346a5d1de63a42b291c354c) --- tools/libs/ctrl/xc_private.c | 43 +++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 41 insertions(+), 2 deletions(-) diff --git a/tools/libs/ctrl/xc_private.c b/tools/libs/ctrl/xc_private.c index d94f846686..c0422662f0 100644 --- a/tools/libs/ctrl/xc_private.c +++ b/tools/libs/ctrl/xc_private.c @@ -337,8 +337,47 @@ long do_memory_op(xc_interface *xch, int cmd, void *arg, size_t len) goto out1; } - ret = xencall2(xch->xcall, __HYPERVISOR_memory_op, - cmd, HYPERCALL_BUFFER_AS_ARG(arg)); +#if defined(__linux__) || defined(__sun__) + /* + * Some sub-ops return values which don't fit in "int". On platforms + * without a specific hypercall return value field in the privcmd + * interface structure, issue the request as a single-element multicall, + * to be able to capture the full return value. + */ + if ( sizeof(long) > sizeof(int) ) + { + multicall_entry_t multicall = { + .op = __HYPERVISOR_memory_op, + .args[0] = cmd, + .args[1] = HYPERCALL_BUFFER_AS_ARG(arg), + }, *call = &multicall; + DECLARE_HYPERCALL_BOUNCE(call, sizeof(*call), + XC_HYPERCALL_BUFFER_BOUNCE_BOTH); + + if ( xc_hypercall_bounce_pre(xch, call) ) + { + PERROR("Could not bounce buffer for memory_op hypercall"); + goto out1; + } + + ret = do_multicall_op(xch, HYPERCALL_BUFFER(call), 1); + + xc_hypercall_bounce_post(xch, call); + + if ( !ret ) + { + ret = multicall.result; + if ( multicall.result > ~0xfffUL ) + { + errno = -ret; + ret = -1; + } + } + } + else +#endif + ret = xencall2L(xch->xcall, __HYPERVISOR_memory_op, + cmd, HYPERCALL_BUFFER_AS_ARG(arg)); xc_hypercall_bounce_post(xch, arg); out1: -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Aug 19 16:57:53 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 19 Aug 2021 16:57:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.168994.308660 (Exim 4.92) (envelope-from ) id 1mGlMX-0005Mf-MG; Thu, 19 Aug 2021 16:57:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 168994.308660; Thu, 19 Aug 2021 16:57:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlMX-0005MX-JH; Thu, 19 Aug 2021 16:57:53 +0000 Received: by outflank-mailman (input) for mailman id 168994; Thu, 19 Aug 2021 16:57:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlMW-0005MC-HY for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:57:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlMW-0004lp-Gb for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:57:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mGlMW-0003cw-DD for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:57:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=sNPAONQakwQL8PnyfS9ZUHPCNL9tdIH+zGoGFz/GQO4=; b=hbvL9BaskxEoM4vcGT25AusXqs tIFJSoDhgAbhxmYpN4hARtHG5cAUIE76bpufA/Askk89i6fIwazmQpp70DW69KCcm6CuMloW0s6pf Fn438sDmpAegg8OYrSd3zk4ljLBwAS7IjtisPVJ+sMDdfvZq39MsaNWCgc15a9FuK0dE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] libxl/x86: check return value of SHADOW_OP_SET_ALLOCATION domctl Message-Id: Date: Thu, 19 Aug 2021 16:57:52 +0000 commit 6bbdcefd205903b2181b3b4fdc9503709ecdb7c4 Author: Jan Beulich AuthorDate: Mon Jul 19 12:28:09 2021 +0200 Commit: Ian Jackson CommitDate: Thu Aug 19 17:46:59 2021 +0100 libxl/x86: check return value of SHADOW_OP_SET_ALLOCATION domctl The hypervisor may not have enough memory to satisfy the request. While there, make the unit of the value clear by renaming the local variable. Requested-by: Andrew Cooper Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper Reviewed-by: Anthony PERARD backport-requested-by: Jan Beulich (cherry picked from commit 0be5a00af590c97ea553aadb60f1e0b3af53d8f6) --- tools/libs/light/libxl_x86.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/tools/libs/light/libxl_x86.c b/tools/libs/light/libxl_x86.c index ac09897a63..18c3c77ccd 100644 --- a/tools/libs/light/libxl_x86.c +++ b/tools/libs/light/libxl_x86.c @@ -529,10 +529,20 @@ int libxl__arch_domain_create(libxl__gc *gc, xc_domain_set_time_offset(ctx->xch, domid, rtc_timeoffset); if (d_config->b_info.type != LIBXL_DOMAIN_TYPE_PV) { - unsigned long shadow = DIV_ROUNDUP(d_config->b_info.shadow_memkb, - 1024); - xc_shadow_control(ctx->xch, domid, XEN_DOMCTL_SHADOW_OP_SET_ALLOCATION, - NULL, 0, &shadow, 0, NULL); + unsigned long shadow_mb = DIV_ROUNDUP(d_config->b_info.shadow_memkb, + 1024); + int r = xc_shadow_control(ctx->xch, domid, + XEN_DOMCTL_SHADOW_OP_SET_ALLOCATION, + NULL, 0, &shadow_mb, 0, NULL); + + if (r) { + LOGED(ERROR, domid, + "Failed to set %lu MiB %s allocation", + shadow_mb, + libxl_defbool_val(d_config->c_info.hap) ? "HAP" : "shadow"); + ret = ERROR_FAIL; + goto out; + } } if (d_config->c_info.type == LIBXL_DOMAIN_TYPE_PV && -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Aug 19 16:58:04 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 19 Aug 2021 16:58:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.168995.308664 (Exim 4.92) (envelope-from ) id 1mGlMi-0005QL-Ny; Thu, 19 Aug 2021 16:58:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 168995.308664; Thu, 19 Aug 2021 16:58:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlMi-0005QC-Kw; Thu, 19 Aug 2021 16:58:04 +0000 Received: by outflank-mailman (input) for mailman id 168995; Thu, 19 Aug 2021 16:58:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlMh-0005Pt-1w for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:58:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlMh-0004mK-12 for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:58:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mGlMg-0003gG-Vb for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:58:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=G2hL18yFKEDnDW42wLkvWKNnwJuttEU7hx/Y8mWZMYA=; b=De2V0G51oOHDF8uki8gphMm16X HQ/qDNELk898QXeLChaPQG/sP94L6ndG+IPhu/Qob+IeZRgzAFuHr6TYm5ZISyz7EVfMPEV+kxZKu y0Zu2xejiYbWT4bbzkD1PsCeT+hYERqQJN2Sx5q0ax0dXE3BehKdg7RkiPBJliANBTM8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] libxl/x86: check return value of SHADOW_OP_SET_ALLOCATION domctl Message-Id: Date: Thu, 19 Aug 2021 16:58:02 +0000 commit 61f28060d5b899c502e2b3bf45a39b1dd2a1224c Author: Jan Beulich AuthorDate: Mon Jul 19 12:28:09 2021 +0200 Commit: Ian Jackson CommitDate: Thu Aug 19 17:47:20 2021 +0100 libxl/x86: check return value of SHADOW_OP_SET_ALLOCATION domctl The hypervisor may not have enough memory to satisfy the request. While there, make the unit of the value clear by renaming the local variable. Requested-by: Andrew Cooper Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper Reviewed-by: Anthony PERARD backport-requested-by: Jan Beulich (cherry picked from commit 0be5a00af590c97ea553aadb60f1e0b3af53d8f6) (cherry picked from commit 6bbdcefd205903b2181b3b4fdc9503709ecdb7c4) --- tools/libxl/libxl_x86.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/tools/libxl/libxl_x86.c b/tools/libxl/libxl_x86.c index e57f63282e..07c7b05e0d 100644 --- a/tools/libxl/libxl_x86.c +++ b/tools/libxl/libxl_x86.c @@ -516,10 +516,20 @@ int libxl__arch_domain_create(libxl__gc *gc, libxl_domain_config *d_config, xc_domain_set_time_offset(ctx->xch, domid, rtc_timeoffset); if (d_config->b_info.type != LIBXL_DOMAIN_TYPE_PV) { - unsigned long shadow = DIV_ROUNDUP(d_config->b_info.shadow_memkb, - 1024); - xc_shadow_control(ctx->xch, domid, XEN_DOMCTL_SHADOW_OP_SET_ALLOCATION, - NULL, 0, &shadow, 0, NULL); + unsigned long shadow_mb = DIV_ROUNDUP(d_config->b_info.shadow_memkb, + 1024); + int r = xc_shadow_control(ctx->xch, domid, + XEN_DOMCTL_SHADOW_OP_SET_ALLOCATION, + NULL, 0, &shadow_mb, 0, NULL); + + if (r) { + LOGED(ERROR, domid, + "Failed to set %lu MiB %s allocation", + shadow_mb, + libxl_defbool_val(d_config->c_info.hap) ? "HAP" : "shadow"); + ret = ERROR_FAIL; + goto out; + } } if (d_config->c_info.type == LIBXL_DOMAIN_TYPE_PV && -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Aug 19 16:58:14 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 19 Aug 2021 16:58:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.168996.308668 (Exim 4.92) (envelope-from ) id 1mGlMs-0005US-Pp; Thu, 19 Aug 2021 16:58:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 168996.308668; Thu, 19 Aug 2021 16:58:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlMs-0005UK-MV; Thu, 19 Aug 2021 16:58:14 +0000 Received: by outflank-mailman (input) for mailman id 168996; Thu, 19 Aug 2021 16:58:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlMr-0005U2-G9 for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:58:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlMr-0004mX-FR for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:58:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mGlMr-0003i9-De for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:58:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=My+Y308YDA2UNugciFsPfscZ4VRWpyXMbTZTX42LEAs=; b=H7rZncMmFjdk7RqF0D3F1fAqcq 2W7WkfwEfeHl6UMiUM4h7uvQCjSgDcj2ZmxFntOgs/W4Ao0DKLL/WBg8PAOJgbnLQq92L1Ur90GkK ySKm6Q6bo7kaw34jMIaTqNQaQQb4WFrY2WL9RZGTVD6kq42OICFjqM4ZyR8+8C7KG61A=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] libxl/x86: check return value of SHADOW_OP_SET_ALLOCATION domctl Message-Id: Date: Thu, 19 Aug 2021 16:58:13 +0000 commit 3cdc7b6b35106180c9021c1742cafacfa764fdad Author: Jan Beulich AuthorDate: Mon Jul 19 12:28:09 2021 +0200 Commit: Ian Jackson CommitDate: Thu Aug 19 17:47:32 2021 +0100 libxl/x86: check return value of SHADOW_OP_SET_ALLOCATION domctl The hypervisor may not have enough memory to satisfy the request. While there, make the unit of the value clear by renaming the local variable. Requested-by: Andrew Cooper Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper Reviewed-by: Anthony PERARD backport-requested-by: Jan Beulich (cherry picked from commit 0be5a00af590c97ea553aadb60f1e0b3af53d8f6) (cherry picked from commit 6bbdcefd205903b2181b3b4fdc9503709ecdb7c4) (cherry picked from commit 61f28060d5b899c502e2b3bf45a39b1dd2a1224c) --- tools/libxl/libxl_x86.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/tools/libxl/libxl_x86.c b/tools/libxl/libxl_x86.c index 8b804537ba..f34c0edc10 100644 --- a/tools/libxl/libxl_x86.c +++ b/tools/libxl/libxl_x86.c @@ -345,10 +345,20 @@ int libxl__arch_domain_create(libxl__gc *gc, libxl_domain_config *d_config, xc_domain_set_time_offset(ctx->xch, domid, rtc_timeoffset); if (d_config->b_info.type != LIBXL_DOMAIN_TYPE_PV) { - unsigned long shadow = DIV_ROUNDUP(d_config->b_info.shadow_memkb, - 1024); - xc_shadow_control(ctx->xch, domid, XEN_DOMCTL_SHADOW_OP_SET_ALLOCATION, - NULL, 0, &shadow, 0, NULL); + unsigned long shadow_mb = DIV_ROUNDUP(d_config->b_info.shadow_memkb, + 1024); + int r = xc_shadow_control(ctx->xch, domid, + XEN_DOMCTL_SHADOW_OP_SET_ALLOCATION, + NULL, 0, &shadow_mb, 0, NULL); + + if (r) { + LOGED(ERROR, domid, + "Failed to set %lu MiB %s allocation", + shadow_mb, + libxl_defbool_val(d_config->c_info.hap) ? "HAP" : "shadow"); + ret = ERROR_FAIL; + goto out; + } } if (d_config->c_info.type == LIBXL_DOMAIN_TYPE_PV && -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Thu Aug 19 16:58:24 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 19 Aug 2021 16:58:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.168997.308672 (Exim 4.92) (envelope-from ) id 1mGlN2-0005YA-UB; Thu, 19 Aug 2021 16:58:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 168997.308672; Thu, 19 Aug 2021 16:58:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlN2-0005Y3-R5; Thu, 19 Aug 2021 16:58:24 +0000 Received: by outflank-mailman (input) for mailman id 168997; Thu, 19 Aug 2021 16:58:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlN2-0005Xs-0A for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:58:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGlN1-0004mi-Ue for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:58:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mGlN1-0003kL-Sj for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 16:58:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=MrXXeNaJBk6fSvswAgrdidz941Q+4j4NgVLJFUwxytQ=; b=gjbaVrBxtfjGisZrBuOTudg1RP SPD/9gG3nFOpmrZW11ClkjFKJV+wKRQEaEK4u7uMGRzT4ll0tljIzoo5KfBP5nMHgpaOop9s0/h5r p80ktRksUBnRvWyYfcd57lygqh7FJbjhhQnhH2PI0FZUn7BlqKmwRbGfvPXVYxNXU0mk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.12] libxl/x86: check return value of SHADOW_OP_SET_ALLOCATION domctl Message-Id: Date: Thu, 19 Aug 2021 16:58:23 +0000 commit c6c5f9d8b3e23178341cd7f9b7614a463df74266 Author: Jan Beulich AuthorDate: Mon Jul 19 12:28:09 2021 +0200 Commit: Ian Jackson CommitDate: Thu Aug 19 17:48:19 2021 +0100 libxl/x86: check return value of SHADOW_OP_SET_ALLOCATION domctl The hypervisor may not have enough memory to satisfy the request. While there, make the unit of the value clear by renaming the local variable. Requested-by: Andrew Cooper Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper Reviewed-by: Anthony PERARD backport-requested-by: Jan Beulich (cherry picked from commit 0be5a00af590c97ea553aadb60f1e0b3af53d8f6) (cherry picked from commit 6bbdcefd205903b2181b3b4fdc9503709ecdb7c4) (cherry picked from commit 61f28060d5b899c502e2b3bf45a39b1dd2a1224c) (cherry picked from commit 3cdc7b6b35106180c9021c1742cafacfa764fdad) --- tools/libxl/libxl_x86.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/tools/libxl/libxl_x86.c b/tools/libxl/libxl_x86.c index c0f88a7eaa..5c1b78722d 100644 --- a/tools/libxl/libxl_x86.c +++ b/tools/libxl/libxl_x86.c @@ -345,10 +345,20 @@ int libxl__arch_domain_create(libxl__gc *gc, libxl_domain_config *d_config, xc_domain_set_time_offset(ctx->xch, domid, rtc_timeoffset); if (d_config->b_info.type != LIBXL_DOMAIN_TYPE_PV) { - unsigned long shadow = DIV_ROUNDUP(d_config->b_info.shadow_memkb, - 1024); - xc_shadow_control(ctx->xch, domid, XEN_DOMCTL_SHADOW_OP_SET_ALLOCATION, - NULL, 0, &shadow, 0, NULL); + unsigned long shadow_mb = DIV_ROUNDUP(d_config->b_info.shadow_memkb, + 1024); + int r = xc_shadow_control(ctx->xch, domid, + XEN_DOMCTL_SHADOW_OP_SET_ALLOCATION, + NULL, 0, &shadow_mb, 0, NULL); + + if (r) { + LOGED(ERROR, domid, + "Failed to set %lu MiB %s allocation", + shadow_mb, + libxl_defbool_val(d_config->c_info.hap) ? "HAP" : "shadow"); + ret = ERROR_FAIL; + goto out; + } } if (d_config->c_info.type == LIBXL_DOMAIN_TYPE_PV && -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.12 From xen-changelog-bounces@lists.xenproject.org Thu Aug 19 17:55:10 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 19 Aug 2021 17:55:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.169022.308731 (Exim 4.92) (envelope-from ) id 1mGmFv-00082Y-31; Thu, 19 Aug 2021 17:55:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 169022.308731; Thu, 19 Aug 2021 17:55:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGmFv-00082Q-05; Thu, 19 Aug 2021 17:55:07 +0000 Received: by outflank-mailman (input) for mailman id 169022; Thu, 19 Aug 2021 17:55:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGmFt-00082K-Is for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 17:55:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mGmFt-0005tj-H2 for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 17:55:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mGmFt-0003E1-Fy for xen-changelog@lists.xenproject.org; Thu, 19 Aug 2021 17:55:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=RJljwm+zeH1/UZYI9K622XA0aK1lTq9uo0wQrq8fbZY=; b=gVgqZSMGTqPVyGQ0YBp7ERtR2y 7g9KZcxSBAya7s0eBhSgSv4HTAlh7cG7oisoUo/ebPECjO2LLwEYiNSi8Twa4MfXQ2SyQz+/+Cf3U w/1TfqL3b2wwqtplxm1M1FbXd9652XP079V9KraDdr+LAY1e29fJFqoFp9ffxFjPGr5E=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] libs/guest: Move the guest ABI check earlier into xc_dom_parse_image() Message-Id: Date: Thu, 19 Aug 2021 17:55:05 +0000 commit 1787cc167906f3fef547affb443a64762392c464 Author: Jane Malalane AuthorDate: Tue Aug 17 16:19:24 2021 +0100 Commit: Andrew Cooper CommitDate: Thu Aug 19 18:34:53 2021 +0100 libs/guest: Move the guest ABI check earlier into xc_dom_parse_image() Xen may not support 32-bit PV guest for a number of reasons (lack of CONFIG_PV32, explicit pv=no-32 command line argument, or implicitly due to CET being enabled) and advertises this to the toolstack via the absence of xen-3.0-x86_32p ABI. Currently, when trying to boot a 32-bit PV guest, the ABI check is too late and the build explodes in the following manner yielding an unhelpful error message: xc: error: panic: xg_dom_boot.c:121: xc_dom_boot_mem_init: can't allocate low memory for domain: Out of memory libxl: error: libxl_dom.c:586:libxl__build_dom: xc_dom_boot_mem_init failed: Operation not supported libxl: error: libxl_create.c:1573:domcreate_rebuild_done: Domain 1:cannot (re-)build domain: -3 libxl: error: libxl_domain.c:1182:libxl__destroy_domid: Domain 1:Non-existant domain libxl: error: libxl_domain.c:1136:domain_destroy_callback: Domain 1:Unable to destroy guest libxl: error: libxl_domain.c:1063:domain_destroy_cb: Domain 1:Destruction of domain failed Move the ABI check earlier into xc_dom_parse_image() along with other ELF-note feature checks. With this adjustment, it now looks like this: xc: error: panic: xg_dom_boot.c:88: xc_dom_compat_check: guest type xen-3.0-x86_32p not supported by xen kernel, sorry: Invalid kernel libxl: error: libxl_dom.c:571:libxl__build_dom: xc_dom_parse_image failed domainbuilder: detail: xc_dom_release: called libxl: error: libxl_create.c:1573:domcreate_rebuild_done: Domain 11:cannot (re-)build domain: -3 libxl: error: libxl_domain.c:1182:libxl__destroy_domid: Domain 11:Non-existant domain libxl: error: libxl_domain.c:1136:domain_destroy_callback: Domain 11:Unable to destroy guest libxl: error: libxl_domain.c:1063:domain_destroy_cb: Domain 11:Destruction of domain failed Suggested-by: Andrew Cooper Signed-off-by: Jane Malalane Reviewed-by: Andrew Cooper Acked-by: Ian Jackson --- tools/libs/guest/xg_dom_boot.c | 4 ---- tools/libs/guest/xg_dom_core.c | 4 ++++ 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tools/libs/guest/xg_dom_boot.c b/tools/libs/guest/xg_dom_boot.c index dac96b17a5..f809dcbe97 100644 --- a/tools/libs/guest/xg_dom_boot.c +++ b/tools/libs/guest/xg_dom_boot.c @@ -191,10 +191,6 @@ int xc_dom_boot_image(struct xc_dom_image *dom) } dom->shared_info_mfn = info.shared_info_frame; - /* sanity checks */ - if ( !xc_dom_compat_check(dom) ) - return -1; - /* initial mm setup */ if ( dom->arch_hooks->setup_pgtables && (rc = dom->arch_hooks->setup_pgtables(dom)) != 0 ) diff --git a/tools/libs/guest/xg_dom_core.c b/tools/libs/guest/xg_dom_core.c index 4918ee517b..2e4c1330ea 100644 --- a/tools/libs/guest/xg_dom_core.c +++ b/tools/libs/guest/xg_dom_core.c @@ -922,6 +922,10 @@ int xc_dom_parse_image(struct xc_dom_image *dom) goto err; } + /* Check guest ABI */ + if ( !xc_dom_compat_check(dom) ) + return -1; + /* check features */ for ( i = 0; i < XENFEAT_NR_SUBMAPS; i++ ) { -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Aug 20 10:33:11 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 20 Aug 2021 10:33:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.169408.309447 (Exim 4.92) (envelope-from ) id 1mH1pi-0001b7-Ks; Fri, 20 Aug 2021 10:33:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 169408.309447; Fri, 20 Aug 2021 10:33:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mH1pi-0001az-I0; Fri, 20 Aug 2021 10:33:06 +0000 Received: by outflank-mailman (input) for mailman id 169408; Fri, 20 Aug 2021 10:33:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mH1ph-0001at-4C for xen-changelog@lists.xenproject.org; Fri, 20 Aug 2021 10:33:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mH1ph-0007zU-1h for xen-changelog@lists.xenproject.org; Fri, 20 Aug 2021 10:33:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mH1ph-0008Vc-0g for xen-changelog@lists.xenproject.org; Fri, 20 Aug 2021 10:33:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OvERYGs52x3fQ7WIOpyJg5PpV7JwMVZe1nXSq/BBoWY=; b=P4LR3pnPHxUAnFC4QNABPqTAPK SO0ur2Rm0fMaDurE7FweBnRG0PQKbdUvEgnKPTinpzCFRWSqBk98lyiKBjsvt6CAs72TuIP6A2d/V hBhDAYupIbkF1nCv+uoedSbAHlKhSlJ6t5EJLHl9WCRmf8zTrftrypmF9Gt3TtNDP7KU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/PV: account for 32-bit Dom0 in mark_pv_pt_pages_rdonly()'s ASSERT()s Message-Id: Date: Fri, 20 Aug 2021 10:33:05 +0000 commit 9ee27aa7a2bab460769a6621895898ba3a7fb445 Author: Jan Beulich AuthorDate: Fri Aug 20 12:28:07 2021 +0200 Commit: Jan Beulich CommitDate: Fri Aug 20 12:28:07 2021 +0200 x86/PV: account for 32-bit Dom0 in mark_pv_pt_pages_rdonly()'s ASSERT()s Clearly I neglected the special needs here, and also failed to test the change with a debug build of Xen. Fixes: 6b1ca51b1a91 ("x86/PV: assert page state in mark_pv_pt_pages_rdonly()") Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper --- xen/arch/x86/pv/dom0_build.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/pv/dom0_build.c b/xen/arch/x86/pv/dom0_build.c index 6145d4320b..d7f9e04b28 100644 --- a/xen/arch/x86/pv/dom0_build.c +++ b/xen/arch/x86/pv/dom0_build.c @@ -61,13 +61,14 @@ static __init void mark_pv_pt_pages_rdonly(struct domain *d, /* * Verify that - * - all pages have a valid L1...Ln page table type and + * - all pages have a valid L1...Ln page table type (including the PAE + * sub-flavor of L2) and * - no other bits are set, in particular the type refcount is still * zero. */ ASSERT((page->u.inuse.type_info & PGT_type_mask) >= PGT_l1_page_table); ASSERT((page->u.inuse.type_info & PGT_type_mask) <= PGT_root_page_table); - ASSERT(!(page->u.inuse.type_info & ~PGT_type_mask)); + ASSERT(!(page->u.inuse.type_info & ~(PGT_type_mask | PGT_pae_xen_l2))); /* Read-only mapping + PGC_allocated + page-table page. */ page->count_info = PGC_allocated | 3; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Aug 20 10:33:16 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 20 Aug 2021 10:33:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.169409.309451 (Exim 4.92) (envelope-from ) id 1mH1ps-0001dK-Mu; Fri, 20 Aug 2021 10:33:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 169409.309451; Fri, 20 Aug 2021 10:33:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mH1ps-0001dB-Jj; Fri, 20 Aug 2021 10:33:16 +0000 Received: by outflank-mailman (input) for mailman id 169409; Fri, 20 Aug 2021 10:33:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mH1pr-0001cy-6m for xen-changelog@lists.xenproject.org; Fri, 20 Aug 2021 10:33:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mH1pr-0007zg-5y for xen-changelog@lists.xenproject.org; Fri, 20 Aug 2021 10:33:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mH1pr-00005G-4X for xen-changelog@lists.xenproject.org; Fri, 20 Aug 2021 10:33:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=gpN13bqL90mkegNzc2Qln7AQaZZ7nXjutSLz/PRxfp4=; b=JAVxLM1JAY1ilzclhEshHdG3bB QiUoDP7a+RShU0Tcw4fmn51RqfdfKGHDeFMeN3IPMVhfSrW9L+97OxEZHhKZeeiRFPCUphPwCptxl Te0DE+ANPuxgrsZ/3HlGk+qrpf6fRWtVuzXGRxlReiKnvrBgvlAz+7m5r10KiML9DUSY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] ns16550: specify uart param for ns_{read,write}_reg as const Message-Id: Date: Fri, 20 Aug 2021 10:33:15 +0000 commit 3e1dea307b9bd03807f86e2265908039b2f9accf Author: Marek Marczykowski-Górecki AuthorDate: Fri Aug 20 12:29:05 2021 +0200 Commit: Jan Beulich CommitDate: Fri Aug 20 12:29:05 2021 +0200 ns16550: specify uart param for ns_{read,write}_reg as const They don't modify it, after all. Signed-off-by: Marek Marczykowski-Górecki Reviewed-by: Jan Beulich --- xen/drivers/char/ns16550.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/drivers/char/ns16550.c b/xen/drivers/char/ns16550.c index 97b85b0225..20da8fd3b4 100644 --- a/xen/drivers/char/ns16550.c +++ b/xen/drivers/char/ns16550.c @@ -108,7 +108,7 @@ struct ns16550_config_param { static void ns16550_delayed_resume(void *data); -static u8 ns_read_reg(struct ns16550 *uart, unsigned int reg) +static u8 ns_read_reg(const struct ns16550 *uart, unsigned int reg) { void __iomem *addr = uart->remapped_io_base + (reg << uart->reg_shift); #ifdef CONFIG_HAS_IOPORTS @@ -126,7 +126,7 @@ static u8 ns_read_reg(struct ns16550 *uart, unsigned int reg) } } -static void ns_write_reg(struct ns16550 *uart, unsigned int reg, u8 c) +static void ns_write_reg(const struct ns16550 *uart, unsigned int reg, u8 c) { void __iomem *addr = uart->remapped_io_base + (reg << uart->reg_shift); #ifdef CONFIG_HAS_IOPORTS -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Aug 20 10:33:26 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 20 Aug 2021 10:33:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.169410.309454 (Exim 4.92) (envelope-from ) id 1mH1q2-0001gR-OB; Fri, 20 Aug 2021 10:33:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 169410.309454; Fri, 20 Aug 2021 10:33:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mH1q2-0001gJ-LE; Fri, 20 Aug 2021 10:33:26 +0000 Received: by outflank-mailman (input) for mailman id 169410; Fri, 20 Aug 2021 10:33:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mH1q1-0001g3-B7 for xen-changelog@lists.xenproject.org; Fri, 20 Aug 2021 10:33:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mH1q1-0007zt-AN for xen-changelog@lists.xenproject.org; Fri, 20 Aug 2021 10:33:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mH1q1-00006T-8q for xen-changelog@lists.xenproject.org; Fri, 20 Aug 2021 10:33:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=yxjN6ci7lwiVnHfaJVZsH/CU2cvSFG9on4AOPMvKc4Y=; b=ieY19yn4NWtNdIL1tdVDHCBfSz 8MDcnzA/1UeWy1LjJAdjOOmCEFwTM0hAx8aAo5hbmpBny4CFBQ301b9QyC0hXJZ3pOeDyzvv/+zif VQYiWDVvm6R9EjpYmkcJ9w5hgWZ6d9OHeJA/oU/HK6JtxFk0uQQYNnpxVbNFjnu3v66Q=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] ns16550: add Exar PCIe UART cards support Message-Id: Date: Fri, 20 Aug 2021 10:33:25 +0000 commit 5ffd37db2ff6fecfaee5bb2ebdaaff1cfb54b1a2 Author: Marek Marczykowski-Górecki AuthorDate: Fri Aug 20 12:29:45 2021 +0200 Commit: Jan Beulich CommitDate: Fri Aug 20 12:29:45 2021 +0200 ns16550: add Exar PCIe UART cards support Besides standard UART setup, this device needs enabling (vendor-specific) "Enhanced Control Bits" - otherwise disabling hardware control flow (MCR[2]) is ignored. Add appropriate quirk to the ns16550_setup_preirq(), similar to the handle_dw_usr_busy_quirk(). The new function act on Exar 2-, 4-, and 8- port cards only. I have tested the functionality on 2-port card but based on the Linux driver, the same applies to other models too. Additionally, Exar card supports fractional divisor (DLD[3:0] register, at 0x02). This part is not supported here yet, and seems to not be required for working 115200bps at the very least. The specification for the 2-port card is available at: https://www.maxlinear.com/product/interface/uarts/pcie-uarts/xr17v352 Signed-off-by: Marek Marczykowski-Górecki Reviewed-by: Jan Beulich --- xen/drivers/char/ns16550.c | 83 +++++++++++++++++++++++++++++++++++++++++++-- xen/include/xen/8250-uart.h | 4 +++ xen/include/xen/pci_ids.h | 2 ++ 3 files changed, 87 insertions(+), 2 deletions(-) diff --git a/xen/drivers/char/ns16550.c b/xen/drivers/char/ns16550.c index 20da8fd3b4..b777c8711e 100644 --- a/xen/drivers/char/ns16550.c +++ b/xen/drivers/char/ns16550.c @@ -88,6 +88,9 @@ struct ns16550_config { param_pericom_2port, param_pericom_4port, param_pericom_8port, + param_exar_xr17v352, + param_exar_xr17v354, + param_exar_xr17v358, } param; }; @@ -104,6 +107,8 @@ struct ns16550_config_param { unsigned int uart_offset; unsigned int first_offset; }; + +static void enable_exar_enhanced_bits(const struct ns16550 *uart); #endif static void ns16550_delayed_resume(void *data); @@ -303,6 +308,11 @@ static void ns16550_setup_preirq(struct ns16550 *uart) /* Handle the DesignWare 8250 'busy-detect' quirk. */ handle_dw_usr_busy_quirk(uart); +#ifdef CONFIG_HAS_PCI + /* Enable Exar "Enhanced function bits" */ + enable_exar_enhanced_bits(uart); +#endif + /* Line control and baud-rate generator. */ ns_write_reg(uart, UART_LCR, lcr | UART_LCR_DLAB); if ( uart->baud != BAUD_AUTO ) @@ -781,7 +791,37 @@ static const struct ns16550_config_param __initconst uart_param[] = { .lsr_mask = UART_LSR_THRE, .bar0 = 1, .max_ports = 8, - } + }, + [param_exar_xr17v352] = { + .base_baud = 7812500, + .uart_offset = 0x400, + .reg_width = 1, + .fifo_size = 256, + .lsr_mask = UART_LSR_THRE, + .bar0 = 1, + .mmio = 1, + .max_ports = 2, + }, + [param_exar_xr17v354] = { + .base_baud = 7812500, + .uart_offset = 0x400, + .reg_width = 1, + .fifo_size = 256, + .lsr_mask = UART_LSR_THRE, + .bar0 = 1, + .mmio = 1, + .max_ports = 4, + }, + [param_exar_xr17v358] = { + .base_baud = 7812500, + .uart_offset = 0x400, + .reg_width = 1, + .fifo_size = 256, + .lsr_mask = UART_LSR_THRE, + .bar0 = 1, + .mmio = 1, + .max_ports = 8, + }, }; static const struct ns16550_config __initconst uart_config[] = @@ -1007,7 +1047,25 @@ static const struct ns16550_config __initconst uart_config[] = .vendor_id = PCI_VENDOR_ID_PERICOM, .dev_id = 0x7958, .param = param_pericom_8port - } + }, + /* Exar Corp. XR17V352 Dual PCIe UART */ + { + .vendor_id = PCI_VENDOR_ID_EXAR, + .dev_id = 0x0352, + .param = param_exar_xr17v352 + }, + /* Exar Corp. XR17V354 Quad PCIe UART */ + { + .vendor_id = PCI_VENDOR_ID_EXAR, + .dev_id = 0x0354, + .param = param_exar_xr17v354 + }, + /* Exar Corp. XR17V358 Octal PCIe UART */ + { + .vendor_id = PCI_VENDOR_ID_EXAR, + .dev_id = 0x0358, + .param = param_exar_xr17v358 + }, }; static int __init @@ -1177,6 +1235,27 @@ pci_uart_config(struct ns16550 *uart, bool_t skip_amt, unsigned int idx) return 0; } +static void enable_exar_enhanced_bits(const struct ns16550 *uart) +{ + uint8_t efr; + + switch ( uart->param - uart_param ) + { + case param_exar_xr17v352: + case param_exar_xr17v354: + case param_exar_xr17v358: + /* + * Exar XR17V35x cards ignore setting MCR[2] (hardware flow control) + * unless "Enhanced control bits" is enabled. + * The below checks for a 2, 4 or 8 port UART, following Linux driver. + */ + efr = ns_read_reg(uart, UART_XR_EFR); + efr |= UART_EFR_ECB; + ns_write_reg(uart, UART_XR_EFR, efr); + break; + } +} + #endif /* CONFIG_HAS_PCI */ /* diff --git a/xen/include/xen/8250-uart.h b/xen/include/xen/8250-uart.h index 5c3bac3322..d13352940c 100644 --- a/xen/include/xen/8250-uart.h +++ b/xen/include/xen/8250-uart.h @@ -35,6 +35,7 @@ #define UART_USR 0x1f /* Status register (DW) */ #define UART_DLL 0x00 /* divisor latch (ls) (DLAB=1) */ #define UART_DLM 0x01 /* divisor latch (ms) (DLAB=1) */ +#define UART_XR_EFR 0x09 /* Enhanced function register (Exar) */ /* Interrupt Enable Register */ #define UART_IER_ERDAI 0x01 /* rx data recv'd */ @@ -121,6 +122,9 @@ /* Frequency of external clock source. This definition assumes PC platform. */ #define UART_CLOCK_HZ 1843200 +/* Bits in Exar specific UART_XR_EFR register */ +#define UART_EFR_ECB 0x10 + /* Resume retry settings */ #define RESUME_DELAY MILLISECS(10) #define RESUME_RETRIES 100 diff --git a/xen/include/xen/pci_ids.h b/xen/include/xen/pci_ids.h index 7788ba9d2f..e798477a7e 100644 --- a/xen/include/xen/pci_ids.h +++ b/xen/include/xen/pci_ids.h @@ -4,6 +4,8 @@ #define PCI_VENDOR_ID_PERICOM 0x12d8 +#define PCI_VENDOR_ID_EXAR 0x13a8 + #define PCI_VENDOR_ID_OXSEMI 0x1415 #define PCI_VENDOR_ID_BROADCOM 0x14e4 -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Aug 20 10:33:36 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 20 Aug 2021 10:33:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.169411.309459 (Exim 4.92) (envelope-from ) id 1mH1qC-0001jv-Pp; Fri, 20 Aug 2021 10:33:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 169411.309459; Fri, 20 Aug 2021 10:33:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mH1qC-0001jm-Mf; Fri, 20 Aug 2021 10:33:36 +0000 Received: by outflank-mailman (input) for mailman id 169411; Fri, 20 Aug 2021 10:33:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mH1qB-0001jR-EZ for xen-changelog@lists.xenproject.org; Fri, 20 Aug 2021 10:33:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mH1qB-00080B-Do for xen-changelog@lists.xenproject.org; Fri, 20 Aug 2021 10:33:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mH1qB-00007s-Cs for xen-changelog@lists.xenproject.org; Fri, 20 Aug 2021 10:33:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Kw2cwm25m/qur+u1Aufj2zfGIlfoLkDWtWbyEUqQwKk=; b=aXuutJFqOQXecguAOzuSgokZMR g3cDFfB95UF6Urext8kkoHx18vKnlRV+DBl3X1ZOie4GOxfZJkjsahmfNMrIc+p+yl/RjW/AbW8eA YKf2rfkfLIQRVdUnV9JreS5onNzZ9cKbYio+V7FD60B3OHD4JB5qOSdGkinGve4VxYyc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] AMD/IOMMU: don't leave page table mapped when unmapping ... Message-Id: Date: Fri, 20 Aug 2021 10:33:35 +0000 commit 3cfec6a6aa7a7bf68f8e19e21f450c2febe9acb4 Author: Jan Beulich AuthorDate: Fri Aug 20 12:30:35 2021 +0200 Commit: Jan Beulich CommitDate: Fri Aug 20 12:30:35 2021 +0200 AMD/IOMMU: don't leave page table mapped when unmapping ... ... an already not mapped page. With all other exit paths doing the unmap, I have no idea how I managed to miss that aspect at the time. Fixes: ad591454f069 ("AMD/IOMMU: don't needlessly trigger errors/crashes when unmapping a page") Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant --- xen/drivers/passthrough/amd/iommu_map.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 560af54b76..1ed39bbee5 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -243,7 +243,10 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, else if ( !pde->pr ) { if ( !map ) + { + unmap_domain_page(next_table_vaddr); return 0; + } if ( next_table_mfn == 0 ) { -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Aug 20 10:33:46 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 20 Aug 2021 10:33:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.169412.309462 (Exim 4.92) (envelope-from ) id 1mH1qM-0001nT-RF; Fri, 20 Aug 2021 10:33:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 169412.309462; Fri, 20 Aug 2021 10:33:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mH1qM-0001nL-O5; Fri, 20 Aug 2021 10:33:46 +0000 Received: by outflank-mailman (input) for mailman id 169412; Fri, 20 Aug 2021 10:33:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mH1qL-0001n3-IZ for xen-changelog@lists.xenproject.org; Fri, 20 Aug 2021 10:33:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mH1qL-00080N-He for xen-changelog@lists.xenproject.org; Fri, 20 Aug 2021 10:33:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mH1qL-00009A-GJ for xen-changelog@lists.xenproject.org; Fri, 20 Aug 2021 10:33:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=cVsZrPjylFySe255ZZQx/KXGUNo3xqhm/h6Kxt8PMqs=; b=nEC5l1Mr5sHb4j5sQzxBZUuW/j bR4acMxcUpPR0VfGiTzGdP1rFmV+KEKA+TgipE4lr57B7XAKUo4r2u9y6wFSvt/GD97da/KIGSakt d5u+luMHWUjk79XWZSTld38gbMtUHcJ/OoOeSIDALQ5fpU+efN0CdFzXlQ0f/raytwqw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] AMD/IOMMU: don't increase perms when splitting superpage Message-Id: Date: Fri, 20 Aug 2021 10:33:45 +0000 commit b8238afd076189c1e1b459752f78e8639b5c2a3a Author: Jan Beulich AuthorDate: Fri Aug 20 12:31:08 2021 +0200 Commit: Jan Beulich CommitDate: Fri Aug 20 12:31:08 2021 +0200 AMD/IOMMU: don't increase perms when splitting superpage The old (super)page's permissions ought to be propagated, rather than blindly allowing both reads and writes. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant --- xen/drivers/passthrough/amd/iommu_map.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 1ed39bbee5..0d4dd7cc37 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -231,7 +231,7 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, next_table_mfn = mfn_x(page_to_mfn(table)); set_iommu_ptes_present(next_table_mfn, pfn, mfn, PTE_PER_TABLE_SIZE, - next_level, true, true); + next_level, pde->iw, pde->ir); smp_wmb(); set_iommu_pde_present(pde, next_table_mfn, next_level, true, true); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Aug 20 14:22:12 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 20 Aug 2021 14:22:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.169557.309737 (Exim 4.92) (envelope-from ) id 1mH5PJ-0005cA-Ry; Fri, 20 Aug 2021 14:22:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 169557.309737; Fri, 20 Aug 2021 14:22:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mH5PJ-0005c2-PA; Fri, 20 Aug 2021 14:22:05 +0000 Received: by outflank-mailman (input) for mailman id 169557; Fri, 20 Aug 2021 14:22:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mH5PJ-0005bw-49 for xen-changelog@lists.xenproject.org; Fri, 20 Aug 2021 14:22:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mH5PJ-00047k-33 for xen-changelog@lists.xenproject.org; Fri, 20 Aug 2021 14:22:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mH5PJ-000293-1y for xen-changelog@lists.xenproject.org; Fri, 20 Aug 2021 14:22:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=5aTcqwXIrDFwhkwc9QCPmQDRmvWQx+d+c0iuG0QCxdo=; b=gdCK83W+Id3JMNm40b/dAuKuCM iab1J/hGR15W/qZXEOMz6LZu7OYYAIcd1uznB9pWyiVKLbyhzh3fXVsRQNkL4xxzsFk0sV+POQ1Ps RnMvoKNwq7S2idBKXYJoxEeob9F6VJyknnuQRrY6Gaa5VIxF4feGCbSHupD50g0YKZoU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] ns16550: properly gate Exar PCIe UART cards support Message-Id: Date: Fri, 20 Aug 2021 14:22:05 +0000 commit 93713f444b3f29d6848527506db69cf78976b32d Author: Oleksandr Andrushchenko AuthorDate: Fri Aug 20 16:18:12 2021 +0200 Commit: Jan Beulich CommitDate: Fri Aug 20 16:18:12 2021 +0200 ns16550: properly gate Exar PCIe UART cards support Arm is about to get PCI passthrough support which means CONFIG_HAS_PCI will be enabled, so this code will fail as Arm doesn't have ns16550 PCI support: ns16550.c:313:5: error: implicit declaration of function 'enable_exar_enhanced_bits' [-Werror=implicit-function-declaration] 313 | enable_exar_enhanced_bits(uart); | ^~~~~~~~~~~~~~~~~~~~~~~~~ Fix this by gating Exar PCIe UART cards support with the above in mind. Signed-off-by: Oleksandr Andrushchenko Reviewed-by: Jan Beulich --- xen/drivers/char/ns16550.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/drivers/char/ns16550.c b/xen/drivers/char/ns16550.c index b777c8711e..e2c24082c3 100644 --- a/xen/drivers/char/ns16550.c +++ b/xen/drivers/char/ns16550.c @@ -308,7 +308,7 @@ static void ns16550_setup_preirq(struct ns16550 *uart) /* Handle the DesignWare 8250 'busy-detect' quirk. */ handle_dw_usr_busy_quirk(uart); -#ifdef CONFIG_HAS_PCI +#ifdef NS16550_PCI /* Enable Exar "Enhanced function bits" */ enable_exar_enhanced_bits(uart); #endif -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Aug 23 08:00:10 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 23 Aug 2021 08:00:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.170201.310880 (Exim 4.92) (envelope-from ) id 1mI4sG-0005Ko-6J; Mon, 23 Aug 2021 08:00:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 170201.310880; Mon, 23 Aug 2021 08:00:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mI4sG-0005KS-2L; Mon, 23 Aug 2021 08:00:04 +0000 Received: by outflank-mailman (input) for mailman id 170201; Mon, 23 Aug 2021 08:00:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mI4sE-0004vg-DN for xen-changelog@lists.xenproject.org; Mon, 23 Aug 2021 08:00:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mI4sE-0005Ky-CC for xen-changelog@lists.xenproject.org; Mon, 23 Aug 2021 08:00:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mI4sE-00044M-Av for xen-changelog@lists.xenproject.org; Mon, 23 Aug 2021 08:00:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Z76xZ4aODXlTbrPCzNCngo5oINhhEgZvoQu27p657Jg=; b=B4pmjn21t9E597aLejSgeFxX/h O4sZplh8DxFXzVqYIfSt96c/BrW8lu9ta/THQ8ywkKRC7ZO6uDHTsLE98o1vb489dtxkID7y2J9No kB7GapFTtplXd/6y9bSNiBhJHTUmCnUDeSpa9C2AKd4YV5h+6KPicQLi9GqPDvoLb+2k=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/PV: suppress unnecessary Dom0 construction output Message-Id: Date: Mon, 23 Aug 2021 08:00:02 +0000 commit 4c0a19991465fc19c5afa9bc3f304bae6044314e Author: Jan Beulich AuthorDate: Wed Aug 18 09:39:08 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 18 09:39:08 2021 +0200 x86/PV: suppress unnecessary Dom0 construction output v{xenstore,console}_{start,end} can only ever be zero in PV shim configurations. Similarly reporting just zeros for an unmapped (or absent) initrd is not useful. Particularly in case video is the only output configured, space is scarce: Split the printk() and omit lines carrying no information at all. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- xen/arch/x86/pv/dom0_build.c | 34 +++++++++++++++------------------- 1 file changed, 15 insertions(+), 19 deletions(-) diff --git a/xen/arch/x86/pv/dom0_build.c b/xen/arch/x86/pv/dom0_build.c index d5a1a6a4e2..778c863ea4 100644 --- a/xen/arch/x86/pv/dom0_build.c +++ b/xen/arch/x86/pv/dom0_build.c @@ -575,25 +575,21 @@ int __init dom0_construct_pv(struct domain *d, printk("\n Init. ramdisk: %"PRIpaddr"->%"PRIpaddr, mpt_alloc, mpt_alloc + initrd_len); } - printk("\nVIRTUAL MEMORY ARRANGEMENT:\n" - " Loaded kernel: %p->%p\n" - " Init. ramdisk: %p->%p\n" - " Phys-Mach map: %p->%p\n" - " Start info: %p->%p\n" - " Xenstore ring: %p->%p\n" - " Console ring: %p->%p\n" - " Page tables: %p->%p\n" - " Boot stack: %p->%p\n" - " TOTAL: %p->%p\n", - _p(vkern_start), _p(vkern_end), - _p(vinitrd_start), _p(vinitrd_end), - _p(vphysmap_start), _p(vphysmap_end), - _p(vstartinfo_start), _p(vstartinfo_end), - _p(vxenstore_start), _p(vxenstore_end), - _p(vconsole_start), _p(vconsole_end), - _p(vpt_start), _p(vpt_end), - _p(vstack_start), _p(vstack_end), - _p(v_start), _p(v_end)); + + printk("\nVIRTUAL MEMORY ARRANGEMENT:\n"); + printk(" Loaded kernel: %p->%p\n", _p(vkern_start), _p(vkern_end)); + if ( vinitrd_end > vinitrd_start ) + printk(" Init. ramdisk: %p->%p\n", _p(vinitrd_start), _p(vinitrd_end)); + printk(" Phys-Mach map: %p->%p\n", _p(vphysmap_start), _p(vphysmap_end)); + printk(" Start info: %p->%p\n", _p(vstartinfo_start), _p(vstartinfo_end)); + if ( pv_shim ) + { + printk(" Xenstore ring: %p->%p\n", _p(vxenstore_start), _p(vxenstore_end)); + printk(" Console ring: %p->%p\n", _p(vconsole_start), _p(vconsole_end)); + } + printk(" Page tables: %p->%p\n", _p(vpt_start), _p(vpt_end)); + printk(" Boot stack: %p->%p\n", _p(vstack_start), _p(vstack_end)); + printk(" TOTAL: %p->%p\n", _p(v_start), _p(v_end)); printk(" ENTRY ADDRESS: %p\n", _p(parms.virt_entry)); process_pending_softirqs(); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Aug 23 08:00:14 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 23 Aug 2021 08:00:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.170206.310884 (Exim 4.92) (envelope-from ) id 1mI4sQ-0005nC-DJ; Mon, 23 Aug 2021 08:00:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 170206.310884; Mon, 23 Aug 2021 08:00:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mI4sQ-0005n4-8x; Mon, 23 Aug 2021 08:00:14 +0000 Received: by outflank-mailman (input) for mailman id 170206; Mon, 23 Aug 2021 08:00:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mI4sO-0005mk-HI for xen-changelog@lists.xenproject.org; Mon, 23 Aug 2021 08:00:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mI4sO-0005br-GP for xen-changelog@lists.xenproject.org; Mon, 23 Aug 2021 08:00:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mI4sO-00047u-FR for xen-changelog@lists.xenproject.org; Mon, 23 Aug 2021 08:00:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Wm09b/2uqAG0PoQN+wTpHS5e6khT8MguEJ+5oNrbu78=; b=SL2vGqGUKyBLm5px4FhlccB14m UEWwESCK4ngdDAe6IzwgjC8kQ9nNEcqzoChJOvGU7+fIBuO4lx93/fsWJk5bZoujL8XBSnVjdgP3R zfGyVc2noadMxyWWGI4KIG6CywjjQS2vaBf4HmLx3PxG7ORV5OF3imQC4dZQ4Mm4Mc0w=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/PV: assert page state in mark_pv_pt_pages_rdonly() Message-Id: Date: Mon, 23 Aug 2021 08:00:12 +0000 commit 6b1ca51b1a91d002636518afe4a8a50ba7212495 Author: Jan Beulich AuthorDate: Wed Aug 18 09:40:08 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 18 09:40:08 2021 +0200 x86/PV: assert page state in mark_pv_pt_pages_rdonly() About every time I look at dom0_construct_pv()'s "calculation" of nr_pt_pages I question (myself) whether the result is precise or merely an upper bound. I think it is meant to be precise, but I think we would be better off having some checking in place. Hence add ASSERT()s to verify that - all pages have a valid L1...Ln (currently L4) page table type and - no other bits are set, in particular the type refcount is still zero. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper --- xen/arch/x86/pv/dom0_build.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/xen/arch/x86/pv/dom0_build.c b/xen/arch/x86/pv/dom0_build.c index 778c863ea4..6145d4320b 100644 --- a/xen/arch/x86/pv/dom0_build.c +++ b/xen/arch/x86/pv/dom0_build.c @@ -59,6 +59,16 @@ static __init void mark_pv_pt_pages_rdonly(struct domain *d, l1e_remove_flags(*pl1e, _PAGE_RW); page = mfn_to_page(l1e_get_mfn(*pl1e)); + /* + * Verify that + * - all pages have a valid L1...Ln page table type and + * - no other bits are set, in particular the type refcount is still + * zero. + */ + ASSERT((page->u.inuse.type_info & PGT_type_mask) >= PGT_l1_page_table); + ASSERT((page->u.inuse.type_info & PGT_type_mask) <= PGT_root_page_table); + ASSERT(!(page->u.inuse.type_info & ~PGT_type_mask)); + /* Read-only mapping + PGC_allocated + page-table page. */ page->count_info = PGC_allocated | 3; page->u.inuse.type_info |= PGT_validated | 1; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Aug 23 08:00:24 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 23 Aug 2021 08:00:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.170209.310901 (Exim 4.92) (envelope-from ) id 1mI4sa-0006Bu-1l; Mon, 23 Aug 2021 08:00:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 170209.310901; Mon, 23 Aug 2021 08:00:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mI4sZ-0006Bk-UF; Mon, 23 Aug 2021 08:00:23 +0000 Received: by outflank-mailman (input) for mailman id 170209; Mon, 23 Aug 2021 08:00:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mI4sY-0006B9-LY for xen-changelog@lists.xenproject.org; Mon, 23 Aug 2021 08:00:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mI4sY-0005cD-KX for xen-changelog@lists.xenproject.org; Mon, 23 Aug 2021 08:00:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mI4sY-0004Bv-JT for xen-changelog@lists.xenproject.org; Mon, 23 Aug 2021 08:00:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=b/5JiUH9Bvop39uVxPZUc7NU43XeK0iBLZXEB0fpIPc=; b=hPMtD36G4jQdiUYG6mEMZgU1zr ULuTVEbCQAf8AwAZ2n5/JYHY99qeYcH2KHgMj+8EjSZJdTwXzTRABgN/vXeoG/0vJeVHsarHKHzCD /U5cbO+Pzt+6/rdLb/FrXOiwTXT8tGlBUvcpbxHoM/WW7oj4CFkyV+yXRjpJfET4/CA8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] VT-d: Tylersburg errata apply to further steppings Message-Id: Date: Mon, 23 Aug 2021 08:00:22 +0000 commit 517a90d1ca09ce00e50d46ac25566cc3bd2eb34d Author: Jan Beulich AuthorDate: Wed Aug 18 09:44:14 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 18 09:44:14 2021 +0200 VT-d: Tylersburg errata apply to further steppings While for 5500 and 5520 chipsets only B3 and C2 are mentioned in the spec update, X58's also mentions B2, and searching the internet suggests systems with this stepping are actually in use. Even worse, for X58 erratum #69 is marked applicable even to C2. Split the check to cover all applicable steppings and to also report applicable errata numbers in the log message. The splitting requires using the DMI port instead of the System Management Registers device, but that's then in line (also revision checking wise) with the spec updates. Fixes: 6890cebc6a98 ("VT-d: deal with 5500/5520/X58 errata") Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian --- xen/drivers/passthrough/vtd/quirks.c | 34 +++++++++++++++++++++++++--------- 1 file changed, 25 insertions(+), 9 deletions(-) diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c index 8a81d9c930..2ad76a0ae7 100644 --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -268,26 +268,42 @@ static int __init parse_snb_timeout(const char *s) } custom_param("snb_igd_quirk", parse_snb_timeout); -/* 5500/5520/X58 Chipset Interrupt remapping errata, for stepping B-3. - * Fixed in stepping C-2. */ +/* + * 5500/5520/X58 chipset interrupt remapping errata, for steppings B2 and B3. + * Fixed in stepping C2 except on X58. + */ static void __init tylersburg_intremap_quirk(void) { - uint32_t bus, device; + unsigned int bus; uint8_t rev; for ( bus = 0; bus < 0x100; bus++ ) { - /* Match on System Management Registers on Device 20 Function 0 */ - device = pci_conf_read32(PCI_SBDF(0, bus, 20, 0), PCI_VENDOR_ID); - rev = pci_conf_read8(PCI_SBDF(0, bus, 20, 0), PCI_REVISION_ID); + /* Match on DMI port (Device 0 Function 0) */ + rev = pci_conf_read8(PCI_SBDF(0, bus, 0, 0), PCI_REVISION_ID); - if ( rev == 0x13 && device == 0x342e8086 ) + switch ( pci_conf_read32(PCI_SBDF(0, bus, 0, 0), PCI_VENDOR_ID) ) { + default: + continue; + + case 0x34038086: case 0x34068086: + if ( rev >= 0x22 ) + continue; + printk(XENLOG_WARNING VTDPREFIX + "Disabling IOMMU due to Intel 5500/5520 chipset errata #47 and #53\n"); + iommu_enable = false; + break; + + case 0x34058086: printk(XENLOG_WARNING VTDPREFIX - "Disabling IOMMU due to Intel 5500/5520/X58 Chipset errata #47, #53\n"); - iommu_enable = 0; + "Disabling IOMMU due to Intel X58 chipset %s\n", + rev < 0x22 ? "errata #62 and #69" : "erratum #69"); + iommu_enable = false; break; } + + break; } } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Aug 23 08:00:34 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 23 Aug 2021 08:00:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.170211.310909 (Exim 4.92) (envelope-from ) id 1mI4sk-0006PQ-44; Mon, 23 Aug 2021 08:00:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 170211.310909; Mon, 23 Aug 2021 08:00:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mI4sk-0006PH-0W; Mon, 23 Aug 2021 08:00:34 +0000 Received: by outflank-mailman (input) for mailman id 170211; Mon, 23 Aug 2021 08:00:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mI4si-0006Od-Qe for xen-changelog@lists.xenproject.org; Mon, 23 Aug 2021 08:00:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mI4si-0005cZ-Pg for xen-changelog@lists.xenproject.org; Mon, 23 Aug 2021 08:00:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mI4si-0004ML-NH for xen-changelog@lists.xenproject.org; Mon, 23 Aug 2021 08:00:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=djZH+0klv6wod/pyCNcm+dcLyhPgdSWwknfyBxjngKI=; b=jEtjMHp9Kt/e+t9xc2TfJjdZ19 3aJezIjzdBXLOBTQeNR38zkXfEgneM7hFuKoe0XfXVxYDe3VEzfgsXFeaU/fqqw5SH/wI87/X1D5O yfzD2yblAKk71dxgmMwBCGNlv2ydsOhThP4RI0SuX6JyA9zzNAsmfoIycX71ABHx1PMg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86: mark compat hypercall regs clobbering for intended fall-through Message-Id: Date: Mon, 23 Aug 2021 08:00:32 +0000 commit dd635cebd1eefc7f90bbe3d5df2524a2a3a94f88 Author: Jan Beulich AuthorDate: Thu Aug 19 13:36:54 2021 +0200 Commit: Jan Beulich CommitDate: Thu Aug 19 13:36:54 2021 +0200 x86: mark compat hypercall regs clobbering for intended fall-through Oddly enough in the original report Coverity only complained about the native hypercall related switch() statements. Now that it has seen those fixed, it complains about (only HVM) compat ones. Hence the CIDs below are all for the HVM side of things, yet while at it take care of the PV side as well. Coverity-ID: 1487105, 1487106, 1487107, 1487108, 1487109. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- xen/arch/x86/hvm/hypercall.c | 20 ++++++++++---------- xen/arch/x86/pv/hypercall.c | 20 ++++++++++---------- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/xen/arch/x86/hvm/hypercall.c b/xen/arch/x86/hvm/hypercall.c index 263d5407ea..261d8ee8a4 100644 --- a/xen/arch/x86/hvm/hypercall.c +++ b/xen/arch/x86/hvm/hypercall.c @@ -292,11 +292,11 @@ int hvm_hypercall(struct cpu_user_regs *regs) /* Deliberately corrupt parameter regs not used by this hypercall. */ switch ( hypercall_args_table[eax].compat ) { - case 0: ebx = 0xdeadf00d; - case 1: ecx = 0xdeadf00d; - case 2: edx = 0xdeadf00d; - case 3: esi = 0xdeadf00d; - case 4: edi = 0xdeadf00d; + case 0: ebx = 0xdeadf00d; fallthrough; + case 1: ecx = 0xdeadf00d; fallthrough; + case 2: edx = 0xdeadf00d; fallthrough; + case 3: esi = 0xdeadf00d; fallthrough; + case 4: edi = 0xdeadf00d; fallthrough; case 5: ebp = 0xdeadf00d; } #endif @@ -312,11 +312,11 @@ int hvm_hypercall(struct cpu_user_regs *regs) /* Deliberately corrupt parameter regs used by this hypercall. */ switch ( hypercall_args_table[eax].compat ) { - case 6: regs->rbp = 0xdeadf00d; - case 5: regs->rdi = 0xdeadf00d; - case 4: regs->rsi = 0xdeadf00d; - case 3: regs->rdx = 0xdeadf00d; - case 2: regs->rcx = 0xdeadf00d; + case 6: regs->rbp = 0xdeadf00d; fallthrough; + case 5: regs->rdi = 0xdeadf00d; fallthrough; + case 4: regs->rsi = 0xdeadf00d; fallthrough; + case 3: regs->rdx = 0xdeadf00d; fallthrough; + case 2: regs->rcx = 0xdeadf00d; fallthrough; case 1: regs->rbx = 0xdeadf00d; } } diff --git a/xen/arch/x86/pv/hypercall.c b/xen/arch/x86/pv/hypercall.c index 03939bdfcf..9765e674cf 100644 --- a/xen/arch/x86/pv/hypercall.c +++ b/xen/arch/x86/pv/hypercall.c @@ -197,11 +197,11 @@ void pv_hypercall(struct cpu_user_regs *regs) /* Deliberately corrupt parameter regs not used by this hypercall. */ switch ( hypercall_args_table[eax].compat ) { - case 0: ebx = 0xdeadf00d; - case 1: ecx = 0xdeadf00d; - case 2: edx = 0xdeadf00d; - case 3: esi = 0xdeadf00d; - case 4: edi = 0xdeadf00d; + case 0: ebx = 0xdeadf00d; fallthrough; + case 1: ecx = 0xdeadf00d; fallthrough; + case 2: edx = 0xdeadf00d; fallthrough; + case 3: esi = 0xdeadf00d; fallthrough; + case 4: edi = 0xdeadf00d; fallthrough; case 5: ebp = 0xdeadf00d; } #endif @@ -223,11 +223,11 @@ void pv_hypercall(struct cpu_user_regs *regs) /* Deliberately corrupt parameter regs used by this hypercall. */ switch ( hypercall_args_table[eax].compat ) { - case 6: regs->ebp = 0xdeadf00d; - case 5: regs->edi = 0xdeadf00d; - case 4: regs->esi = 0xdeadf00d; - case 3: regs->edx = 0xdeadf00d; - case 2: regs->ecx = 0xdeadf00d; + case 6: regs->ebp = 0xdeadf00d; fallthrough; + case 5: regs->edi = 0xdeadf00d; fallthrough; + case 4: regs->esi = 0xdeadf00d; fallthrough; + case 3: regs->edx = 0xdeadf00d; fallthrough; + case 2: regs->ecx = 0xdeadf00d; fallthrough; case 1: regs->ebx = 0xdeadf00d; } } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Aug 23 08:00:44 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 23 Aug 2021 08:00:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.170214.310913 (Exim 4.92) (envelope-from ) id 1mI4su-0006ab-5K; Mon, 23 Aug 2021 08:00:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 170214.310913; Mon, 23 Aug 2021 08:00:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mI4su-0006aT-22; Mon, 23 Aug 2021 08:00:44 +0000 Received: by outflank-mailman (input) for mailman id 170214; Mon, 23 Aug 2021 08:00:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mI4ss-0006aF-U5 for xen-changelog@lists.xenproject.org; Mon, 23 Aug 2021 08:00:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mI4ss-0005d3-TD for xen-changelog@lists.xenproject.org; Mon, 23 Aug 2021 08:00:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mI4ss-0004O2-SS for xen-changelog@lists.xenproject.org; Mon, 23 Aug 2021 08:00:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=PEPJLSiAWhVTmoWhxEvUmPYTZZnN6YO81C6+E9Yz4eQ=; b=43C+GUvdeVvoI/5kJ7KeidXs4H OkXkni5nmnyv9DjotO+xUjvsRbuaLa+uYWRNO2wYXn9Ij8C8iYfDDRaRFMGVlbxxxUmEs3xwlsY11 fjD8qWVaUs9wl9rBX7ybMl0I4AaFdgNZtnABR+BDYUYW+YDhrU6xNKeQgBTfzu6cEfuE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] Arm: relax iomem_access_permitted() check Message-Id: Date: Mon, 23 Aug 2021 08:00:42 +0000 commit 475715d65a1084fd38c5baa12c18d1e2f5f74ea0 Author: Jan Beulich AuthorDate: Thu Aug 19 13:37:42 2021 +0200 Commit: Jan Beulich CommitDate: Thu Aug 19 13:37:42 2021 +0200 Arm: relax iomem_access_permitted() check Ranges checked by iomem_access_permitted() are inclusive; to permit a mapping there's no need for access to also have been granted for the subsequent page. Fixes: 80f9c3167084 ("xen/arm: acpi: Map MMIO on fault in stage-2 page table for the hardware domain") Signed-off-by: Jan Beulich Reviewed-by: Julien Grall --- xen/arch/arm/traps.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c index 4ccb6e7d18..219ab3c3fb 100644 --- a/xen/arch/arm/traps.c +++ b/xen/arch/arm/traps.c @@ -1893,7 +1893,7 @@ static bool try_map_mmio(gfn_t gfn) return false; /* The hardware domain can only map permitted MMIO regions */ - if ( !iomem_access_permitted(d, mfn_x(mfn), mfn_x(mfn) + 1) ) + if ( !iomem_access_permitted(d, mfn_x(mfn), mfn_x(mfn)) ) return false; return !map_regions_p2mt(d, gfn, 1, mfn, p2m_mmio_direct_c); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Aug 23 08:00:54 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 23 Aug 2021 08:00:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.170215.310917 (Exim 4.92) (envelope-from ) id 1mI4t4-0006iQ-6r; Mon, 23 Aug 2021 08:00:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 170215.310917; Mon, 23 Aug 2021 08:00:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mI4t4-0006iI-3g; Mon, 23 Aug 2021 08:00:54 +0000 Received: by outflank-mailman (input) for mailman id 170215; Mon, 23 Aug 2021 08:00:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mI4t3-0006i4-24 for xen-changelog@lists.xenproject.org; Mon, 23 Aug 2021 08:00:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mI4t3-0005dK-1H for xen-changelog@lists.xenproject.org; Mon, 23 Aug 2021 08:00:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mI4t3-0004Pi-0B for xen-changelog@lists.xenproject.org; Mon, 23 Aug 2021 08:00:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Prg8UAi/lNfxrYkDFszeE5JXSHkrOuiW6pHob+NIK2c=; b=jV+Pj663hWLr/ofPtADxw40kYf FEwXbdpMVJxqK5Im61suc2BPQtfLlk+O+QogUU8Qxf6+vWgVU8SCSEGIv5gE9Gy+QZ7umZdFw6VCP RJnu4AHhFOqHru78hXr9eH3YfwYQovhSuyyRq+yrEqyiF6iyqC4vk20l4cuRRIDzfCdA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/sched: fix get_cpu_idle_time() for smt=0 suspend/resume Message-Id: Date: Mon, 23 Aug 2021 08:00:53 +0000 commit 5293470a77ad980dce2af9b7e6c3f11eeebf1b64 Author: Juergen Gross AuthorDate: Thu Aug 19 13:38:31 2021 +0200 Commit: Jan Beulich CommitDate: Thu Aug 19 13:38:31 2021 +0200 xen/sched: fix get_cpu_idle_time() for smt=0 suspend/resume With smt=0 during a suspend/resume cycle of the machine the threads which have been parked before will briefly come up again. This can result in problems e.g. with cpufreq driver being active as this will call into get_cpu_idle_time() for a cpu without initialized scheduler data. Fix that by letting get_cpu_idle_time() deal with this case. Drop a redundant check in exchange. Fixes: 132cbe8f35632fb2 ("sched: fix get_cpu_idle_time() with core scheduling") Reported-by: Marek Marczykowski-Górecki Signed-off-by: Juergen Gross Tested-by: Marek Marczykowski-Górecki Reviewed-by: Jan Beulich Acked-by: Dario Faggioli --- xen/common/sched/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/common/sched/core.c b/xen/common/sched/core.c index 6d34764d38..8d178baf3d 100644 --- a/xen/common/sched/core.c +++ b/xen/common/sched/core.c @@ -337,7 +337,7 @@ uint64_t get_cpu_idle_time(unsigned int cpu) struct vcpu_runstate_info state = { 0 }; const struct vcpu *v = idle_vcpu[cpu]; - if ( cpu_online(cpu) && v ) + if ( cpu_online(cpu) && get_sched_res(cpu) ) vcpu_runstate_get(v, &state); return state.time[RUNSTATE_running]; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Aug 23 08:01:04 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 23 Aug 2021 08:01:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.170218.310921 (Exim 4.92) (envelope-from ) id 1mI4tE-0006uQ-8M; Mon, 23 Aug 2021 08:01:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 170218.310921; Mon, 23 Aug 2021 08:01:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mI4tE-0006uI-5G; Mon, 23 Aug 2021 08:01:04 +0000 Received: by outflank-mailman (input) for mailman id 170218; Mon, 23 Aug 2021 08:01:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mI4tD-0006u8-66 for xen-changelog@lists.xenproject.org; Mon, 23 Aug 2021 08:01:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mI4tD-0005di-5B for xen-changelog@lists.xenproject.org; Mon, 23 Aug 2021 08:01:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mI4tD-0004S5-49 for xen-changelog@lists.xenproject.org; Mon, 23 Aug 2021 08:01:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=7wfRQyg2aCfJTufPJ96tv64PJWyWzAwRyzr8kOgIEDI=; b=Yn5W6ks3KeVaxGDk7M4jFSqRsS FddxEpfhO3dbpMRRnrRIkx7fd8aHxk/O3QXdnm3nq4cl2yYZnntXNNoc21APRMZXmpvv8czpqxNR+ YSwDPXkCOEowlPBWtrp7lxIbP/TLg0IfXc5jY75jOmBNIYiXpDk37dVjq15Zktu0RmTc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] libs/guest: Move the guest ABI check earlier into xc_dom_parse_image() Message-Id: Date: Mon, 23 Aug 2021 08:01:03 +0000 commit 1787cc167906f3fef547affb443a64762392c464 Author: Jane Malalane AuthorDate: Tue Aug 17 16:19:24 2021 +0100 Commit: Andrew Cooper CommitDate: Thu Aug 19 18:34:53 2021 +0100 libs/guest: Move the guest ABI check earlier into xc_dom_parse_image() Xen may not support 32-bit PV guest for a number of reasons (lack of CONFIG_PV32, explicit pv=no-32 command line argument, or implicitly due to CET being enabled) and advertises this to the toolstack via the absence of xen-3.0-x86_32p ABI. Currently, when trying to boot a 32-bit PV guest, the ABI check is too late and the build explodes in the following manner yielding an unhelpful error message: xc: error: panic: xg_dom_boot.c:121: xc_dom_boot_mem_init: can't allocate low memory for domain: Out of memory libxl: error: libxl_dom.c:586:libxl__build_dom: xc_dom_boot_mem_init failed: Operation not supported libxl: error: libxl_create.c:1573:domcreate_rebuild_done: Domain 1:cannot (re-)build domain: -3 libxl: error: libxl_domain.c:1182:libxl__destroy_domid: Domain 1:Non-existant domain libxl: error: libxl_domain.c:1136:domain_destroy_callback: Domain 1:Unable to destroy guest libxl: error: libxl_domain.c:1063:domain_destroy_cb: Domain 1:Destruction of domain failed Move the ABI check earlier into xc_dom_parse_image() along with other ELF-note feature checks. With this adjustment, it now looks like this: xc: error: panic: xg_dom_boot.c:88: xc_dom_compat_check: guest type xen-3.0-x86_32p not supported by xen kernel, sorry: Invalid kernel libxl: error: libxl_dom.c:571:libxl__build_dom: xc_dom_parse_image failed domainbuilder: detail: xc_dom_release: called libxl: error: libxl_create.c:1573:domcreate_rebuild_done: Domain 11:cannot (re-)build domain: -3 libxl: error: libxl_domain.c:1182:libxl__destroy_domid: Domain 11:Non-existant domain libxl: error: libxl_domain.c:1136:domain_destroy_callback: Domain 11:Unable to destroy guest libxl: error: libxl_domain.c:1063:domain_destroy_cb: Domain 11:Destruction of domain failed Suggested-by: Andrew Cooper Signed-off-by: Jane Malalane Reviewed-by: Andrew Cooper Acked-by: Ian Jackson --- tools/libs/guest/xg_dom_boot.c | 4 ---- tools/libs/guest/xg_dom_core.c | 4 ++++ 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tools/libs/guest/xg_dom_boot.c b/tools/libs/guest/xg_dom_boot.c index dac96b17a5..f809dcbe97 100644 --- a/tools/libs/guest/xg_dom_boot.c +++ b/tools/libs/guest/xg_dom_boot.c @@ -191,10 +191,6 @@ int xc_dom_boot_image(struct xc_dom_image *dom) } dom->shared_info_mfn = info.shared_info_frame; - /* sanity checks */ - if ( !xc_dom_compat_check(dom) ) - return -1; - /* initial mm setup */ if ( dom->arch_hooks->setup_pgtables && (rc = dom->arch_hooks->setup_pgtables(dom)) != 0 ) diff --git a/tools/libs/guest/xg_dom_core.c b/tools/libs/guest/xg_dom_core.c index 4918ee517b..2e4c1330ea 100644 --- a/tools/libs/guest/xg_dom_core.c +++ b/tools/libs/guest/xg_dom_core.c @@ -922,6 +922,10 @@ int xc_dom_parse_image(struct xc_dom_image *dom) goto err; } + /* Check guest ABI */ + if ( !xc_dom_compat_check(dom) ) + return -1; + /* check features */ for ( i = 0; i < XENFEAT_NR_SUBMAPS; i++ ) { -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Aug 23 08:01:14 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 23 Aug 2021 08:01:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.170220.310925 (Exim 4.92) (envelope-from ) id 1mI4tO-0006yJ-BL; Mon, 23 Aug 2021 08:01:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 170220.310925; Mon, 23 Aug 2021 08:01:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mI4tO-0006yB-8K; Mon, 23 Aug 2021 08:01:14 +0000 Received: by outflank-mailman (input) for mailman id 170220; Mon, 23 Aug 2021 08:01:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mI4tN-0006xx-9c for xen-changelog@lists.xenproject.org; Mon, 23 Aug 2021 08:01:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mI4tN-0005dt-8m for xen-changelog@lists.xenproject.org; Mon, 23 Aug 2021 08:01:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mI4tN-0004UF-7x for xen-changelog@lists.xenproject.org; Mon, 23 Aug 2021 08:01:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=HozzDnkErmb2E6iEzRgMdYYXwpzY4PBGt6QGMTfOcB0=; b=GkZ1W9K+rpxuhvY6yuOjLXoXW1 rv1d3+UXSIgiuQMAddeI99UDn1O9foWZ2gGw76r7h88MqoiX4yUV69CYPR4WW1LWHHRvI7zRdkBy1 f2TM2Hr96sBiivcr+T28QdSPpejZjnRQhsDzotTbuYd42uTEoZZJzpFRwGZ+TLh6CQk8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/PV: account for 32-bit Dom0 in mark_pv_pt_pages_rdonly()'s ASSERT()s Message-Id: Date: Mon, 23 Aug 2021 08:01:13 +0000 commit 9ee27aa7a2bab460769a6621895898ba3a7fb445 Author: Jan Beulich AuthorDate: Fri Aug 20 12:28:07 2021 +0200 Commit: Jan Beulich CommitDate: Fri Aug 20 12:28:07 2021 +0200 x86/PV: account for 32-bit Dom0 in mark_pv_pt_pages_rdonly()'s ASSERT()s Clearly I neglected the special needs here, and also failed to test the change with a debug build of Xen. Fixes: 6b1ca51b1a91 ("x86/PV: assert page state in mark_pv_pt_pages_rdonly()") Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper --- xen/arch/x86/pv/dom0_build.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/pv/dom0_build.c b/xen/arch/x86/pv/dom0_build.c index 6145d4320b..d7f9e04b28 100644 --- a/xen/arch/x86/pv/dom0_build.c +++ b/xen/arch/x86/pv/dom0_build.c @@ -61,13 +61,14 @@ static __init void mark_pv_pt_pages_rdonly(struct domain *d, /* * Verify that - * - all pages have a valid L1...Ln page table type and + * - all pages have a valid L1...Ln page table type (including the PAE + * sub-flavor of L2) and * - no other bits are set, in particular the type refcount is still * zero. */ ASSERT((page->u.inuse.type_info & PGT_type_mask) >= PGT_l1_page_table); ASSERT((page->u.inuse.type_info & PGT_type_mask) <= PGT_root_page_table); - ASSERT(!(page->u.inuse.type_info & ~PGT_type_mask)); + ASSERT(!(page->u.inuse.type_info & ~(PGT_type_mask | PGT_pae_xen_l2))); /* Read-only mapping + PGC_allocated + page-table page. */ page->count_info = PGC_allocated | 3; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Aug 23 08:01:24 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 23 Aug 2021 08:01:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.170221.310929 (Exim 4.92) (envelope-from ) id 1mI4tY-00071A-D6; Mon, 23 Aug 2021 08:01:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 170221.310929; Mon, 23 Aug 2021 08:01:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mI4tY-000712-9y; Mon, 23 Aug 2021 08:01:24 +0000 Received: by outflank-mailman (input) for mailman id 170221; Mon, 23 Aug 2021 08:01:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mI4tX-00070k-DM for xen-changelog@lists.xenproject.org; Mon, 23 Aug 2021 08:01:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mI4tX-0005e8-CQ for xen-changelog@lists.xenproject.org; Mon, 23 Aug 2021 08:01:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mI4tX-0004WP-Bc for xen-changelog@lists.xenproject.org; Mon, 23 Aug 2021 08:01:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=dv7fvnpma26uBw9hCmaILxJmpVhAJYLMM433smLrWRg=; b=um0dQTyj7tVuHAkmpYz4YNf5M2 2jKCCg9yM5Kd4mfKJnp8Ss5AHuLjt1cjCm0Q/l7maLlAudzEECJY0bcpHJI548kzxSi5u7UMmsUsi UdaJYo2a8AEZbG+emQTj5i4ezUUIsnR5l+vk/Y6DBj35WsocHADtrxJRjdC6hElJe+oE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] ns16550: specify uart param for ns_{read,write}_reg as const Message-Id: Date: Mon, 23 Aug 2021 08:01:23 +0000 commit 3e1dea307b9bd03807f86e2265908039b2f9accf Author: Marek Marczykowski-Górecki AuthorDate: Fri Aug 20 12:29:05 2021 +0200 Commit: Jan Beulich CommitDate: Fri Aug 20 12:29:05 2021 +0200 ns16550: specify uart param for ns_{read,write}_reg as const They don't modify it, after all. Signed-off-by: Marek Marczykowski-Górecki Reviewed-by: Jan Beulich --- xen/drivers/char/ns16550.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/drivers/char/ns16550.c b/xen/drivers/char/ns16550.c index 97b85b0225..20da8fd3b4 100644 --- a/xen/drivers/char/ns16550.c +++ b/xen/drivers/char/ns16550.c @@ -108,7 +108,7 @@ struct ns16550_config_param { static void ns16550_delayed_resume(void *data); -static u8 ns_read_reg(struct ns16550 *uart, unsigned int reg) +static u8 ns_read_reg(const struct ns16550 *uart, unsigned int reg) { void __iomem *addr = uart->remapped_io_base + (reg << uart->reg_shift); #ifdef CONFIG_HAS_IOPORTS @@ -126,7 +126,7 @@ static u8 ns_read_reg(struct ns16550 *uart, unsigned int reg) } } -static void ns_write_reg(struct ns16550 *uart, unsigned int reg, u8 c) +static void ns_write_reg(const struct ns16550 *uart, unsigned int reg, u8 c) { void __iomem *addr = uart->remapped_io_base + (reg << uart->reg_shift); #ifdef CONFIG_HAS_IOPORTS -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Aug 23 08:01:35 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 23 Aug 2021 08:01:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.170222.310934 (Exim 4.92) (envelope-from ) id 1mI4tj-00074a-FF; Mon, 23 Aug 2021 08:01:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 170222.310934; Mon, 23 Aug 2021 08:01:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mI4tj-00074P-Bh; Mon, 23 Aug 2021 08:01:35 +0000 Received: by outflank-mailman (input) for mailman id 170222; Mon, 23 Aug 2021 08:01:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mI4th-000749-Gx for xen-changelog@lists.xenproject.org; Mon, 23 Aug 2021 08:01:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mI4th-0005eZ-GA for xen-changelog@lists.xenproject.org; Mon, 23 Aug 2021 08:01:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mI4th-0004YU-FK for xen-changelog@lists.xenproject.org; Mon, 23 Aug 2021 08:01:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=FjVt7rjS5ndih477taGEo17RHJyn3bkEH+KG8+9uxk0=; b=h+nYKKtWK/Hg+9ZG38vrshOzXq QqhwxQdg22BQLIJelcQ7U9aNEnOhQ4asy4BUArljzTMoXsTxrmFmEOwnzHaRc77Pkya/bp3TaIw+W xd8bh+Yr0DzsPaWZ4WuvVXv372uJIo/qGrdNuuNQKs8IBXxQtiOTiUQUbuZz9ebzovIk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] ns16550: add Exar PCIe UART cards support Message-Id: Date: Mon, 23 Aug 2021 08:01:33 +0000 commit 5ffd37db2ff6fecfaee5bb2ebdaaff1cfb54b1a2 Author: Marek Marczykowski-Górecki AuthorDate: Fri Aug 20 12:29:45 2021 +0200 Commit: Jan Beulich CommitDate: Fri Aug 20 12:29:45 2021 +0200 ns16550: add Exar PCIe UART cards support Besides standard UART setup, this device needs enabling (vendor-specific) "Enhanced Control Bits" - otherwise disabling hardware control flow (MCR[2]) is ignored. Add appropriate quirk to the ns16550_setup_preirq(), similar to the handle_dw_usr_busy_quirk(). The new function act on Exar 2-, 4-, and 8- port cards only. I have tested the functionality on 2-port card but based on the Linux driver, the same applies to other models too. Additionally, Exar card supports fractional divisor (DLD[3:0] register, at 0x02). This part is not supported here yet, and seems to not be required for working 115200bps at the very least. The specification for the 2-port card is available at: https://www.maxlinear.com/product/interface/uarts/pcie-uarts/xr17v352 Signed-off-by: Marek Marczykowski-Górecki Reviewed-by: Jan Beulich --- xen/drivers/char/ns16550.c | 83 +++++++++++++++++++++++++++++++++++++++++++-- xen/include/xen/8250-uart.h | 4 +++ xen/include/xen/pci_ids.h | 2 ++ 3 files changed, 87 insertions(+), 2 deletions(-) diff --git a/xen/drivers/char/ns16550.c b/xen/drivers/char/ns16550.c index 20da8fd3b4..b777c8711e 100644 --- a/xen/drivers/char/ns16550.c +++ b/xen/drivers/char/ns16550.c @@ -88,6 +88,9 @@ struct ns16550_config { param_pericom_2port, param_pericom_4port, param_pericom_8port, + param_exar_xr17v352, + param_exar_xr17v354, + param_exar_xr17v358, } param; }; @@ -104,6 +107,8 @@ struct ns16550_config_param { unsigned int uart_offset; unsigned int first_offset; }; + +static void enable_exar_enhanced_bits(const struct ns16550 *uart); #endif static void ns16550_delayed_resume(void *data); @@ -303,6 +308,11 @@ static void ns16550_setup_preirq(struct ns16550 *uart) /* Handle the DesignWare 8250 'busy-detect' quirk. */ handle_dw_usr_busy_quirk(uart); +#ifdef CONFIG_HAS_PCI + /* Enable Exar "Enhanced function bits" */ + enable_exar_enhanced_bits(uart); +#endif + /* Line control and baud-rate generator. */ ns_write_reg(uart, UART_LCR, lcr | UART_LCR_DLAB); if ( uart->baud != BAUD_AUTO ) @@ -781,7 +791,37 @@ static const struct ns16550_config_param __initconst uart_param[] = { .lsr_mask = UART_LSR_THRE, .bar0 = 1, .max_ports = 8, - } + }, + [param_exar_xr17v352] = { + .base_baud = 7812500, + .uart_offset = 0x400, + .reg_width = 1, + .fifo_size = 256, + .lsr_mask = UART_LSR_THRE, + .bar0 = 1, + .mmio = 1, + .max_ports = 2, + }, + [param_exar_xr17v354] = { + .base_baud = 7812500, + .uart_offset = 0x400, + .reg_width = 1, + .fifo_size = 256, + .lsr_mask = UART_LSR_THRE, + .bar0 = 1, + .mmio = 1, + .max_ports = 4, + }, + [param_exar_xr17v358] = { + .base_baud = 7812500, + .uart_offset = 0x400, + .reg_width = 1, + .fifo_size = 256, + .lsr_mask = UART_LSR_THRE, + .bar0 = 1, + .mmio = 1, + .max_ports = 8, + }, }; static const struct ns16550_config __initconst uart_config[] = @@ -1007,7 +1047,25 @@ static const struct ns16550_config __initconst uart_config[] = .vendor_id = PCI_VENDOR_ID_PERICOM, .dev_id = 0x7958, .param = param_pericom_8port - } + }, + /* Exar Corp. XR17V352 Dual PCIe UART */ + { + .vendor_id = PCI_VENDOR_ID_EXAR, + .dev_id = 0x0352, + .param = param_exar_xr17v352 + }, + /* Exar Corp. XR17V354 Quad PCIe UART */ + { + .vendor_id = PCI_VENDOR_ID_EXAR, + .dev_id = 0x0354, + .param = param_exar_xr17v354 + }, + /* Exar Corp. XR17V358 Octal PCIe UART */ + { + .vendor_id = PCI_VENDOR_ID_EXAR, + .dev_id = 0x0358, + .param = param_exar_xr17v358 + }, }; static int __init @@ -1177,6 +1235,27 @@ pci_uart_config(struct ns16550 *uart, bool_t skip_amt, unsigned int idx) return 0; } +static void enable_exar_enhanced_bits(const struct ns16550 *uart) +{ + uint8_t efr; + + switch ( uart->param - uart_param ) + { + case param_exar_xr17v352: + case param_exar_xr17v354: + case param_exar_xr17v358: + /* + * Exar XR17V35x cards ignore setting MCR[2] (hardware flow control) + * unless "Enhanced control bits" is enabled. + * The below checks for a 2, 4 or 8 port UART, following Linux driver. + */ + efr = ns_read_reg(uart, UART_XR_EFR); + efr |= UART_EFR_ECB; + ns_write_reg(uart, UART_XR_EFR, efr); + break; + } +} + #endif /* CONFIG_HAS_PCI */ /* diff --git a/xen/include/xen/8250-uart.h b/xen/include/xen/8250-uart.h index 5c3bac3322..d13352940c 100644 --- a/xen/include/xen/8250-uart.h +++ b/xen/include/xen/8250-uart.h @@ -35,6 +35,7 @@ #define UART_USR 0x1f /* Status register (DW) */ #define UART_DLL 0x00 /* divisor latch (ls) (DLAB=1) */ #define UART_DLM 0x01 /* divisor latch (ms) (DLAB=1) */ +#define UART_XR_EFR 0x09 /* Enhanced function register (Exar) */ /* Interrupt Enable Register */ #define UART_IER_ERDAI 0x01 /* rx data recv'd */ @@ -121,6 +122,9 @@ /* Frequency of external clock source. This definition assumes PC platform. */ #define UART_CLOCK_HZ 1843200 +/* Bits in Exar specific UART_XR_EFR register */ +#define UART_EFR_ECB 0x10 + /* Resume retry settings */ #define RESUME_DELAY MILLISECS(10) #define RESUME_RETRIES 100 diff --git a/xen/include/xen/pci_ids.h b/xen/include/xen/pci_ids.h index 7788ba9d2f..e798477a7e 100644 --- a/xen/include/xen/pci_ids.h +++ b/xen/include/xen/pci_ids.h @@ -4,6 +4,8 @@ #define PCI_VENDOR_ID_PERICOM 0x12d8 +#define PCI_VENDOR_ID_EXAR 0x13a8 + #define PCI_VENDOR_ID_OXSEMI 0x1415 #define PCI_VENDOR_ID_BROADCOM 0x14e4 -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Aug 23 08:01:45 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 23 Aug 2021 08:01:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.170223.310937 (Exim 4.92) (envelope-from ) id 1mI4tt-00077J-Gk; Mon, 23 Aug 2021 08:01:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 170223.310937; Mon, 23 Aug 2021 08:01:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mI4tt-00077B-DG; Mon, 23 Aug 2021 08:01:45 +0000 Received: by outflank-mailman (input) for mailman id 170223; Mon, 23 Aug 2021 08:01:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mI4tr-00076s-Kd for xen-changelog@lists.xenproject.org; Mon, 23 Aug 2021 08:01:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mI4tr-0005eh-Jh for xen-changelog@lists.xenproject.org; Mon, 23 Aug 2021 08:01:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mI4tr-0004aC-It for xen-changelog@lists.xenproject.org; Mon, 23 Aug 2021 08:01:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=6nQI9wigMivHLMe2ATSHbDrGjaDXR3nUyzL73N0g36k=; b=CZXZ1FyKeyAAqbCl+1CMDIds6E Uhcaq1ILRGAYDF04mEsEYZ4qlBsAg2y5WGGS48OwRyg5Dxa6yroO+bBit8JCK83q2g0YIQW9r4wSL CEIKyu+h1oxogGq4oFZf97sMXlLA+eHhpCTkP2BKnGvMFj48iNWY0W/1+jdmPXXlem0o=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] AMD/IOMMU: don't leave page table mapped when unmapping ... Message-Id: Date: Mon, 23 Aug 2021 08:01:43 +0000 commit 3cfec6a6aa7a7bf68f8e19e21f450c2febe9acb4 Author: Jan Beulich AuthorDate: Fri Aug 20 12:30:35 2021 +0200 Commit: Jan Beulich CommitDate: Fri Aug 20 12:30:35 2021 +0200 AMD/IOMMU: don't leave page table mapped when unmapping ... ... an already not mapped page. With all other exit paths doing the unmap, I have no idea how I managed to miss that aspect at the time. Fixes: ad591454f069 ("AMD/IOMMU: don't needlessly trigger errors/crashes when unmapping a page") Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant --- xen/drivers/passthrough/amd/iommu_map.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 560af54b76..1ed39bbee5 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -243,7 +243,10 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, else if ( !pde->pr ) { if ( !map ) + { + unmap_domain_page(next_table_vaddr); return 0; + } if ( next_table_mfn == 0 ) { -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Aug 23 08:01:55 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 23 Aug 2021 08:01:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.170224.310941 (Exim 4.92) (envelope-from ) id 1mI4u3-0007B7-I5; Mon, 23 Aug 2021 08:01:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 170224.310941; Mon, 23 Aug 2021 08:01:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mI4u3-0007Av-Em; Mon, 23 Aug 2021 08:01:55 +0000 Received: by outflank-mailman (input) for mailman id 170224; Mon, 23 Aug 2021 08:01:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mI4u1-0007AJ-OB for xen-changelog@lists.xenproject.org; Mon, 23 Aug 2021 08:01:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mI4u1-0005ev-NN for xen-changelog@lists.xenproject.org; Mon, 23 Aug 2021 08:01:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mI4u1-0004bx-Mb for xen-changelog@lists.xenproject.org; Mon, 23 Aug 2021 08:01:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=zD+UXyp65uXPH4XzPzyHDGRWu5lXRFYMApo3yGLdR0Q=; b=WYZP9P6Kr5FX2NkwMkSd4aN1ev xnZULA0Z6KowXYXaUxL0mBXI5MWu7PStgeIFfqYFE4WR/YMeRvMcR8BFwCANNtK1DhBbuuGZye8rj cwcV3vk+Es6JLcLSH8hB7rJJcMDMfZZKG+4V5nS46qT9kebmBaht4ypmggaUJ+K8kbyg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] AMD/IOMMU: don't increase perms when splitting superpage Message-Id: Date: Mon, 23 Aug 2021 08:01:53 +0000 commit b8238afd076189c1e1b459752f78e8639b5c2a3a Author: Jan Beulich AuthorDate: Fri Aug 20 12:31:08 2021 +0200 Commit: Jan Beulich CommitDate: Fri Aug 20 12:31:08 2021 +0200 AMD/IOMMU: don't increase perms when splitting superpage The old (super)page's permissions ought to be propagated, rather than blindly allowing both reads and writes. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant --- xen/drivers/passthrough/amd/iommu_map.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 1ed39bbee5..0d4dd7cc37 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -231,7 +231,7 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, next_table_mfn = mfn_x(page_to_mfn(table)); set_iommu_ptes_present(next_table_mfn, pfn, mfn, PTE_PER_TABLE_SIZE, - next_level, true, true); + next_level, pde->iw, pde->ir); smp_wmb(); set_iommu_pde_present(pde, next_table_mfn, next_level, true, true); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Aug 23 08:02:05 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 23 Aug 2021 08:02:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.170225.310945 (Exim 4.92) (envelope-from ) id 1mI4uD-0007EB-JN; Mon, 23 Aug 2021 08:02:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 170225.310945; Mon, 23 Aug 2021 08:02:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mI4uD-0007E2-GG; Mon, 23 Aug 2021 08:02:05 +0000 Received: by outflank-mailman (input) for mailman id 170225; Mon, 23 Aug 2021 08:02:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mI4uB-0007Dk-Ri for xen-changelog@lists.xenproject.org; Mon, 23 Aug 2021 08:02:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mI4uB-0005fL-Qs for xen-changelog@lists.xenproject.org; Mon, 23 Aug 2021 08:02:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mI4uB-0004dJ-Q6 for xen-changelog@lists.xenproject.org; Mon, 23 Aug 2021 08:02:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=zcG6SQ70/NlW/Vub+2Bzf7BI9CEemFaQCrdSaLN1OEY=; b=QqJtdFh/t3E1VTqEIOWv0GMK2U AO6sdDaGDf8FYjp42uEJ//+f04RGxhBTdPzXAfzj7B4hwPmLCXlZFP6P2JGD64+dHuBTVbBuObPnE FMIWGWBECYudNGitzo/cJZvUvKTynls3m9Aiitr6h2fZ0Qzt9gUD1XHNdBFXB9KLBHUk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] ns16550: properly gate Exar PCIe UART cards support Message-Id: Date: Mon, 23 Aug 2021 08:02:03 +0000 commit 93713f444b3f29d6848527506db69cf78976b32d Author: Oleksandr Andrushchenko AuthorDate: Fri Aug 20 16:18:12 2021 +0200 Commit: Jan Beulich CommitDate: Fri Aug 20 16:18:12 2021 +0200 ns16550: properly gate Exar PCIe UART cards support Arm is about to get PCI passthrough support which means CONFIG_HAS_PCI will be enabled, so this code will fail as Arm doesn't have ns16550 PCI support: ns16550.c:313:5: error: implicit declaration of function 'enable_exar_enhanced_bits' [-Werror=implicit-function-declaration] 313 | enable_exar_enhanced_bits(uart); | ^~~~~~~~~~~~~~~~~~~~~~~~~ Fix this by gating Exar PCIe UART cards support with the above in mind. Signed-off-by: Oleksandr Andrushchenko Reviewed-by: Jan Beulich --- xen/drivers/char/ns16550.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/drivers/char/ns16550.c b/xen/drivers/char/ns16550.c index b777c8711e..e2c24082c3 100644 --- a/xen/drivers/char/ns16550.c +++ b/xen/drivers/char/ns16550.c @@ -308,7 +308,7 @@ static void ns16550_setup_preirq(struct ns16550 *uart) /* Handle the DesignWare 8250 'busy-detect' quirk. */ handle_dw_usr_busy_quirk(uart); -#ifdef CONFIG_HAS_PCI +#ifdef NS16550_PCI /* Enable Exar "Enhanced function bits" */ enable_exar_enhanced_bits(uart); #endif -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Aug 24 10:11:10 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 24 Aug 2021 10:11:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.170846.311797 (Exim 4.92) (envelope-from ) id 1mITOc-0001KI-Bt; Tue, 24 Aug 2021 10:11:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 170846.311797; Tue, 24 Aug 2021 10:11:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mITOc-0001KA-8t; Tue, 24 Aug 2021 10:11:06 +0000 Received: by outflank-mailman (input) for mailman id 170846; Tue, 24 Aug 2021 10:11:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mITOa-0001K4-Rm for xen-changelog@lists.xenproject.org; Tue, 24 Aug 2021 10:11:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mITOa-0000A3-R0 for xen-changelog@lists.xenproject.org; Tue, 24 Aug 2021 10:11:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mITOa-0004Zq-Pu for xen-changelog@lists.xenproject.org; Tue, 24 Aug 2021 10:11:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=aqnu3b6tRIrh0BcZTJL14wlcWcIMyq7+bQeqoVDSbGQ=; b=Vy3tLUsIz19eVVxzfqtIiA9MuR /LDRdMtxYN7LOIKVc/F7c2fascte5NaqDnPrcG04R20bWyo5uW3+5bUD1bypB4fI/upq2i4hufnce X4gnLb5zn3UVXxyCyDXRJ/em6WvVatccuUUA8KFZWqdw1+TWvI9YTQC13Vp0zwB+FcXg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: smmu: Set/clear IOMMU domain for device Message-Id: Date: Tue, 24 Aug 2021 10:11:04 +0000 commit c7669d3652b2fe927faa89fa1afc70a9bedd3bea Author: Oleksandr Andrushchenko AuthorDate: Wed Aug 18 08:22:02 2021 +0300 Commit: Julien Grall CommitDate: Tue Aug 24 10:08:25 2021 +0000 xen/arm: smmu: Set/clear IOMMU domain for device When a device is assigned/de-assigned it is required to properly set IOMMU domain used to protect the device. This assignment was missing, thus it was not possible to de-assign the device: (XEN) Deassigning device 0000:03:00.0 from dom2 (XEN) smmu: 0000:03:00.0: not attached to domain 2 (XEN) d2: deassign (0000:03:00.0) failed (-3) Fix this by assigning IOMMU domain on arm_smmu_assign_dev and reset it to NULL on arm_smmu_deassign_dev. Fixes: 06d1f7a278dd ("xen/arm: smmuv1: Keep track of S2CR state") Signed-off-by: Oleksandr Andrushchenko Signed-off-by: Oleksandr Tyshchenko Reviewed-by: Julien Grall --- xen/drivers/passthrough/arm/smmu.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/xen/drivers/passthrough/arm/smmu.c b/xen/drivers/passthrough/arm/smmu.c index c234ad9c7f..c9dfc4caa0 100644 --- a/xen/drivers/passthrough/arm/smmu.c +++ b/xen/drivers/passthrough/arm/smmu.c @@ -2768,6 +2768,7 @@ static int arm_smmu_assign_dev(struct domain *d, u8 devfn, arm_smmu_destroy_iommu_domain(domain); } else { atomic_inc(&domain->ref); + dev_iommu_domain(dev) = domain; } out: @@ -2791,6 +2792,7 @@ static int arm_smmu_deassign_dev(struct domain *d, struct device *dev) spin_lock(&xen_domain->lock); arm_smmu_detach_dev(domain, dev); + dev_iommu_domain(dev) = NULL; atomic_dec(&domain->ref); if (domain->ref.counter == 0) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Aug 24 10:33:09 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 24 Aug 2021 10:33:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.170883.311867 (Exim 4.92) (envelope-from ) id 1mITjt-0006xL-Qj; Tue, 24 Aug 2021 10:33:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 170883.311867; Tue, 24 Aug 2021 10:33:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mITjt-0006xD-Nf; Tue, 24 Aug 2021 10:33:05 +0000 Received: by outflank-mailman (input) for mailman id 170883; Tue, 24 Aug 2021 10:33:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mITjs-0006x7-R7 for xen-changelog@lists.xenproject.org; Tue, 24 Aug 2021 10:33:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mITjs-0000ZE-Q4 for xen-changelog@lists.xenproject.org; Tue, 24 Aug 2021 10:33:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mITjs-0006qp-P0 for xen-changelog@lists.xenproject.org; Tue, 24 Aug 2021 10:33:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=D6qGksZKMbubxbAHDChtNV+7pWbZTRee8VpnOa4LNcI=; b=SglHDkllPGJZJA92E01iwGRvwc rppME7wN1eiU3uirIcfz1gzmaKOr8VbUCmwUBtAlnvB1p2gZaDk3Sm4DdiEIvXrdtzVjcMEIzD3Wp rcA0ECLlF5degAG5w8vsDIWzR41dPJqFBalm8FEIckfg7OYeZtKdF/tLQtD0XU/zXTJ4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/public: arch-arm: Add mention of argo_op hypercall Message-Id: Date: Tue, 24 Aug 2021 10:33:04 +0000 commit a931e8e64af07bd333a31f3b71a3f8f3e7910857 Author: Michal Orzel AuthorDate: Fri Aug 20 11:39:24 2021 +0200 Commit: Julien Grall CommitDate: Tue Aug 24 10:23:27 2021 +0000 xen/public: arch-arm: Add mention of argo_op hypercall Commit 1ddc0d43c20cb1c1125d4d6cefc78624b2a9ccb7 introducing argo_op hypercall forgot to add a mention of it in the comment listing supported hypercalls. Fix that. Signed-off-by: Michal Orzel Reviewed-by: Christopher Clark Acked-by: Julien Grall --- xen/include/public/arch-arm.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/xen/include/public/arch-arm.h b/xen/include/public/arch-arm.h index 64a2ca30da..6b5a5f818a 100644 --- a/xen/include/public/arch-arm.h +++ b/xen/include/public/arch-arm.h @@ -128,6 +128,8 @@ * * VCPUOP_register_vcpu_info * * VCPUOP_register_runstate_memory_area * + * HYPERVISOR_argo_op + * All generic sub-operations * * Other notes on the ARM ABI: * -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 12:22:10 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 12:22:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172154.313930 (Exim 4.92) (envelope-from ) id 1mIruw-0007Hi-VG; Wed, 25 Aug 2021 12:22:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172154.313930; Wed, 25 Aug 2021 12:22:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIruw-0007HY-S5; Wed, 25 Aug 2021 12:22:06 +0000 Received: by outflank-mailman (input) for mailman id 172154; Wed, 25 Aug 2021 12:22:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIruv-0007HS-JE for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:22:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIruv-0003u9-IN for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:22:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIruv-0002Bn-HM for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:22:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=H+wERM7eEnL04pf8w+E7MYQ/7WNnWpWR+CunvHlSUDw=; b=bqpOowYuPmuHACFQuH8s8Dhugn RWJ0WlheOh7bMGITy54THOiDRH7jh3Mvu40ih6CqPmQhT9ZpcvuE5/0/0tOSFFqfOvAbWULc3GRJb 6XL/vxWr+YXBU6iGyLVq7FXPXnuO8DpmA/QYYGLTpY2L7/oumNpWhFL9q36eeGA1nc+Y=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] AMD/IOMMU: correct global exclusion range extending Message-Id: Date: Wed, 25 Aug 2021 12:22:05 +0000 commit b02c5c88982411be11e3413159862f255f1f39dc Author: Jan Beulich AuthorDate: Wed Aug 25 14:12:13 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:12:13 2021 +0200 AMD/IOMMU: correct global exclusion range extending Besides unity mapping regions, the AMD IOMMU spec also provides for exclusion ranges (areas of memory not to be subject to DMA translation) to be specified by firmware in the ACPI tables. The spec does not put any constraints on the number of such regions. Blindly assuming all addresses between any two such ranges should also be excluded can't be right. Since hardware has room for just a single such range (comprised of the Exclusion Base Register and the Exclusion Range Limit Register), combine only adjacent or overlapping regions (for now; this may require further adjustment in case table entries aren't sorted by address) with matching exclusion_allow_all settings. This requires bubbling up error indicators, such that IOMMU init can be failed when concatenation wasn't possible. Furthermore, since the exclusion range specified in IOMMU registers implies R/W access, reject requests asking for less permissions (this will be brought closer to the spec by a subsequent change). This is part of XSA-378 / CVE-2021-28695. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant --- xen/drivers/passthrough/amd/iommu_acpi.c | 45 +++++++++++++++++++++----------- 1 file changed, 30 insertions(+), 15 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c b/xen/drivers/passthrough/amd/iommu_acpi.c index 1f6b004260..63fc22af01 100644 --- a/xen/drivers/passthrough/amd/iommu_acpi.c +++ b/xen/drivers/passthrough/amd/iommu_acpi.c @@ -116,12 +116,21 @@ static struct amd_iommu * __init find_iommu_from_bdf_cap( return NULL; } -static void __init reserve_iommu_exclusion_range( - struct amd_iommu *iommu, uint64_t base, uint64_t limit) +static int __init reserve_iommu_exclusion_range( + struct amd_iommu *iommu, uint64_t base, uint64_t limit, + bool all, bool iw, bool ir) { + if ( !ir || !iw ) + return -EPERM; + /* need to extend exclusion range? */ if ( iommu->exclusion_enable ) { + if ( iommu->exclusion_limit + PAGE_SIZE < base || + limit + PAGE_SIZE < iommu->exclusion_base || + iommu->exclusion_allow_all != all ) + return -EBUSY; + if ( iommu->exclusion_base < base ) base = iommu->exclusion_base; if ( iommu->exclusion_limit > limit ) @@ -129,16 +138,11 @@ static void __init reserve_iommu_exclusion_range( } iommu->exclusion_enable = IOMMU_CONTROL_ENABLED; + iommu->exclusion_allow_all = all; iommu->exclusion_base = base; iommu->exclusion_limit = limit; -} -static void __init reserve_iommu_exclusion_range_all( - struct amd_iommu *iommu, - unsigned long base, unsigned long limit) -{ - reserve_iommu_exclusion_range(iommu, base, limit); - iommu->exclusion_allow_all = IOMMU_CONTROL_ENABLED; + return 0; } static void __init reserve_unity_map_for_device( @@ -176,6 +180,7 @@ static int __init register_exclusion_range_for_all_devices( unsigned long range_top, iommu_top, length; struct amd_iommu *iommu; unsigned int bdf; + int rc = 0; /* is part of exclusion range inside of IOMMU virtual address space? */ /* note: 'limit' parameter is assumed to be page-aligned */ @@ -197,10 +202,15 @@ static int __init register_exclusion_range_for_all_devices( if ( limit >= iommu_top ) { for_each_amd_iommu( iommu ) - reserve_iommu_exclusion_range_all(iommu, base, limit); + { + rc = reserve_iommu_exclusion_range(iommu, base, limit, + true /* all */, iw, ir); + if ( rc ) + break; + } } - return 0; + return rc; } static int __init register_exclusion_range_for_device( @@ -211,6 +221,7 @@ static int __init register_exclusion_range_for_device( unsigned long range_top, iommu_top, length; struct amd_iommu *iommu; u16 req; + int rc = 0; iommu = find_iommu_for_device(seg, bdf); if ( !iommu ) @@ -240,12 +251,13 @@ static int __init register_exclusion_range_for_device( /* register IOMMU exclusion range settings for device */ if ( limit >= iommu_top ) { - reserve_iommu_exclusion_range(iommu, base, limit); + rc = reserve_iommu_exclusion_range(iommu, base, limit, + false /* all */, iw, ir); ivrs_mappings[bdf].dte_allow_exclusion = true; ivrs_mappings[req].dte_allow_exclusion = true; } - return 0; + return rc; } static int __init register_exclusion_range_for_iommu_devices( @@ -255,6 +267,7 @@ static int __init register_exclusion_range_for_iommu_devices( unsigned long range_top, iommu_top, length; unsigned int bdf; u16 req; + int rc = 0; /* is part of exclusion range inside of IOMMU virtual address space? */ /* note: 'limit' parameter is assumed to be page-aligned */ @@ -285,8 +298,10 @@ static int __init register_exclusion_range_for_iommu_devices( /* register IOMMU exclusion range settings */ if ( limit >= iommu_top ) - reserve_iommu_exclusion_range_all(iommu, base, limit); - return 0; + rc = reserve_iommu_exclusion_range(iommu, base, limit, + true /* all */, iw, ir); + + return rc; } static int __init parse_ivmd_device_select( -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 12:22:17 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 12:22:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172155.313934 (Exim 4.92) (envelope-from ) id 1mIrv7-0007NQ-0e; Wed, 25 Aug 2021 12:22:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172155.313934; Wed, 25 Aug 2021 12:22:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIrv6-0007NI-Tq; Wed, 25 Aug 2021 12:22:16 +0000 Received: by outflank-mailman (input) for mailman id 172155; Wed, 25 Aug 2021 12:22:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIrv5-0007Ly-Nf for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:22:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIrv5-0003uX-Mv for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:22:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIrv5-0002DB-LZ for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:22:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=UuxFkWxrUEz74kFcKY08TY+HHwhehwz33qHHSftZLmo=; b=zcZoKfyqN9XtHX+mJpiHAbJ1BE X/J+RJZzu5DI5VppC9jBcbLVZQgxGxOeRTg5wLITRkOtBwNsTCuyBtpHIJcGqlFCRKlY7ijipKyL3 hki5AOqWzG2ttx1TWyHP7KLIpj8r52ky7pzzTLMtiustL0eJWbymrV99Mrdrtrrghmdg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] AMD/IOMMU: correct device unity map handling Message-Id: Date: Wed, 25 Aug 2021 12:22:15 +0000 commit 34750a3eb022462cdd1c36e8ef9049d3d73c824c Author: Jan Beulich AuthorDate: Wed Aug 25 14:15:11 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:15:11 2021 +0200 AMD/IOMMU: correct device unity map handling Blindly assuming all addresses between any two such ranges, specified by firmware in the ACPI tables, should also be unity-mapped can't be right. Nor can it be correct to merge ranges with differing permissions. Track ranges individually; don't merge at all, but check for overlaps instead. This requires bubbling up error indicators, such that IOMMU init can be failed when allocation of a new tracking struct wasn't possible, or an overlap was detected. At this occasion also stop ignoring amd_iommu_reserve_domain_unity_map()'s return value. This is part of XSA-378 / CVE-2021-28695. Signed-off-by: Jan Beulich Reviewed-by: George Dunlap Reviewed-by: Paul Durrant --- xen/drivers/passthrough/amd/iommu.h | 14 +++-- xen/drivers/passthrough/amd/iommu_acpi.c | 80 +++++++++++++++++------------ xen/drivers/passthrough/amd/pci_amd_iommu.c | 16 +++--- 3 files changed, 66 insertions(+), 44 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index 73f89f0f20..28a10789a9 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -107,20 +107,24 @@ struct amd_iommu { struct list_head ats_devices; }; +struct ivrs_unity_map { + bool read:1; + bool write:1; + paddr_t addr; + unsigned long length; + struct ivrs_unity_map *next; +}; + struct ivrs_mappings { uint16_t dte_requestor_id; bool valid:1; bool dte_allow_exclusion:1; - bool unity_map_enable:1; - bool write_permission:1; - bool read_permission:1; /* ivhd device data settings */ uint8_t device_flags; - unsigned long addr_range_start; - unsigned long addr_range_length; struct amd_iommu *iommu; + struct ivrs_unity_map *unity_map; /* per device interrupt remapping table */ void *intremap_table; diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c b/xen/drivers/passthrough/amd/iommu_acpi.c index 63fc22af01..f98a936ecd 100644 --- a/xen/drivers/passthrough/amd/iommu_acpi.c +++ b/xen/drivers/passthrough/amd/iommu_acpi.c @@ -145,32 +145,48 @@ static int __init reserve_iommu_exclusion_range( return 0; } -static void __init reserve_unity_map_for_device( - u16 seg, u16 bdf, unsigned long base, - unsigned long length, u8 iw, u8 ir) +static int __init reserve_unity_map_for_device( + uint16_t seg, uint16_t bdf, unsigned long base, + unsigned long length, bool iw, bool ir) { struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(seg); - unsigned long old_top, new_top; + struct ivrs_unity_map *unity_map = ivrs_mappings[bdf].unity_map; - /* need to extend unity-mapped range? */ - if ( ivrs_mappings[bdf].unity_map_enable ) + /* Check for overlaps. */ + for ( ; unity_map; unity_map = unity_map->next ) { - old_top = ivrs_mappings[bdf].addr_range_start + - ivrs_mappings[bdf].addr_range_length; - new_top = base + length; - if ( old_top > new_top ) - new_top = old_top; - if ( ivrs_mappings[bdf].addr_range_start < base ) - base = ivrs_mappings[bdf].addr_range_start; - length = new_top - base; + /* + * Exact matches are okay. This can in particular happen when + * register_exclusion_range_for_device() calls here twice for the + * same (s,b,d,f). + */ + if ( base == unity_map->addr && length == unity_map->length && + ir == unity_map->read && iw == unity_map->write ) + return 0; + + if ( unity_map->addr + unity_map->length > base && + base + length > unity_map->addr ) + { + AMD_IOMMU_DEBUG("IVMD Error: overlap [%lx,%lx) vs [%lx,%lx)\n", + base, base + length, unity_map->addr, + unity_map->addr + unity_map->length); + return -EPERM; + } } - /* extend r/w permissioms and keep aggregate */ - ivrs_mappings[bdf].write_permission = iw; - ivrs_mappings[bdf].read_permission = ir; - ivrs_mappings[bdf].unity_map_enable = true; - ivrs_mappings[bdf].addr_range_start = base; - ivrs_mappings[bdf].addr_range_length = length; + /* Populate and insert a new unity map. */ + unity_map = xmalloc(struct ivrs_unity_map); + if ( !unity_map ) + return -ENOMEM; + + unity_map->read = ir; + unity_map->write = iw; + unity_map->addr = base; + unity_map->length = length; + unity_map->next = ivrs_mappings[bdf].unity_map; + ivrs_mappings[bdf].unity_map = unity_map; + + return 0; } static int __init register_exclusion_range_for_all_devices( @@ -193,13 +209,13 @@ static int __init register_exclusion_range_for_all_devices( length = range_top - base; /* reserve r/w unity-mapped page entries for devices */ /* note: these entries are part of the exclusion range */ - for ( bdf = 0; bdf < ivrs_bdf_entries; bdf++ ) - reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); + for ( bdf = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) + rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); /* push 'base' just outside of virtual address space */ base = iommu_top; } /* register IOMMU exclusion range settings */ - if ( limit >= iommu_top ) + if ( !rc && limit >= iommu_top ) { for_each_amd_iommu( iommu ) { @@ -241,15 +257,15 @@ static int __init register_exclusion_range_for_device( length = range_top - base; /* reserve unity-mapped page entries for device */ /* note: these entries are part of the exclusion range */ - reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); - reserve_unity_map_for_device(seg, req, base, length, iw, ir); + rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir) ?: + reserve_unity_map_for_device(seg, req, base, length, iw, ir); /* push 'base' just outside of virtual address space */ base = iommu_top; } /* register IOMMU exclusion range settings for device */ - if ( limit >= iommu_top ) + if ( !rc && limit >= iommu_top ) { rc = reserve_iommu_exclusion_range(iommu, base, limit, false /* all */, iw, ir); @@ -280,15 +296,15 @@ static int __init register_exclusion_range_for_iommu_devices( length = range_top - base; /* reserve r/w unity-mapped page entries for devices */ /* note: these entries are part of the exclusion range */ - for ( bdf = 0; bdf < ivrs_bdf_entries; bdf++ ) + for ( bdf = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) { if ( iommu == find_iommu_for_device(iommu->seg, bdf) ) { - reserve_unity_map_for_device(iommu->seg, bdf, base, length, - iw, ir); req = get_ivrs_mappings(iommu->seg)[bdf].dte_requestor_id; - reserve_unity_map_for_device(iommu->seg, req, base, length, - iw, ir); + rc = reserve_unity_map_for_device(iommu->seg, bdf, base, length, + iw, ir) ?: + reserve_unity_map_for_device(iommu->seg, req, base, length, + iw, ir); } } @@ -297,7 +313,7 @@ static int __init register_exclusion_range_for_iommu_devices( } /* register IOMMU exclusion range settings */ - if ( limit >= iommu_top ) + if ( !rc && limit >= iommu_top ) rc = reserve_iommu_exclusion_range(iommu, base, limit, true /* all */, iw, ir); diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 8c0e6cfede..8ec7779b09 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -384,15 +384,17 @@ static int amd_iommu_assign_device(struct domain *d, u8 devfn, struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); int bdf = PCI_BDF2(pdev->bus, devfn); int req_id = get_dma_requestor_id(pdev->seg, bdf); + const struct ivrs_unity_map *unity_map; - if ( ivrs_mappings[req_id].unity_map_enable ) + for ( unity_map = ivrs_mappings[req_id].unity_map; unity_map; + unity_map = unity_map->next ) { - amd_iommu_reserve_domain_unity_map( - d, - ivrs_mappings[req_id].addr_range_start, - ivrs_mappings[req_id].addr_range_length, - ivrs_mappings[req_id].write_permission, - ivrs_mappings[req_id].read_permission); + int rc = amd_iommu_reserve_domain_unity_map( + d, unity_map->addr, unity_map->length, + unity_map->write, unity_map->read); + + if ( rc ) + return rc; } return reassign_device(pdev->domain, d, devfn, pdev); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 12:22:28 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 12:22:28 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172156.313938 (Exim 4.92) (envelope-from ) id 1mIrvI-0007R9-34; Wed, 25 Aug 2021 12:22:28 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172156.313938; Wed, 25 Aug 2021 12:22:28 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIrvH-0007Qy-VS; Wed, 25 Aug 2021 12:22:27 +0000 Received: by outflank-mailman (input) for mailman id 172156; Wed, 25 Aug 2021 12:22:26 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIrvG-0007Qc-43 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:22:26 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIrvG-0003uh-3K for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:22:26 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIrvG-0002ET-0D for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:22:26 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=7aRySmkQhqJrH9QvkQkRMxIBATqX3DCupednjeMqlFw=; b=HCNQHVx5SoaCfJJ7Bypu2HwP6M OWUNF1/MKz8/qWQdYK1d64S70L2xRqtSt7BdFGQBRkdZZVjmCgh56a61gNpSX76VyUoT1JrKlLQWj HrdOs5AdoTLE98wfDxOZWwMs+Kqz963tFzZOwPRDtGUKZDq3DBmm4RxXZBwD6JOXy34E=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] IOMMU: also pass p2m_access_t to p2m_get_iommu_flags() Message-Id: Date: Wed, 25 Aug 2021 12:22:26 +0000 commit d1bb6c97c31ef754fb29b29eb307c090414e8022 Author: Jan Beulich AuthorDate: Wed Aug 25 14:15:32 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:15:32 2021 +0200 IOMMU: also pass p2m_access_t to p2m_get_iommu_flags() A subsequent change will want to customize the IOMMU permissions based on this. This is part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant --- xen/arch/x86/mm/p2m-ept.c | 6 +++--- xen/arch/x86/mm/p2m-pt.c | 19 ++++++++++++++++--- xen/include/asm-x86/p2m.h | 3 ++- 3 files changed, 21 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/mm/p2m-ept.c b/xen/arch/x86/mm/p2m-ept.c index 289001b66b..e7e873dc28 100644 --- a/xen/arch/x86/mm/p2m-ept.c +++ b/xen/arch/x86/mm/p2m-ept.c @@ -808,7 +808,7 @@ ept_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, bool_t entry_written = 0; bool_t need_modify_vtd_table = 1; bool_t vtd_pte_present = 0; - unsigned int iommu_flags = p2m_get_iommu_flags(p2mt, mfn); + unsigned int iommu_flags = p2m_get_iommu_flags(p2mt, p2ma, mfn); bool_t needs_sync = 1; ept_entry_t old_entry = { .epte = 0 }; ept_entry_t new_entry = { .epte = 0 }; @@ -938,8 +938,8 @@ ept_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, /* Safe to read-then-write because we hold the p2m lock */ if ( ept_entry->mfn == new_entry.mfn && - p2m_get_iommu_flags(ept_entry->sa_p2mt, _mfn(ept_entry->mfn)) == - iommu_flags ) + p2m_get_iommu_flags(ept_entry->sa_p2mt, ept_entry->access, + _mfn(ept_entry->mfn)) == iommu_flags ) need_modify_vtd_table = 0; ept_p2m_type_to_flags(p2m, &new_entry); diff --git a/xen/arch/x86/mm/p2m-pt.c b/xen/arch/x86/mm/p2m-pt.c index f2afcf49a3..7d691e616d 100644 --- a/xen/arch/x86/mm/p2m-pt.c +++ b/xen/arch/x86/mm/p2m-pt.c @@ -545,6 +545,16 @@ int p2m_pt_handle_deferred_changes(uint64_t gpa) return rc; } +/* Reconstruct a fake p2m_access_t from stored PTE flags. */ +static p2m_access_t p2m_flags_to_access(unsigned int flags) +{ + if ( flags & _PAGE_PRESENT ) + return p2m_access_n; + + /* No need to look at _PAGE_NX for now. */ + return flags & _PAGE_RW ? p2m_access_rw : p2m_access_r; +} + /* Checks only applicable to entries with order > PAGE_ORDER_4K */ static void check_entry(mfn_t mfn, p2m_type_t new, p2m_type_t old, unsigned int order) @@ -579,7 +589,7 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, l2_pgentry_t l2e_content; l3_pgentry_t l3e_content; int rc; - unsigned int iommu_pte_flags = p2m_get_iommu_flags(p2mt, mfn); + unsigned int iommu_pte_flags = p2m_get_iommu_flags(p2mt, p2ma, mfn); /* * old_mfn and iommu_old_flags control possible flush/update needs on the * IOMMU: We need to flush when MFN or flags (i.e. permissions) change. @@ -642,6 +652,7 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, old_mfn = l1e_get_pfn(*p2m_entry); iommu_old_flags = p2m_get_iommu_flags(p2m_flags_to_type(flags), + p2m_flags_to_access(flags), _mfn(old_mfn)); } else @@ -684,9 +695,10 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, 0, L1_PAGETABLE_ENTRIES); ASSERT(p2m_entry); old_mfn = l1e_get_pfn(*p2m_entry); + flags = l1e_get_flags(*p2m_entry); iommu_old_flags = - p2m_get_iommu_flags(p2m_flags_to_type(l1e_get_flags(*p2m_entry)), - _mfn(old_mfn)); + p2m_get_iommu_flags(p2m_flags_to_type(flags), + p2m_flags_to_access(flags), _mfn(old_mfn)); if ( mfn_valid(mfn) || p2m_allows_invalid_mfn(p2mt) ) entry_content = p2m_l1e_from_pfn(mfn_x(mfn), @@ -714,6 +726,7 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, old_mfn = l1e_get_pfn(*p2m_entry); iommu_old_flags = p2m_get_iommu_flags(p2m_flags_to_type(flags), + p2m_flags_to_access(flags), _mfn(old_mfn)); } else diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index d2e7a8db85..f2ad420e3b 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -891,7 +891,8 @@ static inline void p2m_altp2m_check(struct vcpu *v, uint16_t idx) {} /* * p2m type to IOMMU flags */ -static inline unsigned int p2m_get_iommu_flags(p2m_type_t p2mt, mfn_t mfn) +static inline unsigned int p2m_get_iommu_flags(p2m_type_t p2mt, + p2m_access_t p2ma, mfn_t mfn) { unsigned int flags; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 12:22:38 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 12:22:38 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172157.313942 (Exim 4.92) (envelope-from ) id 1mIrvS-0007Ul-4K; Wed, 25 Aug 2021 12:22:38 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172157.313942; Wed, 25 Aug 2021 12:22:38 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIrvS-0007UY-0l; Wed, 25 Aug 2021 12:22:38 +0000 Received: by outflank-mailman (input) for mailman id 172157; Wed, 25 Aug 2021 12:22:36 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIrvQ-0007UF-Du for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:22:36 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIrvQ-0003us-DC for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:22:36 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIrvQ-0002Fa-Ae for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:22:36 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=1Uq3wHz2Op0ij8IWnH7mjl9LoeqZqb5MmtJYwiXCJ48=; b=Mfk4PeZnFwX69PQoiMYej47tvi DJ0fNlmucSMnq+VCOLjx0UsBcGilxtR5/nB4Ps5qUZsFfczhrE6fRFCvF0Lns0wWYZ5Cb+vvnkmKq C6+006Bhmy/uc73Ig0Qyhw/PhhJz0LBmlzjCK6Po/HaDGr6nxuovGZWY38l6Z8n6Z+Do=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] IOMMU: generalize VT-d's tracking of mapped RMRR regions Message-Id: Date: Wed, 25 Aug 2021 12:22:36 +0000 commit c0e19d7c6c42f0bfccccd96b4f7b03b5515e10fc Author: Jan Beulich AuthorDate: Wed Aug 25 14:15:57 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:15:57 2021 +0200 IOMMU: generalize VT-d's tracking of mapped RMRR regions In order to re-use it elsewhere, move the logic to vendor independent code and strip it of RMRR specifics. Note that the prior "map" parameter gets folded into the new "p2ma" one (which AMD IOMMU code will want to make use of), assigning alternative meaning ("unmap") to p2m_access_x. Prepare set_identity_p2m_entry() and p2m_get_iommu_flags() for getting passed access types other than p2m_access_rw (in the latter case just for p2m_mmio_direct requests). Note also that, to be on the safe side, an overlap check gets added to the main loop of iommu_identity_mapping(). This is part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant --- xen/arch/x86/mm/p2m.c | 2 +- xen/drivers/passthrough/vtd/iommu.c | 99 +++++-------------------------------- xen/drivers/passthrough/x86/iommu.c | 94 +++++++++++++++++++++++++++++++++++ xen/include/asm-x86/iommu.h | 9 +++- xen/include/asm-x86/p2m.h | 35 +++++++++++-- 5 files changed, 148 insertions(+), 91 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 7b3cf7e9fc..b8bdd55cd2 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -1427,7 +1427,7 @@ int set_identity_p2m_entry(struct domain *d, unsigned long gfn_l, return 0; return iommu_legacy_map(d, _dfn(gfn_l), _mfn(gfn_l), 1ul << PAGE_ORDER_4K, - IOMMUF_readable | IOMMUF_writable); + p2m_access_to_iommu_flags(p2ma)); #ifdef CONFIG_HVM } diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 12d0d43d8e..23921dfb7b 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -45,12 +45,6 @@ /* dom_io is used as a sentinel for quarantined devices */ #define QUARANTINE_SKIP(d) ((d) == dom_io && !dom_iommu(d)->arch.vtd.pgd_maddr) -struct mapped_rmrr { - struct list_head list; - u64 base, end; - unsigned int count; -}; - /* Possible unfiltered LAPIC/MSI messages from untrusted sources? */ bool __read_mostly untrusted_msi; @@ -1306,7 +1300,6 @@ static int intel_iommu_domain_init(struct domain *d) struct domain_iommu *hd = dom_iommu(d); hd->arch.vtd.agaw = width_to_agaw(DEFAULT_DOMAIN_ADDRESS_WIDTH); - INIT_LIST_HEAD(&hd->arch.vtd.mapped_rmrrs); return 0; } @@ -1785,17 +1778,12 @@ static void iommu_clear_root_pgtable(struct domain *d) static void iommu_domain_teardown(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); - struct mapped_rmrr *mrmrr, *tmp; const struct acpi_drhd_unit *drhd; if ( list_empty(&acpi_drhd_units) ) return; - list_for_each_entry_safe ( mrmrr, tmp, &hd->arch.vtd.mapped_rmrrs, list ) - { - list_del(&mrmrr->list); - xfree(mrmrr); - } + iommu_identity_map_teardown(d); ASSERT(!hd->arch.vtd.pgd_maddr); @@ -1943,74 +1931,6 @@ static int __init vtd_ept_page_compatible(struct vtd_iommu *iommu) (ept_has_1gb(ept_cap) && opt_hap_1gb) <= cap_sps_1gb(vtd_cap); } -static int rmrr_identity_mapping(struct domain *d, bool_t map, - const struct acpi_rmrr_unit *rmrr, - u32 flag) -{ - unsigned long base_pfn = rmrr->base_address >> PAGE_SHIFT_4K; - unsigned long end_pfn = PAGE_ALIGN_4K(rmrr->end_address) >> PAGE_SHIFT_4K; - struct mapped_rmrr *mrmrr; - struct domain_iommu *hd = dom_iommu(d); - - ASSERT(pcidevs_locked()); - ASSERT(rmrr->base_address < rmrr->end_address); - - /* - * No need to acquire hd->arch.mapping_lock: Both insertion and removal - * get done while holding pcidevs_lock. - */ - list_for_each_entry( mrmrr, &hd->arch.vtd.mapped_rmrrs, list ) - { - if ( mrmrr->base == rmrr->base_address && - mrmrr->end == rmrr->end_address ) - { - int ret = 0; - - if ( map ) - { - ++mrmrr->count; - return 0; - } - - if ( --mrmrr->count ) - return 0; - - while ( base_pfn < end_pfn ) - { - if ( clear_identity_p2m_entry(d, base_pfn) ) - ret = -ENXIO; - base_pfn++; - } - - list_del(&mrmrr->list); - xfree(mrmrr); - return ret; - } - } - - if ( !map ) - return -ENOENT; - - while ( base_pfn < end_pfn ) - { - int err = set_identity_p2m_entry(d, base_pfn, p2m_access_rw, flag); - - if ( err ) - return err; - base_pfn++; - } - - mrmrr = xmalloc(struct mapped_rmrr); - if ( !mrmrr ) - return -ENOMEM; - mrmrr->base = rmrr->base_address; - mrmrr->end = rmrr->end_address; - mrmrr->count = 1; - list_add_tail(&mrmrr->list, &hd->arch.vtd.mapped_rmrrs); - - return 0; -} - static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) { struct acpi_rmrr_unit *rmrr; @@ -2042,7 +1962,9 @@ static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) * Since RMRRs are always reserved in the e820 map for the hardware * domain, there shouldn't be a conflict. */ - ret = rmrr_identity_mapping(pdev->domain, 1, rmrr, 0); + ret = iommu_identity_mapping(pdev->domain, p2m_access_rw, + rmrr->base_address, rmrr->end_address, + 0); if ( ret ) dprintk(XENLOG_ERR VTDPREFIX, "d%d: RMRR mapping failed\n", pdev->domain->domain_id); @@ -2087,7 +2009,8 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) * Any flag is nothing to clear these mappings but here * its always safe and strict to set 0. */ - rmrr_identity_mapping(pdev->domain, 0, rmrr, 0); + iommu_identity_mapping(pdev->domain, p2m_access_x, rmrr->base_address, + rmrr->end_address, 0); } return domain_context_unmap(pdev->domain, devfn, pdev); @@ -2286,7 +2209,8 @@ static void __hwdom_init setup_hwdom_rmrr(struct domain *d) * domain, there shouldn't be a conflict. So its always safe and * strict to set 0. */ - ret = rmrr_identity_mapping(d, 1, rmrr, 0); + ret = iommu_identity_mapping(d, p2m_access_rw, rmrr->base_address, + rmrr->end_address, 0); if ( ret ) dprintk(XENLOG_ERR VTDPREFIX, "IOMMU: mapping reserved region failed\n"); @@ -2468,7 +2392,9 @@ static int reassign_device_ownership( * Any RMRR flag is always ignored when remove a device, * but its always safe and strict to set 0. */ - ret = rmrr_identity_mapping(source, 0, rmrr, 0); + ret = iommu_identity_mapping(source, p2m_access_x, + rmrr->base_address, + rmrr->end_address, 0); if ( ret != -ENOENT ) return ret; } @@ -2564,7 +2490,8 @@ static int intel_iommu_assign_device( PCI_BUS(bdf) == bus && PCI_DEVFN2(bdf) == devfn ) { - ret = rmrr_identity_mapping(d, 1, rmrr, flag); + ret = iommu_identity_mapping(d, p2m_access_rw, rmrr->base_address, + rmrr->end_address, flag); if ( ret ) { int rc; diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index 593cc4d6ae..65ed4a7f9f 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -144,6 +144,7 @@ int arch_iommu_domain_init(struct domain *d) INIT_PAGE_LIST_HEAD(&hd->arch.pgtables.list); spin_lock_init(&hd->arch.pgtables.lock); + INIT_LIST_HEAD(&hd->arch.identity_maps); return 0; } @@ -159,6 +160,99 @@ void arch_iommu_domain_destroy(struct domain *d) page_list_empty(&dom_iommu(d)->arch.pgtables.list)); } +struct identity_map { + struct list_head list; + paddr_t base, end; + p2m_access_t access; + unsigned int count; +}; + +int iommu_identity_mapping(struct domain *d, p2m_access_t p2ma, + paddr_t base, paddr_t end, + unsigned int flag) +{ + unsigned long base_pfn = base >> PAGE_SHIFT_4K; + unsigned long end_pfn = PAGE_ALIGN_4K(end) >> PAGE_SHIFT_4K; + struct identity_map *map; + struct domain_iommu *hd = dom_iommu(d); + + ASSERT(pcidevs_locked()); + ASSERT(base < end); + + /* + * No need to acquire hd->arch.mapping_lock: Both insertion and removal + * get done while holding pcidevs_lock. + */ + list_for_each_entry( map, &hd->arch.identity_maps, list ) + { + if ( map->base == base && map->end == end ) + { + int ret = 0; + + if ( p2ma != p2m_access_x ) + { + if ( map->access != p2ma ) + return -EADDRINUSE; + ++map->count; + return 0; + } + + if ( --map->count ) + return 0; + + while ( base_pfn < end_pfn ) + { + if ( clear_identity_p2m_entry(d, base_pfn) ) + ret = -ENXIO; + base_pfn++; + } + + list_del(&map->list); + xfree(map); + + return ret; + } + + if ( end >= map->base && map->end >= base ) + return -EADDRINUSE; + } + + if ( p2ma == p2m_access_x ) + return -ENOENT; + + while ( base_pfn < end_pfn ) + { + int err = set_identity_p2m_entry(d, base_pfn, p2ma, flag); + + if ( err ) + return err; + base_pfn++; + } + + map = xmalloc(struct identity_map); + if ( !map ) + return -ENOMEM; + map->base = base; + map->end = end; + map->access = p2ma; + map->count = 1; + list_add_tail(&map->list, &hd->arch.identity_maps); + + return 0; +} + +void iommu_identity_map_teardown(struct domain *d) +{ + struct domain_iommu *hd = dom_iommu(d); + struct identity_map *map, *tmp; + + list_for_each_entry_safe ( map, tmp, &hd->arch.identity_maps, list ) + { + list_del(&map->list); + xfree(map); + } +} + static bool __hwdom_init hwdom_iommu_map(const struct domain *d, unsigned long pfn, unsigned long max_pfn) diff --git a/xen/include/asm-x86/iommu.h b/xen/include/asm-x86/iommu.h index 65a0b02f60..8aff75e4ff 100644 --- a/xen/include/asm-x86/iommu.h +++ b/xen/include/asm-x86/iommu.h @@ -16,6 +16,7 @@ #include #include +#include #include #include #include @@ -50,13 +51,14 @@ struct arch_iommu spinlock_t lock; } pgtables; + struct list_head identity_maps; + union { /* Intel VT-d */ struct { uint64_t pgd_maddr; /* io page directory machine address */ unsigned int agaw; /* adjusted guest address width, 0 is level 2 30-bit */ uint64_t iommu_bitmap; /* bitmap of iommu(s) that the domain uses */ - struct list_head mapped_rmrrs; } vtd; /* AMD IOMMU */ struct { @@ -122,6 +124,11 @@ static inline void iommu_disable_x2apic(void) iommu_ops.disable_x2apic(); } +int iommu_identity_mapping(struct domain *d, p2m_access_t p2ma, + paddr_t base, paddr_t end, + unsigned int flag); +void iommu_identity_map_teardown(struct domain *d); + extern bool untrusted_msi; int pi_update_irte(const struct pi_desc *pi_desc, const struct pirq *pirq, diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index f2ad420e3b..b9e35d5e71 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -888,6 +888,34 @@ struct p2m_domain *p2m_get_altp2m(struct vcpu *v); static inline void p2m_altp2m_check(struct vcpu *v, uint16_t idx) {} #endif +/* p2m access to IOMMU flags */ +static inline unsigned int p2m_access_to_iommu_flags(p2m_access_t p2ma) +{ + switch ( p2ma ) + { + case p2m_access_rw: + case p2m_access_rwx: + return IOMMUF_readable | IOMMUF_writable; + + case p2m_access_r: + case p2m_access_rx: + case p2m_access_rx2rw: + return IOMMUF_readable; + + case p2m_access_w: + case p2m_access_wx: + return IOMMUF_writable; + + case p2m_access_n: + case p2m_access_x: + case p2m_access_n2rwx: + return 0; + } + + ASSERT_UNREACHABLE(); + return 0; +} + /* * p2m type to IOMMU flags */ @@ -909,9 +937,10 @@ static inline unsigned int p2m_get_iommu_flags(p2m_type_t p2mt, flags = IOMMUF_readable; break; case p2m_mmio_direct: - flags = IOMMUF_readable; - if ( !rangeset_contains_singleton(mmio_ro_ranges, mfn_x(mfn)) ) - flags |= IOMMUF_writable; + flags = p2m_access_to_iommu_flags(p2ma); + if ( (flags & IOMMUF_writable) && + rangeset_contains_singleton(mmio_ro_ranges, mfn_x(mfn)) ) + flags &= ~IOMMUF_writable; break; default: flags = 0; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 12:22:47 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 12:22:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172158.313946 (Exim 4.92) (envelope-from ) id 1mIrvb-0007YY-6v; Wed, 25 Aug 2021 12:22:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172158.313946; Wed, 25 Aug 2021 12:22:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIrvb-0007YO-42; Wed, 25 Aug 2021 12:22:47 +0000 Received: by outflank-mailman (input) for mailman id 172158; Wed, 25 Aug 2021 12:22:46 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIrva-0007YF-Hs for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:22:46 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIrva-0003v5-HE for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:22:46 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIrva-0002Gp-GO for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:22:46 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=MFYHT58Jofxj6nuTo1vNP6kwfmdRxYCdit09dIEsx7g=; b=RpFjvL/wmAD9tPtF5kpQPsWz5Y cXApb5LH9pjDu7juS8qTzB7YcwjcbVI4AMiyrGV7ZUvPPdg9besx5eRqHwCIgsxsn0ImdsVGfvb4v 69V8Avt30/Xt4Epq8iZAcEeqNo2KCq32CcE9XZTdEP5TICOoRGU3zhEDF8zX+iWn7Qes=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] AMD/IOMMU: re-arrange/complete re-assignment handling Message-Id: Date: Wed, 25 Aug 2021 12:22:46 +0000 commit 899272539cbe1acda736a850015416fff653a1b6 Author: Jan Beulich AuthorDate: Wed Aug 25 14:16:26 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:16:26 2021 +0200 AMD/IOMMU: re-arrange/complete re-assignment handling Prior to the assignment step having completed successfully, devices should not get associated with their new owner. Hand the device to DomIO (perhaps temporarily), until after the de-assignment step has completed. De-assignment of a device (from other than Dom0) as well as failure of reassign_device() during assignment should result in unity mappings getting torn down. This in turn requires switching to a refcounted mapping approach, as was already used by VT-d for its RMRRs, to prevent unmapping a region used by multiple devices. This is CVE-2021-28696 / part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant --- xen/drivers/passthrough/amd/iommu.h | 6 ++- xen/drivers/passthrough/amd/iommu_map.c | 63 +++++++++++++++++------------ xen/drivers/passthrough/amd/pci_amd_iommu.c | 54 +++++++++++++++++++------ 3 files changed, 83 insertions(+), 40 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index 28a10789a9..ee4ef645fe 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -232,8 +232,10 @@ int __must_check amd_iommu_unmap_page(struct domain *d, dfn_t dfn, unsigned int *flush_flags); int __must_check amd_iommu_alloc_root(struct domain *d); int amd_iommu_reserve_domain_unity_map(struct domain *domain, - paddr_t phys_addr, unsigned long size, - int iw, int ir); + const struct ivrs_unity_map *map, + unsigned int flag); +int amd_iommu_reserve_domain_unity_unmap(struct domain *d, + const struct ivrs_unity_map *map); int __must_check amd_iommu_flush_iotlb_pages(struct domain *d, dfn_t dfn, unsigned long page_count, unsigned int flush_flags); diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 0d4dd7cc37..53cd5b4577 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -422,38 +422,49 @@ int amd_iommu_flush_iotlb_all(struct domain *d) return 0; } -int amd_iommu_reserve_domain_unity_map(struct domain *domain, - paddr_t phys_addr, - unsigned long size, int iw, int ir) +int amd_iommu_reserve_domain_unity_map(struct domain *d, + const struct ivrs_unity_map *map, + unsigned int flag) { - unsigned long npages, i; - unsigned long gfn; - unsigned int flags = !!ir; - unsigned int flush_flags = 0; - int rt = 0; - - if ( iw ) - flags |= IOMMUF_writable; - - npages = region_to_pages(phys_addr, size); - gfn = phys_addr >> PAGE_SHIFT; - for ( i = 0; i < npages; i++ ) + int rc; + + if ( d == dom_io ) + return 0; + + for ( rc = 0; !rc && map; map = map->next ) { - unsigned long frame = gfn + i; + p2m_access_t p2ma = p2m_access_n; - rt = amd_iommu_map_page(domain, _dfn(frame), _mfn(frame), flags, - &flush_flags); - if ( rt != 0 ) - break; + if ( map->read ) + p2ma |= p2m_access_r; + if ( map->write ) + p2ma |= p2m_access_w; + + rc = iommu_identity_mapping(d, p2ma, map->addr, + map->addr + map->length - 1, flag); } - /* Use while-break to avoid compiler warning */ - while ( flush_flags && - amd_iommu_flush_iotlb_pages(domain, _dfn(gfn), - npages, flush_flags) ) - break; + return rc; +} + +int amd_iommu_reserve_domain_unity_unmap(struct domain *d, + const struct ivrs_unity_map *map) +{ + int rc; + + if ( d == dom_io ) + return 0; + + for ( rc = 0; map; map = map->next ) + { + int ret = iommu_identity_mapping(d, p2m_access_x, map->addr, + map->addr + map->length - 1, 0); + + if ( ret && ret != -ENOENT && !rc ) + rc = ret; + } - return rt; + return rc; } int __init amd_iommu_quarantine_init(struct domain *d) diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 8ec7779b09..8c35f6d0f2 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -347,6 +347,7 @@ static int reassign_device(struct domain *source, struct domain *target, { struct amd_iommu *iommu; int bdf, rc; + const struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); bdf = PCI_BDF2(pdev->bus, pdev->devfn); iommu = find_iommu_for_device(pdev->seg, bdf); @@ -361,10 +362,24 @@ static int reassign_device(struct domain *source, struct domain *target, amd_iommu_disable_domain_device(source, iommu, devfn, pdev); - if ( devfn == pdev->devfn ) + /* + * If the device belongs to the hardware domain, and it has a unity mapping, + * don't remove it from the hardware domain, because BIOS may reference that + * mapping. + */ + if ( !is_hardware_domain(source) ) { - list_move(&pdev->domain_list, &target->pdev_list); - pdev->domain = target; + rc = amd_iommu_reserve_domain_unity_unmap( + source, + ivrs_mappings[get_dma_requestor_id(pdev->seg, bdf)].unity_map); + if ( rc ) + return rc; + } + + if ( devfn == pdev->devfn && pdev->domain != dom_io ) + { + list_move(&pdev->domain_list, &dom_io->pdev_list); + pdev->domain = dom_io; } rc = amd_iommu_setup_domain_device(target, iommu, devfn, pdev); @@ -374,6 +389,12 @@ static int reassign_device(struct domain *source, struct domain *target, AMD_IOMMU_DEBUG("Re-assign %pp from dom%d to dom%d\n", &pdev->sbdf, source->domain_id, target->domain_id); + if ( devfn == pdev->devfn && pdev->domain != target ) + { + list_move(&pdev->domain_list, &target->pdev_list); + pdev->domain = target; + } + return 0; } @@ -384,20 +405,28 @@ static int amd_iommu_assign_device(struct domain *d, u8 devfn, struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); int bdf = PCI_BDF2(pdev->bus, devfn); int req_id = get_dma_requestor_id(pdev->seg, bdf); - const struct ivrs_unity_map *unity_map; + int rc = amd_iommu_reserve_domain_unity_map( + d, ivrs_mappings[req_id].unity_map, flag); + + if ( !rc ) + rc = reassign_device(pdev->domain, d, devfn, pdev); - for ( unity_map = ivrs_mappings[req_id].unity_map; unity_map; - unity_map = unity_map->next ) + if ( rc && !is_hardware_domain(d) ) { - int rc = amd_iommu_reserve_domain_unity_map( - d, unity_map->addr, unity_map->length, - unity_map->write, unity_map->read); + int ret = amd_iommu_reserve_domain_unity_unmap( + d, ivrs_mappings[req_id].unity_map); - if ( rc ) - return rc; + if ( ret ) + { + printk(XENLOG_ERR "AMD-Vi: " + "unity-unmap for %pd/%04x:%02x:%02x.%u failed (%d)\n", + d, pdev->seg, pdev->bus, + PCI_SLOT(devfn), PCI_FUNC(devfn), ret); + domain_crash(d); + } } - return reassign_device(pdev->domain, d, devfn, pdev); + return rc; } static void amd_iommu_clear_root_pgtable(struct domain *d) @@ -411,6 +440,7 @@ static void amd_iommu_clear_root_pgtable(struct domain *d) static void amd_iommu_domain_destroy(struct domain *d) { + iommu_identity_map_teardown(d); ASSERT(!dom_iommu(d)->arch.amd.root_table); } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 12:22:57 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 12:22:57 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172160.313950 (Exim 4.92) (envelope-from ) id 1mIrvl-0007bz-8j; Wed, 25 Aug 2021 12:22:57 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172160.313950; Wed, 25 Aug 2021 12:22:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIrvl-0007bk-5u; Wed, 25 Aug 2021 12:22:57 +0000 Received: by outflank-mailman (input) for mailman id 172160; Wed, 25 Aug 2021 12:22:56 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIrvk-0007ba-LS for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:22:56 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIrvk-0003vM-Kk for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:22:56 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIrvk-0002I7-K0 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:22:56 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+tbashXv/bV+aJcpIb0ThvIbKrIic6T89ic347esEhY=; b=NJCK6hkHG8zZDCIxOyMSWPTeis a22keUGb2pvfHA07oG0CNMTIkpSFmiVerfnJMIExKT+FDv7pPxB3vXxLHZn0D4SroRlOfNoDYAOz4 J6cUDJUGikkQ0m9RnGmj29t5208kA5J8hwRE73G1gV+8MH1bkj1/dOzj1IV3np79Vcbw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] AMD/IOMMU: re-arrange exclusion range and unity map recording Message-Id: Date: Wed, 25 Aug 2021 12:22:56 +0000 commit 8ea80530cd0dbb8ffa7ac92606a3ee29663fdc93 Author: Jan Beulich AuthorDate: Wed Aug 25 14:16:46 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:16:46 2021 +0200 AMD/IOMMU: re-arrange exclusion range and unity map recording The spec makes no provisions for OS behavior here to depend on the amount of RAM found on the system. While the spec may not sufficiently clearly distinguish both kinds of regions, they are surely meant to be separate things: Only regions with ACPI_IVMD_EXCLUSION_RANGE set should be candidates for putting in the exclusion range registers. (As there's only a single such pair of registers per IOMMU, secondary non-adjacent regions with the flag set already get converted to unity mapped regions.) First of all, drop the dependency on max_page. With commit b4f042236ae0 ("AMD/IOMMU: Cease using a dynamic height for the IOMMU pagetables") the use of it here was stale anyway; it was bogus already before, as it didn't account for max_page getting increased later on. Simply try an exclusion range registration first, and if it fails (for being unsuitable or non-mergeable), register a unity mapping range. With this various local variables become unnecessary and hence get dropped at the same time. With the max_page boundary dropped for using unity maps, the minimum page table tree height now needs both recording and enforcing in amd_iommu_domain_init(). Since we can't predict which devices may get assigned to a domain, our only option is to uniformly force at least that height for all domains, now that the height isn't dynamic anymore. Further don't make use of the exclusion range unless ACPI data says so. Note that exclusion range registration in register_range_for_all_devices() is on a best effort basis. Hence unity map entries also registered are redundant when the former succeeded, but they also do no harm. Improvements in this area can be done later imo. Also adjust types where suitable without touching extra lines. This is part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant --- xen/drivers/passthrough/amd/iommu.h | 2 + xen/drivers/passthrough/amd/iommu_acpi.c | 184 ++++++++++++---------------- xen/drivers/passthrough/amd/pci_amd_iommu.c | 12 +- 3 files changed, 90 insertions(+), 108 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index ee4ef645fe..721d0c395b 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -304,6 +304,8 @@ extern struct hpet_sbdf { } init; } hpet_sbdf; +extern int amd_iommu_min_paging_mode; + extern void *shared_intremap_table; extern unsigned long *shared_intremap_inuse; diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c b/xen/drivers/passthrough/amd/iommu_acpi.c index f98a936ecd..2fdebd2d74 100644 --- a/xen/drivers/passthrough/amd/iommu_acpi.c +++ b/xen/drivers/passthrough/amd/iommu_acpi.c @@ -117,12 +117,8 @@ static struct amd_iommu * __init find_iommu_from_bdf_cap( } static int __init reserve_iommu_exclusion_range( - struct amd_iommu *iommu, uint64_t base, uint64_t limit, - bool all, bool iw, bool ir) + struct amd_iommu *iommu, paddr_t base, paddr_t limit, bool all) { - if ( !ir || !iw ) - return -EPERM; - /* need to extend exclusion range? */ if ( iommu->exclusion_enable ) { @@ -151,14 +147,18 @@ static int __init reserve_unity_map_for_device( { struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(seg); struct ivrs_unity_map *unity_map = ivrs_mappings[bdf].unity_map; + int paging_mode = amd_iommu_get_paging_mode(PFN_UP(base + length)); + + if ( paging_mode < 0 ) + return paging_mode; /* Check for overlaps. */ for ( ; unity_map; unity_map = unity_map->next ) { /* * Exact matches are okay. This can in particular happen when - * register_exclusion_range_for_device() calls here twice for the - * same (s,b,d,f). + * register_range_for_device() calls here twice for the same + * (s,b,d,f). */ if ( base == unity_map->addr && length == unity_map->length && ir == unity_map->read && iw == unity_map->write ) @@ -186,55 +186,52 @@ static int __init reserve_unity_map_for_device( unity_map->next = ivrs_mappings[bdf].unity_map; ivrs_mappings[bdf].unity_map = unity_map; + if ( paging_mode > amd_iommu_min_paging_mode ) + amd_iommu_min_paging_mode = paging_mode; + return 0; } -static int __init register_exclusion_range_for_all_devices( - unsigned long base, unsigned long limit, u8 iw, u8 ir) +static int __init register_range_for_all_devices( + paddr_t base, paddr_t limit, bool iw, bool ir, bool exclusion) { int seg = 0; /* XXX */ - unsigned long range_top, iommu_top, length; struct amd_iommu *iommu; - unsigned int bdf; int rc = 0; /* is part of exclusion range inside of IOMMU virtual address space? */ /* note: 'limit' parameter is assumed to be page-aligned */ - range_top = limit + PAGE_SIZE; - iommu_top = max_page * PAGE_SIZE; - if ( base < iommu_top ) - { - if ( range_top > iommu_top ) - range_top = iommu_top; - length = range_top - base; - /* reserve r/w unity-mapped page entries for devices */ - /* note: these entries are part of the exclusion range */ - for ( bdf = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) - rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); - /* push 'base' just outside of virtual address space */ - base = iommu_top; - } - /* register IOMMU exclusion range settings */ - if ( !rc && limit >= iommu_top ) + if ( exclusion ) { for_each_amd_iommu( iommu ) { - rc = reserve_iommu_exclusion_range(iommu, base, limit, - true /* all */, iw, ir); - if ( rc ) - break; + int ret = reserve_iommu_exclusion_range(iommu, base, limit, + true /* all */); + + if ( ret && !rc ) + rc = ret; } } + if ( !exclusion || rc ) + { + paddr_t length = limit + PAGE_SIZE - base; + unsigned int bdf; + + /* reserve r/w unity-mapped page entries for devices */ + for ( bdf = rc = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) + rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); + } + return rc; } -static int __init register_exclusion_range_for_device( - u16 bdf, unsigned long base, unsigned long limit, u8 iw, u8 ir) +static int __init register_range_for_device( + unsigned int bdf, paddr_t base, paddr_t limit, + bool iw, bool ir, bool exclusion) { int seg = 0; /* XXX */ struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(seg); - unsigned long range_top, iommu_top, length; struct amd_iommu *iommu; u16 req; int rc = 0; @@ -248,27 +245,19 @@ static int __init register_exclusion_range_for_device( req = ivrs_mappings[bdf].dte_requestor_id; /* note: 'limit' parameter is assumed to be page-aligned */ - range_top = limit + PAGE_SIZE; - iommu_top = max_page * PAGE_SIZE; - if ( base < iommu_top ) + if ( exclusion ) + rc = reserve_iommu_exclusion_range(iommu, base, limit, + false /* all */); + if ( !exclusion || rc ) { - if ( range_top > iommu_top ) - range_top = iommu_top; - length = range_top - base; + paddr_t length = limit + PAGE_SIZE - base; + /* reserve unity-mapped page entries for device */ - /* note: these entries are part of the exclusion range */ rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir) ?: reserve_unity_map_for_device(seg, req, base, length, iw, ir); - - /* push 'base' just outside of virtual address space */ - base = iommu_top; } - - /* register IOMMU exclusion range settings for device */ - if ( !rc && limit >= iommu_top ) + else { - rc = reserve_iommu_exclusion_range(iommu, base, limit, - false /* all */, iw, ir); ivrs_mappings[bdf].dte_allow_exclusion = true; ivrs_mappings[req].dte_allow_exclusion = true; } @@ -276,53 +265,42 @@ static int __init register_exclusion_range_for_device( return rc; } -static int __init register_exclusion_range_for_iommu_devices( - struct amd_iommu *iommu, - unsigned long base, unsigned long limit, u8 iw, u8 ir) +static int __init register_range_for_iommu_devices( + struct amd_iommu *iommu, paddr_t base, paddr_t limit, + bool iw, bool ir, bool exclusion) { - unsigned long range_top, iommu_top, length; + /* note: 'limit' parameter is assumed to be page-aligned */ + paddr_t length = limit + PAGE_SIZE - base; unsigned int bdf; u16 req; - int rc = 0; + int rc; - /* is part of exclusion range inside of IOMMU virtual address space? */ - /* note: 'limit' parameter is assumed to be page-aligned */ - range_top = limit + PAGE_SIZE; - iommu_top = max_page * PAGE_SIZE; - if ( base < iommu_top ) + if ( exclusion ) { - if ( range_top > iommu_top ) - range_top = iommu_top; - length = range_top - base; - /* reserve r/w unity-mapped page entries for devices */ - /* note: these entries are part of the exclusion range */ - for ( bdf = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) - { - if ( iommu == find_iommu_for_device(iommu->seg, bdf) ) - { - req = get_ivrs_mappings(iommu->seg)[bdf].dte_requestor_id; - rc = reserve_unity_map_for_device(iommu->seg, bdf, base, length, - iw, ir) ?: - reserve_unity_map_for_device(iommu->seg, req, base, length, - iw, ir); - } - } - - /* push 'base' just outside of virtual address space */ - base = iommu_top; + rc = reserve_iommu_exclusion_range(iommu, base, limit, true /* all */); + if ( !rc ) + return 0; } - /* register IOMMU exclusion range settings */ - if ( !rc && limit >= iommu_top ) - rc = reserve_iommu_exclusion_range(iommu, base, limit, - true /* all */, iw, ir); + /* reserve unity-mapped page entries for devices */ + for ( bdf = rc = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) + { + if ( iommu != find_iommu_for_device(iommu->seg, bdf) ) + continue; + + req = get_ivrs_mappings(iommu->seg)[bdf].dte_requestor_id; + rc = reserve_unity_map_for_device(iommu->seg, bdf, base, length, + iw, ir) ?: + reserve_unity_map_for_device(iommu->seg, req, base, length, + iw, ir); + } return rc; } static int __init parse_ivmd_device_select( const struct acpi_ivrs_memory *ivmd_block, - unsigned long base, unsigned long limit, u8 iw, u8 ir) + paddr_t base, paddr_t limit, bool iw, bool ir, bool exclusion) { u16 bdf; @@ -333,12 +311,12 @@ static int __init parse_ivmd_device_select( return -ENODEV; } - return register_exclusion_range_for_device(bdf, base, limit, iw, ir); + return register_range_for_device(bdf, base, limit, iw, ir, exclusion); } static int __init parse_ivmd_device_range( const struct acpi_ivrs_memory *ivmd_block, - unsigned long base, unsigned long limit, u8 iw, u8 ir) + paddr_t base, paddr_t limit, bool iw, bool ir, bool exclusion) { unsigned int first_bdf, last_bdf, bdf; int error; @@ -360,15 +338,15 @@ static int __init parse_ivmd_device_range( } for ( bdf = first_bdf, error = 0; (bdf <= last_bdf) && !error; bdf++ ) - error = register_exclusion_range_for_device( - bdf, base, limit, iw, ir); + error = register_range_for_device( + bdf, base, limit, iw, ir, exclusion); return error; } static int __init parse_ivmd_device_iommu( const struct acpi_ivrs_memory *ivmd_block, - unsigned long base, unsigned long limit, u8 iw, u8 ir) + paddr_t base, paddr_t limit, bool iw, bool ir, bool exclusion) { int seg = 0; /* XXX */ struct amd_iommu *iommu; @@ -383,14 +361,14 @@ static int __init parse_ivmd_device_iommu( return -ENODEV; } - return register_exclusion_range_for_iommu_devices( - iommu, base, limit, iw, ir); + return register_range_for_iommu_devices( + iommu, base, limit, iw, ir, exclusion); } static int __init parse_ivmd_block(const struct acpi_ivrs_memory *ivmd_block) { unsigned long start_addr, mem_length, base, limit; - u8 iw, ir; + bool iw = true, ir = true, exclusion = false; if ( ivmd_block->header.length < sizeof(*ivmd_block) ) { @@ -407,13 +385,11 @@ static int __init parse_ivmd_block(const struct acpi_ivrs_memory *ivmd_block) ivmd_block->header.type, start_addr, mem_length); if ( ivmd_block->header.flags & ACPI_IVMD_EXCLUSION_RANGE ) - iw = ir = IOMMU_CONTROL_ENABLED; + exclusion = true; else if ( ivmd_block->header.flags & ACPI_IVMD_UNITY ) { - iw = ivmd_block->header.flags & ACPI_IVMD_READ ? - IOMMU_CONTROL_ENABLED : IOMMU_CONTROL_DISABLED; - ir = ivmd_block->header.flags & ACPI_IVMD_WRITE ? - IOMMU_CONTROL_ENABLED : IOMMU_CONTROL_DISABLED; + iw = ivmd_block->header.flags & ACPI_IVMD_READ; + ir = ivmd_block->header.flags & ACPI_IVMD_WRITE; } else { @@ -424,20 +400,20 @@ static int __init parse_ivmd_block(const struct acpi_ivrs_memory *ivmd_block) switch( ivmd_block->header.type ) { case ACPI_IVRS_TYPE_MEMORY_ALL: - return register_exclusion_range_for_all_devices( - base, limit, iw, ir); + return register_range_for_all_devices( + base, limit, iw, ir, exclusion); case ACPI_IVRS_TYPE_MEMORY_ONE: - return parse_ivmd_device_select(ivmd_block, - base, limit, iw, ir); + return parse_ivmd_device_select(ivmd_block, base, limit, + iw, ir, exclusion); case ACPI_IVRS_TYPE_MEMORY_RANGE: - return parse_ivmd_device_range(ivmd_block, - base, limit, iw, ir); + return parse_ivmd_device_range(ivmd_block, base, limit, + iw, ir, exclusion); case ACPI_IVRS_TYPE_MEMORY_IOMMU: - return parse_ivmd_device_iommu(ivmd_block, - base, limit, iw, ir); + return parse_ivmd_device_iommu(ivmd_block, base, limit, + iw, ir, exclusion); default: AMD_IOMMU_DEBUG("IVMD Error: Invalid Block Type!\n"); diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 8c35f6d0f2..342fce6fff 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -246,6 +246,8 @@ int amd_iommu_alloc_root(struct domain *d) return 0; } +int __read_mostly amd_iommu_min_paging_mode = 1; + static int amd_iommu_domain_init(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); @@ -257,11 +259,13 @@ static int amd_iommu_domain_init(struct domain *d) * - HVM could in principle use 3 or 4 depending on how much guest * physical address space we give it, but this isn't known yet so use 4 * unilaterally. + * - Unity maps may require an even higher number. */ - hd->arch.amd.paging_mode = amd_iommu_get_paging_mode( - is_hvm_domain(d) - ? 1ul << (DEFAULT_DOMAIN_ADDRESS_WIDTH - PAGE_SHIFT) - : get_upper_mfn_bound() + 1); + hd->arch.amd.paging_mode = max(amd_iommu_get_paging_mode( + is_hvm_domain(d) + ? 1ul << (DEFAULT_DOMAIN_ADDRESS_WIDTH - PAGE_SHIFT) + : get_upper_mfn_bound() + 1), + amd_iommu_min_paging_mode); return 0; } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 12:23:07 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 12:23:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172161.313954 (Exim 4.92) (envelope-from ) id 1mIrvv-0007fC-As; Wed, 25 Aug 2021 12:23:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172161.313954; Wed, 25 Aug 2021 12:23:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIrvv-0007f5-7u; Wed, 25 Aug 2021 12:23:07 +0000 Received: by outflank-mailman (input) for mailman id 172161; Wed, 25 Aug 2021 12:23:06 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIrvu-0007et-P1 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:23:06 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIrvu-0003w8-OL for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:23:06 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIrvu-0002LQ-Nd for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:23:06 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=USbSsyWWLZN+R47swSalLjT9TgC57lXMNxQ5dIEVX08=; b=s1UTDO17CZHqlAImJO8r0c9INC jodDSMs/orNfLSzxS4VhOy8+BGUhMG4uGehDOmJ+K2rDnEqbRzHhBdPOXWk3QzTK0AptHahXmzp4u fRwhhhXUnPitRat5PWl6qqAFV4u+m869nMFZcopmkSZVShwcRxxWl4MDgAx3ap496PBE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/p2m: introduce p2m_is_special() Message-Id: Date: Wed, 25 Aug 2021 12:23:06 +0000 commit 0bf755e2c856628e11e93c76c3e12974e9964638 Author: Jan Beulich AuthorDate: Wed Aug 25 14:17:07 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:17:07 2021 +0200 x86/p2m: introduce p2m_is_special() Seeing the similarity of grant, foreign, and (subsequently) direct-MMIO handling, introduce a new P2M type group named "special" (as in "needing special accessors to create/destroy"). Also use -EPERM instead of other error codes on the two domain_crash() paths touched. This is part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant --- xen/arch/x86/mm/p2m.c | 15 +++++++-------- xen/include/asm-x86/p2m.h | 5 +++++ 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index b8bdd55cd2..0ca849ec77 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -817,7 +817,7 @@ p2m_remove_page(struct p2m_domain *p2m, gfn_t gfn, mfn_t mfn, for ( i = 0; i < (1UL << page_order); i++ ) { p2m->get_entry(p2m, gfn_add(gfn, i), &t, &a, 0, NULL, NULL); - if ( !p2m_is_grant(t) && !p2m_is_shared(t) && !p2m_is_foreign(t) ) + if ( !p2m_is_special(t) && !p2m_is_shared(t) ) set_gpfn_from_mfn(mfn_x(mfn) + i, INVALID_M2P_ENTRY); } } @@ -954,13 +954,13 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, &ot, &a, 0, NULL, NULL); ASSERT(!p2m_is_shared(ot)); } - if ( p2m_is_grant(ot) || p2m_is_foreign(ot) ) + if ( p2m_is_special(ot) ) { - /* Really shouldn't be unmapping grant/foreign maps this way */ + /* Don't permit unmapping grant/foreign this way. */ domain_crash(d); p2m_unlock(p2m); - return -EINVAL; + return -EPERM; } else if ( p2m_is_ram(ot) && !p2m_is_paged(ot) ) { @@ -1053,8 +1053,7 @@ int p2m_change_type_one(struct domain *d, unsigned long gfn_l, struct p2m_domain *p2m = p2m_get_hostp2m(d); int rc; - BUG_ON(p2m_is_grant(ot) || p2m_is_grant(nt)); - BUG_ON(p2m_is_foreign(ot) || p2m_is_foreign(nt)); + BUG_ON(p2m_is_special(ot) || p2m_is_special(nt)); gfn_lock(p2m, gfn, 0); @@ -1300,11 +1299,11 @@ static int set_typed_p2m_entry(struct domain *d, unsigned long gfn_l, gfn_unlock(p2m, gfn, order); return cur_order + 1; } - if ( p2m_is_grant(ot) || p2m_is_foreign(ot) ) + if ( p2m_is_special(ot) ) { gfn_unlock(p2m, gfn, order); domain_crash(d); - return -ENOENT; + return -EPERM; } else if ( p2m_is_ram(ot) ) { diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index b9e35d5e71..bf9967a023 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -154,6 +154,10 @@ typedef unsigned int p2m_query_t; | p2m_to_mask(p2m_ram_logdirty) ) #define P2M_SHARED_TYPES (p2m_to_mask(p2m_ram_shared)) +/* Types established/cleaned up via special accessors. */ +#define P2M_SPECIAL_TYPES (P2M_GRANT_TYPES | \ + p2m_to_mask(p2m_map_foreign)) + /* Valid types not necessarily associated with a (valid) MFN. */ #define P2M_INVALID_MFN_TYPES (P2M_POD_TYPES \ | p2m_to_mask(p2m_mmio_direct) \ @@ -182,6 +186,7 @@ typedef unsigned int p2m_query_t; #define p2m_is_paged(_t) (p2m_to_mask(_t) & P2M_PAGED_TYPES) #define p2m_is_sharable(_t) (p2m_to_mask(_t) & P2M_SHARABLE_TYPES) #define p2m_is_shared(_t) (p2m_to_mask(_t) & P2M_SHARED_TYPES) +#define p2m_is_special(_t) (p2m_to_mask(_t) & P2M_SPECIAL_TYPES) #define p2m_is_broken(_t) (p2m_to_mask(_t) & P2M_BROKEN_TYPES) #define p2m_is_foreign(_t) (p2m_to_mask(_t) & p2m_to_mask(p2m_map_foreign)) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 12:23:17 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 12:23:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172162.313957 (Exim 4.92) (envelope-from ) id 1mIrw5-0007it-EB; Wed, 25 Aug 2021 12:23:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172162.313957; Wed, 25 Aug 2021 12:23:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIrw5-0007il-BE; Wed, 25 Aug 2021 12:23:17 +0000 Received: by outflank-mailman (input) for mailman id 172162; Wed, 25 Aug 2021 12:23:16 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIrw4-0007id-TP for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:23:16 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIrw4-0003wQ-Sg for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:23:16 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIrw4-0002Mw-RW for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:23:16 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Rw751tnXWSkEVp7/nOFn+/j2ueNIjzzghqSM8e4l/E4=; b=WxlG/bhvh4EemVPRHiQM3OEo7y uP1znY1yUbmctYscnqj1Dy9jfnqxGDZE8ifENwVlYCvNQvZgsinIJAuXl3UeG+iBLScNEFkW+0SUy cbOCUd2o3kRY8M0VuGGklD9jVcFQh0q8Xdkdu/sEjN9wVs68LBrgXhE7YhvFq5FJGiaY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/p2m: guard (in particular) identity mapping entries Message-Id: Date: Wed, 25 Aug 2021 12:23:16 +0000 commit 753cb68e653002e89fdcd1c80e52905fdbfb78cb Author: Jan Beulich AuthorDate: Wed Aug 25 14:17:32 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:17:32 2021 +0200 x86/p2m: guard (in particular) identity mapping entries Such entries, created by set_identity_p2m_entry(), should only be destroyed by clear_identity_p2m_entry(). However, similarly, entries created by set_mmio_p2m_entry() should only be torn down by clear_mmio_p2m_entry(), so the logic gets based upon p2m_mmio_direct as the entry type (separation between "ordinary" and 1:1 mappings would require a further indicator to tell apart the two). As to the guest_remove_page() change, commit 48dfb297a20a ("x86/PVH: allow guest_remove_page to remove p2m_mmio_direct pages"), which introduced the call to clear_mmio_p2m_entry(), claimed this was done for hwdom only without this actually having been the case. However, this code shouldn't be there in the first place, as MMIO entries shouldn't be dropped this way. Avoid triggering the warning again that 48dfb297a20a silenced by an adjustment to xenmem_add_to_physmap_one() instead. Note that guest_physmap_mark_populate_on_demand() gets tightened beyond the immediate purpose of this change. Note also that I didn't inspect code which isn't security supported, e.g. sharing, paging, or altp2m. This is CVE-2021-28694 / part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant --- xen/arch/x86/mm/p2m-pod.c | 12 ++++++------ xen/arch/x86/mm/p2m.c | 15 +++++++++------ xen/common/memory.c | 11 ++++++++++- xen/include/asm-x86/p2m.h | 13 ++----------- 4 files changed, 27 insertions(+), 24 deletions(-) diff --git a/xen/arch/x86/mm/p2m-pod.c b/xen/arch/x86/mm/p2m-pod.c index ae153fa6e6..8abc57265c 100644 --- a/xen/arch/x86/mm/p2m-pod.c +++ b/xen/arch/x86/mm/p2m-pod.c @@ -1299,17 +1299,17 @@ guest_physmap_mark_populate_on_demand(struct domain *d, unsigned long gfn_l, p2m->get_entry(p2m, gfn_add(gfn, i), &ot, &a, 0, &cur_order, NULL); n = 1UL << min(order, cur_order); - if ( p2m_is_ram(ot) ) + if ( ot == p2m_populate_on_demand ) + { + /* Count how many PoD entries we'll be replacing if successful */ + pod_count += n; + } + else if ( ot != p2m_invalid && ot != p2m_mmio_dm ) { P2M_DEBUG("gfn_to_mfn returned type %d!\n", ot); rc = -EBUSY; goto out; } - else if ( ot == p2m_populate_on_demand ) - { - /* Count how man PoD entries we'll be replacing if successful */ - pod_count += n; - } } /* Now, actually do the two-way mapping */ diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 0ca849ec77..09cbd8a07d 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -805,7 +805,8 @@ p2m_remove_page(struct p2m_domain *p2m, gfn_t gfn, mfn_t mfn, &cur_order, NULL); if ( p2m_is_valid(t) && - (!mfn_valid(mfn) || !mfn_eq(mfn_add(mfn, i), mfn_return)) ) + (!mfn_valid(mfn) || t == p2m_mmio_direct || + !mfn_eq(mfn_add(mfn, i), mfn_return)) ) return -EILSEQ; i += (1UL << cur_order) - @@ -912,7 +913,7 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, if ( p2m_is_foreign(t) ) return -EINVAL; - if ( !mfn_valid(mfn) ) + if ( !mfn_valid(mfn) || t == p2m_mmio_direct ) { ASSERT_UNREACHABLE(); return -EINVAL; @@ -956,7 +957,7 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, } if ( p2m_is_special(ot) ) { - /* Don't permit unmapping grant/foreign this way. */ + /* Don't permit unmapping grant/foreign/direct-MMIO this way. */ domain_crash(d); p2m_unlock(p2m); @@ -1364,8 +1365,8 @@ int set_mmio_p2m_entry(struct domain *d, gfn_t gfn, mfn_t mfn, * order+1 for caller to retry with order (guaranteed smaller than * the order value passed in) */ -int clear_mmio_p2m_entry(struct domain *d, unsigned long gfn_l, mfn_t mfn, - unsigned int order) +static int clear_mmio_p2m_entry(struct domain *d, unsigned long gfn_l, + mfn_t mfn, unsigned int order) { int rc = -EINVAL; gfn_t gfn = _gfn(gfn_l); @@ -2766,7 +2767,9 @@ int xenmem_add_to_physmap_one( /* Remove previously mapped page if it was present. */ prev_mfn = get_gfn(d, gfn_x(gpfn), &p2mt); - if ( mfn_valid(prev_mfn) ) + if ( p2mt == p2m_mmio_direct ) + rc = -EPERM; + else if ( mfn_valid(prev_mfn) ) { if ( is_special_page(mfn_to_page(prev_mfn)) ) /* Special pages are simply unhooked from this phys slot. */ diff --git a/xen/common/memory.c b/xen/common/memory.c index e07bd9a5ea..74babb0bd7 100644 --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -332,7 +332,7 @@ int guest_remove_page(struct domain *d, unsigned long gmfn) } if ( p2mt == p2m_mmio_direct ) { - rc = clear_mmio_p2m_entry(d, gmfn, mfn, PAGE_ORDER_4K); + rc = -EPERM; goto out_put_gfn; } #else @@ -1888,6 +1888,15 @@ int check_get_page_from_gfn(struct domain *d, gfn_t gfn, bool readonly, return -EAGAIN; } #endif +#ifdef CONFIG_X86 + if ( p2mt == p2m_mmio_direct ) + { + if ( page ) + put_page(page); + + return -EPERM; + } +#endif if ( !page ) return -EINVAL; diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index bf9967a023..c6d41ac0b6 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -156,7 +156,8 @@ typedef unsigned int p2m_query_t; /* Types established/cleaned up via special accessors. */ #define P2M_SPECIAL_TYPES (P2M_GRANT_TYPES | \ - p2m_to_mask(p2m_map_foreign)) + p2m_to_mask(p2m_map_foreign) | \ + p2m_to_mask(p2m_mmio_direct)) /* Valid types not necessarily associated with a (valid) MFN. */ #define P2M_INVALID_MFN_TYPES (P2M_POD_TYPES \ @@ -627,19 +628,9 @@ int p2m_finish_type_change(struct domain *d, int p2m_is_logdirty_range(struct p2m_domain *, unsigned long start, unsigned long end); -#ifdef CONFIG_HVM /* Set mmio addresses in the p2m table (for pass-through) */ int set_mmio_p2m_entry(struct domain *d, gfn_t gfn, mfn_t mfn, unsigned int order); -int clear_mmio_p2m_entry(struct domain *d, unsigned long gfn, mfn_t mfn, - unsigned int order); -#else -static inline int clear_mmio_p2m_entry(struct domain *d, unsigned long gfn, - mfn_t mfn, unsigned int order) -{ - return -EIO; -} -#endif /* Set identity addresses in the p2m table (for pass-through) */ int set_identity_p2m_entry(struct domain *d, unsigned long gfn, -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 12:23:28 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 12:23:28 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172163.313962 (Exim 4.92) (envelope-from ) id 1mIrwG-0007m2-Fl; Wed, 25 Aug 2021 12:23:28 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172163.313962; Wed, 25 Aug 2021 12:23:28 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIrwG-0007lu-Co; Wed, 25 Aug 2021 12:23:28 +0000 Received: by outflank-mailman (input) for mailman id 172163; Wed, 25 Aug 2021 12:23:27 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIrwF-0007lg-14 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:23:27 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIrwF-0003wg-0H for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:23:27 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIrwE-0002OC-Vf for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:23:26 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=a+t/OnUYptGK8EUTXwhc2xskngXXSb1ffikfQm+2AMk=; b=ZHLgEaKlAipDQSsZdraMi1WWfi dLSqZijwwSjE13FzO+nz1N03GRoaGp1ZEBPyCDcw0RtbC3nRCWz+hV7Ksjb7Wa9OjMUIeb+Plyzfw CMxR4a0UP54le+FB9LeoGHVZENGhP3R9QUxyLEWLX4bn98FBiIMsPli4wy2LBMQkpwG8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/mm: widen locked region in xenmem_add_to_physmap_one() Message-Id: Date: Wed, 25 Aug 2021 12:23:26 +0000 commit f147422bf9476fb8161b43e35f5901571ed17c35 Author: Jan Beulich AuthorDate: Wed Aug 25 14:17:56 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:17:56 2021 +0200 x86/mm: widen locked region in xenmem_add_to_physmap_one() For pages which can be made part of the P2M by the guest, but which can also later be de-allocated (grant table v2 status pages being the present example), it is imperative that they be mapped at no more than a single GFN. We therefore need to make sure that of two parallel XENMAPSPACE_grant_table requests for the same status page one completes before the second checks at which other GFN the underlying MFN is presently mapped. Pull ahead the respective get_gfn() and push down the respective put_gfn(). This leverages that gfn_lock() really aliases p2m_lock(), but the function makes this assumption already anyway: In the XENMAPSPACE_gmfn case lock nesting constraints for both involved GFNs would otherwise need to be enforced to avoid ABBA deadlocks. This is CVE-2021-28697 / XSA-379. Signed-off-by: Jan Beulich Reviewed-by: Julien Grall --- xen/arch/x86/mm/p2m.c | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 09cbd8a07d..1d17499543 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -2756,17 +2756,29 @@ int xenmem_add_to_physmap_one( goto put_both; } + /* + * Note that we're (ab)using GFN locking (to really be locking of the + * entire P2M) here in (at least) two ways: Finer grained locking would + * expose lock order violations in the XENMAPSPACE_gmfn case (due to the + * earlier get_gfn_unshare() above). Plus at the very least for the grant + * table v2 status page case we need to guarantee that the same page can + * only appear at a single GFN. While this is a property we want in + * general, for pages which can subsequently be freed this imperative: + * Upon freeing we wouldn't be able to find other mappings in the P2M + * (unless we did a brute force search). + */ + prev_mfn = get_gfn(d, gfn_x(gpfn), &p2mt); + /* XENMAPSPACE_gmfn: Check if the MFN is associated with another GFN. */ old_gpfn = get_gpfn_from_mfn(mfn_x(mfn)); ASSERT(!SHARED_M2P(old_gpfn)); if ( space == XENMAPSPACE_gmfn && old_gpfn != gfn ) { rc = -EXDEV; - goto put_both; + goto put_all; } /* Remove previously mapped page if it was present. */ - prev_mfn = get_gfn(d, gfn_x(gpfn), &p2mt); if ( p2mt == p2m_mmio_direct ) rc = -EPERM; else if ( mfn_valid(prev_mfn) ) @@ -2778,20 +2790,18 @@ int xenmem_add_to_physmap_one( /* Normal domain memory is freed, to avoid leaking memory. */ rc = guest_remove_page(d, gfn_x(gpfn)); } - /* In the XENMAPSPACE_gmfn case we still hold a ref on the old page. */ - put_gfn(d, gfn_x(gpfn)); - - if ( rc ) - goto put_both; /* Unmap from old location, if any. */ - if ( old_gpfn != INVALID_M2P_ENTRY ) + if ( !rc && old_gpfn != INVALID_M2P_ENTRY ) rc = guest_physmap_remove_page(d, _gfn(old_gpfn), mfn, PAGE_ORDER_4K); /* Map at new location. */ if ( !rc ) rc = guest_physmap_add_page(d, gpfn, mfn, PAGE_ORDER_4K); + put_all: + put_gfn(d, gfn_x(gpfn)); + put_both: /* * In the XENMAPSPACE_gmfn case, we took a ref of the gfn at the top. -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 12:23:38 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 12:23:38 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172164.313966 (Exim 4.92) (envelope-from ) id 1mIrwQ-0007pJ-HU; Wed, 25 Aug 2021 12:23:38 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172164.313966; Wed, 25 Aug 2021 12:23:38 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIrwQ-0007pB-EQ; Wed, 25 Aug 2021 12:23:38 +0000 Received: by outflank-mailman (input) for mailman id 172164; Wed, 25 Aug 2021 12:23:37 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIrwP-0007p0-4m for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:23:37 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIrwP-0003wr-45 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:23:37 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIrwP-0002Ph-3F for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:23:37 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=M+YUE1JsxImAPIVnRKKTqJJo+ezwqzewH6CvCygRbgs=; b=5GGIjT9XeEWIUEe3PNkfwDFx9R Jj/UrGHGaxG68vovfM/fgWvP3RvYGmmF0FSpNvwztN/Zb49xuy2BkvjjNekcIYYbDQEQcz21zDxM8 0yqIzHTnSh1MDMdfUhHo37xXtSPoqdzA/3EE8s8fcyinu0Y2FCRa77njGPCLXp7Yitr4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] gnttab: add preemption check to gnttab_release_mappings() Message-Id: Date: Wed, 25 Aug 2021 12:23:37 +0000 commit b1ee10be5625b7d502cef1e6ee3818610ab0d29c Author: Jan Beulich AuthorDate: Wed Aug 25 14:18:18 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:18:18 2021 +0200 gnttab: add preemption check to gnttab_release_mappings() A guest may die with many grant mappings still in place, or simply with a large maptrack table. Iterating through this may take more time than is reasonable without intermediate preemption (to run softirqs and perhaps the scheduler). Move the invocation of the function to the section where other restartable functions get invoked, and have the function itself check for preemption every once in a while. Have it iterate the table backwards, such that decreasing the maptrack limit is all it takes to convey restart information. In domain_teardown() introduce PROG_none such that inserting at the front will be easier going forward. This is part of CVE-2021-28698 / XSA-380. Reported-by: Andrew Cooper Signed-off-by: Jan Beulich Reviewed-by: Julien Grall --- xen/common/domain.c | 12 ++++++++--- xen/common/grant_table.c | 46 ++++++++++++++++++++++++++++++++++++------- xen/include/xen/grant_table.h | 6 ++---- 3 files changed, 50 insertions(+), 14 deletions(-) diff --git a/xen/common/domain.c b/xen/common/domain.c index 6b71c6d6a9..14b1341e53 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -412,11 +412,18 @@ static int domain_teardown(struct domain *d) v = d->teardown.vcpu enum { - PROG_vcpu_teardown = 1, + PROG_none, + PROG_gnttab_mappings, + PROG_vcpu_teardown, PROG_done, }; - case 0: + case PROG_none: + rc = gnttab_release_mappings(d); + if ( rc ) + return rc; + + PROGRESS(gnttab_mappings): for_each_vcpu ( d, v ) { PROGRESS_VCPU(teardown); @@ -908,7 +915,6 @@ int domain_kill(struct domain *d) return domain_kill(d); d->is_dying = DOMDYING_dying; argo_destroy(d); - gnttab_release_mappings(d); vnuma_destroy(d->vnuma); domain_set_outstanding_pages(d, 0); /* fallthrough */ diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index fab77ab9cc..17cce0154a 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -64,7 +64,13 @@ struct grant_table { unsigned int nr_grant_frames; /* Number of grant status frames shared with guest (for version 2) */ unsigned int nr_status_frames; - /* Number of available maptrack entries. */ + /* + * Number of available maptrack entries. For cleanup purposes it is + * important to realize that this field and @maptrack further down will + * only ever be accessed by the local domain. Thus it is okay to clean + * up early, and to shrink the limit for the purpose of tracking cleanup + * progress. + */ unsigned int maptrack_limit; /* Shared grant table (see include/public/grant_table.h). */ union { @@ -3679,9 +3685,7 @@ do_grant_table_op( #include "compat/grant_table.c" #endif -void -gnttab_release_mappings( - struct domain *d) +int gnttab_release_mappings(struct domain *d) { struct grant_table *gt = d->grant_table, *rgt; struct grant_mapping *map; @@ -3695,8 +3699,32 @@ gnttab_release_mappings( BUG_ON(!d->is_dying); - for ( handle = 0; handle < gt->maptrack_limit; handle++ ) + if ( !gt || !gt->maptrack ) + return 0; + + for ( handle = gt->maptrack_limit; handle; ) { + /* + * Deal with full pages such that their freeing (in the body of the + * if()) remains simple. + */ + if ( handle < gt->maptrack_limit && !(handle % MAPTRACK_PER_PAGE) ) + { + /* + * Changing maptrack_limit alters nr_maptrack_frames()'es return + * value. Free the then excess trailing page right here, rather + * than leaving it to grant_table_destroy() (and in turn requiring + * to leave gt->maptrack_limit unaltered). + */ + gt->maptrack_limit = handle; + FREE_XENHEAP_PAGE(gt->maptrack[nr_maptrack_frames(gt)]); + + if ( hypercall_preempt_check() ) + return -ERESTART; + } + + --handle; + map = &maptrack_entry(gt, handle); if ( !(map->flags & (GNTMAP_device_map|GNTMAP_host_map)) ) continue; @@ -3780,6 +3808,11 @@ gnttab_release_mappings( map->flags = 0; } + + gt->maptrack_limit = 0; + FREE_XENHEAP_PAGE(gt->maptrack[0]); + + return 0; } void grant_table_warn_active_grants(struct domain *d) @@ -3843,8 +3876,7 @@ grant_table_destroy( free_xenheap_page(t->shared_raw[i]); xfree(t->shared_raw); - for ( i = 0; i < nr_maptrack_frames(t); i++ ) - free_xenheap_page(t->maptrack[i]); + ASSERT(!t->maptrack_limit); vfree(t->maptrack); for ( i = 0; i < nr_active_grant_frames(t); i++ ) diff --git a/xen/include/xen/grant_table.h b/xen/include/xen/grant_table.h index 9f8b7e66c1..41713e2726 100644 --- a/xen/include/xen/grant_table.h +++ b/xen/include/xen/grant_table.h @@ -47,9 +47,7 @@ void grant_table_init_vcpu(struct vcpu *v); void grant_table_warn_active_grants(struct domain *d); /* Domain death release of granted mappings of other domains' memory. */ -void -gnttab_release_mappings( - struct domain *d); +int gnttab_release_mappings(struct domain *d); int mem_sharing_gref_to_gfn(struct grant_table *gt, grant_ref_t ref, gfn_t *gfn, uint16_t *status); @@ -80,7 +78,7 @@ static inline void grant_table_init_vcpu(struct vcpu *v) {} static inline void grant_table_warn_active_grants(struct domain *d) {} -static inline void gnttab_release_mappings(struct domain *d) {} +static inline int gnttab_release_mappings(struct domain *d) { return 0; } static inline int mem_sharing_gref_to_gfn(struct grant_table *gt, grant_ref_t ref, -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 12:23:48 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 12:23:48 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172165.313970 (Exim 4.92) (envelope-from ) id 1mIrwa-0007sr-J3; Wed, 25 Aug 2021 12:23:48 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172165.313970; Wed, 25 Aug 2021 12:23:48 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIrwa-0007sh-G0; Wed, 25 Aug 2021 12:23:48 +0000 Received: by outflank-mailman (input) for mailman id 172165; Wed, 25 Aug 2021 12:23:47 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIrwZ-0007sT-8a for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:23:47 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIrwZ-0003x2-7l for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:23:47 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIrwZ-0002Qx-6s for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:23:47 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=vSvXU3jwh/r41/2KoM4f0TW3yCSxHlirSSgDBVfnAJk=; b=O/biCZdHlL2qR6pLhnLX9lVJop 54dGwRGPqHjY1uf43IGJV2MZuld0ud+1nMOM7ydS2l+oOC8lGHmKnP+bdBcTxP0T31sOs66qkwdBE pYLmIrTrPVAkWBpG6K3Tz8NGJ9pCwUlx5PaG1xIL0hEsNDpYR7k0lAPeBAnzH6OuGLGQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] gnttab: replace mapkind() Message-Id: Date: Wed, 25 Aug 2021 12:23:47 +0000 commit 9781b51efde251efcc0291ddb1d9c7cefe2b2555 Author: Jan Beulich AuthorDate: Wed Aug 25 14:18:39 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:18:39 2021 +0200 gnttab: replace mapkind() mapkind() doesn't scale very well with larger maptrack entry counts, using a brute force linear search through all entries, with the only option of an early loop exit if a matching writable entry was found. Introduce a radix tree alongside the main maptrack table, thus allowing much faster MFN-based lookup. To avoid the need to actually allocate space for the individual nodes, encode the two counters in the node pointers themselves, thus limiting the number of permitted simultaneous r/o and r/w mappings of the same MFN to 2³¹-1 (64-bit) / 2¹⁵-1 (32-bit) each. To avoid enforcing an unnecessarily low bound on the number of simultaneous mappings of a single MFN, introduce radix_tree_{ulong_to_ptr,ptr_to_ulong} paralleling radix_tree_{int_to_ptr,ptr_to_int}. As a consequence locking changes are also applicable: With there no longer being any inspection of the remote domain's active entries, there's also no need anymore to hold the remote domain's grant table lock. And since we're no longer iterating over the local domain's map track table, the lock in map_grant_ref() can also be dropped before the new maptrack entry actually gets populated. As a nice side effect this also reduces the number of IOMMU operations in unmap_common(): Previously we would have "established" a readable mapping whenever we didn't find a writable entry anymore (yet, of course, at least one readable one). But we only need to do this if we actually dropped the last writable entry, not if there were none already before. This is part of CVE-2021-28698 / XSA-380. Signed-off-by: Jan Beulich Reviewed-by: Julien Grall --- xen/common/grant_table.c | 201 ++++++++++++++++++++++++------------------- xen/include/xen/radix-tree.h | 19 ++++ 2 files changed, 131 insertions(+), 89 deletions(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 17cce0154a..76a78df405 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -37,6 +37,7 @@ #include #include #include +#include #include #include #include @@ -82,8 +83,13 @@ struct grant_table { grant_status_t **status; /* Active grant table. */ struct active_grant_entry **active; - /* Mapping tracking table per vcpu. */ + /* Handle-indexed tracking table of mappings. */ struct grant_mapping **maptrack; + /* + * MFN-indexed tracking tree of mappings, if needed. Note that this is + * protected by @lock, not @maptrack_lock. + */ + struct radix_tree_root maptrack_tree; /* Domain to which this struct grant_table belongs. */ const struct domain *domain; @@ -516,34 +522,6 @@ static int get_paged_frame(unsigned long gfn, mfn_t *mfn, return GNTST_okay; } -static inline void -double_gt_lock(struct grant_table *lgt, struct grant_table *rgt) -{ - /* - * See mapkind() for why the write lock is also required for the - * remote domain. - */ - if ( lgt < rgt ) - { - grant_write_lock(lgt); - grant_write_lock(rgt); - } - else - { - if ( lgt != rgt ) - grant_write_lock(rgt); - grant_write_lock(lgt); - } -} - -static inline void -double_gt_unlock(struct grant_table *lgt, struct grant_table *rgt) -{ - grant_write_unlock(lgt); - if ( lgt != rgt ) - grant_write_unlock(rgt); -} - #define INVALID_MAPTRACK_HANDLE UINT_MAX static inline grant_handle_t @@ -970,41 +948,17 @@ static struct active_grant_entry *grant_map_exists(const struct domain *ld, return ERR_PTR(-EINVAL); } -#define MAPKIND_READ 1 -#define MAPKIND_WRITE 2 -static unsigned int mapkind( - struct grant_table *lgt, const struct domain *rd, mfn_t mfn) -{ - struct grant_mapping *map; - grant_handle_t handle, limit = lgt->maptrack_limit; - unsigned int kind = 0; - - /* - * Must have the local domain's grant table write lock when - * iterating over its maptrack entries. - */ - ASSERT(percpu_rw_is_write_locked(&lgt->lock)); - /* - * Must have the remote domain's grant table write lock while - * counting its active entries. - */ - ASSERT(percpu_rw_is_write_locked(&rd->grant_table->lock)); - - smp_rmb(); - - for ( handle = 0; !(kind & MAPKIND_WRITE) && handle < limit; handle++ ) - { - map = &maptrack_entry(lgt, handle); - if ( !(map->flags & (GNTMAP_device_map|GNTMAP_host_map)) || - map->domid != rd->domain_id ) - continue; - if ( mfn_eq(_active_entry(rd->grant_table, map->ref).mfn, mfn) ) - kind |= map->flags & GNTMAP_readonly ? - MAPKIND_READ : MAPKIND_WRITE; - } - - return kind; -} +union maptrack_node { + struct { + /* Radix tree slot pointers use two of the bits. */ +#ifdef __BIG_ENDIAN_BITFIELD + unsigned long : 2; +#endif + unsigned long rd : BITS_PER_LONG / 2 - 1; + unsigned long wr : BITS_PER_LONG / 2 - 1; + } cnt; + unsigned long raw; +}; static void map_grant_ref( @@ -1023,7 +977,6 @@ map_grant_ref( struct grant_mapping *mt; grant_entry_header_t *shah; uint16_t *status; - bool_t need_iommu; ld = current->domain; @@ -1244,31 +1197,75 @@ map_grant_ref( * as mem-sharing and IOMMU use are incompatible). The dom_io case would * need checking separately if we compared against owner here. */ - need_iommu = ld != rd && gnttab_need_iommu_mapping(ld); - if ( need_iommu ) - { + if ( ld != rd && gnttab_need_iommu_mapping(ld) ) + { + union maptrack_node node = { + .cnt.rd = !!(op->flags & GNTMAP_readonly), + .cnt.wr = !(op->flags & GNTMAP_readonly), + }; + int err; + void **slot = NULL; unsigned int kind; - double_gt_lock(lgt, rgt); + grant_write_lock(lgt); + + err = radix_tree_insert(&lgt->maptrack_tree, mfn_x(mfn), + radix_tree_ulong_to_ptr(node.raw)); + if ( err == -EEXIST ) + { + slot = radix_tree_lookup_slot(&lgt->maptrack_tree, mfn_x(mfn)); + if ( likely(slot) ) + { + node.raw = radix_tree_ptr_to_ulong(*slot); + err = -EBUSY; + + /* Update node only when refcount doesn't overflow. */ + if ( op->flags & GNTMAP_readonly ? ++node.cnt.rd + : ++node.cnt.wr ) + { + radix_tree_replace_slot(slot, + radix_tree_ulong_to_ptr(node.raw)); + err = 0; + } + } + else + ASSERT_UNREACHABLE(); + } /* * We're not translated, so we know that dfns and mfns are * the same things, so the IOMMU entry is always 1-to-1. */ - kind = mapkind(lgt, rd, mfn); - if ( !(op->flags & GNTMAP_readonly) && - !(kind & MAPKIND_WRITE) ) + if ( !(op->flags & GNTMAP_readonly) && node.cnt.wr == 1 ) kind = IOMMUF_readable | IOMMUF_writable; - else if ( !kind ) + else if ( (op->flags & GNTMAP_readonly) && + node.cnt.rd == 1 && !node.cnt.wr ) kind = IOMMUF_readable; else kind = 0; - if ( kind && iommu_legacy_map(ld, _dfn(mfn_x(mfn)), mfn, 1, kind) ) + if ( err || + (kind && iommu_legacy_map(ld, _dfn(mfn_x(mfn)), mfn, 1, kind)) ) { - double_gt_unlock(lgt, rgt); + if ( !err ) + { + if ( slot ) + { + op->flags & GNTMAP_readonly ? node.cnt.rd-- + : node.cnt.wr--; + radix_tree_replace_slot(slot, + radix_tree_ulong_to_ptr(node.raw)); + } + else + radix_tree_delete(&lgt->maptrack_tree, mfn_x(mfn)); + } + rc = GNTST_general_error; - goto undo_out; } + + grant_write_unlock(lgt); + + if ( rc != GNTST_okay ) + goto undo_out; } TRACE_1D(TRC_MEM_PAGE_GRANT_MAP, op->dom); @@ -1276,10 +1273,6 @@ map_grant_ref( /* * All maptrack entry users check mt->flags first before using the * other fields so just ensure the flags field is stored last. - * - * However, if gnttab_need_iommu_mapping() then this would race - * with a concurrent mapkind() call (on an unmap, for example) - * and a lock is required. */ mt = &maptrack_entry(lgt, handle); mt->domid = op->dom; @@ -1287,9 +1280,6 @@ map_grant_ref( smp_wmb(); write_atomic(&mt->flags, op->flags); - if ( need_iommu ) - double_gt_unlock(lgt, rgt); - op->dev_bus_addr = mfn_to_maddr(mfn); op->handle = handle; op->status = GNTST_okay; @@ -1497,19 +1487,34 @@ unmap_common( /* See the respective comment in map_grant_ref(). */ if ( rc == GNTST_okay && ld != rd && gnttab_need_iommu_mapping(ld) ) { - unsigned int kind; + void **slot; + union maptrack_node node; int err = 0; - double_gt_lock(lgt, rgt); + grant_write_lock(lgt); + slot = radix_tree_lookup_slot(&lgt->maptrack_tree, mfn_x(op->mfn)); + node.raw = likely(slot) ? radix_tree_ptr_to_ulong(*slot) : 0; + + /* Refcount must not underflow. */ + if ( !(flags & GNTMAP_readonly ? node.cnt.rd-- + : node.cnt.wr--) ) + BUG(); - kind = mapkind(lgt, rd, op->mfn); - if ( !kind ) + if ( !node.raw ) err = iommu_legacy_unmap(ld, _dfn(mfn_x(op->mfn)), 1); - else if ( !(kind & MAPKIND_WRITE) ) + else if ( !(flags & GNTMAP_readonly) && !node.cnt.wr ) err = iommu_legacy_map(ld, _dfn(mfn_x(op->mfn)), op->mfn, 1, IOMMUF_readable); - double_gt_unlock(lgt, rgt); + if ( err ) + ; + else if ( !node.raw ) + radix_tree_delete(&lgt->maptrack_tree, mfn_x(op->mfn)); + else + radix_tree_replace_slot(slot, + radix_tree_ulong_to_ptr(node.raw)); + + grant_write_unlock(lgt); if ( err ) rc = GNTST_general_error; @@ -1956,6 +1961,8 @@ int grant_table_init(struct domain *d, int max_grant_frames, gt->maptrack = vzalloc(gt->max_maptrack_frames * sizeof(*gt->maptrack)); if ( gt->maptrack == NULL ) goto out; + + radix_tree_init(>->maptrack_tree); } /* Shared grant table. */ @@ -3704,6 +3711,8 @@ int gnttab_release_mappings(struct domain *d) for ( handle = gt->maptrack_limit; handle; ) { + mfn_t mfn; + /* * Deal with full pages such that their freeing (in the body of the * if()) remains simple. @@ -3801,17 +3810,31 @@ int gnttab_release_mappings(struct domain *d) reduce_status_for_pin(rd, act, status, map->flags & GNTMAP_readonly); + mfn = act->mfn; + active_entry_release(act); grant_read_unlock(rgt); rcu_unlock_domain(rd); map->flags = 0; + + /* + * This is excessive in that a single such call would suffice per + * mapped MFN (or none at all, if no entry was ever inserted). But it + * should be the common case for an MFN to be mapped just once, and + * this way we don't need to further maintain the counters. We also + * don't want to leave cleaning up of the tree as a whole to the end + * of the function, as this could take quite some time. + */ + radix_tree_delete(>->maptrack_tree, mfn_x(mfn)); } gt->maptrack_limit = 0; FREE_XENHEAP_PAGE(gt->maptrack[0]); + radix_tree_destroy(>->maptrack_tree, NULL); + return 0; } diff --git a/xen/include/xen/radix-tree.h b/xen/include/xen/radix-tree.h index ec40cf1d9e..58c40312e6 100644 --- a/xen/include/xen/radix-tree.h +++ b/xen/include/xen/radix-tree.h @@ -190,6 +190,25 @@ static inline int radix_tree_ptr_to_int(void *ptr) return (int)((long)ptr >> 2); } +/** + * radix_tree_{ulong_to_ptr,ptr_to_ulong}: + * + * Same for unsigned long values. Beware though that only BITS_PER_LONG-2 + * bits are actually usable for the value. + */ +static inline void *radix_tree_ulong_to_ptr(unsigned long val) +{ + unsigned long ptr = (val << 2) | 0x2; + ASSERT((ptr >> 2) == val); + return (void *)ptr; +} + +static inline unsigned long radix_tree_ptr_to_ulong(void *ptr) +{ + ASSERT(((unsigned long)ptr & 0x3) == 0x2); + return (unsigned long)ptr >> 2; +} + int radix_tree_insert(struct radix_tree_root *, unsigned long, void *); void *radix_tree_lookup(struct radix_tree_root *, unsigned long); void **radix_tree_lookup_slot(struct radix_tree_root *, unsigned long); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 12:23:58 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 12:23:58 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172166.313974 (Exim 4.92) (envelope-from ) id 1mIrwk-0007wP-Lx; Wed, 25 Aug 2021 12:23:58 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172166.313974; Wed, 25 Aug 2021 12:23:58 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIrwk-0007wH-J2; Wed, 25 Aug 2021 12:23:58 +0000 Received: by outflank-mailman (input) for mailman id 172166; Wed, 25 Aug 2021 12:23:57 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIrwj-0007w4-CP for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:23:57 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIrwj-0003xD-Bd for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:23:57 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIrwj-0002SK-Ad for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:23:57 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=PUWU/Aqr5D+U55Gk8PcZ1pclKu0YqWQ/i+EKKHkjwuk=; b=m8sTT0hwh6VZ8zTkE3jjslEKKs KvD87AIfn9rWW9PkCaOF/PKKAlxiLd/ZJzlPLpQXaaVddJ9E5cwQ5H+GA8DfNUUEP5sX68zNCz9e1 vLnFgdzhmhjn83p9dK2Mydh0BDNpqg1aOyVsrgui7od3Yhoyh+Jr369Ul19RIKP/TIyg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] gnttab: fix array capacity check in gnttab_get_status_frames() Message-Id: Date: Wed, 25 Aug 2021 12:23:57 +0000 commit ec820035b875cdbedce5e73f481ce65963ede9ed Author: Jan Beulich AuthorDate: Wed Aug 25 14:19:09 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:19:09 2021 +0200 gnttab: fix array capacity check in gnttab_get_status_frames() The number of grant frames is of no interest here; converting the passed in op.nr_frames this way means we allow for 8 times as many GFNs to be written as actually fit in the array. We would corrupt xlat areas of higher vCPU-s (after having faulted many times while trying to write to the guard pages between any two areas) for 32-bit PV guests. For HVM guests we'd simply crash as soon as we hit the first guard page, as accesses to the xlat area are simply memcpy() there. This is CVE-2021-28699 / XSA-382. Fixes: 18b1be5e324b ("gnttab: make resource limits per domain") Signed-off-by: Jan Beulich --- xen/common/grant_table.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 76a78df405..5190461053 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -3254,12 +3254,11 @@ gnttab_get_status_frames(XEN_GUEST_HANDLE_PARAM(gnttab_get_status_frames_t) uop, goto unlock; } - if ( unlikely(limit_max < grant_to_status_frames(op.nr_frames)) ) + if ( unlikely(limit_max < op.nr_frames) ) { gdprintk(XENLOG_WARNING, - "grant_to_status_frames(%u) for d%d is too large (%u,%u)\n", - op.nr_frames, d->domain_id, - grant_to_status_frames(op.nr_frames), limit_max); + "nr_status_frames for %pd is too large (%u,%u)\n", + d, op.nr_frames, limit_max); op.status = GNTST_general_error; goto unlock; } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 12:24:08 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 12:24:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172167.313978 (Exim 4.92) (envelope-from ) id 1mIrwu-0007zx-Nt; Wed, 25 Aug 2021 12:24:08 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172167.313978; Wed, 25 Aug 2021 12:24:08 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIrwu-0007zp-KY; Wed, 25 Aug 2021 12:24:08 +0000 Received: by outflank-mailman (input) for mailman id 172167; Wed, 25 Aug 2021 12:24:07 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIrwt-0007zZ-G8 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:24:07 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIrwt-0003xu-FS for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:24:07 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIrwt-0002Tx-EP for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:24:07 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=J+vvkJuI0muzzOcj6+aguj+urOjqmIu+ubtXfvYufnA=; b=wN6dPO6OBZgnrhOuJhezB/OHHC JJdHmqezYroM1UBT72dE1gAdYqI9nBVV28pNPAoWTDjNFUAE7mwmVb6jv6v9iRWllAr7vAz3R3/M3 +7dc1tZLK1cqurM6Yc/B6zy/a5DAGroeNctNWLv3XNTjogjRq/vh7WyOq20hvO3da0uI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: Restrict the amount of memory that dom0less domU and dom0 can allocate Message-Id: Date: Wed, 25 Aug 2021 12:24:07 +0000 commit c08d68cd2aacbc7cb56e73ada241bfe4639bbc68 Author: Julien Grall AuthorDate: Wed Aug 25 14:19:31 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:19:31 2021 +0200 xen/arm: Restrict the amount of memory that dom0less domU and dom0 can allocate Currently, both dom0less domUs and dom0 can allocate an "unlimited" amount of memory because d->max_pages is set to ~0U. In particular, the former are meant to be unprivileged. Therefore the memory they could allocate should be bounded. As the domain are not yet officially aware of Xen (we don't expose advertise it in the DT, yet the hypercalls are accessible), they should not need to allocate more than the initial amount. So cap set d->max_pages directly the amount of memory we are meant to allocate. Take the opportunity to also restrict the memory for dom0 as the domain is direct mapped (e.g. MFN == GFN) and therefore cannot allocate outside of the pre-allocated region. This is CVE-2021-28700 / XSA-383. Reported-by: Julien Grall Signed-off-by: Julien Grall Reviewed-by: Stefano Stabellini Tested-by: Stefano Stabellini --- xen/arch/arm/domain_build.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index 6c86d52781..206038d1c0 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -2440,7 +2440,8 @@ static int __init construct_domU(struct domain *d, if ( vcpu_create(d, 0) == NULL ) return -ENOMEM; - d->max_pages = ~0U; + + d->max_pages = ((paddr_t)mem * SZ_1K) >> PAGE_SHIFT; kinfo.d = d; @@ -2546,7 +2547,7 @@ static int __init construct_dom0(struct domain *d) iommu_hwdom_init(d); - d->max_pages = ~0U; + d->max_pages = dom0_mem >> PAGE_SHIFT; kinfo.unassigned_mem = dom0_mem; kinfo.d = d; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 12:24:18 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 12:24:18 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172168.313982 (Exim 4.92) (envelope-from ) id 1mIrx4-00082p-P7; Wed, 25 Aug 2021 12:24:18 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172168.313982; Wed, 25 Aug 2021 12:24:18 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIrx4-00082h-M7; Wed, 25 Aug 2021 12:24:18 +0000 Received: by outflank-mailman (input) for mailman id 172168; Wed, 25 Aug 2021 12:24:17 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIrx3-00082U-Rw for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:24:17 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIrx3-0003yA-RI for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:24:17 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIrx3-0002Vu-QP for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:24:17 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=IyS+fcSmk+TIO7FzG2SWAZRNrl1YMlMB1OmObJouh4k=; b=tihv02+DnmHBkbGKHCrlNIaOYH Dn3hJE8SqsPmU1YA79cUxnoFEGCF++oLRw/McJQsv8YYfuV5aA7mDi7TegBCNFBtd7zUT4zZBRF/h YAUj8lpbt0A7wCuNGrB4pFVEQh4Ug+KXIcTnjpBOabxeZiKzsQojvDTbNNEebUZOLjBg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.12] tools/firmware/ovmf: Use OvmfXen platform file is exist Message-Id: Date: Wed, 25 Aug 2021 12:24:17 +0000 commit 7dadebd8d2c8c2a42d0ff3f022a63d6225297058 Author: Anthony PERARD AuthorDate: Tue Jun 1 11:28:03 2021 +0100 Commit: Ian Jackson CommitDate: Wed Aug 25 13:20:08 2021 +0100 tools/firmware/ovmf: Use OvmfXen platform file is exist A platform introduced in EDK II named OvmfXen is now the one to use for Xen instead of OvmfX64. It comes with PVH support. Also, the Xen support in OvmfX64 is deprecated, "deprecation notice: *dynamic* multi-VMM (QEMU vs. Xen) support in OvmfPkg" https://edk2.groups.io/g/devel/message/75498 Signed-off-by: Anthony PERARD Acked-by: Ian Jackson (cherry picked from commit aad7b5c11d51d57659978e04702ac970906894e8) (cherry picked from commit 7988ef515a5eabe74bb5468c8c692e03ee9db8bc) (cherry picked from commit 0aabe44d9c454c265b2bfc1030d58bd8f9ca8c94) (cherry picked from commit b335a5314f251c570f991376a1500737d3e02bb8) --- tools/firmware/ovmf-makefile | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/tools/firmware/ovmf-makefile b/tools/firmware/ovmf-makefile index 55f9992145..637ee509c3 100644 --- a/tools/firmware/ovmf-makefile +++ b/tools/firmware/ovmf-makefile @@ -17,8 +17,14 @@ all: build .PHONY: build build: if test -e .git ; then $(GIT) submodule update --init --recursive ; fi - OvmfPkg/build.sh -a X64 -b $(TARGET) -n 4 - cp Build/OvmfX64/$(TARGET)_GCC*/FV/OVMF.fd ovmf.bin + set -ex; \ + if test -e OvmfPkg/OvmfXen.dsc; then \ + OvmfPkg/build.sh -a X64 -b $(TARGET) -n 4 -p OvmfPkg/OvmfXen.dsc; \ + cp Build/OvmfXen/$(TARGET)_GCC*/FV/OVMF.fd ovmf.bin; \ + else \ + OvmfPkg/build.sh -a X64 -b $(TARGET) -n 4; \ + cp Build/OvmfX64/$(TARGET)_GCC*/FV/OVMF.fd ovmf.bin; \ + fi .PHONY: clean clean: -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.12 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 12:55:10 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 12:55:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172196.314030 (Exim 4.92) (envelope-from ) id 1mIsQt-0005De-Dl; Wed, 25 Aug 2021 12:55:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172196.314030; Wed, 25 Aug 2021 12:55:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsQt-0005DV-Av; Wed, 25 Aug 2021 12:55:07 +0000 Received: by outflank-mailman (input) for mailman id 172196; Wed, 25 Aug 2021 12:55:06 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsQs-0005DM-1d for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:55:06 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsQr-0004Ve-W7 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:55:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIsQr-0006HM-V4 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:55:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=9mILHRCewzza7J1my42m/ZWdrEvGcMAkpS84aFDfpj0=; b=JPZat9EDIMqBFBnKc65Lxjirmc r1Sfvb0qx/E/cZUdX+vPV91vMpaPjJDuL8gnlBvXZ9LDjCvqyC164j0f2nwFereWMEf+VBzGIodEi VA1xLZMBvmy60E3PcIKabdyDrTCroQQC6CeERldAv3vXbqxdKoRjnJWwlE/nstksnwo8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86: work around build issue with GNU ld 2.37 Message-Id: Date: Wed, 25 Aug 2021 12:55:05 +0000 commit 1beb196decd86e6512f1e3cbcfd693dace99cc38 Author: Jan Beulich AuthorDate: Wed Aug 25 14:40:12 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:40:12 2021 +0200 x86: work around build issue with GNU ld 2.37 I suspect it is commit 40726f16a8d7 ("ld script expression parsing") which broke the hypervisor build, by no longer accepting section names with a dash in them inside ADDR() (and perhaps other script directives expecting just a section name, not an expression): .note.gnu.build-id is such a section. Quoting all section names passed to ADDR() via DECL_SECTION() works around the regression. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: 58ad654ebce7ccb272a3f4f3482c03aaad850d31 master date: 2021-07-27 15:03:29 +0100 --- xen/arch/x86/xen.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index 0273f79152..a02df18a25 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -18,7 +18,7 @@ ENTRY(efi_start) #else /* !EFI */ #define FORMAT "elf64-x86-64" -#define DECL_SECTION(x) x : AT(ADDR(x) - __XEN_VIRT_START) +#define DECL_SECTION(x) x : AT(ADDR(#x) - __XEN_VIRT_START) ENTRY(start_pa) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 12:55:17 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 12:55:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172197.314034 (Exim 4.92) (envelope-from ) id 1mIsR3-0005G1-FV; Wed, 25 Aug 2021 12:55:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172197.314034; Wed, 25 Aug 2021 12:55:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsR3-0005Ft-CQ; Wed, 25 Aug 2021 12:55:17 +0000 Received: by outflank-mailman (input) for mailman id 172197; Wed, 25 Aug 2021 12:55:16 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsR2-0005Fi-4M for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:55:16 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsR2-0004WG-3Z for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:55:16 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIsR2-0006IM-2S for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:55:16 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=oIF43M8bTzGnW9m5M1cBVSyVdMAOmlStzQNB5SuMPD0=; b=QZ3V7AvXODfhDT9Nr5F8f5EwCU Q8PN6u5NcozUn+fPRgAl5/hpP6ksschcMYFP6b94092ELQMdA8Fw6FhWfNsM8lxNRX6bYbidql1yQ 81nGSMEP4MIkhyqynsYPrkwzek529Ip9G+yaQ2o1i417qpw3r79ToAM2c4CbW2CIJP6M=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] AMD/IOMMU: correct global exclusion range extending Message-Id: Date: Wed, 25 Aug 2021 12:55:16 +0000 commit 92c8b9274db6b0c4e22ed0dff19b2611cf057921 Author: Jan Beulich AuthorDate: Wed Aug 25 14:41:15 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:41:15 2021 +0200 AMD/IOMMU: correct global exclusion range extending Besides unity mapping regions, the AMD IOMMU spec also provides for exclusion ranges (areas of memory not to be subject to DMA translation) to be specified by firmware in the ACPI tables. The spec does not put any constraints on the number of such regions. Blindly assuming all addresses between any two such ranges should also be excluded can't be right. Since hardware has room for just a single such range (comprised of the Exclusion Base Register and the Exclusion Range Limit Register), combine only adjacent or overlapping regions (for now; this may require further adjustment in case table entries aren't sorted by address) with matching exclusion_allow_all settings. This requires bubbling up error indicators, such that IOMMU init can be failed when concatenation wasn't possible. Furthermore, since the exclusion range specified in IOMMU registers implies R/W access, reject requests asking for less permissions (this will be brought closer to the spec by a subsequent change). This is part of XSA-378 / CVE-2021-28695. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: b02c5c88982411be11e3413159862f255f1f39dc master date: 2021-08-25 14:12:13 +0200 --- xen/drivers/passthrough/amd/iommu_acpi.c | 45 +++++++++++++++++++++----------- 1 file changed, 30 insertions(+), 15 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c b/xen/drivers/passthrough/amd/iommu_acpi.c index 1f6b004260..63fc22af01 100644 --- a/xen/drivers/passthrough/amd/iommu_acpi.c +++ b/xen/drivers/passthrough/amd/iommu_acpi.c @@ -116,12 +116,21 @@ static struct amd_iommu * __init find_iommu_from_bdf_cap( return NULL; } -static void __init reserve_iommu_exclusion_range( - struct amd_iommu *iommu, uint64_t base, uint64_t limit) +static int __init reserve_iommu_exclusion_range( + struct amd_iommu *iommu, uint64_t base, uint64_t limit, + bool all, bool iw, bool ir) { + if ( !ir || !iw ) + return -EPERM; + /* need to extend exclusion range? */ if ( iommu->exclusion_enable ) { + if ( iommu->exclusion_limit + PAGE_SIZE < base || + limit + PAGE_SIZE < iommu->exclusion_base || + iommu->exclusion_allow_all != all ) + return -EBUSY; + if ( iommu->exclusion_base < base ) base = iommu->exclusion_base; if ( iommu->exclusion_limit > limit ) @@ -129,16 +138,11 @@ static void __init reserve_iommu_exclusion_range( } iommu->exclusion_enable = IOMMU_CONTROL_ENABLED; + iommu->exclusion_allow_all = all; iommu->exclusion_base = base; iommu->exclusion_limit = limit; -} -static void __init reserve_iommu_exclusion_range_all( - struct amd_iommu *iommu, - unsigned long base, unsigned long limit) -{ - reserve_iommu_exclusion_range(iommu, base, limit); - iommu->exclusion_allow_all = IOMMU_CONTROL_ENABLED; + return 0; } static void __init reserve_unity_map_for_device( @@ -176,6 +180,7 @@ static int __init register_exclusion_range_for_all_devices( unsigned long range_top, iommu_top, length; struct amd_iommu *iommu; unsigned int bdf; + int rc = 0; /* is part of exclusion range inside of IOMMU virtual address space? */ /* note: 'limit' parameter is assumed to be page-aligned */ @@ -197,10 +202,15 @@ static int __init register_exclusion_range_for_all_devices( if ( limit >= iommu_top ) { for_each_amd_iommu( iommu ) - reserve_iommu_exclusion_range_all(iommu, base, limit); + { + rc = reserve_iommu_exclusion_range(iommu, base, limit, + true /* all */, iw, ir); + if ( rc ) + break; + } } - return 0; + return rc; } static int __init register_exclusion_range_for_device( @@ -211,6 +221,7 @@ static int __init register_exclusion_range_for_device( unsigned long range_top, iommu_top, length; struct amd_iommu *iommu; u16 req; + int rc = 0; iommu = find_iommu_for_device(seg, bdf); if ( !iommu ) @@ -240,12 +251,13 @@ static int __init register_exclusion_range_for_device( /* register IOMMU exclusion range settings for device */ if ( limit >= iommu_top ) { - reserve_iommu_exclusion_range(iommu, base, limit); + rc = reserve_iommu_exclusion_range(iommu, base, limit, + false /* all */, iw, ir); ivrs_mappings[bdf].dte_allow_exclusion = true; ivrs_mappings[req].dte_allow_exclusion = true; } - return 0; + return rc; } static int __init register_exclusion_range_for_iommu_devices( @@ -255,6 +267,7 @@ static int __init register_exclusion_range_for_iommu_devices( unsigned long range_top, iommu_top, length; unsigned int bdf; u16 req; + int rc = 0; /* is part of exclusion range inside of IOMMU virtual address space? */ /* note: 'limit' parameter is assumed to be page-aligned */ @@ -285,8 +298,10 @@ static int __init register_exclusion_range_for_iommu_devices( /* register IOMMU exclusion range settings */ if ( limit >= iommu_top ) - reserve_iommu_exclusion_range_all(iommu, base, limit); - return 0; + rc = reserve_iommu_exclusion_range(iommu, base, limit, + true /* all */, iw, ir); + + return rc; } static int __init parse_ivmd_device_select( -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 12:55:27 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 12:55:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172198.314040 (Exim 4.92) (envelope-from ) id 1mIsRD-0005Jw-IG; Wed, 25 Aug 2021 12:55:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172198.314040; Wed, 25 Aug 2021 12:55:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsRD-0005Jk-Du; Wed, 25 Aug 2021 12:55:27 +0000 Received: by outflank-mailman (input) for mailman id 172198; Wed, 25 Aug 2021 12:55:26 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsRC-0005JW-7w for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:55:26 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsRC-0004Wb-78 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:55:26 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIsRC-0006JL-6C for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:55:26 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=c76/ATiRAls/QX90eIbWicPnOYTjf+KUEb1HV0Y7AfI=; b=5Bt9qKuszu/upbQhu6QYLbjW8I C0QZup+YLssUtyS/ZEZsyI2+1oaeVZJS9C/ne+FwD9ccNaU5Y5J7RTYwEFPRXzks870P69TmqlA86 aaDNrxeIrSJKqdbtZZ1jUK9GykKd+NfmS3SfpLKTKds4kaJ28bpkWyAVqW+pzJdUG0Uw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] AMD/IOMMU: correct device unity map handling Message-Id: Date: Wed, 25 Aug 2021 12:55:26 +0000 commit 29a6cf118ce82afea292e23d8bbe329dc1e7bcb9 Author: Jan Beulich AuthorDate: Wed Aug 25 14:41:30 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:41:30 2021 +0200 AMD/IOMMU: correct device unity map handling Blindly assuming all addresses between any two such ranges, specified by firmware in the ACPI tables, should also be unity-mapped can't be right. Nor can it be correct to merge ranges with differing permissions. Track ranges individually; don't merge at all, but check for overlaps instead. This requires bubbling up error indicators, such that IOMMU init can be failed when allocation of a new tracking struct wasn't possible, or an overlap was detected. At this occasion also stop ignoring amd_iommu_reserve_domain_unity_map()'s return value. This is part of XSA-378 / CVE-2021-28695. Signed-off-by: Jan Beulich Reviewed-by: George Dunlap Reviewed-by: Paul Durrant master commit: 34750a3eb022462cdd1c36e8ef9049d3d73c824c master date: 2021-08-25 14:15:11 +0200 --- xen/drivers/passthrough/amd/iommu.h | 14 +++-- xen/drivers/passthrough/amd/iommu_acpi.c | 80 +++++++++++++++++------------ xen/drivers/passthrough/amd/pci_amd_iommu.c | 16 +++--- 3 files changed, 66 insertions(+), 44 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index ad089cb095..f0e3e5b1a4 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -107,20 +107,24 @@ struct amd_iommu { struct list_head ats_devices; }; +struct ivrs_unity_map { + bool read:1; + bool write:1; + paddr_t addr; + unsigned long length; + struct ivrs_unity_map *next; +}; + struct ivrs_mappings { uint16_t dte_requestor_id; bool valid:1; bool dte_allow_exclusion:1; - bool unity_map_enable:1; - bool write_permission:1; - bool read_permission:1; /* ivhd device data settings */ uint8_t device_flags; - unsigned long addr_range_start; - unsigned long addr_range_length; struct amd_iommu *iommu; + struct ivrs_unity_map *unity_map; /* per device interrupt remapping table */ void *intremap_table; diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c b/xen/drivers/passthrough/amd/iommu_acpi.c index 63fc22af01..f98a936ecd 100644 --- a/xen/drivers/passthrough/amd/iommu_acpi.c +++ b/xen/drivers/passthrough/amd/iommu_acpi.c @@ -145,32 +145,48 @@ static int __init reserve_iommu_exclusion_range( return 0; } -static void __init reserve_unity_map_for_device( - u16 seg, u16 bdf, unsigned long base, - unsigned long length, u8 iw, u8 ir) +static int __init reserve_unity_map_for_device( + uint16_t seg, uint16_t bdf, unsigned long base, + unsigned long length, bool iw, bool ir) { struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(seg); - unsigned long old_top, new_top; + struct ivrs_unity_map *unity_map = ivrs_mappings[bdf].unity_map; - /* need to extend unity-mapped range? */ - if ( ivrs_mappings[bdf].unity_map_enable ) + /* Check for overlaps. */ + for ( ; unity_map; unity_map = unity_map->next ) { - old_top = ivrs_mappings[bdf].addr_range_start + - ivrs_mappings[bdf].addr_range_length; - new_top = base + length; - if ( old_top > new_top ) - new_top = old_top; - if ( ivrs_mappings[bdf].addr_range_start < base ) - base = ivrs_mappings[bdf].addr_range_start; - length = new_top - base; + /* + * Exact matches are okay. This can in particular happen when + * register_exclusion_range_for_device() calls here twice for the + * same (s,b,d,f). + */ + if ( base == unity_map->addr && length == unity_map->length && + ir == unity_map->read && iw == unity_map->write ) + return 0; + + if ( unity_map->addr + unity_map->length > base && + base + length > unity_map->addr ) + { + AMD_IOMMU_DEBUG("IVMD Error: overlap [%lx,%lx) vs [%lx,%lx)\n", + base, base + length, unity_map->addr, + unity_map->addr + unity_map->length); + return -EPERM; + } } - /* extend r/w permissioms and keep aggregate */ - ivrs_mappings[bdf].write_permission = iw; - ivrs_mappings[bdf].read_permission = ir; - ivrs_mappings[bdf].unity_map_enable = true; - ivrs_mappings[bdf].addr_range_start = base; - ivrs_mappings[bdf].addr_range_length = length; + /* Populate and insert a new unity map. */ + unity_map = xmalloc(struct ivrs_unity_map); + if ( !unity_map ) + return -ENOMEM; + + unity_map->read = ir; + unity_map->write = iw; + unity_map->addr = base; + unity_map->length = length; + unity_map->next = ivrs_mappings[bdf].unity_map; + ivrs_mappings[bdf].unity_map = unity_map; + + return 0; } static int __init register_exclusion_range_for_all_devices( @@ -193,13 +209,13 @@ static int __init register_exclusion_range_for_all_devices( length = range_top - base; /* reserve r/w unity-mapped page entries for devices */ /* note: these entries are part of the exclusion range */ - for ( bdf = 0; bdf < ivrs_bdf_entries; bdf++ ) - reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); + for ( bdf = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) + rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); /* push 'base' just outside of virtual address space */ base = iommu_top; } /* register IOMMU exclusion range settings */ - if ( limit >= iommu_top ) + if ( !rc && limit >= iommu_top ) { for_each_amd_iommu( iommu ) { @@ -241,15 +257,15 @@ static int __init register_exclusion_range_for_device( length = range_top - base; /* reserve unity-mapped page entries for device */ /* note: these entries are part of the exclusion range */ - reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); - reserve_unity_map_for_device(seg, req, base, length, iw, ir); + rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir) ?: + reserve_unity_map_for_device(seg, req, base, length, iw, ir); /* push 'base' just outside of virtual address space */ base = iommu_top; } /* register IOMMU exclusion range settings for device */ - if ( limit >= iommu_top ) + if ( !rc && limit >= iommu_top ) { rc = reserve_iommu_exclusion_range(iommu, base, limit, false /* all */, iw, ir); @@ -280,15 +296,15 @@ static int __init register_exclusion_range_for_iommu_devices( length = range_top - base; /* reserve r/w unity-mapped page entries for devices */ /* note: these entries are part of the exclusion range */ - for ( bdf = 0; bdf < ivrs_bdf_entries; bdf++ ) + for ( bdf = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) { if ( iommu == find_iommu_for_device(iommu->seg, bdf) ) { - reserve_unity_map_for_device(iommu->seg, bdf, base, length, - iw, ir); req = get_ivrs_mappings(iommu->seg)[bdf].dte_requestor_id; - reserve_unity_map_for_device(iommu->seg, req, base, length, - iw, ir); + rc = reserve_unity_map_for_device(iommu->seg, bdf, base, length, + iw, ir) ?: + reserve_unity_map_for_device(iommu->seg, req, base, length, + iw, ir); } } @@ -297,7 +313,7 @@ static int __init register_exclusion_range_for_iommu_devices( } /* register IOMMU exclusion range settings */ - if ( limit >= iommu_top ) + if ( !rc && limit >= iommu_top ) rc = reserve_iommu_exclusion_range(iommu, base, limit, true /* all */, iw, ir); diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 085fe2f577..adcc23fc43 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -367,15 +367,17 @@ static int amd_iommu_assign_device(struct domain *d, u8 devfn, struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); int bdf = PCI_BDF2(pdev->bus, devfn); int req_id = get_dma_requestor_id(pdev->seg, bdf); + const struct ivrs_unity_map *unity_map; - if ( ivrs_mappings[req_id].unity_map_enable ) + for ( unity_map = ivrs_mappings[req_id].unity_map; unity_map; + unity_map = unity_map->next ) { - amd_iommu_reserve_domain_unity_map( - d, - ivrs_mappings[req_id].addr_range_start, - ivrs_mappings[req_id].addr_range_length, - ivrs_mappings[req_id].write_permission, - ivrs_mappings[req_id].read_permission); + int rc = amd_iommu_reserve_domain_unity_map( + d, unity_map->addr, unity_map->length, + unity_map->write, unity_map->read); + + if ( rc ) + return rc; } return reassign_device(pdev->domain, d, devfn, pdev); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 12:55:37 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 12:55:37 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172199.314041 (Exim 4.92) (envelope-from ) id 1mIsRN-0005Ne-KD; Wed, 25 Aug 2021 12:55:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172199.314041; Wed, 25 Aug 2021 12:55:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsRN-0005NW-H7; Wed, 25 Aug 2021 12:55:37 +0000 Received: by outflank-mailman (input) for mailman id 172199; Wed, 25 Aug 2021 12:55:36 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsRM-0005N7-Bj for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:55:36 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsRM-0004Wx-Av for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:55:36 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIsRM-0006KA-9w for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:55:36 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=7ayF7AwsQkF7kcgQWZ5gmSvgBcpQtbgt+BjoLjUqTPI=; b=WHBY32gMS7j+o/jD+D0klZf8hN i3ePJqUAokf5kUeSpPZMSKW4I8XF4ChkIAOvikC8WqKytdQpXHk8v2q2U0x2/P7FJOwSzaQ13LN9Y ODgjTPOepSHVfeXj1Ed/ldYl0j21LpXP+NPyjLHtVaQSsF1Huzo7H8K5dzEAKxQ3ofv0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] IOMMU: also pass p2m_access_t to p2m_get_iommu_flags() Message-Id: Date: Wed, 25 Aug 2021 12:55:36 +0000 commit 34d141e27eea77d0ec8f2d19789bba314d24144a Author: Jan Beulich AuthorDate: Wed Aug 25 14:41:44 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:41:44 2021 +0200 IOMMU: also pass p2m_access_t to p2m_get_iommu_flags() A subsequent change will want to customize the IOMMU permissions based on this. This is part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: d1bb6c97c31ef754fb29b29eb307c090414e8022 master date: 2021-08-25 14:15:32 +0200 --- xen/arch/x86/mm/p2m-ept.c | 6 +++--- xen/arch/x86/mm/p2m-pt.c | 19 ++++++++++++++++--- xen/include/asm-x86/p2m.h | 3 ++- 3 files changed, 21 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/mm/p2m-ept.c b/xen/arch/x86/mm/p2m-ept.c index 23d411f01d..eda2999210 100644 --- a/xen/arch/x86/mm/p2m-ept.c +++ b/xen/arch/x86/mm/p2m-ept.c @@ -681,7 +681,7 @@ ept_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, uint8_t ipat = 0; bool_t need_modify_vtd_table = 1; bool_t vtd_pte_present = 0; - unsigned int iommu_flags = p2m_get_iommu_flags(p2mt, mfn); + unsigned int iommu_flags = p2m_get_iommu_flags(p2mt, p2ma, mfn); bool_t needs_sync = 1; ept_entry_t old_entry = { .epte = 0 }; ept_entry_t new_entry = { .epte = 0 }; @@ -809,8 +809,8 @@ ept_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, /* Safe to read-then-write because we hold the p2m lock */ if ( ept_entry->mfn == new_entry.mfn && - p2m_get_iommu_flags(ept_entry->sa_p2mt, _mfn(ept_entry->mfn)) == - iommu_flags ) + p2m_get_iommu_flags(ept_entry->sa_p2mt, ept_entry->access, + _mfn(ept_entry->mfn)) == iommu_flags ) need_modify_vtd_table = 0; ept_p2m_type_to_flags(p2m, &new_entry); diff --git a/xen/arch/x86/mm/p2m-pt.c b/xen/arch/x86/mm/p2m-pt.c index f2afcf49a3..7d691e616d 100644 --- a/xen/arch/x86/mm/p2m-pt.c +++ b/xen/arch/x86/mm/p2m-pt.c @@ -545,6 +545,16 @@ int p2m_pt_handle_deferred_changes(uint64_t gpa) return rc; } +/* Reconstruct a fake p2m_access_t from stored PTE flags. */ +static p2m_access_t p2m_flags_to_access(unsigned int flags) +{ + if ( flags & _PAGE_PRESENT ) + return p2m_access_n; + + /* No need to look at _PAGE_NX for now. */ + return flags & _PAGE_RW ? p2m_access_rw : p2m_access_r; +} + /* Checks only applicable to entries with order > PAGE_ORDER_4K */ static void check_entry(mfn_t mfn, p2m_type_t new, p2m_type_t old, unsigned int order) @@ -579,7 +589,7 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, l2_pgentry_t l2e_content; l3_pgentry_t l3e_content; int rc; - unsigned int iommu_pte_flags = p2m_get_iommu_flags(p2mt, mfn); + unsigned int iommu_pte_flags = p2m_get_iommu_flags(p2mt, p2ma, mfn); /* * old_mfn and iommu_old_flags control possible flush/update needs on the * IOMMU: We need to flush when MFN or flags (i.e. permissions) change. @@ -642,6 +652,7 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, old_mfn = l1e_get_pfn(*p2m_entry); iommu_old_flags = p2m_get_iommu_flags(p2m_flags_to_type(flags), + p2m_flags_to_access(flags), _mfn(old_mfn)); } else @@ -684,9 +695,10 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, 0, L1_PAGETABLE_ENTRIES); ASSERT(p2m_entry); old_mfn = l1e_get_pfn(*p2m_entry); + flags = l1e_get_flags(*p2m_entry); iommu_old_flags = - p2m_get_iommu_flags(p2m_flags_to_type(l1e_get_flags(*p2m_entry)), - _mfn(old_mfn)); + p2m_get_iommu_flags(p2m_flags_to_type(flags), + p2m_flags_to_access(flags), _mfn(old_mfn)); if ( mfn_valid(mfn) || p2m_allows_invalid_mfn(p2mt) ) entry_content = p2m_l1e_from_pfn(mfn_x(mfn), @@ -714,6 +726,7 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, old_mfn = l1e_get_pfn(*p2m_entry); iommu_old_flags = p2m_get_iommu_flags(p2m_flags_to_type(flags), + p2m_flags_to_access(flags), _mfn(old_mfn)); } else diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index 3514f1e1a3..b3168f426b 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -915,7 +915,8 @@ static inline void p2m_altp2m_check(struct vcpu *v, uint16_t idx) {} /* * p2m type to IOMMU flags */ -static inline unsigned int p2m_get_iommu_flags(p2m_type_t p2mt, mfn_t mfn) +static inline unsigned int p2m_get_iommu_flags(p2m_type_t p2mt, + p2m_access_t p2ma, mfn_t mfn) { unsigned int flags; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 12:55:47 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 12:55:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172201.314045 (Exim 4.92) (envelope-from ) id 1mIsRX-0005RD-Lg; Wed, 25 Aug 2021 12:55:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172201.314045; Wed, 25 Aug 2021 12:55:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsRX-0005R6-Ic; Wed, 25 Aug 2021 12:55:47 +0000 Received: by outflank-mailman (input) for mailman id 172201; Wed, 25 Aug 2021 12:55:46 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsRW-0005Qr-Fd for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:55:46 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsRW-0004XM-Ep for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:55:46 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIsRW-0006LK-Dn for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:55:46 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=DgUIFuFyLHxGE2CDxZRIb7Ipo1srD3LRGWw/q55oVmM=; b=MSCdOmjSgif7xym9iq2TqSYod1 2gRgWyr7p196aX6LbWGI5OEQ9gP6x3BC/GeM4JGUmX5Sl3n558NpRiNmCYAdu4iBvOAfk9AJ7x8XX fWElculihNzglrjo4hEFjaKDKY4mOIEph4GA1eq8DiZ7NsFLhgYJ+Ny448kHZ7bDpubM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] IOMMU: generalize VT-d's tracking of mapped RMRR regions Message-Id: Date: Wed, 25 Aug 2021 12:55:46 +0000 commit 711aeb1106dafb7680093f32ea549fa5f333acf1 Author: Jan Beulich AuthorDate: Wed Aug 25 14:42:16 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:42:16 2021 +0200 IOMMU: generalize VT-d's tracking of mapped RMRR regions In order to re-use it elsewhere, move the logic to vendor independent code and strip it of RMRR specifics. Note that the prior "map" parameter gets folded into the new "p2ma" one (which AMD IOMMU code will want to make use of), assigning alternative meaning ("unmap") to p2m_access_x. Prepare set_identity_p2m_entry() and p2m_get_iommu_flags() for getting passed access types other than p2m_access_rw (in the latter case just for p2m_mmio_direct requests). Note also that, to be on the safe side, an overlap check gets added to the main loop of iommu_identity_mapping(). This is part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: c0e19d7c6c42f0bfccccd96b4f7b03b5515e10fc master date: 2021-08-25 14:15:57 +0200 --- xen/arch/x86/mm/p2m.c | 2 +- xen/drivers/passthrough/vtd/iommu.c | 99 +++++-------------------------------- xen/drivers/passthrough/x86/iommu.c | 94 +++++++++++++++++++++++++++++++++++ xen/include/asm-x86/iommu.h | 9 +++- xen/include/asm-x86/p2m.h | 35 +++++++++++-- 5 files changed, 148 insertions(+), 91 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 3840f167b0..d058e5b6ed 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -1365,7 +1365,7 @@ int set_identity_p2m_entry(struct domain *d, unsigned long gfn_l, return 0; return iommu_legacy_map(d, _dfn(gfn_l), _mfn(gfn_l), 1ul << PAGE_ORDER_4K, - IOMMUF_readable | IOMMUF_writable); + p2m_access_to_iommu_flags(p2ma)); } gfn_lock(p2m, gfn, 0); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 3fcd7208f0..3dac8ad79f 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -42,12 +42,6 @@ #include "vtd.h" #include "../ats.h" -struct mapped_rmrr { - struct list_head list; - u64 base, end; - unsigned int count; -}; - /* Possible unfiltered LAPIC/MSI messages from untrusted sources? */ bool __read_mostly untrusted_msi; @@ -1311,7 +1305,6 @@ static int intel_iommu_domain_init(struct domain *d) struct domain_iommu *hd = dom_iommu(d); hd->arch.vtd.agaw = width_to_agaw(DEFAULT_DOMAIN_ADDRESS_WIDTH); - INIT_LIST_HEAD(&hd->arch.vtd.mapped_rmrrs); return 0; } @@ -1788,17 +1781,12 @@ static void iommu_clear_root_pgtable(struct domain *d) static void iommu_domain_teardown(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); - struct mapped_rmrr *mrmrr, *tmp; const struct acpi_drhd_unit *drhd; if ( list_empty(&acpi_drhd_units) ) return; - list_for_each_entry_safe ( mrmrr, tmp, &hd->arch.vtd.mapped_rmrrs, list ) - { - list_del(&mrmrr->list); - xfree(mrmrr); - } + iommu_identity_map_teardown(d); ASSERT(!hd->arch.vtd.pgd_maddr); @@ -1946,74 +1934,6 @@ static int __init vtd_ept_page_compatible(struct vtd_iommu *iommu) (ept_has_1gb(ept_cap) && opt_hap_1gb) <= cap_sps_1gb(vtd_cap); } -static int rmrr_identity_mapping(struct domain *d, bool_t map, - const struct acpi_rmrr_unit *rmrr, - u32 flag) -{ - unsigned long base_pfn = rmrr->base_address >> PAGE_SHIFT_4K; - unsigned long end_pfn = PAGE_ALIGN_4K(rmrr->end_address) >> PAGE_SHIFT_4K; - struct mapped_rmrr *mrmrr; - struct domain_iommu *hd = dom_iommu(d); - - ASSERT(pcidevs_locked()); - ASSERT(rmrr->base_address < rmrr->end_address); - - /* - * No need to acquire hd->arch.mapping_lock: Both insertion and removal - * get done while holding pcidevs_lock. - */ - list_for_each_entry( mrmrr, &hd->arch.vtd.mapped_rmrrs, list ) - { - if ( mrmrr->base == rmrr->base_address && - mrmrr->end == rmrr->end_address ) - { - int ret = 0; - - if ( map ) - { - ++mrmrr->count; - return 0; - } - - if ( --mrmrr->count ) - return 0; - - while ( base_pfn < end_pfn ) - { - if ( clear_identity_p2m_entry(d, base_pfn) ) - ret = -ENXIO; - base_pfn++; - } - - list_del(&mrmrr->list); - xfree(mrmrr); - return ret; - } - } - - if ( !map ) - return -ENOENT; - - while ( base_pfn < end_pfn ) - { - int err = set_identity_p2m_entry(d, base_pfn, p2m_access_rw, flag); - - if ( err ) - return err; - base_pfn++; - } - - mrmrr = xmalloc(struct mapped_rmrr); - if ( !mrmrr ) - return -ENOMEM; - mrmrr->base = rmrr->base_address; - mrmrr->end = rmrr->end_address; - mrmrr->count = 1; - list_add_tail(&mrmrr->list, &hd->arch.vtd.mapped_rmrrs); - - return 0; -} - static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) { struct acpi_rmrr_unit *rmrr; @@ -2045,7 +1965,9 @@ static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) * Since RMRRs are always reserved in the e820 map for the hardware * domain, there shouldn't be a conflict. */ - ret = rmrr_identity_mapping(pdev->domain, 1, rmrr, 0); + ret = iommu_identity_mapping(pdev->domain, p2m_access_rw, + rmrr->base_address, rmrr->end_address, + 0); if ( ret ) dprintk(XENLOG_ERR VTDPREFIX, "d%d: RMRR mapping failed\n", pdev->domain->domain_id); @@ -2090,7 +2012,8 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) * Any flag is nothing to clear these mappings but here * its always safe and strict to set 0. */ - rmrr_identity_mapping(pdev->domain, 0, rmrr, 0); + iommu_identity_mapping(pdev->domain, p2m_access_x, rmrr->base_address, + rmrr->end_address, 0); } return domain_context_unmap(pdev->domain, devfn, pdev); @@ -2289,7 +2212,8 @@ static void __hwdom_init setup_hwdom_rmrr(struct domain *d) * domain, there shouldn't be a conflict. So its always safe and * strict to set 0. */ - ret = rmrr_identity_mapping(d, 1, rmrr, 0); + ret = iommu_identity_mapping(d, p2m_access_rw, rmrr->base_address, + rmrr->end_address, 0); if ( ret ) dprintk(XENLOG_ERR VTDPREFIX, "IOMMU: mapping reserved region failed\n"); @@ -2460,7 +2384,9 @@ static int reassign_device_ownership( * Any RMRR flag is always ignored when remove a device, * but its always safe and strict to set 0. */ - ret = rmrr_identity_mapping(source, 0, rmrr, 0); + ret = iommu_identity_mapping(source, p2m_access_x, + rmrr->base_address, + rmrr->end_address, 0); if ( ret != -ENOENT ) return ret; } @@ -2556,7 +2482,8 @@ static int intel_iommu_assign_device( PCI_BUS(bdf) == bus && PCI_DEVFN2(bdf) == devfn ) { - ret = rmrr_identity_mapping(d, 1, rmrr, flag); + ret = iommu_identity_mapping(d, p2m_access_rw, rmrr->base_address, + rmrr->end_address, flag); if ( ret ) { int rc; diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index b90bb31bfe..21c14fab66 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -143,6 +143,7 @@ int arch_iommu_domain_init(struct domain *d) INIT_PAGE_LIST_HEAD(&hd->arch.pgtables.list); spin_lock_init(&hd->arch.pgtables.lock); + INIT_LIST_HEAD(&hd->arch.identity_maps); return 0; } @@ -158,6 +159,99 @@ void arch_iommu_domain_destroy(struct domain *d) page_list_empty(&dom_iommu(d)->arch.pgtables.list)); } +struct identity_map { + struct list_head list; + paddr_t base, end; + p2m_access_t access; + unsigned int count; +}; + +int iommu_identity_mapping(struct domain *d, p2m_access_t p2ma, + paddr_t base, paddr_t end, + unsigned int flag) +{ + unsigned long base_pfn = base >> PAGE_SHIFT_4K; + unsigned long end_pfn = PAGE_ALIGN_4K(end) >> PAGE_SHIFT_4K; + struct identity_map *map; + struct domain_iommu *hd = dom_iommu(d); + + ASSERT(pcidevs_locked()); + ASSERT(base < end); + + /* + * No need to acquire hd->arch.mapping_lock: Both insertion and removal + * get done while holding pcidevs_lock. + */ + list_for_each_entry( map, &hd->arch.identity_maps, list ) + { + if ( map->base == base && map->end == end ) + { + int ret = 0; + + if ( p2ma != p2m_access_x ) + { + if ( map->access != p2ma ) + return -EADDRINUSE; + ++map->count; + return 0; + } + + if ( --map->count ) + return 0; + + while ( base_pfn < end_pfn ) + { + if ( clear_identity_p2m_entry(d, base_pfn) ) + ret = -ENXIO; + base_pfn++; + } + + list_del(&map->list); + xfree(map); + + return ret; + } + + if ( end >= map->base && map->end >= base ) + return -EADDRINUSE; + } + + if ( p2ma == p2m_access_x ) + return -ENOENT; + + while ( base_pfn < end_pfn ) + { + int err = set_identity_p2m_entry(d, base_pfn, p2ma, flag); + + if ( err ) + return err; + base_pfn++; + } + + map = xmalloc(struct identity_map); + if ( !map ) + return -ENOMEM; + map->base = base; + map->end = end; + map->access = p2ma; + map->count = 1; + list_add_tail(&map->list, &hd->arch.identity_maps); + + return 0; +} + +void iommu_identity_map_teardown(struct domain *d) +{ + struct domain_iommu *hd = dom_iommu(d); + struct identity_map *map, *tmp; + + list_for_each_entry_safe ( map, tmp, &hd->arch.identity_maps, list ) + { + list_del(&map->list); + xfree(map); + } +} + static bool __hwdom_init hwdom_iommu_map(const struct domain *d, unsigned long pfn, unsigned long max_pfn) diff --git a/xen/include/asm-x86/iommu.h b/xen/include/asm-x86/iommu.h index 970eb06ffa..33f11f33de 100644 --- a/xen/include/asm-x86/iommu.h +++ b/xen/include/asm-x86/iommu.h @@ -16,6 +16,7 @@ #include #include +#include #include #include #include @@ -51,13 +52,14 @@ struct arch_iommu spinlock_t lock; } pgtables; + struct list_head identity_maps; + union { /* Intel VT-d */ struct { uint64_t pgd_maddr; /* io page directory machine address */ unsigned int agaw; /* adjusted guest address width, 0 is level 2 30-bit */ uint64_t iommu_bitmap; /* bitmap of iommu(s) that the domain uses */ - struct list_head mapped_rmrrs; } vtd; /* AMD IOMMU */ struct { @@ -123,6 +125,11 @@ static inline void iommu_disable_x2apic(void) iommu_ops.disable_x2apic(); } +int iommu_identity_mapping(struct domain *d, p2m_access_t p2ma, + paddr_t base, paddr_t end, + unsigned int flag); +void iommu_identity_map_teardown(struct domain *d); + extern bool untrusted_msi; int pi_update_irte(const struct pi_desc *pi_desc, const struct pirq *pirq, diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index b3168f426b..6a7bb40fdb 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -912,6 +912,34 @@ struct p2m_domain *p2m_get_altp2m(struct vcpu *v); static inline void p2m_altp2m_check(struct vcpu *v, uint16_t idx) {} #endif +/* p2m access to IOMMU flags */ +static inline unsigned int p2m_access_to_iommu_flags(p2m_access_t p2ma) +{ + switch ( p2ma ) + { + case p2m_access_rw: + case p2m_access_rwx: + return IOMMUF_readable | IOMMUF_writable; + + case p2m_access_r: + case p2m_access_rx: + case p2m_access_rx2rw: + return IOMMUF_readable; + + case p2m_access_w: + case p2m_access_wx: + return IOMMUF_writable; + + case p2m_access_n: + case p2m_access_x: + case p2m_access_n2rwx: + return 0; + } + + ASSERT_UNREACHABLE(); + return 0; +} + /* * p2m type to IOMMU flags */ @@ -933,9 +961,10 @@ static inline unsigned int p2m_get_iommu_flags(p2m_type_t p2mt, flags = IOMMUF_readable; break; case p2m_mmio_direct: - flags = IOMMUF_readable; - if ( !rangeset_contains_singleton(mmio_ro_ranges, mfn_x(mfn)) ) - flags |= IOMMUF_writable; + flags = p2m_access_to_iommu_flags(p2ma); + if ( (flags & IOMMUF_writable) && + rangeset_contains_singleton(mmio_ro_ranges, mfn_x(mfn)) ) + flags &= ~IOMMUF_writable; break; default: flags = 0; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 12:55:58 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 12:55:58 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172202.314049 (Exim 4.92) (envelope-from ) id 1mIsRi-0005V1-Nt; Wed, 25 Aug 2021 12:55:58 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172202.314049; Wed, 25 Aug 2021 12:55:58 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsRi-0005Ut-KV; Wed, 25 Aug 2021 12:55:58 +0000 Received: by outflank-mailman (input) for mailman id 172202; Wed, 25 Aug 2021 12:55:56 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsRg-0005UQ-Ta for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:55:56 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsRg-0004Xh-Ii for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:55:56 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIsRg-0006Mc-HK for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:55:56 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=wuiYoO81Juwt3wT4BGN8OIgXmUUq6LP+xkD9LOaII7w=; b=GDR6QSjzHI/BNpYlRZfMvMkf12 P3Yg5FKkyuEJpeHoa7eBqqL288KUxRcrXOTUUHB70lLV52TeP+YFfKsAQyeksDaPVH1Hk0wGcYfMH aUN4SJnrYzNvukjrr2Dp7NBHWXK6FjwgqRmjajl6/FvJMDSsTMV/mrp6Ts/OjciZjT1I=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] AMD/IOMMU: re-arrange/complete re-assignment handling Message-Id: Date: Wed, 25 Aug 2021 12:55:56 +0000 commit d39756f0539cfe85742687e8134fdf1181139390 Author: Jan Beulich AuthorDate: Wed Aug 25 14:42:54 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:42:54 2021 +0200 AMD/IOMMU: re-arrange/complete re-assignment handling Prior to the assignment step having completed successfully, devices should not get associated with their new owner. Hand the device to DomIO (perhaps temporarily), until after the de-assignment step has completed. De-assignment of a device (from other than Dom0) as well as failure of reassign_device() during assignment should result in unity mappings getting torn down. This in turn requires switching to a refcounted mapping approach, as was already used by VT-d for its RMRRs, to prevent unmapping a region used by multiple devices. This is CVE-2021-28696 / part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: 899272539cbe1acda736a850015416fff653a1b6 master date: 2021-08-25 14:16:26 +0200 --- xen/drivers/passthrough/amd/iommu.h | 6 ++- xen/drivers/passthrough/amd/iommu_map.c | 63 +++++++++++++++++------------ xen/drivers/passthrough/amd/pci_amd_iommu.c | 54 +++++++++++++++++++------ 3 files changed, 83 insertions(+), 40 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index f0e3e5b1a4..b2852594ec 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -232,8 +232,10 @@ int __must_check amd_iommu_unmap_page(struct domain *d, dfn_t dfn, unsigned int *flush_flags); int __must_check amd_iommu_alloc_root(struct domain *d); int amd_iommu_reserve_domain_unity_map(struct domain *domain, - paddr_t phys_addr, unsigned long size, - int iw, int ir); + const struct ivrs_unity_map *map, + unsigned int flag); +int amd_iommu_reserve_domain_unity_unmap(struct domain *d, + const struct ivrs_unity_map *map); int __must_check amd_iommu_flush_iotlb_pages(struct domain *d, dfn_t dfn, unsigned long page_count, unsigned int flush_flags); diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 560af54b76..2e7916b1e6 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -419,38 +419,49 @@ int amd_iommu_flush_iotlb_all(struct domain *d) return 0; } -int amd_iommu_reserve_domain_unity_map(struct domain *domain, - paddr_t phys_addr, - unsigned long size, int iw, int ir) +int amd_iommu_reserve_domain_unity_map(struct domain *d, + const struct ivrs_unity_map *map, + unsigned int flag) { - unsigned long npages, i; - unsigned long gfn; - unsigned int flags = !!ir; - unsigned int flush_flags = 0; - int rt = 0; - - if ( iw ) - flags |= IOMMUF_writable; - - npages = region_to_pages(phys_addr, size); - gfn = phys_addr >> PAGE_SHIFT; - for ( i = 0; i < npages; i++ ) + int rc; + + if ( d == dom_io ) + return 0; + + for ( rc = 0; !rc && map; map = map->next ) { - unsigned long frame = gfn + i; + p2m_access_t p2ma = p2m_access_n; - rt = amd_iommu_map_page(domain, _dfn(frame), _mfn(frame), flags, - &flush_flags); - if ( rt != 0 ) - break; + if ( map->read ) + p2ma |= p2m_access_r; + if ( map->write ) + p2ma |= p2m_access_w; + + rc = iommu_identity_mapping(d, p2ma, map->addr, + map->addr + map->length - 1, flag); } - /* Use while-break to avoid compiler warning */ - while ( flush_flags && - amd_iommu_flush_iotlb_pages(domain, _dfn(gfn), - npages, flush_flags) ) - break; + return rc; +} + +int amd_iommu_reserve_domain_unity_unmap(struct domain *d, + const struct ivrs_unity_map *map) +{ + int rc; + + if ( d == dom_io ) + return 0; + + for ( rc = 0; map; map = map->next ) + { + int ret = iommu_identity_mapping(d, p2m_access_x, map->addr, + map->addr + map->length - 1, 0); + + if ( ret && ret != -ENOENT && !rc ) + rc = ret; + } - return rt; + return rc; } int __init amd_iommu_quarantine_init(struct domain *d) diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index adcc23fc43..7c3966ef52 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -329,6 +329,7 @@ static int reassign_device(struct domain *source, struct domain *target, { struct amd_iommu *iommu; int bdf, rc; + const struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); bdf = PCI_BDF2(pdev->bus, pdev->devfn); iommu = find_iommu_for_device(pdev->seg, bdf); @@ -343,10 +344,24 @@ static int reassign_device(struct domain *source, struct domain *target, amd_iommu_disable_domain_device(source, iommu, devfn, pdev); - if ( devfn == pdev->devfn ) + /* + * If the device belongs to the hardware domain, and it has a unity mapping, + * don't remove it from the hardware domain, because BIOS may reference that + * mapping. + */ + if ( !is_hardware_domain(source) ) { - list_move(&pdev->domain_list, &target->pdev_list); - pdev->domain = target; + rc = amd_iommu_reserve_domain_unity_unmap( + source, + ivrs_mappings[get_dma_requestor_id(pdev->seg, bdf)].unity_map); + if ( rc ) + return rc; + } + + if ( devfn == pdev->devfn && pdev->domain != dom_io ) + { + list_move(&pdev->domain_list, &dom_io->pdev_list); + pdev->domain = dom_io; } rc = allocate_domain_resources(target); @@ -357,6 +372,12 @@ static int reassign_device(struct domain *source, struct domain *target, AMD_IOMMU_DEBUG("Re-assign %pp from dom%d to dom%d\n", &pdev->sbdf, source->domain_id, target->domain_id); + if ( devfn == pdev->devfn && pdev->domain != target ) + { + list_move(&pdev->domain_list, &target->pdev_list); + pdev->domain = target; + } + return 0; } @@ -367,20 +388,28 @@ static int amd_iommu_assign_device(struct domain *d, u8 devfn, struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); int bdf = PCI_BDF2(pdev->bus, devfn); int req_id = get_dma_requestor_id(pdev->seg, bdf); - const struct ivrs_unity_map *unity_map; + int rc = amd_iommu_reserve_domain_unity_map( + d, ivrs_mappings[req_id].unity_map, flag); + + if ( !rc ) + rc = reassign_device(pdev->domain, d, devfn, pdev); - for ( unity_map = ivrs_mappings[req_id].unity_map; unity_map; - unity_map = unity_map->next ) + if ( rc && !is_hardware_domain(d) ) { - int rc = amd_iommu_reserve_domain_unity_map( - d, unity_map->addr, unity_map->length, - unity_map->write, unity_map->read); + int ret = amd_iommu_reserve_domain_unity_unmap( + d, ivrs_mappings[req_id].unity_map); - if ( rc ) - return rc; + if ( ret ) + { + printk(XENLOG_ERR "AMD-Vi: " + "unity-unmap for %pd/%04x:%02x:%02x.%u failed (%d)\n", + d, pdev->seg, pdev->bus, + PCI_SLOT(devfn), PCI_FUNC(devfn), ret); + domain_crash(d); + } } - return reassign_device(pdev->domain, d, devfn, pdev); + return rc; } static void amd_iommu_clear_root_pgtable(struct domain *d) @@ -394,6 +423,7 @@ static void amd_iommu_clear_root_pgtable(struct domain *d) static void amd_iommu_domain_destroy(struct domain *d) { + iommu_identity_map_teardown(d); ASSERT(!dom_iommu(d)->arch.amd.root_table); } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 12:56:07 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 12:56:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172203.314054 (Exim 4.92) (envelope-from ) id 1mIsRr-0005ZA-QP; Wed, 25 Aug 2021 12:56:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172203.314054; Wed, 25 Aug 2021 12:56:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsRr-0005Z2-NR; Wed, 25 Aug 2021 12:56:07 +0000 Received: by outflank-mailman (input) for mailman id 172203; Wed, 25 Aug 2021 12:56:06 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsRq-0005Ys-ND for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:56:06 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsRq-0004Yb-MR for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:56:06 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIsRq-0006OR-LZ for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:56:06 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=y253r8LhCuIfcGscyzrzZEcCSwR7r9lPEPv6GElSQ0s=; b=YOo/sqISICyZumsohPCumbDsaO ELa3DvYtI04ScDr4SYfeKTCxOwtVmlN2xGFL5BzCbctiEy9dwRgO3+sa56YbBMVzPu6E7Ofec+7hA Wqma0n/bs7PIYaBU5BZpIPfMGybrKqgNdnFxzVJZNteGepvEkwkMlWLMcadEegC0i744=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] AMD/IOMMU: re-arrange exclusion range and unity map recording Message-Id: Date: Wed, 25 Aug 2021 12:56:06 +0000 commit 27bc41d712fe546be7bcccfa324005b67f167137 Author: Jan Beulich AuthorDate: Wed Aug 25 14:43:09 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:43:09 2021 +0200 AMD/IOMMU: re-arrange exclusion range and unity map recording The spec makes no provisions for OS behavior here to depend on the amount of RAM found on the system. While the spec may not sufficiently clearly distinguish both kinds of regions, they are surely meant to be separate things: Only regions with ACPI_IVMD_EXCLUSION_RANGE set should be candidates for putting in the exclusion range registers. (As there's only a single such pair of registers per IOMMU, secondary non-adjacent regions with the flag set already get converted to unity mapped regions.) First of all, drop the dependency on max_page. With commit b4f042236ae0 ("AMD/IOMMU: Cease using a dynamic height for the IOMMU pagetables") the use of it here was stale anyway; it was bogus already before, as it didn't account for max_page getting increased later on. Simply try an exclusion range registration first, and if it fails (for being unsuitable or non-mergeable), register a unity mapping range. With this various local variables become unnecessary and hence get dropped at the same time. With the max_page boundary dropped for using unity maps, the minimum page table tree height now needs both recording and enforcing in amd_iommu_domain_init(). Since we can't predict which devices may get assigned to a domain, our only option is to uniformly force at least that height for all domains, now that the height isn't dynamic anymore. Further don't make use of the exclusion range unless ACPI data says so. Note that exclusion range registration in register_range_for_all_devices() is on a best effort basis. Hence unity map entries also registered are redundant when the former succeeded, but they also do no harm. Improvements in this area can be done later imo. Also adjust types where suitable without touching extra lines. This is part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: 8ea80530cd0dbb8ffa7ac92606a3ee29663fdc93 master date: 2021-08-25 14:16:46 +0200 --- xen/drivers/passthrough/amd/iommu.h | 2 + xen/drivers/passthrough/amd/iommu_acpi.c | 184 ++++++++++++---------------- xen/drivers/passthrough/amd/pci_amd_iommu.c | 12 +- 3 files changed, 90 insertions(+), 108 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index b2852594ec..61374b6de4 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -304,6 +304,8 @@ extern struct hpet_sbdf { } init; } hpet_sbdf; +extern int amd_iommu_min_paging_mode; + extern void *shared_intremap_table; extern unsigned long *shared_intremap_inuse; diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c b/xen/drivers/passthrough/amd/iommu_acpi.c index f98a936ecd..2fdebd2d74 100644 --- a/xen/drivers/passthrough/amd/iommu_acpi.c +++ b/xen/drivers/passthrough/amd/iommu_acpi.c @@ -117,12 +117,8 @@ static struct amd_iommu * __init find_iommu_from_bdf_cap( } static int __init reserve_iommu_exclusion_range( - struct amd_iommu *iommu, uint64_t base, uint64_t limit, - bool all, bool iw, bool ir) + struct amd_iommu *iommu, paddr_t base, paddr_t limit, bool all) { - if ( !ir || !iw ) - return -EPERM; - /* need to extend exclusion range? */ if ( iommu->exclusion_enable ) { @@ -151,14 +147,18 @@ static int __init reserve_unity_map_for_device( { struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(seg); struct ivrs_unity_map *unity_map = ivrs_mappings[bdf].unity_map; + int paging_mode = amd_iommu_get_paging_mode(PFN_UP(base + length)); + + if ( paging_mode < 0 ) + return paging_mode; /* Check for overlaps. */ for ( ; unity_map; unity_map = unity_map->next ) { /* * Exact matches are okay. This can in particular happen when - * register_exclusion_range_for_device() calls here twice for the - * same (s,b,d,f). + * register_range_for_device() calls here twice for the same + * (s,b,d,f). */ if ( base == unity_map->addr && length == unity_map->length && ir == unity_map->read && iw == unity_map->write ) @@ -186,55 +186,52 @@ static int __init reserve_unity_map_for_device( unity_map->next = ivrs_mappings[bdf].unity_map; ivrs_mappings[bdf].unity_map = unity_map; + if ( paging_mode > amd_iommu_min_paging_mode ) + amd_iommu_min_paging_mode = paging_mode; + return 0; } -static int __init register_exclusion_range_for_all_devices( - unsigned long base, unsigned long limit, u8 iw, u8 ir) +static int __init register_range_for_all_devices( + paddr_t base, paddr_t limit, bool iw, bool ir, bool exclusion) { int seg = 0; /* XXX */ - unsigned long range_top, iommu_top, length; struct amd_iommu *iommu; - unsigned int bdf; int rc = 0; /* is part of exclusion range inside of IOMMU virtual address space? */ /* note: 'limit' parameter is assumed to be page-aligned */ - range_top = limit + PAGE_SIZE; - iommu_top = max_page * PAGE_SIZE; - if ( base < iommu_top ) - { - if ( range_top > iommu_top ) - range_top = iommu_top; - length = range_top - base; - /* reserve r/w unity-mapped page entries for devices */ - /* note: these entries are part of the exclusion range */ - for ( bdf = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) - rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); - /* push 'base' just outside of virtual address space */ - base = iommu_top; - } - /* register IOMMU exclusion range settings */ - if ( !rc && limit >= iommu_top ) + if ( exclusion ) { for_each_amd_iommu( iommu ) { - rc = reserve_iommu_exclusion_range(iommu, base, limit, - true /* all */, iw, ir); - if ( rc ) - break; + int ret = reserve_iommu_exclusion_range(iommu, base, limit, + true /* all */); + + if ( ret && !rc ) + rc = ret; } } + if ( !exclusion || rc ) + { + paddr_t length = limit + PAGE_SIZE - base; + unsigned int bdf; + + /* reserve r/w unity-mapped page entries for devices */ + for ( bdf = rc = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) + rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); + } + return rc; } -static int __init register_exclusion_range_for_device( - u16 bdf, unsigned long base, unsigned long limit, u8 iw, u8 ir) +static int __init register_range_for_device( + unsigned int bdf, paddr_t base, paddr_t limit, + bool iw, bool ir, bool exclusion) { int seg = 0; /* XXX */ struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(seg); - unsigned long range_top, iommu_top, length; struct amd_iommu *iommu; u16 req; int rc = 0; @@ -248,27 +245,19 @@ static int __init register_exclusion_range_for_device( req = ivrs_mappings[bdf].dte_requestor_id; /* note: 'limit' parameter is assumed to be page-aligned */ - range_top = limit + PAGE_SIZE; - iommu_top = max_page * PAGE_SIZE; - if ( base < iommu_top ) + if ( exclusion ) + rc = reserve_iommu_exclusion_range(iommu, base, limit, + false /* all */); + if ( !exclusion || rc ) { - if ( range_top > iommu_top ) - range_top = iommu_top; - length = range_top - base; + paddr_t length = limit + PAGE_SIZE - base; + /* reserve unity-mapped page entries for device */ - /* note: these entries are part of the exclusion range */ rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir) ?: reserve_unity_map_for_device(seg, req, base, length, iw, ir); - - /* push 'base' just outside of virtual address space */ - base = iommu_top; } - - /* register IOMMU exclusion range settings for device */ - if ( !rc && limit >= iommu_top ) + else { - rc = reserve_iommu_exclusion_range(iommu, base, limit, - false /* all */, iw, ir); ivrs_mappings[bdf].dte_allow_exclusion = true; ivrs_mappings[req].dte_allow_exclusion = true; } @@ -276,53 +265,42 @@ static int __init register_exclusion_range_for_device( return rc; } -static int __init register_exclusion_range_for_iommu_devices( - struct amd_iommu *iommu, - unsigned long base, unsigned long limit, u8 iw, u8 ir) +static int __init register_range_for_iommu_devices( + struct amd_iommu *iommu, paddr_t base, paddr_t limit, + bool iw, bool ir, bool exclusion) { - unsigned long range_top, iommu_top, length; + /* note: 'limit' parameter is assumed to be page-aligned */ + paddr_t length = limit + PAGE_SIZE - base; unsigned int bdf; u16 req; - int rc = 0; + int rc; - /* is part of exclusion range inside of IOMMU virtual address space? */ - /* note: 'limit' parameter is assumed to be page-aligned */ - range_top = limit + PAGE_SIZE; - iommu_top = max_page * PAGE_SIZE; - if ( base < iommu_top ) + if ( exclusion ) { - if ( range_top > iommu_top ) - range_top = iommu_top; - length = range_top - base; - /* reserve r/w unity-mapped page entries for devices */ - /* note: these entries are part of the exclusion range */ - for ( bdf = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) - { - if ( iommu == find_iommu_for_device(iommu->seg, bdf) ) - { - req = get_ivrs_mappings(iommu->seg)[bdf].dte_requestor_id; - rc = reserve_unity_map_for_device(iommu->seg, bdf, base, length, - iw, ir) ?: - reserve_unity_map_for_device(iommu->seg, req, base, length, - iw, ir); - } - } - - /* push 'base' just outside of virtual address space */ - base = iommu_top; + rc = reserve_iommu_exclusion_range(iommu, base, limit, true /* all */); + if ( !rc ) + return 0; } - /* register IOMMU exclusion range settings */ - if ( !rc && limit >= iommu_top ) - rc = reserve_iommu_exclusion_range(iommu, base, limit, - true /* all */, iw, ir); + /* reserve unity-mapped page entries for devices */ + for ( bdf = rc = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) + { + if ( iommu != find_iommu_for_device(iommu->seg, bdf) ) + continue; + + req = get_ivrs_mappings(iommu->seg)[bdf].dte_requestor_id; + rc = reserve_unity_map_for_device(iommu->seg, bdf, base, length, + iw, ir) ?: + reserve_unity_map_for_device(iommu->seg, req, base, length, + iw, ir); + } return rc; } static int __init parse_ivmd_device_select( const struct acpi_ivrs_memory *ivmd_block, - unsigned long base, unsigned long limit, u8 iw, u8 ir) + paddr_t base, paddr_t limit, bool iw, bool ir, bool exclusion) { u16 bdf; @@ -333,12 +311,12 @@ static int __init parse_ivmd_device_select( return -ENODEV; } - return register_exclusion_range_for_device(bdf, base, limit, iw, ir); + return register_range_for_device(bdf, base, limit, iw, ir, exclusion); } static int __init parse_ivmd_device_range( const struct acpi_ivrs_memory *ivmd_block, - unsigned long base, unsigned long limit, u8 iw, u8 ir) + paddr_t base, paddr_t limit, bool iw, bool ir, bool exclusion) { unsigned int first_bdf, last_bdf, bdf; int error; @@ -360,15 +338,15 @@ static int __init parse_ivmd_device_range( } for ( bdf = first_bdf, error = 0; (bdf <= last_bdf) && !error; bdf++ ) - error = register_exclusion_range_for_device( - bdf, base, limit, iw, ir); + error = register_range_for_device( + bdf, base, limit, iw, ir, exclusion); return error; } static int __init parse_ivmd_device_iommu( const struct acpi_ivrs_memory *ivmd_block, - unsigned long base, unsigned long limit, u8 iw, u8 ir) + paddr_t base, paddr_t limit, bool iw, bool ir, bool exclusion) { int seg = 0; /* XXX */ struct amd_iommu *iommu; @@ -383,14 +361,14 @@ static int __init parse_ivmd_device_iommu( return -ENODEV; } - return register_exclusion_range_for_iommu_devices( - iommu, base, limit, iw, ir); + return register_range_for_iommu_devices( + iommu, base, limit, iw, ir, exclusion); } static int __init parse_ivmd_block(const struct acpi_ivrs_memory *ivmd_block) { unsigned long start_addr, mem_length, base, limit; - u8 iw, ir; + bool iw = true, ir = true, exclusion = false; if ( ivmd_block->header.length < sizeof(*ivmd_block) ) { @@ -407,13 +385,11 @@ static int __init parse_ivmd_block(const struct acpi_ivrs_memory *ivmd_block) ivmd_block->header.type, start_addr, mem_length); if ( ivmd_block->header.flags & ACPI_IVMD_EXCLUSION_RANGE ) - iw = ir = IOMMU_CONTROL_ENABLED; + exclusion = true; else if ( ivmd_block->header.flags & ACPI_IVMD_UNITY ) { - iw = ivmd_block->header.flags & ACPI_IVMD_READ ? - IOMMU_CONTROL_ENABLED : IOMMU_CONTROL_DISABLED; - ir = ivmd_block->header.flags & ACPI_IVMD_WRITE ? - IOMMU_CONTROL_ENABLED : IOMMU_CONTROL_DISABLED; + iw = ivmd_block->header.flags & ACPI_IVMD_READ; + ir = ivmd_block->header.flags & ACPI_IVMD_WRITE; } else { @@ -424,20 +400,20 @@ static int __init parse_ivmd_block(const struct acpi_ivrs_memory *ivmd_block) switch( ivmd_block->header.type ) { case ACPI_IVRS_TYPE_MEMORY_ALL: - return register_exclusion_range_for_all_devices( - base, limit, iw, ir); + return register_range_for_all_devices( + base, limit, iw, ir, exclusion); case ACPI_IVRS_TYPE_MEMORY_ONE: - return parse_ivmd_device_select(ivmd_block, - base, limit, iw, ir); + return parse_ivmd_device_select(ivmd_block, base, limit, + iw, ir, exclusion); case ACPI_IVRS_TYPE_MEMORY_RANGE: - return parse_ivmd_device_range(ivmd_block, - base, limit, iw, ir); + return parse_ivmd_device_range(ivmd_block, base, limit, + iw, ir, exclusion); case ACPI_IVRS_TYPE_MEMORY_IOMMU: - return parse_ivmd_device_iommu(ivmd_block, - base, limit, iw, ir); + return parse_ivmd_device_iommu(ivmd_block, base, limit, + iw, ir, exclusion); default: AMD_IOMMU_DEBUG("IVMD Error: Invalid Block Type!\n"); diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 7c3966ef52..c8e76d4077 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -234,6 +234,8 @@ static int __must_check allocate_domain_resources(struct domain *d) return rc; } +int __read_mostly amd_iommu_min_paging_mode = 1; + static int amd_iommu_domain_init(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); @@ -245,11 +247,13 @@ static int amd_iommu_domain_init(struct domain *d) * - HVM could in principle use 3 or 4 depending on how much guest * physical address space we give it, but this isn't known yet so use 4 * unilaterally. + * - Unity maps may require an even higher number. */ - hd->arch.amd.paging_mode = amd_iommu_get_paging_mode( - is_hvm_domain(d) - ? 1ul << (DEFAULT_DOMAIN_ADDRESS_WIDTH - PAGE_SHIFT) - : get_upper_mfn_bound() + 1); + hd->arch.amd.paging_mode = max(amd_iommu_get_paging_mode( + is_hvm_domain(d) + ? 1ul << (DEFAULT_DOMAIN_ADDRESS_WIDTH - PAGE_SHIFT) + : get_upper_mfn_bound() + 1), + amd_iommu_min_paging_mode); return 0; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 12:56:18 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 12:56:18 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172204.314058 (Exim 4.92) (envelope-from ) id 1mIsS2-0005et-S7; Wed, 25 Aug 2021 12:56:18 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172204.314058; Wed, 25 Aug 2021 12:56:18 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsS2-0005el-P0; Wed, 25 Aug 2021 12:56:18 +0000 Received: by outflank-mailman (input) for mailman id 172204; Wed, 25 Aug 2021 12:56:16 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsS0-0005eV-R7 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:56:16 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsS0-0004Yo-QS for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:56:16 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIsS0-0006Pb-PO for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:56:16 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=AZgx8jY4LXnmqEcp72nt3J6JBy2ynH77CK3DrEWZmN4=; b=XXUkwM+AAK2gqjb+IwmFk50dll 6P5CxH7JFFPqwAClaBGqQi/CdB2FZ0snSncvmuBu+eRdrJYAEsX6OM9wnDe79fLlqbJt85hZc4fNU kM0OUZmX4GdlrAq281VCeeNGlgCh8eHxzPvjBNm00vxj5VZkyp0p8Kg8Atq6zR8iLBGg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/p2m: introduce p2m_is_special() Message-Id: Date: Wed, 25 Aug 2021 12:56:16 +0000 commit 9f44ed133f303f73a40b2447a9e39d39f879e96f Author: Jan Beulich AuthorDate: Wed Aug 25 14:43:22 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:43:22 2021 +0200 x86/p2m: introduce p2m_is_special() Seeing the similarity of grant, foreign, and (subsequently) direct-MMIO handling, introduce a new P2M type group named "special" (as in "needing special accessors to create/destroy"). Also use -EPERM instead of other error codes on the two domain_crash() paths touched. This is part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: 0bf755e2c856628e11e93c76c3e12974e9964638 master date: 2021-08-25 14:17:07 +0200 --- xen/arch/x86/mm/p2m.c | 15 +++++++-------- xen/include/asm-x86/p2m.h | 5 +++++ 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index d058e5b6ed..59764c6073 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -811,7 +811,7 @@ p2m_remove_page(struct p2m_domain *p2m, gfn_t gfn, mfn_t mfn, for ( i = 0; i < (1UL << page_order); i++ ) { p2m->get_entry(p2m, gfn_add(gfn, i), &t, &a, 0, NULL, NULL); - if ( !p2m_is_grant(t) && !p2m_is_shared(t) && !p2m_is_foreign(t) ) + if ( !p2m_is_special(t) && !p2m_is_shared(t) ) set_gpfn_from_mfn(mfn_x(mfn) + i, INVALID_M2P_ENTRY); } } @@ -941,13 +941,13 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, &ot, &a, 0, NULL, NULL); ASSERT(!p2m_is_shared(ot)); } - if ( p2m_is_grant(ot) || p2m_is_foreign(ot) ) + if ( p2m_is_special(ot) ) { - /* Really shouldn't be unmapping grant/foreign maps this way */ + /* Don't permit unmapping grant/foreign this way. */ domain_crash(d); p2m_unlock(p2m); - return -EINVAL; + return -EPERM; } else if ( p2m_is_ram(ot) && !p2m_is_paged(ot) ) { @@ -1041,8 +1041,7 @@ int p2m_change_type_one(struct domain *d, unsigned long gfn_l, struct p2m_domain *p2m = p2m_get_hostp2m(d); int rc; - BUG_ON(p2m_is_grant(ot) || p2m_is_grant(nt)); - BUG_ON(p2m_is_foreign(ot) || p2m_is_foreign(nt)); + BUG_ON(p2m_is_special(ot) || p2m_is_special(nt)); gfn_lock(p2m, gfn, 0); @@ -1289,11 +1288,11 @@ static int set_typed_p2m_entry(struct domain *d, unsigned long gfn_l, gfn_unlock(p2m, gfn, order); return cur_order + 1; } - if ( p2m_is_grant(ot) || p2m_is_foreign(ot) ) + if ( p2m_is_special(ot) ) { gfn_unlock(p2m, gfn, order); domain_crash(d); - return -ENOENT; + return -EPERM; } else if ( p2m_is_ram(ot) ) { diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index 6a7bb40fdb..18c3c42e9d 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -149,6 +149,10 @@ typedef unsigned int p2m_query_t; | p2m_to_mask(p2m_ram_logdirty) ) #define P2M_SHARED_TYPES (p2m_to_mask(p2m_ram_shared)) +/* Types established/cleaned up via special accessors. */ +#define P2M_SPECIAL_TYPES (P2M_GRANT_TYPES | \ + p2m_to_mask(p2m_map_foreign)) + /* Valid types not necessarily associated with a (valid) MFN. */ #define P2M_INVALID_MFN_TYPES (P2M_POD_TYPES \ | p2m_to_mask(p2m_mmio_direct) \ @@ -177,6 +181,7 @@ typedef unsigned int p2m_query_t; #define p2m_is_paged(_t) (p2m_to_mask(_t) & P2M_PAGED_TYPES) #define p2m_is_sharable(_t) (p2m_to_mask(_t) & P2M_SHARABLE_TYPES) #define p2m_is_shared(_t) (p2m_to_mask(_t) & P2M_SHARED_TYPES) +#define p2m_is_special(_t) (p2m_to_mask(_t) & P2M_SPECIAL_TYPES) #define p2m_is_broken(_t) (p2m_to_mask(_t) & P2M_BROKEN_TYPES) #define p2m_is_foreign(_t) (p2m_to_mask(_t) & p2m_to_mask(p2m_map_foreign)) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 12:56:28 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 12:56:28 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172205.314061 (Exim 4.92) (envelope-from ) id 1mIsSC-0005hs-Tm; Wed, 25 Aug 2021 12:56:28 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172205.314061; Wed, 25 Aug 2021 12:56:28 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsSC-0005hk-QY; Wed, 25 Aug 2021 12:56:28 +0000 Received: by outflank-mailman (input) for mailman id 172205; Wed, 25 Aug 2021 12:56:27 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsSA-0005hS-VF for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:56:26 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsSA-0004Z6-UT for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:56:26 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIsSA-0006Qn-TX for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:56:26 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rFXdfwY5cT4v0n0TMp+8WP36B91KcTpdIzxCYIus6rA=; b=3gr9/q3YLkP10rjodnFu8EpyNG TCvJ5yZ9vsGv9P6I8OHhpfaf2L++rcvTjTfU9qpO4cShnxL+XvCgmOgY0oYiyTBQkwRnDIKhYrY6B LbJXYTFNgRb2MewFlXv0TWdosalLYzk1RqGCd0FfxWcxdQ6pRIdxzvD5wd14sDIesF+E=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/p2m: guard (in particular) identity mapping entries Message-Id: Date: Wed, 25 Aug 2021 12:56:26 +0000 commit 7850fe53a59f73fbb0a61c36141c6a6563e3eeca Author: Jan Beulich AuthorDate: Wed Aug 25 14:43:45 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:43:45 2021 +0200 x86/p2m: guard (in particular) identity mapping entries Such entries, created by set_identity_p2m_entry(), should only be destroyed by clear_identity_p2m_entry(). However, similarly, entries created by set_mmio_p2m_entry() should only be torn down by clear_mmio_p2m_entry(), so the logic gets based upon p2m_mmio_direct as the entry type (separation between "ordinary" and 1:1 mappings would require a further indicator to tell apart the two). As to the guest_remove_page() change, commit 48dfb297a20a ("x86/PVH: allow guest_remove_page to remove p2m_mmio_direct pages"), which introduced the call to clear_mmio_p2m_entry(), claimed this was done for hwdom only without this actually having been the case. However, this code shouldn't be there in the first place, as MMIO entries shouldn't be dropped this way. Avoid triggering the warning again that 48dfb297a20a silenced by an adjustment to xenmem_add_to_physmap_one() instead. Note that guest_physmap_mark_populate_on_demand() gets tightened beyond the immediate purpose of this change. Note also that I didn't inspect code which isn't security supported, e.g. sharing, paging, or altp2m. This is CVE-2021-28694 / part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: 753cb68e653002e89fdcd1c80e52905fdbfb78cb master date: 2021-08-25 14:17:32 +0200 --- xen/arch/x86/mm/p2m-pod.c | 12 ++++++------ xen/arch/x86/mm/p2m.c | 15 +++++++++------ xen/common/memory.c | 11 ++++++++++- xen/include/asm-x86/p2m.h | 5 ++--- 4 files changed, 27 insertions(+), 16 deletions(-) diff --git a/xen/arch/x86/mm/p2m-pod.c b/xen/arch/x86/mm/p2m-pod.c index ae153fa6e6..8abc57265c 100644 --- a/xen/arch/x86/mm/p2m-pod.c +++ b/xen/arch/x86/mm/p2m-pod.c @@ -1299,17 +1299,17 @@ guest_physmap_mark_populate_on_demand(struct domain *d, unsigned long gfn_l, p2m->get_entry(p2m, gfn_add(gfn, i), &ot, &a, 0, &cur_order, NULL); n = 1UL << min(order, cur_order); - if ( p2m_is_ram(ot) ) + if ( ot == p2m_populate_on_demand ) + { + /* Count how many PoD entries we'll be replacing if successful */ + pod_count += n; + } + else if ( ot != p2m_invalid && ot != p2m_mmio_dm ) { P2M_DEBUG("gfn_to_mfn returned type %d!\n", ot); rc = -EBUSY; goto out; } - else if ( ot == p2m_populate_on_demand ) - { - /* Count how man PoD entries we'll be replacing if successful */ - pod_count += n; - } } /* Now, actually do the two-way mapping */ diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 59764c6073..4cbb177aa9 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -799,7 +799,8 @@ p2m_remove_page(struct p2m_domain *p2m, gfn_t gfn, mfn_t mfn, &cur_order, NULL); if ( p2m_is_valid(t) && - (!mfn_valid(mfn) || !mfn_eq(mfn_add(mfn, i), mfn_return)) ) + (!mfn_valid(mfn) || t == p2m_mmio_direct || + !mfn_eq(mfn_add(mfn, i), mfn_return)) ) return -EILSEQ; i += (1UL << cur_order) - @@ -899,7 +900,7 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, if ( p2m_is_foreign(t) ) return -EINVAL; - if ( !mfn_valid(mfn) ) + if ( !mfn_valid(mfn) || t == p2m_mmio_direct ) { ASSERT_UNREACHABLE(); return -EINVAL; @@ -943,7 +944,7 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, } if ( p2m_is_special(ot) ) { - /* Don't permit unmapping grant/foreign this way. */ + /* Don't permit unmapping grant/foreign/direct-MMIO this way. */ domain_crash(d); p2m_unlock(p2m); @@ -1399,8 +1400,8 @@ int set_identity_p2m_entry(struct domain *d, unsigned long gfn_l, * order+1 for caller to retry with order (guaranteed smaller than * the order value passed in) */ -int clear_mmio_p2m_entry(struct domain *d, unsigned long gfn_l, mfn_t mfn, - unsigned int order) +static int clear_mmio_p2m_entry(struct domain *d, unsigned long gfn_l, + mfn_t mfn, unsigned int order) { int rc = -EINVAL; gfn_t gfn = _gfn(gfn_l); @@ -2731,7 +2732,9 @@ int xenmem_add_to_physmap_one( /* Remove previously mapped page if it was present. */ prev_mfn = get_gfn(d, gfn_x(gpfn), &p2mt); - if ( mfn_valid(prev_mfn) ) + if ( p2mt == p2m_mmio_direct ) + rc = -EPERM; + else if ( mfn_valid(prev_mfn) ) { if ( is_special_page(mfn_to_page(prev_mfn)) ) /* Special pages are simply unhooked from this phys slot. */ diff --git a/xen/common/memory.c b/xen/common/memory.c index 76b9f58478..297b98a562 100644 --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -330,7 +330,7 @@ int guest_remove_page(struct domain *d, unsigned long gmfn) } if ( p2mt == p2m_mmio_direct ) { - rc = clear_mmio_p2m_entry(d, gmfn, mfn, PAGE_ORDER_4K); + rc = -EPERM; goto out_put_gfn; } #else @@ -1875,6 +1875,15 @@ int check_get_page_from_gfn(struct domain *d, gfn_t gfn, bool readonly, return -EAGAIN; } #endif +#ifdef CONFIG_X86 + if ( p2mt == p2m_mmio_direct ) + { + if ( page ) + put_page(page); + + return -EPERM; + } +#endif if ( !page ) return -EINVAL; diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index 18c3c42e9d..422a8b228f 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -151,7 +151,8 @@ typedef unsigned int p2m_query_t; /* Types established/cleaned up via special accessors. */ #define P2M_SPECIAL_TYPES (P2M_GRANT_TYPES | \ - p2m_to_mask(p2m_map_foreign)) + p2m_to_mask(p2m_map_foreign) | \ + p2m_to_mask(p2m_mmio_direct)) /* Valid types not necessarily associated with a (valid) MFN. */ #define P2M_INVALID_MFN_TYPES (P2M_POD_TYPES \ @@ -666,8 +667,6 @@ int p2m_is_logdirty_range(struct p2m_domain *, unsigned long start, /* Set mmio addresses in the p2m table (for pass-through) */ int set_mmio_p2m_entry(struct domain *d, gfn_t gfn, mfn_t mfn, unsigned int order); -int clear_mmio_p2m_entry(struct domain *d, unsigned long gfn, mfn_t mfn, - unsigned int order); /* Set identity addresses in the p2m table (for pass-through) */ int set_identity_p2m_entry(struct domain *d, unsigned long gfn, -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 12:56:39 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 12:56:39 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172206.314066 (Exim 4.92) (envelope-from ) id 1mIsSN-0005mE-0U; Wed, 25 Aug 2021 12:56:39 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172206.314066; Wed, 25 Aug 2021 12:56:38 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsSM-0005m6-Tm; Wed, 25 Aug 2021 12:56:38 +0000 Received: by outflank-mailman (input) for mailman id 172206; Wed, 25 Aug 2021 12:56:37 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsSL-0005lf-2f for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:56:37 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsSL-0004ZH-1q for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:56:37 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIsSL-0006SC-0r for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:56:37 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OODsU/CFv1vVn1gk9IPlnkS6JstKOsvEBfsztMbcKN0=; b=Voc6IIZcLb0umu6DIRvpmG5dPb ivG5UhRSQSquMBytrnB3yiBw48c5vS/uRlhnnSOUL9cxr1WvRrjJsOIMzGC/KhoIZVMy0MKFh1KVF rdA3Sce4rFWlbEhYePFNNINJAhKQnfHQpX9BMt/f7kR/8tYjAfGxMKRGPVllRmVM4Vmg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/mm: widen locked region in xenmem_add_to_physmap_one() Message-Id: Date: Wed, 25 Aug 2021 12:56:37 +0000 commit d40287a000ec20252006d92c51a69f14be808fd5 Author: Jan Beulich AuthorDate: Wed Aug 25 14:44:05 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:44:05 2021 +0200 x86/mm: widen locked region in xenmem_add_to_physmap_one() For pages which can be made part of the P2M by the guest, but which can also later be de-allocated (grant table v2 status pages being the present example), it is imperative that they be mapped at no more than a single GFN. We therefore need to make sure that of two parallel XENMAPSPACE_grant_table requests for the same status page one completes before the second checks at which other GFN the underlying MFN is presently mapped. Pull ahead the respective get_gfn() and push down the respective put_gfn(). This leverages that gfn_lock() really aliases p2m_lock(), but the function makes this assumption already anyway: In the XENMAPSPACE_gmfn case lock nesting constraints for both involved GFNs would otherwise need to be enforced to avoid ABBA deadlocks. This is CVE-2021-28697 / XSA-379. Signed-off-by: Jan Beulich Reviewed-by: Julien Grall master commit: f147422bf9476fb8161b43e35f5901571ed17c35 master date: 2021-08-25 14:17:56 +0200 --- xen/arch/x86/mm/p2m.c | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 4cbb177aa9..3bdfc3f274 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -2730,8 +2730,20 @@ int xenmem_add_to_physmap_one( goto put_both; } - /* Remove previously mapped page if it was present. */ + /* + * Note that we're (ab)using GFN locking (to really be locking of the + * entire P2M) here in (at least) two ways: Finer grained locking would + * expose lock order violations in the XENMAPSPACE_gmfn case (due to the + * earlier get_gfn_unshare() above). Plus at the very least for the grant + * table v2 status page case we need to guarantee that the same page can + * only appear at a single GFN. While this is a property we want in + * general, for pages which can subsequently be freed this imperative: + * Upon freeing we wouldn't be able to find other mappings in the P2M + * (unless we did a brute force search). + */ prev_mfn = get_gfn(d, gfn_x(gpfn), &p2mt); + + /* Remove previously mapped page if it was present. */ if ( p2mt == p2m_mmio_direct ) rc = -EPERM; else if ( mfn_valid(prev_mfn) ) @@ -2743,27 +2755,21 @@ int xenmem_add_to_physmap_one( /* Normal domain memory is freed, to avoid leaking memory. */ rc = guest_remove_page(d, gfn_x(gpfn)); } - /* In the XENMAPSPACE_gmfn case we still hold a ref on the old page. */ - put_gfn(d, gfn_x(gpfn)); - - if ( rc ) - goto put_both; /* Unmap from old location, if any. */ old_gpfn = get_gpfn_from_mfn(mfn_x(mfn)); ASSERT(!SHARED_M2P(old_gpfn)); if ( space == XENMAPSPACE_gmfn && old_gpfn != gfn ) - { rc = -EXDEV; - goto put_both; - } - if ( old_gpfn != INVALID_M2P_ENTRY ) + else if ( !rc && old_gpfn != INVALID_M2P_ENTRY ) rc = guest_physmap_remove_page(d, _gfn(old_gpfn), mfn, PAGE_ORDER_4K); /* Map at new location. */ if ( !rc ) rc = guest_physmap_add_page(d, gpfn, mfn, PAGE_ORDER_4K); + put_gfn(d, gfn_x(gpfn)); + put_both: /* * In the XENMAPSPACE_gmfn case, we took a ref of the gfn at the top. -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 12:56:49 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 12:56:49 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172207.314070 (Exim 4.92) (envelope-from ) id 1mIsSX-0005pY-2R; Wed, 25 Aug 2021 12:56:49 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172207.314070; Wed, 25 Aug 2021 12:56:49 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsSW-0005pQ-VJ; Wed, 25 Aug 2021 12:56:48 +0000 Received: by outflank-mailman (input) for mailman id 172207; Wed, 25 Aug 2021 12:56:47 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsSV-0005ox-6L for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:56:47 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsSV-0004ZR-5c for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:56:47 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIsSV-0006TB-4k for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:56:47 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=QzDb9Up6P0CcYpA5mJcGMRKEWJPTR5E+4p0NMR+pjMo=; b=N+3ao2pAMdm9+gZByuFTc/E9cx TBBfF3z1uL/LqKCjUru7ouEQ2DRftUz4GorbQ8Q91ASVB3fmL3pFDHRJGzN4hsyPyo6dQYMZFAS1B uL8gmakPrKtAUyhnTs23LJ/tgSS0xltVTb5DmKHxCblpbRyWVKmm4H/Jax+73q2VfvsI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] gnttab: add preemption check to gnttab_release_mappings() Message-Id: Date: Wed, 25 Aug 2021 12:56:47 +0000 commit 9bfbde40bc268dc479dde785d2435fd5a2e61efd Author: Jan Beulich AuthorDate: Wed Aug 25 14:44:23 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:44:23 2021 +0200 gnttab: add preemption check to gnttab_release_mappings() A guest may die with many grant mappings still in place, or simply with a large maptrack table. Iterating through this may take more time than is reasonable without intermediate preemption (to run softirqs and perhaps the scheduler). Move the invocation of the function to the section where other restartable functions get invoked, and have the function itself check for preemption every once in a while. Have it iterate the table backwards, such that decreasing the maptrack limit is all it takes to convey restart information. In domain_teardown() introduce PROG_none such that inserting at the front will be easier going forward. This is part of CVE-2021-28698 / XSA-380. Reported-by: Andrew Cooper Signed-off-by: Jan Beulich Reviewed-by: Julien Grall master commit: b1ee10be5625b7d502cef1e6ee3818610ab0d29c master date: 2021-08-25 14:18:18 +0200 --- xen/common/domain.c | 12 ++++++++--- xen/common/grant_table.c | 46 ++++++++++++++++++++++++++++++++++++------- xen/include/xen/grant_table.h | 6 ++---- 3 files changed, 50 insertions(+), 14 deletions(-) diff --git a/xen/common/domain.c b/xen/common/domain.c index d85984638a..dabb15a06c 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -412,11 +412,18 @@ static int domain_teardown(struct domain *d) v = d->teardown.vcpu enum { - PROG_vcpu_teardown = 1, + PROG_none, + PROG_gnttab_mappings, + PROG_vcpu_teardown, PROG_done, }; - case 0: + case PROG_none: + rc = gnttab_release_mappings(d); + if ( rc ) + return rc; + + PROGRESS(gnttab_mappings): for_each_vcpu ( d, v ) { PROGRESS_VCPU(teardown); @@ -908,7 +915,6 @@ int domain_kill(struct domain *d) return domain_kill(d); d->is_dying = DOMDYING_dying; argo_destroy(d); - gnttab_release_mappings(d); vnuma_destroy(d->vnuma); domain_set_outstanding_pages(d, 0); /* fallthrough */ diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index ab30e2e8cf..e43ff7df4f 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -64,7 +64,13 @@ struct grant_table { unsigned int nr_grant_frames; /* Number of grant status frames shared with guest (for version 2) */ unsigned int nr_status_frames; - /* Number of available maptrack entries. */ + /* + * Number of available maptrack entries. For cleanup purposes it is + * important to realize that this field and @maptrack further down will + * only ever be accessed by the local domain. Thus it is okay to clean + * up early, and to shrink the limit for the purpose of tracking cleanup + * progress. + */ unsigned int maptrack_limit; /* Shared grant table (see include/public/grant_table.h). */ union { @@ -3691,9 +3697,7 @@ do_grant_table_op( #include "compat/grant_table.c" #endif -void -gnttab_release_mappings( - struct domain *d) +int gnttab_release_mappings(struct domain *d) { struct grant_table *gt = d->grant_table, *rgt; struct grant_mapping *map; @@ -3707,8 +3711,32 @@ gnttab_release_mappings( BUG_ON(!d->is_dying); - for ( handle = 0; handle < gt->maptrack_limit; handle++ ) + if ( !gt || !gt->maptrack ) + return 0; + + for ( handle = gt->maptrack_limit; handle; ) { + /* + * Deal with full pages such that their freeing (in the body of the + * if()) remains simple. + */ + if ( handle < gt->maptrack_limit && !(handle % MAPTRACK_PER_PAGE) ) + { + /* + * Changing maptrack_limit alters nr_maptrack_frames()'es return + * value. Free the then excess trailing page right here, rather + * than leaving it to grant_table_destroy() (and in turn requiring + * to leave gt->maptrack_limit unaltered). + */ + gt->maptrack_limit = handle; + FREE_XENHEAP_PAGE(gt->maptrack[nr_maptrack_frames(gt)]); + + if ( hypercall_preempt_check() ) + return -ERESTART; + } + + --handle; + map = &maptrack_entry(gt, handle); if ( !(map->flags & (GNTMAP_device_map|GNTMAP_host_map)) ) continue; @@ -3792,6 +3820,11 @@ gnttab_release_mappings( map->flags = 0; } + + gt->maptrack_limit = 0; + FREE_XENHEAP_PAGE(gt->maptrack[0]); + + return 0; } void grant_table_warn_active_grants(struct domain *d) @@ -3855,8 +3888,7 @@ grant_table_destroy( free_xenheap_page(t->shared_raw[i]); xfree(t->shared_raw); - for ( i = 0; i < nr_maptrack_frames(t); i++ ) - free_xenheap_page(t->maptrack[i]); + ASSERT(!t->maptrack_limit); vfree(t->maptrack); for ( i = 0; i < nr_active_grant_frames(t); i++ ) diff --git a/xen/include/xen/grant_table.h b/xen/include/xen/grant_table.h index 63b6dc78f4..cbd1ce37db 100644 --- a/xen/include/xen/grant_table.h +++ b/xen/include/xen/grant_table.h @@ -46,9 +46,7 @@ void grant_table_init_vcpu(struct vcpu *v); void grant_table_warn_active_grants(struct domain *d); /* Domain death release of granted mappings of other domains' memory. */ -void -gnttab_release_mappings( - struct domain *d); +int gnttab_release_mappings(struct domain *d); int mem_sharing_gref_to_gfn(struct grant_table *gt, grant_ref_t ref, gfn_t *gfn, uint16_t *status); @@ -79,7 +77,7 @@ static inline void grant_table_init_vcpu(struct vcpu *v) {} static inline void grant_table_warn_active_grants(struct domain *d) {} -static inline void gnttab_release_mappings(struct domain *d) {} +static inline int gnttab_release_mappings(struct domain *d) { return 0; } static inline int mem_sharing_gref_to_gfn(struct grant_table *gt, grant_ref_t ref, -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 12:56:59 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 12:56:59 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172208.314074 (Exim 4.92) (envelope-from ) id 1mIsSh-0005sa-3c; Wed, 25 Aug 2021 12:56:59 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172208.314074; Wed, 25 Aug 2021 12:56:59 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsSh-0005sS-0d; Wed, 25 Aug 2021 12:56:59 +0000 Received: by outflank-mailman (input) for mailman id 172208; Wed, 25 Aug 2021 12:56:57 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsSf-0005sB-A5 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:56:57 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsSf-0004Zc-9J for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:56:57 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIsSf-0006UQ-8Q for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:56:57 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=lnmqcncXB/lKb8e4TC05P/7kLjnDHdxfPQ4ILMXy92U=; b=aV//xZr7Jguuwa/4Rjmx/OTdgl pfXOdK/cnBBM36EJu2u+QCRXmEfiTIlXscJh/G5HY7kyohuDM/iSPImItcF9+m+VXmdGFlt/8/S/0 wMHjlju0QKhGHElFnSDip2apD+NuPrW4CsRhldN5FIYNmNYGjdzW/UuXKOM5JIxCE6S0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] gnttab: replace mapkind() Message-Id: Date: Wed, 25 Aug 2021 12:56:57 +0000 commit 2f6ebcec023be0b0873a5e67ce3a0ab301dbac4f Author: Jan Beulich AuthorDate: Wed Aug 25 14:44:48 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:44:48 2021 +0200 gnttab: replace mapkind() mapkind() doesn't scale very well with larger maptrack entry counts, using a brute force linear search through all entries, with the only option of an early loop exit if a matching writable entry was found. Introduce a radix tree alongside the main maptrack table, thus allowing much faster MFN-based lookup. To avoid the need to actually allocate space for the individual nodes, encode the two counters in the node pointers themselves, thus limiting the number of permitted simultaneous r/o and r/w mappings of the same MFN to 2³¹-1 (64-bit) / 2¹⁵-1 (32-bit) each. To avoid enforcing an unnecessarily low bound on the number of simultaneous mappings of a single MFN, introduce radix_tree_{ulong_to_ptr,ptr_to_ulong} paralleling radix_tree_{int_to_ptr,ptr_to_int}. As a consequence locking changes are also applicable: With there no longer being any inspection of the remote domain's active entries, there's also no need anymore to hold the remote domain's grant table lock. And since we're no longer iterating over the local domain's map track table, the lock in map_grant_ref() can also be dropped before the new maptrack entry actually gets populated. As a nice side effect this also reduces the number of IOMMU operations in unmap_common(): Previously we would have "established" a readable mapping whenever we didn't find a writable entry anymore (yet, of course, at least one readable one). But we only need to do this if we actually dropped the last writable entry, not if there were none already before. This is part of CVE-2021-28698 / XSA-380. Signed-off-by: Jan Beulich Reviewed-by: Julien Grall master commit: 9781b51efde251efcc0291ddb1d9c7cefe2b2555 master date: 2021-08-25 14:18:39 +0200 --- xen/common/grant_table.c | 201 ++++++++++++++++++++++++------------------- xen/include/xen/radix-tree.h | 19 ++++ 2 files changed, 131 insertions(+), 89 deletions(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index e43ff7df4f..7422872dec 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -37,6 +37,7 @@ #include #include #include +#include #include #include #include @@ -82,8 +83,13 @@ struct grant_table { grant_status_t **status; /* Active grant table. */ struct active_grant_entry **active; - /* Mapping tracking table per vcpu. */ + /* Handle-indexed tracking table of mappings. */ struct grant_mapping **maptrack; + /* + * MFN-indexed tracking tree of mappings, if needed. Note that this is + * protected by @lock, not @maptrack_lock. + */ + struct radix_tree_root maptrack_tree; /* Domain to which this struct grant_table belongs. */ const struct domain *domain; @@ -516,34 +522,6 @@ static int get_paged_frame(unsigned long gfn, mfn_t *mfn, return GNTST_okay; } -static inline void -double_gt_lock(struct grant_table *lgt, struct grant_table *rgt) -{ - /* - * See mapkind() for why the write lock is also required for the - * remote domain. - */ - if ( lgt < rgt ) - { - grant_write_lock(lgt); - grant_write_lock(rgt); - } - else - { - if ( lgt != rgt ) - grant_write_lock(rgt); - grant_write_lock(lgt); - } -} - -static inline void -double_gt_unlock(struct grant_table *lgt, struct grant_table *rgt) -{ - grant_write_unlock(lgt); - if ( lgt != rgt ) - grant_write_unlock(rgt); -} - #define INVALID_MAPTRACK_HANDLE UINT_MAX static inline grant_handle_t @@ -982,41 +960,17 @@ static struct active_grant_entry *grant_map_exists(const struct domain *ld, return ERR_PTR(-EINVAL); } -#define MAPKIND_READ 1 -#define MAPKIND_WRITE 2 -static unsigned int mapkind( - struct grant_table *lgt, const struct domain *rd, mfn_t mfn) -{ - struct grant_mapping *map; - grant_handle_t handle, limit = lgt->maptrack_limit; - unsigned int kind = 0; - - /* - * Must have the local domain's grant table write lock when - * iterating over its maptrack entries. - */ - ASSERT(percpu_rw_is_write_locked(&lgt->lock)); - /* - * Must have the remote domain's grant table write lock while - * counting its active entries. - */ - ASSERT(percpu_rw_is_write_locked(&rd->grant_table->lock)); - - smp_rmb(); - - for ( handle = 0; !(kind & MAPKIND_WRITE) && handle < limit; handle++ ) - { - map = &maptrack_entry(lgt, handle); - if ( !(map->flags & (GNTMAP_device_map|GNTMAP_host_map)) || - map->domid != rd->domain_id ) - continue; - if ( mfn_eq(_active_entry(rd->grant_table, map->ref).mfn, mfn) ) - kind |= map->flags & GNTMAP_readonly ? - MAPKIND_READ : MAPKIND_WRITE; - } - - return kind; -} +union maptrack_node { + struct { + /* Radix tree slot pointers use two of the bits. */ +#ifdef __BIG_ENDIAN_BITFIELD + unsigned long : 2; +#endif + unsigned long rd : BITS_PER_LONG / 2 - 1; + unsigned long wr : BITS_PER_LONG / 2 - 1; + } cnt; + unsigned long raw; +}; static void map_grant_ref( @@ -1035,7 +989,6 @@ map_grant_ref( struct grant_mapping *mt; grant_entry_header_t *shah; uint16_t *status; - bool_t need_iommu; ld = current->domain; @@ -1256,31 +1209,75 @@ map_grant_ref( * as mem-sharing and IOMMU use are incompatible). The dom_io case would * need checking separately if we compared against owner here. */ - need_iommu = ld != rd && gnttab_need_iommu_mapping(ld); - if ( need_iommu ) - { + if ( ld != rd && gnttab_need_iommu_mapping(ld) ) + { + union maptrack_node node = { + .cnt.rd = !!(op->flags & GNTMAP_readonly), + .cnt.wr = !(op->flags & GNTMAP_readonly), + }; + int err; + void **slot = NULL; unsigned int kind; - double_gt_lock(lgt, rgt); + grant_write_lock(lgt); + + err = radix_tree_insert(&lgt->maptrack_tree, mfn_x(mfn), + radix_tree_ulong_to_ptr(node.raw)); + if ( err == -EEXIST ) + { + slot = radix_tree_lookup_slot(&lgt->maptrack_tree, mfn_x(mfn)); + if ( likely(slot) ) + { + node.raw = radix_tree_ptr_to_ulong(*slot); + err = -EBUSY; + + /* Update node only when refcount doesn't overflow. */ + if ( op->flags & GNTMAP_readonly ? ++node.cnt.rd + : ++node.cnt.wr ) + { + radix_tree_replace_slot(slot, + radix_tree_ulong_to_ptr(node.raw)); + err = 0; + } + } + else + ASSERT_UNREACHABLE(); + } /* * We're not translated, so we know that dfns and mfns are * the same things, so the IOMMU entry is always 1-to-1. */ - kind = mapkind(lgt, rd, mfn); - if ( !(op->flags & GNTMAP_readonly) && - !(kind & MAPKIND_WRITE) ) + if ( !(op->flags & GNTMAP_readonly) && node.cnt.wr == 1 ) kind = IOMMUF_readable | IOMMUF_writable; - else if ( !kind ) + else if ( (op->flags & GNTMAP_readonly) && + node.cnt.rd == 1 && !node.cnt.wr ) kind = IOMMUF_readable; else kind = 0; - if ( kind && iommu_legacy_map(ld, _dfn(mfn_x(mfn)), mfn, 1, kind) ) + if ( err || + (kind && iommu_legacy_map(ld, _dfn(mfn_x(mfn)), mfn, 1, kind)) ) { - double_gt_unlock(lgt, rgt); + if ( !err ) + { + if ( slot ) + { + op->flags & GNTMAP_readonly ? node.cnt.rd-- + : node.cnt.wr--; + radix_tree_replace_slot(slot, + radix_tree_ulong_to_ptr(node.raw)); + } + else + radix_tree_delete(&lgt->maptrack_tree, mfn_x(mfn)); + } + rc = GNTST_general_error; - goto undo_out; } + + grant_write_unlock(lgt); + + if ( rc != GNTST_okay ) + goto undo_out; } TRACE_1D(TRC_MEM_PAGE_GRANT_MAP, op->dom); @@ -1288,10 +1285,6 @@ map_grant_ref( /* * All maptrack entry users check mt->flags first before using the * other fields so just ensure the flags field is stored last. - * - * However, if gnttab_need_iommu_mapping() then this would race - * with a concurrent mapkind() call (on an unmap, for example) - * and a lock is required. */ mt = &maptrack_entry(lgt, handle); mt->domid = op->dom; @@ -1299,9 +1292,6 @@ map_grant_ref( smp_wmb(); write_atomic(&mt->flags, op->flags); - if ( need_iommu ) - double_gt_unlock(lgt, rgt); - op->dev_bus_addr = mfn_to_maddr(mfn); op->handle = handle; op->status = GNTST_okay; @@ -1509,19 +1499,34 @@ unmap_common( /* See the respective comment in map_grant_ref(). */ if ( rc == GNTST_okay && ld != rd && gnttab_need_iommu_mapping(ld) ) { - unsigned int kind; + void **slot; + union maptrack_node node; int err = 0; - double_gt_lock(lgt, rgt); + grant_write_lock(lgt); + slot = radix_tree_lookup_slot(&lgt->maptrack_tree, mfn_x(op->mfn)); + node.raw = likely(slot) ? radix_tree_ptr_to_ulong(*slot) : 0; + + /* Refcount must not underflow. */ + if ( !(flags & GNTMAP_readonly ? node.cnt.rd-- + : node.cnt.wr--) ) + BUG(); - kind = mapkind(lgt, rd, op->mfn); - if ( !kind ) + if ( !node.raw ) err = iommu_legacy_unmap(ld, _dfn(mfn_x(op->mfn)), 1); - else if ( !(kind & MAPKIND_WRITE) ) + else if ( !(flags & GNTMAP_readonly) && !node.cnt.wr ) err = iommu_legacy_map(ld, _dfn(mfn_x(op->mfn)), op->mfn, 1, IOMMUF_readable); - double_gt_unlock(lgt, rgt); + if ( err ) + ; + else if ( !node.raw ) + radix_tree_delete(&lgt->maptrack_tree, mfn_x(op->mfn)); + else + radix_tree_replace_slot(slot, + radix_tree_ulong_to_ptr(node.raw)); + + grant_write_unlock(lgt); if ( err ) rc = GNTST_general_error; @@ -1968,6 +1973,8 @@ int grant_table_init(struct domain *d, int max_grant_frames, gt->maptrack = vzalloc(gt->max_maptrack_frames * sizeof(*gt->maptrack)); if ( gt->maptrack == NULL ) goto out; + + radix_tree_init(>->maptrack_tree); } /* Shared grant table. */ @@ -3716,6 +3723,8 @@ int gnttab_release_mappings(struct domain *d) for ( handle = gt->maptrack_limit; handle; ) { + mfn_t mfn; + /* * Deal with full pages such that their freeing (in the body of the * if()) remains simple. @@ -3813,17 +3822,31 @@ int gnttab_release_mappings(struct domain *d) reduce_status_for_pin(rd, act, status, map->flags & GNTMAP_readonly); + mfn = act->mfn; + active_entry_release(act); grant_read_unlock(rgt); rcu_unlock_domain(rd); map->flags = 0; + + /* + * This is excessive in that a single such call would suffice per + * mapped MFN (or none at all, if no entry was ever inserted). But it + * should be the common case for an MFN to be mapped just once, and + * this way we don't need to further maintain the counters. We also + * don't want to leave cleaning up of the tree as a whole to the end + * of the function, as this could take quite some time. + */ + radix_tree_delete(>->maptrack_tree, mfn_x(mfn)); } gt->maptrack_limit = 0; FREE_XENHEAP_PAGE(gt->maptrack[0]); + radix_tree_destroy(>->maptrack_tree, NULL); + return 0; } diff --git a/xen/include/xen/radix-tree.h b/xen/include/xen/radix-tree.h index ec40cf1d9e..58c40312e6 100644 --- a/xen/include/xen/radix-tree.h +++ b/xen/include/xen/radix-tree.h @@ -190,6 +190,25 @@ static inline int radix_tree_ptr_to_int(void *ptr) return (int)((long)ptr >> 2); } +/** + * radix_tree_{ulong_to_ptr,ptr_to_ulong}: + * + * Same for unsigned long values. Beware though that only BITS_PER_LONG-2 + * bits are actually usable for the value. + */ +static inline void *radix_tree_ulong_to_ptr(unsigned long val) +{ + unsigned long ptr = (val << 2) | 0x2; + ASSERT((ptr >> 2) == val); + return (void *)ptr; +} + +static inline unsigned long radix_tree_ptr_to_ulong(void *ptr) +{ + ASSERT(((unsigned long)ptr & 0x3) == 0x2); + return (unsigned long)ptr >> 2; +} + int radix_tree_insert(struct radix_tree_root *, unsigned long, void *); void *radix_tree_lookup(struct radix_tree_root *, unsigned long); void **radix_tree_lookup_slot(struct radix_tree_root *, unsigned long); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 12:57:09 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 12:57:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172209.314079 (Exim 4.92) (envelope-from ) id 1mIsSr-0005vu-70; Wed, 25 Aug 2021 12:57:09 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172209.314079; Wed, 25 Aug 2021 12:57:09 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsSr-0005vk-2E; Wed, 25 Aug 2021 12:57:09 +0000 Received: by outflank-mailman (input) for mailman id 172209; Wed, 25 Aug 2021 12:57:07 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsSp-0005ur-E4 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:57:07 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsSp-0004aL-DM for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:57:07 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIsSp-0006W0-CM for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:57:07 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=SFHqUdNxJ3QvFihZGq2MkVEIdZAlt5HnaPb82NyNx7g=; b=M0O8MRgGXLh1h7Dv1XRpgSinrb Z2OQN8Y7KD5kl7Twhh90WY30SUn2Rsb+lLskPjlv/xhaEBimK0LNy4HCQwW7bimsXS0zxhbMjB85Q 4ARMMwYtYj0qhfFEZfztIP6ElF9+NMCN5TMrpEv7Hwt/bJfvnpk8jxdBhHg/edLaa6W8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] gnttab: fix array capacity check in gnttab_get_status_frames() Message-Id: Date: Wed, 25 Aug 2021 12:57:07 +0000 commit 8a8b16c44e3e4cae097224511b72dfd7b059152b Author: Jan Beulich AuthorDate: Wed Aug 25 14:45:24 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:45:24 2021 +0200 gnttab: fix array capacity check in gnttab_get_status_frames() The number of grant frames is of no interest here; converting the passed in op.nr_frames this way means we allow for 8 times as many GFNs to be written as actually fit in the array. We would corrupt xlat areas of higher vCPU-s (after having faulted many times while trying to write to the guard pages between any two areas) for 32-bit PV guests. For HVM guests we'd simply crash as soon as we hit the first guard page, as accesses to the xlat area are simply memcpy() there. This is CVE-2021-28699 / XSA-382. Fixes: 18b1be5e324b ("gnttab: make resource limits per domain") Signed-off-by: Jan Beulich master commit: ec820035b875cdbedce5e73f481ce65963ede9ed master date: 2021-08-25 14:19:09 +0200 --- xen/common/grant_table.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 7422872dec..d3f8dc8c4d 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -3266,12 +3266,11 @@ gnttab_get_status_frames(XEN_GUEST_HANDLE_PARAM(gnttab_get_status_frames_t) uop, goto unlock; } - if ( unlikely(limit_max < grant_to_status_frames(op.nr_frames)) ) + if ( unlikely(limit_max < op.nr_frames) ) { gdprintk(XENLOG_WARNING, - "grant_to_status_frames(%u) for d%d is too large (%u,%u)\n", - op.nr_frames, d->domain_id, - grant_to_status_frames(op.nr_frames), limit_max); + "nr_status_frames for %pd is too large (%u,%u)\n", + d, op.nr_frames, limit_max); op.status = GNTST_general_error; goto unlock; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 12:57:19 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 12:57:19 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172210.314082 (Exim 4.92) (envelope-from ) id 1mIsT1-00060z-8l; Wed, 25 Aug 2021 12:57:19 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172210.314082; Wed, 25 Aug 2021 12:57:19 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsT1-00060r-5h; Wed, 25 Aug 2021 12:57:19 +0000 Received: by outflank-mailman (input) for mailman id 172210; Wed, 25 Aug 2021 12:57:18 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsT0-00060Y-15 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:57:18 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsT0-0004aZ-0P for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:57:18 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIsSz-0006XL-Rs for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:57:17 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=YdLMn6H7wD9SjIPm4679HVCV4Ts9Fx8KgQHunceljVc=; b=pWGP0s1W2OXYfOFr6gS8xwt686 4xuWDY6F3L+0KnYMjI8adNCa/XXI6BP5FI6DfiOKl4tnPlnGteS2b6X1NsoRvlLqay+2DRawRCjss bFDW27W7hvDvzEJdXeZIH180mrQRV5kgMrt5BWZfcVawP7jDCvZoqPmK1bLyXJ9KqQaw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] xen/arm: Restrict the amount of memory that dom0less domU and dom0 can allocate Message-Id: Date: Wed, 25 Aug 2021 12:57:17 +0000 commit 9bc2a681274b94639902d7c021d300384662a29a Author: Julien Grall AuthorDate: Wed Aug 25 14:45:45 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:45:45 2021 +0200 xen/arm: Restrict the amount of memory that dom0less domU and dom0 can allocate Currently, both dom0less domUs and dom0 can allocate an "unlimited" amount of memory because d->max_pages is set to ~0U. In particular, the former are meant to be unprivileged. Therefore the memory they could allocate should be bounded. As the domain are not yet officially aware of Xen (we don't expose advertise it in the DT, yet the hypercalls are accessible), they should not need to allocate more than the initial amount. So cap set d->max_pages directly the amount of memory we are meant to allocate. Take the opportunity to also restrict the memory for dom0 as the domain is direct mapped (e.g. MFN == GFN) and therefore cannot allocate outside of the pre-allocated region. This is CVE-2021-28700 / XSA-383. Reported-by: Julien Grall Signed-off-by: Julien Grall Reviewed-by: Stefano Stabellini Tested-by: Stefano Stabellini master commit: c08d68cd2aacbc7cb56e73ada241bfe4639bbc68 master date: 2021-08-25 14:19:31 +0200 --- xen/arch/arm/domain_build.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index 4203ddcca0..26c1342948 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -2439,7 +2439,8 @@ static int __init construct_domU(struct domain *d, if ( vcpu_create(d, 0) == NULL ) return -ENOMEM; - d->max_pages = ~0U; + + d->max_pages = ((paddr_t)mem * SZ_1K) >> PAGE_SHIFT; kinfo.d = d; @@ -2540,7 +2541,7 @@ int __init construct_dom0(struct domain *d) iommu_hwdom_init(d); - d->max_pages = ~0U; + d->max_pages = dom0_mem >> PAGE_SHIFT; kinfo.unassigned_mem = dom0_mem; kinfo.d = d; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 12:57:29 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 12:57:29 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172211.314086 (Exim 4.92) (envelope-from ) id 1mIsTB-000644-AF; Wed, 25 Aug 2021 12:57:29 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172211.314086; Wed, 25 Aug 2021 12:57:29 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsTB-00063v-7I; Wed, 25 Aug 2021 12:57:29 +0000 Received: by outflank-mailman (input) for mailman id 172211; Wed, 25 Aug 2021 12:57:28 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsTA-00063j-GR for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:57:28 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsTA-0004b5-Fl for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:57:28 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIsTA-0006Yi-EQ for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:57:28 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=qupayT/Fa+acN4E3njvVD9Fd5FqK4HGkk1zgttkkHIA=; b=wxuVMnLHLSyQyg1DmUV5YEcPNy D1bACahj2WCrYqCS4MUrDkZIpOZVKlqyZoFYc1D+x5O24GnFdcxq1a1N/aJc40RkhIwfFKgU1oTb4 ysrLtjz/EY4eTBm3xaBk4aEGSyRtuyK5LINH+gqowRLuuCsWGb9P53O1txy29u6WXwl8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/AMD: expose SYSCFG, TOM, TOM2, and IORRs to Dom0 Message-Id: Date: Wed, 25 Aug 2021 12:57:28 +0000 commit 9ab1714708ed23f7709a10ba839ebcb203ef1657 Author: Jan Beulich AuthorDate: Wed Aug 25 14:49:02 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:49:02 2021 +0200 x86/AMD: expose SYSCFG, TOM, TOM2, and IORRs to Dom0 Sufficiently old Linux (3.12-ish) accesses these MSRs (with the exception of IORRs) in an unguarded manner. Furthermore these same MSRs, at least on Fam11 and older CPUs, are also consulted by modern Linux, and their (bogus) built-in zapping of #GP faults from MSR accesses leads to it effectively reading zero instead of the intended values, which are relevant for PCI BAR placement (which ought to all live in MMIO-type space, not in DRAM-type one). For SYSCFG, only certain bits get exposed. Since MtrrVarDramEn also covers the IORRs, expose them as well. Introduce (consistently named) constants for the bits we're interested in and use them in pre-existing code as well. While there also drop the unused and somewhat questionable K8_MTRR_RDMEM_WRMEM_MASK. To complete the set of memory type and DRAM vs MMIO controlling MSRs, also expose TSEG_{BASE,MASK} (the former also gets read by Linux, dealing with which was already the subject of 6eef0a99262c ["x86/PV: conditionally avoid raising #GP for early guest MSR reads"]). As a welcome side effect, verbosity on/of debug builds gets (perhaps significantly) reduced. Note that at least as far as those MSR accesses by Linux are concerned, there's no similar issue for DomU-s, as the accesses sit behind PCI device matching logic. The checked for devices would never be exposed to DomU-s in the first place. Nevertheless I think that at least for HVM we should return sensible values, not 0 (as svm_msr_read_intercept() does right now). The intended values may, however, need to be determined by hvmloader, and then get made known to Xen. Fixes: 322ec7c89f66 ("x86/pv: disallow access to unknown MSRs") Reported-by: Olaf Hering Signed-off-by: Jan Beulich x86/AMD: adjust SYSCFG, TOM, etc exposure to deal with running nested In the original change I neglected to consider the case of us running as L1 under another Xen. In this case we're not Dom0, so the underlying Xen wouldn't permit us access to these MSRs. As an immediate workaround use rdmsr_safe(); I don't view this as the final solution though, as the original problem the earlier change tried to address also applies when running nested. Yet it is then unclear to me how to properly address the issue: We shouldn't generally expose the MSR values, but handing back zero (or effectively any other static value) doesn't look appropriate either. Fixes: bfcdaae9c210 ("x86/AMD: expose SYSCFG, TOM, TOM2, and IORRs to Dom0") Signed-off-by: Jan Beulich Reviewed-by: Julien Grall master commit: bfcdaae9c210bd7984d7691285aaf43deb1b0604 master date: 2021-07-09 08:28:14 +0200 master commit: 471383ddd1843700fdd7d74242ba0e5f314dc678 master date: 2021-07-19 12:28:50 +0200 --- xen/arch/x86/cpu/amd.c | 4 ++-- xen/arch/x86/cpu/mtrr/generic.c | 2 +- xen/arch/x86/msr.c | 20 ++++++++++++++++++++ xen/arch/x86/x86_64/mmconf-fam10h.c | 2 +- xen/include/asm-x86/msr-index.h | 20 +++++++++++++++----- 5 files changed, 39 insertions(+), 9 deletions(-) diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index 8bc51bec10..db6916c1fd 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -468,14 +468,14 @@ static void check_syscfg_dram_mod_en(void) return; rdmsrl(MSR_K8_SYSCFG, syscfg); - if (!(syscfg & K8_MTRRFIXRANGE_DRAM_MODIFY)) + if (!(syscfg & SYSCFG_MTRR_FIX_DRAM_MOD_EN)) return; if (!test_and_set_bool(printed)) printk(KERN_ERR "MTRR: SYSCFG[MtrrFixDramModEn] not " "cleared by BIOS, clearing this bit\n"); - syscfg &= ~K8_MTRRFIXRANGE_DRAM_MODIFY; + syscfg &= ~SYSCFG_MTRR_FIX_DRAM_MOD_EN; wrmsrl(MSR_K8_SYSCFG, syscfg); } diff --git a/xen/arch/x86/cpu/mtrr/generic.c b/xen/arch/x86/cpu/mtrr/generic.c index 06fa0c0420..883e3398ff 100644 --- a/xen/arch/x86/cpu/mtrr/generic.c +++ b/xen/arch/x86/cpu/mtrr/generic.c @@ -224,7 +224,7 @@ static void __init print_mtrr_state(const char *level) uint64_t syscfg, tom2; rdmsrl(MSR_K8_SYSCFG, syscfg); - if (syscfg & (1 << 21)) { + if (syscfg & SYSCFG_MTRR_TOM2_EN) { rdmsrl(MSR_K8_TOP_MEM2, tom2); printk("%sTOM2: %012"PRIx64"%s\n", level, tom2, syscfg & (1 << 22) ? " (WB)" : ""); diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index 374f92b2c5..75b89777a2 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -339,6 +339,26 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) *val = msrs->tsc_aux; break; + case MSR_K8_SYSCFG: + case MSR_K8_TOP_MEM1: + case MSR_K8_TOP_MEM2: + case MSR_K8_IORR_BASE0: + case MSR_K8_IORR_MASK0: + case MSR_K8_IORR_BASE1: + case MSR_K8_IORR_MASK1: + case MSR_K8_TSEG_BASE: + case MSR_K8_TSEG_MASK: + if ( !(cp->x86_vendor & (X86_VENDOR_AMD | X86_VENDOR_HYGON)) ) + goto gp_fault; + if ( !is_hardware_domain(d) ) + return X86EMUL_UNHANDLEABLE; + if ( rdmsr_safe(msr, *val) ) + goto gp_fault; + if ( msr == MSR_K8_SYSCFG ) + *val &= (SYSCFG_TOM2_FORCE_WB | SYSCFG_MTRR_TOM2_EN | + SYSCFG_MTRR_VAR_DRAM_EN | SYSCFG_MTRR_FIX_DRAM_EN); + break; + case MSR_K8_HWCR: if ( !(cp->x86_vendor & (X86_VENDOR_AMD | X86_VENDOR_HYGON)) ) goto gp_fault; diff --git a/xen/arch/x86/x86_64/mmconf-fam10h.c b/xen/arch/x86/x86_64/mmconf-fam10h.c index 3b57d2b5ca..a834ab3149 100644 --- a/xen/arch/x86/x86_64/mmconf-fam10h.c +++ b/xen/arch/x86/x86_64/mmconf-fam10h.c @@ -69,7 +69,7 @@ static void __init get_fam10h_pci_mmconf_base(void) rdmsrl(address, val); /* TOP_MEM2 is not enabled? */ - if (!(val & (1<<21))) { + if (!(val & SYSCFG_MTRR_TOM2_EN)) { tom2 = 1ULL << 32; } else { /* TOP_MEM2 */ diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index 9a772c12b8..7e38c257d8 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -118,6 +118,21 @@ #define PASID_PASID_MASK 0x000fffff #define PASID_VALID (_AC(1, ULL) << 31) +#define MSR_K8_SYSCFG 0xc0010010 +#define SYSCFG_MTRR_FIX_DRAM_EN (_AC(1, ULL) << 18) +#define SYSCFG_MTRR_FIX_DRAM_MOD_EN (_AC(1, ULL) << 19) +#define SYSCFG_MTRR_VAR_DRAM_EN (_AC(1, ULL) << 20) +#define SYSCFG_MTRR_TOM2_EN (_AC(1, ULL) << 21) +#define SYSCFG_TOM2_FORCE_WB (_AC(1, ULL) << 22) + +#define MSR_K8_IORR_BASE0 0xc0010016 +#define MSR_K8_IORR_MASK0 0xc0010017 +#define MSR_K8_IORR_BASE1 0xc0010018 +#define MSR_K8_IORR_MASK1 0xc0010019 + +#define MSR_K8_TSEG_BASE 0xc0010112 /* AMD doc: SMMAddr */ +#define MSR_K8_TSEG_MASK 0xc0010113 /* AMD doc: SMMMask */ + #define MSR_K8_VM_CR 0xc0010114 #define VM_CR_INIT_REDIRECTION (_AC(1, ULL) << 1) #define VM_CR_SVM_DISABLE (_AC(1, ULL) << 4) @@ -281,11 +296,6 @@ #define MSR_K8_TOP_MEM1 0xc001001a #define MSR_K7_CLK_CTL 0xc001001b #define MSR_K8_TOP_MEM2 0xc001001d -#define MSR_K8_SYSCFG 0xc0010010 - -#define K8_MTRRFIXRANGE_DRAM_ENABLE 0x00040000 /* MtrrFixDramEn bit */ -#define K8_MTRRFIXRANGE_DRAM_MODIFY 0x00080000 /* MtrrFixDramModEn bit */ -#define K8_MTRR_RDMEM_WRMEM_MASK 0x18181818 /* Mask: RdMem|WrMem */ #define MSR_K7_HWCR 0xc0010015 #define MSR_K8_HWCR 0xc0010015 -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 12:57:39 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 12:57:39 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172212.314090 (Exim 4.92) (envelope-from ) id 1mIsTL-00066p-Ba; Wed, 25 Aug 2021 12:57:39 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172212.314090; Wed, 25 Aug 2021 12:57:39 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsTL-00066h-8g; Wed, 25 Aug 2021 12:57:39 +0000 Received: by outflank-mailman (input) for mailman id 172212; Wed, 25 Aug 2021 12:57:38 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsTK-00066a-Pb for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:57:38 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsTK-0004bZ-Op for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:57:38 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIsTK-0006ZW-NR for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:57:38 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=J2UEmwTcy1rvkEE+TFs6vmhdl1mHPI1zcmhqy0Olisg=; b=YfY6oXjtCnsnAy1IivA7BynLym PusX0ZIMdnRyKrQnqcBU1La97Q0CJgXu8fgvrgvDC8h91CdP9eJIJ2AyxaWSN0k20l+Gk1vdPY0Eh iqSvE1/yxPGq9aAuwhVKDgODqxa6KkKKI2KJ3e+Fb04t8n//Vp3Q3rf8tZLW9FezdVzU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/hvm: Propagate real error information up through hvm_load() Message-Id: Date: Wed, 25 Aug 2021 12:57:38 +0000 commit 2a4ca6dda164e3d70ec88cb1a234bab5bff242c2 Author: Andrew Cooper AuthorDate: Wed Aug 25 14:49:29 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:49:29 2021 +0200 x86/hvm: Propagate real error information up through hvm_load() hvm_load() is currently a mix of -errno and -1 style error handling, which aliases -EPERM. This leads to the following confusing diagnostics: From userspace: xc: info: Restoring domain xc: error: Unable to restore HVM context (1 = Operation not permitted): Internal error xc: error: Restore failed (1 = Operation not permitted): Internal error xc_domain_restore: [1] Restore failed (1 = Operation not permitted) From Xen: (XEN) HVM10.0 restore: inconsistent xsave state (feat=0x2ff accum=0x21f xcr0=0x7 bv=0x3 err=-22) (XEN) HVM10 restore: failed to load entry 16/0 The actual error was a bad backport, but the -EINVAL got converted to -EPERM on the way out of the hypercall. The overwhelming majority of *_load() handlers already use -errno consistenty. Fix up the rest to be consistent, and fix a few other errors noticed along the way. * Failures of hvm_load_entry() indicate a truncated record or other bad data size. Use -ENODATA. * Don't use {g,}dprintk(). Omitting diagnostics in release builds is rude, and almost everything uses unconditional printk()'s. * Switch some errors for more appropriate ones. Reported-by: Igor Druzhinin Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich master commit: 96e5ad4c476e70688295b3cfb537847a3351d6fd master date: 2021-07-19 14:34:38 +0100 --- xen/arch/x86/cpu/mcheck/vmce.c | 6 +++--- xen/arch/x86/emul-i8254.c | 9 +++++---- xen/arch/x86/hvm/irq.c | 6 +++--- xen/arch/x86/hvm/save.c | 25 ++++++++++++++----------- xen/arch/x86/hvm/vioapic.c | 5 ++++- xen/arch/x86/hvm/vpic.c | 2 +- 6 files changed, 30 insertions(+), 23 deletions(-) diff --git a/xen/arch/x86/cpu/mcheck/vmce.c b/xen/arch/x86/cpu/mcheck/vmce.c index b1df9e9efd..eb6434a3ba 100644 --- a/xen/arch/x86/cpu/mcheck/vmce.c +++ b/xen/arch/x86/cpu/mcheck/vmce.c @@ -82,11 +82,11 @@ int vmce_restore_vcpu(struct vcpu *v, const struct hvm_vmce_vcpu *ctxt) if ( ctxt->caps & ~guest_mcg_cap & ~MCG_CAP_COUNT & ~MCG_CTL_P ) { - dprintk(XENLOG_G_ERR, "%s restore: unsupported MCA capabilities" - " %#" PRIx64 " for %pv (supported: %#Lx)\n", + printk(XENLOG_G_ERR + "%s restore: unsupported MCA capabilities %#"PRIx64" for %pv (supported: %#Lx)\n", is_hvm_vcpu(v) ? "HVM" : "PV", ctxt->caps, v, guest_mcg_cap & ~MCG_CAP_COUNT); - return -EPERM; + return -EINVAL; } v->arch.vmce.mcg_cap = ctxt->caps; diff --git a/xen/arch/x86/emul-i8254.c b/xen/arch/x86/emul-i8254.c index 73be4188ad..050c784702 100644 --- a/xen/arch/x86/emul-i8254.c +++ b/xen/arch/x86/emul-i8254.c @@ -412,7 +412,7 @@ static int pit_save(struct vcpu *v, hvm_domain_context_t *h) static int pit_load(struct domain *d, hvm_domain_context_t *h) { PITState *pit = domain_vpit(d); - int i; + int i, rc = 0; if ( !has_vpit(d) ) return -ENODEV; @@ -421,8 +421,8 @@ static int pit_load(struct domain *d, hvm_domain_context_t *h) if ( hvm_load_entry(PIT, h, &pit->hw) ) { - spin_unlock(&pit->lock); - return 1; + rc = -ENODATA; + goto out; } /* @@ -434,9 +434,10 @@ static int pit_load(struct domain *d, hvm_domain_context_t *h) for ( i = 0; i < 3; i++ ) pit_load_count(pit, i, pit->hw.channels[i].count); + out: spin_unlock(&pit->lock); - return 0; + return rc; } HVM_REGISTER_SAVE_RESTORE(PIT, pit_save, pit_load, 1, HVMSR_PER_DOM); diff --git a/xen/arch/x86/hvm/irq.c b/xen/arch/x86/hvm/irq.c index 38ac5fb6c7..52aae4565f 100644 --- a/xen/arch/x86/hvm/irq.c +++ b/xen/arch/x86/hvm/irq.c @@ -773,9 +773,9 @@ static int irq_load_link(struct domain *d, hvm_domain_context_t *h) for ( link = 0; link < 4; link++ ) if ( hvm_irq->pci_link.route[link] > 15 ) { - gdprintk(XENLOG_ERR, - "HVM restore: PCI-ISA link %u out of range (%u)\n", - link, hvm_irq->pci_link.route[link]); + printk(XENLOG_G_ERR + "HVM restore: PCI-ISA link %u out of range (%u)\n", + link, hvm_irq->pci_link.route[link]); return -EINVAL; } diff --git a/xen/arch/x86/hvm/save.c b/xen/arch/x86/hvm/save.c index 584620985b..86c82cbd74 100644 --- a/xen/arch/x86/hvm/save.c +++ b/xen/arch/x86/hvm/save.c @@ -51,14 +51,14 @@ int arch_hvm_load(struct domain *d, struct hvm_save_header *hdr) { printk(XENLOG_G_ERR "HVM%d restore: bad magic number %#"PRIx32"\n", d->domain_id, hdr->magic); - return -1; + return -EINVAL; } if ( hdr->version != HVM_FILE_VERSION ) { printk(XENLOG_G_ERR "HVM%d restore: unsupported version %u\n", d->domain_id, hdr->version); - return -1; + return -EINVAL; } cpuid(1, &eax, &ebx, &ecx, &edx); @@ -294,16 +294,18 @@ int hvm_load(struct domain *d, hvm_domain_context_t *h) struct hvm_save_descriptor *desc; hvm_load_handler handler; struct vcpu *v; + int rc; if ( d->is_dying ) return -EINVAL; /* Read the save header, which must be first */ if ( hvm_load_entry(HEADER, h, &hdr) != 0 ) - return -1; + return -ENODATA; - if ( arch_hvm_load(d, &hdr) ) - return -1; + rc = arch_hvm_load(d, &hdr); + if ( rc ) + return rc; /* Down all the vcpus: we only re-enable the ones that had state saved. */ for_each_vcpu(d, v) @@ -318,7 +320,7 @@ int hvm_load(struct domain *d, hvm_domain_context_t *h) printk(XENLOG_G_ERR "HVM%d restore: save did not end with a null entry\n", d->domain_id); - return -1; + return -ENODATA; } /* Read the typecode of the next entry and check for the end-marker */ @@ -332,17 +334,18 @@ int hvm_load(struct domain *d, hvm_domain_context_t *h) { printk(XENLOG_G_ERR "HVM%d restore: unknown entry typecode %u\n", d->domain_id, desc->typecode); - return -1; + return -EINVAL; } /* Load the entry */ printk(XENLOG_G_INFO "HVM%d restore: %s %"PRIu16"\n", d->domain_id, hvm_sr_handlers[desc->typecode].name, desc->instance); - if ( handler(d, h) != 0 ) + rc = handler(d, h); + if ( rc ) { - printk(XENLOG_G_ERR "HVM%d restore: failed to load entry %u/%u\n", - d->domain_id, desc->typecode, desc->instance); - return -1; + printk(XENLOG_G_ERR "HVM%d restore: failed to load entry %u/%u rc %d\n", + d->domain_id, desc->typecode, desc->instance, rc); + return rc; } process_pending_softirqs(); } diff --git a/xen/arch/x86/hvm/vioapic.c b/xen/arch/x86/hvm/vioapic.c index 804bc77279..d090fd729c 100644 --- a/xen/arch/x86/hvm/vioapic.c +++ b/xen/arch/x86/hvm/vioapic.c @@ -601,7 +601,10 @@ static int ioapic_load(struct domain *d, hvm_domain_context_t *h) d->arch.hvm.nr_vioapics != 1 ) return -EOPNOTSUPP; - return hvm_load_entry(IOAPIC, h, &s->domU); + if ( hvm_load_entry(IOAPIC, h, &s->domU) ) + return -ENODATA; + + return 0; } HVM_REGISTER_SAVE_RESTORE(IOAPIC, ioapic_save, ioapic_load, 1, HVMSR_PER_DOM); diff --git a/xen/arch/x86/hvm/vpic.c b/xen/arch/x86/hvm/vpic.c index c1c1de7fd0..01cb7f668f 100644 --- a/xen/arch/x86/hvm/vpic.c +++ b/xen/arch/x86/hvm/vpic.c @@ -403,7 +403,7 @@ static int vpic_load(struct domain *d, hvm_domain_context_t *h) /* Which PIC is this? */ if ( inst > 1 ) - return -EINVAL; + return -ENOENT; s = &d->arch.hvm.vpic[inst]; /* Load the state */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 12:57:49 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 12:57:49 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172213.314094 (Exim 4.92) (envelope-from ) id 1mIsTV-00069Y-D6; Wed, 25 Aug 2021 12:57:49 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172213.314094; Wed, 25 Aug 2021 12:57:49 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsTV-00069Q-AD; Wed, 25 Aug 2021 12:57:49 +0000 Received: by outflank-mailman (input) for mailman id 172213; Wed, 25 Aug 2021 12:57:48 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsTU-00069K-UL for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:57:48 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsTU-0004c4-Ta for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:57:48 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIsTU-0006ah-SQ for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:57:48 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=f3vp6wyHzKT53CKU0kTZl72hj0KVoUeYGydcgB+zxJY=; b=upPo4mKSmwh6kNY9ovviLaDJLv pi7AnB0IPhEApBEBPw0P6QPeoHVUSLrbLgjj2OzxGSpyYm7Kz7Re+2DBJRbUUEJTnZb6zwMVlAR6M vXBeYbiNdTSgdVctYQqnIpr4i3NmGt6zWivZ1hl5SrxebMKGHLcfRK3I584Q2NbrTG24=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] xen/lib: Fix strcmp() and strncmp() Message-Id: Date: Wed, 25 Aug 2021 12:57:48 +0000 commit 8c3a80b14e0056bcae7c691b71be370c39a32f47 Author: Jane Malalane AuthorDate: Wed Aug 25 14:49:47 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:49:47 2021 +0200 xen/lib: Fix strcmp() and strncmp() The C standard requires that each character be compared as unsigned char. Xen's current behaviour compares as signed char, which changes the answer when chars with a value greater than 0x7f are used. Suggested-by: Andrew Cooper Signed-off-by: Jane Malalane Reviewed-by: Ian Jackson master commit: 3747a2bb67daa5a8baeff6cda57dc98a5ef79c3e master date: 2021-07-30 10:52:46 +0100 --- xen/common/string.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/xen/common/string.c b/xen/common/string.c index af3d96ad0f..43624b1b45 100644 --- a/xen/common/string.c +++ b/xen/common/string.c @@ -119,14 +119,16 @@ EXPORT_SYMBOL(strlcat); */ int (strcmp)(const char *cs, const char *ct) { - register signed char __res; + unsigned char *csu = (unsigned char *)cs; + unsigned char *ctu = (unsigned char *)ct; + int res; while (1) { - if ((__res = *cs - *ct++) != 0 || !*cs++) + if ((res = *csu - *ctu++) != 0 || !*csu++) break; } - return __res; + return res; } #endif @@ -139,15 +141,17 @@ int (strcmp)(const char *cs, const char *ct) */ int (strncmp)(const char *cs, const char *ct, size_t count) { - register signed char __res = 0; + unsigned char *csu = (unsigned char *)cs; + unsigned char *ctu = (unsigned char *)ct; + int res = 0; while (count) { - if ((__res = *cs - *ct++) != 0 || !*cs++) + if ((res = *csu - *ctu++) != 0 || !*csu++) break; count--; } - return __res; + return res; } #endif -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 12:58:00 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 12:58:00 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172214.314098 (Exim 4.92) (envelope-from ) id 1mIsTg-0006Cm-Eq; Wed, 25 Aug 2021 12:58:00 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172214.314098; Wed, 25 Aug 2021 12:58:00 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsTg-0006Cd-Bq; Wed, 25 Aug 2021 12:58:00 +0000 Received: by outflank-mailman (input) for mailman id 172214; Wed, 25 Aug 2021 12:57:59 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsTf-0006CS-2D for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:57:59 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsTf-0004cY-1S for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:57:59 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIsTf-0006dZ-0U for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:57:59 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=N20m++L8VL7rhHpTpdqr6MaD6HGydH80S4/1pk9Qyqc=; b=hmqisVy+maydn/sV0S6SVfoUz0 CFAlsrI1sUZZ9wS5+BU1cEYYueQRa9R32MeBSEu/SeeHL6GsSSCtJssPYcldQiG+bYojXBTNkUzh4 guAC032YkW+2jdeN73dcov3Avj0KeYMsNcIqowBg4JRKmI9L08tWUGtMp2oXr1fr0NM0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] credit2: avoid picking a spurious idle unit when caps are used Message-Id: Date: Wed, 25 Aug 2021 12:57:59 +0000 commit b11a694067a993f5fa57012922fd04f2a489e233 Author: Dario Faggioli AuthorDate: Wed Aug 25 14:50:00 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:50:00 2021 +0200 credit2: avoid picking a spurious idle unit when caps are used Commit 07b0eb5d0ef0 ("credit2: make sure we pick a runnable unit from the runq if there is one") did not fix completely the problem of potentially selecting a scheduling unit that will then not be able to run. In fact, in case caps are used and the unit we are currently looking at, during the runqueue scan, does not have enough budget for being run, we should continue looking instead than giving up and picking the idle unit. Suggested-by: George Dunlap Signed-off-by: Dario Faggioli Reviewed-by: Jan Beulich master commit: 0f742839ae57e10687e7a573070c37430f31068c master date: 2021-08-10 09:29:10 +0200 --- xen/common/sched/credit2.c | 32 +++++++++++++++++++++++++------- 1 file changed, 25 insertions(+), 7 deletions(-) diff --git a/xen/common/sched/credit2.c b/xen/common/sched/credit2.c index ebb09ea43a..6396b38e04 100644 --- a/xen/common/sched/credit2.c +++ b/xen/common/sched/credit2.c @@ -3463,6 +3463,15 @@ runq_candidate(struct csched2_runqueue_data *rqd, (unsigned char *)&d); } + /* + * If the unit in the runqueue has more credits than current (or than + * idle, if current is not runnable) or if current is yielding, we may + * want to pick it up. Otherwise, there's no need to keep scanning the + * runqueue any further. + */ + if ( !yield && svc->credit <= snext->credit ) + break; + /* Skip non runnable units that we (temporarily) have in the runq */ if ( unlikely(!unit_runnable_state(svc->unit)) ) continue; @@ -3494,16 +3503,25 @@ runq_candidate(struct csched2_runqueue_data *rqd, } /* - * If the one in the runqueue has more credit than current (or idle, - * if current is not runnable), or if current is yielding, and also - * if the one in runqueue either is not capped, or is capped but has - * some budget, then choose it. + * If we are here, we are almost sure we want to pick the unit in + * the runqueue. Last thing we need to check is that it either is + * not capped or, if it is, it has some budget. + * + * Note that budget availability must be the very last check that + * we do in this loop, due to the side effects that unit_grab_budget() + * causes. + * + * In fact, if there is budget available in the unit's domain's + * budget pool, the function will pick some for running this unit. + * And we clearly want to do that only if we're otherwise sure that + * the unit will actually run, consume it, and return the leftover + * (if any) in the usual way. */ - if ( (yield || svc->credit > snext->credit) && - (!has_cap(svc) || unit_grab_budget(svc)) ) - snext = svc; + if ( has_cap(svc) && !unit_grab_budget(svc) ) + continue; /* In any case, if we got this far, break. */ + snext = svc; break; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 12:58:10 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 12:58:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172215.314104 (Exim 4.92) (envelope-from ) id 1mIsTq-0006G2-IC; Wed, 25 Aug 2021 12:58:10 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172215.314104; Wed, 25 Aug 2021 12:58:10 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsTq-0006Fq-Ed; Wed, 25 Aug 2021 12:58:10 +0000 Received: by outflank-mailman (input) for mailman id 172215; Wed, 25 Aug 2021 12:58:09 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsTp-0006Fg-5t for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:58:09 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsTp-0004da-5E for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:58:09 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIsTp-0006fH-4S for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:58:09 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=HQm/mMeRnWMM3ertK4xTkdrZm/TTVR0/j3yiJ6UP0Yk=; b=FHNm9GjnPBQehyxrMZtKq1VAHK ptOVvdJq1ML1ZFKA98SpYlCT4mJo9N2YNsPGllhVXLblTnQmWXTibk9GumgR7JQ7EGshfrBagRFev QScaQ+Hqg9ll+yklB9Ci+s4stP7i9Jm0MBNriw0XFBxac45QNuEwz5CzW1N7jDERA/II=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/cet: Fix shskt manipulation error with BUGFRAME_{warn,run_fn} Message-Id: Date: Wed, 25 Aug 2021 12:58:09 +0000 commit 45cf6ad5e5606eb33e041dc93625b3bf8f346793 Author: Andrew Cooper AuthorDate: Wed Aug 25 14:50:16 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:50:16 2021 +0200 x86/cet: Fix shskt manipulation error with BUGFRAME_{warn,run_fn} This was a clear oversight in the original CET work. The BUGFRAME_run_fn and BUGFRAME_warn paths update regs->rip without an equivalent adjustment to the shadow stack, causing IRET to suffer #CP because of the mismatch. One subtle, and therefore fragile, aspect of extable_shstk_fixup() was that it required regs->rip to have its old value as a cross-check that the right word in the shadow stack was being edited. Rework extable_shstk_fixup() into fixup_exception_return() which takes ownership of the update to both the regular and shadow stacks, ensuring that the regs->rip update is ordered correctly. Use the new fixup_exception_return() for BUGFRAME_run_fn and BUGFRAME_warn to ensure that the shadow stack is updated too. Fixes: 209fb9919b50 ("x86/extable: Adjust extable handling to be shadow stack compatible") Reported-by: Marek Marczykowski-Górecki Signed-off-by: Andrew Cooper Tested-by: Marek Marczykowski-Górecki Reviewed-by: Jan Beulich x86/cet: Fix build on newer versions of GCC Some versions of GCC complain with: traps.c:405:22: error: 'get_shstk_bottom' defined but not used [-Werror=unused-function] static unsigned long get_shstk_bottom(unsigned long sp) ^~~~~~~~~~~~~~~~ cc1: all warnings being treated as errors Change #ifdef to if ( IS_ENABLED(...) ) to make the sole user of get_shstk_bottom() visible to the compiler. Fixes: 35727551c070 ("x86/cet: Fix shskt manipulation error with BUGFRAME_{warn,run_fn}") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich Compile-tested-by: Jan Beulich Tested-by: Marek Marczykowski-Górecki master commit: 35727551c0703493a2240e967cffc3063b13d49c master date: 2021-08-16 16:03:20 +0100 master commit: 54c9736382e0d558a6acd820e44185e020131c48 master date: 2021-08-17 12:55:48 +0100 --- xen/arch/x86/traps.c | 96 ++++++++++++++++++++++++++++------------------------ 1 file changed, 51 insertions(+), 45 deletions(-) diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index 3c2e563cce..939c91a0ca 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -777,53 +777,62 @@ static void do_reserved_trap(struct cpu_user_regs *regs) trapnr, vec_name(trapnr), regs->error_code); } -static void extable_shstk_fixup(struct cpu_user_regs *regs, unsigned long fixup) +static void fixup_exception_return(struct cpu_user_regs *regs, + unsigned long fixup) { - unsigned long ssp, *ptr, *base; + if ( IS_ENABLED(CONFIG_XEN_SHSTK) ) + { + unsigned long ssp, *ptr, *base; - asm ( "rdsspq %0" : "=r" (ssp) : "0" (1) ); - if ( ssp == 1 ) - return; + asm ( "rdsspq %0" : "=r" (ssp) : "0" (1) ); + if ( ssp == 1 ) + goto shstk_done; - ptr = _p(ssp); - base = _p(get_shstk_bottom(ssp)); + ptr = _p(ssp); + base = _p(get_shstk_bottom(ssp)); - for ( ; ptr < base; ++ptr ) - { - /* - * Search for %rip. The shstk currently looks like this: - * - * ... [Likely pointed to by SSP] - * %cs [== regs->cs] - * %rip [== regs->rip] - * SSP [Likely points to 3 slots higher, above %cs] - * ... [call tree to this function, likely 2/3 slots] - * - * and we want to overwrite %rip with fixup. There are two - * complications: - * 1) We cant depend on SSP values, because they won't differ by 3 - * slots if the exception is taken on an IST stack. - * 2) There are synthetic (unrealistic but not impossible) scenarios - * where %rip can end up in the call tree to this function, so we - * can't check against regs->rip alone. - * - * Check for both regs->rip and regs->cs matching. - */ - if ( ptr[0] == regs->rip && ptr[1] == regs->cs ) + for ( ; ptr < base; ++ptr ) { - asm ( "wrssq %[fix], %[stk]" - : [stk] "=m" (ptr[0]) - : [fix] "r" (fixup) ); - return; + /* + * Search for %rip. The shstk currently looks like this: + * + * ... [Likely pointed to by SSP] + * %cs [== regs->cs] + * %rip [== regs->rip] + * SSP [Likely points to 3 slots higher, above %cs] + * ... [call tree to this function, likely 2/3 slots] + * + * and we want to overwrite %rip with fixup. There are two + * complications: + * 1) We cant depend on SSP values, because they won't differ by + * 3 slots if the exception is taken on an IST stack. + * 2) There are synthetic (unrealistic but not impossible) + * scenarios where %rip can end up in the call tree to this + * function, so we can't check against regs->rip alone. + * + * Check for both regs->rip and regs->cs matching. + */ + if ( ptr[0] == regs->rip && ptr[1] == regs->cs ) + { + asm ( "wrssq %[fix], %[stk]" + : [stk] "=m" (ptr[0]) + : [fix] "r" (fixup) ); + goto shstk_done; + } } + + /* + * We failed to locate and fix up the shadow IRET frame. This could + * be due to shadow stack corruption, or bad logic above. We cannot + * continue executing the interrupted context. + */ + BUG(); + } + shstk_done: - /* - * We failed to locate and fix up the shadow IRET frame. This could be - * due to shadow stack corruption, or bad logic above. We cannot continue - * executing the interrupted context. - */ - BUG(); + /* Fixup the regular stack. */ + regs->rip = fixup; } static bool extable_fixup(struct cpu_user_regs *regs, bool print) @@ -842,10 +851,7 @@ static bool extable_fixup(struct cpu_user_regs *regs, bool print) vec_name(regs->entry_vector), regs->error_code, _p(regs->rip), _p(regs->rip), _p(fixup)); - if ( IS_ENABLED(CONFIG_XEN_SHSTK) ) - extable_shstk_fixup(regs, fixup); - - regs->rip = fixup; + fixup_exception_return(regs, fixup); this_cpu(last_extable_addr) = regs->rip; return true; @@ -1136,7 +1142,7 @@ void do_invalid_op(struct cpu_user_regs *regs) void (*fn)(struct cpu_user_regs *) = bug_ptr(bug); fn(regs); - regs->rip = (unsigned long)eip; + fixup_exception_return(regs, (unsigned long)eip); return; } @@ -1157,7 +1163,7 @@ void do_invalid_op(struct cpu_user_regs *regs) case BUGFRAME_warn: printk("Xen WARN at %s%s:%d\n", prefix, filename, lineno); show_execution_state(regs); - regs->rip = (unsigned long)eip; + fixup_exception_return(regs, (unsigned long)eip); return; case BUGFRAME_bug: -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 12:58:20 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 12:58:20 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172216.314106 (Exim 4.92) (envelope-from ) id 1mIsU0-0006It-JL; Wed, 25 Aug 2021 12:58:20 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172216.314106; Wed, 25 Aug 2021 12:58:20 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsU0-0006Ik-GA; Wed, 25 Aug 2021 12:58:20 +0000 Received: by outflank-mailman (input) for mailman id 172216; Wed, 25 Aug 2021 12:58:19 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsTz-0006IW-97 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:58:19 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsTz-0004e5-8S for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:58:19 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIsTz-0006gb-7n for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:58:19 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=sxN1Kr7eA0XPmny+gX2W/bNJIG6rndKZUwam8rJJerk=; b=RPe5zyqgvtBKdfVcu0qvYkEghe WRRO7JZWxUgORtfXPJh7RkYA3y8NLI/HwKIMFJhvto1LDXYXwXNvrMyPHtHYS8125DymhYwBKK1Oe XOToTxfvpT0aawnYDV+T13Iiub85GpmvSUEwGvD+5Q4MxhWy8pOjAzPnpjDIf+ZrfSdQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] VT-d: Tylersburg errata apply to further steppings Message-Id: Date: Wed, 25 Aug 2021 12:58:19 +0000 commit 9e027b88d91cd64d70da3c1ea07a88c4b460cfbf Author: Jan Beulich AuthorDate: Wed Aug 25 14:50:30 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:50:30 2021 +0200 VT-d: Tylersburg errata apply to further steppings While for 5500 and 5520 chipsets only B3 and C2 are mentioned in the spec update, X58's also mentions B2, and searching the internet suggests systems with this stepping are actually in use. Even worse, for X58 erratum #69 is marked applicable even to C2. Split the check to cover all applicable steppings and to also report applicable errata numbers in the log message. The splitting requires using the DMI port instead of the System Management Registers device, but that's then in line (also revision checking wise) with the spec updates. Fixes: 6890cebc6a98 ("VT-d: deal with 5500/5520/X58 errata") Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian master commit: 517a90d1ca09ce00e50d46ac25566cc3bd2eb34d master date: 2021-08-18 09:44:14 +0200 --- xen/drivers/passthrough/vtd/quirks.c | 34 +++++++++++++++++++++++++--------- 1 file changed, 25 insertions(+), 9 deletions(-) diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c index 8a81d9c930..2ad76a0ae7 100644 --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -268,26 +268,42 @@ static int __init parse_snb_timeout(const char *s) } custom_param("snb_igd_quirk", parse_snb_timeout); -/* 5500/5520/X58 Chipset Interrupt remapping errata, for stepping B-3. - * Fixed in stepping C-2. */ +/* + * 5500/5520/X58 chipset interrupt remapping errata, for steppings B2 and B3. + * Fixed in stepping C2 except on X58. + */ static void __init tylersburg_intremap_quirk(void) { - uint32_t bus, device; + unsigned int bus; uint8_t rev; for ( bus = 0; bus < 0x100; bus++ ) { - /* Match on System Management Registers on Device 20 Function 0 */ - device = pci_conf_read32(PCI_SBDF(0, bus, 20, 0), PCI_VENDOR_ID); - rev = pci_conf_read8(PCI_SBDF(0, bus, 20, 0), PCI_REVISION_ID); + /* Match on DMI port (Device 0 Function 0) */ + rev = pci_conf_read8(PCI_SBDF(0, bus, 0, 0), PCI_REVISION_ID); - if ( rev == 0x13 && device == 0x342e8086 ) + switch ( pci_conf_read32(PCI_SBDF(0, bus, 0, 0), PCI_VENDOR_ID) ) { + default: + continue; + + case 0x34038086: case 0x34068086: + if ( rev >= 0x22 ) + continue; + printk(XENLOG_WARNING VTDPREFIX + "Disabling IOMMU due to Intel 5500/5520 chipset errata #47 and #53\n"); + iommu_enable = false; + break; + + case 0x34058086: printk(XENLOG_WARNING VTDPREFIX - "Disabling IOMMU due to Intel 5500/5520/X58 Chipset errata #47, #53\n"); - iommu_enable = 0; + "Disabling IOMMU due to Intel X58 chipset %s\n", + rev < 0x22 ? "errata #62 and #69" : "erratum #69"); + iommu_enable = false; break; } + + break; } } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 12:58:30 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 12:58:30 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172217.314110 (Exim 4.92) (envelope-from ) id 1mIsUA-0006Ly-Kn; Wed, 25 Aug 2021 12:58:30 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172217.314110; Wed, 25 Aug 2021 12:58:30 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsUA-0006Lq-Hp; Wed, 25 Aug 2021 12:58:30 +0000 Received: by outflank-mailman (input) for mailman id 172217; Wed, 25 Aug 2021 12:58:29 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsU9-0006Lg-CJ for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:58:29 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsU9-0004ea-Bf for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:58:29 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIsU9-0006hl-B0 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:58:29 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=qGEAOmuKX99ELJoYhvqOcPhoOUvN48BkWRk5YYFhWEs=; b=YxeLlVkYNqMa9MB57Gumb84OtW I8pxwapRCiGEjgTB9KSFE6Lo/PmmUQfcfbpclLLAucR0vx/mkEDZ1770lfoaFlfjcDv2tikVEclXZ NwVkmqdJyWJrdpApt8xwuE64/u+cePn+Sw/oI6SRftLhMJi5lLXuZQZbGy0mpw5eIW9I=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] xen/sched: fix get_cpu_idle_time() for smt=0 suspend/resume Message-Id: Date: Wed, 25 Aug 2021 12:58:29 +0000 commit b654bb2ed2f35339ab03966e5dd64cf341cec8b1 Author: Juergen Gross AuthorDate: Wed Aug 25 14:50:43 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:50:43 2021 +0200 xen/sched: fix get_cpu_idle_time() for smt=0 suspend/resume With smt=0 during a suspend/resume cycle of the machine the threads which have been parked before will briefly come up again. This can result in problems e.g. with cpufreq driver being active as this will call into get_cpu_idle_time() for a cpu without initialized scheduler data. Fix that by letting get_cpu_idle_time() deal with this case. Drop a redundant check in exchange. Fixes: 132cbe8f35632fb2 ("sched: fix get_cpu_idle_time() with core scheduling") Reported-by: Marek Marczykowski-Górecki Signed-off-by: Juergen Gross Tested-by: Marek Marczykowski-Górecki Reviewed-by: Jan Beulich Acked-by: Dario Faggioli master commit: 5293470a77ad980dce2af9b7e6c3f11eeebf1b64 master date: 2021-08-19 13:38:31 +0200 --- xen/common/sched/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/common/sched/core.c b/xen/common/sched/core.c index 6d34764d38..8d178baf3d 100644 --- a/xen/common/sched/core.c +++ b/xen/common/sched/core.c @@ -337,7 +337,7 @@ uint64_t get_cpu_idle_time(unsigned int cpu) struct vcpu_runstate_info state = { 0 }; const struct vcpu *v = idle_vcpu[cpu]; - if ( cpu_online(cpu) && v ) + if ( cpu_online(cpu) && get_sched_res(cpu) ) vcpu_runstate_get(v, &state); return state.time[RUNSTATE_running]; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 12:58:41 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 12:58:41 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172218.314114 (Exim 4.92) (envelope-from ) id 1mIsUK-0006Or-MR; Wed, 25 Aug 2021 12:58:40 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172218.314114; Wed, 25 Aug 2021 12:58:40 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsUK-0006Oj-JW; Wed, 25 Aug 2021 12:58:40 +0000 Received: by outflank-mailman (input) for mailman id 172218; Wed, 25 Aug 2021 12:58:39 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsUJ-0006OU-Fn for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:58:39 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsUJ-0004f4-F8 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:58:39 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIsUJ-0006jE-EG for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 12:58:39 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=vTIvShy6qpN5PUAMpd9OYPc/2jkEhTfYKVAuJlV5kao=; b=QpvGT57CXyuliH8MbyMbDqe/IS 9ThSTHTTYTG4jurmQ2PEds9jlmM9EKHudXGSYmuhWFcihO1vfA5hbJRLr6RBLedrhq0Uxd92xMa6Q Dx2JcL9vrtCXa45KJBptn8rIDXrK4cX7d48hioHq3sZpVuUAgdXVZczye8RojsCsjzI0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] AMD/IOMMU: don't leave page table mapped when unmapping ... Message-Id: Date: Wed, 25 Aug 2021 12:58:39 +0000 commit 96894c14ca582b2d6ef50428ef3a24a89104faab Author: Jan Beulich AuthorDate: Wed Aug 25 14:50:57 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:50:57 2021 +0200 AMD/IOMMU: don't leave page table mapped when unmapping ... ... an already not mapped page. With all other exit paths doing the unmap, I have no idea how I managed to miss that aspect at the time. Fixes: ad591454f069 ("AMD/IOMMU: don't needlessly trigger errors/crashes when unmapping a page") Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: 3cfec6a6aa7a7bf68f8e19e21f450c2febe9acb4 master date: 2021-08-20 12:30:35 +0200 --- xen/drivers/passthrough/amd/iommu_map.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 2e7916b1e6..fdfffe8f92 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -243,7 +243,10 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, else if ( !pde->pr ) { if ( !map ) + { + unmap_domain_page(next_table_vaddr); return 0; + } if ( next_table_mfn == 0 ) { -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:22:10 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:22:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172281.314218 (Exim 4.92) (envelope-from ) id 1mIsr0-0006OW-UC; Wed, 25 Aug 2021 13:22:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172281.314218; Wed, 25 Aug 2021 13:22:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsr0-0006OM-Q8; Wed, 25 Aug 2021 13:22:06 +0000 Received: by outflank-mailman (input) for mailman id 172281; Wed, 25 Aug 2021 13:22:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsqz-0006O0-F8 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:22:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsqz-0005dR-Cn for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:22:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIsqz-0001b5-Bk for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:22:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=uh2fy1cmlK3v7oGuA32fncB0rc/AiWdJ2P/VscvcVms=; b=UfxvZ2k48zpI7exs1L9178E7XG dQhE40AIzcaJridBmu5W3gLnGBjrbEiOorcdvJwtg3O8lUlzHLUBfwacgM8jguUr0CgRLv2qVopFg hWu5wBJvGElccB7V5NQbtCe209ZuD97J/cZgjqIs2YOPew5IgSNDJXdBuOBnIixDVqH8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86: work around build issue with GNU ld 2.37 Message-Id: Date: Wed, 25 Aug 2021 13:22:05 +0000 commit f7a973031675e0be4a31178bfae28ab4a305dbdf Author: Jan Beulich AuthorDate: Wed Aug 25 15:03:36 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:03:36 2021 +0200 x86: work around build issue with GNU ld 2.37 I suspect it is commit 40726f16a8d7 ("ld script expression parsing") which broke the hypervisor build, by no longer accepting section names with a dash in them inside ADDR() (and perhaps other script directives expecting just a section name, not an expression): .note.gnu.build-id is such a section. Quoting all section names passed to ADDR() via DECL_SECTION() works around the regression. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: 58ad654ebce7ccb272a3f4f3482c03aaad850d31 master date: 2021-07-27 15:03:29 +0100 --- xen/arch/x86/xen.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index 0273f79152..a02df18a25 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -18,7 +18,7 @@ ENTRY(efi_start) #else /* !EFI */ #define FORMAT "elf64-x86-64" -#define DECL_SECTION(x) x : AT(ADDR(x) - __XEN_VIRT_START) +#define DECL_SECTION(x) x : AT(ADDR(#x) - __XEN_VIRT_START) ENTRY(start_pa) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:22:17 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:22:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172282.314221 (Exim 4.92) (envelope-from ) id 1mIsrA-0006Uc-Ui; Wed, 25 Aug 2021 13:22:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172282.314221; Wed, 25 Aug 2021 13:22:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsrA-0006UT-Rb; Wed, 25 Aug 2021 13:22:16 +0000 Received: by outflank-mailman (input) for mailman id 172282; Wed, 25 Aug 2021 13:22:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsr9-0006U8-HD for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:22:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsr9-0005dp-GY for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:22:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIsr9-0001c4-FK for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:22:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Tg7AzLwQeuIFwWkhYNJmbX6s8KlbJ0nb4a8vVZnCFe4=; b=AYVY5X6WdP3zws8u1iW02fMqz4 HKUUDEhkwGETiCurpte+FCbAZ9oyYHsm1/BrSZMDHtbKYb3q+atXCqjhJOv1spZep9kR7dNSQKF0o lsQNbG/0KFpL6af3mhhpbDKnM7JeA1XdCycK78Q1lKb1JDGUKa1TMr6gFOKHyqly7lds=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] AMD/IOMMU: correct global exclusion range extending Message-Id: Date: Wed, 25 Aug 2021 13:22:15 +0000 commit 8da14912d229eeef969f0738ec98c61a29946d07 Author: Jan Beulich AuthorDate: Wed Aug 25 15:04:44 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:04:44 2021 +0200 AMD/IOMMU: correct global exclusion range extending Besides unity mapping regions, the AMD IOMMU spec also provides for exclusion ranges (areas of memory not to be subject to DMA translation) to be specified by firmware in the ACPI tables. The spec does not put any constraints on the number of such regions. Blindly assuming all addresses between any two such ranges should also be excluded can't be right. Since hardware has room for just a single such range (comprised of the Exclusion Base Register and the Exclusion Range Limit Register), combine only adjacent or overlapping regions (for now; this may require further adjustment in case table entries aren't sorted by address) with matching exclusion_allow_all settings. This requires bubbling up error indicators, such that IOMMU init can be failed when concatenation wasn't possible. Furthermore, since the exclusion range specified in IOMMU registers implies R/W access, reject requests asking for less permissions (this will be brought closer to the spec by a subsequent change). This is part of XSA-378 / CVE-2021-28695. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: b02c5c88982411be11e3413159862f255f1f39dc master date: 2021-08-25 14:12:13 +0200 --- xen/drivers/passthrough/amd/iommu_acpi.c | 45 +++++++++++++++++++++----------- 1 file changed, 30 insertions(+), 15 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c b/xen/drivers/passthrough/amd/iommu_acpi.c index f4abbfd9dc..b9ac78678c 100644 --- a/xen/drivers/passthrough/amd/iommu_acpi.c +++ b/xen/drivers/passthrough/amd/iommu_acpi.c @@ -117,12 +117,21 @@ static struct amd_iommu * __init find_iommu_from_bdf_cap( return NULL; } -static void __init reserve_iommu_exclusion_range( - struct amd_iommu *iommu, uint64_t base, uint64_t limit) +static int __init reserve_iommu_exclusion_range( + struct amd_iommu *iommu, uint64_t base, uint64_t limit, + bool all, bool iw, bool ir) { + if ( !ir || !iw ) + return -EPERM; + /* need to extend exclusion range? */ if ( iommu->exclusion_enable ) { + if ( iommu->exclusion_limit + PAGE_SIZE < base || + limit + PAGE_SIZE < iommu->exclusion_base || + iommu->exclusion_allow_all != all ) + return -EBUSY; + if ( iommu->exclusion_base < base ) base = iommu->exclusion_base; if ( iommu->exclusion_limit > limit ) @@ -130,16 +139,11 @@ static void __init reserve_iommu_exclusion_range( } iommu->exclusion_enable = IOMMU_CONTROL_ENABLED; + iommu->exclusion_allow_all = all; iommu->exclusion_base = base; iommu->exclusion_limit = limit; -} -static void __init reserve_iommu_exclusion_range_all( - struct amd_iommu *iommu, - unsigned long base, unsigned long limit) -{ - reserve_iommu_exclusion_range(iommu, base, limit); - iommu->exclusion_allow_all = IOMMU_CONTROL_ENABLED; + return 0; } static void __init reserve_unity_map_for_device( @@ -177,6 +181,7 @@ static int __init register_exclusion_range_for_all_devices( unsigned long range_top, iommu_top, length; struct amd_iommu *iommu; unsigned int bdf; + int rc = 0; /* is part of exclusion range inside of IOMMU virtual address space? */ /* note: 'limit' parameter is assumed to be page-aligned */ @@ -198,10 +203,15 @@ static int __init register_exclusion_range_for_all_devices( if ( limit >= iommu_top ) { for_each_amd_iommu( iommu ) - reserve_iommu_exclusion_range_all(iommu, base, limit); + { + rc = reserve_iommu_exclusion_range(iommu, base, limit, + true /* all */, iw, ir); + if ( rc ) + break; + } } - return 0; + return rc; } static int __init register_exclusion_range_for_device( @@ -212,6 +222,7 @@ static int __init register_exclusion_range_for_device( unsigned long range_top, iommu_top, length; struct amd_iommu *iommu; u16 req; + int rc = 0; iommu = find_iommu_for_device(seg, bdf); if ( !iommu ) @@ -241,12 +252,13 @@ static int __init register_exclusion_range_for_device( /* register IOMMU exclusion range settings for device */ if ( limit >= iommu_top ) { - reserve_iommu_exclusion_range(iommu, base, limit); + rc = reserve_iommu_exclusion_range(iommu, base, limit, + false /* all */, iw, ir); ivrs_mappings[bdf].dte_allow_exclusion = true; ivrs_mappings[req].dte_allow_exclusion = true; } - return 0; + return rc; } static int __init register_exclusion_range_for_iommu_devices( @@ -256,6 +268,7 @@ static int __init register_exclusion_range_for_iommu_devices( unsigned long range_top, iommu_top, length; unsigned int bdf; u16 req; + int rc = 0; /* is part of exclusion range inside of IOMMU virtual address space? */ /* note: 'limit' parameter is assumed to be page-aligned */ @@ -286,8 +299,10 @@ static int __init register_exclusion_range_for_iommu_devices( /* register IOMMU exclusion range settings */ if ( limit >= iommu_top ) - reserve_iommu_exclusion_range_all(iommu, base, limit); - return 0; + rc = reserve_iommu_exclusion_range(iommu, base, limit, + true /* all */, iw, ir); + + return rc; } static int __init parse_ivmd_device_select( -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:22:27 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:22:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172283.314225 (Exim 4.92) (envelope-from ) id 1mIsrL-0006Zj-1Y; Wed, 25 Aug 2021 13:22:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172283.314225; Wed, 25 Aug 2021 13:22:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsrK-0006ZU-Uh; Wed, 25 Aug 2021 13:22:26 +0000 Received: by outflank-mailman (input) for mailman id 172283; Wed, 25 Aug 2021 13:22:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsrJ-0006ZE-L0 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:22:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsrJ-0005dx-KD for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:22:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIsrJ-0001d2-JF for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:22:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=KHT+e3yUX+k4nt36vJcYdKNSRA400PNC97Bpj9/n7NU=; b=obgt1tPD5VZByecItTKHlwhRH0 LwhmUVj6NSyn7pt1sWV68rdTr1OBeVV2B8tuzLPQS8TGMb3jksNkEhbYTW2WHnUsGyA1NvlnUa+Yb BQRWqBc8x9psc/PcGA+Dvh2ky3WtwCCUhWTn+oz1obiZT9TH3ej1hbVnNn14wUIOmVXU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] AMD/IOMMU: correct device unity map handling Message-Id: Date: Wed, 25 Aug 2021 13:22:25 +0000 commit 100b2e2d5ee0ea5549113ad6b15f4b532c13bcd7 Author: Jan Beulich AuthorDate: Wed Aug 25 15:05:03 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:05:03 2021 +0200 AMD/IOMMU: correct device unity map handling Blindly assuming all addresses between any two such ranges, specified by firmware in the ACPI tables, should also be unity-mapped can't be right. Nor can it be correct to merge ranges with differing permissions. Track ranges individually; don't merge at all, but check for overlaps instead. This requires bubbling up error indicators, such that IOMMU init can be failed when allocation of a new tracking struct wasn't possible, or an overlap was detected. At this occasion also stop ignoring amd_iommu_reserve_domain_unity_map()'s return value. This is part of XSA-378 / CVE-2021-28695. Signed-off-by: Jan Beulich Reviewed-by: George Dunlap Reviewed-by: Paul Durrant master commit: 34750a3eb022462cdd1c36e8ef9049d3d73c824c master date: 2021-08-25 14:15:11 +0200 --- xen/drivers/passthrough/amd/iommu.h | 14 +++-- xen/drivers/passthrough/amd/iommu_acpi.c | 80 +++++++++++++++++------------ xen/drivers/passthrough/amd/pci_amd_iommu.c | 16 +++--- 3 files changed, 66 insertions(+), 44 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index 3489c2a015..a7a05a9b09 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -107,20 +107,24 @@ struct amd_iommu { struct list_head ats_devices; }; +struct ivrs_unity_map { + bool read:1; + bool write:1; + paddr_t addr; + unsigned long length; + struct ivrs_unity_map *next; +}; + struct ivrs_mappings { uint16_t dte_requestor_id; bool valid:1; bool dte_allow_exclusion:1; - bool unity_map_enable:1; - bool write_permission:1; - bool read_permission:1; /* ivhd device data settings */ uint8_t device_flags; - unsigned long addr_range_start; - unsigned long addr_range_length; struct amd_iommu *iommu; + struct ivrs_unity_map *unity_map; /* per device interrupt remapping table */ void *intremap_table; diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c b/xen/drivers/passthrough/amd/iommu_acpi.c index b9ac78678c..e2f46fa7b6 100644 --- a/xen/drivers/passthrough/amd/iommu_acpi.c +++ b/xen/drivers/passthrough/amd/iommu_acpi.c @@ -146,32 +146,48 @@ static int __init reserve_iommu_exclusion_range( return 0; } -static void __init reserve_unity_map_for_device( - u16 seg, u16 bdf, unsigned long base, - unsigned long length, u8 iw, u8 ir) +static int __init reserve_unity_map_for_device( + uint16_t seg, uint16_t bdf, unsigned long base, + unsigned long length, bool iw, bool ir) { struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(seg); - unsigned long old_top, new_top; + struct ivrs_unity_map *unity_map = ivrs_mappings[bdf].unity_map; - /* need to extend unity-mapped range? */ - if ( ivrs_mappings[bdf].unity_map_enable ) + /* Check for overlaps. */ + for ( ; unity_map; unity_map = unity_map->next ) { - old_top = ivrs_mappings[bdf].addr_range_start + - ivrs_mappings[bdf].addr_range_length; - new_top = base + length; - if ( old_top > new_top ) - new_top = old_top; - if ( ivrs_mappings[bdf].addr_range_start < base ) - base = ivrs_mappings[bdf].addr_range_start; - length = new_top - base; + /* + * Exact matches are okay. This can in particular happen when + * register_exclusion_range_for_device() calls here twice for the + * same (s,b,d,f). + */ + if ( base == unity_map->addr && length == unity_map->length && + ir == unity_map->read && iw == unity_map->write ) + return 0; + + if ( unity_map->addr + unity_map->length > base && + base + length > unity_map->addr ) + { + AMD_IOMMU_DEBUG("IVMD Error: overlap [%lx,%lx) vs [%lx,%lx)\n", + base, base + length, unity_map->addr, + unity_map->addr + unity_map->length); + return -EPERM; + } } - /* extend r/w permissioms and keep aggregate */ - ivrs_mappings[bdf].write_permission = iw; - ivrs_mappings[bdf].read_permission = ir; - ivrs_mappings[bdf].unity_map_enable = true; - ivrs_mappings[bdf].addr_range_start = base; - ivrs_mappings[bdf].addr_range_length = length; + /* Populate and insert a new unity map. */ + unity_map = xmalloc(struct ivrs_unity_map); + if ( !unity_map ) + return -ENOMEM; + + unity_map->read = ir; + unity_map->write = iw; + unity_map->addr = base; + unity_map->length = length; + unity_map->next = ivrs_mappings[bdf].unity_map; + ivrs_mappings[bdf].unity_map = unity_map; + + return 0; } static int __init register_exclusion_range_for_all_devices( @@ -194,13 +210,13 @@ static int __init register_exclusion_range_for_all_devices( length = range_top - base; /* reserve r/w unity-mapped page entries for devices */ /* note: these entries are part of the exclusion range */ - for ( bdf = 0; bdf < ivrs_bdf_entries; bdf++ ) - reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); + for ( bdf = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) + rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); /* push 'base' just outside of virtual address space */ base = iommu_top; } /* register IOMMU exclusion range settings */ - if ( limit >= iommu_top ) + if ( !rc && limit >= iommu_top ) { for_each_amd_iommu( iommu ) { @@ -242,15 +258,15 @@ static int __init register_exclusion_range_for_device( length = range_top - base; /* reserve unity-mapped page entries for device */ /* note: these entries are part of the exclusion range */ - reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); - reserve_unity_map_for_device(seg, req, base, length, iw, ir); + rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir) ?: + reserve_unity_map_for_device(seg, req, base, length, iw, ir); /* push 'base' just outside of virtual address space */ base = iommu_top; } /* register IOMMU exclusion range settings for device */ - if ( limit >= iommu_top ) + if ( !rc && limit >= iommu_top ) { rc = reserve_iommu_exclusion_range(iommu, base, limit, false /* all */, iw, ir); @@ -281,15 +297,15 @@ static int __init register_exclusion_range_for_iommu_devices( length = range_top - base; /* reserve r/w unity-mapped page entries for devices */ /* note: these entries are part of the exclusion range */ - for ( bdf = 0; bdf < ivrs_bdf_entries; bdf++ ) + for ( bdf = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) { if ( iommu == find_iommu_for_device(iommu->seg, bdf) ) { - reserve_unity_map_for_device(iommu->seg, bdf, base, length, - iw, ir); req = get_ivrs_mappings(iommu->seg)[bdf].dte_requestor_id; - reserve_unity_map_for_device(iommu->seg, req, base, length, - iw, ir); + rc = reserve_unity_map_for_device(iommu->seg, bdf, base, length, + iw, ir) ?: + reserve_unity_map_for_device(iommu->seg, req, base, length, + iw, ir); } } @@ -298,7 +314,7 @@ static int __init register_exclusion_range_for_iommu_devices( } /* register IOMMU exclusion range settings */ - if ( limit >= iommu_top ) + if ( !rc && limit >= iommu_top ) rc = reserve_iommu_exclusion_range(iommu, base, limit, true /* all */, iw, ir); diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index abf9395437..59ff5c29d5 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -366,15 +366,17 @@ static int amd_iommu_assign_device(struct domain *d, u8 devfn, struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); int bdf = PCI_BDF2(pdev->bus, devfn); int req_id = get_dma_requestor_id(pdev->seg, bdf); + const struct ivrs_unity_map *unity_map; - if ( ivrs_mappings[req_id].unity_map_enable ) + for ( unity_map = ivrs_mappings[req_id].unity_map; unity_map; + unity_map = unity_map->next ) { - amd_iommu_reserve_domain_unity_map( - d, - ivrs_mappings[req_id].addr_range_start, - ivrs_mappings[req_id].addr_range_length, - ivrs_mappings[req_id].write_permission, - ivrs_mappings[req_id].read_permission); + int rc = amd_iommu_reserve_domain_unity_map( + d, unity_map->addr, unity_map->length, + unity_map->write, unity_map->read); + + if ( rc ) + return rc; } return reassign_device(pdev->domain, d, devfn, pdev); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:22:37 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:22:37 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172284.314229 (Exim 4.92) (envelope-from ) id 1mIsrV-0006eB-2m; Wed, 25 Aug 2021 13:22:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172284.314229; Wed, 25 Aug 2021 13:22:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsrU-0006e3-WD; Wed, 25 Aug 2021 13:22:36 +0000 Received: by outflank-mailman (input) for mailman id 172284; Wed, 25 Aug 2021 13:22:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsrT-0006dh-OX for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:22:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsrT-0005e1-Np for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:22:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIsrT-0001e5-My for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:22:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=r/ionotJYqUCb5lw54DeSprVHvoG3TVpgUH5ZohKUgM=; b=x27B5l6/D8nZu6PS2LfWl0lAbP o9rlnMK/RHBB617suAyXuHzGZ6CyDPmDvbiWR+/WBpQrKMsKJn1KFWp1M6Rar6ELYOY7+FbPZSRlT x2sxndjCjX6bTipBll0UqCKOpmeaXKrL9T+9PIAK89yGur1rw923hZgSlHzyphpmZwR0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] IOMMU: also pass p2m_access_t to p2m_get_iommu_flags() Message-Id: Date: Wed, 25 Aug 2021 13:22:35 +0000 commit 4a244516f6c438f62f4fae287e20628e931cb4ce Author: Jan Beulich AuthorDate: Wed Aug 25 15:05:25 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:05:25 2021 +0200 IOMMU: also pass p2m_access_t to p2m_get_iommu_flags() A subsequent change will want to customize the IOMMU permissions based on this. This is part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: d1bb6c97c31ef754fb29b29eb307c090414e8022 master date: 2021-08-25 14:15:32 +0200 --- xen/arch/x86/mm/p2m-ept.c | 6 +++--- xen/arch/x86/mm/p2m-pt.c | 19 ++++++++++++++++--- xen/include/asm-x86/p2m.h | 3 ++- 3 files changed, 21 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/mm/p2m-ept.c b/xen/arch/x86/mm/p2m-ept.c index b8154a7ecc..a2b3a9b047 100644 --- a/xen/arch/x86/mm/p2m-ept.c +++ b/xen/arch/x86/mm/p2m-ept.c @@ -680,7 +680,7 @@ ept_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, uint8_t ipat = 0; bool_t need_modify_vtd_table = 1; bool_t vtd_pte_present = 0; - unsigned int iommu_flags = p2m_get_iommu_flags(p2mt, mfn); + unsigned int iommu_flags = p2m_get_iommu_flags(p2mt, p2ma, mfn); bool_t needs_sync = 1; ept_entry_t old_entry = { .epte = 0 }; ept_entry_t new_entry = { .epte = 0 }; @@ -808,8 +808,8 @@ ept_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, /* Safe to read-then-write because we hold the p2m lock */ if ( ept_entry->mfn == new_entry.mfn && - p2m_get_iommu_flags(ept_entry->sa_p2mt, _mfn(ept_entry->mfn)) == - iommu_flags ) + p2m_get_iommu_flags(ept_entry->sa_p2mt, ept_entry->access, + _mfn(ept_entry->mfn)) == iommu_flags ) need_modify_vtd_table = 0; ept_p2m_type_to_flags(p2m, &new_entry); diff --git a/xen/arch/x86/mm/p2m-pt.c b/xen/arch/x86/mm/p2m-pt.c index badb26bc34..68744b74a4 100644 --- a/xen/arch/x86/mm/p2m-pt.c +++ b/xen/arch/x86/mm/p2m-pt.c @@ -480,6 +480,16 @@ int p2m_pt_handle_deferred_changes(uint64_t gpa) return rc; } +/* Reconstruct a fake p2m_access_t from stored PTE flags. */ +static p2m_access_t p2m_flags_to_access(unsigned int flags) +{ + if ( flags & _PAGE_PRESENT ) + return p2m_access_n; + + /* No need to look at _PAGE_NX for now. */ + return flags & _PAGE_RW ? p2m_access_rw : p2m_access_r; +} + /* Checks only applicable to entries with order > PAGE_ORDER_4K */ static void check_entry(mfn_t mfn, p2m_type_t new, p2m_type_t old, unsigned int order) @@ -514,7 +524,7 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, l2_pgentry_t l2e_content; l3_pgentry_t l3e_content; int rc; - unsigned int iommu_pte_flags = p2m_get_iommu_flags(p2mt, mfn); + unsigned int iommu_pte_flags = p2m_get_iommu_flags(p2mt, p2ma, mfn); /* * old_mfn and iommu_old_flags control possible flush/update needs on the * IOMMU: We need to flush when MFN or flags (i.e. permissions) change. @@ -577,6 +587,7 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, old_mfn = l1e_get_pfn(*p2m_entry); iommu_old_flags = p2m_get_iommu_flags(p2m_flags_to_type(flags), + p2m_flags_to_access(flags), _mfn(old_mfn)); } else @@ -619,9 +630,10 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, 0, L1_PAGETABLE_ENTRIES); ASSERT(p2m_entry); old_mfn = l1e_get_pfn(*p2m_entry); + flags = l1e_get_flags(*p2m_entry); iommu_old_flags = - p2m_get_iommu_flags(p2m_flags_to_type(l1e_get_flags(*p2m_entry)), - _mfn(old_mfn)); + p2m_get_iommu_flags(p2m_flags_to_type(flags), + p2m_flags_to_access(flags), _mfn(old_mfn)); if ( mfn_valid(mfn) || p2m_allows_invalid_mfn(p2mt) ) entry_content = p2m_l1e_from_pfn(mfn_x(mfn), @@ -649,6 +661,7 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, old_mfn = l1e_get_pfn(*p2m_entry); iommu_old_flags = p2m_get_iommu_flags(p2m_flags_to_type(flags), + p2m_flags_to_access(flags), _mfn(old_mfn)); } else diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index 2883d8a2f0..025ee0d24b 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -903,7 +903,8 @@ static inline void p2m_altp2m_check(struct vcpu *v, uint16_t idx) {} /* * p2m type to IOMMU flags */ -static inline unsigned int p2m_get_iommu_flags(p2m_type_t p2mt, mfn_t mfn) +static inline unsigned int p2m_get_iommu_flags(p2m_type_t p2mt, + p2m_access_t p2ma, mfn_t mfn) { unsigned int flags; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:22:47 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:22:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172285.314232 (Exim 4.92) (envelope-from ) id 1mIsrf-0006hz-4g; Wed, 25 Aug 2021 13:22:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172285.314232; Wed, 25 Aug 2021 13:22:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsrf-0006hq-1P; Wed, 25 Aug 2021 13:22:47 +0000 Received: by outflank-mailman (input) for mailman id 172285; Wed, 25 Aug 2021 13:22:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsrd-0006hW-SV for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:22:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsrd-0005e5-Ri for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:22:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIsrd-0001fy-Qo for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:22:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=UmnDwuW0+Cmac1dcw+LJjG2FXh+D0Ux0cFS6S/TtEIk=; b=n4/uYBIv+d/4ZLaOUd/CP7Ib7I 0p6RMthRmPMbuWb3RALbFmpVjl08zpWYCDV27rthRbEkCS1Odv2wgnJRufpGjXP1By6kBk3slukQH QhLw2esLgFqPKwRGeij7fpjnnXTM02IMJCs39ea9xX/MJI9CwiJJe3kISMyBy1ZeElpY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] IOMMU: generalize VT-d's tracking of mapped RMRR regions Message-Id: Date: Wed, 25 Aug 2021 13:22:45 +0000 commit fe6da097d460ebcaa7158b6b3949a0d208cf3120 Author: Jan Beulich AuthorDate: Wed Aug 25 15:05:43 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:05:43 2021 +0200 IOMMU: generalize VT-d's tracking of mapped RMRR regions In order to re-use it elsewhere, move the logic to vendor independent code and strip it of RMRR specifics. Note that the prior "map" parameter gets folded into the new "p2ma" one (which AMD IOMMU code will want to make use of), assigning alternative meaning ("unmap") to p2m_access_x. Prepare set_identity_p2m_entry() and p2m_get_iommu_flags() for getting passed access types other than p2m_access_rw (in the latter case just for p2m_mmio_direct requests). Note also that, to be on the safe side, an overlap check gets added to the main loop of iommu_identity_mapping(). This is part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: c0e19d7c6c42f0bfccccd96b4f7b03b5515e10fc master date: 2021-08-25 14:15:57 +0200 --- xen/arch/x86/mm/p2m.c | 2 +- xen/drivers/passthrough/vtd/iommu.c | 98 +++++-------------------------------- xen/drivers/passthrough/x86/iommu.c | 95 ++++++++++++++++++++++++++++++++++- xen/include/asm-x86/iommu.h | 8 ++- xen/include/asm-x86/p2m.h | 35 +++++++++++-- 5 files changed, 147 insertions(+), 91 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index db7bde0230..a8d53d325e 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -1353,7 +1353,7 @@ int set_identity_p2m_entry(struct domain *d, unsigned long gfn_l, if ( !is_iommu_enabled(d) ) return 0; return iommu_legacy_map(d, _dfn(gfn_l), _mfn(gfn_l), PAGE_ORDER_4K, - IOMMUF_readable | IOMMUF_writable); + p2m_access_to_iommu_flags(p2ma)); } gfn_lock(p2m, gfn, 0); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index e125e3188a..ab3c5c1845 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -42,12 +42,6 @@ #include "vtd.h" #include "../ats.h" -struct mapped_rmrr { - struct list_head list; - u64 base, end; - unsigned int count; -}; - /* Possible unfiltered LAPIC/MSI messages from untrusted sources? */ bool __read_mostly untrusted_msi; @@ -1800,17 +1794,12 @@ out: static void iommu_domain_teardown(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); - struct mapped_rmrr *mrmrr, *tmp; const struct acpi_drhd_unit *drhd; if ( list_empty(&acpi_drhd_units) ) return; - list_for_each_entry_safe ( mrmrr, tmp, &hd->arch.mapped_rmrrs, list ) - { - list_del(&mrmrr->list); - xfree(mrmrr); - } + iommu_identity_map_teardown(d); ASSERT(is_iommu_enabled(d)); @@ -1966,74 +1955,6 @@ static void iommu_set_pgd(struct domain *d) pagetable_get_paddr(pagetable_from_mfn(pgd_mfn)); } -static int rmrr_identity_mapping(struct domain *d, bool_t map, - const struct acpi_rmrr_unit *rmrr, - u32 flag) -{ - unsigned long base_pfn = rmrr->base_address >> PAGE_SHIFT_4K; - unsigned long end_pfn = PAGE_ALIGN_4K(rmrr->end_address) >> PAGE_SHIFT_4K; - struct mapped_rmrr *mrmrr; - struct domain_iommu *hd = dom_iommu(d); - - ASSERT(pcidevs_locked()); - ASSERT(rmrr->base_address < rmrr->end_address); - - /* - * No need to acquire hd->arch.mapping_lock: Both insertion and removal - * get done while holding pcidevs_lock. - */ - list_for_each_entry( mrmrr, &hd->arch.mapped_rmrrs, list ) - { - if ( mrmrr->base == rmrr->base_address && - mrmrr->end == rmrr->end_address ) - { - int ret = 0; - - if ( map ) - { - ++mrmrr->count; - return 0; - } - - if ( --mrmrr->count ) - return 0; - - while ( base_pfn < end_pfn ) - { - if ( clear_identity_p2m_entry(d, base_pfn) ) - ret = -ENXIO; - base_pfn++; - } - - list_del(&mrmrr->list); - xfree(mrmrr); - return ret; - } - } - - if ( !map ) - return -ENOENT; - - while ( base_pfn < end_pfn ) - { - int err = set_identity_p2m_entry(d, base_pfn, p2m_access_rw, flag); - - if ( err ) - return err; - base_pfn++; - } - - mrmrr = xmalloc(struct mapped_rmrr); - if ( !mrmrr ) - return -ENOMEM; - mrmrr->base = rmrr->base_address; - mrmrr->end = rmrr->end_address; - mrmrr->count = 1; - list_add_tail(&mrmrr->list, &hd->arch.mapped_rmrrs); - - return 0; -} - static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) { struct acpi_rmrr_unit *rmrr; @@ -2065,7 +1986,9 @@ static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) * Since RMRRs are always reserved in the e820 map for the hardware * domain, there shouldn't be a conflict. */ - ret = rmrr_identity_mapping(pdev->domain, 1, rmrr, 0); + ret = iommu_identity_mapping(pdev->domain, p2m_access_rw, + rmrr->base_address, rmrr->end_address, + 0); if ( ret ) dprintk(XENLOG_ERR VTDPREFIX, "d%d: RMRR mapping failed\n", pdev->domain->domain_id); @@ -2110,7 +2033,8 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) * Any flag is nothing to clear these mappings but here * its always safe and strict to set 0. */ - rmrr_identity_mapping(pdev->domain, 0, rmrr, 0); + iommu_identity_mapping(pdev->domain, p2m_access_x, rmrr->base_address, + rmrr->end_address, 0); } return domain_context_unmap(pdev->domain, devfn, pdev); @@ -2309,7 +2233,8 @@ static void __hwdom_init setup_hwdom_rmrr(struct domain *d) * domain, there shouldn't be a conflict. So its always safe and * strict to set 0. */ - ret = rmrr_identity_mapping(d, 1, rmrr, 0); + ret = iommu_identity_mapping(d, p2m_access_rw, rmrr->base_address, + rmrr->end_address, 0); if ( ret ) dprintk(XENLOG_ERR VTDPREFIX, "IOMMU: mapping reserved region failed\n"); @@ -2480,7 +2405,9 @@ static int reassign_device_ownership( * Any RMRR flag is always ignored when remove a device, * but its always safe and strict to set 0. */ - ret = rmrr_identity_mapping(source, 0, rmrr, 0); + ret = iommu_identity_mapping(source, p2m_access_x, + rmrr->base_address, + rmrr->end_address, 0); if ( ret != -ENOENT ) return ret; } @@ -2577,7 +2504,8 @@ static int intel_iommu_assign_device( PCI_BUS(bdf) == bus && PCI_DEVFN2(bdf) == devfn ) { - ret = rmrr_identity_mapping(d, 1, rmrr, flag); + ret = iommu_identity_mapping(d, p2m_access_rw, rmrr->base_address, + rmrr->end_address, flag); if ( ret ) { int rc; diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index 3d7670e8c6..829334ed99 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -139,7 +139,7 @@ int arch_iommu_domain_init(struct domain *d) struct domain_iommu *hd = dom_iommu(d); spin_lock_init(&hd->arch.mapping_lock); - INIT_LIST_HEAD(&hd->arch.mapped_rmrrs); + INIT_LIST_HEAD(&hd->arch.identity_maps); return 0; } @@ -148,6 +148,99 @@ void arch_iommu_domain_destroy(struct domain *d) { } +struct identity_map { + struct list_head list; + paddr_t base, end; + p2m_access_t access; + unsigned int count; +}; + +int iommu_identity_mapping(struct domain *d, p2m_access_t p2ma, + paddr_t base, paddr_t end, + unsigned int flag) +{ + unsigned long base_pfn = base >> PAGE_SHIFT_4K; + unsigned long end_pfn = PAGE_ALIGN_4K(end) >> PAGE_SHIFT_4K; + struct identity_map *map; + struct domain_iommu *hd = dom_iommu(d); + + ASSERT(pcidevs_locked()); + ASSERT(base < end); + + /* + * No need to acquire hd->arch.mapping_lock: Both insertion and removal + * get done while holding pcidevs_lock. + */ + list_for_each_entry( map, &hd->arch.identity_maps, list ) + { + if ( map->base == base && map->end == end ) + { + int ret = 0; + + if ( p2ma != p2m_access_x ) + { + if ( map->access != p2ma ) + return -EADDRINUSE; + ++map->count; + return 0; + } + + if ( --map->count ) + return 0; + + while ( base_pfn < end_pfn ) + { + if ( clear_identity_p2m_entry(d, base_pfn) ) + ret = -ENXIO; + base_pfn++; + } + + list_del(&map->list); + xfree(map); + + return ret; + } + + if ( end >= map->base && map->end >= base ) + return -EADDRINUSE; + } + + if ( p2ma == p2m_access_x ) + return -ENOENT; + + while ( base_pfn < end_pfn ) + { + int err = set_identity_p2m_entry(d, base_pfn, p2ma, flag); + + if ( err ) + return err; + base_pfn++; + } + + map = xmalloc(struct identity_map); + if ( !map ) + return -ENOMEM; + map->base = base; + map->end = end; + map->access = p2ma; + map->count = 1; + list_add_tail(&map->list, &hd->arch.identity_maps); + + return 0; +} + +void iommu_identity_map_teardown(struct domain *d) +{ + struct domain_iommu *hd = dom_iommu(d); + struct identity_map *map, *tmp; + + list_for_each_entry_safe ( map, tmp, &hd->arch.identity_maps, list ) + { + list_del(&map->list); + xfree(map); + } +} + static bool __hwdom_init hwdom_iommu_map(const struct domain *d, unsigned long pfn, unsigned long max_pfn) diff --git a/xen/include/asm-x86/iommu.h b/xen/include/asm-x86/iommu.h index 6c9d5e5632..aaf9455b8e 100644 --- a/xen/include/asm-x86/iommu.h +++ b/xen/include/asm-x86/iommu.h @@ -16,6 +16,7 @@ #include #include +#include #include #include #include @@ -49,7 +50,7 @@ struct arch_iommu spinlock_t mapping_lock; /* io page table lock */ int agaw; /* adjusted guest address width, 0 is level 2 30-bit */ u64 iommu_bitmap; /* bitmap of iommu(s) that the domain uses */ - struct list_head mapped_rmrrs; + struct list_head identity_maps; /* amd iommu support */ int paging_mode; @@ -112,6 +113,11 @@ static inline void iommu_disable_x2apic(void) iommu_ops.disable_x2apic(); } +int iommu_identity_mapping(struct domain *d, p2m_access_t p2ma, + paddr_t base, paddr_t end, + unsigned int flag); +void iommu_identity_map_teardown(struct domain *d); + extern bool untrusted_msi; int pi_update_irte(const struct pi_desc *pi_desc, const struct pirq *pirq, diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index 025ee0d24b..092730aa1f 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -900,6 +900,34 @@ struct p2m_domain *p2m_get_altp2m(struct vcpu *v); static inline void p2m_altp2m_check(struct vcpu *v, uint16_t idx) {} #endif +/* p2m access to IOMMU flags */ +static inline unsigned int p2m_access_to_iommu_flags(p2m_access_t p2ma) +{ + switch ( p2ma ) + { + case p2m_access_rw: + case p2m_access_rwx: + return IOMMUF_readable | IOMMUF_writable; + + case p2m_access_r: + case p2m_access_rx: + case p2m_access_rx2rw: + return IOMMUF_readable; + + case p2m_access_w: + case p2m_access_wx: + return IOMMUF_writable; + + case p2m_access_n: + case p2m_access_x: + case p2m_access_n2rwx: + return 0; + } + + ASSERT_UNREACHABLE(); + return 0; +} + /* * p2m type to IOMMU flags */ @@ -921,9 +949,10 @@ static inline unsigned int p2m_get_iommu_flags(p2m_type_t p2mt, flags = IOMMUF_readable; break; case p2m_mmio_direct: - flags = IOMMUF_readable; - if ( !rangeset_contains_singleton(mmio_ro_ranges, mfn_x(mfn)) ) - flags |= IOMMUF_writable; + flags = p2m_access_to_iommu_flags(p2ma); + if ( (flags & IOMMUF_writable) && + rangeset_contains_singleton(mmio_ro_ranges, mfn_x(mfn)) ) + flags &= ~IOMMUF_writable; break; default: flags = 0; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:22:57 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:22:57 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172290.314237 (Exim 4.92) (envelope-from ) id 1mIsrp-0006lx-7F; Wed, 25 Aug 2021 13:22:57 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172290.314237; Wed, 25 Aug 2021 13:22:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsrp-0006lp-4H; Wed, 25 Aug 2021 13:22:57 +0000 Received: by outflank-mailman (input) for mailman id 172290; Wed, 25 Aug 2021 13:22:56 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsro-0006lf-06 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:22:56 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsrn-0005e9-VZ for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:22:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIsrn-0001hK-UT for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:22:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=g9pz/ISwN9mW3dbCtAdDn3pTpjQQysv3b/Lh99gnz6k=; b=COpPdM98kP83kVjbtsVbSKxcUj WMs8vj5wPclS0p3n7wfbmC4+nJGCIbgaLdQ44DHDZ1ho/VYGOeJWqdwpNI3OSxo95uOaDUjUljtbR KgUkrpO9isJjUOPg4nl6eHcQlLu0wdF3zas7mrAC2GJKhSJV2EaMGUwwQxLL8wZ1A0mM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] AMD/IOMMU: re-arrange/complete re-assignment handling Message-Id: Date: Wed, 25 Aug 2021 13:22:55 +0000 commit 19587584f2f780547a8216b1b9d5cdf3dde29131 Author: Jan Beulich AuthorDate: Wed Aug 25 15:06:08 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:06:08 2021 +0200 AMD/IOMMU: re-arrange/complete re-assignment handling Prior to the assignment step having completed successfully, devices should not get associated with their new owner. Hand the device to DomIO (perhaps temporarily), until after the de-assignment step has completed. De-assignment of a device (from other than Dom0) as well as failure of reassign_device() during assignment should result in unity mappings getting torn down. This in turn requires switching to a refcounted mapping approach, as was already used by VT-d for its RMRRs, to prevent unmapping a region used by multiple devices. This is CVE-2021-28696 / part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: 899272539cbe1acda736a850015416fff653a1b6 master date: 2021-08-25 14:16:26 +0200 --- xen/drivers/passthrough/amd/iommu.h | 6 ++- xen/drivers/passthrough/amd/iommu_map.c | 63 +++++++++++++++++------------ xen/drivers/passthrough/amd/pci_amd_iommu.c | 54 +++++++++++++++++++------ 3 files changed, 83 insertions(+), 40 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index a7a05a9b09..b36a6cd698 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -232,8 +232,10 @@ int __must_check amd_iommu_unmap_page(struct domain *d, dfn_t dfn, unsigned int *flush_flags); int __must_check amd_iommu_alloc_root(struct domain_iommu *hd); int amd_iommu_reserve_domain_unity_map(struct domain *domain, - paddr_t phys_addr, unsigned long size, - int iw, int ir); + const struct ivrs_unity_map *map, + unsigned int flag); +int amd_iommu_reserve_domain_unity_unmap(struct domain *d, + const struct ivrs_unity_map *map); int __must_check amd_iommu_flush_iotlb_pages(struct domain *d, dfn_t dfn, unsigned int page_count, unsigned int flush_flags); diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 8924daef9b..cf4da2b00a 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -420,38 +420,49 @@ int amd_iommu_flush_iotlb_all(struct domain *d) return 0; } -int amd_iommu_reserve_domain_unity_map(struct domain *domain, - paddr_t phys_addr, - unsigned long size, int iw, int ir) +int amd_iommu_reserve_domain_unity_map(struct domain *d, + const struct ivrs_unity_map *map, + unsigned int flag) { - unsigned long npages, i; - unsigned long gfn; - unsigned int flags = !!ir; - unsigned int flush_flags = 0; - int rt = 0; - - if ( iw ) - flags |= IOMMUF_writable; - - npages = region_to_pages(phys_addr, size); - gfn = phys_addr >> PAGE_SHIFT; - for ( i = 0; i < npages; i++ ) + int rc; + + if ( d == dom_io ) + return 0; + + for ( rc = 0; !rc && map; map = map->next ) { - unsigned long frame = gfn + i; + p2m_access_t p2ma = p2m_access_n; - rt = amd_iommu_map_page(domain, _dfn(frame), _mfn(frame), flags, - &flush_flags); - if ( rt != 0 ) - break; + if ( map->read ) + p2ma |= p2m_access_r; + if ( map->write ) + p2ma |= p2m_access_w; + + rc = iommu_identity_mapping(d, p2ma, map->addr, + map->addr + map->length - 1, flag); } - /* Use while-break to avoid compiler warning */ - while ( flush_flags && - amd_iommu_flush_iotlb_pages(domain, _dfn(gfn), - npages, flush_flags) ) - break; + return rc; +} + +int amd_iommu_reserve_domain_unity_unmap(struct domain *d, + const struct ivrs_unity_map *map) +{ + int rc; + + if ( d == dom_io ) + return 0; + + for ( rc = 0; map; map = map->next ) + { + int ret = iommu_identity_mapping(d, p2m_access_x, map->addr, + map->addr + map->length - 1, 0); + + if ( ret && ret != -ENOENT && !rc ) + rc = ret; + } - return rt; + return rc; } int __init amd_iommu_quarantine_init(struct domain *d) diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 59ff5c29d5..de1b471ec6 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -327,6 +327,7 @@ static int reassign_device(struct domain *source, struct domain *target, struct amd_iommu *iommu; int bdf, rc; struct domain_iommu *t = dom_iommu(target); + const struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); bdf = PCI_BDF2(pdev->bus, pdev->devfn); iommu = find_iommu_for_device(pdev->seg, bdf); @@ -341,10 +342,24 @@ static int reassign_device(struct domain *source, struct domain *target, amd_iommu_disable_domain_device(source, iommu, devfn, pdev); - if ( devfn == pdev->devfn ) + /* + * If the device belongs to the hardware domain, and it has a unity mapping, + * don't remove it from the hardware domain, because BIOS may reference that + * mapping. + */ + if ( !is_hardware_domain(source) ) { - list_move(&pdev->domain_list, &target->pdev_list); - pdev->domain = target; + rc = amd_iommu_reserve_domain_unity_unmap( + source, + ivrs_mappings[get_dma_requestor_id(pdev->seg, bdf)].unity_map); + if ( rc ) + return rc; + } + + if ( devfn == pdev->devfn && pdev->domain != dom_io ) + { + list_move(&pdev->domain_list, &dom_io->pdev_list); + pdev->domain = dom_io; } rc = allocate_domain_resources(t); @@ -356,6 +371,12 @@ static int reassign_device(struct domain *source, struct domain *target, pdev->seg, pdev->bus, PCI_SLOT(devfn), PCI_FUNC(devfn), source->domain_id, target->domain_id); + if ( devfn == pdev->devfn && pdev->domain != target ) + { + list_move(&pdev->domain_list, &target->pdev_list); + pdev->domain = target; + } + return 0; } @@ -366,20 +387,28 @@ static int amd_iommu_assign_device(struct domain *d, u8 devfn, struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); int bdf = PCI_BDF2(pdev->bus, devfn); int req_id = get_dma_requestor_id(pdev->seg, bdf); - const struct ivrs_unity_map *unity_map; + int rc = amd_iommu_reserve_domain_unity_map( + d, ivrs_mappings[req_id].unity_map, flag); + + if ( !rc ) + rc = reassign_device(pdev->domain, d, devfn, pdev); - for ( unity_map = ivrs_mappings[req_id].unity_map; unity_map; - unity_map = unity_map->next ) + if ( rc && !is_hardware_domain(d) ) { - int rc = amd_iommu_reserve_domain_unity_map( - d, unity_map->addr, unity_map->length, - unity_map->write, unity_map->read); + int ret = amd_iommu_reserve_domain_unity_unmap( + d, ivrs_mappings[req_id].unity_map); - if ( rc ) - return rc; + if ( ret ) + { + printk(XENLOG_ERR "AMD-Vi: " + "unity-unmap for %pd/%04x:%02x:%02x.%u failed (%d)\n", + d, pdev->seg, pdev->bus, + PCI_SLOT(devfn), PCI_FUNC(devfn), ret); + domain_crash(d); + } } - return reassign_device(pdev->domain, d, devfn, pdev); + return rc; } static void deallocate_next_page_table(struct page_info *pg, int level) @@ -438,6 +467,7 @@ static void deallocate_iommu_page_tables(struct domain *d) static void amd_iommu_domain_destroy(struct domain *d) { + iommu_identity_map_teardown(d); deallocate_iommu_page_tables(d); amd_iommu_flush_all_pages(d); } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:23:07 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:23:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172291.314241 (Exim 4.92) (envelope-from ) id 1mIsrz-0006oy-9B; Wed, 25 Aug 2021 13:23:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172291.314241; Wed, 25 Aug 2021 13:23:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsrz-0006oo-5s; Wed, 25 Aug 2021 13:23:07 +0000 Received: by outflank-mailman (input) for mailman id 172291; Wed, 25 Aug 2021 13:23:06 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsry-0006oe-3y for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:23:06 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsry-0005eX-3E for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:23:06 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIsry-0001l5-28 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:23:06 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=81eFe1ogf0J9AUdfmxffE+DpGjCYCNMxULZ2KpZuD64=; b=YY3YWMYppocsZCXjqOZbZXdH/9 1NUHbi4LXKoG8k6mYMuTWY4ntE8D80gyxMKUhXcwSuSNXBGxGN4JURkUz1OKOBd6/juDGeig17NLt XPzkFZaduXRCBIlW/+J4OsHFVSh/QDKHlXP5YvGgdD1/M4NzYmXrAayazKfwOKcqgbLs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] AMD/IOMMU: re-arrange exclusion range and unity map recording Message-Id: Date: Wed, 25 Aug 2021 13:23:06 +0000 commit e4c23845c24718fa17a591e52bc13ae7f80b2125 Author: Jan Beulich AuthorDate: Wed Aug 25 15:06:21 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:06:21 2021 +0200 AMD/IOMMU: re-arrange exclusion range and unity map recording The spec makes no provisions for OS behavior here to depend on the amount of RAM found on the system. While the spec may not sufficiently clearly distinguish both kinds of regions, they are surely meant to be separate things: Only regions with ACPI_IVMD_EXCLUSION_RANGE set should be candidates for putting in the exclusion range registers. (As there's only a single such pair of registers per IOMMU, secondary non-adjacent regions with the flag set already get converted to unity mapped regions.) First of all, drop the dependency on max_page. With commit b4f042236ae0 ("AMD/IOMMU: Cease using a dynamic height for the IOMMU pagetables") the use of it here was stale anyway; it was bogus already before, as it didn't account for max_page getting increased later on. Simply try an exclusion range registration first, and if it fails (for being unsuitable or non-mergeable), register a unity mapping range. With this various local variables become unnecessary and hence get dropped at the same time. With the max_page boundary dropped for using unity maps, the minimum page table tree height now needs both recording and enforcing in amd_iommu_domain_init(). Since we can't predict which devices may get assigned to a domain, our only option is to uniformly force at least that height for all domains, now that the height isn't dynamic anymore. Further don't make use of the exclusion range unless ACPI data says so. Note that exclusion range registration in register_range_for_all_devices() is on a best effort basis. Hence unity map entries also registered are redundant when the former succeeded, but they also do no harm. Improvements in this area can be done later imo. Also adjust types where suitable without touching extra lines. This is part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: 8ea80530cd0dbb8ffa7ac92606a3ee29663fdc93 master date: 2021-08-25 14:16:46 +0200 --- xen/drivers/passthrough/amd/iommu.h | 2 + xen/drivers/passthrough/amd/iommu_acpi.c | 184 ++++++++++++---------------- xen/drivers/passthrough/amd/pci_amd_iommu.c | 12 +- 3 files changed, 90 insertions(+), 108 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index b36a6cd698..fc4fd051b8 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -308,6 +308,8 @@ extern struct hpet_sbdf { } init; } hpet_sbdf; +extern int amd_iommu_min_paging_mode; + extern void *shared_intremap_table; extern unsigned long *shared_intremap_inuse; diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c b/xen/drivers/passthrough/amd/iommu_acpi.c index e2f46fa7b6..4db60daeb9 100644 --- a/xen/drivers/passthrough/amd/iommu_acpi.c +++ b/xen/drivers/passthrough/amd/iommu_acpi.c @@ -118,12 +118,8 @@ static struct amd_iommu * __init find_iommu_from_bdf_cap( } static int __init reserve_iommu_exclusion_range( - struct amd_iommu *iommu, uint64_t base, uint64_t limit, - bool all, bool iw, bool ir) + struct amd_iommu *iommu, paddr_t base, paddr_t limit, bool all) { - if ( !ir || !iw ) - return -EPERM; - /* need to extend exclusion range? */ if ( iommu->exclusion_enable ) { @@ -152,14 +148,18 @@ static int __init reserve_unity_map_for_device( { struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(seg); struct ivrs_unity_map *unity_map = ivrs_mappings[bdf].unity_map; + int paging_mode = amd_iommu_get_paging_mode(PFN_UP(base + length)); + + if ( paging_mode < 0 ) + return paging_mode; /* Check for overlaps. */ for ( ; unity_map; unity_map = unity_map->next ) { /* * Exact matches are okay. This can in particular happen when - * register_exclusion_range_for_device() calls here twice for the - * same (s,b,d,f). + * register_range_for_device() calls here twice for the same + * (s,b,d,f). */ if ( base == unity_map->addr && length == unity_map->length && ir == unity_map->read && iw == unity_map->write ) @@ -187,55 +187,52 @@ static int __init reserve_unity_map_for_device( unity_map->next = ivrs_mappings[bdf].unity_map; ivrs_mappings[bdf].unity_map = unity_map; + if ( paging_mode > amd_iommu_min_paging_mode ) + amd_iommu_min_paging_mode = paging_mode; + return 0; } -static int __init register_exclusion_range_for_all_devices( - unsigned long base, unsigned long limit, u8 iw, u8 ir) +static int __init register_range_for_all_devices( + paddr_t base, paddr_t limit, bool iw, bool ir, bool exclusion) { int seg = 0; /* XXX */ - unsigned long range_top, iommu_top, length; struct amd_iommu *iommu; - unsigned int bdf; int rc = 0; /* is part of exclusion range inside of IOMMU virtual address space? */ /* note: 'limit' parameter is assumed to be page-aligned */ - range_top = limit + PAGE_SIZE; - iommu_top = max_page * PAGE_SIZE; - if ( base < iommu_top ) - { - if ( range_top > iommu_top ) - range_top = iommu_top; - length = range_top - base; - /* reserve r/w unity-mapped page entries for devices */ - /* note: these entries are part of the exclusion range */ - for ( bdf = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) - rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); - /* push 'base' just outside of virtual address space */ - base = iommu_top; - } - /* register IOMMU exclusion range settings */ - if ( !rc && limit >= iommu_top ) + if ( exclusion ) { for_each_amd_iommu( iommu ) { - rc = reserve_iommu_exclusion_range(iommu, base, limit, - true /* all */, iw, ir); - if ( rc ) - break; + int ret = reserve_iommu_exclusion_range(iommu, base, limit, + true /* all */); + + if ( ret && !rc ) + rc = ret; } } + if ( !exclusion || rc ) + { + paddr_t length = limit + PAGE_SIZE - base; + unsigned int bdf; + + /* reserve r/w unity-mapped page entries for devices */ + for ( bdf = rc = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) + rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); + } + return rc; } -static int __init register_exclusion_range_for_device( - u16 bdf, unsigned long base, unsigned long limit, u8 iw, u8 ir) +static int __init register_range_for_device( + unsigned int bdf, paddr_t base, paddr_t limit, + bool iw, bool ir, bool exclusion) { int seg = 0; /* XXX */ struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(seg); - unsigned long range_top, iommu_top, length; struct amd_iommu *iommu; u16 req; int rc = 0; @@ -249,27 +246,19 @@ static int __init register_exclusion_range_for_device( req = ivrs_mappings[bdf].dte_requestor_id; /* note: 'limit' parameter is assumed to be page-aligned */ - range_top = limit + PAGE_SIZE; - iommu_top = max_page * PAGE_SIZE; - if ( base < iommu_top ) + if ( exclusion ) + rc = reserve_iommu_exclusion_range(iommu, base, limit, + false /* all */); + if ( !exclusion || rc ) { - if ( range_top > iommu_top ) - range_top = iommu_top; - length = range_top - base; + paddr_t length = limit + PAGE_SIZE - base; + /* reserve unity-mapped page entries for device */ - /* note: these entries are part of the exclusion range */ rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir) ?: reserve_unity_map_for_device(seg, req, base, length, iw, ir); - - /* push 'base' just outside of virtual address space */ - base = iommu_top; } - - /* register IOMMU exclusion range settings for device */ - if ( !rc && limit >= iommu_top ) + else { - rc = reserve_iommu_exclusion_range(iommu, base, limit, - false /* all */, iw, ir); ivrs_mappings[bdf].dte_allow_exclusion = true; ivrs_mappings[req].dte_allow_exclusion = true; } @@ -277,53 +266,42 @@ static int __init register_exclusion_range_for_device( return rc; } -static int __init register_exclusion_range_for_iommu_devices( - struct amd_iommu *iommu, - unsigned long base, unsigned long limit, u8 iw, u8 ir) +static int __init register_range_for_iommu_devices( + struct amd_iommu *iommu, paddr_t base, paddr_t limit, + bool iw, bool ir, bool exclusion) { - unsigned long range_top, iommu_top, length; + /* note: 'limit' parameter is assumed to be page-aligned */ + paddr_t length = limit + PAGE_SIZE - base; unsigned int bdf; u16 req; - int rc = 0; + int rc; - /* is part of exclusion range inside of IOMMU virtual address space? */ - /* note: 'limit' parameter is assumed to be page-aligned */ - range_top = limit + PAGE_SIZE; - iommu_top = max_page * PAGE_SIZE; - if ( base < iommu_top ) + if ( exclusion ) { - if ( range_top > iommu_top ) - range_top = iommu_top; - length = range_top - base; - /* reserve r/w unity-mapped page entries for devices */ - /* note: these entries are part of the exclusion range */ - for ( bdf = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) - { - if ( iommu == find_iommu_for_device(iommu->seg, bdf) ) - { - req = get_ivrs_mappings(iommu->seg)[bdf].dte_requestor_id; - rc = reserve_unity_map_for_device(iommu->seg, bdf, base, length, - iw, ir) ?: - reserve_unity_map_for_device(iommu->seg, req, base, length, - iw, ir); - } - } - - /* push 'base' just outside of virtual address space */ - base = iommu_top; + rc = reserve_iommu_exclusion_range(iommu, base, limit, true /* all */); + if ( !rc ) + return 0; } - /* register IOMMU exclusion range settings */ - if ( !rc && limit >= iommu_top ) - rc = reserve_iommu_exclusion_range(iommu, base, limit, - true /* all */, iw, ir); + /* reserve unity-mapped page entries for devices */ + for ( bdf = rc = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) + { + if ( iommu != find_iommu_for_device(iommu->seg, bdf) ) + continue; + + req = get_ivrs_mappings(iommu->seg)[bdf].dte_requestor_id; + rc = reserve_unity_map_for_device(iommu->seg, bdf, base, length, + iw, ir) ?: + reserve_unity_map_for_device(iommu->seg, req, base, length, + iw, ir); + } return rc; } static int __init parse_ivmd_device_select( const struct acpi_ivrs_memory *ivmd_block, - unsigned long base, unsigned long limit, u8 iw, u8 ir) + paddr_t base, paddr_t limit, bool iw, bool ir, bool exclusion) { u16 bdf; @@ -334,12 +312,12 @@ static int __init parse_ivmd_device_select( return -ENODEV; } - return register_exclusion_range_for_device(bdf, base, limit, iw, ir); + return register_range_for_device(bdf, base, limit, iw, ir, exclusion); } static int __init parse_ivmd_device_range( const struct acpi_ivrs_memory *ivmd_block, - unsigned long base, unsigned long limit, u8 iw, u8 ir) + paddr_t base, paddr_t limit, bool iw, bool ir, bool exclusion) { unsigned int first_bdf, last_bdf, bdf; int error; @@ -361,15 +339,15 @@ static int __init parse_ivmd_device_range( } for ( bdf = first_bdf, error = 0; (bdf <= last_bdf) && !error; bdf++ ) - error = register_exclusion_range_for_device( - bdf, base, limit, iw, ir); + error = register_range_for_device( + bdf, base, limit, iw, ir, exclusion); return error; } static int __init parse_ivmd_device_iommu( const struct acpi_ivrs_memory *ivmd_block, - unsigned long base, unsigned long limit, u8 iw, u8 ir) + paddr_t base, paddr_t limit, bool iw, bool ir, bool exclusion) { int seg = 0; /* XXX */ struct amd_iommu *iommu; @@ -384,14 +362,14 @@ static int __init parse_ivmd_device_iommu( return -ENODEV; } - return register_exclusion_range_for_iommu_devices( - iommu, base, limit, iw, ir); + return register_range_for_iommu_devices( + iommu, base, limit, iw, ir, exclusion); } static int __init parse_ivmd_block(const struct acpi_ivrs_memory *ivmd_block) { unsigned long start_addr, mem_length, base, limit; - u8 iw, ir; + bool iw = true, ir = true, exclusion = false; if ( ivmd_block->header.length < sizeof(*ivmd_block) ) { @@ -408,13 +386,11 @@ static int __init parse_ivmd_block(const struct acpi_ivrs_memory *ivmd_block) ivmd_block->header.type, start_addr, mem_length); if ( ivmd_block->header.flags & ACPI_IVMD_EXCLUSION_RANGE ) - iw = ir = IOMMU_CONTROL_ENABLED; + exclusion = true; else if ( ivmd_block->header.flags & ACPI_IVMD_UNITY ) { - iw = ivmd_block->header.flags & ACPI_IVMD_READ ? - IOMMU_CONTROL_ENABLED : IOMMU_CONTROL_DISABLED; - ir = ivmd_block->header.flags & ACPI_IVMD_WRITE ? - IOMMU_CONTROL_ENABLED : IOMMU_CONTROL_DISABLED; + iw = ivmd_block->header.flags & ACPI_IVMD_READ; + ir = ivmd_block->header.flags & ACPI_IVMD_WRITE; } else { @@ -425,20 +401,20 @@ static int __init parse_ivmd_block(const struct acpi_ivrs_memory *ivmd_block) switch( ivmd_block->header.type ) { case ACPI_IVRS_TYPE_MEMORY_ALL: - return register_exclusion_range_for_all_devices( - base, limit, iw, ir); + return register_range_for_all_devices( + base, limit, iw, ir, exclusion); case ACPI_IVRS_TYPE_MEMORY_ONE: - return parse_ivmd_device_select(ivmd_block, - base, limit, iw, ir); + return parse_ivmd_device_select(ivmd_block, base, limit, + iw, ir, exclusion); case ACPI_IVRS_TYPE_MEMORY_RANGE: - return parse_ivmd_device_range(ivmd_block, - base, limit, iw, ir); + return parse_ivmd_device_range(ivmd_block, base, limit, + iw, ir, exclusion); case ACPI_IVRS_TYPE_MEMORY_IOMMU: - return parse_ivmd_device_iommu(ivmd_block, - base, limit, iw, ir); + return parse_ivmd_device_iommu(ivmd_block, base, limit, + iw, ir, exclusion); default: AMD_IOMMU_DEBUG("IVMD Error: Invalid Block Type!\n"); diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index de1b471ec6..3f632e5e10 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -231,6 +231,8 @@ static int __must_check allocate_domain_resources(struct domain_iommu *hd) return rc; } +int __read_mostly amd_iommu_min_paging_mode = 1; + static int amd_iommu_domain_init(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); @@ -242,11 +244,13 @@ static int amd_iommu_domain_init(struct domain *d) * - HVM could in principle use 3 or 4 depending on how much guest * physical address space we give it, but this isn't known yet so use 4 * unilaterally. + * - Unity maps may require an even higher number. */ - hd->arch.paging_mode = amd_iommu_get_paging_mode( - is_hvm_domain(d) - ? 1ul << (DEFAULT_DOMAIN_ADDRESS_WIDTH - PAGE_SHIFT) - : get_upper_mfn_bound() + 1); + hd->arch.paging_mode = max(amd_iommu_get_paging_mode( + is_hvm_domain(d) + ? 1ul << (DEFAULT_DOMAIN_ADDRESS_WIDTH - PAGE_SHIFT) + : get_upper_mfn_bound() + 1), + amd_iommu_min_paging_mode); return 0; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:23:17 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:23:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172292.314246 (Exim 4.92) (envelope-from ) id 1mIss9-0006s0-BD; Wed, 25 Aug 2021 13:23:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172292.314246; Wed, 25 Aug 2021 13:23:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIss9-0006rn-7g; Wed, 25 Aug 2021 13:23:17 +0000 Received: by outflank-mailman (input) for mailman id 172292; Wed, 25 Aug 2021 13:23:16 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIss8-0006rb-7j for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:23:16 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIss8-0005ey-71 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:23:16 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIss8-0001nO-5z for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:23:16 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=s6y9Vhtxfc/2uzErEMW7k1E5OWo9qsUxD6gq+gBM7WM=; b=YtnXTGrka9Q+fTVH79bstdNgX6 RTS1B/8AHNlhJJgzBeDZShYUoSXXeH3vuigD9S3wNf84EkgCOSdL/wqMoGW16dnQaxc73iP+o6rXy H0cD3K4Wy5eZ6dWvYQy2atfIl6I0f/0hD5rnqrh6miTQ0QIPIjFsLqsQVtrGL1zS2cOA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/p2m: introduce p2m_is_special() Message-Id: Date: Wed, 25 Aug 2021 13:23:16 +0000 commit 968526568c5519e32298b5cef8f05a6caee5f721 Author: Jan Beulich AuthorDate: Wed Aug 25 15:06:35 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:06:35 2021 +0200 x86/p2m: introduce p2m_is_special() Seeing the similarity of grant, foreign, and (subsequently) direct-MMIO handling, introduce a new P2M type group named "special" (as in "needing special accessors to create/destroy"). Also use -EPERM instead of other error codes on the two domain_crash() paths touched. This is part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: 0bf755e2c856628e11e93c76c3e12974e9964638 master date: 2021-08-25 14:17:07 +0200 --- xen/arch/x86/mm/p2m.c | 15 +++++++-------- xen/include/asm-x86/p2m.h | 5 +++++ 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index a8d53d325e..1877af8ac4 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -807,7 +807,7 @@ p2m_remove_page(struct p2m_domain *p2m, gfn_t gfn, mfn_t mfn, for ( i = 0; i < (1UL << page_order); i++ ) { p2m->get_entry(p2m, gfn_add(gfn, i), &t, &a, 0, NULL, NULL); - if ( !p2m_is_grant(t) && !p2m_is_shared(t) && !p2m_is_foreign(t) ) + if ( !p2m_is_special(t) && !p2m_is_shared(t) ) set_gpfn_from_mfn(mfn_x(mfn) + i, INVALID_M2P_ENTRY); } } @@ -935,13 +935,13 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, &ot, &a, 0, NULL, NULL); ASSERT(!p2m_is_shared(ot)); } - if ( p2m_is_grant(ot) || p2m_is_foreign(ot) ) + if ( p2m_is_special(ot) ) { - /* Really shouldn't be unmapping grant/foreign maps this way */ + /* Don't permit unmapping grant/foreign this way. */ domain_crash(d); p2m_unlock(p2m); - return -EINVAL; + return -EPERM; } else if ( p2m_is_ram(ot) && !p2m_is_paged(ot) ) { @@ -1035,8 +1035,7 @@ int p2m_change_type_one(struct domain *d, unsigned long gfn_l, struct p2m_domain *p2m = p2m_get_hostp2m(d); int rc; - BUG_ON(p2m_is_grant(ot) || p2m_is_grant(nt)); - BUG_ON(p2m_is_foreign(ot) || p2m_is_foreign(nt)); + BUG_ON(p2m_is_special(ot) || p2m_is_special(nt)); gfn_lock(p2m, gfn, 0); @@ -1283,11 +1282,11 @@ static int set_typed_p2m_entry(struct domain *d, unsigned long gfn_l, gfn_unlock(p2m, gfn, order); return cur_order + 1; } - if ( p2m_is_grant(ot) || p2m_is_foreign(ot) ) + if ( p2m_is_special(ot) ) { gfn_unlock(p2m, gfn, order); domain_crash(d); - return -ENOENT; + return -EPERM; } else if ( p2m_is_ram(ot) ) { diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index 092730aa1f..a06ccbc474 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -141,6 +141,10 @@ typedef unsigned int p2m_query_t; | p2m_to_mask(p2m_ram_logdirty) ) #define P2M_SHARED_TYPES (p2m_to_mask(p2m_ram_shared)) +/* Types established/cleaned up via special accessors. */ +#define P2M_SPECIAL_TYPES (P2M_GRANT_TYPES | \ + p2m_to_mask(p2m_map_foreign)) + /* Valid types not necessarily associated with a (valid) MFN. */ #define P2M_INVALID_MFN_TYPES (P2M_POD_TYPES \ | p2m_to_mask(p2m_mmio_direct) \ @@ -169,6 +173,7 @@ typedef unsigned int p2m_query_t; #define p2m_is_paged(_t) (p2m_to_mask(_t) & P2M_PAGED_TYPES) #define p2m_is_sharable(_t) (p2m_to_mask(_t) & P2M_SHARABLE_TYPES) #define p2m_is_shared(_t) (p2m_to_mask(_t) & P2M_SHARED_TYPES) +#define p2m_is_special(_t) (p2m_to_mask(_t) & P2M_SPECIAL_TYPES) #define p2m_is_broken(_t) (p2m_to_mask(_t) & P2M_BROKEN_TYPES) #define p2m_is_foreign(_t) (p2m_to_mask(_t) & p2m_to_mask(p2m_map_foreign)) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:23:27 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:23:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172293.314249 (Exim 4.92) (envelope-from ) id 1mIssJ-0006vN-EQ; Wed, 25 Aug 2021 13:23:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172293.314249; Wed, 25 Aug 2021 13:23:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIssJ-0006vF-BR; Wed, 25 Aug 2021 13:23:27 +0000 Received: by outflank-mailman (input) for mailman id 172293; Wed, 25 Aug 2021 13:23:26 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIssI-0006v5-Bw for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:23:26 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIssI-0005f6-B6 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:23:26 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIssI-0001oo-AG for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:23:26 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=F8WeREDSJCFtdih8v9gsV+qUKupTSEU8l9VASt/Xn/w=; b=MYS1RjIEwLMxqnWitGJUL2yq89 lQATNfFy9/I56FtUNaInENP0ilbn6s/r7HN2ky+GjkMQHr1EomK8bZZfUva1uNuwKuZIRJRvtefaa jgV2Ntu4ZC7ogQBvgoxQ2kBNS727JdjSxn36D3wGhMuGa5KXNdvLnxMb6OrJBJfj6Jfg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/p2m: guard (in particular) identity mapping entries Message-Id: Date: Wed, 25 Aug 2021 13:23:26 +0000 commit 6f4c2146893c10ec17e854242613428f96e86757 Author: Jan Beulich AuthorDate: Wed Aug 25 15:06:51 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:06:51 2021 +0200 x86/p2m: guard (in particular) identity mapping entries Such entries, created by set_identity_p2m_entry(), should only be destroyed by clear_identity_p2m_entry(). However, similarly, entries created by set_mmio_p2m_entry() should only be torn down by clear_mmio_p2m_entry(), so the logic gets based upon p2m_mmio_direct as the entry type (separation between "ordinary" and 1:1 mappings would require a further indicator to tell apart the two). As to the guest_remove_page() change, commit 48dfb297a20a ("x86/PVH: allow guest_remove_page to remove p2m_mmio_direct pages"), which introduced the call to clear_mmio_p2m_entry(), claimed this was done for hwdom only without this actually having been the case. However, this code shouldn't be there in the first place, as MMIO entries shouldn't be dropped this way. Avoid triggering the warning again that 48dfb297a20a silenced by an adjustment to xenmem_add_to_physmap_one() instead. Note that guest_physmap_mark_populate_on_demand() gets tightened beyond the immediate purpose of this change. Note also that I didn't inspect code which isn't security supported, e.g. sharing, paging, or altp2m. This is CVE-2021-28694 / part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: 753cb68e653002e89fdcd1c80e52905fdbfb78cb master date: 2021-08-25 14:17:32 +0200 --- xen/arch/x86/mm.c | 4 +++- xen/arch/x86/mm/p2m-pod.c | 12 ++++++------ xen/arch/x86/mm/p2m.c | 11 ++++++----- xen/common/memory.c | 11 ++++++++++- xen/include/asm-x86/p2m.h | 5 ++--- 5 files changed, 27 insertions(+), 16 deletions(-) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 61cf6a7b9b..1282ad1e87 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -4652,7 +4652,9 @@ int xenmem_add_to_physmap_one( /* Remove previously mapped page if it was present. */ prev_mfn = get_gfn(d, gfn_x(gpfn), &p2mt); - if ( mfn_valid(prev_mfn) ) + if ( p2mt == p2m_mmio_direct ) + rc = -EPERM; + else if ( mfn_valid(prev_mfn) ) { if ( is_special_page(mfn_to_page(prev_mfn)) ) /* Special pages are simply unhooked from this phys slot. */ diff --git a/xen/arch/x86/mm/p2m-pod.c b/xen/arch/x86/mm/p2m-pod.c index 48e609d1ed..b64f561fa7 100644 --- a/xen/arch/x86/mm/p2m-pod.c +++ b/xen/arch/x86/mm/p2m-pod.c @@ -1292,17 +1292,17 @@ guest_physmap_mark_populate_on_demand(struct domain *d, unsigned long gfn_l, p2m->get_entry(p2m, gfn_add(gfn, i), &ot, &a, 0, &cur_order, NULL); n = 1UL << min(order, cur_order); - if ( p2m_is_ram(ot) ) + if ( ot == p2m_populate_on_demand ) + { + /* Count how many PoD entries we'll be replacing if successful */ + pod_count += n; + } + else if ( ot != p2m_invalid && ot != p2m_mmio_dm ) { P2M_DEBUG("gfn_to_mfn returned type %d!\n", ot); rc = -EBUSY; goto out; } - else if ( ot == p2m_populate_on_demand ) - { - /* Count how man PoD entries we'll be replacing if successful */ - pod_count += n; - } } /* Now, actually do the two-way mapping */ diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 1877af8ac4..5005844b57 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -795,7 +795,8 @@ p2m_remove_page(struct p2m_domain *p2m, gfn_t gfn, mfn_t mfn, &cur_order, NULL); if ( p2m_is_valid(t) && - (!mfn_valid(mfn) || !mfn_eq(mfn_add(mfn, i), mfn_return)) ) + (!mfn_valid(mfn) || t == p2m_mmio_direct || + !mfn_eq(mfn_add(mfn, i), mfn_return)) ) return -EILSEQ; i += (1UL << cur_order) - @@ -893,7 +894,7 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, if ( p2m_is_foreign(t) ) return -EINVAL; - if ( !mfn_valid(mfn) ) + if ( !mfn_valid(mfn) || t == p2m_mmio_direct ) { ASSERT_UNREACHABLE(); return -EINVAL; @@ -937,7 +938,7 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, } if ( p2m_is_special(ot) ) { - /* Don't permit unmapping grant/foreign this way. */ + /* Don't permit unmapping grant/foreign/direct-MMIO this way. */ domain_crash(d); p2m_unlock(p2m); @@ -1387,8 +1388,8 @@ int set_identity_p2m_entry(struct domain *d, unsigned long gfn_l, * order+1 for caller to retry with order (guaranteed smaller than * the order value passed in) */ -int clear_mmio_p2m_entry(struct domain *d, unsigned long gfn_l, mfn_t mfn, - unsigned int order) +static int clear_mmio_p2m_entry(struct domain *d, unsigned long gfn_l, + mfn_t mfn, unsigned int order) { int rc = -EINVAL; gfn_t gfn = _gfn(gfn_l); diff --git a/xen/common/memory.c b/xen/common/memory.c index 5c5075ae41..2433e8ddf8 100644 --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -329,7 +329,7 @@ int guest_remove_page(struct domain *d, unsigned long gmfn) } if ( p2mt == p2m_mmio_direct ) { - rc = clear_mmio_p2m_entry(d, gmfn, mfn, PAGE_ORDER_4K); + rc = -EPERM; goto out_put_gfn; } #else @@ -1721,6 +1721,15 @@ int check_get_page_from_gfn(struct domain *d, gfn_t gfn, bool readonly, return -EAGAIN; } #endif +#ifdef CONFIG_X86 + if ( p2mt == p2m_mmio_direct ) + { + if ( page ) + put_page(page); + + return -EPERM; + } +#endif if ( !page ) return -EINVAL; diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index a06ccbc474..9be4a9c58e 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -143,7 +143,8 @@ typedef unsigned int p2m_query_t; /* Types established/cleaned up via special accessors. */ #define P2M_SPECIAL_TYPES (P2M_GRANT_TYPES | \ - p2m_to_mask(p2m_map_foreign)) + p2m_to_mask(p2m_map_foreign) | \ + p2m_to_mask(p2m_mmio_direct)) /* Valid types not necessarily associated with a (valid) MFN. */ #define P2M_INVALID_MFN_TYPES (P2M_POD_TYPES \ @@ -645,8 +646,6 @@ int set_foreign_p2m_entry(struct domain *d, unsigned long gfn, mfn_t mfn); /* Set mmio addresses in the p2m table (for pass-through) */ int set_mmio_p2m_entry(struct domain *d, gfn_t gfn, mfn_t mfn, unsigned int order); -int clear_mmio_p2m_entry(struct domain *d, unsigned long gfn, mfn_t mfn, - unsigned int order); /* Set identity addresses in the p2m table (for pass-through) */ int set_identity_p2m_entry(struct domain *d, unsigned long gfn, -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:23:38 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:23:38 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172294.314253 (Exim 4.92) (envelope-from ) id 1mIssU-0006yj-G2; Wed, 25 Aug 2021 13:23:38 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172294.314253; Wed, 25 Aug 2021 13:23:38 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIssU-0006yb-Cy; Wed, 25 Aug 2021 13:23:38 +0000 Received: by outflank-mailman (input) for mailman id 172294; Wed, 25 Aug 2021 13:23:36 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIssS-0006y4-FT for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:23:36 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIssS-0005fJ-Ep for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:23:36 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIssS-0001qf-Dv for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:23:36 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=B8Cxl6FZW6AJKagYSExA3Y3g1OGIWVLjNGkttshro54=; b=iCmESR1kgWPtnrrvSt6StRRgKy Paeix8CBOiHNv58FP1VYTvcLbjmxVQ6vcfmve9nThb2SGUmsBAzffe75ITmjwYkahkXLA1DZlGwKq 1GNhshbxxptS+M2mPWMPaPTeb4FasCT2/T5MF+lgND0l7GfhqkrX1mifUCqJKrO0reU0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/mm: widen locked region in xenmem_add_to_physmap_one() Message-Id: Date: Wed, 25 Aug 2021 13:23:36 +0000 commit 98bcd536c24ea35dcaed84cc35ce0f6c938ba9d6 Author: Jan Beulich AuthorDate: Wed Aug 25 15:07:09 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:07:09 2021 +0200 x86/mm: widen locked region in xenmem_add_to_physmap_one() For pages which can be made part of the P2M by the guest, but which can also later be de-allocated (grant table v2 status pages being the present example), it is imperative that they be mapped at no more than a single GFN. We therefore need to make sure that of two parallel XENMAPSPACE_grant_table requests for the same status page one completes before the second checks at which other GFN the underlying MFN is presently mapped. Pull ahead the respective get_gfn() and push down the respective put_gfn(). This leverages that gfn_lock() really aliases p2m_lock(), but the function makes this assumption already anyway: In the XENMAPSPACE_gmfn case lock nesting constraints for both involved GFNs would otherwise need to be enforced to avoid ABBA deadlocks. This is CVE-2021-28697 / XSA-379. Signed-off-by: Jan Beulich Reviewed-by: Julien Grall master commit: f147422bf9476fb8161b43e35f5901571ed17c35 master date: 2021-08-25 14:17:56 +0200 --- xen/arch/x86/mm.c | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 1282ad1e87..56bad5b3ea 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -4650,8 +4650,20 @@ int xenmem_add_to_physmap_one( goto put_both; } - /* Remove previously mapped page if it was present. */ + /* + * Note that we're (ab)using GFN locking (to really be locking of the + * entire P2M) here in (at least) two ways: Finer grained locking would + * expose lock order violations in the XENMAPSPACE_gmfn case (due to the + * earlier get_gfn_unshare() above). Plus at the very least for the grant + * table v2 status page case we need to guarantee that the same page can + * only appear at a single GFN. While this is a property we want in + * general, for pages which can subsequently be freed this imperative: + * Upon freeing we wouldn't be able to find other mappings in the P2M + * (unless we did a brute force search). + */ prev_mfn = get_gfn(d, gfn_x(gpfn), &p2mt); + + /* Remove previously mapped page if it was present. */ if ( p2mt == p2m_mmio_direct ) rc = -EPERM; else if ( mfn_valid(prev_mfn) ) @@ -4663,27 +4675,21 @@ int xenmem_add_to_physmap_one( /* Normal domain memory is freed, to avoid leaking memory. */ rc = guest_remove_page(d, gfn_x(gpfn)); } - /* In the XENMAPSPACE_gmfn case we still hold a ref on the old page. */ - put_gfn(d, gfn_x(gpfn)); - - if ( rc ) - goto put_both; /* Unmap from old location, if any. */ old_gpfn = get_gpfn_from_mfn(mfn_x(mfn)); ASSERT(!SHARED_M2P(old_gpfn)); if ( space == XENMAPSPACE_gmfn && old_gpfn != gfn ) - { rc = -EXDEV; - goto put_both; - } - if ( old_gpfn != INVALID_M2P_ENTRY ) + else if ( !rc && old_gpfn != INVALID_M2P_ENTRY ) rc = guest_physmap_remove_page(d, _gfn(old_gpfn), mfn, PAGE_ORDER_4K); /* Map at new location. */ if ( !rc ) rc = guest_physmap_add_page(d, gpfn, mfn, PAGE_ORDER_4K); + put_gfn(d, gfn_x(gpfn)); + put_both: /* * In the XENMAPSPACE_gmfn case, we took a ref of the gfn at the top. -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:23:48 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:23:48 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172295.314257 (Exim 4.92) (envelope-from ) id 1mIsse-000721-HS; Wed, 25 Aug 2021 13:23:48 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172295.314257; Wed, 25 Aug 2021 13:23:48 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsse-00071t-EX; Wed, 25 Aug 2021 13:23:48 +0000 Received: by outflank-mailman (input) for mailman id 172295; Wed, 25 Aug 2021 13:23:46 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIssc-00071Y-JZ for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:23:46 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIssc-0005fU-Iq for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:23:46 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIssc-0001rt-Hq for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:23:46 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=5hOBbdkraBD7V4KwgwTMQNrEe47kiPVRA3GpC0ZMrlo=; b=PGsxt71BIMLluFoY0mPNkkqyWk 5xP46WEMlvKNuFeGLEH8PLxzxDrNvDH0UaQflzJ8WVOF5xJYy2x0k5a0yJfz7lCnw/2g7+6/gGqgr SzJEjXLM7OvO/Ks9XdujpDAV1n4KralYGrAiz0TBlBBs6dV0uL2Dw7OOvs33Gfya7oXo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] gnttab: add preemption check to gnttab_release_mappings() Message-Id: Date: Wed, 25 Aug 2021 13:23:46 +0000 commit 29aeeda345168a70facfd7c7ef16fbea6d447061 Author: Jan Beulich AuthorDate: Wed Aug 25 15:07:25 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:07:25 2021 +0200 gnttab: add preemption check to gnttab_release_mappings() A guest may die with many grant mappings still in place, or simply with a large maptrack table. Iterating through this may take more time than is reasonable without intermediate preemption (to run softirqs and perhaps the scheduler). Move the invocation of the function to the section where other restartable functions get invoked, and have the function itself check for preemption every once in a while. Have it iterate the table backwards, such that decreasing the maptrack limit is all it takes to convey restart information. In domain_teardown() introduce PROG_none such that inserting at the front will be easier going forward. This is part of CVE-2021-28698 / XSA-380. Reported-by: Andrew Cooper Signed-off-by: Jan Beulich Reviewed-by: Julien Grall master commit: b1ee10be5625b7d502cef1e6ee3818610ab0d29c master date: 2021-08-25 14:18:18 +0200 --- xen/common/domain.c | 4 +++- xen/common/grant_table.c | 46 ++++++++++++++++++++++++++++++++++++------- xen/include/xen/grant_table.h | 6 ++---- 3 files changed, 44 insertions(+), 12 deletions(-) diff --git a/xen/common/domain.c b/xen/common/domain.c index 7bacf7cfed..b556696c87 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -721,11 +721,13 @@ int domain_kill(struct domain *d) return domain_kill(d); d->is_dying = DOMDYING_dying; argo_destroy(d); - gnttab_release_mappings(d); vnuma_destroy(d->vnuma); domain_set_outstanding_pages(d, 0); /* fallthrough */ case DOMDYING_dying: + rc = gnttab_release_mappings(d); + if ( rc ) + break; rc = evtchn_destroy(d); if ( rc ) break; diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 5239d1395c..74c73e1ef6 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -64,7 +64,13 @@ struct grant_table { unsigned int nr_grant_frames; /* Number of grant status frames shared with guest (for version 2) */ unsigned int nr_status_frames; - /* Number of available maptrack entries. */ + /* + * Number of available maptrack entries. For cleanup purposes it is + * important to realize that this field and @maptrack further down will + * only ever be accessed by the local domain. Thus it is okay to clean + * up early, and to shrink the limit for the purpose of tracking cleanup + * progress. + */ unsigned int maptrack_limit; /* Shared grant table (see include/public/grant_table.h). */ union { @@ -3708,9 +3714,7 @@ do_grant_table_op( #include "compat/grant_table.c" #endif -void -gnttab_release_mappings( - struct domain *d) +int gnttab_release_mappings(struct domain *d) { struct grant_table *gt = d->grant_table, *rgt; struct grant_mapping *map; @@ -3724,10 +3728,34 @@ gnttab_release_mappings( BUG_ON(!d->is_dying); - for ( handle = 0; handle < gt->maptrack_limit; handle++ ) + if ( !gt || !gt->maptrack ) + return 0; + + for ( handle = gt->maptrack_limit; handle; ) { unsigned int clear_flags = 0; + /* + * Deal with full pages such that their freeing (in the body of the + * if()) remains simple. + */ + if ( handle < gt->maptrack_limit && !(handle % MAPTRACK_PER_PAGE) ) + { + /* + * Changing maptrack_limit alters nr_maptrack_frames()'es return + * value. Free the then excess trailing page right here, rather + * than leaving it to grant_table_destroy() (and in turn requiring + * to leave gt->maptrack_limit unaltered). + */ + gt->maptrack_limit = handle; + FREE_XENHEAP_PAGE(gt->maptrack[nr_maptrack_frames(gt)]); + + if ( hypercall_preempt_check() ) + return -ERESTART; + } + + --handle; + map = &maptrack_entry(gt, handle); if ( !(map->flags & (GNTMAP_device_map|GNTMAP_host_map)) ) continue; @@ -3818,6 +3846,11 @@ gnttab_release_mappings( map->flags = 0; } + + gt->maptrack_limit = 0; + FREE_XENHEAP_PAGE(gt->maptrack[0]); + + return 0; } void grant_table_warn_active_grants(struct domain *d) @@ -3881,8 +3914,7 @@ grant_table_destroy( free_xenheap_page(t->shared_raw[i]); xfree(t->shared_raw); - for ( i = 0; i < nr_maptrack_frames(t); i++ ) - free_xenheap_page(t->maptrack[i]); + ASSERT(!t->maptrack_limit); vfree(t->maptrack); for ( i = 0; i < nr_active_grant_frames(t); i++ ) diff --git a/xen/include/xen/grant_table.h b/xen/include/xen/grant_table.h index 98603604b8..ab4726bdc4 100644 --- a/xen/include/xen/grant_table.h +++ b/xen/include/xen/grant_table.h @@ -47,9 +47,7 @@ void grant_table_init_vcpu(struct vcpu *v); void grant_table_warn_active_grants(struct domain *d); /* Domain death release of granted mappings of other domains' memory. */ -void -gnttab_release_mappings( - struct domain *d); +int gnttab_release_mappings(struct domain *d); int mem_sharing_gref_to_gfn(struct grant_table *gt, grant_ref_t ref, gfn_t *gfn, uint16_t *status); @@ -78,7 +76,7 @@ static inline void grant_table_init_vcpu(struct vcpu *v) {} static inline void grant_table_warn_active_grants(struct domain *d) {} -static inline void gnttab_release_mappings(struct domain *d) {} +static inline int gnttab_release_mappings(struct domain *d) { return 0; } static inline int mem_sharing_gref_to_gfn(struct grant_table *gt, grant_ref_t ref, -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:23:58 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:23:58 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172296.314260 (Exim 4.92) (envelope-from ) id 1mIsso-00076y-JQ; Wed, 25 Aug 2021 13:23:58 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172296.314260; Wed, 25 Aug 2021 13:23:58 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsso-00076o-G3; Wed, 25 Aug 2021 13:23:58 +0000 Received: by outflank-mailman (input) for mailman id 172296; Wed, 25 Aug 2021 13:23:56 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIssm-00076U-N6 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:23:56 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIssm-0005ff-MJ for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:23:56 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIssm-0001tX-Ld for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:23:56 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=SMyIudjqJ8WjSMGVU7fF/kv40jYRcLKrbrIMw4k7O6E=; b=xDIhHNyP9OPZ2UgjIU9Q6VjFUC QMcFStw0wGs+Mb3FeiQoWUAD1rK55bUyesNxlFpYM5FvlFHcVa4TIjksg0dUgB+gIHQYI3fNe+CZk /WYeNkdzBY0E2BviL9TOHJ9xJ+rvHsW9BU2TQOVWiXKnn2EwmnmmEHCV2/5xfCDY99Oo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] gnttab: replace mapkind() Message-Id: Date: Wed, 25 Aug 2021 13:23:56 +0000 commit b81187fc4032be56be712f0126c7215f243093ed Author: Jan Beulich AuthorDate: Wed Aug 25 15:07:40 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:07:40 2021 +0200 gnttab: replace mapkind() mapkind() doesn't scale very well with larger maptrack entry counts, using a brute force linear search through all entries, with the only option of an early loop exit if a matching writable entry was found. Introduce a radix tree alongside the main maptrack table, thus allowing much faster MFN-based lookup. To avoid the need to actually allocate space for the individual nodes, encode the two counters in the node pointers themselves, thus limiting the number of permitted simultaneous r/o and r/w mappings of the same MFN to 2³¹-1 (64-bit) / 2¹⁵-1 (32-bit) each. To avoid enforcing an unnecessarily low bound on the number of simultaneous mappings of a single MFN, introduce radix_tree_{ulong_to_ptr,ptr_to_ulong} paralleling radix_tree_{int_to_ptr,ptr_to_int}. As a consequence locking changes are also applicable: With there no longer being any inspection of the remote domain's active entries, there's also no need anymore to hold the remote domain's grant table lock. And since we're no longer iterating over the local domain's map track table, the lock in map_grant_ref() can also be dropped before the new maptrack entry actually gets populated. As a nice side effect this also reduces the number of IOMMU operations in unmap_common(): Previously we would have "established" a readable mapping whenever we didn't find a writable entry anymore (yet, of course, at least one readable one). But we only need to do this if we actually dropped the last writable entry, not if there were none already before. This is part of CVE-2021-28698 / XSA-380. Signed-off-by: Jan Beulich Reviewed-by: Julien Grall master commit: 9781b51efde251efcc0291ddb1d9c7cefe2b2555 master date: 2021-08-25 14:18:39 +0200 --- xen/common/grant_table.c | 198 ++++++++++++++++++++++++------------------- xen/include/xen/radix-tree.h | 19 +++++ 2 files changed, 129 insertions(+), 88 deletions(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 74c73e1ef6..2d8e00409d 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -37,6 +37,7 @@ #include #include #include +#include #include #include #include @@ -82,8 +83,13 @@ struct grant_table { grant_status_t **status; /* Active grant table. */ struct active_grant_entry **active; - /* Mapping tracking table per vcpu. */ + /* Handle-indexed tracking table of mappings. */ struct grant_mapping **maptrack; + /* + * MFN-indexed tracking tree of mappings, if needed. Note that this is + * protected by @lock, not @maptrack_lock. + */ + struct radix_tree_root maptrack_tree; /* Domain to which this struct grant_table belongs. */ const struct domain *domain; @@ -501,34 +507,6 @@ static int get_paged_frame(unsigned long gfn, mfn_t *mfn, return GNTST_okay; } -static inline void -double_gt_lock(struct grant_table *lgt, struct grant_table *rgt) -{ - /* - * See mapkind() for why the write lock is also required for the - * remote domain. - */ - if ( lgt < rgt ) - { - grant_write_lock(lgt); - grant_write_lock(rgt); - } - else - { - if ( lgt != rgt ) - grant_write_lock(rgt); - grant_write_lock(lgt); - } -} - -static inline void -double_gt_unlock(struct grant_table *lgt, struct grant_table *rgt) -{ - grant_write_unlock(lgt); - if ( lgt != rgt ) - grant_write_unlock(rgt); -} - #define INVALID_MAPTRACK_HANDLE UINT_MAX static inline grant_handle_t @@ -948,41 +926,17 @@ static struct active_grant_entry *grant_map_exists(const struct domain *ld, return ERR_PTR(-EINVAL); } -#define MAPKIND_READ 1 -#define MAPKIND_WRITE 2 -static unsigned int mapkind( - struct grant_table *lgt, const struct domain *rd, mfn_t mfn) -{ - struct grant_mapping *map; - grant_handle_t handle, limit = lgt->maptrack_limit; - unsigned int kind = 0; - - /* - * Must have the local domain's grant table write lock when - * iterating over its maptrack entries. - */ - ASSERT(percpu_rw_is_write_locked(&lgt->lock)); - /* - * Must have the remote domain's grant table write lock while - * counting its active entries. - */ - ASSERT(percpu_rw_is_write_locked(&rd->grant_table->lock)); - - smp_rmb(); - - for ( handle = 0; !(kind & MAPKIND_WRITE) && handle < limit; handle++ ) - { - map = &maptrack_entry(lgt, handle); - if ( !(map->flags & (GNTMAP_device_map|GNTMAP_host_map)) || - map->domid != rd->domain_id ) - continue; - if ( mfn_eq(_active_entry(rd->grant_table, map->ref).mfn, mfn) ) - kind |= map->flags & GNTMAP_readonly ? - MAPKIND_READ : MAPKIND_WRITE; - } - - return kind; -} +union maptrack_node { + struct { + /* Radix tree slot pointers use two of the bits. */ +#ifdef __BIG_ENDIAN_BITFIELD + unsigned long : 2; +#endif + unsigned long rd : BITS_PER_LONG / 2 - 1; + unsigned long wr : BITS_PER_LONG / 2 - 1; + } cnt; + unsigned long raw; +}; static void map_grant_ref( @@ -1001,7 +955,6 @@ map_grant_ref( struct grant_mapping *mt; grant_entry_header_t *shah; uint16_t *status; - bool_t need_iommu; ld = current->domain; @@ -1220,31 +1173,75 @@ map_grant_ref( * as mem-sharing and IOMMU use are incompatible). The dom_io case would * need checking separately if we compared against owner here. */ - need_iommu = ld != rd && gnttab_need_iommu_mapping(ld); - if ( need_iommu ) + if ( ld != rd && gnttab_need_iommu_mapping(ld) ) { + union maptrack_node node = { + .cnt.rd = !!(op->flags & GNTMAP_readonly), + .cnt.wr = !(op->flags & GNTMAP_readonly), + }; + int err; + void **slot = NULL; unsigned int kind; - double_gt_lock(lgt, rgt); + grant_write_lock(lgt); + + err = radix_tree_insert(&lgt->maptrack_tree, mfn_x(mfn), + radix_tree_ulong_to_ptr(node.raw)); + if ( err == -EEXIST ) + { + slot = radix_tree_lookup_slot(&lgt->maptrack_tree, mfn_x(mfn)); + if ( likely(slot) ) + { + node.raw = radix_tree_ptr_to_ulong(*slot); + err = -EBUSY; + + /* Update node only when refcount doesn't overflow. */ + if ( op->flags & GNTMAP_readonly ? ++node.cnt.rd + : ++node.cnt.wr ) + { + radix_tree_replace_slot(slot, + radix_tree_ulong_to_ptr(node.raw)); + err = 0; + } + } + else + ASSERT_UNREACHABLE(); + } /* * We're not translated, so we know that dfns and mfns are * the same things, so the IOMMU entry is always 1-to-1. */ - kind = mapkind(lgt, rd, mfn); - if ( !(op->flags & GNTMAP_readonly) && - !(kind & MAPKIND_WRITE) ) + if ( !(op->flags & GNTMAP_readonly) && node.cnt.wr == 1 ) kind = IOMMUF_readable | IOMMUF_writable; - else if ( !kind ) + else if ( (op->flags & GNTMAP_readonly) && + node.cnt.rd == 1 && !node.cnt.wr ) kind = IOMMUF_readable; else kind = 0; - if ( kind && iommu_legacy_map(ld, _dfn(mfn_x(mfn)), mfn, 0, kind) ) + if ( err || + (kind && iommu_legacy_map(ld, _dfn(mfn_x(mfn)), mfn, 0, kind)) ) { - double_gt_unlock(lgt, rgt); + if ( !err ) + { + if ( slot ) + { + op->flags & GNTMAP_readonly ? node.cnt.rd-- + : node.cnt.wr--; + radix_tree_replace_slot(slot, + radix_tree_ulong_to_ptr(node.raw)); + } + else + radix_tree_delete(&lgt->maptrack_tree, mfn_x(mfn)); + } + rc = GNTST_general_error; - goto undo_out; } + + grant_write_unlock(lgt); + + if ( rc != GNTST_okay ) + goto undo_out; } TRACE_1D(TRC_MEM_PAGE_GRANT_MAP, op->dom); @@ -1252,10 +1249,6 @@ map_grant_ref( /* * All maptrack entry users check mt->flags first before using the * other fields so just ensure the flags field is stored last. - * - * However, if gnttab_need_iommu_mapping() then this would race - * with a concurrent mapkind() call (on an unmap, for example) - * and a lock is required. */ mt = &maptrack_entry(lgt, handle); mt->domid = op->dom; @@ -1263,9 +1256,6 @@ map_grant_ref( smp_wmb(); write_atomic(&mt->flags, op->flags); - if ( need_iommu ) - double_gt_unlock(lgt, rgt); - op->dev_bus_addr = mfn_to_maddr(mfn); op->handle = handle; op->status = GNTST_okay; @@ -1487,19 +1477,34 @@ unmap_common( /* See the respective comment in map_grant_ref(). */ if ( rc == GNTST_okay && ld != rd && gnttab_need_iommu_mapping(ld) ) { - unsigned int kind; + void **slot; + union maptrack_node node; int err = 0; - double_gt_lock(lgt, rgt); + grant_write_lock(lgt); + slot = radix_tree_lookup_slot(&lgt->maptrack_tree, mfn_x(op->mfn)); + node.raw = likely(slot) ? radix_tree_ptr_to_ulong(*slot) : 0; + + /* Refcount must not underflow. */ + if ( !(flags & GNTMAP_readonly ? node.cnt.rd-- + : node.cnt.wr--) ) + BUG(); - kind = mapkind(lgt, rd, op->mfn); - if ( !kind ) + if ( !node.raw ) err = iommu_legacy_unmap(ld, _dfn(mfn_x(op->mfn)), 0); - else if ( !(kind & MAPKIND_WRITE) ) + else if ( !(flags & GNTMAP_readonly) && !node.cnt.wr ) err = iommu_legacy_map(ld, _dfn(mfn_x(op->mfn)), op->mfn, 0, IOMMUF_readable); - double_gt_unlock(lgt, rgt); + if ( err ) + ; + else if ( !node.raw ) + radix_tree_delete(&lgt->maptrack_tree, mfn_x(op->mfn)); + else + radix_tree_replace_slot(slot, + radix_tree_ulong_to_ptr(node.raw)); + + grant_write_unlock(lgt); if ( err ) rc = GNTST_general_error; @@ -1951,6 +1956,8 @@ int grant_table_init(struct domain *d, int max_grant_frames, gt->maptrack = vzalloc(gt->max_maptrack_frames * sizeof(*gt->maptrack)); if ( gt->maptrack == NULL ) goto out; + + radix_tree_init(>->maptrack_tree); } /* Shared grant table. */ @@ -3734,6 +3741,7 @@ int gnttab_release_mappings(struct domain *d) for ( handle = gt->maptrack_limit; handle; ) { unsigned int clear_flags = 0; + mfn_t mfn; /* * Deal with full pages such that their freeing (in the body of the @@ -3839,17 +3847,31 @@ int gnttab_release_mappings(struct domain *d) if ( clear_flags ) gnttab_clear_flags(rd, clear_flags, status); + mfn = act->mfn; + active_entry_release(act); grant_read_unlock(rgt); rcu_unlock_domain(rd); map->flags = 0; + + /* + * This is excessive in that a single such call would suffice per + * mapped MFN (or none at all, if no entry was ever inserted). But it + * should be the common case for an MFN to be mapped just once, and + * this way we don't need to further maintain the counters. We also + * don't want to leave cleaning up of the tree as a whole to the end + * of the function, as this could take quite some time. + */ + radix_tree_delete(>->maptrack_tree, mfn_x(mfn)); } gt->maptrack_limit = 0; FREE_XENHEAP_PAGE(gt->maptrack[0]); + radix_tree_destroy(>->maptrack_tree, NULL); + return 0; } diff --git a/xen/include/xen/radix-tree.h b/xen/include/xen/radix-tree.h index ec40cf1d9e..58c40312e6 100644 --- a/xen/include/xen/radix-tree.h +++ b/xen/include/xen/radix-tree.h @@ -190,6 +190,25 @@ static inline int radix_tree_ptr_to_int(void *ptr) return (int)((long)ptr >> 2); } +/** + * radix_tree_{ulong_to_ptr,ptr_to_ulong}: + * + * Same for unsigned long values. Beware though that only BITS_PER_LONG-2 + * bits are actually usable for the value. + */ +static inline void *radix_tree_ulong_to_ptr(unsigned long val) +{ + unsigned long ptr = (val << 2) | 0x2; + ASSERT((ptr >> 2) == val); + return (void *)ptr; +} + +static inline unsigned long radix_tree_ptr_to_ulong(void *ptr) +{ + ASSERT(((unsigned long)ptr & 0x3) == 0x2); + return (unsigned long)ptr >> 2; +} + int radix_tree_insert(struct radix_tree_root *, unsigned long, void *); void *radix_tree_lookup(struct radix_tree_root *, unsigned long); void **radix_tree_lookup_slot(struct radix_tree_root *, unsigned long); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:24:08 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:24:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172297.314265 (Exim 4.92) (envelope-from ) id 1mIssy-0007AO-ME; Wed, 25 Aug 2021 13:24:08 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172297.314265; Wed, 25 Aug 2021 13:24:08 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIssy-0007AG-JJ; Wed, 25 Aug 2021 13:24:08 +0000 Received: by outflank-mailman (input) for mailman id 172297; Wed, 25 Aug 2021 13:24:06 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIssw-0007A6-RQ for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:24:06 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIssw-0005gJ-Pr for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:24:06 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIssw-0001ux-P0 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:24:06 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=uBf97mlkQU5QmH/MP9hqmmOvzH3Kg6YUS7boA2c12S0=; b=LSPZORkArXkSspdscQjOcUaDV7 Xo+G4IJXsbmPfd1WyA4m34ZPiS0me9xqJfn4ZQ9W+fQaCpWoOslpsOGggC/IDq2do+OI3Cw0snDxq C015+/jzw1n1KclNao2S/meoIuEsyG/6iAOj1VIClk3IJXUfx5swRBn/2/dtoHv/AZB0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] gnttab: fix array capacity check in gnttab_get_status_frames() Message-Id: Date: Wed, 25 Aug 2021 13:24:06 +0000 commit 66f5e867c6e3d400af354ab72e924fa7b3ada733 Author: Jan Beulich AuthorDate: Wed Aug 25 15:08:09 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:08:09 2021 +0200 gnttab: fix array capacity check in gnttab_get_status_frames() The number of grant frames is of no interest here; converting the passed in op.nr_frames this way means we allow for 8 times as many GFNs to be written as actually fit in the array. We would corrupt xlat areas of higher vCPU-s (after having faulted many times while trying to write to the guard pages between any two areas) for 32-bit PV guests. For HVM guests we'd simply crash as soon as we hit the first guard page, as accesses to the xlat area are simply memcpy() there. This is CVE-2021-28699 / XSA-382. Fixes: 18b1be5e324b ("gnttab: make resource limits per domain") Signed-off-by: Jan Beulich master commit: ec820035b875cdbedce5e73f481ce65963ede9ed master date: 2021-08-25 14:19:09 +0200 --- xen/common/grant_table.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 2d8e00409d..192db15c34 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -3283,12 +3283,11 @@ gnttab_get_status_frames(XEN_GUEST_HANDLE_PARAM(gnttab_get_status_frames_t) uop, goto unlock; } - if ( unlikely(limit_max < grant_to_status_frames(op.nr_frames)) ) + if ( unlikely(limit_max < op.nr_frames) ) { gdprintk(XENLOG_WARNING, - "grant_to_status_frames(%u) for d%d is too large (%u,%u)\n", - op.nr_frames, d->domain_id, - grant_to_status_frames(op.nr_frames), limit_max); + "nr_status_frames for %pd is too large (%u,%u)\n", + d, op.nr_frames, limit_max); op.status = GNTST_general_error; goto unlock; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:24:18 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:24:18 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172298.314270 (Exim 4.92) (envelope-from ) id 1mIst8-0007DR-OV; Wed, 25 Aug 2021 13:24:18 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172298.314270; Wed, 25 Aug 2021 13:24:18 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIst8-0007DF-Kn; Wed, 25 Aug 2021 13:24:18 +0000 Received: by outflank-mailman (input) for mailman id 172298; Wed, 25 Aug 2021 13:24:16 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIst6-0007D1-U7 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:24:16 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIst6-0005gW-TT for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:24:16 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIst6-0001we-SY for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:24:16 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=I8zm/smLFvaxKumkxP91eNMgQIfDMlCuFHC/00xPpAE=; b=IM/4bAFMdtIu+N7NvKjGWQyHgW md/t9OWA25o+a4I2d22y40YsJTUO+6zoLl7EU0x4A2XkaVdiXW+t1JOvPPFwrti+7KS0ML5FLd2iQ 9nrqF38QG37afgLdPUQaPS9BhXXd435XNsS2X3KHMkN9oeL65IMbvXV9nqqN5OfvIDS8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] xen/arm: Restrict the amount of memory that dom0less domU and dom0 can allocate Message-Id: Date: Wed, 25 Aug 2021 13:24:16 +0000 commit c439f5e97b0229851ba76249ccb224695a1baa29 Author: Julien Grall AuthorDate: Wed Aug 25 15:08:29 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:08:29 2021 +0200 xen/arm: Restrict the amount of memory that dom0less domU and dom0 can allocate Currently, both dom0less domUs and dom0 can allocate an "unlimited" amount of memory because d->max_pages is set to ~0U. In particular, the former are meant to be unprivileged. Therefore the memory they could allocate should be bounded. As the domain are not yet officially aware of Xen (we don't expose advertise it in the DT, yet the hypercalls are accessible), they should not need to allocate more than the initial amount. So cap set d->max_pages directly the amount of memory we are meant to allocate. Take the opportunity to also restrict the memory for dom0 as the domain is direct mapped (e.g. MFN == GFN) and therefore cannot allocate outside of the pre-allocated region. This is CVE-2021-28700 / XSA-383. Reported-by: Julien Grall Signed-off-by: Julien Grall Reviewed-by: Stefano Stabellini Tested-by: Stefano Stabellini master commit: c08d68cd2aacbc7cb56e73ada241bfe4639bbc68 master date: 2021-08-25 14:19:31 +0200 --- xen/arch/arm/domain_build.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index b07461f5d3..f49dbf1ca1 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -2439,7 +2439,8 @@ static int __init construct_domU(struct domain *d, if ( vcpu_create(d, 0) == NULL ) return -ENOMEM; - d->max_pages = ~0U; + + d->max_pages = ((paddr_t)mem * SZ_1K) >> PAGE_SHIFT; kinfo.d = d; @@ -2540,7 +2541,7 @@ int __init construct_dom0(struct domain *d) iommu_hwdom_init(d); - d->max_pages = ~0U; + d->max_pages = dom0_mem >> PAGE_SHIFT; kinfo.unassigned_mem = dom0_mem; kinfo.d = d; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:24:28 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:24:28 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172299.314273 (Exim 4.92) (envelope-from ) id 1mIstI-0007Gf-PX; Wed, 25 Aug 2021 13:24:28 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172299.314273; Wed, 25 Aug 2021 13:24:28 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIstI-0007GX-MN; Wed, 25 Aug 2021 13:24:28 +0000 Received: by outflank-mailman (input) for mailman id 172299; Wed, 25 Aug 2021 13:24:27 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIstH-0007GE-1b for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:24:27 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIstH-0005gh-0x for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:24:27 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIstH-0001xW-06 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:24:27 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=4VJ0iDFoF3PAiYIxl+d1NNWMB5JyjsZpTsCxInm1LeM=; b=4YbBNSmqPFs/aHx3iWTqvMGMww +e/7go+BSZmqFJwr43DlO+F2XaMoOaL3V+9f/migGOCYFxnq0Z2Fi0P2YAWqeaNZAiy8jpSfH19P6 MdfxDMDgJeKP0pGkrVuXCUCS9ZODuw5Hz4t6f6FoLCVASyMbN0opUi/wEKQADFzot4Bw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/hvm: Propagate real error information up through hvm_load() Message-Id: Date: Wed, 25 Aug 2021 13:24:27 +0000 commit 2255511a4ff4f73cdfe4dc1c3be20bde498df877 Author: Andrew Cooper AuthorDate: Wed Aug 25 15:10:18 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:10:18 2021 +0200 x86/hvm: Propagate real error information up through hvm_load() hvm_load() is currently a mix of -errno and -1 style error handling, which aliases -EPERM. This leads to the following confusing diagnostics: From userspace: xc: info: Restoring domain xc: error: Unable to restore HVM context (1 = Operation not permitted): Internal error xc: error: Restore failed (1 = Operation not permitted): Internal error xc_domain_restore: [1] Restore failed (1 = Operation not permitted) From Xen: (XEN) HVM10.0 restore: inconsistent xsave state (feat=0x2ff accum=0x21f xcr0=0x7 bv=0x3 err=-22) (XEN) HVM10 restore: failed to load entry 16/0 The actual error was a bad backport, but the -EINVAL got converted to -EPERM on the way out of the hypercall. The overwhelming majority of *_load() handlers already use -errno consistenty. Fix up the rest to be consistent, and fix a few other errors noticed along the way. * Failures of hvm_load_entry() indicate a truncated record or other bad data size. Use -ENODATA. * Don't use {g,}dprintk(). Omitting diagnostics in release builds is rude, and almost everything uses unconditional printk()'s. * Switch some errors for more appropriate ones. Reported-by: Igor Druzhinin Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich master commit: 96e5ad4c476e70688295b3cfb537847a3351d6fd master date: 2021-07-19 14:34:38 +0100 --- xen/arch/x86/cpu/mcheck/vmce.c | 6 +++--- xen/arch/x86/emul-i8254.c | 9 +++++---- xen/arch/x86/hvm/irq.c | 6 +++--- xen/arch/x86/hvm/save.c | 25 ++++++++++++++----------- xen/arch/x86/hvm/vioapic.c | 5 ++++- xen/arch/x86/hvm/vpic.c | 2 +- 6 files changed, 30 insertions(+), 23 deletions(-) diff --git a/xen/arch/x86/cpu/mcheck/vmce.c b/xen/arch/x86/cpu/mcheck/vmce.c index b1df9e9efd..eb6434a3ba 100644 --- a/xen/arch/x86/cpu/mcheck/vmce.c +++ b/xen/arch/x86/cpu/mcheck/vmce.c @@ -82,11 +82,11 @@ int vmce_restore_vcpu(struct vcpu *v, const struct hvm_vmce_vcpu *ctxt) if ( ctxt->caps & ~guest_mcg_cap & ~MCG_CAP_COUNT & ~MCG_CTL_P ) { - dprintk(XENLOG_G_ERR, "%s restore: unsupported MCA capabilities" - " %#" PRIx64 " for %pv (supported: %#Lx)\n", + printk(XENLOG_G_ERR + "%s restore: unsupported MCA capabilities %#"PRIx64" for %pv (supported: %#Lx)\n", is_hvm_vcpu(v) ? "HVM" : "PV", ctxt->caps, v, guest_mcg_cap & ~MCG_CAP_COUNT); - return -EPERM; + return -EINVAL; } v->arch.vmce.mcg_cap = ctxt->caps; diff --git a/xen/arch/x86/emul-i8254.c b/xen/arch/x86/emul-i8254.c index 73be4188ad..050c784702 100644 --- a/xen/arch/x86/emul-i8254.c +++ b/xen/arch/x86/emul-i8254.c @@ -412,7 +412,7 @@ static int pit_save(struct vcpu *v, hvm_domain_context_t *h) static int pit_load(struct domain *d, hvm_domain_context_t *h) { PITState *pit = domain_vpit(d); - int i; + int i, rc = 0; if ( !has_vpit(d) ) return -ENODEV; @@ -421,8 +421,8 @@ static int pit_load(struct domain *d, hvm_domain_context_t *h) if ( hvm_load_entry(PIT, h, &pit->hw) ) { - spin_unlock(&pit->lock); - return 1; + rc = -ENODATA; + goto out; } /* @@ -434,9 +434,10 @@ static int pit_load(struct domain *d, hvm_domain_context_t *h) for ( i = 0; i < 3; i++ ) pit_load_count(pit, i, pit->hw.channels[i].count); + out: spin_unlock(&pit->lock); - return 0; + return rc; } HVM_REGISTER_SAVE_RESTORE(PIT, pit_save, pit_load, 1, HVMSR_PER_DOM); diff --git a/xen/arch/x86/hvm/irq.c b/xen/arch/x86/hvm/irq.c index 38ac5fb6c7..52aae4565f 100644 --- a/xen/arch/x86/hvm/irq.c +++ b/xen/arch/x86/hvm/irq.c @@ -773,9 +773,9 @@ static int irq_load_link(struct domain *d, hvm_domain_context_t *h) for ( link = 0; link < 4; link++ ) if ( hvm_irq->pci_link.route[link] > 15 ) { - gdprintk(XENLOG_ERR, - "HVM restore: PCI-ISA link %u out of range (%u)\n", - link, hvm_irq->pci_link.route[link]); + printk(XENLOG_G_ERR + "HVM restore: PCI-ISA link %u out of range (%u)\n", + link, hvm_irq->pci_link.route[link]); return -EINVAL; } diff --git a/xen/arch/x86/hvm/save.c b/xen/arch/x86/hvm/save.c index a2c56fbc1e..405eac1c5a 100644 --- a/xen/arch/x86/hvm/save.c +++ b/xen/arch/x86/hvm/save.c @@ -50,14 +50,14 @@ int arch_hvm_load(struct domain *d, struct hvm_save_header *hdr) { printk(XENLOG_G_ERR "HVM%d restore: bad magic number %#"PRIx32"\n", d->domain_id, hdr->magic); - return -1; + return -EINVAL; } if ( hdr->version != HVM_FILE_VERSION ) { printk(XENLOG_G_ERR "HVM%d restore: unsupported version %u\n", d->domain_id, hdr->version); - return -1; + return -EINVAL; } cpuid(1, &eax, &ebx, &ecx, &edx); @@ -291,16 +291,18 @@ int hvm_load(struct domain *d, hvm_domain_context_t *h) struct hvm_save_descriptor *desc; hvm_load_handler handler; struct vcpu *v; + int rc; if ( d->is_dying ) return -EINVAL; /* Read the save header, which must be first */ if ( hvm_load_entry(HEADER, h, &hdr) != 0 ) - return -1; + return -ENODATA; - if ( arch_hvm_load(d, &hdr) ) - return -1; + rc = arch_hvm_load(d, &hdr); + if ( rc ) + return rc; /* Down all the vcpus: we only re-enable the ones that had state saved. */ for_each_vcpu(d, v) @@ -315,7 +317,7 @@ int hvm_load(struct domain *d, hvm_domain_context_t *h) printk(XENLOG_G_ERR "HVM%d restore: save did not end with a null entry\n", d->domain_id); - return -1; + return -ENODATA; } /* Read the typecode of the next entry and check for the end-marker */ @@ -329,17 +331,18 @@ int hvm_load(struct domain *d, hvm_domain_context_t *h) { printk(XENLOG_G_ERR "HVM%d restore: unknown entry typecode %u\n", d->domain_id, desc->typecode); - return -1; + return -EINVAL; } /* Load the entry */ printk(XENLOG_G_INFO "HVM%d restore: %s %"PRIu16"\n", d->domain_id, hvm_sr_handlers[desc->typecode].name, desc->instance); - if ( handler(d, h) != 0 ) + rc = handler(d, h); + if ( rc ) { - printk(XENLOG_G_ERR "HVM%d restore: failed to load entry %u/%u\n", - d->domain_id, desc->typecode, desc->instance); - return -1; + printk(XENLOG_G_ERR "HVM%d restore: failed to load entry %u/%u rc %d\n", + d->domain_id, desc->typecode, desc->instance, rc); + return rc; } } diff --git a/xen/arch/x86/hvm/vioapic.c b/xen/arch/x86/hvm/vioapic.c index 99e137df33..eac235eb55 100644 --- a/xen/arch/x86/hvm/vioapic.c +++ b/xen/arch/x86/hvm/vioapic.c @@ -619,7 +619,10 @@ static int ioapic_load(struct domain *d, hvm_domain_context_t *h) d->arch.hvm.nr_vioapics != 1 ) return -EOPNOTSUPP; - return hvm_load_entry(IOAPIC, h, &s->domU); + if ( hvm_load_entry(IOAPIC, h, &s->domU) ) + return -ENODATA; + + return 0; } HVM_REGISTER_SAVE_RESTORE(IOAPIC, ioapic_save, ioapic_load, 1, HVMSR_PER_DOM); diff --git a/xen/arch/x86/hvm/vpic.c b/xen/arch/x86/hvm/vpic.c index fcc3de5c0c..398c1d4efa 100644 --- a/xen/arch/x86/hvm/vpic.c +++ b/xen/arch/x86/hvm/vpic.c @@ -401,7 +401,7 @@ static int vpic_load(struct domain *d, hvm_domain_context_t *h) /* Which PIC is this? */ if ( inst > 1 ) - return -EINVAL; + return -ENOENT; s = &d->arch.hvm.vpic[inst]; /* Load the state */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:24:38 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:24:38 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172301.314289 (Exim 4.92) (envelope-from ) id 1mIstS-0007cR-2b; Wed, 25 Aug 2021 13:24:38 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172301.314289; Wed, 25 Aug 2021 13:24:38 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIstR-0007cJ-V0; Wed, 25 Aug 2021 13:24:37 +0000 Received: by outflank-mailman (input) for mailman id 172301; Wed, 25 Aug 2021 13:24:37 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIstR-0007bn-5D for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:24:37 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIstR-0005h5-4V for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:24:37 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIstR-0001z7-3l for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:24:37 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=qQXUcL7ac60fRs5iQwZPQl28Ll1S2pWhHt6nxq1ZEgM=; b=PDgGhKQItDcwa6yc29ZMKbsgN9 cSXmkwBXrELmLu+JuFQFto7wmUfesM/pJ+IM7z+qdsf0iQrwKYbJHLcWaeqyKcj2h5XLp8bHvhJQ1 27z4+CJ/+4xFN7YabFqRTb1QpVY2nwEA9xnSOej3LDH6u4/bHlzExRTKiqWf1S8F5OvQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] xen/lib: Fix strcmp() and strncmp() Message-Id: Date: Wed, 25 Aug 2021 13:24:37 +0000 commit 8df03ef746dec2d4612ef7ea1933e8066783ad27 Author: Jane Malalane AuthorDate: Wed Aug 25 15:10:32 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:10:32 2021 +0200 xen/lib: Fix strcmp() and strncmp() The C standard requires that each character be compared as unsigned char. Xen's current behaviour compares as signed char, which changes the answer when chars with a value greater than 0x7f are used. Suggested-by: Andrew Cooper Signed-off-by: Jane Malalane Reviewed-by: Ian Jackson master commit: 3747a2bb67daa5a8baeff6cda57dc98a5ef79c3e master date: 2021-07-30 10:52:46 +0100 --- xen/common/string.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/xen/common/string.c b/xen/common/string.c index af3d96ad0f..43624b1b45 100644 --- a/xen/common/string.c +++ b/xen/common/string.c @@ -119,14 +119,16 @@ EXPORT_SYMBOL(strlcat); */ int (strcmp)(const char *cs, const char *ct) { - register signed char __res; + unsigned char *csu = (unsigned char *)cs; + unsigned char *ctu = (unsigned char *)ct; + int res; while (1) { - if ((__res = *cs - *ct++) != 0 || !*cs++) + if ((res = *csu - *ctu++) != 0 || !*csu++) break; } - return __res; + return res; } #endif @@ -139,15 +141,17 @@ int (strcmp)(const char *cs, const char *ct) */ int (strncmp)(const char *cs, const char *ct, size_t count) { - register signed char __res = 0; + unsigned char *csu = (unsigned char *)cs; + unsigned char *ctu = (unsigned char *)ct; + int res = 0; while (count) { - if ((__res = *cs - *ct++) != 0 || !*cs++) + if ((res = *csu - *ctu++) != 0 || !*csu++) break; count--; } - return __res; + return res; } #endif -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:24:48 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:24:48 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172303.314292 (Exim 4.92) (envelope-from ) id 1mIstc-0007mo-36; Wed, 25 Aug 2021 13:24:48 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172303.314292; Wed, 25 Aug 2021 13:24:48 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIstc-0007mg-0B; Wed, 25 Aug 2021 13:24:48 +0000 Received: by outflank-mailman (input) for mailman id 172303; Wed, 25 Aug 2021 13:24:47 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIstb-0007mR-8w for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:24:47 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIstb-0005hK-8D for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:24:47 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIstb-00020W-7M for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:24:47 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=DXggs2aBst94SZPXIMmuZqsnK8q3pUCg39buh+w5enI=; b=zbWx6TETnZcbJM9/q02DjfTgRF V5q2RE52dci0vCJdkeb2e/IRG+aGyud78/YRLb36ZEBbK9AClVzoV50k+5+Qg37l4TGv64LdM6vFF a9UgjmmVfJjWeV1mLkCcdqQgmRJ1CluVr6hFs6AxgeDM4ofTuQ0LYp8os7TRwHxpGZPY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] credit2: avoid picking a spurious idle unit when caps are used Message-Id: Date: Wed, 25 Aug 2021 13:24:47 +0000 commit 58570591db5e29dd111db0aac4e8551b60718ae4 Author: Dario Faggioli AuthorDate: Wed Aug 25 15:10:45 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:10:45 2021 +0200 credit2: avoid picking a spurious idle unit when caps are used Commit 07b0eb5d0ef0 ("credit2: make sure we pick a runnable unit from the runq if there is one") did not fix completely the problem of potentially selecting a scheduling unit that will then not be able to run. In fact, in case caps are used and the unit we are currently looking at, during the runqueue scan, does not have enough budget for being run, we should continue looking instead than giving up and picking the idle unit. Suggested-by: George Dunlap Signed-off-by: Dario Faggioli Reviewed-by: Jan Beulich master commit: 0f742839ae57e10687e7a573070c37430f31068c master date: 2021-08-10 09:29:10 +0200 --- xen/common/sched/credit2.c | 32 +++++++++++++++++++++++++------- 1 file changed, 25 insertions(+), 7 deletions(-) diff --git a/xen/common/sched/credit2.c b/xen/common/sched/credit2.c index ebb09ea43a..6396b38e04 100644 --- a/xen/common/sched/credit2.c +++ b/xen/common/sched/credit2.c @@ -3463,6 +3463,15 @@ runq_candidate(struct csched2_runqueue_data *rqd, (unsigned char *)&d); } + /* + * If the unit in the runqueue has more credits than current (or than + * idle, if current is not runnable) or if current is yielding, we may + * want to pick it up. Otherwise, there's no need to keep scanning the + * runqueue any further. + */ + if ( !yield && svc->credit <= snext->credit ) + break; + /* Skip non runnable units that we (temporarily) have in the runq */ if ( unlikely(!unit_runnable_state(svc->unit)) ) continue; @@ -3494,16 +3503,25 @@ runq_candidate(struct csched2_runqueue_data *rqd, } /* - * If the one in the runqueue has more credit than current (or idle, - * if current is not runnable), or if current is yielding, and also - * if the one in runqueue either is not capped, or is capped but has - * some budget, then choose it. + * If we are here, we are almost sure we want to pick the unit in + * the runqueue. Last thing we need to check is that it either is + * not capped or, if it is, it has some budget. + * + * Note that budget availability must be the very last check that + * we do in this loop, due to the side effects that unit_grab_budget() + * causes. + * + * In fact, if there is budget available in the unit's domain's + * budget pool, the function will pick some for running this unit. + * And we clearly want to do that only if we're otherwise sure that + * the unit will actually run, consume it, and return the leftover + * (if any) in the usual way. */ - if ( (yield || svc->credit > snext->credit) && - (!has_cap(svc) || unit_grab_budget(svc)) ) - snext = svc; + if ( has_cap(svc) && !unit_grab_budget(svc) ) + continue; /* In any case, if we got this far, break. */ + snext = svc; break; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:24:58 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:24:58 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172304.314296 (Exim 4.92) (envelope-from ) id 1mIstm-0007tP-4h; Wed, 25 Aug 2021 13:24:58 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172304.314296; Wed, 25 Aug 2021 13:24:58 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIstm-0007tH-1k; Wed, 25 Aug 2021 13:24:58 +0000 Received: by outflank-mailman (input) for mailman id 172304; Wed, 25 Aug 2021 13:24:57 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIstl-0007t2-CX for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:24:57 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIstl-0005hZ-Bn for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:24:57 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIstl-00022N-B2 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:24:57 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=99Hms9y8nsI760wxyrI2jxC+i/RP7N69Dh4rAMnhwsY=; b=dDONzYczxdsAkzjGrwLdUfXD3e 258WaO81Lm6l6alB10gsbPRRR01xPDnX8TeGWUX3U9nb8DdhJ+kuYc4EHDtMdSh4FFkg6c95c/Au1 boQBKY6KxCmgXm7Wmwp/kzCwxaXRMWsLQqfCosgXOmA0Qqf5xurBJRt/H95Be86rEmBs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/cet: Fix shskt manipulation error with BUGFRAME_{warn,run_fn} Message-Id: Date: Wed, 25 Aug 2021 13:24:57 +0000 commit a9d7c2541415dad9b9707ab1e302691d2844f271 Author: Andrew Cooper AuthorDate: Wed Aug 25 15:10:58 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:10:58 2021 +0200 x86/cet: Fix shskt manipulation error with BUGFRAME_{warn,run_fn} This was a clear oversight in the original CET work. The BUGFRAME_run_fn and BUGFRAME_warn paths update regs->rip without an equivalent adjustment to the shadow stack, causing IRET to suffer #CP because of the mismatch. One subtle, and therefore fragile, aspect of extable_shstk_fixup() was that it required regs->rip to have its old value as a cross-check that the right word in the shadow stack was being edited. Rework extable_shstk_fixup() into fixup_exception_return() which takes ownership of the update to both the regular and shadow stacks, ensuring that the regs->rip update is ordered correctly. Use the new fixup_exception_return() for BUGFRAME_run_fn and BUGFRAME_warn to ensure that the shadow stack is updated too. Fixes: 209fb9919b50 ("x86/extable: Adjust extable handling to be shadow stack compatible") Reported-by: Marek Marczykowski-Górecki Signed-off-by: Andrew Cooper Tested-by: Marek Marczykowski-Górecki Reviewed-by: Jan Beulich x86/cet: Fix build on newer versions of GCC Some versions of GCC complain with: traps.c:405:22: error: 'get_shstk_bottom' defined but not used [-Werror=unused-function] static unsigned long get_shstk_bottom(unsigned long sp) ^~~~~~~~~~~~~~~~ cc1: all warnings being treated as errors Change #ifdef to if ( IS_ENABLED(...) ) to make the sole user of get_shstk_bottom() visible to the compiler. Fixes: 35727551c070 ("x86/cet: Fix shskt manipulation error with BUGFRAME_{warn,run_fn}") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich Compile-tested-by: Jan Beulich Tested-by: Marek Marczykowski-Górecki master commit: 35727551c0703493a2240e967cffc3063b13d49c master date: 2021-08-16 16:03:20 +0100 master commit: 54c9736382e0d558a6acd820e44185e020131c48 master date: 2021-08-17 12:55:48 +0100 --- xen/arch/x86/traps.c | 96 ++++++++++++++++++++++++++++------------------------ 1 file changed, 51 insertions(+), 45 deletions(-) diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index bc5b8f8ea3..a38f10ad28 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -775,53 +775,62 @@ static void do_reserved_trap(struct cpu_user_regs *regs) trapnr, vec_name(trapnr), regs->error_code); } -static void extable_shstk_fixup(struct cpu_user_regs *regs, unsigned long fixup) +static void fixup_exception_return(struct cpu_user_regs *regs, + unsigned long fixup) { - unsigned long ssp, *ptr, *base; + if ( IS_ENABLED(CONFIG_XEN_SHSTK) ) + { + unsigned long ssp, *ptr, *base; - asm ( "rdsspq %0" : "=r" (ssp) : "0" (1) ); - if ( ssp == 1 ) - return; + asm ( "rdsspq %0" : "=r" (ssp) : "0" (1) ); + if ( ssp == 1 ) + goto shstk_done; - ptr = _p(ssp); - base = _p(get_shstk_bottom(ssp)); + ptr = _p(ssp); + base = _p(get_shstk_bottom(ssp)); - for ( ; ptr < base; ++ptr ) - { - /* - * Search for %rip. The shstk currently looks like this: - * - * ... [Likely pointed to by SSP] - * %cs [== regs->cs] - * %rip [== regs->rip] - * SSP [Likely points to 3 slots higher, above %cs] - * ... [call tree to this function, likely 2/3 slots] - * - * and we want to overwrite %rip with fixup. There are two - * complications: - * 1) We cant depend on SSP values, because they won't differ by 3 - * slots if the exception is taken on an IST stack. - * 2) There are synthetic (unrealistic but not impossible) scenarios - * where %rip can end up in the call tree to this function, so we - * can't check against regs->rip alone. - * - * Check for both regs->rip and regs->cs matching. - */ - if ( ptr[0] == regs->rip && ptr[1] == regs->cs ) + for ( ; ptr < base; ++ptr ) { - asm ( "wrssq %[fix], %[stk]" - : [stk] "=m" (ptr[0]) - : [fix] "r" (fixup) ); - return; + /* + * Search for %rip. The shstk currently looks like this: + * + * ... [Likely pointed to by SSP] + * %cs [== regs->cs] + * %rip [== regs->rip] + * SSP [Likely points to 3 slots higher, above %cs] + * ... [call tree to this function, likely 2/3 slots] + * + * and we want to overwrite %rip with fixup. There are two + * complications: + * 1) We cant depend on SSP values, because they won't differ by + * 3 slots if the exception is taken on an IST stack. + * 2) There are synthetic (unrealistic but not impossible) + * scenarios where %rip can end up in the call tree to this + * function, so we can't check against regs->rip alone. + * + * Check for both regs->rip and regs->cs matching. + */ + if ( ptr[0] == regs->rip && ptr[1] == regs->cs ) + { + asm ( "wrssq %[fix], %[stk]" + : [stk] "=m" (ptr[0]) + : [fix] "r" (fixup) ); + goto shstk_done; + } } + + /* + * We failed to locate and fix up the shadow IRET frame. This could + * be due to shadow stack corruption, or bad logic above. We cannot + * continue executing the interrupted context. + */ + BUG(); + } + shstk_done: - /* - * We failed to locate and fix up the shadow IRET frame. This could be - * due to shadow stack corruption, or bad logic above. We cannot continue - * executing the interrupted context. - */ - BUG(); + /* Fixup the regular stack. */ + regs->rip = fixup; } static bool extable_fixup(struct cpu_user_regs *regs, bool print) @@ -840,10 +849,7 @@ static bool extable_fixup(struct cpu_user_regs *regs, bool print) vec_name(regs->entry_vector), regs->error_code, _p(regs->rip), _p(regs->rip), _p(fixup)); - if ( IS_ENABLED(CONFIG_XEN_SHSTK) ) - extable_shstk_fixup(regs, fixup); - - regs->rip = fixup; + fixup_exception_return(regs, fixup); this_cpu(last_extable_addr) = regs->rip; return true; @@ -1127,7 +1133,7 @@ void do_invalid_op(struct cpu_user_regs *regs) void (*fn)(struct cpu_user_regs *) = bug_ptr(bug); fn(regs); - regs->rip = (unsigned long)eip; + fixup_exception_return(regs, (unsigned long)eip); return; } @@ -1148,7 +1154,7 @@ void do_invalid_op(struct cpu_user_regs *regs) case BUGFRAME_warn: printk("Xen WARN at %s%s:%d\n", prefix, filename, lineno); show_execution_state(regs); - regs->rip = (unsigned long)eip; + fixup_exception_return(regs, (unsigned long)eip); return; case BUGFRAME_bug: -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:25:08 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:25:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172307.314300 (Exim 4.92) (envelope-from ) id 1mIstw-0007zk-84; Wed, 25 Aug 2021 13:25:08 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172307.314300; Wed, 25 Aug 2021 13:25:08 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIstw-0007zb-4e; Wed, 25 Aug 2021 13:25:08 +0000 Received: by outflank-mailman (input) for mailman id 172307; Wed, 25 Aug 2021 13:25:07 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIstv-0007zJ-G6 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:25:07 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIstv-0005jn-FS for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:25:07 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIstv-00023q-Eb for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:25:07 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=HBCTObncgEI8zM/NOjrUhvZhZW3FWC4vEwodYXvkrN0=; b=Y13xoJl/NxSHPlqrbmiYh0Et8G s0HLiZIkFe03wPYtkPppLKy34Givxu+JU5tmp1KXnHWO41MoG5hFdUuAz6dgeWBQTsZoYSPxDJNw6 CCO1X3J5o+zWQDoaaJEsC/VUIn/kYrlPOPTKVcBwtywSIMqyWE0Mrm/nA8rGCdf6tHFg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] VT-d: Tylersburg errata apply to further steppings Message-Id: Date: Wed, 25 Aug 2021 13:25:07 +0000 commit 26b885cbdd2458b32434a4d20b921b49bd623adb Author: Jan Beulich AuthorDate: Wed Aug 25 15:11:11 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:11:11 2021 +0200 VT-d: Tylersburg errata apply to further steppings While for 5500 and 5520 chipsets only B3 and C2 are mentioned in the spec update, X58's also mentions B2, and searching the internet suggests systems with this stepping are actually in use. Even worse, for X58 erratum #69 is marked applicable even to C2. Split the check to cover all applicable steppings and to also report applicable errata numbers in the log message. The splitting requires using the DMI port instead of the System Management Registers device, but that's then in line (also revision checking wise) with the spec updates. Fixes: 6890cebc6a98 ("VT-d: deal with 5500/5520/X58 errata") Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian master commit: 517a90d1ca09ce00e50d46ac25566cc3bd2eb34d master date: 2021-08-18 09:44:14 +0200 --- xen/drivers/passthrough/vtd/quirks.c | 34 +++++++++++++++++++++++++--------- 1 file changed, 25 insertions(+), 9 deletions(-) diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c index 5594270678..1de2578378 100644 --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -268,26 +268,42 @@ static int __init parse_snb_timeout(const char *s) } custom_param("snb_igd_quirk", parse_snb_timeout); -/* 5500/5520/X58 Chipset Interrupt remapping errata, for stepping B-3. - * Fixed in stepping C-2. */ +/* + * 5500/5520/X58 chipset interrupt remapping errata, for steppings B2 and B3. + * Fixed in stepping C2 except on X58. + */ static void __init tylersburg_intremap_quirk(void) { - uint32_t bus, device; + unsigned int bus; uint8_t rev; for ( bus = 0; bus < 0x100; bus++ ) { - /* Match on System Management Registers on Device 20 Function 0 */ - device = pci_conf_read32(PCI_SBDF(0, bus, 20, 0), PCI_VENDOR_ID); - rev = pci_conf_read8(PCI_SBDF(0, bus, 20, 0), PCI_REVISION_ID); + /* Match on DMI port (Device 0 Function 0) */ + rev = pci_conf_read8(PCI_SBDF(0, bus, 0, 0), PCI_REVISION_ID); - if ( rev == 0x13 && device == 0x342e8086 ) + switch ( pci_conf_read32(PCI_SBDF(0, bus, 0, 0), PCI_VENDOR_ID) ) { + default: + continue; + + case 0x34038086: case 0x34068086: + if ( rev >= 0x22 ) + continue; + printk(XENLOG_WARNING VTDPREFIX + "Disabling IOMMU due to Intel 5500/5520 chipset errata #47 and #53\n"); + iommu_enable = false; + break; + + case 0x34058086: printk(XENLOG_WARNING VTDPREFIX - "Disabling IOMMU due to Intel 5500/5520/X58 Chipset errata #47, #53\n"); - iommu_enable = 0; + "Disabling IOMMU due to Intel X58 chipset %s\n", + rev < 0x22 ? "errata #62 and #69" : "erratum #69"); + iommu_enable = false; break; } + + break; } } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:25:18 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:25:18 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172309.314304 (Exim 4.92) (envelope-from ) id 1mIsu6-000836-98; Wed, 25 Aug 2021 13:25:18 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172309.314304; Wed, 25 Aug 2021 13:25:18 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsu6-00082y-6A; Wed, 25 Aug 2021 13:25:18 +0000 Received: by outflank-mailman (input) for mailman id 172309; Wed, 25 Aug 2021 13:25:17 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsu5-00082p-Jg for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:25:17 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsu5-0005k3-J1 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:25:17 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIsu5-00025G-I9 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:25:17 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rznNzMY8FtG9bX07CF2pco3LbFP7jsZsUcF4/gkoYY4=; b=zFA6J2ezo0X18oNFVpLgoxD1W4 TSNZ4RWPIFw2kJuXhMq0w5aLOkR86I60uwRP7seWDW3O/a7ihYBLgzLlTHIctDnHyORDl4A/UlIT4 QHt4eoK7JAaDKHLxZ+SC5cm+pYsR/F9tKN1r8fmFKjbrHFw82lC9CFDVfNiN/0s4xZD0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] xen/sched: fix get_cpu_idle_time() for smt=0 suspend/resume Message-Id: Date: Wed, 25 Aug 2021 13:25:17 +0000 commit da7254738899da02049dce79bde5af8c27df2481 Author: Juergen Gross AuthorDate: Wed Aug 25 15:11:24 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:11:24 2021 +0200 xen/sched: fix get_cpu_idle_time() for smt=0 suspend/resume With smt=0 during a suspend/resume cycle of the machine the threads which have been parked before will briefly come up again. This can result in problems e.g. with cpufreq driver being active as this will call into get_cpu_idle_time() for a cpu without initialized scheduler data. Fix that by letting get_cpu_idle_time() deal with this case. Drop a redundant check in exchange. Fixes: 132cbe8f35632fb2 ("sched: fix get_cpu_idle_time() with core scheduling") Reported-by: Marek Marczykowski-Górecki Signed-off-by: Juergen Gross Tested-by: Marek Marczykowski-Górecki Reviewed-by: Jan Beulich Acked-by: Dario Faggioli master commit: 5293470a77ad980dce2af9b7e6c3f11eeebf1b64 master date: 2021-08-19 13:38:31 +0200 --- xen/common/sched/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/common/sched/core.c b/xen/common/sched/core.c index 1bd63c9de6..229ed85f48 100644 --- a/xen/common/sched/core.c +++ b/xen/common/sched/core.c @@ -337,7 +337,7 @@ uint64_t get_cpu_idle_time(unsigned int cpu) struct vcpu_runstate_info state = { 0 }; const struct vcpu *v = idle_vcpu[cpu]; - if ( cpu_online(cpu) && v ) + if ( cpu_online(cpu) && get_sched_res(cpu) ) vcpu_runstate_get(v, &state); return state.time[RUNSTATE_running]; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:25:29 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:25:29 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172310.314308 (Exim 4.92) (envelope-from ) id 1mIsuH-00086k-AY; Wed, 25 Aug 2021 13:25:29 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172310.314308; Wed, 25 Aug 2021 13:25:29 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsuH-00086c-7e; Wed, 25 Aug 2021 13:25:29 +0000 Received: by outflank-mailman (input) for mailman id 172310; Wed, 25 Aug 2021 13:25:27 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsuF-00086F-NJ for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:25:27 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIsuF-0005kK-MY for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:25:27 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIsuF-00026S-Lg for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:25:27 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=HyDug8PxYoGitM1obS96z5qfn1bYU4Ut2iHvLhsINEk=; b=UFX4ih/YBjPNsGsPr7zv3PkcsI CBuNB72FrG+yI7DHYKm5ilAVZfPEKEPEYt1V694eULnX9CHkLU8CzRRM4pmzItuQPYSm0WXjHe8Ed AdeM5Wia/vCENz406j3eykCxJCiETqP/NBBSudzhHt2iJDbHba3ruk1XOeZ2px9LjVq8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] AMD/IOMMU: don't leave page table mapped when unmapping ... Message-Id: Date: Wed, 25 Aug 2021 13:25:27 +0000 commit 301ea7a89d1a31fd1732d22b5eb3f78058fdd5dc Author: Jan Beulich AuthorDate: Wed Aug 25 15:11:37 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:11:37 2021 +0200 AMD/IOMMU: don't leave page table mapped when unmapping ... ... an already not mapped page. With all other exit paths doing the unmap, I have no idea how I managed to miss that aspect at the time. Fixes: ad591454f069 ("AMD/IOMMU: don't needlessly trigger errors/crashes when unmapping a page") Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: 3cfec6a6aa7a7bf68f8e19e21f450c2febe9acb4 master date: 2021-08-20 12:30:35 +0200 --- xen/drivers/passthrough/amd/iommu_map.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index cf4da2b00a..90c6e8b93e 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -256,7 +256,10 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, else if ( !pde->pr ) { if ( !map ) + { + unmap_domain_page(next_table_vaddr); return 0; + } if ( next_table_mfn == 0 ) { -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:33:23 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:33:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172331.314345 (Exim 4.92) (envelope-from ) id 1mIt1s-0002iT-Qw; Wed, 25 Aug 2021 13:33:20 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172331.314345; Wed, 25 Aug 2021 13:33:20 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt1s-0002iL-O4; Wed, 25 Aug 2021 13:33:20 +0000 Received: by outflank-mailman (input) for mailman id 172331; Wed, 25 Aug 2021 13:33:20 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt1r-0002iF-VL for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:33:19 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt1r-0005tz-Tj for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:33:19 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIt1r-00037O-SB for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:33:19 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=DBKVdCJ2IMeBYdQhtYzIznr84ZWybM39g4w+nA6qMLg=; b=Ts0Qvig5eba33w8ieI9XB0E4yp NscdRkKX9SBiJoWttl3eWhylq3yOPirSo+xybt4SOtfoszKqcyycvYTSAP1CafiuTUBsuIx5ePma1 5E7OyKzn2XMCOr9qVSUvfpi9tFpUwUSG44sAK0CWjKUO1FmDWdbcd7Ffsv8cIaQdWrTY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] tools/firmware/ovmf: Use OvmfXen platform file is exist Message-Id: Date: Wed, 25 Aug 2021 13:33:19 +0000 commit 91bb9e9b0c0e2af926ab08958f3d65f07a105cb6 Author: Anthony PERARD AuthorDate: Tue Jun 1 11:28:03 2021 +0100 Commit: Ian Jackson CommitDate: Wed Aug 25 14:29:35 2021 +0100 tools/firmware/ovmf: Use OvmfXen platform file is exist A platform introduced in EDK II named OvmfXen is now the one to use for Xen instead of OvmfX64. It comes with PVH support. Also, the Xen support in OvmfX64 is deprecated, "deprecation notice: *dynamic* multi-VMM (QEMU vs. Xen) support in OvmfPkg" https://edk2.groups.io/g/devel/message/75498 Signed-off-by: Anthony PERARD Acked-by: Ian Jackson (cherry picked from commit aad7b5c11d51d57659978e04702ac970906894e8) --- tools/firmware/ovmf-makefile | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/tools/firmware/ovmf-makefile b/tools/firmware/ovmf-makefile index 55f9992145..637ee509c3 100644 --- a/tools/firmware/ovmf-makefile +++ b/tools/firmware/ovmf-makefile @@ -17,8 +17,14 @@ all: build .PHONY: build build: if test -e .git ; then $(GIT) submodule update --init --recursive ; fi - OvmfPkg/build.sh -a X64 -b $(TARGET) -n 4 - cp Build/OvmfX64/$(TARGET)_GCC*/FV/OVMF.fd ovmf.bin + set -ex; \ + if test -e OvmfPkg/OvmfXen.dsc; then \ + OvmfPkg/build.sh -a X64 -b $(TARGET) -n 4 -p OvmfPkg/OvmfXen.dsc; \ + cp Build/OvmfXen/$(TARGET)_GCC*/FV/OVMF.fd ovmf.bin; \ + else \ + OvmfPkg/build.sh -a X64 -b $(TARGET) -n 4; \ + cp Build/OvmfX64/$(TARGET)_GCC*/FV/OVMF.fd ovmf.bin; \ + fi .PHONY: clean clean: -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:33:30 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:33:30 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172332.314349 (Exim 4.92) (envelope-from ) id 1mIt22-0002kp-SQ; Wed, 25 Aug 2021 13:33:30 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172332.314349; Wed, 25 Aug 2021 13:33:30 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt22-0002ki-Pb; Wed, 25 Aug 2021 13:33:30 +0000 Received: by outflank-mailman (input) for mailman id 172332; Wed, 25 Aug 2021 13:33:30 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt22-0002ka-9r for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:33:30 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt22-0005u9-93 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:33:30 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIt22-00038m-7u for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:33:30 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=js/qnYegcMhhFNqDoO4ur2X2ixeQX7JnBaTeUDrP/JY=; b=o+Ul79uBX5w99YmLVgWJkNoK70 0ruC2wnXRi3ehRKW+7ytSMI4A0s0O3YW6r4eIP822ZZ84Occ26GoSviGbGvD5TlUfHwDVOZshMlM3 p42Lrfsxwk92t6Cet9wEzMqw+AkF/w6U7O79vjQn4NcvTSJ62ByZOnM9JW9wKweu976k=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] tools/firmware/ovmf: Use OvmfXen platform file is exist Message-Id: Date: Wed, 25 Aug 2021 13:33:30 +0000 commit 74e93071826fe3aaab32e469280a3253a39147f6 Author: Anthony PERARD AuthorDate: Tue Jun 1 11:28:03 2021 +0100 Commit: Ian Jackson CommitDate: Wed Aug 25 14:29:17 2021 +0100 tools/firmware/ovmf: Use OvmfXen platform file is exist A platform introduced in EDK II named OvmfXen is now the one to use for Xen instead of OvmfX64. It comes with PVH support. Also, the Xen support in OvmfX64 is deprecated, "deprecation notice: *dynamic* multi-VMM (QEMU vs. Xen) support in OvmfPkg" https://edk2.groups.io/g/devel/message/75498 Signed-off-by: Anthony PERARD Acked-by: Ian Jackson (cherry picked from commit aad7b5c11d51d57659978e04702ac970906894e8) (cherry picked from commit 7988ef515a5eabe74bb5468c8c692e03ee9db8bc) --- tools/firmware/ovmf-makefile | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/tools/firmware/ovmf-makefile b/tools/firmware/ovmf-makefile index 55f9992145..637ee509c3 100644 --- a/tools/firmware/ovmf-makefile +++ b/tools/firmware/ovmf-makefile @@ -17,8 +17,14 @@ all: build .PHONY: build build: if test -e .git ; then $(GIT) submodule update --init --recursive ; fi - OvmfPkg/build.sh -a X64 -b $(TARGET) -n 4 - cp Build/OvmfX64/$(TARGET)_GCC*/FV/OVMF.fd ovmf.bin + set -ex; \ + if test -e OvmfPkg/OvmfXen.dsc; then \ + OvmfPkg/build.sh -a X64 -b $(TARGET) -n 4 -p OvmfPkg/OvmfXen.dsc; \ + cp Build/OvmfXen/$(TARGET)_GCC*/FV/OVMF.fd ovmf.bin; \ + else \ + OvmfPkg/build.sh -a X64 -b $(TARGET) -n 4; \ + cp Build/OvmfX64/$(TARGET)_GCC*/FV/OVMF.fd ovmf.bin; \ + fi .PHONY: clean clean: -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:33:41 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:33:41 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172333.314353 (Exim 4.92) (envelope-from ) id 1mIt2D-0002nt-UI; Wed, 25 Aug 2021 13:33:41 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172333.314353; Wed, 25 Aug 2021 13:33:41 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt2D-0002nl-RI; Wed, 25 Aug 2021 13:33:41 +0000 Received: by outflank-mailman (input) for mailman id 172333; Wed, 25 Aug 2021 13:33:41 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt2D-0002nf-7v for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:33:41 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt2D-0005uK-7C for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:33:41 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIt2D-0003Cq-6F for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:33:41 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=iS/AT7hnjqvIepmHZebXf6Z5JxbWYIiTEd9yqFPxvro=; b=RHYAHAxIQYwwjRRGbAV3yX1SbN I9eg/8lNe3rw5Sq7LXdbedGuGzk5taBGQFilKXSfUh7+5et2TABZi7zfJN6zFpIcKR10Rjs8/1LLH 7MyeMOTEdYTpoDHKxTnYyHtekv14666BVYAIliYTzKd9PieIp9rLM4uzPKLHkQsm8TPg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] x86: work around build issue with GNU ld 2.37 Message-Id: Date: Wed, 25 Aug 2021 13:33:41 +0000 commit 85dc71b610128054ad49661c0c791c750d215b70 Author: Jan Beulich AuthorDate: Wed Aug 25 15:19:03 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:19:03 2021 +0200 x86: work around build issue with GNU ld 2.37 I suspect it is commit 40726f16a8d7 ("ld script expression parsing") which broke the hypervisor build, by no longer accepting section names with a dash in them inside ADDR() (and perhaps other script directives expecting just a section name, not an expression): .note.gnu.build-id is such a section. Quoting all section names passed to ADDR() via DECL_SECTION() works around the regression. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: 58ad654ebce7ccb272a3f4f3482c03aaad850d31 master date: 2021-07-27 15:03:29 +0100 --- xen/arch/x86/xen.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index 111edb5360..8fda0dd0a6 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -18,7 +18,7 @@ ENTRY(efi_start) #else /* !EFI */ #define FORMAT "elf64-x86-64" -#define DECL_SECTION(x) x : AT(ADDR(x) - __XEN_VIRT_START) +#define DECL_SECTION(x) x : AT(ADDR(#x) - __XEN_VIRT_START) ENTRY(start_pa) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:33:53 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:33:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172334.314357 (Exim 4.92) (envelope-from ) id 1mIt2O-0002qp-VZ; Wed, 25 Aug 2021 13:33:52 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172334.314357; Wed, 25 Aug 2021 13:33:52 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt2O-0002qh-Sp; Wed, 25 Aug 2021 13:33:52 +0000 Received: by outflank-mailman (input) for mailman id 172334; Wed, 25 Aug 2021 13:33:51 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt2N-0002qU-Fx for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:33:51 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt2N-0005uX-Cn for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:33:51 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIt2N-0003EI-BJ for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:33:51 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=KICOvK8/DamQrRvXgQWEhW2GCGzcSLgBuPcKB2lrzSk=; b=ON5WUZ8DuqYfnP3h7IPQcdoir7 0RmE3UEka3JhRsPaT9cAE/NKiY4PTBOOopZ10eY2mAdbDkxCcQNP9JY/8woaT3F7eXcbIuMWpgs1b 3nPyx1xL0p8XeUsF2F+0Lpflm8XK1xz+KJIA2vhS5s6ClrcUcca8JEVB1FP1m6JX28VA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] x86/p2m: fix PoD accounting in guest_physmap_add_entry() Message-Id: Date: Wed, 25 Aug 2021 13:33:51 +0000 commit 4fa8b13aa6731bfcbb126129df025cb608f93dfe Author: Jan Beulich AuthorDate: Wed Aug 25 15:20:30 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:20:30 2021 +0200 x86/p2m: fix PoD accounting in guest_physmap_add_entry() The initial observation was that the mfn_valid() check comes too late: Neither mfn_add() nor mfn_to_page() (let alone de-referencing the result of the latter) are valid for MFNs failing this check. Move it up and - noticing that there's no caller doing so - also add an assertion that this should never produce "false" here. In turn this would have meant that the "else" to that if() could now go away, which didn't seem right at all. And indeed, considering callers like memory_exchange() or various grant table functions, the PoD accounting should have been outside of that if() from the very beginning. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: aea270e3f7c0db696c88a0e94b1ece7abd339c84 master date: 2020-02-21 17:14:38 +0100 --- xen/arch/x86/mm/p2m.c | 32 ++++++++++++-------------------- 1 file changed, 12 insertions(+), 20 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 4039630761..ab9d61a89e 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -881,6 +881,12 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, if ( p2m_is_foreign(t) ) return -EINVAL; + if ( !mfn_valid(mfn) ) + { + ASSERT_UNREACHABLE(); + return -EINVAL; + } + p2m_lock(p2m); P2M_DEBUG("adding gfn=%#lx mfn=%#lx\n", gfn_x(gfn), mfn_x(mfn)); @@ -981,12 +987,13 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, } /* Now, actually do the two-way mapping */ - if ( mfn_valid(mfn) ) + rc = p2m_set_entry(p2m, gfn, mfn, page_order, t, p2m->default_access); + if ( rc == 0 ) { - rc = p2m_set_entry(p2m, gfn, mfn, page_order, t, - p2m->default_access); - if ( rc ) - goto out; /* Failed to update p2m, bail without updating m2p. */ + pod_lock(p2m); + p2m->pod.entry_count -= pod_count; + BUG_ON(p2m->pod.entry_count < 0); + pod_unlock(p2m); if ( !p2m_is_grant(t) ) { @@ -995,22 +1002,7 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, gfn_x(gfn_add(gfn, i))); } } - else - { - gdprintk(XENLOG_WARNING, "Adding bad mfn to p2m map (%#lx -> %#lx)\n", - gfn_x(gfn), mfn_x(mfn)); - rc = p2m_set_entry(p2m, gfn, INVALID_MFN, page_order, - p2m_invalid, p2m->default_access); - if ( rc == 0 ) - { - pod_lock(p2m); - p2m->pod.entry_count -= pod_count; - BUG_ON(p2m->pod.entry_count < 0); - pod_unlock(p2m); - } - } -out: p2m_unlock(p2m); return rc; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:34:03 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:34:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172335.314361 (Exim 4.92) (envelope-from ) id 1mIt2Z-0002tT-0u; Wed, 25 Aug 2021 13:34:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172335.314361; Wed, 25 Aug 2021 13:34:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt2Y-0002tL-UH; Wed, 25 Aug 2021 13:34:02 +0000 Received: by outflank-mailman (input) for mailman id 172335; Wed, 25 Aug 2021 13:34:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt2X-0002t9-IB for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:34:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt2X-0005ul-HO for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:34:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIt2X-0003Fg-GE for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:34:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=8e91mRWpRr8Qlg9vxufjNIutbMqH05wYCnK0Bw3OlNM=; b=mUNRRGgsX6I/SrAakUu38fXQzm fpOzwC8NmZMwEixfsJQ+Ob0XG/mIJcTINRJheYqP1Ok7Dr++abLPBTAxz7GQm8gfVeS/KXt4JTsVK lwof/7322pgvtb641JsfvloVv/eYXz0SPujW7VeI4rUuMJMp+yjYEB4IxBuaw2p5fisg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] x86/p2m: don't ignore p2m_remove_page()'s return value Message-Id: Date: Wed, 25 Aug 2021 13:34:01 +0000 commit 75bb9fe846a0cbc839fc03d8acc84879d47bb73e Author: Jan Beulich AuthorDate: Wed Aug 25 15:20:45 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:20:45 2021 +0200 x86/p2m: don't ignore p2m_remove_page()'s return value It's not very nice to return from guest_physmap_add_entry() after perhaps already having made some changes to the P2M, but this is pre- existing practice in the function, and imo better than ignoring errors. Take the liberty and replace an mfn_add() instance with a local variable already holding the result (as proven by the check immediately ahead). Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Acked-by: Andrew Cooper master commit: a6b051a87a586347969bfbaa6925ac0f0c845413 master date: 2020-04-03 10:56:10 +0200 --- xen/arch/x86/mm/p2m.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index ab9d61a89e..ddb038ffde 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -773,8 +773,7 @@ void p2m_final_teardown(struct domain *d) p2m_teardown_hostp2m(d); } - -static int +static int __must_check p2m_remove_page(struct p2m_domain *p2m, unsigned long gfn_l, unsigned long mfn, unsigned int page_order) { @@ -979,9 +978,9 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, ASSERT(mfn_valid(omfn)); P2M_DEBUG("old gfn=%#lx -> mfn %#lx\n", gfn_x(ogfn) , mfn_x(omfn)); - if ( mfn_eq(omfn, mfn_add(mfn, i)) ) - p2m_remove_page(p2m, gfn_x(ogfn), mfn_x(mfn_add(mfn, i)), - 0); + if ( mfn_eq(omfn, mfn_add(mfn, i)) && + (rc = p2m_remove_page(p2m, gfn_x(ogfn), mfn_x(omfn), 0)) ) + goto out; } } } @@ -1003,6 +1002,7 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, } } + out: p2m_unlock(p2m); return rc; @@ -2690,9 +2690,9 @@ int p2m_change_altp2m_gfn(struct domain *d, unsigned int idx, if ( gfn_eq(new_gfn, INVALID_GFN) ) { mfn = ap2m->get_entry(ap2m, old_gfn, &t, &a, 0, NULL, NULL); - if ( mfn_valid(mfn) ) - p2m_remove_page(ap2m, gfn_x(old_gfn), mfn_x(mfn), PAGE_ORDER_4K); - rc = 0; + rc = mfn_valid(mfn) + ? p2m_remove_page(ap2m, gfn_x(old_gfn), mfn_x(mfn), PAGE_ORDER_4K) + : 0; goto out; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:34:13 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:34:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172336.314364 (Exim 4.92) (envelope-from ) id 1mIt2j-0002wq-3x; Wed, 25 Aug 2021 13:34:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172336.314364; Wed, 25 Aug 2021 13:34:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt2j-0002wi-0w; Wed, 25 Aug 2021 13:34:13 +0000 Received: by outflank-mailman (input) for mailman id 172336; Wed, 25 Aug 2021 13:34:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt2h-0002wX-M7 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:34:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt2h-0005vP-LK for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:34:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIt2h-0003H4-KG for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:34:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=DxlN9wLSdsAzQQAob2m0V0+f/FTn5iLTYQ6xbJIBjD4=; b=QpSbRmGllu34fTJqIVBW9Cujh+ NQ6SqG4aXA6IZ7JqSixxLL9ZftwvydlMeshuJYmTgkJR6Vsh6aNovk5hkH0K0rWws00PyfuGZMe6f InDe+bJ3Ukpg4vYx5L/i6XNE7cZItKJTucf28k9k8nw6WlW6CzJL+HtWyUnCRtMtC070=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] x86/p2m: don't assert that the passed in MFN matches for a remove Message-Id: Date: Wed, 25 Aug 2021 13:34:11 +0000 commit f50fbddbae81fcccae56d27317bd71cc0e678ba2 Author: Jan Beulich AuthorDate: Wed Aug 25 15:20:59 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:20:59 2021 +0200 x86/p2m: don't assert that the passed in MFN matches for a remove guest_physmap_remove_page() gets handed an MFN from the outside, yet takes the necessary lock to prevent further changes to the GFN <-> MFN mapping itself. While some callers, in particular guest_remove_page() (by way of having called get_gfn_query()), hold the GFN lock already, various others (most notably perhaps the 2nd instance in xenmem_add_to_physmap_one()) don't. While it also is an option to fix all the callers, deal with the issue in p2m_remove_page() instead: Replace the ASSERT() by a conditional and split the loop into two, such that all checking gets done before any modification would occur. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Acked-by: Andrew Cooper master commit: c65ea16dbcafbe4fe21693b18f8c2a3c5d14600e master date: 2020-04-03 10:56:55 +0200 --- xen/arch/x86/mm/p2m.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index ddb038ffde..7c042f72d4 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -779,7 +779,6 @@ p2m_remove_page(struct p2m_domain *p2m, unsigned long gfn_l, unsigned long mfn, { unsigned long i; gfn_t gfn = _gfn(gfn_l); - mfn_t mfn_return; p2m_type_t t; p2m_access_t a; @@ -790,15 +789,26 @@ p2m_remove_page(struct p2m_domain *p2m, unsigned long gfn_l, unsigned long mfn, ASSERT(gfn_locked_by_me(p2m, gfn)); P2M_DEBUG("removing gfn=%#lx mfn=%#lx\n", gfn_l, mfn); + for ( i = 0; i < (1UL << page_order); ) + { + unsigned int cur_order; + mfn_t mfn_return = p2m->get_entry(p2m, gfn_add(gfn, i), &t, &a, 0, + &cur_order, NULL); + + if ( p2m_is_valid(t) && + (!mfn_valid(_mfn(mfn)) || mfn + i != mfn_x(mfn_return)) ) + return -EILSEQ; + + i += (1UL << cur_order) - ((gfn_l + i) & ((1UL << cur_order) - 1)); + } + if ( mfn_valid(_mfn(mfn)) ) { for ( i = 0; i < (1UL << page_order); i++ ) { - mfn_return = p2m->get_entry(p2m, gfn_add(gfn, i), &t, &a, 0, - NULL, NULL); + p2m->get_entry(p2m, gfn_add(gfn, i), &t, &a, 0, NULL, NULL); if ( !p2m_is_grant(t) && !p2m_is_shared(t) && !p2m_is_foreign(t) ) set_gpfn_from_mfn(mfn+i, INVALID_M2P_ENTRY); - ASSERT( !p2m_is_valid(t) || mfn + i == mfn_x(mfn_return) ); } } return p2m_set_entry(p2m, gfn, INVALID_MFN, page_order, p2m_invalid, -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:34:23 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:34:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172337.314370 (Exim 4.92) (envelope-from ) id 1mIt2t-000307-5l; Wed, 25 Aug 2021 13:34:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172337.314370; Wed, 25 Aug 2021 13:34:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt2t-0002zv-2R; Wed, 25 Aug 2021 13:34:23 +0000 Received: by outflank-mailman (input) for mailman id 172337; Wed, 25 Aug 2021 13:34:21 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt2r-0002zT-Q5 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:34:21 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt2r-0005va-PH for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:34:21 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIt2r-0003IK-OE for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:34:21 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=2hXilxZdmuHI7lq9DpQ+CZ0OpbvebubbHuXVfkOVXRI=; b=u/9JQWKbd4dOKzODBmKN5yPHZ9 BWL+qZJrp/Et6OAkrw94gGh7XjcVLfjxnXimkg056fGifrQY4UBIMfGQmj0x67b9dVH1wn0unmQpN cseaaTqUhbZBPHb0ID7IABgAzQ7JFc32UsfrEAkpMwoTsSrRAsUa5sADBm4P+BxNCTFw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] AMD/IOMMU: correct global exclusion range extending Message-Id: Date: Wed, 25 Aug 2021 13:34:21 +0000 commit ecb4697c50a00c29c8bfc784be7a308862b1c8a9 Author: Jan Beulich AuthorDate: Wed Aug 25 15:21:46 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:21:46 2021 +0200 AMD/IOMMU: correct global exclusion range extending Besides unity mapping regions, the AMD IOMMU spec also provides for exclusion ranges (areas of memory not to be subject to DMA translation) to be specified by firmware in the ACPI tables. The spec does not put any constraints on the number of such regions. Blindly assuming all addresses between any two such ranges should also be excluded can't be right. Since hardware has room for just a single such range (comprised of the Exclusion Base Register and the Exclusion Range Limit Register), combine only adjacent or overlapping regions (for now; this may require further adjustment in case table entries aren't sorted by address) with matching exclusion_allow_all settings. This requires bubbling up error indicators, such that IOMMU init can be failed when concatenation wasn't possible. Furthermore, since the exclusion range specified in IOMMU registers implies R/W access, reject requests asking for less permissions (this will be brought closer to the spec by a subsequent change). This is part of XSA-378 / CVE-2021-28695. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: b02c5c88982411be11e3413159862f255f1f39dc master date: 2021-08-25 14:12:13 +0200 --- xen/drivers/passthrough/amd/iommu_acpi.c | 45 +++++++++++++++++++++----------- 1 file changed, 30 insertions(+), 15 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c b/xen/drivers/passthrough/amd/iommu_acpi.c index 9fbc343c58..8ea2b12a40 100644 --- a/xen/drivers/passthrough/amd/iommu_acpi.c +++ b/xen/drivers/passthrough/amd/iommu_acpi.c @@ -117,12 +117,21 @@ static struct amd_iommu * __init find_iommu_from_bdf_cap( return NULL; } -static void __init reserve_iommu_exclusion_range( - struct amd_iommu *iommu, uint64_t base, uint64_t limit) +static int __init reserve_iommu_exclusion_range( + struct amd_iommu *iommu, uint64_t base, uint64_t limit, + bool all, bool iw, bool ir) { + if ( !ir || !iw ) + return -EPERM; + /* need to extend exclusion range? */ if ( iommu->exclusion_enable ) { + if ( iommu->exclusion_limit + PAGE_SIZE < base || + limit + PAGE_SIZE < iommu->exclusion_base || + iommu->exclusion_allow_all != all ) + return -EBUSY; + if ( iommu->exclusion_base < base ) base = iommu->exclusion_base; if ( iommu->exclusion_limit > limit ) @@ -130,16 +139,11 @@ static void __init reserve_iommu_exclusion_range( } iommu->exclusion_enable = IOMMU_CONTROL_ENABLED; + iommu->exclusion_allow_all = all; iommu->exclusion_base = base; iommu->exclusion_limit = limit; -} -static void __init reserve_iommu_exclusion_range_all( - struct amd_iommu *iommu, - unsigned long base, unsigned long limit) -{ - reserve_iommu_exclusion_range(iommu, base, limit); - iommu->exclusion_allow_all = IOMMU_CONTROL_ENABLED; + return 0; } static void __init reserve_unity_map_for_device( @@ -177,6 +181,7 @@ static int __init register_exclusion_range_for_all_devices( unsigned long range_top, iommu_top, length; struct amd_iommu *iommu; unsigned int bdf; + int rc = 0; /* is part of exclusion range inside of IOMMU virtual address space? */ /* note: 'limit' parameter is assumed to be page-aligned */ @@ -198,10 +203,15 @@ static int __init register_exclusion_range_for_all_devices( if ( limit >= iommu_top ) { for_each_amd_iommu( iommu ) - reserve_iommu_exclusion_range_all(iommu, base, limit); + { + rc = reserve_iommu_exclusion_range(iommu, base, limit, + true /* all */, iw, ir); + if ( rc ) + break; + } } - return 0; + return rc; } static int __init register_exclusion_range_for_device( @@ -212,6 +222,7 @@ static int __init register_exclusion_range_for_device( unsigned long range_top, iommu_top, length; struct amd_iommu *iommu; u16 req; + int rc = 0; iommu = find_iommu_for_device(seg, bdf); if ( !iommu ) @@ -241,12 +252,13 @@ static int __init register_exclusion_range_for_device( /* register IOMMU exclusion range settings for device */ if ( limit >= iommu_top ) { - reserve_iommu_exclusion_range(iommu, base, limit); + rc = reserve_iommu_exclusion_range(iommu, base, limit, + false /* all */, iw, ir); ivrs_mappings[bdf].dte_allow_exclusion = true; ivrs_mappings[req].dte_allow_exclusion = true; } - return 0; + return rc; } static int __init register_exclusion_range_for_iommu_devices( @@ -256,6 +268,7 @@ static int __init register_exclusion_range_for_iommu_devices( unsigned long range_top, iommu_top, length; unsigned int bdf; u16 req; + int rc = 0; /* is part of exclusion range inside of IOMMU virtual address space? */ /* note: 'limit' parameter is assumed to be page-aligned */ @@ -286,8 +299,10 @@ static int __init register_exclusion_range_for_iommu_devices( /* register IOMMU exclusion range settings */ if ( limit >= iommu_top ) - reserve_iommu_exclusion_range_all(iommu, base, limit); - return 0; + rc = reserve_iommu_exclusion_range(iommu, base, limit, + true /* all */, iw, ir); + + return rc; } static int __init parse_ivmd_device_select( -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:34:33 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:34:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172338.314372 (Exim 4.92) (envelope-from ) id 1mIt33-00032o-6t; Wed, 25 Aug 2021 13:34:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172338.314372; Wed, 25 Aug 2021 13:34:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt33-00032g-41; Wed, 25 Aug 2021 13:34:33 +0000 Received: by outflank-mailman (input) for mailman id 172338; Wed, 25 Aug 2021 13:34:31 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt31-00032W-Tn for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:34:31 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt31-0005vn-T7 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:34:31 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIt31-0003Jg-S6 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:34:31 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=fEwFuESy3OjdL56W6GicThbFasC5Rk7zcOfnHboaWJU=; b=6hF2ESKu84VYYcOK48fXUGr9yy yvhADoclwcMA6UeVn5/dZeuibCV9VXtDNXyCa3aLjG2UYtmMd3mOnsuAIFMDtDhv88p4OV7XMSrhw umV8NbJ0z6bhsleCf7eq4ND0pLR0g3KqdNssLdcVRnfZljU2tM3blW+uPjd/DpWXtYVs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] AMD/IOMMU: correct device unity map handling Message-Id: Date: Wed, 25 Aug 2021 13:34:31 +0000 commit 0ed0cdd17ffabd8aeb5a8db06bd21b0f0130a9f0 Author: Jan Beulich AuthorDate: Wed Aug 25 15:22:32 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:22:32 2021 +0200 AMD/IOMMU: correct device unity map handling Blindly assuming all addresses between any two such ranges, specified by firmware in the ACPI tables, should also be unity-mapped can't be right. Nor can it be correct to merge ranges with differing permissions. Track ranges individually; don't merge at all, but check for overlaps instead. This requires bubbling up error indicators, such that IOMMU init can be failed when allocation of a new tracking struct wasn't possible, or an overlap was detected. At this occasion also stop ignoring amd_iommu_reserve_domain_unity_map()'s return value. This is part of XSA-378 / CVE-2021-28695. Signed-off-by: Jan Beulich Reviewed-by: George Dunlap Reviewed-by: Paul Durrant master commit: 34750a3eb022462cdd1c36e8ef9049d3d73c824c master date: 2021-08-25 14:15:11 +0200 --- xen/drivers/passthrough/amd/iommu_acpi.c | 80 +++++++++++++++++------------ xen/drivers/passthrough/amd/pci_amd_iommu.c | 16 +++--- xen/include/asm-x86/amd-iommu.h | 14 +++-- 3 files changed, 66 insertions(+), 44 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c b/xen/drivers/passthrough/amd/iommu_acpi.c index 8ea2b12a40..f933242a3d 100644 --- a/xen/drivers/passthrough/amd/iommu_acpi.c +++ b/xen/drivers/passthrough/amd/iommu_acpi.c @@ -146,32 +146,48 @@ static int __init reserve_iommu_exclusion_range( return 0; } -static void __init reserve_unity_map_for_device( - u16 seg, u16 bdf, unsigned long base, - unsigned long length, u8 iw, u8 ir) +static int __init reserve_unity_map_for_device( + uint16_t seg, uint16_t bdf, unsigned long base, + unsigned long length, bool iw, bool ir) { struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(seg); - unsigned long old_top, new_top; + struct ivrs_unity_map *unity_map = ivrs_mappings[bdf].unity_map; - /* need to extend unity-mapped range? */ - if ( ivrs_mappings[bdf].unity_map_enable ) + /* Check for overlaps. */ + for ( ; unity_map; unity_map = unity_map->next ) { - old_top = ivrs_mappings[bdf].addr_range_start + - ivrs_mappings[bdf].addr_range_length; - new_top = base + length; - if ( old_top > new_top ) - new_top = old_top; - if ( ivrs_mappings[bdf].addr_range_start < base ) - base = ivrs_mappings[bdf].addr_range_start; - length = new_top - base; + /* + * Exact matches are okay. This can in particular happen when + * register_exclusion_range_for_device() calls here twice for the + * same (s,b,d,f). + */ + if ( base == unity_map->addr && length == unity_map->length && + ir == unity_map->read && iw == unity_map->write ) + return 0; + + if ( unity_map->addr + unity_map->length > base && + base + length > unity_map->addr ) + { + AMD_IOMMU_DEBUG("IVMD Error: overlap [%lx,%lx) vs [%lx,%lx)\n", + base, base + length, unity_map->addr, + unity_map->addr + unity_map->length); + return -EPERM; + } } - /* extend r/w permissioms and keep aggregate */ - ivrs_mappings[bdf].write_permission = iw; - ivrs_mappings[bdf].read_permission = ir; - ivrs_mappings[bdf].unity_map_enable = true; - ivrs_mappings[bdf].addr_range_start = base; - ivrs_mappings[bdf].addr_range_length = length; + /* Populate and insert a new unity map. */ + unity_map = xmalloc(struct ivrs_unity_map); + if ( !unity_map ) + return -ENOMEM; + + unity_map->read = ir; + unity_map->write = iw; + unity_map->addr = base; + unity_map->length = length; + unity_map->next = ivrs_mappings[bdf].unity_map; + ivrs_mappings[bdf].unity_map = unity_map; + + return 0; } static int __init register_exclusion_range_for_all_devices( @@ -194,13 +210,13 @@ static int __init register_exclusion_range_for_all_devices( length = range_top - base; /* reserve r/w unity-mapped page entries for devices */ /* note: these entries are part of the exclusion range */ - for ( bdf = 0; bdf < ivrs_bdf_entries; bdf++ ) - reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); + for ( bdf = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) + rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); /* push 'base' just outside of virtual address space */ base = iommu_top; } /* register IOMMU exclusion range settings */ - if ( limit >= iommu_top ) + if ( !rc && limit >= iommu_top ) { for_each_amd_iommu( iommu ) { @@ -242,15 +258,15 @@ static int __init register_exclusion_range_for_device( length = range_top - base; /* reserve unity-mapped page entries for device */ /* note: these entries are part of the exclusion range */ - reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); - reserve_unity_map_for_device(seg, req, base, length, iw, ir); + rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir) ?: + reserve_unity_map_for_device(seg, req, base, length, iw, ir); /* push 'base' just outside of virtual address space */ base = iommu_top; } /* register IOMMU exclusion range settings for device */ - if ( limit >= iommu_top ) + if ( !rc && limit >= iommu_top ) { rc = reserve_iommu_exclusion_range(iommu, base, limit, false /* all */, iw, ir); @@ -281,15 +297,15 @@ static int __init register_exclusion_range_for_iommu_devices( length = range_top - base; /* reserve r/w unity-mapped page entries for devices */ /* note: these entries are part of the exclusion range */ - for ( bdf = 0; bdf < ivrs_bdf_entries; bdf++ ) + for ( bdf = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) { if ( iommu == find_iommu_for_device(iommu->seg, bdf) ) { - reserve_unity_map_for_device(iommu->seg, bdf, base, length, - iw, ir); req = get_ivrs_mappings(iommu->seg)[bdf].dte_requestor_id; - reserve_unity_map_for_device(iommu->seg, req, base, length, - iw, ir); + rc = reserve_unity_map_for_device(iommu->seg, bdf, base, length, + iw, ir) ?: + reserve_unity_map_for_device(iommu->seg, req, base, length, + iw, ir); } } @@ -298,7 +314,7 @@ static int __init register_exclusion_range_for_iommu_devices( } /* register IOMMU exclusion range settings */ - if ( limit >= iommu_top ) + if ( !rc && limit >= iommu_top ) rc = reserve_iommu_exclusion_range(iommu, base, limit, true /* all */, iw, ir); diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 46b1d367ec..8cd5394e6b 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -369,15 +369,17 @@ static int amd_iommu_assign_device(struct domain *d, u8 devfn, struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); int bdf = PCI_BDF2(pdev->bus, devfn); int req_id = get_dma_requestor_id(pdev->seg, bdf); + const struct ivrs_unity_map *unity_map; - if ( ivrs_mappings[req_id].unity_map_enable ) + for ( unity_map = ivrs_mappings[req_id].unity_map; unity_map; + unity_map = unity_map->next ) { - amd_iommu_reserve_domain_unity_map( - d, - ivrs_mappings[req_id].addr_range_start, - ivrs_mappings[req_id].addr_range_length, - ivrs_mappings[req_id].write_permission, - ivrs_mappings[req_id].read_permission); + int rc = amd_iommu_reserve_domain_unity_map( + d, unity_map->addr, unity_map->length, + unity_map->write, unity_map->read); + + if ( rc ) + return rc; } return reassign_device(pdev->domain, d, devfn, pdev); diff --git a/xen/include/asm-x86/amd-iommu.h b/xen/include/asm-x86/amd-iommu.h index 83ababdc8c..829e1b1755 100644 --- a/xen/include/asm-x86/amd-iommu.h +++ b/xen/include/asm-x86/amd-iommu.h @@ -105,20 +105,24 @@ struct amd_iommu { struct list_head ats_devices; }; +struct ivrs_unity_map { + bool read:1; + bool write:1; + paddr_t addr; + unsigned long length; + struct ivrs_unity_map *next; +}; + struct ivrs_mappings { uint16_t dte_requestor_id; bool valid:1; bool dte_allow_exclusion:1; - bool unity_map_enable:1; - bool write_permission:1; - bool read_permission:1; /* ivhd device data settings */ uint8_t device_flags; - unsigned long addr_range_start; - unsigned long addr_range_length; struct amd_iommu *iommu; + struct ivrs_unity_map *unity_map; /* per device interrupt remapping table */ void *intremap_table; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:34:43 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:34:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172339.314378 (Exim 4.92) (envelope-from ) id 1mIt3D-00035i-98; Wed, 25 Aug 2021 13:34:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172339.314378; Wed, 25 Aug 2021 13:34:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt3D-00035X-5O; Wed, 25 Aug 2021 13:34:43 +0000 Received: by outflank-mailman (input) for mailman id 172339; Wed, 25 Aug 2021 13:34:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt3C-00035H-1d for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:34:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt3C-0005w2-0o for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:34:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIt3B-0003L5-W8 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:34:41 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=++KRBNPr6RHAnCZr6Bi870KYQeD1vQz1ncmRc7EJ6R8=; b=f71rw/u6CxmrJibPvS8kXIy2ug 7x39/YOgGBCxmon7mSFNaRChhqrxHHeT3wnQJ4GF4pYc95n9ujkjzZoB6iVsjPuoDVqawHy9G7Q6G WpECA1Z+RwiK//+JqDL9QU8njZN9Yqj/00d1I1OiwvMETi1i0ccDVpYwAiENU92exEeI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] IOMMU: also pass p2m_access_t to p2m_get_iommu_flags() Message-Id: Date: Wed, 25 Aug 2021 13:34:41 +0000 commit 41200e052a61bebfed3b2ff114bed3366e6c34ec Author: Jan Beulich AuthorDate: Wed Aug 25 15:22:52 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:22:52 2021 +0200 IOMMU: also pass p2m_access_t to p2m_get_iommu_flags() A subsequent change will want to customize the IOMMU permissions based on this. This is part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: d1bb6c97c31ef754fb29b29eb307c090414e8022 master date: 2021-08-25 14:15:32 +0200 --- xen/arch/x86/mm/p2m-ept.c | 6 +++--- xen/arch/x86/mm/p2m-pt.c | 19 ++++++++++++++++--- xen/include/asm-x86/p2m.h | 3 ++- 3 files changed, 21 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/mm/p2m-ept.c b/xen/arch/x86/mm/p2m-ept.c index 9c1627dbb3..884a06d0a8 100644 --- a/xen/arch/x86/mm/p2m-ept.c +++ b/xen/arch/x86/mm/p2m-ept.c @@ -678,7 +678,7 @@ ept_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, uint8_t ipat = 0; bool_t need_modify_vtd_table = 1; bool_t vtd_pte_present = 0; - unsigned int iommu_flags = p2m_get_iommu_flags(p2mt, mfn); + unsigned int iommu_flags = p2m_get_iommu_flags(p2mt, p2ma, mfn); bool_t needs_sync = 1; ept_entry_t old_entry = { .epte = 0 }; ept_entry_t new_entry = { .epte = 0 }; @@ -805,8 +805,8 @@ ept_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, /* Safe to read-then-write because we hold the p2m lock */ if ( ept_entry->mfn == new_entry.mfn && - p2m_get_iommu_flags(ept_entry->sa_p2mt, _mfn(ept_entry->mfn)) == - iommu_flags ) + p2m_get_iommu_flags(ept_entry->sa_p2mt, ept_entry->access, + _mfn(ept_entry->mfn)) == iommu_flags ) need_modify_vtd_table = 0; ept_p2m_type_to_flags(p2m, &new_entry, p2mt, p2ma); diff --git a/xen/arch/x86/mm/p2m-pt.c b/xen/arch/x86/mm/p2m-pt.c index 2b74726e39..5c64008208 100644 --- a/xen/arch/x86/mm/p2m-pt.c +++ b/xen/arch/x86/mm/p2m-pt.c @@ -480,6 +480,16 @@ int p2m_pt_handle_deferred_changes(uint64_t gpa) return rc; } +/* Reconstruct a fake p2m_access_t from stored PTE flags. */ +static p2m_access_t p2m_flags_to_access(unsigned int flags) +{ + if ( flags & _PAGE_PRESENT ) + return p2m_access_n; + + /* No need to look at _PAGE_NX for now. */ + return flags & _PAGE_RW ? p2m_access_rw : p2m_access_r; +} + /* Checks only applicable to entries with order > PAGE_ORDER_4K */ static void check_entry(mfn_t mfn, p2m_type_t new, p2m_type_t old, unsigned int order) @@ -514,7 +524,7 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, l2_pgentry_t l2e_content; l3_pgentry_t l3e_content; int rc; - unsigned int iommu_pte_flags = p2m_get_iommu_flags(p2mt, mfn); + unsigned int iommu_pte_flags = p2m_get_iommu_flags(p2mt, p2ma, mfn); /* * old_mfn and iommu_old_flags control possible flush/update needs on the * IOMMU: We need to flush when MFN or flags (i.e. permissions) change. @@ -577,6 +587,7 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, old_mfn = l1e_get_pfn(*p2m_entry); iommu_old_flags = p2m_get_iommu_flags(p2m_flags_to_type(flags), + p2m_flags_to_access(flags), _mfn(old_mfn)); } else @@ -619,9 +630,10 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, 0, L1_PAGETABLE_ENTRIES); ASSERT(p2m_entry); old_mfn = l1e_get_pfn(*p2m_entry); + flags = l1e_get_flags(*p2m_entry); iommu_old_flags = - p2m_get_iommu_flags(p2m_flags_to_type(l1e_get_flags(*p2m_entry)), - _mfn(old_mfn)); + p2m_get_iommu_flags(p2m_flags_to_type(flags), + p2m_flags_to_access(flags), _mfn(old_mfn)); if ( mfn_valid(mfn) || p2m_allows_invalid_mfn(p2mt) ) entry_content = p2m_l1e_from_pfn(mfn_x(mfn), @@ -649,6 +661,7 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, old_mfn = l1e_get_pfn(*p2m_entry); iommu_old_flags = p2m_get_iommu_flags(p2m_flags_to_type(flags), + p2m_flags_to_access(flags), _mfn(old_mfn)); } else diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index 2358954039..4cc29e51f2 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -908,7 +908,8 @@ static inline void p2m_altp2m_check(struct vcpu *v, uint16_t idx) {} /* * p2m type to IOMMU flags */ -static inline unsigned int p2m_get_iommu_flags(p2m_type_t p2mt, mfn_t mfn) +static inline unsigned int p2m_get_iommu_flags(p2m_type_t p2mt, + p2m_access_t p2ma, mfn_t mfn) { unsigned int flags; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:34:53 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:34:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172340.314381 (Exim 4.92) (envelope-from ) id 1mIt3N-000391-Az; Wed, 25 Aug 2021 13:34:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172340.314381; Wed, 25 Aug 2021 13:34:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt3N-00038t-8D; Wed, 25 Aug 2021 13:34:53 +0000 Received: by outflank-mailman (input) for mailman id 172340; Wed, 25 Aug 2021 13:34:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt3M-00038i-5g for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:34:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt3M-0005wJ-4n for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:34:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIt3M-0003N5-3q for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:34:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=y8jctqq/dv/Ece72gv2Yf3mx2LD/cntFvw3t9DyW4vE=; b=wRRSM9qPU7UDjA5Tb8Fks8H7Xp 0aGn2fUsjzC4XXvLkCfSse9+meXK2ECv2FLAXMmMKpBi9C+/adzkPgaQUsHTBvMyIMkHoStZlQlfF U+r3MkcMyckN78zEZUADsc7uFpFCYrClC/eGDuJclyi5NNEICQDSMM22qbf9ccDdl2ts=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] IOMMU: generalize VT-d's tracking of mapped RMRR regions Message-Id: Date: Wed, 25 Aug 2021 13:34:52 +0000 commit 18fe877620e428c1d12b3ec4b3385dace07f686f Author: Jan Beulich AuthorDate: Wed Aug 25 15:23:12 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:23:12 2021 +0200 IOMMU: generalize VT-d's tracking of mapped RMRR regions In order to re-use it elsewhere, move the logic to vendor independent code and strip it of RMRR specifics. Note that the prior "map" parameter gets folded into the new "p2ma" one (which AMD IOMMU code will want to make use of), assigning alternative meaning ("unmap") to p2m_access_x. Prepare set_identity_p2m_entry() and p2m_get_iommu_flags() for getting passed access types other than p2m_access_rw (in the latter case just for p2m_mmio_direct requests). Note also that, to be on the safe side, an overlap check gets added to the main loop of iommu_identity_mapping(). This is part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: c0e19d7c6c42f0bfccccd96b4f7b03b5515e10fc master date: 2021-08-25 14:15:57 +0200 --- xen/arch/x86/mm/p2m.c | 2 +- xen/drivers/passthrough/vtd/iommu.c | 98 +++++-------------------------------- xen/drivers/passthrough/x86/iommu.c | 95 ++++++++++++++++++++++++++++++++++- xen/include/asm-x86/iommu.h | 8 ++- xen/include/asm-x86/p2m.h | 35 +++++++++++-- 5 files changed, 147 insertions(+), 91 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 7c042f72d4..01402cfc5d 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -1351,7 +1351,7 @@ int set_identity_p2m_entry(struct domain *d, unsigned long gfn_l, if ( !is_iommu_enabled(d) ) return 0; return iommu_legacy_map(d, _dfn(gfn_l), _mfn(gfn_l), PAGE_ORDER_4K, - IOMMUF_readable | IOMMUF_writable); + p2m_access_to_iommu_flags(p2ma)); } gfn_lock(p2m, gfn, 0); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 38719cf8ec..98787ce3a8 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -42,12 +42,6 @@ #include "vtd.h" #include "../ats.h" -struct mapped_rmrr { - struct list_head list; - u64 base, end; - unsigned int count; -}; - /* Possible unfiltered LAPIC/MSI messages from untrusted sources? */ bool __read_mostly untrusted_msi; @@ -1799,17 +1793,12 @@ out: static void iommu_domain_teardown(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); - struct mapped_rmrr *mrmrr, *tmp; const struct acpi_drhd_unit *drhd; if ( list_empty(&acpi_drhd_units) ) return; - list_for_each_entry_safe ( mrmrr, tmp, &hd->arch.mapped_rmrrs, list ) - { - list_del(&mrmrr->list); - xfree(mrmrr); - } + iommu_identity_map_teardown(d); ASSERT(is_iommu_enabled(d)); @@ -1963,74 +1952,6 @@ static void iommu_set_pgd(struct domain *d) pagetable_get_paddr(pagetable_from_mfn(pgd_mfn)); } -static int rmrr_identity_mapping(struct domain *d, bool_t map, - const struct acpi_rmrr_unit *rmrr, - u32 flag) -{ - unsigned long base_pfn = rmrr->base_address >> PAGE_SHIFT_4K; - unsigned long end_pfn = PAGE_ALIGN_4K(rmrr->end_address) >> PAGE_SHIFT_4K; - struct mapped_rmrr *mrmrr; - struct domain_iommu *hd = dom_iommu(d); - - ASSERT(pcidevs_locked()); - ASSERT(rmrr->base_address < rmrr->end_address); - - /* - * No need to acquire hd->arch.mapping_lock: Both insertion and removal - * get done while holding pcidevs_lock. - */ - list_for_each_entry( mrmrr, &hd->arch.mapped_rmrrs, list ) - { - if ( mrmrr->base == rmrr->base_address && - mrmrr->end == rmrr->end_address ) - { - int ret = 0; - - if ( map ) - { - ++mrmrr->count; - return 0; - } - - if ( --mrmrr->count ) - return 0; - - while ( base_pfn < end_pfn ) - { - if ( clear_identity_p2m_entry(d, base_pfn) ) - ret = -ENXIO; - base_pfn++; - } - - list_del(&mrmrr->list); - xfree(mrmrr); - return ret; - } - } - - if ( !map ) - return -ENOENT; - - while ( base_pfn < end_pfn ) - { - int err = set_identity_p2m_entry(d, base_pfn, p2m_access_rw, flag); - - if ( err ) - return err; - base_pfn++; - } - - mrmrr = xmalloc(struct mapped_rmrr); - if ( !mrmrr ) - return -ENOMEM; - mrmrr->base = rmrr->base_address; - mrmrr->end = rmrr->end_address; - mrmrr->count = 1; - list_add_tail(&mrmrr->list, &hd->arch.mapped_rmrrs); - - return 0; -} - static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) { struct acpi_rmrr_unit *rmrr; @@ -2062,7 +1983,9 @@ static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) * Since RMRRs are always reserved in the e820 map for the hardware * domain, there shouldn't be a conflict. */ - ret = rmrr_identity_mapping(pdev->domain, 1, rmrr, 0); + ret = iommu_identity_mapping(pdev->domain, p2m_access_rw, + rmrr->base_address, rmrr->end_address, + 0); if ( ret ) dprintk(XENLOG_ERR VTDPREFIX, "d%d: RMRR mapping failed\n", pdev->domain->domain_id); @@ -2107,7 +2030,8 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) * Any flag is nothing to clear these mappings but here * its always safe and strict to set 0. */ - rmrr_identity_mapping(pdev->domain, 0, rmrr, 0); + iommu_identity_mapping(pdev->domain, p2m_access_x, rmrr->base_address, + rmrr->end_address, 0); } return domain_context_unmap(pdev->domain, devfn, pdev); @@ -2306,7 +2230,8 @@ static void __hwdom_init setup_hwdom_rmrr(struct domain *d) * domain, there shouldn't be a conflict. So its always safe and * strict to set 0. */ - ret = rmrr_identity_mapping(d, 1, rmrr, 0); + ret = iommu_identity_mapping(d, p2m_access_rw, rmrr->base_address, + rmrr->end_address, 0); if ( ret ) dprintk(XENLOG_ERR VTDPREFIX, "IOMMU: mapping reserved region failed\n"); @@ -2465,7 +2390,9 @@ static int reassign_device_ownership( * Any RMRR flag is always ignored when remove a device, * but its always safe and strict to set 0. */ - ret = rmrr_identity_mapping(source, 0, rmrr, 0); + ret = iommu_identity_mapping(source, p2m_access_x, + rmrr->base_address, + rmrr->end_address, 0); if ( ret != -ENOENT ) return ret; } @@ -2562,7 +2489,8 @@ static int intel_iommu_assign_device( PCI_BUS(bdf) == bus && PCI_DEVFN2(bdf) == devfn ) { - ret = rmrr_identity_mapping(d, 1, rmrr, flag); + ret = iommu_identity_mapping(d, p2m_access_rw, rmrr->base_address, + rmrr->end_address, flag); if ( ret ) { int rc; diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index 2cf528e760..c521ba5ad8 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -127,7 +127,7 @@ int arch_iommu_domain_init(struct domain *d) struct domain_iommu *hd = dom_iommu(d); spin_lock_init(&hd->arch.mapping_lock); - INIT_LIST_HEAD(&hd->arch.mapped_rmrrs); + INIT_LIST_HEAD(&hd->arch.identity_maps); return 0; } @@ -136,6 +136,99 @@ void arch_iommu_domain_destroy(struct domain *d) { } +struct identity_map { + struct list_head list; + paddr_t base, end; + p2m_access_t access; + unsigned int count; +}; + +int iommu_identity_mapping(struct domain *d, p2m_access_t p2ma, + paddr_t base, paddr_t end, + unsigned int flag) +{ + unsigned long base_pfn = base >> PAGE_SHIFT_4K; + unsigned long end_pfn = PAGE_ALIGN_4K(end) >> PAGE_SHIFT_4K; + struct identity_map *map; + struct domain_iommu *hd = dom_iommu(d); + + ASSERT(pcidevs_locked()); + ASSERT(base < end); + + /* + * No need to acquire hd->arch.mapping_lock: Both insertion and removal + * get done while holding pcidevs_lock. + */ + list_for_each_entry( map, &hd->arch.identity_maps, list ) + { + if ( map->base == base && map->end == end ) + { + int ret = 0; + + if ( p2ma != p2m_access_x ) + { + if ( map->access != p2ma ) + return -EADDRINUSE; + ++map->count; + return 0; + } + + if ( --map->count ) + return 0; + + while ( base_pfn < end_pfn ) + { + if ( clear_identity_p2m_entry(d, base_pfn) ) + ret = -ENXIO; + base_pfn++; + } + + list_del(&map->list); + xfree(map); + + return ret; + } + + if ( end >= map->base && map->end >= base ) + return -EADDRINUSE; + } + + if ( p2ma == p2m_access_x ) + return -ENOENT; + + while ( base_pfn < end_pfn ) + { + int err = set_identity_p2m_entry(d, base_pfn, p2ma, flag); + + if ( err ) + return err; + base_pfn++; + } + + map = xmalloc(struct identity_map); + if ( !map ) + return -ENOMEM; + map->base = base; + map->end = end; + map->access = p2ma; + map->count = 1; + list_add_tail(&map->list, &hd->arch.identity_maps); + + return 0; +} + +void iommu_identity_map_teardown(struct domain *d) +{ + struct domain_iommu *hd = dom_iommu(d); + struct identity_map *map, *tmp; + + list_for_each_entry_safe ( map, tmp, &hd->arch.identity_maps, list ) + { + list_del(&map->list); + xfree(map); + } +} + static bool __hwdom_init hwdom_iommu_map(const struct domain *d, unsigned long pfn, unsigned long max_pfn) diff --git a/xen/include/asm-x86/iommu.h b/xen/include/asm-x86/iommu.h index 6c9d5e5632..aaf9455b8e 100644 --- a/xen/include/asm-x86/iommu.h +++ b/xen/include/asm-x86/iommu.h @@ -16,6 +16,7 @@ #include #include +#include #include #include #include @@ -49,7 +50,7 @@ struct arch_iommu spinlock_t mapping_lock; /* io page table lock */ int agaw; /* adjusted guest address width, 0 is level 2 30-bit */ u64 iommu_bitmap; /* bitmap of iommu(s) that the domain uses */ - struct list_head mapped_rmrrs; + struct list_head identity_maps; /* amd iommu support */ int paging_mode; @@ -112,6 +113,11 @@ static inline void iommu_disable_x2apic(void) iommu_ops.disable_x2apic(); } +int iommu_identity_mapping(struct domain *d, p2m_access_t p2ma, + paddr_t base, paddr_t end, + unsigned int flag); +void iommu_identity_map_teardown(struct domain *d); + extern bool untrusted_msi; int pi_update_irte(const struct pi_desc *pi_desc, const struct pirq *pirq, diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index 4cc29e51f2..3492542af7 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -905,6 +905,34 @@ struct p2m_domain *p2m_get_altp2m(struct vcpu *v); static inline void p2m_altp2m_check(struct vcpu *v, uint16_t idx) {} #endif +/* p2m access to IOMMU flags */ +static inline unsigned int p2m_access_to_iommu_flags(p2m_access_t p2ma) +{ + switch ( p2ma ) + { + case p2m_access_rw: + case p2m_access_rwx: + return IOMMUF_readable | IOMMUF_writable; + + case p2m_access_r: + case p2m_access_rx: + case p2m_access_rx2rw: + return IOMMUF_readable; + + case p2m_access_w: + case p2m_access_wx: + return IOMMUF_writable; + + case p2m_access_n: + case p2m_access_x: + case p2m_access_n2rwx: + return 0; + } + + ASSERT_UNREACHABLE(); + return 0; +} + /* * p2m type to IOMMU flags */ @@ -926,9 +954,10 @@ static inline unsigned int p2m_get_iommu_flags(p2m_type_t p2mt, flags = IOMMUF_readable; break; case p2m_mmio_direct: - flags = IOMMUF_readable; - if ( !rangeset_contains_singleton(mmio_ro_ranges, mfn_x(mfn)) ) - flags |= IOMMUF_writable; + flags = p2m_access_to_iommu_flags(p2ma); + if ( (flags & IOMMUF_writable) && + rangeset_contains_singleton(mmio_ro_ranges, mfn_x(mfn)) ) + flags &= ~IOMMUF_writable; break; default: flags = 0; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:35:03 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:35:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172341.314385 (Exim 4.92) (envelope-from ) id 1mIt3X-0003Bx-Co; Wed, 25 Aug 2021 13:35:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172341.314385; Wed, 25 Aug 2021 13:35:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt3X-0003Bp-9f; Wed, 25 Aug 2021 13:35:03 +0000 Received: by outflank-mailman (input) for mailman id 172341; Wed, 25 Aug 2021 13:35:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt3W-0003Bf-A4 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:35:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt3W-0005we-99 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:35:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIt3W-0003P5-83 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:35:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ALKmPYuSEmw2/op+ypiDwiHb9pegDrmx+Y2mYytP18k=; b=BeokImIHqroqxlImKwobbjzjXB X5bL69/dR6iMOlGvfr+KL7W9u+bfrzSsTrtsi7wQApendLp+yu2KMGtzQJjTe945zx/SVSpxQzrH/ 9+hE2DvKaf4zIb9WDSkvYMRDiDdPtAAFQALvRKaHX2gBPDTEs12eZziwUO9NO99eci/s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] AMD/IOMMU: re-arrange/complete re-assignment handling Message-Id: Date: Wed, 25 Aug 2021 13:35:02 +0000 commit 2357043846efeaa7a8b14791413103bb693dca52 Author: Jan Beulich AuthorDate: Wed Aug 25 15:23:43 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:23:43 2021 +0200 AMD/IOMMU: re-arrange/complete re-assignment handling Prior to the assignment step having completed successfully, devices should not get associated with their new owner. Hand the device to DomIO (perhaps temporarily), until after the de-assignment step has completed. De-assignment of a device (from other than Dom0) as well as failure of reassign_device() during assignment should result in unity mappings getting torn down. This in turn requires switching to a refcounted mapping approach, as was already used by VT-d for its RMRRs, to prevent unmapping a region used by multiple devices. This is CVE-2021-28696 / part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: 899272539cbe1acda736a850015416fff653a1b6 master date: 2021-08-25 14:16:26 +0200 --- xen/drivers/passthrough/amd/iommu_map.c | 63 ++++++++++++++++----------- xen/drivers/passthrough/amd/pci_amd_iommu.c | 54 ++++++++++++++++++----- xen/include/asm-x86/hvm/svm/amd-iommu-proto.h | 6 ++- 3 files changed, 83 insertions(+), 40 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 85b8df9abd..927d6224a9 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -430,38 +430,49 @@ int amd_iommu_flush_iotlb_all(struct domain *d) return 0; } -int amd_iommu_reserve_domain_unity_map(struct domain *domain, - paddr_t phys_addr, - unsigned long size, int iw, int ir) +int amd_iommu_reserve_domain_unity_map(struct domain *d, + const struct ivrs_unity_map *map, + unsigned int flag) { - unsigned long npages, i; - unsigned long gfn; - unsigned int flags = !!ir; - unsigned int flush_flags = 0; - int rt = 0; - - if ( iw ) - flags |= IOMMUF_writable; - - npages = region_to_pages(phys_addr, size); - gfn = phys_addr >> PAGE_SHIFT; - for ( i = 0; i < npages; i++ ) + int rc; + + if ( d == dom_io ) + return 0; + + for ( rc = 0; !rc && map; map = map->next ) { - unsigned long frame = gfn + i; + p2m_access_t p2ma = p2m_access_n; - rt = amd_iommu_map_page(domain, _dfn(frame), _mfn(frame), flags, - &flush_flags); - if ( rt != 0 ) - break; + if ( map->read ) + p2ma |= p2m_access_r; + if ( map->write ) + p2ma |= p2m_access_w; + + rc = iommu_identity_mapping(d, p2ma, map->addr, + map->addr + map->length - 1, flag); } - /* Use while-break to avoid compiler warning */ - while ( flush_flags && - amd_iommu_flush_iotlb_pages(domain, _dfn(gfn), - npages, flush_flags) ) - break; + return rc; +} + +int amd_iommu_reserve_domain_unity_unmap(struct domain *d, + const struct ivrs_unity_map *map) +{ + int rc; + + if ( d == dom_io ) + return 0; + + for ( rc = 0; map; map = map->next ) + { + int ret = iommu_identity_mapping(d, p2m_access_x, map->addr, + map->addr + map->length - 1, 0); + + if ( ret && ret != -ENOENT && !rc ) + rc = ret; + } - return rt; + return rc; } int __init amd_iommu_quarantine_init(struct domain *d) diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 8cd5394e6b..6c730f1a72 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -330,6 +330,7 @@ static int reassign_device(struct domain *source, struct domain *target, struct amd_iommu *iommu; int bdf, rc; struct domain_iommu *t = dom_iommu(target); + const struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); bdf = PCI_BDF2(pdev->bus, pdev->devfn); iommu = find_iommu_for_device(pdev->seg, bdf); @@ -344,10 +345,24 @@ static int reassign_device(struct domain *source, struct domain *target, amd_iommu_disable_domain_device(source, iommu, devfn, pdev); - if ( devfn == pdev->devfn ) + /* + * If the device belongs to the hardware domain, and it has a unity mapping, + * don't remove it from the hardware domain, because BIOS may reference that + * mapping. + */ + if ( !is_hardware_domain(source) ) { - list_move(&pdev->domain_list, &target->pdev_list); - pdev->domain = target; + rc = amd_iommu_reserve_domain_unity_unmap( + source, + ivrs_mappings[get_dma_requestor_id(pdev->seg, bdf)].unity_map); + if ( rc ) + return rc; + } + + if ( devfn == pdev->devfn && pdev->domain != dom_io ) + { + list_move(&pdev->domain_list, &dom_io->pdev_list); + pdev->domain = dom_io; } rc = allocate_domain_resources(t); @@ -359,6 +374,12 @@ static int reassign_device(struct domain *source, struct domain *target, pdev->seg, pdev->bus, PCI_SLOT(devfn), PCI_FUNC(devfn), source->domain_id, target->domain_id); + if ( devfn == pdev->devfn && pdev->domain != target ) + { + list_move(&pdev->domain_list, &target->pdev_list); + pdev->domain = target; + } + return 0; } @@ -369,20 +390,28 @@ static int amd_iommu_assign_device(struct domain *d, u8 devfn, struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); int bdf = PCI_BDF2(pdev->bus, devfn); int req_id = get_dma_requestor_id(pdev->seg, bdf); - const struct ivrs_unity_map *unity_map; + int rc = amd_iommu_reserve_domain_unity_map( + d, ivrs_mappings[req_id].unity_map, flag); + + if ( !rc ) + rc = reassign_device(pdev->domain, d, devfn, pdev); - for ( unity_map = ivrs_mappings[req_id].unity_map; unity_map; - unity_map = unity_map->next ) + if ( rc && !is_hardware_domain(d) ) { - int rc = amd_iommu_reserve_domain_unity_map( - d, unity_map->addr, unity_map->length, - unity_map->write, unity_map->read); + int ret = amd_iommu_reserve_domain_unity_unmap( + d, ivrs_mappings[req_id].unity_map); - if ( rc ) - return rc; + if ( ret ) + { + printk(XENLOG_ERR "AMD-Vi: " + "unity-unmap for %pd/%04x:%02x:%02x.%u failed (%d)\n", + d, pdev->seg, pdev->bus, + PCI_SLOT(devfn), PCI_FUNC(devfn), ret); + domain_crash(d); + } } - return reassign_device(pdev->domain, d, devfn, pdev); + return rc; } static void deallocate_next_page_table(struct page_info *pg, int level) @@ -441,6 +470,7 @@ static void deallocate_iommu_page_tables(struct domain *d) static void amd_iommu_domain_destroy(struct domain *d) { + iommu_identity_map_teardown(d); deallocate_iommu_page_tables(d); amd_iommu_flush_all_pages(d); } diff --git a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h index 94e288f52d..8726e62558 100644 --- a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h +++ b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h @@ -64,8 +64,10 @@ int __must_check amd_iommu_unmap_page(struct domain *d, dfn_t dfn, unsigned int *flush_flags); int __must_check amd_iommu_alloc_root(struct domain_iommu *hd); int amd_iommu_reserve_domain_unity_map(struct domain *domain, - paddr_t phys_addr, unsigned long size, - int iw, int ir); + const struct ivrs_unity_map *map, + unsigned int flag); +int amd_iommu_reserve_domain_unity_unmap(struct domain *d, + const struct ivrs_unity_map *map); int __must_check amd_iommu_flush_iotlb_pages(struct domain *d, dfn_t dfn, unsigned int page_count, unsigned int flush_flags); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:35:13 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:35:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172342.314389 (Exim 4.92) (envelope-from ) id 1mIt3h-0003Eg-EP; Wed, 25 Aug 2021 13:35:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172342.314389; Wed, 25 Aug 2021 13:35:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt3h-0003EZ-BB; Wed, 25 Aug 2021 13:35:13 +0000 Received: by outflank-mailman (input) for mailman id 172342; Wed, 25 Aug 2021 13:35:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt3g-0003EP-E7 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:35:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt3g-0005yh-DF for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:35:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIt3g-0003QS-CF for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:35:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=j2v+s99dDu2vVWy/9oPTUUVCjlv5nttdpqZAkM+NbIY=; b=3CYUU47vMBVBPsqhb0V0tND0EP SzScDGXrpyDs4s0UyBc3VNTD9HG3wJ+tkAtLNo0ZPkNNtnVTML9SWE156LDd7FC1D335SsSVyWqvR MRjR16Q1vrh1ESjvE1GyRshglctWzSbFra/sl+ix+zAGW5LuLuFx4HprCLBQ4jHaMhtQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] AMD/IOMMU: re-arrange exclusion range and unity map recording Message-Id: Date: Wed, 25 Aug 2021 13:35:12 +0000 commit ebeb9ec0ad4dd63ec3b5d5d092ea56bc6fe0170f Author: Jan Beulich AuthorDate: Wed Aug 25 15:24:02 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:24:02 2021 +0200 AMD/IOMMU: re-arrange exclusion range and unity map recording The spec makes no provisions for OS behavior here to depend on the amount of RAM found on the system. While the spec may not sufficiently clearly distinguish both kinds of regions, they are surely meant to be separate things: Only regions with ACPI_IVMD_EXCLUSION_RANGE set should be candidates for putting in the exclusion range registers. (As there's only a single such pair of registers per IOMMU, secondary non-adjacent regions with the flag set already get converted to unity mapped regions.) First of all, drop the dependency on max_page. With commit b4f042236ae0 ("AMD/IOMMU: Cease using a dynamic height for the IOMMU pagetables") the use of it here was stale anyway; it was bogus already before, as it didn't account for max_page getting increased later on. Simply try an exclusion range registration first, and if it fails (for being unsuitable or non-mergeable), register a unity mapping range. With this various local variables become unnecessary and hence get dropped at the same time. With the max_page boundary dropped for using unity maps, the minimum page table tree height now needs both recording and enforcing in amd_iommu_domain_init(). Since we can't predict which devices may get assigned to a domain, our only option is to uniformly force at least that height for all domains, now that the height isn't dynamic anymore. Further don't make use of the exclusion range unless ACPI data says so. Note that exclusion range registration in register_range_for_all_devices() is on a best effort basis. Hence unity map entries also registered are redundant when the former succeeded, but they also do no harm. Improvements in this area can be done later imo. Also adjust types where suitable without touching extra lines. This is part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: 8ea80530cd0dbb8ffa7ac92606a3ee29663fdc93 master date: 2021-08-25 14:16:46 +0200 --- xen/drivers/passthrough/amd/iommu_acpi.c | 184 +++++++++++--------------- xen/drivers/passthrough/amd/pci_amd_iommu.c | 12 +- xen/include/asm-x86/hvm/svm/amd-iommu-proto.h | 2 + 3 files changed, 90 insertions(+), 108 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c b/xen/drivers/passthrough/amd/iommu_acpi.c index f933242a3d..ccc66c11d0 100644 --- a/xen/drivers/passthrough/amd/iommu_acpi.c +++ b/xen/drivers/passthrough/amd/iommu_acpi.c @@ -118,12 +118,8 @@ static struct amd_iommu * __init find_iommu_from_bdf_cap( } static int __init reserve_iommu_exclusion_range( - struct amd_iommu *iommu, uint64_t base, uint64_t limit, - bool all, bool iw, bool ir) + struct amd_iommu *iommu, paddr_t base, paddr_t limit, bool all) { - if ( !ir || !iw ) - return -EPERM; - /* need to extend exclusion range? */ if ( iommu->exclusion_enable ) { @@ -152,14 +148,18 @@ static int __init reserve_unity_map_for_device( { struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(seg); struct ivrs_unity_map *unity_map = ivrs_mappings[bdf].unity_map; + int paging_mode = amd_iommu_get_paging_mode(PFN_UP(base + length)); + + if ( paging_mode < 0 ) + return paging_mode; /* Check for overlaps. */ for ( ; unity_map; unity_map = unity_map->next ) { /* * Exact matches are okay. This can in particular happen when - * register_exclusion_range_for_device() calls here twice for the - * same (s,b,d,f). + * register_range_for_device() calls here twice for the same + * (s,b,d,f). */ if ( base == unity_map->addr && length == unity_map->length && ir == unity_map->read && iw == unity_map->write ) @@ -187,55 +187,52 @@ static int __init reserve_unity_map_for_device( unity_map->next = ivrs_mappings[bdf].unity_map; ivrs_mappings[bdf].unity_map = unity_map; + if ( paging_mode > amd_iommu_min_paging_mode ) + amd_iommu_min_paging_mode = paging_mode; + return 0; } -static int __init register_exclusion_range_for_all_devices( - unsigned long base, unsigned long limit, u8 iw, u8 ir) +static int __init register_range_for_all_devices( + paddr_t base, paddr_t limit, bool iw, bool ir, bool exclusion) { int seg = 0; /* XXX */ - unsigned long range_top, iommu_top, length; struct amd_iommu *iommu; - unsigned int bdf; int rc = 0; /* is part of exclusion range inside of IOMMU virtual address space? */ /* note: 'limit' parameter is assumed to be page-aligned */ - range_top = limit + PAGE_SIZE; - iommu_top = max_page * PAGE_SIZE; - if ( base < iommu_top ) - { - if ( range_top > iommu_top ) - range_top = iommu_top; - length = range_top - base; - /* reserve r/w unity-mapped page entries for devices */ - /* note: these entries are part of the exclusion range */ - for ( bdf = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) - rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); - /* push 'base' just outside of virtual address space */ - base = iommu_top; - } - /* register IOMMU exclusion range settings */ - if ( !rc && limit >= iommu_top ) + if ( exclusion ) { for_each_amd_iommu( iommu ) { - rc = reserve_iommu_exclusion_range(iommu, base, limit, - true /* all */, iw, ir); - if ( rc ) - break; + int ret = reserve_iommu_exclusion_range(iommu, base, limit, + true /* all */); + + if ( ret && !rc ) + rc = ret; } } + if ( !exclusion || rc ) + { + paddr_t length = limit + PAGE_SIZE - base; + unsigned int bdf; + + /* reserve r/w unity-mapped page entries for devices */ + for ( bdf = rc = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) + rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); + } + return rc; } -static int __init register_exclusion_range_for_device( - u16 bdf, unsigned long base, unsigned long limit, u8 iw, u8 ir) +static int __init register_range_for_device( + unsigned int bdf, paddr_t base, paddr_t limit, + bool iw, bool ir, bool exclusion) { int seg = 0; /* XXX */ struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(seg); - unsigned long range_top, iommu_top, length; struct amd_iommu *iommu; u16 req; int rc = 0; @@ -249,27 +246,19 @@ static int __init register_exclusion_range_for_device( req = ivrs_mappings[bdf].dte_requestor_id; /* note: 'limit' parameter is assumed to be page-aligned */ - range_top = limit + PAGE_SIZE; - iommu_top = max_page * PAGE_SIZE; - if ( base < iommu_top ) + if ( exclusion ) + rc = reserve_iommu_exclusion_range(iommu, base, limit, + false /* all */); + if ( !exclusion || rc ) { - if ( range_top > iommu_top ) - range_top = iommu_top; - length = range_top - base; + paddr_t length = limit + PAGE_SIZE - base; + /* reserve unity-mapped page entries for device */ - /* note: these entries are part of the exclusion range */ rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir) ?: reserve_unity_map_for_device(seg, req, base, length, iw, ir); - - /* push 'base' just outside of virtual address space */ - base = iommu_top; } - - /* register IOMMU exclusion range settings for device */ - if ( !rc && limit >= iommu_top ) + else { - rc = reserve_iommu_exclusion_range(iommu, base, limit, - false /* all */, iw, ir); ivrs_mappings[bdf].dte_allow_exclusion = true; ivrs_mappings[req].dte_allow_exclusion = true; } @@ -277,53 +266,42 @@ static int __init register_exclusion_range_for_device( return rc; } -static int __init register_exclusion_range_for_iommu_devices( - struct amd_iommu *iommu, - unsigned long base, unsigned long limit, u8 iw, u8 ir) +static int __init register_range_for_iommu_devices( + struct amd_iommu *iommu, paddr_t base, paddr_t limit, + bool iw, bool ir, bool exclusion) { - unsigned long range_top, iommu_top, length; + /* note: 'limit' parameter is assumed to be page-aligned */ + paddr_t length = limit + PAGE_SIZE - base; unsigned int bdf; u16 req; - int rc = 0; + int rc; - /* is part of exclusion range inside of IOMMU virtual address space? */ - /* note: 'limit' parameter is assumed to be page-aligned */ - range_top = limit + PAGE_SIZE; - iommu_top = max_page * PAGE_SIZE; - if ( base < iommu_top ) + if ( exclusion ) { - if ( range_top > iommu_top ) - range_top = iommu_top; - length = range_top - base; - /* reserve r/w unity-mapped page entries for devices */ - /* note: these entries are part of the exclusion range */ - for ( bdf = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) - { - if ( iommu == find_iommu_for_device(iommu->seg, bdf) ) - { - req = get_ivrs_mappings(iommu->seg)[bdf].dte_requestor_id; - rc = reserve_unity_map_for_device(iommu->seg, bdf, base, length, - iw, ir) ?: - reserve_unity_map_for_device(iommu->seg, req, base, length, - iw, ir); - } - } - - /* push 'base' just outside of virtual address space */ - base = iommu_top; + rc = reserve_iommu_exclusion_range(iommu, base, limit, true /* all */); + if ( !rc ) + return 0; } - /* register IOMMU exclusion range settings */ - if ( !rc && limit >= iommu_top ) - rc = reserve_iommu_exclusion_range(iommu, base, limit, - true /* all */, iw, ir); + /* reserve unity-mapped page entries for devices */ + for ( bdf = rc = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) + { + if ( iommu != find_iommu_for_device(iommu->seg, bdf) ) + continue; + + req = get_ivrs_mappings(iommu->seg)[bdf].dte_requestor_id; + rc = reserve_unity_map_for_device(iommu->seg, bdf, base, length, + iw, ir) ?: + reserve_unity_map_for_device(iommu->seg, req, base, length, + iw, ir); + } return rc; } static int __init parse_ivmd_device_select( const struct acpi_ivrs_memory *ivmd_block, - unsigned long base, unsigned long limit, u8 iw, u8 ir) + paddr_t base, paddr_t limit, bool iw, bool ir, bool exclusion) { u16 bdf; @@ -334,12 +312,12 @@ static int __init parse_ivmd_device_select( return -ENODEV; } - return register_exclusion_range_for_device(bdf, base, limit, iw, ir); + return register_range_for_device(bdf, base, limit, iw, ir, exclusion); } static int __init parse_ivmd_device_range( const struct acpi_ivrs_memory *ivmd_block, - unsigned long base, unsigned long limit, u8 iw, u8 ir) + paddr_t base, paddr_t limit, bool iw, bool ir, bool exclusion) { unsigned int first_bdf, last_bdf, bdf; int error; @@ -361,15 +339,15 @@ static int __init parse_ivmd_device_range( } for ( bdf = first_bdf, error = 0; (bdf <= last_bdf) && !error; bdf++ ) - error = register_exclusion_range_for_device( - bdf, base, limit, iw, ir); + error = register_range_for_device( + bdf, base, limit, iw, ir, exclusion); return error; } static int __init parse_ivmd_device_iommu( const struct acpi_ivrs_memory *ivmd_block, - unsigned long base, unsigned long limit, u8 iw, u8 ir) + paddr_t base, paddr_t limit, bool iw, bool ir, bool exclusion) { int seg = 0; /* XXX */ struct amd_iommu *iommu; @@ -384,14 +362,14 @@ static int __init parse_ivmd_device_iommu( return -ENODEV; } - return register_exclusion_range_for_iommu_devices( - iommu, base, limit, iw, ir); + return register_range_for_iommu_devices( + iommu, base, limit, iw, ir, exclusion); } static int __init parse_ivmd_block(const struct acpi_ivrs_memory *ivmd_block) { unsigned long start_addr, mem_length, base, limit; - u8 iw, ir; + bool iw = true, ir = true, exclusion = false; if ( ivmd_block->header.length < sizeof(*ivmd_block) ) { @@ -408,13 +386,11 @@ static int __init parse_ivmd_block(const struct acpi_ivrs_memory *ivmd_block) ivmd_block->header.type, start_addr, mem_length); if ( ivmd_block->header.flags & ACPI_IVMD_EXCLUSION_RANGE ) - iw = ir = IOMMU_CONTROL_ENABLED; + exclusion = true; else if ( ivmd_block->header.flags & ACPI_IVMD_UNITY ) { - iw = ivmd_block->header.flags & ACPI_IVMD_READ ? - IOMMU_CONTROL_ENABLED : IOMMU_CONTROL_DISABLED; - ir = ivmd_block->header.flags & ACPI_IVMD_WRITE ? - IOMMU_CONTROL_ENABLED : IOMMU_CONTROL_DISABLED; + iw = ivmd_block->header.flags & ACPI_IVMD_READ; + ir = ivmd_block->header.flags & ACPI_IVMD_WRITE; } else { @@ -425,20 +401,20 @@ static int __init parse_ivmd_block(const struct acpi_ivrs_memory *ivmd_block) switch( ivmd_block->header.type ) { case ACPI_IVRS_TYPE_MEMORY_ALL: - return register_exclusion_range_for_all_devices( - base, limit, iw, ir); + return register_range_for_all_devices( + base, limit, iw, ir, exclusion); case ACPI_IVRS_TYPE_MEMORY_ONE: - return parse_ivmd_device_select(ivmd_block, - base, limit, iw, ir); + return parse_ivmd_device_select(ivmd_block, base, limit, + iw, ir, exclusion); case ACPI_IVRS_TYPE_MEMORY_RANGE: - return parse_ivmd_device_range(ivmd_block, - base, limit, iw, ir); + return parse_ivmd_device_range(ivmd_block, base, limit, + iw, ir, exclusion); case ACPI_IVRS_TYPE_MEMORY_IOMMU: - return parse_ivmd_device_iommu(ivmd_block, - base, limit, iw, ir); + return parse_ivmd_device_iommu(ivmd_block, base, limit, + iw, ir, exclusion); default: AMD_IOMMU_DEBUG("IVMD Error: Invalid Block Type!\n"); diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 6c730f1a72..beafb0171d 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -234,6 +234,8 @@ static int __must_check allocate_domain_resources(struct domain_iommu *hd) return rc; } +int __read_mostly amd_iommu_min_paging_mode = 1; + static int amd_iommu_domain_init(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); @@ -245,11 +247,13 @@ static int amd_iommu_domain_init(struct domain *d) * - HVM could in principle use 3 or 4 depending on how much guest * physical address space we give it, but this isn't known yet so use 4 * unilaterally. + * - Unity maps may require an even higher number. */ - hd->arch.paging_mode = amd_iommu_get_paging_mode( - is_hvm_domain(d) - ? 1ul << (DEFAULT_DOMAIN_ADDRESS_WIDTH - PAGE_SHIFT) - : get_upper_mfn_bound() + 1); + hd->arch.paging_mode = max(amd_iommu_get_paging_mode( + is_hvm_domain(d) + ? 1ul << (DEFAULT_DOMAIN_ADDRESS_WIDTH - PAGE_SHIFT) + : get_upper_mfn_bound() + 1), + amd_iommu_min_paging_mode); return 0; } diff --git a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h index 8726e62558..3983293540 100644 --- a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h +++ b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h @@ -140,6 +140,8 @@ extern struct hpet_sbdf { } init; } hpet_sbdf; +extern int amd_iommu_min_paging_mode; + extern void *shared_intremap_table; extern unsigned long *shared_intremap_inuse; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:35:24 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:35:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172343.314393 (Exim 4.92) (envelope-from ) id 1mIt3s-0003IL-HQ; Wed, 25 Aug 2021 13:35:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172343.314393; Wed, 25 Aug 2021 13:35:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt3s-0003ID-Eb; Wed, 25 Aug 2021 13:35:24 +0000 Received: by outflank-mailman (input) for mailman id 172343; Wed, 25 Aug 2021 13:35:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt3q-0003Hi-R2 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:35:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt3q-0005ys-QC for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:35:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIt3q-0003Sb-Mn for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:35:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=uksRoBD6B2b9Vz2H5kALZa65ybOzEKbaR+JU129ut5A=; b=TLWjkULdlawBiUpeAbG0nizWxK eloGQqRCrWz9XvX4nN4ienLt56mFrR4o8LZKZRKNO7X4NsQ8AAUoza2wmlmJo/qGj3GhZfQKgrpUP xtj0q5VJJuN00izU8Y82X7YcKDUjQGNHxFOP+V0OIzhzZ3as8WmcKcty/ylbxGPEQsJc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] x86/p2m: introduce p2m_is_special() Message-Id: Date: Wed, 25 Aug 2021 13:35:22 +0000 commit f762403ed349df1b04468100dbffd0a6b6fe3303 Author: Jan Beulich AuthorDate: Wed Aug 25 15:24:18 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:24:18 2021 +0200 x86/p2m: introduce p2m_is_special() Seeing the similarity of grant, foreign, and (subsequently) direct-MMIO handling, introduce a new P2M type group named "special" (as in "needing special accessors to create/destroy"). Also use -EPERM instead of other error codes on the two domain_crash() paths touched. This is part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: 0bf755e2c856628e11e93c76c3e12974e9964638 master date: 2021-08-25 14:17:07 +0200 --- xen/arch/x86/mm/p2m.c | 15 +++++++-------- xen/include/asm-x86/p2m.h | 5 +++++ 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 01402cfc5d..96fbed8ce1 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -807,7 +807,7 @@ p2m_remove_page(struct p2m_domain *p2m, unsigned long gfn_l, unsigned long mfn, for ( i = 0; i < (1UL << page_order); i++ ) { p2m->get_entry(p2m, gfn_add(gfn, i), &t, &a, 0, NULL, NULL); - if ( !p2m_is_grant(t) && !p2m_is_shared(t) && !p2m_is_foreign(t) ) + if ( !p2m_is_special(t) && !p2m_is_shared(t) ) set_gpfn_from_mfn(mfn+i, INVALID_M2P_ENTRY); } } @@ -934,13 +934,13 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, &ot, &a, 0, NULL, NULL); ASSERT(!p2m_is_shared(ot)); } - if ( p2m_is_grant(ot) || p2m_is_foreign(ot) ) + if ( p2m_is_special(ot) ) { - /* Really shouldn't be unmapping grant/foreign maps this way */ + /* Don't permit unmapping grant/foreign this way. */ domain_crash(d); p2m_unlock(p2m); - return -EINVAL; + return -EPERM; } else if ( p2m_is_ram(ot) && !p2m_is_paged(ot) ) { @@ -1034,8 +1034,7 @@ int p2m_change_type_one(struct domain *d, unsigned long gfn_l, struct p2m_domain *p2m = p2m_get_hostp2m(d); int rc; - BUG_ON(p2m_is_grant(ot) || p2m_is_grant(nt)); - BUG_ON(p2m_is_foreign(ot) || p2m_is_foreign(nt)); + BUG_ON(p2m_is_special(ot) || p2m_is_special(nt)); gfn_lock(p2m, gfn, 0); @@ -1282,11 +1281,11 @@ static int set_typed_p2m_entry(struct domain *d, unsigned long gfn_l, gfn_unlock(p2m, gfn, order); return cur_order + 1; } - if ( p2m_is_grant(ot) || p2m_is_foreign(ot) ) + if ( p2m_is_special(ot) ) { gfn_unlock(p2m, gfn, order); domain_crash(d); - return -ENOENT; + return -EPERM; } else if ( p2m_is_ram(ot) ) { diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index 3492542af7..3b28d2a1b8 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -141,6 +141,10 @@ typedef unsigned int p2m_query_t; | p2m_to_mask(p2m_ram_logdirty) ) #define P2M_SHARED_TYPES (p2m_to_mask(p2m_ram_shared)) +/* Types established/cleaned up via special accessors. */ +#define P2M_SPECIAL_TYPES (P2M_GRANT_TYPES | \ + p2m_to_mask(p2m_map_foreign)) + /* Valid types not necessarily associated with a (valid) MFN. */ #define P2M_INVALID_MFN_TYPES (P2M_POD_TYPES \ | p2m_to_mask(p2m_mmio_direct) \ @@ -169,6 +173,7 @@ typedef unsigned int p2m_query_t; #define p2m_is_paged(_t) (p2m_to_mask(_t) & P2M_PAGED_TYPES) #define p2m_is_sharable(_t) (p2m_to_mask(_t) & P2M_SHARABLE_TYPES) #define p2m_is_shared(_t) (p2m_to_mask(_t) & P2M_SHARED_TYPES) +#define p2m_is_special(_t) (p2m_to_mask(_t) & P2M_SPECIAL_TYPES) #define p2m_is_broken(_t) (p2m_to_mask(_t) & P2M_BROKEN_TYPES) #define p2m_is_foreign(_t) (p2m_to_mask(_t) & p2m_to_mask(p2m_map_foreign)) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:35:34 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:35:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172344.314397 (Exim 4.92) (envelope-from ) id 1mIt42-0003L6-Iz; Wed, 25 Aug 2021 13:35:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172344.314397; Wed, 25 Aug 2021 13:35:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt42-0003Ky-G7; Wed, 25 Aug 2021 13:35:34 +0000 Received: by outflank-mailman (input) for mailman id 172344; Wed, 25 Aug 2021 13:35:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt41-0003Kk-4a for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:35:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt41-0005z6-3r for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:35:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIt41-0003Tc-2F for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:35:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=9//gGoBjPSAvBuLkvkw3+QodIyWVWEdT4xEOHUJIwE8=; b=eXIQ9j8hqSDrU5s0ZgrOlDUynM 7SnvwA85EL3uD0KwPnGHlaZHhQRiX5zWeDUWWOo4RoI7Lfy8DzLKCSzZPhe8ZPd0evqqT9GRWhyxK FVkXUyveitrhIsV00PjxZUz0kEA52cQZ1du45xCFDu2lMBT3pY5UBQQC95QMeKE1h6Jc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] x86/p2m: guard (in particular) identity mapping entries Message-Id: Date: Wed, 25 Aug 2021 13:35:33 +0000 commit 89d40f0682f9ad37091cc53685f3ecf63a44bb72 Author: Jan Beulich AuthorDate: Wed Aug 25 15:24:37 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:24:37 2021 +0200 x86/p2m: guard (in particular) identity mapping entries Such entries, created by set_identity_p2m_entry(), should only be destroyed by clear_identity_p2m_entry(). However, similarly, entries created by set_mmio_p2m_entry() should only be torn down by clear_mmio_p2m_entry(), so the logic gets based upon p2m_mmio_direct as the entry type (separation between "ordinary" and 1:1 mappings would require a further indicator to tell apart the two). As to the guest_remove_page() change, commit 48dfb297a20a ("x86/PVH: allow guest_remove_page to remove p2m_mmio_direct pages"), which introduced the call to clear_mmio_p2m_entry(), claimed this was done for hwdom only without this actually having been the case. However, this code shouldn't be there in the first place, as MMIO entries shouldn't be dropped this way. Avoid triggering the warning again that 48dfb297a20a silenced by an adjustment to xenmem_add_to_physmap_one() instead. Note that guest_physmap_mark_populate_on_demand() gets tightened beyond the immediate purpose of this change. Note also that I didn't inspect code which isn't security supported, e.g. sharing, paging, or altp2m. This is CVE-2021-28694 / part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: 753cb68e653002e89fdcd1c80e52905fdbfb78cb master date: 2021-08-25 14:17:32 +0200 --- xen/arch/x86/mm.c | 4 +++- xen/arch/x86/mm/p2m-pod.c | 12 ++++++------ xen/arch/x86/mm/p2m.c | 11 ++++++----- xen/common/memory.c | 11 ++++++++++- xen/include/asm-x86/p2m.h | 5 ++--- 5 files changed, 27 insertions(+), 16 deletions(-) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index e56cd4bc65..1f3b12d447 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -4770,7 +4770,9 @@ int xenmem_add_to_physmap_one( /* Remove previously mapped page if it was present. */ prev_mfn = get_gfn(d, gfn_x(gpfn), &p2mt); - if ( mfn_valid(prev_mfn) ) + if ( p2mt == p2m_mmio_direct ) + rc = -EPERM; + else if ( mfn_valid(prev_mfn) ) { if ( is_xen_heap_mfn(prev_mfn) ) /* Xen heap frames are simply unhooked from this phys slot. */ diff --git a/xen/arch/x86/mm/p2m-pod.c b/xen/arch/x86/mm/p2m-pod.c index 096e2773fb..007cdd87d0 100644 --- a/xen/arch/x86/mm/p2m-pod.c +++ b/xen/arch/x86/mm/p2m-pod.c @@ -1295,17 +1295,17 @@ guest_physmap_mark_populate_on_demand(struct domain *d, unsigned long gfn_l, p2m->get_entry(p2m, gfn_add(gfn, i), &ot, &a, 0, &cur_order, NULL); n = 1UL << min(order, cur_order); - if ( p2m_is_ram(ot) ) + if ( ot == p2m_populate_on_demand ) + { + /* Count how many PoD entries we'll be replacing if successful */ + pod_count += n; + } + else if ( ot != p2m_invalid && ot != p2m_mmio_dm ) { P2M_DEBUG("gfn_to_mfn returned type %d!\n", ot); rc = -EBUSY; goto out; } - else if ( ot == p2m_populate_on_demand ) - { - /* Count how man PoD entries we'll be replacing if successful */ - pod_count += n; - } } /* Now, actually do the two-way mapping */ diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 96fbed8ce1..2e4d6e52a2 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -796,7 +796,8 @@ p2m_remove_page(struct p2m_domain *p2m, unsigned long gfn_l, unsigned long mfn, &cur_order, NULL); if ( p2m_is_valid(t) && - (!mfn_valid(_mfn(mfn)) || mfn + i != mfn_x(mfn_return)) ) + (!mfn_valid(_mfn(mfn)) || t == p2m_mmio_direct || + mfn + i != mfn_x(mfn_return)) ) return -EILSEQ; i += (1UL << cur_order) - ((gfn_l + i) & ((1UL << cur_order) - 1)); @@ -890,7 +891,7 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, if ( p2m_is_foreign(t) ) return -EINVAL; - if ( !mfn_valid(mfn) ) + if ( !mfn_valid(mfn) || t == p2m_mmio_direct ) { ASSERT_UNREACHABLE(); return -EINVAL; @@ -936,7 +937,7 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, } if ( p2m_is_special(ot) ) { - /* Don't permit unmapping grant/foreign this way. */ + /* Don't permit unmapping grant/foreign/direct-MMIO this way. */ domain_crash(d); p2m_unlock(p2m); @@ -1385,8 +1386,8 @@ int set_identity_p2m_entry(struct domain *d, unsigned long gfn_l, * order+1 for caller to retry with order (guaranteed smaller than * the order value passed in) */ -int clear_mmio_p2m_entry(struct domain *d, unsigned long gfn_l, mfn_t mfn, - unsigned int order) +static int clear_mmio_p2m_entry(struct domain *d, unsigned long gfn_l, + mfn_t mfn, unsigned int order) { int rc = -EINVAL; gfn_t gfn = _gfn(gfn_l); diff --git a/xen/common/memory.c b/xen/common/memory.c index 4c982f3db7..7c394b3640 100644 --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -328,7 +328,7 @@ int guest_remove_page(struct domain *d, unsigned long gmfn) } if ( p2mt == p2m_mmio_direct ) { - rc = clear_mmio_p2m_entry(d, gmfn, mfn, PAGE_ORDER_4K); + rc = -EPERM; goto out_put_gfn; } #else @@ -1720,6 +1720,15 @@ int check_get_page_from_gfn(struct domain *d, gfn_t gfn, bool readonly, return -EAGAIN; } #endif +#ifdef CONFIG_X86 + if ( p2mt == p2m_mmio_direct ) + { + if ( page ) + put_page(page); + + return -EPERM; + } +#endif if ( !page ) return -EINVAL; diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index 3b28d2a1b8..807dc4b1a9 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -143,7 +143,8 @@ typedef unsigned int p2m_query_t; /* Types established/cleaned up via special accessors. */ #define P2M_SPECIAL_TYPES (P2M_GRANT_TYPES | \ - p2m_to_mask(p2m_map_foreign)) + p2m_to_mask(p2m_map_foreign) | \ + p2m_to_mask(p2m_mmio_direct)) /* Valid types not necessarily associated with a (valid) MFN. */ #define P2M_INVALID_MFN_TYPES (P2M_POD_TYPES \ @@ -649,8 +650,6 @@ int set_foreign_p2m_entry(struct domain *d, unsigned long gfn, mfn_t mfn); /* Set mmio addresses in the p2m table (for pass-through) */ int set_mmio_p2m_entry(struct domain *d, unsigned long gfn, mfn_t mfn, unsigned int order, p2m_access_t access); -int clear_mmio_p2m_entry(struct domain *d, unsigned long gfn, mfn_t mfn, - unsigned int order); /* Set identity addresses in the p2m table (for pass-through) */ int set_identity_p2m_entry(struct domain *d, unsigned long gfn, -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:35:44 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:35:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172345.314401 (Exim 4.92) (envelope-from ) id 1mIt4C-0003O3-Kd; Wed, 25 Aug 2021 13:35:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172345.314401; Wed, 25 Aug 2021 13:35:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt4C-0003Nv-He; Wed, 25 Aug 2021 13:35:44 +0000 Received: by outflank-mailman (input) for mailman id 172345; Wed, 25 Aug 2021 13:35:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt4B-0003Nk-Al for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:35:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt4B-0005zH-A0 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:35:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIt4B-0003Uk-8Y for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:35:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=UUUvqsnBvRBJUM1/EjTLnzZpaimytC39kmIzme490uU=; b=nm21YedJ7rmYGtsLh3PwQM8J6q gf4kqS3ZJLP2LkgxgxzU7BWOxvXSisDfd6QBXsxcvitJoLz19LtRA3L2sZZ3x4GA9Jblm8GT2LiaL ffBg9iQIItD9rKwfVvqafBLTtuGYBsYRc9sYSQAr6y+oLg9CzHF2w7kWGZVqvlNNup4g=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] x86/mm: widen locked region in xenmem_add_to_physmap_one() Message-Id: Date: Wed, 25 Aug 2021 13:35:43 +0000 commit 53e797c042df61c99cbca6d7e6aecaa568821bb6 Author: Jan Beulich AuthorDate: Wed Aug 25 15:25:18 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:25:18 2021 +0200 x86/mm: widen locked region in xenmem_add_to_physmap_one() For pages which can be made part of the P2M by the guest, but which can also later be de-allocated (grant table v2 status pages being the present example), it is imperative that they be mapped at no more than a single GFN. We therefore need to make sure that of two parallel XENMAPSPACE_grant_table requests for the same status page one completes before the second checks at which other GFN the underlying MFN is presently mapped. Pull ahead the respective get_gfn() and push down the respective put_gfn(). This leverages that gfn_lock() really aliases p2m_lock(), but the function makes this assumption already anyway: In the XENMAPSPACE_gmfn case lock nesting constraints for both involved GFNs would otherwise need to be enforced to avoid ABBA deadlocks. This is CVE-2021-28697 / XSA-379. Signed-off-by: Jan Beulich Reviewed-by: Julien Grall master commit: f147422bf9476fb8161b43e35f5901571ed17c35 master date: 2021-08-25 14:17:56 +0200 --- xen/arch/x86/mm.c | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 1f3b12d447..7cdd23cd3c 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -4768,8 +4768,20 @@ int xenmem_add_to_physmap_one( goto put_both; } - /* Remove previously mapped page if it was present. */ + /* + * Note that we're (ab)using GFN locking (to really be locking of the + * entire P2M) here in (at least) two ways: Finer grained locking would + * expose lock order violations in the XENMAPSPACE_gmfn case (due to the + * earlier get_gfn_unshare() above). Plus at the very least for the grant + * table v2 status page case we need to guarantee that the same page can + * only appear at a single GFN. While this is a property we want in + * general, for pages which can subsequently be freed this imperative: + * Upon freeing we wouldn't be able to find other mappings in the P2M + * (unless we did a brute force search). + */ prev_mfn = get_gfn(d, gfn_x(gpfn), &p2mt); + + /* Remove previously mapped page if it was present. */ if ( p2mt == p2m_mmio_direct ) rc = -EPERM; else if ( mfn_valid(prev_mfn) ) @@ -4781,27 +4793,21 @@ int xenmem_add_to_physmap_one( /* Normal domain memory is freed, to avoid leaking memory. */ rc = guest_remove_page(d, gfn_x(gpfn)); } - /* In the XENMAPSPACE_gmfn case we still hold a ref on the old page. */ - put_gfn(d, gfn_x(gpfn)); - - if ( rc ) - goto put_both; /* Unmap from old location, if any. */ old_gpfn = get_gpfn_from_mfn(mfn_x(mfn)); ASSERT(!SHARED_M2P(old_gpfn)); if ( space == XENMAPSPACE_gmfn && old_gpfn != gfn ) - { rc = -EXDEV; - goto put_both; - } - if ( old_gpfn != INVALID_M2P_ENTRY ) + else if ( !rc && old_gpfn != INVALID_M2P_ENTRY ) rc = guest_physmap_remove_page(d, _gfn(old_gpfn), mfn, PAGE_ORDER_4K); /* Map at new location. */ if ( !rc ) rc = guest_physmap_add_page(d, gpfn, mfn, PAGE_ORDER_4K); + put_gfn(d, gfn_x(gpfn)); + put_both: /* * In the XENMAPSPACE_gmfn case, we took a ref of the gfn at the top. -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:35:54 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:35:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172346.314404 (Exim 4.92) (envelope-from ) id 1mIt4M-0003RF-MI; Wed, 25 Aug 2021 13:35:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172346.314404; Wed, 25 Aug 2021 13:35:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt4M-0003R7-JG; Wed, 25 Aug 2021 13:35:54 +0000 Received: by outflank-mailman (input) for mailman id 172346; Wed, 25 Aug 2021 13:35:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt4L-0003Qj-Eb for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:35:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt4L-0005za-Dt for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:35:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIt4L-0003W5-D7 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:35:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=SKj777lE7Kp3Gdv2JZV+QS2fb7W6+fxIiZB8dCsFC3w=; b=KIqtE0ohCSrsEEMS7/PZyb9Oeu va+l/IJn0iHkf6pclUy9PkmVucfROCpWIzGSJigwcTf8JbzwlzqO2UCmBqnUrhlCaSV3QJhmGogra TySMAH11YUzQJppM/xQSeNNW5YqBSotgQfT4OPX9gXSmUdNDPxWsw3ePhGidNVN9CP0c=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] gnttab: add preemption check to gnttab_release_mappings() Message-Id: Date: Wed, 25 Aug 2021 13:35:53 +0000 commit 9d954c8c1a3e3cd70cddf9dbf7da7305de9b1173 Author: Jan Beulich AuthorDate: Wed Aug 25 15:25:39 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:25:39 2021 +0200 gnttab: add preemption check to gnttab_release_mappings() A guest may die with many grant mappings still in place, or simply with a large maptrack table. Iterating through this may take more time than is reasonable without intermediate preemption (to run softirqs and perhaps the scheduler). Move the invocation of the function to the section where other restartable functions get invoked, and have the function itself check for preemption every once in a while. Have it iterate the table backwards, such that decreasing the maptrack limit is all it takes to convey restart information. In domain_teardown() introduce PROG_none such that inserting at the front will be easier going forward. This is part of CVE-2021-28698 / XSA-380. Reported-by: Andrew Cooper Signed-off-by: Jan Beulich Reviewed-by: Julien Grall master commit: b1ee10be5625b7d502cef1e6ee3818610ab0d29c master date: 2021-08-25 14:18:18 +0200 --- xen/common/domain.c | 4 +++- xen/common/grant_table.c | 46 ++++++++++++++++++++++++++++++++++++------- xen/include/xen/grant_table.h | 6 ++---- 3 files changed, 44 insertions(+), 12 deletions(-) diff --git a/xen/common/domain.c b/xen/common/domain.c index ee9c604118..bd28f15f83 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -776,11 +776,13 @@ int domain_kill(struct domain *d) return domain_kill(d); d->is_dying = DOMDYING_dying; argo_destroy(d); - gnttab_release_mappings(d); vnuma_destroy(d->vnuma); domain_set_outstanding_pages(d, 0); /* fallthrough */ case DOMDYING_dying: + rc = gnttab_release_mappings(d); + if ( rc ) + break; rc = evtchn_destroy(d); if ( rc ) break; diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index b15e978d06..cf37f0d532 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -63,7 +63,13 @@ struct grant_table { unsigned int nr_grant_frames; /* Number of grant status frames shared with guest (for version 2) */ unsigned int nr_status_frames; - /* Number of available maptrack entries. */ + /* + * Number of available maptrack entries. For cleanup purposes it is + * important to realize that this field and @maptrack further down will + * only ever be accessed by the local domain. Thus it is okay to clean + * up early, and to shrink the limit for the purpose of tracking cleanup + * progress. + */ unsigned int maptrack_limit; /* Shared grant table (see include/public/grant_table.h). */ union { @@ -3675,9 +3681,7 @@ do_grant_table_op( #include "compat/grant_table.c" #endif -void -gnttab_release_mappings( - struct domain *d) +int gnttab_release_mappings(struct domain *d) { struct grant_table *gt = d->grant_table, *rgt; struct grant_mapping *map; @@ -3691,10 +3695,34 @@ gnttab_release_mappings( BUG_ON(!d->is_dying); - for ( handle = 0; handle < gt->maptrack_limit; handle++ ) + if ( !gt || !gt->maptrack ) + return 0; + + for ( handle = gt->maptrack_limit; handle; ) { unsigned int clear_flags = 0; + /* + * Deal with full pages such that their freeing (in the body of the + * if()) remains simple. + */ + if ( handle < gt->maptrack_limit && !(handle % MAPTRACK_PER_PAGE) ) + { + /* + * Changing maptrack_limit alters nr_maptrack_frames()'es return + * value. Free the then excess trailing page right here, rather + * than leaving it to grant_table_destroy() (and in turn requiring + * to leave gt->maptrack_limit unaltered). + */ + gt->maptrack_limit = handle; + FREE_XENHEAP_PAGE(gt->maptrack[nr_maptrack_frames(gt)]); + + if ( hypercall_preempt_check() ) + return -ERESTART; + } + + --handle; + map = &maptrack_entry(gt, handle); if ( !(map->flags & (GNTMAP_device_map|GNTMAP_host_map)) ) continue; @@ -3785,6 +3813,11 @@ gnttab_release_mappings( map->flags = 0; } + + gt->maptrack_limit = 0; + FREE_XENHEAP_PAGE(gt->maptrack[0]); + + return 0; } void grant_table_warn_active_grants(struct domain *d) @@ -3848,8 +3881,7 @@ grant_table_destroy( free_xenheap_page(t->shared_raw[i]); xfree(t->shared_raw); - for ( i = 0; i < nr_maptrack_frames(t); i++ ) - free_xenheap_page(t->maptrack[i]); + ASSERT(!t->maptrack_limit); vfree(t->maptrack); for ( i = 0; i < nr_active_grant_frames(t); i++ ) diff --git a/xen/include/xen/grant_table.h b/xen/include/xen/grant_table.h index 98603604b8..ab4726bdc4 100644 --- a/xen/include/xen/grant_table.h +++ b/xen/include/xen/grant_table.h @@ -47,9 +47,7 @@ void grant_table_init_vcpu(struct vcpu *v); void grant_table_warn_active_grants(struct domain *d); /* Domain death release of granted mappings of other domains' memory. */ -void -gnttab_release_mappings( - struct domain *d); +int gnttab_release_mappings(struct domain *d); int mem_sharing_gref_to_gfn(struct grant_table *gt, grant_ref_t ref, gfn_t *gfn, uint16_t *status); @@ -78,7 +76,7 @@ static inline void grant_table_init_vcpu(struct vcpu *v) {} static inline void grant_table_warn_active_grants(struct domain *d) {} -static inline void gnttab_release_mappings(struct domain *d) {} +static inline int gnttab_release_mappings(struct domain *d) { return 0; } static inline int mem_sharing_gref_to_gfn(struct grant_table *gt, grant_ref_t ref, -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:36:04 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:36:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172347.314408 (Exim 4.92) (envelope-from ) id 1mIt4W-0003Tm-OH; Wed, 25 Aug 2021 13:36:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172347.314408; Wed, 25 Aug 2021 13:36:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt4W-0003Te-Kt; Wed, 25 Aug 2021 13:36:04 +0000 Received: by outflank-mailman (input) for mailman id 172347; Wed, 25 Aug 2021 13:36:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt4V-0003TU-IK for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:36:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt4V-0005zy-HZ for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:36:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIt4V-0003Xi-Gi for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:36:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=9DAIHb1s9ZIIj6HWh9za0AcjTEpFjcOBxeurNsJFsLk=; b=0TeBSN9npO+MPgRnWwfWj6VmB3 R3wOlPAlrdKqiE+qGeRRVuX9onQqoqrmrOg1kZYhhXHrT12G0Zxxu5bZMI/pxQsZ9lGlxOZiZlnjK 3eFjXubEre6CxOi493QfEEb+NALgkmJHoGr3tWGMRDl967vbcFxRRQFPyvs9DyrFRrzc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] gnttab: replace mapkind() Message-Id: Date: Wed, 25 Aug 2021 13:36:03 +0000 commit 4d65fe936a8b99603e9f2457e1b3ec6b6a1a2b60 Author: Jan Beulich AuthorDate: Wed Aug 25 15:25:59 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:25:59 2021 +0200 gnttab: replace mapkind() mapkind() doesn't scale very well with larger maptrack entry counts, using a brute force linear search through all entries, with the only option of an early loop exit if a matching writable entry was found. Introduce a radix tree alongside the main maptrack table, thus allowing much faster MFN-based lookup. To avoid the need to actually allocate space for the individual nodes, encode the two counters in the node pointers themselves, thus limiting the number of permitted simultaneous r/o and r/w mappings of the same MFN to 2³¹-1 (64-bit) / 2¹⁵-1 (32-bit) each. To avoid enforcing an unnecessarily low bound on the number of simultaneous mappings of a single MFN, introduce radix_tree_{ulong_to_ptr,ptr_to_ulong} paralleling radix_tree_{int_to_ptr,ptr_to_int}. As a consequence locking changes are also applicable: With there no longer being any inspection of the remote domain's active entries, there's also no need anymore to hold the remote domain's grant table lock. And since we're no longer iterating over the local domain's map track table, the lock in map_grant_ref() can also be dropped before the new maptrack entry actually gets populated. As a nice side effect this also reduces the number of IOMMU operations in unmap_common(): Previously we would have "established" a readable mapping whenever we didn't find a writable entry anymore (yet, of course, at least one readable one). But we only need to do this if we actually dropped the last writable entry, not if there were none already before. This is part of CVE-2021-28698 / XSA-380. Signed-off-by: Jan Beulich Reviewed-by: Julien Grall master commit: 9781b51efde251efcc0291ddb1d9c7cefe2b2555 master date: 2021-08-25 14:18:39 +0200 --- xen/common/grant_table.c | 200 ++++++++++++++++++++++++------------------- xen/include/xen/radix-tree.h | 19 ++++ 2 files changed, 130 insertions(+), 89 deletions(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index cf37f0d532..edc2c9f2b5 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -36,6 +36,7 @@ #include #include #include +#include #include #include #include @@ -81,8 +82,13 @@ struct grant_table { grant_status_t **status; /* Active grant table. */ struct active_grant_entry **active; - /* Mapping tracking table per vcpu. */ + /* Handle-indexed tracking table of mappings. */ struct grant_mapping **maptrack; + /* + * MFN-indexed tracking tree of mappings, if needed. Note that this is + * protected by @lock, not @maptrack_lock. + */ + struct radix_tree_root maptrack_tree; /* Domain to which this struct grant_table belongs. */ const struct domain *domain; @@ -460,34 +466,6 @@ static int get_paged_frame(unsigned long gfn, mfn_t *mfn, return GNTST_okay; } -static inline void -double_gt_lock(struct grant_table *lgt, struct grant_table *rgt) -{ - /* - * See mapkind() for why the write lock is also required for the - * remote domain. - */ - if ( lgt < rgt ) - { - grant_write_lock(lgt); - grant_write_lock(rgt); - } - else - { - if ( lgt != rgt ) - grant_write_lock(rgt); - grant_write_lock(lgt); - } -} - -static inline void -double_gt_unlock(struct grant_table *lgt, struct grant_table *rgt) -{ - grant_write_unlock(lgt); - if ( lgt != rgt ) - grant_write_unlock(rgt); -} - #define INVALID_MAPTRACK_HANDLE UINT_MAX static inline grant_handle_t @@ -907,41 +885,17 @@ static struct active_grant_entry *grant_map_exists(const struct domain *ld, return ERR_PTR(-EINVAL); } -#define MAPKIND_READ 1 -#define MAPKIND_WRITE 2 -static unsigned int mapkind( - struct grant_table *lgt, const struct domain *rd, mfn_t mfn) -{ - struct grant_mapping *map; - grant_handle_t handle, limit = lgt->maptrack_limit; - unsigned int kind = 0; - - /* - * Must have the local domain's grant table write lock when - * iterating over its maptrack entries. - */ - ASSERT(percpu_rw_is_write_locked(&lgt->lock)); - /* - * Must have the remote domain's grant table write lock while - * counting its active entries. - */ - ASSERT(percpu_rw_is_write_locked(&rd->grant_table->lock)); - - smp_rmb(); - - for ( handle = 0; !(kind & MAPKIND_WRITE) && handle < limit; handle++ ) - { - map = &maptrack_entry(lgt, handle); - if ( !(map->flags & (GNTMAP_device_map|GNTMAP_host_map)) || - map->domid != rd->domain_id ) - continue; - if ( mfn_eq(_active_entry(rd->grant_table, map->ref).mfn, mfn) ) - kind |= map->flags & GNTMAP_readonly ? - MAPKIND_READ : MAPKIND_WRITE; - } - - return kind; -} +union maptrack_node { + struct { + /* Radix tree slot pointers use two of the bits. */ +#ifdef __BIG_ENDIAN_BITFIELD + unsigned long : 2; +#endif + unsigned long rd : BITS_PER_LONG / 2 - 1; + unsigned long wr : BITS_PER_LONG / 2 - 1; + } cnt; + unsigned long raw; +}; static void map_grant_ref( @@ -961,7 +915,6 @@ map_grant_ref( struct grant_mapping *mt; grant_entry_header_t *shah; uint16_t *status; - bool_t need_iommu; led = current; ld = led->domain; @@ -1181,31 +1134,75 @@ map_grant_ref( * as mem-sharing and IOMMU use are incompatible). The dom_io case would * need checking separately if we compared against owner here. */ - need_iommu = ld != rd && gnttab_need_iommu_mapping(ld); - if ( need_iommu ) - { + if ( ld != rd && gnttab_need_iommu_mapping(ld) ) + { + union maptrack_node node = { + .cnt.rd = !!(op->flags & GNTMAP_readonly), + .cnt.wr = !(op->flags & GNTMAP_readonly), + }; + int err; + void **slot = NULL; unsigned int kind; - double_gt_lock(lgt, rgt); + grant_write_lock(lgt); + + err = radix_tree_insert(&lgt->maptrack_tree, mfn_x(mfn), + radix_tree_ulong_to_ptr(node.raw)); + if ( err == -EEXIST ) + { + slot = radix_tree_lookup_slot(&lgt->maptrack_tree, mfn_x(mfn)); + if ( likely(slot) ) + { + node.raw = radix_tree_ptr_to_ulong(*slot); + err = -EBUSY; + + /* Update node only when refcount doesn't overflow. */ + if ( op->flags & GNTMAP_readonly ? ++node.cnt.rd + : ++node.cnt.wr ) + { + radix_tree_replace_slot(slot, + radix_tree_ulong_to_ptr(node.raw)); + err = 0; + } + } + else + ASSERT_UNREACHABLE(); + } /* * We're not translated, so we know that dfns and mfns are * the same things, so the IOMMU entry is always 1-to-1. */ - kind = mapkind(lgt, rd, mfn); - if ( !(op->flags & GNTMAP_readonly) && - !(kind & MAPKIND_WRITE) ) + if ( !(op->flags & GNTMAP_readonly) && node.cnt.wr == 1 ) kind = IOMMUF_readable | IOMMUF_writable; - else if ( !kind ) + else if ( (op->flags & GNTMAP_readonly) && + node.cnt.rd == 1 && !node.cnt.wr ) kind = IOMMUF_readable; else kind = 0; - if ( kind && iommu_legacy_map(ld, _dfn(mfn_x(mfn)), mfn, 0, kind) ) + if ( err || + (kind && iommu_legacy_map(ld, _dfn(mfn_x(mfn)), mfn, 0, kind)) ) { - double_gt_unlock(lgt, rgt); + if ( !err ) + { + if ( slot ) + { + op->flags & GNTMAP_readonly ? node.cnt.rd-- + : node.cnt.wr--; + radix_tree_replace_slot(slot, + radix_tree_ulong_to_ptr(node.raw)); + } + else + radix_tree_delete(&lgt->maptrack_tree, mfn_x(mfn)); + } + rc = GNTST_general_error; - goto undo_out; } + + grant_write_unlock(lgt); + + if ( rc != GNTST_okay ) + goto undo_out; } TRACE_1D(TRC_MEM_PAGE_GRANT_MAP, op->dom); @@ -1213,10 +1210,6 @@ map_grant_ref( /* * All maptrack entry users check mt->flags first before using the * other fields so just ensure the flags field is stored last. - * - * However, if gnttab_need_iommu_mapping() then this would race - * with a concurrent mapkind() call (on an unmap, for example) - * and a lock is required. */ mt = &maptrack_entry(lgt, handle); mt->domid = op->dom; @@ -1224,9 +1217,6 @@ map_grant_ref( smp_wmb(); write_atomic(&mt->flags, op->flags); - if ( need_iommu ) - double_gt_unlock(lgt, rgt); - op->dev_bus_addr = mfn_to_maddr(mfn); op->handle = handle; op->status = GNTST_okay; @@ -1448,19 +1438,34 @@ unmap_common( /* See the respective comment in map_grant_ref(). */ if ( rc == GNTST_okay && ld != rd && gnttab_need_iommu_mapping(ld) ) { - unsigned int kind; + void **slot; + union maptrack_node node; int err = 0; - double_gt_lock(lgt, rgt); + grant_write_lock(lgt); + slot = radix_tree_lookup_slot(&lgt->maptrack_tree, mfn_x(op->mfn)); + node.raw = likely(slot) ? radix_tree_ptr_to_ulong(*slot) : 0; + + /* Refcount must not underflow. */ + if ( !(flags & GNTMAP_readonly ? node.cnt.rd-- + : node.cnt.wr--) ) + BUG(); - kind = mapkind(lgt, rd, op->mfn); - if ( !kind ) + if ( !node.raw ) err = iommu_legacy_unmap(ld, _dfn(mfn_x(op->mfn)), 0); - else if ( !(kind & MAPKIND_WRITE) ) + else if ( !(flags & GNTMAP_readonly) && !node.cnt.wr ) err = iommu_legacy_map(ld, _dfn(mfn_x(op->mfn)), op->mfn, 0, IOMMUF_readable); - double_gt_unlock(lgt, rgt); + if ( err ) + ; + else if ( !node.raw ) + radix_tree_delete(&lgt->maptrack_tree, mfn_x(op->mfn)); + else + radix_tree_replace_slot(slot, + radix_tree_ulong_to_ptr(node.raw)); + + grant_write_unlock(lgt); if ( err ) rc = GNTST_general_error; @@ -1918,6 +1923,8 @@ int grant_table_init(struct domain *d, int max_grant_frames, gt->maptrack = vzalloc(gt->max_maptrack_frames * sizeof(*gt->maptrack)); if ( gt->maptrack == NULL ) goto out; + + radix_tree_init(>->maptrack_tree); } /* Shared grant table. */ @@ -3701,6 +3708,7 @@ int gnttab_release_mappings(struct domain *d) for ( handle = gt->maptrack_limit; handle; ) { unsigned int clear_flags = 0; + mfn_t mfn; /* * Deal with full pages such that their freeing (in the body of the @@ -3806,17 +3814,31 @@ int gnttab_release_mappings(struct domain *d) if ( clear_flags ) gnttab_clear_flags(rd, clear_flags, status); + mfn = act->mfn; + active_entry_release(act); grant_read_unlock(rgt); rcu_unlock_domain(rd); map->flags = 0; + + /* + * This is excessive in that a single such call would suffice per + * mapped MFN (or none at all, if no entry was ever inserted). But it + * should be the common case for an MFN to be mapped just once, and + * this way we don't need to further maintain the counters. We also + * don't want to leave cleaning up of the tree as a whole to the end + * of the function, as this could take quite some time. + */ + radix_tree_delete(>->maptrack_tree, mfn_x(mfn)); } gt->maptrack_limit = 0; FREE_XENHEAP_PAGE(gt->maptrack[0]); + radix_tree_destroy(>->maptrack_tree, NULL); + return 0; } diff --git a/xen/include/xen/radix-tree.h b/xen/include/xen/radix-tree.h index ec40cf1d9e..58c40312e6 100644 --- a/xen/include/xen/radix-tree.h +++ b/xen/include/xen/radix-tree.h @@ -190,6 +190,25 @@ static inline int radix_tree_ptr_to_int(void *ptr) return (int)((long)ptr >> 2); } +/** + * radix_tree_{ulong_to_ptr,ptr_to_ulong}: + * + * Same for unsigned long values. Beware though that only BITS_PER_LONG-2 + * bits are actually usable for the value. + */ +static inline void *radix_tree_ulong_to_ptr(unsigned long val) +{ + unsigned long ptr = (val << 2) | 0x2; + ASSERT((ptr >> 2) == val); + return (void *)ptr; +} + +static inline unsigned long radix_tree_ptr_to_ulong(void *ptr) +{ + ASSERT(((unsigned long)ptr & 0x3) == 0x2); + return (unsigned long)ptr >> 2; +} + int radix_tree_insert(struct radix_tree_root *, unsigned long, void *); void *radix_tree_lookup(struct radix_tree_root *, unsigned long); void **radix_tree_lookup_slot(struct radix_tree_root *, unsigned long); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:36:14 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:36:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172348.314413 (Exim 4.92) (envelope-from ) id 1mIt4g-0003XF-Qz; Wed, 25 Aug 2021 13:36:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172348.314413; Wed, 25 Aug 2021 13:36:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt4g-0003X7-O6; Wed, 25 Aug 2021 13:36:14 +0000 Received: by outflank-mailman (input) for mailman id 172348; Wed, 25 Aug 2021 13:36:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt4f-0003Wx-Lk for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:36:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt4f-00060P-L2 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:36:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIt4f-0003Z1-KE for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:36:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/33UEiu5UbKxRrKOMz07IvWPt8cj97asNjICqKwmXEI=; b=iulP3joRNnMqFdFdtLu7j/+aZ8 R/HJQaqBJYCfIxWo3Qy83mJaI6l6f4G5sVZPP2ACoDpCs1KK1DpVwe6uWcVuVU67TZqI7ASrYWiBz 3XmJ3KXSMMzBy6ec9QOUSTtCiqMXlcGdDzHdbAVuUH1YNha303EXXnl8aJwybNZmsrNY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] gnttab: fix array capacity check in gnttab_get_status_frames() Message-Id: Date: Wed, 25 Aug 2021 13:36:13 +0000 commit 985b3e50cda925fb2755b49b3c4a1c7a339d8ae4 Author: Jan Beulich AuthorDate: Wed Aug 25 15:26:32 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:26:32 2021 +0200 gnttab: fix array capacity check in gnttab_get_status_frames() The number of grant frames is of no interest here; converting the passed in op.nr_frames this way means we allow for 8 times as many GFNs to be written as actually fit in the array. We would corrupt xlat areas of higher vCPU-s (after having faulted many times while trying to write to the guard pages between any two areas) for 32-bit PV guests. For HVM guests we'd simply crash as soon as we hit the first guard page, as accesses to the xlat area are simply memcpy() there. This is CVE-2021-28699 / XSA-382. Fixes: 18b1be5e324b ("gnttab: make resource limits per domain") Signed-off-by: Jan Beulich master commit: ec820035b875cdbedce5e73f481ce65963ede9ed master date: 2021-08-25 14:19:09 +0200 --- xen/common/grant_table.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index edc2c9f2b5..e1a67fc1c6 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -3250,12 +3250,11 @@ gnttab_get_status_frames(XEN_GUEST_HANDLE_PARAM(gnttab_get_status_frames_t) uop, goto unlock; } - if ( unlikely(limit_max < grant_to_status_frames(op.nr_frames)) ) + if ( unlikely(limit_max < op.nr_frames) ) { gdprintk(XENLOG_WARNING, - "grant_to_status_frames(%u) for d%d is too large (%u,%u)\n", - op.nr_frames, d->domain_id, - grant_to_status_frames(op.nr_frames), limit_max); + "nr_status_frames for %pd is too large (%u,%u)\n", + d, op.nr_frames, limit_max); op.status = GNTST_general_error; goto unlock; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:36:24 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:36:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172350.314427 (Exim 4.92) (envelope-from ) id 1mIt4q-0003rC-6E; Wed, 25 Aug 2021 13:36:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172350.314427; Wed, 25 Aug 2021 13:36:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt4q-0003r6-2w; Wed, 25 Aug 2021 13:36:24 +0000 Received: by outflank-mailman (input) for mailman id 172350; Wed, 25 Aug 2021 13:36:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt4p-0003qs-PB for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:36:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt4p-00060i-OW for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:36:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIt4p-0003am-Nf for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:36:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=QnON4a6FPSYFK0izTUVZ71/wg6IJxQd7zOi8vO28Nhs=; b=X62CYUMo9n+ro54NeZC+FuDwqU 3QixmQEO4eHIuCbbKSxqyRCohuBNdRof9NvLHZTqvG9wfCeS7D5fnja7boLvsT9EjXa8GFpi72Fg2 +OydBJo0YAgsf5yNchHzP3QO+yy7zabG8VQMXmKmXD0BP8x8/3SCJ4EUbW7AWFx+kd3U=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] xen/arm: Restrict the amount of memory that dom0less domU and dom0 can allocate Message-Id: Date: Wed, 25 Aug 2021 13:36:23 +0000 commit bdb84809402266816449120101fe14a0732d373c Author: Julien Grall AuthorDate: Wed Aug 25 15:26:54 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:26:54 2021 +0200 xen/arm: Restrict the amount of memory that dom0less domU and dom0 can allocate Currently, both dom0less domUs and dom0 can allocate an "unlimited" amount of memory because d->max_pages is set to ~0U. In particular, the former are meant to be unprivileged. Therefore the memory they could allocate should be bounded. As the domain are not yet officially aware of Xen (we don't expose advertise it in the DT, yet the hypercalls are accessible), they should not need to allocate more than the initial amount. So cap set d->max_pages directly the amount of memory we are meant to allocate. Take the opportunity to also restrict the memory for dom0 as the domain is direct mapped (e.g. MFN == GFN) and therefore cannot allocate outside of the pre-allocated region. This is CVE-2021-28700 / XSA-383. Reported-by: Julien Grall Signed-off-by: Julien Grall Reviewed-by: Stefano Stabellini Tested-by: Stefano Stabellini master commit: c08d68cd2aacbc7cb56e73ada241bfe4639bbc68 master date: 2021-08-25 14:19:31 +0200 --- xen/arch/arm/domain_build.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index 2b37ea019d..ce7f61e825 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -2433,7 +2433,8 @@ static int __init construct_domU(struct domain *d, if ( vcpu_create(d, 0) == NULL ) return -ENOMEM; - d->max_pages = ~0U; + + d->max_pages = ((paddr_t)mem * SZ_1K) >> PAGE_SHIFT; kinfo.d = d; @@ -2533,7 +2534,7 @@ int __init construct_dom0(struct domain *d) iommu_hwdom_init(d); - d->max_pages = ~0U; + d->max_pages = dom0_mem >> PAGE_SHIFT; kinfo.unassigned_mem = dom0_mem; kinfo.d = d; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:36:35 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:36:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172351.314432 (Exim 4.92) (envelope-from ) id 1mIt51-0003zH-82; Wed, 25 Aug 2021 13:36:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172351.314432; Wed, 25 Aug 2021 13:36:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt51-0003z8-4j; Wed, 25 Aug 2021 13:36:35 +0000 Received: by outflank-mailman (input) for mailman id 172351; Wed, 25 Aug 2021 13:36:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt4z-0003y8-Sp for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:36:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt4z-00060u-Ru for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:36:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIt4z-0003cP-RA for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:36:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=yFPaiHX7y2iH264WDkplQULIKsM9LiTifCD+1vtbXkU=; b=T5onrQu9e7njq9UQ2D25qAiVNk dXBqMtTMbBZyFyjzTgkuILOg8dGLCt/qyeTA45cIJrcYWC/vmN/qjdsbaeYQJ3VWgGrCksteZDxa2 01MQYIVHIIMtawkpWKdpJS1vQ9KEpPvgcAayNwWVnxwL5+TVpR1+ASPCv9xu4ppsKQAQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] x86/hvm: Propagate real error information up through hvm_load() Message-Id: Date: Wed, 25 Aug 2021 13:36:33 +0000 commit 331cfaeb7fc486ea4e03d7e7063648f41e59e949 Author: Andrew Cooper AuthorDate: Wed Aug 25 15:27:41 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:27:41 2021 +0200 x86/hvm: Propagate real error information up through hvm_load() hvm_load() is currently a mix of -errno and -1 style error handling, which aliases -EPERM. This leads to the following confusing diagnostics: From userspace: xc: info: Restoring domain xc: error: Unable to restore HVM context (1 = Operation not permitted): Internal error xc: error: Restore failed (1 = Operation not permitted): Internal error xc_domain_restore: [1] Restore failed (1 = Operation not permitted) From Xen: (XEN) HVM10.0 restore: inconsistent xsave state (feat=0x2ff accum=0x21f xcr0=0x7 bv=0x3 err=-22) (XEN) HVM10 restore: failed to load entry 16/0 The actual error was a bad backport, but the -EINVAL got converted to -EPERM on the way out of the hypercall. The overwhelming majority of *_load() handlers already use -errno consistenty. Fix up the rest to be consistent, and fix a few other errors noticed along the way. * Failures of hvm_load_entry() indicate a truncated record or other bad data size. Use -ENODATA. * Don't use {g,}dprintk(). Omitting diagnostics in release builds is rude, and almost everything uses unconditional printk()'s. * Switch some errors for more appropriate ones. Reported-by: Igor Druzhinin Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich master commit: 96e5ad4c476e70688295b3cfb537847a3351d6fd master date: 2021-07-19 14:34:38 +0100 --- xen/arch/x86/cpu/mcheck/vmce.c | 6 +++--- xen/arch/x86/emul-i8254.c | 9 +++++---- xen/arch/x86/hvm/irq.c | 6 +++--- xen/arch/x86/hvm/save.c | 25 ++++++++++++++----------- xen/arch/x86/hvm/vioapic.c | 5 ++++- xen/arch/x86/hvm/vpic.c | 2 +- 6 files changed, 30 insertions(+), 23 deletions(-) diff --git a/xen/arch/x86/cpu/mcheck/vmce.c b/xen/arch/x86/cpu/mcheck/vmce.c index 4f5de07e01..abf486067a 100644 --- a/xen/arch/x86/cpu/mcheck/vmce.c +++ b/xen/arch/x86/cpu/mcheck/vmce.c @@ -81,11 +81,11 @@ int vmce_restore_vcpu(struct vcpu *v, const struct hvm_vmce_vcpu *ctxt) if ( ctxt->caps & ~guest_mcg_cap & ~MCG_CAP_COUNT & ~MCG_CTL_P ) { - dprintk(XENLOG_G_ERR, "%s restore: unsupported MCA capabilities" - " %#" PRIx64 " for %pv (supported: %#Lx)\n", + printk(XENLOG_G_ERR + "%s restore: unsupported MCA capabilities %#"PRIx64" for %pv (supported: %#Lx)\n", is_hvm_vcpu(v) ? "HVM" : "PV", ctxt->caps, v, guest_mcg_cap & ~MCG_CAP_COUNT); - return -EPERM; + return -EINVAL; } v->arch.vmce.mcg_cap = ctxt->caps; diff --git a/xen/arch/x86/emul-i8254.c b/xen/arch/x86/emul-i8254.c index 73be4188ad..050c784702 100644 --- a/xen/arch/x86/emul-i8254.c +++ b/xen/arch/x86/emul-i8254.c @@ -412,7 +412,7 @@ static int pit_save(struct vcpu *v, hvm_domain_context_t *h) static int pit_load(struct domain *d, hvm_domain_context_t *h) { PITState *pit = domain_vpit(d); - int i; + int i, rc = 0; if ( !has_vpit(d) ) return -ENODEV; @@ -421,8 +421,8 @@ static int pit_load(struct domain *d, hvm_domain_context_t *h) if ( hvm_load_entry(PIT, h, &pit->hw) ) { - spin_unlock(&pit->lock); - return 1; + rc = -ENODATA; + goto out; } /* @@ -434,9 +434,10 @@ static int pit_load(struct domain *d, hvm_domain_context_t *h) for ( i = 0; i < 3; i++ ) pit_load_count(pit, i, pit->hw.channels[i].count); + out: spin_unlock(&pit->lock); - return 0; + return rc; } HVM_REGISTER_SAVE_RESTORE(PIT, pit_save, pit_load, 1, HVMSR_PER_DOM); diff --git a/xen/arch/x86/hvm/irq.c b/xen/arch/x86/hvm/irq.c index d2bfb6d05d..2ba0a5618f 100644 --- a/xen/arch/x86/hvm/irq.c +++ b/xen/arch/x86/hvm/irq.c @@ -772,9 +772,9 @@ static int irq_load_link(struct domain *d, hvm_domain_context_t *h) for ( link = 0; link < 4; link++ ) if ( hvm_irq->pci_link.route[link] > 15 ) { - gdprintk(XENLOG_ERR, - "HVM restore: PCI-ISA link %u out of range (%u)\n", - link, hvm_irq->pci_link.route[link]); + printk(XENLOG_G_ERR + "HVM restore: PCI-ISA link %u out of range (%u)\n", + link, hvm_irq->pci_link.route[link]); return -EINVAL; } diff --git a/xen/arch/x86/hvm/save.c b/xen/arch/x86/hvm/save.c index 0fc59d3487..73193cce99 100644 --- a/xen/arch/x86/hvm/save.c +++ b/xen/arch/x86/hvm/save.c @@ -50,14 +50,14 @@ int arch_hvm_load(struct domain *d, struct hvm_save_header *hdr) { printk(XENLOG_G_ERR "HVM%d restore: bad magic number %#"PRIx32"\n", d->domain_id, hdr->magic); - return -1; + return -EINVAL; } if ( hdr->version != HVM_FILE_VERSION ) { printk(XENLOG_G_ERR "HVM%d restore: unsupported version %u\n", d->domain_id, hdr->version); - return -1; + return -EINVAL; } cpuid(1, &eax, &ebx, &ecx, &edx); @@ -291,16 +291,18 @@ int hvm_load(struct domain *d, hvm_domain_context_t *h) struct hvm_save_descriptor *desc; hvm_load_handler handler; struct vcpu *v; + int rc; if ( d->is_dying ) return -EINVAL; /* Read the save header, which must be first */ if ( hvm_load_entry(HEADER, h, &hdr) != 0 ) - return -1; + return -ENODATA; - if ( arch_hvm_load(d, &hdr) ) - return -1; + rc = arch_hvm_load(d, &hdr); + if ( rc ) + return rc; /* Down all the vcpus: we only re-enable the ones that had state saved. */ for_each_vcpu(d, v) @@ -315,7 +317,7 @@ int hvm_load(struct domain *d, hvm_domain_context_t *h) printk(XENLOG_G_ERR "HVM%d restore: save did not end with a null entry\n", d->domain_id); - return -1; + return -ENODATA; } /* Read the typecode of the next entry and check for the end-marker */ @@ -329,17 +331,18 @@ int hvm_load(struct domain *d, hvm_domain_context_t *h) { printk(XENLOG_G_ERR "HVM%d restore: unknown entry typecode %u\n", d->domain_id, desc->typecode); - return -1; + return -EINVAL; } /* Load the entry */ printk(XENLOG_G_INFO "HVM%d restore: %s %"PRIu16"\n", d->domain_id, hvm_sr_handlers[desc->typecode].name, desc->instance); - if ( handler(d, h) != 0 ) + rc = handler(d, h); + if ( rc ) { - printk(XENLOG_G_ERR "HVM%d restore: failed to load entry %u/%u\n", - d->domain_id, desc->typecode, desc->instance); - return -1; + printk(XENLOG_G_ERR "HVM%d restore: failed to load entry %u/%u rc %d\n", + d->domain_id, desc->typecode, desc->instance, rc); + return rc; } } diff --git a/xen/arch/x86/hvm/vioapic.c b/xen/arch/x86/hvm/vioapic.c index 35717edf73..9360f333c9 100644 --- a/xen/arch/x86/hvm/vioapic.c +++ b/xen/arch/x86/hvm/vioapic.c @@ -619,7 +619,10 @@ static int ioapic_load(struct domain *d, hvm_domain_context_t *h) d->arch.hvm.nr_vioapics != 1 ) return -EOPNOTSUPP; - return hvm_load_entry(IOAPIC, h, &s->domU); + if ( hvm_load_entry(IOAPIC, h, &s->domU) ) + return -ENODATA; + + return 0; } HVM_REGISTER_SAVE_RESTORE(IOAPIC, ioapic_save, ioapic_load, 1, HVMSR_PER_DOM); diff --git a/xen/arch/x86/hvm/vpic.c b/xen/arch/x86/hvm/vpic.c index 9ec4652222..6ad2f85578 100644 --- a/xen/arch/x86/hvm/vpic.c +++ b/xen/arch/x86/hvm/vpic.c @@ -401,7 +401,7 @@ static int vpic_load(struct domain *d, hvm_domain_context_t *h) /* Which PIC is this? */ if ( inst > 1 ) - return -EINVAL; + return -ENOENT; s = &d->arch.hvm.vpic[inst]; /* Load the state */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:36:45 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:36:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172353.314436 (Exim 4.92) (envelope-from ) id 1mIt5B-00048u-9F; Wed, 25 Aug 2021 13:36:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172353.314436; Wed, 25 Aug 2021 13:36:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt5B-00048m-6G; Wed, 25 Aug 2021 13:36:45 +0000 Received: by outflank-mailman (input) for mailman id 172353; Wed, 25 Aug 2021 13:36:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt59-00048U-Vz for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:36:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt59-000615-VJ for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:36:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIt59-0003e0-UT for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:36:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=DGSmHe/9J6W1wXDbAsIDvEo6va4uDFSjCeaHOD+Aqmo=; b=VVGHXyG58nYOC9jNsO4qq5/sWZ RdJkS9TMxVNyqUNn0noIoEDno+ie2W6sKjz71bhFE+Qq+VwLX+p4ajsr81kogj7aMWIAynJOFb853 wlAEHikea+fpqKfb03Wa+C0ik7gUHvbezHq7rhWHkmRZOLzbqkGS+q+ISv+PZAr3gNvs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] xen/lib: Fix strcmp() and strncmp() Message-Id: Date: Wed, 25 Aug 2021 13:36:43 +0000 commit 9d53da2e640f37d76f56287997065070059a6ae6 Author: Jane Malalane AuthorDate: Wed Aug 25 15:27:58 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:27:58 2021 +0200 xen/lib: Fix strcmp() and strncmp() The C standard requires that each character be compared as unsigned char. Xen's current behaviour compares as signed char, which changes the answer when chars with a value greater than 0x7f are used. Suggested-by: Andrew Cooper Signed-off-by: Jane Malalane Reviewed-by: Ian Jackson master commit: 3747a2bb67daa5a8baeff6cda57dc98a5ef79c3e master date: 2021-07-30 10:52:46 +0100 --- xen/common/string.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/xen/common/string.c b/xen/common/string.c index af3d96ad0f..43624b1b45 100644 --- a/xen/common/string.c +++ b/xen/common/string.c @@ -119,14 +119,16 @@ EXPORT_SYMBOL(strlcat); */ int (strcmp)(const char *cs, const char *ct) { - register signed char __res; + unsigned char *csu = (unsigned char *)cs; + unsigned char *ctu = (unsigned char *)ct; + int res; while (1) { - if ((__res = *cs - *ct++) != 0 || !*cs++) + if ((res = *csu - *ctu++) != 0 || !*csu++) break; } - return __res; + return res; } #endif @@ -139,15 +141,17 @@ int (strcmp)(const char *cs, const char *ct) */ int (strncmp)(const char *cs, const char *ct, size_t count) { - register signed char __res = 0; + unsigned char *csu = (unsigned char *)cs; + unsigned char *ctu = (unsigned char *)ct; + int res = 0; while (count) { - if ((__res = *cs - *ct++) != 0 || !*cs++) + if ((res = *csu - *ctu++) != 0 || !*csu++) break; count--; } - return __res; + return res; } #endif -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:36:55 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:36:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172356.314440 (Exim 4.92) (envelope-from ) id 1mIt5L-0004FL-An; Wed, 25 Aug 2021 13:36:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172356.314440; Wed, 25 Aug 2021 13:36:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt5L-0004FE-7q; Wed, 25 Aug 2021 13:36:55 +0000 Received: by outflank-mailman (input) for mailman id 172356; Wed, 25 Aug 2021 13:36:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt5K-0004Et-3G for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:36:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt5K-00061G-2Y for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:36:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIt5K-0003fJ-1n for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:36:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xO28onMgSdJLLW9sQ0hYmdF0LsHQj+yEtoNdCbb0jsw=; b=i10FA3ALTVKGzkqy7SLEQ4iAI1 Sahe+iu3czu1yhV729upag+XhZ2oZVw/B74+91WQaGeQSQJ22mQ4kb9zuSZ6bxoIHK95sXjXyfxVN l82VDdKJhPAhak/oG1gduu8K4/syYrxu0Q+hVELLKEdEftOHlgYzA+M8+G+RZ0b+HwLQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] credit2: avoid picking a spurious idle unit when caps are used Message-Id: Date: Wed, 25 Aug 2021 13:36:54 +0000 commit dd9785568f2ab5acef988d155dcb8fea3c8a5a2f Author: Dario Faggioli AuthorDate: Wed Aug 25 15:28:13 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:28:13 2021 +0200 credit2: avoid picking a spurious idle unit when caps are used Commit 07b0eb5d0ef0 ("credit2: make sure we pick a runnable unit from the runq if there is one") did not fix completely the problem of potentially selecting a scheduling unit that will then not be able to run. In fact, in case caps are used and the unit we are currently looking at, during the runqueue scan, does not have enough budget for being run, we should continue looking instead than giving up and picking the idle unit. Suggested-by: George Dunlap Signed-off-by: Dario Faggioli Reviewed-by: Jan Beulich master commit: 0f742839ae57e10687e7a573070c37430f31068c master date: 2021-08-10 09:29:10 +0200 --- xen/common/sched_credit2.c | 32 +++++++++++++++++++++++++------- 1 file changed, 25 insertions(+), 7 deletions(-) diff --git a/xen/common/sched_credit2.c b/xen/common/sched_credit2.c index 8ba741e379..0aef547aec 100644 --- a/xen/common/sched_credit2.c +++ b/xen/common/sched_credit2.c @@ -3368,6 +3368,15 @@ runq_candidate(struct csched2_runqueue_data *rqd, (unsigned char *)&d); } + /* + * If the unit in the runqueue has more credits than current (or than + * idle, if current is not runnable) or if current is yielding, we may + * want to pick it up. Otherwise, there's no need to keep scanning the + * runqueue any further. + */ + if ( !yield && svc->credit <= snext->credit ) + break; + /* Skip non runnable units that we (temporarily) have in the runq */ if ( unlikely(!unit_runnable_state(svc->unit)) ) continue; @@ -3399,16 +3408,25 @@ runq_candidate(struct csched2_runqueue_data *rqd, } /* - * If the one in the runqueue has more credit than current (or idle, - * if current is not runnable), or if current is yielding, and also - * if the one in runqueue either is not capped, or is capped but has - * some budget, then choose it. + * If we are here, we are almost sure we want to pick the unit in + * the runqueue. Last thing we need to check is that it either is + * not capped or, if it is, it has some budget. + * + * Note that budget availability must be the very last check that + * we do in this loop, due to the side effects that unit_grab_budget() + * causes. + * + * In fact, if there is budget available in the unit's domain's + * budget pool, the function will pick some for running this unit. + * And we clearly want to do that only if we're otherwise sure that + * the unit will actually run, consume it, and return the leftover + * (if any) in the usual way. */ - if ( (yield || svc->credit > snext->credit) && - (!has_cap(svc) || unit_grab_budget(svc)) ) - snext = svc; + if ( has_cap(svc) && !unit_grab_budget(svc) ) + continue; /* In any case, if we got this far, break. */ + snext = svc; break; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:37:05 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:37:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172359.314444 (Exim 4.92) (envelope-from ) id 1mIt5V-0004Jq-CS; Wed, 25 Aug 2021 13:37:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172359.314444; Wed, 25 Aug 2021 13:37:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt5V-0004Ji-9f; Wed, 25 Aug 2021 13:37:05 +0000 Received: by outflank-mailman (input) for mailman id 172359; Wed, 25 Aug 2021 13:37:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt5U-0004Jc-70 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:37:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt5U-00061g-6G for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:37:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIt5U-0003h3-5N for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:37:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OJxVwogcDza4bynsQPlF3oyT/nj7AhYH6QGuImjuS1Q=; b=lQmES/ThVQvcT9RhVLRyJ5v/U4 7Aia3WpRpfb25Nq47LM/Fe5KNXSRpuTZNPSzWG/DuXkSechhcRXsgtTYwtTh1yDFfIbq+S7ybWznv XRgRtXb5/8LMxn3aPUM50doN+bHRbtz++hLR5SLNqbjzt5Hxjb3eTqkdqJ+S5dYTWCcE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] VT-d: Tylersburg errata apply to further steppings Message-Id: Date: Wed, 25 Aug 2021 13:37:04 +0000 commit d1e19217362762b2c4a6d22a08bb22f90ddc9a82 Author: Jan Beulich AuthorDate: Wed Aug 25 15:28:33 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:28:33 2021 +0200 VT-d: Tylersburg errata apply to further steppings While for 5500 and 5520 chipsets only B3 and C2 are mentioned in the spec update, X58's also mentions B2, and searching the internet suggests systems with this stepping are actually in use. Even worse, for X58 erratum #69 is marked applicable even to C2. Split the check to cover all applicable steppings and to also report applicable errata numbers in the log message. The splitting requires using the DMI port instead of the System Management Registers device, but that's then in line (also revision checking wise) with the spec updates. Fixes: 6890cebc6a98 ("VT-d: deal with 5500/5520/X58 errata") Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian master commit: 517a90d1ca09ce00e50d46ac25566cc3bd2eb34d master date: 2021-08-18 09:44:14 +0200 --- xen/drivers/passthrough/vtd/quirks.c | 34 +++++++++++++++++++++++++--------- 1 file changed, 25 insertions(+), 9 deletions(-) diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c index 4dadd9523f..435e449ca3 100644 --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -267,26 +267,42 @@ static int __init parse_snb_timeout(const char *s) } custom_param("snb_igd_quirk", parse_snb_timeout); -/* 5500/5520/X58 Chipset Interrupt remapping errata, for stepping B-3. - * Fixed in stepping C-2. */ +/* + * 5500/5520/X58 chipset interrupt remapping errata, for steppings B2 and B3. + * Fixed in stepping C2 except on X58. + */ static void __init tylersburg_intremap_quirk(void) { - uint32_t bus, device; + unsigned int bus; uint8_t rev; for ( bus = 0; bus < 0x100; bus++ ) { - /* Match on System Management Registers on Device 20 Function 0 */ - device = pci_conf_read32(PCI_SBDF(0, bus, 20, 0), PCI_VENDOR_ID); - rev = pci_conf_read8(PCI_SBDF(0, bus, 20, 0), PCI_REVISION_ID); + /* Match on DMI port (Device 0 Function 0) */ + rev = pci_conf_read8(PCI_SBDF(0, bus, 0, 0), PCI_REVISION_ID); - if ( rev == 0x13 && device == 0x342e8086 ) + switch ( pci_conf_read32(PCI_SBDF(0, bus, 0, 0), PCI_VENDOR_ID) ) { + default: + continue; + + case 0x34038086: case 0x34068086: + if ( rev >= 0x22 ) + continue; + printk(XENLOG_WARNING VTDPREFIX + "Disabling IOMMU due to Intel 5500/5520 chipset errata #47 and #53\n"); + iommu_enable = false; + break; + + case 0x34058086: printk(XENLOG_WARNING VTDPREFIX - "Disabling IOMMU due to Intel 5500/5520/X58 Chipset errata #47, #53\n"); - iommu_enable = 0; + "Disabling IOMMU due to Intel X58 chipset %s\n", + rev < 0x22 ? "errata #62 and #69" : "erratum #69"); + iommu_enable = false; break; } + + break; } } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:37:15 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:37:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172360.314448 (Exim 4.92) (envelope-from ) id 1mIt5f-0004PU-Fh; Wed, 25 Aug 2021 13:37:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172360.314448; Wed, 25 Aug 2021 13:37:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt5f-0004PM-Ce; Wed, 25 Aug 2021 13:37:15 +0000 Received: by outflank-mailman (input) for mailman id 172360; Wed, 25 Aug 2021 13:37:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt5e-0004Ox-DJ for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:37:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt5e-000629-Cf for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:37:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIt5e-0003iq-Aq for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:37:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Das4V0qVKMcRtMMs5n0gI2hoGcciGDLEbZlzkiw5OLY=; b=K1WOW0Ee3TEFdObyUKWjoWnh8e 6dyJe544cXnwsIFT9w/Z4gdKsbJTxTqafdJkkczYaa4T8ze+/krJARyvLZ+Sh1B9Ehvr6meKnU++l R8JzSlzuY2nU3cds21fiwqlIl/7iiJSizHXLJrezoNjD/zSSvmBM2P9EzNbbnG8vn2sU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] xen/sched: fix get_cpu_idle_time() for smt=0 suspend/resume Message-Id: Date: Wed, 25 Aug 2021 13:37:14 +0000 commit 6dda306223a2dd86ec2847d87a4a2ef8170d5fe0 Author: Juergen Gross AuthorDate: Wed Aug 25 15:28:49 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:28:49 2021 +0200 xen/sched: fix get_cpu_idle_time() for smt=0 suspend/resume With smt=0 during a suspend/resume cycle of the machine the threads which have been parked before will briefly come up again. This can result in problems e.g. with cpufreq driver being active as this will call into get_cpu_idle_time() for a cpu without initialized scheduler data. Fix that by letting get_cpu_idle_time() deal with this case. Drop a redundant check in exchange. Fixes: 132cbe8f35632fb2 ("sched: fix get_cpu_idle_time() with core scheduling") Reported-by: Marek Marczykowski-Górecki Signed-off-by: Juergen Gross Tested-by: Marek Marczykowski-Górecki Reviewed-by: Jan Beulich Acked-by: Dario Faggioli master commit: 5293470a77ad980dce2af9b7e6c3f11eeebf1b64 master date: 2021-08-19 13:38:31 +0200 --- xen/common/schedule.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/common/schedule.c b/xen/common/schedule.c index a698a13698..8ccdb2c4d8 100644 --- a/xen/common/schedule.c +++ b/xen/common/schedule.c @@ -334,7 +334,7 @@ uint64_t get_cpu_idle_time(unsigned int cpu) struct vcpu_runstate_info state = { 0 }; struct vcpu *v = idle_vcpu[cpu]; - if ( cpu_online(cpu) && v ) + if ( cpu_online(cpu) && get_sched_res(cpu) ) vcpu_runstate_get(v, &state); return state.time[RUNSTATE_running]; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:37:25 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:37:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172361.314452 (Exim 4.92) (envelope-from ) id 1mIt5p-0004TO-H8; Wed, 25 Aug 2021 13:37:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172361.314452; Wed, 25 Aug 2021 13:37:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt5p-0004TG-EL; Wed, 25 Aug 2021 13:37:25 +0000 Received: by outflank-mailman (input) for mailman id 172361; Wed, 25 Aug 2021 13:37:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt5o-0004T4-Gj for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:37:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt5o-00062K-G3 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:37:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIt5o-0003kK-FF for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:37:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/uUwDhxDA2rGvzPgmHcIII+g84yrvlbbLyuNn5ayjHg=; b=6w6El+H7Jgr2AToKqgDk83bSym P94IXXidkwDQd/uU6ulxnKyVQFTg4hFyR84N+nGK3aUPWkrigjyP/u0q642z0bkBrnEMu5L+5ZaTe ReVfsvi5KS2dm52gDnbieDCsDfxMquH/yMI/fNp+eHVlwE4SFlkYU6pYA8IUgxzXgDbQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] AMD/IOMMU: don't leave page table mapped when unmapping ... Message-Id: Date: Wed, 25 Aug 2021 13:37:24 +0000 commit 523f3ca8721e0bd683474c3b3995f0642b453162 Author: Jan Beulich AuthorDate: Wed Aug 25 15:29:07 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:29:07 2021 +0200 AMD/IOMMU: don't leave page table mapped when unmapping ... ... an already not mapped page. With all other exit paths doing the unmap, I have no idea how I managed to miss that aspect at the time. Fixes: ad591454f069 ("AMD/IOMMU: don't needlessly trigger errors/crashes when unmapping a page") Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: 3cfec6a6aa7a7bf68f8e19e21f450c2febe9acb4 master date: 2021-08-20 12:30:35 +0200 --- xen/drivers/passthrough/amd/iommu_map.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 927d6224a9..ac30cac05b 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -266,7 +266,10 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, else if ( !pde->pr ) { if ( !map ) + { + unmap_domain_page(next_table_vaddr); return 0; + } if ( next_table_mfn == 0 ) { -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:37:35 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:37:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172363.314456 (Exim 4.92) (envelope-from ) id 1mIt5z-0004WY-JR; Wed, 25 Aug 2021 13:37:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172363.314456; Wed, 25 Aug 2021 13:37:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt5z-0004WQ-Fv; Wed, 25 Aug 2021 13:37:35 +0000 Received: by outflank-mailman (input) for mailman id 172363; Wed, 25 Aug 2021 13:37:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt5y-0004WF-Qj for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:37:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt5y-00062Y-Q5 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:37:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIt5y-0003lw-PN for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:37:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=aWpCqwhxFYbiHSBclrKPtgpdYb+AWeoGwg/Wcw8LYHw=; b=Gn/35xc4gXvUowSIWWpKjDfr0g 9QKwE0bRWC8/35MyLdJ9YTj2aNppJe9NxsVA9GfIyihWCKT8cdheqclobYTgpAO8ZGnBTKpc0rgXW afcqugaHKLMWFXYxhXFZpagt6LKHKadcYIYJEXjwPfbPx4Wo667tET/icsgQ//BtMAyA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] tools/firmware/ovmf: Use OvmfXen platform file is exist Message-Id: Date: Wed, 25 Aug 2021 13:37:34 +0000 commit b335a5314f251c570f991376a1500737d3e02bb8 Author: Anthony PERARD AuthorDate: Tue Jun 1 11:28:03 2021 +0100 Commit: Ian Jackson CommitDate: Wed Aug 25 13:19:58 2021 +0100 tools/firmware/ovmf: Use OvmfXen platform file is exist A platform introduced in EDK II named OvmfXen is now the one to use for Xen instead of OvmfX64. It comes with PVH support. Also, the Xen support in OvmfX64 is deprecated, "deprecation notice: *dynamic* multi-VMM (QEMU vs. Xen) support in OvmfPkg" https://edk2.groups.io/g/devel/message/75498 Signed-off-by: Anthony PERARD Acked-by: Ian Jackson (cherry picked from commit aad7b5c11d51d57659978e04702ac970906894e8) (cherry picked from commit 7988ef515a5eabe74bb5468c8c692e03ee9db8bc) (cherry picked from commit 0aabe44d9c454c265b2bfc1030d58bd8f9ca8c94) --- tools/firmware/ovmf-makefile | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/tools/firmware/ovmf-makefile b/tools/firmware/ovmf-makefile index 55f9992145..637ee509c3 100644 --- a/tools/firmware/ovmf-makefile +++ b/tools/firmware/ovmf-makefile @@ -17,8 +17,14 @@ all: build .PHONY: build build: if test -e .git ; then $(GIT) submodule update --init --recursive ; fi - OvmfPkg/build.sh -a X64 -b $(TARGET) -n 4 - cp Build/OvmfX64/$(TARGET)_GCC*/FV/OVMF.fd ovmf.bin + set -ex; \ + if test -e OvmfPkg/OvmfXen.dsc; then \ + OvmfPkg/build.sh -a X64 -b $(TARGET) -n 4 -p OvmfPkg/OvmfXen.dsc; \ + cp Build/OvmfXen/$(TARGET)_GCC*/FV/OVMF.fd ovmf.bin; \ + else \ + OvmfPkg/build.sh -a X64 -b $(TARGET) -n 4; \ + cp Build/OvmfX64/$(TARGET)_GCC*/FV/OVMF.fd ovmf.bin; \ + fi .PHONY: clean clean: -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:37:45 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:37:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172364.314459 (Exim 4.92) (envelope-from ) id 1mIt69-0004Zw-KU; Wed, 25 Aug 2021 13:37:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172364.314459; Wed, 25 Aug 2021 13:37:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt69-0004Zo-HS; Wed, 25 Aug 2021 13:37:45 +0000 Received: by outflank-mailman (input) for mailman id 172364; Wed, 25 Aug 2021 13:37:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt68-0004Ze-UJ for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:37:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIt68-00062p-Tf for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:37:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIt68-0003ni-Sm for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:37:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=k50HhcKgWMVKRWCLEjV8LPo0UTcitHnk4RaJHTIGVtc=; b=URYw5zd+41J9gqnPXcrPLoioqy gfQHpMcbsXL7PXFIyMBIksD1YYhESW93QzXdifdxZSSgDC/PkBazgamSVvHO6ccFqgt3uF71ZA1Yp OS0YC62s/T68vGaB9RSsnGGabhK/aWVMX69r+h4eloN9vZpLRVym0L99PhedoP667q7w=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] Merge branch 'staging-4.13' of xenbits.xen.org:/home/xen/git/xen into staging-4.13 Message-Id: Date: Wed, 25 Aug 2021 13:37:44 +0000 commit dd29f4f4961d5c99660874c7ff090bd3c2ef6e5b Merge: 523f3ca8721e0bd683474c3b3995f0642b453162 b335a5314f251c570f991376a1500737d3e02bb8 Author: Jan Beulich AuthorDate: Wed Aug 25 15:30:25 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:30:25 2021 +0200 Merge branch 'staging-4.13' of xenbits.xen.org:/home/xen/git/xen into staging-4.13 tools/firmware/ovmf-makefile | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:55:09 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:55:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172385.314506 (Exim 4.92) (envelope-from ) id 1mItMw-0008Vp-SX; Wed, 25 Aug 2021 13:55:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172385.314506; Wed, 25 Aug 2021 13:55:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItMw-0008Vf-PK; Wed, 25 Aug 2021 13:55:06 +0000 Received: by outflank-mailman (input) for mailman id 172385; Wed, 25 Aug 2021 13:55:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItMv-0008VZ-Lq for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:55:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItMv-0006QS-K5 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:55:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mItMv-0006Hc-Ii for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:55:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=G9uZU2X3awdhfjP5nSuOjDlDgd1R7y6u57TNigBQ7JQ=; b=BOsh+4pQ+wIEF6yEVYLj/SnXsq UlZUttXMOrsKccK6ad+VxrcZ2HFaS1FMFGe8tXi6lOLlvp3gPsTjAbmwhQVooIlkA5t0+vSYExAGc APJEnqLG7psY9fHEOt+7r/hQPiAtIyXUAljaqdfwIv+Y2RrEM11TjpAc4uUp5AfGY3hA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.12] x86: make hypervisor build with gcc11 Message-Id: Date: Wed, 25 Aug 2021 13:55:05 +0000 commit bd52c7e902f4ae20386d6b02c7394ca49d601571 Author: Jan Beulich AuthorDate: Wed Aug 25 15:43:57 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:43:57 2021 +0200 x86: make hypervisor build with gcc11 Gcc 11 looks to make incorrect assumptions about valid ranges that pointers may be used for addressing when they are derived from e.g. a plain constant. See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100680. Utilize RELOC_HIDE() to work around the issue, which for x86 manifests in at least - mpparse.c:efi_check_config(), - tboot.c:tboot_probe(), - tboot.c:tboot_gen_frametable_integrity(), - x86_emulate.c:x86_emulate() (at -O2 only). The last case is particularly odd not just because it only triggers at higher optimization levels, but also because it only affects one of at least three similar constructs. Various "note" diagnostics claim the valid index range to be [0, 2⁶³-1]. Signed-off-by: Jan Beulich Tested-by: Jason Andryuk Acked-by: Roger Pau Monné master commit: 722f59d38c710a940ab05e542a83020eb5546dea master date: 2021-05-27 14:40:29 +0200 --- tools/tests/x86_emulator/x86-emulate.c | 7 +++++++ xen/arch/x86/x86_emulate/x86_emulate.c | 2 +- xen/include/asm-x86/fixmap.h | 2 +- xen/include/xen/compiler.h | 6 ++++++ xen/include/xen/pdx.h | 2 +- 5 files changed, 16 insertions(+), 3 deletions(-) diff --git a/tools/tests/x86_emulator/x86-emulate.c b/tools/tests/x86_emulator/x86-emulate.c index 8132fe7a7c..dc098c9e06 100644 --- a/tools/tests/x86_emulator/x86-emulate.c +++ b/tools/tests/x86_emulator/x86-emulate.c @@ -2,6 +2,13 @@ #include +/* See gcc bug 100680, but here don't bother making this version dependent. */ +#define gcc11_wrap(x) ({ \ + unsigned long x_; \ + __asm__ ( "" : "=g" (x_) : "0" (x) ); \ + (typeof(x))x_; \ +}) + #define cpu_has_amd_erratum(nr) 0 #define cpu_has_mpx false #define read_bndcfgu() 0 diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c index c7c55fa572..88456bec9e 100644 --- a/xen/arch/x86/x86_emulate/x86_emulate.c +++ b/xen/arch/x86/x86_emulate/x86_emulate.c @@ -644,7 +644,7 @@ union vex { #define copy_VEX(ptr, vex) ({ \ if ( !mode_64bit() ) \ (vex).reg |= 8; \ - (ptr)[0 - PFX_BYTES] = ext < ext_8f08 ? 0xc4 : 0x8f; \ + gcc11_wrap(ptr)[0 - PFX_BYTES] = ext < ext_8f08 ? 0xc4 : 0x8f; \ (ptr)[1 - PFX_BYTES] = (vex).raw[0]; \ (ptr)[2 - PFX_BYTES] = (vex).raw[1]; \ container_of((ptr) + 1 - PFX_BYTES, typeof(vex), raw[0]); \ diff --git a/xen/include/asm-x86/fixmap.h b/xen/include/asm-x86/fixmap.h index 16ccaa2c77..d460b71f4f 100644 --- a/xen/include/asm-x86/fixmap.h +++ b/xen/include/asm-x86/fixmap.h @@ -80,7 +80,7 @@ extern void __set_fixmap( #define clear_fixmap(idx) __set_fixmap(idx, 0, 0) -#define __fix_to_virt(x) (FIXADDR_TOP - ((x) << PAGE_SHIFT)) +#define __fix_to_virt(x) gcc11_wrap(FIXADDR_TOP - ((x) << PAGE_SHIFT)) #define __virt_to_fix(x) ((FIXADDR_TOP - ((x)&PAGE_MASK)) >> PAGE_SHIFT) #define fix_to_virt(x) ((void *)__fix_to_virt(x)) diff --git a/xen/include/xen/compiler.h b/xen/include/xen/compiler.h index ff6c0f5cdd..b1c0374dfe 100644 --- a/xen/include/xen/compiler.h +++ b/xen/include/xen/compiler.h @@ -99,6 +99,12 @@ __asm__ ("" : "=r"(__ptr) : "0"(ptr)); \ (typeof(ptr)) (__ptr + (off)); }) +#if __GNUC__ >= 11 /* See gcc bug 100680. */ +# define gcc11_wrap(x) RELOC_HIDE(x, 0) +#else +# define gcc11_wrap(x) (x) +#endif + #ifdef __GCC_ASM_FLAG_OUTPUTS__ # define ASM_FLAG_OUT(yes, no) yes #else diff --git a/xen/include/xen/pdx.h b/xen/include/xen/pdx.h index a151aac1a2..5ed51b5edb 100644 --- a/xen/include/xen/pdx.h +++ b/xen/include/xen/pdx.h @@ -19,7 +19,7 @@ extern u64 pdx_region_mask(u64 base, u64 len); extern void set_pdx_range(unsigned long smfn, unsigned long emfn); #define page_to_pdx(pg) ((pg) - frame_table) -#define pdx_to_page(pdx) (frame_table + (pdx)) +#define pdx_to_page(pdx) gcc11_wrap(frame_table + (pdx)) bool __mfn_valid(unsigned long mfn); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.12 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:55:17 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:55:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172386.314510 (Exim 4.92) (envelope-from ) id 1mItN6-00006I-Tu; Wed, 25 Aug 2021 13:55:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172386.314510; Wed, 25 Aug 2021 13:55:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItN6-00006A-Qu; Wed, 25 Aug 2021 13:55:16 +0000 Received: by outflank-mailman (input) for mailman id 172386; Wed, 25 Aug 2021 13:55:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItN5-000060-Ox for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:55:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItN5-0006Qw-O8 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:55:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mItN5-0006J4-Mt for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:55:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=MVh+tU36EkJICpuAI5HUmLEoIGR4y96uFSOOnHaJrd4=; b=ajKFESFqbKj1K8ictngVxLYUaQ 3fbVyd2R2Q7PHa3D8BIgg6VrFLbIsCso4tjJTD6Aq2b7em40pXG5P2ANExADFBCSPaXd+QOS+M9kF DFBzE01ID/tXKybImPnlTPgAx0swAkDCT27s+CMZLNr3VhBmkv4B1W1FeywskNQZwEuI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.12] x86: work around build issue with GNU ld 2.37 Message-Id: Date: Wed, 25 Aug 2021 13:55:15 +0000 commit 0475382080896460f10a12c72a20369bda1f6728 Author: Jan Beulich AuthorDate: Wed Aug 25 15:44:47 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:44:47 2021 +0200 x86: work around build issue with GNU ld 2.37 I suspect it is commit 40726f16a8d7 ("ld script expression parsing") which broke the hypervisor build, by no longer accepting section names with a dash in them inside ADDR() (and perhaps other script directives expecting just a section name, not an expression): .note.gnu.build-id is such a section. Quoting all section names passed to ADDR() via DECL_SECTION() works around the regression. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: 58ad654ebce7ccb272a3f4f3482c03aaad850d31 master date: 2021-07-27 15:03:29 +0100 --- xen/arch/x86/xen.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index 771f474665..3a63f1a9e2 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -21,7 +21,7 @@ ENTRY(efi_start) #define FORMAT "elf64-x86-64" #define SECTION_ALIGN PAGE_SIZE -#define DECL_SECTION(x) x : AT(ADDR(x) - __XEN_VIRT_START) +#define DECL_SECTION(x) x : AT(ADDR(#x) - __XEN_VIRT_START) ENTRY(start_pa) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.12 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:55:27 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:55:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172387.314515 (Exim 4.92) (envelope-from ) id 1mItNG-00009u-WA; Wed, 25 Aug 2021 13:55:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172387.314515; Wed, 25 Aug 2021 13:55:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItNG-00009i-SV; Wed, 25 Aug 2021 13:55:26 +0000 Received: by outflank-mailman (input) for mailman id 172387; Wed, 25 Aug 2021 13:55:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItNF-00009W-Sl for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:55:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItNF-0006R7-Ry for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:55:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mItNF-0006K9-Qz for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:55:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=nhpAqEAQaLXz3yIOjYWp9VXMOzMCdk4NSaX1mmmL40c=; b=WudUp4f/Y81LO3rO8hKkVa9QH6 jRRzvSlctwP7ayCRLiAhfXlH5rYjEFe0Vv3PEkNF6YIctEP9Ul3qGI1yneU5xt0r03lG2nwSX30U/ A4TNvlgK/kGI4cK+yXWGGCz4aeTvVL5nIqr0zt2Kam1j3h3Dh8zKKk96X6pZwTYGAZFo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.12] x86/p2m: fix PoD accounting in guest_physmap_add_entry() Message-Id: Date: Wed, 25 Aug 2021 13:55:25 +0000 commit 2f4cfe5a234b4f788aad93e08b9994c87d09343e Author: Jan Beulich AuthorDate: Wed Aug 25 15:45:21 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:45:21 2021 +0200 x86/p2m: fix PoD accounting in guest_physmap_add_entry() The initial observation was that the mfn_valid() check comes too late: Neither mfn_add() nor mfn_to_page() (let alone de-referencing the result of the latter) are valid for MFNs failing this check. Move it up and - noticing that there's no caller doing so - also add an assertion that this should never produce "false" here. In turn this would have meant that the "else" to that if() could now go away, which didn't seem right at all. And indeed, considering callers like memory_exchange() or various grant table functions, the PoD accounting should have been outside of that if() from the very beginning. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: aea270e3f7c0db696c88a0e94b1ece7abd339c84 master date: 2020-02-21 17:14:38 +0100 --- xen/arch/x86/mm/p2m.c | 36 ++++++++++++++---------------------- 1 file changed, 14 insertions(+), 22 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 25ce19f20b..eb5e340577 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -864,6 +864,12 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, if ( p2m_is_foreign(t) ) return -EINVAL; + if ( !mfn_valid(mfn) ) + { + ASSERT_UNREACHABLE(); + return -EINVAL; + } + p2m_lock(p2m); P2M_DEBUG("adding gfn=%#lx mfn=%#lx\n", gfn_x(gfn), mfn_x(mfn)); @@ -963,12 +969,15 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, } /* Now, actually do the two-way mapping */ - if ( mfn_valid(mfn) ) + rc = p2m_set_entry(p2m, gfn, mfn, page_order, t, p2m->default_access); + if ( rc == 0 ) { - rc = p2m_set_entry(p2m, gfn, mfn, page_order, t, - p2m->default_access); - if ( rc ) - goto out; /* Failed to update p2m, bail without updating m2p. */ +#ifdef CONFIG_HVM + pod_lock(p2m); + p2m->pod.entry_count -= pod_count; + BUG_ON(p2m->pod.entry_count < 0); + pod_unlock(p2m); +#endif if ( !p2m_is_grant(t) ) { @@ -977,24 +986,7 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, gfn_x(gfn_add(gfn, i))); } } - else - { - gdprintk(XENLOG_WARNING, "Adding bad mfn to p2m map (%#lx -> %#lx)\n", - gfn_x(gfn), mfn_x(mfn)); - rc = p2m_set_entry(p2m, gfn, INVALID_MFN, page_order, - p2m_invalid, p2m->default_access); -#ifdef CONFIG_HVM - if ( rc == 0 ) - { - pod_lock(p2m); - p2m->pod.entry_count -= pod_count; - BUG_ON(p2m->pod.entry_count < 0); - pod_unlock(p2m); - } -#endif - } -out: p2m_unlock(p2m); return rc; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.12 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:55:37 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:55:37 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172388.314517 (Exim 4.92) (envelope-from ) id 1mItNR-0000Cv-0u; Wed, 25 Aug 2021 13:55:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172388.314517; Wed, 25 Aug 2021 13:55:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItNQ-0000Cn-U9; Wed, 25 Aug 2021 13:55:36 +0000 Received: by outflank-mailman (input) for mailman id 172388; Wed, 25 Aug 2021 13:55:36 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItNQ-0000CY-08 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:55:36 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItNP-0006RN-Vf for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:55:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mItNP-0006LU-Uj for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:55:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=iKiI2aM8QIOCsbAEOwuoJc/coworQKujrhehABA2qc4=; b=0lh64Sr5Zv3HTC6YXEuxuxlXcb SFR9sALRqhtQM78O4V/FounDpAIryC06hub47A9QsAvgJR/TJJeB65faVsV2GSBApYhWLkspiFjxm 8wovaJFhUccnPKZvEoGgPSZArxh6+fNj8uYrYuUY5BPEMXyt0hytDQi4oQ3DFwfxX0SA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.12] x86/p2m: don't ignore p2m_remove_page()'s return value Message-Id: Date: Wed, 25 Aug 2021 13:55:35 +0000 commit 05e64a6ce8653d83e84e8cc06ecb3fce1220bb75 Author: Jan Beulich AuthorDate: Wed Aug 25 15:45:35 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:45:35 2021 +0200 x86/p2m: don't ignore p2m_remove_page()'s return value It's not very nice to return from guest_physmap_add_entry() after perhaps already having made some changes to the P2M, but this is pre- existing practice in the function, and imo better than ignoring errors. Take the liberty and replace an mfn_add() instance with a local variable already holding the result (as proven by the check immediately ahead). Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Acked-by: Andrew Cooper master commit: a6b051a87a586347969bfbaa6925ac0f0c845413 master date: 2020-04-03 10:56:10 +0200 --- xen/arch/x86/mm/p2m.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index eb5e340577..ce6e1a913d 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -772,8 +772,7 @@ void p2m_final_teardown(struct domain *d) p2m_teardown_hostp2m(d); } - -static int +static int __must_check p2m_remove_page(struct p2m_domain *p2m, unsigned long gfn_l, unsigned long mfn, unsigned int page_order) { @@ -961,9 +960,9 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, ASSERT(mfn_valid(omfn)); P2M_DEBUG("old gfn=%#lx -> mfn %#lx\n", gfn_x(ogfn) , mfn_x(omfn)); - if ( mfn_eq(omfn, mfn_add(mfn, i)) ) - p2m_remove_page(p2m, gfn_x(ogfn), mfn_x(mfn_add(mfn, i)), - 0); + if ( mfn_eq(omfn, mfn_add(mfn, i)) && + (rc = p2m_remove_page(p2m, gfn_x(ogfn), mfn_x(omfn), 0)) ) + goto out; } } } @@ -987,6 +986,7 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, } } + out: p2m_unlock(p2m); return rc; @@ -2646,9 +2646,9 @@ int p2m_change_altp2m_gfn(struct domain *d, unsigned int idx, if ( gfn_eq(new_gfn, INVALID_GFN) ) { - if ( mfn_valid(mfn) ) - p2m_remove_page(ap2m, gfn_x(old_gfn), mfn_x(mfn), PAGE_ORDER_4K); - rc = 0; + rc = mfn_valid(mfn) + ? p2m_remove_page(ap2m, gfn_x(old_gfn), mfn_x(mfn), PAGE_ORDER_4K) + : 0; goto out; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.12 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:55:47 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:55:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172389.314522 (Exim 4.92) (envelope-from ) id 1mItNb-0000Gn-47; Wed, 25 Aug 2021 13:55:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172389.314522; Wed, 25 Aug 2021 13:55:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItNb-0000Gf-0z; Wed, 25 Aug 2021 13:55:47 +0000 Received: by outflank-mailman (input) for mailman id 172389; Wed, 25 Aug 2021 13:55:46 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItNa-0000GT-3u for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:55:46 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItNa-0006Re-33 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:55:46 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mItNa-0006Mx-26 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:55:46 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=QGAWF2cbEVsoN7f6o08iZEo68YvFkRTf2gI1QmI8/WQ=; b=1ZES8RS5bEllVHNgWW+f4ziJdM pQoxNThz9d5UNwKzmCQdDdi1KOm93kKUqch6t4XjNCGyok+NuWYS0GWH5cC8qzywSHpnSFrfD2KaD RdoKoYFDtiKi1GZVJt6Dih817LYZRSpS5VWVCNNs8N65YAKr3qbpL5t0jgq24Eyjaz7E=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.12] x86/p2m: don't assert that the passed in MFN matches for a remove Message-Id: Date: Wed, 25 Aug 2021 13:55:46 +0000 commit d44643199c96ac22491ae002d3bcd1c989b95ea4 Author: Jan Beulich AuthorDate: Wed Aug 25 15:45:49 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:45:49 2021 +0200 x86/p2m: don't assert that the passed in MFN matches for a remove guest_physmap_remove_page() gets handed an MFN from the outside, yet takes the necessary lock to prevent further changes to the GFN <-> MFN mapping itself. While some callers, in particular guest_remove_page() (by way of having called get_gfn_query()), hold the GFN lock already, various others (most notably perhaps the 2nd instance in xenmem_add_to_physmap_one()) don't. While it also is an option to fix all the callers, deal with the issue in p2m_remove_page() instead: Replace the ASSERT() by a conditional and split the loop into two, such that all checking gets done before any modification would occur. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Acked-by: Andrew Cooper master commit: c65ea16dbcafbe4fe21693b18f8c2a3c5d14600e master date: 2020-04-03 10:56:55 +0200 --- xen/arch/x86/mm/p2m.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index ce6e1a913d..6ebc2d33de 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -778,7 +778,6 @@ p2m_remove_page(struct p2m_domain *p2m, unsigned long gfn_l, unsigned long mfn, { unsigned long i; gfn_t gfn = _gfn(gfn_l); - mfn_t mfn_return; p2m_type_t t; p2m_access_t a; @@ -789,15 +788,26 @@ p2m_remove_page(struct p2m_domain *p2m, unsigned long gfn_l, unsigned long mfn, ASSERT(gfn_locked_by_me(p2m, gfn)); P2M_DEBUG("removing gfn=%#lx mfn=%#lx\n", gfn_l, mfn); + for ( i = 0; i < (1UL << page_order); ) + { + unsigned int cur_order; + mfn_t mfn_return = p2m->get_entry(p2m, gfn_add(gfn, i), &t, &a, 0, + &cur_order, NULL); + + if ( p2m_is_valid(t) && + (!mfn_valid(_mfn(mfn)) || mfn + i != mfn_x(mfn_return)) ) + return -EILSEQ; + + i += (1UL << cur_order) - ((gfn_l + i) & ((1UL << cur_order) - 1)); + } + if ( mfn_valid(_mfn(mfn)) ) { for ( i = 0; i < (1UL << page_order); i++ ) { - mfn_return = p2m->get_entry(p2m, gfn_add(gfn, i), &t, &a, 0, - NULL, NULL); + p2m->get_entry(p2m, gfn_add(gfn, i), &t, &a, 0, NULL, NULL); if ( !p2m_is_grant(t) && !p2m_is_shared(t) && !p2m_is_foreign(t) ) set_gpfn_from_mfn(mfn+i, INVALID_M2P_ENTRY); - ASSERT( !p2m_is_valid(t) || mfn + i == mfn_x(mfn_return) ); } } return p2m_set_entry(p2m, gfn, INVALID_MFN, page_order, p2m_invalid, -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.12 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:55:57 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:55:57 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172390.314525 (Exim 4.92) (envelope-from ) id 1mItNl-0000JZ-5R; Wed, 25 Aug 2021 13:55:57 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172390.314525; Wed, 25 Aug 2021 13:55:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItNl-0000JR-2c; Wed, 25 Aug 2021 13:55:57 +0000 Received: by outflank-mailman (input) for mailman id 172390; Wed, 25 Aug 2021 13:55:56 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItNk-0000JG-7h for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:55:56 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItNk-0006Rp-6t for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:55:56 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mItNk-0006O7-5m for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:55:56 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0CZ9Bnwfxjibqwc0qUQPtUqnDYhHw6RwDwokbamNBcM=; b=1LCHf15vbqXmMSmjCMi23eBY/v bhAA9UntcGgMyiq21rhqx1QfB11bBjTtFGiGKCp+jDb4F7M2TPGDb3V0qzxIDBjuwLLKQ2+XtuvSU 9a3iK6VxnL0hUg4hg9MA35OX2DI0BkbLtfLSmGRZ3fs5ZAhLQ/jn4TMbwM5iR5Og0gF0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.12] AMD/IOMMU: correct global exclusion range extending Message-Id: Date: Wed, 25 Aug 2021 13:55:56 +0000 commit dd59be6857707a61f73612ce73e0192921b58427 Author: Jan Beulich AuthorDate: Wed Aug 25 15:47:36 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:47:36 2021 +0200 AMD/IOMMU: correct global exclusion range extending Besides unity mapping regions, the AMD IOMMU spec also provides for exclusion ranges (areas of memory not to be subject to DMA translation) to be specified by firmware in the ACPI tables. The spec does not put any constraints on the number of such regions. Blindly assuming all addresses between any two such ranges should also be excluded can't be right. Since hardware has room for just a single such range (comprised of the Exclusion Base Register and the Exclusion Range Limit Register), combine only adjacent or overlapping regions (for now; this may require further adjustment in case table entries aren't sorted by address) with matching exclusion_allow_all settings. This requires bubbling up error indicators, such that IOMMU init can be failed when concatenation wasn't possible. Furthermore, since the exclusion range specified in IOMMU registers implies R/W access, reject requests asking for less permissions (this will be brought closer to the spec by a subsequent change). This is part of XSA-378 / CVE-2021-28695. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: b02c5c88982411be11e3413159862f255f1f39dc master date: 2021-08-25 14:12:13 +0200 --- xen/drivers/passthrough/amd/iommu_acpi.c | 45 +++++++++++++++++++++----------- 1 file changed, 30 insertions(+), 15 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c b/xen/drivers/passthrough/amd/iommu_acpi.c index 64d10481d7..9f7659340a 100644 --- a/xen/drivers/passthrough/amd/iommu_acpi.c +++ b/xen/drivers/passthrough/amd/iommu_acpi.c @@ -98,12 +98,21 @@ static struct amd_iommu * __init find_iommu_from_bdf_cap( return NULL; } -static void __init reserve_iommu_exclusion_range( - struct amd_iommu *iommu, uint64_t base, uint64_t limit) +static int __init reserve_iommu_exclusion_range( + struct amd_iommu *iommu, uint64_t base, uint64_t limit, + bool all, bool iw, bool ir) { + if ( !ir || !iw ) + return -EPERM; + /* need to extend exclusion range? */ if ( iommu->exclusion_enable ) { + if ( iommu->exclusion_limit + PAGE_SIZE < base || + limit + PAGE_SIZE < iommu->exclusion_base || + iommu->exclusion_allow_all != all ) + return -EBUSY; + if ( iommu->exclusion_base < base ) base = iommu->exclusion_base; if ( iommu->exclusion_limit > limit ) @@ -111,16 +120,11 @@ static void __init reserve_iommu_exclusion_range( } iommu->exclusion_enable = IOMMU_CONTROL_ENABLED; + iommu->exclusion_allow_all = all; iommu->exclusion_base = base; iommu->exclusion_limit = limit; -} -static void __init reserve_iommu_exclusion_range_all( - struct amd_iommu *iommu, - unsigned long base, unsigned long limit) -{ - reserve_iommu_exclusion_range(iommu, base, limit); - iommu->exclusion_allow_all = IOMMU_CONTROL_ENABLED; + return 0; } static void __init reserve_unity_map_for_device( @@ -158,6 +162,7 @@ static int __init register_exclusion_range_for_all_devices( unsigned long range_top, iommu_top, length; struct amd_iommu *iommu; unsigned int bdf; + int rc = 0; /* is part of exclusion range inside of IOMMU virtual address space? */ /* note: 'limit' parameter is assumed to be page-aligned */ @@ -179,10 +184,15 @@ static int __init register_exclusion_range_for_all_devices( if ( limit >= iommu_top ) { for_each_amd_iommu( iommu ) - reserve_iommu_exclusion_range_all(iommu, base, limit); + { + rc = reserve_iommu_exclusion_range(iommu, base, limit, + true /* all */, iw, ir); + if ( rc ) + break; + } } - return 0; + return rc; } static int __init register_exclusion_range_for_device( @@ -193,6 +203,7 @@ static int __init register_exclusion_range_for_device( unsigned long range_top, iommu_top, length; struct amd_iommu *iommu; u16 req; + int rc = 0; iommu = find_iommu_for_device(seg, bdf); if ( !iommu ) @@ -222,12 +233,13 @@ static int __init register_exclusion_range_for_device( /* register IOMMU exclusion range settings for device */ if ( limit >= iommu_top ) { - reserve_iommu_exclusion_range(iommu, base, limit); + rc = reserve_iommu_exclusion_range(iommu, base, limit, + false /* all */, iw, ir); ivrs_mappings[bdf].dte_allow_exclusion = IOMMU_CONTROL_ENABLED; ivrs_mappings[req].dte_allow_exclusion = IOMMU_CONTROL_ENABLED; } - return 0; + return rc; } static int __init register_exclusion_range_for_iommu_devices( @@ -237,6 +249,7 @@ static int __init register_exclusion_range_for_iommu_devices( unsigned long range_top, iommu_top, length; unsigned int bdf; u16 req; + int rc = 0; /* is part of exclusion range inside of IOMMU virtual address space? */ /* note: 'limit' parameter is assumed to be page-aligned */ @@ -267,8 +280,10 @@ static int __init register_exclusion_range_for_iommu_devices( /* register IOMMU exclusion range settings */ if ( limit >= iommu_top ) - reserve_iommu_exclusion_range_all(iommu, base, limit); - return 0; + rc = reserve_iommu_exclusion_range(iommu, base, limit, + true /* all */, iw, ir); + + return rc; } static int __init parse_ivmd_device_select( -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.12 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:56:07 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:56:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172391.314531 (Exim 4.92) (envelope-from ) id 1mItNv-0000N1-7N; Wed, 25 Aug 2021 13:56:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172391.314531; Wed, 25 Aug 2021 13:56:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItNv-0000Mr-45; Wed, 25 Aug 2021 13:56:07 +0000 Received: by outflank-mailman (input) for mailman id 172391; Wed, 25 Aug 2021 13:56:06 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItNu-0000Mf-CO for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:56:06 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItNu-0006SD-BZ for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:56:06 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mItNu-0006Q2-A1 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:56:06 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=9X8kr2yBZpmPA7c7M6b9a/iaa4OElZUhmV5b9yAvAvU=; b=iDQry0GlG7fc2NNUOtD9MWOKRN /2X8VRSQd2mZeVY9OQQ2JvfO5Y354ltkSUiQUg78a1QBCiIf2hkA0pd97mx8OBECbSln7atfCA+LL jfYZGr5H4tb8cTVqqdWd8shGq0Tz3xd9ppwiJ57CEOhO6PzL5K4v9viLfV9tCQf+uBx4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.12] AMD/IOMMU: correct device unity map handling Message-Id: Date: Wed, 25 Aug 2021 13:56:06 +0000 commit 724eebcaeb6663915ef5cff7ccffe2301e47f7c6 Author: Jan Beulich AuthorDate: Wed Aug 25 15:47:52 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:47:52 2021 +0200 AMD/IOMMU: correct device unity map handling Blindly assuming all addresses between any two such ranges, specified by firmware in the ACPI tables, should also be unity-mapped can't be right. Nor can it be correct to merge ranges with differing permissions. Track ranges individually; don't merge at all, but check for overlaps instead. This requires bubbling up error indicators, such that IOMMU init can be failed when allocation of a new tracking struct wasn't possible, or an overlap was detected. At this occasion also stop ignoring amd_iommu_reserve_domain_unity_map()'s return value. This is part of XSA-378 / CVE-2021-28695. Signed-off-by: Jan Beulich Reviewed-by: George Dunlap Reviewed-by: Paul Durrant master commit: 34750a3eb022462cdd1c36e8ef9049d3d73c824c master date: 2021-08-25 14:15:11 +0200 --- xen/drivers/passthrough/amd/iommu_acpi.c | 80 +++++++++++++++++------------ xen/drivers/passthrough/amd/iommu_init.c | 1 - xen/drivers/passthrough/amd/pci_amd_iommu.c | 16 +++--- xen/include/asm-x86/amd-iommu.h | 14 +++-- 4 files changed, 66 insertions(+), 45 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c b/xen/drivers/passthrough/amd/iommu_acpi.c index 9f7659340a..a477877f32 100644 --- a/xen/drivers/passthrough/amd/iommu_acpi.c +++ b/xen/drivers/passthrough/amd/iommu_acpi.c @@ -127,32 +127,48 @@ static int __init reserve_iommu_exclusion_range( return 0; } -static void __init reserve_unity_map_for_device( - u16 seg, u16 bdf, unsigned long base, - unsigned long length, u8 iw, u8 ir) +static int __init reserve_unity_map_for_device( + uint16_t seg, uint16_t bdf, unsigned long base, + unsigned long length, bool iw, bool ir) { struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(seg); - unsigned long old_top, new_top; + struct ivrs_unity_map *unity_map = ivrs_mappings[bdf].unity_map; - /* need to extend unity-mapped range? */ - if ( ivrs_mappings[bdf].unity_map_enable ) + /* Check for overlaps. */ + for ( ; unity_map; unity_map = unity_map->next ) { - old_top = ivrs_mappings[bdf].addr_range_start + - ivrs_mappings[bdf].addr_range_length; - new_top = base + length; - if ( old_top > new_top ) - new_top = old_top; - if ( ivrs_mappings[bdf].addr_range_start < base ) - base = ivrs_mappings[bdf].addr_range_start; - length = new_top - base; + /* + * Exact matches are okay. This can in particular happen when + * register_exclusion_range_for_device() calls here twice for the + * same (s,b,d,f). + */ + if ( base == unity_map->addr && length == unity_map->length && + ir == unity_map->read && iw == unity_map->write ) + return 0; + + if ( unity_map->addr + unity_map->length > base && + base + length > unity_map->addr ) + { + AMD_IOMMU_DEBUG("IVMD Error: overlap [%lx,%lx) vs [%lx,%lx)\n", + base, base + length, unity_map->addr, + unity_map->addr + unity_map->length); + return -EPERM; + } } - /* extend r/w permissioms and keep aggregate */ - ivrs_mappings[bdf].write_permission = iw; - ivrs_mappings[bdf].read_permission = ir; - ivrs_mappings[bdf].unity_map_enable = IOMMU_CONTROL_ENABLED; - ivrs_mappings[bdf].addr_range_start = base; - ivrs_mappings[bdf].addr_range_length = length; + /* Populate and insert a new unity map. */ + unity_map = xmalloc(struct ivrs_unity_map); + if ( !unity_map ) + return -ENOMEM; + + unity_map->read = ir; + unity_map->write = iw; + unity_map->addr = base; + unity_map->length = length; + unity_map->next = ivrs_mappings[bdf].unity_map; + ivrs_mappings[bdf].unity_map = unity_map; + + return 0; } static int __init register_exclusion_range_for_all_devices( @@ -175,13 +191,13 @@ static int __init register_exclusion_range_for_all_devices( length = range_top - base; /* reserve r/w unity-mapped page entries for devices */ /* note: these entries are part of the exclusion range */ - for ( bdf = 0; bdf < ivrs_bdf_entries; bdf++ ) - reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); + for ( bdf = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) + rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); /* push 'base' just outside of virtual address space */ base = iommu_top; } /* register IOMMU exclusion range settings */ - if ( limit >= iommu_top ) + if ( !rc && limit >= iommu_top ) { for_each_amd_iommu( iommu ) { @@ -223,15 +239,15 @@ static int __init register_exclusion_range_for_device( length = range_top - base; /* reserve unity-mapped page entries for device */ /* note: these entries are part of the exclusion range */ - reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); - reserve_unity_map_for_device(seg, req, base, length, iw, ir); + rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir) ?: + reserve_unity_map_for_device(seg, req, base, length, iw, ir); /* push 'base' just outside of virtual address space */ base = iommu_top; } /* register IOMMU exclusion range settings for device */ - if ( limit >= iommu_top ) + if ( !rc && limit >= iommu_top ) { rc = reserve_iommu_exclusion_range(iommu, base, limit, false /* all */, iw, ir); @@ -262,15 +278,15 @@ static int __init register_exclusion_range_for_iommu_devices( length = range_top - base; /* reserve r/w unity-mapped page entries for devices */ /* note: these entries are part of the exclusion range */ - for ( bdf = 0; bdf < ivrs_bdf_entries; bdf++ ) + for ( bdf = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) { if ( iommu == find_iommu_for_device(iommu->seg, bdf) ) { - reserve_unity_map_for_device(iommu->seg, bdf, base, length, - iw, ir); req = get_ivrs_mappings(iommu->seg)[bdf].dte_requestor_id; - reserve_unity_map_for_device(iommu->seg, req, base, length, - iw, ir); + rc = reserve_unity_map_for_device(iommu->seg, bdf, base, length, + iw, ir) ?: + reserve_unity_map_for_device(iommu->seg, req, base, length, + iw, ir); } } @@ -279,7 +295,7 @@ static int __init register_exclusion_range_for_iommu_devices( } /* register IOMMU exclusion range settings */ - if ( limit >= iommu_top ) + if ( !rc && limit >= iommu_top ) rc = reserve_iommu_exclusion_range(iommu, base, limit, true /* all */, iw, ir); diff --git a/xen/drivers/passthrough/amd/iommu_init.c b/xen/drivers/passthrough/amd/iommu_init.c index 98298f0bf0..62a0f935b5 100644 --- a/xen/drivers/passthrough/amd/iommu_init.c +++ b/xen/drivers/passthrough/amd/iommu_init.c @@ -1189,7 +1189,6 @@ static int __init alloc_ivrs_mappings(u16 seg) { ivrs_mappings[bdf].dte_requestor_id = bdf; ivrs_mappings[bdf].dte_allow_exclusion = IOMMU_CONTROL_DISABLED; - ivrs_mappings[bdf].unity_map_enable = IOMMU_CONTROL_DISABLED; ivrs_mappings[bdf].iommu = NULL; ivrs_mappings[bdf].intremap_table = NULL; diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index a0555e30a4..2aab4bc16e 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -346,15 +346,17 @@ static int amd_iommu_assign_device(struct domain *d, u8 devfn, struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); int bdf = PCI_BDF2(pdev->bus, devfn); int req_id = get_dma_requestor_id(pdev->seg, bdf); + const struct ivrs_unity_map *unity_map; - if ( ivrs_mappings[req_id].unity_map_enable ) + for ( unity_map = ivrs_mappings[req_id].unity_map; unity_map; + unity_map = unity_map->next ) { - amd_iommu_reserve_domain_unity_map( - d, - ivrs_mappings[req_id].addr_range_start, - ivrs_mappings[req_id].addr_range_length, - ivrs_mappings[req_id].write_permission, - ivrs_mappings[req_id].read_permission); + int rc = amd_iommu_reserve_domain_unity_map( + d, unity_map->addr, unity_map->length, + unity_map->write, unity_map->read); + + if ( rc ) + return rc; } return reassign_device(pdev->domain, d, devfn, pdev); diff --git a/xen/include/asm-x86/amd-iommu.h b/xen/include/asm-x86/amd-iommu.h index 02715b482b..1bba272379 100644 --- a/xen/include/asm-x86/amd-iommu.h +++ b/xen/include/asm-x86/amd-iommu.h @@ -108,15 +108,19 @@ struct amd_iommu { struct list_head ats_devices; }; +struct ivrs_unity_map { + bool read:1; + bool write:1; + paddr_t addr; + unsigned long length; + struct ivrs_unity_map *next; +}; + struct ivrs_mappings { u16 dte_requestor_id; u8 dte_allow_exclusion; - u8 unity_map_enable; - u8 write_permission; - u8 read_permission; - unsigned long addr_range_start; - unsigned long addr_range_length; struct amd_iommu *iommu; + struct ivrs_unity_map *unity_map; /* per device interrupt remapping table */ void *intremap_table; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.12 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:56:17 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:56:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172393.314545 (Exim 4.92) (envelope-from ) id 1mItO5-0000k7-Jw; Wed, 25 Aug 2021 13:56:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172393.314545; Wed, 25 Aug 2021 13:56:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItO5-0000jt-GF; Wed, 25 Aug 2021 13:56:17 +0000 Received: by outflank-mailman (input) for mailman id 172393; Wed, 25 Aug 2021 13:56:16 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItO4-0000jE-HL for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:56:16 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItO4-0006Ss-GY for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:56:16 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mItO4-0006RO-EM for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:56:16 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=e7hMKH6Rl36apmLewfQoGwvctYlGKweIyXE7N2mxOZk=; b=4rvfX5AWgF7UuPPIh7mKdGHq/C iKYKJuCys/JU2hrgegdRQmWVmLbGiRnPiiHFs4Hd48Lew4BUO9wLFB1ghoEwFujpphjIQt26Ea4yn 1KSMIR0tqTxDuPHVnqWGTLPiKKzsKbndWk0Bqz8nZABlzwICOQNF05pTcmo7Em2W8MI0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.12] IOMMU: also pass p2m_access_t to p2m_get_iommu_flags() Message-Id: Date: Wed, 25 Aug 2021 13:56:16 +0000 commit aac5e505b97f727cef00ce2d9f082108d1186a5d Author: Jan Beulich AuthorDate: Wed Aug 25 15:48:15 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:48:15 2021 +0200 IOMMU: also pass p2m_access_t to p2m_get_iommu_flags() A subsequent change will want to customize the IOMMU permissions based on this. This is part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: d1bb6c97c31ef754fb29b29eb307c090414e8022 master date: 2021-08-25 14:15:32 +0200 --- xen/arch/x86/mm/p2m-ept.c | 6 +++--- xen/arch/x86/mm/p2m-pt.c | 19 ++++++++++++++++--- xen/include/asm-x86/p2m.h | 3 ++- 3 files changed, 21 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/mm/p2m-ept.c b/xen/arch/x86/mm/p2m-ept.c index 5822ca77ca..72728d1890 100644 --- a/xen/arch/x86/mm/p2m-ept.c +++ b/xen/arch/x86/mm/p2m-ept.c @@ -672,7 +672,7 @@ ept_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, uint8_t ipat = 0; bool_t need_modify_vtd_table = 1; bool_t vtd_pte_present = 0; - unsigned int iommu_flags = p2m_get_iommu_flags(p2mt, mfn); + unsigned int iommu_flags = p2m_get_iommu_flags(p2mt, p2ma, mfn); bool_t needs_sync = 1; ept_entry_t old_entry = { .epte = 0 }; ept_entry_t new_entry = { .epte = 0 }; @@ -799,8 +799,8 @@ ept_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, /* Safe to read-then-write because we hold the p2m lock */ if ( ept_entry->mfn == new_entry.mfn && - p2m_get_iommu_flags(ept_entry->sa_p2mt, _mfn(ept_entry->mfn)) == - iommu_flags ) + p2m_get_iommu_flags(ept_entry->sa_p2mt, ept_entry->access, + _mfn(ept_entry->mfn)) == iommu_flags ) need_modify_vtd_table = 0; ept_p2m_type_to_flags(p2m, &new_entry, p2mt, p2ma); diff --git a/xen/arch/x86/mm/p2m-pt.c b/xen/arch/x86/mm/p2m-pt.c index 0629cd530e..442321f19e 100644 --- a/xen/arch/x86/mm/p2m-pt.c +++ b/xen/arch/x86/mm/p2m-pt.c @@ -512,6 +512,16 @@ int p2m_pt_handle_deferred_changes(uint64_t gpa) return rc; } +/* Reconstruct a fake p2m_access_t from stored PTE flags. */ +static p2m_access_t p2m_flags_to_access(unsigned int flags) +{ + if ( flags & _PAGE_PRESENT ) + return p2m_access_n; + + /* No need to look at _PAGE_NX for now. */ + return flags & _PAGE_RW ? p2m_access_rw : p2m_access_r; +} + /* Checks only applicable to entries with order > PAGE_ORDER_4K */ static void check_entry(mfn_t mfn, p2m_type_t new, p2m_type_t old, unsigned int order) @@ -546,7 +556,7 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, l2_pgentry_t l2e_content; l3_pgentry_t l3e_content; int rc; - unsigned int iommu_pte_flags = p2m_get_iommu_flags(p2mt, mfn); + unsigned int iommu_pte_flags = p2m_get_iommu_flags(p2mt, p2ma, mfn); /* * old_mfn and iommu_old_flags control possible flush/update needs on the * IOMMU: We need to flush when MFN or flags (i.e. permissions) change. @@ -609,6 +619,7 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, old_mfn = l1e_get_pfn(*p2m_entry); iommu_old_flags = p2m_get_iommu_flags(p2m_flags_to_type(flags), + p2m_flags_to_access(flags), _mfn(old_mfn)); } else @@ -654,9 +665,10 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, 0, L1_PAGETABLE_ENTRIES); ASSERT(p2m_entry); old_mfn = l1e_get_pfn(*p2m_entry); + flags = l1e_get_flags(*p2m_entry); iommu_old_flags = - p2m_get_iommu_flags(p2m_flags_to_type(l1e_get_flags(*p2m_entry)), - _mfn(old_mfn)); + p2m_get_iommu_flags(p2m_flags_to_type(flags), + p2m_flags_to_access(flags), _mfn(old_mfn)); if ( mfn_valid(mfn) || p2m_allows_invalid_mfn(p2mt) ) entry_content = p2m_l1e_from_pfn(mfn_x(mfn), @@ -687,6 +699,7 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, old_mfn = l1e_get_pfn(*p2m_entry); iommu_old_flags = p2m_get_iommu_flags(p2m_flags_to_type(flags), + p2m_flags_to_access(flags), _mfn(old_mfn)); } else diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index 1a38c05537..814b1eb125 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -899,7 +899,8 @@ static inline void p2m_altp2m_check(struct vcpu *v, uint16_t idx) {} /* * p2m type to IOMMU flags */ -static inline unsigned int p2m_get_iommu_flags(p2m_type_t p2mt, mfn_t mfn) +static inline unsigned int p2m_get_iommu_flags(p2m_type_t p2mt, + p2m_access_t p2ma, mfn_t mfn) { unsigned int flags; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.12 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:56:28 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:56:28 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172395.314550 (Exim 4.92) (envelope-from ) id 1mItOG-0000vv-N2; Wed, 25 Aug 2021 13:56:28 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172395.314550; Wed, 25 Aug 2021 13:56:28 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItOG-0000vl-JN; Wed, 25 Aug 2021 13:56:28 +0000 Received: by outflank-mailman (input) for mailman id 172395; Wed, 25 Aug 2021 13:56:26 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItOE-0000un-N8 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:56:26 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItOE-0006T7-MJ for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:56:26 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mItOE-0006T7-Jv for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:56:26 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/51UkEZ0bmRxWIfwk45+Y1CaZt6S5+6TZyj98MC6xLk=; b=Pa6CbCnjP4QOUD59w1snLncp39 yT0wp17D8q1ZVJXA1W4wGc0wJ+rNCuaHPGn0U4xfntG+rZM4Uvjo6yGrF+d7SMgYV1CHTv0cUtWKv fwFXQ7i+GAyRjp3l3B81VcjCasMMFm3EZjvBzqCYJZoJJeQMFftQCmeSihJPO3EKEXDk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.12] IOMMU: generalize VT-d's tracking of mapped RMRR regions Message-Id: Date: Wed, 25 Aug 2021 13:56:26 +0000 commit 1f5c2371eba98dafd7abd2a34613abe6ca3204f5 Author: Jan Beulich AuthorDate: Wed Aug 25 15:48:35 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:48:35 2021 +0200 IOMMU: generalize VT-d's tracking of mapped RMRR regions In order to re-use it elsewhere, move the logic to vendor independent code and strip it of RMRR specifics. Note that the prior "map" parameter gets folded into the new "p2ma" one (which AMD IOMMU code will want to make use of), assigning alternative meaning ("unmap") to p2m_access_x. Prepare set_identity_p2m_entry() and p2m_get_iommu_flags() for getting passed access types other than p2m_access_rw (in the latter case just for p2m_mmio_direct requests). Note also that, to be on the safe side, an overlap check gets added to the main loop of iommu_identity_mapping(). This is part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: c0e19d7c6c42f0bfccccd96b4f7b03b5515e10fc master date: 2021-08-25 14:15:57 +0200 --- xen/arch/x86/mm/p2m.c | 2 +- xen/drivers/passthrough/vtd/iommu.c | 98 +++++-------------------------------- xen/drivers/passthrough/x86/iommu.c | 95 ++++++++++++++++++++++++++++++++++- xen/include/asm-x86/iommu.h | 8 ++- xen/include/asm-x86/p2m.h | 35 +++++++++++-- 5 files changed, 147 insertions(+), 91 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 6ebc2d33de..41a74119f4 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -1341,7 +1341,7 @@ int set_identity_p2m_entry(struct domain *d, unsigned long gfn_l, if ( !has_iommu_pt(d) ) return 0; return iommu_legacy_map(d, _dfn(gfn_l), _mfn(gfn_l), PAGE_ORDER_4K, - IOMMUF_readable | IOMMUF_writable); + p2m_access_to_iommu_flags(p2ma)); } gfn_lock(p2m, gfn, 0); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 89e0cab531..ef33111fd0 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -42,12 +42,6 @@ #include "vtd.h" #include "../ats.h" -struct mapped_rmrr { - struct list_head list; - u64 base, end; - unsigned int count; -}; - /* Possible unfiltered LAPIC/MSI messages from untrusted sources? */ bool __read_mostly untrusted_msi; @@ -1787,16 +1781,11 @@ out: static void iommu_domain_teardown(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); - struct mapped_rmrr *mrmrr, *tmp; if ( list_empty(&acpi_drhd_units) ) return; - list_for_each_entry_safe ( mrmrr, tmp, &hd->arch.mapped_rmrrs, list ) - { - list_del(&mrmrr->list); - xfree(mrmrr); - } + iommu_identity_map_teardown(d); ASSERT(iommu_enabled); @@ -1955,74 +1944,6 @@ static void iommu_set_pgd(struct domain *d) pagetable_get_paddr(pagetable_from_mfn(pgd_mfn)); } -static int rmrr_identity_mapping(struct domain *d, bool_t map, - const struct acpi_rmrr_unit *rmrr, - u32 flag) -{ - unsigned long base_pfn = rmrr->base_address >> PAGE_SHIFT_4K; - unsigned long end_pfn = PAGE_ALIGN_4K(rmrr->end_address) >> PAGE_SHIFT_4K; - struct mapped_rmrr *mrmrr; - struct domain_iommu *hd = dom_iommu(d); - - ASSERT(pcidevs_locked()); - ASSERT(rmrr->base_address < rmrr->end_address); - - /* - * No need to acquire hd->arch.mapping_lock: Both insertion and removal - * get done while holding pcidevs_lock. - */ - list_for_each_entry( mrmrr, &hd->arch.mapped_rmrrs, list ) - { - if ( mrmrr->base == rmrr->base_address && - mrmrr->end == rmrr->end_address ) - { - int ret = 0; - - if ( map ) - { - ++mrmrr->count; - return 0; - } - - if ( --mrmrr->count ) - return 0; - - while ( base_pfn < end_pfn ) - { - if ( clear_identity_p2m_entry(d, base_pfn) ) - ret = -ENXIO; - base_pfn++; - } - - list_del(&mrmrr->list); - xfree(mrmrr); - return ret; - } - } - - if ( !map ) - return -ENOENT; - - while ( base_pfn < end_pfn ) - { - int err = set_identity_p2m_entry(d, base_pfn, p2m_access_rw, flag); - - if ( err ) - return err; - base_pfn++; - } - - mrmrr = xmalloc(struct mapped_rmrr); - if ( !mrmrr ) - return -ENOMEM; - mrmrr->base = rmrr->base_address; - mrmrr->end = rmrr->end_address; - mrmrr->count = 1; - list_add_tail(&mrmrr->list, &hd->arch.mapped_rmrrs); - - return 0; -} - static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) { struct acpi_rmrr_unit *rmrr; @@ -2054,7 +1975,9 @@ static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) * Since RMRRs are always reserved in the e820 map for the hardware * domain, there shouldn't be a conflict. */ - ret = rmrr_identity_mapping(pdev->domain, 1, rmrr, 0); + ret = iommu_identity_mapping(pdev->domain, p2m_access_rw, + rmrr->base_address, rmrr->end_address, + 0); if ( ret ) dprintk(XENLOG_ERR VTDPREFIX, "d%d: RMRR mapping failed\n", pdev->domain->domain_id); @@ -2099,7 +2022,8 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) * Any flag is nothing to clear these mappings but here * its always safe and strict to set 0. */ - rmrr_identity_mapping(pdev->domain, 0, rmrr, 0); + iommu_identity_mapping(pdev->domain, p2m_access_x, rmrr->base_address, + rmrr->end_address, 0); } return domain_context_unmap(pdev->domain, devfn, pdev); @@ -2266,7 +2190,8 @@ static void __hwdom_init setup_hwdom_rmrr(struct domain *d) * domain, there shouldn't be a conflict. So its always safe and * strict to set 0. */ - ret = rmrr_identity_mapping(d, 1, rmrr, 0); + ret = iommu_identity_mapping(d, p2m_access_rw, rmrr->base_address, + rmrr->end_address, 0); if ( ret ) dprintk(XENLOG_ERR VTDPREFIX, "IOMMU: mapping reserved region failed\n"); @@ -2425,7 +2350,9 @@ static int reassign_device_ownership( * Any RMRR flag is always ignored when remove a device, * but its always safe and strict to set 0. */ - ret = rmrr_identity_mapping(source, 0, rmrr, 0); + ret = iommu_identity_mapping(source, p2m_access_x, + rmrr->base_address, + rmrr->end_address, 0); if ( ret != -ENOENT ) return ret; } @@ -2522,7 +2449,8 @@ static int intel_iommu_assign_device( PCI_BUS(bdf) == bus && PCI_DEVFN2(bdf) == devfn ) { - ret = rmrr_identity_mapping(d, 1, rmrr, flag); + ret = iommu_identity_mapping(d, p2m_access_rw, rmrr->base_address, + rmrr->end_address, flag); if ( ret ) { int rc; diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index bd6529d419..519353f81a 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -150,7 +150,7 @@ int arch_iommu_domain_init(struct domain *d) struct domain_iommu *hd = dom_iommu(d); spin_lock_init(&hd->arch.mapping_lock); - INIT_LIST_HEAD(&hd->arch.mapped_rmrrs); + INIT_LIST_HEAD(&hd->arch.identity_maps); return 0; } @@ -159,6 +159,99 @@ void arch_iommu_domain_destroy(struct domain *d) { } +struct identity_map { + struct list_head list; + paddr_t base, end; + p2m_access_t access; + unsigned int count; +}; + +int iommu_identity_mapping(struct domain *d, p2m_access_t p2ma, + paddr_t base, paddr_t end, + unsigned int flag) +{ + unsigned long base_pfn = base >> PAGE_SHIFT_4K; + unsigned long end_pfn = PAGE_ALIGN_4K(end) >> PAGE_SHIFT_4K; + struct identity_map *map; + struct domain_iommu *hd = dom_iommu(d); + + ASSERT(pcidevs_locked()); + ASSERT(base < end); + + /* + * No need to acquire hd->arch.mapping_lock: Both insertion and removal + * get done while holding pcidevs_lock. + */ + list_for_each_entry( map, &hd->arch.identity_maps, list ) + { + if ( map->base == base && map->end == end ) + { + int ret = 0; + + if ( p2ma != p2m_access_x ) + { + if ( map->access != p2ma ) + return -EADDRINUSE; + ++map->count; + return 0; + } + + if ( --map->count ) + return 0; + + while ( base_pfn < end_pfn ) + { + if ( clear_identity_p2m_entry(d, base_pfn) ) + ret = -ENXIO; + base_pfn++; + } + + list_del(&map->list); + xfree(map); + + return ret; + } + + if ( end >= map->base && map->end >= base ) + return -EADDRINUSE; + } + + if ( p2ma == p2m_access_x ) + return -ENOENT; + + while ( base_pfn < end_pfn ) + { + int err = set_identity_p2m_entry(d, base_pfn, p2ma, flag); + + if ( err ) + return err; + base_pfn++; + } + + map = xmalloc(struct identity_map); + if ( !map ) + return -ENOMEM; + map->base = base; + map->end = end; + map->access = p2ma; + map->count = 1; + list_add_tail(&map->list, &hd->arch.identity_maps); + + return 0; +} + +void iommu_identity_map_teardown(struct domain *d) +{ + struct domain_iommu *hd = dom_iommu(d); + struct identity_map *map, *tmp; + + list_for_each_entry_safe ( map, tmp, &hd->arch.identity_maps, list ) + { + list_del(&map->list); + xfree(map); + } +} + static bool __hwdom_init hwdom_iommu_map(const struct domain *d, unsigned long pfn, unsigned long max_pfn) diff --git a/xen/include/asm-x86/iommu.h b/xen/include/asm-x86/iommu.h index fc51508e9d..b8d2951b12 100644 --- a/xen/include/asm-x86/iommu.h +++ b/xen/include/asm-x86/iommu.h @@ -16,6 +16,7 @@ #include #include +#include #include #include #include @@ -48,7 +49,7 @@ struct arch_iommu spinlock_t mapping_lock; /* io page table lock */ int agaw; /* adjusted guest address width, 0 is level 2 30-bit */ u64 iommu_bitmap; /* bitmap of iommu(s) that the domain uses */ - struct list_head mapped_rmrrs; + struct list_head identity_maps; /* amd iommu support */ int paging_mode; @@ -94,6 +95,11 @@ bool_t iommu_supports_eim(void); int iommu_enable_x2apic_IR(void); void iommu_disable_x2apic_IR(void); +int iommu_identity_mapping(struct domain *d, p2m_access_t p2ma, + paddr_t base, paddr_t end, + unsigned int flag); +void iommu_identity_map_teardown(struct domain *d); + extern bool untrusted_msi; int pi_update_irte(const struct pi_desc *pi_desc, const struct pirq *pirq, diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index 814b1eb125..cb6a07d296 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -896,6 +896,34 @@ struct p2m_domain *p2m_get_altp2m(struct vcpu *v); static inline void p2m_altp2m_check(struct vcpu *v, uint16_t idx) {} #endif +/* p2m access to IOMMU flags */ +static inline unsigned int p2m_access_to_iommu_flags(p2m_access_t p2ma) +{ + switch ( p2ma ) + { + case p2m_access_rw: + case p2m_access_rwx: + return IOMMUF_readable | IOMMUF_writable; + + case p2m_access_r: + case p2m_access_rx: + case p2m_access_rx2rw: + return IOMMUF_readable; + + case p2m_access_w: + case p2m_access_wx: + return IOMMUF_writable; + + case p2m_access_n: + case p2m_access_x: + case p2m_access_n2rwx: + return 0; + } + + ASSERT_UNREACHABLE(); + return 0; +} + /* * p2m type to IOMMU flags */ @@ -917,9 +945,10 @@ static inline unsigned int p2m_get_iommu_flags(p2m_type_t p2mt, flags = IOMMUF_readable; break; case p2m_mmio_direct: - flags = IOMMUF_readable; - if ( !rangeset_contains_singleton(mmio_ro_ranges, mfn_x(mfn)) ) - flags |= IOMMUF_writable; + flags = p2m_access_to_iommu_flags(p2ma); + if ( (flags & IOMMUF_writable) && + rangeset_contains_singleton(mmio_ro_ranges, mfn_x(mfn)) ) + flags &= ~IOMMUF_writable; break; default: flags = 0; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.12 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:56:38 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:56:38 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172398.314553 (Exim 4.92) (envelope-from ) id 1mItOQ-00015k-Np; Wed, 25 Aug 2021 13:56:38 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172398.314553; Wed, 25 Aug 2021 13:56:38 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItOQ-00015c-Ks; Wed, 25 Aug 2021 13:56:38 +0000 Received: by outflank-mailman (input) for mailman id 172398; Wed, 25 Aug 2021 13:56:36 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItOO-00012r-QY for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:56:36 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItOO-0006TK-Pm for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:56:36 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mItOO-0006UA-P4 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:56:36 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=zq0PeaqQo7DWF1fU9KABRNAD0SAG6/CrKx7+RgMPiHs=; b=6dn5+igDffT24kXjNKxdH1WpBu MernfB0iBkuSklX7t4R/BVLaaxdxKlHtcStV0ZnVSTy5Wrxy+G5F/5YeuMSy6mojUI9NSnZ3MWQrJ Pz5lBV3Uyv8Z1VU+yxbddJ2m89E/X7vdzw04kBi/HvONbhpHE+mIcCMAk5REs4d3MfxY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.12] AMD/IOMMU: re-arrange/complete re-assignment handling Message-Id: Date: Wed, 25 Aug 2021 13:56:36 +0000 commit 52ee570d15cd949472c9e7e2832f39d24254208d Author: Jan Beulich AuthorDate: Wed Aug 25 15:48:59 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:48:59 2021 +0200 AMD/IOMMU: re-arrange/complete re-assignment handling Prior to the assignment step having completed successfully, devices should not get associated with their new owner. Hand the device to DomIO (perhaps temporarily), until after the de-assignment step has completed. De-assignment of a device (from other than Dom0) as well as failure of reassign_device() during assignment should result in unity mappings getting torn down. This in turn requires switching to a refcounted mapping approach, as was already used by VT-d for its RMRRs, to prevent unmapping a region used by multiple devices. This is CVE-2021-28696 / part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: 899272539cbe1acda736a850015416fff653a1b6 master date: 2021-08-25 14:16:26 +0200 --- xen/drivers/passthrough/amd/iommu_map.c | 63 ++++++++++++++++----------- xen/drivers/passthrough/amd/pci_amd_iommu.c | 54 ++++++++++++++++++----- xen/include/asm-x86/hvm/svm/amd-iommu-proto.h | 6 ++- 3 files changed, 83 insertions(+), 40 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index da7ca7a41e..a5492da9fb 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -613,38 +613,49 @@ int amd_iommu_flush_iotlb_all(struct domain *d) return 0; } -int amd_iommu_reserve_domain_unity_map(struct domain *domain, - paddr_t phys_addr, - unsigned long size, int iw, int ir) +int amd_iommu_reserve_domain_unity_map(struct domain *d, + const struct ivrs_unity_map *map, + unsigned int flag) { - unsigned long npages, i; - unsigned long gfn; - unsigned int flags = !!ir; - unsigned int flush_flags = 0; - int rt = 0; - - if ( iw ) - flags |= IOMMUF_writable; - - npages = region_to_pages(phys_addr, size); - gfn = phys_addr >> PAGE_SHIFT; - for ( i = 0; i < npages; i++ ) + int rc; + + if ( d == dom_io ) + return 0; + + for ( rc = 0; !rc && map; map = map->next ) { - unsigned long frame = gfn + i; + p2m_access_t p2ma = p2m_access_n; - rt = amd_iommu_map_page(domain, _dfn(frame), _mfn(frame), flags, - &flush_flags); - if ( rt != 0 ) - break; + if ( map->read ) + p2ma |= p2m_access_r; + if ( map->write ) + p2ma |= p2m_access_w; + + rc = iommu_identity_mapping(d, p2ma, map->addr, + map->addr + map->length - 1, flag); } - /* Use while-break to avoid compiler warning */ - while ( flush_flags && - amd_iommu_flush_iotlb_pages(domain, _dfn(gfn), - npages, flush_flags) ) - break; + return rc; +} + +int amd_iommu_reserve_domain_unity_unmap(struct domain *d, + const struct ivrs_unity_map *map) +{ + int rc; + + if ( d == dom_io ) + return 0; + + for ( rc = 0; map; map = map->next ) + { + int ret = iommu_identity_mapping(d, p2m_access_x, map->addr, + map->addr + map->length - 1, 0); + + if ( ret && ret != -ENOENT && !rc ) + rc = ret; + } - return rt; + return rc; } /* Share p2m table with iommu. */ diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 2aab4bc16e..2f8ff9dc80 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -307,6 +307,7 @@ static int reassign_device(struct domain *source, struct domain *target, struct amd_iommu *iommu; int bdf, rc; struct domain_iommu *t = dom_iommu(target); + const struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); bdf = PCI_BDF2(pdev->bus, pdev->devfn); iommu = find_iommu_for_device(pdev->seg, bdf); @@ -321,10 +322,24 @@ static int reassign_device(struct domain *source, struct domain *target, amd_iommu_disable_domain_device(source, iommu, devfn, pdev); - if ( devfn == pdev->devfn ) + /* + * If the device belongs to the hardware domain, and it has a unity mapping, + * don't remove it from the hardware domain, because BIOS may reference that + * mapping. + */ + if ( !is_hardware_domain(source) ) { - list_move(&pdev->domain_list, &target->arch.pdev_list); - pdev->domain = target; + rc = amd_iommu_reserve_domain_unity_unmap( + source, + ivrs_mappings[get_dma_requestor_id(pdev->seg, bdf)].unity_map); + if ( rc ) + return rc; + } + + if ( devfn == pdev->devfn && pdev->domain != dom_io ) + { + list_move(&pdev->domain_list, &dom_io->arch.pdev_list); + pdev->domain = dom_io; } rc = allocate_domain_resources(t); @@ -336,6 +351,12 @@ static int reassign_device(struct domain *source, struct domain *target, pdev->seg, pdev->bus, PCI_SLOT(devfn), PCI_FUNC(devfn), source->domain_id, target->domain_id); + if ( devfn == pdev->devfn && pdev->domain != target ) + { + list_move(&pdev->domain_list, &target->arch.pdev_list); + pdev->domain = target; + } + return 0; } @@ -346,20 +367,28 @@ static int amd_iommu_assign_device(struct domain *d, u8 devfn, struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); int bdf = PCI_BDF2(pdev->bus, devfn); int req_id = get_dma_requestor_id(pdev->seg, bdf); - const struct ivrs_unity_map *unity_map; + int rc = amd_iommu_reserve_domain_unity_map( + d, ivrs_mappings[req_id].unity_map, flag); + + if ( !rc ) + rc = reassign_device(pdev->domain, d, devfn, pdev); - for ( unity_map = ivrs_mappings[req_id].unity_map; unity_map; - unity_map = unity_map->next ) + if ( rc && !is_hardware_domain(d) ) { - int rc = amd_iommu_reserve_domain_unity_map( - d, unity_map->addr, unity_map->length, - unity_map->write, unity_map->read); + int ret = amd_iommu_reserve_domain_unity_unmap( + d, ivrs_mappings[req_id].unity_map); - if ( rc ) - return rc; + if ( ret ) + { + printk(XENLOG_ERR "AMD-Vi: " + "unity-unmap for %pd/%04x:%02x:%02x.%u failed (%d)\n", + d, pdev->seg, pdev->bus, + PCI_SLOT(devfn), PCI_FUNC(devfn), ret); + domain_crash(d); + } } - return reassign_device(pdev->domain, d, devfn, pdev); + return rc; } static void deallocate_next_page_table(struct page_info *pg, int level) @@ -425,6 +454,7 @@ static void deallocate_iommu_page_tables(struct domain *d) static void amd_iommu_domain_destroy(struct domain *d) { + iommu_identity_map_teardown(d); deallocate_iommu_page_tables(d); amd_iommu_flush_all_pages(d); } diff --git a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h index 53189806bb..f2e0cf8acf 100644 --- a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h +++ b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h @@ -62,8 +62,10 @@ int __must_check amd_iommu_unmap_page(struct domain *d, dfn_t dfn, uint64_t amd_iommu_get_address_from_pte(void *entry); int __must_check amd_iommu_alloc_root(struct domain_iommu *hd); int amd_iommu_reserve_domain_unity_map(struct domain *domain, - paddr_t phys_addr, unsigned long size, - int iw, int ir); + const struct ivrs_unity_map *map, + unsigned int flag); +int amd_iommu_reserve_domain_unity_unmap(struct domain *d, + const struct ivrs_unity_map *map); int __must_check amd_iommu_flush_iotlb_pages(struct domain *d, dfn_t dfn, unsigned int page_count, unsigned int flush_flags); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.12 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:56:48 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:56:48 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172399.314557 (Exim 4.92) (envelope-from ) id 1mItOa-000196-Pd; Wed, 25 Aug 2021 13:56:48 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172399.314557; Wed, 25 Aug 2021 13:56:48 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItOa-00018w-MM; Wed, 25 Aug 2021 13:56:48 +0000 Received: by outflank-mailman (input) for mailman id 172399; Wed, 25 Aug 2021 13:56:47 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItOY-00018c-Vh for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:56:46 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItOY-0006TX-Ut for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:56:46 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mItOY-0006V1-SQ for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:56:46 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=SVnth/270Aq63GpSsr+fg02hrm3baibn2Zs7vbZp3Rg=; b=tTCuUix6YCb1xWoAOz0GHePb1k 0G5OytZcUf5ZhLcInjKgHuhtcNZwLz2TUGWsxLhWA9PR0cyqPswomfZsF6ttbkn5Blb7ukB4DYJMP 6uxRwAUiOrm/Qa6ImuuBOIQqbxF6yc6HFhQiXX2mfhf5Qi993DgwWh3RdB2IUjgSpyLc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.12] AMD/IOMMU: re-arrange exclusion range and unity map recording Message-Id: Date: Wed, 25 Aug 2021 13:56:46 +0000 commit 22bd06cb6ce14824cc47a2069d86fd3a2ceeea1b Author: Jan Beulich AuthorDate: Wed Aug 25 15:49:16 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:49:16 2021 +0200 AMD/IOMMU: re-arrange exclusion range and unity map recording The spec makes no provisions for OS behavior here to depend on the amount of RAM found on the system. While the spec may not sufficiently clearly distinguish both kinds of regions, they are surely meant to be separate things: Only regions with ACPI_IVMD_EXCLUSION_RANGE set should be candidates for putting in the exclusion range registers. (As there's only a single such pair of registers per IOMMU, secondary non-adjacent regions with the flag set already get converted to unity mapped regions.) First of all, drop the dependency on max_page. With commit b4f042236ae0 ("AMD/IOMMU: Cease using a dynamic height for the IOMMU pagetables") the use of it here was stale anyway; it was bogus already before, as it didn't account for max_page getting increased later on. Simply try an exclusion range registration first, and if it fails (for being unsuitable or non-mergeable), register a unity mapping range. With this various local variables become unnecessary and hence get dropped at the same time. With the max_page boundary dropped for using unity maps, the minimum page table tree height now needs both recording and enforcing in amd_iommu_domain_init(). Since we can't predict which devices may get assigned to a domain, our only option is to uniformly force at least that height for all domains, now that the height isn't dynamic anymore. Further don't make use of the exclusion range unless ACPI data says so. Note that exclusion range registration in register_range_for_all_devices() is on a best effort basis. Hence unity map entries also registered are redundant when the former succeeded, but they also do no harm. Improvements in this area can be done later imo. Also adjust types where suitable without touching extra lines. This is part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: 8ea80530cd0dbb8ffa7ac92606a3ee29663fdc93 master date: 2021-08-25 14:16:46 +0200 --- xen/drivers/passthrough/amd/iommu_acpi.c | 184 +++++++++++--------------- xen/drivers/passthrough/amd/pci_amd_iommu.c | 12 +- xen/include/asm-x86/hvm/svm/amd-iommu-proto.h | 2 + 3 files changed, 90 insertions(+), 108 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c b/xen/drivers/passthrough/amd/iommu_acpi.c index a477877f32..dc940a8c8c 100644 --- a/xen/drivers/passthrough/amd/iommu_acpi.c +++ b/xen/drivers/passthrough/amd/iommu_acpi.c @@ -99,12 +99,8 @@ static struct amd_iommu * __init find_iommu_from_bdf_cap( } static int __init reserve_iommu_exclusion_range( - struct amd_iommu *iommu, uint64_t base, uint64_t limit, - bool all, bool iw, bool ir) + struct amd_iommu *iommu, paddr_t base, paddr_t limit, bool all) { - if ( !ir || !iw ) - return -EPERM; - /* need to extend exclusion range? */ if ( iommu->exclusion_enable ) { @@ -133,14 +129,18 @@ static int __init reserve_unity_map_for_device( { struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(seg); struct ivrs_unity_map *unity_map = ivrs_mappings[bdf].unity_map; + int paging_mode = amd_iommu_get_paging_mode(PFN_UP(base + length)); + + if ( paging_mode < 0 ) + return paging_mode; /* Check for overlaps. */ for ( ; unity_map; unity_map = unity_map->next ) { /* * Exact matches are okay. This can in particular happen when - * register_exclusion_range_for_device() calls here twice for the - * same (s,b,d,f). + * register_range_for_device() calls here twice for the same + * (s,b,d,f). */ if ( base == unity_map->addr && length == unity_map->length && ir == unity_map->read && iw == unity_map->write ) @@ -168,55 +168,52 @@ static int __init reserve_unity_map_for_device( unity_map->next = ivrs_mappings[bdf].unity_map; ivrs_mappings[bdf].unity_map = unity_map; + if ( paging_mode > amd_iommu_min_paging_mode ) + amd_iommu_min_paging_mode = paging_mode; + return 0; } -static int __init register_exclusion_range_for_all_devices( - unsigned long base, unsigned long limit, u8 iw, u8 ir) +static int __init register_range_for_all_devices( + paddr_t base, paddr_t limit, bool iw, bool ir, bool exclusion) { int seg = 0; /* XXX */ - unsigned long range_top, iommu_top, length; struct amd_iommu *iommu; - unsigned int bdf; int rc = 0; /* is part of exclusion range inside of IOMMU virtual address space? */ /* note: 'limit' parameter is assumed to be page-aligned */ - range_top = limit + PAGE_SIZE; - iommu_top = max_page * PAGE_SIZE; - if ( base < iommu_top ) - { - if ( range_top > iommu_top ) - range_top = iommu_top; - length = range_top - base; - /* reserve r/w unity-mapped page entries for devices */ - /* note: these entries are part of the exclusion range */ - for ( bdf = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) - rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); - /* push 'base' just outside of virtual address space */ - base = iommu_top; - } - /* register IOMMU exclusion range settings */ - if ( !rc && limit >= iommu_top ) + if ( exclusion ) { for_each_amd_iommu( iommu ) { - rc = reserve_iommu_exclusion_range(iommu, base, limit, - true /* all */, iw, ir); - if ( rc ) - break; + int ret = reserve_iommu_exclusion_range(iommu, base, limit, + true /* all */); + + if ( ret && !rc ) + rc = ret; } } + if ( !exclusion || rc ) + { + paddr_t length = limit + PAGE_SIZE - base; + unsigned int bdf; + + /* reserve r/w unity-mapped page entries for devices */ + for ( bdf = rc = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) + rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); + } + return rc; } -static int __init register_exclusion_range_for_device( - u16 bdf, unsigned long base, unsigned long limit, u8 iw, u8 ir) +static int __init register_range_for_device( + unsigned int bdf, paddr_t base, paddr_t limit, + bool iw, bool ir, bool exclusion) { int seg = 0; /* XXX */ struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(seg); - unsigned long range_top, iommu_top, length; struct amd_iommu *iommu; u16 req; int rc = 0; @@ -230,27 +227,19 @@ static int __init register_exclusion_range_for_device( req = ivrs_mappings[bdf].dte_requestor_id; /* note: 'limit' parameter is assumed to be page-aligned */ - range_top = limit + PAGE_SIZE; - iommu_top = max_page * PAGE_SIZE; - if ( base < iommu_top ) + if ( exclusion ) + rc = reserve_iommu_exclusion_range(iommu, base, limit, + false /* all */); + if ( !exclusion || rc ) { - if ( range_top > iommu_top ) - range_top = iommu_top; - length = range_top - base; + paddr_t length = limit + PAGE_SIZE - base; + /* reserve unity-mapped page entries for device */ - /* note: these entries are part of the exclusion range */ rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir) ?: reserve_unity_map_for_device(seg, req, base, length, iw, ir); - - /* push 'base' just outside of virtual address space */ - base = iommu_top; } - - /* register IOMMU exclusion range settings for device */ - if ( !rc && limit >= iommu_top ) + else { - rc = reserve_iommu_exclusion_range(iommu, base, limit, - false /* all */, iw, ir); ivrs_mappings[bdf].dte_allow_exclusion = IOMMU_CONTROL_ENABLED; ivrs_mappings[req].dte_allow_exclusion = IOMMU_CONTROL_ENABLED; } @@ -258,53 +247,42 @@ static int __init register_exclusion_range_for_device( return rc; } -static int __init register_exclusion_range_for_iommu_devices( - struct amd_iommu *iommu, - unsigned long base, unsigned long limit, u8 iw, u8 ir) +static int __init register_range_for_iommu_devices( + struct amd_iommu *iommu, paddr_t base, paddr_t limit, + bool iw, bool ir, bool exclusion) { - unsigned long range_top, iommu_top, length; + /* note: 'limit' parameter is assumed to be page-aligned */ + paddr_t length = limit + PAGE_SIZE - base; unsigned int bdf; u16 req; - int rc = 0; + int rc; - /* is part of exclusion range inside of IOMMU virtual address space? */ - /* note: 'limit' parameter is assumed to be page-aligned */ - range_top = limit + PAGE_SIZE; - iommu_top = max_page * PAGE_SIZE; - if ( base < iommu_top ) + if ( exclusion ) { - if ( range_top > iommu_top ) - range_top = iommu_top; - length = range_top - base; - /* reserve r/w unity-mapped page entries for devices */ - /* note: these entries are part of the exclusion range */ - for ( bdf = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) - { - if ( iommu == find_iommu_for_device(iommu->seg, bdf) ) - { - req = get_ivrs_mappings(iommu->seg)[bdf].dte_requestor_id; - rc = reserve_unity_map_for_device(iommu->seg, bdf, base, length, - iw, ir) ?: - reserve_unity_map_for_device(iommu->seg, req, base, length, - iw, ir); - } - } - - /* push 'base' just outside of virtual address space */ - base = iommu_top; + rc = reserve_iommu_exclusion_range(iommu, base, limit, true /* all */); + if ( !rc ) + return 0; } - /* register IOMMU exclusion range settings */ - if ( !rc && limit >= iommu_top ) - rc = reserve_iommu_exclusion_range(iommu, base, limit, - true /* all */, iw, ir); + /* reserve unity-mapped page entries for devices */ + for ( bdf = rc = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) + { + if ( iommu != find_iommu_for_device(iommu->seg, bdf) ) + continue; + + req = get_ivrs_mappings(iommu->seg)[bdf].dte_requestor_id; + rc = reserve_unity_map_for_device(iommu->seg, bdf, base, length, + iw, ir) ?: + reserve_unity_map_for_device(iommu->seg, req, base, length, + iw, ir); + } return rc; } static int __init parse_ivmd_device_select( const struct acpi_ivrs_memory *ivmd_block, - unsigned long base, unsigned long limit, u8 iw, u8 ir) + paddr_t base, paddr_t limit, bool iw, bool ir, bool exclusion) { u16 bdf; @@ -315,12 +293,12 @@ static int __init parse_ivmd_device_select( return -ENODEV; } - return register_exclusion_range_for_device(bdf, base, limit, iw, ir); + return register_range_for_device(bdf, base, limit, iw, ir, exclusion); } static int __init parse_ivmd_device_range( const struct acpi_ivrs_memory *ivmd_block, - unsigned long base, unsigned long limit, u8 iw, u8 ir) + paddr_t base, paddr_t limit, bool iw, bool ir, bool exclusion) { unsigned int first_bdf, last_bdf, bdf; int error; @@ -342,15 +320,15 @@ static int __init parse_ivmd_device_range( } for ( bdf = first_bdf, error = 0; (bdf <= last_bdf) && !error; bdf++ ) - error = register_exclusion_range_for_device( - bdf, base, limit, iw, ir); + error = register_range_for_device( + bdf, base, limit, iw, ir, exclusion); return error; } static int __init parse_ivmd_device_iommu( const struct acpi_ivrs_memory *ivmd_block, - unsigned long base, unsigned long limit, u8 iw, u8 ir) + paddr_t base, paddr_t limit, bool iw, bool ir, bool exclusion) { int seg = 0; /* XXX */ struct amd_iommu *iommu; @@ -365,14 +343,14 @@ static int __init parse_ivmd_device_iommu( return -ENODEV; } - return register_exclusion_range_for_iommu_devices( - iommu, base, limit, iw, ir); + return register_range_for_iommu_devices( + iommu, base, limit, iw, ir, exclusion); } static int __init parse_ivmd_block(const struct acpi_ivrs_memory *ivmd_block) { unsigned long start_addr, mem_length, base, limit; - u8 iw, ir; + bool iw = true, ir = true, exclusion = false; if ( ivmd_block->header.length < sizeof(*ivmd_block) ) { @@ -389,13 +367,11 @@ static int __init parse_ivmd_block(const struct acpi_ivrs_memory *ivmd_block) ivmd_block->header.type, start_addr, mem_length); if ( ivmd_block->header.flags & ACPI_IVMD_EXCLUSION_RANGE ) - iw = ir = IOMMU_CONTROL_ENABLED; + exclusion = true; else if ( ivmd_block->header.flags & ACPI_IVMD_UNITY ) { - iw = ivmd_block->header.flags & ACPI_IVMD_READ ? - IOMMU_CONTROL_ENABLED : IOMMU_CONTROL_DISABLED; - ir = ivmd_block->header.flags & ACPI_IVMD_WRITE ? - IOMMU_CONTROL_ENABLED : IOMMU_CONTROL_DISABLED; + iw = ivmd_block->header.flags & ACPI_IVMD_READ; + ir = ivmd_block->header.flags & ACPI_IVMD_WRITE; } else { @@ -406,20 +382,20 @@ static int __init parse_ivmd_block(const struct acpi_ivrs_memory *ivmd_block) switch( ivmd_block->header.type ) { case ACPI_IVRS_TYPE_MEMORY_ALL: - return register_exclusion_range_for_all_devices( - base, limit, iw, ir); + return register_range_for_all_devices( + base, limit, iw, ir, exclusion); case ACPI_IVRS_TYPE_MEMORY_ONE: - return parse_ivmd_device_select(ivmd_block, - base, limit, iw, ir); + return parse_ivmd_device_select(ivmd_block, base, limit, + iw, ir, exclusion); case ACPI_IVRS_TYPE_MEMORY_RANGE: - return parse_ivmd_device_range(ivmd_block, - base, limit, iw, ir); + return parse_ivmd_device_range(ivmd_block, base, limit, + iw, ir, exclusion); case ACPI_IVRS_TYPE_MEMORY_IOMMU: - return parse_ivmd_device_iommu(ivmd_block, - base, limit, iw, ir); + return parse_ivmd_device_iommu(ivmd_block, base, limit, + iw, ir, exclusion); default: AMD_IOMMU_DEBUG("IVMD Error: Invalid Block Type!\n"); diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 2f8ff9dc80..e9153a5271 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -222,6 +222,8 @@ static int __must_check allocate_domain_resources(struct domain_iommu *hd) return rc; } +int __read_mostly amd_iommu_min_paging_mode = 1; + static int amd_iommu_domain_init(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); @@ -233,11 +235,13 @@ static int amd_iommu_domain_init(struct domain *d) * - HVM could in principle use 3 or 4 depending on how much guest * physical address space we give it, but this isn't known yet so use 4 * unilaterally. + * - Unity maps may require an even higher number. */ - hd->arch.paging_mode = amd_iommu_get_paging_mode( - is_hvm_domain(d) - ? 1ul << (DEFAULT_DOMAIN_ADDRESS_WIDTH - PAGE_SHIFT) - : get_upper_mfn_bound() + 1); + hd->arch.paging_mode = max(amd_iommu_get_paging_mode( + is_hvm_domain(d) + ? 1ul << (DEFAULT_DOMAIN_ADDRESS_WIDTH - PAGE_SHIFT) + : get_upper_mfn_bound() + 1), + amd_iommu_min_paging_mode); return 0; } diff --git a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h index f2e0cf8acf..6c83810fc3 100644 --- a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h +++ b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h @@ -132,6 +132,8 @@ extern struct hpet_sbdf { } init; } hpet_sbdf; +extern int amd_iommu_min_paging_mode; + extern void *shared_intremap_table; extern unsigned long *shared_intremap_inuse; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.12 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:56:58 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:56:58 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172401.314560 (Exim 4.92) (envelope-from ) id 1mItOk-0001Cp-T3; Wed, 25 Aug 2021 13:56:58 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172401.314560; Wed, 25 Aug 2021 13:56:58 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItOk-0001Ci-Q3; Wed, 25 Aug 2021 13:56:58 +0000 Received: by outflank-mailman (input) for mailman id 172401; Wed, 25 Aug 2021 13:56:57 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItOj-0001CW-39 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:56:57 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItOj-0006Tf-2P for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:56:57 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mItOj-0006Wg-1Z for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:56:57 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=cRgOTJy1SzqwWdHKipTWzYens0lJcI50jWMPgmQbV20=; b=NWegQ+lMr82Wuo8S5e0Kn1NAfs 8E2RCgc1UUYEEWpmDeYOJJBwZ1DtgL5CCWyCYWtRuACL4sJmuPAIJQoevKTLyNxhHKI7qQQRJSXiH rJuo0rbyqtBAaI75gY5SoakgTypba3vidjEHLkyniIUNOu2xzypIDSCwqJBX1XooV94k=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.12] x86/p2m: introduce p2m_is_special() Message-Id: Date: Wed, 25 Aug 2021 13:56:57 +0000 commit b2f52a0175c70b9445fdf5d839af799c76876f88 Author: Jan Beulich AuthorDate: Wed Aug 25 15:49:33 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:49:33 2021 +0200 x86/p2m: introduce p2m_is_special() Seeing the similarity of grant, foreign, and (subsequently) direct-MMIO handling, introduce a new P2M type group named "special" (as in "needing special accessors to create/destroy"). Also use -EPERM instead of other error codes on the two domain_crash() paths touched. This is part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: 0bf755e2c856628e11e93c76c3e12974e9964638 master date: 2021-08-25 14:17:07 +0200 --- xen/arch/x86/mm/p2m.c | 15 +++++++-------- xen/include/asm-x86/p2m.h | 5 +++++ 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 41a74119f4..9bd6a5ad0b 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -806,7 +806,7 @@ p2m_remove_page(struct p2m_domain *p2m, unsigned long gfn_l, unsigned long mfn, for ( i = 0; i < (1UL << page_order); i++ ) { p2m->get_entry(p2m, gfn_add(gfn, i), &t, &a, 0, NULL, NULL); - if ( !p2m_is_grant(t) && !p2m_is_shared(t) && !p2m_is_foreign(t) ) + if ( !p2m_is_special(t) && !p2m_is_shared(t) ) set_gpfn_from_mfn(mfn+i, INVALID_M2P_ENTRY); } } @@ -917,13 +917,13 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, &ot, &a, 0, NULL, NULL); ASSERT(!p2m_is_shared(ot)); } - if ( p2m_is_grant(ot) || p2m_is_foreign(ot) ) + if ( p2m_is_special(ot) ) { - /* Really shouldn't be unmapping grant/foreign maps this way */ + /* Don't permit unmapping grant/foreign this way. */ domain_crash(d); p2m_unlock(p2m); - return -EINVAL; + return -EPERM; } else if ( p2m_is_ram(ot) && !p2m_is_paged(ot) ) { @@ -1018,8 +1018,7 @@ int p2m_change_type_one(struct domain *d, unsigned long gfn_l, struct p2m_domain *p2m = p2m_get_hostp2m(d); int rc; - BUG_ON(p2m_is_grant(ot) || p2m_is_grant(nt)); - BUG_ON(p2m_is_foreign(ot) || p2m_is_foreign(nt)); + BUG_ON(p2m_is_special(ot) || p2m_is_special(nt)); gfn_lock(p2m, gfn, 0); @@ -1272,11 +1271,11 @@ static int set_typed_p2m_entry(struct domain *d, unsigned long gfn_l, gfn_unlock(p2m, gfn, order); return cur_order + 1; } - if ( p2m_is_grant(ot) || p2m_is_foreign(ot) ) + if ( p2m_is_special(ot) ) { gfn_unlock(p2m, gfn, order); domain_crash(d); - return -ENOENT; + return -EPERM; } else if ( p2m_is_ram(ot) ) { diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index cb6a07d296..57deff6a64 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -141,6 +141,10 @@ typedef unsigned int p2m_query_t; | p2m_to_mask(p2m_ram_logdirty) ) #define P2M_SHARED_TYPES (p2m_to_mask(p2m_ram_shared)) +/* Types established/cleaned up via special accessors. */ +#define P2M_SPECIAL_TYPES (P2M_GRANT_TYPES | \ + p2m_to_mask(p2m_map_foreign)) + /* Valid types not necessarily associated with a (valid) MFN. */ #define P2M_INVALID_MFN_TYPES (P2M_POD_TYPES \ | p2m_to_mask(p2m_mmio_direct) \ @@ -169,6 +173,7 @@ typedef unsigned int p2m_query_t; #define p2m_is_paged(_t) (p2m_to_mask(_t) & P2M_PAGED_TYPES) #define p2m_is_sharable(_t) (p2m_to_mask(_t) & P2M_SHARABLE_TYPES) #define p2m_is_shared(_t) (p2m_to_mask(_t) & P2M_SHARED_TYPES) +#define p2m_is_special(_t) (p2m_to_mask(_t) & P2M_SPECIAL_TYPES) #define p2m_is_broken(_t) (p2m_to_mask(_t) & P2M_BROKEN_TYPES) #define p2m_is_foreign(_t) (p2m_to_mask(_t) & p2m_to_mask(p2m_map_foreign)) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.12 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:57:08 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:57:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172402.314564 (Exim 4.92) (envelope-from ) id 1mItOu-0001IW-VI; Wed, 25 Aug 2021 13:57:08 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172402.314564; Wed, 25 Aug 2021 13:57:08 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItOu-0001IN-Re; Wed, 25 Aug 2021 13:57:08 +0000 Received: by outflank-mailman (input) for mailman id 172402; Wed, 25 Aug 2021 13:57:07 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItOt-0001HO-7i for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:57:07 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItOt-0006UU-6y for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:57:07 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mItOt-0006YL-5q for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:57:07 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=B1wigu0Wc5wpvSh33GHPrhg4+50YY7VU8qXnLCqbhv0=; b=ZJPQVXlycgjXFKikx55QS0FezW Gt9iWiRXa6rMN4TsVrOnMY33sXtDmsop9I/E9qSIRqPxYC+NAThU0TEr5E8EhvjFZkH+fRQEFQSTd fgn3y7LoQxBOZmo8heiWGmGk7pKVOv0sU9iIxK9Tgvl+pWDTSp6ziWsSI1K5WpAluevU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.12] x86/p2m: guard (in particular) identity mapping entries Message-Id: Date: Wed, 25 Aug 2021 13:57:07 +0000 commit 4e5bf7ebbfd0bb4fc57466f8eebfb90047a3e277 Author: Jan Beulich AuthorDate: Wed Aug 25 15:49:58 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:49:58 2021 +0200 x86/p2m: guard (in particular) identity mapping entries Such entries, created by set_identity_p2m_entry(), should only be destroyed by clear_identity_p2m_entry(). However, similarly, entries created by set_mmio_p2m_entry() should only be torn down by clear_mmio_p2m_entry(), so the logic gets based upon p2m_mmio_direct as the entry type (separation between "ordinary" and 1:1 mappings would require a further indicator to tell apart the two). As to the guest_remove_page() change, commit 48dfb297a20a ("x86/PVH: allow guest_remove_page to remove p2m_mmio_direct pages"), which introduced the call to clear_mmio_p2m_entry(), claimed this was done for hwdom only without this actually having been the case. However, this code shouldn't be there in the first place, as MMIO entries shouldn't be dropped this way. Avoid triggering the warning again that 48dfb297a20a silenced by an adjustment to xenmem_add_to_physmap_one() instead. Note that guest_physmap_mark_populate_on_demand() gets tightened beyond the immediate purpose of this change. Note also that I didn't inspect code which isn't security supported, e.g. sharing, paging, or altp2m. This is CVE-2021-28694 / part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: 753cb68e653002e89fdcd1c80e52905fdbfb78cb master date: 2021-08-25 14:17:32 +0200 --- xen/arch/x86/mm.c | 4 +++- xen/arch/x86/mm/p2m-pod.c | 12 ++++++------ xen/arch/x86/mm/p2m.c | 11 ++++++----- xen/common/memory.c | 11 ++++++++++- xen/include/asm-x86/p2m.h | 5 ++--- 5 files changed, 27 insertions(+), 16 deletions(-) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index db4cfdf20b..09d6377384 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -4809,7 +4809,9 @@ int xenmem_add_to_physmap_one( /* Remove previously mapped page if it was present. */ prev_mfn = mfn_x(get_gfn(d, gfn_x(gpfn), &p2mt)); - if ( mfn_valid(_mfn(prev_mfn)) ) + if ( p2mt == p2m_mmio_direct ) + rc = -EPERM; + else if ( mfn_valid(_mfn(prev_mfn)) ) { if ( is_xen_heap_mfn(prev_mfn) ) /* Xen heap frames are simply unhooked from this phys slot. */ diff --git a/xen/arch/x86/mm/p2m-pod.c b/xen/arch/x86/mm/p2m-pod.c index 4313863066..f4e5a35578 100644 --- a/xen/arch/x86/mm/p2m-pod.c +++ b/xen/arch/x86/mm/p2m-pod.c @@ -1297,17 +1297,17 @@ guest_physmap_mark_populate_on_demand(struct domain *d, unsigned long gfn_l, p2m->get_entry(p2m, gfn_add(gfn, i), &ot, &a, 0, &cur_order, NULL); n = 1UL << min(order, cur_order); - if ( p2m_is_ram(ot) ) + if ( ot == p2m_populate_on_demand ) + { + /* Count how many PoD entries we'll be replacing if successful */ + pod_count += n; + } + else if ( ot != p2m_invalid && ot != p2m_mmio_dm ) { P2M_DEBUG("gfn_to_mfn returned type %d!\n", ot); rc = -EBUSY; goto out; } - else if ( ot == p2m_populate_on_demand ) - { - /* Count how man PoD entries we'll be replacing if successful */ - pod_count += n; - } } /* Now, actually do the two-way mapping */ diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 9bd6a5ad0b..f3fdc79ff4 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -795,7 +795,8 @@ p2m_remove_page(struct p2m_domain *p2m, unsigned long gfn_l, unsigned long mfn, &cur_order, NULL); if ( p2m_is_valid(t) && - (!mfn_valid(_mfn(mfn)) || mfn + i != mfn_x(mfn_return)) ) + (!mfn_valid(_mfn(mfn)) || t == p2m_mmio_direct || + mfn + i != mfn_x(mfn_return)) ) return -EILSEQ; i += (1UL << cur_order) - ((gfn_l + i) & ((1UL << cur_order) - 1)); @@ -873,7 +874,7 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, if ( p2m_is_foreign(t) ) return -EINVAL; - if ( !mfn_valid(mfn) ) + if ( !mfn_valid(mfn) || t == p2m_mmio_direct ) { ASSERT_UNREACHABLE(); return -EINVAL; @@ -919,7 +920,7 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, } if ( p2m_is_special(ot) ) { - /* Don't permit unmapping grant/foreign this way. */ + /* Don't permit unmapping grant/foreign/direct-MMIO this way. */ domain_crash(d); p2m_unlock(p2m); @@ -1375,8 +1376,8 @@ int set_identity_p2m_entry(struct domain *d, unsigned long gfn_l, * order+1 for caller to retry with order (guaranteed smaller than * the order value passed in) */ -int clear_mmio_p2m_entry(struct domain *d, unsigned long gfn_l, mfn_t mfn, - unsigned int order) +static int clear_mmio_p2m_entry(struct domain *d, unsigned long gfn_l, + mfn_t mfn, unsigned int order) { int rc = -EINVAL; gfn_t gfn = _gfn(gfn_l); diff --git a/xen/common/memory.c b/xen/common/memory.c index 8aea327df4..ab217cc812 100644 --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -336,7 +336,7 @@ int guest_remove_page(struct domain *d, unsigned long gmfn) } if ( p2mt == p2m_mmio_direct ) { - rc = clear_mmio_p2m_entry(d, gmfn, mfn, PAGE_ORDER_4K); + rc = -EPERM; goto out_put_gfn; } #else @@ -1724,6 +1724,15 @@ int check_get_page_from_gfn(struct domain *d, gfn_t gfn, bool readonly, return -EAGAIN; } #endif +#ifdef CONFIG_X86 + if ( p2mt == p2m_mmio_direct ) + { + if ( page ) + put_page(page); + + return -EPERM; + } +#endif if ( !page ) return -EINVAL; diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index 57deff6a64..344db14a10 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -143,7 +143,8 @@ typedef unsigned int p2m_query_t; /* Types established/cleaned up via special accessors. */ #define P2M_SPECIAL_TYPES (P2M_GRANT_TYPES | \ - p2m_to_mask(p2m_map_foreign)) + p2m_to_mask(p2m_map_foreign) | \ + p2m_to_mask(p2m_mmio_direct)) /* Valid types not necessarily associated with a (valid) MFN. */ #define P2M_INVALID_MFN_TYPES (P2M_POD_TYPES \ @@ -640,8 +641,6 @@ int set_foreign_p2m_entry(struct domain *d, unsigned long gfn, mfn_t mfn); /* Set mmio addresses in the p2m table (for pass-through) */ int set_mmio_p2m_entry(struct domain *d, unsigned long gfn, mfn_t mfn, unsigned int order, p2m_access_t access); -int clear_mmio_p2m_entry(struct domain *d, unsigned long gfn, mfn_t mfn, - unsigned int order); /* Set identity addresses in the p2m table (for pass-through) */ int set_identity_p2m_entry(struct domain *d, unsigned long gfn, -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.12 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:57:19 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:57:19 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172403.314570 (Exim 4.92) (envelope-from ) id 1mItP5-0001My-0U; Wed, 25 Aug 2021 13:57:19 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172403.314570; Wed, 25 Aug 2021 13:57:18 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItP4-0001Mo-TH; Wed, 25 Aug 2021 13:57:18 +0000 Received: by outflank-mailman (input) for mailman id 172403; Wed, 25 Aug 2021 13:57:17 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItP3-0001MO-CS for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:57:17 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItP3-0006Ul-Be for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:57:17 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mItP3-0006a7-Aa for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:57:17 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=n/NXcHBjTVC3Mlc9Bf6LQLVSv3dknsQaTTmCXD48RTA=; b=L3sdCojN2sP7MSB1UZJKegyDX+ ZwgrkhIcIi08mceagUJP3msjFyPbzr4s5pac1Dqh09PxBtUk4esWjo9x2H4zEt2r/A8O+q4cv2t6L 0PYeXgSYd67PfD+ZHQAIB78FZdgZI7/unevodCYeobeW543nTed70mfVIhmumOpSm4Nk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.12] x86/mm: widen locked region in xenmem_add_to_physmap_one() Message-Id: Date: Wed, 25 Aug 2021 13:57:17 +0000 commit 90ae827632671b3631ed2ded6d57d8445a00c607 Author: Jan Beulich AuthorDate: Wed Aug 25 15:50:17 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:50:17 2021 +0200 x86/mm: widen locked region in xenmem_add_to_physmap_one() For pages which can be made part of the P2M by the guest, but which can also later be de-allocated (grant table v2 status pages being the present example), it is imperative that they be mapped at no more than a single GFN. We therefore need to make sure that of two parallel XENMAPSPACE_grant_table requests for the same status page one completes before the second checks at which other GFN the underlying MFN is presently mapped. Pull ahead the respective get_gfn() and push down the respective put_gfn(). This leverages that gfn_lock() really aliases p2m_lock(), but the function makes this assumption already anyway: In the XENMAPSPACE_gmfn case lock nesting constraints for both involved GFNs would otherwise need to be enforced to avoid ABBA deadlocks. This is CVE-2021-28697 / XSA-379. Signed-off-by: Jan Beulich Reviewed-by: Julien Grall master commit: f147422bf9476fb8161b43e35f5901571ed17c35 master date: 2021-08-25 14:17:56 +0200 --- xen/arch/x86/mm.c | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 09d6377384..f3767387e6 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -4807,8 +4807,20 @@ int xenmem_add_to_physmap_one( goto put_both; } - /* Remove previously mapped page if it was present. */ + /* + * Note that we're (ab)using GFN locking (to really be locking of the + * entire P2M) here in (at least) two ways: Finer grained locking would + * expose lock order violations in the XENMAPSPACE_gmfn case (due to the + * earlier get_gfn_unshare() above). Plus at the very least for the grant + * table v2 status page case we need to guarantee that the same page can + * only appear at a single GFN. While this is a property we want in + * general, for pages which can subsequently be freed this imperative: + * Upon freeing we wouldn't be able to find other mappings in the P2M + * (unless we did a brute force search). + */ prev_mfn = mfn_x(get_gfn(d, gfn_x(gpfn), &p2mt)); + + /* Remove previously mapped page if it was present. */ if ( p2mt == p2m_mmio_direct ) rc = -EPERM; else if ( mfn_valid(_mfn(prev_mfn)) ) @@ -4820,27 +4832,21 @@ int xenmem_add_to_physmap_one( /* Normal domain memory is freed, to avoid leaking memory. */ rc = guest_remove_page(d, gfn_x(gpfn)); } - /* In the XENMAPSPACE_gmfn case we still hold a ref on the old page. */ - put_gfn(d, gfn_x(gpfn)); - - if ( rc ) - goto put_both; /* Unmap from old location, if any. */ old_gpfn = get_gpfn_from_mfn(mfn_x(mfn)); ASSERT(!SHARED_M2P(old_gpfn)); if ( space == XENMAPSPACE_gmfn && old_gpfn != gfn ) - { rc = -EXDEV; - goto put_both; - } - if ( old_gpfn != INVALID_M2P_ENTRY ) + else if ( !rc && old_gpfn != INVALID_M2P_ENTRY ) rc = guest_physmap_remove_page(d, _gfn(old_gpfn), mfn, PAGE_ORDER_4K); /* Map at new location. */ if ( !rc ) rc = guest_physmap_add_page(d, gpfn, mfn, PAGE_ORDER_4K); + put_gfn(d, gfn_x(gpfn)); + put_both: /* * In the XENMAPSPACE_gmfn case, we took a ref of the gfn at the top. -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.12 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:57:29 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:57:29 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172404.314573 (Exim 4.92) (envelope-from ) id 1mItPF-0001QB-1N; Wed, 25 Aug 2021 13:57:29 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172404.314573; Wed, 25 Aug 2021 13:57:29 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItPE-0001Q4-Uk; Wed, 25 Aug 2021 13:57:28 +0000 Received: by outflank-mailman (input) for mailman id 172404; Wed, 25 Aug 2021 13:57:27 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItPD-0001Pq-GK for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:57:27 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItPD-0006V1-FY for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:57:27 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mItPD-0006bF-Ef for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:57:27 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rAqSm2WuguAwLWzG0OjCRxNc74N4p3Vanbd9LPkLtlM=; b=LDYMTGaj6MhT74GRIlDY/H8KIi odni4hgehz5sAbeOjVdwJpr2Wu6qq3TDIY6HUl67WRsym0HOI0cG7/3AmJ5q/c49cnv0W5mabMK1c xDy87rjfXZ/gm58SrZMLj+Uq2/nxxfO6ytD9mz3fuDA6TtrreJwT+aZMaf3+XWjrMgkE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.12] gnttab: add preemption check to gnttab_release_mappings() Message-Id: Date: Wed, 25 Aug 2021 13:57:27 +0000 commit e8f95a693826bfb5a87bbb6998313a5b7bff0737 Author: Jan Beulich AuthorDate: Wed Aug 25 15:50:33 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:50:33 2021 +0200 gnttab: add preemption check to gnttab_release_mappings() A guest may die with many grant mappings still in place, or simply with a large maptrack table. Iterating through this may take more time than is reasonable without intermediate preemption (to run softirqs and perhaps the scheduler). Move the invocation of the function to the section where other restartable functions get invoked, and have the function itself check for preemption every once in a while. Have it iterate the table backwards, such that decreasing the maptrack limit is all it takes to convey restart information. In domain_teardown() introduce PROG_none such that inserting at the front will be easier going forward. This is part of CVE-2021-28698 / XSA-380. Reported-by: Andrew Cooper Signed-off-by: Jan Beulich Reviewed-by: Julien Grall master commit: b1ee10be5625b7d502cef1e6ee3818610ab0d29c master date: 2021-08-25 14:18:18 +0200 --- xen/common/domain.c | 4 +++- xen/common/grant_table.c | 46 ++++++++++++++++++++++++++++++++++++------- xen/include/xen/grant_table.h | 4 +--- 3 files changed, 43 insertions(+), 11 deletions(-) diff --git a/xen/common/domain.c b/xen/common/domain.c index ce8a9c6eee..f4efc28fc7 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -724,13 +724,15 @@ int domain_kill(struct domain *d) return domain_kill(d); d->is_dying = DOMDYING_dying; argo_destroy(d); - gnttab_release_mappings(d); tmem_destroy(d->tmem_client); vnuma_destroy(d->vnuma); domain_set_outstanding_pages(d, 0); d->tmem_client = NULL; /* fallthrough */ case DOMDYING_dying: + rc = gnttab_release_mappings(d); + if ( rc ) + break; rc = evtchn_destroy(d); if ( rc ) break; diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 1adb173e06..56fdf43970 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -62,7 +62,13 @@ struct grant_table { unsigned int nr_grant_frames; /* Number of grant status frames shared with guest (for version 2) */ unsigned int nr_status_frames; - /* Number of available maptrack entries. */ + /* + * Number of available maptrack entries. For cleanup purposes it is + * important to realize that this field and @maptrack further down will + * only ever be accessed by the local domain. Thus it is okay to clean + * up early, and to shrink the limit for the purpose of tracking cleanup + * progress. + */ unsigned int maptrack_limit; /* Shared grant table (see include/public/grant_table.h). */ union { @@ -3604,9 +3610,7 @@ do_grant_table_op( #include "compat/grant_table.c" #endif -void -gnttab_release_mappings( - struct domain *d) +int gnttab_release_mappings(struct domain *d) { struct grant_table *gt = d->grant_table, *rgt; struct grant_mapping *map; @@ -3620,8 +3624,32 @@ gnttab_release_mappings( BUG_ON(!d->is_dying); - for ( handle = 0; handle < gt->maptrack_limit; handle++ ) + if ( !gt || !gt->maptrack ) + return 0; + + for ( handle = gt->maptrack_limit; handle; ) { + /* + * Deal with full pages such that their freeing (in the body of the + * if()) remains simple. + */ + if ( handle < gt->maptrack_limit && !(handle % MAPTRACK_PER_PAGE) ) + { + /* + * Changing maptrack_limit alters nr_maptrack_frames()'es return + * value. Free the then excess trailing page right here, rather + * than leaving it to grant_table_destroy() (and in turn requiring + * to leave gt->maptrack_limit unaltered). + */ + gt->maptrack_limit = handle; + FREE_XENHEAP_PAGE(gt->maptrack[nr_maptrack_frames(gt)]); + + if ( hypercall_preempt_check() ) + return -ERESTART; + } + + --handle; + map = &maptrack_entry(gt, handle); if ( !(map->flags & (GNTMAP_device_map|GNTMAP_host_map)) ) continue; @@ -3709,6 +3737,11 @@ gnttab_release_mappings( map->flags = 0; } + + gt->maptrack_limit = 0; + FREE_XENHEAP_PAGE(gt->maptrack[0]); + + return 0; } void grant_table_warn_active_grants(struct domain *d) @@ -3771,8 +3804,7 @@ grant_table_destroy( free_xenheap_page(t->shared_raw[i]); xfree(t->shared_raw); - for ( i = 0; i < nr_maptrack_frames(t); i++ ) - free_xenheap_page(t->maptrack[i]); + ASSERT(!t->maptrack_limit); vfree(t->maptrack); for ( i = 0; i < nr_active_grant_frames(t); i++ ) diff --git a/xen/include/xen/grant_table.h b/xen/include/xen/grant_table.h index 119b8f7e2b..270eae658b 100644 --- a/xen/include/xen/grant_table.h +++ b/xen/include/xen/grant_table.h @@ -46,9 +46,7 @@ void grant_table_init_vcpu(struct vcpu *v); void grant_table_warn_active_grants(struct domain *d); /* Domain death release of granted mappings of other domains' memory. */ -void -gnttab_release_mappings( - struct domain *d); +int gnttab_release_mappings(struct domain *d); int mem_sharing_gref_to_gfn(struct grant_table *gt, grant_ref_t ref, gfn_t *gfn, uint16_t *status); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.12 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:57:39 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:57:39 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172405.314576 (Exim 4.92) (envelope-from ) id 1mItPP-0001TS-3F; Wed, 25 Aug 2021 13:57:39 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172405.314576; Wed, 25 Aug 2021 13:57:39 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItPP-0001TL-05; Wed, 25 Aug 2021 13:57:39 +0000 Received: by outflank-mailman (input) for mailman id 172405; Wed, 25 Aug 2021 13:57:37 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItPN-0001T0-JW for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:57:37 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItPN-0006VG-Is for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:57:37 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mItPN-0006cj-IC for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:57:37 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=j4Ua69Nqp2AWoNgCO7lHkP4cvrT8yYMK1KRdEBi+Gew=; b=u24ENz59bTxdmNWfmlD7Y/0HU3 SDq2BwlSdkWILZ5m1ar4J2t1if3PDbX6xminrCPDtPfP4cDwraoS2YjvLnikAlaVT6KQSdOA/JU34 OS7g08gMsgs6eiCSFMeax+fV1kPUdNiqNOnpvwoPxgBzwK0hHSrWsB3YbWJJbnJmlUdQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.12] gnttab: replace mapkind() Message-Id: Date: Wed, 25 Aug 2021 13:57:37 +0000 commit 090986baef8956eba86ed1f51f4013eb7984298d Author: Jan Beulich AuthorDate: Wed Aug 25 15:50:50 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:50:50 2021 +0200 gnttab: replace mapkind() mapkind() doesn't scale very well with larger maptrack entry counts, using a brute force linear search through all entries, with the only option of an early loop exit if a matching writable entry was found. Introduce a radix tree alongside the main maptrack table, thus allowing much faster MFN-based lookup. To avoid the need to actually allocate space for the individual nodes, encode the two counters in the node pointers themselves, thus limiting the number of permitted simultaneous r/o and r/w mappings of the same MFN to 2³¹-1 (64-bit) / 2¹⁵-1 (32-bit) each. To avoid enforcing an unnecessarily low bound on the number of simultaneous mappings of a single MFN, introduce radix_tree_{ulong_to_ptr,ptr_to_ulong} paralleling radix_tree_{int_to_ptr,ptr_to_int}. As a consequence locking changes are also applicable: With there no longer being any inspection of the remote domain's active entries, there's also no need anymore to hold the remote domain's grant table lock. And since we're no longer iterating over the local domain's map track table, the lock in map_grant_ref() can also be dropped before the new maptrack entry actually gets populated. As a nice side effect this also reduces the number of IOMMU operations in unmap_common(): Previously we would have "established" a readable mapping whenever we didn't find a writable entry anymore (yet, of course, at least one readable one). But we only need to do this if we actually dropped the last writable entry, not if there were none already before. This is part of CVE-2021-28698 / XSA-380. Signed-off-by: Jan Beulich Reviewed-by: Julien Grall master commit: 9781b51efde251efcc0291ddb1d9c7cefe2b2555 master date: 2021-08-25 14:18:39 +0200 --- xen/common/grant_table.c | 199 ++++++++++++++++++++++++------------------- xen/include/xen/radix-tree.h | 19 +++++ 2 files changed, 130 insertions(+), 88 deletions(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 56fdf43970..11d83c78c5 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -36,6 +36,7 @@ #include #include #include +#include #include #include #include @@ -80,8 +81,13 @@ struct grant_table { grant_status_t **status; /* Active grant table. */ struct active_grant_entry **active; - /* Mapping tracking table per vcpu. */ + /* Handle-indexed tracking table of mappings. */ struct grant_mapping **maptrack; + /* + * MFN-indexed tracking tree of mappings, if needed. Note that this is + * protected by @lock, not @maptrack_lock. + */ + struct radix_tree_root maptrack_tree; /* Domain to which this struct grant_table belongs. */ const struct domain *domain; @@ -445,34 +451,6 @@ static int get_paged_frame(unsigned long gfn, mfn_t *mfn, return GNTST_okay; } -static inline void -double_gt_lock(struct grant_table *lgt, struct grant_table *rgt) -{ - /* - * See mapkind() for why the write lock is also required for the - * remote domain. - */ - if ( lgt < rgt ) - { - grant_write_lock(lgt); - grant_write_lock(rgt); - } - else - { - if ( lgt != rgt ) - grant_write_lock(rgt); - grant_write_lock(lgt); - } -} - -static inline void -double_gt_unlock(struct grant_table *lgt, struct grant_table *rgt) -{ - grant_write_unlock(lgt); - if ( lgt != rgt ) - grant_write_unlock(rgt); -} - #define INVALID_MAPTRACK_HANDLE UINT_MAX static inline grant_handle_t @@ -895,41 +873,17 @@ static struct active_grant_entry *grant_map_exists(const struct domain *ld, return ERR_PTR(-EINVAL); } -#define MAPKIND_READ 1 -#define MAPKIND_WRITE 2 -static unsigned int mapkind( - struct grant_table *lgt, const struct domain *rd, mfn_t mfn) -{ - struct grant_mapping *map; - grant_handle_t handle, limit = lgt->maptrack_limit; - unsigned int kind = 0; - - /* - * Must have the local domain's grant table write lock when - * iterating over its maptrack entries. - */ - ASSERT(percpu_rw_is_write_locked(&lgt->lock)); - /* - * Must have the remote domain's grant table write lock while - * counting its active entries. - */ - ASSERT(percpu_rw_is_write_locked(&rd->grant_table->lock)); - - smp_rmb(); - - for ( handle = 0; !(kind & MAPKIND_WRITE) && handle < limit; handle++ ) - { - map = &maptrack_entry(lgt, handle); - if ( !(map->flags & (GNTMAP_device_map|GNTMAP_host_map)) || - map->domid != rd->domain_id ) - continue; - if ( mfn_eq(_active_entry(rd->grant_table, map->ref).mfn, mfn) ) - kind |= map->flags & GNTMAP_readonly ? - MAPKIND_READ : MAPKIND_WRITE; - } - - return kind; -} +union maptrack_node { + struct { + /* Radix tree slot pointers use two of the bits. */ +#ifdef __BIG_ENDIAN_BITFIELD + unsigned long : 2; +#endif + unsigned long rd : BITS_PER_LONG / 2 - 1; + unsigned long wr : BITS_PER_LONG / 2 - 1; + } cnt; + unsigned long raw; +}; static void map_grant_ref( @@ -948,7 +902,6 @@ map_grant_ref( struct grant_mapping *mt; grant_entry_header_t *shah; uint16_t *status; - bool_t need_iommu; led = current; ld = led->domain; @@ -1156,31 +1109,75 @@ map_grant_ref( goto undo_out; } - need_iommu = gnttab_need_iommu_mapping(ld); - if ( need_iommu ) + if ( gnttab_need_iommu_mapping(ld) ) { + union maptrack_node node = { + .cnt.rd = !!(op->flags & GNTMAP_readonly), + .cnt.wr = !(op->flags & GNTMAP_readonly), + }; + int err; + void **slot = NULL; unsigned int kind; - double_gt_lock(lgt, rgt); + grant_write_lock(lgt); + + err = radix_tree_insert(&lgt->maptrack_tree, mfn_x(mfn), + radix_tree_ulong_to_ptr(node.raw)); + if ( err == -EEXIST ) + { + slot = radix_tree_lookup_slot(&lgt->maptrack_tree, mfn_x(mfn)); + if ( likely(slot) ) + { + node.raw = radix_tree_ptr_to_ulong(*slot); + err = -EBUSY; + + /* Update node only when refcount doesn't overflow. */ + if ( op->flags & GNTMAP_readonly ? ++node.cnt.rd + : ++node.cnt.wr ) + { + radix_tree_replace_slot(slot, + radix_tree_ulong_to_ptr(node.raw)); + err = 0; + } + } + else + ASSERT_UNREACHABLE(); + } /* * We're not translated, so we know that dfns and mfns are * the same things, so the IOMMU entry is always 1-to-1. */ - kind = mapkind(lgt, rd, mfn); - if ( !(op->flags & GNTMAP_readonly) && - !(kind & MAPKIND_WRITE) ) + if ( !(op->flags & GNTMAP_readonly) && node.cnt.wr == 1 ) kind = IOMMUF_readable | IOMMUF_writable; - else if ( !kind ) + else if ( (op->flags & GNTMAP_readonly) && + node.cnt.rd == 1 && !node.cnt.wr ) kind = IOMMUF_readable; else kind = 0; - if ( kind && iommu_legacy_map(ld, _dfn(mfn_x(mfn)), mfn, 0, kind) ) + if ( err || + (kind && iommu_legacy_map(ld, _dfn(mfn_x(mfn)), mfn, 0, kind)) ) { - double_gt_unlock(lgt, rgt); + if ( !err ) + { + if ( slot ) + { + op->flags & GNTMAP_readonly ? node.cnt.rd-- + : node.cnt.wr--; + radix_tree_replace_slot(slot, + radix_tree_ulong_to_ptr(node.raw)); + } + else + radix_tree_delete(&lgt->maptrack_tree, mfn_x(mfn)); + } + rc = GNTST_general_error; - goto undo_out; } + + grant_write_unlock(lgt); + + if ( rc != GNTST_okay ) + goto undo_out; } TRACE_1D(TRC_MEM_PAGE_GRANT_MAP, op->dom); @@ -1188,10 +1185,6 @@ map_grant_ref( /* * All maptrack entry users check mt->flags first before using the * other fields so just ensure the flags field is stored last. - * - * However, if gnttab_need_iommu_mapping() then this would race - * with a concurrent mapkind() call (on an unmap, for example) - * and a lock is required. */ mt = &maptrack_entry(lgt, handle); mt->domid = op->dom; @@ -1199,9 +1192,6 @@ map_grant_ref( smp_wmb(); write_atomic(&mt->flags, op->flags); - if ( need_iommu ) - double_gt_unlock(lgt, rgt); - op->dev_bus_addr = mfn_to_maddr(mfn); op->handle = handle; op->status = GNTST_okay; @@ -1414,19 +1404,34 @@ unmap_common( if ( rc == GNTST_okay && gnttab_need_iommu_mapping(ld) ) { - unsigned int kind; + void **slot; + union maptrack_node node; int err = 0; - double_gt_lock(lgt, rgt); + grant_write_lock(lgt); + slot = radix_tree_lookup_slot(&lgt->maptrack_tree, mfn_x(op->mfn)); + node.raw = likely(slot) ? radix_tree_ptr_to_ulong(*slot) : 0; + + /* Refcount must not underflow. */ + if ( !(flags & GNTMAP_readonly ? node.cnt.rd-- + : node.cnt.wr--) ) + BUG(); - kind = mapkind(lgt, rd, op->mfn); - if ( !kind ) + if ( !node.raw ) err = iommu_legacy_unmap(ld, _dfn(mfn_x(op->mfn)), 0); - else if ( !(kind & MAPKIND_WRITE) ) + else if ( !(flags & GNTMAP_readonly) && !node.cnt.wr ) err = iommu_legacy_map(ld, _dfn(mfn_x(op->mfn)), op->mfn, 0, IOMMUF_readable); - double_gt_unlock(lgt, rgt); + if ( err ) + ; + else if ( !node.raw ) + radix_tree_delete(&lgt->maptrack_tree, mfn_x(op->mfn)); + else + radix_tree_replace_slot(slot, + radix_tree_ulong_to_ptr(node.raw)); + + grant_write_unlock(lgt); if ( err ) rc = GNTST_general_error; @@ -1874,6 +1879,8 @@ int grant_table_init(struct domain *d, int max_grant_frames, gt->maptrack = vzalloc(gt->max_maptrack_frames * sizeof(*gt->maptrack)); if ( gt->maptrack == NULL ) goto out; + + radix_tree_init(>->maptrack_tree); } /* Shared grant table. */ @@ -3629,6 +3636,8 @@ int gnttab_release_mappings(struct domain *d) for ( handle = gt->maptrack_limit; handle; ) { + mfn_t mfn; + /* * Deal with full pages such that their freeing (in the body of the * if()) remains simple. @@ -3730,17 +3739,31 @@ int gnttab_release_mappings(struct domain *d) if ( act->pin == 0 ) gnttab_clear_flag(rd, _GTF_reading, status); + mfn = act->mfn; + active_entry_release(act); grant_read_unlock(rgt); rcu_unlock_domain(rd); map->flags = 0; + + /* + * This is excessive in that a single such call would suffice per + * mapped MFN (or none at all, if no entry was ever inserted). But it + * should be the common case for an MFN to be mapped just once, and + * this way we don't need to further maintain the counters. We also + * don't want to leave cleaning up of the tree as a whole to the end + * of the function, as this could take quite some time. + */ + radix_tree_delete(>->maptrack_tree, mfn_x(mfn)); } gt->maptrack_limit = 0; FREE_XENHEAP_PAGE(gt->maptrack[0]); + radix_tree_destroy(>->maptrack_tree, NULL); + return 0; } diff --git a/xen/include/xen/radix-tree.h b/xen/include/xen/radix-tree.h index ec40cf1d9e..58c40312e6 100644 --- a/xen/include/xen/radix-tree.h +++ b/xen/include/xen/radix-tree.h @@ -190,6 +190,25 @@ static inline int radix_tree_ptr_to_int(void *ptr) return (int)((long)ptr >> 2); } +/** + * radix_tree_{ulong_to_ptr,ptr_to_ulong}: + * + * Same for unsigned long values. Beware though that only BITS_PER_LONG-2 + * bits are actually usable for the value. + */ +static inline void *radix_tree_ulong_to_ptr(unsigned long val) +{ + unsigned long ptr = (val << 2) | 0x2; + ASSERT((ptr >> 2) == val); + return (void *)ptr; +} + +static inline unsigned long radix_tree_ptr_to_ulong(void *ptr) +{ + ASSERT(((unsigned long)ptr & 0x3) == 0x2); + return (unsigned long)ptr >> 2; +} + int radix_tree_insert(struct radix_tree_root *, unsigned long, void *); void *radix_tree_lookup(struct radix_tree_root *, unsigned long); void **radix_tree_lookup_slot(struct radix_tree_root *, unsigned long); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.12 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:57:48 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:57:48 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172406.314581 (Exim 4.92) (envelope-from ) id 1mItPY-0001Wg-5q; Wed, 25 Aug 2021 13:57:48 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172406.314581; Wed, 25 Aug 2021 13:57:48 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItPY-0001WY-2z; Wed, 25 Aug 2021 13:57:48 +0000 Received: by outflank-mailman (input) for mailman id 172406; Wed, 25 Aug 2021 13:57:47 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItPX-0001WQ-Mw for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:57:47 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItPX-0006VQ-MI for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:57:47 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mItPX-0006dm-LU for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:57:47 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=mQ6g7CT4srwM7Qy6vglVOcIASbXgzJv9vee3JEtrZ5I=; b=pZdAZQ5Pd4VBxFJ/qzbX18opPp bUICjMHMlYh8E1pEae8gs8qXRSQx5N7gzk8itRDJXv0ceJzpMtmf42cOA7WE2PwDVODjT93FvGUyS weMiYMn7J2rU2AYu9tr0C3Vs4SGjseMnYSHcjO1tuCG8vdrgvAb4HIv9jSMD0pnFYyco=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.12] gnttab: fix array capacity check in gnttab_get_status_frames() Message-Id: Date: Wed, 25 Aug 2021 13:57:47 +0000 commit 9e39b7f71ac79eef0cdff3fa38e6fd9402ecdda7 Author: Jan Beulich AuthorDate: Wed Aug 25 15:51:31 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:51:31 2021 +0200 gnttab: fix array capacity check in gnttab_get_status_frames() The number of grant frames is of no interest here; converting the passed in op.nr_frames this way means we allow for 8 times as many GFNs to be written as actually fit in the array. We would corrupt xlat areas of higher vCPU-s (after having faulted many times while trying to write to the guard pages between any two areas) for 32-bit PV guests. For HVM guests we'd simply crash as soon as we hit the first guard page, as accesses to the xlat area are simply memcpy() there. This is CVE-2021-28699 / XSA-382. Fixes: 18b1be5e324b ("gnttab: make resource limits per domain") Signed-off-by: Jan Beulich master commit: ec820035b875cdbedce5e73f481ce65963ede9ed master date: 2021-08-25 14:19:09 +0200 --- xen/common/grant_table.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 11d83c78c5..3056454b95 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -3182,12 +3182,11 @@ gnttab_get_status_frames(XEN_GUEST_HANDLE_PARAM(gnttab_get_status_frames_t) uop, goto unlock; } - if ( unlikely(limit_max < grant_to_status_frames(op.nr_frames)) ) + if ( unlikely(limit_max < op.nr_frames) ) { gdprintk(XENLOG_WARNING, - "grant_to_status_frames(%u) for d%d is too large (%u,%u)\n", - op.nr_frames, d->domain_id, - grant_to_status_frames(op.nr_frames), limit_max); + "nr_status_frames for %pd is too large (%u,%u)\n", + d, op.nr_frames, limit_max); op.status = GNTST_general_error; goto unlock; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.12 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 13:57:58 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 13:57:58 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172408.314585 (Exim 4.92) (envelope-from ) id 1mItPi-0001Zy-7R; Wed, 25 Aug 2021 13:57:58 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172408.314585; Wed, 25 Aug 2021 13:57:58 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItPi-0001Zq-4V; Wed, 25 Aug 2021 13:57:58 +0000 Received: by outflank-mailman (input) for mailman id 172408; Wed, 25 Aug 2021 13:57:57 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItPh-0001Zk-Qx for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:57:57 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItPh-0006Vc-QI for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:57:57 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mItPh-0006ez-PL for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 13:57:57 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=NadOLm6QjiJHQFYBfOBe9QZjukGzE0J9whsuCagBWoQ=; b=U0+c4ZtlqMRB0BEOLkUxnAJZmG cQ8TLoBPydgGnnizuEEueGSANAHfIHAASZ2BUs0Q6SdGDBkPMyYQNWcAKIQFiC4wvPB3L7klvvzJj /WkC8hUKivd7OuYd1MigVabDdWoNtuBqGeveW2v1SiRpBBjjhGo1+w1pGWrEKSIntwt8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.12] xen/arm: Restrict the amount of memory that dom0less domU and dom0 can allocate Message-Id: Date: Wed, 25 Aug 2021 13:57:57 +0000 commit 35ba323378d05509f2e0dc049520e140be183003 Author: Julien Grall AuthorDate: Wed Aug 25 15:51:47 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:51:47 2021 +0200 xen/arm: Restrict the amount of memory that dom0less domU and dom0 can allocate Currently, both dom0less domUs and dom0 can allocate an "unlimited" amount of memory because d->max_pages is set to ~0U. In particular, the former are meant to be unprivileged. Therefore the memory they could allocate should be bounded. As the domain are not yet officially aware of Xen (we don't expose advertise it in the DT, yet the hypercalls are accessible), they should not need to allocate more than the initial amount. So cap set d->max_pages directly the amount of memory we are meant to allocate. Take the opportunity to also restrict the memory for dom0 as the domain is direct mapped (e.g. MFN == GFN) and therefore cannot allocate outside of the pre-allocated region. This is CVE-2021-28700 / XSA-383. Reported-by: Julien Grall Signed-off-by: Julien Grall Reviewed-by: Stefano Stabellini Tested-by: Stefano Stabellini master commit: c08d68cd2aacbc7cb56e73ada241bfe4639bbc68 master date: 2021-08-25 14:19:31 +0200 --- xen/arch/arm/domain_build.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index 6c5a6db144..c3553ce4c4 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -2028,7 +2028,8 @@ static int __init construct_domU(struct domain *d, if ( vcpu_create(d, 0, 0) == NULL ) return -ENOMEM; - d->max_pages = ~0U; + + d->max_pages = ((paddr_t)mem * SZ_1K) >> PAGE_SHIFT; kinfo.d = d; @@ -2116,7 +2117,7 @@ int __init construct_dom0(struct domain *d) iommu_hwdom_init(d); - d->max_pages = ~0U; + d->max_pages = dom0_mem >> PAGE_SHIFT; kinfo.unassigned_mem = dom0_mem; kinfo.d = d; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.12 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 14:11:11 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 14:11:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172410.314589 (Exim 4.92) (envelope-from ) id 1mItcS-0003U4-7A; Wed, 25 Aug 2021 14:11:08 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172410.314589; Wed, 25 Aug 2021 14:11:08 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItcS-0003Tw-49; Wed, 25 Aug 2021 14:11:08 +0000 Received: by outflank-mailman (input) for mailman id 172410; Wed, 25 Aug 2021 14:11:07 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItcR-0003Tq-3L for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:11:07 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItcR-0006pP-1p for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:11:07 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mItcR-0000EH-09 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:11:07 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Rs5sI+xPzIFqkM4fNabdWX5wACdP/zjNjcuQhAyHXCA=; b=OrUMCkB2uqYocyiFRTjsFn2yZq GeF49xgMl5hidpqFRFyEa5TPXyujPDR8yJMneY/CLmtEkBMO3YwT7R1V6WueMqHCtEpwL/0LT2XSX visKK+XRWDl8obxNhxhlvoiMq3xKdt6k+Gc44V+LiPs116eHdVPwSHltf1EbBMXLiz6Q=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.11] x86: make hypervisor build with gcc11 Message-Id: Date: Wed, 25 Aug 2021 14:11:07 +0000 commit d2356c34d6a6bee7d74f8b3c29c408e96ee95c8d Author: Jan Beulich AuthorDate: Wed Aug 25 15:57:32 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:57:32 2021 +0200 x86: make hypervisor build with gcc11 Gcc 11 looks to make incorrect assumptions about valid ranges that pointers may be used for addressing when they are derived from e.g. a plain constant. See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100680. Utilize RELOC_HIDE() to work around the issue, which for x86 manifests in at least - mpparse.c:efi_check_config(), - tboot.c:tboot_probe(), - tboot.c:tboot_gen_frametable_integrity(), - x86_emulate.c:x86_emulate() (at -O2 only). The last case is particularly odd not just because it only triggers at higher optimization levels, but also because it only affects one of at least three similar constructs. Various "note" diagnostics claim the valid index range to be [0, 2⁶³-1]. Signed-off-by: Jan Beulich Tested-by: Jason Andryuk Acked-by: Roger Pau Monné master commit: 722f59d38c710a940ab05e542a83020eb5546dea master date: 2021-05-27 14:40:29 +0200 --- tools/tests/x86_emulator/x86-emulate.c | 7 +++++++ xen/arch/x86/x86_emulate/x86_emulate.c | 2 +- xen/include/asm-x86/fixmap.h | 2 +- xen/include/xen/compiler.h | 6 ++++++ xen/include/xen/pdx.h | 2 +- 5 files changed, 16 insertions(+), 3 deletions(-) diff --git a/tools/tests/x86_emulator/x86-emulate.c b/tools/tests/x86_emulator/x86-emulate.c index bb5908b59e..5d9d152ff4 100644 --- a/tools/tests/x86_emulator/x86-emulate.c +++ b/tools/tests/x86_emulator/x86-emulate.c @@ -2,6 +2,13 @@ #include +/* See gcc bug 100680, but here don't bother making this version dependent. */ +#define gcc11_wrap(x) ({ \ + unsigned long x_; \ + __asm__ ( "" : "=g" (x_) : "0" (x) ); \ + (typeof(x))x_; \ +}) + #define cpu_has_amd_erratum(nr) 0 #define cpu_has_mpx false #define read_bndcfgu() 0 diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c index 19594ab45d..973f2a9fd9 100644 --- a/xen/arch/x86/x86_emulate/x86_emulate.c +++ b/xen/arch/x86/x86_emulate/x86_emulate.c @@ -585,7 +585,7 @@ union vex { #define copy_VEX(ptr, vex) ({ \ if ( !mode_64bit() ) \ (vex).reg |= 8; \ - (ptr)[0 - PFX_BYTES] = ext < ext_8f08 ? 0xc4 : 0x8f; \ + gcc11_wrap(ptr)[0 - PFX_BYTES] = ext < ext_8f08 ? 0xc4 : 0x8f; \ (ptr)[1 - PFX_BYTES] = (vex).raw[0]; \ (ptr)[2 - PFX_BYTES] = (vex).raw[1]; \ container_of((ptr) + 1 - PFX_BYTES, typeof(vex), raw[0]); \ diff --git a/xen/include/asm-x86/fixmap.h b/xen/include/asm-x86/fixmap.h index 16ccaa2c77..d460b71f4f 100644 --- a/xen/include/asm-x86/fixmap.h +++ b/xen/include/asm-x86/fixmap.h @@ -80,7 +80,7 @@ extern void __set_fixmap( #define clear_fixmap(idx) __set_fixmap(idx, 0, 0) -#define __fix_to_virt(x) (FIXADDR_TOP - ((x) << PAGE_SHIFT)) +#define __fix_to_virt(x) gcc11_wrap(FIXADDR_TOP - ((x) << PAGE_SHIFT)) #define __virt_to_fix(x) ((FIXADDR_TOP - ((x)&PAGE_MASK)) >> PAGE_SHIFT) #define fix_to_virt(x) ((void *)__fix_to_virt(x)) diff --git a/xen/include/xen/compiler.h b/xen/include/xen/compiler.h index a7e05681c9..72518dd7a8 100644 --- a/xen/include/xen/compiler.h +++ b/xen/include/xen/compiler.h @@ -97,6 +97,12 @@ __asm__ ("" : "=r"(__ptr) : "0"(ptr)); \ (typeof(ptr)) (__ptr + (off)); }) +#if __GNUC__ >= 11 /* See gcc bug 100680. */ +# define gcc11_wrap(x) RELOC_HIDE(x, 0) +#else +# define gcc11_wrap(x) (x) +#endif + #ifdef __GCC_ASM_FLAG_OUTPUTS__ # define ASM_FLAG_OUT(yes, no) yes #else diff --git a/xen/include/xen/pdx.h b/xen/include/xen/pdx.h index a151aac1a2..5ed51b5edb 100644 --- a/xen/include/xen/pdx.h +++ b/xen/include/xen/pdx.h @@ -19,7 +19,7 @@ extern u64 pdx_region_mask(u64 base, u64 len); extern void set_pdx_range(unsigned long smfn, unsigned long emfn); #define page_to_pdx(pg) ((pg) - frame_table) -#define pdx_to_page(pdx) (frame_table + (pdx)) +#define pdx_to_page(pdx) gcc11_wrap(frame_table + (pdx)) bool __mfn_valid(unsigned long mfn); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.11 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 14:11:18 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 14:11:18 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172411.314593 (Exim 4.92) (envelope-from ) id 1mItcc-0003eJ-8i; Wed, 25 Aug 2021 14:11:18 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172411.314593; Wed, 25 Aug 2021 14:11:18 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItcc-0003eB-5e; Wed, 25 Aug 2021 14:11:18 +0000 Received: by outflank-mailman (input) for mailman id 172411; Wed, 25 Aug 2021 14:11:17 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItcb-0003e1-6v for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:11:17 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItcb-0006pw-65 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:11:17 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mItcb-0000G9-4e for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:11:17 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=3aSnmyxoBV5V8cm5meCDNWUql1+9uE3uLpeaBWhLQZM=; b=MFKs59TKQBUZW9Vsn3NQvCh/mI 0pln+eBgpX4g2ip0hr26I8BH1ZYlDXzwZP7FVm2d6IYlWYsUbdnVKNGXVzE4ueYkNOIYuW71gNqSa dZ2Efs7zabjmR7WnhISkFQ0ByYflynfVK2GpJlDIRiP8WvOAKteRP34nUUfhUz2YI1ao=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.11] x86: work around build issue with GNU ld 2.37 Message-Id: Date: Wed, 25 Aug 2021 14:11:17 +0000 commit 42fcb07d3889e497f5d52d664f8c4e4e6b3179a4 Author: Jan Beulich AuthorDate: Wed Aug 25 15:58:18 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:58:18 2021 +0200 x86: work around build issue with GNU ld 2.37 I suspect it is commit 40726f16a8d7 ("ld script expression parsing") which broke the hypervisor build, by no longer accepting section names with a dash in them inside ADDR() (and perhaps other script directives expecting just a section name, not an expression): .note.gnu.build-id is such a section. Quoting all section names passed to ADDR() via DECL_SECTION() works around the regression. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: 58ad654ebce7ccb272a3f4f3482c03aaad850d31 master date: 2021-07-27 15:03:29 +0100 --- xen/arch/x86/xen.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index f266969d0d..364424e3ce 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -21,7 +21,7 @@ ENTRY(efi_start) #define FORMAT "elf64-x86-64" #define SECTION_ALIGN PAGE_SIZE -#define DECL_SECTION(x) x : AT(ADDR(x) - __XEN_VIRT_START) +#define DECL_SECTION(x) x : AT(ADDR(#x) - __XEN_VIRT_START) ENTRY(start_pa) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.11 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 14:11:28 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 14:11:28 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172412.314597 (Exim 4.92) (envelope-from ) id 1mItcm-0003hv-AV; Wed, 25 Aug 2021 14:11:28 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172412.314597; Wed, 25 Aug 2021 14:11:28 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItcm-0003hj-7F; Wed, 25 Aug 2021 14:11:28 +0000 Received: by outflank-mailman (input) for mailman id 172412; Wed, 25 Aug 2021 14:11:27 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItcl-0003hV-Ar for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:11:27 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItcl-0006qA-A6 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:11:27 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mItcl-0000Hb-8z for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:11:27 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Xq+4kJmsqd+CM2A6V85D8vNANXitHAAJ/bDOEMfIUsw=; b=wCmxm20N8fh02RGLIVP20Fbn5M xS8CGqWyEtqDZJoMQ3NF5d7NF8zVf47ldPCgefzYwli+UB9i+mX7B10XhUXL5m6GST2Vu+d99YCIq MdIGrABGOjOD5eI396rGFoo20OMKBfauQZwRCRtF/ha8D2cL+RW4dEAspkn6BiH58A0U=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.11] x86/p2m: fix PoD accounting in guest_physmap_add_entry() Message-Id: Date: Wed, 25 Aug 2021 14:11:27 +0000 commit a7cb4af927e97cb60ae01c1a5e2cd9d1e3b3d139 Author: Jan Beulich AuthorDate: Wed Aug 25 15:58:58 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:58:58 2021 +0200 x86/p2m: fix PoD accounting in guest_physmap_add_entry() The initial observation was that the mfn_valid() check comes too late: Neither mfn_add() nor mfn_to_page() (let alone de-referencing the result of the latter) are valid for MFNs failing this check. Move it up and - noticing that there's no caller doing so - also add an assertion that this should never produce "false" here. In turn this would have meant that the "else" to that if() could now go away, which didn't seem right at all. And indeed, considering callers like memory_exchange() or various grant table functions, the PoD accounting should have been outside of that if() from the very beginning. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: aea270e3f7c0db696c88a0e94b1ece7abd339c84 master date: 2020-02-21 17:14:38 +0100 --- xen/arch/x86/mm/p2m.c | 32 ++++++++++++-------------------- 1 file changed, 12 insertions(+), 20 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 97c417fc3e..6ff61aa138 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -794,6 +794,12 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, if ( p2m_is_foreign(t) ) return -EINVAL; + if ( !mfn_valid(mfn) ) + { + ASSERT_UNREACHABLE(); + return -EINVAL; + } + p2m_lock(p2m); P2M_DEBUG("adding gfn=%#lx mfn=%#lx\n", gfn_x(gfn), mfn_x(mfn)); @@ -894,12 +900,13 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, } /* Now, actually do the two-way mapping */ - if ( mfn_valid(mfn) ) + rc = p2m_set_entry(p2m, gfn, mfn, page_order, t, p2m->default_access); + if ( rc == 0 ) { - rc = p2m_set_entry(p2m, gfn, mfn, page_order, t, - p2m->default_access); - if ( rc ) - goto out; /* Failed to update p2m, bail without updating m2p. */ + pod_lock(p2m); + p2m->pod.entry_count -= pod_count; + BUG_ON(p2m->pod.entry_count < 0); + pod_unlock(p2m); if ( !p2m_is_grant(t) ) { @@ -908,22 +915,7 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, gfn_x(gfn_add(gfn, i))); } } - else - { - gdprintk(XENLOG_WARNING, "Adding bad mfn to p2m map (%#lx -> %#lx)\n", - gfn_x(gfn), mfn_x(mfn)); - rc = p2m_set_entry(p2m, gfn, INVALID_MFN, page_order, - p2m_invalid, p2m->default_access); - if ( rc == 0 ) - { - pod_lock(p2m); - p2m->pod.entry_count -= pod_count; - BUG_ON(p2m->pod.entry_count < 0); - pod_unlock(p2m); - } - } -out: p2m_unlock(p2m); return rc; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.11 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 14:11:38 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 14:11:38 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172413.314601 (Exim 4.92) (envelope-from ) id 1mItcw-0003l2-Bh; Wed, 25 Aug 2021 14:11:38 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172413.314601; Wed, 25 Aug 2021 14:11:38 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItcw-0003ku-8k; Wed, 25 Aug 2021 14:11:38 +0000 Received: by outflank-mailman (input) for mailman id 172413; Wed, 25 Aug 2021 14:11:37 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItcv-0003ke-F7 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:11:37 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItcv-0006qK-EL for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:11:37 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mItcv-0000J1-Cw for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:11:37 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Otmg2NNsGJBYzSpC1nK5B01MjliaSIEdRtUHxWGgIcE=; b=D1WFFapcZ6F4hC60ELr7+FmnJU qjmzP/fXNBHQInv7ihyxnOhWIDxvRCPPtYfn47dyc53i4IN5pDdJuwGMkRO1OOpBx+29Wmo2ycZ5c 7i57ZDIQtjFj1i5G+VFxrjRdE+JcMnNpQj5GfKsuOTmF4nFTr3RR6E1e6wTlwbRrg3CY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.11] x86/p2m: don't ignore p2m_remove_page()'s return value Message-Id: Date: Wed, 25 Aug 2021 14:11:37 +0000 commit 2e01b8fc2ec446a2d786bada35921355e3cf3c46 Author: Jan Beulich AuthorDate: Wed Aug 25 15:59:13 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:59:13 2021 +0200 x86/p2m: don't ignore p2m_remove_page()'s return value It's not very nice to return from guest_physmap_add_entry() after perhaps already having made some changes to the P2M, but this is pre- existing practice in the function, and imo better than ignoring errors. Take the liberty and replace an mfn_add() instance with a local variable already holding the result (as proven by the check immediately ahead). Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Acked-by: Andrew Cooper master commit: a6b051a87a586347969bfbaa6925ac0f0c845413 master date: 2020-04-03 10:56:10 +0200 --- xen/arch/x86/mm/p2m.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 6ff61aa138..9674ff087c 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -702,8 +702,7 @@ void p2m_final_teardown(struct domain *d) p2m_teardown_hostp2m(d); } - -static int +static int __must_check p2m_remove_page(struct p2m_domain *p2m, unsigned long gfn_l, unsigned long mfn, unsigned int page_order) { @@ -892,9 +891,9 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, ASSERT(mfn_valid(omfn)); P2M_DEBUG("old gfn=%#lx -> mfn %#lx\n", gfn_x(ogfn) , mfn_x(omfn)); - if ( mfn_eq(omfn, mfn_add(mfn, i)) ) - p2m_remove_page(p2m, gfn_x(ogfn), mfn_x(mfn_add(mfn, i)), - 0); + if ( mfn_eq(omfn, mfn_add(mfn, i)) && + (rc = p2m_remove_page(p2m, gfn_x(ogfn), mfn_x(omfn), 0)) ) + goto out; } } } @@ -916,6 +915,7 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, } } + out: p2m_unlock(p2m); return rc; @@ -2385,9 +2385,9 @@ int p2m_change_altp2m_gfn(struct domain *d, unsigned int idx, if ( gfn_eq(new_gfn, INVALID_GFN) ) { - if ( mfn_valid(mfn) ) - p2m_remove_page(ap2m, gfn_x(old_gfn), mfn_x(mfn), PAGE_ORDER_4K); - rc = 0; + rc = mfn_valid(mfn) + ? p2m_remove_page(ap2m, gfn_x(old_gfn), mfn_x(mfn), PAGE_ORDER_4K) + : 0; goto out; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.11 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 14:11:48 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 14:11:48 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172414.314605 (Exim 4.92) (envelope-from ) id 1mItd6-0003pI-DX; Wed, 25 Aug 2021 14:11:48 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172414.314605; Wed, 25 Aug 2021 14:11:48 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItd6-0003pA-AZ; Wed, 25 Aug 2021 14:11:48 +0000 Received: by outflank-mailman (input) for mailman id 172414; Wed, 25 Aug 2021 14:11:47 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItd5-0003ou-Id for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:11:47 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItd5-0006qU-Hv for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:11:47 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mItd5-0000K4-H1 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:11:47 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rvuRCFeDbrN2B5eTourNM9gxlziIQMFa7Fwbno7x+CE=; b=vfKHIYRlLU7k+ztoLFcKwEWQz/ 0jNsDCvLpbx5Giz/2fr+IiZa34zfEEQg2WXDi4gWnMubykh3C2mhiKFf8JINLfgYMy/gcbSXOoHyb BP8vu6SI8IxzKb+y5aXrUzxhExgxBfLsI54pY5U4a28gfFg48DBgQhfiLHI+MUHnlxrM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.11] x86/p2m: don't assert that the passed in MFN matches for a remove Message-Id: Date: Wed, 25 Aug 2021 14:11:47 +0000 commit 66f400c71d12fe8adfb895984b14f2941e8cb6ce Author: Jan Beulich AuthorDate: Wed Aug 25 15:59:28 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:59:28 2021 +0200 x86/p2m: don't assert that the passed in MFN matches for a remove guest_physmap_remove_page() gets handed an MFN from the outside, yet takes the necessary lock to prevent further changes to the GFN <-> MFN mapping itself. While some callers, in particular guest_remove_page() (by way of having called get_gfn_query()), hold the GFN lock already, various others (most notably perhaps the 2nd instance in xenmem_add_to_physmap_one()) don't. While it also is an option to fix all the callers, deal with the issue in p2m_remove_page() instead: Replace the ASSERT() by a conditional and split the loop into two, such that all checking gets done before any modification would occur. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Acked-by: Andrew Cooper master commit: c65ea16dbcafbe4fe21693b18f8c2a3c5d14600e master date: 2020-04-03 10:56:55 +0200 --- xen/arch/x86/mm/p2m.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 9674ff087c..b8480e0e1c 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -708,7 +708,6 @@ p2m_remove_page(struct p2m_domain *p2m, unsigned long gfn_l, unsigned long mfn, { unsigned long i; gfn_t gfn = _gfn(gfn_l); - mfn_t mfn_return; p2m_type_t t; p2m_access_t a; @@ -719,15 +718,26 @@ p2m_remove_page(struct p2m_domain *p2m, unsigned long gfn_l, unsigned long mfn, ASSERT(gfn_locked_by_me(p2m, gfn)); P2M_DEBUG("removing gfn=%#lx mfn=%#lx\n", gfn_l, mfn); + for ( i = 0; i < (1UL << page_order); ) + { + unsigned int cur_order; + mfn_t mfn_return = p2m->get_entry(p2m, gfn_add(gfn, i), &t, &a, 0, + &cur_order, NULL); + + if ( p2m_is_valid(t) && + (!mfn_valid(_mfn(mfn)) || mfn + i != mfn_x(mfn_return)) ) + return -EILSEQ; + + i += (1UL << cur_order) - ((gfn_l + i) & ((1UL << cur_order) - 1)); + } + if ( mfn_valid(_mfn(mfn)) ) { for ( i = 0; i < (1UL << page_order); i++ ) { - mfn_return = p2m->get_entry(p2m, gfn_add(gfn, i), &t, &a, 0, - NULL, NULL); + p2m->get_entry(p2m, gfn_add(gfn, i), &t, &a, 0, NULL, NULL); if ( !p2m_is_grant(t) && !p2m_is_shared(t) && !p2m_is_foreign(t) ) set_gpfn_from_mfn(mfn+i, INVALID_M2P_ENTRY); - ASSERT( !p2m_is_valid(t) || mfn + i == mfn_x(mfn_return) ); } } return p2m_set_entry(p2m, gfn, INVALID_MFN, page_order, p2m_invalid, -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.11 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 14:11:58 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 14:11:58 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172415.314609 (Exim 4.92) (envelope-from ) id 1mItdG-0003sc-Gi; Wed, 25 Aug 2021 14:11:58 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172415.314609; Wed, 25 Aug 2021 14:11:58 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItdG-0003sS-Di; Wed, 25 Aug 2021 14:11:58 +0000 Received: by outflank-mailman (input) for mailman id 172415; Wed, 25 Aug 2021 14:11:57 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItdF-0003sK-Ls for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:11:57 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItdF-0006qi-LF for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:11:57 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mItdF-0000LG-KR for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:11:57 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=anhumioyC/D57Ev4gNRp58sRsjDlyRsG0oZg2n+3zl4=; b=bWYOsrdhiAAXiXYLepaTdp/u+7 TcabFcedjQsohxidZ9Qv7aGX2ol8jW2lAv8dnMDA8Ndcff0lBVGs5fAMYJl/nNcDiFN+Vnn77qEQF XnuLkS8gY0ogWO30ZOa1J5C0XVnGSGKWJDJoBxdduzs8d5fkjrkTE4h+uqYKos1DMfiQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.11] AMD/IOMMU: correct global exclusion range extending Message-Id: Date: Wed, 25 Aug 2021 14:11:57 +0000 commit 3da2f2b0fce27a5de8d875671588580f210ec37c Author: Jan Beulich AuthorDate: Wed Aug 25 16:00:06 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 16:00:06 2021 +0200 AMD/IOMMU: correct global exclusion range extending Besides unity mapping regions, the AMD IOMMU spec also provides for exclusion ranges (areas of memory not to be subject to DMA translation) to be specified by firmware in the ACPI tables. The spec does not put any constraints on the number of such regions. Blindly assuming all addresses between any two such ranges should also be excluded can't be right. Since hardware has room for just a single such range (comprised of the Exclusion Base Register and the Exclusion Range Limit Register), combine only adjacent or overlapping regions (for now; this may require further adjustment in case table entries aren't sorted by address) with matching exclusion_allow_all settings. This requires bubbling up error indicators, such that IOMMU init can be failed when concatenation wasn't possible. Furthermore, since the exclusion range specified in IOMMU registers implies R/W access, reject requests asking for less permissions (this will be brought closer to the spec by a subsequent change). This is part of XSA-378 / CVE-2021-28695. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: b02c5c88982411be11e3413159862f255f1f39dc master date: 2021-08-25 14:12:13 +0200 --- xen/drivers/passthrough/amd/iommu_acpi.c | 45 +++++++++++++++++++++----------- 1 file changed, 30 insertions(+), 15 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c b/xen/drivers/passthrough/amd/iommu_acpi.c index 64d10481d7..9f7659340a 100644 --- a/xen/drivers/passthrough/amd/iommu_acpi.c +++ b/xen/drivers/passthrough/amd/iommu_acpi.c @@ -98,12 +98,21 @@ static struct amd_iommu * __init find_iommu_from_bdf_cap( return NULL; } -static void __init reserve_iommu_exclusion_range( - struct amd_iommu *iommu, uint64_t base, uint64_t limit) +static int __init reserve_iommu_exclusion_range( + struct amd_iommu *iommu, uint64_t base, uint64_t limit, + bool all, bool iw, bool ir) { + if ( !ir || !iw ) + return -EPERM; + /* need to extend exclusion range? */ if ( iommu->exclusion_enable ) { + if ( iommu->exclusion_limit + PAGE_SIZE < base || + limit + PAGE_SIZE < iommu->exclusion_base || + iommu->exclusion_allow_all != all ) + return -EBUSY; + if ( iommu->exclusion_base < base ) base = iommu->exclusion_base; if ( iommu->exclusion_limit > limit ) @@ -111,16 +120,11 @@ static void __init reserve_iommu_exclusion_range( } iommu->exclusion_enable = IOMMU_CONTROL_ENABLED; + iommu->exclusion_allow_all = all; iommu->exclusion_base = base; iommu->exclusion_limit = limit; -} -static void __init reserve_iommu_exclusion_range_all( - struct amd_iommu *iommu, - unsigned long base, unsigned long limit) -{ - reserve_iommu_exclusion_range(iommu, base, limit); - iommu->exclusion_allow_all = IOMMU_CONTROL_ENABLED; + return 0; } static void __init reserve_unity_map_for_device( @@ -158,6 +162,7 @@ static int __init register_exclusion_range_for_all_devices( unsigned long range_top, iommu_top, length; struct amd_iommu *iommu; unsigned int bdf; + int rc = 0; /* is part of exclusion range inside of IOMMU virtual address space? */ /* note: 'limit' parameter is assumed to be page-aligned */ @@ -179,10 +184,15 @@ static int __init register_exclusion_range_for_all_devices( if ( limit >= iommu_top ) { for_each_amd_iommu( iommu ) - reserve_iommu_exclusion_range_all(iommu, base, limit); + { + rc = reserve_iommu_exclusion_range(iommu, base, limit, + true /* all */, iw, ir); + if ( rc ) + break; + } } - return 0; + return rc; } static int __init register_exclusion_range_for_device( @@ -193,6 +203,7 @@ static int __init register_exclusion_range_for_device( unsigned long range_top, iommu_top, length; struct amd_iommu *iommu; u16 req; + int rc = 0; iommu = find_iommu_for_device(seg, bdf); if ( !iommu ) @@ -222,12 +233,13 @@ static int __init register_exclusion_range_for_device( /* register IOMMU exclusion range settings for device */ if ( limit >= iommu_top ) { - reserve_iommu_exclusion_range(iommu, base, limit); + rc = reserve_iommu_exclusion_range(iommu, base, limit, + false /* all */, iw, ir); ivrs_mappings[bdf].dte_allow_exclusion = IOMMU_CONTROL_ENABLED; ivrs_mappings[req].dte_allow_exclusion = IOMMU_CONTROL_ENABLED; } - return 0; + return rc; } static int __init register_exclusion_range_for_iommu_devices( @@ -237,6 +249,7 @@ static int __init register_exclusion_range_for_iommu_devices( unsigned long range_top, iommu_top, length; unsigned int bdf; u16 req; + int rc = 0; /* is part of exclusion range inside of IOMMU virtual address space? */ /* note: 'limit' parameter is assumed to be page-aligned */ @@ -267,8 +280,10 @@ static int __init register_exclusion_range_for_iommu_devices( /* register IOMMU exclusion range settings */ if ( limit >= iommu_top ) - reserve_iommu_exclusion_range_all(iommu, base, limit); - return 0; + rc = reserve_iommu_exclusion_range(iommu, base, limit, + true /* all */, iw, ir); + + return rc; } static int __init parse_ivmd_device_select( -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.11 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 14:12:08 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 14:12:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172416.314613 (Exim 4.92) (envelope-from ) id 1mItdQ-0003vm-IZ; Wed, 25 Aug 2021 14:12:08 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172416.314613; Wed, 25 Aug 2021 14:12:08 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItdQ-0003vd-FQ; Wed, 25 Aug 2021 14:12:08 +0000 Received: by outflank-mailman (input) for mailman id 172416; Wed, 25 Aug 2021 14:12:07 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItdP-0003vO-Pl for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:12:07 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItdP-0006rO-P3 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:12:07 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mItdP-0000MZ-Nv for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:12:07 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=7etgz5tIs3VVoM7Jhcue89P2Pq2iPkcEA1v913dRanU=; b=1/I493ndKsvjFQbdoEOtkxq14z 5WeIYk+chq6hjWI4hYAo1RW/QDGljW1+8+c8C1kcSaL2V9UcGeBrzOAnuIYh4IZsNxP92cTY3OmpE mc5eVwHJkj03XsHmoPUkRHamEo/ws8Lmmi5jdkmLF4HrjHU3CQRJZYWRAujRkriuskeg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.11] AMD/IOMMU: correct device unity map handling Message-Id: Date: Wed, 25 Aug 2021 14:12:07 +0000 commit c18e200eb657fd37b970aabbdae637878d055801 Author: Jan Beulich AuthorDate: Wed Aug 25 16:00:28 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 16:00:28 2021 +0200 AMD/IOMMU: correct device unity map handling Blindly assuming all addresses between any two such ranges, specified by firmware in the ACPI tables, should also be unity-mapped can't be right. Nor can it be correct to merge ranges with differing permissions. Track ranges individually; don't merge at all, but check for overlaps instead. This requires bubbling up error indicators, such that IOMMU init can be failed when allocation of a new tracking struct wasn't possible, or an overlap was detected. At this occasion also stop ignoring amd_iommu_reserve_domain_unity_map()'s return value. This is part of XSA-378 / CVE-2021-28695. Signed-off-by: Jan Beulich Reviewed-by: George Dunlap Reviewed-by: Paul Durrant master commit: 34750a3eb022462cdd1c36e8ef9049d3d73c824c master date: 2021-08-25 14:15:11 +0200 --- xen/drivers/passthrough/amd/iommu_acpi.c | 80 +++++++++++++++++------------ xen/drivers/passthrough/amd/iommu_init.c | 1 - xen/drivers/passthrough/amd/pci_amd_iommu.c | 16 +++--- xen/include/asm-x86/amd-iommu.h | 14 +++-- 4 files changed, 66 insertions(+), 45 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c b/xen/drivers/passthrough/amd/iommu_acpi.c index 9f7659340a..a477877f32 100644 --- a/xen/drivers/passthrough/amd/iommu_acpi.c +++ b/xen/drivers/passthrough/amd/iommu_acpi.c @@ -127,32 +127,48 @@ static int __init reserve_iommu_exclusion_range( return 0; } -static void __init reserve_unity_map_for_device( - u16 seg, u16 bdf, unsigned long base, - unsigned long length, u8 iw, u8 ir) +static int __init reserve_unity_map_for_device( + uint16_t seg, uint16_t bdf, unsigned long base, + unsigned long length, bool iw, bool ir) { struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(seg); - unsigned long old_top, new_top; + struct ivrs_unity_map *unity_map = ivrs_mappings[bdf].unity_map; - /* need to extend unity-mapped range? */ - if ( ivrs_mappings[bdf].unity_map_enable ) + /* Check for overlaps. */ + for ( ; unity_map; unity_map = unity_map->next ) { - old_top = ivrs_mappings[bdf].addr_range_start + - ivrs_mappings[bdf].addr_range_length; - new_top = base + length; - if ( old_top > new_top ) - new_top = old_top; - if ( ivrs_mappings[bdf].addr_range_start < base ) - base = ivrs_mappings[bdf].addr_range_start; - length = new_top - base; + /* + * Exact matches are okay. This can in particular happen when + * register_exclusion_range_for_device() calls here twice for the + * same (s,b,d,f). + */ + if ( base == unity_map->addr && length == unity_map->length && + ir == unity_map->read && iw == unity_map->write ) + return 0; + + if ( unity_map->addr + unity_map->length > base && + base + length > unity_map->addr ) + { + AMD_IOMMU_DEBUG("IVMD Error: overlap [%lx,%lx) vs [%lx,%lx)\n", + base, base + length, unity_map->addr, + unity_map->addr + unity_map->length); + return -EPERM; + } } - /* extend r/w permissioms and keep aggregate */ - ivrs_mappings[bdf].write_permission = iw; - ivrs_mappings[bdf].read_permission = ir; - ivrs_mappings[bdf].unity_map_enable = IOMMU_CONTROL_ENABLED; - ivrs_mappings[bdf].addr_range_start = base; - ivrs_mappings[bdf].addr_range_length = length; + /* Populate and insert a new unity map. */ + unity_map = xmalloc(struct ivrs_unity_map); + if ( !unity_map ) + return -ENOMEM; + + unity_map->read = ir; + unity_map->write = iw; + unity_map->addr = base; + unity_map->length = length; + unity_map->next = ivrs_mappings[bdf].unity_map; + ivrs_mappings[bdf].unity_map = unity_map; + + return 0; } static int __init register_exclusion_range_for_all_devices( @@ -175,13 +191,13 @@ static int __init register_exclusion_range_for_all_devices( length = range_top - base; /* reserve r/w unity-mapped page entries for devices */ /* note: these entries are part of the exclusion range */ - for ( bdf = 0; bdf < ivrs_bdf_entries; bdf++ ) - reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); + for ( bdf = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) + rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); /* push 'base' just outside of virtual address space */ base = iommu_top; } /* register IOMMU exclusion range settings */ - if ( limit >= iommu_top ) + if ( !rc && limit >= iommu_top ) { for_each_amd_iommu( iommu ) { @@ -223,15 +239,15 @@ static int __init register_exclusion_range_for_device( length = range_top - base; /* reserve unity-mapped page entries for device */ /* note: these entries are part of the exclusion range */ - reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); - reserve_unity_map_for_device(seg, req, base, length, iw, ir); + rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir) ?: + reserve_unity_map_for_device(seg, req, base, length, iw, ir); /* push 'base' just outside of virtual address space */ base = iommu_top; } /* register IOMMU exclusion range settings for device */ - if ( limit >= iommu_top ) + if ( !rc && limit >= iommu_top ) { rc = reserve_iommu_exclusion_range(iommu, base, limit, false /* all */, iw, ir); @@ -262,15 +278,15 @@ static int __init register_exclusion_range_for_iommu_devices( length = range_top - base; /* reserve r/w unity-mapped page entries for devices */ /* note: these entries are part of the exclusion range */ - for ( bdf = 0; bdf < ivrs_bdf_entries; bdf++ ) + for ( bdf = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) { if ( iommu == find_iommu_for_device(iommu->seg, bdf) ) { - reserve_unity_map_for_device(iommu->seg, bdf, base, length, - iw, ir); req = get_ivrs_mappings(iommu->seg)[bdf].dte_requestor_id; - reserve_unity_map_for_device(iommu->seg, req, base, length, - iw, ir); + rc = reserve_unity_map_for_device(iommu->seg, bdf, base, length, + iw, ir) ?: + reserve_unity_map_for_device(iommu->seg, req, base, length, + iw, ir); } } @@ -279,7 +295,7 @@ static int __init register_exclusion_range_for_iommu_devices( } /* register IOMMU exclusion range settings */ - if ( limit >= iommu_top ) + if ( !rc && limit >= iommu_top ) rc = reserve_iommu_exclusion_range(iommu, base, limit, true /* all */, iw, ir); diff --git a/xen/drivers/passthrough/amd/iommu_init.c b/xen/drivers/passthrough/amd/iommu_init.c index cf792ef77f..38c2f8ba01 100644 --- a/xen/drivers/passthrough/amd/iommu_init.c +++ b/xen/drivers/passthrough/amd/iommu_init.c @@ -1187,7 +1187,6 @@ static int __init alloc_ivrs_mappings(u16 seg) { ivrs_mappings[bdf].dte_requestor_id = bdf; ivrs_mappings[bdf].dte_allow_exclusion = IOMMU_CONTROL_DISABLED; - ivrs_mappings[bdf].unity_map_enable = IOMMU_CONTROL_DISABLED; ivrs_mappings[bdf].iommu = NULL; ivrs_mappings[bdf].intremap_table = NULL; diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 983ece5981..03df7c0dee 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -372,15 +372,17 @@ static int amd_iommu_assign_device(struct domain *d, u8 devfn, struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); int bdf = PCI_BDF2(pdev->bus, devfn); int req_id = get_dma_requestor_id(pdev->seg, bdf); + const struct ivrs_unity_map *unity_map; - if ( ivrs_mappings[req_id].unity_map_enable ) + for ( unity_map = ivrs_mappings[req_id].unity_map; unity_map; + unity_map = unity_map->next ) { - amd_iommu_reserve_domain_unity_map( - d, - ivrs_mappings[req_id].addr_range_start, - ivrs_mappings[req_id].addr_range_length, - ivrs_mappings[req_id].write_permission, - ivrs_mappings[req_id].read_permission); + int rc = amd_iommu_reserve_domain_unity_map( + d, unity_map->addr, unity_map->length, + unity_map->write, unity_map->read); + + if ( rc ) + return rc; } return reassign_device(pdev->domain, d, devfn, pdev); diff --git a/xen/include/asm-x86/amd-iommu.h b/xen/include/asm-x86/amd-iommu.h index 02715b482b..1bba272379 100644 --- a/xen/include/asm-x86/amd-iommu.h +++ b/xen/include/asm-x86/amd-iommu.h @@ -108,15 +108,19 @@ struct amd_iommu { struct list_head ats_devices; }; +struct ivrs_unity_map { + bool read:1; + bool write:1; + paddr_t addr; + unsigned long length; + struct ivrs_unity_map *next; +}; + struct ivrs_mappings { u16 dte_requestor_id; u8 dte_allow_exclusion; - u8 unity_map_enable; - u8 write_permission; - u8 read_permission; - unsigned long addr_range_start; - unsigned long addr_range_length; struct amd_iommu *iommu; + struct ivrs_unity_map *unity_map; /* per device interrupt remapping table */ void *intremap_table; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.11 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 14:12:18 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 14:12:18 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172417.314617 (Exim 4.92) (envelope-from ) id 1mItda-00040B-Jz; Wed, 25 Aug 2021 14:12:18 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172417.314617; Wed, 25 Aug 2021 14:12:18 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItda-000403-H5; Wed, 25 Aug 2021 14:12:18 +0000 Received: by outflank-mailman (input) for mailman id 172417; Wed, 25 Aug 2021 14:12:17 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItdZ-0003zn-Tg for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:12:17 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItdZ-0006rY-Sx for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:12:17 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mItdZ-0000O8-S0 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:12:17 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/4V5cENXE8POinE9cKx0aS5cJLryb/fFRJRycTXxwjY=; b=Phrb0Zb2JILCdUvsQBiZqgnBCS PCYQDUxDFJZJAfKg0FUVVrxmSX4E7J2trnjA8TCpJSs+TDZsAxo2TQLgEUQdnkzoCtOyMMFQxtVTv S3TsKu8WULH5AD8NTYQTEeykGkMlGemb/xeOX4adagQHX4f+ORfRjrvXZZJ1gGq0krkQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.11] IOMMU: also pass p2m_access_t to p2m_get_iommu_flags() Message-Id: Date: Wed, 25 Aug 2021 14:12:17 +0000 commit 82e93b8f45887182427aa5089d830a32b1e4424c Author: Jan Beulich AuthorDate: Wed Aug 25 16:00:52 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 16:00:52 2021 +0200 IOMMU: also pass p2m_access_t to p2m_get_iommu_flags() A subsequent change will want to customize the IOMMU permissions based on this. This is part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: d1bb6c97c31ef754fb29b29eb307c090414e8022 master date: 2021-08-25 14:15:32 +0200 --- xen/arch/x86/mm/p2m-ept.c | 6 +++--- xen/arch/x86/mm/p2m-pt.c | 19 ++++++++++++++++--- xen/include/asm-x86/p2m.h | 3 ++- 3 files changed, 21 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/mm/p2m-ept.c b/xen/arch/x86/mm/p2m-ept.c index e0fec73e3f..b4e8d91a94 100644 --- a/xen/arch/x86/mm/p2m-ept.c +++ b/xen/arch/x86/mm/p2m-ept.c @@ -711,7 +711,7 @@ ept_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, uint8_t ipat = 0; bool_t need_modify_vtd_table = 1; bool_t vtd_pte_present = 0; - unsigned int iommu_flags = p2m_get_iommu_flags(p2mt, mfn); + unsigned int iommu_flags = p2m_get_iommu_flags(p2mt, p2ma, mfn); bool_t needs_sync = 1; ept_entry_t old_entry = { .epte = 0 }; ept_entry_t new_entry = { .epte = 0 }; @@ -837,8 +837,8 @@ ept_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, /* Safe to read-then-write because we hold the p2m lock */ if ( ept_entry->mfn == new_entry.mfn && - p2m_get_iommu_flags(ept_entry->sa_p2mt, _mfn(ept_entry->mfn)) == - iommu_flags ) + p2m_get_iommu_flags(ept_entry->sa_p2mt, ept_entry->access, + _mfn(ept_entry->mfn)) == iommu_flags ) need_modify_vtd_table = 0; ept_p2m_type_to_flags(p2m, &new_entry, p2mt, p2ma); diff --git a/xen/arch/x86/mm/p2m-pt.c b/xen/arch/x86/mm/p2m-pt.c index b8c5d2ed26..0ea41a6ec5 100644 --- a/xen/arch/x86/mm/p2m-pt.c +++ b/xen/arch/x86/mm/p2m-pt.c @@ -471,6 +471,16 @@ int p2m_pt_handle_deferred_changes(uint64_t gpa) return rc; } +/* Reconstruct a fake p2m_access_t from stored PTE flags. */ +static p2m_access_t p2m_flags_to_access(unsigned int flags) +{ + if ( flags & _PAGE_PRESENT ) + return p2m_access_n; + + /* No need to look at _PAGE_NX for now. */ + return flags & _PAGE_RW ? p2m_access_rw : p2m_access_r; +} + /* Returns: 0 for success, -errno for failure */ static int p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, @@ -487,7 +497,7 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, l2_pgentry_t l2e_content; l3_pgentry_t l3e_content; int rc; - unsigned int iommu_pte_flags = p2m_get_iommu_flags(p2mt, mfn); + unsigned int iommu_pte_flags = p2m_get_iommu_flags(p2mt, p2ma, mfn); /* * old_mfn and iommu_old_flags control possible flush/update needs on the * IOMMU: We need to flush when MFN or flags (i.e. permissions) change. @@ -556,6 +566,7 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, old_mfn = l1e_get_pfn(*p2m_entry); iommu_old_flags = p2m_get_iommu_flags(p2m_flags_to_type(flags), + p2m_flags_to_access(flags), _mfn(old_mfn)); } else @@ -602,9 +613,10 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, 0, L1_PAGETABLE_ENTRIES); ASSERT(p2m_entry); old_mfn = l1e_get_pfn(*p2m_entry); + flags = l1e_get_flags(*p2m_entry); iommu_old_flags = - p2m_get_iommu_flags(p2m_flags_to_type(l1e_get_flags(*p2m_entry)), - _mfn(old_mfn)); + p2m_get_iommu_flags(p2m_flags_to_type(flags), + p2m_flags_to_access(flags), _mfn(old_mfn)); if ( mfn_valid(mfn) || p2m_allows_invalid_mfn(p2mt) ) entry_content = p2m_l1e_from_pfn(mfn_x(mfn), @@ -648,6 +660,7 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, old_mfn = l1e_get_pfn(*p2m_entry); iommu_old_flags = p2m_get_iommu_flags(p2m_flags_to_type(flags), + p2m_flags_to_access(flags), _mfn(old_mfn)); } else diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index 3f41deaeea..ebba14a85c 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -839,7 +839,8 @@ int p2m_altp2m_propagate_change(struct domain *d, gfn_t gfn, /* * p2m type to IOMMU flags */ -static inline unsigned int p2m_get_iommu_flags(p2m_type_t p2mt, mfn_t mfn) +static inline unsigned int p2m_get_iommu_flags(p2m_type_t p2mt, + p2m_access_t p2ma, mfn_t mfn) { unsigned int flags; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.11 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 14:12:29 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 14:12:29 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172418.314621 (Exim 4.92) (envelope-from ) id 1mItdl-00043c-Lc; Wed, 25 Aug 2021 14:12:29 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172418.314621; Wed, 25 Aug 2021 14:12:29 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItdl-00043U-Ig; Wed, 25 Aug 2021 14:12:29 +0000 Received: by outflank-mailman (input) for mailman id 172418; Wed, 25 Aug 2021 14:12:28 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItdk-00043I-1Q for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:12:28 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItdk-0006ri-0e for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:12:28 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mItdj-0000P9-Vx for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:12:27 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=9x6NNqfaMSHGsOpMgDnAghCKUC5H/LDLFuzC0/dqtZE=; b=JvKDjr013PIHRIHwT3LqJLJi63 u6aQjGkwsbXeeTSgZiKrYLkQU6TaMLwfTIyV+YXk35cyutq7sp+3CYiXDeaCGgGKtNBVima3YTpUc wBjU8Puh9SICxMywBJ8o0n+fv5ycbaeMcJ4WzcrGfgzIT8SU+yJURWXM9Yslcc3wZcEI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.11] IOMMU: generalize VT-d's tracking of mapped RMRR regions Message-Id: Date: Wed, 25 Aug 2021 14:12:27 +0000 commit fb23026c1489023bdad225795719343c640a97fc Author: Jan Beulich AuthorDate: Wed Aug 25 16:01:16 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 16:01:16 2021 +0200 IOMMU: generalize VT-d's tracking of mapped RMRR regions In order to re-use it elsewhere, move the logic to vendor independent code and strip it of RMRR specifics. Note that the prior "map" parameter gets folded into the new "p2ma" one (which AMD IOMMU code will want to make use of), assigning alternative meaning ("unmap") to p2m_access_x. Prepare set_identity_p2m_entry() and p2m_get_iommu_flags() for getting passed access types other than p2m_access_rw (in the latter case just for p2m_mmio_direct requests). Note also that, to be on the safe side, an overlap check gets added to the main loop of iommu_identity_mapping(). This is part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: c0e19d7c6c42f0bfccccd96b4f7b03b5515e10fc master date: 2021-08-25 14:15:57 +0200 --- xen/arch/x86/mm/p2m.c | 3 +- xen/drivers/passthrough/vtd/iommu.c | 98 +++++-------------------------------- xen/drivers/passthrough/x86/iommu.c | 95 ++++++++++++++++++++++++++++++++++- xen/include/asm-x86/iommu.h | 8 ++- xen/include/asm-x86/mem_access.h | 6 +-- xen/include/asm-x86/p2m.h | 35 +++++++++++-- 6 files changed, 150 insertions(+), 95 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index b8480e0e1c..5802b580ed 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -1157,7 +1157,8 @@ int set_identity_p2m_entry(struct domain *d, unsigned long gfn_l, { if ( !need_iommu(d) ) return 0; - return iommu_map_page(d, gfn_l, gfn_l, IOMMUF_readable|IOMMUF_writable); + return iommu_map_page(d, gfn_l, gfn_l, + p2m_access_to_iommu_flags(p2ma)); } gfn_lock(p2m, gfn, 0); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 698b176a81..3e6fa11dd5 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -42,12 +42,6 @@ #include "vtd.h" #include "../ats.h" -struct mapped_rmrr { - struct list_head list; - u64 base, end; - unsigned int count; -}; - /* Possible unfiltered LAPIC/MSI messages from untrusted sources? */ bool __read_mostly untrusted_msi; @@ -1785,16 +1779,11 @@ out: static void iommu_domain_teardown(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); - struct mapped_rmrr *mrmrr, *tmp; if ( list_empty(&acpi_drhd_units) ) return; - list_for_each_entry_safe ( mrmrr, tmp, &hd->arch.mapped_rmrrs, list ) - { - list_del(&mrmrr->list); - xfree(mrmrr); - } + iommu_identity_map_teardown(d); if ( iommu_use_hap_pt(d) ) return; @@ -1903,74 +1892,6 @@ static void iommu_set_pgd(struct domain *d) pagetable_get_paddr(pagetable_from_mfn(pgd_mfn)); } -static int rmrr_identity_mapping(struct domain *d, bool_t map, - const struct acpi_rmrr_unit *rmrr, - u32 flag) -{ - unsigned long base_pfn = rmrr->base_address >> PAGE_SHIFT_4K; - unsigned long end_pfn = PAGE_ALIGN_4K(rmrr->end_address) >> PAGE_SHIFT_4K; - struct mapped_rmrr *mrmrr; - struct domain_iommu *hd = dom_iommu(d); - - ASSERT(pcidevs_locked()); - ASSERT(rmrr->base_address < rmrr->end_address); - - /* - * No need to acquire hd->arch.mapping_lock: Both insertion and removal - * get done while holding pcidevs_lock. - */ - list_for_each_entry( mrmrr, &hd->arch.mapped_rmrrs, list ) - { - if ( mrmrr->base == rmrr->base_address && - mrmrr->end == rmrr->end_address ) - { - int ret = 0; - - if ( map ) - { - ++mrmrr->count; - return 0; - } - - if ( --mrmrr->count ) - return 0; - - while ( base_pfn < end_pfn ) - { - if ( clear_identity_p2m_entry(d, base_pfn) ) - ret = -ENXIO; - base_pfn++; - } - - list_del(&mrmrr->list); - xfree(mrmrr); - return ret; - } - } - - if ( !map ) - return -ENOENT; - - while ( base_pfn < end_pfn ) - { - int err = set_identity_p2m_entry(d, base_pfn, p2m_access_rw, flag); - - if ( err ) - return err; - base_pfn++; - } - - mrmrr = xmalloc(struct mapped_rmrr); - if ( !mrmrr ) - return -ENOMEM; - mrmrr->base = rmrr->base_address; - mrmrr->end = rmrr->end_address; - mrmrr->count = 1; - list_add_tail(&mrmrr->list, &hd->arch.mapped_rmrrs); - - return 0; -} - static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) { struct acpi_rmrr_unit *rmrr; @@ -2002,7 +1923,9 @@ static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) * Since RMRRs are always reserved in the e820 map for the hardware * domain, there shouldn't be a conflict. */ - ret = rmrr_identity_mapping(pdev->domain, 1, rmrr, 0); + ret = iommu_identity_mapping(pdev->domain, p2m_access_rw, + rmrr->base_address, rmrr->end_address, + 0); if ( ret ) dprintk(XENLOG_ERR VTDPREFIX, "d%d: RMRR mapping failed\n", pdev->domain->domain_id); @@ -2047,7 +1970,8 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) * Any flag is nothing to clear these mappings but here * its always safe and strict to set 0. */ - rmrr_identity_mapping(pdev->domain, 0, rmrr, 0); + iommu_identity_mapping(pdev->domain, p2m_access_x, rmrr->base_address, + rmrr->end_address, 0); } return domain_context_unmap(pdev->domain, devfn, pdev); @@ -2214,7 +2138,8 @@ static void __hwdom_init setup_hwdom_rmrr(struct domain *d) * domain, there shouldn't be a conflict. So its always safe and * strict to set 0. */ - ret = rmrr_identity_mapping(d, 1, rmrr, 0); + ret = iommu_identity_mapping(d, p2m_access_rw, rmrr->base_address, + rmrr->end_address, 0); if ( ret ) dprintk(XENLOG_ERR VTDPREFIX, "IOMMU: mapping reserved region failed\n"); @@ -2371,7 +2296,9 @@ static int reassign_device_ownership( * Any RMRR flag is always ignored when remove a device, * but its always safe and strict to set 0. */ - ret = rmrr_identity_mapping(source, 0, rmrr, 0); + ret = iommu_identity_mapping(source, p2m_access_x, + rmrr->base_address, + rmrr->end_address, 0); if ( ret != -ENOENT ) return ret; } @@ -2468,7 +2395,8 @@ static int intel_iommu_assign_device( PCI_BUS(bdf) == bus && PCI_DEVFN2(bdf) == devfn ) { - ret = rmrr_identity_mapping(d, 1, rmrr, flag); + ret = iommu_identity_mapping(d, p2m_access_rw, rmrr->base_address, + rmrr->end_address, flag); if ( ret ) { int rc; diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index 228409c24a..c467342d36 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -144,7 +144,7 @@ int arch_iommu_domain_init(struct domain *d) struct domain_iommu *hd = dom_iommu(d); spin_lock_init(&hd->arch.mapping_lock); - INIT_LIST_HEAD(&hd->arch.mapped_rmrrs); + INIT_LIST_HEAD(&hd->arch.identity_maps); return 0; } @@ -153,6 +153,99 @@ void arch_iommu_domain_destroy(struct domain *d) { } +struct identity_map { + struct list_head list; + paddr_t base, end; + p2m_access_t access; + unsigned int count; +}; + +int iommu_identity_mapping(struct domain *d, p2m_access_t p2ma, + paddr_t base, paddr_t end, + unsigned int flag) +{ + unsigned long base_pfn = base >> PAGE_SHIFT_4K; + unsigned long end_pfn = PAGE_ALIGN_4K(end) >> PAGE_SHIFT_4K; + struct identity_map *map; + struct domain_iommu *hd = dom_iommu(d); + + ASSERT(pcidevs_locked()); + ASSERT(base < end); + + /* + * No need to acquire hd->arch.mapping_lock: Both insertion and removal + * get done while holding pcidevs_lock. + */ + list_for_each_entry( map, &hd->arch.identity_maps, list ) + { + if ( map->base == base && map->end == end ) + { + int ret = 0; + + if ( p2ma != p2m_access_x ) + { + if ( map->access != p2ma ) + return -EADDRINUSE; + ++map->count; + return 0; + } + + if ( --map->count ) + return 0; + + while ( base_pfn < end_pfn ) + { + if ( clear_identity_p2m_entry(d, base_pfn) ) + ret = -ENXIO; + base_pfn++; + } + + list_del(&map->list); + xfree(map); + + return ret; + } + + if ( end >= map->base && map->end >= base ) + return -EADDRINUSE; + } + + if ( p2ma == p2m_access_x ) + return -ENOENT; + + while ( base_pfn < end_pfn ) + { + int err = set_identity_p2m_entry(d, base_pfn, p2ma, flag); + + if ( err ) + return err; + base_pfn++; + } + + map = xmalloc(struct identity_map); + if ( !map ) + return -ENOMEM; + map->base = base; + map->end = end; + map->access = p2ma; + map->count = 1; + list_add_tail(&map->list, &hd->arch.identity_maps); + + return 0; +} + +void iommu_identity_map_teardown(struct domain *d) +{ + struct domain_iommu *hd = dom_iommu(d); + struct identity_map *map, *tmp; + + list_for_each_entry_safe ( map, tmp, &hd->arch.identity_maps, list ) + { + list_del(&map->list); + xfree(map); + } +} + /* * Local variables: * mode: C diff --git a/xen/include/asm-x86/iommu.h b/xen/include/asm-x86/iommu.h index dfc9b77594..1913606393 100644 --- a/xen/include/asm-x86/iommu.h +++ b/xen/include/asm-x86/iommu.h @@ -16,6 +16,7 @@ #include #include +#include #include #include #include @@ -36,7 +37,7 @@ struct arch_iommu spinlock_t mapping_lock; /* io page table lock */ int agaw; /* adjusted guest address width, 0 is level 2 30-bit */ u64 iommu_bitmap; /* bitmap of iommu(s) that the domain uses */ - struct list_head mapped_rmrrs; + struct list_head identity_maps; /* amd iommu support */ int paging_mode; @@ -94,6 +95,11 @@ bool_t iommu_supports_eim(void); int iommu_enable_x2apic_IR(void); void iommu_disable_x2apic_IR(void); +int iommu_identity_mapping(struct domain *d, p2m_access_t p2ma, + paddr_t base, paddr_t end, + unsigned int flag); +void iommu_identity_map_teardown(struct domain *d); + extern bool untrusted_msi; int pi_update_irte(const struct pi_desc *pi_desc, const struct pirq *pirq, diff --git a/xen/include/asm-x86/mem_access.h b/xen/include/asm-x86/mem_access.h index 4043c9fb4d..c5775edff4 100644 --- a/xen/include/asm-x86/mem_access.h +++ b/xen/include/asm-x86/mem_access.h @@ -44,10 +44,8 @@ bool p2m_mem_access_emulate_check(struct vcpu *v, const vm_event_response_t *rsp); /* Sanity check for mem_access hardware support */ -static inline bool p2m_mem_access_sanity_check(struct domain *d) -{ - return is_hvm_domain(d) && cpu_has_vmx && hap_enabled(d); -} +#define p2m_mem_access_sanity_check(d) \ + (is_hvm_domain(d) && cpu_has_vmx && hap_enabled(d)) #endif /*__ASM_X86_MEM_ACCESS_H__ */ diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index ebba14a85c..0e1888b8b3 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -836,6 +836,34 @@ int p2m_altp2m_propagate_change(struct domain *d, gfn_t gfn, mfn_t mfn, unsigned int page_order, p2m_type_t p2mt, p2m_access_t p2ma); +/* p2m access to IOMMU flags */ +static inline unsigned int p2m_access_to_iommu_flags(p2m_access_t p2ma) +{ + switch ( p2ma ) + { + case p2m_access_rw: + case p2m_access_rwx: + return IOMMUF_readable | IOMMUF_writable; + + case p2m_access_r: + case p2m_access_rx: + case p2m_access_rx2rw: + return IOMMUF_readable; + + case p2m_access_w: + case p2m_access_wx: + return IOMMUF_writable; + + case p2m_access_n: + case p2m_access_x: + case p2m_access_n2rwx: + return 0; + } + + ASSERT_UNREACHABLE(); + return 0; +} + /* * p2m type to IOMMU flags */ @@ -857,9 +885,10 @@ static inline unsigned int p2m_get_iommu_flags(p2m_type_t p2mt, flags = IOMMUF_readable; break; case p2m_mmio_direct: - flags = IOMMUF_readable; - if ( !rangeset_contains_singleton(mmio_ro_ranges, mfn_x(mfn)) ) - flags |= IOMMUF_writable; + flags = p2m_access_to_iommu_flags(p2ma); + if ( (flags & IOMMUF_writable) && + rangeset_contains_singleton(mmio_ro_ranges, mfn_x(mfn)) ) + flags &= ~IOMMUF_writable; break; default: flags = 0; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.11 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 14:12:39 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 14:12:39 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172419.314625 (Exim 4.92) (envelope-from ) id 1mItdv-00046w-P9; Wed, 25 Aug 2021 14:12:39 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172419.314625; Wed, 25 Aug 2021 14:12:39 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItdv-00046o-Lz; Wed, 25 Aug 2021 14:12:39 +0000 Received: by outflank-mailman (input) for mailman id 172419; Wed, 25 Aug 2021 14:12:38 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItdu-00046e-4w for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:12:38 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItdu-0006rr-4F for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:12:38 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mItdu-0000QB-3H for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:12:38 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0yRPqUcTGXl5JB3t/TsLOvfcjw5vAsFWeTo9AiFwFiU=; b=oAIZ6LXqFhWwTiJu5zz9LEyT5e oX8jg4s+RnHSXmEQZqBssq0nHwbXS4J4P9q0gRZrQVPY+83MCZeOW19x6AD6QyfjHvGjvC7I36u5M pb4mOUA1lTcA9sbeRV8xSzDHmw8mE6++73+KSQxmhmU42xL9gj87zvDqZowhwYaqVCyg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.11] AMD/IOMMU: re-arrange/complete re-assignment handling Message-Id: Date: Wed, 25 Aug 2021 14:12:38 +0000 commit ba79e525c1c7982e93d5f889cd66c783ecdf499a Author: Jan Beulich AuthorDate: Wed Aug 25 16:01:42 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 16:01:42 2021 +0200 AMD/IOMMU: re-arrange/complete re-assignment handling Prior to the assignment step having completed successfully, devices should not get associated with their new owner. Hand the device to DomIO (perhaps temporarily), until after the de-assignment step has completed. De-assignment of a device (from other than Dom0) as well as failure of reassign_device() during assignment should result in unity mappings getting torn down. This in turn requires switching to a refcounted mapping approach, as was already used by VT-d for its RMRRs, to prevent unmapping a region used by multiple devices. This is CVE-2021-28696 / part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: 899272539cbe1acda736a850015416fff653a1b6 master date: 2021-08-25 14:16:26 +0200 --- xen/drivers/passthrough/amd/iommu_map.c | 54 +++++++++++++++++++-------- xen/drivers/passthrough/amd/pci_amd_iommu.c | 54 +++++++++++++++++++++------ xen/include/asm-x86/hvm/svm/amd-iommu-proto.h | 6 ++- 3 files changed, 84 insertions(+), 30 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 24d027e7d1..90a801a79d 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -716,27 +716,49 @@ int amd_iommu_unmap_page(struct domain *d, unsigned long gfn) return 0; } -int amd_iommu_reserve_domain_unity_map(struct domain *domain, - u64 phys_addr, - unsigned long size, int iw, int ir) +int amd_iommu_reserve_domain_unity_map(struct domain *d, + const struct ivrs_unity_map *map, + unsigned int flag) { - unsigned long npages, i; - unsigned long gfn; - unsigned int flags = !!ir; - int rt = 0; + int rc; - if ( iw ) - flags |= IOMMUF_writable; + if ( d == dom_io ) + return 0; - npages = region_to_pages(phys_addr, size); - gfn = phys_addr >> PAGE_SHIFT; - for ( i = 0; i < npages; i++ ) + for ( rc = 0; !rc && map; map = map->next ) { - rt = amd_iommu_map_page(domain, gfn +i, gfn +i, flags); - if ( rt != 0 ) - return rt; + p2m_access_t p2ma = p2m_access_n; + + if ( map->read ) + p2ma |= p2m_access_r; + if ( map->write ) + p2ma |= p2m_access_w; + + rc = iommu_identity_mapping(d, p2ma, map->addr, + map->addr + map->length - 1, flag); } - return 0; + + return rc; +} + +int amd_iommu_reserve_domain_unity_unmap(struct domain *d, + const struct ivrs_unity_map *map) +{ + int rc; + + if ( d == dom_io ) + return 0; + + for ( rc = 0; map; map = map->next ) + { + int ret = iommu_identity_mapping(d, p2m_access_x, map->addr, + map->addr + map->length - 1, 0); + + if ( ret && ret != -ENOENT && !rc ) + rc = ret; + } + + return rc; } /* Share p2m table with iommu. */ diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 03df7c0dee..49e34de60b 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -333,6 +333,7 @@ static int reassign_device(struct domain *source, struct domain *target, struct amd_iommu *iommu; int bdf, rc; struct domain_iommu *t = dom_iommu(target); + const struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); bdf = PCI_BDF2(pdev->bus, pdev->devfn); iommu = find_iommu_for_device(pdev->seg, bdf); @@ -347,10 +348,24 @@ static int reassign_device(struct domain *source, struct domain *target, amd_iommu_disable_domain_device(source, iommu, devfn, pdev); - if ( devfn == pdev->devfn ) + /* + * If the device belongs to the hardware domain, and it has a unity mapping, + * don't remove it from the hardware domain, because BIOS may reference that + * mapping. + */ + if ( !is_hardware_domain(source) ) { - list_move(&pdev->domain_list, &target->arch.pdev_list); - pdev->domain = target; + rc = amd_iommu_reserve_domain_unity_unmap( + source, + ivrs_mappings[get_dma_requestor_id(pdev->seg, bdf)].unity_map); + if ( rc ) + return rc; + } + + if ( devfn == pdev->devfn && pdev->domain != dom_io ) + { + list_move(&pdev->domain_list, &dom_io->arch.pdev_list); + pdev->domain = dom_io; } rc = allocate_domain_resources(t); @@ -362,6 +377,12 @@ static int reassign_device(struct domain *source, struct domain *target, pdev->seg, pdev->bus, PCI_SLOT(devfn), PCI_FUNC(devfn), source->domain_id, target->domain_id); + if ( devfn == pdev->devfn && pdev->domain != target ) + { + list_move(&pdev->domain_list, &target->arch.pdev_list); + pdev->domain = target; + } + return 0; } @@ -372,20 +393,28 @@ static int amd_iommu_assign_device(struct domain *d, u8 devfn, struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); int bdf = PCI_BDF2(pdev->bus, devfn); int req_id = get_dma_requestor_id(pdev->seg, bdf); - const struct ivrs_unity_map *unity_map; + int rc = amd_iommu_reserve_domain_unity_map( + d, ivrs_mappings[req_id].unity_map, flag); + + if ( !rc ) + rc = reassign_device(pdev->domain, d, devfn, pdev); - for ( unity_map = ivrs_mappings[req_id].unity_map; unity_map; - unity_map = unity_map->next ) + if ( rc && !is_hardware_domain(d) ) { - int rc = amd_iommu_reserve_domain_unity_map( - d, unity_map->addr, unity_map->length, - unity_map->write, unity_map->read); + int ret = amd_iommu_reserve_domain_unity_unmap( + d, ivrs_mappings[req_id].unity_map); - if ( rc ) - return rc; + if ( ret ) + { + printk(XENLOG_ERR "AMD-Vi: " + "unity-unmap for d%d/%04x:%02x:%02x.%u failed (%d)\n", + d->domain_id, pdev->seg, pdev->bus, + PCI_SLOT(devfn), PCI_FUNC(devfn), ret); + domain_crash(d); + } } - return reassign_device(pdev->domain, d, devfn, pdev); + return rc; } static void deallocate_next_page_table(struct page_info *pg, int level) @@ -451,6 +480,7 @@ static void deallocate_iommu_page_tables(struct domain *d) static void amd_iommu_domain_destroy(struct domain *d) { + iommu_identity_map_teardown(d); deallocate_iommu_page_tables(d); amd_iommu_flush_all_pages(d); } diff --git a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h index 22d6614169..7c082ef88e 100644 --- a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h +++ b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h @@ -60,8 +60,10 @@ int __must_check amd_iommu_unmap_page(struct domain *d, unsigned long gfn); u64 amd_iommu_get_next_table_from_pte(u32 *entry); int __must_check amd_iommu_alloc_root(struct domain_iommu *hd); int amd_iommu_reserve_domain_unity_map(struct domain *domain, - u64 phys_addr, unsigned long size, - int iw, int ir); + const struct ivrs_unity_map *map, + unsigned int flag); +int amd_iommu_reserve_domain_unity_unmap(struct domain *d, + const struct ivrs_unity_map *map); /* Share p2m table with iommu */ void amd_iommu_share_p2m(struct domain *d); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.11 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 14:12:49 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 14:12:49 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172420.314629 (Exim 4.92) (envelope-from ) id 1mIte5-00049l-QP; Wed, 25 Aug 2021 14:12:49 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172420.314629; Wed, 25 Aug 2021 14:12:49 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIte5-00049e-Nb; Wed, 25 Aug 2021 14:12:49 +0000 Received: by outflank-mailman (input) for mailman id 172420; Wed, 25 Aug 2021 14:12:48 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIte4-00049P-8n for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:12:48 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIte4-0006s2-7y for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:12:48 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIte4-0000R7-7B for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:12:48 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=d/8JLjwCd2WlS8Cpp5sKaSWnfMENAL1jHMrTglbomxI=; b=grJSVpm1yS2p/NE/CxhRdaoCvB vJ6SzIUEiYZy55vQCRfrpnJONMfSQ6ed9dRKcJkJAkoNv5wyXLtpDLo1Gjz2J83+SXllRG1GVkudH errrrDToIpfAWzcUG/UfbDnVxJnOyCYgZGCbWtBuhWotw6Rz8g+4RaXxfKW08BYuI9UM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.11] AMD/IOMMU: re-arrange exclusion range and unity map recording Message-Id: Date: Wed, 25 Aug 2021 14:12:48 +0000 commit 2468d8ebc2b0f0aabf621fd712e7ba7d8529d336 Author: Jan Beulich AuthorDate: Wed Aug 25 16:01:59 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 16:01:59 2021 +0200 AMD/IOMMU: re-arrange exclusion range and unity map recording The spec makes no provisions for OS behavior here to depend on the amount of RAM found on the system. While the spec may not sufficiently clearly distinguish both kinds of regions, they are surely meant to be separate things: Only regions with ACPI_IVMD_EXCLUSION_RANGE set should be candidates for putting in the exclusion range registers. (As there's only a single such pair of registers per IOMMU, secondary non-adjacent regions with the flag set already get converted to unity mapped regions.) First of all, drop the dependency on max_page. With commit b4f042236ae0 ("AMD/IOMMU: Cease using a dynamic height for the IOMMU pagetables") the use of it here was stale anyway; it was bogus already before, as it didn't account for max_page getting increased later on. Simply try an exclusion range registration first, and if it fails (for being unsuitable or non-mergeable), register a unity mapping range. With this various local variables become unnecessary and hence get dropped at the same time. With the max_page boundary dropped for using unity maps, the minimum page table tree height now needs both recording and enforcing in amd_iommu_domain_init(). Since we can't predict which devices may get assigned to a domain, our only option is to uniformly force at least that height for all domains, now that the height isn't dynamic anymore. Further don't make use of the exclusion range unless ACPI data says so. Note that exclusion range registration in register_range_for_all_devices() is on a best effort basis. Hence unity map entries also registered are redundant when the former succeeded, but they also do no harm. Improvements in this area can be done later imo. Also adjust types where suitable without touching extra lines. This is part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: 8ea80530cd0dbb8ffa7ac92606a3ee29663fdc93 master date: 2021-08-25 14:16:46 +0200 --- xen/drivers/passthrough/amd/iommu_acpi.c | 184 +++++++++++--------------- xen/drivers/passthrough/amd/pci_amd_iommu.c | 12 +- xen/include/asm-x86/hvm/svm/amd-iommu-proto.h | 2 + 3 files changed, 90 insertions(+), 108 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c b/xen/drivers/passthrough/amd/iommu_acpi.c index a477877f32..dc940a8c8c 100644 --- a/xen/drivers/passthrough/amd/iommu_acpi.c +++ b/xen/drivers/passthrough/amd/iommu_acpi.c @@ -99,12 +99,8 @@ static struct amd_iommu * __init find_iommu_from_bdf_cap( } static int __init reserve_iommu_exclusion_range( - struct amd_iommu *iommu, uint64_t base, uint64_t limit, - bool all, bool iw, bool ir) + struct amd_iommu *iommu, paddr_t base, paddr_t limit, bool all) { - if ( !ir || !iw ) - return -EPERM; - /* need to extend exclusion range? */ if ( iommu->exclusion_enable ) { @@ -133,14 +129,18 @@ static int __init reserve_unity_map_for_device( { struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(seg); struct ivrs_unity_map *unity_map = ivrs_mappings[bdf].unity_map; + int paging_mode = amd_iommu_get_paging_mode(PFN_UP(base + length)); + + if ( paging_mode < 0 ) + return paging_mode; /* Check for overlaps. */ for ( ; unity_map; unity_map = unity_map->next ) { /* * Exact matches are okay. This can in particular happen when - * register_exclusion_range_for_device() calls here twice for the - * same (s,b,d,f). + * register_range_for_device() calls here twice for the same + * (s,b,d,f). */ if ( base == unity_map->addr && length == unity_map->length && ir == unity_map->read && iw == unity_map->write ) @@ -168,55 +168,52 @@ static int __init reserve_unity_map_for_device( unity_map->next = ivrs_mappings[bdf].unity_map; ivrs_mappings[bdf].unity_map = unity_map; + if ( paging_mode > amd_iommu_min_paging_mode ) + amd_iommu_min_paging_mode = paging_mode; + return 0; } -static int __init register_exclusion_range_for_all_devices( - unsigned long base, unsigned long limit, u8 iw, u8 ir) +static int __init register_range_for_all_devices( + paddr_t base, paddr_t limit, bool iw, bool ir, bool exclusion) { int seg = 0; /* XXX */ - unsigned long range_top, iommu_top, length; struct amd_iommu *iommu; - unsigned int bdf; int rc = 0; /* is part of exclusion range inside of IOMMU virtual address space? */ /* note: 'limit' parameter is assumed to be page-aligned */ - range_top = limit + PAGE_SIZE; - iommu_top = max_page * PAGE_SIZE; - if ( base < iommu_top ) - { - if ( range_top > iommu_top ) - range_top = iommu_top; - length = range_top - base; - /* reserve r/w unity-mapped page entries for devices */ - /* note: these entries are part of the exclusion range */ - for ( bdf = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) - rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); - /* push 'base' just outside of virtual address space */ - base = iommu_top; - } - /* register IOMMU exclusion range settings */ - if ( !rc && limit >= iommu_top ) + if ( exclusion ) { for_each_amd_iommu( iommu ) { - rc = reserve_iommu_exclusion_range(iommu, base, limit, - true /* all */, iw, ir); - if ( rc ) - break; + int ret = reserve_iommu_exclusion_range(iommu, base, limit, + true /* all */); + + if ( ret && !rc ) + rc = ret; } } + if ( !exclusion || rc ) + { + paddr_t length = limit + PAGE_SIZE - base; + unsigned int bdf; + + /* reserve r/w unity-mapped page entries for devices */ + for ( bdf = rc = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) + rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); + } + return rc; } -static int __init register_exclusion_range_for_device( - u16 bdf, unsigned long base, unsigned long limit, u8 iw, u8 ir) +static int __init register_range_for_device( + unsigned int bdf, paddr_t base, paddr_t limit, + bool iw, bool ir, bool exclusion) { int seg = 0; /* XXX */ struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(seg); - unsigned long range_top, iommu_top, length; struct amd_iommu *iommu; u16 req; int rc = 0; @@ -230,27 +227,19 @@ static int __init register_exclusion_range_for_device( req = ivrs_mappings[bdf].dte_requestor_id; /* note: 'limit' parameter is assumed to be page-aligned */ - range_top = limit + PAGE_SIZE; - iommu_top = max_page * PAGE_SIZE; - if ( base < iommu_top ) + if ( exclusion ) + rc = reserve_iommu_exclusion_range(iommu, base, limit, + false /* all */); + if ( !exclusion || rc ) { - if ( range_top > iommu_top ) - range_top = iommu_top; - length = range_top - base; + paddr_t length = limit + PAGE_SIZE - base; + /* reserve unity-mapped page entries for device */ - /* note: these entries are part of the exclusion range */ rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir) ?: reserve_unity_map_for_device(seg, req, base, length, iw, ir); - - /* push 'base' just outside of virtual address space */ - base = iommu_top; } - - /* register IOMMU exclusion range settings for device */ - if ( !rc && limit >= iommu_top ) + else { - rc = reserve_iommu_exclusion_range(iommu, base, limit, - false /* all */, iw, ir); ivrs_mappings[bdf].dte_allow_exclusion = IOMMU_CONTROL_ENABLED; ivrs_mappings[req].dte_allow_exclusion = IOMMU_CONTROL_ENABLED; } @@ -258,53 +247,42 @@ static int __init register_exclusion_range_for_device( return rc; } -static int __init register_exclusion_range_for_iommu_devices( - struct amd_iommu *iommu, - unsigned long base, unsigned long limit, u8 iw, u8 ir) +static int __init register_range_for_iommu_devices( + struct amd_iommu *iommu, paddr_t base, paddr_t limit, + bool iw, bool ir, bool exclusion) { - unsigned long range_top, iommu_top, length; + /* note: 'limit' parameter is assumed to be page-aligned */ + paddr_t length = limit + PAGE_SIZE - base; unsigned int bdf; u16 req; - int rc = 0; + int rc; - /* is part of exclusion range inside of IOMMU virtual address space? */ - /* note: 'limit' parameter is assumed to be page-aligned */ - range_top = limit + PAGE_SIZE; - iommu_top = max_page * PAGE_SIZE; - if ( base < iommu_top ) + if ( exclusion ) { - if ( range_top > iommu_top ) - range_top = iommu_top; - length = range_top - base; - /* reserve r/w unity-mapped page entries for devices */ - /* note: these entries are part of the exclusion range */ - for ( bdf = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) - { - if ( iommu == find_iommu_for_device(iommu->seg, bdf) ) - { - req = get_ivrs_mappings(iommu->seg)[bdf].dte_requestor_id; - rc = reserve_unity_map_for_device(iommu->seg, bdf, base, length, - iw, ir) ?: - reserve_unity_map_for_device(iommu->seg, req, base, length, - iw, ir); - } - } - - /* push 'base' just outside of virtual address space */ - base = iommu_top; + rc = reserve_iommu_exclusion_range(iommu, base, limit, true /* all */); + if ( !rc ) + return 0; } - /* register IOMMU exclusion range settings */ - if ( !rc && limit >= iommu_top ) - rc = reserve_iommu_exclusion_range(iommu, base, limit, - true /* all */, iw, ir); + /* reserve unity-mapped page entries for devices */ + for ( bdf = rc = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) + { + if ( iommu != find_iommu_for_device(iommu->seg, bdf) ) + continue; + + req = get_ivrs_mappings(iommu->seg)[bdf].dte_requestor_id; + rc = reserve_unity_map_for_device(iommu->seg, bdf, base, length, + iw, ir) ?: + reserve_unity_map_for_device(iommu->seg, req, base, length, + iw, ir); + } return rc; } static int __init parse_ivmd_device_select( const struct acpi_ivrs_memory *ivmd_block, - unsigned long base, unsigned long limit, u8 iw, u8 ir) + paddr_t base, paddr_t limit, bool iw, bool ir, bool exclusion) { u16 bdf; @@ -315,12 +293,12 @@ static int __init parse_ivmd_device_select( return -ENODEV; } - return register_exclusion_range_for_device(bdf, base, limit, iw, ir); + return register_range_for_device(bdf, base, limit, iw, ir, exclusion); } static int __init parse_ivmd_device_range( const struct acpi_ivrs_memory *ivmd_block, - unsigned long base, unsigned long limit, u8 iw, u8 ir) + paddr_t base, paddr_t limit, bool iw, bool ir, bool exclusion) { unsigned int first_bdf, last_bdf, bdf; int error; @@ -342,15 +320,15 @@ static int __init parse_ivmd_device_range( } for ( bdf = first_bdf, error = 0; (bdf <= last_bdf) && !error; bdf++ ) - error = register_exclusion_range_for_device( - bdf, base, limit, iw, ir); + error = register_range_for_device( + bdf, base, limit, iw, ir, exclusion); return error; } static int __init parse_ivmd_device_iommu( const struct acpi_ivrs_memory *ivmd_block, - unsigned long base, unsigned long limit, u8 iw, u8 ir) + paddr_t base, paddr_t limit, bool iw, bool ir, bool exclusion) { int seg = 0; /* XXX */ struct amd_iommu *iommu; @@ -365,14 +343,14 @@ static int __init parse_ivmd_device_iommu( return -ENODEV; } - return register_exclusion_range_for_iommu_devices( - iommu, base, limit, iw, ir); + return register_range_for_iommu_devices( + iommu, base, limit, iw, ir, exclusion); } static int __init parse_ivmd_block(const struct acpi_ivrs_memory *ivmd_block) { unsigned long start_addr, mem_length, base, limit; - u8 iw, ir; + bool iw = true, ir = true, exclusion = false; if ( ivmd_block->header.length < sizeof(*ivmd_block) ) { @@ -389,13 +367,11 @@ static int __init parse_ivmd_block(const struct acpi_ivrs_memory *ivmd_block) ivmd_block->header.type, start_addr, mem_length); if ( ivmd_block->header.flags & ACPI_IVMD_EXCLUSION_RANGE ) - iw = ir = IOMMU_CONTROL_ENABLED; + exclusion = true; else if ( ivmd_block->header.flags & ACPI_IVMD_UNITY ) { - iw = ivmd_block->header.flags & ACPI_IVMD_READ ? - IOMMU_CONTROL_ENABLED : IOMMU_CONTROL_DISABLED; - ir = ivmd_block->header.flags & ACPI_IVMD_WRITE ? - IOMMU_CONTROL_ENABLED : IOMMU_CONTROL_DISABLED; + iw = ivmd_block->header.flags & ACPI_IVMD_READ; + ir = ivmd_block->header.flags & ACPI_IVMD_WRITE; } else { @@ -406,20 +382,20 @@ static int __init parse_ivmd_block(const struct acpi_ivrs_memory *ivmd_block) switch( ivmd_block->header.type ) { case ACPI_IVRS_TYPE_MEMORY_ALL: - return register_exclusion_range_for_all_devices( - base, limit, iw, ir); + return register_range_for_all_devices( + base, limit, iw, ir, exclusion); case ACPI_IVRS_TYPE_MEMORY_ONE: - return parse_ivmd_device_select(ivmd_block, - base, limit, iw, ir); + return parse_ivmd_device_select(ivmd_block, base, limit, + iw, ir, exclusion); case ACPI_IVRS_TYPE_MEMORY_RANGE: - return parse_ivmd_device_range(ivmd_block, - base, limit, iw, ir); + return parse_ivmd_device_range(ivmd_block, base, limit, + iw, ir, exclusion); case ACPI_IVRS_TYPE_MEMORY_IOMMU: - return parse_ivmd_device_iommu(ivmd_block, - base, limit, iw, ir); + return parse_ivmd_device_iommu(ivmd_block, base, limit, + iw, ir, exclusion); default: AMD_IOMMU_DEBUG("IVMD Error: Invalid Block Type!\n"); diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 49e34de60b..3d755ca6e4 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -218,6 +218,8 @@ static int __must_check allocate_domain_resources(struct domain_iommu *hd) return rc; } +int __read_mostly amd_iommu_min_paging_mode = 1; + static int amd_iommu_domain_init(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); @@ -229,11 +231,13 @@ static int amd_iommu_domain_init(struct domain *d) * - HVM could in principle use 3 or 4 depending on how much guest * physical address space we give it, but this isn't known yet so use 4 * unilaterally. + * - Unity maps may require an even higher number. */ - hd->arch.paging_mode = amd_iommu_get_paging_mode( - is_hvm_domain(d) - ? 1ul << (DEFAULT_DOMAIN_ADDRESS_WIDTH - PAGE_SHIFT) - : get_upper_mfn_bound() + 1); + hd->arch.paging_mode = max(amd_iommu_get_paging_mode( + is_hvm_domain(d) + ? 1ul << (DEFAULT_DOMAIN_ADDRESS_WIDTH - PAGE_SHIFT) + : get_upper_mfn_bound() + 1), + amd_iommu_min_paging_mode); return 0; } diff --git a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h index 7c082ef88e..b85843ef80 100644 --- a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h +++ b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h @@ -126,6 +126,8 @@ extern struct hpet_sbdf { } init; } hpet_sbdf; +extern int amd_iommu_min_paging_mode; + extern void *shared_intremap_table; extern unsigned long *shared_intremap_inuse; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.11 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 14:12:59 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 14:12:59 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172421.314633 (Exim 4.92) (envelope-from ) id 1mIteF-0004Cf-S6; Wed, 25 Aug 2021 14:12:59 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172421.314633; Wed, 25 Aug 2021 14:12:59 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIteF-0004CX-PF; Wed, 25 Aug 2021 14:12:59 +0000 Received: by outflank-mailman (input) for mailman id 172421; Wed, 25 Aug 2021 14:12:58 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIteE-0004CH-CB for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:12:58 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIteE-0006sD-BX for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:12:58 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIteE-0000SP-Ae for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:12:58 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=BQPbOCjt7CxpXOcI2IbILBUXdz2/rsGI/sa/t1i2lGs=; b=QzdNwKFGccUOKpx9Wect3WiQCy 4x7rcdyOs5YBcmCD81fAD/7Ebj7qQxGeNtfXTvoHbkX1yU+a4KpG1l6SyeipvQSSGBxEPctW6sUNx W8JZYLIYItK+yVmVEVkHz3Dln86biovYuDwmwuooo2o3Qbymrnb1SRvl6kaK3kCP9010=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.11] x86/p2m: introduce p2m_is_special() Message-Id: Date: Wed, 25 Aug 2021 14:12:58 +0000 commit f5ec482659b62229b2390cb0662918150076863b Author: Jan Beulich AuthorDate: Wed Aug 25 16:02:17 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 16:02:17 2021 +0200 x86/p2m: introduce p2m_is_special() Seeing the similarity of grant, foreign, and (subsequently) direct-MMIO handling, introduce a new P2M type group named "special" (as in "needing special accessors to create/destroy"). Also use -EPERM instead of other error codes on the two domain_crash() paths touched. This is part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: 0bf755e2c856628e11e93c76c3e12974e9964638 master date: 2021-08-25 14:17:07 +0200 --- xen/arch/x86/mm/p2m.c | 15 +++++++-------- xen/include/asm-x86/p2m.h | 5 +++++ 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 5802b580ed..cebfabba7d 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -736,7 +736,7 @@ p2m_remove_page(struct p2m_domain *p2m, unsigned long gfn_l, unsigned long mfn, for ( i = 0; i < (1UL << page_order); i++ ) { p2m->get_entry(p2m, gfn_add(gfn, i), &t, &a, 0, NULL, NULL); - if ( !p2m_is_grant(t) && !p2m_is_shared(t) && !p2m_is_foreign(t) ) + if ( !p2m_is_special(t) && !p2m_is_shared(t) ) set_gpfn_from_mfn(mfn+i, INVALID_M2P_ENTRY); } } @@ -848,13 +848,13 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, &ot, &a, 0, NULL, NULL); ASSERT(!p2m_is_shared(ot)); } - if ( p2m_is_grant(ot) || p2m_is_foreign(ot) ) + if ( p2m_is_special(ot) ) { - /* Really shouldn't be unmapping grant/foreign maps this way */ + /* Don't permit unmapping grant/foreign this way. */ domain_crash(d); p2m_unlock(p2m); - return -EINVAL; + return -EPERM; } else if ( p2m_is_ram(ot) && !p2m_is_paged(ot) ) { @@ -947,8 +947,7 @@ int p2m_change_type_one(struct domain *d, unsigned long gfn_l, struct p2m_domain *p2m = p2m_get_hostp2m(d); int rc; - BUG_ON(p2m_is_grant(ot) || p2m_is_grant(nt)); - BUG_ON(p2m_is_foreign(ot) || p2m_is_foreign(nt)); + BUG_ON(p2m_is_special(ot) || p2m_is_special(nt)); gfn_lock(p2m, gfn, 0); @@ -1091,11 +1090,11 @@ static int set_typed_p2m_entry(struct domain *d, unsigned long gfn_l, gfn_unlock(p2m, gfn, order); return cur_order + 1; } - if ( p2m_is_grant(ot) || p2m_is_foreign(ot) ) + if ( p2m_is_special(ot) ) { gfn_unlock(p2m, gfn, order); domain_crash(d); - return -ENOENT; + return -EPERM; } else if ( p2m_is_ram(ot) ) { diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index 0e1888b8b3..72a250b93a 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -142,6 +142,10 @@ typedef unsigned int p2m_query_t; | p2m_to_mask(p2m_ram_logdirty) ) #define P2M_SHARED_TYPES (p2m_to_mask(p2m_ram_shared)) +/* Types established/cleaned up via special accessors. */ +#define P2M_SPECIAL_TYPES (P2M_GRANT_TYPES | \ + p2m_to_mask(p2m_map_foreign)) + /* Valid types not necessarily associated with a (valid) MFN. */ #define P2M_INVALID_MFN_TYPES (P2M_POD_TYPES \ | p2m_to_mask(p2m_mmio_direct) \ @@ -170,6 +174,7 @@ typedef unsigned int p2m_query_t; #define p2m_is_paged(_t) (p2m_to_mask(_t) & P2M_PAGED_TYPES) #define p2m_is_sharable(_t) (p2m_to_mask(_t) & P2M_SHARABLE_TYPES) #define p2m_is_shared(_t) (p2m_to_mask(_t) & P2M_SHARED_TYPES) +#define p2m_is_special(_t) (p2m_to_mask(_t) & P2M_SPECIAL_TYPES) #define p2m_is_broken(_t) (p2m_to_mask(_t) & P2M_BROKEN_TYPES) #define p2m_is_foreign(_t) (p2m_to_mask(_t) & p2m_to_mask(p2m_map_foreign)) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.11 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 14:13:09 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 14:13:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172422.314637 (Exim 4.92) (envelope-from ) id 1mIteP-0004G0-V1; Wed, 25 Aug 2021 14:13:09 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172422.314637; Wed, 25 Aug 2021 14:13:09 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIteP-0004Fs-SD; Wed, 25 Aug 2021 14:13:09 +0000 Received: by outflank-mailman (input) for mailman id 172422; Wed, 25 Aug 2021 14:13:08 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIteO-0004Fd-G7 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:13:08 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIteO-0006sx-FT for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:13:08 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIteO-0000VL-Ec for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:13:08 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=hQG0nAU5WGL1a3gTHqngrxe7cZSKZpcLlZfqjo9jAS4=; b=4hMRPVhdV0J+RTq3p/qLZdGDHA 1v0mTvPJvaYIwVXiSMjCQ4IvlUrlvcMqaVh6WFK4LCBIMLpN5La3VNZjfK5BiIgvkuRPSnQXaWmaZ hZaXXD+YnVZQ+GDPMzJpsmkp18Td39Juhe/Ya034CYD2hdmwj437njw3TxfkPalFUol0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.11] x86/p2m: guard (in particular) identity mapping entries Message-Id: Date: Wed, 25 Aug 2021 14:13:08 +0000 commit 8c02a4943e60a400103a6790de2e6f19854403e5 Author: Jan Beulich AuthorDate: Wed Aug 25 16:02:38 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 16:02:38 2021 +0200 x86/p2m: guard (in particular) identity mapping entries Such entries, created by set_identity_p2m_entry(), should only be destroyed by clear_identity_p2m_entry(). However, similarly, entries created by set_mmio_p2m_entry() should only be torn down by clear_mmio_p2m_entry(), so the logic gets based upon p2m_mmio_direct as the entry type (separation between "ordinary" and 1:1 mappings would require a further indicator to tell apart the two). As to the guest_remove_page() change, commit 48dfb297a20a ("x86/PVH: allow guest_remove_page to remove p2m_mmio_direct pages"), which introduced the call to clear_mmio_p2m_entry(), claimed this was done for hwdom only without this actually having been the case. However, this code shouldn't be there in the first place, as MMIO entries shouldn't be dropped this way. Avoid triggering the warning again that 48dfb297a20a silenced by an adjustment to xenmem_add_to_physmap_one() instead. Note that guest_physmap_mark_populate_on_demand() gets tightened beyond the immediate purpose of this change. Note also that I didn't inspect code which isn't security supported, e.g. sharing, paging, or altp2m. This is CVE-2021-28694 / part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: 753cb68e653002e89fdcd1c80e52905fdbfb78cb master date: 2021-08-25 14:17:32 +0200 --- xen/arch/x86/mm.c | 4 +++- xen/arch/x86/mm/p2m-pod.c | 12 ++++++------ xen/arch/x86/mm/p2m.c | 11 ++++++----- xen/common/memory.c | 11 ++++++++++- xen/include/asm-x86/p2m.h | 5 ++--- 5 files changed, 27 insertions(+), 16 deletions(-) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 3528cf6b85..746d79a8dd 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -4783,7 +4783,9 @@ int xenmem_add_to_physmap_one( /* Remove previously mapped page if it was present. */ prev_mfn = mfn_x(get_gfn(d, gfn_x(gpfn), &p2mt)); - if ( mfn_valid(_mfn(prev_mfn)) ) + if ( p2mt == p2m_mmio_direct ) + rc = -EPERM; + else if ( mfn_valid(_mfn(prev_mfn)) ) { if ( is_xen_heap_mfn(prev_mfn) ) /* Xen heap frames are simply unhooked from this phys slot. */ diff --git a/xen/arch/x86/mm/p2m-pod.c b/xen/arch/x86/mm/p2m-pod.c index 631e9aec33..1f812012ef 100644 --- a/xen/arch/x86/mm/p2m-pod.c +++ b/xen/arch/x86/mm/p2m-pod.c @@ -1302,17 +1302,17 @@ guest_physmap_mark_populate_on_demand(struct domain *d, unsigned long gfn_l, p2m->get_entry(p2m, gfn_add(gfn, i), &ot, &a, 0, &cur_order, NULL); n = 1UL << min(order, cur_order); - if ( p2m_is_ram(ot) ) + if ( ot == p2m_populate_on_demand ) + { + /* Count how many PoD entries we'll be replacing if successful */ + pod_count += n; + } + else if ( ot != p2m_invalid && ot != p2m_mmio_dm ) { P2M_DEBUG("gfn_to_mfn returned type %d!\n", ot); rc = -EBUSY; goto out; } - else if ( ot == p2m_populate_on_demand ) - { - /* Count how man PoD entries we'll be replacing if successful */ - pod_count += n; - } } /* Now, actually do the two-way mapping */ diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index cebfabba7d..0ce91fd713 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -725,7 +725,8 @@ p2m_remove_page(struct p2m_domain *p2m, unsigned long gfn_l, unsigned long mfn, &cur_order, NULL); if ( p2m_is_valid(t) && - (!mfn_valid(_mfn(mfn)) || mfn + i != mfn_x(mfn_return)) ) + (!mfn_valid(_mfn(mfn)) || t == p2m_mmio_direct || + mfn + i != mfn_x(mfn_return)) ) return -EILSEQ; i += (1UL << cur_order) - ((gfn_l + i) & ((1UL << cur_order) - 1)); @@ -803,7 +804,7 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, if ( p2m_is_foreign(t) ) return -EINVAL; - if ( !mfn_valid(mfn) ) + if ( !mfn_valid(mfn) || t == p2m_mmio_direct ) { ASSERT_UNREACHABLE(); return -EINVAL; @@ -850,7 +851,7 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, } if ( p2m_is_special(ot) ) { - /* Don't permit unmapping grant/foreign this way. */ + /* Don't permit unmapping grant/foreign/direct-MMIO this way. */ domain_crash(d); p2m_unlock(p2m); @@ -1192,8 +1193,8 @@ int set_identity_p2m_entry(struct domain *d, unsigned long gfn_l, * order+1 for caller to retry with order (guaranteed smaller than * the order value passed in) */ -int clear_mmio_p2m_entry(struct domain *d, unsigned long gfn_l, mfn_t mfn, - unsigned int order) +static int clear_mmio_p2m_entry(struct domain *d, unsigned long gfn_l, + mfn_t mfn, unsigned int order) { int rc = -EINVAL; gfn_t gfn = _gfn(gfn_l); diff --git a/xen/common/memory.c b/xen/common/memory.c index aee4909b35..7db9a87942 100644 --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -335,7 +335,7 @@ int guest_remove_page(struct domain *d, unsigned long gmfn) } if ( p2mt == p2m_mmio_direct ) { - rc = clear_mmio_p2m_entry(d, gmfn, mfn, PAGE_ORDER_4K); + rc = -EPERM; goto out_put_gfn; } #else @@ -1651,6 +1651,15 @@ int prepare_ring_for_helper( return -ENOENT; } #endif +#ifdef CONFIG_X86 + if ( p2mt == p2m_mmio_direct ) + { + if ( page ) + put_page(page); + + return -EPERM; + } +#endif if ( !page ) return -EINVAL; diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index 72a250b93a..0f87a74ae7 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -144,7 +144,8 @@ typedef unsigned int p2m_query_t; /* Types established/cleaned up via special accessors. */ #define P2M_SPECIAL_TYPES (P2M_GRANT_TYPES | \ - p2m_to_mask(p2m_map_foreign)) + p2m_to_mask(p2m_map_foreign) | \ + p2m_to_mask(p2m_mmio_direct)) /* Valid types not necessarily associated with a (valid) MFN. */ #define P2M_INVALID_MFN_TYPES (P2M_POD_TYPES \ @@ -629,8 +630,6 @@ int set_foreign_p2m_entry(struct domain *d, unsigned long gfn, mfn_t mfn); /* Set mmio addresses in the p2m table (for pass-through) */ int set_mmio_p2m_entry(struct domain *d, unsigned long gfn, mfn_t mfn, unsigned int order, p2m_access_t access); -int clear_mmio_p2m_entry(struct domain *d, unsigned long gfn, mfn_t mfn, - unsigned int order); /* Set identity addresses in the p2m table (for pass-through) */ int set_identity_p2m_entry(struct domain *d, unsigned long gfn, -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.11 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 14:13:20 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 14:13:20 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172423.314641 (Exim 4.92) (envelope-from ) id 1mItea-0004J9-0O; Wed, 25 Aug 2021 14:13:20 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172423.314641; Wed, 25 Aug 2021 14:13:19 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIteZ-0004J1-Tl; Wed, 25 Aug 2021 14:13:19 +0000 Received: by outflank-mailman (input) for mailman id 172423; Wed, 25 Aug 2021 14:13:18 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIteY-0004Ip-Ja for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:13:18 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIteY-0006t8-Ir for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:13:18 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mIteY-0000WV-I6 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:13:18 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=EwvBy77WRl7z/4Sjp59GMcHJnaEOigzEjYz+IFEru9o=; b=uIrmlt+1Q1dSANXtStgslIgnVN 87gAEJLZPKO253oDkYXOkyX3dD4OYjsFDAGsEwL4zvIg1eGtH1Asa0zavdy6ENLBdPXdpFA4V6MNh GEAj5VRoBgQxtA3h8YcgtYncXHZ6QgyqD/ULjX5X1Uc+Q1pwC5cb6McB7LvEhGRS6eD8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.11] x86/mm: widen locked region in xenmem_add_to_physmap_one() Message-Id: Date: Wed, 25 Aug 2021 14:13:18 +0000 commit 3882d451ec15472d8c17e228d6ec760d698fbe10 Author: Jan Beulich AuthorDate: Wed Aug 25 16:03:05 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 16:03:05 2021 +0200 x86/mm: widen locked region in xenmem_add_to_physmap_one() For pages which can be made part of the P2M by the guest, but which can also later be de-allocated (grant table v2 status pages being the present example), it is imperative that they be mapped at no more than a single GFN. We therefore need to make sure that of two parallel XENMAPSPACE_grant_table requests for the same status page one completes before the second checks at which other GFN the underlying MFN is presently mapped. Pull ahead the respective get_gfn() and push down the respective put_gfn(). This leverages that gfn_lock() really aliases p2m_lock(), but the function makes this assumption already anyway: In the XENMAPSPACE_gmfn case lock nesting constraints for both involved GFNs would otherwise need to be enforced to avoid ABBA deadlocks. This is CVE-2021-28697 / XSA-379. Signed-off-by: Jan Beulich Reviewed-by: Julien Grall master commit: f147422bf9476fb8161b43e35f5901571ed17c35 master date: 2021-08-25 14:17:56 +0200 --- xen/arch/x86/mm.c | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 746d79a8dd..b7e23e17ab 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -4781,8 +4781,20 @@ int xenmem_add_to_physmap_one( goto put_both; } - /* Remove previously mapped page if it was present. */ + /* + * Note that we're (ab)using GFN locking (to really be locking of the + * entire P2M) here in (at least) two ways: Finer grained locking would + * expose lock order violations in the XENMAPSPACE_gmfn case (due to the + * earlier get_gfn_unshare() above). Plus at the very least for the grant + * table v2 status page case we need to guarantee that the same page can + * only appear at a single GFN. While this is a property we want in + * general, for pages which can subsequently be freed this imperative: + * Upon freeing we wouldn't be able to find other mappings in the P2M + * (unless we did a brute force search). + */ prev_mfn = mfn_x(get_gfn(d, gfn_x(gpfn), &p2mt)); + + /* Remove previously mapped page if it was present. */ if ( p2mt == p2m_mmio_direct ) rc = -EPERM; else if ( mfn_valid(_mfn(prev_mfn)) ) @@ -4794,27 +4806,21 @@ int xenmem_add_to_physmap_one( /* Normal domain memory is freed, to avoid leaking memory. */ rc = guest_remove_page(d, gfn_x(gpfn)); } - /* In the XENMAPSPACE_gmfn case we still hold a ref on the old page. */ - put_gfn(d, gfn_x(gpfn)); - - if ( rc ) - goto put_both; /* Unmap from old location, if any. */ old_gpfn = get_gpfn_from_mfn(mfn_x(mfn)); ASSERT(!SHARED_M2P(old_gpfn)); if ( space == XENMAPSPACE_gmfn && old_gpfn != gfn ) - { rc = -EXDEV; - goto put_both; - } - if ( old_gpfn != INVALID_M2P_ENTRY ) + else if ( !rc && old_gpfn != INVALID_M2P_ENTRY ) rc = guest_physmap_remove_page(d, _gfn(old_gpfn), mfn, PAGE_ORDER_4K); /* Map at new location. */ if ( !rc ) rc = guest_physmap_add_page(d, gpfn, mfn, PAGE_ORDER_4K); + put_gfn(d, gfn_x(gpfn)); + put_both: /* * In the XENMAPSPACE_gmfn case, we took a ref of the gfn at the top. -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.11 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 14:13:30 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 14:13:30 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172424.314645 (Exim 4.92) (envelope-from ) id 1mItek-0004MJ-25; Wed, 25 Aug 2021 14:13:30 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172424.314645; Wed, 25 Aug 2021 14:13:30 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItej-0004MB-VG; Wed, 25 Aug 2021 14:13:29 +0000 Received: by outflank-mailman (input) for mailman id 172424; Wed, 25 Aug 2021 14:13:28 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItei-0004Ly-NW for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:13:28 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItei-0006tQ-Mn for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:13:28 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mItei-0000Xp-Lw for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:13:28 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OTlRegnohzFxpiFBx82W+m4ghMy8nE4EPFxwIdDtcOw=; b=EAKyQXmj9mWYZm0v+VS0Xz8MM6 Juru0O68otX/UHj550cZ24cUxhM1tBYKdZhaW/EBxT6bCJfpzjNB5oXafOjjXTiwrJWlOWKaKa510 H2wt7JFDBL3ZurxqA70MRjsBZhfNUYcArw57ZisGk5VtjGzvw0QjasGjPGQc+QtyxFD4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.11] gnttab: add preemption check to gnttab_release_mappings() Message-Id: Date: Wed, 25 Aug 2021 14:13:28 +0000 commit 02c696719301cdb22bf2f029deae14efc7c41b42 Author: Jan Beulich AuthorDate: Wed Aug 25 16:03:28 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 16:03:28 2021 +0200 gnttab: add preemption check to gnttab_release_mappings() A guest may die with many grant mappings still in place, or simply with a large maptrack table. Iterating through this may take more time than is reasonable without intermediate preemption (to run softirqs and perhaps the scheduler). Move the invocation of the function to the section where other restartable functions get invoked, and have the function itself check for preemption every once in a while. Have it iterate the table backwards, such that decreasing the maptrack limit is all it takes to convey restart information. In domain_teardown() introduce PROG_none such that inserting at the front will be easier going forward. This is part of CVE-2021-28698 / XSA-380. Reported-by: Andrew Cooper Signed-off-by: Jan Beulich Reviewed-by: Julien Grall master commit: b1ee10be5625b7d502cef1e6ee3818610ab0d29c master date: 2021-08-25 14:18:18 +0200 --- xen/common/domain.c | 4 +++- xen/common/grant_table.c | 46 ++++++++++++++++++++++++++++++++++++------- xen/include/xen/grant_table.h | 4 +--- 3 files changed, 43 insertions(+), 11 deletions(-) diff --git a/xen/common/domain.c b/xen/common/domain.c index 0a7f193e43..4d42caf9a9 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -646,13 +646,15 @@ int domain_kill(struct domain *d) if ( d->is_dying != DOMDYING_alive ) return domain_kill(d); d->is_dying = DOMDYING_dying; - gnttab_release_mappings(d); tmem_destroy(d->tmem_client); vnuma_destroy(d->vnuma); domain_set_outstanding_pages(d, 0); d->tmem_client = NULL; /* fallthrough */ case DOMDYING_dying: + rc = gnttab_release_mappings(d); + if ( rc ) + break; rc = evtchn_destroy(d); if ( rc ) break; diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 7d464a9641..33a6c6591a 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -62,7 +62,13 @@ struct grant_table { unsigned int nr_grant_frames; /* Number of grant status frames shared with guest (for version 2) */ unsigned int nr_status_frames; - /* Number of available maptrack entries. */ + /* + * Number of available maptrack entries. For cleanup purposes it is + * important to realize that this field and @maptrack further down will + * only ever be accessed by the local domain. Thus it is okay to clean + * up early, and to shrink the limit for the purpose of tracking cleanup + * progress. + */ unsigned int maptrack_limit; /* Shared grant table (see include/public/grant_table.h). */ union { @@ -3618,9 +3624,7 @@ grant_table_create( return ret; } -void -gnttab_release_mappings( - struct domain *d) +int gnttab_release_mappings(struct domain *d) { struct grant_table *gt = d->grant_table, *rgt; struct grant_mapping *map; @@ -3634,8 +3638,32 @@ gnttab_release_mappings( BUG_ON(!d->is_dying); - for ( handle = 0; handle < gt->maptrack_limit; handle++ ) + if ( !gt || !gt->maptrack ) + return 0; + + for ( handle = gt->maptrack_limit; handle; ) { + /* + * Deal with full pages such that their freeing (in the body of the + * if()) remains simple. + */ + if ( handle < gt->maptrack_limit && !(handle % MAPTRACK_PER_PAGE) ) + { + /* + * Changing maptrack_limit alters nr_maptrack_frames()'es return + * value. Free the then excess trailing page right here, rather + * than leaving it to grant_table_destroy() (and in turn requiring + * to leave gt->maptrack_limit unaltered). + */ + gt->maptrack_limit = handle; + FREE_XENHEAP_PAGE(gt->maptrack[nr_maptrack_frames(gt)]); + + if ( hypercall_preempt_check() ) + return -ERESTART; + } + + --handle; + map = &maptrack_entry(gt, handle); if ( !(map->flags & (GNTMAP_device_map|GNTMAP_host_map)) ) continue; @@ -3723,6 +3751,11 @@ gnttab_release_mappings( map->flags = 0; } + + gt->maptrack_limit = 0; + FREE_XENHEAP_PAGE(gt->maptrack[0]); + + return 0; } void grant_table_warn_active_grants(struct domain *d) @@ -3785,8 +3818,7 @@ grant_table_destroy( free_xenheap_page(t->shared_raw[i]); xfree(t->shared_raw); - for ( i = 0; i < nr_maptrack_frames(t); i++ ) - free_xenheap_page(t->maptrack[i]); + ASSERT(!t->maptrack_limit); vfree(t->maptrack); for ( i = 0; i < nr_active_grant_frames(t); i++ ) diff --git a/xen/include/xen/grant_table.h b/xen/include/xen/grant_table.h index b3a95fda58..543bfcc723 100644 --- a/xen/include/xen/grant_table.h +++ b/xen/include/xen/grant_table.h @@ -46,9 +46,7 @@ int grant_table_set_limits(struct domain *d, unsigned int grant_frames, void grant_table_warn_active_grants(struct domain *d); /* Domain death release of granted mappings of other domains' memory. */ -void -gnttab_release_mappings( - struct domain *d); +int gnttab_release_mappings(struct domain *d); int mem_sharing_gref_to_gfn(struct grant_table *gt, grant_ref_t ref, gfn_t *gfn, uint16_t *status); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.11 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 14:13:40 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 14:13:40 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172425.314649 (Exim 4.92) (envelope-from ) id 1mIteu-0004PQ-3a; Wed, 25 Aug 2021 14:13:40 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172425.314649; Wed, 25 Aug 2021 14:13:40 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mIteu-0004PI-0W; Wed, 25 Aug 2021 14:13:40 +0000 Received: by outflank-mailman (input) for mailman id 172425; Wed, 25 Aug 2021 14:13:38 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItes-0004Oq-R7 for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:13:38 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItes-0006td-QJ for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:13:38 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mItes-0000Yp-PY for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:13:38 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=gG7EkMiQpVOh2Q2tWlS3zKzMEkHrj8K8ZM4/4aoTMlI=; b=bhc/GgCP+Tme4qPFGGqyB0KLhm cGI9GrxvIl6BazxA/0lz2q+F83vEZyu9sIFd/XZUbEsRhtvEJBRghrjQSbfo8CpHnEJdC48CbDJRE aWzO9UI2xdtI+jXmX0Flpqc0TPoJrQfFKwf28XyanIdxJfXIhQF72R+fL1mHbPbrlF2Y=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.11] gnttab: replace mapkind() Message-Id: Date: Wed, 25 Aug 2021 14:13:38 +0000 commit a7599f030881b5e1aca63462712011f52222a56b Author: Jan Beulich AuthorDate: Wed Aug 25 16:03:49 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 16:03:49 2021 +0200 gnttab: replace mapkind() mapkind() doesn't scale very well with larger maptrack entry counts, using a brute force linear search through all entries, with the only option of an early loop exit if a matching writable entry was found. Introduce a radix tree alongside the main maptrack table, thus allowing much faster MFN-based lookup. To avoid the need to actually allocate space for the individual nodes, encode the two counters in the node pointers themselves, thus limiting the number of permitted simultaneous r/o and r/w mappings of the same MFN to 2³¹-1 (64-bit) / 2¹⁵-1 (32-bit) each. To avoid enforcing an unnecessarily low bound on the number of simultaneous mappings of a single MFN, introduce radix_tree_{ulong_to_ptr,ptr_to_ulong} paralleling radix_tree_{int_to_ptr,ptr_to_int}. As a consequence locking changes are also applicable: With there no longer being any inspection of the remote domain's active entries, there's also no need anymore to hold the remote domain's grant table lock. And since we're no longer iterating over the local domain's map track table, the lock in map_grant_ref() can also be dropped before the new maptrack entry actually gets populated. As a nice side effect this also reduces the number of IOMMU operations in unmap_common(): Previously we would have "established" a readable mapping whenever we didn't find a writable entry anymore (yet, of course, at least one readable one). But we only need to do this if we actually dropped the last writable entry, not if there were none already before. This is part of CVE-2021-28698 / XSA-380. Signed-off-by: Jan Beulich Reviewed-by: Julien Grall master commit: 9781b51efde251efcc0291ddb1d9c7cefe2b2555 master date: 2021-08-25 14:18:39 +0200 --- xen/common/grant_table.c | 199 ++++++++++++++++++++++++------------------- xen/include/xen/radix-tree.h | 19 +++++ 2 files changed, 130 insertions(+), 88 deletions(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 33a6c6591a..7971d866cf 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -36,6 +36,7 @@ #include #include #include +#include #include #include #include @@ -80,8 +81,13 @@ struct grant_table { grant_status_t **status; /* Active grant table. */ struct active_grant_entry **active; - /* Mapping tracking table per vcpu. */ + /* Handle-indexed tracking table of mappings. */ struct grant_mapping **maptrack; + /* + * MFN-indexed tracking tree of mappings, if needed. Note that this is + * protected by @lock, not @maptrack_lock. + */ + struct radix_tree_root maptrack_tree; /* Domain to which this struct grant_table belongs. */ const struct domain *domain; @@ -421,34 +427,6 @@ static int get_paged_frame(unsigned long gfn, mfn_t *frame, return rc; } -static inline void -double_gt_lock(struct grant_table *lgt, struct grant_table *rgt) -{ - /* - * See mapkind() for why the write lock is also required for the - * remote domain. - */ - if ( lgt < rgt ) - { - grant_write_lock(lgt); - grant_write_lock(rgt); - } - else - { - if ( lgt != rgt ) - grant_write_lock(rgt); - grant_write_lock(lgt); - } -} - -static inline void -double_gt_unlock(struct grant_table *lgt, struct grant_table *rgt) -{ - grant_write_unlock(lgt); - if ( lgt != rgt ) - grant_write_unlock(rgt); -} - #define INVALID_MAPTRACK_HANDLE UINT_MAX static inline grant_handle_t @@ -871,41 +849,17 @@ static struct active_grant_entry *grant_map_exists(const struct domain *ld, return ERR_PTR(-EINVAL); } -#define MAPKIND_READ 1 -#define MAPKIND_WRITE 2 -static unsigned int mapkind( - struct grant_table *lgt, const struct domain *rd, mfn_t mfn) -{ - struct grant_mapping *map; - grant_handle_t handle, limit = lgt->maptrack_limit; - unsigned int kind = 0; - - /* - * Must have the local domain's grant table write lock when - * iterating over its maptrack entries. - */ - ASSERT(percpu_rw_is_write_locked(&lgt->lock)); - /* - * Must have the remote domain's grant table write lock while - * counting its active entries. - */ - ASSERT(percpu_rw_is_write_locked(&rd->grant_table->lock)); - - smp_rmb(); - - for ( handle = 0; !(kind & MAPKIND_WRITE) && handle < limit; handle++ ) - { - map = &maptrack_entry(lgt, handle); - if ( !(map->flags & (GNTMAP_device_map|GNTMAP_host_map)) || - map->domid != rd->domain_id ) - continue; - if ( mfn_eq(_active_entry(rd->grant_table, map->ref).frame, mfn) ) - kind |= map->flags & GNTMAP_readonly ? - MAPKIND_READ : MAPKIND_WRITE; - } - - return kind; -} +union maptrack_node { + struct { + /* Radix tree slot pointers use two of the bits. */ +#ifdef __BIG_ENDIAN_BITFIELD + unsigned long : 2; +#endif + unsigned long rd : BITS_PER_LONG / 2 - 1; + unsigned long wr : BITS_PER_LONG / 2 - 1; + } cnt; + unsigned long raw; +}; /* * Returns 0 if TLB flush / invalidate required by caller. @@ -931,7 +885,6 @@ map_grant_ref( struct grant_mapping *mt; grant_entry_header_t *shah; uint16_t *status; - bool_t need_iommu; led = current; ld = led->domain; @@ -1139,31 +1092,75 @@ map_grant_ref( goto undo_out; } - need_iommu = gnttab_need_iommu_mapping(ld); - if ( need_iommu ) + if ( gnttab_need_iommu_mapping(ld) ) { + union maptrack_node node = { + .cnt.rd = !!(op->flags & GNTMAP_readonly), + .cnt.wr = !(op->flags & GNTMAP_readonly), + }; + int err; + void **slot = NULL; unsigned int kind; - double_gt_lock(lgt, rgt); + grant_write_lock(lgt); + + err = radix_tree_insert(&lgt->maptrack_tree, mfn_x(frame), + radix_tree_ulong_to_ptr(node.raw)); + if ( err == -EEXIST ) + { + slot = radix_tree_lookup_slot(&lgt->maptrack_tree, mfn_x(frame)); + if ( likely(slot) ) + { + node.raw = radix_tree_ptr_to_ulong(*slot); + err = -EBUSY; + + /* Update node only when refcount doesn't overflow. */ + if ( op->flags & GNTMAP_readonly ? ++node.cnt.rd + : ++node.cnt.wr ) + { + radix_tree_replace_slot(slot, + radix_tree_ulong_to_ptr(node.raw)); + err = 0; + } + } + else + ASSERT_UNREACHABLE(); + } /* * We're not translated, so we know that dfns and mfns are * the same things, so the IOMMU entry is always 1-to-1. */ - kind = mapkind(lgt, rd, frame); - if ( !(op->flags & GNTMAP_readonly) && - !(kind & MAPKIND_WRITE) ) + if ( !(op->flags & GNTMAP_readonly) && node.cnt.wr == 1 ) kind = IOMMUF_readable | IOMMUF_writable; - else if ( !kind ) + else if ( (op->flags & GNTMAP_readonly) && + node.cnt.rd == 1 && !node.cnt.wr ) kind = IOMMUF_readable; else kind = 0; - if ( kind && iommu_map_page(ld, mfn_x(frame), mfn_x(frame), kind) ) + if ( err || + (kind && iommu_map_page(ld, mfn_x(frame), mfn_x(frame), kind)) ) { - double_gt_unlock(lgt, rgt); + if ( !err ) + { + if ( slot ) + { + op->flags & GNTMAP_readonly ? node.cnt.rd-- + : node.cnt.wr--; + radix_tree_replace_slot(slot, + radix_tree_ulong_to_ptr(node.raw)); + } + else + radix_tree_delete(&lgt->maptrack_tree, mfn_x(frame)); + } + rc = GNTST_general_error; - goto undo_out; } + + grant_write_unlock(lgt); + + if ( rc != GNTST_okay ) + goto undo_out; } TRACE_1D(TRC_MEM_PAGE_GRANT_MAP, op->dom); @@ -1171,10 +1168,6 @@ map_grant_ref( /* * All maptrack entry users check mt->flags first before using the * other fields so just ensure the flags field is stored last. - * - * However, if gnttab_need_iommu_mapping() then this would race - * with a concurrent mapkind() call (on an unmap, for example) - * and a lock is required. */ mt = &maptrack_entry(lgt, handle); mt->domid = op->dom; @@ -1182,9 +1175,6 @@ map_grant_ref( smp_wmb(); write_atomic(&mt->flags, op->flags); - if ( need_iommu ) - double_gt_unlock(lgt, rgt); - op->dev_bus_addr = mfn_to_maddr(frame); op->handle = handle; op->status = GNTST_okay; @@ -1411,19 +1401,34 @@ unmap_common( if ( rc == GNTST_okay && gnttab_need_iommu_mapping(ld) ) { - unsigned int kind; + void **slot; + union maptrack_node node; int err = 0; - double_gt_lock(lgt, rgt); + grant_write_lock(lgt); + slot = radix_tree_lookup_slot(&lgt->maptrack_tree, mfn_x(op->frame)); + node.raw = likely(slot) ? radix_tree_ptr_to_ulong(*slot) : 0; + + /* Refcount must not underflow. */ + if ( !(flags & GNTMAP_readonly ? node.cnt.rd-- + : node.cnt.wr--) ) + BUG(); - kind = mapkind(lgt, rd, op->frame); - if ( !kind ) + if ( !node.raw ) err = iommu_unmap_page(ld, mfn_x(op->frame)); - else if ( !(kind & MAPKIND_WRITE) ) + else if ( !(flags & GNTMAP_readonly) && !node.cnt.wr ) err = iommu_map_page(ld, mfn_x(op->frame), mfn_x(op->frame), IOMMUF_readable); - double_gt_unlock(lgt, rgt); + if ( err ) + ; + else if ( !node.raw ) + radix_tree_delete(&lgt->maptrack_tree, mfn_x(op->frame)); + else + radix_tree_replace_slot(slot, + radix_tree_ulong_to_ptr(node.raw)); + + grant_write_unlock(lgt); if ( err ) rc = GNTST_general_error; @@ -1854,6 +1859,8 @@ grant_table_init(struct domain *d, struct grant_table *gt, gt->maptrack = vzalloc(gt->max_maptrack_frames * sizeof(*gt->maptrack)); if ( gt->maptrack == NULL ) goto out; + + radix_tree_init(>->maptrack_tree); } /* Shared grant table. */ @@ -3643,6 +3650,8 @@ int gnttab_release_mappings(struct domain *d) for ( handle = gt->maptrack_limit; handle; ) { + mfn_t mfn; + /* * Deal with full pages such that their freeing (in the body of the * if()) remains simple. @@ -3744,17 +3753,31 @@ int gnttab_release_mappings(struct domain *d) if ( act->pin == 0 ) gnttab_clear_flag(rd, _GTF_reading, status); + mfn = act->frame; + active_entry_release(act); grant_read_unlock(rgt); rcu_unlock_domain(rd); map->flags = 0; + + /* + * This is excessive in that a single such call would suffice per + * mapped MFN (or none at all, if no entry was ever inserted). But it + * should be the common case for an MFN to be mapped just once, and + * this way we don't need to further maintain the counters. We also + * don't want to leave cleaning up of the tree as a whole to the end + * of the function, as this could take quite some time. + */ + radix_tree_delete(>->maptrack_tree, mfn_x(mfn)); } gt->maptrack_limit = 0; FREE_XENHEAP_PAGE(gt->maptrack[0]); + radix_tree_destroy(>->maptrack_tree, NULL); + return 0; } diff --git a/xen/include/xen/radix-tree.h b/xen/include/xen/radix-tree.h index ec40cf1d9e..58c40312e6 100644 --- a/xen/include/xen/radix-tree.h +++ b/xen/include/xen/radix-tree.h @@ -190,6 +190,25 @@ static inline int radix_tree_ptr_to_int(void *ptr) return (int)((long)ptr >> 2); } +/** + * radix_tree_{ulong_to_ptr,ptr_to_ulong}: + * + * Same for unsigned long values. Beware though that only BITS_PER_LONG-2 + * bits are actually usable for the value. + */ +static inline void *radix_tree_ulong_to_ptr(unsigned long val) +{ + unsigned long ptr = (val << 2) | 0x2; + ASSERT((ptr >> 2) == val); + return (void *)ptr; +} + +static inline unsigned long radix_tree_ptr_to_ulong(void *ptr) +{ + ASSERT(((unsigned long)ptr & 0x3) == 0x2); + return (unsigned long)ptr >> 2; +} + int radix_tree_insert(struct radix_tree_root *, unsigned long, void *); void *radix_tree_lookup(struct radix_tree_root *, unsigned long); void **radix_tree_lookup_slot(struct radix_tree_root *, unsigned long); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.11 From xen-changelog-bounces@lists.xenproject.org Wed Aug 25 14:13:50 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Aug 2021 14:13:50 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172426.314653 (Exim 4.92) (envelope-from ) id 1mItf4-0004ST-6X; Wed, 25 Aug 2021 14:13:50 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172426.314653; Wed, 25 Aug 2021 14:13:50 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItf4-0004SL-3X; Wed, 25 Aug 2021 14:13:50 +0000 Received: by outflank-mailman (input) for mailman id 172426; Wed, 25 Aug 2021 14:13:49 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItf2-0004SB-UW for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:13:48 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mItf2-0006tl-Tt for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:13:48 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mItf2-0000Zl-Sz for xen-changelog@lists.xenproject.org; Wed, 25 Aug 2021 14:13:48 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=DFFPLf6q7Go2ULlBT4psfxD/vMH5jkTmjFgT4whOJiI=; b=Sl2Dzhe5fcVYVfsM954WlIlGtv CENVRWC7Bsh2ZlZ1UIJbl568shU0oY97ejJvEiXnsfK9BEMpTcmAUhZCFwLBpxhQojt4SvzNdqLXH PKJAAouetihhPpZos14c4nMXxedXnfUx21tZUHwTeV3tFKJLg35Cgr6B+hKhgRac3bsY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.11] gnttab: fix array capacity check in gnttab_get_status_frames() Message-Id: Date: Wed, 25 Aug 2021 14:13:48 +0000 commit ec4654ce64d87f14567008cfb42568fd434f1bed Author: Jan Beulich AuthorDate: Wed Aug 25 16:04:22 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 16:04:22 2021 +0200 gnttab: fix array capacity check in gnttab_get_status_frames() The number of grant frames is of no interest here; converting the passed in op.nr_frames this way means we allow for 8 times as many GFNs to be written as actually fit in the array. We would corrupt xlat areas of higher vCPU-s (after having faulted many times while trying to write to the guard pages between any two areas) for 32-bit PV guests. For HVM guests we'd simply crash as soon as we hit the first guard page, as accesses to the xlat area are simply memcpy() there. This is CVE-2021-28699 / XSA-382. Fixes: 18b1be5e324b ("gnttab: make resource limits per domain") Signed-off-by: Jan Beulich master commit: ec820035b875cdbedce5e73f481ce65963ede9ed master date: 2021-08-25 14:19:09 +0200 --- xen/common/grant_table.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 7971d866cf..f2abc8f7ed 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -3167,12 +3167,11 @@ gnttab_get_status_frames(XEN_GUEST_HANDLE_PARAM(gnttab_get_status_frames_t) uop, goto unlock; } - if ( unlikely(limit_max < grant_to_status_frames(op.nr_frames)) ) + if ( unlikely(limit_max < op.nr_frames) ) { gdprintk(XENLOG_WARNING, - "grant_to_status_frames(%u) for d%d is too large (%u,%u)\n", - op.nr_frames, d->domain_id, - grant_to_status_frames(op.nr_frames), limit_max); + "nr_status_frames for %pd is too large (%u,%u)\n", + d, op.nr_frames, limit_max); op.status = GNTST_general_error; goto unlock; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.11 From xen-changelog-bounces@lists.xenproject.org Thu Aug 26 10:22:07 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 26 Aug 2021 10:22:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172923.315536 (Exim 4.92) (envelope-from ) id 1mJCWI-000691-IK; Thu, 26 Aug 2021 10:22:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172923.315536; Thu, 26 Aug 2021 10:22:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJCWI-00068t-FN; Thu, 26 Aug 2021 10:22:02 +0000 Received: by outflank-mailman (input) for mailman id 172923; Thu, 26 Aug 2021 10:22:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJCWH-00068n-Pi for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 10:22:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJCWH-0002sR-Or for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 10:22:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mJCWH-0003uj-Nk for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 10:22:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=gLUU7patlXYj2SSn69tHXkREnjcr6nLHk5Kct7cqPNc=; b=VFNhVZoDsnrZKmL9SW8/j662JI BgwEZGxsn48bhnqRuPoehtsBpQx3V+L9D/V8tSrBQv/4lfpq5Xl20psOdDdVdeMkYWkZVDWCxPRjq z/lfhBE18007q3x/O85LC9Jtv+LLcEP42xeCUgR7ljriAZ7wb4Nc4W1iPoG90lYQ+MT0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: smmu: Set/clear IOMMU domain for device Message-Id: Date: Thu, 26 Aug 2021 10:22:01 +0000 commit c7669d3652b2fe927faa89fa1afc70a9bedd3bea Author: Oleksandr Andrushchenko AuthorDate: Wed Aug 18 08:22:02 2021 +0300 Commit: Julien Grall CommitDate: Tue Aug 24 10:08:25 2021 +0000 xen/arm: smmu: Set/clear IOMMU domain for device When a device is assigned/de-assigned it is required to properly set IOMMU domain used to protect the device. This assignment was missing, thus it was not possible to de-assign the device: (XEN) Deassigning device 0000:03:00.0 from dom2 (XEN) smmu: 0000:03:00.0: not attached to domain 2 (XEN) d2: deassign (0000:03:00.0) failed (-3) Fix this by assigning IOMMU domain on arm_smmu_assign_dev and reset it to NULL on arm_smmu_deassign_dev. Fixes: 06d1f7a278dd ("xen/arm: smmuv1: Keep track of S2CR state") Signed-off-by: Oleksandr Andrushchenko Signed-off-by: Oleksandr Tyshchenko Reviewed-by: Julien Grall --- xen/drivers/passthrough/arm/smmu.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/xen/drivers/passthrough/arm/smmu.c b/xen/drivers/passthrough/arm/smmu.c index c234ad9c7f..c9dfc4caa0 100644 --- a/xen/drivers/passthrough/arm/smmu.c +++ b/xen/drivers/passthrough/arm/smmu.c @@ -2768,6 +2768,7 @@ static int arm_smmu_assign_dev(struct domain *d, u8 devfn, arm_smmu_destroy_iommu_domain(domain); } else { atomic_inc(&domain->ref); + dev_iommu_domain(dev) = domain; } out: @@ -2791,6 +2792,7 @@ static int arm_smmu_deassign_dev(struct domain *d, struct device *dev) spin_lock(&xen_domain->lock); arm_smmu_detach_dev(domain, dev); + dev_iommu_domain(dev) = NULL; atomic_dec(&domain->ref); if (domain->ref.counter == 0) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Aug 26 10:22:12 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 26 Aug 2021 10:22:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.172924.315540 (Exim 4.92) (envelope-from ) id 1mJCWS-0006Cx-Jr; Thu, 26 Aug 2021 10:22:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 172924.315540; Thu, 26 Aug 2021 10:22:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJCWS-0006Cp-Gv; Thu, 26 Aug 2021 10:22:12 +0000 Received: by outflank-mailman (input) for mailman id 172924; Thu, 26 Aug 2021 10:22:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJCWR-0006Cd-TX for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 10:22:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJCWR-0002sb-So for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 10:22:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mJCWR-0003w8-Ra for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 10:22:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=JN6l9dKdziUcJJV4uoNKjwmy/RQPhRTebo7+uk77MFQ=; b=RNKqVzHyFlMoW7LJB1rW9PEUFL V/2CnJoxFFUoMJUqDQGdiNydZQFaBeo+aeU7X+lPUH3BG+da86rkHE4PVqCtKW0Se2QEFU/a4wq0I Yh+lRRhyVIvK6Ozzrkhqv+PpEVhhkVgGgwgD2vKodaSmVHiQz8o2N55nkZMNqEeEDpAc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/public: arch-arm: Add mention of argo_op hypercall Message-Id: Date: Thu, 26 Aug 2021 10:22:11 +0000 commit a931e8e64af07bd333a31f3b71a3f8f3e7910857 Author: Michal Orzel AuthorDate: Fri Aug 20 11:39:24 2021 +0200 Commit: Julien Grall CommitDate: Tue Aug 24 10:23:27 2021 +0000 xen/public: arch-arm: Add mention of argo_op hypercall Commit 1ddc0d43c20cb1c1125d4d6cefc78624b2a9ccb7 introducing argo_op hypercall forgot to add a mention of it in the comment listing supported hypercalls. Fix that. Signed-off-by: Michal Orzel Reviewed-by: Christopher Clark Acked-by: Julien Grall --- xen/include/public/arch-arm.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/xen/include/public/arch-arm.h b/xen/include/public/arch-arm.h index 64a2ca30da..6b5a5f818a 100644 --- a/xen/include/public/arch-arm.h +++ b/xen/include/public/arch-arm.h @@ -128,6 +128,8 @@ * * VCPUOP_register_vcpu_info * * VCPUOP_register_runstate_memory_area * + * HYPERVISOR_argo_op + * All generic sub-operations * * Other notes on the ARM ABI: * -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Aug 26 19:22:11 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 26 Aug 2021 19:22:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.173168.315948 (Exim 4.92) (envelope-from ) id 1mJKwt-0001bq-AB; Thu, 26 Aug 2021 19:22:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 173168.315948; Thu, 26 Aug 2021 19:22:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKwt-0001bh-73; Thu, 26 Aug 2021 19:22:03 +0000 Received: by outflank-mailman (input) for mailman id 173168; Thu, 26 Aug 2021 19:22:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKws-0001bb-F8 for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:22:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKws-0004HP-BR for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:22:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mJKws-000287-A5 for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:22:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=lYALjkSVJddsgDeG3poeNTV/nW+QYVI2cngbr1ugU18=; b=eodG4i20ISnmStS9gEwlt/qsxg H29/HWH7uE73fNkkw0MFJnmE5sTMRLY32wUeHIKCoOC76ynCplYFfM/XNHwcauJkvNeFFH1xchX+a 1Nbf8WwaCgKFFgVP4hUKBUdO9SFQpQzxDa6YBCs6KpQ7hDt+bRlfZP3iq4URdk/AOJls=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.12] libxl/x86: check return value of SHADOW_OP_SET_ALLOCATION domctl Message-Id: Date: Thu, 26 Aug 2021 19:22:02 +0000 commit c6c5f9d8b3e23178341cd7f9b7614a463df74266 Author: Jan Beulich AuthorDate: Mon Jul 19 12:28:09 2021 +0200 Commit: Ian Jackson CommitDate: Thu Aug 19 17:48:19 2021 +0100 libxl/x86: check return value of SHADOW_OP_SET_ALLOCATION domctl The hypervisor may not have enough memory to satisfy the request. While there, make the unit of the value clear by renaming the local variable. Requested-by: Andrew Cooper Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper Reviewed-by: Anthony PERARD backport-requested-by: Jan Beulich (cherry picked from commit 0be5a00af590c97ea553aadb60f1e0b3af53d8f6) (cherry picked from commit 6bbdcefd205903b2181b3b4fdc9503709ecdb7c4) (cherry picked from commit 61f28060d5b899c502e2b3bf45a39b1dd2a1224c) (cherry picked from commit 3cdc7b6b35106180c9021c1742cafacfa764fdad) --- tools/libxl/libxl_x86.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/tools/libxl/libxl_x86.c b/tools/libxl/libxl_x86.c index c0f88a7eaa..5c1b78722d 100644 --- a/tools/libxl/libxl_x86.c +++ b/tools/libxl/libxl_x86.c @@ -345,10 +345,20 @@ int libxl__arch_domain_create(libxl__gc *gc, libxl_domain_config *d_config, xc_domain_set_time_offset(ctx->xch, domid, rtc_timeoffset); if (d_config->b_info.type != LIBXL_DOMAIN_TYPE_PV) { - unsigned long shadow = DIV_ROUNDUP(d_config->b_info.shadow_memkb, - 1024); - xc_shadow_control(ctx->xch, domid, XEN_DOMCTL_SHADOW_OP_SET_ALLOCATION, - NULL, 0, &shadow, 0, NULL); + unsigned long shadow_mb = DIV_ROUNDUP(d_config->b_info.shadow_memkb, + 1024); + int r = xc_shadow_control(ctx->xch, domid, + XEN_DOMCTL_SHADOW_OP_SET_ALLOCATION, + NULL, 0, &shadow_mb, 0, NULL); + + if (r) { + LOGED(ERROR, domid, + "Failed to set %lu MiB %s allocation", + shadow_mb, + libxl_defbool_val(d_config->c_info.hap) ? "HAP" : "shadow"); + ret = ERROR_FAIL; + goto out; + } } if (d_config->c_info.type == LIBXL_DOMAIN_TYPE_PV && -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.12 From xen-changelog-bounces@lists.xenproject.org Thu Aug 26 19:22:13 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 26 Aug 2021 19:22:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.173169.315953 (Exim 4.92) (envelope-from ) id 1mJKx3-0001ex-BO; Thu, 26 Aug 2021 19:22:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 173169.315953; Thu, 26 Aug 2021 19:22:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKx3-0001eo-8T; Thu, 26 Aug 2021 19:22:13 +0000 Received: by outflank-mailman (input) for mailman id 173169; Thu, 26 Aug 2021 19:22:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKx2-0001eg-GI for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:22:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKx2-0004HT-FV for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:22:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mJKx2-0002AI-Ef for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:22:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ICFlKC/ZSW8BBl+wiochnvlyTwuyPjD6vl+7iWE7+BY=; b=j1Rz9FJLlw2FMlu5bnP5ErH3Mi NM0kxDeqqdk7SQetun7UEB0yI0Sl0TtGjFc513WAOg+S6AByl1n7ilKabJ7hklLtFn9lhxt0+bQHK +Y2QLxM2VTVRU110BC8q8ghy86MJKOEIz8LbWo3hORcSr0E17P0Eo49y/N452U5UNVks=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.12] tools/firmware/ovmf: Use OvmfXen platform file is exist Message-Id: Date: Thu, 26 Aug 2021 19:22:12 +0000 commit 7dadebd8d2c8c2a42d0ff3f022a63d6225297058 Author: Anthony PERARD AuthorDate: Tue Jun 1 11:28:03 2021 +0100 Commit: Ian Jackson CommitDate: Wed Aug 25 13:20:08 2021 +0100 tools/firmware/ovmf: Use OvmfXen platform file is exist A platform introduced in EDK II named OvmfXen is now the one to use for Xen instead of OvmfX64. It comes with PVH support. Also, the Xen support in OvmfX64 is deprecated, "deprecation notice: *dynamic* multi-VMM (QEMU vs. Xen) support in OvmfPkg" https://edk2.groups.io/g/devel/message/75498 Signed-off-by: Anthony PERARD Acked-by: Ian Jackson (cherry picked from commit aad7b5c11d51d57659978e04702ac970906894e8) (cherry picked from commit 7988ef515a5eabe74bb5468c8c692e03ee9db8bc) (cherry picked from commit 0aabe44d9c454c265b2bfc1030d58bd8f9ca8c94) (cherry picked from commit b335a5314f251c570f991376a1500737d3e02bb8) --- tools/firmware/ovmf-makefile | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/tools/firmware/ovmf-makefile b/tools/firmware/ovmf-makefile index 55f9992145..637ee509c3 100644 --- a/tools/firmware/ovmf-makefile +++ b/tools/firmware/ovmf-makefile @@ -17,8 +17,14 @@ all: build .PHONY: build build: if test -e .git ; then $(GIT) submodule update --init --recursive ; fi - OvmfPkg/build.sh -a X64 -b $(TARGET) -n 4 - cp Build/OvmfX64/$(TARGET)_GCC*/FV/OVMF.fd ovmf.bin + set -ex; \ + if test -e OvmfPkg/OvmfXen.dsc; then \ + OvmfPkg/build.sh -a X64 -b $(TARGET) -n 4 -p OvmfPkg/OvmfXen.dsc; \ + cp Build/OvmfXen/$(TARGET)_GCC*/FV/OVMF.fd ovmf.bin; \ + else \ + OvmfPkg/build.sh -a X64 -b $(TARGET) -n 4; \ + cp Build/OvmfX64/$(TARGET)_GCC*/FV/OVMF.fd ovmf.bin; \ + fi .PHONY: clean clean: -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.12 From xen-changelog-bounces@lists.xenproject.org Thu Aug 26 19:22:23 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 26 Aug 2021 19:22:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.173170.315959 (Exim 4.92) (envelope-from ) id 1mJKxD-0001i8-De; Thu, 26 Aug 2021 19:22:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 173170.315959; Thu, 26 Aug 2021 19:22:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKxD-0001hw-A5; Thu, 26 Aug 2021 19:22:23 +0000 Received: by outflank-mailman (input) for mailman id 173170; Thu, 26 Aug 2021 19:22:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKxC-0001hh-Kk for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:22:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKxC-0004Hd-Jy for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:22:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mJKxC-0002Bh-Iu for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:22:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=BCVy/ECmrv2pSNqLhARfwM8s8fVvrXHavX5YH10gNic=; b=4nCciGCV5MIZ6laBFCHyv4mUhp mmkIaomAXkFAcSZkEEX7FtCikSezePP8mnFPF1FYIiNiNSmSnKBtEZlP5cSlHePKIfZSuDjSrt9N9 oNodc2+XgpJP8i8/P77GtWtZQiDNqtTwlKKaAEdMy0JFWoYir2J8Fa7/47F4GVjmsfwE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.12] x86: make hypervisor build with gcc11 Message-Id: Date: Thu, 26 Aug 2021 19:22:22 +0000 commit bd52c7e902f4ae20386d6b02c7394ca49d601571 Author: Jan Beulich AuthorDate: Wed Aug 25 15:43:57 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:43:57 2021 +0200 x86: make hypervisor build with gcc11 Gcc 11 looks to make incorrect assumptions about valid ranges that pointers may be used for addressing when they are derived from e.g. a plain constant. See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100680. Utilize RELOC_HIDE() to work around the issue, which for x86 manifests in at least - mpparse.c:efi_check_config(), - tboot.c:tboot_probe(), - tboot.c:tboot_gen_frametable_integrity(), - x86_emulate.c:x86_emulate() (at -O2 only). The last case is particularly odd not just because it only triggers at higher optimization levels, but also because it only affects one of at least three similar constructs. Various "note" diagnostics claim the valid index range to be [0, 2⁶³-1]. Signed-off-by: Jan Beulich Tested-by: Jason Andryuk Acked-by: Roger Pau Monné master commit: 722f59d38c710a940ab05e542a83020eb5546dea master date: 2021-05-27 14:40:29 +0200 --- tools/tests/x86_emulator/x86-emulate.c | 7 +++++++ xen/arch/x86/x86_emulate/x86_emulate.c | 2 +- xen/include/asm-x86/fixmap.h | 2 +- xen/include/xen/compiler.h | 6 ++++++ xen/include/xen/pdx.h | 2 +- 5 files changed, 16 insertions(+), 3 deletions(-) diff --git a/tools/tests/x86_emulator/x86-emulate.c b/tools/tests/x86_emulator/x86-emulate.c index 8132fe7a7c..dc098c9e06 100644 --- a/tools/tests/x86_emulator/x86-emulate.c +++ b/tools/tests/x86_emulator/x86-emulate.c @@ -2,6 +2,13 @@ #include +/* See gcc bug 100680, but here don't bother making this version dependent. */ +#define gcc11_wrap(x) ({ \ + unsigned long x_; \ + __asm__ ( "" : "=g" (x_) : "0" (x) ); \ + (typeof(x))x_; \ +}) + #define cpu_has_amd_erratum(nr) 0 #define cpu_has_mpx false #define read_bndcfgu() 0 diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c index c7c55fa572..88456bec9e 100644 --- a/xen/arch/x86/x86_emulate/x86_emulate.c +++ b/xen/arch/x86/x86_emulate/x86_emulate.c @@ -644,7 +644,7 @@ union vex { #define copy_VEX(ptr, vex) ({ \ if ( !mode_64bit() ) \ (vex).reg |= 8; \ - (ptr)[0 - PFX_BYTES] = ext < ext_8f08 ? 0xc4 : 0x8f; \ + gcc11_wrap(ptr)[0 - PFX_BYTES] = ext < ext_8f08 ? 0xc4 : 0x8f; \ (ptr)[1 - PFX_BYTES] = (vex).raw[0]; \ (ptr)[2 - PFX_BYTES] = (vex).raw[1]; \ container_of((ptr) + 1 - PFX_BYTES, typeof(vex), raw[0]); \ diff --git a/xen/include/asm-x86/fixmap.h b/xen/include/asm-x86/fixmap.h index 16ccaa2c77..d460b71f4f 100644 --- a/xen/include/asm-x86/fixmap.h +++ b/xen/include/asm-x86/fixmap.h @@ -80,7 +80,7 @@ extern void __set_fixmap( #define clear_fixmap(idx) __set_fixmap(idx, 0, 0) -#define __fix_to_virt(x) (FIXADDR_TOP - ((x) << PAGE_SHIFT)) +#define __fix_to_virt(x) gcc11_wrap(FIXADDR_TOP - ((x) << PAGE_SHIFT)) #define __virt_to_fix(x) ((FIXADDR_TOP - ((x)&PAGE_MASK)) >> PAGE_SHIFT) #define fix_to_virt(x) ((void *)__fix_to_virt(x)) diff --git a/xen/include/xen/compiler.h b/xen/include/xen/compiler.h index ff6c0f5cdd..b1c0374dfe 100644 --- a/xen/include/xen/compiler.h +++ b/xen/include/xen/compiler.h @@ -99,6 +99,12 @@ __asm__ ("" : "=r"(__ptr) : "0"(ptr)); \ (typeof(ptr)) (__ptr + (off)); }) +#if __GNUC__ >= 11 /* See gcc bug 100680. */ +# define gcc11_wrap(x) RELOC_HIDE(x, 0) +#else +# define gcc11_wrap(x) (x) +#endif + #ifdef __GCC_ASM_FLAG_OUTPUTS__ # define ASM_FLAG_OUT(yes, no) yes #else diff --git a/xen/include/xen/pdx.h b/xen/include/xen/pdx.h index a151aac1a2..5ed51b5edb 100644 --- a/xen/include/xen/pdx.h +++ b/xen/include/xen/pdx.h @@ -19,7 +19,7 @@ extern u64 pdx_region_mask(u64 base, u64 len); extern void set_pdx_range(unsigned long smfn, unsigned long emfn); #define page_to_pdx(pg) ((pg) - frame_table) -#define pdx_to_page(pdx) (frame_table + (pdx)) +#define pdx_to_page(pdx) gcc11_wrap(frame_table + (pdx)) bool __mfn_valid(unsigned long mfn); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.12 From xen-changelog-bounces@lists.xenproject.org Thu Aug 26 19:22:34 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 26 Aug 2021 19:22:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.173171.315961 (Exim 4.92) (envelope-from ) id 1mJKxO-0001l5-EQ; Thu, 26 Aug 2021 19:22:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 173171.315961; Thu, 26 Aug 2021 19:22:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKxO-0001kx-BU; Thu, 26 Aug 2021 19:22:34 +0000 Received: by outflank-mailman (input) for mailman id 173171; Thu, 26 Aug 2021 19:22:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKxM-0001kl-OS for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:22:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKxM-0004I4-Ne for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:22:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mJKxM-0002DM-Me for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:22:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=d36OMcRbFA1sQNF3o8DJisSBRIb242/HmcvI0AMlYes=; b=TORB5o2pR8mhR+X6jkHOqgIHmb SPWu1BHqbTS6mqiSb4b3iMeS2ipqEX6cFzkGRRt08entbwwYuQfcv5op1JpVIZdjlMeJA2WSJ+cxD RvziPADz+cbtj402MlG5n7OrNothzByeAlSxCKSbWuyn6AXVZqFMEtIzQCkWaswelQA4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.12] x86: work around build issue with GNU ld 2.37 Message-Id: Date: Thu, 26 Aug 2021 19:22:32 +0000 commit 0475382080896460f10a12c72a20369bda1f6728 Author: Jan Beulich AuthorDate: Wed Aug 25 15:44:47 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:44:47 2021 +0200 x86: work around build issue with GNU ld 2.37 I suspect it is commit 40726f16a8d7 ("ld script expression parsing") which broke the hypervisor build, by no longer accepting section names with a dash in them inside ADDR() (and perhaps other script directives expecting just a section name, not an expression): .note.gnu.build-id is such a section. Quoting all section names passed to ADDR() via DECL_SECTION() works around the regression. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: 58ad654ebce7ccb272a3f4f3482c03aaad850d31 master date: 2021-07-27 15:03:29 +0100 --- xen/arch/x86/xen.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index 771f474665..3a63f1a9e2 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -21,7 +21,7 @@ ENTRY(efi_start) #define FORMAT "elf64-x86-64" #define SECTION_ALIGN PAGE_SIZE -#define DECL_SECTION(x) x : AT(ADDR(x) - __XEN_VIRT_START) +#define DECL_SECTION(x) x : AT(ADDR(#x) - __XEN_VIRT_START) ENTRY(start_pa) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.12 From xen-changelog-bounces@lists.xenproject.org Thu Aug 26 19:22:44 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 26 Aug 2021 19:22:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.173172.315965 (Exim 4.92) (envelope-from ) id 1mJKxY-0001oE-Fq; Thu, 26 Aug 2021 19:22:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 173172.315965; Thu, 26 Aug 2021 19:22:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKxY-0001o6-Cx; Thu, 26 Aug 2021 19:22:44 +0000 Received: by outflank-mailman (input) for mailman id 173172; Thu, 26 Aug 2021 19:22:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKxW-0001nT-SD for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:22:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKxW-0004IE-RQ for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:22:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mJKxW-0002Ee-QR for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:22:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=j14a98wM96+v0ozUFFQMS+OyIqlkj4GbLRIU8eb9LQ8=; b=4IoZdf+90gbi52jRYhgwnjp8GE 2acXiF9WcklrCXbfvhsWmM/z4DLdw4/pYkecIDO+y8TxEE52odeS2hUCijaNluQ41lJicf+RCDghX JvalU704r2pAwyZcVXOkyR+5zzDaXqCO2jY64YAPSpjaYXLQLzp5PuhPA9OAxHLxjf30=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.12] x86/p2m: fix PoD accounting in guest_physmap_add_entry() Message-Id: Date: Thu, 26 Aug 2021 19:22:42 +0000 commit 2f4cfe5a234b4f788aad93e08b9994c87d09343e Author: Jan Beulich AuthorDate: Wed Aug 25 15:45:21 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:45:21 2021 +0200 x86/p2m: fix PoD accounting in guest_physmap_add_entry() The initial observation was that the mfn_valid() check comes too late: Neither mfn_add() nor mfn_to_page() (let alone de-referencing the result of the latter) are valid for MFNs failing this check. Move it up and - noticing that there's no caller doing so - also add an assertion that this should never produce "false" here. In turn this would have meant that the "else" to that if() could now go away, which didn't seem right at all. And indeed, considering callers like memory_exchange() or various grant table functions, the PoD accounting should have been outside of that if() from the very beginning. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: aea270e3f7c0db696c88a0e94b1ece7abd339c84 master date: 2020-02-21 17:14:38 +0100 --- xen/arch/x86/mm/p2m.c | 36 ++++++++++++++---------------------- 1 file changed, 14 insertions(+), 22 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 25ce19f20b..eb5e340577 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -864,6 +864,12 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, if ( p2m_is_foreign(t) ) return -EINVAL; + if ( !mfn_valid(mfn) ) + { + ASSERT_UNREACHABLE(); + return -EINVAL; + } + p2m_lock(p2m); P2M_DEBUG("adding gfn=%#lx mfn=%#lx\n", gfn_x(gfn), mfn_x(mfn)); @@ -963,12 +969,15 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, } /* Now, actually do the two-way mapping */ - if ( mfn_valid(mfn) ) + rc = p2m_set_entry(p2m, gfn, mfn, page_order, t, p2m->default_access); + if ( rc == 0 ) { - rc = p2m_set_entry(p2m, gfn, mfn, page_order, t, - p2m->default_access); - if ( rc ) - goto out; /* Failed to update p2m, bail without updating m2p. */ +#ifdef CONFIG_HVM + pod_lock(p2m); + p2m->pod.entry_count -= pod_count; + BUG_ON(p2m->pod.entry_count < 0); + pod_unlock(p2m); +#endif if ( !p2m_is_grant(t) ) { @@ -977,24 +986,7 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, gfn_x(gfn_add(gfn, i))); } } - else - { - gdprintk(XENLOG_WARNING, "Adding bad mfn to p2m map (%#lx -> %#lx)\n", - gfn_x(gfn), mfn_x(mfn)); - rc = p2m_set_entry(p2m, gfn, INVALID_MFN, page_order, - p2m_invalid, p2m->default_access); -#ifdef CONFIG_HVM - if ( rc == 0 ) - { - pod_lock(p2m); - p2m->pod.entry_count -= pod_count; - BUG_ON(p2m->pod.entry_count < 0); - pod_unlock(p2m); - } -#endif - } -out: p2m_unlock(p2m); return rc; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.12 From xen-changelog-bounces@lists.xenproject.org Thu Aug 26 19:22:54 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 26 Aug 2021 19:22:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.173173.315970 (Exim 4.92) (envelope-from ) id 1mJKxi-0001rd-Hh; Thu, 26 Aug 2021 19:22:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 173173.315970; Thu, 26 Aug 2021 19:22:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKxi-0001rV-ES; Thu, 26 Aug 2021 19:22:54 +0000 Received: by outflank-mailman (input) for mailman id 173173; Thu, 26 Aug 2021 19:22:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKxg-0001r4-W4 for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:22:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKxg-0004IO-VG for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:22:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mJKxg-0002Fr-UI for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:22:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=m+NffutZg6VrN54IvAeZ4bLH4mCpN8YpIADXc255nvw=; b=6X9xZ4Etkop0dl1DS6+UHKlKYC iZL6gKchZTxKXWtg1PmqBJ1/TFH/3P3o4jBn9xsuJhka3A6kfKRbiEQVrMzaZAOF0yCJpMpTlVYTc W7zzIsMJITp1MKX0Ei00bGmttsPsgPN6Kq0Z7XhN+83P6bN7poUsztkLEq2+KoUTDRIs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.12] x86/p2m: don't ignore p2m_remove_page()'s return value Message-Id: Date: Thu, 26 Aug 2021 19:22:52 +0000 commit 05e64a6ce8653d83e84e8cc06ecb3fce1220bb75 Author: Jan Beulich AuthorDate: Wed Aug 25 15:45:35 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:45:35 2021 +0200 x86/p2m: don't ignore p2m_remove_page()'s return value It's not very nice to return from guest_physmap_add_entry() after perhaps already having made some changes to the P2M, but this is pre- existing practice in the function, and imo better than ignoring errors. Take the liberty and replace an mfn_add() instance with a local variable already holding the result (as proven by the check immediately ahead). Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Acked-by: Andrew Cooper master commit: a6b051a87a586347969bfbaa6925ac0f0c845413 master date: 2020-04-03 10:56:10 +0200 --- xen/arch/x86/mm/p2m.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index eb5e340577..ce6e1a913d 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -772,8 +772,7 @@ void p2m_final_teardown(struct domain *d) p2m_teardown_hostp2m(d); } - -static int +static int __must_check p2m_remove_page(struct p2m_domain *p2m, unsigned long gfn_l, unsigned long mfn, unsigned int page_order) { @@ -961,9 +960,9 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, ASSERT(mfn_valid(omfn)); P2M_DEBUG("old gfn=%#lx -> mfn %#lx\n", gfn_x(ogfn) , mfn_x(omfn)); - if ( mfn_eq(omfn, mfn_add(mfn, i)) ) - p2m_remove_page(p2m, gfn_x(ogfn), mfn_x(mfn_add(mfn, i)), - 0); + if ( mfn_eq(omfn, mfn_add(mfn, i)) && + (rc = p2m_remove_page(p2m, gfn_x(ogfn), mfn_x(omfn), 0)) ) + goto out; } } } @@ -987,6 +986,7 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, } } + out: p2m_unlock(p2m); return rc; @@ -2646,9 +2646,9 @@ int p2m_change_altp2m_gfn(struct domain *d, unsigned int idx, if ( gfn_eq(new_gfn, INVALID_GFN) ) { - if ( mfn_valid(mfn) ) - p2m_remove_page(ap2m, gfn_x(old_gfn), mfn_x(mfn), PAGE_ORDER_4K); - rc = 0; + rc = mfn_valid(mfn) + ? p2m_remove_page(ap2m, gfn_x(old_gfn), mfn_x(mfn), PAGE_ORDER_4K) + : 0; goto out; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.12 From xen-changelog-bounces@lists.xenproject.org Thu Aug 26 19:23:04 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 26 Aug 2021 19:23:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.173174.315973 (Exim 4.92) (envelope-from ) id 1mJKxs-0001uW-JX; Thu, 26 Aug 2021 19:23:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 173174.315973; Thu, 26 Aug 2021 19:23:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKxs-0001uK-GB; Thu, 26 Aug 2021 19:23:04 +0000 Received: by outflank-mailman (input) for mailman id 173174; Thu, 26 Aug 2021 19:23:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKxr-0001u8-3S for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:23:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKxr-0004Iu-2d for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:23:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mJKxr-0002Ic-1h for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:23:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ySZBIbqUFcSdgaxBheP3hQ8KHU6tvb/+d5MFOrs8A4w=; b=Hka6PfxkU7M0PTRh3HxkQ5ZYV0 vuVTSfLKGMqo0VG6mZKCBaisOaqiG1v53nflEH5Uav73otfAYFRdLZhHiiBncSWKke5m5JGzHrm/f IIWoEOYzdcWGmDBaQJIgLvkbTNZwP3/4iL7pciao4RHSz65ipAg/WZ5V1MWMCm1fEppY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.12] x86/p2m: don't assert that the passed in MFN matches for a remove Message-Id: Date: Thu, 26 Aug 2021 19:23:03 +0000 commit d44643199c96ac22491ae002d3bcd1c989b95ea4 Author: Jan Beulich AuthorDate: Wed Aug 25 15:45:49 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:45:49 2021 +0200 x86/p2m: don't assert that the passed in MFN matches for a remove guest_physmap_remove_page() gets handed an MFN from the outside, yet takes the necessary lock to prevent further changes to the GFN <-> MFN mapping itself. While some callers, in particular guest_remove_page() (by way of having called get_gfn_query()), hold the GFN lock already, various others (most notably perhaps the 2nd instance in xenmem_add_to_physmap_one()) don't. While it also is an option to fix all the callers, deal with the issue in p2m_remove_page() instead: Replace the ASSERT() by a conditional and split the loop into two, such that all checking gets done before any modification would occur. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Acked-by: Andrew Cooper master commit: c65ea16dbcafbe4fe21693b18f8c2a3c5d14600e master date: 2020-04-03 10:56:55 +0200 --- xen/arch/x86/mm/p2m.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index ce6e1a913d..6ebc2d33de 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -778,7 +778,6 @@ p2m_remove_page(struct p2m_domain *p2m, unsigned long gfn_l, unsigned long mfn, { unsigned long i; gfn_t gfn = _gfn(gfn_l); - mfn_t mfn_return; p2m_type_t t; p2m_access_t a; @@ -789,15 +788,26 @@ p2m_remove_page(struct p2m_domain *p2m, unsigned long gfn_l, unsigned long mfn, ASSERT(gfn_locked_by_me(p2m, gfn)); P2M_DEBUG("removing gfn=%#lx mfn=%#lx\n", gfn_l, mfn); + for ( i = 0; i < (1UL << page_order); ) + { + unsigned int cur_order; + mfn_t mfn_return = p2m->get_entry(p2m, gfn_add(gfn, i), &t, &a, 0, + &cur_order, NULL); + + if ( p2m_is_valid(t) && + (!mfn_valid(_mfn(mfn)) || mfn + i != mfn_x(mfn_return)) ) + return -EILSEQ; + + i += (1UL << cur_order) - ((gfn_l + i) & ((1UL << cur_order) - 1)); + } + if ( mfn_valid(_mfn(mfn)) ) { for ( i = 0; i < (1UL << page_order); i++ ) { - mfn_return = p2m->get_entry(p2m, gfn_add(gfn, i), &t, &a, 0, - NULL, NULL); + p2m->get_entry(p2m, gfn_add(gfn, i), &t, &a, 0, NULL, NULL); if ( !p2m_is_grant(t) && !p2m_is_shared(t) && !p2m_is_foreign(t) ) set_gpfn_from_mfn(mfn+i, INVALID_M2P_ENTRY); - ASSERT( !p2m_is_valid(t) || mfn + i == mfn_x(mfn_return) ); } } return p2m_set_entry(p2m, gfn, INVALID_MFN, page_order, p2m_invalid, -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.12 From xen-changelog-bounces@lists.xenproject.org Thu Aug 26 19:23:14 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 26 Aug 2021 19:23:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.173175.315977 (Exim 4.92) (envelope-from ) id 1mJKy2-0001xr-M8; Thu, 26 Aug 2021 19:23:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 173175.315977; Thu, 26 Aug 2021 19:23:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKy2-0001xi-Ix; Thu, 26 Aug 2021 19:23:14 +0000 Received: by outflank-mailman (input) for mailman id 173175; Thu, 26 Aug 2021 19:23:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKy1-0001xT-7c for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:23:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKy1-0004J8-6m for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:23:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mJKy1-0002Jv-5M for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:23:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=oienQmidiVhAR6fatReagyV2h8iM6d+irycIx/W/ubA=; b=wJApWLFbSYMpsmZK79JilHtc1P wB2Z7M5VeceaHdsc3VJSiyaPrNuUHIjZMdVYFOg4k+OVLXu1/fi1Vh8EbOMvwYRrlKdvPS9bzy7Qh CC2TD58HT2qVJ3k9LRb8t4veu/rPRC7sNXEp4AcQc4hJpW/bAkx+JDCQzPJw+ZuKimCE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.12] AMD/IOMMU: correct global exclusion range extending Message-Id: Date: Thu, 26 Aug 2021 19:23:13 +0000 commit dd59be6857707a61f73612ce73e0192921b58427 Author: Jan Beulich AuthorDate: Wed Aug 25 15:47:36 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:47:36 2021 +0200 AMD/IOMMU: correct global exclusion range extending Besides unity mapping regions, the AMD IOMMU spec also provides for exclusion ranges (areas of memory not to be subject to DMA translation) to be specified by firmware in the ACPI tables. The spec does not put any constraints on the number of such regions. Blindly assuming all addresses between any two such ranges should also be excluded can't be right. Since hardware has room for just a single such range (comprised of the Exclusion Base Register and the Exclusion Range Limit Register), combine only adjacent or overlapping regions (for now; this may require further adjustment in case table entries aren't sorted by address) with matching exclusion_allow_all settings. This requires bubbling up error indicators, such that IOMMU init can be failed when concatenation wasn't possible. Furthermore, since the exclusion range specified in IOMMU registers implies R/W access, reject requests asking for less permissions (this will be brought closer to the spec by a subsequent change). This is part of XSA-378 / CVE-2021-28695. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: b02c5c88982411be11e3413159862f255f1f39dc master date: 2021-08-25 14:12:13 +0200 --- xen/drivers/passthrough/amd/iommu_acpi.c | 45 +++++++++++++++++++++----------- 1 file changed, 30 insertions(+), 15 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c b/xen/drivers/passthrough/amd/iommu_acpi.c index 64d10481d7..9f7659340a 100644 --- a/xen/drivers/passthrough/amd/iommu_acpi.c +++ b/xen/drivers/passthrough/amd/iommu_acpi.c @@ -98,12 +98,21 @@ static struct amd_iommu * __init find_iommu_from_bdf_cap( return NULL; } -static void __init reserve_iommu_exclusion_range( - struct amd_iommu *iommu, uint64_t base, uint64_t limit) +static int __init reserve_iommu_exclusion_range( + struct amd_iommu *iommu, uint64_t base, uint64_t limit, + bool all, bool iw, bool ir) { + if ( !ir || !iw ) + return -EPERM; + /* need to extend exclusion range? */ if ( iommu->exclusion_enable ) { + if ( iommu->exclusion_limit + PAGE_SIZE < base || + limit + PAGE_SIZE < iommu->exclusion_base || + iommu->exclusion_allow_all != all ) + return -EBUSY; + if ( iommu->exclusion_base < base ) base = iommu->exclusion_base; if ( iommu->exclusion_limit > limit ) @@ -111,16 +120,11 @@ static void __init reserve_iommu_exclusion_range( } iommu->exclusion_enable = IOMMU_CONTROL_ENABLED; + iommu->exclusion_allow_all = all; iommu->exclusion_base = base; iommu->exclusion_limit = limit; -} -static void __init reserve_iommu_exclusion_range_all( - struct amd_iommu *iommu, - unsigned long base, unsigned long limit) -{ - reserve_iommu_exclusion_range(iommu, base, limit); - iommu->exclusion_allow_all = IOMMU_CONTROL_ENABLED; + return 0; } static void __init reserve_unity_map_for_device( @@ -158,6 +162,7 @@ static int __init register_exclusion_range_for_all_devices( unsigned long range_top, iommu_top, length; struct amd_iommu *iommu; unsigned int bdf; + int rc = 0; /* is part of exclusion range inside of IOMMU virtual address space? */ /* note: 'limit' parameter is assumed to be page-aligned */ @@ -179,10 +184,15 @@ static int __init register_exclusion_range_for_all_devices( if ( limit >= iommu_top ) { for_each_amd_iommu( iommu ) - reserve_iommu_exclusion_range_all(iommu, base, limit); + { + rc = reserve_iommu_exclusion_range(iommu, base, limit, + true /* all */, iw, ir); + if ( rc ) + break; + } } - return 0; + return rc; } static int __init register_exclusion_range_for_device( @@ -193,6 +203,7 @@ static int __init register_exclusion_range_for_device( unsigned long range_top, iommu_top, length; struct amd_iommu *iommu; u16 req; + int rc = 0; iommu = find_iommu_for_device(seg, bdf); if ( !iommu ) @@ -222,12 +233,13 @@ static int __init register_exclusion_range_for_device( /* register IOMMU exclusion range settings for device */ if ( limit >= iommu_top ) { - reserve_iommu_exclusion_range(iommu, base, limit); + rc = reserve_iommu_exclusion_range(iommu, base, limit, + false /* all */, iw, ir); ivrs_mappings[bdf].dte_allow_exclusion = IOMMU_CONTROL_ENABLED; ivrs_mappings[req].dte_allow_exclusion = IOMMU_CONTROL_ENABLED; } - return 0; + return rc; } static int __init register_exclusion_range_for_iommu_devices( @@ -237,6 +249,7 @@ static int __init register_exclusion_range_for_iommu_devices( unsigned long range_top, iommu_top, length; unsigned int bdf; u16 req; + int rc = 0; /* is part of exclusion range inside of IOMMU virtual address space? */ /* note: 'limit' parameter is assumed to be page-aligned */ @@ -267,8 +280,10 @@ static int __init register_exclusion_range_for_iommu_devices( /* register IOMMU exclusion range settings */ if ( limit >= iommu_top ) - reserve_iommu_exclusion_range_all(iommu, base, limit); - return 0; + rc = reserve_iommu_exclusion_range(iommu, base, limit, + true /* all */, iw, ir); + + return rc; } static int __init parse_ivmd_device_select( -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.12 From xen-changelog-bounces@lists.xenproject.org Thu Aug 26 19:23:24 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 26 Aug 2021 19:23:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.173176.315981 (Exim 4.92) (envelope-from ) id 1mJKyC-00020Z-Nb; Thu, 26 Aug 2021 19:23:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 173176.315981; Thu, 26 Aug 2021 19:23:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKyC-00020R-Kd; Thu, 26 Aug 2021 19:23:24 +0000 Received: by outflank-mailman (input) for mailman id 173176; Thu, 26 Aug 2021 19:23:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKyB-00020A-BW for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:23:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKyB-0004JJ-Am for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:23:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mJKyB-0002LH-9a for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:23:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=RciTOpr0OFgzJKkZ40vbCU5smwk0CI/RBcJqBoZDPFI=; b=RggY+U7SVolG9VBoJH5qxDS2L8 oSqWqfvg4T+seAu5gc5NkhFZHP87RVMGdKcF+Q9UU6lJToPH0H9LEsghHPzW/3M7J8n6Oz25Oz36z bymHMDx0eWtJUYqeg2kQ7KxIXBoPWpf+PAC13zSQ6liff6QQuJ4GL6KRLpYXOc4/wk68=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.12] AMD/IOMMU: correct device unity map handling Message-Id: Date: Thu, 26 Aug 2021 19:23:23 +0000 commit 724eebcaeb6663915ef5cff7ccffe2301e47f7c6 Author: Jan Beulich AuthorDate: Wed Aug 25 15:47:52 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:47:52 2021 +0200 AMD/IOMMU: correct device unity map handling Blindly assuming all addresses between any two such ranges, specified by firmware in the ACPI tables, should also be unity-mapped can't be right. Nor can it be correct to merge ranges with differing permissions. Track ranges individually; don't merge at all, but check for overlaps instead. This requires bubbling up error indicators, such that IOMMU init can be failed when allocation of a new tracking struct wasn't possible, or an overlap was detected. At this occasion also stop ignoring amd_iommu_reserve_domain_unity_map()'s return value. This is part of XSA-378 / CVE-2021-28695. Signed-off-by: Jan Beulich Reviewed-by: George Dunlap Reviewed-by: Paul Durrant master commit: 34750a3eb022462cdd1c36e8ef9049d3d73c824c master date: 2021-08-25 14:15:11 +0200 --- xen/drivers/passthrough/amd/iommu_acpi.c | 80 +++++++++++++++++------------ xen/drivers/passthrough/amd/iommu_init.c | 1 - xen/drivers/passthrough/amd/pci_amd_iommu.c | 16 +++--- xen/include/asm-x86/amd-iommu.h | 14 +++-- 4 files changed, 66 insertions(+), 45 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c b/xen/drivers/passthrough/amd/iommu_acpi.c index 9f7659340a..a477877f32 100644 --- a/xen/drivers/passthrough/amd/iommu_acpi.c +++ b/xen/drivers/passthrough/amd/iommu_acpi.c @@ -127,32 +127,48 @@ static int __init reserve_iommu_exclusion_range( return 0; } -static void __init reserve_unity_map_for_device( - u16 seg, u16 bdf, unsigned long base, - unsigned long length, u8 iw, u8 ir) +static int __init reserve_unity_map_for_device( + uint16_t seg, uint16_t bdf, unsigned long base, + unsigned long length, bool iw, bool ir) { struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(seg); - unsigned long old_top, new_top; + struct ivrs_unity_map *unity_map = ivrs_mappings[bdf].unity_map; - /* need to extend unity-mapped range? */ - if ( ivrs_mappings[bdf].unity_map_enable ) + /* Check for overlaps. */ + for ( ; unity_map; unity_map = unity_map->next ) { - old_top = ivrs_mappings[bdf].addr_range_start + - ivrs_mappings[bdf].addr_range_length; - new_top = base + length; - if ( old_top > new_top ) - new_top = old_top; - if ( ivrs_mappings[bdf].addr_range_start < base ) - base = ivrs_mappings[bdf].addr_range_start; - length = new_top - base; + /* + * Exact matches are okay. This can in particular happen when + * register_exclusion_range_for_device() calls here twice for the + * same (s,b,d,f). + */ + if ( base == unity_map->addr && length == unity_map->length && + ir == unity_map->read && iw == unity_map->write ) + return 0; + + if ( unity_map->addr + unity_map->length > base && + base + length > unity_map->addr ) + { + AMD_IOMMU_DEBUG("IVMD Error: overlap [%lx,%lx) vs [%lx,%lx)\n", + base, base + length, unity_map->addr, + unity_map->addr + unity_map->length); + return -EPERM; + } } - /* extend r/w permissioms and keep aggregate */ - ivrs_mappings[bdf].write_permission = iw; - ivrs_mappings[bdf].read_permission = ir; - ivrs_mappings[bdf].unity_map_enable = IOMMU_CONTROL_ENABLED; - ivrs_mappings[bdf].addr_range_start = base; - ivrs_mappings[bdf].addr_range_length = length; + /* Populate and insert a new unity map. */ + unity_map = xmalloc(struct ivrs_unity_map); + if ( !unity_map ) + return -ENOMEM; + + unity_map->read = ir; + unity_map->write = iw; + unity_map->addr = base; + unity_map->length = length; + unity_map->next = ivrs_mappings[bdf].unity_map; + ivrs_mappings[bdf].unity_map = unity_map; + + return 0; } static int __init register_exclusion_range_for_all_devices( @@ -175,13 +191,13 @@ static int __init register_exclusion_range_for_all_devices( length = range_top - base; /* reserve r/w unity-mapped page entries for devices */ /* note: these entries are part of the exclusion range */ - for ( bdf = 0; bdf < ivrs_bdf_entries; bdf++ ) - reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); + for ( bdf = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) + rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); /* push 'base' just outside of virtual address space */ base = iommu_top; } /* register IOMMU exclusion range settings */ - if ( limit >= iommu_top ) + if ( !rc && limit >= iommu_top ) { for_each_amd_iommu( iommu ) { @@ -223,15 +239,15 @@ static int __init register_exclusion_range_for_device( length = range_top - base; /* reserve unity-mapped page entries for device */ /* note: these entries are part of the exclusion range */ - reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); - reserve_unity_map_for_device(seg, req, base, length, iw, ir); + rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir) ?: + reserve_unity_map_for_device(seg, req, base, length, iw, ir); /* push 'base' just outside of virtual address space */ base = iommu_top; } /* register IOMMU exclusion range settings for device */ - if ( limit >= iommu_top ) + if ( !rc && limit >= iommu_top ) { rc = reserve_iommu_exclusion_range(iommu, base, limit, false /* all */, iw, ir); @@ -262,15 +278,15 @@ static int __init register_exclusion_range_for_iommu_devices( length = range_top - base; /* reserve r/w unity-mapped page entries for devices */ /* note: these entries are part of the exclusion range */ - for ( bdf = 0; bdf < ivrs_bdf_entries; bdf++ ) + for ( bdf = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) { if ( iommu == find_iommu_for_device(iommu->seg, bdf) ) { - reserve_unity_map_for_device(iommu->seg, bdf, base, length, - iw, ir); req = get_ivrs_mappings(iommu->seg)[bdf].dte_requestor_id; - reserve_unity_map_for_device(iommu->seg, req, base, length, - iw, ir); + rc = reserve_unity_map_for_device(iommu->seg, bdf, base, length, + iw, ir) ?: + reserve_unity_map_for_device(iommu->seg, req, base, length, + iw, ir); } } @@ -279,7 +295,7 @@ static int __init register_exclusion_range_for_iommu_devices( } /* register IOMMU exclusion range settings */ - if ( limit >= iommu_top ) + if ( !rc && limit >= iommu_top ) rc = reserve_iommu_exclusion_range(iommu, base, limit, true /* all */, iw, ir); diff --git a/xen/drivers/passthrough/amd/iommu_init.c b/xen/drivers/passthrough/amd/iommu_init.c index 98298f0bf0..62a0f935b5 100644 --- a/xen/drivers/passthrough/amd/iommu_init.c +++ b/xen/drivers/passthrough/amd/iommu_init.c @@ -1189,7 +1189,6 @@ static int __init alloc_ivrs_mappings(u16 seg) { ivrs_mappings[bdf].dte_requestor_id = bdf; ivrs_mappings[bdf].dte_allow_exclusion = IOMMU_CONTROL_DISABLED; - ivrs_mappings[bdf].unity_map_enable = IOMMU_CONTROL_DISABLED; ivrs_mappings[bdf].iommu = NULL; ivrs_mappings[bdf].intremap_table = NULL; diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index a0555e30a4..2aab4bc16e 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -346,15 +346,17 @@ static int amd_iommu_assign_device(struct domain *d, u8 devfn, struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); int bdf = PCI_BDF2(pdev->bus, devfn); int req_id = get_dma_requestor_id(pdev->seg, bdf); + const struct ivrs_unity_map *unity_map; - if ( ivrs_mappings[req_id].unity_map_enable ) + for ( unity_map = ivrs_mappings[req_id].unity_map; unity_map; + unity_map = unity_map->next ) { - amd_iommu_reserve_domain_unity_map( - d, - ivrs_mappings[req_id].addr_range_start, - ivrs_mappings[req_id].addr_range_length, - ivrs_mappings[req_id].write_permission, - ivrs_mappings[req_id].read_permission); + int rc = amd_iommu_reserve_domain_unity_map( + d, unity_map->addr, unity_map->length, + unity_map->write, unity_map->read); + + if ( rc ) + return rc; } return reassign_device(pdev->domain, d, devfn, pdev); diff --git a/xen/include/asm-x86/amd-iommu.h b/xen/include/asm-x86/amd-iommu.h index 02715b482b..1bba272379 100644 --- a/xen/include/asm-x86/amd-iommu.h +++ b/xen/include/asm-x86/amd-iommu.h @@ -108,15 +108,19 @@ struct amd_iommu { struct list_head ats_devices; }; +struct ivrs_unity_map { + bool read:1; + bool write:1; + paddr_t addr; + unsigned long length; + struct ivrs_unity_map *next; +}; + struct ivrs_mappings { u16 dte_requestor_id; u8 dte_allow_exclusion; - u8 unity_map_enable; - u8 write_permission; - u8 read_permission; - unsigned long addr_range_start; - unsigned long addr_range_length; struct amd_iommu *iommu; + struct ivrs_unity_map *unity_map; /* per device interrupt remapping table */ void *intremap_table; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.12 From xen-changelog-bounces@lists.xenproject.org Thu Aug 26 19:23:34 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 26 Aug 2021 19:23:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.173177.315985 (Exim 4.92) (envelope-from ) id 1mJKyM-00023J-PE; Thu, 26 Aug 2021 19:23:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 173177.315985; Thu, 26 Aug 2021 19:23:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKyM-00023B-MA; Thu, 26 Aug 2021 19:23:34 +0000 Received: by outflank-mailman (input) for mailman id 173177; Thu, 26 Aug 2021 19:23:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKyL-00022n-FI for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:23:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKyL-0004Jl-Ea for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:23:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mJKyL-0002Mh-Dd for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:23:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=QJQ6zBVeh7Wmxd1fki6P5/E94s7vogjOg113t6BETr4=; b=QVWCudVnQC4dVHDbB/gWE8GZ34 1oQgshJiuCpncmxlqUChE3FQuSQyPAViugrswHUB0kebT20N2Ld/rHS12Iju3zlEVZ+jWQhe/y3Pc jLzau13gR7UirmR7N2oMPHIX28+EMHIxU1Bd1M65bfxL4afmgT7zIRCxcm3rkXyKMVOY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.12] IOMMU: also pass p2m_access_t to p2m_get_iommu_flags() Message-Id: Date: Thu, 26 Aug 2021 19:23:33 +0000 commit aac5e505b97f727cef00ce2d9f082108d1186a5d Author: Jan Beulich AuthorDate: Wed Aug 25 15:48:15 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:48:15 2021 +0200 IOMMU: also pass p2m_access_t to p2m_get_iommu_flags() A subsequent change will want to customize the IOMMU permissions based on this. This is part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: d1bb6c97c31ef754fb29b29eb307c090414e8022 master date: 2021-08-25 14:15:32 +0200 --- xen/arch/x86/mm/p2m-ept.c | 6 +++--- xen/arch/x86/mm/p2m-pt.c | 19 ++++++++++++++++--- xen/include/asm-x86/p2m.h | 3 ++- 3 files changed, 21 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/mm/p2m-ept.c b/xen/arch/x86/mm/p2m-ept.c index 5822ca77ca..72728d1890 100644 --- a/xen/arch/x86/mm/p2m-ept.c +++ b/xen/arch/x86/mm/p2m-ept.c @@ -672,7 +672,7 @@ ept_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, uint8_t ipat = 0; bool_t need_modify_vtd_table = 1; bool_t vtd_pte_present = 0; - unsigned int iommu_flags = p2m_get_iommu_flags(p2mt, mfn); + unsigned int iommu_flags = p2m_get_iommu_flags(p2mt, p2ma, mfn); bool_t needs_sync = 1; ept_entry_t old_entry = { .epte = 0 }; ept_entry_t new_entry = { .epte = 0 }; @@ -799,8 +799,8 @@ ept_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, /* Safe to read-then-write because we hold the p2m lock */ if ( ept_entry->mfn == new_entry.mfn && - p2m_get_iommu_flags(ept_entry->sa_p2mt, _mfn(ept_entry->mfn)) == - iommu_flags ) + p2m_get_iommu_flags(ept_entry->sa_p2mt, ept_entry->access, + _mfn(ept_entry->mfn)) == iommu_flags ) need_modify_vtd_table = 0; ept_p2m_type_to_flags(p2m, &new_entry, p2mt, p2ma); diff --git a/xen/arch/x86/mm/p2m-pt.c b/xen/arch/x86/mm/p2m-pt.c index 0629cd530e..442321f19e 100644 --- a/xen/arch/x86/mm/p2m-pt.c +++ b/xen/arch/x86/mm/p2m-pt.c @@ -512,6 +512,16 @@ int p2m_pt_handle_deferred_changes(uint64_t gpa) return rc; } +/* Reconstruct a fake p2m_access_t from stored PTE flags. */ +static p2m_access_t p2m_flags_to_access(unsigned int flags) +{ + if ( flags & _PAGE_PRESENT ) + return p2m_access_n; + + /* No need to look at _PAGE_NX for now. */ + return flags & _PAGE_RW ? p2m_access_rw : p2m_access_r; +} + /* Checks only applicable to entries with order > PAGE_ORDER_4K */ static void check_entry(mfn_t mfn, p2m_type_t new, p2m_type_t old, unsigned int order) @@ -546,7 +556,7 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, l2_pgentry_t l2e_content; l3_pgentry_t l3e_content; int rc; - unsigned int iommu_pte_flags = p2m_get_iommu_flags(p2mt, mfn); + unsigned int iommu_pte_flags = p2m_get_iommu_flags(p2mt, p2ma, mfn); /* * old_mfn and iommu_old_flags control possible flush/update needs on the * IOMMU: We need to flush when MFN or flags (i.e. permissions) change. @@ -609,6 +619,7 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, old_mfn = l1e_get_pfn(*p2m_entry); iommu_old_flags = p2m_get_iommu_flags(p2m_flags_to_type(flags), + p2m_flags_to_access(flags), _mfn(old_mfn)); } else @@ -654,9 +665,10 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, 0, L1_PAGETABLE_ENTRIES); ASSERT(p2m_entry); old_mfn = l1e_get_pfn(*p2m_entry); + flags = l1e_get_flags(*p2m_entry); iommu_old_flags = - p2m_get_iommu_flags(p2m_flags_to_type(l1e_get_flags(*p2m_entry)), - _mfn(old_mfn)); + p2m_get_iommu_flags(p2m_flags_to_type(flags), + p2m_flags_to_access(flags), _mfn(old_mfn)); if ( mfn_valid(mfn) || p2m_allows_invalid_mfn(p2mt) ) entry_content = p2m_l1e_from_pfn(mfn_x(mfn), @@ -687,6 +699,7 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, old_mfn = l1e_get_pfn(*p2m_entry); iommu_old_flags = p2m_get_iommu_flags(p2m_flags_to_type(flags), + p2m_flags_to_access(flags), _mfn(old_mfn)); } else diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index 1a38c05537..814b1eb125 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -899,7 +899,8 @@ static inline void p2m_altp2m_check(struct vcpu *v, uint16_t idx) {} /* * p2m type to IOMMU flags */ -static inline unsigned int p2m_get_iommu_flags(p2m_type_t p2mt, mfn_t mfn) +static inline unsigned int p2m_get_iommu_flags(p2m_type_t p2mt, + p2m_access_t p2ma, mfn_t mfn) { unsigned int flags; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.12 From xen-changelog-bounces@lists.xenproject.org Thu Aug 26 19:23:44 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 26 Aug 2021 19:23:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.173178.315989 (Exim 4.92) (envelope-from ) id 1mJKyW-00026U-Qt; Thu, 26 Aug 2021 19:23:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 173178.315989; Thu, 26 Aug 2021 19:23:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKyW-00026M-Nk; Thu, 26 Aug 2021 19:23:44 +0000 Received: by outflank-mailman (input) for mailman id 173178; Thu, 26 Aug 2021 19:23:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKyV-00026C-JL for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:23:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKyV-0004Jz-IX for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:23:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mJKyV-0002Nq-Hf for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:23:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=l6bcoELY4sH6gRHEKqO0Q4rJUP2vS+6JpXjb2XmT6YE=; b=BjReK3FOziySgj6uG9qW16IyiA NZuU93+iVIKnva5Qg9Ffh/mBoDTkAkcOAFWOIS16s+/42ju7easP7AIdnlJz61+91bohc8pHE8TjE owZzJO++wCcLfPwjscKAUrqjaK7afV/GShE4yMspmQ0Snsmeptj1O3SS/wWlNQqT1ze0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.12] IOMMU: generalize VT-d's tracking of mapped RMRR regions Message-Id: Date: Thu, 26 Aug 2021 19:23:43 +0000 commit 1f5c2371eba98dafd7abd2a34613abe6ca3204f5 Author: Jan Beulich AuthorDate: Wed Aug 25 15:48:35 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:48:35 2021 +0200 IOMMU: generalize VT-d's tracking of mapped RMRR regions In order to re-use it elsewhere, move the logic to vendor independent code and strip it of RMRR specifics. Note that the prior "map" parameter gets folded into the new "p2ma" one (which AMD IOMMU code will want to make use of), assigning alternative meaning ("unmap") to p2m_access_x. Prepare set_identity_p2m_entry() and p2m_get_iommu_flags() for getting passed access types other than p2m_access_rw (in the latter case just for p2m_mmio_direct requests). Note also that, to be on the safe side, an overlap check gets added to the main loop of iommu_identity_mapping(). This is part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: c0e19d7c6c42f0bfccccd96b4f7b03b5515e10fc master date: 2021-08-25 14:15:57 +0200 --- xen/arch/x86/mm/p2m.c | 2 +- xen/drivers/passthrough/vtd/iommu.c | 98 +++++-------------------------------- xen/drivers/passthrough/x86/iommu.c | 95 ++++++++++++++++++++++++++++++++++- xen/include/asm-x86/iommu.h | 8 ++- xen/include/asm-x86/p2m.h | 35 +++++++++++-- 5 files changed, 147 insertions(+), 91 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 6ebc2d33de..41a74119f4 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -1341,7 +1341,7 @@ int set_identity_p2m_entry(struct domain *d, unsigned long gfn_l, if ( !has_iommu_pt(d) ) return 0; return iommu_legacy_map(d, _dfn(gfn_l), _mfn(gfn_l), PAGE_ORDER_4K, - IOMMUF_readable | IOMMUF_writable); + p2m_access_to_iommu_flags(p2ma)); } gfn_lock(p2m, gfn, 0); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 89e0cab531..ef33111fd0 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -42,12 +42,6 @@ #include "vtd.h" #include "../ats.h" -struct mapped_rmrr { - struct list_head list; - u64 base, end; - unsigned int count; -}; - /* Possible unfiltered LAPIC/MSI messages from untrusted sources? */ bool __read_mostly untrusted_msi; @@ -1787,16 +1781,11 @@ out: static void iommu_domain_teardown(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); - struct mapped_rmrr *mrmrr, *tmp; if ( list_empty(&acpi_drhd_units) ) return; - list_for_each_entry_safe ( mrmrr, tmp, &hd->arch.mapped_rmrrs, list ) - { - list_del(&mrmrr->list); - xfree(mrmrr); - } + iommu_identity_map_teardown(d); ASSERT(iommu_enabled); @@ -1955,74 +1944,6 @@ static void iommu_set_pgd(struct domain *d) pagetable_get_paddr(pagetable_from_mfn(pgd_mfn)); } -static int rmrr_identity_mapping(struct domain *d, bool_t map, - const struct acpi_rmrr_unit *rmrr, - u32 flag) -{ - unsigned long base_pfn = rmrr->base_address >> PAGE_SHIFT_4K; - unsigned long end_pfn = PAGE_ALIGN_4K(rmrr->end_address) >> PAGE_SHIFT_4K; - struct mapped_rmrr *mrmrr; - struct domain_iommu *hd = dom_iommu(d); - - ASSERT(pcidevs_locked()); - ASSERT(rmrr->base_address < rmrr->end_address); - - /* - * No need to acquire hd->arch.mapping_lock: Both insertion and removal - * get done while holding pcidevs_lock. - */ - list_for_each_entry( mrmrr, &hd->arch.mapped_rmrrs, list ) - { - if ( mrmrr->base == rmrr->base_address && - mrmrr->end == rmrr->end_address ) - { - int ret = 0; - - if ( map ) - { - ++mrmrr->count; - return 0; - } - - if ( --mrmrr->count ) - return 0; - - while ( base_pfn < end_pfn ) - { - if ( clear_identity_p2m_entry(d, base_pfn) ) - ret = -ENXIO; - base_pfn++; - } - - list_del(&mrmrr->list); - xfree(mrmrr); - return ret; - } - } - - if ( !map ) - return -ENOENT; - - while ( base_pfn < end_pfn ) - { - int err = set_identity_p2m_entry(d, base_pfn, p2m_access_rw, flag); - - if ( err ) - return err; - base_pfn++; - } - - mrmrr = xmalloc(struct mapped_rmrr); - if ( !mrmrr ) - return -ENOMEM; - mrmrr->base = rmrr->base_address; - mrmrr->end = rmrr->end_address; - mrmrr->count = 1; - list_add_tail(&mrmrr->list, &hd->arch.mapped_rmrrs); - - return 0; -} - static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) { struct acpi_rmrr_unit *rmrr; @@ -2054,7 +1975,9 @@ static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) * Since RMRRs are always reserved in the e820 map for the hardware * domain, there shouldn't be a conflict. */ - ret = rmrr_identity_mapping(pdev->domain, 1, rmrr, 0); + ret = iommu_identity_mapping(pdev->domain, p2m_access_rw, + rmrr->base_address, rmrr->end_address, + 0); if ( ret ) dprintk(XENLOG_ERR VTDPREFIX, "d%d: RMRR mapping failed\n", pdev->domain->domain_id); @@ -2099,7 +2022,8 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) * Any flag is nothing to clear these mappings but here * its always safe and strict to set 0. */ - rmrr_identity_mapping(pdev->domain, 0, rmrr, 0); + iommu_identity_mapping(pdev->domain, p2m_access_x, rmrr->base_address, + rmrr->end_address, 0); } return domain_context_unmap(pdev->domain, devfn, pdev); @@ -2266,7 +2190,8 @@ static void __hwdom_init setup_hwdom_rmrr(struct domain *d) * domain, there shouldn't be a conflict. So its always safe and * strict to set 0. */ - ret = rmrr_identity_mapping(d, 1, rmrr, 0); + ret = iommu_identity_mapping(d, p2m_access_rw, rmrr->base_address, + rmrr->end_address, 0); if ( ret ) dprintk(XENLOG_ERR VTDPREFIX, "IOMMU: mapping reserved region failed\n"); @@ -2425,7 +2350,9 @@ static int reassign_device_ownership( * Any RMRR flag is always ignored when remove a device, * but its always safe and strict to set 0. */ - ret = rmrr_identity_mapping(source, 0, rmrr, 0); + ret = iommu_identity_mapping(source, p2m_access_x, + rmrr->base_address, + rmrr->end_address, 0); if ( ret != -ENOENT ) return ret; } @@ -2522,7 +2449,8 @@ static int intel_iommu_assign_device( PCI_BUS(bdf) == bus && PCI_DEVFN2(bdf) == devfn ) { - ret = rmrr_identity_mapping(d, 1, rmrr, flag); + ret = iommu_identity_mapping(d, p2m_access_rw, rmrr->base_address, + rmrr->end_address, flag); if ( ret ) { int rc; diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index bd6529d419..519353f81a 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -150,7 +150,7 @@ int arch_iommu_domain_init(struct domain *d) struct domain_iommu *hd = dom_iommu(d); spin_lock_init(&hd->arch.mapping_lock); - INIT_LIST_HEAD(&hd->arch.mapped_rmrrs); + INIT_LIST_HEAD(&hd->arch.identity_maps); return 0; } @@ -159,6 +159,99 @@ void arch_iommu_domain_destroy(struct domain *d) { } +struct identity_map { + struct list_head list; + paddr_t base, end; + p2m_access_t access; + unsigned int count; +}; + +int iommu_identity_mapping(struct domain *d, p2m_access_t p2ma, + paddr_t base, paddr_t end, + unsigned int flag) +{ + unsigned long base_pfn = base >> PAGE_SHIFT_4K; + unsigned long end_pfn = PAGE_ALIGN_4K(end) >> PAGE_SHIFT_4K; + struct identity_map *map; + struct domain_iommu *hd = dom_iommu(d); + + ASSERT(pcidevs_locked()); + ASSERT(base < end); + + /* + * No need to acquire hd->arch.mapping_lock: Both insertion and removal + * get done while holding pcidevs_lock. + */ + list_for_each_entry( map, &hd->arch.identity_maps, list ) + { + if ( map->base == base && map->end == end ) + { + int ret = 0; + + if ( p2ma != p2m_access_x ) + { + if ( map->access != p2ma ) + return -EADDRINUSE; + ++map->count; + return 0; + } + + if ( --map->count ) + return 0; + + while ( base_pfn < end_pfn ) + { + if ( clear_identity_p2m_entry(d, base_pfn) ) + ret = -ENXIO; + base_pfn++; + } + + list_del(&map->list); + xfree(map); + + return ret; + } + + if ( end >= map->base && map->end >= base ) + return -EADDRINUSE; + } + + if ( p2ma == p2m_access_x ) + return -ENOENT; + + while ( base_pfn < end_pfn ) + { + int err = set_identity_p2m_entry(d, base_pfn, p2ma, flag); + + if ( err ) + return err; + base_pfn++; + } + + map = xmalloc(struct identity_map); + if ( !map ) + return -ENOMEM; + map->base = base; + map->end = end; + map->access = p2ma; + map->count = 1; + list_add_tail(&map->list, &hd->arch.identity_maps); + + return 0; +} + +void iommu_identity_map_teardown(struct domain *d) +{ + struct domain_iommu *hd = dom_iommu(d); + struct identity_map *map, *tmp; + + list_for_each_entry_safe ( map, tmp, &hd->arch.identity_maps, list ) + { + list_del(&map->list); + xfree(map); + } +} + static bool __hwdom_init hwdom_iommu_map(const struct domain *d, unsigned long pfn, unsigned long max_pfn) diff --git a/xen/include/asm-x86/iommu.h b/xen/include/asm-x86/iommu.h index fc51508e9d..b8d2951b12 100644 --- a/xen/include/asm-x86/iommu.h +++ b/xen/include/asm-x86/iommu.h @@ -16,6 +16,7 @@ #include #include +#include #include #include #include @@ -48,7 +49,7 @@ struct arch_iommu spinlock_t mapping_lock; /* io page table lock */ int agaw; /* adjusted guest address width, 0 is level 2 30-bit */ u64 iommu_bitmap; /* bitmap of iommu(s) that the domain uses */ - struct list_head mapped_rmrrs; + struct list_head identity_maps; /* amd iommu support */ int paging_mode; @@ -94,6 +95,11 @@ bool_t iommu_supports_eim(void); int iommu_enable_x2apic_IR(void); void iommu_disable_x2apic_IR(void); +int iommu_identity_mapping(struct domain *d, p2m_access_t p2ma, + paddr_t base, paddr_t end, + unsigned int flag); +void iommu_identity_map_teardown(struct domain *d); + extern bool untrusted_msi; int pi_update_irte(const struct pi_desc *pi_desc, const struct pirq *pirq, diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index 814b1eb125..cb6a07d296 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -896,6 +896,34 @@ struct p2m_domain *p2m_get_altp2m(struct vcpu *v); static inline void p2m_altp2m_check(struct vcpu *v, uint16_t idx) {} #endif +/* p2m access to IOMMU flags */ +static inline unsigned int p2m_access_to_iommu_flags(p2m_access_t p2ma) +{ + switch ( p2ma ) + { + case p2m_access_rw: + case p2m_access_rwx: + return IOMMUF_readable | IOMMUF_writable; + + case p2m_access_r: + case p2m_access_rx: + case p2m_access_rx2rw: + return IOMMUF_readable; + + case p2m_access_w: + case p2m_access_wx: + return IOMMUF_writable; + + case p2m_access_n: + case p2m_access_x: + case p2m_access_n2rwx: + return 0; + } + + ASSERT_UNREACHABLE(); + return 0; +} + /* * p2m type to IOMMU flags */ @@ -917,9 +945,10 @@ static inline unsigned int p2m_get_iommu_flags(p2m_type_t p2mt, flags = IOMMUF_readable; break; case p2m_mmio_direct: - flags = IOMMUF_readable; - if ( !rangeset_contains_singleton(mmio_ro_ranges, mfn_x(mfn)) ) - flags |= IOMMUF_writable; + flags = p2m_access_to_iommu_flags(p2ma); + if ( (flags & IOMMUF_writable) && + rangeset_contains_singleton(mmio_ro_ranges, mfn_x(mfn)) ) + flags &= ~IOMMUF_writable; break; default: flags = 0; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.12 From xen-changelog-bounces@lists.xenproject.org Thu Aug 26 19:23:54 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 26 Aug 2021 19:23:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.173179.315993 (Exim 4.92) (envelope-from ) id 1mJKyg-00029q-TX; Thu, 26 Aug 2021 19:23:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 173179.315993; Thu, 26 Aug 2021 19:23:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKyg-00029i-Qf; Thu, 26 Aug 2021 19:23:54 +0000 Received: by outflank-mailman (input) for mailman id 173179; Thu, 26 Aug 2021 19:23:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKyf-00029S-NI for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:23:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKyf-0004K7-MX for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:23:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mJKyf-0002PV-LT for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:23:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=3yrRd1gRXwSGYdXXXMMXNdffHCPwHC6weVYdkARJeOY=; b=xbGeWTXHnTLuZF9PSzwOssbZPs njXKAqWI7dbPpHu0pBYGT1E7X2iwe0OXT1rBTGnRJ5WGUJOWLvFXApCRIItvXIp9sazmaw0wwkAOa CzHgBUPXCSHhtQJds/UVspJRUL8sKNefhZm4M9f/GJFtdVCZY0mV4E0mZSJGyZ6yRN8M=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.12] AMD/IOMMU: re-arrange/complete re-assignment handling Message-Id: Date: Thu, 26 Aug 2021 19:23:53 +0000 commit 52ee570d15cd949472c9e7e2832f39d24254208d Author: Jan Beulich AuthorDate: Wed Aug 25 15:48:59 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:48:59 2021 +0200 AMD/IOMMU: re-arrange/complete re-assignment handling Prior to the assignment step having completed successfully, devices should not get associated with their new owner. Hand the device to DomIO (perhaps temporarily), until after the de-assignment step has completed. De-assignment of a device (from other than Dom0) as well as failure of reassign_device() during assignment should result in unity mappings getting torn down. This in turn requires switching to a refcounted mapping approach, as was already used by VT-d for its RMRRs, to prevent unmapping a region used by multiple devices. This is CVE-2021-28696 / part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: 899272539cbe1acda736a850015416fff653a1b6 master date: 2021-08-25 14:16:26 +0200 --- xen/drivers/passthrough/amd/iommu_map.c | 63 ++++++++++++++++----------- xen/drivers/passthrough/amd/pci_amd_iommu.c | 54 ++++++++++++++++++----- xen/include/asm-x86/hvm/svm/amd-iommu-proto.h | 6 ++- 3 files changed, 83 insertions(+), 40 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index da7ca7a41e..a5492da9fb 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -613,38 +613,49 @@ int amd_iommu_flush_iotlb_all(struct domain *d) return 0; } -int amd_iommu_reserve_domain_unity_map(struct domain *domain, - paddr_t phys_addr, - unsigned long size, int iw, int ir) +int amd_iommu_reserve_domain_unity_map(struct domain *d, + const struct ivrs_unity_map *map, + unsigned int flag) { - unsigned long npages, i; - unsigned long gfn; - unsigned int flags = !!ir; - unsigned int flush_flags = 0; - int rt = 0; - - if ( iw ) - flags |= IOMMUF_writable; - - npages = region_to_pages(phys_addr, size); - gfn = phys_addr >> PAGE_SHIFT; - for ( i = 0; i < npages; i++ ) + int rc; + + if ( d == dom_io ) + return 0; + + for ( rc = 0; !rc && map; map = map->next ) { - unsigned long frame = gfn + i; + p2m_access_t p2ma = p2m_access_n; - rt = amd_iommu_map_page(domain, _dfn(frame), _mfn(frame), flags, - &flush_flags); - if ( rt != 0 ) - break; + if ( map->read ) + p2ma |= p2m_access_r; + if ( map->write ) + p2ma |= p2m_access_w; + + rc = iommu_identity_mapping(d, p2ma, map->addr, + map->addr + map->length - 1, flag); } - /* Use while-break to avoid compiler warning */ - while ( flush_flags && - amd_iommu_flush_iotlb_pages(domain, _dfn(gfn), - npages, flush_flags) ) - break; + return rc; +} + +int amd_iommu_reserve_domain_unity_unmap(struct domain *d, + const struct ivrs_unity_map *map) +{ + int rc; + + if ( d == dom_io ) + return 0; + + for ( rc = 0; map; map = map->next ) + { + int ret = iommu_identity_mapping(d, p2m_access_x, map->addr, + map->addr + map->length - 1, 0); + + if ( ret && ret != -ENOENT && !rc ) + rc = ret; + } - return rt; + return rc; } /* Share p2m table with iommu. */ diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 2aab4bc16e..2f8ff9dc80 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -307,6 +307,7 @@ static int reassign_device(struct domain *source, struct domain *target, struct amd_iommu *iommu; int bdf, rc; struct domain_iommu *t = dom_iommu(target); + const struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); bdf = PCI_BDF2(pdev->bus, pdev->devfn); iommu = find_iommu_for_device(pdev->seg, bdf); @@ -321,10 +322,24 @@ static int reassign_device(struct domain *source, struct domain *target, amd_iommu_disable_domain_device(source, iommu, devfn, pdev); - if ( devfn == pdev->devfn ) + /* + * If the device belongs to the hardware domain, and it has a unity mapping, + * don't remove it from the hardware domain, because BIOS may reference that + * mapping. + */ + if ( !is_hardware_domain(source) ) { - list_move(&pdev->domain_list, &target->arch.pdev_list); - pdev->domain = target; + rc = amd_iommu_reserve_domain_unity_unmap( + source, + ivrs_mappings[get_dma_requestor_id(pdev->seg, bdf)].unity_map); + if ( rc ) + return rc; + } + + if ( devfn == pdev->devfn && pdev->domain != dom_io ) + { + list_move(&pdev->domain_list, &dom_io->arch.pdev_list); + pdev->domain = dom_io; } rc = allocate_domain_resources(t); @@ -336,6 +351,12 @@ static int reassign_device(struct domain *source, struct domain *target, pdev->seg, pdev->bus, PCI_SLOT(devfn), PCI_FUNC(devfn), source->domain_id, target->domain_id); + if ( devfn == pdev->devfn && pdev->domain != target ) + { + list_move(&pdev->domain_list, &target->arch.pdev_list); + pdev->domain = target; + } + return 0; } @@ -346,20 +367,28 @@ static int amd_iommu_assign_device(struct domain *d, u8 devfn, struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); int bdf = PCI_BDF2(pdev->bus, devfn); int req_id = get_dma_requestor_id(pdev->seg, bdf); - const struct ivrs_unity_map *unity_map; + int rc = amd_iommu_reserve_domain_unity_map( + d, ivrs_mappings[req_id].unity_map, flag); + + if ( !rc ) + rc = reassign_device(pdev->domain, d, devfn, pdev); - for ( unity_map = ivrs_mappings[req_id].unity_map; unity_map; - unity_map = unity_map->next ) + if ( rc && !is_hardware_domain(d) ) { - int rc = amd_iommu_reserve_domain_unity_map( - d, unity_map->addr, unity_map->length, - unity_map->write, unity_map->read); + int ret = amd_iommu_reserve_domain_unity_unmap( + d, ivrs_mappings[req_id].unity_map); - if ( rc ) - return rc; + if ( ret ) + { + printk(XENLOG_ERR "AMD-Vi: " + "unity-unmap for %pd/%04x:%02x:%02x.%u failed (%d)\n", + d, pdev->seg, pdev->bus, + PCI_SLOT(devfn), PCI_FUNC(devfn), ret); + domain_crash(d); + } } - return reassign_device(pdev->domain, d, devfn, pdev); + return rc; } static void deallocate_next_page_table(struct page_info *pg, int level) @@ -425,6 +454,7 @@ static void deallocate_iommu_page_tables(struct domain *d) static void amd_iommu_domain_destroy(struct domain *d) { + iommu_identity_map_teardown(d); deallocate_iommu_page_tables(d); amd_iommu_flush_all_pages(d); } diff --git a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h index 53189806bb..f2e0cf8acf 100644 --- a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h +++ b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h @@ -62,8 +62,10 @@ int __must_check amd_iommu_unmap_page(struct domain *d, dfn_t dfn, uint64_t amd_iommu_get_address_from_pte(void *entry); int __must_check amd_iommu_alloc_root(struct domain_iommu *hd); int amd_iommu_reserve_domain_unity_map(struct domain *domain, - paddr_t phys_addr, unsigned long size, - int iw, int ir); + const struct ivrs_unity_map *map, + unsigned int flag); +int amd_iommu_reserve_domain_unity_unmap(struct domain *d, + const struct ivrs_unity_map *map); int __must_check amd_iommu_flush_iotlb_pages(struct domain *d, dfn_t dfn, unsigned int page_count, unsigned int flush_flags); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.12 From xen-changelog-bounces@lists.xenproject.org Thu Aug 26 19:24:04 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 26 Aug 2021 19:24:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.173180.315997 (Exim 4.92) (envelope-from ) id 1mJKyq-0002Ca-V9; Thu, 26 Aug 2021 19:24:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 173180.315997; Thu, 26 Aug 2021 19:24:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKyq-0002CS-SI; Thu, 26 Aug 2021 19:24:04 +0000 Received: by outflank-mailman (input) for mailman id 173180; Thu, 26 Aug 2021 19:24:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKyp-0002CH-Se for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:24:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKyp-0004Ka-Ri for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:24:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mJKyp-0002RR-QW for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:24:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=d3LwFsOV6b0qe4X6bL72qg51/YZFLHDi/bpeJdvjZB8=; b=SsU/d6sqj8k9WvyVMLuaUTdXEZ GIRmr2uhJYeg3tXzcBJF51ysd2lXhxGlwe0BpkhQdIvAei/TYwrgGhJ8Xvm7uLZ2Vxy4OJDc74+zY cUsOwej66Lgxq6uyoIf7igagrgwxDhRK+daKjk16DCW2yvexY4Q1lGN65Aaxfb1FwzQ4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.12] AMD/IOMMU: re-arrange exclusion range and unity map recording Message-Id: Date: Thu, 26 Aug 2021 19:24:03 +0000 commit 22bd06cb6ce14824cc47a2069d86fd3a2ceeea1b Author: Jan Beulich AuthorDate: Wed Aug 25 15:49:16 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:49:16 2021 +0200 AMD/IOMMU: re-arrange exclusion range and unity map recording The spec makes no provisions for OS behavior here to depend on the amount of RAM found on the system. While the spec may not sufficiently clearly distinguish both kinds of regions, they are surely meant to be separate things: Only regions with ACPI_IVMD_EXCLUSION_RANGE set should be candidates for putting in the exclusion range registers. (As there's only a single such pair of registers per IOMMU, secondary non-adjacent regions with the flag set already get converted to unity mapped regions.) First of all, drop the dependency on max_page. With commit b4f042236ae0 ("AMD/IOMMU: Cease using a dynamic height for the IOMMU pagetables") the use of it here was stale anyway; it was bogus already before, as it didn't account for max_page getting increased later on. Simply try an exclusion range registration first, and if it fails (for being unsuitable or non-mergeable), register a unity mapping range. With this various local variables become unnecessary and hence get dropped at the same time. With the max_page boundary dropped for using unity maps, the minimum page table tree height now needs both recording and enforcing in amd_iommu_domain_init(). Since we can't predict which devices may get assigned to a domain, our only option is to uniformly force at least that height for all domains, now that the height isn't dynamic anymore. Further don't make use of the exclusion range unless ACPI data says so. Note that exclusion range registration in register_range_for_all_devices() is on a best effort basis. Hence unity map entries also registered are redundant when the former succeeded, but they also do no harm. Improvements in this area can be done later imo. Also adjust types where suitable without touching extra lines. This is part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: 8ea80530cd0dbb8ffa7ac92606a3ee29663fdc93 master date: 2021-08-25 14:16:46 +0200 --- xen/drivers/passthrough/amd/iommu_acpi.c | 184 +++++++++++--------------- xen/drivers/passthrough/amd/pci_amd_iommu.c | 12 +- xen/include/asm-x86/hvm/svm/amd-iommu-proto.h | 2 + 3 files changed, 90 insertions(+), 108 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c b/xen/drivers/passthrough/amd/iommu_acpi.c index a477877f32..dc940a8c8c 100644 --- a/xen/drivers/passthrough/amd/iommu_acpi.c +++ b/xen/drivers/passthrough/amd/iommu_acpi.c @@ -99,12 +99,8 @@ static struct amd_iommu * __init find_iommu_from_bdf_cap( } static int __init reserve_iommu_exclusion_range( - struct amd_iommu *iommu, uint64_t base, uint64_t limit, - bool all, bool iw, bool ir) + struct amd_iommu *iommu, paddr_t base, paddr_t limit, bool all) { - if ( !ir || !iw ) - return -EPERM; - /* need to extend exclusion range? */ if ( iommu->exclusion_enable ) { @@ -133,14 +129,18 @@ static int __init reserve_unity_map_for_device( { struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(seg); struct ivrs_unity_map *unity_map = ivrs_mappings[bdf].unity_map; + int paging_mode = amd_iommu_get_paging_mode(PFN_UP(base + length)); + + if ( paging_mode < 0 ) + return paging_mode; /* Check for overlaps. */ for ( ; unity_map; unity_map = unity_map->next ) { /* * Exact matches are okay. This can in particular happen when - * register_exclusion_range_for_device() calls here twice for the - * same (s,b,d,f). + * register_range_for_device() calls here twice for the same + * (s,b,d,f). */ if ( base == unity_map->addr && length == unity_map->length && ir == unity_map->read && iw == unity_map->write ) @@ -168,55 +168,52 @@ static int __init reserve_unity_map_for_device( unity_map->next = ivrs_mappings[bdf].unity_map; ivrs_mappings[bdf].unity_map = unity_map; + if ( paging_mode > amd_iommu_min_paging_mode ) + amd_iommu_min_paging_mode = paging_mode; + return 0; } -static int __init register_exclusion_range_for_all_devices( - unsigned long base, unsigned long limit, u8 iw, u8 ir) +static int __init register_range_for_all_devices( + paddr_t base, paddr_t limit, bool iw, bool ir, bool exclusion) { int seg = 0; /* XXX */ - unsigned long range_top, iommu_top, length; struct amd_iommu *iommu; - unsigned int bdf; int rc = 0; /* is part of exclusion range inside of IOMMU virtual address space? */ /* note: 'limit' parameter is assumed to be page-aligned */ - range_top = limit + PAGE_SIZE; - iommu_top = max_page * PAGE_SIZE; - if ( base < iommu_top ) - { - if ( range_top > iommu_top ) - range_top = iommu_top; - length = range_top - base; - /* reserve r/w unity-mapped page entries for devices */ - /* note: these entries are part of the exclusion range */ - for ( bdf = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) - rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); - /* push 'base' just outside of virtual address space */ - base = iommu_top; - } - /* register IOMMU exclusion range settings */ - if ( !rc && limit >= iommu_top ) + if ( exclusion ) { for_each_amd_iommu( iommu ) { - rc = reserve_iommu_exclusion_range(iommu, base, limit, - true /* all */, iw, ir); - if ( rc ) - break; + int ret = reserve_iommu_exclusion_range(iommu, base, limit, + true /* all */); + + if ( ret && !rc ) + rc = ret; } } + if ( !exclusion || rc ) + { + paddr_t length = limit + PAGE_SIZE - base; + unsigned int bdf; + + /* reserve r/w unity-mapped page entries for devices */ + for ( bdf = rc = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) + rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); + } + return rc; } -static int __init register_exclusion_range_for_device( - u16 bdf, unsigned long base, unsigned long limit, u8 iw, u8 ir) +static int __init register_range_for_device( + unsigned int bdf, paddr_t base, paddr_t limit, + bool iw, bool ir, bool exclusion) { int seg = 0; /* XXX */ struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(seg); - unsigned long range_top, iommu_top, length; struct amd_iommu *iommu; u16 req; int rc = 0; @@ -230,27 +227,19 @@ static int __init register_exclusion_range_for_device( req = ivrs_mappings[bdf].dte_requestor_id; /* note: 'limit' parameter is assumed to be page-aligned */ - range_top = limit + PAGE_SIZE; - iommu_top = max_page * PAGE_SIZE; - if ( base < iommu_top ) + if ( exclusion ) + rc = reserve_iommu_exclusion_range(iommu, base, limit, + false /* all */); + if ( !exclusion || rc ) { - if ( range_top > iommu_top ) - range_top = iommu_top; - length = range_top - base; + paddr_t length = limit + PAGE_SIZE - base; + /* reserve unity-mapped page entries for device */ - /* note: these entries are part of the exclusion range */ rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir) ?: reserve_unity_map_for_device(seg, req, base, length, iw, ir); - - /* push 'base' just outside of virtual address space */ - base = iommu_top; } - - /* register IOMMU exclusion range settings for device */ - if ( !rc && limit >= iommu_top ) + else { - rc = reserve_iommu_exclusion_range(iommu, base, limit, - false /* all */, iw, ir); ivrs_mappings[bdf].dte_allow_exclusion = IOMMU_CONTROL_ENABLED; ivrs_mappings[req].dte_allow_exclusion = IOMMU_CONTROL_ENABLED; } @@ -258,53 +247,42 @@ static int __init register_exclusion_range_for_device( return rc; } -static int __init register_exclusion_range_for_iommu_devices( - struct amd_iommu *iommu, - unsigned long base, unsigned long limit, u8 iw, u8 ir) +static int __init register_range_for_iommu_devices( + struct amd_iommu *iommu, paddr_t base, paddr_t limit, + bool iw, bool ir, bool exclusion) { - unsigned long range_top, iommu_top, length; + /* note: 'limit' parameter is assumed to be page-aligned */ + paddr_t length = limit + PAGE_SIZE - base; unsigned int bdf; u16 req; - int rc = 0; + int rc; - /* is part of exclusion range inside of IOMMU virtual address space? */ - /* note: 'limit' parameter is assumed to be page-aligned */ - range_top = limit + PAGE_SIZE; - iommu_top = max_page * PAGE_SIZE; - if ( base < iommu_top ) + if ( exclusion ) { - if ( range_top > iommu_top ) - range_top = iommu_top; - length = range_top - base; - /* reserve r/w unity-mapped page entries for devices */ - /* note: these entries are part of the exclusion range */ - for ( bdf = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) - { - if ( iommu == find_iommu_for_device(iommu->seg, bdf) ) - { - req = get_ivrs_mappings(iommu->seg)[bdf].dte_requestor_id; - rc = reserve_unity_map_for_device(iommu->seg, bdf, base, length, - iw, ir) ?: - reserve_unity_map_for_device(iommu->seg, req, base, length, - iw, ir); - } - } - - /* push 'base' just outside of virtual address space */ - base = iommu_top; + rc = reserve_iommu_exclusion_range(iommu, base, limit, true /* all */); + if ( !rc ) + return 0; } - /* register IOMMU exclusion range settings */ - if ( !rc && limit >= iommu_top ) - rc = reserve_iommu_exclusion_range(iommu, base, limit, - true /* all */, iw, ir); + /* reserve unity-mapped page entries for devices */ + for ( bdf = rc = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) + { + if ( iommu != find_iommu_for_device(iommu->seg, bdf) ) + continue; + + req = get_ivrs_mappings(iommu->seg)[bdf].dte_requestor_id; + rc = reserve_unity_map_for_device(iommu->seg, bdf, base, length, + iw, ir) ?: + reserve_unity_map_for_device(iommu->seg, req, base, length, + iw, ir); + } return rc; } static int __init parse_ivmd_device_select( const struct acpi_ivrs_memory *ivmd_block, - unsigned long base, unsigned long limit, u8 iw, u8 ir) + paddr_t base, paddr_t limit, bool iw, bool ir, bool exclusion) { u16 bdf; @@ -315,12 +293,12 @@ static int __init parse_ivmd_device_select( return -ENODEV; } - return register_exclusion_range_for_device(bdf, base, limit, iw, ir); + return register_range_for_device(bdf, base, limit, iw, ir, exclusion); } static int __init parse_ivmd_device_range( const struct acpi_ivrs_memory *ivmd_block, - unsigned long base, unsigned long limit, u8 iw, u8 ir) + paddr_t base, paddr_t limit, bool iw, bool ir, bool exclusion) { unsigned int first_bdf, last_bdf, bdf; int error; @@ -342,15 +320,15 @@ static int __init parse_ivmd_device_range( } for ( bdf = first_bdf, error = 0; (bdf <= last_bdf) && !error; bdf++ ) - error = register_exclusion_range_for_device( - bdf, base, limit, iw, ir); + error = register_range_for_device( + bdf, base, limit, iw, ir, exclusion); return error; } static int __init parse_ivmd_device_iommu( const struct acpi_ivrs_memory *ivmd_block, - unsigned long base, unsigned long limit, u8 iw, u8 ir) + paddr_t base, paddr_t limit, bool iw, bool ir, bool exclusion) { int seg = 0; /* XXX */ struct amd_iommu *iommu; @@ -365,14 +343,14 @@ static int __init parse_ivmd_device_iommu( return -ENODEV; } - return register_exclusion_range_for_iommu_devices( - iommu, base, limit, iw, ir); + return register_range_for_iommu_devices( + iommu, base, limit, iw, ir, exclusion); } static int __init parse_ivmd_block(const struct acpi_ivrs_memory *ivmd_block) { unsigned long start_addr, mem_length, base, limit; - u8 iw, ir; + bool iw = true, ir = true, exclusion = false; if ( ivmd_block->header.length < sizeof(*ivmd_block) ) { @@ -389,13 +367,11 @@ static int __init parse_ivmd_block(const struct acpi_ivrs_memory *ivmd_block) ivmd_block->header.type, start_addr, mem_length); if ( ivmd_block->header.flags & ACPI_IVMD_EXCLUSION_RANGE ) - iw = ir = IOMMU_CONTROL_ENABLED; + exclusion = true; else if ( ivmd_block->header.flags & ACPI_IVMD_UNITY ) { - iw = ivmd_block->header.flags & ACPI_IVMD_READ ? - IOMMU_CONTROL_ENABLED : IOMMU_CONTROL_DISABLED; - ir = ivmd_block->header.flags & ACPI_IVMD_WRITE ? - IOMMU_CONTROL_ENABLED : IOMMU_CONTROL_DISABLED; + iw = ivmd_block->header.flags & ACPI_IVMD_READ; + ir = ivmd_block->header.flags & ACPI_IVMD_WRITE; } else { @@ -406,20 +382,20 @@ static int __init parse_ivmd_block(const struct acpi_ivrs_memory *ivmd_block) switch( ivmd_block->header.type ) { case ACPI_IVRS_TYPE_MEMORY_ALL: - return register_exclusion_range_for_all_devices( - base, limit, iw, ir); + return register_range_for_all_devices( + base, limit, iw, ir, exclusion); case ACPI_IVRS_TYPE_MEMORY_ONE: - return parse_ivmd_device_select(ivmd_block, - base, limit, iw, ir); + return parse_ivmd_device_select(ivmd_block, base, limit, + iw, ir, exclusion); case ACPI_IVRS_TYPE_MEMORY_RANGE: - return parse_ivmd_device_range(ivmd_block, - base, limit, iw, ir); + return parse_ivmd_device_range(ivmd_block, base, limit, + iw, ir, exclusion); case ACPI_IVRS_TYPE_MEMORY_IOMMU: - return parse_ivmd_device_iommu(ivmd_block, - base, limit, iw, ir); + return parse_ivmd_device_iommu(ivmd_block, base, limit, + iw, ir, exclusion); default: AMD_IOMMU_DEBUG("IVMD Error: Invalid Block Type!\n"); diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 2f8ff9dc80..e9153a5271 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -222,6 +222,8 @@ static int __must_check allocate_domain_resources(struct domain_iommu *hd) return rc; } +int __read_mostly amd_iommu_min_paging_mode = 1; + static int amd_iommu_domain_init(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); @@ -233,11 +235,13 @@ static int amd_iommu_domain_init(struct domain *d) * - HVM could in principle use 3 or 4 depending on how much guest * physical address space we give it, but this isn't known yet so use 4 * unilaterally. + * - Unity maps may require an even higher number. */ - hd->arch.paging_mode = amd_iommu_get_paging_mode( - is_hvm_domain(d) - ? 1ul << (DEFAULT_DOMAIN_ADDRESS_WIDTH - PAGE_SHIFT) - : get_upper_mfn_bound() + 1); + hd->arch.paging_mode = max(amd_iommu_get_paging_mode( + is_hvm_domain(d) + ? 1ul << (DEFAULT_DOMAIN_ADDRESS_WIDTH - PAGE_SHIFT) + : get_upper_mfn_bound() + 1), + amd_iommu_min_paging_mode); return 0; } diff --git a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h index f2e0cf8acf..6c83810fc3 100644 --- a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h +++ b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h @@ -132,6 +132,8 @@ extern struct hpet_sbdf { } init; } hpet_sbdf; +extern int amd_iommu_min_paging_mode; + extern void *shared_intremap_table; extern unsigned long *shared_intremap_inuse; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.12 From xen-changelog-bounces@lists.xenproject.org Thu Aug 26 19:24:16 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 26 Aug 2021 19:24:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.173181.316001 (Exim 4.92) (envelope-from ) id 1mJKz2-0002FR-0e; Thu, 26 Aug 2021 19:24:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 173181.316001; Thu, 26 Aug 2021 19:24:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKz1-0002FK-Tr; Thu, 26 Aug 2021 19:24:15 +0000 Received: by outflank-mailman (input) for mailman id 173181; Thu, 26 Aug 2021 19:24:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKz0-0002Eu-0N for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:24:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKyz-0004Kl-Vv for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:24:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mJKyz-0002Ss-V8 for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:24:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=VCWwltFzjFirc6iOmjhXnBEf3RqFwRQ/9BZpgfAlWWA=; b=DRsQTjchz7zGajoPSibK+mBADS zENCbpuKRw7uNB3sbAFTnu4QDQxmrP3rdQ7uZLqyJAF6ZelccVWczJuNa20w+kMPAlZ/Q8Iqhq40u gEPmcGg9A8vCsYFp1ddShLWOq+2xk2dCLaNZhwtcctIMf1lBy4wfpy3Q4B3cptq+yxeQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.12] x86/p2m: introduce p2m_is_special() Message-Id: Date: Thu, 26 Aug 2021 19:24:13 +0000 commit b2f52a0175c70b9445fdf5d839af799c76876f88 Author: Jan Beulich AuthorDate: Wed Aug 25 15:49:33 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:49:33 2021 +0200 x86/p2m: introduce p2m_is_special() Seeing the similarity of grant, foreign, and (subsequently) direct-MMIO handling, introduce a new P2M type group named "special" (as in "needing special accessors to create/destroy"). Also use -EPERM instead of other error codes on the two domain_crash() paths touched. This is part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: 0bf755e2c856628e11e93c76c3e12974e9964638 master date: 2021-08-25 14:17:07 +0200 --- xen/arch/x86/mm/p2m.c | 15 +++++++-------- xen/include/asm-x86/p2m.h | 5 +++++ 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 41a74119f4..9bd6a5ad0b 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -806,7 +806,7 @@ p2m_remove_page(struct p2m_domain *p2m, unsigned long gfn_l, unsigned long mfn, for ( i = 0; i < (1UL << page_order); i++ ) { p2m->get_entry(p2m, gfn_add(gfn, i), &t, &a, 0, NULL, NULL); - if ( !p2m_is_grant(t) && !p2m_is_shared(t) && !p2m_is_foreign(t) ) + if ( !p2m_is_special(t) && !p2m_is_shared(t) ) set_gpfn_from_mfn(mfn+i, INVALID_M2P_ENTRY); } } @@ -917,13 +917,13 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, &ot, &a, 0, NULL, NULL); ASSERT(!p2m_is_shared(ot)); } - if ( p2m_is_grant(ot) || p2m_is_foreign(ot) ) + if ( p2m_is_special(ot) ) { - /* Really shouldn't be unmapping grant/foreign maps this way */ + /* Don't permit unmapping grant/foreign this way. */ domain_crash(d); p2m_unlock(p2m); - return -EINVAL; + return -EPERM; } else if ( p2m_is_ram(ot) && !p2m_is_paged(ot) ) { @@ -1018,8 +1018,7 @@ int p2m_change_type_one(struct domain *d, unsigned long gfn_l, struct p2m_domain *p2m = p2m_get_hostp2m(d); int rc; - BUG_ON(p2m_is_grant(ot) || p2m_is_grant(nt)); - BUG_ON(p2m_is_foreign(ot) || p2m_is_foreign(nt)); + BUG_ON(p2m_is_special(ot) || p2m_is_special(nt)); gfn_lock(p2m, gfn, 0); @@ -1272,11 +1271,11 @@ static int set_typed_p2m_entry(struct domain *d, unsigned long gfn_l, gfn_unlock(p2m, gfn, order); return cur_order + 1; } - if ( p2m_is_grant(ot) || p2m_is_foreign(ot) ) + if ( p2m_is_special(ot) ) { gfn_unlock(p2m, gfn, order); domain_crash(d); - return -ENOENT; + return -EPERM; } else if ( p2m_is_ram(ot) ) { diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index cb6a07d296..57deff6a64 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -141,6 +141,10 @@ typedef unsigned int p2m_query_t; | p2m_to_mask(p2m_ram_logdirty) ) #define P2M_SHARED_TYPES (p2m_to_mask(p2m_ram_shared)) +/* Types established/cleaned up via special accessors. */ +#define P2M_SPECIAL_TYPES (P2M_GRANT_TYPES | \ + p2m_to_mask(p2m_map_foreign)) + /* Valid types not necessarily associated with a (valid) MFN. */ #define P2M_INVALID_MFN_TYPES (P2M_POD_TYPES \ | p2m_to_mask(p2m_mmio_direct) \ @@ -169,6 +173,7 @@ typedef unsigned int p2m_query_t; #define p2m_is_paged(_t) (p2m_to_mask(_t) & P2M_PAGED_TYPES) #define p2m_is_sharable(_t) (p2m_to_mask(_t) & P2M_SHARABLE_TYPES) #define p2m_is_shared(_t) (p2m_to_mask(_t) & P2M_SHARED_TYPES) +#define p2m_is_special(_t) (p2m_to_mask(_t) & P2M_SPECIAL_TYPES) #define p2m_is_broken(_t) (p2m_to_mask(_t) & P2M_BROKEN_TYPES) #define p2m_is_foreign(_t) (p2m_to_mask(_t) & p2m_to_mask(p2m_map_foreign)) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.12 From xen-changelog-bounces@lists.xenproject.org Thu Aug 26 19:24:26 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 26 Aug 2021 19:24:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.173183.316004 (Exim 4.92) (envelope-from ) id 1mJKzC-0002Ig-3c; Thu, 26 Aug 2021 19:24:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 173183.316004; Thu, 26 Aug 2021 19:24:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKzC-0002IY-0k; Thu, 26 Aug 2021 19:24:26 +0000 Received: by outflank-mailman (input) for mailman id 173183; Thu, 26 Aug 2021 19:24:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKzA-0002IJ-4c for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:24:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKzA-0004Ku-3u for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:24:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mJKzA-0002UF-32 for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:24:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=bZZzYvinUksSTQ+lXgqopaDel9km7FB+SQau2HhHN7c=; b=gFmXJMbFKR5C7Gljy5h4npRQC+ LVhwXBo+15ynp2eZLupGmt/kDMusMALAAbe8R0xyn+rRXxKIW+qZMjtPqMp/Mauzt5IjjorCMFObg v754xswnXcTc872TpTT/dN4z40TwuEKz0fiwxL8GwVmUrAJsRY7G+0HJ52bbLaAS6KmY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.12] x86/p2m: guard (in particular) identity mapping entries Message-Id: Date: Thu, 26 Aug 2021 19:24:24 +0000 commit 4e5bf7ebbfd0bb4fc57466f8eebfb90047a3e277 Author: Jan Beulich AuthorDate: Wed Aug 25 15:49:58 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:49:58 2021 +0200 x86/p2m: guard (in particular) identity mapping entries Such entries, created by set_identity_p2m_entry(), should only be destroyed by clear_identity_p2m_entry(). However, similarly, entries created by set_mmio_p2m_entry() should only be torn down by clear_mmio_p2m_entry(), so the logic gets based upon p2m_mmio_direct as the entry type (separation between "ordinary" and 1:1 mappings would require a further indicator to tell apart the two). As to the guest_remove_page() change, commit 48dfb297a20a ("x86/PVH: allow guest_remove_page to remove p2m_mmio_direct pages"), which introduced the call to clear_mmio_p2m_entry(), claimed this was done for hwdom only without this actually having been the case. However, this code shouldn't be there in the first place, as MMIO entries shouldn't be dropped this way. Avoid triggering the warning again that 48dfb297a20a silenced by an adjustment to xenmem_add_to_physmap_one() instead. Note that guest_physmap_mark_populate_on_demand() gets tightened beyond the immediate purpose of this change. Note also that I didn't inspect code which isn't security supported, e.g. sharing, paging, or altp2m. This is CVE-2021-28694 / part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: 753cb68e653002e89fdcd1c80e52905fdbfb78cb master date: 2021-08-25 14:17:32 +0200 --- xen/arch/x86/mm.c | 4 +++- xen/arch/x86/mm/p2m-pod.c | 12 ++++++------ xen/arch/x86/mm/p2m.c | 11 ++++++----- xen/common/memory.c | 11 ++++++++++- xen/include/asm-x86/p2m.h | 5 ++--- 5 files changed, 27 insertions(+), 16 deletions(-) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index db4cfdf20b..09d6377384 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -4809,7 +4809,9 @@ int xenmem_add_to_physmap_one( /* Remove previously mapped page if it was present. */ prev_mfn = mfn_x(get_gfn(d, gfn_x(gpfn), &p2mt)); - if ( mfn_valid(_mfn(prev_mfn)) ) + if ( p2mt == p2m_mmio_direct ) + rc = -EPERM; + else if ( mfn_valid(_mfn(prev_mfn)) ) { if ( is_xen_heap_mfn(prev_mfn) ) /* Xen heap frames are simply unhooked from this phys slot. */ diff --git a/xen/arch/x86/mm/p2m-pod.c b/xen/arch/x86/mm/p2m-pod.c index 4313863066..f4e5a35578 100644 --- a/xen/arch/x86/mm/p2m-pod.c +++ b/xen/arch/x86/mm/p2m-pod.c @@ -1297,17 +1297,17 @@ guest_physmap_mark_populate_on_demand(struct domain *d, unsigned long gfn_l, p2m->get_entry(p2m, gfn_add(gfn, i), &ot, &a, 0, &cur_order, NULL); n = 1UL << min(order, cur_order); - if ( p2m_is_ram(ot) ) + if ( ot == p2m_populate_on_demand ) + { + /* Count how many PoD entries we'll be replacing if successful */ + pod_count += n; + } + else if ( ot != p2m_invalid && ot != p2m_mmio_dm ) { P2M_DEBUG("gfn_to_mfn returned type %d!\n", ot); rc = -EBUSY; goto out; } - else if ( ot == p2m_populate_on_demand ) - { - /* Count how man PoD entries we'll be replacing if successful */ - pod_count += n; - } } /* Now, actually do the two-way mapping */ diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 9bd6a5ad0b..f3fdc79ff4 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -795,7 +795,8 @@ p2m_remove_page(struct p2m_domain *p2m, unsigned long gfn_l, unsigned long mfn, &cur_order, NULL); if ( p2m_is_valid(t) && - (!mfn_valid(_mfn(mfn)) || mfn + i != mfn_x(mfn_return)) ) + (!mfn_valid(_mfn(mfn)) || t == p2m_mmio_direct || + mfn + i != mfn_x(mfn_return)) ) return -EILSEQ; i += (1UL << cur_order) - ((gfn_l + i) & ((1UL << cur_order) - 1)); @@ -873,7 +874,7 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, if ( p2m_is_foreign(t) ) return -EINVAL; - if ( !mfn_valid(mfn) ) + if ( !mfn_valid(mfn) || t == p2m_mmio_direct ) { ASSERT_UNREACHABLE(); return -EINVAL; @@ -919,7 +920,7 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, } if ( p2m_is_special(ot) ) { - /* Don't permit unmapping grant/foreign this way. */ + /* Don't permit unmapping grant/foreign/direct-MMIO this way. */ domain_crash(d); p2m_unlock(p2m); @@ -1375,8 +1376,8 @@ int set_identity_p2m_entry(struct domain *d, unsigned long gfn_l, * order+1 for caller to retry with order (guaranteed smaller than * the order value passed in) */ -int clear_mmio_p2m_entry(struct domain *d, unsigned long gfn_l, mfn_t mfn, - unsigned int order) +static int clear_mmio_p2m_entry(struct domain *d, unsigned long gfn_l, + mfn_t mfn, unsigned int order) { int rc = -EINVAL; gfn_t gfn = _gfn(gfn_l); diff --git a/xen/common/memory.c b/xen/common/memory.c index 8aea327df4..ab217cc812 100644 --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -336,7 +336,7 @@ int guest_remove_page(struct domain *d, unsigned long gmfn) } if ( p2mt == p2m_mmio_direct ) { - rc = clear_mmio_p2m_entry(d, gmfn, mfn, PAGE_ORDER_4K); + rc = -EPERM; goto out_put_gfn; } #else @@ -1724,6 +1724,15 @@ int check_get_page_from_gfn(struct domain *d, gfn_t gfn, bool readonly, return -EAGAIN; } #endif +#ifdef CONFIG_X86 + if ( p2mt == p2m_mmio_direct ) + { + if ( page ) + put_page(page); + + return -EPERM; + } +#endif if ( !page ) return -EINVAL; diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index 57deff6a64..344db14a10 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -143,7 +143,8 @@ typedef unsigned int p2m_query_t; /* Types established/cleaned up via special accessors. */ #define P2M_SPECIAL_TYPES (P2M_GRANT_TYPES | \ - p2m_to_mask(p2m_map_foreign)) + p2m_to_mask(p2m_map_foreign) | \ + p2m_to_mask(p2m_mmio_direct)) /* Valid types not necessarily associated with a (valid) MFN. */ #define P2M_INVALID_MFN_TYPES (P2M_POD_TYPES \ @@ -640,8 +641,6 @@ int set_foreign_p2m_entry(struct domain *d, unsigned long gfn, mfn_t mfn); /* Set mmio addresses in the p2m table (for pass-through) */ int set_mmio_p2m_entry(struct domain *d, unsigned long gfn, mfn_t mfn, unsigned int order, p2m_access_t access); -int clear_mmio_p2m_entry(struct domain *d, unsigned long gfn, mfn_t mfn, - unsigned int order); /* Set identity addresses in the p2m table (for pass-through) */ int set_identity_p2m_entry(struct domain *d, unsigned long gfn, -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.12 From xen-changelog-bounces@lists.xenproject.org Thu Aug 26 19:24:36 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 26 Aug 2021 19:24:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.173184.316009 (Exim 4.92) (envelope-from ) id 1mJKzM-0002Li-5Q; Thu, 26 Aug 2021 19:24:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 173184.316009; Thu, 26 Aug 2021 19:24:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKzM-0002La-2W; Thu, 26 Aug 2021 19:24:36 +0000 Received: by outflank-mailman (input) for mailman id 173184; Thu, 26 Aug 2021 19:24:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKzK-0002LE-8b for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:24:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKzK-0004LR-7r for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:24:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mJKzK-0002VR-6u for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:24:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=gKaZc284DVoNoO1bw7PbY/95ZOf54vIbfp5v12mjMyw=; b=Pu3ALygrgyiplyZxpfBep/zdgE zlO43cGCYcLCXpcQd6A3zhW+o9uYKKKQ0Zn7Zictya3R3G1lFCz+b1hXnGXXlfqGYRXFBEPY7WNtx skeHUDYDc36hiC7ZfjSL9R2xChH0NLtS4g05e31ShTbmfXDMXY6iAEFo5AH4SCisd/V8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.12] x86/mm: widen locked region in xenmem_add_to_physmap_one() Message-Id: Date: Thu, 26 Aug 2021 19:24:34 +0000 commit 90ae827632671b3631ed2ded6d57d8445a00c607 Author: Jan Beulich AuthorDate: Wed Aug 25 15:50:17 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:50:17 2021 +0200 x86/mm: widen locked region in xenmem_add_to_physmap_one() For pages which can be made part of the P2M by the guest, but which can also later be de-allocated (grant table v2 status pages being the present example), it is imperative that they be mapped at no more than a single GFN. We therefore need to make sure that of two parallel XENMAPSPACE_grant_table requests for the same status page one completes before the second checks at which other GFN the underlying MFN is presently mapped. Pull ahead the respective get_gfn() and push down the respective put_gfn(). This leverages that gfn_lock() really aliases p2m_lock(), but the function makes this assumption already anyway: In the XENMAPSPACE_gmfn case lock nesting constraints for both involved GFNs would otherwise need to be enforced to avoid ABBA deadlocks. This is CVE-2021-28697 / XSA-379. Signed-off-by: Jan Beulich Reviewed-by: Julien Grall master commit: f147422bf9476fb8161b43e35f5901571ed17c35 master date: 2021-08-25 14:17:56 +0200 --- xen/arch/x86/mm.c | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 09d6377384..f3767387e6 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -4807,8 +4807,20 @@ int xenmem_add_to_physmap_one( goto put_both; } - /* Remove previously mapped page if it was present. */ + /* + * Note that we're (ab)using GFN locking (to really be locking of the + * entire P2M) here in (at least) two ways: Finer grained locking would + * expose lock order violations in the XENMAPSPACE_gmfn case (due to the + * earlier get_gfn_unshare() above). Plus at the very least for the grant + * table v2 status page case we need to guarantee that the same page can + * only appear at a single GFN. While this is a property we want in + * general, for pages which can subsequently be freed this imperative: + * Upon freeing we wouldn't be able to find other mappings in the P2M + * (unless we did a brute force search). + */ prev_mfn = mfn_x(get_gfn(d, gfn_x(gpfn), &p2mt)); + + /* Remove previously mapped page if it was present. */ if ( p2mt == p2m_mmio_direct ) rc = -EPERM; else if ( mfn_valid(_mfn(prev_mfn)) ) @@ -4820,27 +4832,21 @@ int xenmem_add_to_physmap_one( /* Normal domain memory is freed, to avoid leaking memory. */ rc = guest_remove_page(d, gfn_x(gpfn)); } - /* In the XENMAPSPACE_gmfn case we still hold a ref on the old page. */ - put_gfn(d, gfn_x(gpfn)); - - if ( rc ) - goto put_both; /* Unmap from old location, if any. */ old_gpfn = get_gpfn_from_mfn(mfn_x(mfn)); ASSERT(!SHARED_M2P(old_gpfn)); if ( space == XENMAPSPACE_gmfn && old_gpfn != gfn ) - { rc = -EXDEV; - goto put_both; - } - if ( old_gpfn != INVALID_M2P_ENTRY ) + else if ( !rc && old_gpfn != INVALID_M2P_ENTRY ) rc = guest_physmap_remove_page(d, _gfn(old_gpfn), mfn, PAGE_ORDER_4K); /* Map at new location. */ if ( !rc ) rc = guest_physmap_add_page(d, gpfn, mfn, PAGE_ORDER_4K); + put_gfn(d, gfn_x(gpfn)); + put_both: /* * In the XENMAPSPACE_gmfn case, we took a ref of the gfn at the top. -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.12 From xen-changelog-bounces@lists.xenproject.org Thu Aug 26 19:24:46 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 26 Aug 2021 19:24:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.173185.316013 (Exim 4.92) (envelope-from ) id 1mJKzW-0002On-7A; Thu, 26 Aug 2021 19:24:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 173185.316013; Thu, 26 Aug 2021 19:24:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKzW-0002Of-3y; Thu, 26 Aug 2021 19:24:46 +0000 Received: by outflank-mailman (input) for mailman id 173185; Thu, 26 Aug 2021 19:24:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKzU-0002OO-CN for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:24:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKzU-0004Le-Bg for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:24:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mJKzU-0002Wj-Aw for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:24:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=jVagydp9E+bgQBElWUOXzFFGKTFArAkTTGCEc4HzWUU=; b=IhLKYw8Tywz+ZMtQbubjGjwxZL zOsHQ5nb07OT/nbTG9r3D236PodDNirlm6ovlzw3amKhJ/ee0DtoXymfLHRq4BaMjNmzeVGeE9o0b pbXxR29CgFAoDDpnWY5TSVfASZNX+yfgTooJNK23MteAZvz0WHc3XSgUTefoofGpkpyU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.12] gnttab: add preemption check to gnttab_release_mappings() Message-Id: Date: Thu, 26 Aug 2021 19:24:44 +0000 commit e8f95a693826bfb5a87bbb6998313a5b7bff0737 Author: Jan Beulich AuthorDate: Wed Aug 25 15:50:33 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:50:33 2021 +0200 gnttab: add preemption check to gnttab_release_mappings() A guest may die with many grant mappings still in place, or simply with a large maptrack table. Iterating through this may take more time than is reasonable without intermediate preemption (to run softirqs and perhaps the scheduler). Move the invocation of the function to the section where other restartable functions get invoked, and have the function itself check for preemption every once in a while. Have it iterate the table backwards, such that decreasing the maptrack limit is all it takes to convey restart information. In domain_teardown() introduce PROG_none such that inserting at the front will be easier going forward. This is part of CVE-2021-28698 / XSA-380. Reported-by: Andrew Cooper Signed-off-by: Jan Beulich Reviewed-by: Julien Grall master commit: b1ee10be5625b7d502cef1e6ee3818610ab0d29c master date: 2021-08-25 14:18:18 +0200 --- xen/common/domain.c | 4 +++- xen/common/grant_table.c | 46 ++++++++++++++++++++++++++++++++++++------- xen/include/xen/grant_table.h | 4 +--- 3 files changed, 43 insertions(+), 11 deletions(-) diff --git a/xen/common/domain.c b/xen/common/domain.c index ce8a9c6eee..f4efc28fc7 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -724,13 +724,15 @@ int domain_kill(struct domain *d) return domain_kill(d); d->is_dying = DOMDYING_dying; argo_destroy(d); - gnttab_release_mappings(d); tmem_destroy(d->tmem_client); vnuma_destroy(d->vnuma); domain_set_outstanding_pages(d, 0); d->tmem_client = NULL; /* fallthrough */ case DOMDYING_dying: + rc = gnttab_release_mappings(d); + if ( rc ) + break; rc = evtchn_destroy(d); if ( rc ) break; diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 1adb173e06..56fdf43970 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -62,7 +62,13 @@ struct grant_table { unsigned int nr_grant_frames; /* Number of grant status frames shared with guest (for version 2) */ unsigned int nr_status_frames; - /* Number of available maptrack entries. */ + /* + * Number of available maptrack entries. For cleanup purposes it is + * important to realize that this field and @maptrack further down will + * only ever be accessed by the local domain. Thus it is okay to clean + * up early, and to shrink the limit for the purpose of tracking cleanup + * progress. + */ unsigned int maptrack_limit; /* Shared grant table (see include/public/grant_table.h). */ union { @@ -3604,9 +3610,7 @@ do_grant_table_op( #include "compat/grant_table.c" #endif -void -gnttab_release_mappings( - struct domain *d) +int gnttab_release_mappings(struct domain *d) { struct grant_table *gt = d->grant_table, *rgt; struct grant_mapping *map; @@ -3620,8 +3624,32 @@ gnttab_release_mappings( BUG_ON(!d->is_dying); - for ( handle = 0; handle < gt->maptrack_limit; handle++ ) + if ( !gt || !gt->maptrack ) + return 0; + + for ( handle = gt->maptrack_limit; handle; ) { + /* + * Deal with full pages such that their freeing (in the body of the + * if()) remains simple. + */ + if ( handle < gt->maptrack_limit && !(handle % MAPTRACK_PER_PAGE) ) + { + /* + * Changing maptrack_limit alters nr_maptrack_frames()'es return + * value. Free the then excess trailing page right here, rather + * than leaving it to grant_table_destroy() (and in turn requiring + * to leave gt->maptrack_limit unaltered). + */ + gt->maptrack_limit = handle; + FREE_XENHEAP_PAGE(gt->maptrack[nr_maptrack_frames(gt)]); + + if ( hypercall_preempt_check() ) + return -ERESTART; + } + + --handle; + map = &maptrack_entry(gt, handle); if ( !(map->flags & (GNTMAP_device_map|GNTMAP_host_map)) ) continue; @@ -3709,6 +3737,11 @@ gnttab_release_mappings( map->flags = 0; } + + gt->maptrack_limit = 0; + FREE_XENHEAP_PAGE(gt->maptrack[0]); + + return 0; } void grant_table_warn_active_grants(struct domain *d) @@ -3771,8 +3804,7 @@ grant_table_destroy( free_xenheap_page(t->shared_raw[i]); xfree(t->shared_raw); - for ( i = 0; i < nr_maptrack_frames(t); i++ ) - free_xenheap_page(t->maptrack[i]); + ASSERT(!t->maptrack_limit); vfree(t->maptrack); for ( i = 0; i < nr_active_grant_frames(t); i++ ) diff --git a/xen/include/xen/grant_table.h b/xen/include/xen/grant_table.h index 119b8f7e2b..270eae658b 100644 --- a/xen/include/xen/grant_table.h +++ b/xen/include/xen/grant_table.h @@ -46,9 +46,7 @@ void grant_table_init_vcpu(struct vcpu *v); void grant_table_warn_active_grants(struct domain *d); /* Domain death release of granted mappings of other domains' memory. */ -void -gnttab_release_mappings( - struct domain *d); +int gnttab_release_mappings(struct domain *d); int mem_sharing_gref_to_gfn(struct grant_table *gt, grant_ref_t ref, gfn_t *gfn, uint16_t *status); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.12 From xen-changelog-bounces@lists.xenproject.org Thu Aug 26 19:24:56 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 26 Aug 2021 19:24:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.173186.316017 (Exim 4.92) (envelope-from ) id 1mJKzg-0002Rk-8x; Thu, 26 Aug 2021 19:24:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 173186.316017; Thu, 26 Aug 2021 19:24:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKzg-0002Rc-5Y; Thu, 26 Aug 2021 19:24:56 +0000 Received: by outflank-mailman (input) for mailman id 173186; Thu, 26 Aug 2021 19:24:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKze-0002RK-Fu for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:24:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKze-0004Ly-FB for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:24:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mJKze-0002YH-ER for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:24:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=aZruijOkjwRtptXy4mFKBsYHXcd2tcLkPZSjGQJS7MI=; b=6OWxaionyESO0jqAXdlX8oMkF1 sKr0mZWw8iaqXk64Q6ISsfXY4TkgSnI85mawEKNmhyaJqj97X5ObxTgyY7yIe+S5VQ6CbITPfqm9N QBZZ2Bb/L/pGjHOzXKXsTleRwKstMURQRPCIPnDAeAo5qHvsk/wlIxr8yr0wTiQZtvbE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.12] gnttab: replace mapkind() Message-Id: Date: Thu, 26 Aug 2021 19:24:54 +0000 commit 090986baef8956eba86ed1f51f4013eb7984298d Author: Jan Beulich AuthorDate: Wed Aug 25 15:50:50 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:50:50 2021 +0200 gnttab: replace mapkind() mapkind() doesn't scale very well with larger maptrack entry counts, using a brute force linear search through all entries, with the only option of an early loop exit if a matching writable entry was found. Introduce a radix tree alongside the main maptrack table, thus allowing much faster MFN-based lookup. To avoid the need to actually allocate space for the individual nodes, encode the two counters in the node pointers themselves, thus limiting the number of permitted simultaneous r/o and r/w mappings of the same MFN to 2³¹-1 (64-bit) / 2¹⁵-1 (32-bit) each. To avoid enforcing an unnecessarily low bound on the number of simultaneous mappings of a single MFN, introduce radix_tree_{ulong_to_ptr,ptr_to_ulong} paralleling radix_tree_{int_to_ptr,ptr_to_int}. As a consequence locking changes are also applicable: With there no longer being any inspection of the remote domain's active entries, there's also no need anymore to hold the remote domain's grant table lock. And since we're no longer iterating over the local domain's map track table, the lock in map_grant_ref() can also be dropped before the new maptrack entry actually gets populated. As a nice side effect this also reduces the number of IOMMU operations in unmap_common(): Previously we would have "established" a readable mapping whenever we didn't find a writable entry anymore (yet, of course, at least one readable one). But we only need to do this if we actually dropped the last writable entry, not if there were none already before. This is part of CVE-2021-28698 / XSA-380. Signed-off-by: Jan Beulich Reviewed-by: Julien Grall master commit: 9781b51efde251efcc0291ddb1d9c7cefe2b2555 master date: 2021-08-25 14:18:39 +0200 --- xen/common/grant_table.c | 199 ++++++++++++++++++++++++------------------- xen/include/xen/radix-tree.h | 19 +++++ 2 files changed, 130 insertions(+), 88 deletions(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 56fdf43970..11d83c78c5 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -36,6 +36,7 @@ #include #include #include +#include #include #include #include @@ -80,8 +81,13 @@ struct grant_table { grant_status_t **status; /* Active grant table. */ struct active_grant_entry **active; - /* Mapping tracking table per vcpu. */ + /* Handle-indexed tracking table of mappings. */ struct grant_mapping **maptrack; + /* + * MFN-indexed tracking tree of mappings, if needed. Note that this is + * protected by @lock, not @maptrack_lock. + */ + struct radix_tree_root maptrack_tree; /* Domain to which this struct grant_table belongs. */ const struct domain *domain; @@ -445,34 +451,6 @@ static int get_paged_frame(unsigned long gfn, mfn_t *mfn, return GNTST_okay; } -static inline void -double_gt_lock(struct grant_table *lgt, struct grant_table *rgt) -{ - /* - * See mapkind() for why the write lock is also required for the - * remote domain. - */ - if ( lgt < rgt ) - { - grant_write_lock(lgt); - grant_write_lock(rgt); - } - else - { - if ( lgt != rgt ) - grant_write_lock(rgt); - grant_write_lock(lgt); - } -} - -static inline void -double_gt_unlock(struct grant_table *lgt, struct grant_table *rgt) -{ - grant_write_unlock(lgt); - if ( lgt != rgt ) - grant_write_unlock(rgt); -} - #define INVALID_MAPTRACK_HANDLE UINT_MAX static inline grant_handle_t @@ -895,41 +873,17 @@ static struct active_grant_entry *grant_map_exists(const struct domain *ld, return ERR_PTR(-EINVAL); } -#define MAPKIND_READ 1 -#define MAPKIND_WRITE 2 -static unsigned int mapkind( - struct grant_table *lgt, const struct domain *rd, mfn_t mfn) -{ - struct grant_mapping *map; - grant_handle_t handle, limit = lgt->maptrack_limit; - unsigned int kind = 0; - - /* - * Must have the local domain's grant table write lock when - * iterating over its maptrack entries. - */ - ASSERT(percpu_rw_is_write_locked(&lgt->lock)); - /* - * Must have the remote domain's grant table write lock while - * counting its active entries. - */ - ASSERT(percpu_rw_is_write_locked(&rd->grant_table->lock)); - - smp_rmb(); - - for ( handle = 0; !(kind & MAPKIND_WRITE) && handle < limit; handle++ ) - { - map = &maptrack_entry(lgt, handle); - if ( !(map->flags & (GNTMAP_device_map|GNTMAP_host_map)) || - map->domid != rd->domain_id ) - continue; - if ( mfn_eq(_active_entry(rd->grant_table, map->ref).mfn, mfn) ) - kind |= map->flags & GNTMAP_readonly ? - MAPKIND_READ : MAPKIND_WRITE; - } - - return kind; -} +union maptrack_node { + struct { + /* Radix tree slot pointers use two of the bits. */ +#ifdef __BIG_ENDIAN_BITFIELD + unsigned long : 2; +#endif + unsigned long rd : BITS_PER_LONG / 2 - 1; + unsigned long wr : BITS_PER_LONG / 2 - 1; + } cnt; + unsigned long raw; +}; static void map_grant_ref( @@ -948,7 +902,6 @@ map_grant_ref( struct grant_mapping *mt; grant_entry_header_t *shah; uint16_t *status; - bool_t need_iommu; led = current; ld = led->domain; @@ -1156,31 +1109,75 @@ map_grant_ref( goto undo_out; } - need_iommu = gnttab_need_iommu_mapping(ld); - if ( need_iommu ) + if ( gnttab_need_iommu_mapping(ld) ) { + union maptrack_node node = { + .cnt.rd = !!(op->flags & GNTMAP_readonly), + .cnt.wr = !(op->flags & GNTMAP_readonly), + }; + int err; + void **slot = NULL; unsigned int kind; - double_gt_lock(lgt, rgt); + grant_write_lock(lgt); + + err = radix_tree_insert(&lgt->maptrack_tree, mfn_x(mfn), + radix_tree_ulong_to_ptr(node.raw)); + if ( err == -EEXIST ) + { + slot = radix_tree_lookup_slot(&lgt->maptrack_tree, mfn_x(mfn)); + if ( likely(slot) ) + { + node.raw = radix_tree_ptr_to_ulong(*slot); + err = -EBUSY; + + /* Update node only when refcount doesn't overflow. */ + if ( op->flags & GNTMAP_readonly ? ++node.cnt.rd + : ++node.cnt.wr ) + { + radix_tree_replace_slot(slot, + radix_tree_ulong_to_ptr(node.raw)); + err = 0; + } + } + else + ASSERT_UNREACHABLE(); + } /* * We're not translated, so we know that dfns and mfns are * the same things, so the IOMMU entry is always 1-to-1. */ - kind = mapkind(lgt, rd, mfn); - if ( !(op->flags & GNTMAP_readonly) && - !(kind & MAPKIND_WRITE) ) + if ( !(op->flags & GNTMAP_readonly) && node.cnt.wr == 1 ) kind = IOMMUF_readable | IOMMUF_writable; - else if ( !kind ) + else if ( (op->flags & GNTMAP_readonly) && + node.cnt.rd == 1 && !node.cnt.wr ) kind = IOMMUF_readable; else kind = 0; - if ( kind && iommu_legacy_map(ld, _dfn(mfn_x(mfn)), mfn, 0, kind) ) + if ( err || + (kind && iommu_legacy_map(ld, _dfn(mfn_x(mfn)), mfn, 0, kind)) ) { - double_gt_unlock(lgt, rgt); + if ( !err ) + { + if ( slot ) + { + op->flags & GNTMAP_readonly ? node.cnt.rd-- + : node.cnt.wr--; + radix_tree_replace_slot(slot, + radix_tree_ulong_to_ptr(node.raw)); + } + else + radix_tree_delete(&lgt->maptrack_tree, mfn_x(mfn)); + } + rc = GNTST_general_error; - goto undo_out; } + + grant_write_unlock(lgt); + + if ( rc != GNTST_okay ) + goto undo_out; } TRACE_1D(TRC_MEM_PAGE_GRANT_MAP, op->dom); @@ -1188,10 +1185,6 @@ map_grant_ref( /* * All maptrack entry users check mt->flags first before using the * other fields so just ensure the flags field is stored last. - * - * However, if gnttab_need_iommu_mapping() then this would race - * with a concurrent mapkind() call (on an unmap, for example) - * and a lock is required. */ mt = &maptrack_entry(lgt, handle); mt->domid = op->dom; @@ -1199,9 +1192,6 @@ map_grant_ref( smp_wmb(); write_atomic(&mt->flags, op->flags); - if ( need_iommu ) - double_gt_unlock(lgt, rgt); - op->dev_bus_addr = mfn_to_maddr(mfn); op->handle = handle; op->status = GNTST_okay; @@ -1414,19 +1404,34 @@ unmap_common( if ( rc == GNTST_okay && gnttab_need_iommu_mapping(ld) ) { - unsigned int kind; + void **slot; + union maptrack_node node; int err = 0; - double_gt_lock(lgt, rgt); + grant_write_lock(lgt); + slot = radix_tree_lookup_slot(&lgt->maptrack_tree, mfn_x(op->mfn)); + node.raw = likely(slot) ? radix_tree_ptr_to_ulong(*slot) : 0; + + /* Refcount must not underflow. */ + if ( !(flags & GNTMAP_readonly ? node.cnt.rd-- + : node.cnt.wr--) ) + BUG(); - kind = mapkind(lgt, rd, op->mfn); - if ( !kind ) + if ( !node.raw ) err = iommu_legacy_unmap(ld, _dfn(mfn_x(op->mfn)), 0); - else if ( !(kind & MAPKIND_WRITE) ) + else if ( !(flags & GNTMAP_readonly) && !node.cnt.wr ) err = iommu_legacy_map(ld, _dfn(mfn_x(op->mfn)), op->mfn, 0, IOMMUF_readable); - double_gt_unlock(lgt, rgt); + if ( err ) + ; + else if ( !node.raw ) + radix_tree_delete(&lgt->maptrack_tree, mfn_x(op->mfn)); + else + radix_tree_replace_slot(slot, + radix_tree_ulong_to_ptr(node.raw)); + + grant_write_unlock(lgt); if ( err ) rc = GNTST_general_error; @@ -1874,6 +1879,8 @@ int grant_table_init(struct domain *d, int max_grant_frames, gt->maptrack = vzalloc(gt->max_maptrack_frames * sizeof(*gt->maptrack)); if ( gt->maptrack == NULL ) goto out; + + radix_tree_init(>->maptrack_tree); } /* Shared grant table. */ @@ -3629,6 +3636,8 @@ int gnttab_release_mappings(struct domain *d) for ( handle = gt->maptrack_limit; handle; ) { + mfn_t mfn; + /* * Deal with full pages such that their freeing (in the body of the * if()) remains simple. @@ -3730,17 +3739,31 @@ int gnttab_release_mappings(struct domain *d) if ( act->pin == 0 ) gnttab_clear_flag(rd, _GTF_reading, status); + mfn = act->mfn; + active_entry_release(act); grant_read_unlock(rgt); rcu_unlock_domain(rd); map->flags = 0; + + /* + * This is excessive in that a single such call would suffice per + * mapped MFN (or none at all, if no entry was ever inserted). But it + * should be the common case for an MFN to be mapped just once, and + * this way we don't need to further maintain the counters. We also + * don't want to leave cleaning up of the tree as a whole to the end + * of the function, as this could take quite some time. + */ + radix_tree_delete(>->maptrack_tree, mfn_x(mfn)); } gt->maptrack_limit = 0; FREE_XENHEAP_PAGE(gt->maptrack[0]); + radix_tree_destroy(>->maptrack_tree, NULL); + return 0; } diff --git a/xen/include/xen/radix-tree.h b/xen/include/xen/radix-tree.h index ec40cf1d9e..58c40312e6 100644 --- a/xen/include/xen/radix-tree.h +++ b/xen/include/xen/radix-tree.h @@ -190,6 +190,25 @@ static inline int radix_tree_ptr_to_int(void *ptr) return (int)((long)ptr >> 2); } +/** + * radix_tree_{ulong_to_ptr,ptr_to_ulong}: + * + * Same for unsigned long values. Beware though that only BITS_PER_LONG-2 + * bits are actually usable for the value. + */ +static inline void *radix_tree_ulong_to_ptr(unsigned long val) +{ + unsigned long ptr = (val << 2) | 0x2; + ASSERT((ptr >> 2) == val); + return (void *)ptr; +} + +static inline unsigned long radix_tree_ptr_to_ulong(void *ptr) +{ + ASSERT(((unsigned long)ptr & 0x3) == 0x2); + return (unsigned long)ptr >> 2; +} + int radix_tree_insert(struct radix_tree_root *, unsigned long, void *); void *radix_tree_lookup(struct radix_tree_root *, unsigned long); void **radix_tree_lookup_slot(struct radix_tree_root *, unsigned long); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.12 From xen-changelog-bounces@lists.xenproject.org Thu Aug 26 19:25:06 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 26 Aug 2021 19:25:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.173187.316020 (Exim 4.92) (envelope-from ) id 1mJKzq-0002V2-BV; Thu, 26 Aug 2021 19:25:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 173187.316020; Thu, 26 Aug 2021 19:25:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKzq-0002Uv-8b; Thu, 26 Aug 2021 19:25:06 +0000 Received: by outflank-mailman (input) for mailman id 173187; Thu, 26 Aug 2021 19:25:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKzo-0002Ul-KB for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:25:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKzo-0004N4-JR for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:25:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mJKzo-0002Zn-I1 for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:25:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=jESo0d+yJujouU2TD2btIdAvUSpKjOWK4oaAPyPWp7A=; b=OlCZvnNHiAZbKAeEt+I0hjDqNr XQGZ5sN9PvrNGHTkbzsp/JrBQ3UC2P/exbxAmsfsb1kZ2b7kJR7roSggsH7ZTIua+u7NZdxMhEY+2 n77mTq54nkCJL8OH3pSLDg0Id8NCRLlxbyd5EzI/foB6AZAk7LAGvIeQ8fMlgf9pWZeM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.12] gnttab: fix array capacity check in gnttab_get_status_frames() Message-Id: Date: Thu, 26 Aug 2021 19:25:04 +0000 commit 9e39b7f71ac79eef0cdff3fa38e6fd9402ecdda7 Author: Jan Beulich AuthorDate: Wed Aug 25 15:51:31 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:51:31 2021 +0200 gnttab: fix array capacity check in gnttab_get_status_frames() The number of grant frames is of no interest here; converting the passed in op.nr_frames this way means we allow for 8 times as many GFNs to be written as actually fit in the array. We would corrupt xlat areas of higher vCPU-s (after having faulted many times while trying to write to the guard pages between any two areas) for 32-bit PV guests. For HVM guests we'd simply crash as soon as we hit the first guard page, as accesses to the xlat area are simply memcpy() there. This is CVE-2021-28699 / XSA-382. Fixes: 18b1be5e324b ("gnttab: make resource limits per domain") Signed-off-by: Jan Beulich master commit: ec820035b875cdbedce5e73f481ce65963ede9ed master date: 2021-08-25 14:19:09 +0200 --- xen/common/grant_table.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 11d83c78c5..3056454b95 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -3182,12 +3182,11 @@ gnttab_get_status_frames(XEN_GUEST_HANDLE_PARAM(gnttab_get_status_frames_t) uop, goto unlock; } - if ( unlikely(limit_max < grant_to_status_frames(op.nr_frames)) ) + if ( unlikely(limit_max < op.nr_frames) ) { gdprintk(XENLOG_WARNING, - "grant_to_status_frames(%u) for d%d is too large (%u,%u)\n", - op.nr_frames, d->domain_id, - grant_to_status_frames(op.nr_frames), limit_max); + "nr_status_frames for %pd is too large (%u,%u)\n", + d, op.nr_frames, limit_max); op.status = GNTST_general_error; goto unlock; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.12 From xen-changelog-bounces@lists.xenproject.org Thu Aug 26 19:25:15 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 26 Aug 2021 19:25:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.173188.316026 (Exim 4.92) (envelope-from ) id 1mJKzz-0002Xm-DY; Thu, 26 Aug 2021 19:25:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 173188.316026; Thu, 26 Aug 2021 19:25:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKzz-0002Xe-AC; Thu, 26 Aug 2021 19:25:15 +0000 Received: by outflank-mailman (input) for mailman id 173188; Thu, 26 Aug 2021 19:25:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKzy-0002XW-Na for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:25:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJKzy-0004O4-Ml for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:25:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mJKzy-0002az-M5 for xen-changelog@lists.xenproject.org; Thu, 26 Aug 2021 19:25:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=uxYWLrHAtls0KrJMH4JU/+nhs5r5fs3Wpe1NjKg2xJc=; b=4FP+siiJ9ZMh5OrTAQgnsW8UuI j0M4zJj84Y/2Z+Z7UWiBsqirl1bmSrxx5clegvDhWUlgb/y/OvVC73slXNP2GwIOS9Y+OEHhsyS7G wTjHhvhFF/6H9DatOo8o+StujgH+/L6RUqFdqj1LrbjZ/H0cWD+RGkSupZM2fsLYSu1s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.12] xen/arm: Restrict the amount of memory that dom0less domU and dom0 can allocate Message-Id: Date: Thu, 26 Aug 2021 19:25:14 +0000 commit 35ba323378d05509f2e0dc049520e140be183003 Author: Julien Grall AuthorDate: Wed Aug 25 15:51:47 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:51:47 2021 +0200 xen/arm: Restrict the amount of memory that dom0less domU and dom0 can allocate Currently, both dom0less domUs and dom0 can allocate an "unlimited" amount of memory because d->max_pages is set to ~0U. In particular, the former are meant to be unprivileged. Therefore the memory they could allocate should be bounded. As the domain are not yet officially aware of Xen (we don't expose advertise it in the DT, yet the hypercalls are accessible), they should not need to allocate more than the initial amount. So cap set d->max_pages directly the amount of memory we are meant to allocate. Take the opportunity to also restrict the memory for dom0 as the domain is direct mapped (e.g. MFN == GFN) and therefore cannot allocate outside of the pre-allocated region. This is CVE-2021-28700 / XSA-383. Reported-by: Julien Grall Signed-off-by: Julien Grall Reviewed-by: Stefano Stabellini Tested-by: Stefano Stabellini master commit: c08d68cd2aacbc7cb56e73ada241bfe4639bbc68 master date: 2021-08-25 14:19:31 +0200 --- xen/arch/arm/domain_build.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index 6c5a6db144..c3553ce4c4 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -2028,7 +2028,8 @@ static int __init construct_domU(struct domain *d, if ( vcpu_create(d, 0, 0) == NULL ) return -ENOMEM; - d->max_pages = ~0U; + + d->max_pages = ((paddr_t)mem * SZ_1K) >> PAGE_SHIFT; kinfo.d = d; @@ -2116,7 +2117,7 @@ int __init construct_dom0(struct domain *d) iommu_hwdom_init(d); - d->max_pages = ~0U; + d->max_pages = dom0_mem >> PAGE_SHIFT; kinfo.unassigned_mem = dom0_mem; kinfo.d = d; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.12 From xen-changelog-bounces@lists.xenproject.org Fri Aug 27 09:00:13 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 27 Aug 2021 09:00:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.173501.316558 (Exim 4.92) (envelope-from ) id 1mJXiZ-0000WV-7r; Fri, 27 Aug 2021 09:00:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 173501.316558; Fri, 27 Aug 2021 09:00:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJXiZ-0000WO-4d; Fri, 27 Aug 2021 09:00:07 +0000 Received: by outflank-mailman (input) for mailman id 173501; Fri, 27 Aug 2021 09:00:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJXiX-0000Mm-Ok for xen-changelog@lists.xenproject.org; Fri, 27 Aug 2021 09:00:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJXiX-0001RJ-Ki for xen-changelog@lists.xenproject.org; Fri, 27 Aug 2021 09:00:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mJXiX-0008MF-JW for xen-changelog@lists.xenproject.org; Fri, 27 Aug 2021 09:00:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=MExelYdN0PfOOOkUTHHjsaF3lHW7doZ/quE5LjeyDlM=; b=Qj3lU6p/n4TAvHRtE/OiRmukmk gyBCZjvk282uU0Jp3O+6vmQUFbr5sfP+Catgo34yycRHXeIPVe/OSD+dr7xcJKwOZntjk+7jrTQnF IIMKTqrQWeFqT1+JbUWOJdvvy6Ot5NuDWJUJ8fXYQpN3e4cBzlaCkZ7Dd5Z+t4TlBowk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] VT-d: fix caching mode IOTLB flushing Message-Id: Date: Fri, 27 Aug 2021 09:00:05 +0000 commit c5c84e97669dd5c92b59b04b2ab4233605da09dd Author: Jan Beulich AuthorDate: Fri Aug 27 10:52:15 2021 +0200 Commit: Jan Beulich CommitDate: Fri Aug 27 10:52:15 2021 +0200 VT-d: fix caching mode IOTLB flushing While for context cache entry flushing use of did 0 is indeed correct (after all upon reading the context entry the IOMMU wouldn't know any domain ID if the entry is not present, and hence a surrogate one needs to be used), for IOTLB entries the normal domain ID (from the [present] context entry) gets used. See sub-section "IOTLB" of section "Address Translation Caches" in the VT-d spec. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian --- xen/drivers/passthrough/vtd/iommu.c | 13 +++---------- xen/drivers/passthrough/vtd/qinval.c | 13 +++---------- 2 files changed, 6 insertions(+), 20 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 23921dfb7b..2034a95a87 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -468,17 +468,10 @@ int vtd_flush_iotlb_reg(struct vtd_iommu *iommu, uint16_t did, uint64_t addr, /* * In the non-present entry flush case, if hardware doesn't cache - * non-present entry we do nothing and if hardware cache non-present - * entry, we flush entries of domain 0 (the domain id is used to cache - * any non-present entries) + * non-present entries we do nothing. */ - if ( flush_non_present_entry ) - { - if ( !cap_caching_mode(iommu->cap) ) - return 1; - else - did = 0; - } + if ( flush_non_present_entry && !cap_caching_mode(iommu->cap) ) + return 1; /* use register invalidation */ switch ( type ) diff --git a/xen/drivers/passthrough/vtd/qinval.c b/xen/drivers/passthrough/vtd/qinval.c index b0e3672231..b16153e298 100644 --- a/xen/drivers/passthrough/vtd/qinval.c +++ b/xen/drivers/passthrough/vtd/qinval.c @@ -362,17 +362,10 @@ static int __must_check flush_iotlb_qi(struct vtd_iommu *iommu, u16 did, /* * In the non-present entry flush case, if hardware doesn't cache - * non-present entry we do nothing and if hardware cache non-present - * entry, we flush entries of domain 0 (the domain id is used to cache - * any non-present entries) + * non-present entries we do nothing. */ - if ( flush_non_present_entry ) - { - if ( !cap_caching_mode(iommu->cap) ) - return 1; - else - did = 0; - } + if ( flush_non_present_entry && !cap_caching_mode(iommu->cap) ) + return 1; /* use queued invalidation */ if (cap_write_drain(iommu->cap)) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Aug 27 09:00:17 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 27 Aug 2021 09:00:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.173502.316563 (Exim 4.92) (envelope-from ) id 1mJXij-0000ca-9l; Fri, 27 Aug 2021 09:00:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 173502.316563; Fri, 27 Aug 2021 09:00:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJXij-0000cT-6l; Fri, 27 Aug 2021 09:00:17 +0000 Received: by outflank-mailman (input) for mailman id 173502; Fri, 27 Aug 2021 09:00:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJXih-0000c8-SP for xen-changelog@lists.xenproject.org; Fri, 27 Aug 2021 09:00:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJXih-0001RQ-Rb for xen-changelog@lists.xenproject.org; Fri, 27 Aug 2021 09:00:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mJXih-0008Oa-QM for xen-changelog@lists.xenproject.org; Fri, 27 Aug 2021 09:00:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=SDBrhKl6H2HGmKQ+aBXiS9bf46viVjwnkFJucNZlsSw=; b=aHN+E4MQW+N6OOe8TmqtI9W1f+ 7fBKJuBoAR6nA/cCX596onwIyeAgvjpG1mULPJypQHG94gvjvqNZZUkcQ5doxKOywIYWDb+sDbFE9 jgVyG9cMN95pHT06tUMM23VRTtQSKujsCKL6oiusdQMA1f6S8GObuL+HcxSUwthVZHco=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] AMD/IOMMU: avoid recording each level's MFN when walking page table Message-Id: Date: Fri, 27 Aug 2021 09:00:15 +0000 commit 706551b29b176c0a3eb853f71408806a843d51fa Author: Jan Beulich AuthorDate: Fri Aug 27 10:53:11 2021 +0200 Commit: Jan Beulich CommitDate: Fri Aug 27 10:53:11 2021 +0200 AMD/IOMMU: avoid recording each level's MFN when walking page table Both callers only care about the target (level 1) MFN. I also cannot see what we might need higher level MFNs for down the road. And even modern gcc doesn't recognize the optimization potential. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper --- xen/drivers/passthrough/amd/iommu_map.c | 23 +++++++++-------------- 1 file changed, 9 insertions(+), 14 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 53cd5b4577..10fda5519c 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -178,7 +178,7 @@ void __init iommu_dte_add_device_entry(struct amd_iommu_dte *dte, * page tables. */ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, - unsigned long pt_mfn[], bool map) + unsigned long *pt_mfn, bool map) { union amd_iommu_pte *pde, *next_table_vaddr; unsigned long next_table_mfn; @@ -203,7 +203,6 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, while ( level > 1 ) { unsigned int next_level = level - 1; - pt_mfn[level] = next_table_mfn; next_table_vaddr = map_domain_page(_mfn(next_table_mfn)); pde = &next_table_vaddr[pfn_to_pde_idx(dfn, level)]; @@ -273,7 +272,7 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, } /* mfn of level 1 page table */ - pt_mfn[level] = next_table_mfn; + *pt_mfn = next_table_mfn; return 0; } @@ -282,9 +281,7 @@ int amd_iommu_map_page(struct domain *d, dfn_t dfn, mfn_t mfn, { struct domain_iommu *hd = dom_iommu(d); int rc; - unsigned long pt_mfn[7]; - - memset(pt_mfn, 0, sizeof(pt_mfn)); + unsigned long pt_mfn = 0; spin_lock(&hd->arch.mapping_lock); @@ -310,7 +307,7 @@ int amd_iommu_map_page(struct domain *d, dfn_t dfn, mfn_t mfn, return rc; } - if ( iommu_pde_from_dfn(d, dfn_x(dfn), pt_mfn, true) || (pt_mfn[1] == 0) ) + if ( iommu_pde_from_dfn(d, dfn_x(dfn), &pt_mfn, true) || !pt_mfn ) { spin_unlock(&hd->arch.mapping_lock); AMD_IOMMU_DEBUG("Invalid IO pagetable entry dfn = %"PRI_dfn"\n", @@ -320,7 +317,7 @@ int amd_iommu_map_page(struct domain *d, dfn_t dfn, mfn_t mfn, } /* Install 4k mapping */ - *flush_flags |= set_iommu_ptes_present(pt_mfn[1], dfn_x(dfn), mfn_x(mfn), + *flush_flags |= set_iommu_ptes_present(pt_mfn, dfn_x(dfn), mfn_x(mfn), 1, 1, (flags & IOMMUF_writable), (flags & IOMMUF_readable)); @@ -332,11 +329,9 @@ int amd_iommu_map_page(struct domain *d, dfn_t dfn, mfn_t mfn, int amd_iommu_unmap_page(struct domain *d, dfn_t dfn, unsigned int *flush_flags) { - unsigned long pt_mfn[7]; + unsigned long pt_mfn = 0; struct domain_iommu *hd = dom_iommu(d); - memset(pt_mfn, 0, sizeof(pt_mfn)); - spin_lock(&hd->arch.mapping_lock); if ( !hd->arch.amd.root_table ) @@ -345,7 +340,7 @@ int amd_iommu_unmap_page(struct domain *d, dfn_t dfn, return 0; } - if ( iommu_pde_from_dfn(d, dfn_x(dfn), pt_mfn, false) ) + if ( iommu_pde_from_dfn(d, dfn_x(dfn), &pt_mfn, false) ) { spin_unlock(&hd->arch.mapping_lock); AMD_IOMMU_DEBUG("Invalid IO pagetable entry dfn = %"PRI_dfn"\n", @@ -354,10 +349,10 @@ int amd_iommu_unmap_page(struct domain *d, dfn_t dfn, return -EFAULT; } - if ( pt_mfn[1] ) + if ( pt_mfn ) { /* Mark PTE as 'page not present'. */ - *flush_flags |= clear_iommu_pte_present(pt_mfn[1], dfn_x(dfn)); + *flush_flags |= clear_iommu_pte_present(pt_mfn, dfn_x(dfn)); } spin_unlock(&hd->arch.mapping_lock); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Aug 27 09:00:27 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 27 Aug 2021 09:00:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.173503.316568 (Exim 4.92) (envelope-from ) id 1mJXit-0000fa-Bh; Fri, 27 Aug 2021 09:00:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 173503.316568; Fri, 27 Aug 2021 09:00:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJXit-0000fQ-8R; Fri, 27 Aug 2021 09:00:27 +0000 Received: by outflank-mailman (input) for mailman id 173503; Fri, 27 Aug 2021 09:00:26 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJXir-0000fE-Vt for xen-changelog@lists.xenproject.org; Fri, 27 Aug 2021 09:00:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJXir-0001Rj-VE for xen-changelog@lists.xenproject.org; Fri, 27 Aug 2021 09:00:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mJXir-0008Qp-UE for xen-changelog@lists.xenproject.org; Fri, 27 Aug 2021 09:00:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=VsIPk9NiilxnwDCEZBA0r79/kjcNX743jTkp59D+234=; b=O+IC4stphNbJb1p7lG+vA4D22J iVMw0MagwH/JLcjdvSKblJIJmgrymtcmMVUKlJhVCSFEiphrx5CzTV/ChnfsBZpPWV4MTR0xhEpaH hCrUmIPS7JtofNBFfJKXYO4TCSoE5vMuEm8Tzf4MZYsAOgs7+73ox0F6qvkbaaVNGfig=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] gnttab: drop GNTMAP_can_fail Message-Id: Date: Fri, 27 Aug 2021 09:00:25 +0000 commit d07b7ed8b564f48ff14922ac20347fb33bb27ffb Author: Jan Beulich AuthorDate: Fri Aug 27 10:53:48 2021 +0200 Commit: Jan Beulich CommitDate: Fri Aug 27 10:53:48 2021 +0200 gnttab: drop GNTMAP_can_fail There's neither documentation of what this flag is supposed to mean, nor any implementation. Commit 4d45702cf0398 ("paging: Updates to public grant table header file") suggests there might have been plans to use it for interaction with mem-paging, but no such functionality has ever materialized. With this, don't even bother enclosing the #define-s in a __XEN_INTERFACE_VERSION__ conditional, but drop them altogether. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper --- xen/include/public/grant_table.h | 3 --- 1 file changed, 3 deletions(-) diff --git a/xen/include/public/grant_table.h b/xen/include/public/grant_table.h index 84b1d26b36..69d1e9662e 100644 --- a/xen/include/public/grant_table.h +++ b/xen/include/public/grant_table.h @@ -628,9 +628,6 @@ DEFINE_XEN_GUEST_HANDLE(gnttab_cache_flush_t); #define _GNTMAP_contains_pte (4) #define GNTMAP_contains_pte (1<<_GNTMAP_contains_pte) -#define _GNTMAP_can_fail (5) -#define GNTMAP_can_fail (1<<_GNTMAP_can_fail) - /* * Bits to be placed in guest kernel available PTE bits (architecture * dependent; only supported when XENFEAT_gnttab_map_avail_bits is set). -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Aug 27 09:00:37 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 27 Aug 2021 09:00:37 +0000 Received: from list by lists.xenproject.org with outflank-mailman.173504.316570 (Exim 4.92) (envelope-from ) id 1mJXj3-0000ik-Cz; Fri, 27 Aug 2021 09:00:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 173504.316570; Fri, 27 Aug 2021 09:00:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJXj3-0000ic-9u; Fri, 27 Aug 2021 09:00:37 +0000 Received: by outflank-mailman (input) for mailman id 173504; Fri, 27 Aug 2021 09:00:36 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJXj2-0000iQ-3m for xen-changelog@lists.xenproject.org; Fri, 27 Aug 2021 09:00:36 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJXj2-0001SB-31 for xen-changelog@lists.xenproject.org; Fri, 27 Aug 2021 09:00:36 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mJXj2-0008TJ-20 for xen-changelog@lists.xenproject.org; Fri, 27 Aug 2021 09:00:36 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=vPdkobr8eujbbYn2ezS9vwVsxmB7UYqrbotVIWRIFds=; b=0oG8Rl+V9c2gQxmR2geZJNcU5u cu0EXXlWSijFLw1xmMIEl5QKiAuZ1NbJUPs7p+KTpubu0iL7ZTbKwtQQWHiyRZ7Gn6OyTEqR/rejA MZWfTqcrwooVdcIIlq7jAnwESiUAR7Io3z78sn6YaS/fxRHqAoG8fJeqLnTfr8lCCPds=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] gnttab: avoid triggering assertion in radix_tree_ulong_to_ptr() Message-Id: Date: Fri, 27 Aug 2021 09:00:36 +0000 commit b6da9d0414d69c2682214ee3ecf9816fcac500d0 Author: Jan Beulich AuthorDate: Fri Aug 27 10:54:46 2021 +0200 Commit: Jan Beulich CommitDate: Fri Aug 27 10:54:46 2021 +0200 gnttab: avoid triggering assertion in radix_tree_ulong_to_ptr() Relevant quotes from the C11 standard: "Except where explicitly stated otherwise, for the purposes of this subclause unnamed members of objects of structure and union type do not participate in initialization. Unnamed members of structure objects have indeterminate value even after initialization." "If there are fewer initializers in a brace-enclosed list than there are elements or members of an aggregate, [...], the remainder of the aggregate shall be initialized implicitly the same as objects that have static storage duration." "If an object that has static or thread storage duration is not initialized explicitly, then: [...] — if it is an aggregate, every member is initialized (recursively) according to these rules, and any padding is initialized to zero bits; [...]" "A bit-field declaration with no declarator, but only a colon and a width, indicates an unnamed bit-field." Footnote: "An unnamed bit-field structure member is useful for padding to conform to externally imposed layouts." "There may be unnamed padding within a structure object, but not at its beginning." Which makes me conclude: - Whether an unnamed bit-field member is an unnamed member or padding is unclear, and hence also whether the last quote above would render the big endian case of the structure declaration invalid. - Whether the number of members of an aggregate includes unnamed ones is also not really clear. - The initializer in map_grant_ref() initializes all fields of the "cnt" sub-structure of the union, so assuming the second quote above applies here (indirectly), the compiler isn't required to implicitly initialize the rest (i.e. in particular any padding) like would happen for static storage duration objects. Gcc 7.4.1 can be observed (apparently in debug builds only) to translate aforementioned initializer to a read-modify-write operation of a stack variable, leaving unchanged the top two bits of whatever was previously in that stack slot. Clearly if either of the two bits were set, radix_tree_ulong_to_ptr()'s assertion would trigger. Therefore, to be on the safe side, add an explicit padding field for the non-big-endian-bitfields case and give a dummy name to both padding fields. Fixes: 9781b51efde2 ("gnttab: replace mapkind()") Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- xen/common/grant_table.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 5190461053..b1930e2d8e 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -952,10 +952,13 @@ union maptrack_node { struct { /* Radix tree slot pointers use two of the bits. */ #ifdef __BIG_ENDIAN_BITFIELD - unsigned long : 2; + unsigned long _0 : 2; #endif unsigned long rd : BITS_PER_LONG / 2 - 1; unsigned long wr : BITS_PER_LONG / 2 - 1; +#ifndef __BIG_ENDIAN_BITFIELD + unsigned long _0 : 2; +#endif } cnt; unsigned long raw; }; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Aug 27 13:33:13 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 27 Aug 2021 13:33:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.173667.316840 (Exim 4.92) (envelope-from ) id 1mJbyk-00030j-CL; Fri, 27 Aug 2021 13:33:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 173667.316840; Fri, 27 Aug 2021 13:33:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJbyk-00030b-9Q; Fri, 27 Aug 2021 13:33:06 +0000 Received: by outflank-mailman (input) for mailman id 173667; Fri, 27 Aug 2021 13:33:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJbyj-00030V-5B for xen-changelog@lists.xenproject.org; Fri, 27 Aug 2021 13:33:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJbyj-00067N-3O for xen-changelog@lists.xenproject.org; Fri, 27 Aug 2021 13:33:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mJbyj-0003Dt-2Q for xen-changelog@lists.xenproject.org; Fri, 27 Aug 2021 13:33:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=UTLKVOuUgty18F0E2QX/SCcdmC3f7l9Fw9EbqRMtmLI=; b=ow9QjQp+sPDP3p9UFEpL5rM6oa M7i6B4u9bjUHcSM3n7nN79W3LWP2DLyaQMgbjpJjPE/z2IcUucNHAlT6s1sXVvweLhW3mvOKiAwZZ HH7KFVrd6CIzEVUeytVr6fQ1ro7tZKdhCVbOJ1UhAGxUUBCCjOiOm3zAjaIcDqBekZwQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/spec-ctrl: Skip RSB overwriting when safe to do so Message-Id: Date: Fri, 27 Aug 2021 13:33:05 +0000 commit afab477fba3b4de4ad3887c27677737b96488091 Author: Andrew Cooper AuthorDate: Thu Aug 19 13:53:15 2021 +0100 Commit: Andrew Cooper CommitDate: Fri Aug 27 14:19:02 2021 +0100 x86/spec-ctrl: Skip RSB overwriting when safe to do so In some configurations, it is safe to not overwrite the RSB on entry to Xen. Both Intel and AMD have guidelines in this area, because of the performance difference it makes for native kernels. A simple microperf test, measuring the amount of time a XENVER_version hypercall takes, shows the following improvements: KabyLake: -13.9175% +/- 6.85387% CoffeeLake-R: -9.1183% +/- 5.04519% Milan: -17.7803% +/- 1.29808% This is best case improvement, because no real workloads are making XENVER_version hypercalls in a tight loop. However, this is the hypercall used by PV kernels to force evtchn delivery if one is pending, so it is a common hypercall to see, especially in dom0. The avoidance of RSB-overwriting speeds up all interrupts, exceptions and system calls from PV or Xen context. RSB-overwriting is still required on VMExit from HVM guests for now. In terms of more realistic testing, LMBench in dom0 on an AMD Rome system shows improvements across the board, with the best improvement at 8% for simple syscall and simple write. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/spec_ctrl.c | 67 ++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 57 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 739b7913ff..750110e9df 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -33,7 +33,7 @@ /* Cmdline controls for Xen's alternative blocks. */ static bool __initdata opt_msr_sc_pv = true; static bool __initdata opt_msr_sc_hvm = true; -static bool __initdata opt_rsb_pv = true; +static int8_t __initdata opt_rsb_pv = -1; static bool __initdata opt_rsb_hvm = true; static int8_t __initdata opt_md_clear_pv = -1; static int8_t __initdata opt_md_clear_hvm = -1; @@ -554,6 +554,35 @@ static bool __init retpoline_safe(uint64_t caps) } } +/* + * https://software.intel.com/content/www/us/en/develop/articles/software-security-guidance/technical-documentation/retpoline-branch-target-injection-mitigation.html + * + * Silvermont and Airmont based cores are 64bit but only have a 32bit wide + * RSB, which impacts the safety of using SMEP to avoid RSB-overwriting. + */ +static bool __init rsb_is_full_width(void) +{ + if ( boot_cpu_data.x86_vendor != X86_VENDOR_INTEL || + boot_cpu_data.x86 != 6 ) + return true; + + switch ( boot_cpu_data.x86_model ) + { + case 0x37: /* Baytrail / Valleyview (Silvermont) */ + case 0x4a: /* Merrifield */ + case 0x4c: /* Cherrytrail / Brasswell */ + case 0x4d: /* Avaton / Rangely (Silvermont) */ + case 0x5a: /* Moorefield */ + case 0x5d: /* SoFIA 3G Granite/ES2.1 */ + case 0x65: /* SoFIA LTE AOSP */ + case 0x6e: /* Cougar Mountain */ + case 0x75: /* Lightning Mountain */ + return false; + } + + return true; +} + /* Calculate whether this CPU speculates past #NM */ static bool __init should_use_eager_fpu(void) { @@ -992,18 +1021,36 @@ void __init init_speculation_mitigations(void) default_xen_spec_ctrl |= SPEC_CTRL_SSBD; /* - * PV guests can poison the RSB to any virtual address from which - * they can execute a call instruction. This is necessarily outside - * of the Xen supervisor mappings. + * PV guests can create RSB entries for any linear address they control, + * which are outside of Xen's mappings. + * + * SMEP inhibits speculation to any user mappings, so in principle it is + * safe to not overwrite the RSB when SMEP is active. + * + * However, some caveats apply: + * + * 1) CALL instructions push the next sequential linear address into the + * RSB, meaning that there is a boundary case at the user=>supervisor + * split. This can be compensated for by having an unmapped or NX + * page, or an instruction which halts speculation. * - * With SMEP enabled, the processor won't speculate into user mappings. - * Therefore, in this case, we don't need to worry about poisoned entries - * from 64bit PV guests. + * For Xen, the next sequential linear address is the start of M2P + * (mapped NX), or a zapped hole (unmapped). * - * 32bit PV guest kernels run in ring 1, so use supervisor mappings. - * If a processors speculates to 32bit PV guest kernel mappings, it is - * speculating in 64bit supervisor mode, and can leak data. + * 2) 32bit PV kernels execute in Ring 1 and use supervisor mappings. + * SMEP offers no protection in this case. + * + * 3) Some CPUs have RSBs which are not full width, which allow the + * attacker's entries to alias Xen addresses. + * + * It is safe to turn off RSB stuffing when Xen is using SMEP itself, and + * 32bit PV guests are disabled, and when the RSB is full width. */ + BUILD_BUG_ON(RO_MPT_VIRT_START != PML4_ADDR(256)); + if ( opt_rsb_pv == -1 && boot_cpu_has(X86_FEATURE_XEN_SMEP) && + !opt_pv32 && rsb_is_full_width() ) + opt_rsb_pv = 0; + if ( opt_rsb_pv ) { setup_force_cpu_cap(X86_FEATURE_SC_RSB_PV); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Aug 27 14:22:09 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 27 Aug 2021 14:22:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.173728.316954 (Exim 4.92) (envelope-from ) id 1mJckA-0006HC-JH; Fri, 27 Aug 2021 14:22:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 173728.316954; Fri, 27 Aug 2021 14:22:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJckA-0006H4-GI; Fri, 27 Aug 2021 14:22:06 +0000 Received: by outflank-mailman (input) for mailman id 173728; Fri, 27 Aug 2021 14:22:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJck9-0006Gy-Kh for xen-changelog@lists.xenproject.org; Fri, 27 Aug 2021 14:22:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mJck9-00076e-J2 for xen-changelog@lists.xenproject.org; Fri, 27 Aug 2021 14:22:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mJck9-0002pX-Ht for xen-changelog@lists.xenproject.org; Fri, 27 Aug 2021 14:22:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=JGwGOjvssjPlklM1pJJkFwxPK8D+lWoEysGVSJnGZ0g=; b=sfM0i3IUM/TntBOkuMRG4pKCKk 9B8Czpx6DdvCnSucm0QkXrukTf2MAT0j44EGsF5C3Cw7ikMTrmKURJXxIQH+yjIVmN6Kksp03egOw HadbUNfBhtmulQPfkChuCAGPX85hXrNz+d5e7rjN5kix/cBP3B23diqR2oc3rFC6p65I=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/domain: Fix label position in domain_teardown() Message-Id: Date: Fri, 27 Aug 2021 14:22:05 +0000 commit 8064488062641ae505b2a7369611c38057a7788b Author: Andrew Cooper AuthorDate: Fri Aug 27 14:46:52 2021 +0100 Commit: Andrew Cooper CommitDate: Fri Aug 27 15:12:05 2021 +0100 xen/domain: Fix label position in domain_teardown() As explained in the comments, a progress label wants to be before the function it refers to for the higher level logic to make sense. As it happens, the effects are benign because gnttab_mappings is immediately adjacent to teardown in terms of co-routine exit points. There is and will always be a corner case with 0. Help alleviate this visually (at least slightly) with a BUILD_BUG_ON() to ensure the property which makes this function do anything useful. There is also a visual corner case when changing from PROGRESS() to PROGRESS_VCPU(). The important detail is to check that there is a "return rc;" logically between each PROGRESS*() marker. Fixes: b1ee10be5625 ("gnttab: add preemption check to gnttab_release_mappings()") Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/common/domain.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/xen/common/domain.c b/xen/common/domain.c index 14b1341e53..0d3385ad5a 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -419,11 +419,13 @@ static int domain_teardown(struct domain *d) }; case PROG_none: + BUILD_BUG_ON(PROG_none != 0); + + PROGRESS(gnttab_mappings): rc = gnttab_release_mappings(d); if ( rc ) return rc; - PROGRESS(gnttab_mappings): for_each_vcpu ( d, v ) { PROGRESS_VCPU(teardown); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Aug 30 13:22:13 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 30 Aug 2021 13:22:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.175081.319045 (Exim 4.92) (envelope-from ) id 1mKhEk-0005NM-49; Mon, 30 Aug 2021 13:22:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 175081.319045; Mon, 30 Aug 2021 13:22:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mKhEk-0005ND-12; Mon, 30 Aug 2021 13:22:06 +0000 Received: by outflank-mailman (input) for mailman id 175081; Mon, 30 Aug 2021 13:22:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mKhEj-0005N7-6A for xen-changelog@lists.xenproject.org; Mon, 30 Aug 2021 13:22:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mKhEj-0006a1-4N for xen-changelog@lists.xenproject.org; Mon, 30 Aug 2021 13:22:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mKhEj-0006CM-3B for xen-changelog@lists.xenproject.org; Mon, 30 Aug 2021 13:22:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=czNZAH5Ebm871z2EnKeEjJVce2TsmZVXgzg5RFSdd+Y=; b=ZVFr+dxUnfyR3bOOHiXzmcboeN soH99qlFhC//aArOYfOV0HqAsr0+q1qc52J6xHtw07MYEBHa6jNwSIImRw+LsHz+hCGcSvMFd59Xs 4qqsFywGF960VkcXoAWYSlPhNPml4ZUgGXKOGPxqOQcCZuThDqaxcH9ezkTNiuH8I99I=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] libxenguest/x86: ensure CPUID[1].EBX[32:16] is non-zero for HVM Message-Id: Date: Mon, 30 Aug 2021 13:22:05 +0000 commit daaf007eb3467f900a2e20fadbc4c6f3bfcaa356 Author: Jan Beulich AuthorDate: Mon Aug 30 15:19:31 2021 +0200 Commit: Jan Beulich CommitDate: Mon Aug 30 15:19:31 2021 +0200 libxenguest/x86: ensure CPUID[1].EBX[32:16] is non-zero for HVM We unconditionally set HTT, so merely doubling the value read from hardware isn't going to be correct if that value is zero. Reported-by: Julien Grall Signed-off-by: Jan Beulich Tested-by: Julien Grall Acked-by: Andrew Cooper --- tools/libs/guest/xg_cpuid_x86.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tools/libs/guest/xg_cpuid_x86.c b/tools/libs/guest/xg_cpuid_x86.c index 0c9c4fefc1..198892ebdf 100644 --- a/tools/libs/guest/xg_cpuid_x86.c +++ b/tools/libs/guest/xg_cpuid_x86.c @@ -594,7 +594,9 @@ int xc_cpuid_apply_policy(xc_interface *xch, uint32_t domid, bool restore, * Update to reflect vLAPIC_ID = vCPU_ID * 2, but make sure to avoid * overflow. */ - if ( !(p->basic.lppp & 0x80) ) + if ( !p->basic.lppp ) + p->basic.lppp = 2; + else if ( !(p->basic.lppp & 0x80) ) p->basic.lppp *= 2; switch ( p->x86_vendor ) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Aug 31 09:55:14 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 31 Aug 2021 09:55:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.175592.319816 (Exim 4.92) (envelope-from ) id 1mL0Ty-0003RP-EI; Tue, 31 Aug 2021 09:55:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 175592.319816; Tue, 31 Aug 2021 09:55:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mL0Ty-0003RH-BS; Tue, 31 Aug 2021 09:55:06 +0000 Received: by outflank-mailman (input) for mailman id 175592; Tue, 31 Aug 2021 09:55:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mL0Tx-0003RB-Df for xen-changelog@lists.xenproject.org; Tue, 31 Aug 2021 09:55:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mL0Tx-0002lA-3B for xen-changelog@lists.xenproject.org; Tue, 31 Aug 2021 09:55:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mL0Tx-00047C-1z for xen-changelog@lists.xenproject.org; Tue, 31 Aug 2021 09:55:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=YrqLilGKrSWBeYpKTThDiNMRqYpGmo46hQ+wAjb/XRo=; b=qTaSGKVoSgEPWHtf2B3mUXUVry 8iGVR7GR2AEaC+6Ft4SX+OCs+Bh4J+lKW+79y+wyeEYLCRQgCTCFQh876pDawwZhrmJ229Ow2Vqff EhruNC7rWTXXaW1kEKGlbnJFcdp+7BBavhv45qUjVYbU5gHIWy8/4yjKkzM8j3Os4oJE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.11] tools/firmware/ovmf: Use OvmfXen platform file is exist Message-Id: Date: Tue, 31 Aug 2021 09:55:05 +0000 commit e9bee143fd4248b004d1235c320bb0180a4c757f Author: Anthony PERARD AuthorDate: Tue Jun 1 11:28:03 2021 +0100 Commit: Ian Jackson CommitDate: Tue Aug 31 10:45:58 2021 +0100 tools/firmware/ovmf: Use OvmfXen platform file is exist A platform introduced in EDK II named OvmfXen is now the one to use for Xen instead of OvmfX64. It comes with PVH support. Also, the Xen support in OvmfX64 is deprecated, "deprecation notice: *dynamic* multi-VMM (QEMU vs. Xen) support in OvmfPkg" https://edk2.groups.io/g/devel/message/75498 Signed-off-by: Anthony PERARD Acked-by: Ian Jackson (cherry picked from commit aad7b5c11d51d57659978e04702ac970906894e8) (cherry picked from commit 7988ef515a5eabe74bb5468c8c692e03ee9db8bc) (cherry picked from commit 0aabe44d9c454c265b2bfc1030d58bd8f9ca8c94) (cherry picked from commit b335a5314f251c570f991376a1500737d3e02bb8) (cherry picked from commit 7dadebd8d2c8c2a42d0ff3f022a63d6225297058) --- tools/firmware/ovmf-makefile | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/tools/firmware/ovmf-makefile b/tools/firmware/ovmf-makefile index 55f9992145..637ee509c3 100644 --- a/tools/firmware/ovmf-makefile +++ b/tools/firmware/ovmf-makefile @@ -17,8 +17,14 @@ all: build .PHONY: build build: if test -e .git ; then $(GIT) submodule update --init --recursive ; fi - OvmfPkg/build.sh -a X64 -b $(TARGET) -n 4 - cp Build/OvmfX64/$(TARGET)_GCC*/FV/OVMF.fd ovmf.bin + set -ex; \ + if test -e OvmfPkg/OvmfXen.dsc; then \ + OvmfPkg/build.sh -a X64 -b $(TARGET) -n 4 -p OvmfPkg/OvmfXen.dsc; \ + cp Build/OvmfXen/$(TARGET)_GCC*/FV/OVMF.fd ovmf.bin; \ + else \ + OvmfPkg/build.sh -a X64 -b $(TARGET) -n 4; \ + cp Build/OvmfX64/$(TARGET)_GCC*/FV/OVMF.fd ovmf.bin; \ + fi .PHONY: clean clean: -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.11 From xen-changelog-bounces@lists.xenproject.org Tue Aug 31 11:04:54 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 31 Aug 2021 11:04:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.175626.319866 (Exim 4.92) (envelope-from ) id 1mL1ZP-0004jA-Rl; Tue, 31 Aug 2021 11:04:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 175626.319866; Tue, 31 Aug 2021 11:04:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mL1ZP-0004j3-OU; Tue, 31 Aug 2021 11:04:47 +0000 Received: by outflank-mailman (input) for mailman id 175626; Tue, 31 Aug 2021 11:04:46 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mL1ZO-0004ix-BZ for xen-changelog@lists.xenproject.org; Tue, 31 Aug 2021 11:04:46 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mL1ZO-00043M-7Q for xen-changelog@lists.xenproject.org; Tue, 31 Aug 2021 11:04:46 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mL1ZO-0001qg-6A for xen-changelog@lists.xenproject.org; Tue, 31 Aug 2021 11:04:46 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=meYEz09SnmE8Kv5wO1A0jXzQEgXkDu2JGb4MU+7YaJs=; b=5iXwnVn+qLV/JTo3r/0Xf5K4Fl QeRWfeix38AESQFsQG507ywFsf7GywU/5HQCacxJD+icFaeXJ1z2XYI9/OuQop6iuI5etbI+Sqcrm 6mfs2mwaItav1z6lI6AiOjDoiVur1zgY23Q/Rf2/HtGpgBLA2BZjdQz0Q6dh9D9HmS0c=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [qemu-xen staging] Merge tag 'v6.1.0' into 'staging' Message-Id: Date: Tue, 31 Aug 2021 11:04:46 +0000 === This changeset includes merge from high-traffic branch === Commits on that branch are not reported individually. commit 0e95e1df345bce95ac4d6b15c6ed1bf07659fac1 Merge: f9baca549e44791be0dd98de15add3d8452a8af0 136c34c9bc4179dc64b15b2bb5f0c54ca4ddf823 Author: Anthony PERARD AuthorDate: Tue Aug 31 11:48:55 2021 +0100 Commit: Anthony PERARD CommitDate: Tue Aug 31 11:48:55 2021 +0100 Merge tag 'v6.1.0' into 'staging' .cirrus.yml | 59 +- .github/lockdown.yml | 6 +- .gitignore | 2 + .gitlab-ci.d/buildtest-template.yml | 81 + .gitlab-ci.d/buildtest.yml | 724 + .gitlab-ci.d/cirrus.yml | 87 + .gitlab-ci.d/cirrus/README.rst | 54 + .gitlab-ci.d/cirrus/build.yml | 35 + .gitlab-ci.d/cirrus/freebsd-12.vars | 13 + .gitlab-ci.d/cirrus/freebsd-13.vars | 13 + .gitlab-ci.d/cirrus/macos-11.vars | 15 + .gitlab-ci.d/container-core.yml | 17 + .gitlab-ci.d/container-cross.yml | 192 + .gitlab-ci.d/container-template.yml | 21 + .gitlab-ci.d/containers.yml | 236 +- .gitlab-ci.d/crossbuild-template.yml | 47 + .gitlab-ci.d/crossbuilds.yml | 76 +- .gitlab-ci.d/custom-runners.yml | 238 + .gitlab-ci.d/edk2.yml | 29 +- .gitlab-ci.d/opensbi.yml | 30 +- .gitlab-ci.d/qemu-project.yml | 13 + .gitlab-ci.d/stages.yml | 8 + .gitlab-ci.d/static_checks.yml | 49 + .gitlab-ci.yml | 853 +- .gitlab/issue_templates/bug.md | 64 + .gitlab/issue_templates/feature_request.md | 32 + .mailmap | 5 + .patchew.yml | 9 +- .travis.yml | 12 +- Kconfig | 1 + MAINTAINERS | 294 +- Makefile | 14 +- README.rst | 6 +- VERSION | 2 +- accel/Kconfig | 3 + accel/accel-common.c | 34 +- accel/accel-softmmu.c | 2 +- accel/hvf/hvf-accel-ops.c | 471 + accel/hvf/hvf-all.c | 47 + accel/hvf/meson.build | 7 + accel/kvm/kvm-all.c | 625 +- accel/kvm/trace-events | 9 +- accel/meson.build | 1 + accel/qtest/meson.build | 8 +- accel/qtest/qtest.c | 2 + accel/stubs/kvm-stub.c | 1 - accel/stubs/tcg-stub.c | 1 - accel/tcg/atomic_common.c.inc | 107 +- accel/tcg/atomic_template.h | 142 +- accel/tcg/cpu-exec-common.c | 1 - accel/tcg/cpu-exec.c | 335 +- accel/tcg/cputlb.c | 349 +- accel/tcg/hmp.c | 29 + accel/tcg/internal.h | 2 + accel/tcg/meson.build | 6 +- accel/tcg/plugin-gen.c | 21 +- accel/tcg/plugin-helpers.h | 5 +- accel/tcg/tb-context.h | 42 + accel/tcg/tb-hash.h | 69 + accel/tcg/tcg-accel-ops-icount.c | 1 - accel/tcg/tcg-accel-ops-rr.c | 1 - accel/tcg/tcg-accel-ops.c | 2 +- accel/tcg/tcg-all.c | 33 +- accel/tcg/tcg-runtime-gvec.c | 36 +- accel/tcg/tcg-runtime.c | 22 - accel/tcg/tcg-runtime.h | 46 - accel/tcg/trace-events | 2 +- accel/tcg/translate-all.c | 485 +- accel/tcg/translator.c | 47 +- accel/tcg/user-exec-stub.c | 1 - accel/tcg/user-exec.c | 60 +- audio/alsaaudio.c | 10 +- audio/audio.c | 25 +- audio/audio_int.h | 2 + audio/coreaudio.c | 150 +- audio/jackaudio.c | 3 +- audio/paaudio.c | 10 +- audio/spiceaudio.c | 2 + audio/trace-events | 2 +- authz/meson.build | 2 +- authz/trace-events | 2 +- backends/cryptodev-vhost.c | 5 +- backends/hostmem-file.c | 12 +- backends/hostmem-memfd.c | 9 +- backends/hostmem-ram.c | 7 +- backends/hostmem.c | 37 +- backends/tpm/tpm_emulator.c | 34 +- backends/tpm/trace-events | 2 +- backends/trace-events | 2 +- backends/vhost-user.c | 4 +- block.c | 1707 +- block/backup-top.c | 48 +- block/backup.c | 2 +- block/blkdebug.c | 136 +- block/block-backend.c | 76 +- block/block-copy.c | 388 +- block/commit.c | 28 +- block/copy-on-read.c | 33 +- block/coroutines.h | 6 + block/dirty-bitmap.c | 2 +- block/export/export.c | 5 +- block/export/fuse.c | 129 +- block/export/vhost-user-blk-server.c | 9 +- block/file-posix.c | 293 +- block/io.c | 65 +- block/io_uring.c | 16 +- block/iscsi-opts.c | 1 + block/linux-aio.c | 9 +- block/meson.build | 22 +- block/mirror.c | 22 +- block/monitor/block-hmp-cmds.c | 31 +- block/nbd.c | 573 +- block/nfs.c | 5 +- block/nvme.c | 22 + block/progress_meter.c | 64 + block/qapi.c | 13 +- block/qcow2-snapshot.c | 2 +- block/qcow2.c | 48 +- block/quorum.c | 2 +- block/rbd.c | 781 +- block/replication.c | 120 +- block/sheepdog.c | 3356 --- block/snapshot.c | 16 +- block/ssh.c | 66 +- block/trace-events | 17 +- block/vhdx-log.c | 2 +- block/vvfat.c | 53 +- block/write-threshold.c | 91 +- blockdev-nbd.c | 6 +- blockdev.c | 84 +- blockjob.c | 60 +- bsd-user/bsdload.c | 59 +- bsd-user/elfload.c | 328 +- bsd-user/i386/target_signal.h | 20 - bsd-user/main.c | 296 +- bsd-user/mmap.c | 22 +- bsd-user/qemu.h | 131 +- bsd-user/signal.c | 1 - bsd-user/sparc/target_signal.h | 27 - bsd-user/sparc64/target_signal.h | 27 - bsd-user/strace.c | 8 - bsd-user/syscall.c | 25 +- bsd-user/uaccess.c | 2 +- bsd-user/x86_64/target_signal.h | 19 - chardev/baum.c | 1 + chardev/char-fd.c | 119 +- chardev/char-fe.c | 2 +- chardev/char-mux.c | 1 - chardev/char-socket.c | 22 +- chardev/char.c | 27 +- chardev/spice.c | 5 + chardev/trace-events | 2 +- configs/devices/aarch64-softmmu/default.mak | 8 + configs/devices/aarch64-softmmu/minimal.mak | 9 + configs/devices/alpha-softmmu/default.mak | 10 + configs/devices/arm-softmmu/default.mak | 44 + configs/devices/avr-softmmu/default.mak | 5 + configs/devices/cris-softmmu/default.mak | 5 + configs/devices/hppa-softmmu/default.mak | 9 + configs/devices/i386-softmmu/default.mak | 31 + configs/devices/m68k-softmmu/default.mak | 11 + configs/devices/microblaze-softmmu/default.mak | 7 + configs/devices/microblazeel-softmmu/default.mak | 3 + configs/devices/mips-softmmu/common.mak | 41 + configs/devices/mips-softmmu/default.mak | 3 + configs/devices/mips64-softmmu/default.mak | 4 + configs/devices/mips64el-softmmu/default.mak | 11 + configs/devices/mipsel-softmmu/default.mak | 3 + configs/devices/nios2-softmmu/default.mak | 8 + configs/devices/or1k-softmmu/default.mak | 5 + configs/devices/ppc-softmmu/default.mak | 19 + configs/devices/ppc64-softmmu/default.mak | 10 + configs/devices/riscv32-softmmu/default.mak | 15 + configs/devices/riscv64-softmmu/default.mak | 16 + configs/devices/rx-softmmu/default.mak | 3 + configs/devices/s390x-softmmu/default.mak | 13 + configs/devices/sh4-softmmu/default.mak | 11 + configs/devices/sh4eb-softmmu/default.mak | 3 + configs/devices/sparc-softmmu/default.mak | 11 + configs/devices/sparc64-softmmu/default.mak | 12 + configs/devices/tricore-softmmu/default.mak | 2 + configs/devices/x86_64-softmmu/default.mak | 3 + configs/devices/xtensa-softmmu/default.mak | 9 + configs/devices/xtensaeb-softmmu/default.mak | 3 + configs/targets/aarch64-linux-user.mak | 5 + configs/targets/aarch64-softmmu.mak | 5 + configs/targets/aarch64_be-linux-user.mak | 6 + configs/targets/alpha-linux-user.mak | 4 + configs/targets/alpha-softmmu.mak | 3 + configs/targets/arm-linux-user.mak | 6 + configs/targets/arm-softmmu.mak | 4 + configs/targets/armeb-linux-user.mak | 7 + configs/targets/avr-softmmu.mak | 2 + configs/targets/cris-linux-user.mak | 1 + configs/targets/cris-softmmu.mak | 1 + configs/targets/hexagon-linux-user.mak | 1 + configs/targets/hppa-linux-user.mak | 5 + configs/targets/hppa-softmmu.mak | 4 + configs/targets/i386-bsd-user.mak | 2 + configs/targets/i386-linux-user.mak | 4 + configs/targets/i386-softmmu.mak | 3 + configs/targets/m68k-linux-user.mak | 6 + configs/targets/m68k-softmmu.mak | 3 + configs/targets/microblaze-linux-user.mak | 5 + configs/targets/microblaze-softmmu.mak | 4 + configs/targets/microblazeel-linux-user.mak | 4 + configs/targets/microblazeel-softmmu.mak | 3 + configs/targets/mips-linux-user.mak | 6 + configs/targets/mips-softmmu.mak | 4 + configs/targets/mips64-linux-user.mak | 7 + configs/targets/mips64-softmmu.mak | 4 + configs/targets/mips64el-linux-user.mak | 6 + configs/targets/mips64el-softmmu.mak | 4 + configs/targets/mipsel-linux-user.mak | 5 + configs/targets/mipsel-softmmu.mak | 3 + configs/targets/mipsn32-linux-user.mak | 8 + configs/targets/mipsn32el-linux-user.mak | 7 + configs/targets/nios2-linux-user.mak | 1 + configs/targets/nios2-softmmu.mak | 1 + configs/targets/or1k-linux-user.mak | 2 + configs/targets/or1k-softmmu.mak | 2 + configs/targets/ppc-linux-user.mak | 5 + configs/targets/ppc-softmmu.mak | 4 + configs/targets/ppc64-linux-user.mak | 7 + configs/targets/ppc64-softmmu.mak | 6 + configs/targets/ppc64abi32-linux-user.mak | 8 + configs/targets/ppc64le-linux-user.mak | 6 + configs/targets/riscv32-linux-user.mak | 5 + configs/targets/riscv32-softmmu.mak | 5 + configs/targets/riscv64-linux-user.mak | 5 + configs/targets/riscv64-softmmu.mak | 5 + configs/targets/rx-softmmu.mak | 3 + configs/targets/s390x-linux-user.mak | 5 + configs/targets/s390x-softmmu.mak | 4 + configs/targets/sh4-linux-user.mak | 5 + configs/targets/sh4-softmmu.mak | 2 + configs/targets/sh4eb-linux-user.mak | 6 + configs/targets/sh4eb-softmmu.mak | 3 + configs/targets/sparc-linux-user.mak | 5 + configs/targets/sparc-softmmu.mak | 3 + configs/targets/sparc32plus-linux-user.mak | 8 + configs/targets/sparc64-linux-user.mak | 7 + configs/targets/sparc64-softmmu.mak | 4 + configs/targets/tricore-softmmu.mak | 1 + configs/targets/x86_64-bsd-user.mak | 3 + configs/targets/x86_64-linux-user.mak | 5 + configs/targets/x86_64-softmmu.mak | 4 + configs/targets/xtensa-linux-user.mak | 4 + configs/targets/xtensa-softmmu.mak | 2 + configs/targets/xtensaeb-linux-user.mak | 5 + configs/targets/xtensaeb-softmmu.mak | 3 + configure | 2032 +- contrib/gitdm/aliases | 6 + contrib/gitdm/domain-map | 7 + contrib/gitdm/group-map-academics | 3 + contrib/gitdm/group-map-individuals | 5 + contrib/gitdm/group-map-interns | 13 + contrib/gitdm/group-map-netflix | 5 + contrib/gitdm/group-map-robots | 7 + contrib/plugins/Makefile | 4 +- contrib/plugins/cache.c | 640 + contrib/plugins/execlog.c | 153 + contrib/vhost-user-gpu/meson.build | 2 +- contrib/vhost-user-gpu/vhost-user-gpu.c | 29 +- contrib/vhost-user-gpu/virgl.c | 20 +- contrib/vhost-user-gpu/vugpu.h | 2 +- contrib/vhost-user-input/main.c | 8 +- cpu.c | 68 +- crypto/cipher-builtin.c.inc | 132 - crypto/cipher-gcrypt.c.inc | 143 +- crypto/cipher-gnutls.c.inc | 335 + crypto/cipher-nettle.c.inc | 117 +- crypto/cipher.c | 30 +- crypto/desrfb.c | 416 - crypto/hash-gnutls.c | 104 + crypto/hash-nettle.c | 10 +- crypto/hmac-gnutls.c | 139 + crypto/hmac-nettle.c | 12 +- crypto/init.c | 62 - crypto/meson.build | 49 +- crypto/pbkdf-gnutls.c | 90 + crypto/tls-cipher-suites.c | 7 + crypto/tlscreds.c | 12 + crypto/tlscredsanon.c | 2 + crypto/tlscredspriv.h | 45 + crypto/tlscredspsk.c | 2 + crypto/tlscredsx509.c | 3 +- crypto/tlssession.c | 1 + crypto/trace-events | 2 +- default-configs/devices/aarch64-softmmu.mak | 8 - default-configs/devices/alpha-softmmu.mak | 10 - default-configs/devices/arm-softmmu.mak | 46 - default-configs/devices/avr-softmmu.mak | 5 - default-configs/devices/cris-softmmu.mak | 5 - default-configs/devices/hppa-softmmu.mak | 9 - default-configs/devices/i386-softmmu.mak | 31 - default-configs/devices/lm32-softmmu.mak | 12 - default-configs/devices/m68k-softmmu.mak | 11 - default-configs/devices/microblaze-softmmu.mak | 7 - default-configs/devices/microblazeel-softmmu.mak | 3 - default-configs/devices/mips-softmmu-common.mak | 41 - default-configs/devices/mips-softmmu.mak | 3 - default-configs/devices/mips64-softmmu.mak | 4 - default-configs/devices/mips64el-softmmu.mak | 15 - default-configs/devices/mipsel-softmmu.mak | 3 - default-configs/devices/moxie-softmmu.mak | 5 - default-configs/devices/nios2-softmmu.mak | 8 - default-configs/devices/or1k-softmmu.mak | 5 - default-configs/devices/ppc-softmmu.mak | 18 - default-configs/devices/ppc64-softmmu.mak | 11 - default-configs/devices/riscv32-softmmu.mak | 15 - default-configs/devices/riscv64-softmmu.mak | 15 - default-configs/devices/rx-softmmu.mak | 3 - default-configs/devices/s390x-softmmu.mak | 13 - default-configs/devices/sh4-softmmu.mak | 11 - default-configs/devices/sh4eb-softmmu.mak | 3 - default-configs/devices/sparc-softmmu.mak | 11 - default-configs/devices/sparc64-softmmu.mak | 12 - default-configs/devices/tricore-softmmu.mak | 1 - default-configs/devices/unicore32-softmmu.mak | 6 - default-configs/devices/x86_64-softmmu.mak | 3 - default-configs/devices/xtensa-softmmu.mak | 9 - default-configs/devices/xtensaeb-softmmu.mak | 3 - default-configs/targets/aarch64-linux-user.mak | 5 - default-configs/targets/aarch64-softmmu.mak | 5 - default-configs/targets/aarch64_be-linux-user.mak | 6 - default-configs/targets/alpha-linux-user.mak | 4 - default-configs/targets/alpha-softmmu.mak | 3 - default-configs/targets/arm-linux-user.mak | 6 - default-configs/targets/arm-softmmu.mak | 4 - default-configs/targets/armeb-linux-user.mak | 7 - default-configs/targets/avr-softmmu.mak | 2 - default-configs/targets/cris-linux-user.mak | 1 - default-configs/targets/cris-softmmu.mak | 1 - default-configs/targets/hexagon-linux-user.mak | 1 - default-configs/targets/hppa-linux-user.mak | 5 - default-configs/targets/hppa-softmmu.mak | 4 - default-configs/targets/i386-bsd-user.mak | 2 - default-configs/targets/i386-linux-user.mak | 4 - default-configs/targets/i386-softmmu.mak | 3 - default-configs/targets/lm32-softmmu.mak | 2 - default-configs/targets/m68k-linux-user.mak | 6 - default-configs/targets/m68k-softmmu.mak | 3 - default-configs/targets/microblaze-linux-user.mak | 5 - default-configs/targets/microblaze-softmmu.mak | 4 - .../targets/microblazeel-linux-user.mak | 4 - default-configs/targets/microblazeel-softmmu.mak | 3 - default-configs/targets/mips-linux-user.mak | 6 - default-configs/targets/mips-softmmu.mak | 4 - default-configs/targets/mips64-linux-user.mak | 7 - default-configs/targets/mips64-softmmu.mak | 4 - default-configs/targets/mips64el-linux-user.mak | 6 - default-configs/targets/mips64el-softmmu.mak | 4 - default-configs/targets/mipsel-linux-user.mak | 5 - default-configs/targets/mipsel-softmmu.mak | 3 - default-configs/targets/mipsn32-linux-user.mak | 8 - default-configs/targets/mipsn32el-linux-user.mak | 7 - default-configs/targets/moxie-softmmu.mak | 2 - default-configs/targets/nios2-linux-user.mak | 1 - default-configs/targets/nios2-softmmu.mak | 1 - default-configs/targets/or1k-linux-user.mak | 2 - default-configs/targets/or1k-softmmu.mak | 2 - default-configs/targets/ppc-linux-user.mak | 5 - default-configs/targets/ppc-softmmu.mak | 4 - default-configs/targets/ppc64-linux-user.mak | 7 - default-configs/targets/ppc64-softmmu.mak | 6 - default-configs/targets/ppc64abi32-linux-user.mak | 8 - default-configs/targets/ppc64le-linux-user.mak | 6 - default-configs/targets/riscv32-linux-user.mak | 5 - default-configs/targets/riscv32-softmmu.mak | 5 - default-configs/targets/riscv64-linux-user.mak | 5 - default-configs/targets/riscv64-softmmu.mak | 5 - default-configs/targets/rx-softmmu.mak | 3 - default-configs/targets/s390x-linux-user.mak | 5 - default-configs/targets/s390x-softmmu.mak | 4 - default-configs/targets/sh4-linux-user.mak | 5 - default-configs/targets/sh4-softmmu.mak | 2 - default-configs/targets/sh4eb-linux-user.mak | 6 - default-configs/targets/sh4eb-softmmu.mak | 3 - default-configs/targets/sparc-bsd-user.mak | 3 - default-configs/targets/sparc-linux-user.mak | 5 - default-configs/targets/sparc-softmmu.mak | 3 - default-configs/targets/sparc32plus-linux-user.mak | 8 - default-configs/targets/sparc64-bsd-user.mak | 4 - default-configs/targets/sparc64-linux-user.mak | 6 - default-configs/targets/sparc64-softmmu.mak | 4 - default-configs/targets/tricore-softmmu.mak | 1 - default-configs/targets/unicore32-softmmu.mak | 1 - default-configs/targets/x86_64-bsd-user.mak | 3 - default-configs/targets/x86_64-linux-user.mak | 5 - default-configs/targets/x86_64-softmmu.mak | 4 - default-configs/targets/xtensa-linux-user.mak | 5 - default-configs/targets/xtensa-softmmu.mak | 3 - default-configs/targets/xtensaeb-linux-user.mak | 6 - default-configs/targets/xtensaeb-softmmu.mak | 4 - disas.c | 1 - disas/arm-a64.cc | 2 - disas/hexagon.c | 3 +- disas/libvixl/vixl/code-buffer.h | 2 +- disas/libvixl/vixl/globals.h | 16 +- disas/libvixl/vixl/invalset.h | 2 +- disas/libvixl/vixl/platform.h | 2 + disas/libvixl/vixl/utils.cc | 2 +- disas/libvixl/vixl/utils.h | 2 +- disas/lm32.c | 361 - disas/meson.build | 2 - disas/moxie.c | 360 - disas/nanomips.cpp | 2 - docs/_templates/editpage.html | 5 - docs/_templates/footer.html | 14 + docs/about/build-platforms.rst | 62 + docs/about/deprecated.rst | 339 + docs/about/index.rst | 27 + docs/about/license.rst | 11 + docs/about/removed-features.rst | 713 + docs/amd-memory-encryption.txt | 89 +- docs/barrier.txt | 370 - docs/bootindex.txt | 52 - docs/bypass-iommu.txt | 89 + docs/ccid.txt | 15 +- docs/conf.py | 55 +- docs/devel/_templates/editpage.html | 5 - docs/devel/build-system.rst | 167 +- docs/devel/ci.rst | 167 + docs/devel/control-flow-integrity.rst | 4 +- docs/devel/decodetree.rst | 11 +- docs/devel/ebpf_rss.rst | 125 + docs/devel/index.rst | 14 +- docs/devel/kconfig.rst | 2 +- docs/devel/lockcnt.txt | 2 +- docs/devel/migration.rst | 36 +- docs/devel/modules.rst | 5 + docs/devel/multi-thread-tcg.rst | 5 +- docs/devel/qapi-code-gen.rst | 1986 ++ docs/devel/qapi-code-gen.txt | 1897 -- docs/devel/qgraph.rst | 66 +- docs/devel/qom.rst | 8 + docs/devel/secure-coding-practices.rst | 9 + docs/devel/tcg-plugins.rst | 100 +- docs/devel/tcg.rst | 103 +- docs/devel/testing.rst | 116 +- docs/devel/ui.rst | 8 + docs/devel/vfio-migration.rst | 150 + docs/devel/writing-qmp-commands.rst | 622 + docs/devel/writing-qmp-commands.txt | 597 - docs/hyperv.txt | 9 +- docs/index.rst | 1 + docs/interop/_templates/editpage.html | 5 - docs/interop/barrier.rst | 426 + docs/interop/firmware.json | 47 +- docs/interop/index.rst | 10 +- docs/interop/live-block-operations.rst | 32 +- docs/interop/qemu-ga-ref.rst | 10 +- docs/interop/qemu-qmp-ref.rst | 10 +- docs/interop/qemu-storage-daemon-qmp-ref.rst | 10 +- docs/interop/vhost-user-gpu.rst | 7 +- docs/interop/vhost-user.rst | 14 +- docs/meson.build | 8 +- docs/pcie_pci_bridge.txt | 6 +- docs/specs/_templates/editpage.html | 5 - docs/specs/index.rst | 7 +- docs/sphinx-static/theme_overrides.css | 161 + docs/sphinx/qapidoc.py | 3 +- docs/system/_templates/editpage.html | 5 - docs/system/arm/aspeed.rst | 7 +- docs/system/arm/cpu-features.rst | 131 +- docs/system/arm/cubieboard.rst | 16 + docs/system/arm/emcraft-sf2.rst | 15 + docs/system/arm/emulation.rst | 103 + docs/system/arm/highbank.rst | 19 + docs/system/arm/imx25-pdk.rst | 19 + docs/system/arm/kzm.rst | 18 + docs/system/arm/mainstone.rst | 25 + docs/system/arm/mps2.rst | 10 + docs/system/arm/nrf.rst | 51 + docs/system/arm/nuvoton.rst | 13 +- docs/system/arm/sabrelite.rst | 2 +- docs/system/arm/sbsa.rst | 6 +- docs/system/arm/stm32.rst | 66 + docs/system/arm/virt.rst | 2 +- docs/system/authz.rst | 263 + docs/system/barrier.rst | 44 + docs/system/bootindex.rst | 76 + docs/system/build-platforms.rst | 62 - docs/system/cpu-hotplug.rst | 2 +- docs/system/cpu-models-x86-abi.csv | 67 + docs/system/cpu-models-x86.rst.inc | 24 +- docs/system/deprecated.rst | 386 - docs/system/device-emulation.rst | 90 + docs/system/device-url-syntax.rst.inc | 18 - docs/system/devices/ivshmem.rst | 64 + docs/system/devices/net.rst | 100 + docs/system/devices/nvme.rst | 237 + docs/system/devices/usb.rst | 351 + docs/system/devices/vhost-user.rst | 59 + docs/system/devices/virtio-pmem.rst | 76 + docs/system/generic-loader.rst | 13 +- docs/system/guest-loader.rst | 6 +- docs/system/index.rst | 21 +- docs/system/ivshmem.rst | 64 - docs/system/license.rst | 11 - docs/system/net.rst | 100 - docs/system/nvme.rst | 225 - docs/system/ppc/powernv.rst | 8 +- docs/system/ppc/ppce500.rst | 164 + docs/system/qemu-block-drivers.rst.inc | 69 - docs/system/removed-features.rst | 463 - docs/system/riscv/microchip-icicle-kit.rst | 92 +- docs/system/riscv/shakti-c.rst | 82 + docs/system/riscv/sifive_u.rst | 77 +- docs/system/riscv/virt.rst | 138 + docs/system/s390x/protvirt.rst | 12 +- docs/system/secrets.rst | 162 + docs/system/target-arm.rst | 14 + docs/system/target-ppc.rst | 1 + docs/system/target-riscv.rst | 15 +- docs/system/usb.rst | 140 - docs/system/virtio-pmem.rst | 76 - docs/system/vnc-security.rst | 7 +- docs/tools/_templates/editpage.html | 5 - docs/tools/index.rst | 7 +- docs/tools/qemu-img.rst | 56 +- docs/tools/virtiofsd.rst | 80 +- docs/usb-storage.txt | 59 - docs/usb2.txt | 172 - docs/user/_templates/editpage.html | 5 - docs/user/index.rst | 7 +- dump/dump.c | 1 - dump/win_dump.c | 1 - ebpf/ebpf_rss-stub.c | 40 + ebpf/ebpf_rss.c | 165 + ebpf/ebpf_rss.h | 44 + ebpf/meson.build | 1 + ebpf/rss.bpf.skeleton.h | 431 + ebpf/trace-events | 4 + ebpf/trace.h | 1 + fpu/meson.build | 1 + fpu/softfloat-parts-addsub.c.inc | 62 + fpu/softfloat-parts.c.inc | 1492 ++ fpu/softfloat-specialize.c.inc | 444 +- fpu/softfloat.c | 7978 ++---- gdbstub.c | 344 +- gitdm.config | 13 +- hmp-commands-info.hx | 29 +- hmp-commands.hx | 22 +- hw/9pfs/9p-local.c | 5 + hw/9pfs/9p-posix-acl.c | 5 + hw/9pfs/9p-proxy.c | 5 + hw/9pfs/9p-synth.c | 5 + hw/9pfs/9p-util.c | 5 + hw/9pfs/9p-xattr-user.c | 5 + hw/9pfs/9p-xattr.c | 5 + hw/9pfs/9p.c | 142 +- hw/9pfs/9p.h | 2 +- hw/9pfs/codir.c | 5 + hw/9pfs/cofile.c | 5 + hw/9pfs/cofs.c | 5 + hw/9pfs/coth.c | 5 + hw/9pfs/coxattr.c | 5 + hw/9pfs/trace-events | 2 +- hw/9pfs/virtio-9p-device.c | 5 + hw/9pfs/xen-9p-backend.c | 5 + hw/Kconfig | 5 +- hw/acpi/Kconfig | 4 + hw/acpi/acpi-x86-stub.c | 6 + hw/acpi/aml-build.c | 17 +- hw/acpi/cpu.c | 1 - hw/acpi/generic_event_device.c | 3 +- hw/acpi/ghes-stub.c | 22 + hw/acpi/ghes.c | 17 + hw/acpi/ich9.c | 71 +- hw/acpi/memory_hotplug.c | 1 - hw/acpi/meson.build | 9 +- hw/acpi/pcihp.c | 27 +- hw/acpi/piix4.c | 5 +- hw/acpi/tpm.c | 2 +- hw/acpi/trace-events | 2 +- hw/adc/Kconfig | 3 + hw/adc/max111x.c | 236 + hw/adc/meson.build | 2 + hw/adc/trace-events | 2 +- hw/adc/zynq-xadc.c | 305 + hw/alpha/Kconfig | 4 +- hw/alpha/alpha_sys.h | 4 +- hw/alpha/dp264.c | 60 +- hw/alpha/trace-events | 2 +- hw/alpha/typhoon.c | 22 +- hw/arm/Kconfig | 24 +- hw/arm/allwinner-a10.c | 2 - hw/arm/allwinner-h3.c | 2 - hw/arm/armsse.c | 35 +- hw/arm/armv7m.c | 9 +- hw/arm/aspeed.c | 162 +- hw/arm/aspeed_ast2600.c | 25 +- hw/arm/aspeed_soc.c | 26 +- hw/arm/bcm2835_peripherals.c | 13 +- hw/arm/bcm2836.c | 1 - hw/arm/boot.c | 10 +- hw/arm/cubieboard.c | 4 - hw/arm/digic_boards.c | 3 - hw/arm/exynos4210.c | 1 - hw/arm/exynos4_boards.c | 2 - hw/arm/fsl-imx25.c | 2 - hw/arm/fsl-imx31.c | 1 - hw/arm/highbank.c | 3 +- hw/arm/imx25_pdk.c | 7 +- hw/arm/kzm.c | 1 - hw/arm/mcimx6ul-evk.c | 3 +- hw/arm/mcimx7d-sabre.c | 3 +- hw/arm/meson.build | 2 + hw/arm/mps2-tz.c | 147 +- hw/arm/msf2-soc.c | 1 - hw/arm/msf2-som.c | 1 - hw/arm/musicpal.c | 2 - hw/arm/npcm7xx.c | 1 - hw/arm/npcm7xx_boards.c | 113 +- hw/arm/nrf51_soc.c | 2 - hw/arm/nseries.c | 8 +- hw/arm/omap1.c | 1 - hw/arm/omap2.c | 1 - hw/arm/orangepi.c | 3 - hw/arm/palm.c | 1 - hw/arm/pxa2xx.c | 2 +- hw/arm/pxa2xx_pic.c | 2 +- hw/arm/raspi.c | 2 - hw/arm/realview.c | 1 - hw/arm/sabrelite.c | 3 +- hw/arm/sbsa-ref.c | 8 - hw/arm/smmu-common.c | 1 - hw/arm/smmuv3-internal.h | 2 +- hw/arm/smmuv3.c | 57 +- hw/arm/spitz.c | 10 +- hw/arm/stellaris.c | 57 +- hw/arm/stm32f100_soc.c | 182 + hw/arm/stm32vldiscovery.c | 66 + hw/arm/strongarm.c | 3 +- hw/arm/sysbus-fdt.c | 4 + hw/arm/trace-events | 2 +- hw/arm/versatilepb.c | 1 - hw/arm/vexpress.c | 1 - hw/arm/virt-acpi-build.c | 120 +- hw/arm/virt.c | 50 +- hw/arm/xilinx_zynq.c | 5 +- hw/arm/xlnx-versal-virt.c | 2 - hw/arm/xlnx-versal.c | 1 - hw/arm/xlnx-zcu102.c | 1 - hw/arm/xlnx-zynqmp.c | 2 - hw/arm/z2.c | 4 +- hw/audio/adlib.c | 3 +- hw/audio/meson.build | 1 - hw/audio/milkymist-ac97.c | 360 - hw/audio/sb16.c | 23 +- hw/audio/trace-events | 14 +- hw/avr/arduino.c | 1 - hw/avr/atmega.c | 3 +- hw/block/Kconfig | 17 +- hw/block/block.c | 42 +- hw/block/dataplane/trace-events | 2 +- hw/block/dataplane/virtio-blk.c | 52 +- hw/block/ecc.c | 2 +- hw/block/fdc-internal.h | 158 + hw/block/fdc-isa.c | 320 + hw/block/fdc-sysbus.c | 251 + hw/block/fdc.c | 621 +- hw/block/m25p80.c | 2 + hw/block/meson.build | 3 +- hw/block/nvme-dif.c | 518 - hw/block/nvme-dif.h | 63 - hw/block/nvme-ns.c | 594 - hw/block/nvme-ns.h | 229 - hw/block/nvme-subsys.c | 91 - hw/block/nvme-subsys.h | 59 - hw/block/nvme.c | 6363 ----- hw/block/nvme.h | 266 - hw/block/pflash_cfi02.c | 10 +- hw/block/trace-events | 211 +- hw/block/vhost-user-blk.c | 168 +- hw/block/virtio-blk.c | 2 +- hw/char/Kconfig | 1 + hw/char/cadence_uart.c | 2 +- hw/char/cmsdk-apb-uart.c | 2 +- hw/char/ibex_uart.c | 40 +- hw/char/lm32_juart.c | 166 - hw/char/lm32_uart.c | 314 - hw/char/mchp_pfsoc_mmuart.c | 1 - hw/char/meson.build | 4 +- hw/char/milkymist-uart.c | 258 - hw/char/nrf51_uart.c | 2 +- hw/char/riscv_htif.c | 1 - hw/char/serial.c | 2 +- hw/char/shakti_uart.c | 185 + hw/char/sifive_uart.c | 154 +- hw/char/spapr_vty.c | 1 - hw/char/trace-events | 23 +- hw/char/virtio-console.c | 2 +- hw/char/virtio-serial-bus.c | 1 - hw/core/cpu-common.c | 313 + hw/core/cpu-sysemu.c | 145 + hw/core/cpu.c | 438 - hw/core/generic-loader.c | 1 - hw/core/guest-loader.c | 1 - hw/core/loader.c | 1 - hw/core/machine-hmp-cmds.c | 6 + hw/core/machine-qmp-cmds.c | 10 +- hw/core/machine.c | 199 +- hw/core/meson.build | 3 +- hw/core/null-machine.c | 1 - hw/core/numa.c | 87 +- hw/cris/axis_dev88.c | 1 - hw/display/Kconfig | 4 - hw/display/ati.c | 2 +- hw/display/edid-generate.c | 214 +- hw/display/g364fb.c | 32 +- hw/display/macfb.c | 1 + hw/display/meson.build | 22 +- hw/display/milkymist-tmu2.c | 551 - hw/display/milkymist-vgafb.c | 360 - hw/display/milkymist-vgafb_template.h | 74 - hw/display/next-fb.c | 2 - hw/display/qxl.c | 49 +- hw/display/qxl.h | 1 - hw/display/sm501.c | 16 +- hw/display/trace-events | 14 +- hw/display/vga-pci.c | 2 +- hw/display/vga.c | 5 +- hw/display/vhost-user-gpu-pci.c | 1 + hw/display/vhost-user-gpu.c | 7 +- hw/display/vhost-user-vga.c | 1 + hw/display/virtio-gpu-3d.c | 628 - hw/display/virtio-gpu-base.c | 10 +- hw/display/virtio-gpu-gl.c | 171 + hw/display/virtio-gpu-pci-gl.c | 58 + hw/display/virtio-gpu-pci.c | 2 + hw/display/virtio-gpu-udmabuf.c | 223 + hw/display/virtio-gpu-virgl.c | 634 + hw/display/virtio-gpu.c | 632 +- hw/display/virtio-vga-gl.c | 50 + hw/display/virtio-vga.c | 2 + hw/display/xlnx_dp.c | 2 +- hw/dma/meson.build | 1 - hw/dma/pl080.c | 1 - hw/dma/puv3_dma.c | 119 - hw/dma/pxa2xx_dma.c | 4 +- hw/dma/sifive_pdma.c | 1 - hw/dma/trace-events | 2 +- hw/dma/xlnx_csu_dma.c | 1 - hw/gpio/aspeed_gpio.c | 7 +- hw/gpio/gpio_pwr.c | 2 +- hw/gpio/meson.build | 1 - hw/gpio/pl061.c | 345 +- hw/gpio/puv3_gpio.c | 154 - hw/gpio/trace-events | 11 +- hw/hppa/dino.c | 2 - hw/hppa/lasi.c | 3 - hw/hppa/machine.c | 1 - hw/hppa/trace-events | 2 +- hw/hyperv/vmbus.c | 20 +- hw/i2c/Kconfig | 8 + hw/i2c/aspeed_i2c.c | 5 +- hw/i2c/core.c | 131 +- hw/i2c/i2c_mux_pca954x.c | 290 + hw/i2c/imx_i2c.c | 2 +- hw/i2c/meson.build | 2 + hw/i2c/mpc_i2c.c | 1 - hw/i2c/pm_smbus.c | 4 +- hw/i2c/pmbus_device.c | 1612 ++ hw/i2c/ppc4xx_i2c.c | 15 +- hw/i2c/smbus_eeprom.c | 2 +- hw/i2c/smbus_master.c | 22 +- hw/i2c/trace-events | 7 +- hw/i386/Kconfig | 8 +- hw/i386/acpi-build.c | 196 +- hw/i386/acpi-build.h | 5 + hw/i386/acpi-common.h | 6 +- hw/i386/acpi-microvm.c | 1 - hw/i386/amd_iommu.c | 10 +- hw/i386/fw_cfg.c | 4 +- hw/i386/intel_iommu.c | 2 - hw/i386/kvm/apic.c | 3 +- hw/i386/kvm/clock.c | 5 +- hw/i386/kvm/i8254.c | 10 +- hw/i386/kvm/i8259.c | 4 +- hw/i386/kvm/ioapic.c | 5 +- hw/i386/kvmvapic.c | 1 - hw/i386/meson.build | 2 + hw/i386/microvm.c | 1 - hw/i386/pc.c | 141 +- hw/i386/pc_piix.c | 18 +- hw/i386/pc_q35.c | 25 +- hw/i386/pc_sysfw.c | 108 - hw/i386/pc_sysfw_ovmf-stubs.c | 26 + hw/i386/pc_sysfw_ovmf.c | 151 + hw/i386/trace-events | 2 +- hw/i386/vmport.c | 1 - hw/i386/x86-iommu.c | 1 - hw/i386/x86.c | 39 +- hw/i386/xen/trace-events | 2 +- hw/i386/xen/xen-hvm.c | 1 - hw/i386/xen/xen-mapcache.c | 7 +- hw/i386/xen/xen_platform.c | 2 - hw/ide/Kconfig | 3 +- hw/ide/ahci_internal.h | 1 - hw/ide/ioport.c | 16 +- hw/ide/piix.c | 22 +- hw/ide/trace-events | 2 +- hw/input/hid.c | 4 +- hw/input/lasips2.c | 3 - hw/input/lm832x.c | 2 +- hw/input/meson.build | 1 - hw/input/milkymist-softusb.c | 319 - hw/input/pckbd.c | 353 +- hw/input/ps2.c | 22 +- hw/input/trace-events | 11 +- hw/input/vhost-user-input.c | 6 +- hw/input/virtio-input-host.c | 5 +- hw/intc/apic.c | 1 - hw/intc/apic_common.c | 1 - hw/intc/arm_gic_kvm.c | 2 - hw/intc/arm_gicv3.c | 1 - hw/intc/arm_gicv3_cpuif.c | 53 +- hw/intc/arm_gicv3_kvm.c | 1 - hw/intc/arm_gicv3_redist.c | 4 +- hw/intc/armv7m_nvic.c | 47 +- hw/intc/grlib_irqmp.c | 1 - hw/intc/ibex_plic.c | 20 +- hw/intc/imx_gpcv2.c | 1 - hw/intc/lm32_pic.c | 195 - hw/intc/meson.build | 2 - hw/intc/ompic.c | 1 - hw/intc/openpic.c | 1 - hw/intc/openpic_kvm.c | 2 - hw/intc/ppc-uic.c | 2 +- hw/intc/puv3_intc.c | 147 - hw/intc/s390_flic.c | 1 - hw/intc/s390_flic_kvm.c | 4 +- hw/intc/sifive_plic.c | 2 - hw/intc/spapr_xive.c | 2 +- hw/intc/trace-events | 11 +- hw/intc/xics.c | 1 - hw/intc/xics_kvm.c | 1 - hw/intc/xics_spapr.c | 1 - hw/ipmi/ipmi_bmc_sim.c | 4 +- hw/ipmi/isa_ipmi_bt.c | 1 - hw/ipmi/isa_ipmi_kcs.c | 1 - hw/isa/Kconfig | 12 +- hw/isa/isa-bus.c | 14 +- hw/isa/isa-superio.c | 1 - hw/isa/lpc_ich9.c | 2 - hw/isa/piix3.c | 1 - hw/isa/piix4.c | 6 +- hw/isa/trace-events | 2 +- hw/isa/vt82c686.c | 423 +- hw/lm32/Kconfig | 18 - hw/lm32/lm32.h | 48 - hw/lm32/lm32_boards.c | 333 - hw/lm32/lm32_hwsetup.h | 179 - hw/lm32/meson.build | 6 - hw/lm32/milkymist-hw.h | 133 - hw/lm32/milkymist.c | 250 - hw/m68k/an5206.c | 1 - hw/m68k/mcf5208.c | 1 - hw/m68k/mcf_intc.c | 1 - hw/m68k/next-cube.c | 6 +- hw/m68k/next-kbd.c | 3 - hw/m68k/q800.c | 24 +- hw/m68k/virt.c | 3 - hw/mem/Kconfig | 2 - hw/mem/meson.build | 3 +- hw/mem/pc-dimm.c | 33 +- hw/mem/sparse-mem.c | 1 - hw/mem/trace-events | 2 +- hw/meson.build | 5 +- hw/microblaze/boot.c | 1 - hw/mips/Kconfig | 8 +- hw/mips/boston.c | 1 - hw/mips/fuloong2e.c | 2 - hw/mips/gt64xxx_pci.c | 1 - hw/mips/jazz.c | 82 +- hw/mips/loongson3_virt.c | 4 - hw/mips/malta.c | 3 - hw/mips/meson.build | 9 +- hw/mips/mips_int.c | 1 - hw/mips/mipssim.c | 2 - hw/misc/Kconfig | 15 - hw/misc/aspeed_hace.c | 389 + hw/misc/aspeed_xdma.c | 124 +- hw/misc/auxbus.c | 68 +- hw/misc/bcm2835_powermgt.c | 160 + hw/misc/emc141x.c | 326 - hw/misc/imx7_snvs.c | 1 - hw/misc/imx_ccm.c | 1 - hw/misc/imx_rngc.c | 1 - hw/misc/ivshmem.c | 5 +- hw/misc/led.c | 1 - hw/misc/macio/macio.c | 1 - hw/misc/macio/trace-events | 2 +- hw/misc/max111x.c | 236 - hw/misc/mchp_pfsoc_dmc.c | 1 - hw/misc/mchp_pfsoc_ioscb.c | 1 - hw/misc/mchp_pfsoc_sysreg.c | 1 - hw/misc/meson.build | 12 +- hw/misc/milkymist-hpdmc.c | 172 - hw/misc/milkymist-pfpu.c | 548 - hw/misc/mips_itu.c | 1 - hw/misc/mps2-scc.c | 13 +- hw/misc/mst_fpga.c | 2 +- hw/misc/npcm7xx_clk.c | 2 +- hw/misc/puv3_pm.c | 159 - hw/misc/pvpanic-isa.c | 1 - hw/misc/pvpanic-pci.c | 1 - hw/misc/sifive_e_prci.c | 1 - hw/misc/sifive_test.c | 1 - hw/misc/tmp105.c | 328 - hw/misc/tmp105.h | 55 - hw/misc/tmp421.c | 391 - hw/misc/trace-events | 12 +- hw/misc/virt_ctrl.c | 1 - hw/misc/zynq-xadc.c | 305 - hw/moxie/Kconfig | 3 - hw/moxie/meson.build | 4 - hw/moxie/moxiesim.c | 157 - hw/net/can/can_sja1000.c | 8 + hw/net/can/xlnx-zynqmp-can.c | 1 - hw/net/dp8393x.c | 500 +- hw/net/e1000.c | 17 + hw/net/e1000e.c | 8 +- hw/net/e1000e_core.c | 10 +- hw/net/i82596.c | 1 - hw/net/imx_fec.c | 8 +- hw/net/lasi_i82596.c | 1 - hw/net/meson.build | 1 - hw/net/milkymist-minimac2.c | 547 - hw/net/msf2-emac.c | 1 - hw/net/net_tx_pkt.c | 12 +- hw/net/rocker/rocker.h | 11 +- hw/net/spapr_llan.c | 1 - hw/net/trace-events | 33 +- hw/net/vhost_net.c | 11 +- hw/net/virtio-net.c | 120 +- hw/net/vmxnet3.c | 43 +- hw/net/xgmac.c | 1 - hw/nios2/10m50_devboard.c | 1 - hw/nios2/boot.c | 2 - hw/nios2/generic_nommu.c | 2 - hw/nubus/nubus-bus.c | 1 - hw/nvme/Kconfig | 4 + hw/nvme/ctrl.c | 6717 +++++ hw/nvme/dif.c | 509 + hw/nvme/meson.build | 1 + hw/nvme/ns.c | 601 + hw/nvme/nvme.h | 556 + hw/nvme/subsys.c | 89 + hw/nvme/trace-events | 202 + hw/nvme/trace.h | 1 + hw/nvram/nrf51_nvm.c | 1 - hw/nvram/spapr_nvram.c | 2 - hw/nvram/trace-events | 2 +- hw/openrisc/openrisc_sim.c | 1 - hw/pci-bridge/gen_pcie_root_port.c | 5 + hw/pci-bridge/pci_expander_bridge.c | 3 + hw/pci-host/Kconfig | 7 +- hw/pci-host/bonito.c | 13 +- hw/pci-host/gpex-acpi.c | 20 +- hw/pci-host/gpex.c | 56 +- hw/pci-host/meson.build | 6 +- hw/pci-host/mv64361.c | 950 + hw/pci-host/mv643xx.h | 918 + hw/pci-host/pnv_phb4.c | 2 +- hw/pci-host/ppce500.c | 1 - hw/pci-host/prep.c | 443 - hw/pci-host/q35.c | 5 + hw/pci-host/raven.c | 445 + hw/pci-host/sabre.c | 1 - hw/pci-host/sh_pci.c | 1 - hw/pci-host/trace-events | 11 +- hw/pci/pci.c | 35 +- hw/pci/pci_host.c | 1 + hw/pci/pcie.c | 8 +- hw/pci/pcie_host.c | 1 - hw/pci/pcie_port.c | 1 + hw/pci/trace-events | 2 +- hw/pcmcia/meson.build | 2 +- hw/ppc/Kconfig | 19 +- hw/ppc/e500.c | 2 - hw/ppc/mac_newworld.c | 6 +- hw/ppc/mac_oldworld.c | 2 - hw/ppc/meson.build | 8 + hw/ppc/pef.c | 6 +- hw/ppc/pegasos2.c | 913 + hw/ppc/pnv.c | 5 +- hw/ppc/pnv_core.c | 3 +- hw/ppc/pnv_pnor.c | 1 - hw/ppc/pnv_psi.c | 5 +- hw/ppc/ppc.c | 1 - hw/ppc/ppc405_boards.c | 3 - hw/ppc/ppc405_uc.c | 1 - hw/ppc/ppc440_bamboo.c | 1 - hw/ppc/ppc440_pcix.c | 1 - hw/ppc/ppc440_uc.c | 2 - hw/ppc/ppc4xx_devs.c | 1 - hw/ppc/ppc4xx_pci.c | 1 - hw/ppc/ppc_booke.c | 1 - hw/ppc/prep.c | 4 - hw/ppc/rs6000_mc.c | 1 - hw/ppc/sam460ex.c | 1 - hw/ppc/spapr.c | 144 +- hw/ppc/spapr_caps.c | 100 + hw/ppc/spapr_drc.c | 24 +- hw/ppc/spapr_events.c | 6 - hw/ppc/spapr_hcall.c | 667 +- hw/ppc/spapr_iommu.c | 1 - hw/ppc/spapr_nvdimm.c | 52 +- hw/ppc/spapr_pci.c | 2 - hw/ppc/spapr_pci_vfio.c | 41 +- hw/ppc/spapr_rng.c | 1 - hw/ppc/spapr_rtas.c | 19 +- hw/ppc/spapr_rtas_ddw.c | 1 - hw/ppc/spapr_rtc.c | 1 - hw/ppc/spapr_softmmu.c | 627 + hw/ppc/spapr_tpm_proxy.c | 1 - hw/ppc/spapr_vio.c | 2 +- hw/ppc/spapr_vof.c | 167 + hw/ppc/trace-events | 26 +- hw/ppc/virtex_ml507.c | 2 - hw/ppc/vof.c | 1062 + hw/rdma/trace-events | 2 +- hw/rdma/vmw/pvrdma_cmd.c | 7 + hw/rdma/vmw/pvrdma_dev_ring.c | 2 +- hw/rdma/vmw/pvrdma_main.c | 5 + hw/rdma/vmw/trace-events | 2 +- hw/remote/iohub.c | 1 - hw/remote/machine.c | 1 - hw/remote/memory.c | 8 +- hw/remote/mpqemu-link.c | 2 +- hw/remote/proxy-memory-listener.c | 2 - hw/remote/proxy.c | 3 +- hw/riscv/Kconfig | 16 + hw/riscv/boot.c | 6 +- hw/riscv/meson.build | 3 +- hw/riscv/microchip_pfsoc.c | 83 +- hw/riscv/numa.c | 1 - hw/riscv/opentitan.c | 34 +- hw/riscv/shakti_c.c | 181 + hw/riscv/sifive_e.c | 4 +- hw/riscv/sifive_u.c | 37 +- hw/riscv/spike.c | 13 +- hw/riscv/virt.c | 26 +- hw/rtc/m48t59.c | 1 - hw/rtc/mc146818rtc.c | 44 +- hw/rtc/trace-events | 2 +- hw/rx/rx-gdbsim.c | 5 +- hw/rx/rx62n.c | 2 - hw/s390x/3270-ccw.c | 3 +- hw/s390x/ccw-device.c | 1 + hw/s390x/ccw-device.h | 1 + hw/s390x/css-bridge.c | 1 - hw/s390x/css.c | 88 +- hw/s390x/ipl.c | 2 - hw/s390x/meson.build | 4 +- hw/s390x/pv.c | 1 - hw/s390x/s390-ccw.c | 4 +- hw/s390x/s390-pci-bus.c | 1 - hw/s390x/s390-pci-inst.c | 1 - hw/s390x/s390-stattrib-kvm.c | 3 +- hw/s390x/s390-stattrib.c | 1 - hw/s390x/s390-virtio-ccw.c | 21 +- hw/s390x/sclp.c | 2 - hw/s390x/sclpcpu.c | 1 - hw/s390x/tod-kvm.c | 2 +- hw/s390x/tod-qemu.c | 89 - hw/s390x/tod-tcg.c | 89 + hw/s390x/tod.c | 9 +- hw/s390x/trace-events | 2 +- hw/s390x/virtio-ccw-gpu.c | 3 + hw/s390x/virtio-ccw.c | 9 +- hw/scsi/esp.c | 199 +- hw/scsi/scsi-disk.c | 12 +- hw/scsi/scsi-generic.c | 15 +- hw/scsi/spapr_vscsi.c | 1 - hw/scsi/trace-events | 5 +- hw/scsi/vhost-scsi.c | 4 +- hw/scsi/vhost-user-scsi.c | 4 +- hw/scsi/virtio-scsi-dataplane.c | 72 +- hw/sd/cadence_sdhci.c | 2 - hw/sd/meson.build | 1 - hw/sd/milkymist-memcard.c | 335 - hw/sd/omap_mmc.c | 2 +- hw/sd/sd.c | 50 +- hw/sd/trace-events | 6 +- hw/sensor/Kconfig | 19 + hw/sensor/adm1272.c | 543 + hw/sensor/emc141x.c | 326 + hw/sensor/max34451.c | 775 + hw/sensor/meson.build | 5 + hw/sensor/tmp105.c | 328 + hw/sensor/tmp421.c | 391 + hw/sh4/r2d.c | 1 - hw/sh4/sh7750.c | 1 - hw/sh4/shix.c | 2 - hw/smbios/smbios.c | 124 +- hw/sparc/Kconfig | 2 +- hw/sparc/leon3.c | 38 +- hw/sparc/sun4m.c | 491 +- hw/sparc/trace-events | 6 +- hw/sparc64/Kconfig | 2 +- hw/sparc64/niagara.c | 1 - hw/sparc64/sparc64.c | 63 - hw/sparc64/trace-events | 6 +- hw/ssi/aspeed_smc.c | 120 +- hw/ssi/sifive_spi.c | 1 - hw/ssi/xilinx_spi.c | 1 - hw/timer/etraxfs_timer.c | 14 +- hw/timer/ibex_timer.c | 305 + hw/timer/lm32_timer.c | 249 - hw/timer/meson.build | 4 +- hw/timer/milkymist-sysctl.c | 361 - hw/timer/mips_gictimer.c | 1 - hw/timer/puv3_ost.c | 166 - hw/timer/sse-counter.c | 1 - hw/timer/trace-events | 19 +- hw/tpm/tpm_crb.c | 1 - hw/tpm/tpm_ppi.c | 2 +- hw/tpm/trace-events | 2 +- hw/tricore/Kconfig | 3 +- hw/tricore/meson.build | 3 +- hw/tricore/tc27x_soc.c | 4 - hw/tricore/triboard.c | 3 - hw/tricore/tricore_testboard.c | 9 +- hw/tricore/tricore_testdevice.c | 82 + hw/unicore32/Kconfig | 5 - hw/unicore32/meson.build | 5 - hw/unicore32/puv3.c | 145 - hw/usb/ccid-card-emulated.c | 1 + hw/usb/ccid-card-passthru.c | 3 +- hw/usb/chipidea.c | 1 - hw/usb/combined-packet.c | 4 +- hw/usb/desc-msos.c | 2 +- hw/usb/dev-hid.c | 2 +- hw/usb/dev-mtp.c | 12 +- hw/usb/dev-smartcard-reader.c | 8 +- hw/usb/dev-storage-bot.c | 1 + hw/usb/dev-storage-classic.c | 1 + hw/usb/dev-uas.c | 1 + hw/usb/dev-wacom.c | 2 +- hw/usb/hcd-dwc3.c | 1 - hw/usb/hcd-xhci-pci.c | 13 +- hw/usb/hcd-xhci-sysbus.c | 4 +- hw/usb/hcd-xhci.c | 8 +- hw/usb/hcd-xhci.h | 2 +- hw/usb/host-libusb.c | 71 +- hw/usb/host-stub.c | 46 - hw/usb/imx-usb-phy.c | 1 - hw/usb/meson.build | 23 +- hw/usb/quirks-ftdi-ids.h | 6 - hw/usb/quirks.h | 1 - hw/usb/redirect.c | 11 +- hw/usb/trace-events | 2 +- hw/usb/xen-usb.c | 1 - hw/usb/xlnx-usb-subsystem.c | 2 - hw/usb/xlnx-versal-usb2-ctrl-regs.c | 1 - hw/vfio/ap.c | 4 +- hw/vfio/ccw.c | 23 +- hw/vfio/common.c | 316 +- hw/vfio/display.c | 1 - hw/vfio/migration.c | 13 +- hw/vfio/pci-quirks.c | 1 - hw/vfio/pci.c | 13 +- hw/vfio/spapr.c | 1 - hw/vfio/trace-events | 2 +- hw/virtio/Kconfig | 5 + hw/virtio/meson.build | 2 + hw/virtio/trace-events | 2 +- hw/virtio/vhost-backend.c | 6 +- hw/virtio/vhost-user-fs.c | 3 +- hw/virtio/vhost-user-i2c-pci.c | 69 + hw/virtio/vhost-user-i2c.c | 288 + hw/virtio/vhost-user-vsock.c | 12 +- hw/virtio/vhost-user.c | 77 +- hw/virtio/vhost-vdpa.c | 113 +- hw/virtio/vhost-vsock.c | 15 +- hw/virtio/vhost.c | 42 +- hw/virtio/virtio-balloon.c | 4 +- hw/virtio/virtio-bus.c | 5 + hw/virtio/virtio-mem.c | 394 +- hw/virtio/virtio-mmio.c | 17 +- hw/virtio/virtio-pci.c | 33 +- hw/virtio/virtio.c | 25 +- hw/watchdog/trace-events | 2 +- hw/xen/trace-events | 2 +- hw/xen/xen-bus-helper.c | 1 - hw/xen/xen-legacy-backend.c | 1 - hw/xen/xen_pt.c | 1 - hw/xtensa/sim.c | 2 - hw/xtensa/virt.c | 3 - hw/xtensa/xtensa_memory.c | 1 - hw/xtensa/xtfpga.c | 1 - include/block/aio.h | 48 +- include/block/block-copy.h | 2 + include/block/block.h | 20 +- include/block/block_int.h | 32 +- include/block/nbd.h | 18 + include/block/nvme.h | 90 +- include/block/qdict.h | 2 - include/block/replication.h | 175 + include/block/write-threshold.h | 27 +- include/chardev/char-fe.h | 8 +- include/crypto/tls-cipher-suites.h | 6 - include/crypto/tlscreds.h | 30 +- include/crypto/tlscredsanon.h | 12 - include/crypto/tlscredspsk.h | 12 - include/crypto/tlscredsx509.h | 10 - include/disas/dis-asm.h | 16 +- include/elf.h | 13 +- include/exec/cpu-common.h | 2 + include/exec/exec-all.h | 69 +- include/exec/gen-icount.h | 1 + include/exec/helper-gen.h | 4 +- include/exec/helper-head.h | 37 +- include/exec/helper-proto.h | 4 +- include/exec/helper-tcg.h | 38 +- include/exec/memory.h | 392 +- include/exec/memory_ldst.h.inc | 16 +- include/exec/memory_ldst_cached.h.inc | 42 +- include/exec/memory_ldst_phys.h.inc | 72 +- include/exec/poison.h | 11 +- include/exec/ram_addr.h | 9 +- include/exec/ramblock.h | 10 + include/exec/ramlist.h | 13 +- include/exec/tb-context.h | 41 - include/exec/tb-hash.h | 69 - include/exec/tb-lookup.h | 49 - include/exec/translator.h | 21 +- include/fpu/softfloat-helpers.h | 9 +- include/fpu/softfloat-macros.h | 249 +- include/fpu/softfloat-types.h | 14 +- include/fpu/softfloat.h | 17 +- include/glib-compat.h | 30 +- include/hw/acpi/ghes.h | 9 + include/hw/acpi/ich9.h | 5 + include/hw/acpi/pcihp.h | 3 +- include/hw/acpi/tpm.h | 4 + include/hw/adc/max111x.h | 56 + include/hw/adc/zynq-xadc.h | 46 + include/hw/arm/allwinner-h3.h | 2 +- include/hw/arm/armsse.h | 2 + include/hw/arm/armv7m.h | 2 + include/hw/arm/aspeed_soc.h | 3 + include/hw/arm/bcm2835_peripherals.h | 3 +- include/hw/arm/stm32f100_soc.h | 57 + include/hw/arm/virt.h | 1 + include/hw/block/block.h | 3 + include/hw/block/flash.h | 2 +- include/hw/boards.h | 7 +- include/hw/char/avr_usart.h | 1 - include/hw/char/ibex_uart.h | 37 - include/hw/char/lm32_juart.h | 13 - include/hw/char/shakti_uart.h | 74 + include/hw/char/sifive_uart.h | 11 +- include/hw/core/accel-cpu.h | 2 +- include/hw/core/cpu.h | 126 +- include/hw/core/sysemu-cpu-ops.h | 92 + include/hw/core/tcg-cpu-ops.h | 6 + include/hw/display/edid.h | 12 +- include/hw/display/milkymist_tmu2.h | 42 - include/hw/display/vga.h | 6 + include/hw/elf_ops.h | 8 - include/hw/firmware/smbios.h | 14 +- include/hw/i2c/i2c.h | 63 +- include/hw/i2c/i2c_mux_pca954x.h | 19 + include/hw/i2c/pmbus_device.h | 517 + include/hw/i386/pc.h | 8 +- include/hw/i386/x86.h | 9 +- include/hw/ide/internal.h | 2 +- include/hw/input/lm832x.h | 28 + include/hw/isa/isa.h | 13 +- include/hw/isa/vt82c686.h | 2 +- include/hw/lm32/lm32_pic.h | 10 - include/hw/mem/pc-dimm.h | 5 - include/hw/misc/aspeed_hace.h | 43 + include/hw/misc/aspeed_xdma.h | 17 +- include/hw/misc/avr_power.h | 1 - include/hw/misc/bcm2835_powermgt.h | 29 + include/hw/misc/emc141x_regs.h | 37 - include/hw/misc/max111x.h | 56 - include/hw/misc/mps2-scc.h | 21 + include/hw/misc/stm32f4xx_exti.h | 1 - include/hw/misc/stm32f4xx_syscfg.h | 1 - include/hw/misc/tmp105_regs.h | 51 - include/hw/misc/zynq-xadc.h | 46 - include/hw/pci-host/gpex.h | 4 + include/hw/pci-host/i440fx.h | 1 - include/hw/pci-host/mv64361.h | 8 + include/hw/pci/pci.h | 2 + include/hw/pci/pci_host.h | 1 + include/hw/pci/pci_ids.h | 7 +- include/hw/pci/pcie_port.h | 5 +- include/hw/ppc/spapr.h | 46 +- include/hw/ppc/spapr_nvdimm.h | 14 +- include/hw/ppc/vof.h | 60 + include/hw/riscv/boot.h | 5 + include/hw/riscv/opentitan.h | 24 +- include/hw/riscv/shakti_c.h | 75 + include/hw/s390x/css.h | 5 + include/hw/s390x/ioinst.h | 12 +- include/hw/s390x/tod.h | 2 +- include/hw/scsi/esp.h | 1 + include/hw/sensor/emc141x_regs.h | 37 + include/hw/sensor/tmp105.h | 55 + include/hw/sensor/tmp105_regs.h | 51 + include/hw/ssi/aspeed_smc.h | 7 +- include/hw/timer/avr_timer16.h | 1 - include/hw/timer/ibex_timer.h | 52 + include/hw/tricore/tricore_testdevice.h | 38 + include/hw/unicore32/puv3.h | 40 - include/hw/usb.h | 7 +- include/hw/usb/dwc2-regs.h | 4 +- include/hw/usb/xlnx-usb-subsystem.h | 4 +- include/hw/usb/xlnx-versal-usb2-ctrl-regs.h | 4 +- include/hw/vfio/vfio-common.h | 12 + include/hw/virtio/vhost-backend.h | 5 +- include/hw/virtio/vhost-user-i2c.h | 28 + include/hw/virtio/vhost-vdpa.h | 9 +- include/hw/virtio/vhost.h | 8 +- include/hw/virtio/virtio-gpu-bswap.h | 16 + include/hw/virtio/virtio-gpu.h | 74 +- include/hw/virtio/virtio-mem.h | 3 + include/hw/virtio/virtio-mmio.h | 5 + include/hw/virtio/virtio-net.h | 4 + include/hw/virtio/virtio.h | 2 +- include/migration/misc.h | 1 - include/migration/vmstate.h | 3 +- include/monitor/hmp.h | 2 + include/monitor/monitor.h | 5 +- include/net/net.h | 2 + include/net/vhost-vdpa.h | 1 - include/qapi/forward-visitor.h | 27 + include/qapi/qmp/qdict.h | 3 + include/qemu/accel.h | 13 + include/qemu/atomic.h | 251 +- include/qemu/atomic128.h | 2 +- include/qemu/bitops.h | 44 +- include/qemu/bswap.h | 26 +- include/qemu/co-shared-resource.h | 4 +- include/qemu/compiler.h | 51 - include/qemu/config-file.h | 7 +- include/qemu/coroutine.h | 33 +- include/qemu/host-utils.h | 291 + include/qemu/int128.h | 10 + include/qemu/job.h | 2 +- include/qemu/lockable.h | 88 +- include/qemu/main-loop.h | 22 +- include/qemu/mmap-alloc.h | 16 +- include/qemu/module.h | 79 + include/qemu/option.h | 6 +- include/qemu/osdep.h | 88 +- include/qemu/plugin-memory.h | 6 +- include/qemu/plugin.h | 13 +- include/qemu/progress_meter.h | 34 +- include/qemu/qemu-options.h | 41 + include/qemu/qemu-plugin.h | 22 + include/qemu/ratelimit.h | 26 +- include/qemu/selfmap.h | 4 +- include/qemu/sockets.h | 11 + include/qemu/stats64.h | 2 +- include/qemu/thread-posix.h | 14 +- include/qemu/thread-win32.h | 6 - include/qemu/thread.h | 15 +- include/qemu/transactions.h | 63 + include/qom/object.h | 23 + include/standard-headers/asm-x86/kvm_para.h | 13 + .../infiniband/hw/vmw_pvrdma/pvrdma_verbs.h | 35 - include/standard-headers/drm/drm_fourcc.h | 30 +- include/standard-headers/linux/ethtool.h | 113 +- include/standard-headers/linux/fuse.h | 17 +- include/standard-headers/linux/input-event-codes.h | 1 + include/standard-headers/linux/input.h | 2 +- include/standard-headers/linux/udmabuf.h | 32 + include/standard-headers/linux/virtio_bt.h | 31 + include/standard-headers/linux/virtio_ids.h | 2 + include/standard-headers/linux/virtio_snd.h | 334 + include/standard-headers/linux/virtio_vsock.h | 9 + include/standard-headers/rdma/vmw_pvrdma-abi.h | 7 + include/sysemu/arch_init.h | 3 - include/sysemu/block-backend.h | 5 + include/sysemu/hax.h | 4 + include/sysemu/hostmem.h | 2 +- include/sysemu/hvf.h | 4 + include/sysemu/hvf_int.h | 58 + include/sysemu/hw_accel.h | 1 + include/sysemu/iothread.h | 3 + include/sysemu/kvm_int.h | 7 +- include/sysemu/nvmm.h | 26 + include/sysemu/os-posix.h | 8 + include/sysemu/os-win32.h | 8 + include/sysemu/tcg.h | 2 - include/sysemu/tpm.h | 9 + include/sysemu/tpm_backend.h | 6 +- include/sysemu/whpx.h | 4 + include/tcg/tcg-cond.h | 101 + include/tcg/tcg-op-gvec.h | 43 + include/tcg/tcg-op.h | 18 +- include/tcg/tcg-opc.h | 17 +- include/tcg/tcg.h | 195 +- include/ui/clipboard.h | 193 + include/ui/console.h | 3 + include/ui/gtk.h | 71 + include/ui/qemu-pixman.h | 1 + include/user/syscall-trace.h | 4 +- io/channel-socket.c | 8 +- io/channel-websock.c | 10 +- io/dns-resolver.c | 4 + io/net-listener.c | 3 + io/trace-events | 2 +- iothread.c | 91 +- job-qmp.c | 8 +- job.c | 5 +- linux-headers/asm-arm64/kvm.h | 11 + linux-headers/asm-generic/mman-common.h | 3 + linux-headers/asm-generic/unistd.h | 13 +- linux-headers/asm-mips/mman.h | 3 + linux-headers/asm-mips/unistd_n32.h | 752 +- linux-headers/asm-mips/unistd_n64.h | 704 +- linux-headers/asm-mips/unistd_o32.h | 844 +- linux-headers/asm-powerpc/kvm.h | 2 + linux-headers/asm-powerpc/unistd_32.h | 857 +- linux-headers/asm-powerpc/unistd_64.h | 801 +- linux-headers/asm-s390/unistd_32.h | 5 + linux-headers/asm-s390/unistd_64.h | 5 + linux-headers/asm-x86/kvm.h | 16 + linux-headers/asm-x86/unistd_32.h | 11 +- linux-headers/asm-x86/unistd_64.h | 11 +- linux-headers/asm-x86/unistd_x32.h | 11 +- linux-headers/linux/kvm.h | 244 +- linux-headers/linux/userfaultfd.h | 41 +- linux-headers/linux/vfio.h | 35 + linux-user/aarch64/signal.c | 6 +- linux-user/aarch64/syscall_nr.h | 8 +- linux-user/aarch64/target_errno_defs.h | 7 + linux-user/alpha/signal.c | 16 +- linux-user/alpha/syscall.tbl | 7 + linux-user/alpha/target_errno_defs.h | 204 + linux-user/alpha/target_signal.h | 1 + linux-user/alpha/target_syscall.h | 194 - linux-user/arm/cpu_loop.c | 125 +- linux-user/arm/nwfpe/fpa11.c | 41 +- linux-user/arm/signal.c | 9 +- linux-user/arm/syscall.tbl | 7 + linux-user/arm/target_errno_defs.h | 7 + linux-user/cris/target_errno_defs.h | 7 + linux-user/elfload.c | 236 +- linux-user/errno_defs.h | 167 - linux-user/errnos.c.inc | 140 + linux-user/exit.c | 2 +- linux-user/fd-trans.c | 1 + linux-user/fd-trans.h | 55 +- linux-user/generic/target_errno_defs.h | 167 + linux-user/hexagon/cpu_loop.c | 2 +- linux-user/hexagon/signal.c | 6 +- linux-user/hexagon/syscall_nr.h | 12 +- linux-user/hexagon/target_errno_defs.h | 7 + linux-user/hppa/cpu_loop.c | 2 +- linux-user/hppa/signal.c | 8 +- linux-user/hppa/syscall.tbl | 31 +- linux-user/hppa/target_errno_defs.h | 220 + linux-user/hppa/target_syscall.h | 208 - linux-user/i386/signal.c | 13 +- linux-user/i386/syscall_32.tbl | 21 +- linux-user/i386/target_errno_defs.h | 7 + linux-user/linuxload.c | 42 +- linux-user/m68k/signal.c | 5 +- linux-user/m68k/syscall.tbl | 7 + linux-user/m68k/target_errno_defs.h | 7 + linux-user/main.c | 12 +- linux-user/meson.build | 1 - linux-user/microblaze/signal.c | 6 +- linux-user/microblaze/syscall.tbl | 7 + linux-user/microblaze/target_errno_defs.h | 7 + linux-user/mips/signal.c | 6 +- linux-user/mips/syscall-args-o32.c.inc | 5 +- linux-user/mips/syscall_o32.tbl | 19 +- linux-user/mips/target_errno_defs.h | 221 + linux-user/mips/target_syscall.h | 209 - linux-user/mips64/syscall_n32.tbl | 19 +- linux-user/mips64/syscall_n64.tbl | 7 + linux-user/mips64/target_errno_defs.h | 10 + linux-user/mips64/target_syscall.h | 209 - linux-user/mmap.c | 14 + linux-user/nios2/signal.c | 8 +- linux-user/nios2/syscall_nr.h | 8 +- linux-user/nios2/target_errno_defs.h | 7 + linux-user/openrisc/signal.c | 5 +- linux-user/openrisc/syscall_nr.h | 8 +- linux-user/openrisc/target_errno_defs.h | 7 + linux-user/ppc/cpu_loop.c | 11 +- linux-user/ppc/signal.c | 27 +- linux-user/ppc/syscall.tbl | 39 +- linux-user/ppc/target_errno_defs.h | 7 + linux-user/qemu.h | 3 +- linux-user/riscv/signal.c | 6 +- linux-user/riscv/syscall32_nr.h | 8 +- linux-user/riscv/syscall64_nr.h | 8 +- linux-user/riscv/target_errno_defs.h | 7 + linux-user/s390x/cpu_loop.c | 66 +- linux-user/s390x/signal.c | 291 +- linux-user/s390x/syscall.tbl | 19 +- linux-user/s390x/target_errno_defs.h | 7 + linux-user/safe-syscall.S | 2 +- linux-user/semihost.c | 1 - linux-user/sh4/signal.c | 7 +- linux-user/sh4/syscall.tbl | 7 + linux-user/sh4/target_errno_defs.h | 7 + linux-user/signal-common.h | 1 + linux-user/signal.c | 133 +- linux-user/sparc/signal.c | 535 +- linux-user/sparc/syscall.tbl | 19 +- linux-user/sparc/target_cpu.h | 9 +- linux-user/sparc/target_errno.h | 207 - linux-user/sparc/target_errno_defs.h | 212 + linux-user/sparc/target_signal.h | 2 + linux-user/sparc/target_structs.h | 34 +- linux-user/sparc/target_syscall.h | 44 +- linux-user/sparc64/cpu_loop.c | 20 - linux-user/sparc64/meson.build | 5 - linux-user/sparc64/signal.c | 19 - linux-user/sparc64/sockbits.h | 1 - linux-user/sparc64/syscall.tbl | 487 - linux-user/sparc64/syscallhdr.sh | 32 - linux-user/sparc64/target_cpu.h | 1 - linux-user/sparc64/target_elf.h | 14 - linux-user/sparc64/target_fcntl.h | 1 - linux-user/sparc64/target_signal.h | 1 - linux-user/sparc64/target_structs.h | 58 - linux-user/sparc64/target_syscall.h | 35 - linux-user/sparc64/termbits.h | 291 - linux-user/strace.c | 21 +- linux-user/strace.list | 8 +- linux-user/syscall.c | 333 +- linux-user/syscall_defs.h | 31 +- linux-user/trace-events | 4 +- linux-user/x86_64/syscall_64.tbl | 27 +- linux-user/x86_64/target_errno_defs.h | 7 + linux-user/xtensa/signal.c | 6 +- linux-user/xtensa/syscall.tbl | 7 + linux-user/xtensa/target_errno_defs.h | 7 + memory_ldst.c.inc | 20 +- meson.build | 646 +- meson_options.txt | 30 + migration/channel.c | 15 +- migration/colo.c | 8 +- migration/dirtyrate.c | 78 +- migration/dirtyrate.h | 8 +- migration/meson.build | 3 +- migration/migration.c | 244 +- migration/migration.h | 22 +- migration/multifd.c | 14 +- migration/postcopy-ram.c | 15 +- migration/qemu-file-channel.c | 11 +- migration/qemu-file.c | 22 +- migration/qemu-file.h | 4 +- migration/ram.c | 337 +- migration/rdma.c | 101 +- migration/savevm.c | 24 +- migration/socket.c | 24 +- migration/target.c | 25 + migration/tls.c | 6 +- migration/trace-events | 3 +- migration/yank_functions.c | 42 + migration/yank_functions.h | 3 + monitor/hmp-cmds.c | 10 +- monitor/hmp.c | 7 + monitor/misc.c | 50 +- monitor/monitor.c | 3 +- monitor/qmp.c | 40 +- monitor/trace-events | 2 +- nbd/client-connection.c | 388 + nbd/meson.build | 1 + nbd/server.c | 85 +- nbd/trace-events | 2 +- net/checksum.c | 4 +- net/colo-compare.c | 25 +- net/colo-compare.h | 1 + net/colo.c | 25 +- net/colo.h | 1 + net/dump.c | 1 - net/filter-mirror.c | 8 +- net/filter-replay.c | 1 - net/filter-rewriter.c | 3 +- net/net.c | 6 +- net/netmap.c | 1 - net/slirp.c | 16 +- net/tap-bsd.c | 13 +- net/tap-linux.c | 13 + net/tap-linux.h | 1 + net/tap-solaris.c | 5 + net/tap-stub.c | 5 + net/tap.c | 9 + net/tap_int.h | 1 + net/trace-events | 2 +- net/vhost-user.c | 4 +- net/vhost-vdpa.c | 11 +- os-posix.c | 2 +- os-win32.c | 1 - pc-bios/README | 6 +- pc-bios/palcode-clipper | Bin 156328 -> 153728 bytes pc-bios/s390-ccw.img | Bin 42608 -> 50936 bytes pc-bios/s390-ccw/Makefile | 8 +- pc-bios/s390-ccw/bootmap.c | 4 +- pc-bios/s390-ccw/dasd-ipl.c | 2 +- pc-bios/s390-ccw/helper.h | 2 +- pc-bios/s390-ccw/jump2ipl.c | 8 +- pc-bios/s390-ccw/menu.c | 8 +- pc-bios/s390-ccw/netboot.mak | 2 +- pc-bios/s390-ccw/s390-ccw.h | 1 + pc-bios/s390-ccw/virtio.c | 2 +- pc-bios/s390-netboot.img | Bin 67232 -> 79688 bytes pc-bios/slof.bin | Bin 968888 -> 991744 bytes pc-bios/u-boot.e500 | Bin 349148 -> 421720 bytes pc-bios/vof-nvram.bin | Bin 0 -> 16384 bytes pc-bios/vof.bin | Bin 0 -> 3456 bytes pc-bios/vof/Makefile | 23 + pc-bios/vof/bootmem.c | 14 + pc-bios/vof/ci.c | 91 + pc-bios/vof/entry.S | 49 + pc-bios/vof/libc.c | 66 + pc-bios/vof/main.c | 21 + pc-bios/vof/vof.h | 41 + pc-bios/vof/vof.lds | 48 + plugins/api.c | 14 +- plugins/core.c | 73 +- plugins/loader.c | 1 - plugins/plugin.h | 5 +- plugins/qemu-plugins.symbols | 3 - python/.gitignore | 17 + python/MANIFEST.in | 3 + python/Makefile | 102 + python/PACKAGE.rst | 43 + python/Pipfile | 13 + python/Pipfile.lock | 315 + python/README.rst | 87 + python/VERSION | 1 + python/avocado.cfg | 10 + python/mypy.ini | 4 - python/qemu/.flake8 | 2 - python/qemu/.isort.cfg | 7 - python/qemu/README.rst | 8 + python/qemu/__init__.py | 11 - python/qemu/accel.py | 84 - python/qemu/console_socket.py | 128 - python/qemu/machine.py | 746 - python/qemu/machine/README.rst | 9 + python/qemu/machine/__init__.py | 36 + python/qemu/machine/console_socket.py | 129 + python/qemu/machine/machine.py | 788 + python/qemu/machine/py.typed | 0 python/qemu/machine/qtest.py | 162 + python/qemu/pylintrc | 58 - python/qemu/qmp.py | 375 - python/qemu/qmp/README.rst | 9 + python/qemu/qmp/__init__.py | 423 + python/qemu/qmp/py.typed | 0 python/qemu/qmp/qemu_ga_client.py | 323 + python/qemu/qmp/qmp_shell.py | 535 + python/qemu/qmp/qom.py | 272 + python/qemu/qmp/qom_common.py | 178 + python/qemu/qmp/qom_fuse.py | 206 + python/qemu/qtest.py | 159 - python/qemu/utils/README.rst | 7 + python/qemu/utils/__init__.py | 45 + python/qemu/utils/accel.py | 84 + python/qemu/utils/py.typed | 0 python/setup.cfg | 132 + python/setup.py | 23 + python/tests/flake8.sh | 2 + python/tests/isort.sh | 2 + python/tests/mypy.sh | 2 + python/tests/pylint.sh | 2 + qapi/block-core.json | 251 +- qapi/block-export.json | 33 +- qapi/char.json | 21 +- qapi/crypto.json | 4 +- qapi/machine.json | 50 +- qapi/meson.build | 1 + qapi/migration.json | 21 +- qapi/misc-target.json | 40 +- qapi/misc.json | 6 +- qapi/net.json | 6 +- qapi/qapi-forward-visitor.c | 326 + qapi/qom.json | 44 +- qapi/sockets.json | 5 +- qapi/tpm.json | 28 +- qapi/trace-events | 2 +- qapi/transaction.json | 8 +- qapi/ui.json | 29 +- qemu-edid.c | 6 +- qemu-img.c | 77 +- qemu-io-cmds.c | 29 +- qemu-io.c | 17 +- qemu-nbd.c | 19 +- qemu-options-wrapper.h | 40 - qemu-options.h | 36 - qemu-options.hx | 254 +- qemu.sasl | 15 +- qga/commands-win32.c | 21 +- qga/commands.c | 4 +- qga/installer/qemu-ga.wxs | 6 +- qga/vss-win32/requester.cpp | 2 +- qom/object.c | 9 +- qom/object_interfaces.c | 58 +- qom/trace-events | 2 +- replication.c | 2 +- replication.h | 175 - roms/Makefile | 8 +- roms/SLOF | 2 +- roms/qemu-palcode | 2 +- roms/u-boot | 2 +- scripts/block-coroutine-wrapper.py | 7 +- scripts/checkpatch.pl | 12 +- scripts/ci/setup/.gitignore | 2 + scripts/ci/setup/build-environment.yml | 116 + scripts/ci/setup/gitlab-runner.yml | 71 + scripts/ci/setup/inventory.template | 1 + scripts/ci/setup/vars.yml.template | 12 + .../coccinelle/memory-region-housekeeping.cocci | 8 +- scripts/coverity-model.c | 386 - scripts/coverity-scan/COMPONENTS.md | 148 + scripts/coverity-scan/coverity-scan.docker | 1 - scripts/coverity-scan/model.c | 371 + scripts/coverity-scan/run-coverity-scan | 8 +- scripts/cpu-x86-uarch-abi.py | 194 + scripts/decodetree.py | 172 +- scripts/entitlement.sh | 16 +- scripts/modinfo-collect.py | 67 + scripts/modinfo-generate.py | 97 + scripts/oss-fuzz/build.sh | 24 +- scripts/oss-fuzz/reorder_fuzzer_qtest_trace.py | 2 +- scripts/qapi/common.py | 8 +- scripts/qapi/error.py | 47 +- scripts/qapi/expr.py | 444 +- scripts/qapi/main.py | 6 +- scripts/qapi/mypy.ini | 10 - scripts/qapi/parser.py | 244 +- scripts/qapi/pylintrc | 5 +- scripts/qapi/schema.py | 13 +- scripts/qapi/source.py | 13 +- scripts/qemu-binfmt-conf.sh | 4 +- scripts/qemu-trace-stap | 14 +- scripts/qmp/qemu-ga-client | 297 +- scripts/qmp/qmp-shell | 454 +- scripts/qmp/qom-fuse | 144 +- scripts/qmp/qom-get | 66 +- scripts/qmp/qom-list | 63 +- scripts/qmp/qom-set | 63 +- scripts/qmp/qom-tree | 74 +- scripts/simplebench/bench-backup.py | 95 +- scripts/simplebench/bench_block_job.py | 42 +- scripts/simplebench/simplebench.py | 28 +- scripts/simpletrace.py | 2 +- scripts/update-linux-headers.sh | 3 + scripts/update-mips-syscall-args.sh | 13 +- scsi/trace-events | 2 +- semihosting/arm-compat-semi.c | 2 - semihosting/config.c | 1 - semihosting/console.c | 2 - slirp | 2 +- softmmu/arch_init.c | 8 - softmmu/cpus.c | 9 +- softmmu/device_tree.c | 1 - softmmu/memory.c | 172 +- softmmu/memory_mapping.c | 1 - softmmu/physmem.c | 214 +- softmmu/qdev-monitor.c | 1 - softmmu/qemu-seccomp.c | 6 - softmmu/qtest.c | 185 +- softmmu/runstate.c | 3 +- softmmu/timers-state.h | 2 +- softmmu/trace-events | 9 +- softmmu/vl.c | 556 +- storage-daemon/meson.build | 8 +- stubs/iothread-lock.c | 2 +- stubs/iothread.c | 8 - stubs/meson.build | 9 +- stubs/module-opts.c | 2 + stubs/semihost.c | 1 - stubs/tpm.c | 39 - stubs/usb-dev-stub.c | 25 + stubs/virtio-gpu-udmabuf.c | 27 + stubs/vmstate.c | 2 - subprojects/libvhost-user/include/atomic.h | 1 + subprojects/libvhost-user/libvhost-user.c | 10 +- subprojects/libvhost-user/meson.build | 6 +- subprojects/libvhost-user/standard-headers/linux | 1 + target/Kconfig | 19 + target/alpha/Kconfig | 2 + target/alpha/cpu.c | 12 +- target/alpha/translate.c | 221 +- target/arm/Kconfig | 6 + target/arm/cpu.c | 53 +- target/arm/cpu.h | 234 +- target/arm/cpu64.c | 79 +- target/arm/cpu_tcg.c | 5 +- target/arm/debug_helper.c | 12 +- target/arm/gdbstub.c | 4 + target/arm/helper-a64.c | 22 +- target/arm/helper-a64.h | 3 +- target/arm/helper-mve.h | 465 + target/arm/helper-sve.h | 726 +- target/arm/helper.c | 526 +- target/arm/helper.h | 127 +- target/arm/internals.h | 35 +- target/arm/kvm64.c | 27 +- target/arm/m-nocp.decode | 24 + target/arm/m_helper.c | 86 +- target/arm/machine.c | 20 + target/arm/meson.build | 18 +- target/arm/mte_helper.c | 271 +- target/arm/mve.decode | 427 + target/arm/mve_helper.c | 1650 ++ target/arm/neon-dp.decode | 1 + target/arm/neon-ls.decode | 8 +- target/arm/neon-shared.decode | 37 +- target/arm/neon_helper.c | 519 +- target/arm/op_helper.c | 47 +- target/arm/sve.decode | 591 +- target/arm/sve_helper.c | 2523 +- target/arm/t32.decode | 86 +- target/arm/trace-events | 2 +- target/arm/translate-a32.h | 149 + target/arm/translate-a64.c | 738 +- target/arm/translate-a64.h | 7 +- target/arm/translate-m-nocp.c | 785 + target/arm/translate-mve.c | 1033 + target/arm/translate-neon.c | 4070 +++ target/arm/translate-neon.c.inc | 3942 --- target/arm/translate-sve.c | 3417 ++- target/arm/translate-vfp.c | 3606 +++ target/arm/translate-vfp.c.inc | 4050 --- target/arm/translate.c | 1096 +- target/arm/translate.h | 127 + target/arm/vec_helper.c | 1055 +- target/arm/vec_internal.h | 176 + target/arm/vfp.decode | 16 +- target/arm/vfp_helper.c | 48 +- target/avr/Kconfig | 2 + target/avr/cpu.c | 13 +- target/avr/cpu.h | 1 + target/avr/gdbstub.c | 13 + target/avr/helper.c | 6 +- target/avr/helper.h | 8 +- target/avr/machine.c | 4 +- target/avr/translate.c | 251 +- target/cris/Kconfig | 2 + target/cris/cpu.c | 14 +- target/cris/helper.h | 2 +- target/cris/translate.c | 495 +- target/cris/translate_v10.c.inc | 17 +- target/hexagon/arch.c | 181 +- target/hexagon/arch.h | 9 +- target/hexagon/conv_emu.c | 177 - target/hexagon/conv_emu.h | 31 - target/hexagon/cpu.c | 17 +- target/hexagon/cpu.h | 5 - target/hexagon/cpu_bits.h | 2 +- target/hexagon/decode.c | 85 +- target/hexagon/fma_emu.c | 40 +- target/hexagon/gen_tcg.h | 439 +- target/hexagon/gen_tcg_funcs.py | 2 +- target/hexagon/genptr.c | 256 +- target/hexagon/helper.h | 23 +- target/hexagon/iclass.c | 4 - target/hexagon/imported/alu.idef | 44 + target/hexagon/imported/compare.idef | 12 +- target/hexagon/imported/encode_pp.def | 33 + target/hexagon/imported/float.idef | 32 + target/hexagon/imported/ldst.idef | 68 + target/hexagon/imported/macros.def | 47 + target/hexagon/imported/shift.idef | 47 + target/hexagon/insn.h | 21 +- target/hexagon/internal.h | 11 +- target/hexagon/macros.h | 148 +- target/hexagon/meson.build | 1 - target/hexagon/op_helper.c | 437 +- target/hexagon/reg_fields.c | 3 +- target/hexagon/reg_fields.h | 4 +- target/hexagon/translate.c | 201 +- target/hexagon/translate.h | 9 +- target/hppa/Kconfig | 2 + target/hppa/cpu.c | 12 +- target/hppa/cpu.h | 1 - target/hppa/helper.h | 3 - target/hppa/trace-events | 2 +- target/hppa/translate.c | 116 +- target/i386/Kconfig | 5 + target/i386/cpu-dump.c | 63 +- target/i386/cpu-internal.h | 70 + target/i386/cpu-sysemu.c | 352 + target/i386/cpu.c | 1216 +- target/i386/cpu.h | 176 +- target/i386/gdbstub.c | 165 +- target/i386/hax/hax-mem.c | 5 +- target/i386/helper.c | 15 +- target/i386/helper.h | 47 +- target/i386/host-cpu.c | 207 + target/i386/host-cpu.h | 19 + target/i386/hvf/hvf-accel-ops.c | 146 - target/i386/hvf/hvf-accel-ops.h | 23 - target/i386/hvf/hvf-cpu.c | 97 + target/i386/hvf/hvf-i386.h | 33 +- target/i386/hvf/hvf.c | 476 +- target/i386/hvf/meson.build | 2 +- target/i386/hvf/vmx.h | 24 +- target/i386/hvf/x86.c | 28 +- target/i386/hvf/x86_descr.c | 26 +- target/i386/hvf/x86_emu.c | 62 +- target/i386/hvf/x86_mmu.c | 5 +- target/i386/hvf/x86_task.c | 12 +- target/i386/hvf/x86hvf.c | 237 +- target/i386/hvf/x86hvf.h | 2 - target/i386/kvm/hyperv-proto.h | 6 + target/i386/kvm/kvm-cpu.c | 201 + target/i386/kvm/kvm-cpu.h | 41 + target/i386/kvm/kvm-stub.c | 5 + target/i386/kvm/kvm.c | 678 +- target/i386/kvm/kvm_i386.h | 1 + target/i386/kvm/meson.build | 7 +- target/i386/kvm/trace-events | 2 +- target/i386/machine.c | 2 +- target/i386/meson.build | 10 +- target/i386/monitor.c | 6 + target/i386/nvmm/meson.build | 8 + target/i386/nvmm/nvmm-accel-ops.c | 111 + target/i386/nvmm/nvmm-accel-ops.h | 24 + target/i386/nvmm/nvmm-all.c | 1226 + target/i386/ops_sse_header.h | 3 - target/i386/sev-stub.c | 7 + target/i386/sev.c | 134 +- target/i386/sev_i386.h | 2 + target/i386/svm.h | 15 +- target/i386/tcg/bpt_helper.c | 299 +- target/i386/tcg/excp_helper.c | 591 +- target/i386/tcg/fpu_helper.c | 228 +- target/i386/tcg/helper-tcg.h | 13 +- target/i386/tcg/mem_helper.c | 15 +- target/i386/tcg/meson.build | 5 +- target/i386/tcg/misc_helper.c | 544 +- target/i386/tcg/seg_helper.c | 311 +- target/i386/tcg/seg_helper.h | 66 + target/i386/tcg/smm_helper.c | 334 - target/i386/tcg/svm_helper.c | 800 - target/i386/tcg/sysemu/bpt_helper.c | 298 + target/i386/tcg/sysemu/excp_helper.c | 471 + target/i386/tcg/sysemu/fpu_helper.c | 57 + target/i386/tcg/sysemu/meson.build | 10 + target/i386/tcg/sysemu/misc_helper.c | 509 + target/i386/tcg/sysemu/seg_helper.c | 154 + target/i386/tcg/sysemu/smm_helper.c | 319 + target/i386/tcg/sysemu/svm_helper.c | 816 + target/i386/tcg/sysemu/tcg-cpu.c | 83 + target/i386/tcg/tcg-cpu.c | 95 +- target/i386/tcg/tcg-cpu.h | 78 +- target/i386/tcg/translate.c | 1874 +- target/i386/tcg/user/excp_helper.c | 39 + target/i386/tcg/user/meson.build | 4 + target/i386/tcg/user/seg_helper.c | 109 + target/i386/trace-events | 3 +- target/i386/xsave_helper.c | 267 +- target/lm32/README | 45 - target/lm32/TODO | 1 - target/lm32/cpu-param.h | 17 - target/lm32/cpu-qom.h | 48 - target/lm32/cpu.c | 274 - target/lm32/cpu.h | 262 - target/lm32/gdbstub.c | 92 - target/lm32/helper.c | 224 - target/lm32/helper.h | 14 - target/lm32/lm32-semi.c | 212 - target/lm32/machine.c | 33 - target/lm32/meson.build | 15 - target/lm32/op_helper.c | 148 - target/lm32/translate.c | 1237 - target/m68k/Kconfig | 2 + target/m68k/cpu.c | 12 +- target/m68k/cpu.h | 8 + target/m68k/fpu_helper.c | 50 +- target/m68k/helper.h | 1 - target/m68k/op_helper.c | 19 +- target/m68k/softfloat.c | 90 +- target/m68k/translate.c | 82 +- target/meson.build | 3 - target/microblaze/Kconfig | 2 + target/microblaze/cpu.c | 12 +- target/microblaze/translate.c | 30 +- target/mips/Kconfig | 6 + target/mips/addr.c | 61 - target/mips/cp0_helper.c | 1706 -- target/mips/cp0_timer.c | 145 - target/mips/cpu-qom.h | 3 + target/mips/cpu.c | 295 +- target/mips/cpu.h | 10 +- target/mips/dsp_helper.c | 3771 --- target/mips/fpu.c | 25 + target/mips/fpu_helper.c | 2262 -- target/mips/fpu_helper.h | 10 +- target/mips/helper.h | 183 +- target/mips/internal.h | 107 +- target/mips/lmmi_helper.c | 747 - target/mips/machine.c | 324 - target/mips/meson.build | 53 +- target/mips/mips-semi.c | 373 - target/mips/mips32r6.decode | 36 - target/mips/mips64r6.decode | 27 - target/mips/msa.c | 60 + target/mips/msa32.decode | 29 - target/mips/msa64.decode | 17 - target/mips/msa_helper.c | 8633 ------- target/mips/msa_helper.h.inc | 443 - target/mips/msa_translate.c | 2286 -- target/mips/mxu_translate.c | 1609 -- target/mips/op_helper.c | 1210 - target/mips/rel6_translate.c | 43 - target/mips/sysemu/addr.c | 61 + target/mips/sysemu/cp0.c | 123 + target/mips/sysemu/cp0_timer.c | 145 + target/mips/sysemu/machine.c | 333 + target/mips/sysemu/meson.build | 7 + target/mips/sysemu/physaddr.c | 257 + target/mips/tcg/dsp_helper.c | 3771 +++ target/mips/tcg/exception.c | 167 + target/mips/tcg/fpu_helper.c | 2254 ++ target/mips/tcg/ldst_helper.c | 288 + target/mips/tcg/lmmi_helper.c | 747 + target/mips/tcg/meson.build | 34 + target/mips/tcg/micromips_translate.c.inc | 3231 +++ target/mips/tcg/mips16e_translate.c.inc | 1123 + target/mips/tcg/mips32r6.decode | 36 + target/mips/tcg/mips64r6.decode | 27 + target/mips/tcg/msa.decode | 31 + target/mips/tcg/msa_helper.c | 8597 +++++++ target/mips/tcg/msa_helper.h.inc | 443 + target/mips/tcg/msa_translate.c | 2275 ++ target/mips/tcg/mxu_translate.c | 1605 ++ target/mips/tcg/nanomips_translate.c.inc | 4922 ++++ target/mips/tcg/op_helper.c | 421 + target/mips/tcg/rel6_translate.c | 43 + target/mips/tcg/sysemu/cp0_helper.c | 1706 ++ target/mips/tcg/sysemu/meson.build | 6 + target/mips/tcg/sysemu/mips-semi.c | 367 + target/mips/tcg/sysemu/special_helper.c | 173 + target/mips/tcg/sysemu/tlb_helper.c | 1405 + target/mips/tcg/sysemu_helper.h.inc | 185 + target/mips/tcg/tcg-internal.h | 64 + target/mips/tcg/trace-events | 5 + target/mips/tcg/trace.h | 1 + target/mips/tcg/translate.c | 16380 ++++++++++++ target/mips/tcg/translate.h | 205 + target/mips/tcg/translate_addr_const.c | 61 + target/mips/tcg/tx79.decode | 73 + target/mips/tcg/tx79_translate.c | 685 + target/mips/tcg/txx9_translate.c | 20 + target/mips/tcg/user/meson.build | 3 + target/mips/tcg/user/tlb_helper.c | 64 + target/mips/tlb_helper.c | 1343 - target/mips/trace-events | 5 - target/mips/trace.h | 1 - target/mips/translate.c | 25753 ------------------- target/mips/translate.h | 195 - target/mips/translate_addr_const.c | 61 - target/mips/tx79.decode | 39 - target/mips/tx79_translate.c | 303 - target/mips/txx9_translate.c | 20 - target/moxie/cpu-param.h | 17 - target/moxie/cpu.c | 161 - target/moxie/cpu.h | 123 - target/moxie/helper.c | 120 - target/moxie/helper.h | 5 - target/moxie/machine.c | 19 - target/moxie/machine.h | 1 - target/moxie/meson.build | 14 - target/moxie/mmu.c | 32 - target/moxie/mmu.h | 19 - target/moxie/translate.c | 892 - target/nios2/Kconfig | 2 + target/nios2/cpu.c | 12 +- target/nios2/helper.h | 2 +- target/nios2/translate.c | 322 +- target/openrisc/Kconfig | 2 + target/openrisc/cpu.c | 12 +- target/openrisc/sys_helper.c | 1 - target/openrisc/translate.c | 101 +- target/ppc/Kconfig | 5 + target/ppc/arch_dump.c | 11 +- target/ppc/cpu-qom.h | 4 +- target/ppc/cpu.c | 107 + target/ppc/cpu.h | 123 +- target/ppc/cpu_init.c | 9287 +++++++ target/ppc/excp_helper.c | 335 +- target/ppc/fpu_helper.c | 246 +- target/ppc/gdbstub.c | 261 +- target/ppc/helper.h | 9 +- target/ppc/helper_regs.c | 280 + target/ppc/helper_regs.h | 183 +- target/ppc/insn32.decode | 126 + target/ppc/insn64.decode | 124 + target/ppc/int_helper.c | 72 +- target/ppc/internal.h | 30 + target/ppc/kvm.c | 12 + target/ppc/kvm_ppc.h | 12 + target/ppc/machine.c | 46 +- target/ppc/mem_helper.c | 18 +- target/ppc/meson.build | 22 +- target/ppc/misc_helper.c | 43 +- target/ppc/mmu-book3s-v3.c | 19 - target/ppc/mmu-book3s-v3.h | 6 +- target/ppc/mmu-books.h | 30 + target/ppc/mmu-hash32.c | 278 +- target/ppc/mmu-hash32.h | 8 +- target/ppc/mmu-hash64.c | 289 +- target/ppc/mmu-hash64.h | 10 +- target/ppc/mmu-radix64.c | 257 +- target/ppc/mmu-radix64.h | 6 +- target/ppc/mmu_helper.c | 570 +- target/ppc/spr_tcg.h | 136 + target/ppc/tcg-stub.c | 45 + target/ppc/trace-events | 2 +- target/ppc/translate.c | 2431 +- target/ppc/translate/fixedpoint-impl.c.inc | 333 + target/ppc/translate/vector-impl.c.inc | 56 + target/ppc/translate/vsx-impl.c.inc | 4 +- target/ppc/translate_init.c.inc | 10986 -------- target/riscv/Kconfig | 5 + target/riscv/bitmanip_helper.c | 90 + target/riscv/cpu.c | 81 +- target/riscv/cpu.h | 51 +- target/riscv/cpu_bits.h | 115 +- target/riscv/cpu_helper.c | 88 +- target/riscv/csr.c | 890 +- target/riscv/fpu_helper.c | 16 +- target/riscv/gdbstub.c | 10 +- target/riscv/helper.h | 24 +- target/riscv/insn16-32.decode | 28 - target/riscv/insn16-64.decode | 36 - target/riscv/insn16.decode | 30 + target/riscv/insn32-64.decode | 88 - target/riscv/insn32.decode | 154 +- target/riscv/insn_trans/trans_rva.c.inc | 14 +- target/riscv/insn_trans/trans_rvb.c.inc | 438 + target/riscv/insn_trans/trans_rvd.c.inc | 17 +- target/riscv/insn_trans/trans_rvf.c.inc | 6 +- target/riscv/insn_trans/trans_rvh.c.inc | 8 +- target/riscv/insn_trans/trans_rvi.c.inc | 76 +- target/riscv/insn_trans/trans_rvm.c.inc | 12 +- target/riscv/insn_trans/trans_rvv.c.inc | 128 +- target/riscv/machine.c | 8 +- target/riscv/meson.build | 14 +- target/riscv/monitor.c | 22 +- target/riscv/op_helper.c | 30 +- target/riscv/pmp.c | 232 +- target/riscv/pmp.h | 14 + target/riscv/trace-events | 3 + target/riscv/translate.c | 381 +- target/riscv/vector_helper.c | 18 +- target/rx/Kconfig | 2 + target/rx/cpu.c | 14 +- target/rx/helper.c | 1 - target/rx/translate.c | 26 +- target/s390x/Kconfig | 2 + target/s390x/arch_dump.c | 2 +- target/s390x/cc_helper.c | 538 - target/s390x/cpu-dump.c | 134 + target/s390x/cpu-sysemu.c | 309 + target/s390x/cpu.c | 327 +- target/s390x/cpu.h | 3 + target/s390x/cpu_features_def.h.inc | 5 + target/s390x/cpu_models.c | 431 +- target/s390x/cpu_models_sysemu.c | 426 + target/s390x/cpu_models_user.c | 20 + target/s390x/crypto_helper.c | 61 - target/s390x/diag.c | 8 +- target/s390x/excp_helper.c | 640 - target/s390x/fpu_helper.c | 888 - target/s390x/gdbstub.c | 17 +- target/s390x/gen-features.c | 28 +- target/s390x/helper.c | 159 +- target/s390x/helper.h | 94 +- target/s390x/insn-data.def | 1386 - target/s390x/insn-format.def | 81 - target/s390x/int_helper.c | 148 - target/s390x/internal.h | 384 - target/s390x/interrupt.c | 7 +- target/s390x/ioinst.c | 2 +- target/s390x/kvm-stub.c | 126 - target/s390x/kvm.c | 2572 -- target/s390x/kvm/kvm.c | 2564 ++ target/s390x/kvm/kvm_s390x.h | 49 + target/s390x/kvm/meson.build | 17 + target/s390x/kvm/trace-events | 7 + target/s390x/kvm/trace.h | 1 + target/s390x/kvm_s390x.h | 50 - target/s390x/machine.c | 6 +- target/s390x/mem_helper.c | 3008 --- target/s390x/meson.build | 42 +- target/s390x/misc_helper.c | 785 - target/s390x/mmu_helper.c | 4 +- target/s390x/s390-tod.h | 29 - target/s390x/s390x-internal.h | 396 + target/s390x/sigp.c | 5 +- target/s390x/tcg-stub.c | 30 - target/s390x/tcg/cc_helper.c | 538 + target/s390x/tcg/crypto_helper.c | 61 + target/s390x/tcg/excp_helper.c | 641 + target/s390x/tcg/fpu_helper.c | 976 + target/s390x/tcg/insn-data.def | 1398 + target/s390x/tcg/insn-format.def | 81 + target/s390x/tcg/int_helper.c | 148 + target/s390x/tcg/mem_helper.c | 3003 +++ target/s390x/tcg/meson.build | 14 + target/s390x/tcg/misc_helper.c | 785 + target/s390x/tcg/s390-tod.h | 29 + target/s390x/tcg/tcg_s390x.h | 24 + target/s390x/tcg/translate.c | 6648 +++++ target/s390x/tcg/translate_vx.c.inc | 3109 +++ target/s390x/tcg/vec.h | 141 + target/s390x/tcg/vec_fpu_helper.c | 1072 + target/s390x/tcg/vec_helper.c | 214 + target/s390x/tcg/vec_int_helper.c | 587 + target/s390x/tcg/vec_string_helper.c | 473 + target/s390x/tcg_s390x.h | 24 - target/s390x/trace-events | 10 +- target/s390x/translate.c | 6692 ----- target/s390x/translate_vx.c.inc | 2718 -- target/s390x/vec.h | 141 - target/s390x/vec_fpu_helper.c | 625 - target/s390x/vec_helper.c | 192 - target/s390x/vec_int_helper.c | 587 - target/s390x/vec_string_helper.c | 473 - target/sh4/Kconfig | 2 + target/sh4/cpu.c | 15 +- target/sh4/helper.c | 7 +- target/sh4/translate.c | 33 +- target/sparc/Kconfig | 5 + target/sparc/cpu.c | 14 +- target/sparc/cpu.h | 6 - target/sparc/int32_helper.c | 70 +- target/sparc/int64_helper.c | 66 + target/sparc/trace-events | 14 +- target/sparc/translate.c | 37 +- target/tricore/Kconfig | 2 + target/tricore/cpu.c | 10 +- target/tricore/translate.c | 36 +- target/unicore32/cpu-param.h | 17 - target/unicore32/cpu-qom.h | 37 - target/unicore32/cpu.c | 174 - target/unicore32/cpu.h | 168 - target/unicore32/helper.c | 183 - target/unicore32/helper.h | 62 - target/unicore32/meson.build | 14 - target/unicore32/op_helper.c | 244 - target/unicore32/softmmu.c | 280 - target/unicore32/translate.c | 2083 -- target/unicore32/ucf64_helper.c | 324 - target/xtensa/Kconfig | 2 + target/xtensa/cpu.c | 15 +- target/xtensa/cpu.h | 7 - target/xtensa/exc_helper.c | 5 - target/xtensa/helper.c | 13 +- target/xtensa/op_helper.c | 1 - target/xtensa/translate.c | 151 +- target/xtensa/xtensa-semi.c | 84 +- tcg/README | 24 +- tcg/aarch64/tcg-target.c.inc | 135 +- tcg/aarch64/tcg-target.h | 4 +- tcg/arm/tcg-target-con-set.h | 10 + tcg/arm/tcg-target-con-str.h | 3 + tcg/arm/tcg-target.c.inc | 1260 +- tcg/arm/tcg-target.h | 56 +- tcg/arm/tcg-target.opc.h | 16 + tcg/i386/tcg-target.c.inc | 24 +- tcg/i386/tcg-target.h | 3 +- tcg/meson.build | 20 + tcg/mips/tcg-target.c.inc | 107 +- tcg/mips/tcg-target.h | 7 +- tcg/optimize.c | 59 +- tcg/ppc/tcg-target.c.inc | 232 +- tcg/ppc/tcg-target.h | 3 +- tcg/region.c | 982 + tcg/riscv/tcg-target.c.inc | 68 +- tcg/riscv/tcg-target.h | 2 +- tcg/s390/tcg-target.c.inc | 39 +- tcg/s390/tcg-target.h | 4 +- tcg/sparc/tcg-target.c.inc | 27 +- tcg/sparc/tcg-target.h | 2 +- tcg/tcg-internal.h | 62 + tcg/tcg-op-gvec.c | 142 +- tcg/tcg-op-vec.c | 1 - tcg/tcg-op.c | 227 +- tcg/tcg.c | 995 +- tcg/tci.c | 1194 +- tcg/tci/README | 20 +- tcg/tci/tcg-target-con-set.h | 1 + tcg/tci/tcg-target.c.inc | 573 +- tcg/tci/tcg-target.h | 68 +- tests/Makefile.include | 4 +- tests/acceptance/avocado_qemu/__init__.py | 250 +- tests/acceptance/boot_linux.py | 51 +- tests/acceptance/boot_linux_console.py | 143 +- tests/acceptance/boot_xen.py | 1 - tests/acceptance/cpu_queries.py | 4 +- tests/acceptance/hotplug_cpu.py | 37 + tests/acceptance/info_usernet.py | 29 + tests/acceptance/intel_iommu.py | 119 + tests/acceptance/linux_ssh_mips_malta.py | 49 +- tests/acceptance/machine_mips_fuloong2e.py | 42 + tests/acceptance/machine_mips_malta.py | 7 +- tests/acceptance/pc_cpu_hotplug_props.py | 2 +- tests/acceptance/ppc_prep_40p.py | 2 + tests/acceptance/replay_kernel.py | 17 +- tests/acceptance/reverse_debugging.py | 2 +- tests/acceptance/smmu.py | 137 + tests/acceptance/tcg_plugins.py | 15 +- tests/acceptance/virtio-gpu.py | 44 +- tests/acceptance/virtiofs_submounts.py | 71 +- tests/acceptance/x86_cpu_model_versions.py | 40 +- tests/data/acpi/microvm/DSDT.pcie | Bin 3031 -> 3023 bytes tests/data/acpi/pc/DSDT | Bin 6002 -> 6002 bytes tests/data/acpi/pc/DSDT.acpihmat | Bin 7327 -> 7327 bytes tests/data/acpi/pc/DSDT.bridge | Bin 8668 -> 8668 bytes tests/data/acpi/pc/DSDT.cphp | Bin 6466 -> 6466 bytes tests/data/acpi/pc/DSDT.dimmpxm | Bin 7656 -> 7656 bytes tests/data/acpi/pc/DSDT.hpbridge | Bin 5969 -> 5969 bytes tests/data/acpi/pc/DSDT.ipmikcs | Bin 6074 -> 6074 bytes tests/data/acpi/pc/DSDT.memhp | Bin 7361 -> 7361 bytes tests/data/acpi/pc/DSDT.nohpet | Bin 5860 -> 5860 bytes tests/data/acpi/pc/DSDT.numamem | Bin 6008 -> 6008 bytes tests/data/acpi/q35/DSDT | Bin 7859 -> 8289 bytes tests/data/acpi/q35/DSDT.acpihmat | Bin 9184 -> 9614 bytes tests/data/acpi/q35/DSDT.bridge | Bin 7877 -> 11003 bytes tests/data/acpi/q35/DSDT.cphp | Bin 8323 -> 8753 bytes tests/data/acpi/q35/DSDT.dimmpxm | Bin 9513 -> 9943 bytes tests/data/acpi/q35/DSDT.ipmibt | Bin 7934 -> 8364 bytes tests/data/acpi/q35/DSDT.memhp | Bin 9218 -> 9648 bytes tests/data/acpi/q35/DSDT.mmio64 | Bin 8990 -> 9419 bytes tests/data/acpi/q35/DSDT.nohpet | Bin 7717 -> 8147 bytes tests/data/acpi/q35/DSDT.numamem | Bin 7865 -> 8295 bytes tests/data/acpi/q35/DSDT.tis | Bin 8465 -> 8894 bytes tests/data/acpi/virt/DSDT | Bin 5204 -> 5196 bytes tests/data/acpi/virt/DSDT.memhp | Bin 6565 -> 6557 bytes tests/data/acpi/virt/DSDT.numamem | Bin 5204 -> 5196 bytes tests/data/acpi/virt/DSDT.pxb | Bin 7695 -> 7679 bytes tests/decode/succ_argset_type1.decode | 1 + tests/docker/Makefile.include | 29 +- tests/docker/common.rc | 19 +- tests/docker/docker.py | 82 +- tests/docker/dockerfiles/alpine.docker | 4 + tests/docker/dockerfiles/centos7.docker | 43 - tests/docker/dockerfiles/centos8.docker | 84 +- .../docker/dockerfiles/debian-hexagon-cross.docker | 45 + .../build-toolchain.sh | 141 + .../docker/dockerfiles/debian-powerpc-cross.docker | 12 - .../dockerfiles/debian-powerpc-test-cross.docker | 17 + tests/docker/dockerfiles/debian-ppc64-cross.docker | 11 - .../docker/dockerfiles/debian-tricore-cross.docker | 34 +- .../docker/dockerfiles/debian-xtensa-cross.docker | 2 +- tests/docker/dockerfiles/debian10.docker | 6 +- tests/docker/dockerfiles/debian11.docker | 2 +- tests/docker/dockerfiles/fedora-cris-cross.docker | 2 +- tests/docker/dockerfiles/fedora-i386-cross.docker | 4 +- tests/docker/dockerfiles/fedora-win32-cross.docker | 6 +- tests/docker/dockerfiles/fedora-win64-cross.docker | 7 +- tests/docker/dockerfiles/fedora.docker | 68 +- tests/docker/dockerfiles/opensuse-leap.docker | 78 +- tests/docker/dockerfiles/python.docker | 18 + tests/docker/dockerfiles/ubuntu.docker | 6 +- tests/docker/dockerfiles/ubuntu1804.docker | 72 +- tests/docker/dockerfiles/ubuntu2004.docker | 66 +- tests/docker/run | 3 - tests/docker/test-clang | 2 +- tests/docker/test-debug | 2 +- tests/docker/test-mingw | 3 +- tests/docker/test-misc | 2 +- tests/docker/test-tsan | 2 +- tests/fp/fp-bench.c | 88 +- tests/fp/fp-test-log2.c | 118 + tests/fp/fp-test.c | 11 +- tests/fp/meson.build | 27 +- tests/fp/wrap.c.inc | 14 +- tests/migration/guestperf/comparison.py | 14 + tests/migration/guestperf/engine.py | 22 +- tests/migration/guestperf/scenario.py | 12 +- tests/migration/guestperf/shell.py | 10 +- tests/plugin/syscall.c | 98 +- tests/qapi-schema/alternate-data-invalid.err | 2 + tests/qapi-schema/alternate-data-invalid.json | 4 + tests/qapi-schema/alternate-data-invalid.out | 0 tests/qapi-schema/enum-dict-no-name.err | 2 + tests/qapi-schema/enum-dict-no-name.json | 2 + tests/qapi-schema/enum-dict-no-name.out | 0 tests/qapi-schema/meson.build | 13 +- tests/qapi-schema/missing-array-rsqb.err | 1 + tests/qapi-schema/missing-array-rsqb.json | 1 + tests/qapi-schema/missing-array-rsqb.out | 0 .../qapi-schema/missing-object-member-element.err | 1 + .../qapi-schema/missing-object-member-element.json | 1 + .../qapi-schema/missing-object-member-element.out | 0 tests/qapi-schema/missing-schema.err | 1 + tests/qapi-schema/missing-schema.out | 0 tests/qapi-schema/non-objects.err | 2 +- tests/qapi-schema/quoted-structural-chars.err | 2 +- tests/qapi-schema/test-qapi.py | 3 - tests/qapi-schema/union-invalid-data.err | 2 + tests/qapi-schema/union-invalid-data.json | 6 + tests/qapi-schema/union-invalid-data.out | 0 tests/qemu-iotests/005 | 5 - tests/qemu-iotests/025 | 2 +- tests/qemu-iotests/040 | 4 +- tests/qemu-iotests/041 | 6 +- tests/qemu-iotests/061 | 3 + tests/qemu-iotests/061.out | 3 +- tests/qemu-iotests/082.out | 6 +- tests/qemu-iotests/114 | 18 +- tests/qemu-iotests/114.out | 11 +- tests/qemu-iotests/122.out | 84 +- tests/qemu-iotests/146.out | 780 +- tests/qemu-iotests/151 | 54 +- tests/qemu-iotests/151.out | 4 +- tests/qemu-iotests/154.out | 190 +- tests/qemu-iotests/155 | 9 +- tests/qemu-iotests/165 | 4 +- tests/qemu-iotests/172.out | 38 + tests/qemu-iotests/179.out | 133 +- tests/qemu-iotests/189 | 2 +- tests/qemu-iotests/198 | 2 +- tests/qemu-iotests/207 | 54 + tests/qemu-iotests/207.out | 25 + tests/qemu-iotests/209.out | 4 +- tests/qemu-iotests/211.out | 8 +- tests/qemu-iotests/221.out | 16 +- tests/qemu-iotests/223.out | 56 +- tests/qemu-iotests/231 | 4 + tests/qemu-iotests/231.out | 7 +- tests/qemu-iotests/233 | 2 +- tests/qemu-iotests/233.out | 4 +- tests/qemu-iotests/240.out | 8 +- tests/qemu-iotests/241.out | 10 +- tests/qemu-iotests/244.out | 23 +- tests/qemu-iotests/245 | 220 +- tests/qemu-iotests/245.out | 17 +- tests/qemu-iotests/248 | 4 +- tests/qemu-iotests/248.out | 2 +- tests/qemu-iotests/252.out | 10 +- tests/qemu-iotests/253.out | 20 +- tests/qemu-iotests/264 | 2 +- tests/qemu-iotests/274.out | 48 +- tests/qemu-iotests/283.out | 2 +- tests/qemu-iotests/291 | 135 - tests/qemu-iotests/291.out | 118 - tests/qemu-iotests/295.out | 6 +- tests/qemu-iotests/296 | 11 +- tests/qemu-iotests/296.out | 8 +- tests/qemu-iotests/297 | 1 + tests/qemu-iotests/298 | 4 +- tests/qemu-iotests/300 | 4 +- tests/qemu-iotests/301 | 4 +- tests/qemu-iotests/301.out | 16 +- tests/qemu-iotests/307 | 15 + tests/qemu-iotests/307.out | 10 +- tests/qemu-iotests/308 | 20 +- tests/qemu-iotests/308.out | 6 +- tests/qemu-iotests/309 | 78 - tests/qemu-iotests/309.out | 22 - tests/qemu-iotests/check | 22 +- tests/qemu-iotests/common.filter | 5 + tests/qemu-iotests/common.rc | 10 +- tests/qemu-iotests/iotests.py | 149 +- tests/qemu-iotests/pylintrc | 3 + tests/qemu-iotests/testenv.py | 22 +- tests/qemu-iotests/testrunner.py | 37 +- tests/qemu-iotests/tests/fuse-allow-other | 168 + tests/qemu-iotests/tests/fuse-allow-other.out | 88 + tests/qemu-iotests/tests/nbd-qemu-allocation | 81 + tests/qemu-iotests/tests/nbd-qemu-allocation.out | 32 + tests/qemu-iotests/tests/qemu-img-bitmaps | 167 + tests/qemu-iotests/tests/qemu-img-bitmaps.out | 183 + tests/qemu-iotests/tests/qsd-jobs.out | 2 +- .../qemu-iotests/tests/remove-bitmap-from-backing | 22 +- tests/qtest/adm1272-test.c | 445 + tests/qtest/ahci-test.c | 4 +- tests/qtest/aspeed_hace-test.c | 469 + tests/qtest/aspeed_smc-test.c | 382 + tests/qtest/bios-tables-test.c | 8 +- tests/qtest/boot-serial-test.c | 45 +- tests/qtest/e1000e-test.c | 3 +- tests/qtest/emc141x-test.c | 2 +- tests/qtest/fuzz-sb16-test.c | 69 + tests/qtest/fuzz-sdcard-test.c | 102 + tests/qtest/fuzz/fuzz.c | 2 +- tests/qtest/fuzz/generic_fuzz.c | 6 +- tests/qtest/fuzz/qos_fuzz.c | 2 - tests/qtest/fuzz/qos_fuzz.h | 4 +- tests/qtest/hd-geo-test.c | 4 +- tests/qtest/ipmi-bt-test.c | 6 +- tests/qtest/ipmi-kcs-test.c | 3 +- tests/qtest/libqos/meson.build | 1 + tests/qtest/libqos/qgraph.c | 2 +- tests/qtest/libqos/vhost-user-blk.c | 130 + tests/qtest/libqos/vhost-user-blk.h | 48 + tests/qtest/libqos/virtio-9p.c | 5 + tests/qtest/libqtest.c | 9 +- tests/qtest/m25p80-test.c | 382 - tests/qtest/machine-none-test.c | 3 - tests/qtest/max34451-test.c | 336 + tests/qtest/meson.build | 20 +- tests/qtest/migration-test.c | 138 +- tests/qtest/npcm7xx_pwm-test.c | 4 +- tests/qtest/npcm7xx_smbus-test.c | 2 +- tests/qtest/numa-test.c | 22 +- tests/qtest/nvme-test.c | 87 +- tests/qtest/pflash-cfi02-test.c | 2 +- tests/qtest/rtas-test.c | 15 +- tests/qtest/rtc-test.c | 6 +- tests/qtest/tmp105-test.c | 2 +- tests/qtest/tpm-tests.c | 12 +- tests/qtest/tpm-util.c | 4 +- tests/qtest/vhost-user-blk-test.c | 997 + tests/qtest/virtio-9p-test.c | 5 + tests/qtest/virtio-scsi-test.c | 51 + tests/requirements.txt | 2 +- tests/tcg/Makefile.qemu | 17 + tests/tcg/Makefile.target | 11 +- tests/tcg/README | 6 - tests/tcg/aarch64/Makefile.target | 2 +- tests/tcg/aarch64/mte-5.c | 44 + tests/tcg/aarch64/mte-7.c | 31 + tests/tcg/configure.sh | 223 +- tests/tcg/hexagon/Makefile.target | 15 +- tests/tcg/hexagon/brev.c | 190 + tests/tcg/hexagon/circ.c | 486 + tests/tcg/hexagon/fpstuff.c | 242 + tests/tcg/hexagon/load_align.c | 415 + tests/tcg/hexagon/load_unpack.c | 474 + tests/tcg/hexagon/misc.c | 95 +- tests/tcg/hexagon/multi_result.c | 282 + tests/tcg/hppa/Makefile.target | 1 + tests/tcg/i386/Makefile.target | 3 + tests/tcg/lm32/Makefile | 106 - tests/tcg/lm32/crt.S | 84 - tests/tcg/lm32/helper.S | 65 - tests/tcg/lm32/linker.ld | 55 - tests/tcg/lm32/macros.inc | 90 - tests/tcg/lm32/test_add.S | 75 - tests/tcg/lm32/test_addi.S | 56 - tests/tcg/lm32/test_and.S | 45 - tests/tcg/lm32/test_andhi.S | 35 - tests/tcg/lm32/test_andi.S | 35 - tests/tcg/lm32/test_b.S | 13 - tests/tcg/lm32/test_be.S | 48 - tests/tcg/lm32/test_bg.S | 78 - tests/tcg/lm32/test_bge.S | 78 - tests/tcg/lm32/test_bgeu.S | 78 - tests/tcg/lm32/test_bgu.S | 78 - tests/tcg/lm32/test_bi.S | 23 - tests/tcg/lm32/test_bne.S | 48 - tests/tcg/lm32/test_break.S | 20 - tests/tcg/lm32/test_bret.S | 38 - tests/tcg/lm32/test_call.S | 16 - tests/tcg/lm32/test_calli.S | 15 - tests/tcg/lm32/test_cmpe.S | 40 - tests/tcg/lm32/test_cmpei.S | 35 - tests/tcg/lm32/test_cmpg.S | 64 - tests/tcg/lm32/test_cmpge.S | 64 - tests/tcg/lm32/test_cmpgei.S | 70 - tests/tcg/lm32/test_cmpgeu.S | 64 - tests/tcg/lm32/test_cmpgeui.S | 70 - tests/tcg/lm32/test_cmpgi.S | 70 - tests/tcg/lm32/test_cmpgu.S | 64 - tests/tcg/lm32/test_cmpgui.S | 70 - tests/tcg/lm32/test_cmpne.S | 40 - tests/tcg/lm32/test_cmpnei.S | 35 - tests/tcg/lm32/test_divu.S | 29 - tests/tcg/lm32/test_eret.S | 38 - tests/tcg/lm32/test_lb.S | 49 - tests/tcg/lm32/test_lbu.S | 49 - tests/tcg/lm32/test_lh.S | 49 - tests/tcg/lm32/test_lhu.S | 49 - tests/tcg/lm32/test_lw.S | 32 - tests/tcg/lm32/test_modu.S | 35 - tests/tcg/lm32/test_mul.S | 70 - tests/tcg/lm32/test_muli.S | 45 - tests/tcg/lm32/test_nor.S | 51 - tests/tcg/lm32/test_nori.S | 35 - tests/tcg/lm32/test_or.S | 51 - tests/tcg/lm32/test_orhi.S | 35 - tests/tcg/lm32/test_ori.S | 35 - tests/tcg/lm32/test_ret.S | 14 - tests/tcg/lm32/test_sb.S | 32 - tests/tcg/lm32/test_scall.S | 24 - tests/tcg/lm32/test_sextb.S | 20 - tests/tcg/lm32/test_sexth.S | 20 - tests/tcg/lm32/test_sh.S | 32 - tests/tcg/lm32/test_sl.S | 45 - tests/tcg/lm32/test_sli.S | 30 - tests/tcg/lm32/test_sr.S | 57 - tests/tcg/lm32/test_sri.S | 40 - tests/tcg/lm32/test_sru.S | 57 - tests/tcg/lm32/test_srui.S | 40 - tests/tcg/lm32/test_sub.S | 75 - tests/tcg/lm32/test_sw.S | 38 - tests/tcg/lm32/test_xnor.S | 51 - tests/tcg/lm32/test_xnori.S | 35 - tests/tcg/lm32/test_xor.S | 51 - tests/tcg/lm32/test_xori.S | 35 - tests/tcg/minilib/minilib.h | 4 +- tests/tcg/multiarch/Makefile.target | 10 + tests/tcg/multiarch/linux-test.c | 9 + tests/tcg/multiarch/signals.c | 149 + tests/tcg/multiarch/system/memory.c | 1 + tests/tcg/multiarch/test-mmap.c | 208 +- tests/tcg/ppc64/Makefile.target | 13 + tests/tcg/ppc64le/Makefile.target | 13 + tests/tcg/ppc64le/byte_reverse.c | 21 + tests/tcg/s390x/Makefile.target | 1 + tests/tcg/s390x/trap.c | 102 + tests/tcg/sparc64/Makefile.target | 7 +- tests/tcg/tricore/Makefile.softmmu-target | 26 + tests/tcg/tricore/link.ld | 60 + tests/tcg/tricore/macros.h | 129 + tests/tcg/tricore/test_abs.S | 7 + tests/tcg/tricore/test_bmerge.S | 8 + tests/tcg/tricore/test_clz.S | 9 + tests/tcg/tricore/test_dvstep.S | 15 + tests/tcg/tricore/test_fadd.S | 16 + tests/tcg/tricore/test_fmul.S | 8 + tests/tcg/tricore/test_ftoi.S | 10 + tests/tcg/tricore/test_madd.S | 11 + tests/tcg/tricore/test_msub.S | 9 + tests/tcg/tricore/test_muls.S | 9 + tests/tcg/x86_64/Makefile.target | 6 +- tests/tcg/x86_64/vsyscall.c | 12 + tests/tcg/xtensa/test_load_store.S | 221 + tests/unit/crypto-tls-psk-helpers.c | 6 - tests/unit/crypto-tls-psk-helpers.h | 4 - tests/unit/crypto-tls-x509-helpers.c | 4 - tests/unit/crypto-tls-x509-helpers.h | 11 +- tests/unit/iothread.c | 9 +- tests/unit/meson.build | 11 +- tests/unit/pkix_asn1_tab.c | 3 - tests/unit/ptimer-test-stubs.c | 2 +- tests/unit/test-aio.c | 37 + tests/unit/test-bdrv-drain.c | 3 +- tests/unit/test-bdrv-graph-mod.c | 210 +- tests/unit/test-block-iothread.c | 6 - tests/unit/test-crypto-cipher.c | 31 +- tests/unit/test-crypto-hash.c | 13 +- tests/unit/test-crypto-hmac.c | 28 +- tests/unit/test-crypto-ivgen.c | 14 +- tests/unit/test-crypto-pbkdf.c | 5 +- tests/unit/test-crypto-tlscredsx509.c | 12 - tests/unit/test-crypto-tlssession.c | 12 - tests/unit/test-forward-visitor.c | 197 + tests/unit/test-io-channel-tls.c | 12 - tests/unit/test-iov.c | 5 +- tests/unit/test-keyval.c | 58 + tests/unit/test-qemu-opts.c | 35 - tests/unit/test-replication.c | 2 +- tests/unit/test-vmstate.c | 5 +- tests/unit/test-write-threshold.c | 90 +- tests/vm/Makefile.include | 1 + tests/vm/aarch64vm.py | 2 +- tests/vm/basevm.py | 16 +- tests/vm/centos | 17 +- tests/vm/centos.aarch64 | 2 +- tests/vm/netbsd | 4 +- tests/vm/openbsd | 4 +- tools/ebpf/Makefile.ebpf | 21 + tools/ebpf/rss.bpf.c | 571 + tools/virtiofsd/buffer.c | 4 +- tools/virtiofsd/fuse_common.h | 5 + tools/virtiofsd/fuse_lowlevel.c | 67 +- tools/virtiofsd/fuse_lowlevel.h | 3 +- tools/virtiofsd/fuse_opt.c | 4 +- tools/virtiofsd/fuse_virtio.c | 216 +- tools/virtiofsd/helper.c | 4 + tools/virtiofsd/passthrough_ll.c | 318 +- tools/virtiofsd/passthrough_seccomp.c | 1 + trace-events | 7 +- trace/control-target.c | 2 +- trace/control.c | 39 +- trace/control.h | 30 +- trace/mem-internal.h | 50 - trace/mem.h | 46 +- trace/meson.build | 2 +- trace/qmp.c | 6 +- trace/simple.c | 22 +- trace/simple.h | 1 + ui/clipboard.c | 92 + ui/cocoa.m | 162 +- ui/console.c | 8 +- ui/egl-headless.c | 2 + ui/gtk-clipboard.c | 192 + ui/gtk.c | 126 +- ui/input-barrier.c | 5 + ui/keycodemapdb | 2 +- ui/meson.build | 6 +- ui/qemu-pixman.c | 35 +- ui/sdl2.c | 9 +- ui/spice-app.c | 6 +- ui/spice-core.c | 5 + ui/spice-display.c | 4 + ui/trace-events | 12 +- ui/udmabuf.c | 40 + ui/vdagent.c | 803 + ui/vnc-auth-sasl.c | 20 + ui/vnc-auth-sasl.h | 1 + ui/vnc-clipboard.c | 323 + ui/vnc.c | 60 +- ui/vnc.h | 24 + ui/x_keymap.c | 15 +- util/aio-posix.c | 12 + util/aio-win32.c | 5 + util/async.c | 47 +- util/compatfd.c | 8 +- util/cutils.c | 2 +- util/guest-random.c | 2 +- util/keyval.c | 123 +- util/main-loop.c | 114 +- util/meson.build | 8 +- util/mmap-alloc.c | 214 +- util/module.c | 193 +- util/osdep.c | 9 + util/oslib-posix.c | 18 +- util/oslib-win32.c | 224 +- util/qemu-co-shared-resource.c | 24 +- util/qemu-config.c | 96 +- util/qemu-coroutine-sleep.c | 75 +- util/qemu-option.c | 56 +- util/qemu-sockets.c | 76 +- util/qemu-thread-posix.c | 24 +- util/qemu-thread-win32.c | 2 +- util/qsp.c | 4 +- util/selfmap.c | 29 +- util/trace-events | 6 +- util/transactions.c | 96 + util/uri.c | 22 +- util/vfio-helpers.c | 41 +- 2742 files changed, 219900 insertions(+), 184295 deletions(-) diff --git a/.cirrus.yml b/.cirrus.yml index f53c519447..02c43a074a 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -1,61 +1,6 @@ env: CIRRUS_CLONE_DEPTH: 1 -freebsd_12_task: - freebsd_instance: - image_family: freebsd-12-2 - cpu: 8 - memory: 8G - install_script: - - ASSUME_ALWAYS_YES=yes pkg bootstrap -f ; - - pkg install -y bash curl cyrus-sasl git glib gmake gnutls gsed - nettle perl5 pixman pkgconf png usbredir ninja - script: - - mkdir build - - cd build - # TODO: Enable gnutls again once FreeBSD's libtasn1 got fixed - # See: https://gitlab.com/gnutls/libtasn1/-/merge_requests/71 - - ../configure --enable-werror --disable-gnutls - || { cat config.log meson-logs/meson-log.txt; exit 1; } - - gmake -j$(sysctl -n hw.ncpu) - - gmake -j$(sysctl -n hw.ncpu) check V=1 - -macos_task: - osx_instance: - image: catalina-base - install_script: - - brew install pkg-config python gnu-sed glib pixman make sdl2 bash ninja - script: - - mkdir build - - cd build - - ../configure --python=/usr/local/bin/python3 --enable-werror - --extra-cflags='-Wno-error=deprecated-declarations' - || { cat config.log meson-logs/meson-log.txt; exit 1; } - - gmake -j$(sysctl -n hw.ncpu) - - gmake check-unit V=1 - - gmake check-block V=1 - - gmake check-qapi-schema V=1 - - gmake check-softfloat V=1 - - gmake check-qtest-x86_64 V=1 - -macos_xcode_task: - osx_instance: - # this is an alias for the latest Xcode - image: catalina-xcode - install_script: - - brew install pkg-config gnu-sed glib pixman make sdl2 bash ninja - script: - - mkdir build - - cd build - - ../configure --extra-cflags='-Wno-error=deprecated-declarations' --enable-modules - --enable-werror --cc=clang || { cat config.log meson-logs/meson-log.txt; exit 1; } - - gmake -j$(sysctl -n hw.ncpu) - - gmake check-unit V=1 - - gmake check-block V=1 - - gmake check-qapi-schema V=1 - - gmake check-softfloat V=1 - - gmake check-qtest-x86_64 V=1 - windows_msys2_task: timeout_in: 90m windows_container: @@ -67,7 +12,7 @@ windows_msys2_task: CIRRUS_SHELL: powershell MSYS: winsymlinks:nativestrict MSYSTEM: MINGW64 - MSYS2_URL: https://github.com/msys2/msys2-installer/releases/download/2021-01-05/msys2-base-x86_64-20210105.sfx.exe + MSYS2_URL: https://github.com/msys2/msys2-installer/releases/download/2021-04-19/msys2-base-x86_64-20210419.sfx.exe MSYS2_FINGERPRINT: 0 MSYS2_PACKAGES: " diffutils git grep make pkg-config sed @@ -130,7 +75,7 @@ windows_msys2_task: taskkill /F /FI "MODULES eq msys-2.0.dll" tasklist C:\tools\msys64\usr\bin\bash.exe -lc "mv -f /etc/pacman.conf.pacnew /etc/pacman.conf || true" - C:\tools\msys64\usr\bin\bash.exe -lc "pacman --noconfirm -Suu --overwrite=*" + C:\tools\msys64\usr\bin\bash.exe -lc "pacman --noconfirm -Syuu --overwrite=*" Write-Output "Core install time taken: $((Get-Date).Subtract($start_time))" $start_time = Get-Date diff --git a/.github/lockdown.yml b/.github/lockdown.yml index 07fc2f31ee..d3546bd2bc 100644 --- a/.github/lockdown.yml +++ b/.github/lockdown.yml @@ -14,11 +14,11 @@ issues: at https://gitlab.com/qemu-project/qemu.git. The project does not process issues filed on GitHub. - The project issues are tracked on Launchpad: - https://bugs.launchpad.net/qemu + The project issues are tracked on GitLab: + https://gitlab.com/qemu-project/qemu/-/issues QEMU welcomes bug report contributions. You can file new ones on: - https://bugs.launchpad.net/qemu/+filebug + https://gitlab.com/qemu-project/qemu/-/issues/new pulls: comment: | diff --git a/.gitignore b/.gitignore index 75a4be0724..eb2553026c 100644 --- a/.gitignore +++ b/.gitignore @@ -13,3 +13,5 @@ GTAGS *~ *.ast_raw *.depend_raw +*.swp +*.patch diff --git a/.gitlab-ci.d/buildtest-template.yml b/.gitlab-ci.d/buildtest-template.yml new file mode 100644 index 0000000000..fcbcc4e627 --- /dev/null +++ b/.gitlab-ci.d/buildtest-template.yml @@ -0,0 +1,81 @@ +.native_build_job_template: + stage: build + image: $CI_REGISTRY_IMAGE/qemu/$IMAGE:latest + before_script: + - JOBS=$(expr $(nproc) + 1) + script: + - if test -n "$LD_JOBS"; + then + scripts/git-submodule.sh update meson ; + fi + - mkdir build + - cd build + - if test -n "$TARGETS"; + then + ../configure --enable-werror --disable-docs ${LD_JOBS:+--meson=git} $CONFIGURE_ARGS --target-list="$TARGETS" ; + else + ../configure --enable-werror --disable-docs ${LD_JOBS:+--meson=git} $CONFIGURE_ARGS ; + fi || { cat config.log meson-logs/meson-log.txt && exit 1; } + - if test -n "$LD_JOBS"; + then + ../meson/meson.py configure . -Dbackend_max_links="$LD_JOBS" ; + fi || exit 1; + - make -j"$JOBS" + - if test -n "$MAKE_CHECK_ARGS"; + then + make -j"$JOBS" $MAKE_CHECK_ARGS ; + fi + +.native_test_job_template: + stage: test + image: $CI_REGISTRY_IMAGE/qemu/$IMAGE:latest + script: + - scripts/git-submodule.sh update + $(sed -n '/GIT_SUBMODULES=/ s/.*=// p' build/config-host.mak) + - cd build + - find . -type f -exec touch {} + + # Avoid recompiling by hiding ninja with NINJA=":" + - make NINJA=":" $MAKE_CHECK_ARGS + +.acceptance_test_job_template: + extends: .native_test_job_template + cache: + key: "${CI_JOB_NAME}-cache" + paths: + - ${CI_PROJECT_DIR}/avocado-cache + policy: pull-push + artifacts: + name: "$CI_JOB_NAME-$CI_COMMIT_REF_SLUG" + when: on_failure + expire_in: 7 days + paths: + - build/tests/results/latest/results.xml + - build/tests/results/latest/test-results + reports: + junit: build/tests/results/latest/results.xml + before_script: + - mkdir -p ~/.config/avocado + - echo "[datadir.paths]" > ~/.config/avocado/avocado.conf + - echo "cache_dirs = ['${CI_PROJECT_DIR}/avocado-cache']" + >> ~/.config/avocado/avocado.conf + - echo -e '[job.output.testlogs]\nstatuses = ["FAIL", "INTERRUPT"]' + >> ~/.config/avocado/avocado.conf + - if [ -d ${CI_PROJECT_DIR}/avocado-cache ]; then + du -chs ${CI_PROJECT_DIR}/avocado-cache ; + fi + - export AVOCADO_ALLOW_UNTRUSTED_CODE=1 + after_script: + - cd build + - du -chs ${CI_PROJECT_DIR}/avocado-cache + rules: + # Only run these jobs if running on the mainstream namespace, + # or if the user set the QEMU_CI_AVOCADO_TESTING variable (either + # in its namespace setting or via git-push option, see documentation + # in /.gitlab-ci.yml of this repository). + - if: '$CI_PROJECT_NAMESPACE == "qemu-project"' + when: on_success + - if: '$QEMU_CI_AVOCADO_TESTING' + when: on_success + # Otherwise, set to manual (the jobs are created but not run). + - when: manual + allow_failure: true diff --git a/.gitlab-ci.d/buildtest.yml b/.gitlab-ci.d/buildtest.yml new file mode 100644 index 0000000000..903ee65f32 --- /dev/null +++ b/.gitlab-ci.d/buildtest.yml @@ -0,0 +1,724 @@ +include: + - local: '/.gitlab-ci.d/buildtest-template.yml' + +build-system-alpine: + extends: .native_build_job_template + needs: + - job: amd64-alpine-container + variables: + IMAGE: alpine + TARGETS: aarch64-softmmu alpha-softmmu cris-softmmu hppa-softmmu + microblazeel-softmmu mips64el-softmmu + MAKE_CHECK_ARGS: check-build + CONFIGURE_ARGS: --enable-docs --enable-trace-backends=log,simple,syslog + artifacts: + expire_in: 2 days + paths: + - .git-submodule-status + - build + +check-system-alpine: + extends: .native_test_job_template + needs: + - job: build-system-alpine + artifacts: true + variables: + IMAGE: alpine + MAKE_CHECK_ARGS: check + +acceptance-system-alpine: + extends: .acceptance_test_job_template + needs: + - job: build-system-alpine + artifacts: true + variables: From xen-changelog-bounces@lists.xenproject.org Tue Aug 31 11:11:08 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 31 Aug 2021 11:11:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.175629.319871 (Exim 4.92) (envelope-from ) id 1mL1fW-0005d9-Gr; Tue, 31 Aug 2021 11:11:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 175629.319871; Tue, 31 Aug 2021 11:11:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mL1fW-0005cz-Dp; Tue, 31 Aug 2021 11:11:06 +0000 Received: by outflank-mailman (input) for mailman id 175629; Tue, 31 Aug 2021 11:11:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mL1fU-0005ct-Rm for xen-changelog@lists.xenproject.org; Tue, 31 Aug 2021 11:11:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mL1fU-0004Au-Oo for xen-changelog@lists.xenproject.org; Tue, 31 Aug 2021 11:11:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mL1fU-0002bB-Nc for xen-changelog@lists.xenproject.org; Tue, 31 Aug 2021 11:11:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rlsIp7ubI59urezZbG3qJspUN18jLtOiyYDY7oWEhXc=; b=TBbvPe3S167eg9q/XE8CiJRNdh VBdCyhmZPQxpmmE88b0CWsu2EFMEvxF6au4U2p/JqxP3K2Td2PHcOKp25T3XF1aK3rWBmjBi+gfW9 oJ62eaI8X3PTvAyQyItXzCC/ORLxmgFyuzBqOpyu4WVDFwrpAZ0LetisFJSLtzIw1alE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [qemu-xen staging] main loop: Big hammer to fix logfile disk DoS in Xen setups Message-Id: Date: Tue, 31 Aug 2021 11:11:04 +0000 commit b6e539830bf45e2d7a6bd86ddfdf003088b173b0 Author: Ian Jackson AuthorDate: Thu May 26 16:21:56 2016 +0100 Commit: Anthony PERARD CommitDate: Tue Aug 31 11:49:40 2021 +0100 main loop: Big hammer to fix logfile disk DoS in Xen setups Each time round the main loop, we now fstat stderr. If it is too big, we dup2 /dev/null onto it. This is not a very pretty patch but it is very simple, easy to see that it's correct, and has a low risk of collateral damage. There is no limit by default but can be adjusted by setting a new environment variable. This fixes CVE-2014-3672. Signed-off-by: Ian Jackson Tested-by: Ian Jackson Set the default to 0 so that it won't affect non-xen installation. The limit will be set by Xen toolstack. Signed-off-by: Wei Liu Acked-by: Ian Jackson Acked-by: Anthony PERARD (cherry picked from commit 44a072f0de0d57c95c2212bbce02888832b7b74f) (cherry picked from commit 269381bb635692856aa8789a3f322e543e0c648d) --- util/main-loop.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/util/main-loop.c b/util/main-loop.c index 06b18b195c..f7c29bc2a1 100644 --- a/util/main-loop.c +++ b/util/main-loop.c @@ -184,6 +184,50 @@ int qemu_init_main_loop(Error **errp) return 0; } +static void check_cve_2014_3672_xen(void) +{ + static unsigned long limit = ~0UL; + const int fd = 2; + struct stat stab; + + if (limit == ~0UL) { + const char *s = getenv("XEN_QEMU_CONSOLE_LIMIT"); + /* XEN_QEMU_CONSOLE_LIMIT=0 means no limit */ + limit = s ? strtoul(s,0,0) : 0; + } + if (limit == 0) + return; + + int r = fstat(fd, &stab); + if (r) { + perror("fstat stderr (for CVE-2014-3672 check)"); + exit(-1); + } + if (!S_ISREG(stab.st_mode)) + return; + if (stab.st_size <= limit) + return; + + /* oh dear */ + fprintf(stderr,"\r\n" + "Closing stderr due to CVE-2014-3672 limit. " + " Set XEN_QEMU_CONSOLE_LIMIT to number of bytes to override," + " or 0 for no limit.\n"); + fflush(stderr); + + int nfd = open("/dev/null", O_WRONLY); + if (nfd < 0) { + perror("open /dev/null (for CVE-2014-3672 check)"); + exit(-1); + } + r = dup2(nfd, fd); + if (r != fd) { + perror("dup2 /dev/null (for CVE-2014-3672 check)"); + exit(-1); + } + close(nfd); +} + static int max_priority; #ifndef _WIN32 @@ -242,6 +286,8 @@ static int os_host_main_loop_wait(int64_t timeout) g_main_context_acquire(context); + check_cve_2014_3672_xen(); + glib_pollfds_fill(&timeout); qemu_mutex_unlock_iothread(); @@ -414,6 +460,8 @@ static int os_host_main_loop_wait(int64_t timeout) g_main_context_acquire(context); + check_cve_2014_3672_xen(); + /* XXX: need to suppress polling by better using win32 events */ ret = 0; for (pe = first_polling_entry; pe != NULL; pe = pe->next) { -- generated by git-patchbot for /home/xen/git/qemu-xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Aug 31 15:55:16 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 31 Aug 2021 15:55:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.175882.320252 (Exim 4.92) (envelope-from ) id 1mL66O-0005Kq-NE; Tue, 31 Aug 2021 15:55:08 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 175882.320252; Tue, 31 Aug 2021 15:55:08 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mL66O-0005Kj-K2; Tue, 31 Aug 2021 15:55:08 +0000 Received: by outflank-mailman (input) for mailman id 175882; Tue, 31 Aug 2021 15:55:06 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mL66M-0005Kd-C8 for xen-changelog@lists.xenproject.org; Tue, 31 Aug 2021 15:55:06 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mL66L-0000xT-NG for xen-changelog@lists.xenproject.org; Tue, 31 Aug 2021 15:55:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mL66L-0007Rp-M3 for xen-changelog@lists.xenproject.org; Tue, 31 Aug 2021 15:55:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=BXHge4NNYrA3iNDppfpYu/Wh3BXP7Sebn7QYdHzlmwk=; b=Ca6fisO7MiG6J4GINWB7eD3q5n Ohn+U0KMC1zYhmzFM1tlUCANnGR/WZEUBTPXCVYI11kKNd2rnVscnUGCBCl2i1KegCocVKtzg+MyE 2ccOdj9T9cRbn71Rfy5BGMSKwTDnSn4+W8hC5FciIvbviOFTAxfUkRm8Z9c+UsKy9suE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/EPT: drop "tm" field of EPT entry Message-Id: Date: Tue, 31 Aug 2021 15:55:05 +0000 commit 305c2c3abf8228989f7a6f6d8e698ca088c8dc42 Author: Jan Beulich AuthorDate: Tue Aug 31 17:42:28 2021 +0200 Commit: Jan Beulich CommitDate: Tue Aug 31 17:42:28 2021 +0200 x86/EPT: drop "tm" field of EPT entry VT-d spec 3.2 converted this bit (back) to reserved. Since there's no use of it anywhere in the tree, simply rename it and adjust its comment. Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian --- xen/include/asm-x86/hvm/vmx/vmx.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/xen/include/asm-x86/hvm/vmx/vmx.h b/xen/include/asm-x86/hvm/vmx/vmx.h index 0deb507490..85530d2e0e 100644 --- a/xen/include/asm-x86/hvm/vmx/vmx.h +++ b/xen/include/asm-x86/hvm/vmx/vmx.h @@ -46,8 +46,7 @@ typedef union { mfn : 40, /* bits 51:12 - Machine physical frame number */ sa_p2mt : 6, /* bits 57:52 - Software available 2 */ access : 4, /* bits 61:58 - p2m_access_t */ - tm : 1, /* bit 62 - VT-d transient-mapping hint in - shared EPT/VT-d usage */ + _rsvd : 1, /* bit 62 - reserved */ suppress_ve : 1; /* bit 63 - suppress #VE */ }; u64 epte; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Aug 31 15:55:17 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 31 Aug 2021 15:55:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.175883.320256 (Exim 4.92) (envelope-from ) id 1mL66X-0005MS-Oh; Tue, 31 Aug 2021 15:55:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 175883.320256; Tue, 31 Aug 2021 15:55:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mL66X-0005MK-Lf; Tue, 31 Aug 2021 15:55:17 +0000 Received: by outflank-mailman (input) for mailman id 175883; Tue, 31 Aug 2021 15:55:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mL66V-0005M2-Rh for xen-changelog@lists.xenproject.org; Tue, 31 Aug 2021 15:55:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mL66V-0000xa-Qs for xen-changelog@lists.xenproject.org; Tue, 31 Aug 2021 15:55:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mL66V-0007Su-Pn for xen-changelog@lists.xenproject.org; Tue, 31 Aug 2021 15:55:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=SsCs1Jn22WiQ1to8MDzeQj8SqKck9fR+8atsVkzxzzE=; b=NGrtRrbunGogLGI4K3jxAeWtZ8 /p0Wo8iGXRIjN4YWvMnE2vuRTrXKKWN/NK2o7FlKABPF1fG5ZAKX8ldnQLgdVWTAtLnIwwSLHaUoF STLFU9iCEmr1o3AXqtLArM4GD1y/0s3JBxtQL3mg3JxN8R/X3gkVhmXfZMISO8a2mP2k=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/PVH: de-duplicate mappings for first Mb of Dom0 memory Message-Id: Date: Tue, 31 Aug 2021 15:55:15 +0000 commit 6b4f6a31ace125d658a581e8d10809e4fccdc272 Author: Jan Beulich AuthorDate: Tue Aug 31 17:43:36 2021 +0200 Commit: Jan Beulich CommitDate: Tue Aug 31 17:43:36 2021 +0200 x86/PVH: de-duplicate mappings for first Mb of Dom0 memory One of the changes comprising the fixes for XSA-378 disallows replacing MMIO mappings by code paths not intended for this purpose. This means we need to be more careful about the mappings put in place in this range - mappings should be created exactly once: - iommu_hwdom_init() comes first; it should avoid the first Mb, - pvh_populate_p2m() should insert identity mappings only into ranges not populated as RAM, - pvh_setup_acpi() should again avoid the first Mb, which was already dealt with at that point. Fixes: 753cb68e6530 ("x86/p2m: guard (in particular) identity mapping entries") Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- xen/arch/x86/hvm/dom0_build.c | 39 ++++++++++++++++++++++++++----------- xen/drivers/passthrough/x86/iommu.c | 8 +++++++- 2 files changed, 35 insertions(+), 12 deletions(-) diff --git a/xen/arch/x86/hvm/dom0_build.c b/xen/arch/x86/hvm/dom0_build.c index c24b9efdb0..43e1bf1248 100644 --- a/xen/arch/x86/hvm/dom0_build.c +++ b/xen/arch/x86/hvm/dom0_build.c @@ -430,17 +430,6 @@ static int __init pvh_populate_p2m(struct domain *d) int rc; #define MB1_PAGES PFN_DOWN(MB(1)) - /* - * Memory below 1MB is identity mapped initially. RAM regions are - * populated and copied below, replacing the respective mappings. - */ - rc = modify_identity_mmio(d, 0, MB1_PAGES, true); - if ( rc ) - { - printk("Failed to identity map low 1MB: %d\n", rc); - return rc; - } - /* Populate memory map. */ for ( i = 0; i < d->arch.nr_e820; i++ ) { @@ -472,6 +461,23 @@ static int __init pvh_populate_p2m(struct domain *d) } } + /* Non-RAM regions of space below 1MB get identity mapped. */ + for ( i = rc = 0; i < MB1_PAGES; ++i ) + { + p2m_type_t p2mt; + + if ( mfn_eq(get_gfn_query(d, i, &p2mt), INVALID_MFN) ) + rc = set_mmio_p2m_entry(d, _gfn(i), _mfn(i), PAGE_ORDER_4K); + else + ASSERT(p2mt == p2m_ram_rw); + put_gfn(d, i); + if ( rc ) + { + printk("Failed to identity map PFN %x: %d\n", i, rc); + return rc; + } + } + if ( cpu_has_vmx && paging_mode_hap(d) && !vmx_unrestricted_guest(v) ) { /* @@ -1095,6 +1101,17 @@ static int __init pvh_setup_acpi(struct domain *d, paddr_t start_info) nr_pages = PFN_UP((d->arch.e820[i].addr & ~PAGE_MASK) + d->arch.e820[i].size); + /* Memory below 1MB has been dealt with by pvh_populate_p2m(). */ + if ( pfn < PFN_DOWN(MB(1)) ) + { + if ( pfn + nr_pages <= PFN_DOWN(MB(1)) ) + continue; + + /* This shouldn't happen, but is easy to deal with. */ + nr_pages -= PFN_DOWN(MB(1)) - pfn; + pfn = PFN_DOWN(MB(1)); + } + rc = modify_identity_mmio(d, pfn, nr_pages, true); if ( rc ) { diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index 65ed4a7f9f..01dbd9b098 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -337,7 +337,13 @@ void __hwdom_init arch_iommu_hwdom_init(struct domain *d) max_pfn = (GB(4) >> PAGE_SHIFT) - 1; top = max(max_pdx, pfn_to_pdx(max_pfn) + 1); - for ( i = 0; i < top; i++ ) + /* + * First Mb will get mapped in one go by pvh_populate_p2m(). Avoid + * setting up potentially conflicting mappings here. + */ + i = paging_mode_translate(d) ? PFN_DOWN(MB(1)) : 0; + + for ( ; i < top; i++ ) { unsigned long pfn = pdx_to_pfn(i); int rc; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Aug 31 16:55:10 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 31 Aug 2021 16:55:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.175891.320271 (Exim 4.92) (envelope-from ) id 1mL72O-0004Bc-AD; Tue, 31 Aug 2021 16:55:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 175891.320271; Tue, 31 Aug 2021 16:55:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mL72O-0004BU-7M; Tue, 31 Aug 2021 16:55:04 +0000 Received: by outflank-mailman (input) for mailman id 175891; Tue, 31 Aug 2021 16:55:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mL72M-0004BO-T7 for xen-changelog@lists.xenproject.org; Tue, 31 Aug 2021 16:55:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mL72M-0002SO-MG for xen-changelog@lists.xenproject.org; Tue, 31 Aug 2021 16:55:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mL72M-0008JZ-Kb for xen-changelog@lists.xenproject.org; Tue, 31 Aug 2021 16:55:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=5pLvQDUxFhVIhhgdaa5h31V7fiq5KAuA+eFeNbfQQFM=; b=uGg2vdW6u3R1WEDJRrXZU/Uq59 GOlucl+vV0FeGXmYzXPAzV+Ln+uEFaHEB5A5QfaMljXnPDciE2lf2GfCNaNYdvfDsgl1qVqt7pVyL aq1eyeBKGqaWu452urR33XomgiNgdnJfNig+8QXZab9qPTsMpuP6onn0IGALoMXa91+A=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [mini-os master] mini-os: make config handling more generic Message-Id: Date: Tue, 31 Aug 2021 16:55:02 +0000 commit 297348018f8224d1beeaa82c529e8f8b1046eb77 Author: Juergen Gross AuthorDate: Tue Aug 17 11:54:58 2021 +0200 Commit: Wei Liu CommitDate: Tue Aug 31 15:56:30 2021 +0000 mini-os: make config handling more generic When adding a new CONFIG_ variable this needs to be done in multiple places. Change the handling to be more generic. This at once fixes a bug with CONFIG_XC which was not defined for the C preprocessor (it seems that this never resulted in any real issues, though). Signed-off-by: Juergen Gross Reviewed-by: Samuel Thibault --- Config.mk | 66 +++++++++++++++++++++++++++------------------------------------ 1 file changed, 28 insertions(+), 38 deletions(-) diff --git a/Config.mk b/Config.mk index cb823c2..15311ef 100644 --- a/Config.mk +++ b/Config.mk @@ -171,49 +171,39 @@ endif # CONFIG_ variables. # Configuration defaults +CONFIG-y += CONFIG_START_NETWORK +CONFIG-y += CONFIG_SPARSE_BSS +CONFIG-y += CONFIG_BLKFRONT +CONFIG-y += CONFIG_NETFRONT +CONFIG-y += CONFIG_FBFRONT +CONFIG-y += CONFIG_KBDFRONT +CONFIG-y += CONFIG_CONSFRONT +CONFIG-y += CONFIG_XENBUS +CONFIG-y += CONFIG_XC +CONFIG-n += CONFIG_QEMU_XS_ARGS +CONFIG-n += CONFIG_TEST +CONFIG-n += CONFIG_PCIFRONT +CONFIG-n += CONFIG_TPMFRONT +CONFIG-n += CONFIG_TPM_TIS +CONFIG-n += CONFIG_TPMBACK +CONFIG-n += CONFIG_BALLOON +# Setting CONFIG_USE_XEN_CONSOLE copies all print output to the Xen emergency +# console apart of standard dom0 handled console. +CONFIG-n += CONFIG_USE_XEN_CONSOLE ifeq ($(TARGET_ARCH_FAM),x86) -CONFIG_PARAVIRT ?= y +CONFIG-y += CONFIG_PARAVIRT else -CONFIG_PARAVIRT ?= n +CONFIG-n += CONFIG_PARAVIRT endif -CONFIG_START_NETWORK ?= y -CONFIG_SPARSE_BSS ?= y -CONFIG_QEMU_XS_ARGS ?= n -CONFIG_TEST ?= n -CONFIG_PCIFRONT ?= n -CONFIG_BLKFRONT ?= y -CONFIG_TPMFRONT ?= n -CONFIG_TPM_TIS ?= n -CONFIG_TPMBACK ?= n -CONFIG_NETFRONT ?= y -CONFIG_FBFRONT ?= y -CONFIG_KBDFRONT ?= y -CONFIG_CONSFRONT ?= y -CONFIG_XENBUS ?= y -CONFIG_XC ?=y -CONFIG_LWIP ?= $(lwip) -CONFIG_BALLOON ?= n -# Setting CONFIG_USE_XEN_CONSOLE copies all print output to the Xen emergency -# console apart of standard dom0 handled console. -CONFIG_USE_XEN_CONSOLE ?= n +CONFIG-$(lwip) += CONFIG_LWIP + +$(foreach i,$(CONFIG-y),$(eval $(i) ?= y)) +$(foreach i,$(CONFIG-n),$(eval $(i) ?= n)) + +CONFIG-all := $(CONFIG-y) $(CONFIG-n) # Export config items as compiler directives -DEFINES-$(CONFIG_PARAVIRT) += -DCONFIG_PARAVIRT -DEFINES-$(CONFIG_START_NETWORK) += -DCONFIG_START_NETWORK -DEFINES-$(CONFIG_SPARSE_BSS) += -DCONFIG_SPARSE_BSS -DEFINES-$(CONFIG_QEMU_XS_ARGS) += -DCONFIG_QEMU_XS_ARGS -DEFINES-$(CONFIG_PCIFRONT) += -DCONFIG_PCIFRONT -DEFINES-$(CONFIG_BLKFRONT) += -DCONFIG_BLKFRONT -DEFINES-$(CONFIG_TPMFRONT) += -DCONFIG_TPMFRONT -DEFINES-$(CONFIG_TPM_TIS) += -DCONFIG_TPM_TIS -DEFINES-$(CONFIG_TPMBACK) += -DCONFIG_TPMBACK -DEFINES-$(CONFIG_NETFRONT) += -DCONFIG_NETFRONT -DEFINES-$(CONFIG_KBDFRONT) += -DCONFIG_KBDFRONT -DEFINES-$(CONFIG_FBFRONT) += -DCONFIG_FBFRONT -DEFINES-$(CONFIG_CONSFRONT) += -DCONFIG_CONSFRONT -DEFINES-$(CONFIG_XENBUS) += -DCONFIG_XENBUS -DEFINES-$(CONFIG_BALLOON) += -DCONFIG_BALLOON -DEFINES-$(CONFIG_USE_XEN_CONSOLE) += -DCONFIG_USE_XEN_CONSOLE +$(foreach i,$(CONFIG-all),$(eval DEFINES-$($(i)) += -D$(i))) DEFINES-y += -D__XEN_INTERFACE_VERSION__=$(XEN_INTERFACE_VERSION) -- generated by git-patchbot for /home/xen/git/mini-os.git#master From xen-changelog-bounces@lists.xenproject.org Tue Aug 31 16:55:13 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 31 Aug 2021 16:55:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.175892.320275 (Exim 4.92) (envelope-from ) id 1mL72X-0004DH-Bk; Tue, 31 Aug 2021 16:55:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 175892.320275; Tue, 31 Aug 2021 16:55:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mL72X-0004D9-8q; Tue, 31 Aug 2021 16:55:13 +0000 Received: by outflank-mailman (input) for mailman id 175892; Tue, 31 Aug 2021 16:55:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mL72W-0004D3-Qj for xen-changelog@lists.xenproject.org; Tue, 31 Aug 2021 16:55:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mL72W-0002UA-Pn for xen-changelog@lists.xenproject.org; Tue, 31 Aug 2021 16:55:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mL72W-0008UA-On for xen-changelog@lists.xenproject.org; Tue, 31 Aug 2021 16:55:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=T+8k3oKnMYvXeib3DXXIbe/x2TYyiSAEA4MINOSASeQ=; b=BYYyOwJfHpZNOYq4lrOuSwVDxi D9VMbvzNFfg+m216E8m3mafPUDq8ftFJtFFTjTW5tKDfvkIvCrxxgJXaJro9iks8i5V2p5xGcD3c9 ArUk1W4pbUQ1iYu3Bp7v448HvVPF+jUlhAluX0RtW8vod5ujCZQM8IYyWW93uAoVAa90=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [mini-os master] mini-os: move test functions under CONFIG_TEST Message-Id: Date: Tue, 31 Aug 2021 16:55:12 +0000 commit 0a2dd2d159111064227bf9cfbadae22069609ab0 Author: Juergen Gross AuthorDate: Tue Aug 17 11:54:59 2021 +0200 Commit: Wei Liu CommitDate: Tue Aug 31 15:56:30 2021 +0000 mini-os: move test functions under CONFIG_TEST There is no need to have the xenbus test support functions always included in Mini-OS. Move them inside #ifdef CONFIG_TEST. Signed-off-by: Juergen Gross Reviewed-by: Samuel Thibault --- xenbus/xenbus.c | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/xenbus/xenbus.c b/xenbus/xenbus.c index 9e61930..23de61e 100644 --- a/xenbus/xenbus.c +++ b/xenbus/xenbus.c @@ -549,21 +549,6 @@ static char *errmsg(struct xsd_sockmsg *rep) return res; } -/* Send a debug message to xenbus. Can block. */ -static void xenbus_debug_msg(const char *msg) -{ - int len = strlen(msg); - struct write_req req[] = { - { "print", sizeof("print") }, - { msg, len }, - { "", 1 }}; - struct xsd_sockmsg *reply; - - reply = xenbus_msg_reply(XS_DEBUG, 0, req, ARRAY_SIZE(req)); - printk("Got a reply, type %d, id %d, len %d.\n", - reply->type, reply->req_id, reply->len); -} - /* List the contents of a directory. Returns a malloc()ed array of pointers to malloc()ed strings. The array is NULL terminated. May block. */ @@ -858,6 +843,22 @@ domid_t xenbus_get_self_id(void) return ret; } +#ifdef CONFIG_TEST +/* Send a debug message to xenbus. Can block. */ +static void xenbus_debug_msg(const char *msg) +{ + int len = strlen(msg); + struct write_req req[] = { + { "print", sizeof("print") }, + { msg, len }, + { "", 1 }}; + struct xsd_sockmsg *reply; + + reply = xenbus_msg_reply(XS_DEBUG, 0, req, ARRAY_SIZE(req)); + printk("Got a reply, type %d, id %d, len %d.\n", + reply->type, reply->req_id, reply->len); +} + static void do_ls_test(const char *pre) { char **dirs, *msg; @@ -944,6 +945,7 @@ void test_xenbus(void) do_read_test("device/vif/0/flibble"); printk("(Should have said ENOENT)\n"); } +#endif /* CONFIG_TEST */ /* * Local variables: -- generated by git-patchbot for /home/xen/git/mini-os.git#master From xen-changelog-bounces@lists.xenproject.org Tue Aug 31 16:55:24 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 31 Aug 2021 16:55:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.175893.320279 (Exim 4.92) (envelope-from ) id 1mL72h-0004Fs-DV; Tue, 31 Aug 2021 16:55:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 175893.320279; Tue, 31 Aug 2021 16:55:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mL72h-0004Fg-AK; Tue, 31 Aug 2021 16:55:23 +0000 Received: by outflank-mailman (input) for mailman id 175893; Tue, 31 Aug 2021 16:55:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mL72h-0004FY-1n for xen-changelog@lists.xenproject.org; Tue, 31 Aug 2021 16:55:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mL72h-0002US-0x for xen-changelog@lists.xenproject.org; Tue, 31 Aug 2021 16:55:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mL72g-0000Ho-Uy for xen-changelog@lists.xenproject.org; Tue, 31 Aug 2021 16:55:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Xaa6ds8dvDtAS6KOpk8DoQ+PTKpLS97RlLFqptNNhe8=; b=uYPsUs6+qe7ui1lUB7ErYioSgB 1ZI2evmhHNLoyXUd9EdaReR1na4vltL0ovSDm4IECVmUSLT2qufih7+kkfHIXRzOG8sLndngAnyR/ 4sRUoFmizQr6r0RknG3Kr6tRMbpNVdM1d/OuB0SYE5HIdWjp6qgq8l41+QTp4XhV/tBM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [mini-os master] mini-os: netfront: fix initialization without ip address in xenstore Message-Id: Date: Tue, 31 Aug 2021 16:55:22 +0000 commit 406592b5e0c593e7e690baae50a70e0e75fea645 Author: Juergen Gross AuthorDate: Thu Aug 19 07:30:56 2021 +0200 Commit: Wei Liu CommitDate: Tue Aug 31 15:57:40 2021 +0000 mini-os: netfront: fix initialization without ip address in xenstore Commit 4821876fcd2ff ("mini-os: netfront: fix suspend/resume handling") introduced a NULL pointer dereference in the initialization of netfront in the case of no IP address being set in Xenstore. Fix that by testing this condition. At the same time fix a long standing bug for the same condition if someone used init_netfront() with a non-NULL ip parameter. Fixes: 4821876fcd2ff ("mini-os: netfront: fix suspend/resume handling") Signed-off-by: Juergen Gross Reviewed-by: Samuel Thibault --- netfront.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/netfront.c b/netfront.c index f927e99..dfe065b 100644 --- a/netfront.c +++ b/netfront.c @@ -365,7 +365,7 @@ out: rawmac[5] = dev->rawmac[5]; } if (ip) - *ip = strdup(dev->ip); + *ip = dev->ip ? strdup(dev->ip) : NULL; err: return dev; @@ -527,7 +527,7 @@ done: snprintf(path, sizeof(path), "%s/ip", dev->backend); xenbus_read(XBT_NIL, path, &dev->ip); - p = strchr(dev->ip, ' '); + p = dev->ip ? strchr(dev->ip, ' ') : NULL; if (p) { *p++ = '\0'; dev->mask = p; -- generated by git-patchbot for /home/xen/git/mini-os.git#master From xen-changelog-bounces@lists.xenproject.org Tue Aug 31 16:55:34 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 31 Aug 2021 16:55:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.175894.320283 (Exim 4.92) (envelope-from ) id 1mL72s-0004Jh-Ek; Tue, 31 Aug 2021 16:55:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 175894.320283; Tue, 31 Aug 2021 16:55:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mL72s-0004JY-Bn; Tue, 31 Aug 2021 16:55:34 +0000 Received: by outflank-mailman (input) for mailman id 175894; Tue, 31 Aug 2021 16:55:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mL72r-0004JA-7N for xen-changelog@lists.xenproject.org; Tue, 31 Aug 2021 16:55:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mL72r-0002Uh-6h for xen-changelog@lists.xenproject.org; Tue, 31 Aug 2021 16:55:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mL72r-0000eY-5g for xen-changelog@lists.xenproject.org; Tue, 31 Aug 2021 16:55:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=dXk0fymf/jL2aB5xM5JgfpSjyJW1xvVRQWCLB2Y+eRc=; b=w3EQrq2ue+1EWkEa7CbYKSpoCh b/XrGxj7r1YJn8AjxFI0Ps/77phijqS8Lo29Qpyeg/W4Kv50qnpmqT56ythkpWZaMFtQmkCf4FYXn VcXp0eeWJxbhVp2ok46GrdE1Z10sMtuHQFZ3aFfUiG9HIjPkc08YT88V7uavCv2W5NxY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [mini-os master] gnttab: drop GNTMAP_can_fail Message-Id: Date: Tue, 31 Aug 2021 16:55:33 +0000 commit 9f09744aa3e5982a083ecf8e9cd2123f477081f9 Author: Jan Beulich AuthorDate: Thu Aug 26 12:20:26 2021 +0200 Commit: Wei Liu CommitDate: Tue Aug 31 15:59:08 2021 +0000 gnttab: drop GNTMAP_can_fail There's neither documentation of what this flag is supposed to mean, nor any implementation in the hypervisor. Signed-off-by: Jan Beulich --- include/xen/grant_table.h | 3 --- 1 file changed, 3 deletions(-) diff --git a/include/xen/grant_table.h b/include/xen/grant_table.h index 018036e..2e9ebc6 100644 --- a/include/xen/grant_table.h +++ b/include/xen/grant_table.h @@ -627,9 +627,6 @@ DEFINE_XEN_GUEST_HANDLE(gnttab_cache_flush_t); #define _GNTMAP_contains_pte (4) #define GNTMAP_contains_pte (1<<_GNTMAP_contains_pte) -#define _GNTMAP_can_fail (5) -#define GNTMAP_can_fail (1<<_GNTMAP_can_fail) - /* * Bits to be placed in guest kernel available PTE bits (architecture * dependent; only supported when XENFEAT_gnttab_map_avail_bits is set). -- generated by git-patchbot for /home/xen/git/mini-os.git#master From xen-changelog-bounces@lists.xenproject.org Tue Aug 31 17:22:09 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 31 Aug 2021 17:22:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.175910.320309 (Exim 4.92) (envelope-from ) id 1mL7SX-0000Cv-Vf; Tue, 31 Aug 2021 17:22:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 175910.320309; Tue, 31 Aug 2021 17:22:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mL7SX-0000Cn-Sj; Tue, 31 Aug 2021 17:22:05 +0000 Received: by outflank-mailman (input) for mailman id 175910; Tue, 31 Aug 2021 17:22:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mL7SW-0000Ch-VK for xen-changelog@lists.xenproject.org; Tue, 31 Aug 2021 17:22:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mL7SW-0002xI-TS for xen-changelog@lists.xenproject.org; Tue, 31 Aug 2021 17:22:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mL7SW-0003MU-S9 for xen-changelog@lists.xenproject.org; Tue, 31 Aug 2021 17:22:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Eyxq0LztrfgsWwPmwddKGP56wmuiwby4z9Rpr63uFVY=; b=ba0utBtNZR1TWUneJLJAXWla81 gV4urquP7NldI51L2p+xXnN90BdaYfbszsePdYSMGA8ZHofxhmMaVjiuzhZsJnilvXbaDwVEEjx/h zp4eFHLlzsyCtW1tiudfyDUCycW5bDHAQG+wYM7fE0xlPfGuc4Ts8oVTPba+45MsDzzQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] libs/light: fix tv_sec fprintf format Message-Id: Date: Tue, 31 Aug 2021 17:22:04 +0000 commit 96607a8e680e7f965ca868d11f8b0636317d2618 Author: Fabrice Fontaine AuthorDate: Sat Aug 28 11:07:09 2021 +0200 Commit: Ian Jackson CommitDate: Tue Aug 31 18:13:47 2021 +0100 libs/light: fix tv_sec fprintf format Don't assume tv_sec is a unsigned long, it is 64 bits on NetBSD 32 bits. Use %jd and cast to (intmax_t) instead Signed-off-by: Fabrice Fontaine Acked-by: Ian Jackson --- tools/libs/light/libxl_domain.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/libs/light/libxl_domain.c b/tools/libs/light/libxl_domain.c index c00c36c928..51a6127552 100644 --- a/tools/libs/light/libxl_domain.c +++ b/tools/libs/light/libxl_domain.c @@ -1444,7 +1444,7 @@ static int libxl__mark_domid_recent(libxl__gc *gc, uint32_t domid) } } - r = fprintf(nf, "%lu %u\n", ctxt.ts.tv_sec, domid); + r = fprintf(nf, "%jd %u\n", (intmax_t)ctxt.ts.tv_sec, domid); if (r < 0) { LOGED(ERROR, domid, "failed to write to '%s'", new); goto out; -- generated by git-patchbot for /home/xen/git/xen.git#staging