From xen-changelog-bounces@lists.xenproject.org Wed Sep 01 13:27:13 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 01 Sep 2021 13:27:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.176412.321013 (Exim 4.92) (envelope-from ) id 1mLQGh-00079n-NA; Wed, 01 Sep 2021 13:27:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 176412.321013; Wed, 01 Sep 2021 13:27:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLQGh-00079g-JN; Wed, 01 Sep 2021 13:27:07 +0000 Received: by outflank-mailman (input) for mailman id 176412; Wed, 01 Sep 2021 13:27:06 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLQGg-00079a-Mk for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 13:27:06 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLQGg-0002nv-Lg for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 13:27:06 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mLQGg-0000fy-KO for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 13:27:06 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=meYEz09SnmE8Kv5wO1A0jXzQEgXkDu2JGb4MU+7YaJs=; b=pTS8/7Y/QaeEk6W30YIv5mWI2g HlxGNwOJ1+7AQ5a70r141UrG0QzrYM688ISxsooWM+2rs7yLwFAZl/2KumdNwgOMSUnqCmj0VhRKE 07j/kYnzlVa1Hkn+JPH7NdTGczWJdYfZDhiszM3psuFs2NaOyW4CWquYLd1J8CNrurOo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [qemu-xen master] Merge tag 'v6.1.0' into 'staging' Message-Id: Date: Wed, 01 Sep 2021 13:27:06 +0000 === This changeset includes merge from high-traffic branch === Commits on that branch are not reported individually. commit 0e95e1df345bce95ac4d6b15c6ed1bf07659fac1 Merge: f9baca549e44791be0dd98de15add3d8452a8af0 136c34c9bc4179dc64b15b2bb5f0c54ca4ddf823 Author: Anthony PERARD AuthorDate: Tue Aug 31 11:48:55 2021 +0100 Commit: Anthony PERARD CommitDate: Tue Aug 31 11:48:55 2021 +0100 Merge tag 'v6.1.0' into 'staging' .cirrus.yml | 59 +- .github/lockdown.yml | 6 +- .gitignore | 2 + .gitlab-ci.d/buildtest-template.yml | 81 + .gitlab-ci.d/buildtest.yml | 724 + .gitlab-ci.d/cirrus.yml | 87 + .gitlab-ci.d/cirrus/README.rst | 54 + .gitlab-ci.d/cirrus/build.yml | 35 + .gitlab-ci.d/cirrus/freebsd-12.vars | 13 + .gitlab-ci.d/cirrus/freebsd-13.vars | 13 + .gitlab-ci.d/cirrus/macos-11.vars | 15 + .gitlab-ci.d/container-core.yml | 17 + .gitlab-ci.d/container-cross.yml | 192 + .gitlab-ci.d/container-template.yml | 21 + .gitlab-ci.d/containers.yml | 236 +- .gitlab-ci.d/crossbuild-template.yml | 47 + .gitlab-ci.d/crossbuilds.yml | 76 +- .gitlab-ci.d/custom-runners.yml | 238 + .gitlab-ci.d/edk2.yml | 29 +- .gitlab-ci.d/opensbi.yml | 30 +- .gitlab-ci.d/qemu-project.yml | 13 + .gitlab-ci.d/stages.yml | 8 + .gitlab-ci.d/static_checks.yml | 49 + .gitlab-ci.yml | 853 +- .gitlab/issue_templates/bug.md | 64 + .gitlab/issue_templates/feature_request.md | 32 + .mailmap | 5 + .patchew.yml | 9 +- .travis.yml | 12 +- Kconfig | 1 + MAINTAINERS | 294 +- Makefile | 14 +- README.rst | 6 +- VERSION | 2 +- accel/Kconfig | 3 + accel/accel-common.c | 34 +- accel/accel-softmmu.c | 2 +- accel/hvf/hvf-accel-ops.c | 471 + accel/hvf/hvf-all.c | 47 + accel/hvf/meson.build | 7 + accel/kvm/kvm-all.c | 625 +- accel/kvm/trace-events | 9 +- accel/meson.build | 1 + accel/qtest/meson.build | 8 +- accel/qtest/qtest.c | 2 + accel/stubs/kvm-stub.c | 1 - accel/stubs/tcg-stub.c | 1 - accel/tcg/atomic_common.c.inc | 107 +- accel/tcg/atomic_template.h | 142 +- accel/tcg/cpu-exec-common.c | 1 - accel/tcg/cpu-exec.c | 335 +- accel/tcg/cputlb.c | 349 +- accel/tcg/hmp.c | 29 + accel/tcg/internal.h | 2 + accel/tcg/meson.build | 6 +- accel/tcg/plugin-gen.c | 21 +- accel/tcg/plugin-helpers.h | 5 +- accel/tcg/tb-context.h | 42 + accel/tcg/tb-hash.h | 69 + accel/tcg/tcg-accel-ops-icount.c | 1 - accel/tcg/tcg-accel-ops-rr.c | 1 - accel/tcg/tcg-accel-ops.c | 2 +- accel/tcg/tcg-all.c | 33 +- accel/tcg/tcg-runtime-gvec.c | 36 +- accel/tcg/tcg-runtime.c | 22 - accel/tcg/tcg-runtime.h | 46 - accel/tcg/trace-events | 2 +- accel/tcg/translate-all.c | 485 +- accel/tcg/translator.c | 47 +- accel/tcg/user-exec-stub.c | 1 - accel/tcg/user-exec.c | 60 +- audio/alsaaudio.c | 10 +- audio/audio.c | 25 +- audio/audio_int.h | 2 + audio/coreaudio.c | 150 +- audio/jackaudio.c | 3 +- audio/paaudio.c | 10 +- audio/spiceaudio.c | 2 + audio/trace-events | 2 +- authz/meson.build | 2 +- authz/trace-events | 2 +- backends/cryptodev-vhost.c | 5 +- backends/hostmem-file.c | 12 +- backends/hostmem-memfd.c | 9 +- backends/hostmem-ram.c | 7 +- backends/hostmem.c | 37 +- backends/tpm/tpm_emulator.c | 34 +- backends/tpm/trace-events | 2 +- backends/trace-events | 2 +- backends/vhost-user.c | 4 +- block.c | 1707 +- block/backup-top.c | 48 +- block/backup.c | 2 +- block/blkdebug.c | 136 +- block/block-backend.c | 76 +- block/block-copy.c | 388 +- block/commit.c | 28 +- block/copy-on-read.c | 33 +- block/coroutines.h | 6 + block/dirty-bitmap.c | 2 +- block/export/export.c | 5 +- block/export/fuse.c | 129 +- block/export/vhost-user-blk-server.c | 9 +- block/file-posix.c | 293 +- block/io.c | 65 +- block/io_uring.c | 16 +- block/iscsi-opts.c | 1 + block/linux-aio.c | 9 +- block/meson.build | 22 +- block/mirror.c | 22 +- block/monitor/block-hmp-cmds.c | 31 +- block/nbd.c | 573 +- block/nfs.c | 5 +- block/nvme.c | 22 + block/progress_meter.c | 64 + block/qapi.c | 13 +- block/qcow2-snapshot.c | 2 +- block/qcow2.c | 48 +- block/quorum.c | 2 +- block/rbd.c | 781 +- block/replication.c | 120 +- block/sheepdog.c | 3356 --- block/snapshot.c | 16 +- block/ssh.c | 66 +- block/trace-events | 17 +- block/vhdx-log.c | 2 +- block/vvfat.c | 53 +- block/write-threshold.c | 91 +- blockdev-nbd.c | 6 +- blockdev.c | 84 +- blockjob.c | 60 +- bsd-user/bsdload.c | 59 +- bsd-user/elfload.c | 328 +- bsd-user/i386/target_signal.h | 20 - bsd-user/main.c | 296 +- bsd-user/mmap.c | 22 +- bsd-user/qemu.h | 131 +- bsd-user/signal.c | 1 - bsd-user/sparc/target_signal.h | 27 - bsd-user/sparc64/target_signal.h | 27 - bsd-user/strace.c | 8 - bsd-user/syscall.c | 25 +- bsd-user/uaccess.c | 2 +- bsd-user/x86_64/target_signal.h | 19 - chardev/baum.c | 1 + chardev/char-fd.c | 119 +- chardev/char-fe.c | 2 +- chardev/char-mux.c | 1 - chardev/char-socket.c | 22 +- chardev/char.c | 27 +- chardev/spice.c | 5 + chardev/trace-events | 2 +- configs/devices/aarch64-softmmu/default.mak | 8 + configs/devices/aarch64-softmmu/minimal.mak | 9 + configs/devices/alpha-softmmu/default.mak | 10 + configs/devices/arm-softmmu/default.mak | 44 + configs/devices/avr-softmmu/default.mak | 5 + configs/devices/cris-softmmu/default.mak | 5 + configs/devices/hppa-softmmu/default.mak | 9 + configs/devices/i386-softmmu/default.mak | 31 + configs/devices/m68k-softmmu/default.mak | 11 + configs/devices/microblaze-softmmu/default.mak | 7 + configs/devices/microblazeel-softmmu/default.mak | 3 + configs/devices/mips-softmmu/common.mak | 41 + configs/devices/mips-softmmu/default.mak | 3 + configs/devices/mips64-softmmu/default.mak | 4 + configs/devices/mips64el-softmmu/default.mak | 11 + configs/devices/mipsel-softmmu/default.mak | 3 + configs/devices/nios2-softmmu/default.mak | 8 + configs/devices/or1k-softmmu/default.mak | 5 + configs/devices/ppc-softmmu/default.mak | 19 + configs/devices/ppc64-softmmu/default.mak | 10 + configs/devices/riscv32-softmmu/default.mak | 15 + configs/devices/riscv64-softmmu/default.mak | 16 + configs/devices/rx-softmmu/default.mak | 3 + configs/devices/s390x-softmmu/default.mak | 13 + configs/devices/sh4-softmmu/default.mak | 11 + configs/devices/sh4eb-softmmu/default.mak | 3 + configs/devices/sparc-softmmu/default.mak | 11 + configs/devices/sparc64-softmmu/default.mak | 12 + configs/devices/tricore-softmmu/default.mak | 2 + configs/devices/x86_64-softmmu/default.mak | 3 + configs/devices/xtensa-softmmu/default.mak | 9 + configs/devices/xtensaeb-softmmu/default.mak | 3 + configs/targets/aarch64-linux-user.mak | 5 + configs/targets/aarch64-softmmu.mak | 5 + configs/targets/aarch64_be-linux-user.mak | 6 + configs/targets/alpha-linux-user.mak | 4 + configs/targets/alpha-softmmu.mak | 3 + configs/targets/arm-linux-user.mak | 6 + configs/targets/arm-softmmu.mak | 4 + configs/targets/armeb-linux-user.mak | 7 + configs/targets/avr-softmmu.mak | 2 + configs/targets/cris-linux-user.mak | 1 + configs/targets/cris-softmmu.mak | 1 + configs/targets/hexagon-linux-user.mak | 1 + configs/targets/hppa-linux-user.mak | 5 + configs/targets/hppa-softmmu.mak | 4 + configs/targets/i386-bsd-user.mak | 2 + configs/targets/i386-linux-user.mak | 4 + configs/targets/i386-softmmu.mak | 3 + configs/targets/m68k-linux-user.mak | 6 + configs/targets/m68k-softmmu.mak | 3 + configs/targets/microblaze-linux-user.mak | 5 + configs/targets/microblaze-softmmu.mak | 4 + configs/targets/microblazeel-linux-user.mak | 4 + configs/targets/microblazeel-softmmu.mak | 3 + configs/targets/mips-linux-user.mak | 6 + configs/targets/mips-softmmu.mak | 4 + configs/targets/mips64-linux-user.mak | 7 + configs/targets/mips64-softmmu.mak | 4 + configs/targets/mips64el-linux-user.mak | 6 + configs/targets/mips64el-softmmu.mak | 4 + configs/targets/mipsel-linux-user.mak | 5 + configs/targets/mipsel-softmmu.mak | 3 + configs/targets/mipsn32-linux-user.mak | 8 + configs/targets/mipsn32el-linux-user.mak | 7 + configs/targets/nios2-linux-user.mak | 1 + configs/targets/nios2-softmmu.mak | 1 + configs/targets/or1k-linux-user.mak | 2 + configs/targets/or1k-softmmu.mak | 2 + configs/targets/ppc-linux-user.mak | 5 + configs/targets/ppc-softmmu.mak | 4 + configs/targets/ppc64-linux-user.mak | 7 + configs/targets/ppc64-softmmu.mak | 6 + configs/targets/ppc64abi32-linux-user.mak | 8 + configs/targets/ppc64le-linux-user.mak | 6 + configs/targets/riscv32-linux-user.mak | 5 + configs/targets/riscv32-softmmu.mak | 5 + configs/targets/riscv64-linux-user.mak | 5 + configs/targets/riscv64-softmmu.mak | 5 + configs/targets/rx-softmmu.mak | 3 + configs/targets/s390x-linux-user.mak | 5 + configs/targets/s390x-softmmu.mak | 4 + configs/targets/sh4-linux-user.mak | 5 + configs/targets/sh4-softmmu.mak | 2 + configs/targets/sh4eb-linux-user.mak | 6 + configs/targets/sh4eb-softmmu.mak | 3 + configs/targets/sparc-linux-user.mak | 5 + configs/targets/sparc-softmmu.mak | 3 + configs/targets/sparc32plus-linux-user.mak | 8 + configs/targets/sparc64-linux-user.mak | 7 + configs/targets/sparc64-softmmu.mak | 4 + configs/targets/tricore-softmmu.mak | 1 + configs/targets/x86_64-bsd-user.mak | 3 + configs/targets/x86_64-linux-user.mak | 5 + configs/targets/x86_64-softmmu.mak | 4 + configs/targets/xtensa-linux-user.mak | 4 + configs/targets/xtensa-softmmu.mak | 2 + configs/targets/xtensaeb-linux-user.mak | 5 + configs/targets/xtensaeb-softmmu.mak | 3 + configure | 2032 +- contrib/gitdm/aliases | 6 + contrib/gitdm/domain-map | 7 + contrib/gitdm/group-map-academics | 3 + contrib/gitdm/group-map-individuals | 5 + contrib/gitdm/group-map-interns | 13 + contrib/gitdm/group-map-netflix | 5 + contrib/gitdm/group-map-robots | 7 + contrib/plugins/Makefile | 4 +- contrib/plugins/cache.c | 640 + contrib/plugins/execlog.c | 153 + contrib/vhost-user-gpu/meson.build | 2 +- contrib/vhost-user-gpu/vhost-user-gpu.c | 29 +- contrib/vhost-user-gpu/virgl.c | 20 +- contrib/vhost-user-gpu/vugpu.h | 2 +- contrib/vhost-user-input/main.c | 8 +- cpu.c | 68 +- crypto/cipher-builtin.c.inc | 132 - crypto/cipher-gcrypt.c.inc | 143 +- crypto/cipher-gnutls.c.inc | 335 + crypto/cipher-nettle.c.inc | 117 +- crypto/cipher.c | 30 +- crypto/desrfb.c | 416 - crypto/hash-gnutls.c | 104 + crypto/hash-nettle.c | 10 +- crypto/hmac-gnutls.c | 139 + crypto/hmac-nettle.c | 12 +- crypto/init.c | 62 - crypto/meson.build | 49 +- crypto/pbkdf-gnutls.c | 90 + crypto/tls-cipher-suites.c | 7 + crypto/tlscreds.c | 12 + crypto/tlscredsanon.c | 2 + crypto/tlscredspriv.h | 45 + crypto/tlscredspsk.c | 2 + crypto/tlscredsx509.c | 3 +- crypto/tlssession.c | 1 + crypto/trace-events | 2 +- default-configs/devices/aarch64-softmmu.mak | 8 - default-configs/devices/alpha-softmmu.mak | 10 - default-configs/devices/arm-softmmu.mak | 46 - default-configs/devices/avr-softmmu.mak | 5 - default-configs/devices/cris-softmmu.mak | 5 - default-configs/devices/hppa-softmmu.mak | 9 - default-configs/devices/i386-softmmu.mak | 31 - default-configs/devices/lm32-softmmu.mak | 12 - default-configs/devices/m68k-softmmu.mak | 11 - default-configs/devices/microblaze-softmmu.mak | 7 - default-configs/devices/microblazeel-softmmu.mak | 3 - default-configs/devices/mips-softmmu-common.mak | 41 - default-configs/devices/mips-softmmu.mak | 3 - default-configs/devices/mips64-softmmu.mak | 4 - default-configs/devices/mips64el-softmmu.mak | 15 - default-configs/devices/mipsel-softmmu.mak | 3 - default-configs/devices/moxie-softmmu.mak | 5 - default-configs/devices/nios2-softmmu.mak | 8 - default-configs/devices/or1k-softmmu.mak | 5 - default-configs/devices/ppc-softmmu.mak | 18 - default-configs/devices/ppc64-softmmu.mak | 11 - default-configs/devices/riscv32-softmmu.mak | 15 - default-configs/devices/riscv64-softmmu.mak | 15 - default-configs/devices/rx-softmmu.mak | 3 - default-configs/devices/s390x-softmmu.mak | 13 - default-configs/devices/sh4-softmmu.mak | 11 - default-configs/devices/sh4eb-softmmu.mak | 3 - default-configs/devices/sparc-softmmu.mak | 11 - default-configs/devices/sparc64-softmmu.mak | 12 - default-configs/devices/tricore-softmmu.mak | 1 - default-configs/devices/unicore32-softmmu.mak | 6 - default-configs/devices/x86_64-softmmu.mak | 3 - default-configs/devices/xtensa-softmmu.mak | 9 - default-configs/devices/xtensaeb-softmmu.mak | 3 - default-configs/targets/aarch64-linux-user.mak | 5 - default-configs/targets/aarch64-softmmu.mak | 5 - default-configs/targets/aarch64_be-linux-user.mak | 6 - default-configs/targets/alpha-linux-user.mak | 4 - default-configs/targets/alpha-softmmu.mak | 3 - default-configs/targets/arm-linux-user.mak | 6 - default-configs/targets/arm-softmmu.mak | 4 - default-configs/targets/armeb-linux-user.mak | 7 - default-configs/targets/avr-softmmu.mak | 2 - default-configs/targets/cris-linux-user.mak | 1 - default-configs/targets/cris-softmmu.mak | 1 - default-configs/targets/hexagon-linux-user.mak | 1 - default-configs/targets/hppa-linux-user.mak | 5 - default-configs/targets/hppa-softmmu.mak | 4 - default-configs/targets/i386-bsd-user.mak | 2 - default-configs/targets/i386-linux-user.mak | 4 - default-configs/targets/i386-softmmu.mak | 3 - default-configs/targets/lm32-softmmu.mak | 2 - default-configs/targets/m68k-linux-user.mak | 6 - default-configs/targets/m68k-softmmu.mak | 3 - default-configs/targets/microblaze-linux-user.mak | 5 - default-configs/targets/microblaze-softmmu.mak | 4 - .../targets/microblazeel-linux-user.mak | 4 - default-configs/targets/microblazeel-softmmu.mak | 3 - default-configs/targets/mips-linux-user.mak | 6 - default-configs/targets/mips-softmmu.mak | 4 - default-configs/targets/mips64-linux-user.mak | 7 - default-configs/targets/mips64-softmmu.mak | 4 - default-configs/targets/mips64el-linux-user.mak | 6 - default-configs/targets/mips64el-softmmu.mak | 4 - default-configs/targets/mipsel-linux-user.mak | 5 - default-configs/targets/mipsel-softmmu.mak | 3 - default-configs/targets/mipsn32-linux-user.mak | 8 - default-configs/targets/mipsn32el-linux-user.mak | 7 - default-configs/targets/moxie-softmmu.mak | 2 - default-configs/targets/nios2-linux-user.mak | 1 - default-configs/targets/nios2-softmmu.mak | 1 - default-configs/targets/or1k-linux-user.mak | 2 - default-configs/targets/or1k-softmmu.mak | 2 - default-configs/targets/ppc-linux-user.mak | 5 - default-configs/targets/ppc-softmmu.mak | 4 - default-configs/targets/ppc64-linux-user.mak | 7 - default-configs/targets/ppc64-softmmu.mak | 6 - default-configs/targets/ppc64abi32-linux-user.mak | 8 - default-configs/targets/ppc64le-linux-user.mak | 6 - default-configs/targets/riscv32-linux-user.mak | 5 - default-configs/targets/riscv32-softmmu.mak | 5 - default-configs/targets/riscv64-linux-user.mak | 5 - default-configs/targets/riscv64-softmmu.mak | 5 - default-configs/targets/rx-softmmu.mak | 3 - default-configs/targets/s390x-linux-user.mak | 5 - default-configs/targets/s390x-softmmu.mak | 4 - default-configs/targets/sh4-linux-user.mak | 5 - default-configs/targets/sh4-softmmu.mak | 2 - default-configs/targets/sh4eb-linux-user.mak | 6 - default-configs/targets/sh4eb-softmmu.mak | 3 - default-configs/targets/sparc-bsd-user.mak | 3 - default-configs/targets/sparc-linux-user.mak | 5 - default-configs/targets/sparc-softmmu.mak | 3 - default-configs/targets/sparc32plus-linux-user.mak | 8 - default-configs/targets/sparc64-bsd-user.mak | 4 - default-configs/targets/sparc64-linux-user.mak | 6 - default-configs/targets/sparc64-softmmu.mak | 4 - default-configs/targets/tricore-softmmu.mak | 1 - default-configs/targets/unicore32-softmmu.mak | 1 - default-configs/targets/x86_64-bsd-user.mak | 3 - default-configs/targets/x86_64-linux-user.mak | 5 - default-configs/targets/x86_64-softmmu.mak | 4 - default-configs/targets/xtensa-linux-user.mak | 5 - default-configs/targets/xtensa-softmmu.mak | 3 - default-configs/targets/xtensaeb-linux-user.mak | 6 - default-configs/targets/xtensaeb-softmmu.mak | 4 - disas.c | 1 - disas/arm-a64.cc | 2 - disas/hexagon.c | 3 +- disas/libvixl/vixl/code-buffer.h | 2 +- disas/libvixl/vixl/globals.h | 16 +- disas/libvixl/vixl/invalset.h | 2 +- disas/libvixl/vixl/platform.h | 2 + disas/libvixl/vixl/utils.cc | 2 +- disas/libvixl/vixl/utils.h | 2 +- disas/lm32.c | 361 - disas/meson.build | 2 - disas/moxie.c | 360 - disas/nanomips.cpp | 2 - docs/_templates/editpage.html | 5 - docs/_templates/footer.html | 14 + docs/about/build-platforms.rst | 62 + docs/about/deprecated.rst | 339 + docs/about/index.rst | 27 + docs/about/license.rst | 11 + docs/about/removed-features.rst | 713 + docs/amd-memory-encryption.txt | 89 +- docs/barrier.txt | 370 - docs/bootindex.txt | 52 - docs/bypass-iommu.txt | 89 + docs/ccid.txt | 15 +- docs/conf.py | 55 +- docs/devel/_templates/editpage.html | 5 - docs/devel/build-system.rst | 167 +- docs/devel/ci.rst | 167 + docs/devel/control-flow-integrity.rst | 4 +- docs/devel/decodetree.rst | 11 +- docs/devel/ebpf_rss.rst | 125 + docs/devel/index.rst | 14 +- docs/devel/kconfig.rst | 2 +- docs/devel/lockcnt.txt | 2 +- docs/devel/migration.rst | 36 +- docs/devel/modules.rst | 5 + docs/devel/multi-thread-tcg.rst | 5 +- docs/devel/qapi-code-gen.rst | 1986 ++ docs/devel/qapi-code-gen.txt | 1897 -- docs/devel/qgraph.rst | 66 +- docs/devel/qom.rst | 8 + docs/devel/secure-coding-practices.rst | 9 + docs/devel/tcg-plugins.rst | 100 +- docs/devel/tcg.rst | 103 +- docs/devel/testing.rst | 116 +- docs/devel/ui.rst | 8 + docs/devel/vfio-migration.rst | 150 + docs/devel/writing-qmp-commands.rst | 622 + docs/devel/writing-qmp-commands.txt | 597 - docs/hyperv.txt | 9 +- docs/index.rst | 1 + docs/interop/_templates/editpage.html | 5 - docs/interop/barrier.rst | 426 + docs/interop/firmware.json | 47 +- docs/interop/index.rst | 10 +- docs/interop/live-block-operations.rst | 32 +- docs/interop/qemu-ga-ref.rst | 10 +- docs/interop/qemu-qmp-ref.rst | 10 +- docs/interop/qemu-storage-daemon-qmp-ref.rst | 10 +- docs/interop/vhost-user-gpu.rst | 7 +- docs/interop/vhost-user.rst | 14 +- docs/meson.build | 8 +- docs/pcie_pci_bridge.txt | 6 +- docs/specs/_templates/editpage.html | 5 - docs/specs/index.rst | 7 +- docs/sphinx-static/theme_overrides.css | 161 + docs/sphinx/qapidoc.py | 3 +- docs/system/_templates/editpage.html | 5 - docs/system/arm/aspeed.rst | 7 +- docs/system/arm/cpu-features.rst | 131 +- docs/system/arm/cubieboard.rst | 16 + docs/system/arm/emcraft-sf2.rst | 15 + docs/system/arm/emulation.rst | 103 + docs/system/arm/highbank.rst | 19 + docs/system/arm/imx25-pdk.rst | 19 + docs/system/arm/kzm.rst | 18 + docs/system/arm/mainstone.rst | 25 + docs/system/arm/mps2.rst | 10 + docs/system/arm/nrf.rst | 51 + docs/system/arm/nuvoton.rst | 13 +- docs/system/arm/sabrelite.rst | 2 +- docs/system/arm/sbsa.rst | 6 +- docs/system/arm/stm32.rst | 66 + docs/system/arm/virt.rst | 2 +- docs/system/authz.rst | 263 + docs/system/barrier.rst | 44 + docs/system/bootindex.rst | 76 + docs/system/build-platforms.rst | 62 - docs/system/cpu-hotplug.rst | 2 +- docs/system/cpu-models-x86-abi.csv | 67 + docs/system/cpu-models-x86.rst.inc | 24 +- docs/system/deprecated.rst | 386 - docs/system/device-emulation.rst | 90 + docs/system/device-url-syntax.rst.inc | 18 - docs/system/devices/ivshmem.rst | 64 + docs/system/devices/net.rst | 100 + docs/system/devices/nvme.rst | 237 + docs/system/devices/usb.rst | 351 + docs/system/devices/vhost-user.rst | 59 + docs/system/devices/virtio-pmem.rst | 76 + docs/system/generic-loader.rst | 13 +- docs/system/guest-loader.rst | 6 +- docs/system/index.rst | 21 +- docs/system/ivshmem.rst | 64 - docs/system/license.rst | 11 - docs/system/net.rst | 100 - docs/system/nvme.rst | 225 - docs/system/ppc/powernv.rst | 8 +- docs/system/ppc/ppce500.rst | 164 + docs/system/qemu-block-drivers.rst.inc | 69 - docs/system/removed-features.rst | 463 - docs/system/riscv/microchip-icicle-kit.rst | 92 +- docs/system/riscv/shakti-c.rst | 82 + docs/system/riscv/sifive_u.rst | 77 +- docs/system/riscv/virt.rst | 138 + docs/system/s390x/protvirt.rst | 12 +- docs/system/secrets.rst | 162 + docs/system/target-arm.rst | 14 + docs/system/target-ppc.rst | 1 + docs/system/target-riscv.rst | 15 +- docs/system/usb.rst | 140 - docs/system/virtio-pmem.rst | 76 - docs/system/vnc-security.rst | 7 +- docs/tools/_templates/editpage.html | 5 - docs/tools/index.rst | 7 +- docs/tools/qemu-img.rst | 56 +- docs/tools/virtiofsd.rst | 80 +- docs/usb-storage.txt | 59 - docs/usb2.txt | 172 - docs/user/_templates/editpage.html | 5 - docs/user/index.rst | 7 +- dump/dump.c | 1 - dump/win_dump.c | 1 - ebpf/ebpf_rss-stub.c | 40 + ebpf/ebpf_rss.c | 165 + ebpf/ebpf_rss.h | 44 + ebpf/meson.build | 1 + ebpf/rss.bpf.skeleton.h | 431 + ebpf/trace-events | 4 + ebpf/trace.h | 1 + fpu/meson.build | 1 + fpu/softfloat-parts-addsub.c.inc | 62 + fpu/softfloat-parts.c.inc | 1492 ++ fpu/softfloat-specialize.c.inc | 444 +- fpu/softfloat.c | 7978 ++---- gdbstub.c | 344 +- gitdm.config | 13 +- hmp-commands-info.hx | 29 +- hmp-commands.hx | 22 +- hw/9pfs/9p-local.c | 5 + hw/9pfs/9p-posix-acl.c | 5 + hw/9pfs/9p-proxy.c | 5 + hw/9pfs/9p-synth.c | 5 + hw/9pfs/9p-util.c | 5 + hw/9pfs/9p-xattr-user.c | 5 + hw/9pfs/9p-xattr.c | 5 + hw/9pfs/9p.c | 142 +- hw/9pfs/9p.h | 2 +- hw/9pfs/codir.c | 5 + hw/9pfs/cofile.c | 5 + hw/9pfs/cofs.c | 5 + hw/9pfs/coth.c | 5 + hw/9pfs/coxattr.c | 5 + hw/9pfs/trace-events | 2 +- hw/9pfs/virtio-9p-device.c | 5 + hw/9pfs/xen-9p-backend.c | 5 + hw/Kconfig | 5 +- hw/acpi/Kconfig | 4 + hw/acpi/acpi-x86-stub.c | 6 + hw/acpi/aml-build.c | 17 +- hw/acpi/cpu.c | 1 - hw/acpi/generic_event_device.c | 3 +- hw/acpi/ghes-stub.c | 22 + hw/acpi/ghes.c | 17 + hw/acpi/ich9.c | 71 +- hw/acpi/memory_hotplug.c | 1 - hw/acpi/meson.build | 9 +- hw/acpi/pcihp.c | 27 +- hw/acpi/piix4.c | 5 +- hw/acpi/tpm.c | 2 +- hw/acpi/trace-events | 2 +- hw/adc/Kconfig | 3 + hw/adc/max111x.c | 236 + hw/adc/meson.build | 2 + hw/adc/trace-events | 2 +- hw/adc/zynq-xadc.c | 305 + hw/alpha/Kconfig | 4 +- hw/alpha/alpha_sys.h | 4 +- hw/alpha/dp264.c | 60 +- hw/alpha/trace-events | 2 +- hw/alpha/typhoon.c | 22 +- hw/arm/Kconfig | 24 +- hw/arm/allwinner-a10.c | 2 - hw/arm/allwinner-h3.c | 2 - hw/arm/armsse.c | 35 +- hw/arm/armv7m.c | 9 +- hw/arm/aspeed.c | 162 +- hw/arm/aspeed_ast2600.c | 25 +- hw/arm/aspeed_soc.c | 26 +- hw/arm/bcm2835_peripherals.c | 13 +- hw/arm/bcm2836.c | 1 - hw/arm/boot.c | 10 +- hw/arm/cubieboard.c | 4 - hw/arm/digic_boards.c | 3 - hw/arm/exynos4210.c | 1 - hw/arm/exynos4_boards.c | 2 - hw/arm/fsl-imx25.c | 2 - hw/arm/fsl-imx31.c | 1 - hw/arm/highbank.c | 3 +- hw/arm/imx25_pdk.c | 7 +- hw/arm/kzm.c | 1 - hw/arm/mcimx6ul-evk.c | 3 +- hw/arm/mcimx7d-sabre.c | 3 +- hw/arm/meson.build | 2 + hw/arm/mps2-tz.c | 147 +- hw/arm/msf2-soc.c | 1 - hw/arm/msf2-som.c | 1 - hw/arm/musicpal.c | 2 - hw/arm/npcm7xx.c | 1 - hw/arm/npcm7xx_boards.c | 113 +- hw/arm/nrf51_soc.c | 2 - hw/arm/nseries.c | 8 +- hw/arm/omap1.c | 1 - hw/arm/omap2.c | 1 - hw/arm/orangepi.c | 3 - hw/arm/palm.c | 1 - hw/arm/pxa2xx.c | 2 +- hw/arm/pxa2xx_pic.c | 2 +- hw/arm/raspi.c | 2 - hw/arm/realview.c | 1 - hw/arm/sabrelite.c | 3 +- hw/arm/sbsa-ref.c | 8 - hw/arm/smmu-common.c | 1 - hw/arm/smmuv3-internal.h | 2 +- hw/arm/smmuv3.c | 57 +- hw/arm/spitz.c | 10 +- hw/arm/stellaris.c | 57 +- hw/arm/stm32f100_soc.c | 182 + hw/arm/stm32vldiscovery.c | 66 + hw/arm/strongarm.c | 3 +- hw/arm/sysbus-fdt.c | 4 + hw/arm/trace-events | 2 +- hw/arm/versatilepb.c | 1 - hw/arm/vexpress.c | 1 - hw/arm/virt-acpi-build.c | 120 +- hw/arm/virt.c | 50 +- hw/arm/xilinx_zynq.c | 5 +- hw/arm/xlnx-versal-virt.c | 2 - hw/arm/xlnx-versal.c | 1 - hw/arm/xlnx-zcu102.c | 1 - hw/arm/xlnx-zynqmp.c | 2 - hw/arm/z2.c | 4 +- hw/audio/adlib.c | 3 +- hw/audio/meson.build | 1 - hw/audio/milkymist-ac97.c | 360 - hw/audio/sb16.c | 23 +- hw/audio/trace-events | 14 +- hw/avr/arduino.c | 1 - hw/avr/atmega.c | 3 +- hw/block/Kconfig | 17 +- hw/block/block.c | 42 +- hw/block/dataplane/trace-events | 2 +- hw/block/dataplane/virtio-blk.c | 52 +- hw/block/ecc.c | 2 +- hw/block/fdc-internal.h | 158 + hw/block/fdc-isa.c | 320 + hw/block/fdc-sysbus.c | 251 + hw/block/fdc.c | 621 +- hw/block/m25p80.c | 2 + hw/block/meson.build | 3 +- hw/block/nvme-dif.c | 518 - hw/block/nvme-dif.h | 63 - hw/block/nvme-ns.c | 594 - hw/block/nvme-ns.h | 229 - hw/block/nvme-subsys.c | 91 - hw/block/nvme-subsys.h | 59 - hw/block/nvme.c | 6363 ----- hw/block/nvme.h | 266 - hw/block/pflash_cfi02.c | 10 +- hw/block/trace-events | 211 +- hw/block/vhost-user-blk.c | 168 +- hw/block/virtio-blk.c | 2 +- hw/char/Kconfig | 1 + hw/char/cadence_uart.c | 2 +- hw/char/cmsdk-apb-uart.c | 2 +- hw/char/ibex_uart.c | 40 +- hw/char/lm32_juart.c | 166 - hw/char/lm32_uart.c | 314 - hw/char/mchp_pfsoc_mmuart.c | 1 - hw/char/meson.build | 4 +- hw/char/milkymist-uart.c | 258 - hw/char/nrf51_uart.c | 2 +- hw/char/riscv_htif.c | 1 - hw/char/serial.c | 2 +- hw/char/shakti_uart.c | 185 + hw/char/sifive_uart.c | 154 +- hw/char/spapr_vty.c | 1 - hw/char/trace-events | 23 +- hw/char/virtio-console.c | 2 +- hw/char/virtio-serial-bus.c | 1 - hw/core/cpu-common.c | 313 + hw/core/cpu-sysemu.c | 145 + hw/core/cpu.c | 438 - hw/core/generic-loader.c | 1 - hw/core/guest-loader.c | 1 - hw/core/loader.c | 1 - hw/core/machine-hmp-cmds.c | 6 + hw/core/machine-qmp-cmds.c | 10 +- hw/core/machine.c | 199 +- hw/core/meson.build | 3 +- hw/core/null-machine.c | 1 - hw/core/numa.c | 87 +- hw/cris/axis_dev88.c | 1 - hw/display/Kconfig | 4 - hw/display/ati.c | 2 +- hw/display/edid-generate.c | 214 +- hw/display/g364fb.c | 32 +- hw/display/macfb.c | 1 + hw/display/meson.build | 22 +- hw/display/milkymist-tmu2.c | 551 - hw/display/milkymist-vgafb.c | 360 - hw/display/milkymist-vgafb_template.h | 74 - hw/display/next-fb.c | 2 - hw/display/qxl.c | 49 +- hw/display/qxl.h | 1 - hw/display/sm501.c | 16 +- hw/display/trace-events | 14 +- hw/display/vga-pci.c | 2 +- hw/display/vga.c | 5 +- hw/display/vhost-user-gpu-pci.c | 1 + hw/display/vhost-user-gpu.c | 7 +- hw/display/vhost-user-vga.c | 1 + hw/display/virtio-gpu-3d.c | 628 - hw/display/virtio-gpu-base.c | 10 +- hw/display/virtio-gpu-gl.c | 171 + hw/display/virtio-gpu-pci-gl.c | 58 + hw/display/virtio-gpu-pci.c | 2 + hw/display/virtio-gpu-udmabuf.c | 223 + hw/display/virtio-gpu-virgl.c | 634 + hw/display/virtio-gpu.c | 632 +- hw/display/virtio-vga-gl.c | 50 + hw/display/virtio-vga.c | 2 + hw/display/xlnx_dp.c | 2 +- hw/dma/meson.build | 1 - hw/dma/pl080.c | 1 - hw/dma/puv3_dma.c | 119 - hw/dma/pxa2xx_dma.c | 4 +- hw/dma/sifive_pdma.c | 1 - hw/dma/trace-events | 2 +- hw/dma/xlnx_csu_dma.c | 1 - hw/gpio/aspeed_gpio.c | 7 +- hw/gpio/gpio_pwr.c | 2 +- hw/gpio/meson.build | 1 - hw/gpio/pl061.c | 345 +- hw/gpio/puv3_gpio.c | 154 - hw/gpio/trace-events | 11 +- hw/hppa/dino.c | 2 - hw/hppa/lasi.c | 3 - hw/hppa/machine.c | 1 - hw/hppa/trace-events | 2 +- hw/hyperv/vmbus.c | 20 +- hw/i2c/Kconfig | 8 + hw/i2c/aspeed_i2c.c | 5 +- hw/i2c/core.c | 131 +- hw/i2c/i2c_mux_pca954x.c | 290 + hw/i2c/imx_i2c.c | 2 +- hw/i2c/meson.build | 2 + hw/i2c/mpc_i2c.c | 1 - hw/i2c/pm_smbus.c | 4 +- hw/i2c/pmbus_device.c | 1612 ++ hw/i2c/ppc4xx_i2c.c | 15 +- hw/i2c/smbus_eeprom.c | 2 +- hw/i2c/smbus_master.c | 22 +- hw/i2c/trace-events | 7 +- hw/i386/Kconfig | 8 +- hw/i386/acpi-build.c | 196 +- hw/i386/acpi-build.h | 5 + hw/i386/acpi-common.h | 6 +- hw/i386/acpi-microvm.c | 1 - hw/i386/amd_iommu.c | 10 +- hw/i386/fw_cfg.c | 4 +- hw/i386/intel_iommu.c | 2 - hw/i386/kvm/apic.c | 3 +- hw/i386/kvm/clock.c | 5 +- hw/i386/kvm/i8254.c | 10 +- hw/i386/kvm/i8259.c | 4 +- hw/i386/kvm/ioapic.c | 5 +- hw/i386/kvmvapic.c | 1 - hw/i386/meson.build | 2 + hw/i386/microvm.c | 1 - hw/i386/pc.c | 141 +- hw/i386/pc_piix.c | 18 +- hw/i386/pc_q35.c | 25 +- hw/i386/pc_sysfw.c | 108 - hw/i386/pc_sysfw_ovmf-stubs.c | 26 + hw/i386/pc_sysfw_ovmf.c | 151 + hw/i386/trace-events | 2 +- hw/i386/vmport.c | 1 - hw/i386/x86-iommu.c | 1 - hw/i386/x86.c | 39 +- hw/i386/xen/trace-events | 2 +- hw/i386/xen/xen-hvm.c | 1 - hw/i386/xen/xen-mapcache.c | 7 +- hw/i386/xen/xen_platform.c | 2 - hw/ide/Kconfig | 3 +- hw/ide/ahci_internal.h | 1 - hw/ide/ioport.c | 16 +- hw/ide/piix.c | 22 +- hw/ide/trace-events | 2 +- hw/input/hid.c | 4 +- hw/input/lasips2.c | 3 - hw/input/lm832x.c | 2 +- hw/input/meson.build | 1 - hw/input/milkymist-softusb.c | 319 - hw/input/pckbd.c | 353 +- hw/input/ps2.c | 22 +- hw/input/trace-events | 11 +- hw/input/vhost-user-input.c | 6 +- hw/input/virtio-input-host.c | 5 +- hw/intc/apic.c | 1 - hw/intc/apic_common.c | 1 - hw/intc/arm_gic_kvm.c | 2 - hw/intc/arm_gicv3.c | 1 - hw/intc/arm_gicv3_cpuif.c | 53 +- hw/intc/arm_gicv3_kvm.c | 1 - hw/intc/arm_gicv3_redist.c | 4 +- hw/intc/armv7m_nvic.c | 47 +- hw/intc/grlib_irqmp.c | 1 - hw/intc/ibex_plic.c | 20 +- hw/intc/imx_gpcv2.c | 1 - hw/intc/lm32_pic.c | 195 - hw/intc/meson.build | 2 - hw/intc/ompic.c | 1 - hw/intc/openpic.c | 1 - hw/intc/openpic_kvm.c | 2 - hw/intc/ppc-uic.c | 2 +- hw/intc/puv3_intc.c | 147 - hw/intc/s390_flic.c | 1 - hw/intc/s390_flic_kvm.c | 4 +- hw/intc/sifive_plic.c | 2 - hw/intc/spapr_xive.c | 2 +- hw/intc/trace-events | 11 +- hw/intc/xics.c | 1 - hw/intc/xics_kvm.c | 1 - hw/intc/xics_spapr.c | 1 - hw/ipmi/ipmi_bmc_sim.c | 4 +- hw/ipmi/isa_ipmi_bt.c | 1 - hw/ipmi/isa_ipmi_kcs.c | 1 - hw/isa/Kconfig | 12 +- hw/isa/isa-bus.c | 14 +- hw/isa/isa-superio.c | 1 - hw/isa/lpc_ich9.c | 2 - hw/isa/piix3.c | 1 - hw/isa/piix4.c | 6 +- hw/isa/trace-events | 2 +- hw/isa/vt82c686.c | 423 +- hw/lm32/Kconfig | 18 - hw/lm32/lm32.h | 48 - hw/lm32/lm32_boards.c | 333 - hw/lm32/lm32_hwsetup.h | 179 - hw/lm32/meson.build | 6 - hw/lm32/milkymist-hw.h | 133 - hw/lm32/milkymist.c | 250 - hw/m68k/an5206.c | 1 - hw/m68k/mcf5208.c | 1 - hw/m68k/mcf_intc.c | 1 - hw/m68k/next-cube.c | 6 +- hw/m68k/next-kbd.c | 3 - hw/m68k/q800.c | 24 +- hw/m68k/virt.c | 3 - hw/mem/Kconfig | 2 - hw/mem/meson.build | 3 +- hw/mem/pc-dimm.c | 33 +- hw/mem/sparse-mem.c | 1 - hw/mem/trace-events | 2 +- hw/meson.build | 5 +- hw/microblaze/boot.c | 1 - hw/mips/Kconfig | 8 +- hw/mips/boston.c | 1 - hw/mips/fuloong2e.c | 2 - hw/mips/gt64xxx_pci.c | 1 - hw/mips/jazz.c | 82 +- hw/mips/loongson3_virt.c | 4 - hw/mips/malta.c | 3 - hw/mips/meson.build | 9 +- hw/mips/mips_int.c | 1 - hw/mips/mipssim.c | 2 - hw/misc/Kconfig | 15 - hw/misc/aspeed_hace.c | 389 + hw/misc/aspeed_xdma.c | 124 +- hw/misc/auxbus.c | 68 +- hw/misc/bcm2835_powermgt.c | 160 + hw/misc/emc141x.c | 326 - hw/misc/imx7_snvs.c | 1 - hw/misc/imx_ccm.c | 1 - hw/misc/imx_rngc.c | 1 - hw/misc/ivshmem.c | 5 +- hw/misc/led.c | 1 - hw/misc/macio/macio.c | 1 - hw/misc/macio/trace-events | 2 +- hw/misc/max111x.c | 236 - hw/misc/mchp_pfsoc_dmc.c | 1 - hw/misc/mchp_pfsoc_ioscb.c | 1 - hw/misc/mchp_pfsoc_sysreg.c | 1 - hw/misc/meson.build | 12 +- hw/misc/milkymist-hpdmc.c | 172 - hw/misc/milkymist-pfpu.c | 548 - hw/misc/mips_itu.c | 1 - hw/misc/mps2-scc.c | 13 +- hw/misc/mst_fpga.c | 2 +- hw/misc/npcm7xx_clk.c | 2 +- hw/misc/puv3_pm.c | 159 - hw/misc/pvpanic-isa.c | 1 - hw/misc/pvpanic-pci.c | 1 - hw/misc/sifive_e_prci.c | 1 - hw/misc/sifive_test.c | 1 - hw/misc/tmp105.c | 328 - hw/misc/tmp105.h | 55 - hw/misc/tmp421.c | 391 - hw/misc/trace-events | 12 +- hw/misc/virt_ctrl.c | 1 - hw/misc/zynq-xadc.c | 305 - hw/moxie/Kconfig | 3 - hw/moxie/meson.build | 4 - hw/moxie/moxiesim.c | 157 - hw/net/can/can_sja1000.c | 8 + hw/net/can/xlnx-zynqmp-can.c | 1 - hw/net/dp8393x.c | 500 +- hw/net/e1000.c | 17 + hw/net/e1000e.c | 8 +- hw/net/e1000e_core.c | 10 +- hw/net/i82596.c | 1 - hw/net/imx_fec.c | 8 +- hw/net/lasi_i82596.c | 1 - hw/net/meson.build | 1 - hw/net/milkymist-minimac2.c | 547 - hw/net/msf2-emac.c | 1 - hw/net/net_tx_pkt.c | 12 +- hw/net/rocker/rocker.h | 11 +- hw/net/spapr_llan.c | 1 - hw/net/trace-events | 33 +- hw/net/vhost_net.c | 11 +- hw/net/virtio-net.c | 120 +- hw/net/vmxnet3.c | 43 +- hw/net/xgmac.c | 1 - hw/nios2/10m50_devboard.c | 1 - hw/nios2/boot.c | 2 - hw/nios2/generic_nommu.c | 2 - hw/nubus/nubus-bus.c | 1 - hw/nvme/Kconfig | 4 + hw/nvme/ctrl.c | 6717 +++++ hw/nvme/dif.c | 509 + hw/nvme/meson.build | 1 + hw/nvme/ns.c | 601 + hw/nvme/nvme.h | 556 + hw/nvme/subsys.c | 89 + hw/nvme/trace-events | 202 + hw/nvme/trace.h | 1 + hw/nvram/nrf51_nvm.c | 1 - hw/nvram/spapr_nvram.c | 2 - hw/nvram/trace-events | 2 +- hw/openrisc/openrisc_sim.c | 1 - hw/pci-bridge/gen_pcie_root_port.c | 5 + hw/pci-bridge/pci_expander_bridge.c | 3 + hw/pci-host/Kconfig | 7 +- hw/pci-host/bonito.c | 13 +- hw/pci-host/gpex-acpi.c | 20 +- hw/pci-host/gpex.c | 56 +- hw/pci-host/meson.build | 6 +- hw/pci-host/mv64361.c | 950 + hw/pci-host/mv643xx.h | 918 + hw/pci-host/pnv_phb4.c | 2 +- hw/pci-host/ppce500.c | 1 - hw/pci-host/prep.c | 443 - hw/pci-host/q35.c | 5 + hw/pci-host/raven.c | 445 + hw/pci-host/sabre.c | 1 - hw/pci-host/sh_pci.c | 1 - hw/pci-host/trace-events | 11 +- hw/pci/pci.c | 35 +- hw/pci/pci_host.c | 1 + hw/pci/pcie.c | 8 +- hw/pci/pcie_host.c | 1 - hw/pci/pcie_port.c | 1 + hw/pci/trace-events | 2 +- hw/pcmcia/meson.build | 2 +- hw/ppc/Kconfig | 19 +- hw/ppc/e500.c | 2 - hw/ppc/mac_newworld.c | 6 +- hw/ppc/mac_oldworld.c | 2 - hw/ppc/meson.build | 8 + hw/ppc/pef.c | 6 +- hw/ppc/pegasos2.c | 913 + hw/ppc/pnv.c | 5 +- hw/ppc/pnv_core.c | 3 +- hw/ppc/pnv_pnor.c | 1 - hw/ppc/pnv_psi.c | 5 +- hw/ppc/ppc.c | 1 - hw/ppc/ppc405_boards.c | 3 - hw/ppc/ppc405_uc.c | 1 - hw/ppc/ppc440_bamboo.c | 1 - hw/ppc/ppc440_pcix.c | 1 - hw/ppc/ppc440_uc.c | 2 - hw/ppc/ppc4xx_devs.c | 1 - hw/ppc/ppc4xx_pci.c | 1 - hw/ppc/ppc_booke.c | 1 - hw/ppc/prep.c | 4 - hw/ppc/rs6000_mc.c | 1 - hw/ppc/sam460ex.c | 1 - hw/ppc/spapr.c | 144 +- hw/ppc/spapr_caps.c | 100 + hw/ppc/spapr_drc.c | 24 +- hw/ppc/spapr_events.c | 6 - hw/ppc/spapr_hcall.c | 667 +- hw/ppc/spapr_iommu.c | 1 - hw/ppc/spapr_nvdimm.c | 52 +- hw/ppc/spapr_pci.c | 2 - hw/ppc/spapr_pci_vfio.c | 41 +- hw/ppc/spapr_rng.c | 1 - hw/ppc/spapr_rtas.c | 19 +- hw/ppc/spapr_rtas_ddw.c | 1 - hw/ppc/spapr_rtc.c | 1 - hw/ppc/spapr_softmmu.c | 627 + hw/ppc/spapr_tpm_proxy.c | 1 - hw/ppc/spapr_vio.c | 2 +- hw/ppc/spapr_vof.c | 167 + hw/ppc/trace-events | 26 +- hw/ppc/virtex_ml507.c | 2 - hw/ppc/vof.c | 1062 + hw/rdma/trace-events | 2 +- hw/rdma/vmw/pvrdma_cmd.c | 7 + hw/rdma/vmw/pvrdma_dev_ring.c | 2 +- hw/rdma/vmw/pvrdma_main.c | 5 + hw/rdma/vmw/trace-events | 2 +- hw/remote/iohub.c | 1 - hw/remote/machine.c | 1 - hw/remote/memory.c | 8 +- hw/remote/mpqemu-link.c | 2 +- hw/remote/proxy-memory-listener.c | 2 - hw/remote/proxy.c | 3 +- hw/riscv/Kconfig | 16 + hw/riscv/boot.c | 6 +- hw/riscv/meson.build | 3 +- hw/riscv/microchip_pfsoc.c | 83 +- hw/riscv/numa.c | 1 - hw/riscv/opentitan.c | 34 +- hw/riscv/shakti_c.c | 181 + hw/riscv/sifive_e.c | 4 +- hw/riscv/sifive_u.c | 37 +- hw/riscv/spike.c | 13 +- hw/riscv/virt.c | 26 +- hw/rtc/m48t59.c | 1 - hw/rtc/mc146818rtc.c | 44 +- hw/rtc/trace-events | 2 +- hw/rx/rx-gdbsim.c | 5 +- hw/rx/rx62n.c | 2 - hw/s390x/3270-ccw.c | 3 +- hw/s390x/ccw-device.c | 1 + hw/s390x/ccw-device.h | 1 + hw/s390x/css-bridge.c | 1 - hw/s390x/css.c | 88 +- hw/s390x/ipl.c | 2 - hw/s390x/meson.build | 4 +- hw/s390x/pv.c | 1 - hw/s390x/s390-ccw.c | 4 +- hw/s390x/s390-pci-bus.c | 1 - hw/s390x/s390-pci-inst.c | 1 - hw/s390x/s390-stattrib-kvm.c | 3 +- hw/s390x/s390-stattrib.c | 1 - hw/s390x/s390-virtio-ccw.c | 21 +- hw/s390x/sclp.c | 2 - hw/s390x/sclpcpu.c | 1 - hw/s390x/tod-kvm.c | 2 +- hw/s390x/tod-qemu.c | 89 - hw/s390x/tod-tcg.c | 89 + hw/s390x/tod.c | 9 +- hw/s390x/trace-events | 2 +- hw/s390x/virtio-ccw-gpu.c | 3 + hw/s390x/virtio-ccw.c | 9 +- hw/scsi/esp.c | 199 +- hw/scsi/scsi-disk.c | 12 +- hw/scsi/scsi-generic.c | 15 +- hw/scsi/spapr_vscsi.c | 1 - hw/scsi/trace-events | 5 +- hw/scsi/vhost-scsi.c | 4 +- hw/scsi/vhost-user-scsi.c | 4 +- hw/scsi/virtio-scsi-dataplane.c | 72 +- hw/sd/cadence_sdhci.c | 2 - hw/sd/meson.build | 1 - hw/sd/milkymist-memcard.c | 335 - hw/sd/omap_mmc.c | 2 +- hw/sd/sd.c | 50 +- hw/sd/trace-events | 6 +- hw/sensor/Kconfig | 19 + hw/sensor/adm1272.c | 543 + hw/sensor/emc141x.c | 326 + hw/sensor/max34451.c | 775 + hw/sensor/meson.build | 5 + hw/sensor/tmp105.c | 328 + hw/sensor/tmp421.c | 391 + hw/sh4/r2d.c | 1 - hw/sh4/sh7750.c | 1 - hw/sh4/shix.c | 2 - hw/smbios/smbios.c | 124 +- hw/sparc/Kconfig | 2 +- hw/sparc/leon3.c | 38 +- hw/sparc/sun4m.c | 491 +- hw/sparc/trace-events | 6 +- hw/sparc64/Kconfig | 2 +- hw/sparc64/niagara.c | 1 - hw/sparc64/sparc64.c | 63 - hw/sparc64/trace-events | 6 +- hw/ssi/aspeed_smc.c | 120 +- hw/ssi/sifive_spi.c | 1 - hw/ssi/xilinx_spi.c | 1 - hw/timer/etraxfs_timer.c | 14 +- hw/timer/ibex_timer.c | 305 + hw/timer/lm32_timer.c | 249 - hw/timer/meson.build | 4 +- hw/timer/milkymist-sysctl.c | 361 - hw/timer/mips_gictimer.c | 1 - hw/timer/puv3_ost.c | 166 - hw/timer/sse-counter.c | 1 - hw/timer/trace-events | 19 +- hw/tpm/tpm_crb.c | 1 - hw/tpm/tpm_ppi.c | 2 +- hw/tpm/trace-events | 2 +- hw/tricore/Kconfig | 3 +- hw/tricore/meson.build | 3 +- hw/tricore/tc27x_soc.c | 4 - hw/tricore/triboard.c | 3 - hw/tricore/tricore_testboard.c | 9 +- hw/tricore/tricore_testdevice.c | 82 + hw/unicore32/Kconfig | 5 - hw/unicore32/meson.build | 5 - hw/unicore32/puv3.c | 145 - hw/usb/ccid-card-emulated.c | 1 + hw/usb/ccid-card-passthru.c | 3 +- hw/usb/chipidea.c | 1 - hw/usb/combined-packet.c | 4 +- hw/usb/desc-msos.c | 2 +- hw/usb/dev-hid.c | 2 +- hw/usb/dev-mtp.c | 12 +- hw/usb/dev-smartcard-reader.c | 8 +- hw/usb/dev-storage-bot.c | 1 + hw/usb/dev-storage-classic.c | 1 + hw/usb/dev-uas.c | 1 + hw/usb/dev-wacom.c | 2 +- hw/usb/hcd-dwc3.c | 1 - hw/usb/hcd-xhci-pci.c | 13 +- hw/usb/hcd-xhci-sysbus.c | 4 +- hw/usb/hcd-xhci.c | 8 +- hw/usb/hcd-xhci.h | 2 +- hw/usb/host-libusb.c | 71 +- hw/usb/host-stub.c | 46 - hw/usb/imx-usb-phy.c | 1 - hw/usb/meson.build | 23 +- hw/usb/quirks-ftdi-ids.h | 6 - hw/usb/quirks.h | 1 - hw/usb/redirect.c | 11 +- hw/usb/trace-events | 2 +- hw/usb/xen-usb.c | 1 - hw/usb/xlnx-usb-subsystem.c | 2 - hw/usb/xlnx-versal-usb2-ctrl-regs.c | 1 - hw/vfio/ap.c | 4 +- hw/vfio/ccw.c | 23 +- hw/vfio/common.c | 316 +- hw/vfio/display.c | 1 - hw/vfio/migration.c | 13 +- hw/vfio/pci-quirks.c | 1 - hw/vfio/pci.c | 13 +- hw/vfio/spapr.c | 1 - hw/vfio/trace-events | 2 +- hw/virtio/Kconfig | 5 + hw/virtio/meson.build | 2 + hw/virtio/trace-events | 2 +- hw/virtio/vhost-backend.c | 6 +- hw/virtio/vhost-user-fs.c | 3 +- hw/virtio/vhost-user-i2c-pci.c | 69 + hw/virtio/vhost-user-i2c.c | 288 + hw/virtio/vhost-user-vsock.c | 12 +- hw/virtio/vhost-user.c | 77 +- hw/virtio/vhost-vdpa.c | 113 +- hw/virtio/vhost-vsock.c | 15 +- hw/virtio/vhost.c | 42 +- hw/virtio/virtio-balloon.c | 4 +- hw/virtio/virtio-bus.c | 5 + hw/virtio/virtio-mem.c | 394 +- hw/virtio/virtio-mmio.c | 17 +- hw/virtio/virtio-pci.c | 33 +- hw/virtio/virtio.c | 25 +- hw/watchdog/trace-events | 2 +- hw/xen/trace-events | 2 +- hw/xen/xen-bus-helper.c | 1 - hw/xen/xen-legacy-backend.c | 1 - hw/xen/xen_pt.c | 1 - hw/xtensa/sim.c | 2 - hw/xtensa/virt.c | 3 - hw/xtensa/xtensa_memory.c | 1 - hw/xtensa/xtfpga.c | 1 - include/block/aio.h | 48 +- include/block/block-copy.h | 2 + include/block/block.h | 20 +- include/block/block_int.h | 32 +- include/block/nbd.h | 18 + include/block/nvme.h | 90 +- include/block/qdict.h | 2 - include/block/replication.h | 175 + include/block/write-threshold.h | 27 +- include/chardev/char-fe.h | 8 +- include/crypto/tls-cipher-suites.h | 6 - include/crypto/tlscreds.h | 30 +- include/crypto/tlscredsanon.h | 12 - include/crypto/tlscredspsk.h | 12 - include/crypto/tlscredsx509.h | 10 - include/disas/dis-asm.h | 16 +- include/elf.h | 13 +- include/exec/cpu-common.h | 2 + include/exec/exec-all.h | 69 +- include/exec/gen-icount.h | 1 + include/exec/helper-gen.h | 4 +- include/exec/helper-head.h | 37 +- include/exec/helper-proto.h | 4 +- include/exec/helper-tcg.h | 38 +- include/exec/memory.h | 392 +- include/exec/memory_ldst.h.inc | 16 +- include/exec/memory_ldst_cached.h.inc | 42 +- include/exec/memory_ldst_phys.h.inc | 72 +- include/exec/poison.h | 11 +- include/exec/ram_addr.h | 9 +- include/exec/ramblock.h | 10 + include/exec/ramlist.h | 13 +- include/exec/tb-context.h | 41 - include/exec/tb-hash.h | 69 - include/exec/tb-lookup.h | 49 - include/exec/translator.h | 21 +- include/fpu/softfloat-helpers.h | 9 +- include/fpu/softfloat-macros.h | 249 +- include/fpu/softfloat-types.h | 14 +- include/fpu/softfloat.h | 17 +- include/glib-compat.h | 30 +- include/hw/acpi/ghes.h | 9 + include/hw/acpi/ich9.h | 5 + include/hw/acpi/pcihp.h | 3 +- include/hw/acpi/tpm.h | 4 + include/hw/adc/max111x.h | 56 + include/hw/adc/zynq-xadc.h | 46 + include/hw/arm/allwinner-h3.h | 2 +- include/hw/arm/armsse.h | 2 + include/hw/arm/armv7m.h | 2 + include/hw/arm/aspeed_soc.h | 3 + include/hw/arm/bcm2835_peripherals.h | 3 +- include/hw/arm/stm32f100_soc.h | 57 + include/hw/arm/virt.h | 1 + include/hw/block/block.h | 3 + include/hw/block/flash.h | 2 +- include/hw/boards.h | 7 +- include/hw/char/avr_usart.h | 1 - include/hw/char/ibex_uart.h | 37 - include/hw/char/lm32_juart.h | 13 - include/hw/char/shakti_uart.h | 74 + include/hw/char/sifive_uart.h | 11 +- include/hw/core/accel-cpu.h | 2 +- include/hw/core/cpu.h | 126 +- include/hw/core/sysemu-cpu-ops.h | 92 + include/hw/core/tcg-cpu-ops.h | 6 + include/hw/display/edid.h | 12 +- include/hw/display/milkymist_tmu2.h | 42 - include/hw/display/vga.h | 6 + include/hw/elf_ops.h | 8 - include/hw/firmware/smbios.h | 14 +- include/hw/i2c/i2c.h | 63 +- include/hw/i2c/i2c_mux_pca954x.h | 19 + include/hw/i2c/pmbus_device.h | 517 + include/hw/i386/pc.h | 8 +- include/hw/i386/x86.h | 9 +- include/hw/ide/internal.h | 2 +- include/hw/input/lm832x.h | 28 + include/hw/isa/isa.h | 13 +- include/hw/isa/vt82c686.h | 2 +- include/hw/lm32/lm32_pic.h | 10 - include/hw/mem/pc-dimm.h | 5 - include/hw/misc/aspeed_hace.h | 43 + include/hw/misc/aspeed_xdma.h | 17 +- include/hw/misc/avr_power.h | 1 - include/hw/misc/bcm2835_powermgt.h | 29 + include/hw/misc/emc141x_regs.h | 37 - include/hw/misc/max111x.h | 56 - include/hw/misc/mps2-scc.h | 21 + include/hw/misc/stm32f4xx_exti.h | 1 - include/hw/misc/stm32f4xx_syscfg.h | 1 - include/hw/misc/tmp105_regs.h | 51 - include/hw/misc/zynq-xadc.h | 46 - include/hw/pci-host/gpex.h | 4 + include/hw/pci-host/i440fx.h | 1 - include/hw/pci-host/mv64361.h | 8 + include/hw/pci/pci.h | 2 + include/hw/pci/pci_host.h | 1 + include/hw/pci/pci_ids.h | 7 +- include/hw/pci/pcie_port.h | 5 +- include/hw/ppc/spapr.h | 46 +- include/hw/ppc/spapr_nvdimm.h | 14 +- include/hw/ppc/vof.h | 60 + include/hw/riscv/boot.h | 5 + include/hw/riscv/opentitan.h | 24 +- include/hw/riscv/shakti_c.h | 75 + include/hw/s390x/css.h | 5 + include/hw/s390x/ioinst.h | 12 +- include/hw/s390x/tod.h | 2 +- include/hw/scsi/esp.h | 1 + include/hw/sensor/emc141x_regs.h | 37 + include/hw/sensor/tmp105.h | 55 + include/hw/sensor/tmp105_regs.h | 51 + include/hw/ssi/aspeed_smc.h | 7 +- include/hw/timer/avr_timer16.h | 1 - include/hw/timer/ibex_timer.h | 52 + include/hw/tricore/tricore_testdevice.h | 38 + include/hw/unicore32/puv3.h | 40 - include/hw/usb.h | 7 +- include/hw/usb/dwc2-regs.h | 4 +- include/hw/usb/xlnx-usb-subsystem.h | 4 +- include/hw/usb/xlnx-versal-usb2-ctrl-regs.h | 4 +- include/hw/vfio/vfio-common.h | 12 + include/hw/virtio/vhost-backend.h | 5 +- include/hw/virtio/vhost-user-i2c.h | 28 + include/hw/virtio/vhost-vdpa.h | 9 +- include/hw/virtio/vhost.h | 8 +- include/hw/virtio/virtio-gpu-bswap.h | 16 + include/hw/virtio/virtio-gpu.h | 74 +- include/hw/virtio/virtio-mem.h | 3 + include/hw/virtio/virtio-mmio.h | 5 + include/hw/virtio/virtio-net.h | 4 + include/hw/virtio/virtio.h | 2 +- include/migration/misc.h | 1 - include/migration/vmstate.h | 3 +- include/monitor/hmp.h | 2 + include/monitor/monitor.h | 5 +- include/net/net.h | 2 + include/net/vhost-vdpa.h | 1 - include/qapi/forward-visitor.h | 27 + include/qapi/qmp/qdict.h | 3 + include/qemu/accel.h | 13 + include/qemu/atomic.h | 251 +- include/qemu/atomic128.h | 2 +- include/qemu/bitops.h | 44 +- include/qemu/bswap.h | 26 +- include/qemu/co-shared-resource.h | 4 +- include/qemu/compiler.h | 51 - include/qemu/config-file.h | 7 +- include/qemu/coroutine.h | 33 +- include/qemu/host-utils.h | 291 + include/qemu/int128.h | 10 + include/qemu/job.h | 2 +- include/qemu/lockable.h | 88 +- include/qemu/main-loop.h | 22 +- include/qemu/mmap-alloc.h | 16 +- include/qemu/module.h | 79 + include/qemu/option.h | 6 +- include/qemu/osdep.h | 88 +- include/qemu/plugin-memory.h | 6 +- include/qemu/plugin.h | 13 +- include/qemu/progress_meter.h | 34 +- include/qemu/qemu-options.h | 41 + include/qemu/qemu-plugin.h | 22 + include/qemu/ratelimit.h | 26 +- include/qemu/selfmap.h | 4 +- include/qemu/sockets.h | 11 + include/qemu/stats64.h | 2 +- include/qemu/thread-posix.h | 14 +- include/qemu/thread-win32.h | 6 - include/qemu/thread.h | 15 +- include/qemu/transactions.h | 63 + include/qom/object.h | 23 + include/standard-headers/asm-x86/kvm_para.h | 13 + .../infiniband/hw/vmw_pvrdma/pvrdma_verbs.h | 35 - include/standard-headers/drm/drm_fourcc.h | 30 +- include/standard-headers/linux/ethtool.h | 113 +- include/standard-headers/linux/fuse.h | 17 +- include/standard-headers/linux/input-event-codes.h | 1 + include/standard-headers/linux/input.h | 2 +- include/standard-headers/linux/udmabuf.h | 32 + include/standard-headers/linux/virtio_bt.h | 31 + include/standard-headers/linux/virtio_ids.h | 2 + include/standard-headers/linux/virtio_snd.h | 334 + include/standard-headers/linux/virtio_vsock.h | 9 + include/standard-headers/rdma/vmw_pvrdma-abi.h | 7 + include/sysemu/arch_init.h | 3 - include/sysemu/block-backend.h | 5 + include/sysemu/hax.h | 4 + include/sysemu/hostmem.h | 2 +- include/sysemu/hvf.h | 4 + include/sysemu/hvf_int.h | 58 + include/sysemu/hw_accel.h | 1 + include/sysemu/iothread.h | 3 + include/sysemu/kvm_int.h | 7 +- include/sysemu/nvmm.h | 26 + include/sysemu/os-posix.h | 8 + include/sysemu/os-win32.h | 8 + include/sysemu/tcg.h | 2 - include/sysemu/tpm.h | 9 + include/sysemu/tpm_backend.h | 6 +- include/sysemu/whpx.h | 4 + include/tcg/tcg-cond.h | 101 + include/tcg/tcg-op-gvec.h | 43 + include/tcg/tcg-op.h | 18 +- include/tcg/tcg-opc.h | 17 +- include/tcg/tcg.h | 195 +- include/ui/clipboard.h | 193 + include/ui/console.h | 3 + include/ui/gtk.h | 71 + include/ui/qemu-pixman.h | 1 + include/user/syscall-trace.h | 4 +- io/channel-socket.c | 8 +- io/channel-websock.c | 10 +- io/dns-resolver.c | 4 + io/net-listener.c | 3 + io/trace-events | 2 +- iothread.c | 91 +- job-qmp.c | 8 +- job.c | 5 +- linux-headers/asm-arm64/kvm.h | 11 + linux-headers/asm-generic/mman-common.h | 3 + linux-headers/asm-generic/unistd.h | 13 +- linux-headers/asm-mips/mman.h | 3 + linux-headers/asm-mips/unistd_n32.h | 752 +- linux-headers/asm-mips/unistd_n64.h | 704 +- linux-headers/asm-mips/unistd_o32.h | 844 +- linux-headers/asm-powerpc/kvm.h | 2 + linux-headers/asm-powerpc/unistd_32.h | 857 +- linux-headers/asm-powerpc/unistd_64.h | 801 +- linux-headers/asm-s390/unistd_32.h | 5 + linux-headers/asm-s390/unistd_64.h | 5 + linux-headers/asm-x86/kvm.h | 16 + linux-headers/asm-x86/unistd_32.h | 11 +- linux-headers/asm-x86/unistd_64.h | 11 +- linux-headers/asm-x86/unistd_x32.h | 11 +- linux-headers/linux/kvm.h | 244 +- linux-headers/linux/userfaultfd.h | 41 +- linux-headers/linux/vfio.h | 35 + linux-user/aarch64/signal.c | 6 +- linux-user/aarch64/syscall_nr.h | 8 +- linux-user/aarch64/target_errno_defs.h | 7 + linux-user/alpha/signal.c | 16 +- linux-user/alpha/syscall.tbl | 7 + linux-user/alpha/target_errno_defs.h | 204 + linux-user/alpha/target_signal.h | 1 + linux-user/alpha/target_syscall.h | 194 - linux-user/arm/cpu_loop.c | 125 +- linux-user/arm/nwfpe/fpa11.c | 41 +- linux-user/arm/signal.c | 9 +- linux-user/arm/syscall.tbl | 7 + linux-user/arm/target_errno_defs.h | 7 + linux-user/cris/target_errno_defs.h | 7 + linux-user/elfload.c | 236 +- linux-user/errno_defs.h | 167 - linux-user/errnos.c.inc | 140 + linux-user/exit.c | 2 +- linux-user/fd-trans.c | 1 + linux-user/fd-trans.h | 55 +- linux-user/generic/target_errno_defs.h | 167 + linux-user/hexagon/cpu_loop.c | 2 +- linux-user/hexagon/signal.c | 6 +- linux-user/hexagon/syscall_nr.h | 12 +- linux-user/hexagon/target_errno_defs.h | 7 + linux-user/hppa/cpu_loop.c | 2 +- linux-user/hppa/signal.c | 8 +- linux-user/hppa/syscall.tbl | 31 +- linux-user/hppa/target_errno_defs.h | 220 + linux-user/hppa/target_syscall.h | 208 - linux-user/i386/signal.c | 13 +- linux-user/i386/syscall_32.tbl | 21 +- linux-user/i386/target_errno_defs.h | 7 + linux-user/linuxload.c | 42 +- linux-user/m68k/signal.c | 5 +- linux-user/m68k/syscall.tbl | 7 + linux-user/m68k/target_errno_defs.h | 7 + linux-user/main.c | 12 +- linux-user/meson.build | 1 - linux-user/microblaze/signal.c | 6 +- linux-user/microblaze/syscall.tbl | 7 + linux-user/microblaze/target_errno_defs.h | 7 + linux-user/mips/signal.c | 6 +- linux-user/mips/syscall-args-o32.c.inc | 5 +- linux-user/mips/syscall_o32.tbl | 19 +- linux-user/mips/target_errno_defs.h | 221 + linux-user/mips/target_syscall.h | 209 - linux-user/mips64/syscall_n32.tbl | 19 +- linux-user/mips64/syscall_n64.tbl | 7 + linux-user/mips64/target_errno_defs.h | 10 + linux-user/mips64/target_syscall.h | 209 - linux-user/mmap.c | 14 + linux-user/nios2/signal.c | 8 +- linux-user/nios2/syscall_nr.h | 8 +- linux-user/nios2/target_errno_defs.h | 7 + linux-user/openrisc/signal.c | 5 +- linux-user/openrisc/syscall_nr.h | 8 +- linux-user/openrisc/target_errno_defs.h | 7 + linux-user/ppc/cpu_loop.c | 11 +- linux-user/ppc/signal.c | 27 +- linux-user/ppc/syscall.tbl | 39 +- linux-user/ppc/target_errno_defs.h | 7 + linux-user/qemu.h | 3 +- linux-user/riscv/signal.c | 6 +- linux-user/riscv/syscall32_nr.h | 8 +- linux-user/riscv/syscall64_nr.h | 8 +- linux-user/riscv/target_errno_defs.h | 7 + linux-user/s390x/cpu_loop.c | 66 +- linux-user/s390x/signal.c | 291 +- linux-user/s390x/syscall.tbl | 19 +- linux-user/s390x/target_errno_defs.h | 7 + linux-user/safe-syscall.S | 2 +- linux-user/semihost.c | 1 - linux-user/sh4/signal.c | 7 +- linux-user/sh4/syscall.tbl | 7 + linux-user/sh4/target_errno_defs.h | 7 + linux-user/signal-common.h | 1 + linux-user/signal.c | 133 +- linux-user/sparc/signal.c | 535 +- linux-user/sparc/syscall.tbl | 19 +- linux-user/sparc/target_cpu.h | 9 +- linux-user/sparc/target_errno.h | 207 - linux-user/sparc/target_errno_defs.h | 212 + linux-user/sparc/target_signal.h | 2 + linux-user/sparc/target_structs.h | 34 +- linux-user/sparc/target_syscall.h | 44 +- linux-user/sparc64/cpu_loop.c | 20 - linux-user/sparc64/meson.build | 5 - linux-user/sparc64/signal.c | 19 - linux-user/sparc64/sockbits.h | 1 - linux-user/sparc64/syscall.tbl | 487 - linux-user/sparc64/syscallhdr.sh | 32 - linux-user/sparc64/target_cpu.h | 1 - linux-user/sparc64/target_elf.h | 14 - linux-user/sparc64/target_fcntl.h | 1 - linux-user/sparc64/target_signal.h | 1 - linux-user/sparc64/target_structs.h | 58 - linux-user/sparc64/target_syscall.h | 35 - linux-user/sparc64/termbits.h | 291 - linux-user/strace.c | 21 +- linux-user/strace.list | 8 +- linux-user/syscall.c | 333 +- linux-user/syscall_defs.h | 31 +- linux-user/trace-events | 4 +- linux-user/x86_64/syscall_64.tbl | 27 +- linux-user/x86_64/target_errno_defs.h | 7 + linux-user/xtensa/signal.c | 6 +- linux-user/xtensa/syscall.tbl | 7 + linux-user/xtensa/target_errno_defs.h | 7 + memory_ldst.c.inc | 20 +- meson.build | 646 +- meson_options.txt | 30 + migration/channel.c | 15 +- migration/colo.c | 8 +- migration/dirtyrate.c | 78 +- migration/dirtyrate.h | 8 +- migration/meson.build | 3 +- migration/migration.c | 244 +- migration/migration.h | 22 +- migration/multifd.c | 14 +- migration/postcopy-ram.c | 15 +- migration/qemu-file-channel.c | 11 +- migration/qemu-file.c | 22 +- migration/qemu-file.h | 4 +- migration/ram.c | 337 +- migration/rdma.c | 101 +- migration/savevm.c | 24 +- migration/socket.c | 24 +- migration/target.c | 25 + migration/tls.c | 6 +- migration/trace-events | 3 +- migration/yank_functions.c | 42 + migration/yank_functions.h | 3 + monitor/hmp-cmds.c | 10 +- monitor/hmp.c | 7 + monitor/misc.c | 50 +- monitor/monitor.c | 3 +- monitor/qmp.c | 40 +- monitor/trace-events | 2 +- nbd/client-connection.c | 388 + nbd/meson.build | 1 + nbd/server.c | 85 +- nbd/trace-events | 2 +- net/checksum.c | 4 +- net/colo-compare.c | 25 +- net/colo-compare.h | 1 + net/colo.c | 25 +- net/colo.h | 1 + net/dump.c | 1 - net/filter-mirror.c | 8 +- net/filter-replay.c | 1 - net/filter-rewriter.c | 3 +- net/net.c | 6 +- net/netmap.c | 1 - net/slirp.c | 16 +- net/tap-bsd.c | 13 +- net/tap-linux.c | 13 + net/tap-linux.h | 1 + net/tap-solaris.c | 5 + net/tap-stub.c | 5 + net/tap.c | 9 + net/tap_int.h | 1 + net/trace-events | 2 +- net/vhost-user.c | 4 +- net/vhost-vdpa.c | 11 +- os-posix.c | 2 +- os-win32.c | 1 - pc-bios/README | 6 +- pc-bios/palcode-clipper | Bin 156328 -> 153728 bytes pc-bios/s390-ccw.img | Bin 42608 -> 50936 bytes pc-bios/s390-ccw/Makefile | 8 +- pc-bios/s390-ccw/bootmap.c | 4 +- pc-bios/s390-ccw/dasd-ipl.c | 2 +- pc-bios/s390-ccw/helper.h | 2 +- pc-bios/s390-ccw/jump2ipl.c | 8 +- pc-bios/s390-ccw/menu.c | 8 +- pc-bios/s390-ccw/netboot.mak | 2 +- pc-bios/s390-ccw/s390-ccw.h | 1 + pc-bios/s390-ccw/virtio.c | 2 +- pc-bios/s390-netboot.img | Bin 67232 -> 79688 bytes pc-bios/slof.bin | Bin 968888 -> 991744 bytes pc-bios/u-boot.e500 | Bin 349148 -> 421720 bytes pc-bios/vof-nvram.bin | Bin 0 -> 16384 bytes pc-bios/vof.bin | Bin 0 -> 3456 bytes pc-bios/vof/Makefile | 23 + pc-bios/vof/bootmem.c | 14 + pc-bios/vof/ci.c | 91 + pc-bios/vof/entry.S | 49 + pc-bios/vof/libc.c | 66 + pc-bios/vof/main.c | 21 + pc-bios/vof/vof.h | 41 + pc-bios/vof/vof.lds | 48 + plugins/api.c | 14 +- plugins/core.c | 73 +- plugins/loader.c | 1 - plugins/plugin.h | 5 +- plugins/qemu-plugins.symbols | 3 - python/.gitignore | 17 + python/MANIFEST.in | 3 + python/Makefile | 102 + python/PACKAGE.rst | 43 + python/Pipfile | 13 + python/Pipfile.lock | 315 + python/README.rst | 87 + python/VERSION | 1 + python/avocado.cfg | 10 + python/mypy.ini | 4 - python/qemu/.flake8 | 2 - python/qemu/.isort.cfg | 7 - python/qemu/README.rst | 8 + python/qemu/__init__.py | 11 - python/qemu/accel.py | 84 - python/qemu/console_socket.py | 128 - python/qemu/machine.py | 746 - python/qemu/machine/README.rst | 9 + python/qemu/machine/__init__.py | 36 + python/qemu/machine/console_socket.py | 129 + python/qemu/machine/machine.py | 788 + python/qemu/machine/py.typed | 0 python/qemu/machine/qtest.py | 162 + python/qemu/pylintrc | 58 - python/qemu/qmp.py | 375 - python/qemu/qmp/README.rst | 9 + python/qemu/qmp/__init__.py | 423 + python/qemu/qmp/py.typed | 0 python/qemu/qmp/qemu_ga_client.py | 323 + python/qemu/qmp/qmp_shell.py | 535 + python/qemu/qmp/qom.py | 272 + python/qemu/qmp/qom_common.py | 178 + python/qemu/qmp/qom_fuse.py | 206 + python/qemu/qtest.py | 159 - python/qemu/utils/README.rst | 7 + python/qemu/utils/__init__.py | 45 + python/qemu/utils/accel.py | 84 + python/qemu/utils/py.typed | 0 python/setup.cfg | 132 + python/setup.py | 23 + python/tests/flake8.sh | 2 + python/tests/isort.sh | 2 + python/tests/mypy.sh | 2 + python/tests/pylint.sh | 2 + qapi/block-core.json | 251 +- qapi/block-export.json | 33 +- qapi/char.json | 21 +- qapi/crypto.json | 4 +- qapi/machine.json | 50 +- qapi/meson.build | 1 + qapi/migration.json | 21 +- qapi/misc-target.json | 40 +- qapi/misc.json | 6 +- qapi/net.json | 6 +- qapi/qapi-forward-visitor.c | 326 + qapi/qom.json | 44 +- qapi/sockets.json | 5 +- qapi/tpm.json | 28 +- qapi/trace-events | 2 +- qapi/transaction.json | 8 +- qapi/ui.json | 29 +- qemu-edid.c | 6 +- qemu-img.c | 77 +- qemu-io-cmds.c | 29 +- qemu-io.c | 17 +- qemu-nbd.c | 19 +- qemu-options-wrapper.h | 40 - qemu-options.h | 36 - qemu-options.hx | 254 +- qemu.sasl | 15 +- qga/commands-win32.c | 21 +- qga/commands.c | 4 +- qga/installer/qemu-ga.wxs | 6 +- qga/vss-win32/requester.cpp | 2 +- qom/object.c | 9 +- qom/object_interfaces.c | 58 +- qom/trace-events | 2 +- replication.c | 2 +- replication.h | 175 - roms/Makefile | 8 +- roms/SLOF | 2 +- roms/qemu-palcode | 2 +- roms/u-boot | 2 +- scripts/block-coroutine-wrapper.py | 7 +- scripts/checkpatch.pl | 12 +- scripts/ci/setup/.gitignore | 2 + scripts/ci/setup/build-environment.yml | 116 + scripts/ci/setup/gitlab-runner.yml | 71 + scripts/ci/setup/inventory.template | 1 + scripts/ci/setup/vars.yml.template | 12 + .../coccinelle/memory-region-housekeeping.cocci | 8 +- scripts/coverity-model.c | 386 - scripts/coverity-scan/COMPONENTS.md | 148 + scripts/coverity-scan/coverity-scan.docker | 1 - scripts/coverity-scan/model.c | 371 + scripts/coverity-scan/run-coverity-scan | 8 +- scripts/cpu-x86-uarch-abi.py | 194 + scripts/decodetree.py | 172 +- scripts/entitlement.sh | 16 +- scripts/modinfo-collect.py | 67 + scripts/modinfo-generate.py | 97 + scripts/oss-fuzz/build.sh | 24 +- scripts/oss-fuzz/reorder_fuzzer_qtest_trace.py | 2 +- scripts/qapi/common.py | 8 +- scripts/qapi/error.py | 47 +- scripts/qapi/expr.py | 444 +- scripts/qapi/main.py | 6 +- scripts/qapi/mypy.ini | 10 - scripts/qapi/parser.py | 244 +- scripts/qapi/pylintrc | 5 +- scripts/qapi/schema.py | 13 +- scripts/qapi/source.py | 13 +- scripts/qemu-binfmt-conf.sh | 4 +- scripts/qemu-trace-stap | 14 +- scripts/qmp/qemu-ga-client | 297 +- scripts/qmp/qmp-shell | 454 +- scripts/qmp/qom-fuse | 144 +- scripts/qmp/qom-get | 66 +- scripts/qmp/qom-list | 63 +- scripts/qmp/qom-set | 63 +- scripts/qmp/qom-tree | 74 +- scripts/simplebench/bench-backup.py | 95 +- scripts/simplebench/bench_block_job.py | 42 +- scripts/simplebench/simplebench.py | 28 +- scripts/simpletrace.py | 2 +- scripts/update-linux-headers.sh | 3 + scripts/update-mips-syscall-args.sh | 13 +- scsi/trace-events | 2 +- semihosting/arm-compat-semi.c | 2 - semihosting/config.c | 1 - semihosting/console.c | 2 - slirp | 2 +- softmmu/arch_init.c | 8 - softmmu/cpus.c | 9 +- softmmu/device_tree.c | 1 - softmmu/memory.c | 172 +- softmmu/memory_mapping.c | 1 - softmmu/physmem.c | 214 +- softmmu/qdev-monitor.c | 1 - softmmu/qemu-seccomp.c | 6 - softmmu/qtest.c | 185 +- softmmu/runstate.c | 3 +- softmmu/timers-state.h | 2 +- softmmu/trace-events | 9 +- softmmu/vl.c | 556 +- storage-daemon/meson.build | 8 +- stubs/iothread-lock.c | 2 +- stubs/iothread.c | 8 - stubs/meson.build | 9 +- stubs/module-opts.c | 2 + stubs/semihost.c | 1 - stubs/tpm.c | 39 - stubs/usb-dev-stub.c | 25 + stubs/virtio-gpu-udmabuf.c | 27 + stubs/vmstate.c | 2 - subprojects/libvhost-user/include/atomic.h | 1 + subprojects/libvhost-user/libvhost-user.c | 10 +- subprojects/libvhost-user/meson.build | 6 +- subprojects/libvhost-user/standard-headers/linux | 1 + target/Kconfig | 19 + target/alpha/Kconfig | 2 + target/alpha/cpu.c | 12 +- target/alpha/translate.c | 221 +- target/arm/Kconfig | 6 + target/arm/cpu.c | 53 +- target/arm/cpu.h | 234 +- target/arm/cpu64.c | 79 +- target/arm/cpu_tcg.c | 5 +- target/arm/debug_helper.c | 12 +- target/arm/gdbstub.c | 4 + target/arm/helper-a64.c | 22 +- target/arm/helper-a64.h | 3 +- target/arm/helper-mve.h | 465 + target/arm/helper-sve.h | 726 +- target/arm/helper.c | 526 +- target/arm/helper.h | 127 +- target/arm/internals.h | 35 +- target/arm/kvm64.c | 27 +- target/arm/m-nocp.decode | 24 + target/arm/m_helper.c | 86 +- target/arm/machine.c | 20 + target/arm/meson.build | 18 +- target/arm/mte_helper.c | 271 +- target/arm/mve.decode | 427 + target/arm/mve_helper.c | 1650 ++ target/arm/neon-dp.decode | 1 + target/arm/neon-ls.decode | 8 +- target/arm/neon-shared.decode | 37 +- target/arm/neon_helper.c | 519 +- target/arm/op_helper.c | 47 +- target/arm/sve.decode | 591 +- target/arm/sve_helper.c | 2523 +- target/arm/t32.decode | 86 +- target/arm/trace-events | 2 +- target/arm/translate-a32.h | 149 + target/arm/translate-a64.c | 738 +- target/arm/translate-a64.h | 7 +- target/arm/translate-m-nocp.c | 785 + target/arm/translate-mve.c | 1033 + target/arm/translate-neon.c | 4070 +++ target/arm/translate-neon.c.inc | 3942 --- target/arm/translate-sve.c | 3417 ++- target/arm/translate-vfp.c | 3606 +++ target/arm/translate-vfp.c.inc | 4050 --- target/arm/translate.c | 1096 +- target/arm/translate.h | 127 + target/arm/vec_helper.c | 1055 +- target/arm/vec_internal.h | 176 + target/arm/vfp.decode | 16 +- target/arm/vfp_helper.c | 48 +- target/avr/Kconfig | 2 + target/avr/cpu.c | 13 +- target/avr/cpu.h | 1 + target/avr/gdbstub.c | 13 + target/avr/helper.c | 6 +- target/avr/helper.h | 8 +- target/avr/machine.c | 4 +- target/avr/translate.c | 251 +- target/cris/Kconfig | 2 + target/cris/cpu.c | 14 +- target/cris/helper.h | 2 +- target/cris/translate.c | 495 +- target/cris/translate_v10.c.inc | 17 +- target/hexagon/arch.c | 181 +- target/hexagon/arch.h | 9 +- target/hexagon/conv_emu.c | 177 - target/hexagon/conv_emu.h | 31 - target/hexagon/cpu.c | 17 +- target/hexagon/cpu.h | 5 - target/hexagon/cpu_bits.h | 2 +- target/hexagon/decode.c | 85 +- target/hexagon/fma_emu.c | 40 +- target/hexagon/gen_tcg.h | 439 +- target/hexagon/gen_tcg_funcs.py | 2 +- target/hexagon/genptr.c | 256 +- target/hexagon/helper.h | 23 +- target/hexagon/iclass.c | 4 - target/hexagon/imported/alu.idef | 44 + target/hexagon/imported/compare.idef | 12 +- target/hexagon/imported/encode_pp.def | 33 + target/hexagon/imported/float.idef | 32 + target/hexagon/imported/ldst.idef | 68 + target/hexagon/imported/macros.def | 47 + target/hexagon/imported/shift.idef | 47 + target/hexagon/insn.h | 21 +- target/hexagon/internal.h | 11 +- target/hexagon/macros.h | 148 +- target/hexagon/meson.build | 1 - target/hexagon/op_helper.c | 437 +- target/hexagon/reg_fields.c | 3 +- target/hexagon/reg_fields.h | 4 +- target/hexagon/translate.c | 201 +- target/hexagon/translate.h | 9 +- target/hppa/Kconfig | 2 + target/hppa/cpu.c | 12 +- target/hppa/cpu.h | 1 - target/hppa/helper.h | 3 - target/hppa/trace-events | 2 +- target/hppa/translate.c | 116 +- target/i386/Kconfig | 5 + target/i386/cpu-dump.c | 63 +- target/i386/cpu-internal.h | 70 + target/i386/cpu-sysemu.c | 352 + target/i386/cpu.c | 1216 +- target/i386/cpu.h | 176 +- target/i386/gdbstub.c | 165 +- target/i386/hax/hax-mem.c | 5 +- target/i386/helper.c | 15 +- target/i386/helper.h | 47 +- target/i386/host-cpu.c | 207 + target/i386/host-cpu.h | 19 + target/i386/hvf/hvf-accel-ops.c | 146 - target/i386/hvf/hvf-accel-ops.h | 23 - target/i386/hvf/hvf-cpu.c | 97 + target/i386/hvf/hvf-i386.h | 33 +- target/i386/hvf/hvf.c | 476 +- target/i386/hvf/meson.build | 2 +- target/i386/hvf/vmx.h | 24 +- target/i386/hvf/x86.c | 28 +- target/i386/hvf/x86_descr.c | 26 +- target/i386/hvf/x86_emu.c | 62 +- target/i386/hvf/x86_mmu.c | 5 +- target/i386/hvf/x86_task.c | 12 +- target/i386/hvf/x86hvf.c | 237 +- target/i386/hvf/x86hvf.h | 2 - target/i386/kvm/hyperv-proto.h | 6 + target/i386/kvm/kvm-cpu.c | 201 + target/i386/kvm/kvm-cpu.h | 41 + target/i386/kvm/kvm-stub.c | 5 + target/i386/kvm/kvm.c | 678 +- target/i386/kvm/kvm_i386.h | 1 + target/i386/kvm/meson.build | 7 +- target/i386/kvm/trace-events | 2 +- target/i386/machine.c | 2 +- target/i386/meson.build | 10 +- target/i386/monitor.c | 6 + target/i386/nvmm/meson.build | 8 + target/i386/nvmm/nvmm-accel-ops.c | 111 + target/i386/nvmm/nvmm-accel-ops.h | 24 + target/i386/nvmm/nvmm-all.c | 1226 + target/i386/ops_sse_header.h | 3 - target/i386/sev-stub.c | 7 + target/i386/sev.c | 134 +- target/i386/sev_i386.h | 2 + target/i386/svm.h | 15 +- target/i386/tcg/bpt_helper.c | 299 +- target/i386/tcg/excp_helper.c | 591 +- target/i386/tcg/fpu_helper.c | 228 +- target/i386/tcg/helper-tcg.h | 13 +- target/i386/tcg/mem_helper.c | 15 +- target/i386/tcg/meson.build | 5 +- target/i386/tcg/misc_helper.c | 544 +- target/i386/tcg/seg_helper.c | 311 +- target/i386/tcg/seg_helper.h | 66 + target/i386/tcg/smm_helper.c | 334 - target/i386/tcg/svm_helper.c | 800 - target/i386/tcg/sysemu/bpt_helper.c | 298 + target/i386/tcg/sysemu/excp_helper.c | 471 + target/i386/tcg/sysemu/fpu_helper.c | 57 + target/i386/tcg/sysemu/meson.build | 10 + target/i386/tcg/sysemu/misc_helper.c | 509 + target/i386/tcg/sysemu/seg_helper.c | 154 + target/i386/tcg/sysemu/smm_helper.c | 319 + target/i386/tcg/sysemu/svm_helper.c | 816 + target/i386/tcg/sysemu/tcg-cpu.c | 83 + target/i386/tcg/tcg-cpu.c | 95 +- target/i386/tcg/tcg-cpu.h | 78 +- target/i386/tcg/translate.c | 1874 +- target/i386/tcg/user/excp_helper.c | 39 + target/i386/tcg/user/meson.build | 4 + target/i386/tcg/user/seg_helper.c | 109 + target/i386/trace-events | 3 +- target/i386/xsave_helper.c | 267 +- target/lm32/README | 45 - target/lm32/TODO | 1 - target/lm32/cpu-param.h | 17 - target/lm32/cpu-qom.h | 48 - target/lm32/cpu.c | 274 - target/lm32/cpu.h | 262 - target/lm32/gdbstub.c | 92 - target/lm32/helper.c | 224 - target/lm32/helper.h | 14 - target/lm32/lm32-semi.c | 212 - target/lm32/machine.c | 33 - target/lm32/meson.build | 15 - target/lm32/op_helper.c | 148 - target/lm32/translate.c | 1237 - target/m68k/Kconfig | 2 + target/m68k/cpu.c | 12 +- target/m68k/cpu.h | 8 + target/m68k/fpu_helper.c | 50 +- target/m68k/helper.h | 1 - target/m68k/op_helper.c | 19 +- target/m68k/softfloat.c | 90 +- target/m68k/translate.c | 82 +- target/meson.build | 3 - target/microblaze/Kconfig | 2 + target/microblaze/cpu.c | 12 +- target/microblaze/translate.c | 30 +- target/mips/Kconfig | 6 + target/mips/addr.c | 61 - target/mips/cp0_helper.c | 1706 -- target/mips/cp0_timer.c | 145 - target/mips/cpu-qom.h | 3 + target/mips/cpu.c | 295 +- target/mips/cpu.h | 10 +- target/mips/dsp_helper.c | 3771 --- target/mips/fpu.c | 25 + target/mips/fpu_helper.c | 2262 -- target/mips/fpu_helper.h | 10 +- target/mips/helper.h | 183 +- target/mips/internal.h | 107 +- target/mips/lmmi_helper.c | 747 - target/mips/machine.c | 324 - target/mips/meson.build | 53 +- target/mips/mips-semi.c | 373 - target/mips/mips32r6.decode | 36 - target/mips/mips64r6.decode | 27 - target/mips/msa.c | 60 + target/mips/msa32.decode | 29 - target/mips/msa64.decode | 17 - target/mips/msa_helper.c | 8633 ------- target/mips/msa_helper.h.inc | 443 - target/mips/msa_translate.c | 2286 -- target/mips/mxu_translate.c | 1609 -- target/mips/op_helper.c | 1210 - target/mips/rel6_translate.c | 43 - target/mips/sysemu/addr.c | 61 + target/mips/sysemu/cp0.c | 123 + target/mips/sysemu/cp0_timer.c | 145 + target/mips/sysemu/machine.c | 333 + target/mips/sysemu/meson.build | 7 + target/mips/sysemu/physaddr.c | 257 + target/mips/tcg/dsp_helper.c | 3771 +++ target/mips/tcg/exception.c | 167 + target/mips/tcg/fpu_helper.c | 2254 ++ target/mips/tcg/ldst_helper.c | 288 + target/mips/tcg/lmmi_helper.c | 747 + target/mips/tcg/meson.build | 34 + target/mips/tcg/micromips_translate.c.inc | 3231 +++ target/mips/tcg/mips16e_translate.c.inc | 1123 + target/mips/tcg/mips32r6.decode | 36 + target/mips/tcg/mips64r6.decode | 27 + target/mips/tcg/msa.decode | 31 + target/mips/tcg/msa_helper.c | 8597 +++++++ target/mips/tcg/msa_helper.h.inc | 443 + target/mips/tcg/msa_translate.c | 2275 ++ target/mips/tcg/mxu_translate.c | 1605 ++ target/mips/tcg/nanomips_translate.c.inc | 4922 ++++ target/mips/tcg/op_helper.c | 421 + target/mips/tcg/rel6_translate.c | 43 + target/mips/tcg/sysemu/cp0_helper.c | 1706 ++ target/mips/tcg/sysemu/meson.build | 6 + target/mips/tcg/sysemu/mips-semi.c | 367 + target/mips/tcg/sysemu/special_helper.c | 173 + target/mips/tcg/sysemu/tlb_helper.c | 1405 + target/mips/tcg/sysemu_helper.h.inc | 185 + target/mips/tcg/tcg-internal.h | 64 + target/mips/tcg/trace-events | 5 + target/mips/tcg/trace.h | 1 + target/mips/tcg/translate.c | 16380 ++++++++++++ target/mips/tcg/translate.h | 205 + target/mips/tcg/translate_addr_const.c | 61 + target/mips/tcg/tx79.decode | 73 + target/mips/tcg/tx79_translate.c | 685 + target/mips/tcg/txx9_translate.c | 20 + target/mips/tcg/user/meson.build | 3 + target/mips/tcg/user/tlb_helper.c | 64 + target/mips/tlb_helper.c | 1343 - target/mips/trace-events | 5 - target/mips/trace.h | 1 - target/mips/translate.c | 25753 ------------------- target/mips/translate.h | 195 - target/mips/translate_addr_const.c | 61 - target/mips/tx79.decode | 39 - target/mips/tx79_translate.c | 303 - target/mips/txx9_translate.c | 20 - target/moxie/cpu-param.h | 17 - target/moxie/cpu.c | 161 - target/moxie/cpu.h | 123 - target/moxie/helper.c | 120 - target/moxie/helper.h | 5 - target/moxie/machine.c | 19 - target/moxie/machine.h | 1 - target/moxie/meson.build | 14 - target/moxie/mmu.c | 32 - target/moxie/mmu.h | 19 - target/moxie/translate.c | 892 - target/nios2/Kconfig | 2 + target/nios2/cpu.c | 12 +- target/nios2/helper.h | 2 +- target/nios2/translate.c | 322 +- target/openrisc/Kconfig | 2 + target/openrisc/cpu.c | 12 +- target/openrisc/sys_helper.c | 1 - target/openrisc/translate.c | 101 +- target/ppc/Kconfig | 5 + target/ppc/arch_dump.c | 11 +- target/ppc/cpu-qom.h | 4 +- target/ppc/cpu.c | 107 + target/ppc/cpu.h | 123 +- target/ppc/cpu_init.c | 9287 +++++++ target/ppc/excp_helper.c | 335 +- target/ppc/fpu_helper.c | 246 +- target/ppc/gdbstub.c | 261 +- target/ppc/helper.h | 9 +- target/ppc/helper_regs.c | 280 + target/ppc/helper_regs.h | 183 +- target/ppc/insn32.decode | 126 + target/ppc/insn64.decode | 124 + target/ppc/int_helper.c | 72 +- target/ppc/internal.h | 30 + target/ppc/kvm.c | 12 + target/ppc/kvm_ppc.h | 12 + target/ppc/machine.c | 46 +- target/ppc/mem_helper.c | 18 +- target/ppc/meson.build | 22 +- target/ppc/misc_helper.c | 43 +- target/ppc/mmu-book3s-v3.c | 19 - target/ppc/mmu-book3s-v3.h | 6 +- target/ppc/mmu-books.h | 30 + target/ppc/mmu-hash32.c | 278 +- target/ppc/mmu-hash32.h | 8 +- target/ppc/mmu-hash64.c | 289 +- target/ppc/mmu-hash64.h | 10 +- target/ppc/mmu-radix64.c | 257 +- target/ppc/mmu-radix64.h | 6 +- target/ppc/mmu_helper.c | 570 +- target/ppc/spr_tcg.h | 136 + target/ppc/tcg-stub.c | 45 + target/ppc/trace-events | 2 +- target/ppc/translate.c | 2431 +- target/ppc/translate/fixedpoint-impl.c.inc | 333 + target/ppc/translate/vector-impl.c.inc | 56 + target/ppc/translate/vsx-impl.c.inc | 4 +- target/ppc/translate_init.c.inc | 10986 -------- target/riscv/Kconfig | 5 + target/riscv/bitmanip_helper.c | 90 + target/riscv/cpu.c | 81 +- target/riscv/cpu.h | 51 +- target/riscv/cpu_bits.h | 115 +- target/riscv/cpu_helper.c | 88 +- target/riscv/csr.c | 890 +- target/riscv/fpu_helper.c | 16 +- target/riscv/gdbstub.c | 10 +- target/riscv/helper.h | 24 +- target/riscv/insn16-32.decode | 28 - target/riscv/insn16-64.decode | 36 - target/riscv/insn16.decode | 30 + target/riscv/insn32-64.decode | 88 - target/riscv/insn32.decode | 154 +- target/riscv/insn_trans/trans_rva.c.inc | 14 +- target/riscv/insn_trans/trans_rvb.c.inc | 438 + target/riscv/insn_trans/trans_rvd.c.inc | 17 +- target/riscv/insn_trans/trans_rvf.c.inc | 6 +- target/riscv/insn_trans/trans_rvh.c.inc | 8 +- target/riscv/insn_trans/trans_rvi.c.inc | 76 +- target/riscv/insn_trans/trans_rvm.c.inc | 12 +- target/riscv/insn_trans/trans_rvv.c.inc | 128 +- target/riscv/machine.c | 8 +- target/riscv/meson.build | 14 +- target/riscv/monitor.c | 22 +- target/riscv/op_helper.c | 30 +- target/riscv/pmp.c | 232 +- target/riscv/pmp.h | 14 + target/riscv/trace-events | 3 + target/riscv/translate.c | 381 +- target/riscv/vector_helper.c | 18 +- target/rx/Kconfig | 2 + target/rx/cpu.c | 14 +- target/rx/helper.c | 1 - target/rx/translate.c | 26 +- target/s390x/Kconfig | 2 + target/s390x/arch_dump.c | 2 +- target/s390x/cc_helper.c | 538 - target/s390x/cpu-dump.c | 134 + target/s390x/cpu-sysemu.c | 309 + target/s390x/cpu.c | 327 +- target/s390x/cpu.h | 3 + target/s390x/cpu_features_def.h.inc | 5 + target/s390x/cpu_models.c | 431 +- target/s390x/cpu_models_sysemu.c | 426 + target/s390x/cpu_models_user.c | 20 + target/s390x/crypto_helper.c | 61 - target/s390x/diag.c | 8 +- target/s390x/excp_helper.c | 640 - target/s390x/fpu_helper.c | 888 - target/s390x/gdbstub.c | 17 +- target/s390x/gen-features.c | 28 +- target/s390x/helper.c | 159 +- target/s390x/helper.h | 94 +- target/s390x/insn-data.def | 1386 - target/s390x/insn-format.def | 81 - target/s390x/int_helper.c | 148 - target/s390x/internal.h | 384 - target/s390x/interrupt.c | 7 +- target/s390x/ioinst.c | 2 +- target/s390x/kvm-stub.c | 126 - target/s390x/kvm.c | 2572 -- target/s390x/kvm/kvm.c | 2564 ++ target/s390x/kvm/kvm_s390x.h | 49 + target/s390x/kvm/meson.build | 17 + target/s390x/kvm/trace-events | 7 + target/s390x/kvm/trace.h | 1 + target/s390x/kvm_s390x.h | 50 - target/s390x/machine.c | 6 +- target/s390x/mem_helper.c | 3008 --- target/s390x/meson.build | 42 +- target/s390x/misc_helper.c | 785 - target/s390x/mmu_helper.c | 4 +- target/s390x/s390-tod.h | 29 - target/s390x/s390x-internal.h | 396 + target/s390x/sigp.c | 5 +- target/s390x/tcg-stub.c | 30 - target/s390x/tcg/cc_helper.c | 538 + target/s390x/tcg/crypto_helper.c | 61 + target/s390x/tcg/excp_helper.c | 641 + target/s390x/tcg/fpu_helper.c | 976 + target/s390x/tcg/insn-data.def | 1398 + target/s390x/tcg/insn-format.def | 81 + target/s390x/tcg/int_helper.c | 148 + target/s390x/tcg/mem_helper.c | 3003 +++ target/s390x/tcg/meson.build | 14 + target/s390x/tcg/misc_helper.c | 785 + target/s390x/tcg/s390-tod.h | 29 + target/s390x/tcg/tcg_s390x.h | 24 + target/s390x/tcg/translate.c | 6648 +++++ target/s390x/tcg/translate_vx.c.inc | 3109 +++ target/s390x/tcg/vec.h | 141 + target/s390x/tcg/vec_fpu_helper.c | 1072 + target/s390x/tcg/vec_helper.c | 214 + target/s390x/tcg/vec_int_helper.c | 587 + target/s390x/tcg/vec_string_helper.c | 473 + target/s390x/tcg_s390x.h | 24 - target/s390x/trace-events | 10 +- target/s390x/translate.c | 6692 ----- target/s390x/translate_vx.c.inc | 2718 -- target/s390x/vec.h | 141 - target/s390x/vec_fpu_helper.c | 625 - target/s390x/vec_helper.c | 192 - target/s390x/vec_int_helper.c | 587 - target/s390x/vec_string_helper.c | 473 - target/sh4/Kconfig | 2 + target/sh4/cpu.c | 15 +- target/sh4/helper.c | 7 +- target/sh4/translate.c | 33 +- target/sparc/Kconfig | 5 + target/sparc/cpu.c | 14 +- target/sparc/cpu.h | 6 - target/sparc/int32_helper.c | 70 +- target/sparc/int64_helper.c | 66 + target/sparc/trace-events | 14 +- target/sparc/translate.c | 37 +- target/tricore/Kconfig | 2 + target/tricore/cpu.c | 10 +- target/tricore/translate.c | 36 +- target/unicore32/cpu-param.h | 17 - target/unicore32/cpu-qom.h | 37 - target/unicore32/cpu.c | 174 - target/unicore32/cpu.h | 168 - target/unicore32/helper.c | 183 - target/unicore32/helper.h | 62 - target/unicore32/meson.build | 14 - target/unicore32/op_helper.c | 244 - target/unicore32/softmmu.c | 280 - target/unicore32/translate.c | 2083 -- target/unicore32/ucf64_helper.c | 324 - target/xtensa/Kconfig | 2 + target/xtensa/cpu.c | 15 +- target/xtensa/cpu.h | 7 - target/xtensa/exc_helper.c | 5 - target/xtensa/helper.c | 13 +- target/xtensa/op_helper.c | 1 - target/xtensa/translate.c | 151 +- target/xtensa/xtensa-semi.c | 84 +- tcg/README | 24 +- tcg/aarch64/tcg-target.c.inc | 135 +- tcg/aarch64/tcg-target.h | 4 +- tcg/arm/tcg-target-con-set.h | 10 + tcg/arm/tcg-target-con-str.h | 3 + tcg/arm/tcg-target.c.inc | 1260 +- tcg/arm/tcg-target.h | 56 +- tcg/arm/tcg-target.opc.h | 16 + tcg/i386/tcg-target.c.inc | 24 +- tcg/i386/tcg-target.h | 3 +- tcg/meson.build | 20 + tcg/mips/tcg-target.c.inc | 107 +- tcg/mips/tcg-target.h | 7 +- tcg/optimize.c | 59 +- tcg/ppc/tcg-target.c.inc | 232 +- tcg/ppc/tcg-target.h | 3 +- tcg/region.c | 982 + tcg/riscv/tcg-target.c.inc | 68 +- tcg/riscv/tcg-target.h | 2 +- tcg/s390/tcg-target.c.inc | 39 +- tcg/s390/tcg-target.h | 4 +- tcg/sparc/tcg-target.c.inc | 27 +- tcg/sparc/tcg-target.h | 2 +- tcg/tcg-internal.h | 62 + tcg/tcg-op-gvec.c | 142 +- tcg/tcg-op-vec.c | 1 - tcg/tcg-op.c | 227 +- tcg/tcg.c | 995 +- tcg/tci.c | 1194 +- tcg/tci/README | 20 +- tcg/tci/tcg-target-con-set.h | 1 + tcg/tci/tcg-target.c.inc | 573 +- tcg/tci/tcg-target.h | 68 +- tests/Makefile.include | 4 +- tests/acceptance/avocado_qemu/__init__.py | 250 +- tests/acceptance/boot_linux.py | 51 +- tests/acceptance/boot_linux_console.py | 143 +- tests/acceptance/boot_xen.py | 1 - tests/acceptance/cpu_queries.py | 4 +- tests/acceptance/hotplug_cpu.py | 37 + tests/acceptance/info_usernet.py | 29 + tests/acceptance/intel_iommu.py | 119 + tests/acceptance/linux_ssh_mips_malta.py | 49 +- tests/acceptance/machine_mips_fuloong2e.py | 42 + tests/acceptance/machine_mips_malta.py | 7 +- tests/acceptance/pc_cpu_hotplug_props.py | 2 +- tests/acceptance/ppc_prep_40p.py | 2 + tests/acceptance/replay_kernel.py | 17 +- tests/acceptance/reverse_debugging.py | 2 +- tests/acceptance/smmu.py | 137 + tests/acceptance/tcg_plugins.py | 15 +- tests/acceptance/virtio-gpu.py | 44 +- tests/acceptance/virtiofs_submounts.py | 71 +- tests/acceptance/x86_cpu_model_versions.py | 40 +- tests/data/acpi/microvm/DSDT.pcie | Bin 3031 -> 3023 bytes tests/data/acpi/pc/DSDT | Bin 6002 -> 6002 bytes tests/data/acpi/pc/DSDT.acpihmat | Bin 7327 -> 7327 bytes tests/data/acpi/pc/DSDT.bridge | Bin 8668 -> 8668 bytes tests/data/acpi/pc/DSDT.cphp | Bin 6466 -> 6466 bytes tests/data/acpi/pc/DSDT.dimmpxm | Bin 7656 -> 7656 bytes tests/data/acpi/pc/DSDT.hpbridge | Bin 5969 -> 5969 bytes tests/data/acpi/pc/DSDT.ipmikcs | Bin 6074 -> 6074 bytes tests/data/acpi/pc/DSDT.memhp | Bin 7361 -> 7361 bytes tests/data/acpi/pc/DSDT.nohpet | Bin 5860 -> 5860 bytes tests/data/acpi/pc/DSDT.numamem | Bin 6008 -> 6008 bytes tests/data/acpi/q35/DSDT | Bin 7859 -> 8289 bytes tests/data/acpi/q35/DSDT.acpihmat | Bin 9184 -> 9614 bytes tests/data/acpi/q35/DSDT.bridge | Bin 7877 -> 11003 bytes tests/data/acpi/q35/DSDT.cphp | Bin 8323 -> 8753 bytes tests/data/acpi/q35/DSDT.dimmpxm | Bin 9513 -> 9943 bytes tests/data/acpi/q35/DSDT.ipmibt | Bin 7934 -> 8364 bytes tests/data/acpi/q35/DSDT.memhp | Bin 9218 -> 9648 bytes tests/data/acpi/q35/DSDT.mmio64 | Bin 8990 -> 9419 bytes tests/data/acpi/q35/DSDT.nohpet | Bin 7717 -> 8147 bytes tests/data/acpi/q35/DSDT.numamem | Bin 7865 -> 8295 bytes tests/data/acpi/q35/DSDT.tis | Bin 8465 -> 8894 bytes tests/data/acpi/virt/DSDT | Bin 5204 -> 5196 bytes tests/data/acpi/virt/DSDT.memhp | Bin 6565 -> 6557 bytes tests/data/acpi/virt/DSDT.numamem | Bin 5204 -> 5196 bytes tests/data/acpi/virt/DSDT.pxb | Bin 7695 -> 7679 bytes tests/decode/succ_argset_type1.decode | 1 + tests/docker/Makefile.include | 29 +- tests/docker/common.rc | 19 +- tests/docker/docker.py | 82 +- tests/docker/dockerfiles/alpine.docker | 4 + tests/docker/dockerfiles/centos7.docker | 43 - tests/docker/dockerfiles/centos8.docker | 84 +- .../docker/dockerfiles/debian-hexagon-cross.docker | 45 + .../build-toolchain.sh | 141 + .../docker/dockerfiles/debian-powerpc-cross.docker | 12 - .../dockerfiles/debian-powerpc-test-cross.docker | 17 + tests/docker/dockerfiles/debian-ppc64-cross.docker | 11 - .../docker/dockerfiles/debian-tricore-cross.docker | 34 +- .../docker/dockerfiles/debian-xtensa-cross.docker | 2 +- tests/docker/dockerfiles/debian10.docker | 6 +- tests/docker/dockerfiles/debian11.docker | 2 +- tests/docker/dockerfiles/fedora-cris-cross.docker | 2 +- tests/docker/dockerfiles/fedora-i386-cross.docker | 4 +- tests/docker/dockerfiles/fedora-win32-cross.docker | 6 +- tests/docker/dockerfiles/fedora-win64-cross.docker | 7 +- tests/docker/dockerfiles/fedora.docker | 68 +- tests/docker/dockerfiles/opensuse-leap.docker | 78 +- tests/docker/dockerfiles/python.docker | 18 + tests/docker/dockerfiles/ubuntu.docker | 6 +- tests/docker/dockerfiles/ubuntu1804.docker | 72 +- tests/docker/dockerfiles/ubuntu2004.docker | 66 +- tests/docker/run | 3 - tests/docker/test-clang | 2 +- tests/docker/test-debug | 2 +- tests/docker/test-mingw | 3 +- tests/docker/test-misc | 2 +- tests/docker/test-tsan | 2 +- tests/fp/fp-bench.c | 88 +- tests/fp/fp-test-log2.c | 118 + tests/fp/fp-test.c | 11 +- tests/fp/meson.build | 27 +- tests/fp/wrap.c.inc | 14 +- tests/migration/guestperf/comparison.py | 14 + tests/migration/guestperf/engine.py | 22 +- tests/migration/guestperf/scenario.py | 12 +- tests/migration/guestperf/shell.py | 10 +- tests/plugin/syscall.c | 98 +- tests/qapi-schema/alternate-data-invalid.err | 2 + tests/qapi-schema/alternate-data-invalid.json | 4 + tests/qapi-schema/alternate-data-invalid.out | 0 tests/qapi-schema/enum-dict-no-name.err | 2 + tests/qapi-schema/enum-dict-no-name.json | 2 + tests/qapi-schema/enum-dict-no-name.out | 0 tests/qapi-schema/meson.build | 13 +- tests/qapi-schema/missing-array-rsqb.err | 1 + tests/qapi-schema/missing-array-rsqb.json | 1 + tests/qapi-schema/missing-array-rsqb.out | 0 .../qapi-schema/missing-object-member-element.err | 1 + .../qapi-schema/missing-object-member-element.json | 1 + .../qapi-schema/missing-object-member-element.out | 0 tests/qapi-schema/missing-schema.err | 1 + tests/qapi-schema/missing-schema.out | 0 tests/qapi-schema/non-objects.err | 2 +- tests/qapi-schema/quoted-structural-chars.err | 2 +- tests/qapi-schema/test-qapi.py | 3 - tests/qapi-schema/union-invalid-data.err | 2 + tests/qapi-schema/union-invalid-data.json | 6 + tests/qapi-schema/union-invalid-data.out | 0 tests/qemu-iotests/005 | 5 - tests/qemu-iotests/025 | 2 +- tests/qemu-iotests/040 | 4 +- tests/qemu-iotests/041 | 6 +- tests/qemu-iotests/061 | 3 + tests/qemu-iotests/061.out | 3 +- tests/qemu-iotests/082.out | 6 +- tests/qemu-iotests/114 | 18 +- tests/qemu-iotests/114.out | 11 +- tests/qemu-iotests/122.out | 84 +- tests/qemu-iotests/146.out | 780 +- tests/qemu-iotests/151 | 54 +- tests/qemu-iotests/151.out | 4 +- tests/qemu-iotests/154.out | 190 +- tests/qemu-iotests/155 | 9 +- tests/qemu-iotests/165 | 4 +- tests/qemu-iotests/172.out | 38 + tests/qemu-iotests/179.out | 133 +- tests/qemu-iotests/189 | 2 +- tests/qemu-iotests/198 | 2 +- tests/qemu-iotests/207 | 54 + tests/qemu-iotests/207.out | 25 + tests/qemu-iotests/209.out | 4 +- tests/qemu-iotests/211.out | 8 +- tests/qemu-iotests/221.out | 16 +- tests/qemu-iotests/223.out | 56 +- tests/qemu-iotests/231 | 4 + tests/qemu-iotests/231.out | 7 +- tests/qemu-iotests/233 | 2 +- tests/qemu-iotests/233.out | 4 +- tests/qemu-iotests/240.out | 8 +- tests/qemu-iotests/241.out | 10 +- tests/qemu-iotests/244.out | 23 +- tests/qemu-iotests/245 | 220 +- tests/qemu-iotests/245.out | 17 +- tests/qemu-iotests/248 | 4 +- tests/qemu-iotests/248.out | 2 +- tests/qemu-iotests/252.out | 10 +- tests/qemu-iotests/253.out | 20 +- tests/qemu-iotests/264 | 2 +- tests/qemu-iotests/274.out | 48 +- tests/qemu-iotests/283.out | 2 +- tests/qemu-iotests/291 | 135 - tests/qemu-iotests/291.out | 118 - tests/qemu-iotests/295.out | 6 +- tests/qemu-iotests/296 | 11 +- tests/qemu-iotests/296.out | 8 +- tests/qemu-iotests/297 | 1 + tests/qemu-iotests/298 | 4 +- tests/qemu-iotests/300 | 4 +- tests/qemu-iotests/301 | 4 +- tests/qemu-iotests/301.out | 16 +- tests/qemu-iotests/307 | 15 + tests/qemu-iotests/307.out | 10 +- tests/qemu-iotests/308 | 20 +- tests/qemu-iotests/308.out | 6 +- tests/qemu-iotests/309 | 78 - tests/qemu-iotests/309.out | 22 - tests/qemu-iotests/check | 22 +- tests/qemu-iotests/common.filter | 5 + tests/qemu-iotests/common.rc | 10 +- tests/qemu-iotests/iotests.py | 149 +- tests/qemu-iotests/pylintrc | 3 + tests/qemu-iotests/testenv.py | 22 +- tests/qemu-iotests/testrunner.py | 37 +- tests/qemu-iotests/tests/fuse-allow-other | 168 + tests/qemu-iotests/tests/fuse-allow-other.out | 88 + tests/qemu-iotests/tests/nbd-qemu-allocation | 81 + tests/qemu-iotests/tests/nbd-qemu-allocation.out | 32 + tests/qemu-iotests/tests/qemu-img-bitmaps | 167 + tests/qemu-iotests/tests/qemu-img-bitmaps.out | 183 + tests/qemu-iotests/tests/qsd-jobs.out | 2 +- .../qemu-iotests/tests/remove-bitmap-from-backing | 22 +- tests/qtest/adm1272-test.c | 445 + tests/qtest/ahci-test.c | 4 +- tests/qtest/aspeed_hace-test.c | 469 + tests/qtest/aspeed_smc-test.c | 382 + tests/qtest/bios-tables-test.c | 8 +- tests/qtest/boot-serial-test.c | 45 +- tests/qtest/e1000e-test.c | 3 +- tests/qtest/emc141x-test.c | 2 +- tests/qtest/fuzz-sb16-test.c | 69 + tests/qtest/fuzz-sdcard-test.c | 102 + tests/qtest/fuzz/fuzz.c | 2 +- tests/qtest/fuzz/generic_fuzz.c | 6 +- tests/qtest/fuzz/qos_fuzz.c | 2 - tests/qtest/fuzz/qos_fuzz.h | 4 +- tests/qtest/hd-geo-test.c | 4 +- tests/qtest/ipmi-bt-test.c | 6 +- tests/qtest/ipmi-kcs-test.c | 3 +- tests/qtest/libqos/meson.build | 1 + tests/qtest/libqos/qgraph.c | 2 +- tests/qtest/libqos/vhost-user-blk.c | 130 + tests/qtest/libqos/vhost-user-blk.h | 48 + tests/qtest/libqos/virtio-9p.c | 5 + tests/qtest/libqtest.c | 9 +- tests/qtest/m25p80-test.c | 382 - tests/qtest/machine-none-test.c | 3 - tests/qtest/max34451-test.c | 336 + tests/qtest/meson.build | 20 +- tests/qtest/migration-test.c | 138 +- tests/qtest/npcm7xx_pwm-test.c | 4 +- tests/qtest/npcm7xx_smbus-test.c | 2 +- tests/qtest/numa-test.c | 22 +- tests/qtest/nvme-test.c | 87 +- tests/qtest/pflash-cfi02-test.c | 2 +- tests/qtest/rtas-test.c | 15 +- tests/qtest/rtc-test.c | 6 +- tests/qtest/tmp105-test.c | 2 +- tests/qtest/tpm-tests.c | 12 +- tests/qtest/tpm-util.c | 4 +- tests/qtest/vhost-user-blk-test.c | 997 + tests/qtest/virtio-9p-test.c | 5 + tests/qtest/virtio-scsi-test.c | 51 + tests/requirements.txt | 2 +- tests/tcg/Makefile.qemu | 17 + tests/tcg/Makefile.target | 11 +- tests/tcg/README | 6 - tests/tcg/aarch64/Makefile.target | 2 +- tests/tcg/aarch64/mte-5.c | 44 + tests/tcg/aarch64/mte-7.c | 31 + tests/tcg/configure.sh | 223 +- tests/tcg/hexagon/Makefile.target | 15 +- tests/tcg/hexagon/brev.c | 190 + tests/tcg/hexagon/circ.c | 486 + tests/tcg/hexagon/fpstuff.c | 242 + tests/tcg/hexagon/load_align.c | 415 + tests/tcg/hexagon/load_unpack.c | 474 + tests/tcg/hexagon/misc.c | 95 +- tests/tcg/hexagon/multi_result.c | 282 + tests/tcg/hppa/Makefile.target | 1 + tests/tcg/i386/Makefile.target | 3 + tests/tcg/lm32/Makefile | 106 - tests/tcg/lm32/crt.S | 84 - tests/tcg/lm32/helper.S | 65 - tests/tcg/lm32/linker.ld | 55 - tests/tcg/lm32/macros.inc | 90 - tests/tcg/lm32/test_add.S | 75 - tests/tcg/lm32/test_addi.S | 56 - tests/tcg/lm32/test_and.S | 45 - tests/tcg/lm32/test_andhi.S | 35 - tests/tcg/lm32/test_andi.S | 35 - tests/tcg/lm32/test_b.S | 13 - tests/tcg/lm32/test_be.S | 48 - tests/tcg/lm32/test_bg.S | 78 - tests/tcg/lm32/test_bge.S | 78 - tests/tcg/lm32/test_bgeu.S | 78 - tests/tcg/lm32/test_bgu.S | 78 - tests/tcg/lm32/test_bi.S | 23 - tests/tcg/lm32/test_bne.S | 48 - tests/tcg/lm32/test_break.S | 20 - tests/tcg/lm32/test_bret.S | 38 - tests/tcg/lm32/test_call.S | 16 - tests/tcg/lm32/test_calli.S | 15 - tests/tcg/lm32/test_cmpe.S | 40 - tests/tcg/lm32/test_cmpei.S | 35 - tests/tcg/lm32/test_cmpg.S | 64 - tests/tcg/lm32/test_cmpge.S | 64 - tests/tcg/lm32/test_cmpgei.S | 70 - tests/tcg/lm32/test_cmpgeu.S | 64 - tests/tcg/lm32/test_cmpgeui.S | 70 - tests/tcg/lm32/test_cmpgi.S | 70 - tests/tcg/lm32/test_cmpgu.S | 64 - tests/tcg/lm32/test_cmpgui.S | 70 - tests/tcg/lm32/test_cmpne.S | 40 - tests/tcg/lm32/test_cmpnei.S | 35 - tests/tcg/lm32/test_divu.S | 29 - tests/tcg/lm32/test_eret.S | 38 - tests/tcg/lm32/test_lb.S | 49 - tests/tcg/lm32/test_lbu.S | 49 - tests/tcg/lm32/test_lh.S | 49 - tests/tcg/lm32/test_lhu.S | 49 - tests/tcg/lm32/test_lw.S | 32 - tests/tcg/lm32/test_modu.S | 35 - tests/tcg/lm32/test_mul.S | 70 - tests/tcg/lm32/test_muli.S | 45 - tests/tcg/lm32/test_nor.S | 51 - tests/tcg/lm32/test_nori.S | 35 - tests/tcg/lm32/test_or.S | 51 - tests/tcg/lm32/test_orhi.S | 35 - tests/tcg/lm32/test_ori.S | 35 - tests/tcg/lm32/test_ret.S | 14 - tests/tcg/lm32/test_sb.S | 32 - tests/tcg/lm32/test_scall.S | 24 - tests/tcg/lm32/test_sextb.S | 20 - tests/tcg/lm32/test_sexth.S | 20 - tests/tcg/lm32/test_sh.S | 32 - tests/tcg/lm32/test_sl.S | 45 - tests/tcg/lm32/test_sli.S | 30 - tests/tcg/lm32/test_sr.S | 57 - tests/tcg/lm32/test_sri.S | 40 - tests/tcg/lm32/test_sru.S | 57 - tests/tcg/lm32/test_srui.S | 40 - tests/tcg/lm32/test_sub.S | 75 - tests/tcg/lm32/test_sw.S | 38 - tests/tcg/lm32/test_xnor.S | 51 - tests/tcg/lm32/test_xnori.S | 35 - tests/tcg/lm32/test_xor.S | 51 - tests/tcg/lm32/test_xori.S | 35 - tests/tcg/minilib/minilib.h | 4 +- tests/tcg/multiarch/Makefile.target | 10 + tests/tcg/multiarch/linux-test.c | 9 + tests/tcg/multiarch/signals.c | 149 + tests/tcg/multiarch/system/memory.c | 1 + tests/tcg/multiarch/test-mmap.c | 208 +- tests/tcg/ppc64/Makefile.target | 13 + tests/tcg/ppc64le/Makefile.target | 13 + tests/tcg/ppc64le/byte_reverse.c | 21 + tests/tcg/s390x/Makefile.target | 1 + tests/tcg/s390x/trap.c | 102 + tests/tcg/sparc64/Makefile.target | 7 +- tests/tcg/tricore/Makefile.softmmu-target | 26 + tests/tcg/tricore/link.ld | 60 + tests/tcg/tricore/macros.h | 129 + tests/tcg/tricore/test_abs.S | 7 + tests/tcg/tricore/test_bmerge.S | 8 + tests/tcg/tricore/test_clz.S | 9 + tests/tcg/tricore/test_dvstep.S | 15 + tests/tcg/tricore/test_fadd.S | 16 + tests/tcg/tricore/test_fmul.S | 8 + tests/tcg/tricore/test_ftoi.S | 10 + tests/tcg/tricore/test_madd.S | 11 + tests/tcg/tricore/test_msub.S | 9 + tests/tcg/tricore/test_muls.S | 9 + tests/tcg/x86_64/Makefile.target | 6 +- tests/tcg/x86_64/vsyscall.c | 12 + tests/tcg/xtensa/test_load_store.S | 221 + tests/unit/crypto-tls-psk-helpers.c | 6 - tests/unit/crypto-tls-psk-helpers.h | 4 - tests/unit/crypto-tls-x509-helpers.c | 4 - tests/unit/crypto-tls-x509-helpers.h | 11 +- tests/unit/iothread.c | 9 +- tests/unit/meson.build | 11 +- tests/unit/pkix_asn1_tab.c | 3 - tests/unit/ptimer-test-stubs.c | 2 +- tests/unit/test-aio.c | 37 + tests/unit/test-bdrv-drain.c | 3 +- tests/unit/test-bdrv-graph-mod.c | 210 +- tests/unit/test-block-iothread.c | 6 - tests/unit/test-crypto-cipher.c | 31 +- tests/unit/test-crypto-hash.c | 13 +- tests/unit/test-crypto-hmac.c | 28 +- tests/unit/test-crypto-ivgen.c | 14 +- tests/unit/test-crypto-pbkdf.c | 5 +- tests/unit/test-crypto-tlscredsx509.c | 12 - tests/unit/test-crypto-tlssession.c | 12 - tests/unit/test-forward-visitor.c | 197 + tests/unit/test-io-channel-tls.c | 12 - tests/unit/test-iov.c | 5 +- tests/unit/test-keyval.c | 58 + tests/unit/test-qemu-opts.c | 35 - tests/unit/test-replication.c | 2 +- tests/unit/test-vmstate.c | 5 +- tests/unit/test-write-threshold.c | 90 +- tests/vm/Makefile.include | 1 + tests/vm/aarch64vm.py | 2 +- tests/vm/basevm.py | 16 +- tests/vm/centos | 17 +- tests/vm/centos.aarch64 | 2 +- tests/vm/netbsd | 4 +- tests/vm/openbsd | 4 +- tools/ebpf/Makefile.ebpf | 21 + tools/ebpf/rss.bpf.c | 571 + tools/virtiofsd/buffer.c | 4 +- tools/virtiofsd/fuse_common.h | 5 + tools/virtiofsd/fuse_lowlevel.c | 67 +- tools/virtiofsd/fuse_lowlevel.h | 3 +- tools/virtiofsd/fuse_opt.c | 4 +- tools/virtiofsd/fuse_virtio.c | 216 +- tools/virtiofsd/helper.c | 4 + tools/virtiofsd/passthrough_ll.c | 318 +- tools/virtiofsd/passthrough_seccomp.c | 1 + trace-events | 7 +- trace/control-target.c | 2 +- trace/control.c | 39 +- trace/control.h | 30 +- trace/mem-internal.h | 50 - trace/mem.h | 46 +- trace/meson.build | 2 +- trace/qmp.c | 6 +- trace/simple.c | 22 +- trace/simple.h | 1 + ui/clipboard.c | 92 + ui/cocoa.m | 162 +- ui/console.c | 8 +- ui/egl-headless.c | 2 + ui/gtk-clipboard.c | 192 + ui/gtk.c | 126 +- ui/input-barrier.c | 5 + ui/keycodemapdb | 2 +- ui/meson.build | 6 +- ui/qemu-pixman.c | 35 +- ui/sdl2.c | 9 +- ui/spice-app.c | 6 +- ui/spice-core.c | 5 + ui/spice-display.c | 4 + ui/trace-events | 12 +- ui/udmabuf.c | 40 + ui/vdagent.c | 803 + ui/vnc-auth-sasl.c | 20 + ui/vnc-auth-sasl.h | 1 + ui/vnc-clipboard.c | 323 + ui/vnc.c | 60 +- ui/vnc.h | 24 + ui/x_keymap.c | 15 +- util/aio-posix.c | 12 + util/aio-win32.c | 5 + util/async.c | 47 +- util/compatfd.c | 8 +- util/cutils.c | 2 +- util/guest-random.c | 2 +- util/keyval.c | 123 +- util/main-loop.c | 114 +- util/meson.build | 8 +- util/mmap-alloc.c | 214 +- util/module.c | 193 +- util/osdep.c | 9 + util/oslib-posix.c | 18 +- util/oslib-win32.c | 224 +- util/qemu-co-shared-resource.c | 24 +- util/qemu-config.c | 96 +- util/qemu-coroutine-sleep.c | 75 +- util/qemu-option.c | 56 +- util/qemu-sockets.c | 76 +- util/qemu-thread-posix.c | 24 +- util/qemu-thread-win32.c | 2 +- util/qsp.c | 4 +- util/selfmap.c | 29 +- util/trace-events | 6 +- util/transactions.c | 96 + util/uri.c | 22 +- util/vfio-helpers.c | 41 +- 2742 files changed, 219900 insertions(+), 184295 deletions(-) diff --git a/.cirrus.yml b/.cirrus.yml index f53c519447..02c43a074a 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -1,61 +1,6 @@ env: CIRRUS_CLONE_DEPTH: 1 -freebsd_12_task: - freebsd_instance: - image_family: freebsd-12-2 - cpu: 8 - memory: 8G - install_script: - - ASSUME_ALWAYS_YES=yes pkg bootstrap -f ; - - pkg install -y bash curl cyrus-sasl git glib gmake gnutls gsed - nettle perl5 pixman pkgconf png usbredir ninja - script: - - mkdir build - - cd build - # TODO: Enable gnutls again once FreeBSD's libtasn1 got fixed - # See: https://gitlab.com/gnutls/libtasn1/-/merge_requests/71 - - ../configure --enable-werror --disable-gnutls - || { cat config.log meson-logs/meson-log.txt; exit 1; } - - gmake -j$(sysctl -n hw.ncpu) - - gmake -j$(sysctl -n hw.ncpu) check V=1 - -macos_task: - osx_instance: - image: catalina-base - install_script: - - brew install pkg-config python gnu-sed glib pixman make sdl2 bash ninja - script: - - mkdir build - - cd build - - ../configure --python=/usr/local/bin/python3 --enable-werror - --extra-cflags='-Wno-error=deprecated-declarations' - || { cat config.log meson-logs/meson-log.txt; exit 1; } - - gmake -j$(sysctl -n hw.ncpu) - - gmake check-unit V=1 - - gmake check-block V=1 - - gmake check-qapi-schema V=1 - - gmake check-softfloat V=1 - - gmake check-qtest-x86_64 V=1 - -macos_xcode_task: - osx_instance: - # this is an alias for the latest Xcode - image: catalina-xcode - install_script: - - brew install pkg-config gnu-sed glib pixman make sdl2 bash ninja - script: - - mkdir build - - cd build - - ../configure --extra-cflags='-Wno-error=deprecated-declarations' --enable-modules - --enable-werror --cc=clang || { cat config.log meson-logs/meson-log.txt; exit 1; } - - gmake -j$(sysctl -n hw.ncpu) - - gmake check-unit V=1 - - gmake check-block V=1 - - gmake check-qapi-schema V=1 - - gmake check-softfloat V=1 - - gmake check-qtest-x86_64 V=1 - windows_msys2_task: timeout_in: 90m windows_container: @@ -67,7 +12,7 @@ windows_msys2_task: CIRRUS_SHELL: powershell MSYS: winsymlinks:nativestrict MSYSTEM: MINGW64 - MSYS2_URL: https://github.com/msys2/msys2-installer/releases/download/2021-01-05/msys2-base-x86_64-20210105.sfx.exe + MSYS2_URL: https://github.com/msys2/msys2-installer/releases/download/2021-04-19/msys2-base-x86_64-20210419.sfx.exe MSYS2_FINGERPRINT: 0 MSYS2_PACKAGES: " diffutils git grep make pkg-config sed @@ -130,7 +75,7 @@ windows_msys2_task: taskkill /F /FI "MODULES eq msys-2.0.dll" tasklist C:\tools\msys64\usr\bin\bash.exe -lc "mv -f /etc/pacman.conf.pacnew /etc/pacman.conf || true" - C:\tools\msys64\usr\bin\bash.exe -lc "pacman --noconfirm -Suu --overwrite=*" + C:\tools\msys64\usr\bin\bash.exe -lc "pacman --noconfirm -Syuu --overwrite=*" Write-Output "Core install time taken: $((Get-Date).Subtract($start_time))" $start_time = Get-Date diff --git a/.github/lockdown.yml b/.github/lockdown.yml index 07fc2f31ee..d3546bd2bc 100644 --- a/.github/lockdown.yml +++ b/.github/lockdown.yml @@ -14,11 +14,11 @@ issues: at https://gitlab.com/qemu-project/qemu.git. The project does not process issues filed on GitHub. - The project issues are tracked on Launchpad: - https://bugs.launchpad.net/qemu + The project issues are tracked on GitLab: + https://gitlab.com/qemu-project/qemu/-/issues QEMU welcomes bug report contributions. You can file new ones on: - https://bugs.launchpad.net/qemu/+filebug + https://gitlab.com/qemu-project/qemu/-/issues/new pulls: comment: | diff --git a/.gitignore b/.gitignore index 75a4be0724..eb2553026c 100644 --- a/.gitignore +++ b/.gitignore @@ -13,3 +13,5 @@ GTAGS *~ *.ast_raw *.depend_raw +*.swp +*.patch diff --git a/.gitlab-ci.d/buildtest-template.yml b/.gitlab-ci.d/buildtest-template.yml new file mode 100644 index 0000000000..fcbcc4e627 --- /dev/null +++ b/.gitlab-ci.d/buildtest-template.yml @@ -0,0 +1,81 @@ +.native_build_job_template: + stage: build + image: $CI_REGISTRY_IMAGE/qemu/$IMAGE:latest + before_script: + - JOBS=$(expr $(nproc) + 1) + script: + - if test -n "$LD_JOBS"; + then + scripts/git-submodule.sh update meson ; + fi + - mkdir build + - cd build + - if test -n "$TARGETS"; + then + ../configure --enable-werror --disable-docs ${LD_JOBS:+--meson=git} $CONFIGURE_ARGS --target-list="$TARGETS" ; + else + ../configure --enable-werror --disable-docs ${LD_JOBS:+--meson=git} $CONFIGURE_ARGS ; + fi || { cat config.log meson-logs/meson-log.txt && exit 1; } + - if test -n "$LD_JOBS"; + then + ../meson/meson.py configure . -Dbackend_max_links="$LD_JOBS" ; + fi || exit 1; + - make -j"$JOBS" + - if test -n "$MAKE_CHECK_ARGS"; + then + make -j"$JOBS" $MAKE_CHECK_ARGS ; + fi + +.native_test_job_template: + stage: test + image: $CI_REGISTRY_IMAGE/qemu/$IMAGE:latest + script: + - scripts/git-submodule.sh update + $(sed -n '/GIT_SUBMODULES=/ s/.*=// p' build/config-host.mak) + - cd build + - find . -type f -exec touch {} + + # Avoid recompiling by hiding ninja with NINJA=":" + - make NINJA=":" $MAKE_CHECK_ARGS + +.acceptance_test_job_template: + extends: .native_test_job_template + cache: + key: "${CI_JOB_NAME}-cache" + paths: + - ${CI_PROJECT_DIR}/avocado-cache + policy: pull-push + artifacts: + name: "$CI_JOB_NAME-$CI_COMMIT_REF_SLUG" + when: on_failure + expire_in: 7 days + paths: + - build/tests/results/latest/results.xml + - build/tests/results/latest/test-results + reports: + junit: build/tests/results/latest/results.xml + before_script: + - mkdir -p ~/.config/avocado + - echo "[datadir.paths]" > ~/.config/avocado/avocado.conf + - echo "cache_dirs = ['${CI_PROJECT_DIR}/avocado-cache']" + >> ~/.config/avocado/avocado.conf + - echo -e '[job.output.testlogs]\nstatuses = ["FAIL", "INTERRUPT"]' + >> ~/.config/avocado/avocado.conf + - if [ -d ${CI_PROJECT_DIR}/avocado-cache ]; then + du -chs ${CI_PROJECT_DIR}/avocado-cache ; + fi + - export AVOCADO_ALLOW_UNTRUSTED_CODE=1 + after_script: + - cd build + - du -chs ${CI_PROJECT_DIR}/avocado-cache + rules: + # Only run these jobs if running on the mainstream namespace, + # or if the user set the QEMU_CI_AVOCADO_TESTING variable (either + # in its namespace setting or via git-push option, see documentation + # in /.gitlab-ci.yml of this repository). + - if: '$CI_PROJECT_NAMESPACE == "qemu-project"' + when: on_success + - if: '$QEMU_CI_AVOCADO_TESTING' + when: on_success + # Otherwise, set to manual (the jobs are created but not run). + - when: manual + allow_failure: true diff --git a/.gitlab-ci.d/buildtest.yml b/.gitlab-ci.d/buildtest.yml new file mode 100644 index 0000000000..903ee65f32 --- /dev/null +++ b/.gitlab-ci.d/buildtest.yml @@ -0,0 +1,724 @@ +include: + - local: '/.gitlab-ci.d/buildtest-template.yml' + +build-system-alpine: + extends: .native_build_job_template + needs: + - job: amd64-alpine-container + variables: + IMAGE: alpine + TARGETS: aarch64-softmmu alpha-softmmu cris-softmmu hppa-softmmu + microblazeel-softmmu mips64el-softmmu + MAKE_CHECK_ARGS: check-build + CONFIGURE_ARGS: --enable-docs --enable-trace-backends=log,simple,syslog + artifacts: + expire_in: 2 days + paths: + - .git-submodule-status + - build + +check-system-alpine: + extends: .native_test_job_template + needs: + - job: build-system-alpine + artifacts: true + variables: + IMAGE: alpine + MAKE_CHECK_ARGS: check + +acceptance-system-alpine: + extends: .acceptance_test_job_template + needs: + - job: build-system-alpine + artifacts: true + variables: From xen-changelog-bounces@lists.xenproject.org Wed Sep 01 13:33:08 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 01 Sep 2021 13:33:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.176413.321017 (Exim 4.92) (envelope-from ) id 1mLQMS-0008Du-7S; Wed, 01 Sep 2021 13:33:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 176413.321017; Wed, 01 Sep 2021 13:33:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLQMS-0008Dm-4a; Wed, 01 Sep 2021 13:33:04 +0000 Received: by outflank-mailman (input) for mailman id 176413; Wed, 01 Sep 2021 13:33:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLQMQ-0008Dg-V5 for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 13:33:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLQMQ-0002tT-Ty for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 13:33:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mLQMQ-0001Vr-Qw for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 13:33:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=TNcHLjgbQqCRT3w6AOXVWW1JlTEKzdoB/PPSm20X9JU=; b=5njMLdLtLtlK0F3KXQdzofALuf jZpi0Ce8E0ZjxoKgHOWzOycMV3E22ixgXSYZ+CTFEJ05wJjzQ8sorL5S0AtH/R3YlBmQo0pHU39hz zhTugh/Giyg5wZndC4YhPVIFxdoM/5pUDXFlxgdNT6WOWDOtHAb8K+rjcc0sMc7tfxs4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [qemu-xen master] main loop: Big hammer to fix logfile disk DoS in Xen setups Message-Id: Date: Wed, 01 Sep 2021 13:33:02 +0000 commit b6e539830bf45e2d7a6bd86ddfdf003088b173b0 Author: Ian Jackson AuthorDate: Thu May 26 16:21:56 2016 +0100 Commit: Anthony PERARD CommitDate: Tue Aug 31 11:49:40 2021 +0100 main loop: Big hammer to fix logfile disk DoS in Xen setups Each time round the main loop, we now fstat stderr. If it is too big, we dup2 /dev/null onto it. This is not a very pretty patch but it is very simple, easy to see that it's correct, and has a low risk of collateral damage. There is no limit by default but can be adjusted by setting a new environment variable. This fixes CVE-2014-3672. Signed-off-by: Ian Jackson Tested-by: Ian Jackson Set the default to 0 so that it won't affect non-xen installation. The limit will be set by Xen toolstack. Signed-off-by: Wei Liu Acked-by: Ian Jackson Acked-by: Anthony PERARD (cherry picked from commit 44a072f0de0d57c95c2212bbce02888832b7b74f) (cherry picked from commit 269381bb635692856aa8789a3f322e543e0c648d) --- util/main-loop.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/util/main-loop.c b/util/main-loop.c index 06b18b195c..f7c29bc2a1 100644 --- a/util/main-loop.c +++ b/util/main-loop.c @@ -184,6 +184,50 @@ int qemu_init_main_loop(Error **errp) return 0; } +static void check_cve_2014_3672_xen(void) +{ + static unsigned long limit = ~0UL; + const int fd = 2; + struct stat stab; + + if (limit == ~0UL) { + const char *s = getenv("XEN_QEMU_CONSOLE_LIMIT"); + /* XEN_QEMU_CONSOLE_LIMIT=0 means no limit */ + limit = s ? strtoul(s,0,0) : 0; + } + if (limit == 0) + return; + + int r = fstat(fd, &stab); + if (r) { + perror("fstat stderr (for CVE-2014-3672 check)"); + exit(-1); + } + if (!S_ISREG(stab.st_mode)) + return; + if (stab.st_size <= limit) + return; + + /* oh dear */ + fprintf(stderr,"\r\n" + "Closing stderr due to CVE-2014-3672 limit. " + " Set XEN_QEMU_CONSOLE_LIMIT to number of bytes to override," + " or 0 for no limit.\n"); + fflush(stderr); + + int nfd = open("/dev/null", O_WRONLY); + if (nfd < 0) { + perror("open /dev/null (for CVE-2014-3672 check)"); + exit(-1); + } + r = dup2(nfd, fd); + if (r != fd) { + perror("dup2 /dev/null (for CVE-2014-3672 check)"); + exit(-1); + } + close(nfd); +} + static int max_priority; #ifndef _WIN32 @@ -242,6 +286,8 @@ static int os_host_main_loop_wait(int64_t timeout) g_main_context_acquire(context); + check_cve_2014_3672_xen(); + glib_pollfds_fill(&timeout); qemu_mutex_unlock_iothread(); @@ -414,6 +460,8 @@ static int os_host_main_loop_wait(int64_t timeout) g_main_context_acquire(context); + check_cve_2014_3672_xen(); + /* XXX: need to suppress polling by better using win32 events */ ret = 0; for (pe = first_polling_entry; pe != NULL; pe = pe->next) { -- generated by git-patchbot for /home/xen/git/qemu-xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Sep 01 19:22:08 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 01 Sep 2021 19:22:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.176636.321413 (Exim 4.92) (envelope-from ) id 1mLVoB-0005HC-SS; Wed, 01 Sep 2021 19:22:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 176636.321413; Wed, 01 Sep 2021 19:22:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVoB-0005H4-PU; Wed, 01 Sep 2021 19:22:03 +0000 Received: by outflank-mailman (input) for mailman id 176636; Wed, 01 Sep 2021 19:22:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVoA-0005Gy-EW for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:22:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVoA-0000ys-DM for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:22:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mLVoA-0000ia-CC for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:22:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=QnIF8WAWRCDbF3xWsHX4pYI/heuhTT7bto0Pqtrzws4=; b=KVy1L9PAJyimvfykVYZ+ESQZjR kyXiXUfftuQfXPb0qThReSvwTb7wQTUwsiXx8cz+U2jLgu7nXp1ghEErlbKtI2sqAiwpI7DTwfPGQ Tp2i01Y/TQQ7EuwayIL4msbB+mdOGAIWixI9cOrsGNbKISfgDrPzCFKX6TSl311KfEQc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] AMD/IOMMU: correct global exclusion range extending Message-Id: Date: Wed, 01 Sep 2021 19:22:02 +0000 commit b02c5c88982411be11e3413159862f255f1f39dc Author: Jan Beulich AuthorDate: Wed Aug 25 14:12:13 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:12:13 2021 +0200 AMD/IOMMU: correct global exclusion range extending Besides unity mapping regions, the AMD IOMMU spec also provides for exclusion ranges (areas of memory not to be subject to DMA translation) to be specified by firmware in the ACPI tables. The spec does not put any constraints on the number of such regions. Blindly assuming all addresses between any two such ranges should also be excluded can't be right. Since hardware has room for just a single such range (comprised of the Exclusion Base Register and the Exclusion Range Limit Register), combine only adjacent or overlapping regions (for now; this may require further adjustment in case table entries aren't sorted by address) with matching exclusion_allow_all settings. This requires bubbling up error indicators, such that IOMMU init can be failed when concatenation wasn't possible. Furthermore, since the exclusion range specified in IOMMU registers implies R/W access, reject requests asking for less permissions (this will be brought closer to the spec by a subsequent change). This is part of XSA-378 / CVE-2021-28695. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant --- xen/drivers/passthrough/amd/iommu_acpi.c | 45 +++++++++++++++++++++----------- 1 file changed, 30 insertions(+), 15 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c b/xen/drivers/passthrough/amd/iommu_acpi.c index 1f6b004260..63fc22af01 100644 --- a/xen/drivers/passthrough/amd/iommu_acpi.c +++ b/xen/drivers/passthrough/amd/iommu_acpi.c @@ -116,12 +116,21 @@ static struct amd_iommu * __init find_iommu_from_bdf_cap( return NULL; } -static void __init reserve_iommu_exclusion_range( - struct amd_iommu *iommu, uint64_t base, uint64_t limit) +static int __init reserve_iommu_exclusion_range( + struct amd_iommu *iommu, uint64_t base, uint64_t limit, + bool all, bool iw, bool ir) { + if ( !ir || !iw ) + return -EPERM; + /* need to extend exclusion range? */ if ( iommu->exclusion_enable ) { + if ( iommu->exclusion_limit + PAGE_SIZE < base || + limit + PAGE_SIZE < iommu->exclusion_base || + iommu->exclusion_allow_all != all ) + return -EBUSY; + if ( iommu->exclusion_base < base ) base = iommu->exclusion_base; if ( iommu->exclusion_limit > limit ) @@ -129,16 +138,11 @@ static void __init reserve_iommu_exclusion_range( } iommu->exclusion_enable = IOMMU_CONTROL_ENABLED; + iommu->exclusion_allow_all = all; iommu->exclusion_base = base; iommu->exclusion_limit = limit; -} -static void __init reserve_iommu_exclusion_range_all( - struct amd_iommu *iommu, - unsigned long base, unsigned long limit) -{ - reserve_iommu_exclusion_range(iommu, base, limit); - iommu->exclusion_allow_all = IOMMU_CONTROL_ENABLED; + return 0; } static void __init reserve_unity_map_for_device( @@ -176,6 +180,7 @@ static int __init register_exclusion_range_for_all_devices( unsigned long range_top, iommu_top, length; struct amd_iommu *iommu; unsigned int bdf; + int rc = 0; /* is part of exclusion range inside of IOMMU virtual address space? */ /* note: 'limit' parameter is assumed to be page-aligned */ @@ -197,10 +202,15 @@ static int __init register_exclusion_range_for_all_devices( if ( limit >= iommu_top ) { for_each_amd_iommu( iommu ) - reserve_iommu_exclusion_range_all(iommu, base, limit); + { + rc = reserve_iommu_exclusion_range(iommu, base, limit, + true /* all */, iw, ir); + if ( rc ) + break; + } } - return 0; + return rc; } static int __init register_exclusion_range_for_device( @@ -211,6 +221,7 @@ static int __init register_exclusion_range_for_device( unsigned long range_top, iommu_top, length; struct amd_iommu *iommu; u16 req; + int rc = 0; iommu = find_iommu_for_device(seg, bdf); if ( !iommu ) @@ -240,12 +251,13 @@ static int __init register_exclusion_range_for_device( /* register IOMMU exclusion range settings for device */ if ( limit >= iommu_top ) { - reserve_iommu_exclusion_range(iommu, base, limit); + rc = reserve_iommu_exclusion_range(iommu, base, limit, + false /* all */, iw, ir); ivrs_mappings[bdf].dte_allow_exclusion = true; ivrs_mappings[req].dte_allow_exclusion = true; } - return 0; + return rc; } static int __init register_exclusion_range_for_iommu_devices( @@ -255,6 +267,7 @@ static int __init register_exclusion_range_for_iommu_devices( unsigned long range_top, iommu_top, length; unsigned int bdf; u16 req; + int rc = 0; /* is part of exclusion range inside of IOMMU virtual address space? */ /* note: 'limit' parameter is assumed to be page-aligned */ @@ -285,8 +298,10 @@ static int __init register_exclusion_range_for_iommu_devices( /* register IOMMU exclusion range settings */ if ( limit >= iommu_top ) - reserve_iommu_exclusion_range_all(iommu, base, limit); - return 0; + rc = reserve_iommu_exclusion_range(iommu, base, limit, + true /* all */, iw, ir); + + return rc; } static int __init parse_ivmd_device_select( -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Sep 01 19:22:12 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 01 Sep 2021 19:22:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.176637.321416 (Exim 4.92) (envelope-from ) id 1mLVoK-0005Ke-Tl; Wed, 01 Sep 2021 19:22:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 176637.321416; Wed, 01 Sep 2021 19:22:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVoK-0005KX-Qw; Wed, 01 Sep 2021 19:22:12 +0000 Received: by outflank-mailman (input) for mailman id 176637; Wed, 01 Sep 2021 19:22:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVoK-0005KR-Ji for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:22:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVoK-0000yw-Iv for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:22:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mLVoK-0000kL-Gd for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:22:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=dWly/FkfgbBpTCFqXPQ+xN06WFRowVNEOHqSqkUBrow=; b=Fs6N0UI56cydkRfWsirreuQlhd g28rUFDBx5woh3VPmT1msLINBsGvicX1tI1gAFT8Frd7MHViimhb+FmvsbHuwylfr47hXuiBz/LBB Upc6U6AGI+GCqkGDyi1mwWWU2qvxGQbAiwPOtdgcmTIJIgVQvlFVisFapLMvWgL57Pos=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] AMD/IOMMU: correct device unity map handling Message-Id: Date: Wed, 01 Sep 2021 19:22:12 +0000 commit 34750a3eb022462cdd1c36e8ef9049d3d73c824c Author: Jan Beulich AuthorDate: Wed Aug 25 14:15:11 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:15:11 2021 +0200 AMD/IOMMU: correct device unity map handling Blindly assuming all addresses between any two such ranges, specified by firmware in the ACPI tables, should also be unity-mapped can't be right. Nor can it be correct to merge ranges with differing permissions. Track ranges individually; don't merge at all, but check for overlaps instead. This requires bubbling up error indicators, such that IOMMU init can be failed when allocation of a new tracking struct wasn't possible, or an overlap was detected. At this occasion also stop ignoring amd_iommu_reserve_domain_unity_map()'s return value. This is part of XSA-378 / CVE-2021-28695. Signed-off-by: Jan Beulich Reviewed-by: George Dunlap Reviewed-by: Paul Durrant --- xen/drivers/passthrough/amd/iommu.h | 14 +++-- xen/drivers/passthrough/amd/iommu_acpi.c | 80 +++++++++++++++++------------ xen/drivers/passthrough/amd/pci_amd_iommu.c | 16 +++--- 3 files changed, 66 insertions(+), 44 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index 73f89f0f20..28a10789a9 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -107,20 +107,24 @@ struct amd_iommu { struct list_head ats_devices; }; +struct ivrs_unity_map { + bool read:1; + bool write:1; + paddr_t addr; + unsigned long length; + struct ivrs_unity_map *next; +}; + struct ivrs_mappings { uint16_t dte_requestor_id; bool valid:1; bool dte_allow_exclusion:1; - bool unity_map_enable:1; - bool write_permission:1; - bool read_permission:1; /* ivhd device data settings */ uint8_t device_flags; - unsigned long addr_range_start; - unsigned long addr_range_length; struct amd_iommu *iommu; + struct ivrs_unity_map *unity_map; /* per device interrupt remapping table */ void *intremap_table; diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c b/xen/drivers/passthrough/amd/iommu_acpi.c index 63fc22af01..f98a936ecd 100644 --- a/xen/drivers/passthrough/amd/iommu_acpi.c +++ b/xen/drivers/passthrough/amd/iommu_acpi.c @@ -145,32 +145,48 @@ static int __init reserve_iommu_exclusion_range( return 0; } -static void __init reserve_unity_map_for_device( - u16 seg, u16 bdf, unsigned long base, - unsigned long length, u8 iw, u8 ir) +static int __init reserve_unity_map_for_device( + uint16_t seg, uint16_t bdf, unsigned long base, + unsigned long length, bool iw, bool ir) { struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(seg); - unsigned long old_top, new_top; + struct ivrs_unity_map *unity_map = ivrs_mappings[bdf].unity_map; - /* need to extend unity-mapped range? */ - if ( ivrs_mappings[bdf].unity_map_enable ) + /* Check for overlaps. */ + for ( ; unity_map; unity_map = unity_map->next ) { - old_top = ivrs_mappings[bdf].addr_range_start + - ivrs_mappings[bdf].addr_range_length; - new_top = base + length; - if ( old_top > new_top ) - new_top = old_top; - if ( ivrs_mappings[bdf].addr_range_start < base ) - base = ivrs_mappings[bdf].addr_range_start; - length = new_top - base; + /* + * Exact matches are okay. This can in particular happen when + * register_exclusion_range_for_device() calls here twice for the + * same (s,b,d,f). + */ + if ( base == unity_map->addr && length == unity_map->length && + ir == unity_map->read && iw == unity_map->write ) + return 0; + + if ( unity_map->addr + unity_map->length > base && + base + length > unity_map->addr ) + { + AMD_IOMMU_DEBUG("IVMD Error: overlap [%lx,%lx) vs [%lx,%lx)\n", + base, base + length, unity_map->addr, + unity_map->addr + unity_map->length); + return -EPERM; + } } - /* extend r/w permissioms and keep aggregate */ - ivrs_mappings[bdf].write_permission = iw; - ivrs_mappings[bdf].read_permission = ir; - ivrs_mappings[bdf].unity_map_enable = true; - ivrs_mappings[bdf].addr_range_start = base; - ivrs_mappings[bdf].addr_range_length = length; + /* Populate and insert a new unity map. */ + unity_map = xmalloc(struct ivrs_unity_map); + if ( !unity_map ) + return -ENOMEM; + + unity_map->read = ir; + unity_map->write = iw; + unity_map->addr = base; + unity_map->length = length; + unity_map->next = ivrs_mappings[bdf].unity_map; + ivrs_mappings[bdf].unity_map = unity_map; + + return 0; } static int __init register_exclusion_range_for_all_devices( @@ -193,13 +209,13 @@ static int __init register_exclusion_range_for_all_devices( length = range_top - base; /* reserve r/w unity-mapped page entries for devices */ /* note: these entries are part of the exclusion range */ - for ( bdf = 0; bdf < ivrs_bdf_entries; bdf++ ) - reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); + for ( bdf = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) + rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); /* push 'base' just outside of virtual address space */ base = iommu_top; } /* register IOMMU exclusion range settings */ - if ( limit >= iommu_top ) + if ( !rc && limit >= iommu_top ) { for_each_amd_iommu( iommu ) { @@ -241,15 +257,15 @@ static int __init register_exclusion_range_for_device( length = range_top - base; /* reserve unity-mapped page entries for device */ /* note: these entries are part of the exclusion range */ - reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); - reserve_unity_map_for_device(seg, req, base, length, iw, ir); + rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir) ?: + reserve_unity_map_for_device(seg, req, base, length, iw, ir); /* push 'base' just outside of virtual address space */ base = iommu_top; } /* register IOMMU exclusion range settings for device */ - if ( limit >= iommu_top ) + if ( !rc && limit >= iommu_top ) { rc = reserve_iommu_exclusion_range(iommu, base, limit, false /* all */, iw, ir); @@ -280,15 +296,15 @@ static int __init register_exclusion_range_for_iommu_devices( length = range_top - base; /* reserve r/w unity-mapped page entries for devices */ /* note: these entries are part of the exclusion range */ - for ( bdf = 0; bdf < ivrs_bdf_entries; bdf++ ) + for ( bdf = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) { if ( iommu == find_iommu_for_device(iommu->seg, bdf) ) { - reserve_unity_map_for_device(iommu->seg, bdf, base, length, - iw, ir); req = get_ivrs_mappings(iommu->seg)[bdf].dte_requestor_id; - reserve_unity_map_for_device(iommu->seg, req, base, length, - iw, ir); + rc = reserve_unity_map_for_device(iommu->seg, bdf, base, length, + iw, ir) ?: + reserve_unity_map_for_device(iommu->seg, req, base, length, + iw, ir); } } @@ -297,7 +313,7 @@ static int __init register_exclusion_range_for_iommu_devices( } /* register IOMMU exclusion range settings */ - if ( limit >= iommu_top ) + if ( !rc && limit >= iommu_top ) rc = reserve_iommu_exclusion_range(iommu, base, limit, true /* all */, iw, ir); diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 8c0e6cfede..8ec7779b09 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -384,15 +384,17 @@ static int amd_iommu_assign_device(struct domain *d, u8 devfn, struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); int bdf = PCI_BDF2(pdev->bus, devfn); int req_id = get_dma_requestor_id(pdev->seg, bdf); + const struct ivrs_unity_map *unity_map; - if ( ivrs_mappings[req_id].unity_map_enable ) + for ( unity_map = ivrs_mappings[req_id].unity_map; unity_map; + unity_map = unity_map->next ) { - amd_iommu_reserve_domain_unity_map( - d, - ivrs_mappings[req_id].addr_range_start, - ivrs_mappings[req_id].addr_range_length, - ivrs_mappings[req_id].write_permission, - ivrs_mappings[req_id].read_permission); + int rc = amd_iommu_reserve_domain_unity_map( + d, unity_map->addr, unity_map->length, + unity_map->write, unity_map->read); + + if ( rc ) + return rc; } return reassign_device(pdev->domain, d, devfn, pdev); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Sep 01 19:22:24 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 01 Sep 2021 19:22:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.176638.321421 (Exim 4.92) (envelope-from ) id 1mLVoV-0005OF-Vr; Wed, 01 Sep 2021 19:22:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 176638.321421; Wed, 01 Sep 2021 19:22:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVoV-0005O7-SZ; Wed, 01 Sep 2021 19:22:23 +0000 Received: by outflank-mailman (input) for mailman id 176638; Wed, 01 Sep 2021 19:22:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVoU-0005Ni-NI for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:22:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVoU-0000z7-MT for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:22:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mLVoU-0000lX-Lj for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:22:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=3BU2ILRsHvaWqt3C6LjwjnDl6356IpFOZ235flNFv4Q=; b=5eG0TMeUSfRgoS1zS2Qz4Qbj73 mTK+EZg6f27FF5pVoCbBJpMo9yZELJuIbwLNbzi+tkCRVZ7XbgmTns+IsGjWtAYSDJNv0RoKgmxw9 ewaknTQy+BCnL0kHqf3p+ePLX2urK9GCq7oyAa15qLuA39+Q3Pv6BrgAXIEs8FdMv+lo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] IOMMU: also pass p2m_access_t to p2m_get_iommu_flags() Message-Id: Date: Wed, 01 Sep 2021 19:22:22 +0000 commit d1bb6c97c31ef754fb29b29eb307c090414e8022 Author: Jan Beulich AuthorDate: Wed Aug 25 14:15:32 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:15:32 2021 +0200 IOMMU: also pass p2m_access_t to p2m_get_iommu_flags() A subsequent change will want to customize the IOMMU permissions based on this. This is part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant --- xen/arch/x86/mm/p2m-ept.c | 6 +++--- xen/arch/x86/mm/p2m-pt.c | 19 ++++++++++++++++--- xen/include/asm-x86/p2m.h | 3 ++- 3 files changed, 21 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/mm/p2m-ept.c b/xen/arch/x86/mm/p2m-ept.c index 289001b66b..e7e873dc28 100644 --- a/xen/arch/x86/mm/p2m-ept.c +++ b/xen/arch/x86/mm/p2m-ept.c @@ -808,7 +808,7 @@ ept_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, bool_t entry_written = 0; bool_t need_modify_vtd_table = 1; bool_t vtd_pte_present = 0; - unsigned int iommu_flags = p2m_get_iommu_flags(p2mt, mfn); + unsigned int iommu_flags = p2m_get_iommu_flags(p2mt, p2ma, mfn); bool_t needs_sync = 1; ept_entry_t old_entry = { .epte = 0 }; ept_entry_t new_entry = { .epte = 0 }; @@ -938,8 +938,8 @@ ept_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, /* Safe to read-then-write because we hold the p2m lock */ if ( ept_entry->mfn == new_entry.mfn && - p2m_get_iommu_flags(ept_entry->sa_p2mt, _mfn(ept_entry->mfn)) == - iommu_flags ) + p2m_get_iommu_flags(ept_entry->sa_p2mt, ept_entry->access, + _mfn(ept_entry->mfn)) == iommu_flags ) need_modify_vtd_table = 0; ept_p2m_type_to_flags(p2m, &new_entry); diff --git a/xen/arch/x86/mm/p2m-pt.c b/xen/arch/x86/mm/p2m-pt.c index f2afcf49a3..7d691e616d 100644 --- a/xen/arch/x86/mm/p2m-pt.c +++ b/xen/arch/x86/mm/p2m-pt.c @@ -545,6 +545,16 @@ int p2m_pt_handle_deferred_changes(uint64_t gpa) return rc; } +/* Reconstruct a fake p2m_access_t from stored PTE flags. */ +static p2m_access_t p2m_flags_to_access(unsigned int flags) +{ + if ( flags & _PAGE_PRESENT ) + return p2m_access_n; + + /* No need to look at _PAGE_NX for now. */ + return flags & _PAGE_RW ? p2m_access_rw : p2m_access_r; +} + /* Checks only applicable to entries with order > PAGE_ORDER_4K */ static void check_entry(mfn_t mfn, p2m_type_t new, p2m_type_t old, unsigned int order) @@ -579,7 +589,7 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, l2_pgentry_t l2e_content; l3_pgentry_t l3e_content; int rc; - unsigned int iommu_pte_flags = p2m_get_iommu_flags(p2mt, mfn); + unsigned int iommu_pte_flags = p2m_get_iommu_flags(p2mt, p2ma, mfn); /* * old_mfn and iommu_old_flags control possible flush/update needs on the * IOMMU: We need to flush when MFN or flags (i.e. permissions) change. @@ -642,6 +652,7 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, old_mfn = l1e_get_pfn(*p2m_entry); iommu_old_flags = p2m_get_iommu_flags(p2m_flags_to_type(flags), + p2m_flags_to_access(flags), _mfn(old_mfn)); } else @@ -684,9 +695,10 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, 0, L1_PAGETABLE_ENTRIES); ASSERT(p2m_entry); old_mfn = l1e_get_pfn(*p2m_entry); + flags = l1e_get_flags(*p2m_entry); iommu_old_flags = - p2m_get_iommu_flags(p2m_flags_to_type(l1e_get_flags(*p2m_entry)), - _mfn(old_mfn)); + p2m_get_iommu_flags(p2m_flags_to_type(flags), + p2m_flags_to_access(flags), _mfn(old_mfn)); if ( mfn_valid(mfn) || p2m_allows_invalid_mfn(p2mt) ) entry_content = p2m_l1e_from_pfn(mfn_x(mfn), @@ -714,6 +726,7 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, old_mfn = l1e_get_pfn(*p2m_entry); iommu_old_flags = p2m_get_iommu_flags(p2m_flags_to_type(flags), + p2m_flags_to_access(flags), _mfn(old_mfn)); } else diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index d2e7a8db85..f2ad420e3b 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -891,7 +891,8 @@ static inline void p2m_altp2m_check(struct vcpu *v, uint16_t idx) {} /* * p2m type to IOMMU flags */ -static inline unsigned int p2m_get_iommu_flags(p2m_type_t p2mt, mfn_t mfn) +static inline unsigned int p2m_get_iommu_flags(p2m_type_t p2mt, + p2m_access_t p2ma, mfn_t mfn) { unsigned int flags; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Sep 01 19:22:34 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 01 Sep 2021 19:22:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.176639.321425 (Exim 4.92) (envelope-from ) id 1mLVog-0005Ru-2m; Wed, 01 Sep 2021 19:22:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 176639.321425; Wed, 01 Sep 2021 19:22:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVof-0005Rm-Vj; Wed, 01 Sep 2021 19:22:33 +0000 Received: by outflank-mailman (input) for mailman id 176639; Wed, 01 Sep 2021 19:22:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVoe-0005RX-Rr for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:22:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVoe-0000zO-RB for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:22:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mLVoe-0000mc-PY for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:22:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=NUmrOQjg8kCgWQ5deGAi9wDmL4NJDCob7w86OqTZcoc=; b=Xwy6AJbvP933pLNOsbuWOjwbmb /rhVRCCacXDa01MuOJdyV27Eg26qTOxp02IcjFhgwF4b4l2LjgpcuaQX8y6s/zDFx2UXjQc1Y5tMh N3hjvKz2YzSnVS/wcAI+zH/Q0a8ZWBgUAxJaJAU+9jyWuta9TOkA5dlpISoZ/Zbqm0+o=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] IOMMU: generalize VT-d's tracking of mapped RMRR regions Message-Id: Date: Wed, 01 Sep 2021 19:22:32 +0000 commit c0e19d7c6c42f0bfccccd96b4f7b03b5515e10fc Author: Jan Beulich AuthorDate: Wed Aug 25 14:15:57 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:15:57 2021 +0200 IOMMU: generalize VT-d's tracking of mapped RMRR regions In order to re-use it elsewhere, move the logic to vendor independent code and strip it of RMRR specifics. Note that the prior "map" parameter gets folded into the new "p2ma" one (which AMD IOMMU code will want to make use of), assigning alternative meaning ("unmap") to p2m_access_x. Prepare set_identity_p2m_entry() and p2m_get_iommu_flags() for getting passed access types other than p2m_access_rw (in the latter case just for p2m_mmio_direct requests). Note also that, to be on the safe side, an overlap check gets added to the main loop of iommu_identity_mapping(). This is part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant --- xen/arch/x86/mm/p2m.c | 2 +- xen/drivers/passthrough/vtd/iommu.c | 99 +++++-------------------------------- xen/drivers/passthrough/x86/iommu.c | 94 +++++++++++++++++++++++++++++++++++ xen/include/asm-x86/iommu.h | 9 +++- xen/include/asm-x86/p2m.h | 35 +++++++++++-- 5 files changed, 148 insertions(+), 91 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 7b3cf7e9fc..b8bdd55cd2 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -1427,7 +1427,7 @@ int set_identity_p2m_entry(struct domain *d, unsigned long gfn_l, return 0; return iommu_legacy_map(d, _dfn(gfn_l), _mfn(gfn_l), 1ul << PAGE_ORDER_4K, - IOMMUF_readable | IOMMUF_writable); + p2m_access_to_iommu_flags(p2ma)); #ifdef CONFIG_HVM } diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 12d0d43d8e..23921dfb7b 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -45,12 +45,6 @@ /* dom_io is used as a sentinel for quarantined devices */ #define QUARANTINE_SKIP(d) ((d) == dom_io && !dom_iommu(d)->arch.vtd.pgd_maddr) -struct mapped_rmrr { - struct list_head list; - u64 base, end; - unsigned int count; -}; - /* Possible unfiltered LAPIC/MSI messages from untrusted sources? */ bool __read_mostly untrusted_msi; @@ -1306,7 +1300,6 @@ static int intel_iommu_domain_init(struct domain *d) struct domain_iommu *hd = dom_iommu(d); hd->arch.vtd.agaw = width_to_agaw(DEFAULT_DOMAIN_ADDRESS_WIDTH); - INIT_LIST_HEAD(&hd->arch.vtd.mapped_rmrrs); return 0; } @@ -1785,17 +1778,12 @@ static void iommu_clear_root_pgtable(struct domain *d) static void iommu_domain_teardown(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); - struct mapped_rmrr *mrmrr, *tmp; const struct acpi_drhd_unit *drhd; if ( list_empty(&acpi_drhd_units) ) return; - list_for_each_entry_safe ( mrmrr, tmp, &hd->arch.vtd.mapped_rmrrs, list ) - { - list_del(&mrmrr->list); - xfree(mrmrr); - } + iommu_identity_map_teardown(d); ASSERT(!hd->arch.vtd.pgd_maddr); @@ -1943,74 +1931,6 @@ static int __init vtd_ept_page_compatible(struct vtd_iommu *iommu) (ept_has_1gb(ept_cap) && opt_hap_1gb) <= cap_sps_1gb(vtd_cap); } -static int rmrr_identity_mapping(struct domain *d, bool_t map, - const struct acpi_rmrr_unit *rmrr, - u32 flag) -{ - unsigned long base_pfn = rmrr->base_address >> PAGE_SHIFT_4K; - unsigned long end_pfn = PAGE_ALIGN_4K(rmrr->end_address) >> PAGE_SHIFT_4K; - struct mapped_rmrr *mrmrr; - struct domain_iommu *hd = dom_iommu(d); - - ASSERT(pcidevs_locked()); - ASSERT(rmrr->base_address < rmrr->end_address); - - /* - * No need to acquire hd->arch.mapping_lock: Both insertion and removal - * get done while holding pcidevs_lock. - */ - list_for_each_entry( mrmrr, &hd->arch.vtd.mapped_rmrrs, list ) - { - if ( mrmrr->base == rmrr->base_address && - mrmrr->end == rmrr->end_address ) - { - int ret = 0; - - if ( map ) - { - ++mrmrr->count; - return 0; - } - - if ( --mrmrr->count ) - return 0; - - while ( base_pfn < end_pfn ) - { - if ( clear_identity_p2m_entry(d, base_pfn) ) - ret = -ENXIO; - base_pfn++; - } - - list_del(&mrmrr->list); - xfree(mrmrr); - return ret; - } - } - - if ( !map ) - return -ENOENT; - - while ( base_pfn < end_pfn ) - { - int err = set_identity_p2m_entry(d, base_pfn, p2m_access_rw, flag); - - if ( err ) - return err; - base_pfn++; - } - - mrmrr = xmalloc(struct mapped_rmrr); - if ( !mrmrr ) - return -ENOMEM; - mrmrr->base = rmrr->base_address; - mrmrr->end = rmrr->end_address; - mrmrr->count = 1; - list_add_tail(&mrmrr->list, &hd->arch.vtd.mapped_rmrrs); - - return 0; -} - static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) { struct acpi_rmrr_unit *rmrr; @@ -2042,7 +1962,9 @@ static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) * Since RMRRs are always reserved in the e820 map for the hardware * domain, there shouldn't be a conflict. */ - ret = rmrr_identity_mapping(pdev->domain, 1, rmrr, 0); + ret = iommu_identity_mapping(pdev->domain, p2m_access_rw, + rmrr->base_address, rmrr->end_address, + 0); if ( ret ) dprintk(XENLOG_ERR VTDPREFIX, "d%d: RMRR mapping failed\n", pdev->domain->domain_id); @@ -2087,7 +2009,8 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) * Any flag is nothing to clear these mappings but here * its always safe and strict to set 0. */ - rmrr_identity_mapping(pdev->domain, 0, rmrr, 0); + iommu_identity_mapping(pdev->domain, p2m_access_x, rmrr->base_address, + rmrr->end_address, 0); } return domain_context_unmap(pdev->domain, devfn, pdev); @@ -2286,7 +2209,8 @@ static void __hwdom_init setup_hwdom_rmrr(struct domain *d) * domain, there shouldn't be a conflict. So its always safe and * strict to set 0. */ - ret = rmrr_identity_mapping(d, 1, rmrr, 0); + ret = iommu_identity_mapping(d, p2m_access_rw, rmrr->base_address, + rmrr->end_address, 0); if ( ret ) dprintk(XENLOG_ERR VTDPREFIX, "IOMMU: mapping reserved region failed\n"); @@ -2468,7 +2392,9 @@ static int reassign_device_ownership( * Any RMRR flag is always ignored when remove a device, * but its always safe and strict to set 0. */ - ret = rmrr_identity_mapping(source, 0, rmrr, 0); + ret = iommu_identity_mapping(source, p2m_access_x, + rmrr->base_address, + rmrr->end_address, 0); if ( ret != -ENOENT ) return ret; } @@ -2564,7 +2490,8 @@ static int intel_iommu_assign_device( PCI_BUS(bdf) == bus && PCI_DEVFN2(bdf) == devfn ) { - ret = rmrr_identity_mapping(d, 1, rmrr, flag); + ret = iommu_identity_mapping(d, p2m_access_rw, rmrr->base_address, + rmrr->end_address, flag); if ( ret ) { int rc; diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index 593cc4d6ae..65ed4a7f9f 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -144,6 +144,7 @@ int arch_iommu_domain_init(struct domain *d) INIT_PAGE_LIST_HEAD(&hd->arch.pgtables.list); spin_lock_init(&hd->arch.pgtables.lock); + INIT_LIST_HEAD(&hd->arch.identity_maps); return 0; } @@ -159,6 +160,99 @@ void arch_iommu_domain_destroy(struct domain *d) page_list_empty(&dom_iommu(d)->arch.pgtables.list)); } +struct identity_map { + struct list_head list; + paddr_t base, end; + p2m_access_t access; + unsigned int count; +}; + +int iommu_identity_mapping(struct domain *d, p2m_access_t p2ma, + paddr_t base, paddr_t end, + unsigned int flag) +{ + unsigned long base_pfn = base >> PAGE_SHIFT_4K; + unsigned long end_pfn = PAGE_ALIGN_4K(end) >> PAGE_SHIFT_4K; + struct identity_map *map; + struct domain_iommu *hd = dom_iommu(d); + + ASSERT(pcidevs_locked()); + ASSERT(base < end); + + /* + * No need to acquire hd->arch.mapping_lock: Both insertion and removal + * get done while holding pcidevs_lock. + */ + list_for_each_entry( map, &hd->arch.identity_maps, list ) + { + if ( map->base == base && map->end == end ) + { + int ret = 0; + + if ( p2ma != p2m_access_x ) + { + if ( map->access != p2ma ) + return -EADDRINUSE; + ++map->count; + return 0; + } + + if ( --map->count ) + return 0; + + while ( base_pfn < end_pfn ) + { + if ( clear_identity_p2m_entry(d, base_pfn) ) + ret = -ENXIO; + base_pfn++; + } + + list_del(&map->list); + xfree(map); + + return ret; + } + + if ( end >= map->base && map->end >= base ) + return -EADDRINUSE; + } + + if ( p2ma == p2m_access_x ) + return -ENOENT; + + while ( base_pfn < end_pfn ) + { + int err = set_identity_p2m_entry(d, base_pfn, p2ma, flag); + + if ( err ) + return err; + base_pfn++; + } + + map = xmalloc(struct identity_map); + if ( !map ) + return -ENOMEM; + map->base = base; + map->end = end; + map->access = p2ma; + map->count = 1; + list_add_tail(&map->list, &hd->arch.identity_maps); + + return 0; +} + +void iommu_identity_map_teardown(struct domain *d) +{ + struct domain_iommu *hd = dom_iommu(d); + struct identity_map *map, *tmp; + + list_for_each_entry_safe ( map, tmp, &hd->arch.identity_maps, list ) + { + list_del(&map->list); + xfree(map); + } +} + static bool __hwdom_init hwdom_iommu_map(const struct domain *d, unsigned long pfn, unsigned long max_pfn) diff --git a/xen/include/asm-x86/iommu.h b/xen/include/asm-x86/iommu.h index 65a0b02f60..8aff75e4ff 100644 --- a/xen/include/asm-x86/iommu.h +++ b/xen/include/asm-x86/iommu.h @@ -16,6 +16,7 @@ #include #include +#include #include #include #include @@ -50,13 +51,14 @@ struct arch_iommu spinlock_t lock; } pgtables; + struct list_head identity_maps; + union { /* Intel VT-d */ struct { uint64_t pgd_maddr; /* io page directory machine address */ unsigned int agaw; /* adjusted guest address width, 0 is level 2 30-bit */ uint64_t iommu_bitmap; /* bitmap of iommu(s) that the domain uses */ - struct list_head mapped_rmrrs; } vtd; /* AMD IOMMU */ struct { @@ -122,6 +124,11 @@ static inline void iommu_disable_x2apic(void) iommu_ops.disable_x2apic(); } +int iommu_identity_mapping(struct domain *d, p2m_access_t p2ma, + paddr_t base, paddr_t end, + unsigned int flag); +void iommu_identity_map_teardown(struct domain *d); + extern bool untrusted_msi; int pi_update_irte(const struct pi_desc *pi_desc, const struct pirq *pirq, diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index f2ad420e3b..b9e35d5e71 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -888,6 +888,34 @@ struct p2m_domain *p2m_get_altp2m(struct vcpu *v); static inline void p2m_altp2m_check(struct vcpu *v, uint16_t idx) {} #endif +/* p2m access to IOMMU flags */ +static inline unsigned int p2m_access_to_iommu_flags(p2m_access_t p2ma) +{ + switch ( p2ma ) + { + case p2m_access_rw: + case p2m_access_rwx: + return IOMMUF_readable | IOMMUF_writable; + + case p2m_access_r: + case p2m_access_rx: + case p2m_access_rx2rw: + return IOMMUF_readable; + + case p2m_access_w: + case p2m_access_wx: + return IOMMUF_writable; + + case p2m_access_n: + case p2m_access_x: + case p2m_access_n2rwx: + return 0; + } + + ASSERT_UNREACHABLE(); + return 0; +} + /* * p2m type to IOMMU flags */ @@ -909,9 +937,10 @@ static inline unsigned int p2m_get_iommu_flags(p2m_type_t p2mt, flags = IOMMUF_readable; break; case p2m_mmio_direct: - flags = IOMMUF_readable; - if ( !rangeset_contains_singleton(mmio_ro_ranges, mfn_x(mfn)) ) - flags |= IOMMUF_writable; + flags = p2m_access_to_iommu_flags(p2ma); + if ( (flags & IOMMUF_writable) && + rangeset_contains_singleton(mmio_ro_ranges, mfn_x(mfn)) ) + flags &= ~IOMMUF_writable; break; default: flags = 0; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Sep 01 19:22:44 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 01 Sep 2021 19:22:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.176640.321430 (Exim 4.92) (envelope-from ) id 1mLVoq-0005Uo-4m; Wed, 01 Sep 2021 19:22:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 176640.321430; Wed, 01 Sep 2021 19:22:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVoq-0005Uc-1N; Wed, 01 Sep 2021 19:22:44 +0000 Received: by outflank-mailman (input) for mailman id 176640; Wed, 01 Sep 2021 19:22:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVop-0005UO-68 for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:22:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVop-0000zY-0d for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:22:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mLVoo-0000o0-U0 for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:22:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=kLBgyaPkWRRVLP0AFtckXSxA0542kLF2iTQsffSo9hc=; b=B99T3B9ilZAhUTlZ7rU8raQ7Rb FH/2GeVJ1ccodh68WsKK57EmHTJjNuHlp4MAJU0Gmz49EiE34qkFOmkFcnjS+JmkYbrsoHkony+Qk D5jADe4Jn4EoUFqCl6nuldbTWmI68SkBMxRtO6suITY4FIXEP/JYTh23hEil0BcJ38JI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] AMD/IOMMU: re-arrange/complete re-assignment handling Message-Id: Date: Wed, 01 Sep 2021 19:22:42 +0000 commit 899272539cbe1acda736a850015416fff653a1b6 Author: Jan Beulich AuthorDate: Wed Aug 25 14:16:26 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:16:26 2021 +0200 AMD/IOMMU: re-arrange/complete re-assignment handling Prior to the assignment step having completed successfully, devices should not get associated with their new owner. Hand the device to DomIO (perhaps temporarily), until after the de-assignment step has completed. De-assignment of a device (from other than Dom0) as well as failure of reassign_device() during assignment should result in unity mappings getting torn down. This in turn requires switching to a refcounted mapping approach, as was already used by VT-d for its RMRRs, to prevent unmapping a region used by multiple devices. This is CVE-2021-28696 / part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant --- xen/drivers/passthrough/amd/iommu.h | 6 ++- xen/drivers/passthrough/amd/iommu_map.c | 63 +++++++++++++++++------------ xen/drivers/passthrough/amd/pci_amd_iommu.c | 54 +++++++++++++++++++------ 3 files changed, 83 insertions(+), 40 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index 28a10789a9..ee4ef645fe 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -232,8 +232,10 @@ int __must_check amd_iommu_unmap_page(struct domain *d, dfn_t dfn, unsigned int *flush_flags); int __must_check amd_iommu_alloc_root(struct domain *d); int amd_iommu_reserve_domain_unity_map(struct domain *domain, - paddr_t phys_addr, unsigned long size, - int iw, int ir); + const struct ivrs_unity_map *map, + unsigned int flag); +int amd_iommu_reserve_domain_unity_unmap(struct domain *d, + const struct ivrs_unity_map *map); int __must_check amd_iommu_flush_iotlb_pages(struct domain *d, dfn_t dfn, unsigned long page_count, unsigned int flush_flags); diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 0d4dd7cc37..53cd5b4577 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -422,38 +422,49 @@ int amd_iommu_flush_iotlb_all(struct domain *d) return 0; } -int amd_iommu_reserve_domain_unity_map(struct domain *domain, - paddr_t phys_addr, - unsigned long size, int iw, int ir) +int amd_iommu_reserve_domain_unity_map(struct domain *d, + const struct ivrs_unity_map *map, + unsigned int flag) { - unsigned long npages, i; - unsigned long gfn; - unsigned int flags = !!ir; - unsigned int flush_flags = 0; - int rt = 0; - - if ( iw ) - flags |= IOMMUF_writable; - - npages = region_to_pages(phys_addr, size); - gfn = phys_addr >> PAGE_SHIFT; - for ( i = 0; i < npages; i++ ) + int rc; + + if ( d == dom_io ) + return 0; + + for ( rc = 0; !rc && map; map = map->next ) { - unsigned long frame = gfn + i; + p2m_access_t p2ma = p2m_access_n; - rt = amd_iommu_map_page(domain, _dfn(frame), _mfn(frame), flags, - &flush_flags); - if ( rt != 0 ) - break; + if ( map->read ) + p2ma |= p2m_access_r; + if ( map->write ) + p2ma |= p2m_access_w; + + rc = iommu_identity_mapping(d, p2ma, map->addr, + map->addr + map->length - 1, flag); } - /* Use while-break to avoid compiler warning */ - while ( flush_flags && - amd_iommu_flush_iotlb_pages(domain, _dfn(gfn), - npages, flush_flags) ) - break; + return rc; +} + +int amd_iommu_reserve_domain_unity_unmap(struct domain *d, + const struct ivrs_unity_map *map) +{ + int rc; + + if ( d == dom_io ) + return 0; + + for ( rc = 0; map; map = map->next ) + { + int ret = iommu_identity_mapping(d, p2m_access_x, map->addr, + map->addr + map->length - 1, 0); + + if ( ret && ret != -ENOENT && !rc ) + rc = ret; + } - return rt; + return rc; } int __init amd_iommu_quarantine_init(struct domain *d) diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 8ec7779b09..8c35f6d0f2 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -347,6 +347,7 @@ static int reassign_device(struct domain *source, struct domain *target, { struct amd_iommu *iommu; int bdf, rc; + const struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); bdf = PCI_BDF2(pdev->bus, pdev->devfn); iommu = find_iommu_for_device(pdev->seg, bdf); @@ -361,10 +362,24 @@ static int reassign_device(struct domain *source, struct domain *target, amd_iommu_disable_domain_device(source, iommu, devfn, pdev); - if ( devfn == pdev->devfn ) + /* + * If the device belongs to the hardware domain, and it has a unity mapping, + * don't remove it from the hardware domain, because BIOS may reference that + * mapping. + */ + if ( !is_hardware_domain(source) ) { - list_move(&pdev->domain_list, &target->pdev_list); - pdev->domain = target; + rc = amd_iommu_reserve_domain_unity_unmap( + source, + ivrs_mappings[get_dma_requestor_id(pdev->seg, bdf)].unity_map); + if ( rc ) + return rc; + } + + if ( devfn == pdev->devfn && pdev->domain != dom_io ) + { + list_move(&pdev->domain_list, &dom_io->pdev_list); + pdev->domain = dom_io; } rc = amd_iommu_setup_domain_device(target, iommu, devfn, pdev); @@ -374,6 +389,12 @@ static int reassign_device(struct domain *source, struct domain *target, AMD_IOMMU_DEBUG("Re-assign %pp from dom%d to dom%d\n", &pdev->sbdf, source->domain_id, target->domain_id); + if ( devfn == pdev->devfn && pdev->domain != target ) + { + list_move(&pdev->domain_list, &target->pdev_list); + pdev->domain = target; + } + return 0; } @@ -384,20 +405,28 @@ static int amd_iommu_assign_device(struct domain *d, u8 devfn, struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); int bdf = PCI_BDF2(pdev->bus, devfn); int req_id = get_dma_requestor_id(pdev->seg, bdf); - const struct ivrs_unity_map *unity_map; + int rc = amd_iommu_reserve_domain_unity_map( + d, ivrs_mappings[req_id].unity_map, flag); + + if ( !rc ) + rc = reassign_device(pdev->domain, d, devfn, pdev); - for ( unity_map = ivrs_mappings[req_id].unity_map; unity_map; - unity_map = unity_map->next ) + if ( rc && !is_hardware_domain(d) ) { - int rc = amd_iommu_reserve_domain_unity_map( - d, unity_map->addr, unity_map->length, - unity_map->write, unity_map->read); + int ret = amd_iommu_reserve_domain_unity_unmap( + d, ivrs_mappings[req_id].unity_map); - if ( rc ) - return rc; + if ( ret ) + { + printk(XENLOG_ERR "AMD-Vi: " + "unity-unmap for %pd/%04x:%02x:%02x.%u failed (%d)\n", + d, pdev->seg, pdev->bus, + PCI_SLOT(devfn), PCI_FUNC(devfn), ret); + domain_crash(d); + } } - return reassign_device(pdev->domain, d, devfn, pdev); + return rc; } static void amd_iommu_clear_root_pgtable(struct domain *d) @@ -411,6 +440,7 @@ static void amd_iommu_clear_root_pgtable(struct domain *d) static void amd_iommu_domain_destroy(struct domain *d) { + iommu_identity_map_teardown(d); ASSERT(!dom_iommu(d)->arch.amd.root_table); } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Sep 01 19:22:54 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 01 Sep 2021 19:22:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.176641.321433 (Exim 4.92) (envelope-from ) id 1mLVp0-0005XY-6P; Wed, 01 Sep 2021 19:22:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 176641.321433; Wed, 01 Sep 2021 19:22:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVp0-0005XP-34; Wed, 01 Sep 2021 19:22:54 +0000 Received: by outflank-mailman (input) for mailman id 176641; Wed, 01 Sep 2021 19:22:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVoz-0005XF-61 for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:22:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVoz-0000zj-5K for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:22:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mLVoz-0000p5-3k for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:22:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OVJ29XGvd5b/4LXolbVYifPSdz5WuKviQyl9LszG8rQ=; b=XM0wKcTXWctTxbdFgip/dcKFVO 5c7PKF8+lx45pmtYQA21ZRUqkVCqYGj7BN4c22T1X9xXXJ5/zfu9zx10eRRmAG6+8aNVySxWTLbod WaYtb+w6txUkpK1nsQPZfHxB9vgI8PkMz5+TnBT9dGZdcZmF199B1w0PiKTDyki4xyEo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] AMD/IOMMU: re-arrange exclusion range and unity map recording Message-Id: Date: Wed, 01 Sep 2021 19:22:53 +0000 commit 8ea80530cd0dbb8ffa7ac92606a3ee29663fdc93 Author: Jan Beulich AuthorDate: Wed Aug 25 14:16:46 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:16:46 2021 +0200 AMD/IOMMU: re-arrange exclusion range and unity map recording The spec makes no provisions for OS behavior here to depend on the amount of RAM found on the system. While the spec may not sufficiently clearly distinguish both kinds of regions, they are surely meant to be separate things: Only regions with ACPI_IVMD_EXCLUSION_RANGE set should be candidates for putting in the exclusion range registers. (As there's only a single such pair of registers per IOMMU, secondary non-adjacent regions with the flag set already get converted to unity mapped regions.) First of all, drop the dependency on max_page. With commit b4f042236ae0 ("AMD/IOMMU: Cease using a dynamic height for the IOMMU pagetables") the use of it here was stale anyway; it was bogus already before, as it didn't account for max_page getting increased later on. Simply try an exclusion range registration first, and if it fails (for being unsuitable or non-mergeable), register a unity mapping range. With this various local variables become unnecessary and hence get dropped at the same time. With the max_page boundary dropped for using unity maps, the minimum page table tree height now needs both recording and enforcing in amd_iommu_domain_init(). Since we can't predict which devices may get assigned to a domain, our only option is to uniformly force at least that height for all domains, now that the height isn't dynamic anymore. Further don't make use of the exclusion range unless ACPI data says so. Note that exclusion range registration in register_range_for_all_devices() is on a best effort basis. Hence unity map entries also registered are redundant when the former succeeded, but they also do no harm. Improvements in this area can be done later imo. Also adjust types where suitable without touching extra lines. This is part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant --- xen/drivers/passthrough/amd/iommu.h | 2 + xen/drivers/passthrough/amd/iommu_acpi.c | 184 ++++++++++++---------------- xen/drivers/passthrough/amd/pci_amd_iommu.c | 12 +- 3 files changed, 90 insertions(+), 108 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index ee4ef645fe..721d0c395b 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -304,6 +304,8 @@ extern struct hpet_sbdf { } init; } hpet_sbdf; +extern int amd_iommu_min_paging_mode; + extern void *shared_intremap_table; extern unsigned long *shared_intremap_inuse; diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c b/xen/drivers/passthrough/amd/iommu_acpi.c index f98a936ecd..2fdebd2d74 100644 --- a/xen/drivers/passthrough/amd/iommu_acpi.c +++ b/xen/drivers/passthrough/amd/iommu_acpi.c @@ -117,12 +117,8 @@ static struct amd_iommu * __init find_iommu_from_bdf_cap( } static int __init reserve_iommu_exclusion_range( - struct amd_iommu *iommu, uint64_t base, uint64_t limit, - bool all, bool iw, bool ir) + struct amd_iommu *iommu, paddr_t base, paddr_t limit, bool all) { - if ( !ir || !iw ) - return -EPERM; - /* need to extend exclusion range? */ if ( iommu->exclusion_enable ) { @@ -151,14 +147,18 @@ static int __init reserve_unity_map_for_device( { struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(seg); struct ivrs_unity_map *unity_map = ivrs_mappings[bdf].unity_map; + int paging_mode = amd_iommu_get_paging_mode(PFN_UP(base + length)); + + if ( paging_mode < 0 ) + return paging_mode; /* Check for overlaps. */ for ( ; unity_map; unity_map = unity_map->next ) { /* * Exact matches are okay. This can in particular happen when - * register_exclusion_range_for_device() calls here twice for the - * same (s,b,d,f). + * register_range_for_device() calls here twice for the same + * (s,b,d,f). */ if ( base == unity_map->addr && length == unity_map->length && ir == unity_map->read && iw == unity_map->write ) @@ -186,55 +186,52 @@ static int __init reserve_unity_map_for_device( unity_map->next = ivrs_mappings[bdf].unity_map; ivrs_mappings[bdf].unity_map = unity_map; + if ( paging_mode > amd_iommu_min_paging_mode ) + amd_iommu_min_paging_mode = paging_mode; + return 0; } -static int __init register_exclusion_range_for_all_devices( - unsigned long base, unsigned long limit, u8 iw, u8 ir) +static int __init register_range_for_all_devices( + paddr_t base, paddr_t limit, bool iw, bool ir, bool exclusion) { int seg = 0; /* XXX */ - unsigned long range_top, iommu_top, length; struct amd_iommu *iommu; - unsigned int bdf; int rc = 0; /* is part of exclusion range inside of IOMMU virtual address space? */ /* note: 'limit' parameter is assumed to be page-aligned */ - range_top = limit + PAGE_SIZE; - iommu_top = max_page * PAGE_SIZE; - if ( base < iommu_top ) - { - if ( range_top > iommu_top ) - range_top = iommu_top; - length = range_top - base; - /* reserve r/w unity-mapped page entries for devices */ - /* note: these entries are part of the exclusion range */ - for ( bdf = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) - rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); - /* push 'base' just outside of virtual address space */ - base = iommu_top; - } - /* register IOMMU exclusion range settings */ - if ( !rc && limit >= iommu_top ) + if ( exclusion ) { for_each_amd_iommu( iommu ) { - rc = reserve_iommu_exclusion_range(iommu, base, limit, - true /* all */, iw, ir); - if ( rc ) - break; + int ret = reserve_iommu_exclusion_range(iommu, base, limit, + true /* all */); + + if ( ret && !rc ) + rc = ret; } } + if ( !exclusion || rc ) + { + paddr_t length = limit + PAGE_SIZE - base; + unsigned int bdf; + + /* reserve r/w unity-mapped page entries for devices */ + for ( bdf = rc = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) + rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); + } + return rc; } -static int __init register_exclusion_range_for_device( - u16 bdf, unsigned long base, unsigned long limit, u8 iw, u8 ir) +static int __init register_range_for_device( + unsigned int bdf, paddr_t base, paddr_t limit, + bool iw, bool ir, bool exclusion) { int seg = 0; /* XXX */ struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(seg); - unsigned long range_top, iommu_top, length; struct amd_iommu *iommu; u16 req; int rc = 0; @@ -248,27 +245,19 @@ static int __init register_exclusion_range_for_device( req = ivrs_mappings[bdf].dte_requestor_id; /* note: 'limit' parameter is assumed to be page-aligned */ - range_top = limit + PAGE_SIZE; - iommu_top = max_page * PAGE_SIZE; - if ( base < iommu_top ) + if ( exclusion ) + rc = reserve_iommu_exclusion_range(iommu, base, limit, + false /* all */); + if ( !exclusion || rc ) { - if ( range_top > iommu_top ) - range_top = iommu_top; - length = range_top - base; + paddr_t length = limit + PAGE_SIZE - base; + /* reserve unity-mapped page entries for device */ - /* note: these entries are part of the exclusion range */ rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir) ?: reserve_unity_map_for_device(seg, req, base, length, iw, ir); - - /* push 'base' just outside of virtual address space */ - base = iommu_top; } - - /* register IOMMU exclusion range settings for device */ - if ( !rc && limit >= iommu_top ) + else { - rc = reserve_iommu_exclusion_range(iommu, base, limit, - false /* all */, iw, ir); ivrs_mappings[bdf].dte_allow_exclusion = true; ivrs_mappings[req].dte_allow_exclusion = true; } @@ -276,53 +265,42 @@ static int __init register_exclusion_range_for_device( return rc; } -static int __init register_exclusion_range_for_iommu_devices( - struct amd_iommu *iommu, - unsigned long base, unsigned long limit, u8 iw, u8 ir) +static int __init register_range_for_iommu_devices( + struct amd_iommu *iommu, paddr_t base, paddr_t limit, + bool iw, bool ir, bool exclusion) { - unsigned long range_top, iommu_top, length; + /* note: 'limit' parameter is assumed to be page-aligned */ + paddr_t length = limit + PAGE_SIZE - base; unsigned int bdf; u16 req; - int rc = 0; + int rc; - /* is part of exclusion range inside of IOMMU virtual address space? */ - /* note: 'limit' parameter is assumed to be page-aligned */ - range_top = limit + PAGE_SIZE; - iommu_top = max_page * PAGE_SIZE; - if ( base < iommu_top ) + if ( exclusion ) { - if ( range_top > iommu_top ) - range_top = iommu_top; - length = range_top - base; - /* reserve r/w unity-mapped page entries for devices */ - /* note: these entries are part of the exclusion range */ - for ( bdf = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) - { - if ( iommu == find_iommu_for_device(iommu->seg, bdf) ) - { - req = get_ivrs_mappings(iommu->seg)[bdf].dte_requestor_id; - rc = reserve_unity_map_for_device(iommu->seg, bdf, base, length, - iw, ir) ?: - reserve_unity_map_for_device(iommu->seg, req, base, length, - iw, ir); - } - } - - /* push 'base' just outside of virtual address space */ - base = iommu_top; + rc = reserve_iommu_exclusion_range(iommu, base, limit, true /* all */); + if ( !rc ) + return 0; } - /* register IOMMU exclusion range settings */ - if ( !rc && limit >= iommu_top ) - rc = reserve_iommu_exclusion_range(iommu, base, limit, - true /* all */, iw, ir); + /* reserve unity-mapped page entries for devices */ + for ( bdf = rc = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) + { + if ( iommu != find_iommu_for_device(iommu->seg, bdf) ) + continue; + + req = get_ivrs_mappings(iommu->seg)[bdf].dte_requestor_id; + rc = reserve_unity_map_for_device(iommu->seg, bdf, base, length, + iw, ir) ?: + reserve_unity_map_for_device(iommu->seg, req, base, length, + iw, ir); + } return rc; } static int __init parse_ivmd_device_select( const struct acpi_ivrs_memory *ivmd_block, - unsigned long base, unsigned long limit, u8 iw, u8 ir) + paddr_t base, paddr_t limit, bool iw, bool ir, bool exclusion) { u16 bdf; @@ -333,12 +311,12 @@ static int __init parse_ivmd_device_select( return -ENODEV; } - return register_exclusion_range_for_device(bdf, base, limit, iw, ir); + return register_range_for_device(bdf, base, limit, iw, ir, exclusion); } static int __init parse_ivmd_device_range( const struct acpi_ivrs_memory *ivmd_block, - unsigned long base, unsigned long limit, u8 iw, u8 ir) + paddr_t base, paddr_t limit, bool iw, bool ir, bool exclusion) { unsigned int first_bdf, last_bdf, bdf; int error; @@ -360,15 +338,15 @@ static int __init parse_ivmd_device_range( } for ( bdf = first_bdf, error = 0; (bdf <= last_bdf) && !error; bdf++ ) - error = register_exclusion_range_for_device( - bdf, base, limit, iw, ir); + error = register_range_for_device( + bdf, base, limit, iw, ir, exclusion); return error; } static int __init parse_ivmd_device_iommu( const struct acpi_ivrs_memory *ivmd_block, - unsigned long base, unsigned long limit, u8 iw, u8 ir) + paddr_t base, paddr_t limit, bool iw, bool ir, bool exclusion) { int seg = 0; /* XXX */ struct amd_iommu *iommu; @@ -383,14 +361,14 @@ static int __init parse_ivmd_device_iommu( return -ENODEV; } - return register_exclusion_range_for_iommu_devices( - iommu, base, limit, iw, ir); + return register_range_for_iommu_devices( + iommu, base, limit, iw, ir, exclusion); } static int __init parse_ivmd_block(const struct acpi_ivrs_memory *ivmd_block) { unsigned long start_addr, mem_length, base, limit; - u8 iw, ir; + bool iw = true, ir = true, exclusion = false; if ( ivmd_block->header.length < sizeof(*ivmd_block) ) { @@ -407,13 +385,11 @@ static int __init parse_ivmd_block(const struct acpi_ivrs_memory *ivmd_block) ivmd_block->header.type, start_addr, mem_length); if ( ivmd_block->header.flags & ACPI_IVMD_EXCLUSION_RANGE ) - iw = ir = IOMMU_CONTROL_ENABLED; + exclusion = true; else if ( ivmd_block->header.flags & ACPI_IVMD_UNITY ) { - iw = ivmd_block->header.flags & ACPI_IVMD_READ ? - IOMMU_CONTROL_ENABLED : IOMMU_CONTROL_DISABLED; - ir = ivmd_block->header.flags & ACPI_IVMD_WRITE ? - IOMMU_CONTROL_ENABLED : IOMMU_CONTROL_DISABLED; + iw = ivmd_block->header.flags & ACPI_IVMD_READ; + ir = ivmd_block->header.flags & ACPI_IVMD_WRITE; } else { @@ -424,20 +400,20 @@ static int __init parse_ivmd_block(const struct acpi_ivrs_memory *ivmd_block) switch( ivmd_block->header.type ) { case ACPI_IVRS_TYPE_MEMORY_ALL: - return register_exclusion_range_for_all_devices( - base, limit, iw, ir); + return register_range_for_all_devices( + base, limit, iw, ir, exclusion); case ACPI_IVRS_TYPE_MEMORY_ONE: - return parse_ivmd_device_select(ivmd_block, - base, limit, iw, ir); + return parse_ivmd_device_select(ivmd_block, base, limit, + iw, ir, exclusion); case ACPI_IVRS_TYPE_MEMORY_RANGE: - return parse_ivmd_device_range(ivmd_block, - base, limit, iw, ir); + return parse_ivmd_device_range(ivmd_block, base, limit, + iw, ir, exclusion); case ACPI_IVRS_TYPE_MEMORY_IOMMU: - return parse_ivmd_device_iommu(ivmd_block, - base, limit, iw, ir); + return parse_ivmd_device_iommu(ivmd_block, base, limit, + iw, ir, exclusion); default: AMD_IOMMU_DEBUG("IVMD Error: Invalid Block Type!\n"); diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 8c35f6d0f2..342fce6fff 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -246,6 +246,8 @@ int amd_iommu_alloc_root(struct domain *d) return 0; } +int __read_mostly amd_iommu_min_paging_mode = 1; + static int amd_iommu_domain_init(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); @@ -257,11 +259,13 @@ static int amd_iommu_domain_init(struct domain *d) * - HVM could in principle use 3 or 4 depending on how much guest * physical address space we give it, but this isn't known yet so use 4 * unilaterally. + * - Unity maps may require an even higher number. */ - hd->arch.amd.paging_mode = amd_iommu_get_paging_mode( - is_hvm_domain(d) - ? 1ul << (DEFAULT_DOMAIN_ADDRESS_WIDTH - PAGE_SHIFT) - : get_upper_mfn_bound() + 1); + hd->arch.amd.paging_mode = max(amd_iommu_get_paging_mode( + is_hvm_domain(d) + ? 1ul << (DEFAULT_DOMAIN_ADDRESS_WIDTH - PAGE_SHIFT) + : get_upper_mfn_bound() + 1), + amd_iommu_min_paging_mode); return 0; } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Sep 01 19:23:04 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 01 Sep 2021 19:23:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.176642.321437 (Exim 4.92) (envelope-from ) id 1mLVpA-0005ay-8w; Wed, 01 Sep 2021 19:23:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 176642.321437; Wed, 01 Sep 2021 19:23:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVpA-0005aq-66; Wed, 01 Sep 2021 19:23:04 +0000 Received: by outflank-mailman (input) for mailman id 176642; Wed, 01 Sep 2021 19:23:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVp9-0005ae-AN for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:23:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVp9-00010T-9c for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:23:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mLVp9-0000ru-8Q for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:23:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=w5Tkj0Wk2HbOf4LEueVe/yRvnCYy67fQQ3Q3E+bF1lw=; b=6NJqO3ksXdy0vigslANKugf97W tHmb1p8oxeHpkIv5nTxDbDAz90c5dgT/logPOE0OzoumB4/uLVcNE3HOWyNIFHyQisht0YWbTtkwv yrJ6ckJdTbg2/jmsrJt4bopOuXwDkwrTbhxl59sa6IB0zNfx0BFSt/ebtRA4m9NLa0FU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/p2m: introduce p2m_is_special() Message-Id: Date: Wed, 01 Sep 2021 19:23:03 +0000 commit 0bf755e2c856628e11e93c76c3e12974e9964638 Author: Jan Beulich AuthorDate: Wed Aug 25 14:17:07 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:17:07 2021 +0200 x86/p2m: introduce p2m_is_special() Seeing the similarity of grant, foreign, and (subsequently) direct-MMIO handling, introduce a new P2M type group named "special" (as in "needing special accessors to create/destroy"). Also use -EPERM instead of other error codes on the two domain_crash() paths touched. This is part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant --- xen/arch/x86/mm/p2m.c | 15 +++++++-------- xen/include/asm-x86/p2m.h | 5 +++++ 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index b8bdd55cd2..0ca849ec77 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -817,7 +817,7 @@ p2m_remove_page(struct p2m_domain *p2m, gfn_t gfn, mfn_t mfn, for ( i = 0; i < (1UL << page_order); i++ ) { p2m->get_entry(p2m, gfn_add(gfn, i), &t, &a, 0, NULL, NULL); - if ( !p2m_is_grant(t) && !p2m_is_shared(t) && !p2m_is_foreign(t) ) + if ( !p2m_is_special(t) && !p2m_is_shared(t) ) set_gpfn_from_mfn(mfn_x(mfn) + i, INVALID_M2P_ENTRY); } } @@ -954,13 +954,13 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, &ot, &a, 0, NULL, NULL); ASSERT(!p2m_is_shared(ot)); } - if ( p2m_is_grant(ot) || p2m_is_foreign(ot) ) + if ( p2m_is_special(ot) ) { - /* Really shouldn't be unmapping grant/foreign maps this way */ + /* Don't permit unmapping grant/foreign this way. */ domain_crash(d); p2m_unlock(p2m); - return -EINVAL; + return -EPERM; } else if ( p2m_is_ram(ot) && !p2m_is_paged(ot) ) { @@ -1053,8 +1053,7 @@ int p2m_change_type_one(struct domain *d, unsigned long gfn_l, struct p2m_domain *p2m = p2m_get_hostp2m(d); int rc; - BUG_ON(p2m_is_grant(ot) || p2m_is_grant(nt)); - BUG_ON(p2m_is_foreign(ot) || p2m_is_foreign(nt)); + BUG_ON(p2m_is_special(ot) || p2m_is_special(nt)); gfn_lock(p2m, gfn, 0); @@ -1300,11 +1299,11 @@ static int set_typed_p2m_entry(struct domain *d, unsigned long gfn_l, gfn_unlock(p2m, gfn, order); return cur_order + 1; } - if ( p2m_is_grant(ot) || p2m_is_foreign(ot) ) + if ( p2m_is_special(ot) ) { gfn_unlock(p2m, gfn, order); domain_crash(d); - return -ENOENT; + return -EPERM; } else if ( p2m_is_ram(ot) ) { diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index b9e35d5e71..bf9967a023 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -154,6 +154,10 @@ typedef unsigned int p2m_query_t; | p2m_to_mask(p2m_ram_logdirty) ) #define P2M_SHARED_TYPES (p2m_to_mask(p2m_ram_shared)) +/* Types established/cleaned up via special accessors. */ +#define P2M_SPECIAL_TYPES (P2M_GRANT_TYPES | \ + p2m_to_mask(p2m_map_foreign)) + /* Valid types not necessarily associated with a (valid) MFN. */ #define P2M_INVALID_MFN_TYPES (P2M_POD_TYPES \ | p2m_to_mask(p2m_mmio_direct) \ @@ -182,6 +186,7 @@ typedef unsigned int p2m_query_t; #define p2m_is_paged(_t) (p2m_to_mask(_t) & P2M_PAGED_TYPES) #define p2m_is_sharable(_t) (p2m_to_mask(_t) & P2M_SHARABLE_TYPES) #define p2m_is_shared(_t) (p2m_to_mask(_t) & P2M_SHARED_TYPES) +#define p2m_is_special(_t) (p2m_to_mask(_t) & P2M_SPECIAL_TYPES) #define p2m_is_broken(_t) (p2m_to_mask(_t) & P2M_BROKEN_TYPES) #define p2m_is_foreign(_t) (p2m_to_mask(_t) & p2m_to_mask(p2m_map_foreign)) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Sep 01 19:23:14 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 01 Sep 2021 19:23:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.176643.321441 (Exim 4.92) (envelope-from ) id 1mLVpK-0005du-Ab; Wed, 01 Sep 2021 19:23:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 176643.321441; Wed, 01 Sep 2021 19:23:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVpK-0005dm-7c; Wed, 01 Sep 2021 19:23:14 +0000 Received: by outflank-mailman (input) for mailman id 176643; Wed, 01 Sep 2021 19:23:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVpJ-0005dc-EN for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:23:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVpJ-00010h-De for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:23:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mLVpJ-0000tM-Cm for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:23:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=lQBCISdl+KE6z3rYf4XoieXC3lsRa0Stlpgv4w6dZPY=; b=MfacqaDQfIIziTxZ56vXwit77c 5fM2z2SaNXUuPJKQgZhnYbhyodK2ypjBZt1FtFREo2Uaf4DdYvIK6uIHbIb4fanKx7h30DyNdcHNX ETQYYHSF4PKJvFxQRro9XW0Vl2OF6n+WoflxfvNoi2fSfU/rybt2dwZTuu6ZaEByix9Q=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/p2m: guard (in particular) identity mapping entries Message-Id: Date: Wed, 01 Sep 2021 19:23:13 +0000 commit 753cb68e653002e89fdcd1c80e52905fdbfb78cb Author: Jan Beulich AuthorDate: Wed Aug 25 14:17:32 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:17:32 2021 +0200 x86/p2m: guard (in particular) identity mapping entries Such entries, created by set_identity_p2m_entry(), should only be destroyed by clear_identity_p2m_entry(). However, similarly, entries created by set_mmio_p2m_entry() should only be torn down by clear_mmio_p2m_entry(), so the logic gets based upon p2m_mmio_direct as the entry type (separation between "ordinary" and 1:1 mappings would require a further indicator to tell apart the two). As to the guest_remove_page() change, commit 48dfb297a20a ("x86/PVH: allow guest_remove_page to remove p2m_mmio_direct pages"), which introduced the call to clear_mmio_p2m_entry(), claimed this was done for hwdom only without this actually having been the case. However, this code shouldn't be there in the first place, as MMIO entries shouldn't be dropped this way. Avoid triggering the warning again that 48dfb297a20a silenced by an adjustment to xenmem_add_to_physmap_one() instead. Note that guest_physmap_mark_populate_on_demand() gets tightened beyond the immediate purpose of this change. Note also that I didn't inspect code which isn't security supported, e.g. sharing, paging, or altp2m. This is CVE-2021-28694 / part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant --- xen/arch/x86/mm/p2m-pod.c | 12 ++++++------ xen/arch/x86/mm/p2m.c | 15 +++++++++------ xen/common/memory.c | 11 ++++++++++- xen/include/asm-x86/p2m.h | 13 ++----------- 4 files changed, 27 insertions(+), 24 deletions(-) diff --git a/xen/arch/x86/mm/p2m-pod.c b/xen/arch/x86/mm/p2m-pod.c index ae153fa6e6..8abc57265c 100644 --- a/xen/arch/x86/mm/p2m-pod.c +++ b/xen/arch/x86/mm/p2m-pod.c @@ -1299,17 +1299,17 @@ guest_physmap_mark_populate_on_demand(struct domain *d, unsigned long gfn_l, p2m->get_entry(p2m, gfn_add(gfn, i), &ot, &a, 0, &cur_order, NULL); n = 1UL << min(order, cur_order); - if ( p2m_is_ram(ot) ) + if ( ot == p2m_populate_on_demand ) + { + /* Count how many PoD entries we'll be replacing if successful */ + pod_count += n; + } + else if ( ot != p2m_invalid && ot != p2m_mmio_dm ) { P2M_DEBUG("gfn_to_mfn returned type %d!\n", ot); rc = -EBUSY; goto out; } - else if ( ot == p2m_populate_on_demand ) - { - /* Count how man PoD entries we'll be replacing if successful */ - pod_count += n; - } } /* Now, actually do the two-way mapping */ diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 0ca849ec77..09cbd8a07d 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -805,7 +805,8 @@ p2m_remove_page(struct p2m_domain *p2m, gfn_t gfn, mfn_t mfn, &cur_order, NULL); if ( p2m_is_valid(t) && - (!mfn_valid(mfn) || !mfn_eq(mfn_add(mfn, i), mfn_return)) ) + (!mfn_valid(mfn) || t == p2m_mmio_direct || + !mfn_eq(mfn_add(mfn, i), mfn_return)) ) return -EILSEQ; i += (1UL << cur_order) - @@ -912,7 +913,7 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, if ( p2m_is_foreign(t) ) return -EINVAL; - if ( !mfn_valid(mfn) ) + if ( !mfn_valid(mfn) || t == p2m_mmio_direct ) { ASSERT_UNREACHABLE(); return -EINVAL; @@ -956,7 +957,7 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, } if ( p2m_is_special(ot) ) { - /* Don't permit unmapping grant/foreign this way. */ + /* Don't permit unmapping grant/foreign/direct-MMIO this way. */ domain_crash(d); p2m_unlock(p2m); @@ -1364,8 +1365,8 @@ int set_mmio_p2m_entry(struct domain *d, gfn_t gfn, mfn_t mfn, * order+1 for caller to retry with order (guaranteed smaller than * the order value passed in) */ -int clear_mmio_p2m_entry(struct domain *d, unsigned long gfn_l, mfn_t mfn, - unsigned int order) +static int clear_mmio_p2m_entry(struct domain *d, unsigned long gfn_l, + mfn_t mfn, unsigned int order) { int rc = -EINVAL; gfn_t gfn = _gfn(gfn_l); @@ -2766,7 +2767,9 @@ int xenmem_add_to_physmap_one( /* Remove previously mapped page if it was present. */ prev_mfn = get_gfn(d, gfn_x(gpfn), &p2mt); - if ( mfn_valid(prev_mfn) ) + if ( p2mt == p2m_mmio_direct ) + rc = -EPERM; + else if ( mfn_valid(prev_mfn) ) { if ( is_special_page(mfn_to_page(prev_mfn)) ) /* Special pages are simply unhooked from this phys slot. */ diff --git a/xen/common/memory.c b/xen/common/memory.c index e07bd9a5ea..74babb0bd7 100644 --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -332,7 +332,7 @@ int guest_remove_page(struct domain *d, unsigned long gmfn) } if ( p2mt == p2m_mmio_direct ) { - rc = clear_mmio_p2m_entry(d, gmfn, mfn, PAGE_ORDER_4K); + rc = -EPERM; goto out_put_gfn; } #else @@ -1888,6 +1888,15 @@ int check_get_page_from_gfn(struct domain *d, gfn_t gfn, bool readonly, return -EAGAIN; } #endif +#ifdef CONFIG_X86 + if ( p2mt == p2m_mmio_direct ) + { + if ( page ) + put_page(page); + + return -EPERM; + } +#endif if ( !page ) return -EINVAL; diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index bf9967a023..c6d41ac0b6 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -156,7 +156,8 @@ typedef unsigned int p2m_query_t; /* Types established/cleaned up via special accessors. */ #define P2M_SPECIAL_TYPES (P2M_GRANT_TYPES | \ - p2m_to_mask(p2m_map_foreign)) + p2m_to_mask(p2m_map_foreign) | \ + p2m_to_mask(p2m_mmio_direct)) /* Valid types not necessarily associated with a (valid) MFN. */ #define P2M_INVALID_MFN_TYPES (P2M_POD_TYPES \ @@ -627,19 +628,9 @@ int p2m_finish_type_change(struct domain *d, int p2m_is_logdirty_range(struct p2m_domain *, unsigned long start, unsigned long end); -#ifdef CONFIG_HVM /* Set mmio addresses in the p2m table (for pass-through) */ int set_mmio_p2m_entry(struct domain *d, gfn_t gfn, mfn_t mfn, unsigned int order); -int clear_mmio_p2m_entry(struct domain *d, unsigned long gfn, mfn_t mfn, - unsigned int order); -#else -static inline int clear_mmio_p2m_entry(struct domain *d, unsigned long gfn, - mfn_t mfn, unsigned int order) -{ - return -EIO; -} -#endif /* Set identity addresses in the p2m table (for pass-through) */ int set_identity_p2m_entry(struct domain *d, unsigned long gfn, -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Sep 01 19:23:24 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 01 Sep 2021 19:23:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.176644.321445 (Exim 4.92) (envelope-from ) id 1mLVpU-0005gv-CD; Wed, 01 Sep 2021 19:23:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 176644.321445; Wed, 01 Sep 2021 19:23:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVpU-0005gn-9B; Wed, 01 Sep 2021 19:23:24 +0000 Received: by outflank-mailman (input) for mailman id 176644; Wed, 01 Sep 2021 19:23:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVpT-0005gV-IH for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:23:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVpT-00010x-HX for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:23:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mLVpT-0000ud-GW for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:23:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=yD3/+QxgGX1cPgtIbd4kBcGMnWT+g9l+EdgMhBXsYqo=; b=b6SuguprmWhfYRReiTOxrHrvgk xxrpN9IrsIgC0j9knapVDWIPWHmJAtut31nR8GpR6/I0oZVQINfy0PznNY661A6CyOyzYNDAsldJW U+Qoa8VFc17zvL7xdsZbE8Nf/V4lMc3og9HQrKP3vJPLAvjRGEXBVB3OkYynWjiaH/Fo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/mm: widen locked region in xenmem_add_to_physmap_one() Message-Id: Date: Wed, 01 Sep 2021 19:23:23 +0000 commit f147422bf9476fb8161b43e35f5901571ed17c35 Author: Jan Beulich AuthorDate: Wed Aug 25 14:17:56 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:17:56 2021 +0200 x86/mm: widen locked region in xenmem_add_to_physmap_one() For pages which can be made part of the P2M by the guest, but which can also later be de-allocated (grant table v2 status pages being the present example), it is imperative that they be mapped at no more than a single GFN. We therefore need to make sure that of two parallel XENMAPSPACE_grant_table requests for the same status page one completes before the second checks at which other GFN the underlying MFN is presently mapped. Pull ahead the respective get_gfn() and push down the respective put_gfn(). This leverages that gfn_lock() really aliases p2m_lock(), but the function makes this assumption already anyway: In the XENMAPSPACE_gmfn case lock nesting constraints for both involved GFNs would otherwise need to be enforced to avoid ABBA deadlocks. This is CVE-2021-28697 / XSA-379. Signed-off-by: Jan Beulich Reviewed-by: Julien Grall --- xen/arch/x86/mm/p2m.c | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 09cbd8a07d..1d17499543 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -2756,17 +2756,29 @@ int xenmem_add_to_physmap_one( goto put_both; } + /* + * Note that we're (ab)using GFN locking (to really be locking of the + * entire P2M) here in (at least) two ways: Finer grained locking would + * expose lock order violations in the XENMAPSPACE_gmfn case (due to the + * earlier get_gfn_unshare() above). Plus at the very least for the grant + * table v2 status page case we need to guarantee that the same page can + * only appear at a single GFN. While this is a property we want in + * general, for pages which can subsequently be freed this imperative: + * Upon freeing we wouldn't be able to find other mappings in the P2M + * (unless we did a brute force search). + */ + prev_mfn = get_gfn(d, gfn_x(gpfn), &p2mt); + /* XENMAPSPACE_gmfn: Check if the MFN is associated with another GFN. */ old_gpfn = get_gpfn_from_mfn(mfn_x(mfn)); ASSERT(!SHARED_M2P(old_gpfn)); if ( space == XENMAPSPACE_gmfn && old_gpfn != gfn ) { rc = -EXDEV; - goto put_both; + goto put_all; } /* Remove previously mapped page if it was present. */ - prev_mfn = get_gfn(d, gfn_x(gpfn), &p2mt); if ( p2mt == p2m_mmio_direct ) rc = -EPERM; else if ( mfn_valid(prev_mfn) ) @@ -2778,20 +2790,18 @@ int xenmem_add_to_physmap_one( /* Normal domain memory is freed, to avoid leaking memory. */ rc = guest_remove_page(d, gfn_x(gpfn)); } - /* In the XENMAPSPACE_gmfn case we still hold a ref on the old page. */ - put_gfn(d, gfn_x(gpfn)); - - if ( rc ) - goto put_both; /* Unmap from old location, if any. */ - if ( old_gpfn != INVALID_M2P_ENTRY ) + if ( !rc && old_gpfn != INVALID_M2P_ENTRY ) rc = guest_physmap_remove_page(d, _gfn(old_gpfn), mfn, PAGE_ORDER_4K); /* Map at new location. */ if ( !rc ) rc = guest_physmap_add_page(d, gpfn, mfn, PAGE_ORDER_4K); + put_all: + put_gfn(d, gfn_x(gpfn)); + put_both: /* * In the XENMAPSPACE_gmfn case, we took a ref of the gfn at the top. -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Sep 01 19:23:34 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 01 Sep 2021 19:23:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.176645.321449 (Exim 4.92) (envelope-from ) id 1mLVpe-0005jw-Dh; Wed, 01 Sep 2021 19:23:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 176645.321449; Wed, 01 Sep 2021 19:23:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVpe-0005jo-Am; Wed, 01 Sep 2021 19:23:34 +0000 Received: by outflank-mailman (input) for mailman id 176645; Wed, 01 Sep 2021 19:23:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVpd-0005ji-MO for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:23:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVpd-000117-Lg for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:23:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mLVpd-0000vo-Kk for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:23:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/cOHiK8HagkiPIRAl2q2efKQP3cAOviA2gseL7z46j4=; b=bXn90JZg7OJeiQGRwCB4TzIOfN 6JK13VCzy4au+VXtxEmeL9Kx0eDHDXvpBMXH/rmC82QLWSNkLJNE1wgikLx2uF89kjNlkF2hBrSgV ruqWtIEOOGbwdF+FBq+KTyMLL3ypH5MI3aJ+K6d7DEI2NZ6Rgrw/IjSp+a3nhoiipNo8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] gnttab: add preemption check to gnttab_release_mappings() Message-Id: Date: Wed, 01 Sep 2021 19:23:33 +0000 commit b1ee10be5625b7d502cef1e6ee3818610ab0d29c Author: Jan Beulich AuthorDate: Wed Aug 25 14:18:18 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:18:18 2021 +0200 gnttab: add preemption check to gnttab_release_mappings() A guest may die with many grant mappings still in place, or simply with a large maptrack table. Iterating through this may take more time than is reasonable without intermediate preemption (to run softirqs and perhaps the scheduler). Move the invocation of the function to the section where other restartable functions get invoked, and have the function itself check for preemption every once in a while. Have it iterate the table backwards, such that decreasing the maptrack limit is all it takes to convey restart information. In domain_teardown() introduce PROG_none such that inserting at the front will be easier going forward. This is part of CVE-2021-28698 / XSA-380. Reported-by: Andrew Cooper Signed-off-by: Jan Beulich Reviewed-by: Julien Grall --- xen/common/domain.c | 12 ++++++++--- xen/common/grant_table.c | 46 ++++++++++++++++++++++++++++++++++++------- xen/include/xen/grant_table.h | 6 ++---- 3 files changed, 50 insertions(+), 14 deletions(-) diff --git a/xen/common/domain.c b/xen/common/domain.c index 6b71c6d6a9..14b1341e53 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -412,11 +412,18 @@ static int domain_teardown(struct domain *d) v = d->teardown.vcpu enum { - PROG_vcpu_teardown = 1, + PROG_none, + PROG_gnttab_mappings, + PROG_vcpu_teardown, PROG_done, }; - case 0: + case PROG_none: + rc = gnttab_release_mappings(d); + if ( rc ) + return rc; + + PROGRESS(gnttab_mappings): for_each_vcpu ( d, v ) { PROGRESS_VCPU(teardown); @@ -908,7 +915,6 @@ int domain_kill(struct domain *d) return domain_kill(d); d->is_dying = DOMDYING_dying; argo_destroy(d); - gnttab_release_mappings(d); vnuma_destroy(d->vnuma); domain_set_outstanding_pages(d, 0); /* fallthrough */ diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index fab77ab9cc..17cce0154a 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -64,7 +64,13 @@ struct grant_table { unsigned int nr_grant_frames; /* Number of grant status frames shared with guest (for version 2) */ unsigned int nr_status_frames; - /* Number of available maptrack entries. */ + /* + * Number of available maptrack entries. For cleanup purposes it is + * important to realize that this field and @maptrack further down will + * only ever be accessed by the local domain. Thus it is okay to clean + * up early, and to shrink the limit for the purpose of tracking cleanup + * progress. + */ unsigned int maptrack_limit; /* Shared grant table (see include/public/grant_table.h). */ union { @@ -3679,9 +3685,7 @@ do_grant_table_op( #include "compat/grant_table.c" #endif -void -gnttab_release_mappings( - struct domain *d) +int gnttab_release_mappings(struct domain *d) { struct grant_table *gt = d->grant_table, *rgt; struct grant_mapping *map; @@ -3695,8 +3699,32 @@ gnttab_release_mappings( BUG_ON(!d->is_dying); - for ( handle = 0; handle < gt->maptrack_limit; handle++ ) + if ( !gt || !gt->maptrack ) + return 0; + + for ( handle = gt->maptrack_limit; handle; ) { + /* + * Deal with full pages such that their freeing (in the body of the + * if()) remains simple. + */ + if ( handle < gt->maptrack_limit && !(handle % MAPTRACK_PER_PAGE) ) + { + /* + * Changing maptrack_limit alters nr_maptrack_frames()'es return + * value. Free the then excess trailing page right here, rather + * than leaving it to grant_table_destroy() (and in turn requiring + * to leave gt->maptrack_limit unaltered). + */ + gt->maptrack_limit = handle; + FREE_XENHEAP_PAGE(gt->maptrack[nr_maptrack_frames(gt)]); + + if ( hypercall_preempt_check() ) + return -ERESTART; + } + + --handle; + map = &maptrack_entry(gt, handle); if ( !(map->flags & (GNTMAP_device_map|GNTMAP_host_map)) ) continue; @@ -3780,6 +3808,11 @@ gnttab_release_mappings( map->flags = 0; } + + gt->maptrack_limit = 0; + FREE_XENHEAP_PAGE(gt->maptrack[0]); + + return 0; } void grant_table_warn_active_grants(struct domain *d) @@ -3843,8 +3876,7 @@ grant_table_destroy( free_xenheap_page(t->shared_raw[i]); xfree(t->shared_raw); - for ( i = 0; i < nr_maptrack_frames(t); i++ ) - free_xenheap_page(t->maptrack[i]); + ASSERT(!t->maptrack_limit); vfree(t->maptrack); for ( i = 0; i < nr_active_grant_frames(t); i++ ) diff --git a/xen/include/xen/grant_table.h b/xen/include/xen/grant_table.h index 9f8b7e66c1..41713e2726 100644 --- a/xen/include/xen/grant_table.h +++ b/xen/include/xen/grant_table.h @@ -47,9 +47,7 @@ void grant_table_init_vcpu(struct vcpu *v); void grant_table_warn_active_grants(struct domain *d); /* Domain death release of granted mappings of other domains' memory. */ -void -gnttab_release_mappings( - struct domain *d); +int gnttab_release_mappings(struct domain *d); int mem_sharing_gref_to_gfn(struct grant_table *gt, grant_ref_t ref, gfn_t *gfn, uint16_t *status); @@ -80,7 +78,7 @@ static inline void grant_table_init_vcpu(struct vcpu *v) {} static inline void grant_table_warn_active_grants(struct domain *d) {} -static inline void gnttab_release_mappings(struct domain *d) {} +static inline int gnttab_release_mappings(struct domain *d) { return 0; } static inline int mem_sharing_gref_to_gfn(struct grant_table *gt, grant_ref_t ref, -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Sep 01 19:23:44 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 01 Sep 2021 19:23:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.176646.321453 (Exim 4.92) (envelope-from ) id 1mLVpo-0005mo-FR; Wed, 01 Sep 2021 19:23:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 176646.321453; Wed, 01 Sep 2021 19:23:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVpo-0005mg-CL; Wed, 01 Sep 2021 19:23:44 +0000 Received: by outflank-mailman (input) for mailman id 176646; Wed, 01 Sep 2021 19:23:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVpn-0005mU-Q2 for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:23:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVpn-00011G-PM for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:23:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mLVpn-0000xT-OV for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:23:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=oQttmDZUibRI2Ea+UOfDE42v2Ge1/w/pBLcVbEaMBTg=; b=wSJb0AToS34hbHhEO8aSmUgbTV tItVX7XILZ8r3brNAOVk+E1AMRF4vq/An2Im51JBFoJSFqH4j1528a/iMjTdyKQ8SDF4ssBYsPNdK Fw75IrCNB+V7iT0/2zCzxClwxUw30SG1dABCSk3XmDH36KhqpYPKnWbx1qWF4O8KLJwA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] gnttab: replace mapkind() Message-Id: Date: Wed, 01 Sep 2021 19:23:43 +0000 commit 9781b51efde251efcc0291ddb1d9c7cefe2b2555 Author: Jan Beulich AuthorDate: Wed Aug 25 14:18:39 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:18:39 2021 +0200 gnttab: replace mapkind() mapkind() doesn't scale very well with larger maptrack entry counts, using a brute force linear search through all entries, with the only option of an early loop exit if a matching writable entry was found. Introduce a radix tree alongside the main maptrack table, thus allowing much faster MFN-based lookup. To avoid the need to actually allocate space for the individual nodes, encode the two counters in the node pointers themselves, thus limiting the number of permitted simultaneous r/o and r/w mappings of the same MFN to 2³¹-1 (64-bit) / 2¹⁵-1 (32-bit) each. To avoid enforcing an unnecessarily low bound on the number of simultaneous mappings of a single MFN, introduce radix_tree_{ulong_to_ptr,ptr_to_ulong} paralleling radix_tree_{int_to_ptr,ptr_to_int}. As a consequence locking changes are also applicable: With there no longer being any inspection of the remote domain's active entries, there's also no need anymore to hold the remote domain's grant table lock. And since we're no longer iterating over the local domain's map track table, the lock in map_grant_ref() can also be dropped before the new maptrack entry actually gets populated. As a nice side effect this also reduces the number of IOMMU operations in unmap_common(): Previously we would have "established" a readable mapping whenever we didn't find a writable entry anymore (yet, of course, at least one readable one). But we only need to do this if we actually dropped the last writable entry, not if there were none already before. This is part of CVE-2021-28698 / XSA-380. Signed-off-by: Jan Beulich Reviewed-by: Julien Grall --- xen/common/grant_table.c | 201 ++++++++++++++++++++++++------------------- xen/include/xen/radix-tree.h | 19 ++++ 2 files changed, 131 insertions(+), 89 deletions(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 17cce0154a..76a78df405 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -37,6 +37,7 @@ #include #include #include +#include #include #include #include @@ -82,8 +83,13 @@ struct grant_table { grant_status_t **status; /* Active grant table. */ struct active_grant_entry **active; - /* Mapping tracking table per vcpu. */ + /* Handle-indexed tracking table of mappings. */ struct grant_mapping **maptrack; + /* + * MFN-indexed tracking tree of mappings, if needed. Note that this is + * protected by @lock, not @maptrack_lock. + */ + struct radix_tree_root maptrack_tree; /* Domain to which this struct grant_table belongs. */ const struct domain *domain; @@ -516,34 +522,6 @@ static int get_paged_frame(unsigned long gfn, mfn_t *mfn, return GNTST_okay; } -static inline void -double_gt_lock(struct grant_table *lgt, struct grant_table *rgt) -{ - /* - * See mapkind() for why the write lock is also required for the - * remote domain. - */ - if ( lgt < rgt ) - { - grant_write_lock(lgt); - grant_write_lock(rgt); - } - else - { - if ( lgt != rgt ) - grant_write_lock(rgt); - grant_write_lock(lgt); - } -} - -static inline void -double_gt_unlock(struct grant_table *lgt, struct grant_table *rgt) -{ - grant_write_unlock(lgt); - if ( lgt != rgt ) - grant_write_unlock(rgt); -} - #define INVALID_MAPTRACK_HANDLE UINT_MAX static inline grant_handle_t @@ -970,41 +948,17 @@ static struct active_grant_entry *grant_map_exists(const struct domain *ld, return ERR_PTR(-EINVAL); } -#define MAPKIND_READ 1 -#define MAPKIND_WRITE 2 -static unsigned int mapkind( - struct grant_table *lgt, const struct domain *rd, mfn_t mfn) -{ - struct grant_mapping *map; - grant_handle_t handle, limit = lgt->maptrack_limit; - unsigned int kind = 0; - - /* - * Must have the local domain's grant table write lock when - * iterating over its maptrack entries. - */ - ASSERT(percpu_rw_is_write_locked(&lgt->lock)); - /* - * Must have the remote domain's grant table write lock while - * counting its active entries. - */ - ASSERT(percpu_rw_is_write_locked(&rd->grant_table->lock)); - - smp_rmb(); - - for ( handle = 0; !(kind & MAPKIND_WRITE) && handle < limit; handle++ ) - { - map = &maptrack_entry(lgt, handle); - if ( !(map->flags & (GNTMAP_device_map|GNTMAP_host_map)) || - map->domid != rd->domain_id ) - continue; - if ( mfn_eq(_active_entry(rd->grant_table, map->ref).mfn, mfn) ) - kind |= map->flags & GNTMAP_readonly ? - MAPKIND_READ : MAPKIND_WRITE; - } - - return kind; -} +union maptrack_node { + struct { + /* Radix tree slot pointers use two of the bits. */ +#ifdef __BIG_ENDIAN_BITFIELD + unsigned long : 2; +#endif + unsigned long rd : BITS_PER_LONG / 2 - 1; + unsigned long wr : BITS_PER_LONG / 2 - 1; + } cnt; + unsigned long raw; +}; static void map_grant_ref( @@ -1023,7 +977,6 @@ map_grant_ref( struct grant_mapping *mt; grant_entry_header_t *shah; uint16_t *status; - bool_t need_iommu; ld = current->domain; @@ -1244,31 +1197,75 @@ map_grant_ref( * as mem-sharing and IOMMU use are incompatible). The dom_io case would * need checking separately if we compared against owner here. */ - need_iommu = ld != rd && gnttab_need_iommu_mapping(ld); - if ( need_iommu ) - { + if ( ld != rd && gnttab_need_iommu_mapping(ld) ) + { + union maptrack_node node = { + .cnt.rd = !!(op->flags & GNTMAP_readonly), + .cnt.wr = !(op->flags & GNTMAP_readonly), + }; + int err; + void **slot = NULL; unsigned int kind; - double_gt_lock(lgt, rgt); + grant_write_lock(lgt); + + err = radix_tree_insert(&lgt->maptrack_tree, mfn_x(mfn), + radix_tree_ulong_to_ptr(node.raw)); + if ( err == -EEXIST ) + { + slot = radix_tree_lookup_slot(&lgt->maptrack_tree, mfn_x(mfn)); + if ( likely(slot) ) + { + node.raw = radix_tree_ptr_to_ulong(*slot); + err = -EBUSY; + + /* Update node only when refcount doesn't overflow. */ + if ( op->flags & GNTMAP_readonly ? ++node.cnt.rd + : ++node.cnt.wr ) + { + radix_tree_replace_slot(slot, + radix_tree_ulong_to_ptr(node.raw)); + err = 0; + } + } + else + ASSERT_UNREACHABLE(); + } /* * We're not translated, so we know that dfns and mfns are * the same things, so the IOMMU entry is always 1-to-1. */ - kind = mapkind(lgt, rd, mfn); - if ( !(op->flags & GNTMAP_readonly) && - !(kind & MAPKIND_WRITE) ) + if ( !(op->flags & GNTMAP_readonly) && node.cnt.wr == 1 ) kind = IOMMUF_readable | IOMMUF_writable; - else if ( !kind ) + else if ( (op->flags & GNTMAP_readonly) && + node.cnt.rd == 1 && !node.cnt.wr ) kind = IOMMUF_readable; else kind = 0; - if ( kind && iommu_legacy_map(ld, _dfn(mfn_x(mfn)), mfn, 1, kind) ) + if ( err || + (kind && iommu_legacy_map(ld, _dfn(mfn_x(mfn)), mfn, 1, kind)) ) { - double_gt_unlock(lgt, rgt); + if ( !err ) + { + if ( slot ) + { + op->flags & GNTMAP_readonly ? node.cnt.rd-- + : node.cnt.wr--; + radix_tree_replace_slot(slot, + radix_tree_ulong_to_ptr(node.raw)); + } + else + radix_tree_delete(&lgt->maptrack_tree, mfn_x(mfn)); + } + rc = GNTST_general_error; - goto undo_out; } + + grant_write_unlock(lgt); + + if ( rc != GNTST_okay ) + goto undo_out; } TRACE_1D(TRC_MEM_PAGE_GRANT_MAP, op->dom); @@ -1276,10 +1273,6 @@ map_grant_ref( /* * All maptrack entry users check mt->flags first before using the * other fields so just ensure the flags field is stored last. - * - * However, if gnttab_need_iommu_mapping() then this would race - * with a concurrent mapkind() call (on an unmap, for example) - * and a lock is required. */ mt = &maptrack_entry(lgt, handle); mt->domid = op->dom; @@ -1287,9 +1280,6 @@ map_grant_ref( smp_wmb(); write_atomic(&mt->flags, op->flags); - if ( need_iommu ) - double_gt_unlock(lgt, rgt); - op->dev_bus_addr = mfn_to_maddr(mfn); op->handle = handle; op->status = GNTST_okay; @@ -1497,19 +1487,34 @@ unmap_common( /* See the respective comment in map_grant_ref(). */ if ( rc == GNTST_okay && ld != rd && gnttab_need_iommu_mapping(ld) ) { - unsigned int kind; + void **slot; + union maptrack_node node; int err = 0; - double_gt_lock(lgt, rgt); + grant_write_lock(lgt); + slot = radix_tree_lookup_slot(&lgt->maptrack_tree, mfn_x(op->mfn)); + node.raw = likely(slot) ? radix_tree_ptr_to_ulong(*slot) : 0; + + /* Refcount must not underflow. */ + if ( !(flags & GNTMAP_readonly ? node.cnt.rd-- + : node.cnt.wr--) ) + BUG(); - kind = mapkind(lgt, rd, op->mfn); - if ( !kind ) + if ( !node.raw ) err = iommu_legacy_unmap(ld, _dfn(mfn_x(op->mfn)), 1); - else if ( !(kind & MAPKIND_WRITE) ) + else if ( !(flags & GNTMAP_readonly) && !node.cnt.wr ) err = iommu_legacy_map(ld, _dfn(mfn_x(op->mfn)), op->mfn, 1, IOMMUF_readable); - double_gt_unlock(lgt, rgt); + if ( err ) + ; + else if ( !node.raw ) + radix_tree_delete(&lgt->maptrack_tree, mfn_x(op->mfn)); + else + radix_tree_replace_slot(slot, + radix_tree_ulong_to_ptr(node.raw)); + + grant_write_unlock(lgt); if ( err ) rc = GNTST_general_error; @@ -1956,6 +1961,8 @@ int grant_table_init(struct domain *d, int max_grant_frames, gt->maptrack = vzalloc(gt->max_maptrack_frames * sizeof(*gt->maptrack)); if ( gt->maptrack == NULL ) goto out; + + radix_tree_init(>->maptrack_tree); } /* Shared grant table. */ @@ -3704,6 +3711,8 @@ int gnttab_release_mappings(struct domain *d) for ( handle = gt->maptrack_limit; handle; ) { + mfn_t mfn; + /* * Deal with full pages such that their freeing (in the body of the * if()) remains simple. @@ -3801,17 +3810,31 @@ int gnttab_release_mappings(struct domain *d) reduce_status_for_pin(rd, act, status, map->flags & GNTMAP_readonly); + mfn = act->mfn; + active_entry_release(act); grant_read_unlock(rgt); rcu_unlock_domain(rd); map->flags = 0; + + /* + * This is excessive in that a single such call would suffice per + * mapped MFN (or none at all, if no entry was ever inserted). But it + * should be the common case for an MFN to be mapped just once, and + * this way we don't need to further maintain the counters. We also + * don't want to leave cleaning up of the tree as a whole to the end + * of the function, as this could take quite some time. + */ + radix_tree_delete(>->maptrack_tree, mfn_x(mfn)); } gt->maptrack_limit = 0; FREE_XENHEAP_PAGE(gt->maptrack[0]); + radix_tree_destroy(>->maptrack_tree, NULL); + return 0; } diff --git a/xen/include/xen/radix-tree.h b/xen/include/xen/radix-tree.h index ec40cf1d9e..58c40312e6 100644 --- a/xen/include/xen/radix-tree.h +++ b/xen/include/xen/radix-tree.h @@ -190,6 +190,25 @@ static inline int radix_tree_ptr_to_int(void *ptr) return (int)((long)ptr >> 2); } +/** + * radix_tree_{ulong_to_ptr,ptr_to_ulong}: + * + * Same for unsigned long values. Beware though that only BITS_PER_LONG-2 + * bits are actually usable for the value. + */ +static inline void *radix_tree_ulong_to_ptr(unsigned long val) +{ + unsigned long ptr = (val << 2) | 0x2; + ASSERT((ptr >> 2) == val); + return (void *)ptr; +} + +static inline unsigned long radix_tree_ptr_to_ulong(void *ptr) +{ + ASSERT(((unsigned long)ptr & 0x3) == 0x2); + return (unsigned long)ptr >> 2; +} + int radix_tree_insert(struct radix_tree_root *, unsigned long, void *); void *radix_tree_lookup(struct radix_tree_root *, unsigned long); void **radix_tree_lookup_slot(struct radix_tree_root *, unsigned long); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Sep 01 19:23:55 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 01 Sep 2021 19:23:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.176647.321457 (Exim 4.92) (envelope-from ) id 1mLVpz-0005q9-IQ; Wed, 01 Sep 2021 19:23:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 176647.321457; Wed, 01 Sep 2021 19:23:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVpz-0005q1-FT; Wed, 01 Sep 2021 19:23:55 +0000 Received: by outflank-mailman (input) for mailman id 176647; Wed, 01 Sep 2021 19:23:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVpx-0005pl-Th for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:23:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVpx-00011P-T1 for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:23:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mLVpx-0000yo-SH for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:23:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=O7Z/O/s2+iH9mSIwh+nuKRytBZlwB1pxM2bpdVcbSZE=; b=NezvEpDk5s3i8a/HFU/K7XRHPV MHSE3wlY8tNKqpZ2GgIqc8vT7oWENcmQWWnQxH+5KnZqBacyycB/GpMSDi2OF6JefhpCjqeNhM+6f D4f3JHriOjOTaAyG6K57g/WWG2BK27JqG1+O1h6ru3ygttXm2YZOACJAk+TBm1LBliR4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] gnttab: fix array capacity check in gnttab_get_status_frames() Message-Id: Date: Wed, 01 Sep 2021 19:23:53 +0000 commit ec820035b875cdbedce5e73f481ce65963ede9ed Author: Jan Beulich AuthorDate: Wed Aug 25 14:19:09 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:19:09 2021 +0200 gnttab: fix array capacity check in gnttab_get_status_frames() The number of grant frames is of no interest here; converting the passed in op.nr_frames this way means we allow for 8 times as many GFNs to be written as actually fit in the array. We would corrupt xlat areas of higher vCPU-s (after having faulted many times while trying to write to the guard pages between any two areas) for 32-bit PV guests. For HVM guests we'd simply crash as soon as we hit the first guard page, as accesses to the xlat area are simply memcpy() there. This is CVE-2021-28699 / XSA-382. Fixes: 18b1be5e324b ("gnttab: make resource limits per domain") Signed-off-by: Jan Beulich --- xen/common/grant_table.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 76a78df405..5190461053 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -3254,12 +3254,11 @@ gnttab_get_status_frames(XEN_GUEST_HANDLE_PARAM(gnttab_get_status_frames_t) uop, goto unlock; } - if ( unlikely(limit_max < grant_to_status_frames(op.nr_frames)) ) + if ( unlikely(limit_max < op.nr_frames) ) { gdprintk(XENLOG_WARNING, - "grant_to_status_frames(%u) for d%d is too large (%u,%u)\n", - op.nr_frames, d->domain_id, - grant_to_status_frames(op.nr_frames), limit_max); + "nr_status_frames for %pd is too large (%u,%u)\n", + d, op.nr_frames, limit_max); op.status = GNTST_general_error; goto unlock; } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Sep 01 19:24:05 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 01 Sep 2021 19:24:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.176648.321461 (Exim 4.92) (envelope-from ) id 1mLVq9-0005t3-K4; Wed, 01 Sep 2021 19:24:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 176648.321461; Wed, 01 Sep 2021 19:24:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVq9-0005sv-H2; Wed, 01 Sep 2021 19:24:05 +0000 Received: by outflank-mailman (input) for mailman id 176648; Wed, 01 Sep 2021 19:24:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVq8-0005sm-1r for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:24:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVq8-000125-16 for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:24:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mLVq7-00010B-Vw for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:24:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ZQCq89oZsOTKcODmXnc/6+Q9ie3nh1CXy2Ky95XMRcU=; b=PTPjw6DAuxT9zzvcN/6BscWbm8 dksZ/HRzSCBISMrX4dhT4l9QR1E5wR2/h5dH+/Ks+yJyKS2rH2YeWg0BVEX6Twi5KqHq3fewweM97 Mm8q9c7nWLG9SKn3HXRJnv6Rphz2LJmD7jVkw1VEv7/bT9vs4eoe6OMbmaOF9KJx5yvk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: Restrict the amount of memory that dom0less domU and dom0 can allocate Message-Id: Date: Wed, 01 Sep 2021 19:24:03 +0000 commit c08d68cd2aacbc7cb56e73ada241bfe4639bbc68 Author: Julien Grall AuthorDate: Wed Aug 25 14:19:31 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:19:31 2021 +0200 xen/arm: Restrict the amount of memory that dom0less domU and dom0 can allocate Currently, both dom0less domUs and dom0 can allocate an "unlimited" amount of memory because d->max_pages is set to ~0U. In particular, the former are meant to be unprivileged. Therefore the memory they could allocate should be bounded. As the domain are not yet officially aware of Xen (we don't expose advertise it in the DT, yet the hypercalls are accessible), they should not need to allocate more than the initial amount. So cap set d->max_pages directly the amount of memory we are meant to allocate. Take the opportunity to also restrict the memory for dom0 as the domain is direct mapped (e.g. MFN == GFN) and therefore cannot allocate outside of the pre-allocated region. This is CVE-2021-28700 / XSA-383. Reported-by: Julien Grall Signed-off-by: Julien Grall Reviewed-by: Stefano Stabellini Tested-by: Stefano Stabellini --- xen/arch/arm/domain_build.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index 6c86d52781..206038d1c0 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -2440,7 +2440,8 @@ static int __init construct_domU(struct domain *d, if ( vcpu_create(d, 0) == NULL ) return -ENOMEM; - d->max_pages = ~0U; + + d->max_pages = ((paddr_t)mem * SZ_1K) >> PAGE_SHIFT; kinfo.d = d; @@ -2546,7 +2547,7 @@ static int __init construct_dom0(struct domain *d) iommu_hwdom_init(d); - d->max_pages = ~0U; + d->max_pages = dom0_mem >> PAGE_SHIFT; kinfo.unassigned_mem = dom0_mem; kinfo.d = d; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Sep 01 19:24:15 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 01 Sep 2021 19:24:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.176649.321465 (Exim 4.92) (envelope-from ) id 1mLVqJ-0005vq-LY; Wed, 01 Sep 2021 19:24:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 176649.321465; Wed, 01 Sep 2021 19:24:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVqJ-0005vi-IX; Wed, 01 Sep 2021 19:24:15 +0000 Received: by outflank-mailman (input) for mailman id 176649; Wed, 01 Sep 2021 19:24:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVqI-0005vO-5c for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:24:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVqI-00012I-4y for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:24:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mLVqI-00011S-45 for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:24:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=GKfiP7MBaKBDE9LLG/UtC9a+k/E+nqLo6tSeJXCbIbw=; b=zz8T/tlmqTEP7asSwvM4ETSsKy 0j2N1PS0gvBUqf1PQPaRWkl5Cn62rqcESj9TkJrMlf7uAiFY5f+72HimBUS3T5DOf3HyT7zXpTQcX IWN8b8nv9qdmWBY98Pmopx8d/8HH6bKsfEyxFHY4gaIum6CRQSpv8if0tFVG4+otlmO0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] VT-d: fix caching mode IOTLB flushing Message-Id: Date: Wed, 01 Sep 2021 19:24:14 +0000 commit c5c84e97669dd5c92b59b04b2ab4233605da09dd Author: Jan Beulich AuthorDate: Fri Aug 27 10:52:15 2021 +0200 Commit: Jan Beulich CommitDate: Fri Aug 27 10:52:15 2021 +0200 VT-d: fix caching mode IOTLB flushing While for context cache entry flushing use of did 0 is indeed correct (after all upon reading the context entry the IOMMU wouldn't know any domain ID if the entry is not present, and hence a surrogate one needs to be used), for IOTLB entries the normal domain ID (from the [present] context entry) gets used. See sub-section "IOTLB" of section "Address Translation Caches" in the VT-d spec. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian --- xen/drivers/passthrough/vtd/iommu.c | 13 +++---------- xen/drivers/passthrough/vtd/qinval.c | 13 +++---------- 2 files changed, 6 insertions(+), 20 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 23921dfb7b..2034a95a87 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -468,17 +468,10 @@ int vtd_flush_iotlb_reg(struct vtd_iommu *iommu, uint16_t did, uint64_t addr, /* * In the non-present entry flush case, if hardware doesn't cache - * non-present entry we do nothing and if hardware cache non-present - * entry, we flush entries of domain 0 (the domain id is used to cache - * any non-present entries) + * non-present entries we do nothing. */ - if ( flush_non_present_entry ) - { - if ( !cap_caching_mode(iommu->cap) ) - return 1; - else - did = 0; - } + if ( flush_non_present_entry && !cap_caching_mode(iommu->cap) ) + return 1; /* use register invalidation */ switch ( type ) diff --git a/xen/drivers/passthrough/vtd/qinval.c b/xen/drivers/passthrough/vtd/qinval.c index b0e3672231..b16153e298 100644 --- a/xen/drivers/passthrough/vtd/qinval.c +++ b/xen/drivers/passthrough/vtd/qinval.c @@ -362,17 +362,10 @@ static int __must_check flush_iotlb_qi(struct vtd_iommu *iommu, u16 did, /* * In the non-present entry flush case, if hardware doesn't cache - * non-present entry we do nothing and if hardware cache non-present - * entry, we flush entries of domain 0 (the domain id is used to cache - * any non-present entries) + * non-present entries we do nothing. */ - if ( flush_non_present_entry ) - { - if ( !cap_caching_mode(iommu->cap) ) - return 1; - else - did = 0; - } + if ( flush_non_present_entry && !cap_caching_mode(iommu->cap) ) + return 1; /* use queued invalidation */ if (cap_write_drain(iommu->cap)) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Sep 01 19:24:25 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 01 Sep 2021 19:24:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.176650.321469 (Exim 4.92) (envelope-from ) id 1mLVqT-0005yv-NS; Wed, 01 Sep 2021 19:24:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 176650.321469; Wed, 01 Sep 2021 19:24:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVqT-0005ym-KD; Wed, 01 Sep 2021 19:24:25 +0000 Received: by outflank-mailman (input) for mailman id 176650; Wed, 01 Sep 2021 19:24:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVqS-0005yW-9P for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:24:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVqS-00012U-8k for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:24:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mLVqS-00012X-7o for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:24:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=uMy3d3vs8FVrPUEmX9uSR5oLQ3kBuIMm90zw49Z9URg=; b=A1X3LHFE/dVTA3wwE929+NDYSH GdlO5VRTjreYGAr2Z9Us02RPJjqw46i+351X9IjNFi7chKmtbsCb/mxQTktcpKIxqN3Hl+l68TAKc 1iCmwp5SCIzxnctpiW2/nOa/IYNRLMnt/CRbqTg033YXBOucoe5UWUNSE+I8hO1v0xZA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] AMD/IOMMU: avoid recording each level's MFN when walking page table Message-Id: Date: Wed, 01 Sep 2021 19:24:24 +0000 commit 706551b29b176c0a3eb853f71408806a843d51fa Author: Jan Beulich AuthorDate: Fri Aug 27 10:53:11 2021 +0200 Commit: Jan Beulich CommitDate: Fri Aug 27 10:53:11 2021 +0200 AMD/IOMMU: avoid recording each level's MFN when walking page table Both callers only care about the target (level 1) MFN. I also cannot see what we might need higher level MFNs for down the road. And even modern gcc doesn't recognize the optimization potential. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper --- xen/drivers/passthrough/amd/iommu_map.c | 23 +++++++++-------------- 1 file changed, 9 insertions(+), 14 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 53cd5b4577..10fda5519c 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -178,7 +178,7 @@ void __init iommu_dte_add_device_entry(struct amd_iommu_dte *dte, * page tables. */ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, - unsigned long pt_mfn[], bool map) + unsigned long *pt_mfn, bool map) { union amd_iommu_pte *pde, *next_table_vaddr; unsigned long next_table_mfn; @@ -203,7 +203,6 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, while ( level > 1 ) { unsigned int next_level = level - 1; - pt_mfn[level] = next_table_mfn; next_table_vaddr = map_domain_page(_mfn(next_table_mfn)); pde = &next_table_vaddr[pfn_to_pde_idx(dfn, level)]; @@ -273,7 +272,7 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, } /* mfn of level 1 page table */ - pt_mfn[level] = next_table_mfn; + *pt_mfn = next_table_mfn; return 0; } @@ -282,9 +281,7 @@ int amd_iommu_map_page(struct domain *d, dfn_t dfn, mfn_t mfn, { struct domain_iommu *hd = dom_iommu(d); int rc; - unsigned long pt_mfn[7]; - - memset(pt_mfn, 0, sizeof(pt_mfn)); + unsigned long pt_mfn = 0; spin_lock(&hd->arch.mapping_lock); @@ -310,7 +307,7 @@ int amd_iommu_map_page(struct domain *d, dfn_t dfn, mfn_t mfn, return rc; } - if ( iommu_pde_from_dfn(d, dfn_x(dfn), pt_mfn, true) || (pt_mfn[1] == 0) ) + if ( iommu_pde_from_dfn(d, dfn_x(dfn), &pt_mfn, true) || !pt_mfn ) { spin_unlock(&hd->arch.mapping_lock); AMD_IOMMU_DEBUG("Invalid IO pagetable entry dfn = %"PRI_dfn"\n", @@ -320,7 +317,7 @@ int amd_iommu_map_page(struct domain *d, dfn_t dfn, mfn_t mfn, } /* Install 4k mapping */ - *flush_flags |= set_iommu_ptes_present(pt_mfn[1], dfn_x(dfn), mfn_x(mfn), + *flush_flags |= set_iommu_ptes_present(pt_mfn, dfn_x(dfn), mfn_x(mfn), 1, 1, (flags & IOMMUF_writable), (flags & IOMMUF_readable)); @@ -332,11 +329,9 @@ int amd_iommu_map_page(struct domain *d, dfn_t dfn, mfn_t mfn, int amd_iommu_unmap_page(struct domain *d, dfn_t dfn, unsigned int *flush_flags) { - unsigned long pt_mfn[7]; + unsigned long pt_mfn = 0; struct domain_iommu *hd = dom_iommu(d); - memset(pt_mfn, 0, sizeof(pt_mfn)); - spin_lock(&hd->arch.mapping_lock); if ( !hd->arch.amd.root_table ) @@ -345,7 +340,7 @@ int amd_iommu_unmap_page(struct domain *d, dfn_t dfn, return 0; } - if ( iommu_pde_from_dfn(d, dfn_x(dfn), pt_mfn, false) ) + if ( iommu_pde_from_dfn(d, dfn_x(dfn), &pt_mfn, false) ) { spin_unlock(&hd->arch.mapping_lock); AMD_IOMMU_DEBUG("Invalid IO pagetable entry dfn = %"PRI_dfn"\n", @@ -354,10 +349,10 @@ int amd_iommu_unmap_page(struct domain *d, dfn_t dfn, return -EFAULT; } - if ( pt_mfn[1] ) + if ( pt_mfn ) { /* Mark PTE as 'page not present'. */ - *flush_flags |= clear_iommu_pte_present(pt_mfn[1], dfn_x(dfn)); + *flush_flags |= clear_iommu_pte_present(pt_mfn, dfn_x(dfn)); } spin_unlock(&hd->arch.mapping_lock); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Sep 01 19:24:35 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 01 Sep 2021 19:24:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.176651.321473 (Exim 4.92) (envelope-from ) id 1mLVqd-00061q-Om; Wed, 01 Sep 2021 19:24:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 176651.321473; Wed, 01 Sep 2021 19:24:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVqd-00061i-Ll; Wed, 01 Sep 2021 19:24:35 +0000 Received: by outflank-mailman (input) for mailman id 176651; Wed, 01 Sep 2021 19:24:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVqc-00061T-DH for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:24:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVqc-00012l-CV for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:24:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mLVqc-00013S-Bc for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:24:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=lZOxXq0W+OCnQyL0ps+lx40Fxxzb9B1l6PhMAVO4NLA=; b=BLYS44FnykeYHdsx2jKGIPWYHg USB5UfexaTPcbnIdRpwn8Yck6dQcLNGyZXeVGXX0GMV45MO2lhd3sZ65tzvuNZ01qrzhhaGVOVQfx 5YCpWFATHN/kHUKPTzlGt7qFt/6LlwQjW7uKlQx4zjNBueBnhz1ZfsdLLN3lb5LZN2NE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] gnttab: drop GNTMAP_can_fail Message-Id: Date: Wed, 01 Sep 2021 19:24:34 +0000 commit d07b7ed8b564f48ff14922ac20347fb33bb27ffb Author: Jan Beulich AuthorDate: Fri Aug 27 10:53:48 2021 +0200 Commit: Jan Beulich CommitDate: Fri Aug 27 10:53:48 2021 +0200 gnttab: drop GNTMAP_can_fail There's neither documentation of what this flag is supposed to mean, nor any implementation. Commit 4d45702cf0398 ("paging: Updates to public grant table header file") suggests there might have been plans to use it for interaction with mem-paging, but no such functionality has ever materialized. With this, don't even bother enclosing the #define-s in a __XEN_INTERFACE_VERSION__ conditional, but drop them altogether. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper --- xen/include/public/grant_table.h | 3 --- 1 file changed, 3 deletions(-) diff --git a/xen/include/public/grant_table.h b/xen/include/public/grant_table.h index 84b1d26b36..69d1e9662e 100644 --- a/xen/include/public/grant_table.h +++ b/xen/include/public/grant_table.h @@ -628,9 +628,6 @@ DEFINE_XEN_GUEST_HANDLE(gnttab_cache_flush_t); #define _GNTMAP_contains_pte (4) #define GNTMAP_contains_pte (1<<_GNTMAP_contains_pte) -#define _GNTMAP_can_fail (5) -#define GNTMAP_can_fail (1<<_GNTMAP_can_fail) - /* * Bits to be placed in guest kernel available PTE bits (architecture * dependent; only supported when XENFEAT_gnttab_map_avail_bits is set). -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Sep 01 19:24:45 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 01 Sep 2021 19:24:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.176652.321477 (Exim 4.92) (envelope-from ) id 1mLVqn-00064p-QG; Wed, 01 Sep 2021 19:24:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 176652.321477; Wed, 01 Sep 2021 19:24:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVqn-00064h-NE; Wed, 01 Sep 2021 19:24:45 +0000 Received: by outflank-mailman (input) for mailman id 176652; Wed, 01 Sep 2021 19:24:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVqm-00064T-Gq for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:24:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVqm-00012w-GA for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:24:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mLVqm-00014U-FH for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:24:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=HkDkqFIe7ddle8ZcYSeIeFJIKBi+eDVjuLIDZqXPcWk=; b=v829gnqaD+4WE00GLwzBhscILl vgjtm8jNtXKDUImZJYTKDgtkCsrB1o4OgWm6jTB/2MYoW/Bws8mdpxB/JNy07kNP8hSDYm8tIRnTm OVdlzgI/xaxFjJMLYMfazFtwtj4q/7SMld0+RU56t1tn9QVOPbl0xkDPVpzcFmjRcJdc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] gnttab: avoid triggering assertion in radix_tree_ulong_to_ptr() Message-Id: Date: Wed, 01 Sep 2021 19:24:44 +0000 commit b6da9d0414d69c2682214ee3ecf9816fcac500d0 Author: Jan Beulich AuthorDate: Fri Aug 27 10:54:46 2021 +0200 Commit: Jan Beulich CommitDate: Fri Aug 27 10:54:46 2021 +0200 gnttab: avoid triggering assertion in radix_tree_ulong_to_ptr() Relevant quotes from the C11 standard: "Except where explicitly stated otherwise, for the purposes of this subclause unnamed members of objects of structure and union type do not participate in initialization. Unnamed members of structure objects have indeterminate value even after initialization." "If there are fewer initializers in a brace-enclosed list than there are elements or members of an aggregate, [...], the remainder of the aggregate shall be initialized implicitly the same as objects that have static storage duration." "If an object that has static or thread storage duration is not initialized explicitly, then: [...] — if it is an aggregate, every member is initialized (recursively) according to these rules, and any padding is initialized to zero bits; [...]" "A bit-field declaration with no declarator, but only a colon and a width, indicates an unnamed bit-field." Footnote: "An unnamed bit-field structure member is useful for padding to conform to externally imposed layouts." "There may be unnamed padding within a structure object, but not at its beginning." Which makes me conclude: - Whether an unnamed bit-field member is an unnamed member or padding is unclear, and hence also whether the last quote above would render the big endian case of the structure declaration invalid. - Whether the number of members of an aggregate includes unnamed ones is also not really clear. - The initializer in map_grant_ref() initializes all fields of the "cnt" sub-structure of the union, so assuming the second quote above applies here (indirectly), the compiler isn't required to implicitly initialize the rest (i.e. in particular any padding) like would happen for static storage duration objects. Gcc 7.4.1 can be observed (apparently in debug builds only) to translate aforementioned initializer to a read-modify-write operation of a stack variable, leaving unchanged the top two bits of whatever was previously in that stack slot. Clearly if either of the two bits were set, radix_tree_ulong_to_ptr()'s assertion would trigger. Therefore, to be on the safe side, add an explicit padding field for the non-big-endian-bitfields case and give a dummy name to both padding fields. Fixes: 9781b51efde2 ("gnttab: replace mapkind()") Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- xen/common/grant_table.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 5190461053..b1930e2d8e 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -952,10 +952,13 @@ union maptrack_node { struct { /* Radix tree slot pointers use two of the bits. */ #ifdef __BIG_ENDIAN_BITFIELD - unsigned long : 2; + unsigned long _0 : 2; #endif unsigned long rd : BITS_PER_LONG / 2 - 1; unsigned long wr : BITS_PER_LONG / 2 - 1; +#ifndef __BIG_ENDIAN_BITFIELD + unsigned long _0 : 2; +#endif } cnt; unsigned long raw; }; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Sep 01 19:24:55 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 01 Sep 2021 19:24:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.176653.321480 (Exim 4.92) (envelope-from ) id 1mLVqx-00067d-SM; Wed, 01 Sep 2021 19:24:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 176653.321480; Wed, 01 Sep 2021 19:24:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVqx-00067W-Or; Wed, 01 Sep 2021 19:24:55 +0000 Received: by outflank-mailman (input) for mailman id 176653; Wed, 01 Sep 2021 19:24:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVqw-00067L-Kc for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:24:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVqw-00013D-Jx for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:24:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mLVqw-00015f-Iz for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:24:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Iv0tZJ63mHwtZJozI5mYLVhqIk0VdoETD8euh/xxxsE=; b=WNNJInIU/naTJk3MWaTAt13vgF C9r4MOK1J5Gu/pUuDd2PelqRxnxPqamqOwYtB0/J/gp0ZBF6f4hOGBOUBtyxQkAxyQvmV31C0lBDr QaYZkezO6h4els1SGyJvC/9O1ngOMdaaazU6qnjLKhQ0JliAxALcgTzsD0gEEBc6hUx4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/spec-ctrl: Skip RSB overwriting when safe to do so Message-Id: Date: Wed, 01 Sep 2021 19:24:54 +0000 commit afab477fba3b4de4ad3887c27677737b96488091 Author: Andrew Cooper AuthorDate: Thu Aug 19 13:53:15 2021 +0100 Commit: Andrew Cooper CommitDate: Fri Aug 27 14:19:02 2021 +0100 x86/spec-ctrl: Skip RSB overwriting when safe to do so In some configurations, it is safe to not overwrite the RSB on entry to Xen. Both Intel and AMD have guidelines in this area, because of the performance difference it makes for native kernels. A simple microperf test, measuring the amount of time a XENVER_version hypercall takes, shows the following improvements: KabyLake: -13.9175% +/- 6.85387% CoffeeLake-R: -9.1183% +/- 5.04519% Milan: -17.7803% +/- 1.29808% This is best case improvement, because no real workloads are making XENVER_version hypercalls in a tight loop. However, this is the hypercall used by PV kernels to force evtchn delivery if one is pending, so it is a common hypercall to see, especially in dom0. The avoidance of RSB-overwriting speeds up all interrupts, exceptions and system calls from PV or Xen context. RSB-overwriting is still required on VMExit from HVM guests for now. In terms of more realistic testing, LMBench in dom0 on an AMD Rome system shows improvements across the board, with the best improvement at 8% for simple syscall and simple write. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/spec_ctrl.c | 67 ++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 57 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 739b7913ff..750110e9df 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -33,7 +33,7 @@ /* Cmdline controls for Xen's alternative blocks. */ static bool __initdata opt_msr_sc_pv = true; static bool __initdata opt_msr_sc_hvm = true; -static bool __initdata opt_rsb_pv = true; +static int8_t __initdata opt_rsb_pv = -1; static bool __initdata opt_rsb_hvm = true; static int8_t __initdata opt_md_clear_pv = -1; static int8_t __initdata opt_md_clear_hvm = -1; @@ -554,6 +554,35 @@ static bool __init retpoline_safe(uint64_t caps) } } +/* + * https://software.intel.com/content/www/us/en/develop/articles/software-security-guidance/technical-documentation/retpoline-branch-target-injection-mitigation.html + * + * Silvermont and Airmont based cores are 64bit but only have a 32bit wide + * RSB, which impacts the safety of using SMEP to avoid RSB-overwriting. + */ +static bool __init rsb_is_full_width(void) +{ + if ( boot_cpu_data.x86_vendor != X86_VENDOR_INTEL || + boot_cpu_data.x86 != 6 ) + return true; + + switch ( boot_cpu_data.x86_model ) + { + case 0x37: /* Baytrail / Valleyview (Silvermont) */ + case 0x4a: /* Merrifield */ + case 0x4c: /* Cherrytrail / Brasswell */ + case 0x4d: /* Avaton / Rangely (Silvermont) */ + case 0x5a: /* Moorefield */ + case 0x5d: /* SoFIA 3G Granite/ES2.1 */ + case 0x65: /* SoFIA LTE AOSP */ + case 0x6e: /* Cougar Mountain */ + case 0x75: /* Lightning Mountain */ + return false; + } + + return true; +} + /* Calculate whether this CPU speculates past #NM */ static bool __init should_use_eager_fpu(void) { @@ -992,18 +1021,36 @@ void __init init_speculation_mitigations(void) default_xen_spec_ctrl |= SPEC_CTRL_SSBD; /* - * PV guests can poison the RSB to any virtual address from which - * they can execute a call instruction. This is necessarily outside - * of the Xen supervisor mappings. + * PV guests can create RSB entries for any linear address they control, + * which are outside of Xen's mappings. + * + * SMEP inhibits speculation to any user mappings, so in principle it is + * safe to not overwrite the RSB when SMEP is active. + * + * However, some caveats apply: + * + * 1) CALL instructions push the next sequential linear address into the + * RSB, meaning that there is a boundary case at the user=>supervisor + * split. This can be compensated for by having an unmapped or NX + * page, or an instruction which halts speculation. * - * With SMEP enabled, the processor won't speculate into user mappings. - * Therefore, in this case, we don't need to worry about poisoned entries - * from 64bit PV guests. + * For Xen, the next sequential linear address is the start of M2P + * (mapped NX), or a zapped hole (unmapped). * - * 32bit PV guest kernels run in ring 1, so use supervisor mappings. - * If a processors speculates to 32bit PV guest kernel mappings, it is - * speculating in 64bit supervisor mode, and can leak data. + * 2) 32bit PV kernels execute in Ring 1 and use supervisor mappings. + * SMEP offers no protection in this case. + * + * 3) Some CPUs have RSBs which are not full width, which allow the + * attacker's entries to alias Xen addresses. + * + * It is safe to turn off RSB stuffing when Xen is using SMEP itself, and + * 32bit PV guests are disabled, and when the RSB is full width. */ + BUILD_BUG_ON(RO_MPT_VIRT_START != PML4_ADDR(256)); + if ( opt_rsb_pv == -1 && boot_cpu_has(X86_FEATURE_XEN_SMEP) && + !opt_pv32 && rsb_is_full_width() ) + opt_rsb_pv = 0; + if ( opt_rsb_pv ) { setup_force_cpu_cap(X86_FEATURE_SC_RSB_PV); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Sep 01 19:25:06 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 01 Sep 2021 19:25:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.176654.321485 (Exim 4.92) (envelope-from ) id 1mLVr7-0006B6-Vd; Wed, 01 Sep 2021 19:25:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 176654.321485; Wed, 01 Sep 2021 19:25:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVr7-0006Av-SZ; Wed, 01 Sep 2021 19:25:05 +0000 Received: by outflank-mailman (input) for mailman id 176654; Wed, 01 Sep 2021 19:25:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVr6-0006An-OK for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:25:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVr6-00014e-Na for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:25:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mLVr6-000174-Mn for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:25:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Cw/+uVRFCw8LocQdR2UldbYDcgQP7wjYd8XHDHY/zfQ=; b=jYDG62yOj+xJVDY/y6l9yE2QUC c1LbreV7mt7DtUIMe4oYLOQtNq72zv68Zupzo2W4AHFZXv+lywkhmHFJKtfwb/M+uFWMjQ4DBcFlc +TBvn1iFvjzCrZKLvozJ0NSOR16IYnmmP/GkPm5rDVf+A1tyVDUQOwBp6aaz7tEklV6Q=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/domain: Fix label position in domain_teardown() Message-Id: Date: Wed, 01 Sep 2021 19:25:04 +0000 commit 8064488062641ae505b2a7369611c38057a7788b Author: Andrew Cooper AuthorDate: Fri Aug 27 14:46:52 2021 +0100 Commit: Andrew Cooper CommitDate: Fri Aug 27 15:12:05 2021 +0100 xen/domain: Fix label position in domain_teardown() As explained in the comments, a progress label wants to be before the function it refers to for the higher level logic to make sense. As it happens, the effects are benign because gnttab_mappings is immediately adjacent to teardown in terms of co-routine exit points. There is and will always be a corner case with 0. Help alleviate this visually (at least slightly) with a BUILD_BUG_ON() to ensure the property which makes this function do anything useful. There is also a visual corner case when changing from PROGRESS() to PROGRESS_VCPU(). The important detail is to check that there is a "return rc;" logically between each PROGRESS*() marker. Fixes: b1ee10be5625 ("gnttab: add preemption check to gnttab_release_mappings()") Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/common/domain.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/xen/common/domain.c b/xen/common/domain.c index 14b1341e53..0d3385ad5a 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -419,11 +419,13 @@ static int domain_teardown(struct domain *d) }; case PROG_none: + BUILD_BUG_ON(PROG_none != 0); + + PROGRESS(gnttab_mappings): rc = gnttab_release_mappings(d); if ( rc ) return rc; - PROGRESS(gnttab_mappings): for_each_vcpu ( d, v ) { PROGRESS_VCPU(teardown); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Sep 01 19:25:16 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 01 Sep 2021 19:25:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.176655.321489 (Exim 4.92) (envelope-from ) id 1mLVrI-0006Dr-0j; Wed, 01 Sep 2021 19:25:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 176655.321489; Wed, 01 Sep 2021 19:25:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVrH-0006Dk-U1; Wed, 01 Sep 2021 19:25:15 +0000 Received: by outflank-mailman (input) for mailman id 176655; Wed, 01 Sep 2021 19:25:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVrG-0006DT-Rr for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:25:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVrG-00015c-R8 for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:25:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mLVrG-00018G-QJ for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:25:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ge03jwo1tPCelUbcY3U3VdpFx56BRK1htQrAJNnsP4o=; b=4kQiFDUuw/z5Sc+D0JnAe2TSZQ 4aLHLJ9yDB149tvbDUU7rmsO02Y2XscgitHtivzYgKUrklAEjToxX3JoiyEHpEyh5KDZ3x8R+N0Mt mB6KPE7QpN1BPWzbqidnlBIrO65umTutjgL6JChEoyMnkFWNPyeLy7I7oaY7O7yq0+7o=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] libxenguest/x86: ensure CPUID[1].EBX[32:16] is non-zero for HVM Message-Id: Date: Wed, 01 Sep 2021 19:25:14 +0000 commit daaf007eb3467f900a2e20fadbc4c6f3bfcaa356 Author: Jan Beulich AuthorDate: Mon Aug 30 15:19:31 2021 +0200 Commit: Jan Beulich CommitDate: Mon Aug 30 15:19:31 2021 +0200 libxenguest/x86: ensure CPUID[1].EBX[32:16] is non-zero for HVM We unconditionally set HTT, so merely doubling the value read from hardware isn't going to be correct if that value is zero. Reported-by: Julien Grall Signed-off-by: Jan Beulich Tested-by: Julien Grall Acked-by: Andrew Cooper --- tools/libs/guest/xg_cpuid_x86.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tools/libs/guest/xg_cpuid_x86.c b/tools/libs/guest/xg_cpuid_x86.c index 0c9c4fefc1..198892ebdf 100644 --- a/tools/libs/guest/xg_cpuid_x86.c +++ b/tools/libs/guest/xg_cpuid_x86.c @@ -594,7 +594,9 @@ int xc_cpuid_apply_policy(xc_interface *xch, uint32_t domid, bool restore, * Update to reflect vLAPIC_ID = vCPU_ID * 2, but make sure to avoid * overflow. */ - if ( !(p->basic.lppp & 0x80) ) + if ( !p->basic.lppp ) + p->basic.lppp = 2; + else if ( !(p->basic.lppp & 0x80) ) p->basic.lppp *= 2; switch ( p->x86_vendor ) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Sep 01 19:25:26 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 01 Sep 2021 19:25:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.176657.321493 (Exim 4.92) (envelope-from ) id 1mLVrS-0006HE-2a; Wed, 01 Sep 2021 19:25:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 176657.321493; Wed, 01 Sep 2021 19:25:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVrR-0006H6-Vr; Wed, 01 Sep 2021 19:25:25 +0000 Received: by outflank-mailman (input) for mailman id 176657; Wed, 01 Sep 2021 19:25:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVrQ-0006Gk-VK for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:25:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVrQ-00015q-Uf for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:25:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mLVrQ-00019a-Tu for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:25:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=w183zL7Mheetw9gyzUBgnfSfIYDV3VFnPiQN2Ms7N20=; b=jCko1p+paABS1WzdehKUZDGkQq gdDXYjt7SfZIH3W1Spgj/vPFDpv+CRaJ4xiMXDHnNuql+ehu94gN5Fds2hXfJtgtRTG7wTin3NYmg xik/KvVAN8tDz0fEdks54tp42/e3iDxATPXQD0NemgryzsLCss8UMPj/gYgC2tkT8uho=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/EPT: drop "tm" field of EPT entry Message-Id: Date: Wed, 01 Sep 2021 19:25:24 +0000 commit 305c2c3abf8228989f7a6f6d8e698ca088c8dc42 Author: Jan Beulich AuthorDate: Tue Aug 31 17:42:28 2021 +0200 Commit: Jan Beulich CommitDate: Tue Aug 31 17:42:28 2021 +0200 x86/EPT: drop "tm" field of EPT entry VT-d spec 3.2 converted this bit (back) to reserved. Since there's no use of it anywhere in the tree, simply rename it and adjust its comment. Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian --- xen/include/asm-x86/hvm/vmx/vmx.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/xen/include/asm-x86/hvm/vmx/vmx.h b/xen/include/asm-x86/hvm/vmx/vmx.h index 0deb507490..85530d2e0e 100644 --- a/xen/include/asm-x86/hvm/vmx/vmx.h +++ b/xen/include/asm-x86/hvm/vmx/vmx.h @@ -46,8 +46,7 @@ typedef union { mfn : 40, /* bits 51:12 - Machine physical frame number */ sa_p2mt : 6, /* bits 57:52 - Software available 2 */ access : 4, /* bits 61:58 - p2m_access_t */ - tm : 1, /* bit 62 - VT-d transient-mapping hint in - shared EPT/VT-d usage */ + _rsvd : 1, /* bit 62 - reserved */ suppress_ve : 1; /* bit 63 - suppress #VE */ }; u64 epte; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Sep 01 19:25:36 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 01 Sep 2021 19:25:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.176658.321496 (Exim 4.92) (envelope-from ) id 1mLVrc-0006Jz-41; Wed, 01 Sep 2021 19:25:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 176658.321496; Wed, 01 Sep 2021 19:25:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVrc-0006Jp-1E; Wed, 01 Sep 2021 19:25:36 +0000 Received: by outflank-mailman (input) for mailman id 176658; Wed, 01 Sep 2021 19:25:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVrb-0006Jj-34 for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:25:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVrb-000166-2P for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:25:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mLVrb-0001B8-1N for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:25:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=EbM54SvR8vhg8bKlFmhKMISYIAz3eLYWLcrk+6Fb21I=; b=26T1TAnjWGcZtsfK+JCNu61Sfb WKo4rqgl1mdzTw+FW5hHzycsqxUoC3v5GAf7FFlBE3wSkqhBs1N7k/cwfw1GfZRMZ2x+qDeb6uvuM t/+vKezDBRNKqDpOwq1/xY8tcbxtKlcP8nFSfoWFq7dPRsXsgBUtuoE/FRXFJpR5ae80=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/PVH: de-duplicate mappings for first Mb of Dom0 memory Message-Id: Date: Wed, 01 Sep 2021 19:25:35 +0000 commit 6b4f6a31ace125d658a581e8d10809e4fccdc272 Author: Jan Beulich AuthorDate: Tue Aug 31 17:43:36 2021 +0200 Commit: Jan Beulich CommitDate: Tue Aug 31 17:43:36 2021 +0200 x86/PVH: de-duplicate mappings for first Mb of Dom0 memory One of the changes comprising the fixes for XSA-378 disallows replacing MMIO mappings by code paths not intended for this purpose. This means we need to be more careful about the mappings put in place in this range - mappings should be created exactly once: - iommu_hwdom_init() comes first; it should avoid the first Mb, - pvh_populate_p2m() should insert identity mappings only into ranges not populated as RAM, - pvh_setup_acpi() should again avoid the first Mb, which was already dealt with at that point. Fixes: 753cb68e6530 ("x86/p2m: guard (in particular) identity mapping entries") Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- xen/arch/x86/hvm/dom0_build.c | 39 ++++++++++++++++++++++++++----------- xen/drivers/passthrough/x86/iommu.c | 8 +++++++- 2 files changed, 35 insertions(+), 12 deletions(-) diff --git a/xen/arch/x86/hvm/dom0_build.c b/xen/arch/x86/hvm/dom0_build.c index c24b9efdb0..43e1bf1248 100644 --- a/xen/arch/x86/hvm/dom0_build.c +++ b/xen/arch/x86/hvm/dom0_build.c @@ -430,17 +430,6 @@ static int __init pvh_populate_p2m(struct domain *d) int rc; #define MB1_PAGES PFN_DOWN(MB(1)) - /* - * Memory below 1MB is identity mapped initially. RAM regions are - * populated and copied below, replacing the respective mappings. - */ - rc = modify_identity_mmio(d, 0, MB1_PAGES, true); - if ( rc ) - { - printk("Failed to identity map low 1MB: %d\n", rc); - return rc; - } - /* Populate memory map. */ for ( i = 0; i < d->arch.nr_e820; i++ ) { @@ -472,6 +461,23 @@ static int __init pvh_populate_p2m(struct domain *d) } } + /* Non-RAM regions of space below 1MB get identity mapped. */ + for ( i = rc = 0; i < MB1_PAGES; ++i ) + { + p2m_type_t p2mt; + + if ( mfn_eq(get_gfn_query(d, i, &p2mt), INVALID_MFN) ) + rc = set_mmio_p2m_entry(d, _gfn(i), _mfn(i), PAGE_ORDER_4K); + else + ASSERT(p2mt == p2m_ram_rw); + put_gfn(d, i); + if ( rc ) + { + printk("Failed to identity map PFN %x: %d\n", i, rc); + return rc; + } + } + if ( cpu_has_vmx && paging_mode_hap(d) && !vmx_unrestricted_guest(v) ) { /* @@ -1095,6 +1101,17 @@ static int __init pvh_setup_acpi(struct domain *d, paddr_t start_info) nr_pages = PFN_UP((d->arch.e820[i].addr & ~PAGE_MASK) + d->arch.e820[i].size); + /* Memory below 1MB has been dealt with by pvh_populate_p2m(). */ + if ( pfn < PFN_DOWN(MB(1)) ) + { + if ( pfn + nr_pages <= PFN_DOWN(MB(1)) ) + continue; + + /* This shouldn't happen, but is easy to deal with. */ + nr_pages -= PFN_DOWN(MB(1)) - pfn; + pfn = PFN_DOWN(MB(1)); + } + rc = modify_identity_mmio(d, pfn, nr_pages, true); if ( rc ) { diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index 65ed4a7f9f..01dbd9b098 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -337,7 +337,13 @@ void __hwdom_init arch_iommu_hwdom_init(struct domain *d) max_pfn = (GB(4) >> PAGE_SHIFT) - 1; top = max(max_pdx, pfn_to_pdx(max_pfn) + 1); - for ( i = 0; i < top; i++ ) + /* + * First Mb will get mapped in one go by pvh_populate_p2m(). Avoid + * setting up potentially conflicting mappings here. + */ + i = paging_mode_translate(d) ? PFN_DOWN(MB(1)) : 0; + + for ( ; i < top; i++ ) { unsigned long pfn = pdx_to_pfn(i); int rc; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Sep 01 19:25:47 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 01 Sep 2021 19:25:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.176659.321500 (Exim 4.92) (envelope-from ) id 1mLVrn-0006Mw-5g; Wed, 01 Sep 2021 19:25:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 176659.321500; Wed, 01 Sep 2021 19:25:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVrn-0006Mo-2t; Wed, 01 Sep 2021 19:25:47 +0000 Received: by outflank-mailman (input) for mailman id 176659; Wed, 01 Sep 2021 19:25:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVrl-0006MR-6P for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:25:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLVrl-00016M-5l for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:25:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mLVrl-0001CP-4y for xen-changelog@lists.xenproject.org; Wed, 01 Sep 2021 19:25:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=UnYS2z98MGgKXj2N68lFmu7+JEiD6XM7VnVnXwnRkBw=; b=I69L4LDckyCFynJfTz3sfvDutw hwGcnVr6yRluaqZrPIINLAq2U1zSMCJKfjJe2UMXWdppz9/ltr8gkJWicIV4HzsQe5rDXXPZzszic k/vjrilGIWSTLm+rSKbo4mDbAq0XMEq90H37RHuDXHY6bnX1sqRJRsSOC0XXHSDDUSGg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] libs/light: fix tv_sec fprintf format Message-Id: Date: Wed, 01 Sep 2021 19:25:45 +0000 commit 96607a8e680e7f965ca868d11f8b0636317d2618 Author: Fabrice Fontaine AuthorDate: Sat Aug 28 11:07:09 2021 +0200 Commit: Ian Jackson CommitDate: Tue Aug 31 18:13:47 2021 +0100 libs/light: fix tv_sec fprintf format Don't assume tv_sec is a unsigned long, it is 64 bits on NetBSD 32 bits. Use %jd and cast to (intmax_t) instead Signed-off-by: Fabrice Fontaine Acked-by: Ian Jackson --- tools/libs/light/libxl_domain.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/libs/light/libxl_domain.c b/tools/libs/light/libxl_domain.c index c00c36c928..51a6127552 100644 --- a/tools/libs/light/libxl_domain.c +++ b/tools/libs/light/libxl_domain.c @@ -1444,7 +1444,7 @@ static int libxl__mark_domid_recent(libxl__gc *gc, uint32_t domid) } } - r = fprintf(nf, "%lu %u\n", ctxt.ts.tv_sec, domid); + r = fprintf(nf, "%jd %u\n", (intmax_t)ctxt.ts.tv_sec, domid); if (r < 0) { LOGED(ERROR, domid, "failed to write to '%s'", new); goto out; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Sep 02 02:33:08 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 02 Sep 2021 02:33:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.176814.321780 (Exim 4.92) (envelope-from ) id 1mLcXH-00081P-H2; Thu, 02 Sep 2021 02:33:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 176814.321780; Thu, 02 Sep 2021 02:33:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcXH-00081G-Dm; Thu, 02 Sep 2021 02:33:03 +0000 Received: by outflank-mailman (input) for mailman id 176814; Thu, 02 Sep 2021 02:33:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcXG-00081A-Kn for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:33:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcXG-0001Jp-Jz for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:33:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mLcXG-0006ZH-It for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:33:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rKRrYQiuGLVSnj8fRpRQl34RKUtnON3vGAzASIM8LAg=; b=hb1xknp3Do11x4m3YqNNttTJ7Y BpgmqFzRB3+uqLODdW5Daf8PipsMftHV4M5KYdqUL6Z4Kg62+bkhnr5xSGz2sz/XuBfL2pRaK4gyt asBynBggPK+ABUcdiKi1aleIaNFWVkdhwLTcqWsSahow+Fs1ldtKkDV0Wa34ZtGiImY0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.11] x86: make hypervisor build with gcc11 Message-Id: Date: Thu, 02 Sep 2021 02:33:02 +0000 commit d2356c34d6a6bee7d74f8b3c29c408e96ee95c8d Author: Jan Beulich AuthorDate: Wed Aug 25 15:57:32 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:57:32 2021 +0200 x86: make hypervisor build with gcc11 Gcc 11 looks to make incorrect assumptions about valid ranges that pointers may be used for addressing when they are derived from e.g. a plain constant. See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100680. Utilize RELOC_HIDE() to work around the issue, which for x86 manifests in at least - mpparse.c:efi_check_config(), - tboot.c:tboot_probe(), - tboot.c:tboot_gen_frametable_integrity(), - x86_emulate.c:x86_emulate() (at -O2 only). The last case is particularly odd not just because it only triggers at higher optimization levels, but also because it only affects one of at least three similar constructs. Various "note" diagnostics claim the valid index range to be [0, 2⁶³-1]. Signed-off-by: Jan Beulich Tested-by: Jason Andryuk Acked-by: Roger Pau Monné master commit: 722f59d38c710a940ab05e542a83020eb5546dea master date: 2021-05-27 14:40:29 +0200 --- tools/tests/x86_emulator/x86-emulate.c | 7 +++++++ xen/arch/x86/x86_emulate/x86_emulate.c | 2 +- xen/include/asm-x86/fixmap.h | 2 +- xen/include/xen/compiler.h | 6 ++++++ xen/include/xen/pdx.h | 2 +- 5 files changed, 16 insertions(+), 3 deletions(-) diff --git a/tools/tests/x86_emulator/x86-emulate.c b/tools/tests/x86_emulator/x86-emulate.c index bb5908b59e..5d9d152ff4 100644 --- a/tools/tests/x86_emulator/x86-emulate.c +++ b/tools/tests/x86_emulator/x86-emulate.c @@ -2,6 +2,13 @@ #include +/* See gcc bug 100680, but here don't bother making this version dependent. */ +#define gcc11_wrap(x) ({ \ + unsigned long x_; \ + __asm__ ( "" : "=g" (x_) : "0" (x) ); \ + (typeof(x))x_; \ +}) + #define cpu_has_amd_erratum(nr) 0 #define cpu_has_mpx false #define read_bndcfgu() 0 diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c index 19594ab45d..973f2a9fd9 100644 --- a/xen/arch/x86/x86_emulate/x86_emulate.c +++ b/xen/arch/x86/x86_emulate/x86_emulate.c @@ -585,7 +585,7 @@ union vex { #define copy_VEX(ptr, vex) ({ \ if ( !mode_64bit() ) \ (vex).reg |= 8; \ - (ptr)[0 - PFX_BYTES] = ext < ext_8f08 ? 0xc4 : 0x8f; \ + gcc11_wrap(ptr)[0 - PFX_BYTES] = ext < ext_8f08 ? 0xc4 : 0x8f; \ (ptr)[1 - PFX_BYTES] = (vex).raw[0]; \ (ptr)[2 - PFX_BYTES] = (vex).raw[1]; \ container_of((ptr) + 1 - PFX_BYTES, typeof(vex), raw[0]); \ diff --git a/xen/include/asm-x86/fixmap.h b/xen/include/asm-x86/fixmap.h index 16ccaa2c77..d460b71f4f 100644 --- a/xen/include/asm-x86/fixmap.h +++ b/xen/include/asm-x86/fixmap.h @@ -80,7 +80,7 @@ extern void __set_fixmap( #define clear_fixmap(idx) __set_fixmap(idx, 0, 0) -#define __fix_to_virt(x) (FIXADDR_TOP - ((x) << PAGE_SHIFT)) +#define __fix_to_virt(x) gcc11_wrap(FIXADDR_TOP - ((x) << PAGE_SHIFT)) #define __virt_to_fix(x) ((FIXADDR_TOP - ((x)&PAGE_MASK)) >> PAGE_SHIFT) #define fix_to_virt(x) ((void *)__fix_to_virt(x)) diff --git a/xen/include/xen/compiler.h b/xen/include/xen/compiler.h index a7e05681c9..72518dd7a8 100644 --- a/xen/include/xen/compiler.h +++ b/xen/include/xen/compiler.h @@ -97,6 +97,12 @@ __asm__ ("" : "=r"(__ptr) : "0"(ptr)); \ (typeof(ptr)) (__ptr + (off)); }) +#if __GNUC__ >= 11 /* See gcc bug 100680. */ +# define gcc11_wrap(x) RELOC_HIDE(x, 0) +#else +# define gcc11_wrap(x) (x) +#endif + #ifdef __GCC_ASM_FLAG_OUTPUTS__ # define ASM_FLAG_OUT(yes, no) yes #else diff --git a/xen/include/xen/pdx.h b/xen/include/xen/pdx.h index a151aac1a2..5ed51b5edb 100644 --- a/xen/include/xen/pdx.h +++ b/xen/include/xen/pdx.h @@ -19,7 +19,7 @@ extern u64 pdx_region_mask(u64 base, u64 len); extern void set_pdx_range(unsigned long smfn, unsigned long emfn); #define page_to_pdx(pg) ((pg) - frame_table) -#define pdx_to_page(pdx) (frame_table + (pdx)) +#define pdx_to_page(pdx) gcc11_wrap(frame_table + (pdx)) bool __mfn_valid(unsigned long mfn); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.11 From xen-changelog-bounces@lists.xenproject.org Thu Sep 02 02:33:13 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 02 Sep 2021 02:33:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.176815.321784 (Exim 4.92) (envelope-from ) id 1mLcXR-00083u-IP; Thu, 02 Sep 2021 02:33:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 176815.321784; Thu, 02 Sep 2021 02:33:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcXR-00083m-FU; Thu, 02 Sep 2021 02:33:13 +0000 Received: by outflank-mailman (input) for mailman id 176815; Thu, 02 Sep 2021 02:33:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcXQ-00083W-OV for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:33:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcXQ-0001Jz-Nj for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:33:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mLcXQ-0006a9-Mh for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:33:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=fttlWMEENgxUt6jnxLRNXQnACh16soUs1eIqavFyiSE=; b=oPjfH0R3BUqOSui5faYjTRSqOI dfo7IgUvEPgvm1JBZ44+oX5qeqmgBhVT4by14X8TO8JGIosQUy20dBrOJFk1c9KQSRHKBzdIZQUth X35UtSelISPbYgX+R2SgXutUvpYAwF8Fr369lh1iWGNJDb06jJn9LoBzvOwCzGtJ2jOs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.11] x86: work around build issue with GNU ld 2.37 Message-Id: Date: Thu, 02 Sep 2021 02:33:12 +0000 commit 42fcb07d3889e497f5d52d664f8c4e4e6b3179a4 Author: Jan Beulich AuthorDate: Wed Aug 25 15:58:18 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:58:18 2021 +0200 x86: work around build issue with GNU ld 2.37 I suspect it is commit 40726f16a8d7 ("ld script expression parsing") which broke the hypervisor build, by no longer accepting section names with a dash in them inside ADDR() (and perhaps other script directives expecting just a section name, not an expression): .note.gnu.build-id is such a section. Quoting all section names passed to ADDR() via DECL_SECTION() works around the regression. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: 58ad654ebce7ccb272a3f4f3482c03aaad850d31 master date: 2021-07-27 15:03:29 +0100 --- xen/arch/x86/xen.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index f266969d0d..364424e3ce 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -21,7 +21,7 @@ ENTRY(efi_start) #define FORMAT "elf64-x86-64" #define SECTION_ALIGN PAGE_SIZE -#define DECL_SECTION(x) x : AT(ADDR(x) - __XEN_VIRT_START) +#define DECL_SECTION(x) x : AT(ADDR(#x) - __XEN_VIRT_START) ENTRY(start_pa) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.11 From xen-changelog-bounces@lists.xenproject.org Thu Sep 02 02:33:24 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 02 Sep 2021 02:33:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.176816.321788 (Exim 4.92) (envelope-from ) id 1mLcXc-00087U-KB; Thu, 02 Sep 2021 02:33:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 176816.321788; Thu, 02 Sep 2021 02:33:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcXc-00087M-H2; Thu, 02 Sep 2021 02:33:24 +0000 Received: by outflank-mailman (input) for mailman id 176816; Thu, 02 Sep 2021 02:33:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcXa-000877-S4 for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:33:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcXa-0001KA-RM for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:33:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mLcXa-0006ay-QJ for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:33:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=KVOXesLB0prsNmmN1eCVQABH8QKGegq2zhovMYaST7w=; b=ulH0qsLowp83FlgyoJQyjTFReV n88EMpE1J+TM6MbUvQo7hCbLykZBu8nb/uYhFO3CIF1Z4y5o7ygVUV4SZvJz1LYYkB2qvYs0E/eeD ZEdot/5YDAb4VUd/vrnTbkj2+SjrVlWgNwBEhAykRYEFvOOdLG/tZiluHMtOQza2YHnw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.11] x86/p2m: fix PoD accounting in guest_physmap_add_entry() Message-Id: Date: Thu, 02 Sep 2021 02:33:22 +0000 commit a7cb4af927e97cb60ae01c1a5e2cd9d1e3b3d139 Author: Jan Beulich AuthorDate: Wed Aug 25 15:58:58 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:58:58 2021 +0200 x86/p2m: fix PoD accounting in guest_physmap_add_entry() The initial observation was that the mfn_valid() check comes too late: Neither mfn_add() nor mfn_to_page() (let alone de-referencing the result of the latter) are valid for MFNs failing this check. Move it up and - noticing that there's no caller doing so - also add an assertion that this should never produce "false" here. In turn this would have meant that the "else" to that if() could now go away, which didn't seem right at all. And indeed, considering callers like memory_exchange() or various grant table functions, the PoD accounting should have been outside of that if() from the very beginning. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: aea270e3f7c0db696c88a0e94b1ece7abd339c84 master date: 2020-02-21 17:14:38 +0100 --- xen/arch/x86/mm/p2m.c | 32 ++++++++++++-------------------- 1 file changed, 12 insertions(+), 20 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 97c417fc3e..6ff61aa138 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -794,6 +794,12 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, if ( p2m_is_foreign(t) ) return -EINVAL; + if ( !mfn_valid(mfn) ) + { + ASSERT_UNREACHABLE(); + return -EINVAL; + } + p2m_lock(p2m); P2M_DEBUG("adding gfn=%#lx mfn=%#lx\n", gfn_x(gfn), mfn_x(mfn)); @@ -894,12 +900,13 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, } /* Now, actually do the two-way mapping */ - if ( mfn_valid(mfn) ) + rc = p2m_set_entry(p2m, gfn, mfn, page_order, t, p2m->default_access); + if ( rc == 0 ) { - rc = p2m_set_entry(p2m, gfn, mfn, page_order, t, - p2m->default_access); - if ( rc ) - goto out; /* Failed to update p2m, bail without updating m2p. */ + pod_lock(p2m); + p2m->pod.entry_count -= pod_count; + BUG_ON(p2m->pod.entry_count < 0); + pod_unlock(p2m); if ( !p2m_is_grant(t) ) { @@ -908,22 +915,7 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, gfn_x(gfn_add(gfn, i))); } } - else - { - gdprintk(XENLOG_WARNING, "Adding bad mfn to p2m map (%#lx -> %#lx)\n", - gfn_x(gfn), mfn_x(mfn)); - rc = p2m_set_entry(p2m, gfn, INVALID_MFN, page_order, - p2m_invalid, p2m->default_access); - if ( rc == 0 ) - { - pod_lock(p2m); - p2m->pod.entry_count -= pod_count; - BUG_ON(p2m->pod.entry_count < 0); - pod_unlock(p2m); - } - } -out: p2m_unlock(p2m); return rc; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.11 From xen-changelog-bounces@lists.xenproject.org Thu Sep 02 02:33:34 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 02 Sep 2021 02:33:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.176817.321792 (Exim 4.92) (envelope-from ) id 1mLcXm-0008BV-NK; Thu, 02 Sep 2021 02:33:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 176817.321792; Thu, 02 Sep 2021 02:33:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcXm-0008BN-K8; Thu, 02 Sep 2021 02:33:34 +0000 Received: by outflank-mailman (input) for mailman id 176817; Thu, 02 Sep 2021 02:33:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcXk-0008B3-W7 for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:33:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcXk-0001KN-VL for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:33:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mLcXk-0006bw-UD for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:33:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=mRLpGLVf4fMkHSo8VqBVAvzpwlsSMUQ52HkTDRA75tI=; b=lXfeQxdkmDeE/GD7PxoN7x068M Ziklxup/P3Vw4OLfm9j7chnjjMHF13P7sNVa6kXjamujMi69EO7ejhWVpLArqXesoZXsoMr5Tlg0Q SbPtKctA5bkoFJgYw56etlNH0NlkhpJynsZOkBu40Tg7G4wv0Dl3vK/Xx+3uzJ7YyNfA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.11] x86/p2m: don't ignore p2m_remove_page()'s return value Message-Id: Date: Thu, 02 Sep 2021 02:33:32 +0000 commit 2e01b8fc2ec446a2d786bada35921355e3cf3c46 Author: Jan Beulich AuthorDate: Wed Aug 25 15:59:13 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:59:13 2021 +0200 x86/p2m: don't ignore p2m_remove_page()'s return value It's not very nice to return from guest_physmap_add_entry() after perhaps already having made some changes to the P2M, but this is pre- existing practice in the function, and imo better than ignoring errors. Take the liberty and replace an mfn_add() instance with a local variable already holding the result (as proven by the check immediately ahead). Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Acked-by: Andrew Cooper master commit: a6b051a87a586347969bfbaa6925ac0f0c845413 master date: 2020-04-03 10:56:10 +0200 --- xen/arch/x86/mm/p2m.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 6ff61aa138..9674ff087c 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -702,8 +702,7 @@ void p2m_final_teardown(struct domain *d) p2m_teardown_hostp2m(d); } - -static int +static int __must_check p2m_remove_page(struct p2m_domain *p2m, unsigned long gfn_l, unsigned long mfn, unsigned int page_order) { @@ -892,9 +891,9 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, ASSERT(mfn_valid(omfn)); P2M_DEBUG("old gfn=%#lx -> mfn %#lx\n", gfn_x(ogfn) , mfn_x(omfn)); - if ( mfn_eq(omfn, mfn_add(mfn, i)) ) - p2m_remove_page(p2m, gfn_x(ogfn), mfn_x(mfn_add(mfn, i)), - 0); + if ( mfn_eq(omfn, mfn_add(mfn, i)) && + (rc = p2m_remove_page(p2m, gfn_x(ogfn), mfn_x(omfn), 0)) ) + goto out; } } } @@ -916,6 +915,7 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, } } + out: p2m_unlock(p2m); return rc; @@ -2385,9 +2385,9 @@ int p2m_change_altp2m_gfn(struct domain *d, unsigned int idx, if ( gfn_eq(new_gfn, INVALID_GFN) ) { - if ( mfn_valid(mfn) ) - p2m_remove_page(ap2m, gfn_x(old_gfn), mfn_x(mfn), PAGE_ORDER_4K); - rc = 0; + rc = mfn_valid(mfn) + ? p2m_remove_page(ap2m, gfn_x(old_gfn), mfn_x(mfn), PAGE_ORDER_4K) + : 0; goto out; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.11 From xen-changelog-bounces@lists.xenproject.org Thu Sep 02 02:33:44 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 02 Sep 2021 02:33:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.176818.321797 (Exim 4.92) (envelope-from ) id 1mLcXw-0008EY-P4; Thu, 02 Sep 2021 02:33:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 176818.321797; Thu, 02 Sep 2021 02:33:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcXw-0008EQ-Li; Thu, 02 Sep 2021 02:33:44 +0000 Received: by outflank-mailman (input) for mailman id 176818; Thu, 02 Sep 2021 02:33:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcXv-0008Dz-3v for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:33:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcXv-0001KZ-38 for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:33:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mLcXv-0006dJ-1k for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:33:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=zlHcsaq6oUEskk/S6D7LeJm9o9jsoLerEwAHQecZt2g=; b=X5UJVpI/WWrBIQmLoecaS0ZBmN XHglVR4qB+uOZpkCby780F2313gwSK5UM2VhL86NtzNuVJ9/jExOYPmLCUYD8mkkw7G174vifzELL QlazIVNbcEX+IjSrFiWGYInGPHIPW3fh9s+WR39MvytzOVkYzHxQkBgKv+re1RtsRPFs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.11] x86/p2m: don't assert that the passed in MFN matches for a remove Message-Id: Date: Thu, 02 Sep 2021 02:33:43 +0000 commit 66f400c71d12fe8adfb895984b14f2941e8cb6ce Author: Jan Beulich AuthorDate: Wed Aug 25 15:59:28 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:59:28 2021 +0200 x86/p2m: don't assert that the passed in MFN matches for a remove guest_physmap_remove_page() gets handed an MFN from the outside, yet takes the necessary lock to prevent further changes to the GFN <-> MFN mapping itself. While some callers, in particular guest_remove_page() (by way of having called get_gfn_query()), hold the GFN lock already, various others (most notably perhaps the 2nd instance in xenmem_add_to_physmap_one()) don't. While it also is an option to fix all the callers, deal with the issue in p2m_remove_page() instead: Replace the ASSERT() by a conditional and split the loop into two, such that all checking gets done before any modification would occur. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Acked-by: Andrew Cooper master commit: c65ea16dbcafbe4fe21693b18f8c2a3c5d14600e master date: 2020-04-03 10:56:55 +0200 --- xen/arch/x86/mm/p2m.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 9674ff087c..b8480e0e1c 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -708,7 +708,6 @@ p2m_remove_page(struct p2m_domain *p2m, unsigned long gfn_l, unsigned long mfn, { unsigned long i; gfn_t gfn = _gfn(gfn_l); - mfn_t mfn_return; p2m_type_t t; p2m_access_t a; @@ -719,15 +718,26 @@ p2m_remove_page(struct p2m_domain *p2m, unsigned long gfn_l, unsigned long mfn, ASSERT(gfn_locked_by_me(p2m, gfn)); P2M_DEBUG("removing gfn=%#lx mfn=%#lx\n", gfn_l, mfn); + for ( i = 0; i < (1UL << page_order); ) + { + unsigned int cur_order; + mfn_t mfn_return = p2m->get_entry(p2m, gfn_add(gfn, i), &t, &a, 0, + &cur_order, NULL); + + if ( p2m_is_valid(t) && + (!mfn_valid(_mfn(mfn)) || mfn + i != mfn_x(mfn_return)) ) + return -EILSEQ; + + i += (1UL << cur_order) - ((gfn_l + i) & ((1UL << cur_order) - 1)); + } + if ( mfn_valid(_mfn(mfn)) ) { for ( i = 0; i < (1UL << page_order); i++ ) { - mfn_return = p2m->get_entry(p2m, gfn_add(gfn, i), &t, &a, 0, - NULL, NULL); + p2m->get_entry(p2m, gfn_add(gfn, i), &t, &a, 0, NULL, NULL); if ( !p2m_is_grant(t) && !p2m_is_shared(t) && !p2m_is_foreign(t) ) set_gpfn_from_mfn(mfn+i, INVALID_M2P_ENTRY); - ASSERT( !p2m_is_valid(t) || mfn + i == mfn_x(mfn_return) ); } } return p2m_set_entry(p2m, gfn, INVALID_MFN, page_order, p2m_invalid, -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.11 From xen-changelog-bounces@lists.xenproject.org Thu Sep 02 02:33:54 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 02 Sep 2021 02:33:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.176819.321800 (Exim 4.92) (envelope-from ) id 1mLcY6-0008H7-QF; Thu, 02 Sep 2021 02:33:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 176819.321800; Thu, 02 Sep 2021 02:33:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcY6-0008Gz-ND; Thu, 02 Sep 2021 02:33:54 +0000 Received: by outflank-mailman (input) for mailman id 176819; Thu, 02 Sep 2021 02:33:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcY5-0008Gp-7V for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:33:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcY5-0001Kl-6p for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:33:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mLcY5-0006eU-5m for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:33:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=6BgN1F8xSZF60uGS9R3tHiMWhao4wBuQgB5NnG/L92M=; b=o4T/FftXvr9pVO+Evmf43hQw+5 o7keMq/3ZpLVj4OoiWvZKjU64mwg+Jzt5IdWUjGEPB5P0gilGLth0kh8dzFyI7QkOBVL25u641hh4 QisMg8KhwATjVKYf1K9Ed8UatF88CqrmoO1mS9h3j5Ar3sR/TGA/L+KJV9OGmf6//nmo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.11] AMD/IOMMU: correct global exclusion range extending Message-Id: Date: Thu, 02 Sep 2021 02:33:53 +0000 commit 3da2f2b0fce27a5de8d875671588580f210ec37c Author: Jan Beulich AuthorDate: Wed Aug 25 16:00:06 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 16:00:06 2021 +0200 AMD/IOMMU: correct global exclusion range extending Besides unity mapping regions, the AMD IOMMU spec also provides for exclusion ranges (areas of memory not to be subject to DMA translation) to be specified by firmware in the ACPI tables. The spec does not put any constraints on the number of such regions. Blindly assuming all addresses between any two such ranges should also be excluded can't be right. Since hardware has room for just a single such range (comprised of the Exclusion Base Register and the Exclusion Range Limit Register), combine only adjacent or overlapping regions (for now; this may require further adjustment in case table entries aren't sorted by address) with matching exclusion_allow_all settings. This requires bubbling up error indicators, such that IOMMU init can be failed when concatenation wasn't possible. Furthermore, since the exclusion range specified in IOMMU registers implies R/W access, reject requests asking for less permissions (this will be brought closer to the spec by a subsequent change). This is part of XSA-378 / CVE-2021-28695. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: b02c5c88982411be11e3413159862f255f1f39dc master date: 2021-08-25 14:12:13 +0200 --- xen/drivers/passthrough/amd/iommu_acpi.c | 45 +++++++++++++++++++++----------- 1 file changed, 30 insertions(+), 15 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c b/xen/drivers/passthrough/amd/iommu_acpi.c index 64d10481d7..9f7659340a 100644 --- a/xen/drivers/passthrough/amd/iommu_acpi.c +++ b/xen/drivers/passthrough/amd/iommu_acpi.c @@ -98,12 +98,21 @@ static struct amd_iommu * __init find_iommu_from_bdf_cap( return NULL; } -static void __init reserve_iommu_exclusion_range( - struct amd_iommu *iommu, uint64_t base, uint64_t limit) +static int __init reserve_iommu_exclusion_range( + struct amd_iommu *iommu, uint64_t base, uint64_t limit, + bool all, bool iw, bool ir) { + if ( !ir || !iw ) + return -EPERM; + /* need to extend exclusion range? */ if ( iommu->exclusion_enable ) { + if ( iommu->exclusion_limit + PAGE_SIZE < base || + limit + PAGE_SIZE < iommu->exclusion_base || + iommu->exclusion_allow_all != all ) + return -EBUSY; + if ( iommu->exclusion_base < base ) base = iommu->exclusion_base; if ( iommu->exclusion_limit > limit ) @@ -111,16 +120,11 @@ static void __init reserve_iommu_exclusion_range( } iommu->exclusion_enable = IOMMU_CONTROL_ENABLED; + iommu->exclusion_allow_all = all; iommu->exclusion_base = base; iommu->exclusion_limit = limit; -} -static void __init reserve_iommu_exclusion_range_all( - struct amd_iommu *iommu, - unsigned long base, unsigned long limit) -{ - reserve_iommu_exclusion_range(iommu, base, limit); - iommu->exclusion_allow_all = IOMMU_CONTROL_ENABLED; + return 0; } static void __init reserve_unity_map_for_device( @@ -158,6 +162,7 @@ static int __init register_exclusion_range_for_all_devices( unsigned long range_top, iommu_top, length; struct amd_iommu *iommu; unsigned int bdf; + int rc = 0; /* is part of exclusion range inside of IOMMU virtual address space? */ /* note: 'limit' parameter is assumed to be page-aligned */ @@ -179,10 +184,15 @@ static int __init register_exclusion_range_for_all_devices( if ( limit >= iommu_top ) { for_each_amd_iommu( iommu ) - reserve_iommu_exclusion_range_all(iommu, base, limit); + { + rc = reserve_iommu_exclusion_range(iommu, base, limit, + true /* all */, iw, ir); + if ( rc ) + break; + } } - return 0; + return rc; } static int __init register_exclusion_range_for_device( @@ -193,6 +203,7 @@ static int __init register_exclusion_range_for_device( unsigned long range_top, iommu_top, length; struct amd_iommu *iommu; u16 req; + int rc = 0; iommu = find_iommu_for_device(seg, bdf); if ( !iommu ) @@ -222,12 +233,13 @@ static int __init register_exclusion_range_for_device( /* register IOMMU exclusion range settings for device */ if ( limit >= iommu_top ) { - reserve_iommu_exclusion_range(iommu, base, limit); + rc = reserve_iommu_exclusion_range(iommu, base, limit, + false /* all */, iw, ir); ivrs_mappings[bdf].dte_allow_exclusion = IOMMU_CONTROL_ENABLED; ivrs_mappings[req].dte_allow_exclusion = IOMMU_CONTROL_ENABLED; } - return 0; + return rc; } static int __init register_exclusion_range_for_iommu_devices( @@ -237,6 +249,7 @@ static int __init register_exclusion_range_for_iommu_devices( unsigned long range_top, iommu_top, length; unsigned int bdf; u16 req; + int rc = 0; /* is part of exclusion range inside of IOMMU virtual address space? */ /* note: 'limit' parameter is assumed to be page-aligned */ @@ -267,8 +280,10 @@ static int __init register_exclusion_range_for_iommu_devices( /* register IOMMU exclusion range settings */ if ( limit >= iommu_top ) - reserve_iommu_exclusion_range_all(iommu, base, limit); - return 0; + rc = reserve_iommu_exclusion_range(iommu, base, limit, + true /* all */, iw, ir); + + return rc; } static int __init parse_ivmd_device_select( -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.11 From xen-changelog-bounces@lists.xenproject.org Thu Sep 02 02:34:04 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 02 Sep 2021 02:34:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.176820.321804 (Exim 4.92) (envelope-from ) id 1mLcYG-0008K7-S9; Thu, 02 Sep 2021 02:34:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 176820.321804; Thu, 02 Sep 2021 02:34:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcYG-0008Jz-Oq; Thu, 02 Sep 2021 02:34:04 +0000 Received: by outflank-mailman (input) for mailman id 176820; Thu, 02 Sep 2021 02:34:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcYF-0008Jn-BO for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:34:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcYF-0001LS-Ah for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:34:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mLcYF-0006g3-9j for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:34:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=nLKI7w0Wi3p6pg25wx3XvKPKAPMe5wYJ2fXLZTEdxXk=; b=xE7NCMn/IasnD7oj6ePd+eEtI3 nvjqwUJ2lR4N3EC5YZtXgwMJKkrY4M+zi03WYSE0ANa6kPnHVwc5Bj1HfSgb4CME+ZjW8loVI3uWt nMA7Ik8miGNwr6J7xXYViVnikgErZGtLWP8NaolmGd/Wmv4HPxFUjM5IlEiul8UfWQog=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.11] AMD/IOMMU: correct device unity map handling Message-Id: Date: Thu, 02 Sep 2021 02:34:03 +0000 commit c18e200eb657fd37b970aabbdae637878d055801 Author: Jan Beulich AuthorDate: Wed Aug 25 16:00:28 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 16:00:28 2021 +0200 AMD/IOMMU: correct device unity map handling Blindly assuming all addresses between any two such ranges, specified by firmware in the ACPI tables, should also be unity-mapped can't be right. Nor can it be correct to merge ranges with differing permissions. Track ranges individually; don't merge at all, but check for overlaps instead. This requires bubbling up error indicators, such that IOMMU init can be failed when allocation of a new tracking struct wasn't possible, or an overlap was detected. At this occasion also stop ignoring amd_iommu_reserve_domain_unity_map()'s return value. This is part of XSA-378 / CVE-2021-28695. Signed-off-by: Jan Beulich Reviewed-by: George Dunlap Reviewed-by: Paul Durrant master commit: 34750a3eb022462cdd1c36e8ef9049d3d73c824c master date: 2021-08-25 14:15:11 +0200 --- xen/drivers/passthrough/amd/iommu_acpi.c | 80 +++++++++++++++++------------ xen/drivers/passthrough/amd/iommu_init.c | 1 - xen/drivers/passthrough/amd/pci_amd_iommu.c | 16 +++--- xen/include/asm-x86/amd-iommu.h | 14 +++-- 4 files changed, 66 insertions(+), 45 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c b/xen/drivers/passthrough/amd/iommu_acpi.c index 9f7659340a..a477877f32 100644 --- a/xen/drivers/passthrough/amd/iommu_acpi.c +++ b/xen/drivers/passthrough/amd/iommu_acpi.c @@ -127,32 +127,48 @@ static int __init reserve_iommu_exclusion_range( return 0; } -static void __init reserve_unity_map_for_device( - u16 seg, u16 bdf, unsigned long base, - unsigned long length, u8 iw, u8 ir) +static int __init reserve_unity_map_for_device( + uint16_t seg, uint16_t bdf, unsigned long base, + unsigned long length, bool iw, bool ir) { struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(seg); - unsigned long old_top, new_top; + struct ivrs_unity_map *unity_map = ivrs_mappings[bdf].unity_map; - /* need to extend unity-mapped range? */ - if ( ivrs_mappings[bdf].unity_map_enable ) + /* Check for overlaps. */ + for ( ; unity_map; unity_map = unity_map->next ) { - old_top = ivrs_mappings[bdf].addr_range_start + - ivrs_mappings[bdf].addr_range_length; - new_top = base + length; - if ( old_top > new_top ) - new_top = old_top; - if ( ivrs_mappings[bdf].addr_range_start < base ) - base = ivrs_mappings[bdf].addr_range_start; - length = new_top - base; + /* + * Exact matches are okay. This can in particular happen when + * register_exclusion_range_for_device() calls here twice for the + * same (s,b,d,f). + */ + if ( base == unity_map->addr && length == unity_map->length && + ir == unity_map->read && iw == unity_map->write ) + return 0; + + if ( unity_map->addr + unity_map->length > base && + base + length > unity_map->addr ) + { + AMD_IOMMU_DEBUG("IVMD Error: overlap [%lx,%lx) vs [%lx,%lx)\n", + base, base + length, unity_map->addr, + unity_map->addr + unity_map->length); + return -EPERM; + } } - /* extend r/w permissioms and keep aggregate */ - ivrs_mappings[bdf].write_permission = iw; - ivrs_mappings[bdf].read_permission = ir; - ivrs_mappings[bdf].unity_map_enable = IOMMU_CONTROL_ENABLED; - ivrs_mappings[bdf].addr_range_start = base; - ivrs_mappings[bdf].addr_range_length = length; + /* Populate and insert a new unity map. */ + unity_map = xmalloc(struct ivrs_unity_map); + if ( !unity_map ) + return -ENOMEM; + + unity_map->read = ir; + unity_map->write = iw; + unity_map->addr = base; + unity_map->length = length; + unity_map->next = ivrs_mappings[bdf].unity_map; + ivrs_mappings[bdf].unity_map = unity_map; + + return 0; } static int __init register_exclusion_range_for_all_devices( @@ -175,13 +191,13 @@ static int __init register_exclusion_range_for_all_devices( length = range_top - base; /* reserve r/w unity-mapped page entries for devices */ /* note: these entries are part of the exclusion range */ - for ( bdf = 0; bdf < ivrs_bdf_entries; bdf++ ) - reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); + for ( bdf = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) + rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); /* push 'base' just outside of virtual address space */ base = iommu_top; } /* register IOMMU exclusion range settings */ - if ( limit >= iommu_top ) + if ( !rc && limit >= iommu_top ) { for_each_amd_iommu( iommu ) { @@ -223,15 +239,15 @@ static int __init register_exclusion_range_for_device( length = range_top - base; /* reserve unity-mapped page entries for device */ /* note: these entries are part of the exclusion range */ - reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); - reserve_unity_map_for_device(seg, req, base, length, iw, ir); + rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir) ?: + reserve_unity_map_for_device(seg, req, base, length, iw, ir); /* push 'base' just outside of virtual address space */ base = iommu_top; } /* register IOMMU exclusion range settings for device */ - if ( limit >= iommu_top ) + if ( !rc && limit >= iommu_top ) { rc = reserve_iommu_exclusion_range(iommu, base, limit, false /* all */, iw, ir); @@ -262,15 +278,15 @@ static int __init register_exclusion_range_for_iommu_devices( length = range_top - base; /* reserve r/w unity-mapped page entries for devices */ /* note: these entries are part of the exclusion range */ - for ( bdf = 0; bdf < ivrs_bdf_entries; bdf++ ) + for ( bdf = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) { if ( iommu == find_iommu_for_device(iommu->seg, bdf) ) { - reserve_unity_map_for_device(iommu->seg, bdf, base, length, - iw, ir); req = get_ivrs_mappings(iommu->seg)[bdf].dte_requestor_id; - reserve_unity_map_for_device(iommu->seg, req, base, length, - iw, ir); + rc = reserve_unity_map_for_device(iommu->seg, bdf, base, length, + iw, ir) ?: + reserve_unity_map_for_device(iommu->seg, req, base, length, + iw, ir); } } @@ -279,7 +295,7 @@ static int __init register_exclusion_range_for_iommu_devices( } /* register IOMMU exclusion range settings */ - if ( limit >= iommu_top ) + if ( !rc && limit >= iommu_top ) rc = reserve_iommu_exclusion_range(iommu, base, limit, true /* all */, iw, ir); diff --git a/xen/drivers/passthrough/amd/iommu_init.c b/xen/drivers/passthrough/amd/iommu_init.c index cf792ef77f..38c2f8ba01 100644 --- a/xen/drivers/passthrough/amd/iommu_init.c +++ b/xen/drivers/passthrough/amd/iommu_init.c @@ -1187,7 +1187,6 @@ static int __init alloc_ivrs_mappings(u16 seg) { ivrs_mappings[bdf].dte_requestor_id = bdf; ivrs_mappings[bdf].dte_allow_exclusion = IOMMU_CONTROL_DISABLED; - ivrs_mappings[bdf].unity_map_enable = IOMMU_CONTROL_DISABLED; ivrs_mappings[bdf].iommu = NULL; ivrs_mappings[bdf].intremap_table = NULL; diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 983ece5981..03df7c0dee 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -372,15 +372,17 @@ static int amd_iommu_assign_device(struct domain *d, u8 devfn, struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); int bdf = PCI_BDF2(pdev->bus, devfn); int req_id = get_dma_requestor_id(pdev->seg, bdf); + const struct ivrs_unity_map *unity_map; - if ( ivrs_mappings[req_id].unity_map_enable ) + for ( unity_map = ivrs_mappings[req_id].unity_map; unity_map; + unity_map = unity_map->next ) { - amd_iommu_reserve_domain_unity_map( - d, - ivrs_mappings[req_id].addr_range_start, - ivrs_mappings[req_id].addr_range_length, - ivrs_mappings[req_id].write_permission, - ivrs_mappings[req_id].read_permission); + int rc = amd_iommu_reserve_domain_unity_map( + d, unity_map->addr, unity_map->length, + unity_map->write, unity_map->read); + + if ( rc ) + return rc; } return reassign_device(pdev->domain, d, devfn, pdev); diff --git a/xen/include/asm-x86/amd-iommu.h b/xen/include/asm-x86/amd-iommu.h index 02715b482b..1bba272379 100644 --- a/xen/include/asm-x86/amd-iommu.h +++ b/xen/include/asm-x86/amd-iommu.h @@ -108,15 +108,19 @@ struct amd_iommu { struct list_head ats_devices; }; +struct ivrs_unity_map { + bool read:1; + bool write:1; + paddr_t addr; + unsigned long length; + struct ivrs_unity_map *next; +}; + struct ivrs_mappings { u16 dte_requestor_id; u8 dte_allow_exclusion; - u8 unity_map_enable; - u8 write_permission; - u8 read_permission; - unsigned long addr_range_start; - unsigned long addr_range_length; struct amd_iommu *iommu; + struct ivrs_unity_map *unity_map; /* per device interrupt remapping table */ void *intremap_table; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.11 From xen-changelog-bounces@lists.xenproject.org Thu Sep 02 02:34:14 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 02 Sep 2021 02:34:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.176821.321809 (Exim 4.92) (envelope-from ) id 1mLcYQ-0008NF-UH; Thu, 02 Sep 2021 02:34:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 176821.321809; Thu, 02 Sep 2021 02:34:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcYQ-0008N7-QO; Thu, 02 Sep 2021 02:34:14 +0000 Received: by outflank-mailman (input) for mailman id 176821; Thu, 02 Sep 2021 02:34:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcYP-0008Mr-FP for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:34:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcYP-0001Lb-El for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:34:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mLcYP-0006hQ-Dg for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:34:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OuP0ECXDm2pBGjMEB6WQ1vmsen6xrUw12vYg9kKXb3o=; b=kB7lnYscwOyHs2PIXG406u0Ogc BRuDr/k+81s5JPopK3qXpHT59t7ubniyC7UebF15Y2yeM3kkSndKfkTYbPxFUA+TlloeLuEH8OTZJ n44PxWnpt8HLoMT7jQQP+t1LkIZkfoE3FALsRhkRYVgLVa0ZNgjYXkNQEGHUQZ6lVexE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.11] IOMMU: also pass p2m_access_t to p2m_get_iommu_flags() Message-Id: Date: Thu, 02 Sep 2021 02:34:13 +0000 commit 82e93b8f45887182427aa5089d830a32b1e4424c Author: Jan Beulich AuthorDate: Wed Aug 25 16:00:52 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 16:00:52 2021 +0200 IOMMU: also pass p2m_access_t to p2m_get_iommu_flags() A subsequent change will want to customize the IOMMU permissions based on this. This is part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: d1bb6c97c31ef754fb29b29eb307c090414e8022 master date: 2021-08-25 14:15:32 +0200 --- xen/arch/x86/mm/p2m-ept.c | 6 +++--- xen/arch/x86/mm/p2m-pt.c | 19 ++++++++++++++++--- xen/include/asm-x86/p2m.h | 3 ++- 3 files changed, 21 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/mm/p2m-ept.c b/xen/arch/x86/mm/p2m-ept.c index e0fec73e3f..b4e8d91a94 100644 --- a/xen/arch/x86/mm/p2m-ept.c +++ b/xen/arch/x86/mm/p2m-ept.c @@ -711,7 +711,7 @@ ept_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, uint8_t ipat = 0; bool_t need_modify_vtd_table = 1; bool_t vtd_pte_present = 0; - unsigned int iommu_flags = p2m_get_iommu_flags(p2mt, mfn); + unsigned int iommu_flags = p2m_get_iommu_flags(p2mt, p2ma, mfn); bool_t needs_sync = 1; ept_entry_t old_entry = { .epte = 0 }; ept_entry_t new_entry = { .epte = 0 }; @@ -837,8 +837,8 @@ ept_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, /* Safe to read-then-write because we hold the p2m lock */ if ( ept_entry->mfn == new_entry.mfn && - p2m_get_iommu_flags(ept_entry->sa_p2mt, _mfn(ept_entry->mfn)) == - iommu_flags ) + p2m_get_iommu_flags(ept_entry->sa_p2mt, ept_entry->access, + _mfn(ept_entry->mfn)) == iommu_flags ) need_modify_vtd_table = 0; ept_p2m_type_to_flags(p2m, &new_entry, p2mt, p2ma); diff --git a/xen/arch/x86/mm/p2m-pt.c b/xen/arch/x86/mm/p2m-pt.c index b8c5d2ed26..0ea41a6ec5 100644 --- a/xen/arch/x86/mm/p2m-pt.c +++ b/xen/arch/x86/mm/p2m-pt.c @@ -471,6 +471,16 @@ int p2m_pt_handle_deferred_changes(uint64_t gpa) return rc; } +/* Reconstruct a fake p2m_access_t from stored PTE flags. */ +static p2m_access_t p2m_flags_to_access(unsigned int flags) +{ + if ( flags & _PAGE_PRESENT ) + return p2m_access_n; + + /* No need to look at _PAGE_NX for now. */ + return flags & _PAGE_RW ? p2m_access_rw : p2m_access_r; +} + /* Returns: 0 for success, -errno for failure */ static int p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, @@ -487,7 +497,7 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, l2_pgentry_t l2e_content; l3_pgentry_t l3e_content; int rc; - unsigned int iommu_pte_flags = p2m_get_iommu_flags(p2mt, mfn); + unsigned int iommu_pte_flags = p2m_get_iommu_flags(p2mt, p2ma, mfn); /* * old_mfn and iommu_old_flags control possible flush/update needs on the * IOMMU: We need to flush when MFN or flags (i.e. permissions) change. @@ -556,6 +566,7 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, old_mfn = l1e_get_pfn(*p2m_entry); iommu_old_flags = p2m_get_iommu_flags(p2m_flags_to_type(flags), + p2m_flags_to_access(flags), _mfn(old_mfn)); } else @@ -602,9 +613,10 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, 0, L1_PAGETABLE_ENTRIES); ASSERT(p2m_entry); old_mfn = l1e_get_pfn(*p2m_entry); + flags = l1e_get_flags(*p2m_entry); iommu_old_flags = - p2m_get_iommu_flags(p2m_flags_to_type(l1e_get_flags(*p2m_entry)), - _mfn(old_mfn)); + p2m_get_iommu_flags(p2m_flags_to_type(flags), + p2m_flags_to_access(flags), _mfn(old_mfn)); if ( mfn_valid(mfn) || p2m_allows_invalid_mfn(p2mt) ) entry_content = p2m_l1e_from_pfn(mfn_x(mfn), @@ -648,6 +660,7 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, old_mfn = l1e_get_pfn(*p2m_entry); iommu_old_flags = p2m_get_iommu_flags(p2m_flags_to_type(flags), + p2m_flags_to_access(flags), _mfn(old_mfn)); } else diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index 3f41deaeea..ebba14a85c 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -839,7 +839,8 @@ int p2m_altp2m_propagate_change(struct domain *d, gfn_t gfn, /* * p2m type to IOMMU flags */ -static inline unsigned int p2m_get_iommu_flags(p2m_type_t p2mt, mfn_t mfn) +static inline unsigned int p2m_get_iommu_flags(p2m_type_t p2mt, + p2m_access_t p2ma, mfn_t mfn) { unsigned int flags; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.11 From xen-changelog-bounces@lists.xenproject.org Thu Sep 02 02:34:25 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 02 Sep 2021 02:34:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.176822.321811 (Exim 4.92) (envelope-from ) id 1mLcYb-0008Qk-15; Thu, 02 Sep 2021 02:34:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 176822.321811; Thu, 02 Sep 2021 02:34:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcYa-0008Qd-UR; Thu, 02 Sep 2021 02:34:24 +0000 Received: by outflank-mailman (input) for mailman id 176822; Thu, 02 Sep 2021 02:34:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcYZ-0008QL-JJ for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:34:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcYZ-0001Lp-IV for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:34:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mLcYZ-0006ia-Hk for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:34:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=itefXJal9J3vPZMucSgT/Xoo9BGM5URcuJpt38CFalc=; b=PC0klIRSe9Ic2WccShKsg+H5aF f42QNxQyR/sBMZ/zlskzp6zqcoeRZaK21WbmvN1HD4LKajYbUmiINDvorMltfubGybJ6TC5IfSMS4 9WvY2CHDv1w4dh0vtQOWtKfFRK6j7Z0F5gSARselSBa/Qf4RJWuJ4zFe6MyAxMnFZWRY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.11] IOMMU: generalize VT-d's tracking of mapped RMRR regions Message-Id: Date: Thu, 02 Sep 2021 02:34:23 +0000 commit fb23026c1489023bdad225795719343c640a97fc Author: Jan Beulich AuthorDate: Wed Aug 25 16:01:16 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 16:01:16 2021 +0200 IOMMU: generalize VT-d's tracking of mapped RMRR regions In order to re-use it elsewhere, move the logic to vendor independent code and strip it of RMRR specifics. Note that the prior "map" parameter gets folded into the new "p2ma" one (which AMD IOMMU code will want to make use of), assigning alternative meaning ("unmap") to p2m_access_x. Prepare set_identity_p2m_entry() and p2m_get_iommu_flags() for getting passed access types other than p2m_access_rw (in the latter case just for p2m_mmio_direct requests). Note also that, to be on the safe side, an overlap check gets added to the main loop of iommu_identity_mapping(). This is part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: c0e19d7c6c42f0bfccccd96b4f7b03b5515e10fc master date: 2021-08-25 14:15:57 +0200 --- xen/arch/x86/mm/p2m.c | 3 +- xen/drivers/passthrough/vtd/iommu.c | 98 +++++-------------------------------- xen/drivers/passthrough/x86/iommu.c | 95 ++++++++++++++++++++++++++++++++++- xen/include/asm-x86/iommu.h | 8 ++- xen/include/asm-x86/mem_access.h | 6 +-- xen/include/asm-x86/p2m.h | 35 +++++++++++-- 6 files changed, 150 insertions(+), 95 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index b8480e0e1c..5802b580ed 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -1157,7 +1157,8 @@ int set_identity_p2m_entry(struct domain *d, unsigned long gfn_l, { if ( !need_iommu(d) ) return 0; - return iommu_map_page(d, gfn_l, gfn_l, IOMMUF_readable|IOMMUF_writable); + return iommu_map_page(d, gfn_l, gfn_l, + p2m_access_to_iommu_flags(p2ma)); } gfn_lock(p2m, gfn, 0); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 698b176a81..3e6fa11dd5 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -42,12 +42,6 @@ #include "vtd.h" #include "../ats.h" -struct mapped_rmrr { - struct list_head list; - u64 base, end; - unsigned int count; -}; - /* Possible unfiltered LAPIC/MSI messages from untrusted sources? */ bool __read_mostly untrusted_msi; @@ -1785,16 +1779,11 @@ out: static void iommu_domain_teardown(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); - struct mapped_rmrr *mrmrr, *tmp; if ( list_empty(&acpi_drhd_units) ) return; - list_for_each_entry_safe ( mrmrr, tmp, &hd->arch.mapped_rmrrs, list ) - { - list_del(&mrmrr->list); - xfree(mrmrr); - } + iommu_identity_map_teardown(d); if ( iommu_use_hap_pt(d) ) return; @@ -1903,74 +1892,6 @@ static void iommu_set_pgd(struct domain *d) pagetable_get_paddr(pagetable_from_mfn(pgd_mfn)); } -static int rmrr_identity_mapping(struct domain *d, bool_t map, - const struct acpi_rmrr_unit *rmrr, - u32 flag) -{ - unsigned long base_pfn = rmrr->base_address >> PAGE_SHIFT_4K; - unsigned long end_pfn = PAGE_ALIGN_4K(rmrr->end_address) >> PAGE_SHIFT_4K; - struct mapped_rmrr *mrmrr; - struct domain_iommu *hd = dom_iommu(d); - - ASSERT(pcidevs_locked()); - ASSERT(rmrr->base_address < rmrr->end_address); - - /* - * No need to acquire hd->arch.mapping_lock: Both insertion and removal - * get done while holding pcidevs_lock. - */ - list_for_each_entry( mrmrr, &hd->arch.mapped_rmrrs, list ) - { - if ( mrmrr->base == rmrr->base_address && - mrmrr->end == rmrr->end_address ) - { - int ret = 0; - - if ( map ) - { - ++mrmrr->count; - return 0; - } - - if ( --mrmrr->count ) - return 0; - - while ( base_pfn < end_pfn ) - { - if ( clear_identity_p2m_entry(d, base_pfn) ) - ret = -ENXIO; - base_pfn++; - } - - list_del(&mrmrr->list); - xfree(mrmrr); - return ret; - } - } - - if ( !map ) - return -ENOENT; - - while ( base_pfn < end_pfn ) - { - int err = set_identity_p2m_entry(d, base_pfn, p2m_access_rw, flag); - - if ( err ) - return err; - base_pfn++; - } - - mrmrr = xmalloc(struct mapped_rmrr); - if ( !mrmrr ) - return -ENOMEM; - mrmrr->base = rmrr->base_address; - mrmrr->end = rmrr->end_address; - mrmrr->count = 1; - list_add_tail(&mrmrr->list, &hd->arch.mapped_rmrrs); - - return 0; -} - static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) { struct acpi_rmrr_unit *rmrr; @@ -2002,7 +1923,9 @@ static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) * Since RMRRs are always reserved in the e820 map for the hardware * domain, there shouldn't be a conflict. */ - ret = rmrr_identity_mapping(pdev->domain, 1, rmrr, 0); + ret = iommu_identity_mapping(pdev->domain, p2m_access_rw, + rmrr->base_address, rmrr->end_address, + 0); if ( ret ) dprintk(XENLOG_ERR VTDPREFIX, "d%d: RMRR mapping failed\n", pdev->domain->domain_id); @@ -2047,7 +1970,8 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) * Any flag is nothing to clear these mappings but here * its always safe and strict to set 0. */ - rmrr_identity_mapping(pdev->domain, 0, rmrr, 0); + iommu_identity_mapping(pdev->domain, p2m_access_x, rmrr->base_address, + rmrr->end_address, 0); } return domain_context_unmap(pdev->domain, devfn, pdev); @@ -2214,7 +2138,8 @@ static void __hwdom_init setup_hwdom_rmrr(struct domain *d) * domain, there shouldn't be a conflict. So its always safe and * strict to set 0. */ - ret = rmrr_identity_mapping(d, 1, rmrr, 0); + ret = iommu_identity_mapping(d, p2m_access_rw, rmrr->base_address, + rmrr->end_address, 0); if ( ret ) dprintk(XENLOG_ERR VTDPREFIX, "IOMMU: mapping reserved region failed\n"); @@ -2371,7 +2296,9 @@ static int reassign_device_ownership( * Any RMRR flag is always ignored when remove a device, * but its always safe and strict to set 0. */ - ret = rmrr_identity_mapping(source, 0, rmrr, 0); + ret = iommu_identity_mapping(source, p2m_access_x, + rmrr->base_address, + rmrr->end_address, 0); if ( ret != -ENOENT ) return ret; } @@ -2468,7 +2395,8 @@ static int intel_iommu_assign_device( PCI_BUS(bdf) == bus && PCI_DEVFN2(bdf) == devfn ) { - ret = rmrr_identity_mapping(d, 1, rmrr, flag); + ret = iommu_identity_mapping(d, p2m_access_rw, rmrr->base_address, + rmrr->end_address, flag); if ( ret ) { int rc; diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index 228409c24a..c467342d36 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -144,7 +144,7 @@ int arch_iommu_domain_init(struct domain *d) struct domain_iommu *hd = dom_iommu(d); spin_lock_init(&hd->arch.mapping_lock); - INIT_LIST_HEAD(&hd->arch.mapped_rmrrs); + INIT_LIST_HEAD(&hd->arch.identity_maps); return 0; } @@ -153,6 +153,99 @@ void arch_iommu_domain_destroy(struct domain *d) { } +struct identity_map { + struct list_head list; + paddr_t base, end; + p2m_access_t access; + unsigned int count; +}; + +int iommu_identity_mapping(struct domain *d, p2m_access_t p2ma, + paddr_t base, paddr_t end, + unsigned int flag) +{ + unsigned long base_pfn = base >> PAGE_SHIFT_4K; + unsigned long end_pfn = PAGE_ALIGN_4K(end) >> PAGE_SHIFT_4K; + struct identity_map *map; + struct domain_iommu *hd = dom_iommu(d); + + ASSERT(pcidevs_locked()); + ASSERT(base < end); + + /* + * No need to acquire hd->arch.mapping_lock: Both insertion and removal + * get done while holding pcidevs_lock. + */ + list_for_each_entry( map, &hd->arch.identity_maps, list ) + { + if ( map->base == base && map->end == end ) + { + int ret = 0; + + if ( p2ma != p2m_access_x ) + { + if ( map->access != p2ma ) + return -EADDRINUSE; + ++map->count; + return 0; + } + + if ( --map->count ) + return 0; + + while ( base_pfn < end_pfn ) + { + if ( clear_identity_p2m_entry(d, base_pfn) ) + ret = -ENXIO; + base_pfn++; + } + + list_del(&map->list); + xfree(map); + + return ret; + } + + if ( end >= map->base && map->end >= base ) + return -EADDRINUSE; + } + + if ( p2ma == p2m_access_x ) + return -ENOENT; + + while ( base_pfn < end_pfn ) + { + int err = set_identity_p2m_entry(d, base_pfn, p2ma, flag); + + if ( err ) + return err; + base_pfn++; + } + + map = xmalloc(struct identity_map); + if ( !map ) + return -ENOMEM; + map->base = base; + map->end = end; + map->access = p2ma; + map->count = 1; + list_add_tail(&map->list, &hd->arch.identity_maps); + + return 0; +} + +void iommu_identity_map_teardown(struct domain *d) +{ + struct domain_iommu *hd = dom_iommu(d); + struct identity_map *map, *tmp; + + list_for_each_entry_safe ( map, tmp, &hd->arch.identity_maps, list ) + { + list_del(&map->list); + xfree(map); + } +} + /* * Local variables: * mode: C diff --git a/xen/include/asm-x86/iommu.h b/xen/include/asm-x86/iommu.h index dfc9b77594..1913606393 100644 --- a/xen/include/asm-x86/iommu.h +++ b/xen/include/asm-x86/iommu.h @@ -16,6 +16,7 @@ #include #include +#include #include #include #include @@ -36,7 +37,7 @@ struct arch_iommu spinlock_t mapping_lock; /* io page table lock */ int agaw; /* adjusted guest address width, 0 is level 2 30-bit */ u64 iommu_bitmap; /* bitmap of iommu(s) that the domain uses */ - struct list_head mapped_rmrrs; + struct list_head identity_maps; /* amd iommu support */ int paging_mode; @@ -94,6 +95,11 @@ bool_t iommu_supports_eim(void); int iommu_enable_x2apic_IR(void); void iommu_disable_x2apic_IR(void); +int iommu_identity_mapping(struct domain *d, p2m_access_t p2ma, + paddr_t base, paddr_t end, + unsigned int flag); +void iommu_identity_map_teardown(struct domain *d); + extern bool untrusted_msi; int pi_update_irte(const struct pi_desc *pi_desc, const struct pirq *pirq, diff --git a/xen/include/asm-x86/mem_access.h b/xen/include/asm-x86/mem_access.h index 4043c9fb4d..c5775edff4 100644 --- a/xen/include/asm-x86/mem_access.h +++ b/xen/include/asm-x86/mem_access.h @@ -44,10 +44,8 @@ bool p2m_mem_access_emulate_check(struct vcpu *v, const vm_event_response_t *rsp); /* Sanity check for mem_access hardware support */ -static inline bool p2m_mem_access_sanity_check(struct domain *d) -{ - return is_hvm_domain(d) && cpu_has_vmx && hap_enabled(d); -} +#define p2m_mem_access_sanity_check(d) \ + (is_hvm_domain(d) && cpu_has_vmx && hap_enabled(d)) #endif /*__ASM_X86_MEM_ACCESS_H__ */ diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index ebba14a85c..0e1888b8b3 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -836,6 +836,34 @@ int p2m_altp2m_propagate_change(struct domain *d, gfn_t gfn, mfn_t mfn, unsigned int page_order, p2m_type_t p2mt, p2m_access_t p2ma); +/* p2m access to IOMMU flags */ +static inline unsigned int p2m_access_to_iommu_flags(p2m_access_t p2ma) +{ + switch ( p2ma ) + { + case p2m_access_rw: + case p2m_access_rwx: + return IOMMUF_readable | IOMMUF_writable; + + case p2m_access_r: + case p2m_access_rx: + case p2m_access_rx2rw: + return IOMMUF_readable; + + case p2m_access_w: + case p2m_access_wx: + return IOMMUF_writable; + + case p2m_access_n: + case p2m_access_x: + case p2m_access_n2rwx: + return 0; + } + + ASSERT_UNREACHABLE(); + return 0; +} + /* * p2m type to IOMMU flags */ @@ -857,9 +885,10 @@ static inline unsigned int p2m_get_iommu_flags(p2m_type_t p2mt, flags = IOMMUF_readable; break; case p2m_mmio_direct: - flags = IOMMUF_readable; - if ( !rangeset_contains_singleton(mmio_ro_ranges, mfn_x(mfn)) ) - flags |= IOMMUF_writable; + flags = p2m_access_to_iommu_flags(p2ma); + if ( (flags & IOMMUF_writable) && + rangeset_contains_singleton(mmio_ro_ranges, mfn_x(mfn)) ) + flags &= ~IOMMUF_writable; break; default: flags = 0; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.11 From xen-changelog-bounces@lists.xenproject.org Thu Sep 02 02:34:34 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 02 Sep 2021 02:34:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.176824.321827 (Exim 4.92) (envelope-from ) id 1mLcYk-0000KB-FJ; Thu, 02 Sep 2021 02:34:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 176824.321827; Thu, 02 Sep 2021 02:34:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcYk-0000K3-Bn; Thu, 02 Sep 2021 02:34:34 +0000 Received: by outflank-mailman (input) for mailman id 176824; Thu, 02 Sep 2021 02:34:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcYj-0000Dm-Mo for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:34:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcYj-0001M6-M3 for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:34:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mLcYj-0006jd-L7 for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:34:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=8K5kWwvalMHIlg4RO0DjOkO6WI1yaD9dU4N8gEE03J0=; b=dX58vwZXUm4E6ULHotc4kfMTPA aSBuAm9Hjz64Zpc60H4PjXxB3Sb1iBcdhFPnIvbq1YGVi+cRlkLmwwe7ElzqFkPAvk4XgvHiA0x9D 0NG5/nytC7iAw/LXg+tv6khS5SHVXdrNbkJYIQ8hyNtBv7/26nR921OuRc8iYLZzB2Qk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.11] AMD/IOMMU: re-arrange/complete re-assignment handling Message-Id: Date: Thu, 02 Sep 2021 02:34:33 +0000 commit ba79e525c1c7982e93d5f889cd66c783ecdf499a Author: Jan Beulich AuthorDate: Wed Aug 25 16:01:42 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 16:01:42 2021 +0200 AMD/IOMMU: re-arrange/complete re-assignment handling Prior to the assignment step having completed successfully, devices should not get associated with their new owner. Hand the device to DomIO (perhaps temporarily), until after the de-assignment step has completed. De-assignment of a device (from other than Dom0) as well as failure of reassign_device() during assignment should result in unity mappings getting torn down. This in turn requires switching to a refcounted mapping approach, as was already used by VT-d for its RMRRs, to prevent unmapping a region used by multiple devices. This is CVE-2021-28696 / part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: 899272539cbe1acda736a850015416fff653a1b6 master date: 2021-08-25 14:16:26 +0200 --- xen/drivers/passthrough/amd/iommu_map.c | 54 +++++++++++++++++++-------- xen/drivers/passthrough/amd/pci_amd_iommu.c | 54 +++++++++++++++++++++------ xen/include/asm-x86/hvm/svm/amd-iommu-proto.h | 6 ++- 3 files changed, 84 insertions(+), 30 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 24d027e7d1..90a801a79d 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -716,27 +716,49 @@ int amd_iommu_unmap_page(struct domain *d, unsigned long gfn) return 0; } -int amd_iommu_reserve_domain_unity_map(struct domain *domain, - u64 phys_addr, - unsigned long size, int iw, int ir) +int amd_iommu_reserve_domain_unity_map(struct domain *d, + const struct ivrs_unity_map *map, + unsigned int flag) { - unsigned long npages, i; - unsigned long gfn; - unsigned int flags = !!ir; - int rt = 0; + int rc; - if ( iw ) - flags |= IOMMUF_writable; + if ( d == dom_io ) + return 0; - npages = region_to_pages(phys_addr, size); - gfn = phys_addr >> PAGE_SHIFT; - for ( i = 0; i < npages; i++ ) + for ( rc = 0; !rc && map; map = map->next ) { - rt = amd_iommu_map_page(domain, gfn +i, gfn +i, flags); - if ( rt != 0 ) - return rt; + p2m_access_t p2ma = p2m_access_n; + + if ( map->read ) + p2ma |= p2m_access_r; + if ( map->write ) + p2ma |= p2m_access_w; + + rc = iommu_identity_mapping(d, p2ma, map->addr, + map->addr + map->length - 1, flag); } - return 0; + + return rc; +} + +int amd_iommu_reserve_domain_unity_unmap(struct domain *d, + const struct ivrs_unity_map *map) +{ + int rc; + + if ( d == dom_io ) + return 0; + + for ( rc = 0; map; map = map->next ) + { + int ret = iommu_identity_mapping(d, p2m_access_x, map->addr, + map->addr + map->length - 1, 0); + + if ( ret && ret != -ENOENT && !rc ) + rc = ret; + } + + return rc; } /* Share p2m table with iommu. */ diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 03df7c0dee..49e34de60b 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -333,6 +333,7 @@ static int reassign_device(struct domain *source, struct domain *target, struct amd_iommu *iommu; int bdf, rc; struct domain_iommu *t = dom_iommu(target); + const struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); bdf = PCI_BDF2(pdev->bus, pdev->devfn); iommu = find_iommu_for_device(pdev->seg, bdf); @@ -347,10 +348,24 @@ static int reassign_device(struct domain *source, struct domain *target, amd_iommu_disable_domain_device(source, iommu, devfn, pdev); - if ( devfn == pdev->devfn ) + /* + * If the device belongs to the hardware domain, and it has a unity mapping, + * don't remove it from the hardware domain, because BIOS may reference that + * mapping. + */ + if ( !is_hardware_domain(source) ) { - list_move(&pdev->domain_list, &target->arch.pdev_list); - pdev->domain = target; + rc = amd_iommu_reserve_domain_unity_unmap( + source, + ivrs_mappings[get_dma_requestor_id(pdev->seg, bdf)].unity_map); + if ( rc ) + return rc; + } + + if ( devfn == pdev->devfn && pdev->domain != dom_io ) + { + list_move(&pdev->domain_list, &dom_io->arch.pdev_list); + pdev->domain = dom_io; } rc = allocate_domain_resources(t); @@ -362,6 +377,12 @@ static int reassign_device(struct domain *source, struct domain *target, pdev->seg, pdev->bus, PCI_SLOT(devfn), PCI_FUNC(devfn), source->domain_id, target->domain_id); + if ( devfn == pdev->devfn && pdev->domain != target ) + { + list_move(&pdev->domain_list, &target->arch.pdev_list); + pdev->domain = target; + } + return 0; } @@ -372,20 +393,28 @@ static int amd_iommu_assign_device(struct domain *d, u8 devfn, struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); int bdf = PCI_BDF2(pdev->bus, devfn); int req_id = get_dma_requestor_id(pdev->seg, bdf); - const struct ivrs_unity_map *unity_map; + int rc = amd_iommu_reserve_domain_unity_map( + d, ivrs_mappings[req_id].unity_map, flag); + + if ( !rc ) + rc = reassign_device(pdev->domain, d, devfn, pdev); - for ( unity_map = ivrs_mappings[req_id].unity_map; unity_map; - unity_map = unity_map->next ) + if ( rc && !is_hardware_domain(d) ) { - int rc = amd_iommu_reserve_domain_unity_map( - d, unity_map->addr, unity_map->length, - unity_map->write, unity_map->read); + int ret = amd_iommu_reserve_domain_unity_unmap( + d, ivrs_mappings[req_id].unity_map); - if ( rc ) - return rc; + if ( ret ) + { + printk(XENLOG_ERR "AMD-Vi: " + "unity-unmap for d%d/%04x:%02x:%02x.%u failed (%d)\n", + d->domain_id, pdev->seg, pdev->bus, + PCI_SLOT(devfn), PCI_FUNC(devfn), ret); + domain_crash(d); + } } - return reassign_device(pdev->domain, d, devfn, pdev); + return rc; } static void deallocate_next_page_table(struct page_info *pg, int level) @@ -451,6 +480,7 @@ static void deallocate_iommu_page_tables(struct domain *d) static void amd_iommu_domain_destroy(struct domain *d) { + iommu_identity_map_teardown(d); deallocate_iommu_page_tables(d); amd_iommu_flush_all_pages(d); } diff --git a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h index 22d6614169..7c082ef88e 100644 --- a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h +++ b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h @@ -60,8 +60,10 @@ int __must_check amd_iommu_unmap_page(struct domain *d, unsigned long gfn); u64 amd_iommu_get_next_table_from_pte(u32 *entry); int __must_check amd_iommu_alloc_root(struct domain_iommu *hd); int amd_iommu_reserve_domain_unity_map(struct domain *domain, - u64 phys_addr, unsigned long size, - int iw, int ir); + const struct ivrs_unity_map *map, + unsigned int flag); +int amd_iommu_reserve_domain_unity_unmap(struct domain *d, + const struct ivrs_unity_map *map); /* Share p2m table with iommu */ void amd_iommu_share_p2m(struct domain *d); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.11 From xen-changelog-bounces@lists.xenproject.org Thu Sep 02 02:34:44 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 02 Sep 2021 02:34:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.176825.321830 (Exim 4.92) (envelope-from ) id 1mLcYu-0000Sn-GX; Thu, 02 Sep 2021 02:34:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 176825.321830; Thu, 02 Sep 2021 02:34:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcYu-0000Sd-DW; Thu, 02 Sep 2021 02:34:44 +0000 Received: by outflank-mailman (input) for mailman id 176825; Thu, 02 Sep 2021 02:34:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcYt-0000SG-QY for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:34:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcYt-0001MK-Pk for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:34:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mLcYt-0006ks-Oi for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:34:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=AROju3Ggu9C8L7hhBVr5Xydh/GgUN0IVGKv7QKnMl18=; b=f46lLY7jFNXa2eIoybWrwWjJHg npO9aN68e2+HvdJxyjiBIyyXgHYzFHZkltLt41fta07vxdd44YaHUnZB24Y3/q/QEb5V9C/auJ9Fw oFfSqEBKzI+h7JVzXGPDdQWGjADmRdZDrw6KgihazWAvC/b8sZhnBfB93Ev/4qQl5q3s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.11] AMD/IOMMU: re-arrange exclusion range and unity map recording Message-Id: Date: Thu, 02 Sep 2021 02:34:43 +0000 commit 2468d8ebc2b0f0aabf621fd712e7ba7d8529d336 Author: Jan Beulich AuthorDate: Wed Aug 25 16:01:59 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 16:01:59 2021 +0200 AMD/IOMMU: re-arrange exclusion range and unity map recording The spec makes no provisions for OS behavior here to depend on the amount of RAM found on the system. While the spec may not sufficiently clearly distinguish both kinds of regions, they are surely meant to be separate things: Only regions with ACPI_IVMD_EXCLUSION_RANGE set should be candidates for putting in the exclusion range registers. (As there's only a single such pair of registers per IOMMU, secondary non-adjacent regions with the flag set already get converted to unity mapped regions.) First of all, drop the dependency on max_page. With commit b4f042236ae0 ("AMD/IOMMU: Cease using a dynamic height for the IOMMU pagetables") the use of it here was stale anyway; it was bogus already before, as it didn't account for max_page getting increased later on. Simply try an exclusion range registration first, and if it fails (for being unsuitable or non-mergeable), register a unity mapping range. With this various local variables become unnecessary and hence get dropped at the same time. With the max_page boundary dropped for using unity maps, the minimum page table tree height now needs both recording and enforcing in amd_iommu_domain_init(). Since we can't predict which devices may get assigned to a domain, our only option is to uniformly force at least that height for all domains, now that the height isn't dynamic anymore. Further don't make use of the exclusion range unless ACPI data says so. Note that exclusion range registration in register_range_for_all_devices() is on a best effort basis. Hence unity map entries also registered are redundant when the former succeeded, but they also do no harm. Improvements in this area can be done later imo. Also adjust types where suitable without touching extra lines. This is part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: 8ea80530cd0dbb8ffa7ac92606a3ee29663fdc93 master date: 2021-08-25 14:16:46 +0200 --- xen/drivers/passthrough/amd/iommu_acpi.c | 184 +++++++++++--------------- xen/drivers/passthrough/amd/pci_amd_iommu.c | 12 +- xen/include/asm-x86/hvm/svm/amd-iommu-proto.h | 2 + 3 files changed, 90 insertions(+), 108 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c b/xen/drivers/passthrough/amd/iommu_acpi.c index a477877f32..dc940a8c8c 100644 --- a/xen/drivers/passthrough/amd/iommu_acpi.c +++ b/xen/drivers/passthrough/amd/iommu_acpi.c @@ -99,12 +99,8 @@ static struct amd_iommu * __init find_iommu_from_bdf_cap( } static int __init reserve_iommu_exclusion_range( - struct amd_iommu *iommu, uint64_t base, uint64_t limit, - bool all, bool iw, bool ir) + struct amd_iommu *iommu, paddr_t base, paddr_t limit, bool all) { - if ( !ir || !iw ) - return -EPERM; - /* need to extend exclusion range? */ if ( iommu->exclusion_enable ) { @@ -133,14 +129,18 @@ static int __init reserve_unity_map_for_device( { struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(seg); struct ivrs_unity_map *unity_map = ivrs_mappings[bdf].unity_map; + int paging_mode = amd_iommu_get_paging_mode(PFN_UP(base + length)); + + if ( paging_mode < 0 ) + return paging_mode; /* Check for overlaps. */ for ( ; unity_map; unity_map = unity_map->next ) { /* * Exact matches are okay. This can in particular happen when - * register_exclusion_range_for_device() calls here twice for the - * same (s,b,d,f). + * register_range_for_device() calls here twice for the same + * (s,b,d,f). */ if ( base == unity_map->addr && length == unity_map->length && ir == unity_map->read && iw == unity_map->write ) @@ -168,55 +168,52 @@ static int __init reserve_unity_map_for_device( unity_map->next = ivrs_mappings[bdf].unity_map; ivrs_mappings[bdf].unity_map = unity_map; + if ( paging_mode > amd_iommu_min_paging_mode ) + amd_iommu_min_paging_mode = paging_mode; + return 0; } -static int __init register_exclusion_range_for_all_devices( - unsigned long base, unsigned long limit, u8 iw, u8 ir) +static int __init register_range_for_all_devices( + paddr_t base, paddr_t limit, bool iw, bool ir, bool exclusion) { int seg = 0; /* XXX */ - unsigned long range_top, iommu_top, length; struct amd_iommu *iommu; - unsigned int bdf; int rc = 0; /* is part of exclusion range inside of IOMMU virtual address space? */ /* note: 'limit' parameter is assumed to be page-aligned */ - range_top = limit + PAGE_SIZE; - iommu_top = max_page * PAGE_SIZE; - if ( base < iommu_top ) - { - if ( range_top > iommu_top ) - range_top = iommu_top; - length = range_top - base; - /* reserve r/w unity-mapped page entries for devices */ - /* note: these entries are part of the exclusion range */ - for ( bdf = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) - rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); - /* push 'base' just outside of virtual address space */ - base = iommu_top; - } - /* register IOMMU exclusion range settings */ - if ( !rc && limit >= iommu_top ) + if ( exclusion ) { for_each_amd_iommu( iommu ) { - rc = reserve_iommu_exclusion_range(iommu, base, limit, - true /* all */, iw, ir); - if ( rc ) - break; + int ret = reserve_iommu_exclusion_range(iommu, base, limit, + true /* all */); + + if ( ret && !rc ) + rc = ret; } } + if ( !exclusion || rc ) + { + paddr_t length = limit + PAGE_SIZE - base; + unsigned int bdf; + + /* reserve r/w unity-mapped page entries for devices */ + for ( bdf = rc = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) + rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); + } + return rc; } -static int __init register_exclusion_range_for_device( - u16 bdf, unsigned long base, unsigned long limit, u8 iw, u8 ir) +static int __init register_range_for_device( + unsigned int bdf, paddr_t base, paddr_t limit, + bool iw, bool ir, bool exclusion) { int seg = 0; /* XXX */ struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(seg); - unsigned long range_top, iommu_top, length; struct amd_iommu *iommu; u16 req; int rc = 0; @@ -230,27 +227,19 @@ static int __init register_exclusion_range_for_device( req = ivrs_mappings[bdf].dte_requestor_id; /* note: 'limit' parameter is assumed to be page-aligned */ - range_top = limit + PAGE_SIZE; - iommu_top = max_page * PAGE_SIZE; - if ( base < iommu_top ) + if ( exclusion ) + rc = reserve_iommu_exclusion_range(iommu, base, limit, + false /* all */); + if ( !exclusion || rc ) { - if ( range_top > iommu_top ) - range_top = iommu_top; - length = range_top - base; + paddr_t length = limit + PAGE_SIZE - base; + /* reserve unity-mapped page entries for device */ - /* note: these entries are part of the exclusion range */ rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir) ?: reserve_unity_map_for_device(seg, req, base, length, iw, ir); - - /* push 'base' just outside of virtual address space */ - base = iommu_top; } - - /* register IOMMU exclusion range settings for device */ - if ( !rc && limit >= iommu_top ) + else { - rc = reserve_iommu_exclusion_range(iommu, base, limit, - false /* all */, iw, ir); ivrs_mappings[bdf].dte_allow_exclusion = IOMMU_CONTROL_ENABLED; ivrs_mappings[req].dte_allow_exclusion = IOMMU_CONTROL_ENABLED; } @@ -258,53 +247,42 @@ static int __init register_exclusion_range_for_device( return rc; } -static int __init register_exclusion_range_for_iommu_devices( - struct amd_iommu *iommu, - unsigned long base, unsigned long limit, u8 iw, u8 ir) +static int __init register_range_for_iommu_devices( + struct amd_iommu *iommu, paddr_t base, paddr_t limit, + bool iw, bool ir, bool exclusion) { - unsigned long range_top, iommu_top, length; + /* note: 'limit' parameter is assumed to be page-aligned */ + paddr_t length = limit + PAGE_SIZE - base; unsigned int bdf; u16 req; - int rc = 0; + int rc; - /* is part of exclusion range inside of IOMMU virtual address space? */ - /* note: 'limit' parameter is assumed to be page-aligned */ - range_top = limit + PAGE_SIZE; - iommu_top = max_page * PAGE_SIZE; - if ( base < iommu_top ) + if ( exclusion ) { - if ( range_top > iommu_top ) - range_top = iommu_top; - length = range_top - base; - /* reserve r/w unity-mapped page entries for devices */ - /* note: these entries are part of the exclusion range */ - for ( bdf = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) - { - if ( iommu == find_iommu_for_device(iommu->seg, bdf) ) - { - req = get_ivrs_mappings(iommu->seg)[bdf].dte_requestor_id; - rc = reserve_unity_map_for_device(iommu->seg, bdf, base, length, - iw, ir) ?: - reserve_unity_map_for_device(iommu->seg, req, base, length, - iw, ir); - } - } - - /* push 'base' just outside of virtual address space */ - base = iommu_top; + rc = reserve_iommu_exclusion_range(iommu, base, limit, true /* all */); + if ( !rc ) + return 0; } - /* register IOMMU exclusion range settings */ - if ( !rc && limit >= iommu_top ) - rc = reserve_iommu_exclusion_range(iommu, base, limit, - true /* all */, iw, ir); + /* reserve unity-mapped page entries for devices */ + for ( bdf = rc = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) + { + if ( iommu != find_iommu_for_device(iommu->seg, bdf) ) + continue; + + req = get_ivrs_mappings(iommu->seg)[bdf].dte_requestor_id; + rc = reserve_unity_map_for_device(iommu->seg, bdf, base, length, + iw, ir) ?: + reserve_unity_map_for_device(iommu->seg, req, base, length, + iw, ir); + } return rc; } static int __init parse_ivmd_device_select( const struct acpi_ivrs_memory *ivmd_block, - unsigned long base, unsigned long limit, u8 iw, u8 ir) + paddr_t base, paddr_t limit, bool iw, bool ir, bool exclusion) { u16 bdf; @@ -315,12 +293,12 @@ static int __init parse_ivmd_device_select( return -ENODEV; } - return register_exclusion_range_for_device(bdf, base, limit, iw, ir); + return register_range_for_device(bdf, base, limit, iw, ir, exclusion); } static int __init parse_ivmd_device_range( const struct acpi_ivrs_memory *ivmd_block, - unsigned long base, unsigned long limit, u8 iw, u8 ir) + paddr_t base, paddr_t limit, bool iw, bool ir, bool exclusion) { unsigned int first_bdf, last_bdf, bdf; int error; @@ -342,15 +320,15 @@ static int __init parse_ivmd_device_range( } for ( bdf = first_bdf, error = 0; (bdf <= last_bdf) && !error; bdf++ ) - error = register_exclusion_range_for_device( - bdf, base, limit, iw, ir); + error = register_range_for_device( + bdf, base, limit, iw, ir, exclusion); return error; } static int __init parse_ivmd_device_iommu( const struct acpi_ivrs_memory *ivmd_block, - unsigned long base, unsigned long limit, u8 iw, u8 ir) + paddr_t base, paddr_t limit, bool iw, bool ir, bool exclusion) { int seg = 0; /* XXX */ struct amd_iommu *iommu; @@ -365,14 +343,14 @@ static int __init parse_ivmd_device_iommu( return -ENODEV; } - return register_exclusion_range_for_iommu_devices( - iommu, base, limit, iw, ir); + return register_range_for_iommu_devices( + iommu, base, limit, iw, ir, exclusion); } static int __init parse_ivmd_block(const struct acpi_ivrs_memory *ivmd_block) { unsigned long start_addr, mem_length, base, limit; - u8 iw, ir; + bool iw = true, ir = true, exclusion = false; if ( ivmd_block->header.length < sizeof(*ivmd_block) ) { @@ -389,13 +367,11 @@ static int __init parse_ivmd_block(const struct acpi_ivrs_memory *ivmd_block) ivmd_block->header.type, start_addr, mem_length); if ( ivmd_block->header.flags & ACPI_IVMD_EXCLUSION_RANGE ) - iw = ir = IOMMU_CONTROL_ENABLED; + exclusion = true; else if ( ivmd_block->header.flags & ACPI_IVMD_UNITY ) { - iw = ivmd_block->header.flags & ACPI_IVMD_READ ? - IOMMU_CONTROL_ENABLED : IOMMU_CONTROL_DISABLED; - ir = ivmd_block->header.flags & ACPI_IVMD_WRITE ? - IOMMU_CONTROL_ENABLED : IOMMU_CONTROL_DISABLED; + iw = ivmd_block->header.flags & ACPI_IVMD_READ; + ir = ivmd_block->header.flags & ACPI_IVMD_WRITE; } else { @@ -406,20 +382,20 @@ static int __init parse_ivmd_block(const struct acpi_ivrs_memory *ivmd_block) switch( ivmd_block->header.type ) { case ACPI_IVRS_TYPE_MEMORY_ALL: - return register_exclusion_range_for_all_devices( - base, limit, iw, ir); + return register_range_for_all_devices( + base, limit, iw, ir, exclusion); case ACPI_IVRS_TYPE_MEMORY_ONE: - return parse_ivmd_device_select(ivmd_block, - base, limit, iw, ir); + return parse_ivmd_device_select(ivmd_block, base, limit, + iw, ir, exclusion); case ACPI_IVRS_TYPE_MEMORY_RANGE: - return parse_ivmd_device_range(ivmd_block, - base, limit, iw, ir); + return parse_ivmd_device_range(ivmd_block, base, limit, + iw, ir, exclusion); case ACPI_IVRS_TYPE_MEMORY_IOMMU: - return parse_ivmd_device_iommu(ivmd_block, - base, limit, iw, ir); + return parse_ivmd_device_iommu(ivmd_block, base, limit, + iw, ir, exclusion); default: AMD_IOMMU_DEBUG("IVMD Error: Invalid Block Type!\n"); diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 49e34de60b..3d755ca6e4 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -218,6 +218,8 @@ static int __must_check allocate_domain_resources(struct domain_iommu *hd) return rc; } +int __read_mostly amd_iommu_min_paging_mode = 1; + static int amd_iommu_domain_init(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); @@ -229,11 +231,13 @@ static int amd_iommu_domain_init(struct domain *d) * - HVM could in principle use 3 or 4 depending on how much guest * physical address space we give it, but this isn't known yet so use 4 * unilaterally. + * - Unity maps may require an even higher number. */ - hd->arch.paging_mode = amd_iommu_get_paging_mode( - is_hvm_domain(d) - ? 1ul << (DEFAULT_DOMAIN_ADDRESS_WIDTH - PAGE_SHIFT) - : get_upper_mfn_bound() + 1); + hd->arch.paging_mode = max(amd_iommu_get_paging_mode( + is_hvm_domain(d) + ? 1ul << (DEFAULT_DOMAIN_ADDRESS_WIDTH - PAGE_SHIFT) + : get_upper_mfn_bound() + 1), + amd_iommu_min_paging_mode); return 0; } diff --git a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h index 7c082ef88e..b85843ef80 100644 --- a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h +++ b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h @@ -126,6 +126,8 @@ extern struct hpet_sbdf { } init; } hpet_sbdf; +extern int amd_iommu_min_paging_mode; + extern void *shared_intremap_table; extern unsigned long *shared_intremap_inuse; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.11 From xen-changelog-bounces@lists.xenproject.org Thu Sep 02 02:34:54 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 02 Sep 2021 02:34:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.176830.321835 (Exim 4.92) (envelope-from ) id 1mLcZ4-0000fu-Jh; Thu, 02 Sep 2021 02:34:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 176830.321835; Thu, 02 Sep 2021 02:34:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcZ4-0000fm-GV; Thu, 02 Sep 2021 02:34:54 +0000 Received: by outflank-mailman (input) for mailman id 176830; Thu, 02 Sep 2021 02:34:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcZ3-0000fd-U6 for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:34:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcZ3-0001Ma-TS for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:34:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mLcZ3-0006m4-Se for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:34:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=mQrWSqfnuQQTbLOaBgqmmxfIvkvyiXBLKt4YXKQDkKU=; b=Kn55TX9gla+qLkn+gAsWyVH9Q5 nYypc1gonFVwMU7yABESSnV4lt3a0pRm+WSciBqxUzputgHcjijTtvuIyRrmFC5j+dvoonEeZnCXH tr2Zmwi1P0sAwQEUQcPrETCFkd0w+tpF4P13OutqEwpCG6EjFmNoFczIQUGT7H17u+oM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.11] x86/p2m: introduce p2m_is_special() Message-Id: Date: Thu, 02 Sep 2021 02:34:53 +0000 commit f5ec482659b62229b2390cb0662918150076863b Author: Jan Beulich AuthorDate: Wed Aug 25 16:02:17 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 16:02:17 2021 +0200 x86/p2m: introduce p2m_is_special() Seeing the similarity of grant, foreign, and (subsequently) direct-MMIO handling, introduce a new P2M type group named "special" (as in "needing special accessors to create/destroy"). Also use -EPERM instead of other error codes on the two domain_crash() paths touched. This is part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: 0bf755e2c856628e11e93c76c3e12974e9964638 master date: 2021-08-25 14:17:07 +0200 --- xen/arch/x86/mm/p2m.c | 15 +++++++-------- xen/include/asm-x86/p2m.h | 5 +++++ 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 5802b580ed..cebfabba7d 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -736,7 +736,7 @@ p2m_remove_page(struct p2m_domain *p2m, unsigned long gfn_l, unsigned long mfn, for ( i = 0; i < (1UL << page_order); i++ ) { p2m->get_entry(p2m, gfn_add(gfn, i), &t, &a, 0, NULL, NULL); - if ( !p2m_is_grant(t) && !p2m_is_shared(t) && !p2m_is_foreign(t) ) + if ( !p2m_is_special(t) && !p2m_is_shared(t) ) set_gpfn_from_mfn(mfn+i, INVALID_M2P_ENTRY); } } @@ -848,13 +848,13 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, &ot, &a, 0, NULL, NULL); ASSERT(!p2m_is_shared(ot)); } - if ( p2m_is_grant(ot) || p2m_is_foreign(ot) ) + if ( p2m_is_special(ot) ) { - /* Really shouldn't be unmapping grant/foreign maps this way */ + /* Don't permit unmapping grant/foreign this way. */ domain_crash(d); p2m_unlock(p2m); - return -EINVAL; + return -EPERM; } else if ( p2m_is_ram(ot) && !p2m_is_paged(ot) ) { @@ -947,8 +947,7 @@ int p2m_change_type_one(struct domain *d, unsigned long gfn_l, struct p2m_domain *p2m = p2m_get_hostp2m(d); int rc; - BUG_ON(p2m_is_grant(ot) || p2m_is_grant(nt)); - BUG_ON(p2m_is_foreign(ot) || p2m_is_foreign(nt)); + BUG_ON(p2m_is_special(ot) || p2m_is_special(nt)); gfn_lock(p2m, gfn, 0); @@ -1091,11 +1090,11 @@ static int set_typed_p2m_entry(struct domain *d, unsigned long gfn_l, gfn_unlock(p2m, gfn, order); return cur_order + 1; } - if ( p2m_is_grant(ot) || p2m_is_foreign(ot) ) + if ( p2m_is_special(ot) ) { gfn_unlock(p2m, gfn, order); domain_crash(d); - return -ENOENT; + return -EPERM; } else if ( p2m_is_ram(ot) ) { diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index 0e1888b8b3..72a250b93a 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -142,6 +142,10 @@ typedef unsigned int p2m_query_t; | p2m_to_mask(p2m_ram_logdirty) ) #define P2M_SHARED_TYPES (p2m_to_mask(p2m_ram_shared)) +/* Types established/cleaned up via special accessors. */ +#define P2M_SPECIAL_TYPES (P2M_GRANT_TYPES | \ + p2m_to_mask(p2m_map_foreign)) + /* Valid types not necessarily associated with a (valid) MFN. */ #define P2M_INVALID_MFN_TYPES (P2M_POD_TYPES \ | p2m_to_mask(p2m_mmio_direct) \ @@ -170,6 +174,7 @@ typedef unsigned int p2m_query_t; #define p2m_is_paged(_t) (p2m_to_mask(_t) & P2M_PAGED_TYPES) #define p2m_is_sharable(_t) (p2m_to_mask(_t) & P2M_SHARABLE_TYPES) #define p2m_is_shared(_t) (p2m_to_mask(_t) & P2M_SHARED_TYPES) +#define p2m_is_special(_t) (p2m_to_mask(_t) & P2M_SPECIAL_TYPES) #define p2m_is_broken(_t) (p2m_to_mask(_t) & P2M_BROKEN_TYPES) #define p2m_is_foreign(_t) (p2m_to_mask(_t) & p2m_to_mask(p2m_map_foreign)) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.11 From xen-changelog-bounces@lists.xenproject.org Thu Sep 02 02:35:05 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 02 Sep 2021 02:35:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.176833.321839 (Exim 4.92) (envelope-from ) id 1mLcZF-0000od-L4; Thu, 02 Sep 2021 02:35:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 176833.321839; Thu, 02 Sep 2021 02:35:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcZF-0000oU-I2; Thu, 02 Sep 2021 02:35:05 +0000 Received: by outflank-mailman (input) for mailman id 176833; Thu, 02 Sep 2021 02:35:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcZE-0000md-5p for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:35:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcZE-0001NG-1a for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:35:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mLcZE-0006nj-0Y for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:35:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=kAMxQyWAyJvCyTZpwndiCt/x5n3QnpyqNEWGwQTlniw=; b=rLrqgAV/AM7Cu16uQn8XNSzJkv Cmu8TCNiGvWq91mYctvIpbIuG0c3DmvDMHVMVoAPkTtd/q8/57D+0iMGkb/o+dzJ1X4KIF/J3oUO2 4myiz/p6zmBXRrVpsmHrne5s/XmcK25R2GzgWI9h3ZQ/ngd806tbPjByROULiqSjLJ9I=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.11] x86/p2m: guard (in particular) identity mapping entries Message-Id: Date: Thu, 02 Sep 2021 02:35:04 +0000 commit 8c02a4943e60a400103a6790de2e6f19854403e5 Author: Jan Beulich AuthorDate: Wed Aug 25 16:02:38 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 16:02:38 2021 +0200 x86/p2m: guard (in particular) identity mapping entries Such entries, created by set_identity_p2m_entry(), should only be destroyed by clear_identity_p2m_entry(). However, similarly, entries created by set_mmio_p2m_entry() should only be torn down by clear_mmio_p2m_entry(), so the logic gets based upon p2m_mmio_direct as the entry type (separation between "ordinary" and 1:1 mappings would require a further indicator to tell apart the two). As to the guest_remove_page() change, commit 48dfb297a20a ("x86/PVH: allow guest_remove_page to remove p2m_mmio_direct pages"), which introduced the call to clear_mmio_p2m_entry(), claimed this was done for hwdom only without this actually having been the case. However, this code shouldn't be there in the first place, as MMIO entries shouldn't be dropped this way. Avoid triggering the warning again that 48dfb297a20a silenced by an adjustment to xenmem_add_to_physmap_one() instead. Note that guest_physmap_mark_populate_on_demand() gets tightened beyond the immediate purpose of this change. Note also that I didn't inspect code which isn't security supported, e.g. sharing, paging, or altp2m. This is CVE-2021-28694 / part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: 753cb68e653002e89fdcd1c80e52905fdbfb78cb master date: 2021-08-25 14:17:32 +0200 --- xen/arch/x86/mm.c | 4 +++- xen/arch/x86/mm/p2m-pod.c | 12 ++++++------ xen/arch/x86/mm/p2m.c | 11 ++++++----- xen/common/memory.c | 11 ++++++++++- xen/include/asm-x86/p2m.h | 5 ++--- 5 files changed, 27 insertions(+), 16 deletions(-) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 3528cf6b85..746d79a8dd 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -4783,7 +4783,9 @@ int xenmem_add_to_physmap_one( /* Remove previously mapped page if it was present. */ prev_mfn = mfn_x(get_gfn(d, gfn_x(gpfn), &p2mt)); - if ( mfn_valid(_mfn(prev_mfn)) ) + if ( p2mt == p2m_mmio_direct ) + rc = -EPERM; + else if ( mfn_valid(_mfn(prev_mfn)) ) { if ( is_xen_heap_mfn(prev_mfn) ) /* Xen heap frames are simply unhooked from this phys slot. */ diff --git a/xen/arch/x86/mm/p2m-pod.c b/xen/arch/x86/mm/p2m-pod.c index 631e9aec33..1f812012ef 100644 --- a/xen/arch/x86/mm/p2m-pod.c +++ b/xen/arch/x86/mm/p2m-pod.c @@ -1302,17 +1302,17 @@ guest_physmap_mark_populate_on_demand(struct domain *d, unsigned long gfn_l, p2m->get_entry(p2m, gfn_add(gfn, i), &ot, &a, 0, &cur_order, NULL); n = 1UL << min(order, cur_order); - if ( p2m_is_ram(ot) ) + if ( ot == p2m_populate_on_demand ) + { + /* Count how many PoD entries we'll be replacing if successful */ + pod_count += n; + } + else if ( ot != p2m_invalid && ot != p2m_mmio_dm ) { P2M_DEBUG("gfn_to_mfn returned type %d!\n", ot); rc = -EBUSY; goto out; } - else if ( ot == p2m_populate_on_demand ) - { - /* Count how man PoD entries we'll be replacing if successful */ - pod_count += n; - } } /* Now, actually do the two-way mapping */ diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index cebfabba7d..0ce91fd713 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -725,7 +725,8 @@ p2m_remove_page(struct p2m_domain *p2m, unsigned long gfn_l, unsigned long mfn, &cur_order, NULL); if ( p2m_is_valid(t) && - (!mfn_valid(_mfn(mfn)) || mfn + i != mfn_x(mfn_return)) ) + (!mfn_valid(_mfn(mfn)) || t == p2m_mmio_direct || + mfn + i != mfn_x(mfn_return)) ) return -EILSEQ; i += (1UL << cur_order) - ((gfn_l + i) & ((1UL << cur_order) - 1)); @@ -803,7 +804,7 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, if ( p2m_is_foreign(t) ) return -EINVAL; - if ( !mfn_valid(mfn) ) + if ( !mfn_valid(mfn) || t == p2m_mmio_direct ) { ASSERT_UNREACHABLE(); return -EINVAL; @@ -850,7 +851,7 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, } if ( p2m_is_special(ot) ) { - /* Don't permit unmapping grant/foreign this way. */ + /* Don't permit unmapping grant/foreign/direct-MMIO this way. */ domain_crash(d); p2m_unlock(p2m); @@ -1192,8 +1193,8 @@ int set_identity_p2m_entry(struct domain *d, unsigned long gfn_l, * order+1 for caller to retry with order (guaranteed smaller than * the order value passed in) */ -int clear_mmio_p2m_entry(struct domain *d, unsigned long gfn_l, mfn_t mfn, - unsigned int order) +static int clear_mmio_p2m_entry(struct domain *d, unsigned long gfn_l, + mfn_t mfn, unsigned int order) { int rc = -EINVAL; gfn_t gfn = _gfn(gfn_l); diff --git a/xen/common/memory.c b/xen/common/memory.c index aee4909b35..7db9a87942 100644 --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -335,7 +335,7 @@ int guest_remove_page(struct domain *d, unsigned long gmfn) } if ( p2mt == p2m_mmio_direct ) { - rc = clear_mmio_p2m_entry(d, gmfn, mfn, PAGE_ORDER_4K); + rc = -EPERM; goto out_put_gfn; } #else @@ -1651,6 +1651,15 @@ int prepare_ring_for_helper( return -ENOENT; } #endif +#ifdef CONFIG_X86 + if ( p2mt == p2m_mmio_direct ) + { + if ( page ) + put_page(page); + + return -EPERM; + } +#endif if ( !page ) return -EINVAL; diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index 72a250b93a..0f87a74ae7 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -144,7 +144,8 @@ typedef unsigned int p2m_query_t; /* Types established/cleaned up via special accessors. */ #define P2M_SPECIAL_TYPES (P2M_GRANT_TYPES | \ - p2m_to_mask(p2m_map_foreign)) + p2m_to_mask(p2m_map_foreign) | \ + p2m_to_mask(p2m_mmio_direct)) /* Valid types not necessarily associated with a (valid) MFN. */ #define P2M_INVALID_MFN_TYPES (P2M_POD_TYPES \ @@ -629,8 +630,6 @@ int set_foreign_p2m_entry(struct domain *d, unsigned long gfn, mfn_t mfn); /* Set mmio addresses in the p2m table (for pass-through) */ int set_mmio_p2m_entry(struct domain *d, unsigned long gfn, mfn_t mfn, unsigned int order, p2m_access_t access); -int clear_mmio_p2m_entry(struct domain *d, unsigned long gfn, mfn_t mfn, - unsigned int order); /* Set identity addresses in the p2m table (for pass-through) */ int set_identity_p2m_entry(struct domain *d, unsigned long gfn, -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.11 From xen-changelog-bounces@lists.xenproject.org Thu Sep 02 02:35:15 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 02 Sep 2021 02:35:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.176834.321843 (Exim 4.92) (envelope-from ) id 1mLcZP-0000re-Mf; Thu, 02 Sep 2021 02:35:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 176834.321843; Thu, 02 Sep 2021 02:35:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcZP-0000rW-Jb; Thu, 02 Sep 2021 02:35:15 +0000 Received: by outflank-mailman (input) for mailman id 176834; Thu, 02 Sep 2021 02:35:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcZO-0000rG-6C for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:35:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcZO-0001P1-5V for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:35:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mLcZO-0006oz-4W for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:35:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=dAkuRD2vIq7kwsen70i5hRqdUej2wPXCe8yaQymKvBY=; b=uupLCAtSMTApYJGdvw3+JRR/mS YRLRW77FmdRpeyuEajANuRF/0ITrtHyAKG+Ea78A+S5r2uSRR2f156bjYBMDf7CLQMvOuFf4aQNUJ BngcMXQYaJ+DRqT3M8EfOO6tsqSk5NYRkLsY11xCqHwTyQEuFEC8Y9y4QEmI4ChbpKvw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.11] x86/mm: widen locked region in xenmem_add_to_physmap_one() Message-Id: Date: Thu, 02 Sep 2021 02:35:14 +0000 commit 3882d451ec15472d8c17e228d6ec760d698fbe10 Author: Jan Beulich AuthorDate: Wed Aug 25 16:03:05 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 16:03:05 2021 +0200 x86/mm: widen locked region in xenmem_add_to_physmap_one() For pages which can be made part of the P2M by the guest, but which can also later be de-allocated (grant table v2 status pages being the present example), it is imperative that they be mapped at no more than a single GFN. We therefore need to make sure that of two parallel XENMAPSPACE_grant_table requests for the same status page one completes before the second checks at which other GFN the underlying MFN is presently mapped. Pull ahead the respective get_gfn() and push down the respective put_gfn(). This leverages that gfn_lock() really aliases p2m_lock(), but the function makes this assumption already anyway: In the XENMAPSPACE_gmfn case lock nesting constraints for both involved GFNs would otherwise need to be enforced to avoid ABBA deadlocks. This is CVE-2021-28697 / XSA-379. Signed-off-by: Jan Beulich Reviewed-by: Julien Grall master commit: f147422bf9476fb8161b43e35f5901571ed17c35 master date: 2021-08-25 14:17:56 +0200 --- xen/arch/x86/mm.c | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 746d79a8dd..b7e23e17ab 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -4781,8 +4781,20 @@ int xenmem_add_to_physmap_one( goto put_both; } - /* Remove previously mapped page if it was present. */ + /* + * Note that we're (ab)using GFN locking (to really be locking of the + * entire P2M) here in (at least) two ways: Finer grained locking would + * expose lock order violations in the XENMAPSPACE_gmfn case (due to the + * earlier get_gfn_unshare() above). Plus at the very least for the grant + * table v2 status page case we need to guarantee that the same page can + * only appear at a single GFN. While this is a property we want in + * general, for pages which can subsequently be freed this imperative: + * Upon freeing we wouldn't be able to find other mappings in the P2M + * (unless we did a brute force search). + */ prev_mfn = mfn_x(get_gfn(d, gfn_x(gpfn), &p2mt)); + + /* Remove previously mapped page if it was present. */ if ( p2mt == p2m_mmio_direct ) rc = -EPERM; else if ( mfn_valid(_mfn(prev_mfn)) ) @@ -4794,27 +4806,21 @@ int xenmem_add_to_physmap_one( /* Normal domain memory is freed, to avoid leaking memory. */ rc = guest_remove_page(d, gfn_x(gpfn)); } - /* In the XENMAPSPACE_gmfn case we still hold a ref on the old page. */ - put_gfn(d, gfn_x(gpfn)); - - if ( rc ) - goto put_both; /* Unmap from old location, if any. */ old_gpfn = get_gpfn_from_mfn(mfn_x(mfn)); ASSERT(!SHARED_M2P(old_gpfn)); if ( space == XENMAPSPACE_gmfn && old_gpfn != gfn ) - { rc = -EXDEV; - goto put_both; - } - if ( old_gpfn != INVALID_M2P_ENTRY ) + else if ( !rc && old_gpfn != INVALID_M2P_ENTRY ) rc = guest_physmap_remove_page(d, _gfn(old_gpfn), mfn, PAGE_ORDER_4K); /* Map at new location. */ if ( !rc ) rc = guest_physmap_add_page(d, gpfn, mfn, PAGE_ORDER_4K); + put_gfn(d, gfn_x(gpfn)); + put_both: /* * In the XENMAPSPACE_gmfn case, we took a ref of the gfn at the top. -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.11 From xen-changelog-bounces@lists.xenproject.org Thu Sep 02 02:35:25 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 02 Sep 2021 02:35:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.176835.321847 (Exim 4.92) (envelope-from ) id 1mLcZZ-0000vV-O6; Thu, 02 Sep 2021 02:35:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 176835.321847; Thu, 02 Sep 2021 02:35:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcZZ-0000vN-LB; Thu, 02 Sep 2021 02:35:25 +0000 Received: by outflank-mailman (input) for mailman id 176835; Thu, 02 Sep 2021 02:35:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcZY-0000ul-AI for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:35:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcZY-0001PF-9d for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:35:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mLcZY-0006qL-8g for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:35:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ic8G3gveHT/w6ReBxkjBaPTdLUMpLzgbNEOrCGF2KbU=; b=tRZCFxmUid2hstYL0RrKKDF2YO IjaSyFMVpcUXT5uN0SV9p3atfWGPPY43yUVTAFWBk98ML/kZwIFVS77O4UyO6bi+eDzed4jLqSJEk 0PBG6GnxvK7vmT6z00GI4E4O2LNCIsZDrb3gJrK0HUhTByTmImRB21aAHlQPsYU5dr4E=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.11] gnttab: add preemption check to gnttab_release_mappings() Message-Id: Date: Thu, 02 Sep 2021 02:35:24 +0000 commit 02c696719301cdb22bf2f029deae14efc7c41b42 Author: Jan Beulich AuthorDate: Wed Aug 25 16:03:28 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 16:03:28 2021 +0200 gnttab: add preemption check to gnttab_release_mappings() A guest may die with many grant mappings still in place, or simply with a large maptrack table. Iterating through this may take more time than is reasonable without intermediate preemption (to run softirqs and perhaps the scheduler). Move the invocation of the function to the section where other restartable functions get invoked, and have the function itself check for preemption every once in a while. Have it iterate the table backwards, such that decreasing the maptrack limit is all it takes to convey restart information. In domain_teardown() introduce PROG_none such that inserting at the front will be easier going forward. This is part of CVE-2021-28698 / XSA-380. Reported-by: Andrew Cooper Signed-off-by: Jan Beulich Reviewed-by: Julien Grall master commit: b1ee10be5625b7d502cef1e6ee3818610ab0d29c master date: 2021-08-25 14:18:18 +0200 --- xen/common/domain.c | 4 +++- xen/common/grant_table.c | 46 ++++++++++++++++++++++++++++++++++++------- xen/include/xen/grant_table.h | 4 +--- 3 files changed, 43 insertions(+), 11 deletions(-) diff --git a/xen/common/domain.c b/xen/common/domain.c index 0a7f193e43..4d42caf9a9 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -646,13 +646,15 @@ int domain_kill(struct domain *d) if ( d->is_dying != DOMDYING_alive ) return domain_kill(d); d->is_dying = DOMDYING_dying; - gnttab_release_mappings(d); tmem_destroy(d->tmem_client); vnuma_destroy(d->vnuma); domain_set_outstanding_pages(d, 0); d->tmem_client = NULL; /* fallthrough */ case DOMDYING_dying: + rc = gnttab_release_mappings(d); + if ( rc ) + break; rc = evtchn_destroy(d); if ( rc ) break; diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 7d464a9641..33a6c6591a 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -62,7 +62,13 @@ struct grant_table { unsigned int nr_grant_frames; /* Number of grant status frames shared with guest (for version 2) */ unsigned int nr_status_frames; - /* Number of available maptrack entries. */ + /* + * Number of available maptrack entries. For cleanup purposes it is + * important to realize that this field and @maptrack further down will + * only ever be accessed by the local domain. Thus it is okay to clean + * up early, and to shrink the limit for the purpose of tracking cleanup + * progress. + */ unsigned int maptrack_limit; /* Shared grant table (see include/public/grant_table.h). */ union { @@ -3618,9 +3624,7 @@ grant_table_create( return ret; } -void -gnttab_release_mappings( - struct domain *d) +int gnttab_release_mappings(struct domain *d) { struct grant_table *gt = d->grant_table, *rgt; struct grant_mapping *map; @@ -3634,8 +3638,32 @@ gnttab_release_mappings( BUG_ON(!d->is_dying); - for ( handle = 0; handle < gt->maptrack_limit; handle++ ) + if ( !gt || !gt->maptrack ) + return 0; + + for ( handle = gt->maptrack_limit; handle; ) { + /* + * Deal with full pages such that their freeing (in the body of the + * if()) remains simple. + */ + if ( handle < gt->maptrack_limit && !(handle % MAPTRACK_PER_PAGE) ) + { + /* + * Changing maptrack_limit alters nr_maptrack_frames()'es return + * value. Free the then excess trailing page right here, rather + * than leaving it to grant_table_destroy() (and in turn requiring + * to leave gt->maptrack_limit unaltered). + */ + gt->maptrack_limit = handle; + FREE_XENHEAP_PAGE(gt->maptrack[nr_maptrack_frames(gt)]); + + if ( hypercall_preempt_check() ) + return -ERESTART; + } + + --handle; + map = &maptrack_entry(gt, handle); if ( !(map->flags & (GNTMAP_device_map|GNTMAP_host_map)) ) continue; @@ -3723,6 +3751,11 @@ gnttab_release_mappings( map->flags = 0; } + + gt->maptrack_limit = 0; + FREE_XENHEAP_PAGE(gt->maptrack[0]); + + return 0; } void grant_table_warn_active_grants(struct domain *d) @@ -3785,8 +3818,7 @@ grant_table_destroy( free_xenheap_page(t->shared_raw[i]); xfree(t->shared_raw); - for ( i = 0; i < nr_maptrack_frames(t); i++ ) - free_xenheap_page(t->maptrack[i]); + ASSERT(!t->maptrack_limit); vfree(t->maptrack); for ( i = 0; i < nr_active_grant_frames(t); i++ ) diff --git a/xen/include/xen/grant_table.h b/xen/include/xen/grant_table.h index b3a95fda58..543bfcc723 100644 --- a/xen/include/xen/grant_table.h +++ b/xen/include/xen/grant_table.h @@ -46,9 +46,7 @@ int grant_table_set_limits(struct domain *d, unsigned int grant_frames, void grant_table_warn_active_grants(struct domain *d); /* Domain death release of granted mappings of other domains' memory. */ -void -gnttab_release_mappings( - struct domain *d); +int gnttab_release_mappings(struct domain *d); int mem_sharing_gref_to_gfn(struct grant_table *gt, grant_ref_t ref, gfn_t *gfn, uint16_t *status); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.11 From xen-changelog-bounces@lists.xenproject.org Thu Sep 02 02:35:35 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 02 Sep 2021 02:35:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.176836.321851 (Exim 4.92) (envelope-from ) id 1mLcZj-0000yO-Pn; Thu, 02 Sep 2021 02:35:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 176836.321851; Thu, 02 Sep 2021 02:35:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcZj-0000yG-Mi; Thu, 02 Sep 2021 02:35:35 +0000 Received: by outflank-mailman (input) for mailman id 176836; Thu, 02 Sep 2021 02:35:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcZi-0000y0-E7 for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:35:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcZi-0001PW-DP for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:35:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mLcZi-0006s5-Cd for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:35:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Q5RsM0WwQywwkpJwElucflcLLdz0IFz54kn2TwM3uis=; b=tGe7V/FaQK60m5gxGdKNVckpv6 n4TafQwZTeeqTvd0h/T75YTNxFGDDHFVR6gDwbEnu7L3RHdxahfwfdYGasBk42UJrZNVV6Bym466U OUtTvg5QHOATbW2dF+Pvfhk61Gx/Xy6XiJBNF1oLfbikUrNjFjKL3W4AMOIP0//OGd+s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.11] gnttab: replace mapkind() Message-Id: Date: Thu, 02 Sep 2021 02:35:34 +0000 commit a7599f030881b5e1aca63462712011f52222a56b Author: Jan Beulich AuthorDate: Wed Aug 25 16:03:49 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 16:03:49 2021 +0200 gnttab: replace mapkind() mapkind() doesn't scale very well with larger maptrack entry counts, using a brute force linear search through all entries, with the only option of an early loop exit if a matching writable entry was found. Introduce a radix tree alongside the main maptrack table, thus allowing much faster MFN-based lookup. To avoid the need to actually allocate space for the individual nodes, encode the two counters in the node pointers themselves, thus limiting the number of permitted simultaneous r/o and r/w mappings of the same MFN to 2³¹-1 (64-bit) / 2¹⁵-1 (32-bit) each. To avoid enforcing an unnecessarily low bound on the number of simultaneous mappings of a single MFN, introduce radix_tree_{ulong_to_ptr,ptr_to_ulong} paralleling radix_tree_{int_to_ptr,ptr_to_int}. As a consequence locking changes are also applicable: With there no longer being any inspection of the remote domain's active entries, there's also no need anymore to hold the remote domain's grant table lock. And since we're no longer iterating over the local domain's map track table, the lock in map_grant_ref() can also be dropped before the new maptrack entry actually gets populated. As a nice side effect this also reduces the number of IOMMU operations in unmap_common(): Previously we would have "established" a readable mapping whenever we didn't find a writable entry anymore (yet, of course, at least one readable one). But we only need to do this if we actually dropped the last writable entry, not if there were none already before. This is part of CVE-2021-28698 / XSA-380. Signed-off-by: Jan Beulich Reviewed-by: Julien Grall master commit: 9781b51efde251efcc0291ddb1d9c7cefe2b2555 master date: 2021-08-25 14:18:39 +0200 --- xen/common/grant_table.c | 199 ++++++++++++++++++++++++------------------- xen/include/xen/radix-tree.h | 19 +++++ 2 files changed, 130 insertions(+), 88 deletions(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 33a6c6591a..7971d866cf 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -36,6 +36,7 @@ #include #include #include +#include #include #include #include @@ -80,8 +81,13 @@ struct grant_table { grant_status_t **status; /* Active grant table. */ struct active_grant_entry **active; - /* Mapping tracking table per vcpu. */ + /* Handle-indexed tracking table of mappings. */ struct grant_mapping **maptrack; + /* + * MFN-indexed tracking tree of mappings, if needed. Note that this is + * protected by @lock, not @maptrack_lock. + */ + struct radix_tree_root maptrack_tree; /* Domain to which this struct grant_table belongs. */ const struct domain *domain; @@ -421,34 +427,6 @@ static int get_paged_frame(unsigned long gfn, mfn_t *frame, return rc; } -static inline void -double_gt_lock(struct grant_table *lgt, struct grant_table *rgt) -{ - /* - * See mapkind() for why the write lock is also required for the - * remote domain. - */ - if ( lgt < rgt ) - { - grant_write_lock(lgt); - grant_write_lock(rgt); - } - else - { - if ( lgt != rgt ) - grant_write_lock(rgt); - grant_write_lock(lgt); - } -} - -static inline void -double_gt_unlock(struct grant_table *lgt, struct grant_table *rgt) -{ - grant_write_unlock(lgt); - if ( lgt != rgt ) - grant_write_unlock(rgt); -} - #define INVALID_MAPTRACK_HANDLE UINT_MAX static inline grant_handle_t @@ -871,41 +849,17 @@ static struct active_grant_entry *grant_map_exists(const struct domain *ld, return ERR_PTR(-EINVAL); } -#define MAPKIND_READ 1 -#define MAPKIND_WRITE 2 -static unsigned int mapkind( - struct grant_table *lgt, const struct domain *rd, mfn_t mfn) -{ - struct grant_mapping *map; - grant_handle_t handle, limit = lgt->maptrack_limit; - unsigned int kind = 0; - - /* - * Must have the local domain's grant table write lock when - * iterating over its maptrack entries. - */ - ASSERT(percpu_rw_is_write_locked(&lgt->lock)); - /* - * Must have the remote domain's grant table write lock while - * counting its active entries. - */ - ASSERT(percpu_rw_is_write_locked(&rd->grant_table->lock)); - - smp_rmb(); - - for ( handle = 0; !(kind & MAPKIND_WRITE) && handle < limit; handle++ ) - { - map = &maptrack_entry(lgt, handle); - if ( !(map->flags & (GNTMAP_device_map|GNTMAP_host_map)) || - map->domid != rd->domain_id ) - continue; - if ( mfn_eq(_active_entry(rd->grant_table, map->ref).frame, mfn) ) - kind |= map->flags & GNTMAP_readonly ? - MAPKIND_READ : MAPKIND_WRITE; - } - - return kind; -} +union maptrack_node { + struct { + /* Radix tree slot pointers use two of the bits. */ +#ifdef __BIG_ENDIAN_BITFIELD + unsigned long : 2; +#endif + unsigned long rd : BITS_PER_LONG / 2 - 1; + unsigned long wr : BITS_PER_LONG / 2 - 1; + } cnt; + unsigned long raw; +}; /* * Returns 0 if TLB flush / invalidate required by caller. @@ -931,7 +885,6 @@ map_grant_ref( struct grant_mapping *mt; grant_entry_header_t *shah; uint16_t *status; - bool_t need_iommu; led = current; ld = led->domain; @@ -1139,31 +1092,75 @@ map_grant_ref( goto undo_out; } - need_iommu = gnttab_need_iommu_mapping(ld); - if ( need_iommu ) + if ( gnttab_need_iommu_mapping(ld) ) { + union maptrack_node node = { + .cnt.rd = !!(op->flags & GNTMAP_readonly), + .cnt.wr = !(op->flags & GNTMAP_readonly), + }; + int err; + void **slot = NULL; unsigned int kind; - double_gt_lock(lgt, rgt); + grant_write_lock(lgt); + + err = radix_tree_insert(&lgt->maptrack_tree, mfn_x(frame), + radix_tree_ulong_to_ptr(node.raw)); + if ( err == -EEXIST ) + { + slot = radix_tree_lookup_slot(&lgt->maptrack_tree, mfn_x(frame)); + if ( likely(slot) ) + { + node.raw = radix_tree_ptr_to_ulong(*slot); + err = -EBUSY; + + /* Update node only when refcount doesn't overflow. */ + if ( op->flags & GNTMAP_readonly ? ++node.cnt.rd + : ++node.cnt.wr ) + { + radix_tree_replace_slot(slot, + radix_tree_ulong_to_ptr(node.raw)); + err = 0; + } + } + else + ASSERT_UNREACHABLE(); + } /* * We're not translated, so we know that dfns and mfns are * the same things, so the IOMMU entry is always 1-to-1. */ - kind = mapkind(lgt, rd, frame); - if ( !(op->flags & GNTMAP_readonly) && - !(kind & MAPKIND_WRITE) ) + if ( !(op->flags & GNTMAP_readonly) && node.cnt.wr == 1 ) kind = IOMMUF_readable | IOMMUF_writable; - else if ( !kind ) + else if ( (op->flags & GNTMAP_readonly) && + node.cnt.rd == 1 && !node.cnt.wr ) kind = IOMMUF_readable; else kind = 0; - if ( kind && iommu_map_page(ld, mfn_x(frame), mfn_x(frame), kind) ) + if ( err || + (kind && iommu_map_page(ld, mfn_x(frame), mfn_x(frame), kind)) ) { - double_gt_unlock(lgt, rgt); + if ( !err ) + { + if ( slot ) + { + op->flags & GNTMAP_readonly ? node.cnt.rd-- + : node.cnt.wr--; + radix_tree_replace_slot(slot, + radix_tree_ulong_to_ptr(node.raw)); + } + else + radix_tree_delete(&lgt->maptrack_tree, mfn_x(frame)); + } + rc = GNTST_general_error; - goto undo_out; } + + grant_write_unlock(lgt); + + if ( rc != GNTST_okay ) + goto undo_out; } TRACE_1D(TRC_MEM_PAGE_GRANT_MAP, op->dom); @@ -1171,10 +1168,6 @@ map_grant_ref( /* * All maptrack entry users check mt->flags first before using the * other fields so just ensure the flags field is stored last. - * - * However, if gnttab_need_iommu_mapping() then this would race - * with a concurrent mapkind() call (on an unmap, for example) - * and a lock is required. */ mt = &maptrack_entry(lgt, handle); mt->domid = op->dom; @@ -1182,9 +1175,6 @@ map_grant_ref( smp_wmb(); write_atomic(&mt->flags, op->flags); - if ( need_iommu ) - double_gt_unlock(lgt, rgt); - op->dev_bus_addr = mfn_to_maddr(frame); op->handle = handle; op->status = GNTST_okay; @@ -1411,19 +1401,34 @@ unmap_common( if ( rc == GNTST_okay && gnttab_need_iommu_mapping(ld) ) { - unsigned int kind; + void **slot; + union maptrack_node node; int err = 0; - double_gt_lock(lgt, rgt); + grant_write_lock(lgt); + slot = radix_tree_lookup_slot(&lgt->maptrack_tree, mfn_x(op->frame)); + node.raw = likely(slot) ? radix_tree_ptr_to_ulong(*slot) : 0; + + /* Refcount must not underflow. */ + if ( !(flags & GNTMAP_readonly ? node.cnt.rd-- + : node.cnt.wr--) ) + BUG(); - kind = mapkind(lgt, rd, op->frame); - if ( !kind ) + if ( !node.raw ) err = iommu_unmap_page(ld, mfn_x(op->frame)); - else if ( !(kind & MAPKIND_WRITE) ) + else if ( !(flags & GNTMAP_readonly) && !node.cnt.wr ) err = iommu_map_page(ld, mfn_x(op->frame), mfn_x(op->frame), IOMMUF_readable); - double_gt_unlock(lgt, rgt); + if ( err ) + ; + else if ( !node.raw ) + radix_tree_delete(&lgt->maptrack_tree, mfn_x(op->frame)); + else + radix_tree_replace_slot(slot, + radix_tree_ulong_to_ptr(node.raw)); + + grant_write_unlock(lgt); if ( err ) rc = GNTST_general_error; @@ -1854,6 +1859,8 @@ grant_table_init(struct domain *d, struct grant_table *gt, gt->maptrack = vzalloc(gt->max_maptrack_frames * sizeof(*gt->maptrack)); if ( gt->maptrack == NULL ) goto out; + + radix_tree_init(>->maptrack_tree); } /* Shared grant table. */ @@ -3643,6 +3650,8 @@ int gnttab_release_mappings(struct domain *d) for ( handle = gt->maptrack_limit; handle; ) { + mfn_t mfn; + /* * Deal with full pages such that their freeing (in the body of the * if()) remains simple. @@ -3744,17 +3753,31 @@ int gnttab_release_mappings(struct domain *d) if ( act->pin == 0 ) gnttab_clear_flag(rd, _GTF_reading, status); + mfn = act->frame; + active_entry_release(act); grant_read_unlock(rgt); rcu_unlock_domain(rd); map->flags = 0; + + /* + * This is excessive in that a single such call would suffice per + * mapped MFN (or none at all, if no entry was ever inserted). But it + * should be the common case for an MFN to be mapped just once, and + * this way we don't need to further maintain the counters. We also + * don't want to leave cleaning up of the tree as a whole to the end + * of the function, as this could take quite some time. + */ + radix_tree_delete(>->maptrack_tree, mfn_x(mfn)); } gt->maptrack_limit = 0; FREE_XENHEAP_PAGE(gt->maptrack[0]); + radix_tree_destroy(>->maptrack_tree, NULL); + return 0; } diff --git a/xen/include/xen/radix-tree.h b/xen/include/xen/radix-tree.h index ec40cf1d9e..58c40312e6 100644 --- a/xen/include/xen/radix-tree.h +++ b/xen/include/xen/radix-tree.h @@ -190,6 +190,25 @@ static inline int radix_tree_ptr_to_int(void *ptr) return (int)((long)ptr >> 2); } +/** + * radix_tree_{ulong_to_ptr,ptr_to_ulong}: + * + * Same for unsigned long values. Beware though that only BITS_PER_LONG-2 + * bits are actually usable for the value. + */ +static inline void *radix_tree_ulong_to_ptr(unsigned long val) +{ + unsigned long ptr = (val << 2) | 0x2; + ASSERT((ptr >> 2) == val); + return (void *)ptr; +} + +static inline unsigned long radix_tree_ptr_to_ulong(void *ptr) +{ + ASSERT(((unsigned long)ptr & 0x3) == 0x2); + return (unsigned long)ptr >> 2; +} + int radix_tree_insert(struct radix_tree_root *, unsigned long, void *); void *radix_tree_lookup(struct radix_tree_root *, unsigned long); void **radix_tree_lookup_slot(struct radix_tree_root *, unsigned long); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.11 From xen-changelog-bounces@lists.xenproject.org Thu Sep 02 02:35:45 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 02 Sep 2021 02:35:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.176837.321855 (Exim 4.92) (envelope-from ) id 1mLcZt-00012R-Se; Thu, 02 Sep 2021 02:35:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 176837.321855; Thu, 02 Sep 2021 02:35:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcZt-00012J-Pj; Thu, 02 Sep 2021 02:35:45 +0000 Received: by outflank-mailman (input) for mailman id 176837; Thu, 02 Sep 2021 02:35:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcZs-000126-Hh for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:35:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLcZs-0001Pl-Gz for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:35:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mLcZs-0006tL-GE for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:35:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=6pzsab3j1IMaDj/fQIy70dPwfDvZAI0Grb64YRFEtjY=; b=MNGD9QQm5zDiuIQ57oVhMDYJNx jQNwfdJ6qTPgu3F6tZoEJzl4ScwBLuYXHN0l/6K4Rn1BMAI192wg8mZPV6JDmM0Rbe0mDfXjkctEX LgMY+FVUWEnMPddoPvmQmsMrqm3ahaYga1ySegUhEvHKJqz/Non2XYtpGLzRJGwrSldc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.11] gnttab: fix array capacity check in gnttab_get_status_frames() Message-Id: Date: Thu, 02 Sep 2021 02:35:44 +0000 commit ec4654ce64d87f14567008cfb42568fd434f1bed Author: Jan Beulich AuthorDate: Wed Aug 25 16:04:22 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 16:04:22 2021 +0200 gnttab: fix array capacity check in gnttab_get_status_frames() The number of grant frames is of no interest here; converting the passed in op.nr_frames this way means we allow for 8 times as many GFNs to be written as actually fit in the array. We would corrupt xlat areas of higher vCPU-s (after having faulted many times while trying to write to the guard pages between any two areas) for 32-bit PV guests. For HVM guests we'd simply crash as soon as we hit the first guard page, as accesses to the xlat area are simply memcpy() there. This is CVE-2021-28699 / XSA-382. Fixes: 18b1be5e324b ("gnttab: make resource limits per domain") Signed-off-by: Jan Beulich master commit: ec820035b875cdbedce5e73f481ce65963ede9ed master date: 2021-08-25 14:19:09 +0200 --- xen/common/grant_table.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 7971d866cf..f2abc8f7ed 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -3167,12 +3167,11 @@ gnttab_get_status_frames(XEN_GUEST_HANDLE_PARAM(gnttab_get_status_frames_t) uop, goto unlock; } - if ( unlikely(limit_max < grant_to_status_frames(op.nr_frames)) ) + if ( unlikely(limit_max < op.nr_frames) ) { gdprintk(XENLOG_WARNING, - "grant_to_status_frames(%u) for d%d is too large (%u,%u)\n", - op.nr_frames, d->domain_id, - grant_to_status_frames(op.nr_frames), limit_max); + "nr_status_frames for %pd is too large (%u,%u)\n", + d, op.nr_frames, limit_max); op.status = GNTST_general_error; goto unlock; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.11 From xen-changelog-bounces@lists.xenproject.org Thu Sep 02 02:35:55 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 02 Sep 2021 02:35:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.176838.321859 (Exim 4.92) (envelope-from ) id 1mLca3-00015h-UP; Thu, 02 Sep 2021 02:35:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 176838.321859; Thu, 02 Sep 2021 02:35:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLca3-00015Z-RA; Thu, 02 Sep 2021 02:35:55 +0000 Received: by outflank-mailman (input) for mailman id 176838; Thu, 02 Sep 2021 02:35:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLca2-00015N-Kx for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:35:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mLca2-0001Q8-KG for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:35:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mLca2-0006uB-JN for xen-changelog@lists.xenproject.org; Thu, 02 Sep 2021 02:35:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=4SK0XurweK1gJQh9ifEiPjZjEj7rJbsx0lv/l56kJvw=; b=BM/YZ8K43CxTMVA2ObCD5FgbEF XhIfMtIQieQsVGatUd6VQd4EytOOmDE1dd9KhvTXis235BH9XAQ4aAg4wdYd04VRm+tfODIxyTyjH LgZWZRvK0HB/xipB/Bh6a3QQXbkRd75hftubDyGLHv3r/Ii3OiGiLNt4R2uKqTO8K6P0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.11] tools/firmware/ovmf: Use OvmfXen platform file is exist Message-Id: Date: Thu, 02 Sep 2021 02:35:54 +0000 commit e9bee143fd4248b004d1235c320bb0180a4c757f Author: Anthony PERARD AuthorDate: Tue Jun 1 11:28:03 2021 +0100 Commit: Ian Jackson CommitDate: Tue Aug 31 10:45:58 2021 +0100 tools/firmware/ovmf: Use OvmfXen platform file is exist A platform introduced in EDK II named OvmfXen is now the one to use for Xen instead of OvmfX64. It comes with PVH support. Also, the Xen support in OvmfX64 is deprecated, "deprecation notice: *dynamic* multi-VMM (QEMU vs. Xen) support in OvmfPkg" https://edk2.groups.io/g/devel/message/75498 Signed-off-by: Anthony PERARD Acked-by: Ian Jackson (cherry picked from commit aad7b5c11d51d57659978e04702ac970906894e8) (cherry picked from commit 7988ef515a5eabe74bb5468c8c692e03ee9db8bc) (cherry picked from commit 0aabe44d9c454c265b2bfc1030d58bd8f9ca8c94) (cherry picked from commit b335a5314f251c570f991376a1500737d3e02bb8) (cherry picked from commit 7dadebd8d2c8c2a42d0ff3f022a63d6225297058) --- tools/firmware/ovmf-makefile | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/tools/firmware/ovmf-makefile b/tools/firmware/ovmf-makefile index 55f9992145..637ee509c3 100644 --- a/tools/firmware/ovmf-makefile +++ b/tools/firmware/ovmf-makefile @@ -17,8 +17,14 @@ all: build .PHONY: build build: if test -e .git ; then $(GIT) submodule update --init --recursive ; fi - OvmfPkg/build.sh -a X64 -b $(TARGET) -n 4 - cp Build/OvmfX64/$(TARGET)_GCC*/FV/OVMF.fd ovmf.bin + set -ex; \ + if test -e OvmfPkg/OvmfXen.dsc; then \ + OvmfPkg/build.sh -a X64 -b $(TARGET) -n 4 -p OvmfPkg/OvmfXen.dsc; \ + cp Build/OvmfXen/$(TARGET)_GCC*/FV/OVMF.fd ovmf.bin; \ + else \ + OvmfPkg/build.sh -a X64 -b $(TARGET) -n 4; \ + cp Build/OvmfX64/$(TARGET)_GCC*/FV/OVMF.fd ovmf.bin; \ + fi .PHONY: clean clean: -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.11 From xen-changelog-bounces@lists.xenproject.org Fri Sep 03 13:11:12 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 03 Sep 2021 13:11:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.178079.323946 (Exim 4.92) (envelope-from ) id 1mM8yI-0000Hc-MC; Fri, 03 Sep 2021 13:11:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 178079.323946; Fri, 03 Sep 2021 13:11:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mM8yI-0000HU-JB; Fri, 03 Sep 2021 13:11:06 +0000 Received: by outflank-mailman (input) for mailman id 178079; Fri, 03 Sep 2021 13:11:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mM8yH-0000HO-1b for xen-changelog@lists.xenproject.org; Fri, 03 Sep 2021 13:11:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mM8yG-0004qL-Uc for xen-changelog@lists.xenproject.org; Fri, 03 Sep 2021 13:11:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mM8yG-00019N-TU for xen-changelog@lists.xenproject.org; Fri, 03 Sep 2021 13:11:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=uVIZ1GkFnrizV2aTF5z5jwh/qqfi7XI3NSEREOQIVhk=; b=CZzW1fhlRlgxWS8uJJ8DbZfz22 hm7Npf7YbNdCU1YoWx1kz3VT5G5MdcdmU7Cfm2M5ZdajIyQBxk3AgQ8r/8JGdexSQBZlpAFGN2wi3 BSWK1hNhBqPdXMvjZ+kHZUV7ddhIdx4jf81kOuqloSV+Frr8q9KtPKXUayvCMM6G6gTc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] libxc: split xc_logdirty_control() from xc_shadow_control() Message-Id: Date: Fri, 03 Sep 2021 13:11:04 +0000 commit 2107cc76db3a8dcf14f104cb6a8707a41fb9b018 Author: Jan Beulich AuthorDate: Fri Sep 3 15:09:48 2021 +0200 Commit: Jan Beulich CommitDate: Fri Sep 3 15:09:48 2021 +0200 libxc: split xc_logdirty_control() from xc_shadow_control() For log-dirty operations a 64-bit field is being truncated to become an "int" return value. Seeing the large number of arguments the present function takes, reduce its set of parameters to that needed for all operations not involving the log-dirty bitmap, while introducing a new wrapper for the log-dirty bitmap operations. This new function in turn doesn't need an "mb" parameter, but has a 64-bit return type. (Using the return value in favor of a pointer-type parameter is left as is, to disturb callers as little as possible.) While altering xc_shadow_control() anyway, also adjust the types of the last two of the remaining parameters. Signed-off-by: Jan Beulich Acked-by: Christian Lindig Reviewed-by: Juergen Gross Acked-by: Ian Jackson --- tools/include/xenctrl.h | 14 ++++++++---- tools/libs/ctrl/xc_domain.c | 43 ++++++++++++++++++++++++++--------- tools/libs/guest/xg_sr_restore.c | 4 ++-- tools/libs/guest/xg_sr_save.c | 20 ++++++++-------- tools/libs/light/libxl_colo_restore.c | 4 ++-- tools/libs/light/libxl_x86.c | 8 +++---- tools/ocaml/libs/xc/xenctrl_stubs.c | 8 +++---- tools/python/xen/lowlevel/xc/xc.c | 7 +++--- 8 files changed, 66 insertions(+), 42 deletions(-) diff --git a/tools/include/xenctrl.h b/tools/include/xenctrl.h index b77726eab7..a3063998e0 100644 --- a/tools/include/xenctrl.h +++ b/tools/include/xenctrl.h @@ -882,11 +882,15 @@ typedef struct xen_domctl_shadow_op_stats xc_shadow_op_stats_t; int xc_shadow_control(xc_interface *xch, uint32_t domid, unsigned int sop, - xc_hypercall_buffer_t *dirty_bitmap, - unsigned long pages, - unsigned long *mb, - uint32_t mode, - xc_shadow_op_stats_t *stats); + unsigned int *mb, + unsigned int mode); +long long xc_logdirty_control(xc_interface *xch, + uint32_t domid, + unsigned int sop, + xc_hypercall_buffer_t *dirty_bitmap, + unsigned long pages, + unsigned int mode, + xc_shadow_op_stats_t *stats); int xc_sched_credit_domain_set(xc_interface *xch, uint32_t domid, diff --git a/tools/libs/ctrl/xc_domain.c b/tools/libs/ctrl/xc_domain.c index a20e081b51..23322b70b5 100644 --- a/tools/libs/ctrl/xc_domain.c +++ b/tools/libs/ctrl/xc_domain.c @@ -650,25 +650,49 @@ int xc_watchdog(xc_interface *xch, int xc_shadow_control(xc_interface *xch, uint32_t domid, unsigned int sop, - xc_hypercall_buffer_t *dirty_bitmap, - unsigned long pages, - unsigned long *mb, - uint32_t mode, - xc_shadow_op_stats_t *stats) + unsigned int *mb, + unsigned int mode) { int rc; DECLARE_DOMCTL; - DECLARE_HYPERCALL_BUFFER_ARGUMENT(dirty_bitmap); memset(&domctl, 0, sizeof(domctl)); domctl.cmd = XEN_DOMCTL_shadow_op; domctl.domain = domid; domctl.u.shadow_op.op = sop; - domctl.u.shadow_op.pages = pages; domctl.u.shadow_op.mb = mb ? *mb : 0; domctl.u.shadow_op.mode = mode; - if (dirty_bitmap != NULL) + + rc = do_domctl(xch, &domctl); + + if ( mb ) + *mb = domctl.u.shadow_op.mb; + + return rc; +} + +long long xc_logdirty_control(xc_interface *xch, + uint32_t domid, + unsigned int sop, + xc_hypercall_buffer_t *dirty_bitmap, + unsigned long pages, + unsigned int mode, + xc_shadow_op_stats_t *stats) +{ + int rc; + struct xen_domctl domctl = { + .cmd = XEN_DOMCTL_shadow_op, + .domain = domid, + .u.shadow_op = { + .op = sop, + .pages = pages, + .mode = mode, + } + }; + DECLARE_HYPERCALL_BUFFER_ARGUMENT(dirty_bitmap); + + if ( dirty_bitmap ) set_xen_guest_handle(domctl.u.shadow_op.dirty_bitmap, dirty_bitmap); @@ -678,9 +702,6 @@ int xc_shadow_control(xc_interface *xch, memcpy(stats, &domctl.u.shadow_op.stats, sizeof(xc_shadow_op_stats_t)); - if ( mb ) - *mb = domctl.u.shadow_op.mb; - return (rc == 0) ? domctl.u.shadow_op.pages : rc; } diff --git a/tools/libs/guest/xg_sr_restore.c b/tools/libs/guest/xg_sr_restore.c index aa4113d7f6..074b56d263 100644 --- a/tools/libs/guest/xg_sr_restore.c +++ b/tools/libs/guest/xg_sr_restore.c @@ -433,10 +433,10 @@ static int send_checkpoint_dirty_pfn_list(struct xc_sr_context *ctx) DECLARE_HYPERCALL_BUFFER_SHADOW(unsigned long, dirty_bitmap, &ctx->restore.dirty_bitmap_hbuf); - if ( xc_shadow_control( + if ( xc_logdirty_control( xch, ctx->domid, XEN_DOMCTL_SHADOW_OP_CLEAN, HYPERCALL_BUFFER(dirty_bitmap), ctx->restore.p2m_size, - NULL, 0, &stats) != ctx->restore.p2m_size ) + 0, &stats) != ctx->restore.p2m_size ) { PERROR("Failed to retrieve logdirty bitmap"); goto err; diff --git a/tools/libs/guest/xg_sr_save.c b/tools/libs/guest/xg_sr_save.c index 0266e0a94a..9853d8d846 100644 --- a/tools/libs/guest/xg_sr_save.c +++ b/tools/libs/guest/xg_sr_save.c @@ -424,18 +424,18 @@ static int enable_logdirty(struct xc_sr_context *ctx) /* This juggling is required if logdirty is enabled for VRAM tracking. */ rc = xc_shadow_control(xch, ctx->domid, XEN_DOMCTL_SHADOW_OP_ENABLE_LOGDIRTY, - NULL, 0, NULL, 0, NULL); + NULL, 0); if ( rc < 0 ) { on1 = errno; rc = xc_shadow_control(xch, ctx->domid, XEN_DOMCTL_SHADOW_OP_OFF, - NULL, 0, NULL, 0, NULL); + NULL, 0); if ( rc < 0 ) off = errno; else { rc = xc_shadow_control(xch, ctx->domid, XEN_DOMCTL_SHADOW_OP_ENABLE_LOGDIRTY, - NULL, 0, NULL, 0, NULL); + NULL, 0); if ( rc < 0 ) on2 = errno; } @@ -552,10 +552,10 @@ static int send_memory_live(struct xc_sr_context *ctx) if ( policy_decision != XGS_POLICY_CONTINUE_PRECOPY ) break; - if ( xc_shadow_control( + if ( xc_logdirty_control( xch, ctx->domid, XEN_DOMCTL_SHADOW_OP_CLEAN, &ctx->save.dirty_bitmap_hbuf, ctx->save.p2m_size, - NULL, 0, &stats) != ctx->save.p2m_size ) + 0, &stats) != ctx->save.p2m_size ) { PERROR("Failed to retrieve logdirty bitmap"); rc = -1; @@ -649,10 +649,10 @@ static int suspend_and_send_dirty(struct xc_sr_context *ctx) if ( rc ) goto out; - if ( xc_shadow_control( + if ( xc_logdirty_control( xch, ctx->domid, XEN_DOMCTL_SHADOW_OP_CLEAN, HYPERCALL_BUFFER(dirty_bitmap), ctx->save.p2m_size, - NULL, XEN_DOMCTL_SHADOW_LOGDIRTY_FINAL, &stats) != + XEN_DOMCTL_SHADOW_LOGDIRTY_FINAL, &stats) != ctx->save.p2m_size ) { PERROR("Failed to retrieve logdirty bitmap"); @@ -712,10 +712,10 @@ static int verify_frames(struct xc_sr_context *ctx) if ( rc ) goto out; - if ( xc_shadow_control( + if ( xc_logdirty_control( xch, ctx->domid, XEN_DOMCTL_SHADOW_OP_PEEK, &ctx->save.dirty_bitmap_hbuf, ctx->save.p2m_size, - NULL, 0, &stats) != ctx->save.p2m_size ) + 0, &stats) != ctx->save.p2m_size ) { PERROR("Failed to retrieve logdirty bitmap"); rc = -1; @@ -830,7 +830,7 @@ static void cleanup(struct xc_sr_context *ctx) xc_shadow_control(xch, ctx->domid, XEN_DOMCTL_SHADOW_OP_OFF, - NULL, 0, NULL, 0, NULL); + NULL, 0); if ( ctx->save.ops.cleanup(ctx) ) PERROR("Failed to clean up"); diff --git a/tools/libs/light/libxl_colo_restore.c b/tools/libs/light/libxl_colo_restore.c index aa365670fb..3176eee360 100644 --- a/tools/libs/light/libxl_colo_restore.c +++ b/tools/libs/light/libxl_colo_restore.c @@ -62,7 +62,7 @@ static void colo_enable_logdirty(libxl__colo_restore_state *crs, libxl__egc *egc /* we need to know which pages are dirty to restore the guest */ if (xc_shadow_control(CTX->xch, domid, XEN_DOMCTL_SHADOW_OP_ENABLE_LOGDIRTY, - NULL, 0, NULL, 0, NULL) < 0) { + NULL, 0) < 0) { LOGD(ERROR, domid, "cannot enable secondary vm's logdirty"); lds->callback(egc, lds, ERROR_FAIL); return; @@ -90,7 +90,7 @@ static void colo_disable_logdirty(libxl__colo_restore_state *crs, /* we need to know which pages are dirty to restore the guest */ if (xc_shadow_control(CTX->xch, domid, XEN_DOMCTL_SHADOW_OP_OFF, - NULL, 0, NULL, 0, NULL) < 0) + NULL, 0) < 0) LOGD(WARN, domid, "cannot disable secondary vm's logdirty"); if (crs->hvm) { diff --git a/tools/libs/light/libxl_x86.c b/tools/libs/light/libxl_x86.c index 18c3c77ccd..6083878315 100644 --- a/tools/libs/light/libxl_x86.c +++ b/tools/libs/light/libxl_x86.c @@ -529,15 +529,15 @@ int libxl__arch_domain_create(libxl__gc *gc, xc_domain_set_time_offset(ctx->xch, domid, rtc_timeoffset); if (d_config->b_info.type != LIBXL_DOMAIN_TYPE_PV) { - unsigned long shadow_mb = DIV_ROUNDUP(d_config->b_info.shadow_memkb, - 1024); + unsigned int shadow_mb = DIV_ROUNDUP(d_config->b_info.shadow_memkb, + 1024); int r = xc_shadow_control(ctx->xch, domid, XEN_DOMCTL_SHADOW_OP_SET_ALLOCATION, - NULL, 0, &shadow_mb, 0, NULL); + &shadow_mb, 0); if (r) { LOGED(ERROR, domid, - "Failed to set %lu MiB %s allocation", + "Failed to set %u MiB %s allocation", shadow_mb, libxl_defbool_val(d_config->c_info.hap) ? "HAP" : "shadow"); ret = ERROR_FAIL; diff --git a/tools/ocaml/libs/xc/xenctrl_stubs.c b/tools/ocaml/libs/xc/xenctrl_stubs.c index dd09cb90aa..ad953d36bd 100644 --- a/tools/ocaml/libs/xc/xenctrl_stubs.c +++ b/tools/ocaml/libs/xc/xenctrl_stubs.c @@ -995,13 +995,13 @@ CAMLprim value stub_shadow_allocation_get(value xch, value domid) { CAMLparam2(xch, domid); CAMLlocal1(mb); - unsigned long c_mb; + unsigned int c_mb; int ret; caml_enter_blocking_section(); ret = xc_shadow_control(_H(xch), _D(domid), XEN_DOMCTL_SHADOW_OP_GET_ALLOCATION, - NULL, 0, &c_mb, 0, NULL); + &c_mb, 0); caml_leave_blocking_section(); if (ret != 0) failwith_xc(_H(xch)); @@ -1014,14 +1014,14 @@ CAMLprim value stub_shadow_allocation_set(value xch, value domid, value mb) { CAMLparam3(xch, domid, mb); - unsigned long c_mb; + unsigned int c_mb; int ret; c_mb = Int_val(mb); caml_enter_blocking_section(); ret = xc_shadow_control(_H(xch), _D(domid), XEN_DOMCTL_SHADOW_OP_SET_ALLOCATION, - NULL, 0, &c_mb, 0, NULL); + &c_mb, 0); caml_leave_blocking_section(); if (ret != 0) failwith_xc(_H(xch)); diff --git a/tools/python/xen/lowlevel/xc/xc.c b/tools/python/xen/lowlevel/xc/xc.c index 13a7603809..6293d205a3 100644 --- a/tools/python/xen/lowlevel/xc/xc.c +++ b/tools/python/xen/lowlevel/xc/xc.c @@ -1192,8 +1192,7 @@ static PyObject *pyxc_shadow_control(PyObject *self, &dom, &op) ) return NULL; - if ( xc_shadow_control(xc->xc_handle, dom, op, NULL, 0, NULL, 0, NULL) - < 0 ) + if ( xc_shadow_control(xc->xc_handle, dom, op, NULL, 0) < 0 ) return pyxc_error_to_exception(xc->xc_handle); Py_INCREF(zero); @@ -1208,7 +1207,7 @@ static PyObject *pyxc_shadow_mem_control(PyObject *self, int op; uint32_t dom; int mbarg = -1; - unsigned long mb; + unsigned int mb; static char *kwd_list[] = { "dom", "mb", NULL }; @@ -1223,7 +1222,7 @@ static PyObject *pyxc_shadow_mem_control(PyObject *self, mb = mbarg; op = XEN_DOMCTL_SHADOW_OP_SET_ALLOCATION; } - if ( xc_shadow_control(xc->xc_handle, dom, op, NULL, 0, &mb, 0, NULL) < 0 ) + if ( xc_shadow_control(xc->xc_handle, dom, op, &mb, 0) < 0 ) return pyxc_error_to_exception(xc->xc_handle); mbarg = mb; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Sep 03 13:11:16 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 03 Sep 2021 13:11:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.178082.323950 (Exim 4.92) (envelope-from ) id 1mM8yS-0000Nh-Ne; Fri, 03 Sep 2021 13:11:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 178082.323950; Fri, 03 Sep 2021 13:11:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mM8yS-0000NZ-Km; Fri, 03 Sep 2021 13:11:16 +0000 Received: by outflank-mailman (input) for mailman id 178082; Fri, 03 Sep 2021 13:11:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mM8yR-0000NR-30 for xen-changelog@lists.xenproject.org; Fri, 03 Sep 2021 13:11:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mM8yR-0004r0-2C for xen-changelog@lists.xenproject.org; Fri, 03 Sep 2021 13:11:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mM8yR-0001AL-19 for xen-changelog@lists.xenproject.org; Fri, 03 Sep 2021 13:11:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=QL8nAnacpOc22UfR/mm0jxfb2WQAJS+XXrnBjR9tl0w=; b=1eee0dGHgaE67p2rPrYQ3zy5Nf jyVlpQQmMB4CqcZ5YYFrV4YSrvwF6tvo22w69XrvmglE0X0RFhILbbsJMoI2avAci9zyHcLhGRQnQ MMxAmmMeppHSZtXlhu+hCI87Jz+gMny0Hf0+ZkpqNGOIbpMMdnmxU1pmIAhGTDvM3nR4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] tools/libs: ROUNDUP() related adjustments Message-Id: Date: Fri, 03 Sep 2021 13:11:15 +0000 commit 5325b3eaf6a9d8600bf9e9e7428b5c336fd43c84 Author: Jan Beulich AuthorDate: Fri Sep 3 15:10:24 2021 +0200 Commit: Jan Beulich CommitDate: Fri Sep 3 15:10:24 2021 +0200 tools/libs: ROUNDUP() related adjustments For one xc_private.h needlessly repeats xen-tools/libs.h's definition. And then there are two suspicious uses (resulting from the inconsistency with the respective 2nd parameter of DIV_ROUNDUP()): While the one in tools/console/daemon/io.c - as per the code comment - intentionally uses 8 as the second argument (meaning to align to a multiple of 256), the one in alloc_magic_pages_hvm() pretty certainly does not: There the goal is to align to a uint64_t boundary, for the following module struct to end up aligned. Signed-off-by: Jan Beulich Reviewed-by: Juergen Gross Acked-by: Ian Jackson --- tools/libs/ctrl/xc_private.h | 2 -- tools/libs/guest/xg_dom_x86.c | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/tools/libs/ctrl/xc_private.h b/tools/libs/ctrl/xc_private.h index 3e299b943f..2e483590e6 100644 --- a/tools/libs/ctrl/xc_private.h +++ b/tools/libs/ctrl/xc_private.h @@ -63,8 +63,6 @@ struct iovec { #include #endif -#define ROUNDUP(_x,_w) (((unsigned long)(_x)+(1UL<<(_w))-1) & ~((1UL<<(_w))-1)) - #define DECLARE_DOMCTL struct xen_domctl domctl #define DECLARE_SYSCTL struct xen_sysctl sysctl #define DECLARE_PHYSDEV_OP struct physdev_op physdev_op diff --git a/tools/libs/guest/xg_dom_x86.c b/tools/libs/guest/xg_dom_x86.c index d2eb89ce01..b6e75afba2 100644 --- a/tools/libs/guest/xg_dom_x86.c +++ b/tools/libs/guest/xg_dom_x86.c @@ -678,7 +678,7 @@ static int alloc_magic_pages_hvm(struct xc_dom_image *dom) { if ( dom->cmdline ) { - dom->cmdline_size = ROUNDUP(strlen(dom->cmdline) + 1, 8); + dom->cmdline_size = ROUNDUP(strlen(dom->cmdline) + 1, 3); start_info_size += dom->cmdline_size; } } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Sep 03 13:11:26 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 03 Sep 2021 13:11:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.178085.323953 (Exim 4.92) (envelope-from ) id 1mM8yc-0000Vq-PS; Fri, 03 Sep 2021 13:11:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 178085.323953; Fri, 03 Sep 2021 13:11:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mM8yc-0000Vg-MF; Fri, 03 Sep 2021 13:11:26 +0000 Received: by outflank-mailman (input) for mailman id 178085; Fri, 03 Sep 2021 13:11:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mM8yb-0000VM-6X for xen-changelog@lists.xenproject.org; Fri, 03 Sep 2021 13:11:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mM8yb-0004rg-5j for xen-changelog@lists.xenproject.org; Fri, 03 Sep 2021 13:11:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mM8yb-0001BR-4o for xen-changelog@lists.xenproject.org; Fri, 03 Sep 2021 13:11:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=BwRoUBpQ4/90MsWeyTnwafZ2ahwPUah5m5Zyl8BiOdE=; b=qm/VrxQBia2M+D4O/OvF6IhKtJ QYcEJfPQ2LoRP3MKkNd8TrICc6T8Jm6/PjY8mLP/E3TwvlffT8QeMWx2n7Jrsn25vcOddwm9b4JrJ CeIGCmMmW7JMnsg8IqvmZEq4D4tHfMtKRoNELSrv46RalCCckwOo8jCOpfIn1jADYaXQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] tests/xenstore: link in librt if necessary Message-Id: Date: Fri, 03 Sep 2021 13:11:25 +0000 commit 2d4978ead4b98452bc45ebe47952e524b12e2b41 Author: Jan Beulich AuthorDate: Fri Sep 3 15:10:43 2021 +0200 Commit: Jan Beulich CommitDate: Fri Sep 3 15:10:43 2021 +0200 tests/xenstore: link in librt if necessary Old enough glibc has clock_gettime() in librt.so, hence the library needs to be specified to the linker. Newer glibc has the symbol available in both libraries, so make sure that libc.so is preferred (to avoid an unnecessary dependency on librt.so). Fixes: 93c9edbef51b ("tests/xenstore: Rework Makefile") Signed-off-by: Jan Beulich Reviewed-by: Juergen Gross Acked-by: Ian Jackson --- tools/tests/xenstore/Makefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tools/tests/xenstore/Makefile b/tools/tests/xenstore/Makefile index b9969dd090..239e1dce47 100644 --- a/tools/tests/xenstore/Makefile +++ b/tools/tests/xenstore/Makefile @@ -33,6 +33,9 @@ CFLAGS += $(APPEND_CFLAGS) LDFLAGS += $(LDLIBS_libxenstore) LDFLAGS += $(APPEND_LDFLAGS) +ifeq ($(CONFIG_Linux),y) +LDFLAGS += -Wl,--as-needed -lc -lrt +endif %.o: Makefile -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Sat Sep 04 07:55:06 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 04 Sep 2021 07:55:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.178652.324734 (Exim 4.92) (envelope-from ) id 1mMQVz-0001iD-CT; Sat, 04 Sep 2021 07:55:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 178652.324734; Sat, 04 Sep 2021 07:55:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mMQVz-0001i5-9G; Sat, 04 Sep 2021 07:55:03 +0000 Received: by outflank-mailman (input) for mailman id 178652; Sat, 04 Sep 2021 07:55:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mMQVy-0001hz-AV for xen-changelog@lists.xenproject.org; Sat, 04 Sep 2021 07:55:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mMQVy-0006oF-3n for xen-changelog@lists.xenproject.org; Sat, 04 Sep 2021 07:55:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mMQVy-0003dL-2Z for xen-changelog@lists.xenproject.org; Sat, 04 Sep 2021 07:55:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0PxNyXslMVWkr+f5o5Tda7AkbOrFG8a9nshncvWhndc=; b=sURQcCn6lx6WNGu/hi1UVsIC/u r6NsyRw+KdBJJQWrosufZLVEtQIlTWSuOCoFSMtdruTiq4gcX3sEisG6xrGYuLhuoQTPDNwJmESbK tA5AEpvl1peaNb473nSjTOARUdyZYwW1wR+IbGpxxZzVCtutm2kk7HPOamV8rUCp7/4o=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] libxc: split xc_logdirty_control() from xc_shadow_control() Message-Id: Date: Sat, 04 Sep 2021 07:55:02 +0000 commit 2107cc76db3a8dcf14f104cb6a8707a41fb9b018 Author: Jan Beulich AuthorDate: Fri Sep 3 15:09:48 2021 +0200 Commit: Jan Beulich CommitDate: Fri Sep 3 15:09:48 2021 +0200 libxc: split xc_logdirty_control() from xc_shadow_control() For log-dirty operations a 64-bit field is being truncated to become an "int" return value. Seeing the large number of arguments the present function takes, reduce its set of parameters to that needed for all operations not involving the log-dirty bitmap, while introducing a new wrapper for the log-dirty bitmap operations. This new function in turn doesn't need an "mb" parameter, but has a 64-bit return type. (Using the return value in favor of a pointer-type parameter is left as is, to disturb callers as little as possible.) While altering xc_shadow_control() anyway, also adjust the types of the last two of the remaining parameters. Signed-off-by: Jan Beulich Acked-by: Christian Lindig Reviewed-by: Juergen Gross Acked-by: Ian Jackson --- tools/include/xenctrl.h | 14 ++++++++---- tools/libs/ctrl/xc_domain.c | 43 ++++++++++++++++++++++++++--------- tools/libs/guest/xg_sr_restore.c | 4 ++-- tools/libs/guest/xg_sr_save.c | 20 ++++++++-------- tools/libs/light/libxl_colo_restore.c | 4 ++-- tools/libs/light/libxl_x86.c | 8 +++---- tools/ocaml/libs/xc/xenctrl_stubs.c | 8 +++---- tools/python/xen/lowlevel/xc/xc.c | 7 +++--- 8 files changed, 66 insertions(+), 42 deletions(-) diff --git a/tools/include/xenctrl.h b/tools/include/xenctrl.h index b77726eab7..a3063998e0 100644 --- a/tools/include/xenctrl.h +++ b/tools/include/xenctrl.h @@ -882,11 +882,15 @@ typedef struct xen_domctl_shadow_op_stats xc_shadow_op_stats_t; int xc_shadow_control(xc_interface *xch, uint32_t domid, unsigned int sop, - xc_hypercall_buffer_t *dirty_bitmap, - unsigned long pages, - unsigned long *mb, - uint32_t mode, - xc_shadow_op_stats_t *stats); + unsigned int *mb, + unsigned int mode); +long long xc_logdirty_control(xc_interface *xch, + uint32_t domid, + unsigned int sop, + xc_hypercall_buffer_t *dirty_bitmap, + unsigned long pages, + unsigned int mode, + xc_shadow_op_stats_t *stats); int xc_sched_credit_domain_set(xc_interface *xch, uint32_t domid, diff --git a/tools/libs/ctrl/xc_domain.c b/tools/libs/ctrl/xc_domain.c index a20e081b51..23322b70b5 100644 --- a/tools/libs/ctrl/xc_domain.c +++ b/tools/libs/ctrl/xc_domain.c @@ -650,25 +650,49 @@ int xc_watchdog(xc_interface *xch, int xc_shadow_control(xc_interface *xch, uint32_t domid, unsigned int sop, - xc_hypercall_buffer_t *dirty_bitmap, - unsigned long pages, - unsigned long *mb, - uint32_t mode, - xc_shadow_op_stats_t *stats) + unsigned int *mb, + unsigned int mode) { int rc; DECLARE_DOMCTL; - DECLARE_HYPERCALL_BUFFER_ARGUMENT(dirty_bitmap); memset(&domctl, 0, sizeof(domctl)); domctl.cmd = XEN_DOMCTL_shadow_op; domctl.domain = domid; domctl.u.shadow_op.op = sop; - domctl.u.shadow_op.pages = pages; domctl.u.shadow_op.mb = mb ? *mb : 0; domctl.u.shadow_op.mode = mode; - if (dirty_bitmap != NULL) + + rc = do_domctl(xch, &domctl); + + if ( mb ) + *mb = domctl.u.shadow_op.mb; + + return rc; +} + +long long xc_logdirty_control(xc_interface *xch, + uint32_t domid, + unsigned int sop, + xc_hypercall_buffer_t *dirty_bitmap, + unsigned long pages, + unsigned int mode, + xc_shadow_op_stats_t *stats) +{ + int rc; + struct xen_domctl domctl = { + .cmd = XEN_DOMCTL_shadow_op, + .domain = domid, + .u.shadow_op = { + .op = sop, + .pages = pages, + .mode = mode, + } + }; + DECLARE_HYPERCALL_BUFFER_ARGUMENT(dirty_bitmap); + + if ( dirty_bitmap ) set_xen_guest_handle(domctl.u.shadow_op.dirty_bitmap, dirty_bitmap); @@ -678,9 +702,6 @@ int xc_shadow_control(xc_interface *xch, memcpy(stats, &domctl.u.shadow_op.stats, sizeof(xc_shadow_op_stats_t)); - if ( mb ) - *mb = domctl.u.shadow_op.mb; - return (rc == 0) ? domctl.u.shadow_op.pages : rc; } diff --git a/tools/libs/guest/xg_sr_restore.c b/tools/libs/guest/xg_sr_restore.c index aa4113d7f6..074b56d263 100644 --- a/tools/libs/guest/xg_sr_restore.c +++ b/tools/libs/guest/xg_sr_restore.c @@ -433,10 +433,10 @@ static int send_checkpoint_dirty_pfn_list(struct xc_sr_context *ctx) DECLARE_HYPERCALL_BUFFER_SHADOW(unsigned long, dirty_bitmap, &ctx->restore.dirty_bitmap_hbuf); - if ( xc_shadow_control( + if ( xc_logdirty_control( xch, ctx->domid, XEN_DOMCTL_SHADOW_OP_CLEAN, HYPERCALL_BUFFER(dirty_bitmap), ctx->restore.p2m_size, - NULL, 0, &stats) != ctx->restore.p2m_size ) + 0, &stats) != ctx->restore.p2m_size ) { PERROR("Failed to retrieve logdirty bitmap"); goto err; diff --git a/tools/libs/guest/xg_sr_save.c b/tools/libs/guest/xg_sr_save.c index 0266e0a94a..9853d8d846 100644 --- a/tools/libs/guest/xg_sr_save.c +++ b/tools/libs/guest/xg_sr_save.c @@ -424,18 +424,18 @@ static int enable_logdirty(struct xc_sr_context *ctx) /* This juggling is required if logdirty is enabled for VRAM tracking. */ rc = xc_shadow_control(xch, ctx->domid, XEN_DOMCTL_SHADOW_OP_ENABLE_LOGDIRTY, - NULL, 0, NULL, 0, NULL); + NULL, 0); if ( rc < 0 ) { on1 = errno; rc = xc_shadow_control(xch, ctx->domid, XEN_DOMCTL_SHADOW_OP_OFF, - NULL, 0, NULL, 0, NULL); + NULL, 0); if ( rc < 0 ) off = errno; else { rc = xc_shadow_control(xch, ctx->domid, XEN_DOMCTL_SHADOW_OP_ENABLE_LOGDIRTY, - NULL, 0, NULL, 0, NULL); + NULL, 0); if ( rc < 0 ) on2 = errno; } @@ -552,10 +552,10 @@ static int send_memory_live(struct xc_sr_context *ctx) if ( policy_decision != XGS_POLICY_CONTINUE_PRECOPY ) break; - if ( xc_shadow_control( + if ( xc_logdirty_control( xch, ctx->domid, XEN_DOMCTL_SHADOW_OP_CLEAN, &ctx->save.dirty_bitmap_hbuf, ctx->save.p2m_size, - NULL, 0, &stats) != ctx->save.p2m_size ) + 0, &stats) != ctx->save.p2m_size ) { PERROR("Failed to retrieve logdirty bitmap"); rc = -1; @@ -649,10 +649,10 @@ static int suspend_and_send_dirty(struct xc_sr_context *ctx) if ( rc ) goto out; - if ( xc_shadow_control( + if ( xc_logdirty_control( xch, ctx->domid, XEN_DOMCTL_SHADOW_OP_CLEAN, HYPERCALL_BUFFER(dirty_bitmap), ctx->save.p2m_size, - NULL, XEN_DOMCTL_SHADOW_LOGDIRTY_FINAL, &stats) != + XEN_DOMCTL_SHADOW_LOGDIRTY_FINAL, &stats) != ctx->save.p2m_size ) { PERROR("Failed to retrieve logdirty bitmap"); @@ -712,10 +712,10 @@ static int verify_frames(struct xc_sr_context *ctx) if ( rc ) goto out; - if ( xc_shadow_control( + if ( xc_logdirty_control( xch, ctx->domid, XEN_DOMCTL_SHADOW_OP_PEEK, &ctx->save.dirty_bitmap_hbuf, ctx->save.p2m_size, - NULL, 0, &stats) != ctx->save.p2m_size ) + 0, &stats) != ctx->save.p2m_size ) { PERROR("Failed to retrieve logdirty bitmap"); rc = -1; @@ -830,7 +830,7 @@ static void cleanup(struct xc_sr_context *ctx) xc_shadow_control(xch, ctx->domid, XEN_DOMCTL_SHADOW_OP_OFF, - NULL, 0, NULL, 0, NULL); + NULL, 0); if ( ctx->save.ops.cleanup(ctx) ) PERROR("Failed to clean up"); diff --git a/tools/libs/light/libxl_colo_restore.c b/tools/libs/light/libxl_colo_restore.c index aa365670fb..3176eee360 100644 --- a/tools/libs/light/libxl_colo_restore.c +++ b/tools/libs/light/libxl_colo_restore.c @@ -62,7 +62,7 @@ static void colo_enable_logdirty(libxl__colo_restore_state *crs, libxl__egc *egc /* we need to know which pages are dirty to restore the guest */ if (xc_shadow_control(CTX->xch, domid, XEN_DOMCTL_SHADOW_OP_ENABLE_LOGDIRTY, - NULL, 0, NULL, 0, NULL) < 0) { + NULL, 0) < 0) { LOGD(ERROR, domid, "cannot enable secondary vm's logdirty"); lds->callback(egc, lds, ERROR_FAIL); return; @@ -90,7 +90,7 @@ static void colo_disable_logdirty(libxl__colo_restore_state *crs, /* we need to know which pages are dirty to restore the guest */ if (xc_shadow_control(CTX->xch, domid, XEN_DOMCTL_SHADOW_OP_OFF, - NULL, 0, NULL, 0, NULL) < 0) + NULL, 0) < 0) LOGD(WARN, domid, "cannot disable secondary vm's logdirty"); if (crs->hvm) { diff --git a/tools/libs/light/libxl_x86.c b/tools/libs/light/libxl_x86.c index 18c3c77ccd..6083878315 100644 --- a/tools/libs/light/libxl_x86.c +++ b/tools/libs/light/libxl_x86.c @@ -529,15 +529,15 @@ int libxl__arch_domain_create(libxl__gc *gc, xc_domain_set_time_offset(ctx->xch, domid, rtc_timeoffset); if (d_config->b_info.type != LIBXL_DOMAIN_TYPE_PV) { - unsigned long shadow_mb = DIV_ROUNDUP(d_config->b_info.shadow_memkb, - 1024); + unsigned int shadow_mb = DIV_ROUNDUP(d_config->b_info.shadow_memkb, + 1024); int r = xc_shadow_control(ctx->xch, domid, XEN_DOMCTL_SHADOW_OP_SET_ALLOCATION, - NULL, 0, &shadow_mb, 0, NULL); + &shadow_mb, 0); if (r) { LOGED(ERROR, domid, - "Failed to set %lu MiB %s allocation", + "Failed to set %u MiB %s allocation", shadow_mb, libxl_defbool_val(d_config->c_info.hap) ? "HAP" : "shadow"); ret = ERROR_FAIL; diff --git a/tools/ocaml/libs/xc/xenctrl_stubs.c b/tools/ocaml/libs/xc/xenctrl_stubs.c index dd09cb90aa..ad953d36bd 100644 --- a/tools/ocaml/libs/xc/xenctrl_stubs.c +++ b/tools/ocaml/libs/xc/xenctrl_stubs.c @@ -995,13 +995,13 @@ CAMLprim value stub_shadow_allocation_get(value xch, value domid) { CAMLparam2(xch, domid); CAMLlocal1(mb); - unsigned long c_mb; + unsigned int c_mb; int ret; caml_enter_blocking_section(); ret = xc_shadow_control(_H(xch), _D(domid), XEN_DOMCTL_SHADOW_OP_GET_ALLOCATION, - NULL, 0, &c_mb, 0, NULL); + &c_mb, 0); caml_leave_blocking_section(); if (ret != 0) failwith_xc(_H(xch)); @@ -1014,14 +1014,14 @@ CAMLprim value stub_shadow_allocation_set(value xch, value domid, value mb) { CAMLparam3(xch, domid, mb); - unsigned long c_mb; + unsigned int c_mb; int ret; c_mb = Int_val(mb); caml_enter_blocking_section(); ret = xc_shadow_control(_H(xch), _D(domid), XEN_DOMCTL_SHADOW_OP_SET_ALLOCATION, - NULL, 0, &c_mb, 0, NULL); + &c_mb, 0); caml_leave_blocking_section(); if (ret != 0) failwith_xc(_H(xch)); diff --git a/tools/python/xen/lowlevel/xc/xc.c b/tools/python/xen/lowlevel/xc/xc.c index 13a7603809..6293d205a3 100644 --- a/tools/python/xen/lowlevel/xc/xc.c +++ b/tools/python/xen/lowlevel/xc/xc.c @@ -1192,8 +1192,7 @@ static PyObject *pyxc_shadow_control(PyObject *self, &dom, &op) ) return NULL; - if ( xc_shadow_control(xc->xc_handle, dom, op, NULL, 0, NULL, 0, NULL) - < 0 ) + if ( xc_shadow_control(xc->xc_handle, dom, op, NULL, 0) < 0 ) return pyxc_error_to_exception(xc->xc_handle); Py_INCREF(zero); @@ -1208,7 +1207,7 @@ static PyObject *pyxc_shadow_mem_control(PyObject *self, int op; uint32_t dom; int mbarg = -1; - unsigned long mb; + unsigned int mb; static char *kwd_list[] = { "dom", "mb", NULL }; @@ -1223,7 +1222,7 @@ static PyObject *pyxc_shadow_mem_control(PyObject *self, mb = mbarg; op = XEN_DOMCTL_SHADOW_OP_SET_ALLOCATION; } - if ( xc_shadow_control(xc->xc_handle, dom, op, NULL, 0, &mb, 0, NULL) < 0 ) + if ( xc_shadow_control(xc->xc_handle, dom, op, &mb, 0) < 0 ) return pyxc_error_to_exception(xc->xc_handle); mbarg = mb; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Sep 04 07:55:13 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 04 Sep 2021 07:55:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.178653.324737 (Exim 4.92) (envelope-from ) id 1mMQW9-0001kn-FX; Sat, 04 Sep 2021 07:55:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 178653.324737; Sat, 04 Sep 2021 07:55:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mMQW9-0001kf-Ci; Sat, 04 Sep 2021 07:55:13 +0000 Received: by outflank-mailman (input) for mailman id 178653; Sat, 04 Sep 2021 07:55:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mMQW8-0001kV-8d for xen-changelog@lists.xenproject.org; Sat, 04 Sep 2021 07:55:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mMQW8-0006px-7o for xen-changelog@lists.xenproject.org; Sat, 04 Sep 2021 07:55:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mMQW8-0003f7-6i for xen-changelog@lists.xenproject.org; Sat, 04 Sep 2021 07:55:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=t6Dq5/vqBEef843/hDzpazoxYF4P7hU/W5oZueCNECc=; b=TTWqR8LKZtp3DdfBRTgeR9M13N zntfBVzDgRSpsOu8H78a2Td2EH6Rpa7LAGKWgjKz80nQ5tF+BOF+dS1rYyBJXNs1+X9PL4D34t7Tq K8r+XlOrCin1kIsLumk1xg/YkAtK13UI53Ao02U+QVDwDm9ZMGJP3ROvW5AMeCG2t3Y8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] tools/libs: ROUNDUP() related adjustments Message-Id: Date: Sat, 04 Sep 2021 07:55:12 +0000 commit 5325b3eaf6a9d8600bf9e9e7428b5c336fd43c84 Author: Jan Beulich AuthorDate: Fri Sep 3 15:10:24 2021 +0200 Commit: Jan Beulich CommitDate: Fri Sep 3 15:10:24 2021 +0200 tools/libs: ROUNDUP() related adjustments For one xc_private.h needlessly repeats xen-tools/libs.h's definition. And then there are two suspicious uses (resulting from the inconsistency with the respective 2nd parameter of DIV_ROUNDUP()): While the one in tools/console/daemon/io.c - as per the code comment - intentionally uses 8 as the second argument (meaning to align to a multiple of 256), the one in alloc_magic_pages_hvm() pretty certainly does not: There the goal is to align to a uint64_t boundary, for the following module struct to end up aligned. Signed-off-by: Jan Beulich Reviewed-by: Juergen Gross Acked-by: Ian Jackson --- tools/libs/ctrl/xc_private.h | 2 -- tools/libs/guest/xg_dom_x86.c | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/tools/libs/ctrl/xc_private.h b/tools/libs/ctrl/xc_private.h index 3e299b943f..2e483590e6 100644 --- a/tools/libs/ctrl/xc_private.h +++ b/tools/libs/ctrl/xc_private.h @@ -63,8 +63,6 @@ struct iovec { #include #endif -#define ROUNDUP(_x,_w) (((unsigned long)(_x)+(1UL<<(_w))-1) & ~((1UL<<(_w))-1)) - #define DECLARE_DOMCTL struct xen_domctl domctl #define DECLARE_SYSCTL struct xen_sysctl sysctl #define DECLARE_PHYSDEV_OP struct physdev_op physdev_op diff --git a/tools/libs/guest/xg_dom_x86.c b/tools/libs/guest/xg_dom_x86.c index d2eb89ce01..b6e75afba2 100644 --- a/tools/libs/guest/xg_dom_x86.c +++ b/tools/libs/guest/xg_dom_x86.c @@ -678,7 +678,7 @@ static int alloc_magic_pages_hvm(struct xc_dom_image *dom) { if ( dom->cmdline ) { - dom->cmdline_size = ROUNDUP(strlen(dom->cmdline) + 1, 8); + dom->cmdline_size = ROUNDUP(strlen(dom->cmdline) + 1, 3); start_info_size += dom->cmdline_size; } } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Sep 04 07:55:23 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 04 Sep 2021 07:55:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.178654.324742 (Exim 4.92) (envelope-from ) id 1mMQWJ-0001ni-Gt; Sat, 04 Sep 2021 07:55:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 178654.324742; Sat, 04 Sep 2021 07:55:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mMQWJ-0001na-E8; Sat, 04 Sep 2021 07:55:23 +0000 Received: by outflank-mailman (input) for mailman id 178654; Sat, 04 Sep 2021 07:55:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mMQWI-0001nK-C3 for xen-changelog@lists.xenproject.org; Sat, 04 Sep 2021 07:55:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mMQWI-0006qB-BB for xen-changelog@lists.xenproject.org; Sat, 04 Sep 2021 07:55:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mMQWI-0003gE-AG for xen-changelog@lists.xenproject.org; Sat, 04 Sep 2021 07:55:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=n8pQz+38iVplhQdQclvSeZ83+To/b4jouQo/EduQ5mY=; b=lQ1+IEkOfjS6IUcAU00AuEwEx9 wPkgiFWqtt4wb6BBJPQiRuTiZrpgTrv8aJ1TWqV12mSYs18p/GvChiy/gF1Ls4A54vWQJXyI2ctVS TQAMqXJ0trEKrQDvrNT3jrMXetAt2KUYyev1ziE/bFZddDhjh82uDZlc36Uhd/zVaMhU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] tests/xenstore: link in librt if necessary Message-Id: Date: Sat, 04 Sep 2021 07:55:22 +0000 commit 2d4978ead4b98452bc45ebe47952e524b12e2b41 Author: Jan Beulich AuthorDate: Fri Sep 3 15:10:43 2021 +0200 Commit: Jan Beulich CommitDate: Fri Sep 3 15:10:43 2021 +0200 tests/xenstore: link in librt if necessary Old enough glibc has clock_gettime() in librt.so, hence the library needs to be specified to the linker. Newer glibc has the symbol available in both libraries, so make sure that libc.so is preferred (to avoid an unnecessary dependency on librt.so). Fixes: 93c9edbef51b ("tests/xenstore: Rework Makefile") Signed-off-by: Jan Beulich Reviewed-by: Juergen Gross Acked-by: Ian Jackson --- tools/tests/xenstore/Makefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tools/tests/xenstore/Makefile b/tools/tests/xenstore/Makefile index b9969dd090..239e1dce47 100644 --- a/tools/tests/xenstore/Makefile +++ b/tools/tests/xenstore/Makefile @@ -33,6 +33,9 @@ CFLAGS += $(APPEND_CFLAGS) LDFLAGS += $(LDLIBS_libxenstore) LDFLAGS += $(APPEND_LDFLAGS) +ifeq ($(CONFIG_Linux),y) +LDFLAGS += -Wl,--as-needed -lc -lrt +endif %.o: Makefile -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Sep 06 17:55:12 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 06 Sep 2021 17:55:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.180155.326674 (Exim 4.92) (envelope-from ) id 1mNIpm-0003iA-QC; Mon, 06 Sep 2021 17:55:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 180155.326674; Mon, 06 Sep 2021 17:55:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNIpm-0003i3-NR; Mon, 06 Sep 2021 17:55:06 +0000 Received: by outflank-mailman (input) for mailman id 180155; Mon, 06 Sep 2021 17:55:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNIpl-0003hx-F7 for xen-changelog@lists.xenproject.org; Mon, 06 Sep 2021 17:55:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNIpl-0001Tt-CM for xen-changelog@lists.xenproject.org; Mon, 06 Sep 2021 17:55:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNIpl-0005sJ-BE for xen-changelog@lists.xenproject.org; Mon, 06 Sep 2021 17:55:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rZvWoolsDD1MDSbV0KZRJ06LUVbN33voG9pdLUoYemI=; b=4CX7feLWZ+zk9sq/Dh6LQuxV3i 2Lpoj/kwQS3WXrdQtaR/kctuNQvt9xbmdUro+9Jp88STdIJppVDsIl/A7DUri25dCcT1Im1JL1dT4 +e0PmJ/hcvOjt5f+NAeRjZVoI4TJlkQL6c2zdW57PI9DTXSqdu3M9jV4a8LAfP85hEVc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm64: Remove vreg_emulate_sysreg32 Message-Id: Date: Mon, 06 Sep 2021 17:55:05 +0000 commit 6c27a8da8d2024aa78a9ec67bcfb18c123e84a17 Author: Michal Orzel AuthorDate: Thu Jul 29 12:42:58 2021 +0200 Commit: Julien Grall CommitDate: Mon Sep 6 17:45:13 2021 +0000 xen/arm64: Remove vreg_emulate_sysreg32 According to ARMv8A architecture, AArch64 registers are 64bit wide even though in many cases the upper 32bit is reserved. Therefore there is no need for function vreg_emulate_sysreg32 on arm64. This means that we can have just one function vreg_emulate_sysreg using new function pointer: typedef bool (*vreg_reg_fn_t)(struct cpu_user_regs *regs, register_t *r, bool read); Modify vreg_emulate_cp32 to use the new function pointer as well. This change allows to properly use 64bit registers in AArch64 state. In case of AArch32 the documentation (D1.20.2, DDI 0487A.j) states that "the upper 32 bits either become zero, or hold the value that the same architectural register held before any AArch32 execution." As the choice between them is IMPLEMENTATION DEFINED we cannot assume they are zeroed. Xen should ensure that but currently it does not. This is not a new bug and must be fixed as agreed during a discussion over this patch. Take the opportunity to switch CNTx_CTL_* to use UL to avoid any surprise with the negation of any bits (as used in vtimer_cntp_ctl) Signed-off-by: Michal Orzel Reviewed-by: Julien Grall --- xen/arch/arm/arm64/vsysreg.c | 2 +- xen/arch/arm/vcpreg.c | 16 ++++++++++++---- xen/arch/arm/vgic-v3.c | 2 +- xen/arch/arm/vtimer.c | 11 ++++++----- xen/include/asm-arm/processor.h | 4 ++-- xen/include/asm-arm/vreg.h | 38 +++++++------------------------------- 6 files changed, 29 insertions(+), 44 deletions(-) diff --git a/xen/arch/arm/arm64/vsysreg.c b/xen/arch/arm/arm64/vsysreg.c index 887266dd46..cf55544081 100644 --- a/xen/arch/arm/arm64/vsysreg.c +++ b/xen/arch/arm/arm64/vsysreg.c @@ -64,7 +64,7 @@ TVM_REG(CONTEXTIDR_EL1) { \ bool res; \ \ - res = vreg_emulate_sysreg64(regs, hsr, vreg_emulate_##reg); \ + res = vreg_emulate_sysreg(regs, hsr, vreg_emulate_##reg); \ ASSERT(res); \ break; \ } diff --git a/xen/arch/arm/vcpreg.c b/xen/arch/arm/vcpreg.c index 33259c4194..dfc18d12ff 100644 --- a/xen/arch/arm/vcpreg.c +++ b/xen/arch/arm/vcpreg.c @@ -57,9 +57,17 @@ #define WRITE_SYSREG_SZ(sz, val, sysreg...) WRITE_SYSREG##sz(val, sysreg) #endif +/* + * type32_t is defined as register_t due to the vreg_emulate_cp32 and + * vreg_emulate_sysreg taking function pointer with register_t type used for + * passing register's value. + */ +typedef register_t type32_t; +typedef uint64_t type64_t; + /* The name is passed from the upper macro to workaround macro expansion. */ #define TVM_REG(sz, func, reg...) \ -static bool func(struct cpu_user_regs *regs, uint##sz##_t *r, bool read) \ +static bool func(struct cpu_user_regs *regs, type##sz##_t *r, bool read) \ { \ struct vcpu *v = current; \ bool cache_enabled = vcpu_has_cache_enabled(v); \ @@ -83,7 +91,7 @@ static bool func(struct cpu_user_regs *regs, uint##sz##_t *r, bool read) \ #else /* CONFIG_ARM_64 */ #define TVM_REG32_COMBINED(lowreg, hireg, xreg) \ -static bool vreg_emulate_##xreg(struct cpu_user_regs *regs, uint32_t *r, \ +static bool vreg_emulate_##xreg(struct cpu_user_regs *regs, register_t *r, \ bool read, bool hi) \ { \ struct vcpu *v = current; \ @@ -108,13 +116,13 @@ static bool vreg_emulate_##xreg(struct cpu_user_regs *regs, uint32_t *r, \ return true; \ } \ \ -static bool vreg_emulate_##lowreg(struct cpu_user_regs *regs, uint32_t *r, \ +static bool vreg_emulate_##lowreg(struct cpu_user_regs *regs, register_t *r,\ bool read) \ { \ return vreg_emulate_##xreg(regs, r, read, false); \ } \ \ -static bool vreg_emulate_##hireg(struct cpu_user_regs *regs, uint32_t *r, \ +static bool vreg_emulate_##hireg(struct cpu_user_regs *regs, register_t *r, \ bool read) \ { \ return vreg_emulate_##xreg(regs, r, read, true); \ diff --git a/xen/arch/arm/vgic-v3.c b/xen/arch/arm/vgic-v3.c index 613f37abab..cb5a70c42e 100644 --- a/xen/arch/arm/vgic-v3.c +++ b/xen/arch/arm/vgic-v3.c @@ -1531,7 +1531,7 @@ static bool vgic_v3_emulate_sysreg(struct cpu_user_regs *regs, union hsr hsr) switch ( hsr.bits & HSR_SYSREG_REGS_MASK ) { case HSR_SYSREG_ICC_SGI1R_EL1: - return vreg_emulate_sysreg64(regs, hsr, vgic_v3_emulate_sgi1r); + return vreg_emulate_sysreg(regs, hsr, vgic_v3_emulate_sgi1r); default: return false; diff --git a/xen/arch/arm/vtimer.c b/xen/arch/arm/vtimer.c index 167fc6127a..0196951af4 100644 --- a/xen/arch/arm/vtimer.c +++ b/xen/arch/arm/vtimer.c @@ -162,7 +162,8 @@ void virt_timer_restore(struct vcpu *v) WRITE_SYSREG(v->arch.virt_timer.ctl, CNTV_CTL_EL0); } -static bool vtimer_cntp_ctl(struct cpu_user_regs *regs, uint32_t *r, bool read) +static bool vtimer_cntp_ctl(struct cpu_user_regs *regs, register_t *r, + bool read) { struct vcpu *v = current; s_time_t expires; @@ -197,7 +198,7 @@ static bool vtimer_cntp_ctl(struct cpu_user_regs *regs, uint32_t *r, bool read) return true; } -static bool vtimer_cntp_tval(struct cpu_user_regs *regs, uint32_t *r, +static bool vtimer_cntp_tval(struct cpu_user_regs *regs, register_t *r, bool read) { struct vcpu *v = current; @@ -316,11 +317,11 @@ static bool vtimer_emulate_sysreg(struct cpu_user_regs *regs, union hsr hsr) switch ( hsr.bits & HSR_SYSREG_REGS_MASK ) { case HSR_SYSREG_CNTP_CTL_EL0: - return vreg_emulate_sysreg32(regs, hsr, vtimer_cntp_ctl); + return vreg_emulate_sysreg(regs, hsr, vtimer_cntp_ctl); case HSR_SYSREG_CNTP_TVAL_EL0: - return vreg_emulate_sysreg32(regs, hsr, vtimer_cntp_tval); + return vreg_emulate_sysreg(regs, hsr, vtimer_cntp_tval); case HSR_SYSREG_CNTP_CVAL_EL0: - return vreg_emulate_sysreg64(regs, hsr, vtimer_cntp_cval); + return vreg_emulate_sysreg(regs, hsr, vtimer_cntp_cval); default: return false; diff --git a/xen/include/asm-arm/processor.h b/xen/include/asm-arm/processor.h index 2577e9a244..2058b69447 100644 --- a/xen/include/asm-arm/processor.h +++ b/xen/include/asm-arm/processor.h @@ -484,9 +484,9 @@ extern register_t __cpu_logical_map[]; #define CNTKCTL_EL1_EL0PTEN (1u<<9) /* Expose phys timer registers to EL0 */ /* Timer control registers */ -#define CNTx_CTL_ENABLE (1u<<0) /* Enable timer */ +#define CNTx_CTL_ENABLE (1ul<<0) /* Enable timer */ #define CNTx_CTL_MASK (1ul<<1) /* Mask IRQ */ -#define CNTx_CTL_PENDING (1u<<2) /* IRQ pending */ +#define CNTx_CTL_PENDING (1ul<<2) /* IRQ pending */ /* Timer frequency mask */ #define CNTFRQ_MASK GENMASK(31, 0) diff --git a/xen/include/asm-arm/vreg.h b/xen/include/asm-arm/vreg.h index 1253753833..fa2f4cdb17 100644 --- a/xen/include/asm-arm/vreg.h +++ b/xen/include/asm-arm/vreg.h @@ -4,13 +4,13 @@ #ifndef __ASM_ARM_VREG__ #define __ASM_ARM_VREG__ -typedef bool (*vreg_reg32_fn_t)(struct cpu_user_regs *regs, uint32_t *r, - bool read); typedef bool (*vreg_reg64_fn_t)(struct cpu_user_regs *regs, uint64_t *r, bool read); +typedef bool (*vreg_reg_fn_t)(struct cpu_user_regs *regs, register_t *r, + bool read); static inline bool vreg_emulate_cp32(struct cpu_user_regs *regs, union hsr hsr, - vreg_reg32_fn_t fn) + vreg_reg_fn_t fn) { struct hsr_cp32 cp32 = hsr.cp32; /* @@ -18,7 +18,7 @@ static inline bool vreg_emulate_cp32(struct cpu_user_regs *regs, union hsr hsr, * implementation error in the emulation (such as not correctly * setting r). */ - uint32_t r = 0; + register_t r = 0; bool ret; if ( !cp32.read ) @@ -64,11 +64,11 @@ static inline bool vreg_emulate_cp64(struct cpu_user_regs *regs, union hsr hsr, } #ifdef CONFIG_ARM_64 -static inline bool vreg_emulate_sysreg32(struct cpu_user_regs *regs, union hsr hsr, - vreg_reg32_fn_t fn) +static inline bool vreg_emulate_sysreg(struct cpu_user_regs *regs, union hsr hsr, + vreg_reg_fn_t fn) { struct hsr_sysreg sysreg = hsr.sysreg; - uint32_t r = 0; + register_t r = 0; bool ret; if ( !sysreg.read ) @@ -81,30 +81,6 @@ static inline bool vreg_emulate_sysreg32(struct cpu_user_regs *regs, union hsr h return ret; } - -static inline bool vreg_emulate_sysreg64(struct cpu_user_regs *regs, union hsr hsr, - vreg_reg64_fn_t fn) -{ - struct hsr_sysreg sysreg = hsr.sysreg; - /* - * Initialize to zero to avoid leaking data if there is an - * implementation error in the emulation (such as not correctly - * setting x). - */ - uint64_t x = 0; - bool ret; - - if ( !sysreg.read ) - x = get_user_reg(regs, sysreg.reg); - - ret = fn(regs, &x, sysreg.read); - - if ( ret && sysreg.read ) - set_user_reg(regs, sysreg.reg, x); - - return ret; -} - #endif #define VREG_REG_MASK(size) ((~0UL) >> (BITS_PER_LONG - ((1 << (size)) * 8))) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Sep 07 07:44:10 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 07 Sep 2021 07:44:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.180490.327158 (Exim 4.92) (envelope-from ) id 1mNVm2-0002Tp-JV; Tue, 07 Sep 2021 07:44:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 180490.327158; Tue, 07 Sep 2021 07:44:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVm2-0002Tg-GC; Tue, 07 Sep 2021 07:44:06 +0000 Received: by outflank-mailman (input) for mailman id 180490; Tue, 07 Sep 2021 07:44:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVm1-0002TW-6f for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:44:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVm1-0006VZ-3c for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:44:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNVm1-0005UK-2K for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:44:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=H5r+8aPB63WxGpGTHwC8IB7V7/20DtEdVBBWoEGfkQU=; b=xg5x3YT2Y8PfaAhEhjU6QrMpvn 5b0qYdNvfA2WxFnQwCn2ZQ3lvkU9kS82To6BqYlYbJxrbt7XbxLWMwa7HpS+5rn7aDb0nEtcj6H7V cDx1rYMUSYVXRweXTWs+5h4CHZq2bAe5VzRNLwqtQUQ4DeOKrVndAsFD2QOVIuzRXOiQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] build: introduce cpp_flags macro Message-Id: Date: Tue, 07 Sep 2021 07:44:05 +0000 commit 2ff44490fcbde6f43891a4835286dae6cd0c265e Author: Anthony PERARD AuthorDate: Tue Sep 7 09:14:12 2021 +0200 Commit: Jan Beulich CommitDate: Tue Sep 7 09:14:12 2021 +0200 build: introduce cpp_flags macro Signed-off-by: Anthony PERARD Reviewed-by: Jan Beulich --- xen/Makefile | 2 +- xen/Rules.mk | 7 +++++-- xen/arch/x86/Makefile | 2 +- xen/arch/x86/mm/Makefile | 2 +- xen/arch/x86/mm/hap/Makefile | 2 +- xen/arch/x86/mm/shadow/Makefile | 2 +- 6 files changed, 10 insertions(+), 7 deletions(-) diff --git a/xen/Makefile b/xen/Makefile index 94e8371826..4ceb02d374 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -410,7 +410,7 @@ include/xen/compile.h: include/xen/compile.h.in .banner @mv -f $@.new $@ asm-offsets.s: arch/$(TARGET_ARCH)/$(TARGET_SUBARCH)/asm-offsets.c - $(CC) $(filter-out -Wa$(comma)% -flto,$(c_flags)) -S -g0 -o $@.new -MQ $@ $< + $(CC) $(call cpp_flags,$(c_flags)) -S -g0 -o $@.new -MQ $@ $< $(call move-if-changed,$@.new,$@) include/asm-$(TARGET_ARCH)/asm-offsets.h: asm-offsets.s diff --git a/xen/Rules.mk b/xen/Rules.mk index d65d6a4899..3503f13235 100644 --- a/xen/Rules.mk +++ b/xen/Rules.mk @@ -133,6 +133,9 @@ endif # Always build obj-bin files as binary even if they come from C source. $(obj-bin-y): XEN_CFLAGS := $(filter-out -flto,$(XEN_CFLAGS)) +# To be use with e.g. $(a_flags) or $(c_flags) to produce CPP flags +cpp_flags = $(filter-out -Wa$(comma)% -flto,$(1)) + # Calculation of flags, first the generic flags, then the arch specific flags, # and last the flags modified for a target or a directory. @@ -222,13 +225,13 @@ $(filter %.init.o,$(obj-y) $(obj-bin-y) $(extra-y)): %.init.o: %.o FORCE $(call if_changed,obj_init_o) quiet_cmd_cpp_i_c = CPP $@ -cmd_cpp_i_c = $(CPP) $(filter-out -Wa$(comma)%,$(c_flags)) -MQ $@ -o $@ $< +cmd_cpp_i_c = $(CPP) $(call cpp_flags,$(c_flags)) -MQ $@ -o $@ $< quiet_cmd_cc_s_c = CC $@ cmd_cc_s_c = $(CC) $(filter-out -Wa$(comma)%,$(c_flags)) -S $< -o $@ quiet_cmd_cpp_s_S = CPP $@ -cmd_cpp_s_S = $(CPP) $(filter-out -Wa$(comma)%,$(a_flags)) -MQ $@ -o $@ $< +cmd_cpp_s_S = $(CPP) $(call cpp_flags,$(a_flags)) -MQ $@ -o $@ $< %.i: %.c FORCE $(call if_changed,cpp_i_c) diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index fe38cfd544..462472215c 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -292,7 +292,7 @@ $(BASEDIR)/include/asm-x86/asm-macros.h: asm-macros.i Makefile efi.lds: AFLAGS-y += -DEFI xen.lds efi.lds: xen.lds.S - $(CPP) -P $(filter-out -Wa$(comma)%,$(a_flags)) -MQ $@ -o $@ $< + $(CPP) -P $(call cpp_flags,$(a_flags)) -MQ $@ -o $@ $< boot/mkelf32: boot/mkelf32.c $(HOSTCC) $(HOSTCFLAGS) -o $@ $< diff --git a/xen/arch/x86/mm/Makefile b/xen/arch/x86/mm/Makefile index b31041644f..2818c066f7 100644 --- a/xen/arch/x86/mm/Makefile +++ b/xen/arch/x86/mm/Makefile @@ -15,7 +15,7 @@ guest_walk_%.o: guest_walk.c Makefile $(CC) $(c_flags) -DGUEST_PAGING_LEVELS=$* -c $< -o $@ guest_walk_%.i: guest_walk.c Makefile - $(CPP) $(filter-out -Wa$(comma)%,$(c_flags)) -DGUEST_PAGING_LEVELS=$* -c $< -o $@ + $(CPP) $(call cpp_flags,$(c_flags)) -DGUEST_PAGING_LEVELS=$* -c $< -o $@ guest_walk_%.s: guest_walk.c Makefile $(CC) $(filter-out -Wa$(comma)%,$(c_flags)) -DGUEST_PAGING_LEVELS=$* -S $< -o $@ diff --git a/xen/arch/x86/mm/hap/Makefile b/xen/arch/x86/mm/hap/Makefile index 22e7ad54bd..c6d296b517 100644 --- a/xen/arch/x86/mm/hap/Makefile +++ b/xen/arch/x86/mm/hap/Makefile @@ -9,7 +9,7 @@ guest_walk_%level.o: guest_walk.c Makefile $(CC) $(c_flags) -DGUEST_PAGING_LEVELS=$* -c $< -o $@ guest_walk_%level.i: guest_walk.c Makefile - $(CPP) $(filter-out -Wa$(comma)%,$(c_flags)) -DGUEST_PAGING_LEVELS=$* -c $< -o $@ + $(CPP) $(call cpp_flags,$(c_flags)) -DGUEST_PAGING_LEVELS=$* -c $< -o $@ guest_walk_%level.s: guest_walk.c Makefile $(CC) $(filter-out -Wa$(comma)%,$(c_flags)) -DGUEST_PAGING_LEVELS=$* -S $< -o $@ diff --git a/xen/arch/x86/mm/shadow/Makefile b/xen/arch/x86/mm/shadow/Makefile index 770213fe9d..fd64b4dda9 100644 --- a/xen/arch/x86/mm/shadow/Makefile +++ b/xen/arch/x86/mm/shadow/Makefile @@ -10,7 +10,7 @@ guest_%.o: multi.c Makefile $(CC) $(c_flags) -DGUEST_PAGING_LEVELS=$* -c $< -o $@ guest_%.i: multi.c Makefile - $(CPP) $(filter-out -Wa$(comma)%,$(c_flags)) -DGUEST_PAGING_LEVELS=$* -c $< -o $@ + $(CPP) $(call cpp_flags,$(c_flags)) -DGUEST_PAGING_LEVELS=$* -c $< -o $@ guest_%.s: multi.c Makefile $(CC) $(filter-out -Wa$(comma)%,$(c_flags)) -DGUEST_PAGING_LEVELS=$* -S $< -o $@ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Sep 07 07:44:16 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 07 Sep 2021 07:44:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.180491.327162 (Exim 4.92) (envelope-from ) id 1mNVmC-0002Xc-Kp; Tue, 07 Sep 2021 07:44:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 180491.327162; Tue, 07 Sep 2021 07:44:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVmC-0002XU-Hi; Tue, 07 Sep 2021 07:44:16 +0000 Received: by outflank-mailman (input) for mailman id 180491; Tue, 07 Sep 2021 07:44:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVmB-0002Vw-8A for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:44:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVmB-0006Vh-7O for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:44:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNVmB-0005VK-6M for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:44:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=dXkHMpTPVemUbj0gHUId9+83DqixmXoXfOo0hqCm+X4=; b=lIdzh0aRYxn4TDnPV+B2vlt7xa Jj0iOQdka2wXguqnAtZsJvdquixzNognxV6V4vZr8hWLoWbx8dnWXkXP5auto0d0OttOxDnkal5Fu bWdOwS2fLWR5KwMFvmMgWXjuomOAJfFek3iGFEE0V/cieGyv42gCuhSiFlELq8VjbEyM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] build: use if_changed on built_in.o Message-Id: Date: Tue, 07 Sep 2021 07:44:15 +0000 commit a4ebe125ee701a35b8c24b36503390970962c9ec Author: Anthony PERARD AuthorDate: Tue Sep 7 09:14:32 2021 +0200 Commit: Jan Beulich CommitDate: Tue Sep 7 09:14:32 2021 +0200 build: use if_changed on built_in.o In the case where $(obj-y) is empty, we also replace $(c_flags) by $(XEN_CFLAGS) to avoid generating an .%.d dependency file. This avoid make trying to include %.h file in the ld command if $(obj-y) isn't empty anymore on a second run. Signed-off-by: Anthony PERARD Acked-by: Jan Beulich --- xen/Rules.mk | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/xen/Rules.mk b/xen/Rules.mk index 3503f13235..a715a4525e 100644 --- a/xen/Rules.mk +++ b/xen/Rules.mk @@ -147,17 +147,22 @@ include $(BASEDIR)/arch/$(TARGET_ARCH)/Rules.mk c_flags += $(CFLAGS-y) a_flags += $(CFLAGS-y) $(AFLAGS-y) -built_in.o: $(obj-y) $(if $(strip $(lib-y)),lib.a) $(extra-y) -ifeq ($(strip $(obj-y)),) - $(CC) $(c_flags) -c -x c /dev/null -o $@ -else +quiet_cmd_cc_builtin = CC $@ +cmd_cc_builtin = \ + $(CC) $(XEN_CFLAGS) -c -x c /dev/null -o $@ + +quiet_cmd_ld_builtin = LD $@ ifeq ($(CONFIG_LTO),y) - $(LD_LTO) -r -o $@ $(filter $(obj-y),$^) +cmd_ld_builtin = \ + $(LD_LTO) -r -o $@ $(filter $(obj-y),$(real-prereqs)) else - $(LD) $(XEN_LDFLAGS) -r -o $@ $(filter $(obj-y),$^) -endif +cmd_ld_builtin = \ + $(LD) $(XEN_LDFLAGS) -r -o $@ $(filter $(obj-y),$(real-prereqs)) endif +built_in.o: $(obj-y) $(if $(strip $(lib-y)),lib.a) $(extra-y) FORCE + $(call if_changed,$(if $(strip $(obj-y)),ld_builtin,cc_builtin)) + lib.a: $(lib-y) FORCE $(call if_changed,ar) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Sep 07 07:44:26 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 07 Sep 2021 07:44:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.180494.327166 (Exim 4.92) (envelope-from ) id 1mNVmM-0002bf-Mb; Tue, 07 Sep 2021 07:44:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 180494.327166; Tue, 07 Sep 2021 07:44:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVmM-0002bV-JZ; Tue, 07 Sep 2021 07:44:26 +0000 Received: by outflank-mailman (input) for mailman id 180494; Tue, 07 Sep 2021 07:44:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVmL-0002bD-Bb for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:44:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVmL-0006WE-An for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:44:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNVmL-0005WA-9p for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:44:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=yFP+wIJz+BiRQt0kug72bXdosXNnCl1wMipHjPPmEo8=; b=Gxc63yEoYeMQXNMkbRFWPOGFBj cSdSSJvxWqFQQZbYZr7XXej5LE+wFenN+0QdattdMVBhA44kYJ7sQxHtMKCUSYx5sXx4jKJOKQGI+ xN4Kgyh1ovDPZDTIgzXNcXA9B46kY0DtOguZTGHlATBxDeubsPJIXY3jrvDaL/gxP0H8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] build: use if_changed_rule with %.o:%.c targets Message-Id: Date: Tue, 07 Sep 2021 07:44:25 +0000 commit 332c735d24387152e8f578e38066b5d03803c2a2 Author: Anthony PERARD AuthorDate: Tue Sep 7 09:16:45 2021 +0200 Commit: Jan Beulich CommitDate: Tue Sep 7 09:16:45 2021 +0200 build: use if_changed_rule with %.o:%.c targets Use $(dot-target) to have the target name prefix with a dot. Now, when the CC command has run, it is recorded in .*.cmd file, then if_changed_rules will compare it on subsequent runs. Signed-off-by: Anthony PERARD Reviewed-by: Jan Beulich --- xen/Rules.mk | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/xen/Rules.mk b/xen/Rules.mk index a715a4525e..11c253026b 100644 --- a/xen/Rules.mk +++ b/xen/Rules.mk @@ -192,19 +192,27 @@ FORCE: SRCPATH := $(patsubst $(BASEDIR)/%,%,$(CURDIR)) -%.o: %.c Makefile +quiet_cmd_cc_o_c = CC $@ ifeq ($(CONFIG_ENFORCE_UNIQUE_SYMBOLS),y) - $(CC) $(c_flags) -c $< -o $(@D)/.$(@F).tmp -MQ $@ -ifeq ($(CONFIG_CC_IS_CLANG),y) - $(OBJCOPY) --redefine-sym $<=$(SRCPATH)/$< $(@D)/.$(@F).tmp $@ -else - $(OBJCOPY) --redefine-sym $( Envelope-to: archives@lists.xen.org Delivery-date: Tue, 07 Sep 2021 07:44:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.180497.327170 (Exim 4.92) (envelope-from ) id 1mNVmW-0002fA-Oh; Tue, 07 Sep 2021 07:44:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 180497.327170; Tue, 07 Sep 2021 07:44:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVmW-0002f0-Lf; Tue, 07 Sep 2021 07:44:36 +0000 Received: by outflank-mailman (input) for mailman id 180497; Tue, 07 Sep 2021 07:44:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVmV-0002ei-FC for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:44:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVmV-0006WV-EI for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:44:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNVmV-0005XH-DL for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:44:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=lR0VHJEQdWW1WqBOE3JBeZ1uqj1vRhmv9NGEbUYNZFg=; b=6Cuk4Zv5ocrCXHoX7QZ7Ql1HL2 GSYduxs6Kk3goJyTANkRK66otNd/xmjAsXXI3SDUpX1UGv1IOhZxg8skRSsIzivuHVRmfXJyr90YT YWjDXDrUu/0DdvmTWZSD+U6grs9FLlBFTuTX0rv4WtOGj26svXho8g29DNcGYlcJfYkE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] build,include: rework compat-build-source.py Message-Id: Date: Tue, 07 Sep 2021 07:44:35 +0000 commit 38c1818e24e7344fb8f6da18936850ebb5854978 Author: Anthony PERARD AuthorDate: Tue Sep 7 09:28:43 2021 +0200 Commit: Jan Beulich CommitDate: Tue Sep 7 09:28:43 2021 +0200 build,include: rework compat-build-source.py Improvement are: - give the path to xlat.lst as argument - include `grep -v` in compat-build-source.py script, we don't need to write this in several scripted language. No changes in final compat/%.h headers. Signed-off-by: Anthony PERARD Acked-by: Jan Beulich --- xen/include/Makefile | 3 +-- xen/tools/compat-build-source.py | 8 +++++++- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/xen/include/Makefile b/xen/include/Makefile index c8ca97eed0..4fa10e68f9 100644 --- a/xen/include/Makefile +++ b/xen/include/Makefile @@ -61,8 +61,7 @@ compat/%.i: compat/%.c Makefile compat/%.c: public/%.h xlat.lst Makefile $(BASEDIR)/tools/compat-build-source.py mkdir -p $(@D) - grep -v 'DEFINE_XEN_GUEST_HANDLE(long)' $< | \ - $(PYTHON) $(BASEDIR)/tools/compat-build-source.py >$@.new + $(PYTHON) $(BASEDIR)/tools/compat-build-source.py xlat.lst <$< >$@.new mv -f $@.new $@ compat/.xlat/%.h: compat/%.h compat/.xlat/%.lst $(BASEDIR)/tools/get-fields.sh Makefile diff --git a/xen/tools/compat-build-source.py b/xen/tools/compat-build-source.py index 2bcaf27d05..274d6917ab 100755 --- a/xen/tools/compat-build-source.py +++ b/xen/tools/compat-build-source.py @@ -13,7 +13,11 @@ pats = [ [ r"XEN_GUEST_HANDLE", r"COMPAT_HANDLE" ], ]; -xlatf = open('xlat.lst', 'r') +try: + xlatf = open(sys.argv[1], 'r') +except IndexError: + print('missing path to xlat.lst argument') + sys.exit(1) for line in xlatf.readlines(): match = re.subn(r"^\s*\?\s+(\w*)\s.*", r"\1", line.rstrip()) if match[1]: @@ -25,6 +29,8 @@ for pat in pats: pat[0] = re.compile(pat[0]) for line in sys.stdin.readlines(): + if 'DEFINE_XEN_GUEST_HANDLE(long)' in line: + continue for pat in pats: line = re.sub(pat[0], pat[1], line) print(line.rstrip()) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Sep 07 07:44:46 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 07 Sep 2021 07:44:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.180499.327174 (Exim 4.92) (envelope-from ) id 1mNVmg-0002ii-Ra; Tue, 07 Sep 2021 07:44:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 180499.327174; Tue, 07 Sep 2021 07:44:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVmg-0002ia-OU; Tue, 07 Sep 2021 07:44:46 +0000 Received: by outflank-mailman (input) for mailman id 180499; Tue, 07 Sep 2021 07:44:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVmf-0002iM-Ik for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:44:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVmf-0006Wm-Hu for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:44:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNVmf-0005YX-H3 for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:44:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=a4+4CT8HD3Kk5+RrdD1HTkIuu5hzoGTkTNPIo8/Y6rk=; b=mnXYBiqhaIMrWVyC4L4cbSWSEw gGns49PCu2RBCW0gjCQywAnueXc1Nl45++eCgrJy68rWsIcYUFPGCFGaFL2XvpGFca9efbeb8/KgI orsksJOJEnVbkWs6mB+gpJvHQqVDLYfB5a4kwetgpEqU5UlPV1xXHj/hBHgTAtZtP130=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] build,include: rework compat-build-header.py Message-Id: Date: Tue, 07 Sep 2021 07:44:45 +0000 commit 1c52edfa2cd279ac34f8d038ada6a88ca23b2612 Author: Anthony PERARD AuthorDate: Tue Sep 7 09:29:33 2021 +0200 Commit: Jan Beulich CommitDate: Tue Sep 7 09:29:33 2021 +0200 build,include: rework compat-build-header.py Replace a mix of shell script and python script by all python script. No change to the final generated headers. Signed-off-by: Anthony PERARD Acked-by: Wei Liu --- xen/include/Makefile | 9 +------- xen/tools/compat-build-header.py | 44 ++++++++++++++++++++++++++++++++++++++-- 2 files changed, 43 insertions(+), 10 deletions(-) diff --git a/xen/include/Makefile b/xen/include/Makefile index 4fa10e68f9..95daa8a289 100644 --- a/xen/include/Makefile +++ b/xen/include/Makefile @@ -46,14 +46,7 @@ public-$(CONFIG_ARM) := $(wildcard public/arch-arm/*.h public/arch-arm/*/*.h) all: $(headers-y) compat/%.h: compat/%.i Makefile $(BASEDIR)/tools/compat-build-header.py - set -e; id=_$$(echo $@ | tr '[:lower:]-/.' '[:upper:]___'); \ - echo "#ifndef $$id" >$@.new; \ - echo "#define $$id" >>$@.new; \ - echo "#include " >>$@.new; \ - $(if $(filter-out compat/arch-%.h,$@),echo "#include <$(patsubst compat/%,public/%,$@)>" >>$@.new;) \ - grep -v '^# [0-9]' $< | \ - $(PYTHON) $(BASEDIR)/tools/compat-build-header.py | uniq >>$@.new; \ - echo "#endif /* $$id */" >>$@.new + $(PYTHON) $(BASEDIR)/tools/compat-build-header.py <$< $@ >>$@.new; \ mv -f $@.new $@ compat/%.i: compat/%.c Makefile diff --git a/xen/tools/compat-build-header.py b/xen/tools/compat-build-header.py index 065d3b1b6e..5f5474fba0 100755 --- a/xen/tools/compat-build-header.py +++ b/xen/tools/compat-build-header.py @@ -2,6 +2,12 @@ import re,sys +try: + maketrans = str.maketrans +except AttributeError: + # For python2 + from string import maketrans + pats = [ [ r"__InClUdE__(.*)", r"#include\1" ], [ r"__IfDeF__ (XEN_HAVE.*)", r"#ifdef \1" ], @@ -23,7 +29,41 @@ pats = [ [ r"(^|[^\w])long([^\w]|$$)", r"\1int\2" ] ]; +output_filename = sys.argv[1] + +# tr '[:lower:]-/.' '[:upper:]___' +header_id = '_' + \ + output_filename.upper().translate(maketrans('-/.','___')) + +header = """#ifndef {0} +#define {0} +#include """.format(header_id) + +print(header) + +if not re.match("compat/arch-.*.h$", output_filename): + x = output_filename.replace("compat/","public/") + print('#include <%s>' % x) + +last_line_empty = False for line in sys.stdin.readlines(): + line = line.rstrip() + + # Remove linemarkers generated by the preprocessor. + if re.match(r"^# \d", line): + continue + + # De-duplicate empty lines. + if len(line) == 0: + if not last_line_empty: + print(line) + last_line_empty = True + continue + else: + last_line_empty = False + for pat in pats: - line = re.subn(pat[0], pat[1], line)[0] - print(line.rstrip()) + line = re.sub(pat[0], pat[1], line) + print(line) + +print("#endif /* %s */" % header_id) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Sep 07 07:44:56 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 07 Sep 2021 07:44:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.180501.327178 (Exim 4.92) (envelope-from ) id 1mNVmq-0002md-T6; Tue, 07 Sep 2021 07:44:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 180501.327178; Tue, 07 Sep 2021 07:44:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVmq-0002mT-Pz; Tue, 07 Sep 2021 07:44:56 +0000 Received: by outflank-mailman (input) for mailman id 180501; Tue, 07 Sep 2021 07:44:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVmp-0002mD-MV for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:44:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVmp-0006Wx-Lh for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:44:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNVmp-0005ZY-KX for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:44:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+X6htNuZz0oUWkt/xmOHfLV9bcV1u9UU/ZPMsQH/yQE=; b=jUHvR1950rcdUD7OR1mtrTTVXJ grzynhzCKKnPjFWYcNwbKIPcsC+u6j1YK4R0Cf+k9rkhIw920ksc7kn8njAYzoCtcm3eLy7tGm+H1 4JYnEpB1so5tfdKRVYjqiIOMzuMRDe8YjWM9zZDphg0VlmzvaR0CGdgoyGECZNeeDbyE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] build: fix clean targets when subdir-y is used Message-Id: Date: Tue, 07 Sep 2021 07:44:55 +0000 commit 0c58617f21c9d841190222c54ee7a64845320acd Author: Anthony PERARD AuthorDate: Tue Sep 7 09:30:25 2021 +0200 Commit: Jan Beulich CommitDate: Tue Sep 7 09:30:25 2021 +0200 build: fix clean targets when subdir-y is used The make variable $(subdir-y) isn't used yet but will be in a following patch. Anything in $(subdir-y) doesn't to have a '/' as suffix as we already now it's a directory. Rework the rules so that it doesn't matter whether there is a '/' or not. It also mimic more closely to the way Linux's Kbuild descend in subdirectories. FORCE phony target isn't needed anymore running clean, so it can be removed. Signed-off-by: Anthony PERARD Reviewed-by: Jan Beulich --- xen/scripts/Makefile.clean | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/xen/scripts/Makefile.clean b/xen/scripts/Makefile.clean index 53379e6102..027c200c0e 100644 --- a/xen/scripts/Makefile.clean +++ b/xen/scripts/Makefile.clean @@ -12,19 +12,18 @@ include Makefile # Figure out what we need to clean from the various variables # ========================================================================== subdir-all := $(subdir-y) $(subdir-n) $(subdir-) \ - $(filter %/, $(obj-y) $(obj-n) $(obj-)) + $(patsubst %/,%, $(filter %/, $(obj-y) $(obj-n) $(obj-))) DEPS_RM = $(DEPS) $(DEPS_INCLUDE) .PHONY: clean -clean:: $(addprefix _clean_, $(subdir-all)) +clean:: $(subdir-all) rm -f *.o .*.o.tmp *~ core $(DEPS_RM) # Descending # --------------------------------------------------------------------------- -_clean_%/: FORCE - $(MAKE) $(clean) $* +PHONY += $(subdir-all) +$(subdir-all): + $(MAKE) $(clean) $@ -# Force execution of pattern rules (for which PHONY cannot be directly used). -.PHONY: FORCE -FORCE: +.PHONY: $(PHONY) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Sep 07 07:45:06 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 07 Sep 2021 07:45:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.180503.327182 (Exim 4.92) (envelope-from ) id 1mNVn0-0002pq-UI; Tue, 07 Sep 2021 07:45:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 180503.327182; Tue, 07 Sep 2021 07:45:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVn0-0002ph-RV; Tue, 07 Sep 2021 07:45:06 +0000 Received: by outflank-mailman (input) for mailman id 180503; Tue, 07 Sep 2021 07:45:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVmz-0002pP-QA for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:45:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVmz-0006ZC-PQ for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:45:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNVmz-0005bG-OQ for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:45:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=P42Xs8nA89lSQQG3Gfhip89mlSxSkLWFXqCl9FYFDzI=; b=OL3H6LziTJQ1Odx9kXAUjyCyVv 3tkmOlkpXOaqIazTyAIItPh0EPmDbBMmFUVhn053YvI4FlYsXHnWfXYUXNWkyuZY7rZQ2CI9QBzRN TVjuywP5BUo0CGDJ+Jzx1zAmmF1TYNovLCMtVGghQt2VFtADwOuW6I/8pLogvhuO07YQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] build: use subdir-y in test/Makefile Message-Id: Date: Tue, 07 Sep 2021 07:45:05 +0000 commit d4f269e6f4fd08956d082aecd111f220662f18b1 Author: Anthony PERARD AuthorDate: Tue Sep 7 09:30:42 2021 +0200 Commit: Jan Beulich CommitDate: Tue Sep 7 09:30:42 2021 +0200 build: use subdir-y in test/Makefile This allows Makefile.clean to recurse into livepatch without help. Signed-off-by: Anthony PERARD Acked-by: Jan Beulich --- xen/test/Makefile | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/xen/test/Makefile b/xen/test/Makefile index aaa4996643..41e4d7bdb7 100644 --- a/xen/test/Makefile +++ b/xen/test/Makefile @@ -4,15 +4,10 @@ tests all: build ifneq ($(XEN_TARGET_ARCH),x86_32) # Xen 32-bit x86 hypervisor no longer supported, so has no test livepatches -SUBDIRS += livepatch +subdir-y += livepatch endif install build subtree-force-update uninstall: %: - set -e; for s in $(SUBDIRS); do \ + set -e; for s in $(subdir-y); do \ $(MAKE) -f $(BASEDIR)/Rules.mk -C $$s $*; \ done - -clean:: - set -e; for s in $(SUBDIRS); do \ - $(MAKE) -f $(BASEDIR)/Rules.mk -C $$s $@; \ - done -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Sep 07 07:45:17 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 07 Sep 2021 07:45:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.180505.327186 (Exim 4.92) (envelope-from ) id 1mNVnA-0002so-W8; Tue, 07 Sep 2021 07:45:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 180505.327186; Tue, 07 Sep 2021 07:45:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVnA-0002sd-T1; Tue, 07 Sep 2021 07:45:16 +0000 Received: by outflank-mailman (input) for mailman id 180505; Tue, 07 Sep 2021 07:45:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVn9-0002sO-Th for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:45:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVn9-0006ZV-T0 for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:45:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNVn9-0005cO-S2 for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:45:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Lu2/sXmWXlCeJLO97/ORA+i/boPvn9fDBQzFBR1ns/w=; b=fMj03OcKQ1mw5gmXa1A0glg/8S /x3OvEhhzLKmV61O8vO2stvQPq2GX0m5XlFkXsjVjc13yQOcm5MrKhPuyKy/MovA+UKZbxWUHMdpT /6ohbo67ztSzkR3VCKI9me7vQaI8sYUnsqKk/eZSVfUMC+rDasAC2W15a9A5kZgwvXyY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] build: move make option changes check earlier Message-Id: Date: Tue, 07 Sep 2021 07:45:15 +0000 commit d9bdfdacf9e26e1043cb57c9822f8b19509db766 Author: Anthony PERARD AuthorDate: Tue Sep 7 09:31:02 2021 +0200 Commit: Jan Beulich CommitDate: Tue Sep 7 09:31:02 2021 +0200 build: move make option changes check earlier And thus avoiding checking for those variable over and over again. Also, add "e.g." in the error messages to hint that "menuconfig" isn't the only way. Signed-off-by: Anthony PERARD Acked-by: Jan Beulich --- xen/Makefile | 22 ++++++++++++++++++++++ xen/Rules.mk | 22 ---------------------- 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/xen/Makefile b/xen/Makefile index 4ceb02d374..f47423dacd 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -56,6 +56,28 @@ include scripts/Kbuild.include ifneq ($(root-make-done),y) # section to run before calling Rules.mk, but only once. +ifneq ($(origin crash_debug),undefined) +$(error "You must use e.g. 'make menuconfig' to enable/disable crash_debug now.") +endif +ifeq ($(origin debug),command line) +$(warning "You must use e.g. 'make menuconfig' to enable/disable debug now.") +endif +ifneq ($(origin frame_pointer),undefined) +$(error "You must use e.g. 'make menuconfig' to enable/disable frame_pointer now.") +endif +ifneq ($(origin kexec),undefined) +$(error "You must use e.g. 'make menuconfig' to enable/disable kexec now.") +endif +ifneq ($(origin lock_profile),undefined) +$(error "You must use e.g. 'make menuconfig' to enable/disable lock_profile now.") +endif +ifneq ($(origin perfc),undefined) +$(error "You must use e.g. 'make menuconfig' to enable/disable perfc now.") +endif +ifneq ($(origin verbose),undefined) +$(error "You must use e.g. 'make menuconfig' to enable/disable verbose now.") +endif + # Beautify output # --------------------------------------------------------------------------- # diff --git a/xen/Rules.mk b/xen/Rules.mk index 11c253026b..b7827a56a5 100644 --- a/xen/Rules.mk +++ b/xen/Rules.mk @@ -9,28 +9,6 @@ include $(XEN_ROOT)/Config.mk include $(BASEDIR)/scripts/Kbuild.include -ifneq ($(origin crash_debug),undefined) -$(error "You must use 'make menuconfig' to enable/disable crash_debug now.") -endif -ifeq ($(origin debug),command line) -$(warning "You must use 'make menuconfig' to enable/disable debug now.") -endif -ifneq ($(origin frame_pointer),undefined) -$(error "You must use 'make menuconfig' to enable/disable frame_pointer now.") -endif -ifneq ($(origin kexec),undefined) -$(error "You must use 'make menuconfig' to enable/disable kexec now.") -endif -ifneq ($(origin lock_profile),undefined) -$(error "You must use 'make menuconfig' to enable/disable lock_profile now.") -endif -ifneq ($(origin perfc),undefined) -$(error "You must use 'make menuconfig' to enable/disable perfc now.") -endif -ifneq ($(origin verbose),undefined) -$(error "You must use 'make menuconfig' to enable/disable verbose now.") -endif - TARGET := $(BASEDIR)/xen # Note that link order matters! -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Sep 07 07:45:28 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 07 Sep 2021 07:45:28 +0000 Received: from list by lists.xenproject.org with outflank-mailman.180507.327190 (Exim 4.92) (envelope-from ) id 1mNVnM-0002vX-1X; Tue, 07 Sep 2021 07:45:28 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 180507.327190; Tue, 07 Sep 2021 07:45:28 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVnL-0002vP-Uk; Tue, 07 Sep 2021 07:45:27 +0000 Received: by outflank-mailman (input) for mailman id 180507; Tue, 07 Sep 2021 07:45:26 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVnK-0002uv-1S for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:45:26 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVnK-0006Zz-0f for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:45:26 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNVnJ-0005dW-Vl for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:45:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=CHw3Kg/klYNAO5a0eIE3Nq0+wPS8a80XCIlnjUR0yHY=; b=1wOONgMhqT249DOYmfNnLpixwL 2/ZY1vY9sQEyZ0eWVXUrbVZNczMA0hMbrCDlY3waXkUmw8XOvFOeSYZisqGVvZWac1PvzkaQhpVql 2z5FmS7TJA4boZTfH0Em2sGXd9iqqaPKGgO5eIlHmLCzJdJpJniIDREbC8EvjK4ut1B8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] build: adjust arch/x86/note.o rule Message-Id: Date: Tue, 07 Sep 2021 07:45:25 +0000 commit 2358d99995fb5ebb0b7c37694574a92ec6cf3f75 Author: Anthony PERARD AuthorDate: Tue Sep 7 09:32:14 2021 +0200 Commit: Jan Beulich CommitDate: Tue Sep 7 09:32:14 2021 +0200 build: adjust arch/x86/note.o rule Avoid different spelling for the location of "xen-syms", and simply use the dependency variable. This avoid the assumption about $(TARGET) value. Signed-off-by: Anthony PERARD Acked-by: Jan Beulich --- xen/arch/x86/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index 462472215c..202d4d2782 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -197,7 +197,7 @@ $(TARGET)-syms: prelink.o xen.lds rm -f $(@D)/.$(@F).[0-9]* $(@D)/..$(@F).[0-9]* note.o: $(TARGET)-syms - $(OBJCOPY) -O binary --only-section=.note.gnu.build-id $(BASEDIR)/xen-syms $@.bin + $(OBJCOPY) -O binary --only-section=.note.gnu.build-id $< $@.bin $(OBJCOPY) -I binary -O elf64-x86-64 -B i386:x86-64 \ --rename-section=.data=.note.gnu.build-id -S $@.bin $@ rm -f $@.bin -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Sep 07 07:45:38 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 07 Sep 2021 07:45:38 +0000 Received: from list by lists.xenproject.org with outflank-mailman.180509.327194 (Exim 4.92) (envelope-from ) id 1mNVnW-0002yM-2s; Tue, 07 Sep 2021 07:45:38 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 180509.327194; Tue, 07 Sep 2021 07:45:38 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVnW-0002yE-04; Tue, 07 Sep 2021 07:45:38 +0000 Received: by outflank-mailman (input) for mailman id 180509; Tue, 07 Sep 2021 07:45:36 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVnU-0002xw-4z for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:45:36 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVnU-0006aD-4B for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:45:36 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNVnU-0005eT-3Q for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:45:36 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Gt3sb0Edij+nU+1i/OikfwHN3Xiw6LfwAqcqmdGlxC4=; b=L+E4dOSJSfrHmbTocxH+8j/AbP 4kL02VwQXtlUS7da8cFeM+/D0FW03Bjhtq89CGD1Toy1DfG3BnzFod2xt0P9pa30PJBC3lxjVLgxO MsPsU/02xmxRV7T8OLw0D2uP7Vgl7pkrWpfnE4YOEhl/QH1gNoK+3UfsHpqnQVvfucMA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] gnttab: drop a redundant expression from gnttab_release_mappings() Message-Id: Date: Tue, 07 Sep 2021 07:45:36 +0000 commit 0e719f6ec95d7f9c9151ecbbdcba92028307e2b4 Author: Jan Beulich AuthorDate: Tue Sep 7 09:34:57 2021 +0200 Commit: Jan Beulich CommitDate: Tue Sep 7 09:34:57 2021 +0200 gnttab: drop a redundant expression from gnttab_release_mappings() This gnttab_host_mapping_get_page_type() invocation sits in the "else" path of a conditional controlled by "map->flags & GNTMAP_readonly". Signed-off-by: Jan Beulich Acked-by: Julien Grall --- xen/common/grant_table.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index b1930e2d8e..5f35f78314 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -3801,9 +3801,7 @@ int gnttab_release_mappings(struct domain *d) if ( gnttab_release_host_mappings(d) && !is_iomem_page(act->mfn) ) { - if ( gnttab_host_mapping_get_page_type((map->flags & - GNTMAP_readonly), - d, rd) ) + if ( gnttab_host_mapping_get_page_type(false, d, rd) ) put_page_type(pg); put_page(pg); } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Sep 07 07:45:48 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 07 Sep 2021 07:45:48 +0000 Received: from list by lists.xenproject.org with outflank-mailman.180511.327198 (Exim 4.92) (envelope-from ) id 1mNVng-00031g-4K; Tue, 07 Sep 2021 07:45:48 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 180511.327198; Tue, 07 Sep 2021 07:45:48 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVng-00031Y-1Z; Tue, 07 Sep 2021 07:45:48 +0000 Received: by outflank-mailman (input) for mailman id 180511; Tue, 07 Sep 2021 07:45:46 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVne-00031H-9X for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:45:46 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVne-0006aT-8l for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:45:46 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNVne-0005fc-7c for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:45:46 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=WYYwp1OCiQEOFGK/Kokj3nkHPrvfmmp3ZkOWnMPzT2E=; b=d/yhfI+Dr0x0Dz5gujxeNO7tu4 jU5CZQcB4ISKZv+tQChew9/5+Q56dIUG47MP3lCvixiPSNZIq/A+IiUW9jNqZa4nmLeVKrvVew17j 8s8agecTgnuqbfDhU5pd021oHgNlrXEgPfss2dLtSI7ovWrKKwzfCM8GfqK4qnoKir2c=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] gnttab: fold recurring is_iomem_page() Message-Id: Date: Tue, 07 Sep 2021 07:45:46 +0000 commit 5f864f43f6f57d17ae7c6e16f8ededbc501fb342 Author: Jan Beulich AuthorDate: Tue Sep 7 09:35:38 2021 +0200 Commit: Jan Beulich CommitDate: Tue Sep 7 09:35:38 2021 +0200 gnttab: fold recurring is_iomem_page() In all cases call the function just once instead of up to four times, at the same time avoiding to store a dangling pointer in a local variable. Signed-off-by: Jan Beulich Reviewed-by: Julien Grall --- xen/common/grant_table.c | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 5f35f78314..2d6f38cd8c 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -1562,11 +1562,11 @@ unmap_common_complete(struct gnttab_unmap_common *op) else status = &status_entry(rgt, op->ref); - pg = mfn_to_page(op->mfn); + pg = !is_iomem_page(act->mfn) ? mfn_to_page(op->mfn) : NULL; if ( op->done & GNTMAP_device_map ) { - if ( !is_iomem_page(act->mfn) ) + if ( pg ) { if ( op->done & GNTMAP_readonly ) put_page(pg); @@ -1583,7 +1583,7 @@ unmap_common_complete(struct gnttab_unmap_common *op) if ( op->done & GNTMAP_host_map ) { - if ( !is_iomem_page(op->mfn) ) + if ( pg ) { if ( gnttab_host_mapping_get_page_type(op->done & GNTMAP_readonly, ld, rd) ) @@ -3763,7 +3763,7 @@ int gnttab_release_mappings(struct domain *d) else status = &status_entry(rgt, ref); - pg = mfn_to_page(act->mfn); + pg = !is_iomem_page(act->mfn) ? mfn_to_page(act->mfn) : NULL; if ( map->flags & GNTMAP_readonly ) { @@ -3771,7 +3771,7 @@ int gnttab_release_mappings(struct domain *d) { BUG_ON(!(act->pin & GNTPIN_devr_mask)); act->pin -= GNTPIN_devr_inc; - if ( !is_iomem_page(act->mfn) ) + if ( pg ) put_page(pg); } @@ -3779,8 +3779,7 @@ int gnttab_release_mappings(struct domain *d) { BUG_ON(!(act->pin & GNTPIN_hstr_mask)); act->pin -= GNTPIN_hstr_inc; - if ( gnttab_release_host_mappings(d) && - !is_iomem_page(act->mfn) ) + if ( pg && gnttab_release_host_mappings(d) ) put_page(pg); } } @@ -3790,7 +3789,7 @@ int gnttab_release_mappings(struct domain *d) { BUG_ON(!(act->pin & GNTPIN_devw_mask)); act->pin -= GNTPIN_devw_inc; - if ( !is_iomem_page(act->mfn) ) + if ( pg ) put_page_and_type(pg); } @@ -3798,8 +3797,7 @@ int gnttab_release_mappings(struct domain *d) { BUG_ON(!(act->pin & GNTPIN_hstw_mask)); act->pin -= GNTPIN_hstw_inc; - if ( gnttab_release_host_mappings(d) && - !is_iomem_page(act->mfn) ) + if ( pg && gnttab_release_host_mappings(d) ) { if ( gnttab_host_mapping_get_page_type(false, d, rd) ) put_page_type(pg); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Sep 07 07:45:58 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 07 Sep 2021 07:45:58 +0000 Received: from list by lists.xenproject.org with outflank-mailman.180513.327201 (Exim 4.92) (envelope-from ) id 1mNVnq-000355-67; Tue, 07 Sep 2021 07:45:58 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 180513.327201; Tue, 07 Sep 2021 07:45:58 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVnq-00034x-31; Tue, 07 Sep 2021 07:45:58 +0000 Received: by outflank-mailman (input) for mailman id 180513; Tue, 07 Sep 2021 07:45:56 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVno-00034i-DU for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:45:56 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVno-0006ae-Ck for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:45:56 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNVno-0005gr-Bm for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:45:56 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=R27UtZ5eM3nmPPH7+LnTx5WkhQXcmue+/rvxDv7HNcU=; b=fU0Ccamth1OxtcPG/6pJElhzdv vtHqOR+xEB19dJEVLj3gQ1zVi17BjBO0PuiG/4PaI+ygaDWpKOM4cPUW12DgNMy+91szoY9+jCW++ VywR2w98VG/8BJcVtvP91npO8GTJbGx8Qwf/S9GxDTNVxi0bjyazGMOZI186TS/5xs/M=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] gnttab: check handle early in gnttab_get_status_frames() Message-Id: Date: Tue, 07 Sep 2021 07:45:56 +0000 commit 0c229e6c9fb1fef776a423dfcbbbe6b67122d7a6 Author: Jan Beulich AuthorDate: Tue Sep 7 09:36:20 2021 +0200 Commit: Jan Beulich CommitDate: Tue Sep 7 09:36:20 2021 +0200 gnttab: check handle early in gnttab_get_status_frames() Like done in gnttab_setup_table(), check the handle once early in the function and use the lighter-weight (for PV) copying function in the loop. Signed-off-by: Jan Beulich Reviewed-by: Julien Grall --- xen/common/grant_table.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 2d6f38cd8c..da687acc61 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -3229,6 +3229,9 @@ gnttab_get_status_frames(XEN_GUEST_HANDLE_PARAM(gnttab_get_status_frames_t) uop, return -EFAULT; } + if ( !guest_handle_okay(op.frame_list, op.nr_frames) ) + return -EFAULT; + d = rcu_lock_domain_by_any_id(op.dom); if ( d == NULL ) { @@ -3269,7 +3272,7 @@ gnttab_get_status_frames(XEN_GUEST_HANDLE_PARAM(gnttab_get_status_frames_t) uop, for ( i = 0; i < op.nr_frames; i++ ) { gmfn = gfn_x(gnttab_status_gfn(d, gt, i)); - if ( copy_to_guest_offset(op.frame_list, i, &gmfn, 1) ) + if ( __copy_to_guest_offset(op.frame_list, i, &gmfn, 1) ) op.status = GNTST_bad_virt_addr; } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Sep 07 07:46:08 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 07 Sep 2021 07:46:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.180516.327206 (Exim 4.92) (envelope-from ) id 1mNVo0-00038q-AE; Tue, 07 Sep 2021 07:46:08 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 180516.327206; Tue, 07 Sep 2021 07:46:08 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVo0-00038h-73; Tue, 07 Sep 2021 07:46:08 +0000 Received: by outflank-mailman (input) for mailman id 180516; Tue, 07 Sep 2021 07:46:06 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVny-00038I-HJ for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:46:06 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVny-0006b2-GX for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:46:06 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNVny-0005i3-Fd for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:46:06 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=A1GZd+A9WYeW4E5u4cBTY8Ytosc/CK4iET8NBVTnMBg=; b=v08JeVgkn3Yo4Hmx65SZz0CGUd Dih3SbbAs6k+21xlTRy0I+rnHZlVMVpa7w9mjt6SwUJ4JhjZNmHFroFwQBup+Q4138McnooZVrESX zV1ilcUrKwqnMIrhkK+aCbg1NTnnI8II6Kna2G6KKUDP1NsMl1WdXESo4LKQwr7TH9fM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] ns16550: MMIO r/o ranges are maintained at page granularity Message-Id: Date: Tue, 07 Sep 2021 07:46:06 +0000 commit 82de0a6facf8e4699958654bcbef974e33480ed7 Author: Jan Beulich AuthorDate: Tue Sep 7 09:36:59 2021 +0200 Commit: Jan Beulich CommitDate: Tue Sep 7 09:36:59 2021 +0200 ns16550: MMIO r/o ranges are maintained at page granularity Passing byte granular values will not have the intended effect. Address the immediate issue, but I don't think what we do is actually sufficient: At least some devices allow access to their registers via either I/O ports or MMIO. In such aliasing cases we'd need to protect the MMIO range even when we use I/O port accesses to drive the port. Note that this way we may write-protect MMIO ranges of unrelated devices as well. To deal with this, faults resulting from this would need handling, to emulate the accesses outside of the protected range. (An alternative would be to relocate the BAR, but I'm afraid this might end up even more challenging.) Fixes: c9f8e0aee507 ("ns16550: Add support for UART present in Broadcom TruManage capable NetXtreme chips") Signed-off-by: Jan Beulich Reviewed-by: Julien Grall --- xen/drivers/char/ns16550.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/drivers/char/ns16550.c b/xen/drivers/char/ns16550.c index e2c24082c3..30596d60d4 100644 --- a/xen/drivers/char/ns16550.c +++ b/xen/drivers/char/ns16550.c @@ -421,8 +421,8 @@ static void __init ns16550_init_postirq(struct serial_port *port) if ( uart->bar || uart->ps_bdf_enable ) { if ( uart->param && uart->param->mmio && - rangeset_add_range(mmio_ro_ranges, uart->io_base, - uart->io_base + uart->io_size - 1) ) + rangeset_add_range(mmio_ro_ranges, PFN_DOWN(uart->io_base), + PFN_UP(uart->io_base + uart->io_size) - 1) ) printk(XENLOG_INFO "Error while adding MMIO range of device to mmio_ro_ranges\n"); if ( pci_ro_device(0, uart->ps_bdf[0], -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Sep 07 07:46:18 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 07 Sep 2021 07:46:18 +0000 Received: from list by lists.xenproject.org with outflank-mailman.180518.327211 (Exim 4.92) (envelope-from ) id 1mNVoA-0003Bx-By; Tue, 07 Sep 2021 07:46:18 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 180518.327211; Tue, 07 Sep 2021 07:46:18 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVoA-0003Bp-8a; Tue, 07 Sep 2021 07:46:18 +0000 Received: by outflank-mailman (input) for mailman id 180518; Tue, 07 Sep 2021 07:46:16 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVo8-0003BS-Kp for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:46:16 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVo8-0006bC-KA for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:46:16 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNVo8-0005j4-JR for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:46:16 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=V4oqsmmVCzNHTbrPrQUEuy8lX1g8/GMeNTu1WQEp010=; b=ujn6IGkQsSBrjssB9HP4mvN6PV aH1B4h5tZ9OZad38sXG5eaoOaSTv3avpy3knAjaPQy+EHJvGZDseA8g49Sr+8sVTxeipA0WqI30nI mQz0/vRZMH9tqr5Xvo0OHykVGS/OdoPgwHjpWhp5g1sscCJJmHJHyGpleOhD3RNS6b5Y=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] gnttab: adjust unmap checking of dev_bus_addr Message-Id: Date: Tue, 07 Sep 2021 07:46:16 +0000 commit c5bf1295b0da079249df5c6e2d7498a8ec336527 Author: Jan Beulich AuthorDate: Tue Sep 7 09:37:50 2021 +0200 Commit: Jan Beulich CommitDate: Tue Sep 7 09:37:50 2021 +0200 gnttab: adjust unmap checking of dev_bus_addr There's no point checking ->dev_bus_addr when GNTMAP_device_map isn't set (and hence the field isn't going to be consumed). And if there is a mismatch, use the so far unused GNTST_bad_dev_addr error indicator - if not here, where else would this (so far unused) value be used? Signed-off-by: Jan Beulich Acked-by: Julien Grall --- xen/common/grant_table.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index da687acc61..df74e2d6a7 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -1450,9 +1450,9 @@ unmap_common( op->mfn = act->mfn; - if ( op->dev_bus_addr && + if ( op->dev_bus_addr && (flags & GNTMAP_device_map) && unlikely(op->dev_bus_addr != mfn_to_maddr(act->mfn)) ) - PIN_FAIL(act_release_out, GNTST_general_error, + PIN_FAIL(act_release_out, GNTST_bad_dev_addr, "Bus address doesn't match gntref (%"PRIx64" != %"PRIpaddr")\n", op->dev_bus_addr, mfn_to_maddr(act->mfn)); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Sep 07 07:46:27 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 07 Sep 2021 07:46:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.180520.327213 (Exim 4.92) (envelope-from ) id 1mNVoJ-0003FR-DM; Tue, 07 Sep 2021 07:46:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 180520.327213; Tue, 07 Sep 2021 07:46:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVoJ-0003FJ-AE; Tue, 07 Sep 2021 07:46:27 +0000 Received: by outflank-mailman (input) for mailman id 180520; Tue, 07 Sep 2021 07:46:26 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVoI-0003FB-Og for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:46:26 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVoI-0006bj-Nx for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:46:26 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNVoI-0005kM-NA for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:46:26 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=4UAW0i2y5gdK4OyyL3fp6SizGkiC1NfqKTMX5Q8Q+E4=; b=6LSdZ7DxGILsloX0LBsRa7VEdy mwApZOh2L+y8x/h/OMNKksqdDGNC9lsGYdpq4BWd4h3pQlOJjRoCoUcX3yhLLERt/fPjPXUUkIFaQ 2EmGfGb6Zf1N2oqG5XH2/X+SUgDM37Thwuk8M0M0KbwYWQt1MO8ZftQNUQx720ttBgNg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] gnttab: maptrack handle shortage is not IOMMU related Message-Id: Date: Tue, 07 Sep 2021 07:46:26 +0000 commit 5c10b96795ff546fbc9ba2f10141d4fb97e32672 Author: Jan Beulich AuthorDate: Tue Sep 7 09:38:42 2021 +0200 Commit: Jan Beulich CommitDate: Tue Sep 7 09:38:42 2021 +0200 gnttab: maptrack handle shortage is not IOMMU related Both comment and message string associated with GNTST_no_device_space suggest a connection to the IOMMU. A lack of maptrack handles has nothing to do with that; it's unclear to me why commit 6213b696ba65 ("Grant-table interface redone") introduced it this way. Introduce a new error indicator. Signed-off-by: Jan Beulich Acked-by: Julien Grall --- xen/common/grant_table.c | 2 +- xen/include/public/grant_table.h | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index df74e2d6a7..ee61603a97 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -1027,7 +1027,7 @@ map_grant_ref( { rcu_unlock_domain(rd); gdprintk(XENLOG_INFO, "Failed to obtain maptrack handle\n"); - op->status = GNTST_no_device_space; + op->status = GNTST_no_space; return; } diff --git a/xen/include/public/grant_table.h b/xen/include/public/grant_table.h index 69d1e9662e..4dceed20bb 100644 --- a/xen/include/public/grant_table.h +++ b/xen/include/public/grant_table.h @@ -652,6 +652,7 @@ DEFINE_XEN_GUEST_HANDLE(gnttab_cache_flush_t); #define GNTST_bad_copy_arg (-10) /* copy arguments cross page boundary. */ #define GNTST_address_too_big (-11) /* transfer page address too large. */ #define GNTST_eagain (-12) /* Operation not done; try again. */ +#define GNTST_no_space (-13) /* Out of space (handles etc). */ /* ` } */ #define GNTTABOP_error_msgs { \ @@ -667,7 +668,8 @@ DEFINE_XEN_GUEST_HANDLE(gnttab_cache_flush_t); "bad page", \ "copy arguments cross page boundary", \ "page address size too large", \ - "operation not done; try again" \ + "operation not done; try again", \ + "out of space", \ } #endif /* __XEN_PUBLIC_GRANT_TABLE_H__ */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Sep 07 07:46:37 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 07 Sep 2021 07:46:37 +0000 Received: from list by lists.xenproject.org with outflank-mailman.180523.327218 (Exim 4.92) (envelope-from ) id 1mNVoT-0003Ik-F6; Tue, 07 Sep 2021 07:46:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 180523.327218; Tue, 07 Sep 2021 07:46:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVoT-0003Id-Bu; Tue, 07 Sep 2021 07:46:37 +0000 Received: by outflank-mailman (input) for mailman id 180523; Tue, 07 Sep 2021 07:46:36 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVoS-0003IS-SN for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:46:36 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVoS-0006bu-Ri for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:46:36 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNVoS-0005lA-Qu for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:46:36 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=tD7X0wdecU3xqq6tNEJcAKwEKsD1nFhy1/85/DfLzq4=; b=5zd0F61+zI3cB6dz4jAcyJeTrk afgBQfszLMvIhh876LlLOv/6hzySIlZ9mdL70sfowQQwjg21jT1C+kQ0TYdV9Jm84hdBbMMfvU+ca n5pwcUgXfuHe5AaCoseOIrYfGrF8aOEQZebvXwfdSRc+r0QDqkWpY/h55LIrtdojDh/g=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/P2M: relax guarding of MMIO entries Message-Id: Date: Tue, 07 Sep 2021 07:46:36 +0000 commit 111469cc7b3f586c2335e70205320ed3c828b89e Author: Jan Beulich AuthorDate: Tue Sep 7 09:39:38 2021 +0200 Commit: Jan Beulich CommitDate: Tue Sep 7 09:39:38 2021 +0200 x86/P2M: relax guarding of MMIO entries One of the changes comprising the fixes for XSA-378 disallows replacing MMIO mappings by code paths not intended for this purpose. At least in the case of PVH Dom0 hitting an RMRR covered by an E820 ACPI region, this is too strict. Generally short-circuit requests establishing the same kind of mapping (mfn, type), but allow permissions to differ. While there, also add a log message to the other domain_crash() invocation that did prevent PVH Dom0 from coming up after the XSA-378 changes. Fixes: 753cb68e6530 ("x86/p2m: guard (in particular) identity mapping entries") Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- xen/arch/x86/mm/p2m.c | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 1d17499543..0be252cc4b 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -958,9 +958,13 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, if ( p2m_is_special(ot) ) { /* Don't permit unmapping grant/foreign/direct-MMIO this way. */ - domain_crash(d); p2m_unlock(p2m); - + printk(XENLOG_G_ERR + "%pd: GFN %#lx (%#lx,%u,%u) -> (%#lx,%u,%u) not permitted\n", + d, gfn_x(gfn) + i, + mfn_x(omfn), ot, a, + mfn_x(mfn) + i, t, p2m->default_access); + domain_crash(d); return -EPERM; } else if ( p2m_is_ram(ot) && !p2m_is_paged(ot) ) @@ -1302,9 +1306,24 @@ static int set_typed_p2m_entry(struct domain *d, unsigned long gfn_l, } if ( p2m_is_special(ot) ) { - gfn_unlock(p2m, gfn, order); - domain_crash(d); - return -EPERM; + /* Special-case (almost) identical mappings. */ + if ( !mfn_eq(mfn, omfn) || gfn_p2mt != ot ) + { + gfn_unlock(p2m, gfn, order); + printk(XENLOG_G_ERR + "%pd: GFN %#lx (%#lx,%u,%u,%u) -> (%#lx,%u,%u,%u) not permitted\n", + d, gfn_l, + mfn_x(omfn), cur_order, ot, a, + mfn_x(mfn), order, gfn_p2mt, access); + domain_crash(d); + return -EPERM; + } + + if ( access == a ) + { + gfn_unlock(p2m, gfn, order); + return 0; + } } else if ( p2m_is_ram(ot) ) { -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Sep 07 07:46:47 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 07 Sep 2021 07:46:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.180524.327223 (Exim 4.92) (envelope-from ) id 1mNVod-0003LT-Hn; Tue, 07 Sep 2021 07:46:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 180524.327223; Tue, 07 Sep 2021 07:46:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVod-0003LL-Di; Tue, 07 Sep 2021 07:46:47 +0000 Received: by outflank-mailman (input) for mailman id 180524; Tue, 07 Sep 2021 07:46:47 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVoc-0003LB-WA for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:46:46 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNVoc-0006c5-VO for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:46:46 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNVoc-0005mB-UW for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 07:46:46 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=u5fsieL3UDkwjmkf/L/AF7/xUc8QrKo3iz+JC+oYqbY=; b=dfQy/OrhAjWZU6vk+PkYKH4y2j kB/fxLyG89P6agZMylt70DnP/Lc48EvwhAqrwxH2xhLnVbLsLHMI9nDNmVFSHuwpkirGJHfDpnnrQ AvkpgnobzgqqYdSg/k48OEf2FoiQSFcl9D0nXT1RpokJol26I9LucMA5+Xc6RE+0G3bk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/cpuid: expose NullSelectorClearsBase CPUID bit to guests Message-Id: Date: Tue, 07 Sep 2021 07:46:46 +0000 commit 5ae4120635ad3cbf6064268162b0fb2c44eb41e3 Author: Jane Malalane AuthorDate: Tue Sep 7 09:40:25 2021 +0200 Commit: Jan Beulich CommitDate: Tue Sep 7 09:40:25 2021 +0200 x86/cpuid: expose NullSelectorClearsBase CPUID bit to guests AMD Zen3 adds the NullSelectorClearsBase bit to indicate that loading a NULL segment selector zeroes the base and limit fields, as well as just attributes. Expose bit to all guests. Suggested-by: Andrew Cooper Signed-off-by: Jane Malalane Reviewed-by: Jan Beulich --- tools/libs/light/libxl_cpuid.c | 1 + tools/misc/xen-cpuid.c | 1 + xen/include/public/arch-x86/cpufeatureset.h | 1 + 3 files changed, 3 insertions(+) diff --git a/tools/libs/light/libxl_cpuid.c b/tools/libs/light/libxl_cpuid.c index b2c673841a..d667c36f31 100644 --- a/tools/libs/light/libxl_cpuid.c +++ b/tools/libs/light/libxl_cpuid.c @@ -289,6 +289,7 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str) {"svm_pausefilt",0x8000000a, NA, CPUID_REG_EDX, 10, 1}, {"lfence+", 0x80000021, NA, CPUID_REG_EAX, 2, 1}, + {"nscb", 0x80000021, NA, CPUID_REG_EAX, 6, 1}, {"maxhvleaf", 0x40000000, NA, CPUID_REG_EAX, 0, 8}, diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index 735bcf8f0e..d79e67ecfb 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -185,6 +185,7 @@ static const char *const str_7a1[32] = static const char *const str_e21a[32] = { [ 2] = "lfence+", + [ 6] = "nscb", }; static const struct { diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 380b51b1b3..f0e5fabfed 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -285,6 +285,7 @@ XEN_CPUFEATURE(FSRCS, 10*32+12) /*A Fast Short REP CMPSB/SCASB */ /* AMD-defined CPU features, CPUID level 0x80000021.eax, word 11 */ XEN_CPUFEATURE(LFENCE_DISPATCH, 11*32+ 2) /*A LFENCE always serializing */ +XEN_CPUFEATURE(NSCB, 11*32+ 6) /*A Null Selector Clears Base (and limit too) */ #endif /* XEN_CPUFEATURE */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Sep 07 11:11:08 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 07 Sep 2021 11:11:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.180844.327684 (Exim 4.92) (envelope-from ) id 1mNZ0I-0001f2-Fm; Tue, 07 Sep 2021 11:11:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 180844.327684; Tue, 07 Sep 2021 11:11:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNZ0I-0001eq-Be; Tue, 07 Sep 2021 11:11:02 +0000 Received: by outflank-mailman (input) for mailman id 180844; Tue, 07 Sep 2021 11:11:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNZ0H-0001ea-Dv for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 11:11:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNZ0H-0002Rm-D3 for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 11:11:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNZ0H-00055u-Bo for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 11:11:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=hEzhmhHwt4MHw4XbMDBzXYPoRV9MtSjw/8oGpLPOKu8=; b=Imr1Upj0bJOBvgGnxaHa+ddHIw KAM1BZRnhYIoiKavRLKW5ZHP4DO5lZh1rr+a3zc7ZF9dkST19r2hmX1by8AfOhbhu3UMH7GDMqX11 AhXn9+DRd54B7ExsvI1IVPAeKD8rqUfEU/Yp3JAUW1xs9oJMZ/qR5c2uhcBwopUB8XXQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm64: Remove vreg_emulate_sysreg32 Message-Id: Date: Tue, 07 Sep 2021 11:11:01 +0000 commit 6c27a8da8d2024aa78a9ec67bcfb18c123e84a17 Author: Michal Orzel AuthorDate: Thu Jul 29 12:42:58 2021 +0200 Commit: Julien Grall CommitDate: Mon Sep 6 17:45:13 2021 +0000 xen/arm64: Remove vreg_emulate_sysreg32 According to ARMv8A architecture, AArch64 registers are 64bit wide even though in many cases the upper 32bit is reserved. Therefore there is no need for function vreg_emulate_sysreg32 on arm64. This means that we can have just one function vreg_emulate_sysreg using new function pointer: typedef bool (*vreg_reg_fn_t)(struct cpu_user_regs *regs, register_t *r, bool read); Modify vreg_emulate_cp32 to use the new function pointer as well. This change allows to properly use 64bit registers in AArch64 state. In case of AArch32 the documentation (D1.20.2, DDI 0487A.j) states that "the upper 32 bits either become zero, or hold the value that the same architectural register held before any AArch32 execution." As the choice between them is IMPLEMENTATION DEFINED we cannot assume they are zeroed. Xen should ensure that but currently it does not. This is not a new bug and must be fixed as agreed during a discussion over this patch. Take the opportunity to switch CNTx_CTL_* to use UL to avoid any surprise with the negation of any bits (as used in vtimer_cntp_ctl) Signed-off-by: Michal Orzel Reviewed-by: Julien Grall --- xen/arch/arm/arm64/vsysreg.c | 2 +- xen/arch/arm/vcpreg.c | 16 ++++++++++++---- xen/arch/arm/vgic-v3.c | 2 +- xen/arch/arm/vtimer.c | 11 ++++++----- xen/include/asm-arm/processor.h | 4 ++-- xen/include/asm-arm/vreg.h | 38 +++++++------------------------------- 6 files changed, 29 insertions(+), 44 deletions(-) diff --git a/xen/arch/arm/arm64/vsysreg.c b/xen/arch/arm/arm64/vsysreg.c index 887266dd46..cf55544081 100644 --- a/xen/arch/arm/arm64/vsysreg.c +++ b/xen/arch/arm/arm64/vsysreg.c @@ -64,7 +64,7 @@ TVM_REG(CONTEXTIDR_EL1) { \ bool res; \ \ - res = vreg_emulate_sysreg64(regs, hsr, vreg_emulate_##reg); \ + res = vreg_emulate_sysreg(regs, hsr, vreg_emulate_##reg); \ ASSERT(res); \ break; \ } diff --git a/xen/arch/arm/vcpreg.c b/xen/arch/arm/vcpreg.c index 33259c4194..dfc18d12ff 100644 --- a/xen/arch/arm/vcpreg.c +++ b/xen/arch/arm/vcpreg.c @@ -57,9 +57,17 @@ #define WRITE_SYSREG_SZ(sz, val, sysreg...) WRITE_SYSREG##sz(val, sysreg) #endif +/* + * type32_t is defined as register_t due to the vreg_emulate_cp32 and + * vreg_emulate_sysreg taking function pointer with register_t type used for + * passing register's value. + */ +typedef register_t type32_t; +typedef uint64_t type64_t; + /* The name is passed from the upper macro to workaround macro expansion. */ #define TVM_REG(sz, func, reg...) \ -static bool func(struct cpu_user_regs *regs, uint##sz##_t *r, bool read) \ +static bool func(struct cpu_user_regs *regs, type##sz##_t *r, bool read) \ { \ struct vcpu *v = current; \ bool cache_enabled = vcpu_has_cache_enabled(v); \ @@ -83,7 +91,7 @@ static bool func(struct cpu_user_regs *regs, uint##sz##_t *r, bool read) \ #else /* CONFIG_ARM_64 */ #define TVM_REG32_COMBINED(lowreg, hireg, xreg) \ -static bool vreg_emulate_##xreg(struct cpu_user_regs *regs, uint32_t *r, \ +static bool vreg_emulate_##xreg(struct cpu_user_regs *regs, register_t *r, \ bool read, bool hi) \ { \ struct vcpu *v = current; \ @@ -108,13 +116,13 @@ static bool vreg_emulate_##xreg(struct cpu_user_regs *regs, uint32_t *r, \ return true; \ } \ \ -static bool vreg_emulate_##lowreg(struct cpu_user_regs *regs, uint32_t *r, \ +static bool vreg_emulate_##lowreg(struct cpu_user_regs *regs, register_t *r,\ bool read) \ { \ return vreg_emulate_##xreg(regs, r, read, false); \ } \ \ -static bool vreg_emulate_##hireg(struct cpu_user_regs *regs, uint32_t *r, \ +static bool vreg_emulate_##hireg(struct cpu_user_regs *regs, register_t *r, \ bool read) \ { \ return vreg_emulate_##xreg(regs, r, read, true); \ diff --git a/xen/arch/arm/vgic-v3.c b/xen/arch/arm/vgic-v3.c index 613f37abab..cb5a70c42e 100644 --- a/xen/arch/arm/vgic-v3.c +++ b/xen/arch/arm/vgic-v3.c @@ -1531,7 +1531,7 @@ static bool vgic_v3_emulate_sysreg(struct cpu_user_regs *regs, union hsr hsr) switch ( hsr.bits & HSR_SYSREG_REGS_MASK ) { case HSR_SYSREG_ICC_SGI1R_EL1: - return vreg_emulate_sysreg64(regs, hsr, vgic_v3_emulate_sgi1r); + return vreg_emulate_sysreg(regs, hsr, vgic_v3_emulate_sgi1r); default: return false; diff --git a/xen/arch/arm/vtimer.c b/xen/arch/arm/vtimer.c index 167fc6127a..0196951af4 100644 --- a/xen/arch/arm/vtimer.c +++ b/xen/arch/arm/vtimer.c @@ -162,7 +162,8 @@ void virt_timer_restore(struct vcpu *v) WRITE_SYSREG(v->arch.virt_timer.ctl, CNTV_CTL_EL0); } -static bool vtimer_cntp_ctl(struct cpu_user_regs *regs, uint32_t *r, bool read) +static bool vtimer_cntp_ctl(struct cpu_user_regs *regs, register_t *r, + bool read) { struct vcpu *v = current; s_time_t expires; @@ -197,7 +198,7 @@ static bool vtimer_cntp_ctl(struct cpu_user_regs *regs, uint32_t *r, bool read) return true; } -static bool vtimer_cntp_tval(struct cpu_user_regs *regs, uint32_t *r, +static bool vtimer_cntp_tval(struct cpu_user_regs *regs, register_t *r, bool read) { struct vcpu *v = current; @@ -316,11 +317,11 @@ static bool vtimer_emulate_sysreg(struct cpu_user_regs *regs, union hsr hsr) switch ( hsr.bits & HSR_SYSREG_REGS_MASK ) { case HSR_SYSREG_CNTP_CTL_EL0: - return vreg_emulate_sysreg32(regs, hsr, vtimer_cntp_ctl); + return vreg_emulate_sysreg(regs, hsr, vtimer_cntp_ctl); case HSR_SYSREG_CNTP_TVAL_EL0: - return vreg_emulate_sysreg32(regs, hsr, vtimer_cntp_tval); + return vreg_emulate_sysreg(regs, hsr, vtimer_cntp_tval); case HSR_SYSREG_CNTP_CVAL_EL0: - return vreg_emulate_sysreg64(regs, hsr, vtimer_cntp_cval); + return vreg_emulate_sysreg(regs, hsr, vtimer_cntp_cval); default: return false; diff --git a/xen/include/asm-arm/processor.h b/xen/include/asm-arm/processor.h index 2577e9a244..2058b69447 100644 --- a/xen/include/asm-arm/processor.h +++ b/xen/include/asm-arm/processor.h @@ -484,9 +484,9 @@ extern register_t __cpu_logical_map[]; #define CNTKCTL_EL1_EL0PTEN (1u<<9) /* Expose phys timer registers to EL0 */ /* Timer control registers */ -#define CNTx_CTL_ENABLE (1u<<0) /* Enable timer */ +#define CNTx_CTL_ENABLE (1ul<<0) /* Enable timer */ #define CNTx_CTL_MASK (1ul<<1) /* Mask IRQ */ -#define CNTx_CTL_PENDING (1u<<2) /* IRQ pending */ +#define CNTx_CTL_PENDING (1ul<<2) /* IRQ pending */ /* Timer frequency mask */ #define CNTFRQ_MASK GENMASK(31, 0) diff --git a/xen/include/asm-arm/vreg.h b/xen/include/asm-arm/vreg.h index 1253753833..fa2f4cdb17 100644 --- a/xen/include/asm-arm/vreg.h +++ b/xen/include/asm-arm/vreg.h @@ -4,13 +4,13 @@ #ifndef __ASM_ARM_VREG__ #define __ASM_ARM_VREG__ -typedef bool (*vreg_reg32_fn_t)(struct cpu_user_regs *regs, uint32_t *r, - bool read); typedef bool (*vreg_reg64_fn_t)(struct cpu_user_regs *regs, uint64_t *r, bool read); +typedef bool (*vreg_reg_fn_t)(struct cpu_user_regs *regs, register_t *r, + bool read); static inline bool vreg_emulate_cp32(struct cpu_user_regs *regs, union hsr hsr, - vreg_reg32_fn_t fn) + vreg_reg_fn_t fn) { struct hsr_cp32 cp32 = hsr.cp32; /* @@ -18,7 +18,7 @@ static inline bool vreg_emulate_cp32(struct cpu_user_regs *regs, union hsr hsr, * implementation error in the emulation (such as not correctly * setting r). */ - uint32_t r = 0; + register_t r = 0; bool ret; if ( !cp32.read ) @@ -64,11 +64,11 @@ static inline bool vreg_emulate_cp64(struct cpu_user_regs *regs, union hsr hsr, } #ifdef CONFIG_ARM_64 -static inline bool vreg_emulate_sysreg32(struct cpu_user_regs *regs, union hsr hsr, - vreg_reg32_fn_t fn) +static inline bool vreg_emulate_sysreg(struct cpu_user_regs *regs, union hsr hsr, + vreg_reg_fn_t fn) { struct hsr_sysreg sysreg = hsr.sysreg; - uint32_t r = 0; + register_t r = 0; bool ret; if ( !sysreg.read ) @@ -81,30 +81,6 @@ static inline bool vreg_emulate_sysreg32(struct cpu_user_regs *regs, union hsr h return ret; } - -static inline bool vreg_emulate_sysreg64(struct cpu_user_regs *regs, union hsr hsr, - vreg_reg64_fn_t fn) -{ - struct hsr_sysreg sysreg = hsr.sysreg; - /* - * Initialize to zero to avoid leaking data if there is an - * implementation error in the emulation (such as not correctly - * setting x). - */ - uint64_t x = 0; - bool ret; - - if ( !sysreg.read ) - x = get_user_reg(regs, sysreg.reg); - - ret = fn(regs, &x, sysreg.read); - - if ( ret && sysreg.read ) - set_user_reg(regs, sysreg.reg, x); - - return ret; -} - #endif #define VREG_REG_MASK(size) ((~0UL) >> (BITS_PER_LONG - ((1 << (size)) * 8))) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Sep 07 12:33:11 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 07 Sep 2021 12:33:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.181016.327965 (Exim 4.92) (envelope-from ) id 1mNaHj-0001gq-2J; Tue, 07 Sep 2021 12:33:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 181016.327965; Tue, 07 Sep 2021 12:33:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNaHi-0001gj-VZ; Tue, 07 Sep 2021 12:33:06 +0000 Received: by outflank-mailman (input) for mailman id 181016; Tue, 07 Sep 2021 12:33:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNaHh-0001gb-1p for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 12:33:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNaHh-0003wR-10 for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 12:33:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNaHg-0003d8-Ut for xen-changelog@lists.xenproject.org; Tue, 07 Sep 2021 12:33:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=G+4wUx4xyvUTnAUVk3MYG/R9WN5HZnvjIxfhc1v5Mr0=; b=f+adYsvKJjrHTpa/j8iV6nO0yf SHgnMD4i6HCC62QQkFwkh03pFV+ibCEmR34b5GVsJpzu57dBK8s5+noHR4aH4wGlCrG7JGZtAROUa dwg5OfgUc8hECz67bOdVdfUujMVnm0e77OKiPIwJFLTnKb9Y+43CycmmIi6XLzghY22E=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/p2m-pt: fix p2m_flags_to_access() Message-Id: Date: Tue, 07 Sep 2021 12:33:04 +0000 commit e70a9a043a5ce6d4025420f729bc473f711bf5d1 Author: Jan Beulich AuthorDate: Tue Sep 7 14:24:49 2021 +0200 Commit: Jan Beulich CommitDate: Tue Sep 7 14:24:49 2021 +0200 x86/p2m-pt: fix p2m_flags_to_access() The initial if() was inverted, invalidating all output from this function. Which in turn means the mirroring of P2M mappings into the IOMMU didn't always work as intended: Mappings may have got updated when there was no need to. There would not have been too few (un)mappings; what saves us is that alongside the flags comparison MFNs also get compared, with non-present entries always having an MFN of 0 or INVALID_MFN while present entries always have MFNs different from these two (0 in the table also meant to cover INVALID_MFN): OLD NEW P W access MFN P W access MFN 0 0 r 0 0 0 n 0 0 1 rw 0 0 1 n 0 1 0 n non-0 1 0 r non-0 1 1 n non-0 1 1 rw non-0 present <-> non-present transitions are fine because the MFNs differ. present -> present transitions as well as non-present -> non-present ones are potentially causing too many map/unmap operations, but never too few, because in that case old (bogus) and new access differ. Fixes: d1bb6c97c31e ("IOMMU: also pass p2m_access_t to p2m_get_iommu_flags()) Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- xen/arch/x86/mm/p2m-pt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/mm/p2m-pt.c b/xen/arch/x86/mm/p2m-pt.c index 7d691e616d..5a0c0f5ace 100644 --- a/xen/arch/x86/mm/p2m-pt.c +++ b/xen/arch/x86/mm/p2m-pt.c @@ -548,7 +548,7 @@ int p2m_pt_handle_deferred_changes(uint64_t gpa) /* Reconstruct a fake p2m_access_t from stored PTE flags. */ static p2m_access_t p2m_flags_to_access(unsigned int flags) { - if ( flags & _PAGE_PRESENT ) + if ( !(flags & _PAGE_PRESENT) ) return p2m_access_n; /* No need to look at _PAGE_NX for now. */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Sep 08 10:11:10 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 08 Sep 2021 10:11:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.181704.328947 (Exim 4.92) (envelope-from ) id 1mNuXn-0002KU-9e; Wed, 08 Sep 2021 10:11:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 181704.328947; Wed, 08 Sep 2021 10:11:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuXn-0002KL-6W; Wed, 08 Sep 2021 10:11:03 +0000 Received: by outflank-mailman (input) for mailman id 181704; Wed, 08 Sep 2021 10:11:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuXm-0002KF-Gi for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:11:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuXm-0001vt-G1 for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:11:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNuXm-0002Qu-Ev for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:11:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=pe+cfL6cXi3m4zhENS0Zz6V9EHVIpwaE4cm+SJuduvw=; b=nuTe1x1ov6DNAwuDEpGi78kVEc 0llkhwuXNusxWD2FzBcMqnsihYmTigsRx+jky0YEvMYkOBy9PEGaEnpW8CEgvv9XMpTe9+kp5cUtk XPvCtGKXLL2jaArVfJXKVCyMecR3HtPy54d1q+ottRripjpXh7H2EDhsJzi2NQBhSSKQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] build: introduce cpp_flags macro Message-Id: Date: Wed, 08 Sep 2021 10:11:02 +0000 commit 2ff44490fcbde6f43891a4835286dae6cd0c265e Author: Anthony PERARD AuthorDate: Tue Sep 7 09:14:12 2021 +0200 Commit: Jan Beulich CommitDate: Tue Sep 7 09:14:12 2021 +0200 build: introduce cpp_flags macro Signed-off-by: Anthony PERARD Reviewed-by: Jan Beulich --- xen/Makefile | 2 +- xen/Rules.mk | 7 +++++-- xen/arch/x86/Makefile | 2 +- xen/arch/x86/mm/Makefile | 2 +- xen/arch/x86/mm/hap/Makefile | 2 +- xen/arch/x86/mm/shadow/Makefile | 2 +- 6 files changed, 10 insertions(+), 7 deletions(-) diff --git a/xen/Makefile b/xen/Makefile index 94e8371826..4ceb02d374 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -410,7 +410,7 @@ include/xen/compile.h: include/xen/compile.h.in .banner @mv -f $@.new $@ asm-offsets.s: arch/$(TARGET_ARCH)/$(TARGET_SUBARCH)/asm-offsets.c - $(CC) $(filter-out -Wa$(comma)% -flto,$(c_flags)) -S -g0 -o $@.new -MQ $@ $< + $(CC) $(call cpp_flags,$(c_flags)) -S -g0 -o $@.new -MQ $@ $< $(call move-if-changed,$@.new,$@) include/asm-$(TARGET_ARCH)/asm-offsets.h: asm-offsets.s diff --git a/xen/Rules.mk b/xen/Rules.mk index d65d6a4899..3503f13235 100644 --- a/xen/Rules.mk +++ b/xen/Rules.mk @@ -133,6 +133,9 @@ endif # Always build obj-bin files as binary even if they come from C source. $(obj-bin-y): XEN_CFLAGS := $(filter-out -flto,$(XEN_CFLAGS)) +# To be use with e.g. $(a_flags) or $(c_flags) to produce CPP flags +cpp_flags = $(filter-out -Wa$(comma)% -flto,$(1)) + # Calculation of flags, first the generic flags, then the arch specific flags, # and last the flags modified for a target or a directory. @@ -222,13 +225,13 @@ $(filter %.init.o,$(obj-y) $(obj-bin-y) $(extra-y)): %.init.o: %.o FORCE $(call if_changed,obj_init_o) quiet_cmd_cpp_i_c = CPP $@ -cmd_cpp_i_c = $(CPP) $(filter-out -Wa$(comma)%,$(c_flags)) -MQ $@ -o $@ $< +cmd_cpp_i_c = $(CPP) $(call cpp_flags,$(c_flags)) -MQ $@ -o $@ $< quiet_cmd_cc_s_c = CC $@ cmd_cc_s_c = $(CC) $(filter-out -Wa$(comma)%,$(c_flags)) -S $< -o $@ quiet_cmd_cpp_s_S = CPP $@ -cmd_cpp_s_S = $(CPP) $(filter-out -Wa$(comma)%,$(a_flags)) -MQ $@ -o $@ $< +cmd_cpp_s_S = $(CPP) $(call cpp_flags,$(a_flags)) -MQ $@ -o $@ $< %.i: %.c FORCE $(call if_changed,cpp_i_c) diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index fe38cfd544..462472215c 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -292,7 +292,7 @@ $(BASEDIR)/include/asm-x86/asm-macros.h: asm-macros.i Makefile efi.lds: AFLAGS-y += -DEFI xen.lds efi.lds: xen.lds.S - $(CPP) -P $(filter-out -Wa$(comma)%,$(a_flags)) -MQ $@ -o $@ $< + $(CPP) -P $(call cpp_flags,$(a_flags)) -MQ $@ -o $@ $< boot/mkelf32: boot/mkelf32.c $(HOSTCC) $(HOSTCFLAGS) -o $@ $< diff --git a/xen/arch/x86/mm/Makefile b/xen/arch/x86/mm/Makefile index b31041644f..2818c066f7 100644 --- a/xen/arch/x86/mm/Makefile +++ b/xen/arch/x86/mm/Makefile @@ -15,7 +15,7 @@ guest_walk_%.o: guest_walk.c Makefile $(CC) $(c_flags) -DGUEST_PAGING_LEVELS=$* -c $< -o $@ guest_walk_%.i: guest_walk.c Makefile - $(CPP) $(filter-out -Wa$(comma)%,$(c_flags)) -DGUEST_PAGING_LEVELS=$* -c $< -o $@ + $(CPP) $(call cpp_flags,$(c_flags)) -DGUEST_PAGING_LEVELS=$* -c $< -o $@ guest_walk_%.s: guest_walk.c Makefile $(CC) $(filter-out -Wa$(comma)%,$(c_flags)) -DGUEST_PAGING_LEVELS=$* -S $< -o $@ diff --git a/xen/arch/x86/mm/hap/Makefile b/xen/arch/x86/mm/hap/Makefile index 22e7ad54bd..c6d296b517 100644 --- a/xen/arch/x86/mm/hap/Makefile +++ b/xen/arch/x86/mm/hap/Makefile @@ -9,7 +9,7 @@ guest_walk_%level.o: guest_walk.c Makefile $(CC) $(c_flags) -DGUEST_PAGING_LEVELS=$* -c $< -o $@ guest_walk_%level.i: guest_walk.c Makefile - $(CPP) $(filter-out -Wa$(comma)%,$(c_flags)) -DGUEST_PAGING_LEVELS=$* -c $< -o $@ + $(CPP) $(call cpp_flags,$(c_flags)) -DGUEST_PAGING_LEVELS=$* -c $< -o $@ guest_walk_%level.s: guest_walk.c Makefile $(CC) $(filter-out -Wa$(comma)%,$(c_flags)) -DGUEST_PAGING_LEVELS=$* -S $< -o $@ diff --git a/xen/arch/x86/mm/shadow/Makefile b/xen/arch/x86/mm/shadow/Makefile index 770213fe9d..fd64b4dda9 100644 --- a/xen/arch/x86/mm/shadow/Makefile +++ b/xen/arch/x86/mm/shadow/Makefile @@ -10,7 +10,7 @@ guest_%.o: multi.c Makefile $(CC) $(c_flags) -DGUEST_PAGING_LEVELS=$* -c $< -o $@ guest_%.i: multi.c Makefile - $(CPP) $(filter-out -Wa$(comma)%,$(c_flags)) -DGUEST_PAGING_LEVELS=$* -c $< -o $@ + $(CPP) $(call cpp_flags,$(c_flags)) -DGUEST_PAGING_LEVELS=$* -c $< -o $@ guest_%.s: multi.c Makefile $(CC) $(filter-out -Wa$(comma)%,$(c_flags)) -DGUEST_PAGING_LEVELS=$* -S $< -o $@ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Sep 08 10:11:13 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 08 Sep 2021 10:11:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.181705.328952 (Exim 4.92) (envelope-from ) id 1mNuXx-0002Wq-BS; Wed, 08 Sep 2021 10:11:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 181705.328952; Wed, 08 Sep 2021 10:11:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuXx-0002Wi-81; Wed, 08 Sep 2021 10:11:13 +0000 Received: by outflank-mailman (input) for mailman id 181705; Wed, 08 Sep 2021 10:11:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuXw-0002WZ-Ki for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:11:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuXw-0001x7-Jr for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:11:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNuXw-0002S0-Ic for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:11:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=E2+mO4wjBStuP6rcTIWCuzTSy8aNRPqDkSyHVCfxCkc=; b=jsqQjZC9Nc0hp/1q8zCPlk2zEd hEMUJyEdkjCcaKBI6UMCAW85cfKk5nB8N6p/VcFVGmf0okUZEKK0j4EiXhMJc78BXzC9YqU1Pkcv2 dA5B33aEBZEeVaPcj/p4hNMe2EJwcdLq/7+DtsIf3InJ9KWPhz6nxHRfE+qfG5+9DwlI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] build: use if_changed on built_in.o Message-Id: Date: Wed, 08 Sep 2021 10:11:12 +0000 commit a4ebe125ee701a35b8c24b36503390970962c9ec Author: Anthony PERARD AuthorDate: Tue Sep 7 09:14:32 2021 +0200 Commit: Jan Beulich CommitDate: Tue Sep 7 09:14:32 2021 +0200 build: use if_changed on built_in.o In the case where $(obj-y) is empty, we also replace $(c_flags) by $(XEN_CFLAGS) to avoid generating an .%.d dependency file. This avoid make trying to include %.h file in the ld command if $(obj-y) isn't empty anymore on a second run. Signed-off-by: Anthony PERARD Acked-by: Jan Beulich --- xen/Rules.mk | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/xen/Rules.mk b/xen/Rules.mk index 3503f13235..a715a4525e 100644 --- a/xen/Rules.mk +++ b/xen/Rules.mk @@ -147,17 +147,22 @@ include $(BASEDIR)/arch/$(TARGET_ARCH)/Rules.mk c_flags += $(CFLAGS-y) a_flags += $(CFLAGS-y) $(AFLAGS-y) -built_in.o: $(obj-y) $(if $(strip $(lib-y)),lib.a) $(extra-y) -ifeq ($(strip $(obj-y)),) - $(CC) $(c_flags) -c -x c /dev/null -o $@ -else +quiet_cmd_cc_builtin = CC $@ +cmd_cc_builtin = \ + $(CC) $(XEN_CFLAGS) -c -x c /dev/null -o $@ + +quiet_cmd_ld_builtin = LD $@ ifeq ($(CONFIG_LTO),y) - $(LD_LTO) -r -o $@ $(filter $(obj-y),$^) +cmd_ld_builtin = \ + $(LD_LTO) -r -o $@ $(filter $(obj-y),$(real-prereqs)) else - $(LD) $(XEN_LDFLAGS) -r -o $@ $(filter $(obj-y),$^) -endif +cmd_ld_builtin = \ + $(LD) $(XEN_LDFLAGS) -r -o $@ $(filter $(obj-y),$(real-prereqs)) endif +built_in.o: $(obj-y) $(if $(strip $(lib-y)),lib.a) $(extra-y) FORCE + $(call if_changed,$(if $(strip $(obj-y)),ld_builtin,cc_builtin)) + lib.a: $(lib-y) FORCE $(call if_changed,ar) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Sep 08 10:11:24 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 08 Sep 2021 10:11:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.181706.328955 (Exim 4.92) (envelope-from ) id 1mNuY8-0002eY-Cu; Wed, 08 Sep 2021 10:11:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 181706.328955; Wed, 08 Sep 2021 10:11:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuY8-0002eR-9d; Wed, 08 Sep 2021 10:11:24 +0000 Received: by outflank-mailman (input) for mailman id 181706; Wed, 08 Sep 2021 10:11:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuY6-0002eD-Oq for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:11:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuY6-0001y7-O7 for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:11:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNuY6-0002T2-Ms for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:11:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=fz/LinEHRMkdTifO9Sd7lPqVmRwOjhtNz7Rs1gOummA=; b=xsKXGDEz6Ufmo+oXo3yfOeduOE cD8vaZnUOJkYiPJELiUn6fmVCMYSGPE6GAWSOqdx0SWadX+JSzDxBFPoYhSolgrzZ6RWkOwbMtcyp vsuMdDuw8jPFN66qBmGOh+Um453LiallobYFS14EB8oIm4fndkI4k3qdVYNpwJQfhUII=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] build: use if_changed_rule with %.o:%.c targets Message-Id: Date: Wed, 08 Sep 2021 10:11:22 +0000 commit 332c735d24387152e8f578e38066b5d03803c2a2 Author: Anthony PERARD AuthorDate: Tue Sep 7 09:16:45 2021 +0200 Commit: Jan Beulich CommitDate: Tue Sep 7 09:16:45 2021 +0200 build: use if_changed_rule with %.o:%.c targets Use $(dot-target) to have the target name prefix with a dot. Now, when the CC command has run, it is recorded in .*.cmd file, then if_changed_rules will compare it on subsequent runs. Signed-off-by: Anthony PERARD Reviewed-by: Jan Beulich --- xen/Rules.mk | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/xen/Rules.mk b/xen/Rules.mk index a715a4525e..11c253026b 100644 --- a/xen/Rules.mk +++ b/xen/Rules.mk @@ -192,19 +192,27 @@ FORCE: SRCPATH := $(patsubst $(BASEDIR)/%,%,$(CURDIR)) -%.o: %.c Makefile +quiet_cmd_cc_o_c = CC $@ ifeq ($(CONFIG_ENFORCE_UNIQUE_SYMBOLS),y) - $(CC) $(c_flags) -c $< -o $(@D)/.$(@F).tmp -MQ $@ -ifeq ($(CONFIG_CC_IS_CLANG),y) - $(OBJCOPY) --redefine-sym $<=$(SRCPATH)/$< $(@D)/.$(@F).tmp $@ -else - $(OBJCOPY) --redefine-sym $( Envelope-to: archives@lists.xen.org Delivery-date: Wed, 08 Sep 2021 10:11:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.181709.328959 (Exim 4.92) (envelope-from ) id 1mNuYI-0002iH-Eg; Wed, 08 Sep 2021 10:11:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 181709.328959; Wed, 08 Sep 2021 10:11:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuYI-0002i9-BY; Wed, 08 Sep 2021 10:11:34 +0000 Received: by outflank-mailman (input) for mailman id 181709; Wed, 08 Sep 2021 10:11:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuYG-0002ht-TJ for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:11:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuYG-0001yt-SZ for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:11:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNuYG-0002Tq-RG for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:11:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=q/vZWzWR+mcTx/eyRyU+2c1OdBgicFv63WJCKa8+9eA=; b=kBXRW2INaBsfAvqLuEYu6hv/A0 ZjMVmi1SYaDIkAiRbYq8X8Q6HYy3auLMc45l6EB1iFT27To++n00mbNttoYuEtVNPo8FnZgit8Pf8 IS3VTnoUJT7bA8on07KCBvDiaQL8KqxbxpP73AE36GtmUl7kcR6qMpCqmUFEdDRvxMgo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] build,include: rework compat-build-source.py Message-Id: Date: Wed, 08 Sep 2021 10:11:32 +0000 commit 38c1818e24e7344fb8f6da18936850ebb5854978 Author: Anthony PERARD AuthorDate: Tue Sep 7 09:28:43 2021 +0200 Commit: Jan Beulich CommitDate: Tue Sep 7 09:28:43 2021 +0200 build,include: rework compat-build-source.py Improvement are: - give the path to xlat.lst as argument - include `grep -v` in compat-build-source.py script, we don't need to write this in several scripted language. No changes in final compat/%.h headers. Signed-off-by: Anthony PERARD Acked-by: Jan Beulich --- xen/include/Makefile | 3 +-- xen/tools/compat-build-source.py | 8 +++++++- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/xen/include/Makefile b/xen/include/Makefile index c8ca97eed0..4fa10e68f9 100644 --- a/xen/include/Makefile +++ b/xen/include/Makefile @@ -61,8 +61,7 @@ compat/%.i: compat/%.c Makefile compat/%.c: public/%.h xlat.lst Makefile $(BASEDIR)/tools/compat-build-source.py mkdir -p $(@D) - grep -v 'DEFINE_XEN_GUEST_HANDLE(long)' $< | \ - $(PYTHON) $(BASEDIR)/tools/compat-build-source.py >$@.new + $(PYTHON) $(BASEDIR)/tools/compat-build-source.py xlat.lst <$< >$@.new mv -f $@.new $@ compat/.xlat/%.h: compat/%.h compat/.xlat/%.lst $(BASEDIR)/tools/get-fields.sh Makefile diff --git a/xen/tools/compat-build-source.py b/xen/tools/compat-build-source.py index 2bcaf27d05..274d6917ab 100755 --- a/xen/tools/compat-build-source.py +++ b/xen/tools/compat-build-source.py @@ -13,7 +13,11 @@ pats = [ [ r"XEN_GUEST_HANDLE", r"COMPAT_HANDLE" ], ]; -xlatf = open('xlat.lst', 'r') +try: + xlatf = open(sys.argv[1], 'r') +except IndexError: + print('missing path to xlat.lst argument') + sys.exit(1) for line in xlatf.readlines(): match = re.subn(r"^\s*\?\s+(\w*)\s.*", r"\1", line.rstrip()) if match[1]: @@ -25,6 +29,8 @@ for pat in pats: pat[0] = re.compile(pat[0]) for line in sys.stdin.readlines(): + if 'DEFINE_XEN_GUEST_HANDLE(long)' in line: + continue for pat in pats: line = re.sub(pat[0], pat[1], line) print(line.rstrip()) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Sep 08 10:11:44 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 08 Sep 2021 10:11:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.181711.328963 (Exim 4.92) (envelope-from ) id 1mNuYS-0002lO-GI; Wed, 08 Sep 2021 10:11:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 181711.328963; Wed, 08 Sep 2021 10:11:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuYS-0002lF-D8; Wed, 08 Sep 2021 10:11:44 +0000 Received: by outflank-mailman (input) for mailman id 181711; Wed, 08 Sep 2021 10:11:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuYR-0002l0-1E for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:11:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuYR-0001zL-0U for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:11:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNuYQ-0002V0-Vb for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:11:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=9SwnBTPkhH6iLJl6aHjk+abSJtWZSIFONyprTZ1Rtl8=; b=Jaiye9c6M+CAW+NnyrIXlViA3v 2pl4GIusx4BKdDNU1xkExuhUNAlWCXHKUZzg4Tt1HObVhApdRPtg+H9X72wgeHRNxBxN1XDMZaEYM TAroXmd5cjFq6NeLnR56DLihaeZliKhgSZnE9xepOx1qoLcWdX5ovmr69KtoILAdlH1c=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] build,include: rework compat-build-header.py Message-Id: Date: Wed, 08 Sep 2021 10:11:42 +0000 commit 1c52edfa2cd279ac34f8d038ada6a88ca23b2612 Author: Anthony PERARD AuthorDate: Tue Sep 7 09:29:33 2021 +0200 Commit: Jan Beulich CommitDate: Tue Sep 7 09:29:33 2021 +0200 build,include: rework compat-build-header.py Replace a mix of shell script and python script by all python script. No change to the final generated headers. Signed-off-by: Anthony PERARD Acked-by: Wei Liu --- xen/include/Makefile | 9 +------- xen/tools/compat-build-header.py | 44 ++++++++++++++++++++++++++++++++++++++-- 2 files changed, 43 insertions(+), 10 deletions(-) diff --git a/xen/include/Makefile b/xen/include/Makefile index 4fa10e68f9..95daa8a289 100644 --- a/xen/include/Makefile +++ b/xen/include/Makefile @@ -46,14 +46,7 @@ public-$(CONFIG_ARM) := $(wildcard public/arch-arm/*.h public/arch-arm/*/*.h) all: $(headers-y) compat/%.h: compat/%.i Makefile $(BASEDIR)/tools/compat-build-header.py - set -e; id=_$$(echo $@ | tr '[:lower:]-/.' '[:upper:]___'); \ - echo "#ifndef $$id" >$@.new; \ - echo "#define $$id" >>$@.new; \ - echo "#include " >>$@.new; \ - $(if $(filter-out compat/arch-%.h,$@),echo "#include <$(patsubst compat/%,public/%,$@)>" >>$@.new;) \ - grep -v '^# [0-9]' $< | \ - $(PYTHON) $(BASEDIR)/tools/compat-build-header.py | uniq >>$@.new; \ - echo "#endif /* $$id */" >>$@.new + $(PYTHON) $(BASEDIR)/tools/compat-build-header.py <$< $@ >>$@.new; \ mv -f $@.new $@ compat/%.i: compat/%.c Makefile diff --git a/xen/tools/compat-build-header.py b/xen/tools/compat-build-header.py index 065d3b1b6e..5f5474fba0 100755 --- a/xen/tools/compat-build-header.py +++ b/xen/tools/compat-build-header.py @@ -2,6 +2,12 @@ import re,sys +try: + maketrans = str.maketrans +except AttributeError: + # For python2 + from string import maketrans + pats = [ [ r"__InClUdE__(.*)", r"#include\1" ], [ r"__IfDeF__ (XEN_HAVE.*)", r"#ifdef \1" ], @@ -23,7 +29,41 @@ pats = [ [ r"(^|[^\w])long([^\w]|$$)", r"\1int\2" ] ]; +output_filename = sys.argv[1] + +# tr '[:lower:]-/.' '[:upper:]___' +header_id = '_' + \ + output_filename.upper().translate(maketrans('-/.','___')) + +header = """#ifndef {0} +#define {0} +#include """.format(header_id) + +print(header) + +if not re.match("compat/arch-.*.h$", output_filename): + x = output_filename.replace("compat/","public/") + print('#include <%s>' % x) + +last_line_empty = False for line in sys.stdin.readlines(): + line = line.rstrip() + + # Remove linemarkers generated by the preprocessor. + if re.match(r"^# \d", line): + continue + + # De-duplicate empty lines. + if len(line) == 0: + if not last_line_empty: + print(line) + last_line_empty = True + continue + else: + last_line_empty = False + for pat in pats: - line = re.subn(pat[0], pat[1], line)[0] - print(line.rstrip()) + line = re.sub(pat[0], pat[1], line) + print(line) + +print("#endif /* %s */" % header_id) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Sep 08 10:11:54 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 08 Sep 2021 10:11:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.181713.328967 (Exim 4.92) (envelope-from ) id 1mNuYc-0002o5-Hg; Wed, 08 Sep 2021 10:11:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 181713.328967; Wed, 08 Sep 2021 10:11:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuYc-0002nw-Ed; Wed, 08 Sep 2021 10:11:54 +0000 Received: by outflank-mailman (input) for mailman id 181713; Wed, 08 Sep 2021 10:11:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuYb-0002nj-56 for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:11:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuYb-0001zW-4P for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:11:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNuYb-0002W1-3S for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:11:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=H+reTi4JRcsk7dRMrguVxlkGnS+KTSIJlv9+3+IAmhs=; b=2FpBEP1pLFHgriVvFh10oTcgqZ ttUS9lXAXiyLTmtHbIdsOPYw+m1VbGdIjn1vMe2oPv+5coIvBKUSzTZoB/2jkLjhjJf0vohdIQaKH RQ+qf6xpWGZBHgDH+bmJE5WNRdTJCwc2qNXrvhzWzq+0A/AGWGXJ7e/YBty5TApFpk0c=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] build: fix clean targets when subdir-y is used Message-Id: Date: Wed, 08 Sep 2021 10:11:53 +0000 commit 0c58617f21c9d841190222c54ee7a64845320acd Author: Anthony PERARD AuthorDate: Tue Sep 7 09:30:25 2021 +0200 Commit: Jan Beulich CommitDate: Tue Sep 7 09:30:25 2021 +0200 build: fix clean targets when subdir-y is used The make variable $(subdir-y) isn't used yet but will be in a following patch. Anything in $(subdir-y) doesn't to have a '/' as suffix as we already now it's a directory. Rework the rules so that it doesn't matter whether there is a '/' or not. It also mimic more closely to the way Linux's Kbuild descend in subdirectories. FORCE phony target isn't needed anymore running clean, so it can be removed. Signed-off-by: Anthony PERARD Reviewed-by: Jan Beulich --- xen/scripts/Makefile.clean | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/xen/scripts/Makefile.clean b/xen/scripts/Makefile.clean index 53379e6102..027c200c0e 100644 --- a/xen/scripts/Makefile.clean +++ b/xen/scripts/Makefile.clean @@ -12,19 +12,18 @@ include Makefile # Figure out what we need to clean from the various variables # ========================================================================== subdir-all := $(subdir-y) $(subdir-n) $(subdir-) \ - $(filter %/, $(obj-y) $(obj-n) $(obj-)) + $(patsubst %/,%, $(filter %/, $(obj-y) $(obj-n) $(obj-))) DEPS_RM = $(DEPS) $(DEPS_INCLUDE) .PHONY: clean -clean:: $(addprefix _clean_, $(subdir-all)) +clean:: $(subdir-all) rm -f *.o .*.o.tmp *~ core $(DEPS_RM) # Descending # --------------------------------------------------------------------------- -_clean_%/: FORCE - $(MAKE) $(clean) $* +PHONY += $(subdir-all) +$(subdir-all): + $(MAKE) $(clean) $@ -# Force execution of pattern rules (for which PHONY cannot be directly used). -.PHONY: FORCE -FORCE: +.PHONY: $(PHONY) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Sep 08 10:12:04 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 08 Sep 2021 10:12:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.181715.328970 (Exim 4.92) (envelope-from ) id 1mNuYm-0002ri-KT; Wed, 08 Sep 2021 10:12:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 181715.328970; Wed, 08 Sep 2021 10:12:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuYm-0002ra-HJ; Wed, 08 Sep 2021 10:12:04 +0000 Received: by outflank-mailman (input) for mailman id 181715; Wed, 08 Sep 2021 10:12:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuYl-0002rH-8f for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:12:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuYl-0001zv-81 for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:12:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNuYl-0002X4-74 for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:12:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Cxaoi4OmEIYL/uJBM6jShDXtn43uFvZTWiBhLluYv6E=; b=fFcVmQH2xXxrmE1iQPMlEwdiMR bXK46Huu76cT4cbPpdkyoaYhGTR3t/t7W+wKwKy+T/jCK/EZ4x1k00mf/AZfi53nVWmCaiXfl5hSV ioLfk2BX1A0doc1sIZvstbIcsBKupEzcVhgVUCTBx4QJuJrkiDXP5HCwtq+SNaIVLyrY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] build: use subdir-y in test/Makefile Message-Id: Date: Wed, 08 Sep 2021 10:12:03 +0000 commit d4f269e6f4fd08956d082aecd111f220662f18b1 Author: Anthony PERARD AuthorDate: Tue Sep 7 09:30:42 2021 +0200 Commit: Jan Beulich CommitDate: Tue Sep 7 09:30:42 2021 +0200 build: use subdir-y in test/Makefile This allows Makefile.clean to recurse into livepatch without help. Signed-off-by: Anthony PERARD Acked-by: Jan Beulich --- xen/test/Makefile | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/xen/test/Makefile b/xen/test/Makefile index aaa4996643..41e4d7bdb7 100644 --- a/xen/test/Makefile +++ b/xen/test/Makefile @@ -4,15 +4,10 @@ tests all: build ifneq ($(XEN_TARGET_ARCH),x86_32) # Xen 32-bit x86 hypervisor no longer supported, so has no test livepatches -SUBDIRS += livepatch +subdir-y += livepatch endif install build subtree-force-update uninstall: %: - set -e; for s in $(SUBDIRS); do \ + set -e; for s in $(subdir-y); do \ $(MAKE) -f $(BASEDIR)/Rules.mk -C $$s $*; \ done - -clean:: - set -e; for s in $(SUBDIRS); do \ - $(MAKE) -f $(BASEDIR)/Rules.mk -C $$s $@; \ - done -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Sep 08 10:12:14 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 08 Sep 2021 10:12:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.181717.328975 (Exim 4.92) (envelope-from ) id 1mNuYw-0002wc-MG; Wed, 08 Sep 2021 10:12:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 181717.328975; Wed, 08 Sep 2021 10:12:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuYw-0002wU-Iu; Wed, 08 Sep 2021 10:12:14 +0000 Received: by outflank-mailman (input) for mailman id 181717; Wed, 08 Sep 2021 10:12:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuYv-0002w9-CX for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:12:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuYv-000206-Bo for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:12:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNuYv-0002YA-Aj for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:12:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=8orEKamkijQqbYuRaCKW2Dy7YBMLS1hKNhcw91Rmdhw=; b=r8Kp/SFEZNoMTYrLVideFF23yg BVmbto6MCJAsus8JMQmPAK8SWsjSgwq8ek238pk5qmcYlTuDJbXyRkL4YhCQ32AQr4MUi3+AuMZve IiusWqPqbb4qImnZuwy65bqMGshcyMA0TsDDJfKOUR+IwSkeEh0Gj+Nhk+dGz8/fkaZA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] build: move make option changes check earlier Message-Id: Date: Wed, 08 Sep 2021 10:12:13 +0000 commit d9bdfdacf9e26e1043cb57c9822f8b19509db766 Author: Anthony PERARD AuthorDate: Tue Sep 7 09:31:02 2021 +0200 Commit: Jan Beulich CommitDate: Tue Sep 7 09:31:02 2021 +0200 build: move make option changes check earlier And thus avoiding checking for those variable over and over again. Also, add "e.g." in the error messages to hint that "menuconfig" isn't the only way. Signed-off-by: Anthony PERARD Acked-by: Jan Beulich --- xen/Makefile | 22 ++++++++++++++++++++++ xen/Rules.mk | 22 ---------------------- 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/xen/Makefile b/xen/Makefile index 4ceb02d374..f47423dacd 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -56,6 +56,28 @@ include scripts/Kbuild.include ifneq ($(root-make-done),y) # section to run before calling Rules.mk, but only once. +ifneq ($(origin crash_debug),undefined) +$(error "You must use e.g. 'make menuconfig' to enable/disable crash_debug now.") +endif +ifeq ($(origin debug),command line) +$(warning "You must use e.g. 'make menuconfig' to enable/disable debug now.") +endif +ifneq ($(origin frame_pointer),undefined) +$(error "You must use e.g. 'make menuconfig' to enable/disable frame_pointer now.") +endif +ifneq ($(origin kexec),undefined) +$(error "You must use e.g. 'make menuconfig' to enable/disable kexec now.") +endif +ifneq ($(origin lock_profile),undefined) +$(error "You must use e.g. 'make menuconfig' to enable/disable lock_profile now.") +endif +ifneq ($(origin perfc),undefined) +$(error "You must use e.g. 'make menuconfig' to enable/disable perfc now.") +endif +ifneq ($(origin verbose),undefined) +$(error "You must use e.g. 'make menuconfig' to enable/disable verbose now.") +endif + # Beautify output # --------------------------------------------------------------------------- # diff --git a/xen/Rules.mk b/xen/Rules.mk index 11c253026b..b7827a56a5 100644 --- a/xen/Rules.mk +++ b/xen/Rules.mk @@ -9,28 +9,6 @@ include $(XEN_ROOT)/Config.mk include $(BASEDIR)/scripts/Kbuild.include -ifneq ($(origin crash_debug),undefined) -$(error "You must use 'make menuconfig' to enable/disable crash_debug now.") -endif -ifeq ($(origin debug),command line) -$(warning "You must use 'make menuconfig' to enable/disable debug now.") -endif -ifneq ($(origin frame_pointer),undefined) -$(error "You must use 'make menuconfig' to enable/disable frame_pointer now.") -endif -ifneq ($(origin kexec),undefined) -$(error "You must use 'make menuconfig' to enable/disable kexec now.") -endif -ifneq ($(origin lock_profile),undefined) -$(error "You must use 'make menuconfig' to enable/disable lock_profile now.") -endif -ifneq ($(origin perfc),undefined) -$(error "You must use 'make menuconfig' to enable/disable perfc now.") -endif -ifneq ($(origin verbose),undefined) -$(error "You must use 'make menuconfig' to enable/disable verbose now.") -endif - TARGET := $(BASEDIR)/xen # Note that link order matters! -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Sep 08 10:12:24 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 08 Sep 2021 10:12:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.181719.328980 (Exim 4.92) (envelope-from ) id 1mNuZ6-0002zO-O5; Wed, 08 Sep 2021 10:12:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 181719.328980; Wed, 08 Sep 2021 10:12:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuZ6-0002zG-Kh; Wed, 08 Sep 2021 10:12:24 +0000 Received: by outflank-mailman (input) for mailman id 181719; Wed, 08 Sep 2021 10:12:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuZ5-0002z2-Fp for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:12:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuZ5-00020H-F9 for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:12:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNuZ5-0002ZH-EI for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:12:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OZtEO9UoIRcdCGet0eDSiarx/tZ+T3IaC+Kblw6djBk=; b=qJDplO+/iRC/yOBEiXdkISvsv+ a1b6UVuvUJ82SZL/UoyQsXUHovfROCJfXISsepuaXWp3faQ0IDHOIENyuRQTpDobjzTsoMQRnNeac 2TOaPHQTJ8tnWhSfq5Jlrw2JgKcRkC9n3k9NRrsPRHkeOZTvsKXYbi6H0e56r53pti8c=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] build: adjust arch/x86/note.o rule Message-Id: Date: Wed, 08 Sep 2021 10:12:23 +0000 commit 2358d99995fb5ebb0b7c37694574a92ec6cf3f75 Author: Anthony PERARD AuthorDate: Tue Sep 7 09:32:14 2021 +0200 Commit: Jan Beulich CommitDate: Tue Sep 7 09:32:14 2021 +0200 build: adjust arch/x86/note.o rule Avoid different spelling for the location of "xen-syms", and simply use the dependency variable. This avoid the assumption about $(TARGET) value. Signed-off-by: Anthony PERARD Acked-by: Jan Beulich --- xen/arch/x86/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index 462472215c..202d4d2782 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -197,7 +197,7 @@ $(TARGET)-syms: prelink.o xen.lds rm -f $(@D)/.$(@F).[0-9]* $(@D)/..$(@F).[0-9]* note.o: $(TARGET)-syms - $(OBJCOPY) -O binary --only-section=.note.gnu.build-id $(BASEDIR)/xen-syms $@.bin + $(OBJCOPY) -O binary --only-section=.note.gnu.build-id $< $@.bin $(OBJCOPY) -I binary -O elf64-x86-64 -B i386:x86-64 \ --rename-section=.data=.note.gnu.build-id -S $@.bin $@ rm -f $@.bin -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Sep 08 10:12:34 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 08 Sep 2021 10:12:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.181721.328983 (Exim 4.92) (envelope-from ) id 1mNuZG-00032a-PF; Wed, 08 Sep 2021 10:12:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 181721.328983; Wed, 08 Sep 2021 10:12:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuZG-00032S-MD; Wed, 08 Sep 2021 10:12:34 +0000 Received: by outflank-mailman (input) for mailman id 181721; Wed, 08 Sep 2021 10:12:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuZF-000329-JT for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:12:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuZF-00020R-In for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:12:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNuZF-0002aG-Ho for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:12:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=HD/sw7oBKQK9xbjFgeWrydCXVNhzuttZIgIgVbyJ4HU=; b=zmi6SJ15p1VMnLV9PUOznfHHP/ Ng4qPMsF/0xSD+TglN9BJIx91lcfqNOtrVa+YeP9UitiYShEw1aSGhhh2lhqOWFRFQrB8SRk+7PLa KaBCLHfp1qglqH5Imuiccv3k075XmekCGYud0wiXvxWSeHmgEVgiztT72CGvngf+ayv0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] gnttab: drop a redundant expression from gnttab_release_mappings() Message-Id: Date: Wed, 08 Sep 2021 10:12:33 +0000 commit 0e719f6ec95d7f9c9151ecbbdcba92028307e2b4 Author: Jan Beulich AuthorDate: Tue Sep 7 09:34:57 2021 +0200 Commit: Jan Beulich CommitDate: Tue Sep 7 09:34:57 2021 +0200 gnttab: drop a redundant expression from gnttab_release_mappings() This gnttab_host_mapping_get_page_type() invocation sits in the "else" path of a conditional controlled by "map->flags & GNTMAP_readonly". Signed-off-by: Jan Beulich Acked-by: Julien Grall --- xen/common/grant_table.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index b1930e2d8e..5f35f78314 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -3801,9 +3801,7 @@ int gnttab_release_mappings(struct domain *d) if ( gnttab_release_host_mappings(d) && !is_iomem_page(act->mfn) ) { - if ( gnttab_host_mapping_get_page_type((map->flags & - GNTMAP_readonly), - d, rd) ) + if ( gnttab_host_mapping_get_page_type(false, d, rd) ) put_page_type(pg); put_page(pg); } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Sep 08 10:12:44 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 08 Sep 2021 10:12:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.181723.328987 (Exim 4.92) (envelope-from ) id 1mNuZQ-00035Z-Qc; Wed, 08 Sep 2021 10:12:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 181723.328987; Wed, 08 Sep 2021 10:12:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuZQ-00035R-Ni; Wed, 08 Sep 2021 10:12:44 +0000 Received: by outflank-mailman (input) for mailman id 181723; Wed, 08 Sep 2021 10:12:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuZP-00035A-ND for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:12:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuZP-00020v-MW for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:12:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNuZP-0002bD-LT for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:12:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=n8N8nTE4RJV0mX8byZ6HDcxwwaXzGI+UXxzi8IrqGIA=; b=Kotz1Kdzeudd0UFjU1OxAiFdCX OJN43qVYsqKp5+GzttkrzCM5L4QAGDQmedyxzkZzY8c8l6FHWGUdTouqH6wVGP4JfgLSFWxML4BVT en2J95cU7I1F/TPIlppI11GotkrH/Y4lPHPgsvqAI65uOejYScFhCDTu5FBYGVad7Ef4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] gnttab: fold recurring is_iomem_page() Message-Id: Date: Wed, 08 Sep 2021 10:12:43 +0000 commit 5f864f43f6f57d17ae7c6e16f8ededbc501fb342 Author: Jan Beulich AuthorDate: Tue Sep 7 09:35:38 2021 +0200 Commit: Jan Beulich CommitDate: Tue Sep 7 09:35:38 2021 +0200 gnttab: fold recurring is_iomem_page() In all cases call the function just once instead of up to four times, at the same time avoiding to store a dangling pointer in a local variable. Signed-off-by: Jan Beulich Reviewed-by: Julien Grall --- xen/common/grant_table.c | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 5f35f78314..2d6f38cd8c 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -1562,11 +1562,11 @@ unmap_common_complete(struct gnttab_unmap_common *op) else status = &status_entry(rgt, op->ref); - pg = mfn_to_page(op->mfn); + pg = !is_iomem_page(act->mfn) ? mfn_to_page(op->mfn) : NULL; if ( op->done & GNTMAP_device_map ) { - if ( !is_iomem_page(act->mfn) ) + if ( pg ) { if ( op->done & GNTMAP_readonly ) put_page(pg); @@ -1583,7 +1583,7 @@ unmap_common_complete(struct gnttab_unmap_common *op) if ( op->done & GNTMAP_host_map ) { - if ( !is_iomem_page(op->mfn) ) + if ( pg ) { if ( gnttab_host_mapping_get_page_type(op->done & GNTMAP_readonly, ld, rd) ) @@ -3763,7 +3763,7 @@ int gnttab_release_mappings(struct domain *d) else status = &status_entry(rgt, ref); - pg = mfn_to_page(act->mfn); + pg = !is_iomem_page(act->mfn) ? mfn_to_page(act->mfn) : NULL; if ( map->flags & GNTMAP_readonly ) { @@ -3771,7 +3771,7 @@ int gnttab_release_mappings(struct domain *d) { BUG_ON(!(act->pin & GNTPIN_devr_mask)); act->pin -= GNTPIN_devr_inc; - if ( !is_iomem_page(act->mfn) ) + if ( pg ) put_page(pg); } @@ -3779,8 +3779,7 @@ int gnttab_release_mappings(struct domain *d) { BUG_ON(!(act->pin & GNTPIN_hstr_mask)); act->pin -= GNTPIN_hstr_inc; - if ( gnttab_release_host_mappings(d) && - !is_iomem_page(act->mfn) ) + if ( pg && gnttab_release_host_mappings(d) ) put_page(pg); } } @@ -3790,7 +3789,7 @@ int gnttab_release_mappings(struct domain *d) { BUG_ON(!(act->pin & GNTPIN_devw_mask)); act->pin -= GNTPIN_devw_inc; - if ( !is_iomem_page(act->mfn) ) + if ( pg ) put_page_and_type(pg); } @@ -3798,8 +3797,7 @@ int gnttab_release_mappings(struct domain *d) { BUG_ON(!(act->pin & GNTPIN_hstw_mask)); act->pin -= GNTPIN_hstw_inc; - if ( gnttab_release_host_mappings(d) && - !is_iomem_page(act->mfn) ) + if ( pg && gnttab_release_host_mappings(d) ) { if ( gnttab_host_mapping_get_page_type(false, d, rd) ) put_page_type(pg); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Sep 08 10:12:54 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 08 Sep 2021 10:12:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.181725.328991 (Exim 4.92) (envelope-from ) id 1mNuZa-00038P-S6; Wed, 08 Sep 2021 10:12:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 181725.328991; Wed, 08 Sep 2021 10:12:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuZa-00038H-PC; Wed, 08 Sep 2021 10:12:54 +0000 Received: by outflank-mailman (input) for mailman id 181725; Wed, 08 Sep 2021 10:12:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuZZ-000381-Qm for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:12:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuZZ-000218-Q7 for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:12:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNuZZ-0002c7-PD for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:12:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=1WN/gSudizzseA7yXpRGHJHPr1Di898cYldSjyJHqKo=; b=Wt/QbYp9jGZwOKQOac/lwed2LL mXWhOgAEr49knXpsdbNGjpcP2DvJaEZrm/zzsrd6gYWigLsx77/HtPKEUjIJjIHsdJiccwnTu8B1d 7X5WrKYvLnV5rrxTR7VLcGay3+Xq0PiJafFrsbO6GuqPLDCgfja1T56JldS5t/lcbGhg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] gnttab: check handle early in gnttab_get_status_frames() Message-Id: Date: Wed, 08 Sep 2021 10:12:53 +0000 commit 0c229e6c9fb1fef776a423dfcbbbe6b67122d7a6 Author: Jan Beulich AuthorDate: Tue Sep 7 09:36:20 2021 +0200 Commit: Jan Beulich CommitDate: Tue Sep 7 09:36:20 2021 +0200 gnttab: check handle early in gnttab_get_status_frames() Like done in gnttab_setup_table(), check the handle once early in the function and use the lighter-weight (for PV) copying function in the loop. Signed-off-by: Jan Beulich Reviewed-by: Julien Grall --- xen/common/grant_table.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 2d6f38cd8c..da687acc61 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -3229,6 +3229,9 @@ gnttab_get_status_frames(XEN_GUEST_HANDLE_PARAM(gnttab_get_status_frames_t) uop, return -EFAULT; } + if ( !guest_handle_okay(op.frame_list, op.nr_frames) ) + return -EFAULT; + d = rcu_lock_domain_by_any_id(op.dom); if ( d == NULL ) { @@ -3269,7 +3272,7 @@ gnttab_get_status_frames(XEN_GUEST_HANDLE_PARAM(gnttab_get_status_frames_t) uop, for ( i = 0; i < op.nr_frames; i++ ) { gmfn = gfn_x(gnttab_status_gfn(d, gt, i)); - if ( copy_to_guest_offset(op.frame_list, i, &gmfn, 1) ) + if ( __copy_to_guest_offset(op.frame_list, i, &gmfn, 1) ) op.status = GNTST_bad_virt_addr; } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Sep 08 10:13:05 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 08 Sep 2021 10:13:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.181727.328996 (Exim 4.92) (envelope-from ) id 1mNuZl-0003Bc-Tt; Wed, 08 Sep 2021 10:13:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 181727.328996; Wed, 08 Sep 2021 10:13:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuZl-0003BU-Qg; Wed, 08 Sep 2021 10:13:05 +0000 Received: by outflank-mailman (input) for mailman id 181727; Wed, 08 Sep 2021 10:13:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuZj-0003B9-UT for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:13:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuZj-00021V-Ti for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:13:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNuZj-0002ei-So for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:13:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=RIhdv0YNkjkUglGRQO04kaeWwQKufBL8fFHB7ao2r1E=; b=4uhKfQ0dhQlzwRPeHshde0OuXo TQo2GeYAqEJjsVRJH08EOI5xZKXVW8BP2R5b0HROohMJoCWinLmG/LDkbKEUlU5h2eQ7HgXyDt3i1 xL1lzZR4VVwSBkDGSIYQZo5nTR0OEv1XWuoaXCti7eaJA7OnSXokknJwfLhW9j9cCMps=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] ns16550: MMIO r/o ranges are maintained at page granularity Message-Id: Date: Wed, 08 Sep 2021 10:13:03 +0000 commit 82de0a6facf8e4699958654bcbef974e33480ed7 Author: Jan Beulich AuthorDate: Tue Sep 7 09:36:59 2021 +0200 Commit: Jan Beulich CommitDate: Tue Sep 7 09:36:59 2021 +0200 ns16550: MMIO r/o ranges are maintained at page granularity Passing byte granular values will not have the intended effect. Address the immediate issue, but I don't think what we do is actually sufficient: At least some devices allow access to their registers via either I/O ports or MMIO. In such aliasing cases we'd need to protect the MMIO range even when we use I/O port accesses to drive the port. Note that this way we may write-protect MMIO ranges of unrelated devices as well. To deal with this, faults resulting from this would need handling, to emulate the accesses outside of the protected range. (An alternative would be to relocate the BAR, but I'm afraid this might end up even more challenging.) Fixes: c9f8e0aee507 ("ns16550: Add support for UART present in Broadcom TruManage capable NetXtreme chips") Signed-off-by: Jan Beulich Reviewed-by: Julien Grall --- xen/drivers/char/ns16550.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/drivers/char/ns16550.c b/xen/drivers/char/ns16550.c index e2c24082c3..30596d60d4 100644 --- a/xen/drivers/char/ns16550.c +++ b/xen/drivers/char/ns16550.c @@ -421,8 +421,8 @@ static void __init ns16550_init_postirq(struct serial_port *port) if ( uart->bar || uart->ps_bdf_enable ) { if ( uart->param && uart->param->mmio && - rangeset_add_range(mmio_ro_ranges, uart->io_base, - uart->io_base + uart->io_size - 1) ) + rangeset_add_range(mmio_ro_ranges, PFN_DOWN(uart->io_base), + PFN_UP(uart->io_base + uart->io_size) - 1) ) printk(XENLOG_INFO "Error while adding MMIO range of device to mmio_ro_ranges\n"); if ( pci_ro_device(0, uart->ps_bdf[0], -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Sep 08 10:13:16 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 08 Sep 2021 10:13:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.181729.328999 (Exim 4.92) (envelope-from ) id 1mNuZv-0003Ee-Vl; Wed, 08 Sep 2021 10:13:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 181729.328999; Wed, 08 Sep 2021 10:13:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuZv-0003EW-SF; Wed, 08 Sep 2021 10:13:15 +0000 Received: by outflank-mailman (input) for mailman id 181729; Wed, 08 Sep 2021 10:13:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuZu-0003EG-1l for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:13:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuZu-00021k-17 for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:13:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNuZu-0002fY-0B for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:13:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=10GVQcBHI6j5LjkBRUB3QLcRiwk2ITtZKIx8UEoak9I=; b=wSD4vo4rPufqVlYl3pM0ABqN3n 5/IjJIFKW+ax0Qr00oRfmCFDEWd2hLvDTF5R8zlcLS+RD4RlCBddnkxudnI0MF0NF3T8GEUziK/n2 iA1GSSYQfnkXR1x65ZUJosXTBbHSvziAbd38lshtO/5/1CcAvhqvfMGvhgXKK4Lf+Keo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] gnttab: adjust unmap checking of dev_bus_addr Message-Id: Date: Wed, 08 Sep 2021 10:13:14 +0000 commit c5bf1295b0da079249df5c6e2d7498a8ec336527 Author: Jan Beulich AuthorDate: Tue Sep 7 09:37:50 2021 +0200 Commit: Jan Beulich CommitDate: Tue Sep 7 09:37:50 2021 +0200 gnttab: adjust unmap checking of dev_bus_addr There's no point checking ->dev_bus_addr when GNTMAP_device_map isn't set (and hence the field isn't going to be consumed). And if there is a mismatch, use the so far unused GNTST_bad_dev_addr error indicator - if not here, where else would this (so far unused) value be used? Signed-off-by: Jan Beulich Acked-by: Julien Grall --- xen/common/grant_table.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index da687acc61..df74e2d6a7 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -1450,9 +1450,9 @@ unmap_common( op->mfn = act->mfn; - if ( op->dev_bus_addr && + if ( op->dev_bus_addr && (flags & GNTMAP_device_map) && unlikely(op->dev_bus_addr != mfn_to_maddr(act->mfn)) ) - PIN_FAIL(act_release_out, GNTST_general_error, + PIN_FAIL(act_release_out, GNTST_bad_dev_addr, "Bus address doesn't match gntref (%"PRIx64" != %"PRIpaddr")\n", op->dev_bus_addr, mfn_to_maddr(act->mfn)); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Sep 08 10:13:26 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 08 Sep 2021 10:13:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.181731.329003 (Exim 4.92) (envelope-from ) id 1mNua6-0003Hh-2j; Wed, 08 Sep 2021 10:13:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 181731.329003; Wed, 08 Sep 2021 10:13:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNua5-0003HZ-WB; Wed, 08 Sep 2021 10:13:25 +0000 Received: by outflank-mailman (input) for mailman id 181731; Wed, 08 Sep 2021 10:13:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNua4-0003HD-5x for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:13:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNua4-000220-5F for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:13:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNua4-0002gS-4G for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:13:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=uSphe7G2jhE1HRMiLIWwJBaNkL6hd8pUb7M+BOoY5qo=; b=H7oP/DmWDnhjMwnyJpfKHvAdq1 NX7FGpPNNP8w8joCWjZ7ceT40OcvGJqO92vhs2ilKx6lrJB+SDSDFXy1AQAF/0qDLGnSlIBdr1tZr GtPN8hGNXsBsFSQqwOUB15pTXnFGLdlEdY1QpluKV5iD5IBNupw3EZDdQGjtXNqhs1bg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] gnttab: maptrack handle shortage is not IOMMU related Message-Id: Date: Wed, 08 Sep 2021 10:13:24 +0000 commit 5c10b96795ff546fbc9ba2f10141d4fb97e32672 Author: Jan Beulich AuthorDate: Tue Sep 7 09:38:42 2021 +0200 Commit: Jan Beulich CommitDate: Tue Sep 7 09:38:42 2021 +0200 gnttab: maptrack handle shortage is not IOMMU related Both comment and message string associated with GNTST_no_device_space suggest a connection to the IOMMU. A lack of maptrack handles has nothing to do with that; it's unclear to me why commit 6213b696ba65 ("Grant-table interface redone") introduced it this way. Introduce a new error indicator. Signed-off-by: Jan Beulich Acked-by: Julien Grall --- xen/common/grant_table.c | 2 +- xen/include/public/grant_table.h | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index df74e2d6a7..ee61603a97 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -1027,7 +1027,7 @@ map_grant_ref( { rcu_unlock_domain(rd); gdprintk(XENLOG_INFO, "Failed to obtain maptrack handle\n"); - op->status = GNTST_no_device_space; + op->status = GNTST_no_space; return; } diff --git a/xen/include/public/grant_table.h b/xen/include/public/grant_table.h index 69d1e9662e..4dceed20bb 100644 --- a/xen/include/public/grant_table.h +++ b/xen/include/public/grant_table.h @@ -652,6 +652,7 @@ DEFINE_XEN_GUEST_HANDLE(gnttab_cache_flush_t); #define GNTST_bad_copy_arg (-10) /* copy arguments cross page boundary. */ #define GNTST_address_too_big (-11) /* transfer page address too large. */ #define GNTST_eagain (-12) /* Operation not done; try again. */ +#define GNTST_no_space (-13) /* Out of space (handles etc). */ /* ` } */ #define GNTTABOP_error_msgs { \ @@ -667,7 +668,8 @@ DEFINE_XEN_GUEST_HANDLE(gnttab_cache_flush_t); "bad page", \ "copy arguments cross page boundary", \ "page address size too large", \ - "operation not done; try again" \ + "operation not done; try again", \ + "out of space", \ } #endif /* __XEN_PUBLIC_GRANT_TABLE_H__ */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Sep 08 10:13:36 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 08 Sep 2021 10:13:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.181733.329006 (Exim 4.92) (envelope-from ) id 1mNuaG-0003L2-4c; Wed, 08 Sep 2021 10:13:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 181733.329006; Wed, 08 Sep 2021 10:13:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuaG-0003Ku-1Z; Wed, 08 Sep 2021 10:13:36 +0000 Received: by outflank-mailman (input) for mailman id 181733; Wed, 08 Sep 2021 10:13:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuaE-0003Kb-9Q for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:13:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuaE-00022A-8q for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:13:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNuaE-0002hQ-7u for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:13:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=EpitGQGnjkpSvMnEtEUPW1EL98WDBRaDYeCDpQmz59Q=; b=ZUiHDmt0Bv6TJG1Eqk40Y4Bkp7 luRY8NHNqZRRaBpmj8ic24nv8mkYNJbqePG5hzo5+KMwYXjS2bbp+O3BFwM/5+QY5gjr3497FyR5+ XzJ/5tZaEDSdAV103/ZIzY6pCq3IQuNS2jw9MU31naPvRaI4jCKg4EWxJIvm+dLRbstk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/P2M: relax guarding of MMIO entries Message-Id: Date: Wed, 08 Sep 2021 10:13:34 +0000 commit 111469cc7b3f586c2335e70205320ed3c828b89e Author: Jan Beulich AuthorDate: Tue Sep 7 09:39:38 2021 +0200 Commit: Jan Beulich CommitDate: Tue Sep 7 09:39:38 2021 +0200 x86/P2M: relax guarding of MMIO entries One of the changes comprising the fixes for XSA-378 disallows replacing MMIO mappings by code paths not intended for this purpose. At least in the case of PVH Dom0 hitting an RMRR covered by an E820 ACPI region, this is too strict. Generally short-circuit requests establishing the same kind of mapping (mfn, type), but allow permissions to differ. While there, also add a log message to the other domain_crash() invocation that did prevent PVH Dom0 from coming up after the XSA-378 changes. Fixes: 753cb68e6530 ("x86/p2m: guard (in particular) identity mapping entries") Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- xen/arch/x86/mm/p2m.c | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 1d17499543..0be252cc4b 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -958,9 +958,13 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, if ( p2m_is_special(ot) ) { /* Don't permit unmapping grant/foreign/direct-MMIO this way. */ - domain_crash(d); p2m_unlock(p2m); - + printk(XENLOG_G_ERR + "%pd: GFN %#lx (%#lx,%u,%u) -> (%#lx,%u,%u) not permitted\n", + d, gfn_x(gfn) + i, + mfn_x(omfn), ot, a, + mfn_x(mfn) + i, t, p2m->default_access); + domain_crash(d); return -EPERM; } else if ( p2m_is_ram(ot) && !p2m_is_paged(ot) ) @@ -1302,9 +1306,24 @@ static int set_typed_p2m_entry(struct domain *d, unsigned long gfn_l, } if ( p2m_is_special(ot) ) { - gfn_unlock(p2m, gfn, order); - domain_crash(d); - return -EPERM; + /* Special-case (almost) identical mappings. */ + if ( !mfn_eq(mfn, omfn) || gfn_p2mt != ot ) + { + gfn_unlock(p2m, gfn, order); + printk(XENLOG_G_ERR + "%pd: GFN %#lx (%#lx,%u,%u,%u) -> (%#lx,%u,%u,%u) not permitted\n", + d, gfn_l, + mfn_x(omfn), cur_order, ot, a, + mfn_x(mfn), order, gfn_p2mt, access); + domain_crash(d); + return -EPERM; + } + + if ( access == a ) + { + gfn_unlock(p2m, gfn, order); + return 0; + } } else if ( p2m_is_ram(ot) ) { -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Sep 08 10:13:46 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 08 Sep 2021 10:13:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.181735.329012 (Exim 4.92) (envelope-from ) id 1mNuaQ-0003OB-6T; Wed, 08 Sep 2021 10:13:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 181735.329012; Wed, 08 Sep 2021 10:13:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuaQ-0003O3-32; Wed, 08 Sep 2021 10:13:46 +0000 Received: by outflank-mailman (input) for mailman id 181735; Wed, 08 Sep 2021 10:13:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuaO-0003Ni-Co for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:13:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuaO-00022b-CC for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:13:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNuaO-0002iB-BQ for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:13:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=DJUJLsDyzB1k+l393huE0+H5zoK6FEQS6gbBQ+gx0OQ=; b=hg/hulecsK6IdodzPG1BdPuiCQ r3MEg2T6kU7Tek3EGOq5ZijLZCqeSp4RGLl5Re1RuXZY3tRU+TlJM+Si4+6Ewo8H3mlGYzN5gzmo0 cCiV0zqQkSEZApe0OyO3eKhd95PY0bNI8pZsRLhIC5MYbQC7vaQcPwoQq+cH/MjbpA5I=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/cpuid: expose NullSelectorClearsBase CPUID bit to guests Message-Id: Date: Wed, 08 Sep 2021 10:13:44 +0000 commit 5ae4120635ad3cbf6064268162b0fb2c44eb41e3 Author: Jane Malalane AuthorDate: Tue Sep 7 09:40:25 2021 +0200 Commit: Jan Beulich CommitDate: Tue Sep 7 09:40:25 2021 +0200 x86/cpuid: expose NullSelectorClearsBase CPUID bit to guests AMD Zen3 adds the NullSelectorClearsBase bit to indicate that loading a NULL segment selector zeroes the base and limit fields, as well as just attributes. Expose bit to all guests. Suggested-by: Andrew Cooper Signed-off-by: Jane Malalane Reviewed-by: Jan Beulich --- tools/libs/light/libxl_cpuid.c | 1 + tools/misc/xen-cpuid.c | 1 + xen/include/public/arch-x86/cpufeatureset.h | 1 + 3 files changed, 3 insertions(+) diff --git a/tools/libs/light/libxl_cpuid.c b/tools/libs/light/libxl_cpuid.c index b2c673841a..d667c36f31 100644 --- a/tools/libs/light/libxl_cpuid.c +++ b/tools/libs/light/libxl_cpuid.c @@ -289,6 +289,7 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str) {"svm_pausefilt",0x8000000a, NA, CPUID_REG_EDX, 10, 1}, {"lfence+", 0x80000021, NA, CPUID_REG_EAX, 2, 1}, + {"nscb", 0x80000021, NA, CPUID_REG_EAX, 6, 1}, {"maxhvleaf", 0x40000000, NA, CPUID_REG_EAX, 0, 8}, diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index 735bcf8f0e..d79e67ecfb 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -185,6 +185,7 @@ static const char *const str_7a1[32] = static const char *const str_e21a[32] = { [ 2] = "lfence+", + [ 6] = "nscb", }; static const struct { diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 380b51b1b3..f0e5fabfed 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -285,6 +285,7 @@ XEN_CPUFEATURE(FSRCS, 10*32+12) /*A Fast Short REP CMPSB/SCASB */ /* AMD-defined CPU features, CPUID level 0x80000021.eax, word 11 */ XEN_CPUFEATURE(LFENCE_DISPATCH, 11*32+ 2) /*A LFENCE always serializing */ +XEN_CPUFEATURE(NSCB, 11*32+ 6) /*A Null Selector Clears Base (and limit too) */ #endif /* XEN_CPUFEATURE */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Sep 08 10:13:56 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 08 Sep 2021 10:13:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.181737.329015 (Exim 4.92) (envelope-from ) id 1mNuaa-0003RN-7S; Wed, 08 Sep 2021 10:13:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 181737.329015; Wed, 08 Sep 2021 10:13:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuaa-0003RF-4d; Wed, 08 Sep 2021 10:13:56 +0000 Received: by outflank-mailman (input) for mailman id 181737; Wed, 08 Sep 2021 10:13:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuaY-0003Qx-Gv for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:13:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNuaY-00022l-GC for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:13:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNuaY-0002jT-El for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 10:13:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=qvzUKS9yaNPR0k/Nk0cb1RS9UypovlEDMUXvv2cELEQ=; b=iew3JH7Bxuy09M2F9A/ndPdXww UnoLFV3NtpZjlxTlbT8j2NR2gtabfNNb107ljNRikbPiLNOsSee8ZwJza6otSVQSZKU7PyZEoaYhj t0NFMFo2EuEIIXIy72eaOn4q9XK1suV0EkiBdUDuGeKCsAMHTxURJU+R+S1F5EVhleVs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/p2m-pt: fix p2m_flags_to_access() Message-Id: Date: Wed, 08 Sep 2021 10:13:54 +0000 commit e70a9a043a5ce6d4025420f729bc473f711bf5d1 Author: Jan Beulich AuthorDate: Tue Sep 7 14:24:49 2021 +0200 Commit: Jan Beulich CommitDate: Tue Sep 7 14:24:49 2021 +0200 x86/p2m-pt: fix p2m_flags_to_access() The initial if() was inverted, invalidating all output from this function. Which in turn means the mirroring of P2M mappings into the IOMMU didn't always work as intended: Mappings may have got updated when there was no need to. There would not have been too few (un)mappings; what saves us is that alongside the flags comparison MFNs also get compared, with non-present entries always having an MFN of 0 or INVALID_MFN while present entries always have MFNs different from these two (0 in the table also meant to cover INVALID_MFN): OLD NEW P W access MFN P W access MFN 0 0 r 0 0 0 n 0 0 1 rw 0 0 1 n 0 1 0 n non-0 1 0 r non-0 1 1 n non-0 1 1 rw non-0 present <-> non-present transitions are fine because the MFNs differ. present -> present transitions as well as non-present -> non-present ones are potentially causing too many map/unmap operations, but never too few, because in that case old (bogus) and new access differ. Fixes: d1bb6c97c31e ("IOMMU: also pass p2m_access_t to p2m_get_iommu_flags()) Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- xen/arch/x86/mm/p2m-pt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/mm/p2m-pt.c b/xen/arch/x86/mm/p2m-pt.c index 7d691e616d..5a0c0f5ace 100644 --- a/xen/arch/x86/mm/p2m-pt.c +++ b/xen/arch/x86/mm/p2m-pt.c @@ -548,7 +548,7 @@ int p2m_pt_handle_deferred_changes(uint64_t gpa) /* Reconstruct a fake p2m_access_t from stored PTE flags. */ static p2m_access_t p2m_flags_to_access(unsigned int flags) { - if ( flags & _PAGE_PRESENT ) + if ( !(flags & _PAGE_PRESENT) ) return p2m_access_n; /* No need to look at _PAGE_NX for now. */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Sep 08 12:44:10 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 08 Sep 2021 12:44:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.181911.329255 (Exim 4.92) (envelope-from ) id 1mNwvv-0007WB-GW; Wed, 08 Sep 2021 12:44:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 181911.329255; Wed, 08 Sep 2021 12:44:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNwvv-0007W3-DZ; Wed, 08 Sep 2021 12:44:07 +0000 Received: by outflank-mailman (input) for mailman id 181911; Wed, 08 Sep 2021 12:44:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNwvt-0007Vv-Im for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 12:44:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNwvt-0004it-GP for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 12:44:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNwvt-0000aq-F4 for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 12:44:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=f0yK39htq9h1Yy1/tjDhm31hVxPgz9wAb4aVEzN/hwI=; b=pGcglQjSCDMyMIUcC5MFI7Mf0W 6mt+r8+OhFetg1KcvWrP/pR6JSBPAdsFyu6towdS/96UBElQd0qhqlI7X+6aWj1MvpT25/nNpOB/M ESDRC3N1O9EDOtTVhuaPwwe6GooW6YTYSuo8cIU/mdPbwDJWbbaxgw3GW7cMCHxNj3b8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] gnttab: deal with status frame mapping race Message-Id: Date: Wed, 08 Sep 2021 12:44:05 +0000 commit eb6bbf7b30da5bae87932514d54d0e3c68b23757 Author: Jan Beulich AuthorDate: Wed Sep 8 14:37:45 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 8 14:37:45 2021 +0200 gnttab: deal with status frame mapping race Once gnttab_map_frame() drops the grant table lock, the MFN it reports back to its caller is free to other manipulation. In particular gnttab_unpopulate_status_frames() might free it, by a racing request on another CPU, thus resulting in a reference to a deallocated page getting added to a domain's P2M. Obtain a page reference in gnttab_map_frame() to prevent freeing of the page until xenmem_add_to_physmap_one() has actually completed its acting on the page. Do so uniformly, even if only strictly required for v2 status pages, to avoid extra conditionals (which then would all need to be kept in sync going forward). This is CVE-2021-28701 / XSA-384. Reported-by: Julien Grall Signed-off-by: Jan Beulich Reviewed-by: Julien Grall --- xen/arch/arm/mm.c | 11 ++++++++--- xen/arch/x86/mm/p2m.c | 2 ++ xen/common/grant_table.c | 11 ++++++++++- 3 files changed, 20 insertions(+), 4 deletions(-) diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c index 0e07335291..eea926d823 100644 --- a/xen/arch/arm/mm.c +++ b/xen/arch/arm/mm.c @@ -1420,6 +1420,8 @@ int xenmem_add_to_physmap_one( if ( rc ) return rc; + /* Need to take care of the reference obtained in gnttab_map_frame(). */ + page = mfn_to_page(mfn); t = p2m_ram_rw; break; @@ -1487,9 +1489,12 @@ int xenmem_add_to_physmap_one( /* Map at new location. */ rc = guest_physmap_add_entry(d, gfn, mfn, 0, t); - /* If we fail to add the mapping, we need to drop the reference we - * took earlier on foreign pages */ - if ( rc && space == XENMAPSPACE_gmfn_foreign ) + /* + * For XENMAPSPACE_gmfn_foreign if we failed to add the mapping, we need + * to drop the reference we took earlier. In all other cases we need to + * drop any reference we took earlier (perhaps indirectly). + */ + if ( space == XENMAPSPACE_gmfn_foreign ? rc : page != NULL ) { ASSERT(page != NULL); put_page(page); diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 0be252cc4b..674a6f4fe9 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -2745,6 +2745,8 @@ int xenmem_add_to_physmap_one( rc = gnttab_map_frame(d, idx, gpfn, &mfn); if ( rc ) return rc; + /* Need to take care of the reference obtained in gnttab_map_frame(). */ + page = mfn_to_page(mfn); break; case XENMAPSPACE_gmfn: diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index ee61603a97..e80f8d044d 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -4153,7 +4153,16 @@ int gnttab_map_frame(struct domain *d, unsigned long idx, gfn_t gfn, mfn_t *mfn) } if ( !rc ) - gnttab_set_frame_gfn(gt, status, idx, gfn); + { + /* + * Make sure gnttab_unpopulate_status_frames() won't (successfully) + * free the page until our caller has completed its operation. + */ + if ( get_page(mfn_to_page(*mfn), d) ) + gnttab_set_frame_gfn(gt, status, idx, gfn); + else + rc = -EBUSY; + } grant_write_unlock(gt); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Sep 08 12:44:17 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 08 Sep 2021 12:44:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.181912.329259 (Exim 4.92) (envelope-from ) id 1mNww5-0007ZJ-IO; Wed, 08 Sep 2021 12:44:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 181912.329259; Wed, 08 Sep 2021 12:44:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNww5-0007ZB-FB; Wed, 08 Sep 2021 12:44:17 +0000 Received: by outflank-mailman (input) for mailman id 181912; Wed, 08 Sep 2021 12:44:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNww3-0007Yt-Ko for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 12:44:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNww3-0004j1-K3 for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 12:44:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNww3-0000bZ-Is for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 12:44:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=3VuDi4BSplwNjq47p7obXOjQsHHVsDY4KT6owqMxIW8=; b=MmISn07xQqmt5cGjuMxjrnPj+k arAFmwLaYOK5JlymRqz08RK/sNJzAaE88JPs4Pt1OfIzcM1r6myeQxP6GyJEqO23NLBJp7abQOE0d clBIzAdzcsuBdLqG3V1AOdps0kL7TNGWXxF9I7q/rVBe06w4PH2G6TmH1GO/Q8Pi3ix0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] domain: try to address Coverity pointing out a missing "break" in domain_teardown() Message-Id: Date: Wed, 08 Sep 2021 12:44:15 +0000 commit 7429e08d9c1cabec3ce1c7c246fb711f6e225275 Author: Jan Beulich AuthorDate: Wed Sep 8 14:38:33 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 8 14:38:33 2021 +0200 domain: try to address Coverity pointing out a missing "break" in domain_teardown() Commit 806448806264 ("xen/domain: Fix label position in domain_teardown()" has caused Coverity to report a _new_ supposedly un-annotated fall-through in a switch(). I find this (once again) puzzling; I'm having an increasingly hard time figuring what patterns the tool is actually after. I would have expected that the tool would either have spotted an issue also before this change, or not at all. Yet if it had spotted one before, the statistics report should have included an eliminated instance alongside the new one (because then the issue would simply have moved by a few lines). Hence the only thing I could guess is that the treatment of comments in macro expansions might be subtly different. Therefore try whether switching the comments to the still relatively new "fallthrough" pseudo keyword actually helps. Coverity-ID: 1490865 Signed-off-by: Jan Beulich Reviewed-by: Bertrand Marquis Acked-by: Julien Grall --- xen/common/domain.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/common/domain.c b/xen/common/domain.c index 0d3385ad5a..6ee5d033b0 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -401,13 +401,13 @@ static int domain_teardown(struct domain *d) */ #define PROGRESS(x) \ d->teardown.val = PROG_ ## x; \ - /* Fallthrough */ \ + fallthrough; \ case PROG_ ## x #define PROGRESS_VCPU(x) \ d->teardown.val = PROG_vcpu_ ## x; \ d->teardown.vcpu = v; \ - /* Fallthrough */ \ + fallthrough; \ case PROG_vcpu_ ## x: \ v = d->teardown.vcpu -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Sep 08 12:44:27 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 08 Sep 2021 12:44:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.181914.329263 (Exim 4.92) (envelope-from ) id 1mNwwF-0007cZ-Jx; Wed, 08 Sep 2021 12:44:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 181914.329263; Wed, 08 Sep 2021 12:44:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNwwF-0007cR-Gx; Wed, 08 Sep 2021 12:44:27 +0000 Received: by outflank-mailman (input) for mailman id 181914; Wed, 08 Sep 2021 12:44:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNwwD-0007by-OE for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 12:44:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNwwD-0004jE-NS for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 12:44:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNwwD-0000cN-Ml for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 12:44:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=yq85cQwNYDYeSpVzaQVK+zm3IHfoUb5ILe0HNgDT2Hk=; b=ereDDGBLRPFfzVSqqapNbYHWXA ZA/8aQyl12JgrCzKmSuL5+lHQes4NE2Iyej84c+PR7AI0x39osGdIpdUBtONZVLpkLfwy8F+Xz7Wg ZcMGvhFFde3kiM6sMs1cdDKhSYSOatdo/p69xCx3Ffs9Jqttt9l9HaJcCG1774qFwVP4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/cpuid: detect null segment behaviour on Zen2 CPUs Message-Id: Date: Wed, 08 Sep 2021 12:44:25 +0000 commit 5074b0c1c048ce7af3f33ab0885c610b7b2fcea0 Author: Jane Malalane AuthorDate: Wed Sep 8 14:39:18 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 8 14:39:18 2021 +0200 x86/cpuid: detect null segment behaviour on Zen2 CPUs All Zen2 CPUs actually have this behaviour, but the CPUID bit couldn't be introduced into Zen2 due to a lack of leaves. So, it was added in a new leaf in Zen3. Nonetheless, hypervisors can synthesize the CPUID bit in software. So, Xen probes for NSCB (NullSelectorClearsBit) and synthesizes the bit, if the behaviour is present. Suggested-by: Andrew Cooper Signed-off-by: Jane Malalane Reviewed-by: Jan Beulich --- xen/arch/x86/cpu/amd.c | 18 ++++++++++++++++++ xen/arch/x86/cpu/cpu.h | 1 + xen/arch/x86/cpu/hygon.c | 5 +++++ xen/include/asm-x86/cpufeature.h | 1 + 4 files changed, 25 insertions(+) diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index 2260eef3aa..cb12861481 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -681,6 +681,19 @@ void amd_init_lfence(struct cpuinfo_x86 *c) c->x86_capability); } +void __init detect_zen2_null_seg_behaviour(void) +{ + uint64_t base; + + wrmsrl(MSR_FS_BASE, 1); + asm volatile ( "mov %0, %%fs" :: "rm" (0) ); + rdmsrl(MSR_FS_BASE, base); + + if (base == 0) + setup_force_cpu_cap(X86_FEATURE_NSCB); + +} + static void init_amd(struct cpuinfo_x86 *c) { u32 l, h; @@ -731,6 +744,11 @@ static void init_amd(struct cpuinfo_x86 *c) else /* Implicily "== 0x10 || >= 0x12" by being 64bit. */ amd_init_lfence(c); + /* Probe for NSCB on Zen2 CPUs when not virtualised */ + if (!cpu_has_hypervisor && !cpu_has_nscb && c == &boot_cpu_data && + c->x86 == 0x17) + detect_zen2_null_seg_behaviour(); + /* * If the user has explicitly chosen to disable Memory Disambiguation * to mitigiate Speculative Store Bypass, poke the appropriate MSR. diff --git a/xen/arch/x86/cpu/cpu.h b/xen/arch/x86/cpu/cpu.h index 1ac3b2867a..0dd1b762ff 100644 --- a/xen/arch/x86/cpu/cpu.h +++ b/xen/arch/x86/cpu/cpu.h @@ -21,3 +21,4 @@ extern bool detect_extended_topology(struct cpuinfo_x86 *c); void early_init_amd(struct cpuinfo_x86 *c); void amd_log_freq(const struct cpuinfo_x86 *c); void amd_init_lfence(struct cpuinfo_x86 *c); +void detect_zen2_null_seg_behaviour(void); diff --git a/xen/arch/x86/cpu/hygon.c b/xen/arch/x86/cpu/hygon.c index 67e23c5df9..d7a04af2bb 100644 --- a/xen/arch/x86/cpu/hygon.c +++ b/xen/arch/x86/cpu/hygon.c @@ -34,6 +34,11 @@ static void init_hygon(struct cpuinfo_x86 *c) amd_init_lfence(c); + /* Probe for NSCB on Zen2 CPUs when not virtualised */ + if (!cpu_has_hypervisor && !cpu_has_nscb && c == &boot_cpu_data && + c->x86 == 0x18) + detect_zen2_null_seg_behaviour(); + /* * If the user has explicitly chosen to disable Memory Disambiguation * to mitigiate Speculative Store Bypass, poke the appropriate MSR. diff --git a/xen/include/asm-x86/cpufeature.h b/xen/include/asm-x86/cpufeature.h index 5f6b83f71c..4faf9bff29 100644 --- a/xen/include/asm-x86/cpufeature.h +++ b/xen/include/asm-x86/cpufeature.h @@ -146,6 +146,7 @@ #define cpu_has_cpuid_faulting boot_cpu_has(X86_FEATURE_CPUID_FAULTING) #define cpu_has_aperfmperf boot_cpu_has(X86_FEATURE_APERFMPERF) #define cpu_has_lfence_dispatch boot_cpu_has(X86_FEATURE_LFENCE_DISPATCH) +#define cpu_has_nscb boot_cpu_has(X86_FEATURE_NSCB) #define cpu_has_xen_lbr boot_cpu_has(X86_FEATURE_XEN_LBR) #define cpu_has_xen_shstk boot_cpu_has(X86_FEATURE_XEN_SHSTK) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Sep 08 12:44:38 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 08 Sep 2021 12:44:38 +0000 Received: from list by lists.xenproject.org with outflank-mailman.181916.329267 (Exim 4.92) (envelope-from ) id 1mNwwP-0007g2-LV; Wed, 08 Sep 2021 12:44:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 181916.329267; Wed, 08 Sep 2021 12:44:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNwwP-0007fu-IX; Wed, 08 Sep 2021 12:44:37 +0000 Received: by outflank-mailman (input) for mailman id 181916; Wed, 08 Sep 2021 12:44:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNwwN-0007fh-Ra for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 12:44:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNwwN-0004jg-Qq for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 12:44:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNwwN-0000dC-Po for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 12:44:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=XUAJuHOC8mAGs6L9Km3FaYB5+6+DRpAmh0WJQEs480w=; b=gavVmIkCd5nJ1kFT93AybYSEWU H+cR5/pJD+kdsHZ5qaacn0lAZK4VQSDq5y3L8kvwmcRPLZdb/LcmDNpu4SK/ECyNTEY0xpBUoSK/f 3kCZ3PlLqA+WHsugPm1M6b1WpKNGTWMPzNblGyssekn71Y5GuyeN7NDpSVo2m9WGrS5k=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] build: set policy filename on make command line Message-Id: Date: Wed, 08 Sep 2021 12:44:35 +0000 commit c81e7efe2146c8f381fbdbb037b9d46866a6451e Author: Anthony PERARD AuthorDate: Wed Sep 8 14:40:00 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 8 14:40:00 2021 +0200 build: set policy filename on make command line In order to avoid flask/Makefile.common calling `make xenversion`, we override POLICY_FILENAME with the value we are going to use anyway. Signed-off-by: Anthony PERARD Acked-by: Jan Beulich --- xen/xsm/flask/Makefile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/xen/xsm/flask/Makefile b/xen/xsm/flask/Makefile index 637159ad82..af95697ed9 100644 --- a/xen/xsm/flask/Makefile +++ b/xen/xsm/flask/Makefile @@ -42,7 +42,9 @@ FLASK_BUILD_DIR := $(CURDIR) POLICY_SRC := $(FLASK_BUILD_DIR)/xenpolicy-$(XEN_FULLVERSION) policy.bin: FORCE - $(MAKE) -f $(XEN_ROOT)/tools/flask/policy/Makefile.common -C $(XEN_ROOT)/tools/flask/policy FLASK_BUILD_DIR=$(FLASK_BUILD_DIR) + $(MAKE) -f $(XEN_ROOT)/tools/flask/policy/Makefile.common \ + -C $(XEN_ROOT)/tools/flask/policy \ + FLASK_BUILD_DIR=$(FLASK_BUILD_DIR) POLICY_FILENAME=$(POLICY_SRC) cmp -s $(POLICY_SRC) $@ || cp $(POLICY_SRC) $@ .PHONY: clean -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Sep 08 12:55:09 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 08 Sep 2021 12:55:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.181935.329292 (Exim 4.92) (envelope-from ) id 1mNx6Z-0001fj-3B; Wed, 08 Sep 2021 12:55:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 181935.329292; Wed, 08 Sep 2021 12:55:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNx6Z-0001fc-0F; Wed, 08 Sep 2021 12:55:07 +0000 Received: by outflank-mailman (input) for mailman id 181935; Wed, 08 Sep 2021 12:55:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNx6X-0001fU-G1 for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 12:55:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNx6X-0004wx-EE for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 12:55:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNx6X-0001XB-DB for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 12:55:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=eiefIqVH+CwBJ6YqGvGmctGKe1pkkdi21hBZVHFTOpQ=; b=nm/v2QTSeWtvzI5oWav0PKxcM4 fU126iby8HK+69I0kB9ILXQoriFcalHux7zGYzRDHf3VkIh/ooYN246UA0L2OX2bl23Jp7OgDgyMU FstXHD7+7YUpgR6tg38grRrmSasratgMqErZ/Jt+ZAuYKOWJE0awBa2VwbbSVjNI58J0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] gnttab: avoid triggering assertion in radix_tree_ulong_to_ptr() Message-Id: Date: Wed, 08 Sep 2021 12:55:05 +0000 commit e58edae768bff17e1af652e3fae716c29b14c6e4 Author: Jan Beulich AuthorDate: Wed Sep 8 14:45:18 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 8 14:45:18 2021 +0200 gnttab: avoid triggering assertion in radix_tree_ulong_to_ptr() Relevant quotes from the C11 standard: "Except where explicitly stated otherwise, for the purposes of this subclause unnamed members of objects of structure and union type do not participate in initialization. Unnamed members of structure objects have indeterminate value even after initialization." "If there are fewer initializers in a brace-enclosed list than there are elements or members of an aggregate, [...], the remainder of the aggregate shall be initialized implicitly the same as objects that have static storage duration." "If an object that has static or thread storage duration is not initialized explicitly, then: [...] — if it is an aggregate, every member is initialized (recursively) according to these rules, and any padding is initialized to zero bits; [...]" "A bit-field declaration with no declarator, but only a colon and a width, indicates an unnamed bit-field." Footnote: "An unnamed bit-field structure member is useful for padding to conform to externally imposed layouts." "There may be unnamed padding within a structure object, but not at its beginning." Which makes me conclude: - Whether an unnamed bit-field member is an unnamed member or padding is unclear, and hence also whether the last quote above would render the big endian case of the structure declaration invalid. - Whether the number of members of an aggregate includes unnamed ones is also not really clear. - The initializer in map_grant_ref() initializes all fields of the "cnt" sub-structure of the union, so assuming the second quote above applies here (indirectly), the compiler isn't required to implicitly initialize the rest (i.e. in particular any padding) like would happen for static storage duration objects. Gcc 7.4.1 can be observed (apparently in debug builds only) to translate aforementioned initializer to a read-modify-write operation of a stack variable, leaving unchanged the top two bits of whatever was previously in that stack slot. Clearly if either of the two bits were set, radix_tree_ulong_to_ptr()'s assertion would trigger. Therefore, to be on the safe side, add an explicit padding field for the non-big-endian-bitfields case and give a dummy name to both padding fields. Fixes: 9781b51efde2 ("gnttab: replace mapkind()") Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: b6da9d0414d69c2682214ee3ecf9816fcac500d0 master date: 2021-08-27 10:54:46 +0200 --- xen/common/grant_table.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index d3f8dc8c4d..fd66863abc 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -964,10 +964,13 @@ union maptrack_node { struct { /* Radix tree slot pointers use two of the bits. */ #ifdef __BIG_ENDIAN_BITFIELD - unsigned long : 2; + unsigned long _0 : 2; #endif unsigned long rd : BITS_PER_LONG / 2 - 1; unsigned long wr : BITS_PER_LONG / 2 - 1; +#ifndef __BIG_ENDIAN_BITFIELD + unsigned long _0 : 2; +#endif } cnt; unsigned long raw; }; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Sep 08 12:55:17 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 08 Sep 2021 12:55:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.181936.329297 (Exim 4.92) (envelope-from ) id 1mNx6j-0001iK-4q; Wed, 08 Sep 2021 12:55:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 181936.329297; Wed, 08 Sep 2021 12:55:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNx6j-0001iC-1p; Wed, 08 Sep 2021 12:55:17 +0000 Received: by outflank-mailman (input) for mailman id 181936; Wed, 08 Sep 2021 12:55:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNx6h-0001i4-If for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 12:55:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNx6h-0004x8-Hw for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 12:55:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNx6h-0001Y7-Gp for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 12:55:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=tg0xc3HimHkh71qI7zswXfqI7rNZpDQ3HjAmwxANWaU=; b=Oq/iBfuSOHvwukylu99kCOePhh Ir8ts5jQmKX0Rw9cPSVsViVIcNqiX4gi5l7Dwor9K956QqL2mkBYfytbtrO102LII7Z3ag0eGURHT yQyz1/kVsxZqcroh6zBM1tx18KPNZIy3UyKHaVeLbO35BhTPJBeywQaVN2pg8FxpNhmU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] xen/domain: Fix label position in domain_teardown() Message-Id: Date: Wed, 08 Sep 2021 12:55:15 +0000 commit c0832c75315d73c47d59b45f7ce271f4425d2f1d Author: Andrew Cooper AuthorDate: Wed Sep 8 14:46:04 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 8 14:46:04 2021 +0200 xen/domain: Fix label position in domain_teardown() As explained in the comments, a progress label wants to be before the function it refers to for the higher level logic to make sense. As it happens, the effects are benign because gnttab_mappings is immediately adjacent to teardown in terms of co-routine exit points. There is and will always be a corner case with 0. Help alleviate this visually (at least slightly) with a BUILD_BUG_ON() to ensure the property which makes this function do anything useful. There is also a visual corner case when changing from PROGRESS() to PROGRESS_VCPU(). The important detail is to check that there is a "return rc;" logically between each PROGRESS*() marker. Fixes: b1ee10be5625 ("gnttab: add preemption check to gnttab_release_mappings()") Signed-off-by: Andrew Cooper Acked-by: Jan Beulich master commit: 8064488062641ae505b2a7369611c38057a7788b master date: 2021-08-27 15:12:05 +0100 --- xen/common/domain.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/xen/common/domain.c b/xen/common/domain.c index dabb15a06c..fe39fb9177 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -419,11 +419,13 @@ static int domain_teardown(struct domain *d) }; case PROG_none: + BUILD_BUG_ON(PROG_none != 0); + + PROGRESS(gnttab_mappings): rc = gnttab_release_mappings(d); if ( rc ) return rc; - PROGRESS(gnttab_mappings): for_each_vcpu ( d, v ) { PROGRESS_VCPU(teardown); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Sep 08 12:55:27 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 08 Sep 2021 12:55:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.181937.329302 (Exim 4.92) (envelope-from ) id 1mNx6t-0001lp-6g; Wed, 08 Sep 2021 12:55:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 181937.329302; Wed, 08 Sep 2021 12:55:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNx6t-0001lh-3P; Wed, 08 Sep 2021 12:55:27 +0000 Received: by outflank-mailman (input) for mailman id 181937; Wed, 08 Sep 2021 12:55:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNx6r-0001lE-MA for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 12:55:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNx6r-0004xM-LX for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 12:55:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNx6r-0001Ys-KX for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 12:55:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=FIpMweSPyKbT02yrrkjMJ+k9eIef09H9QHKQp6lb8D8=; b=CQY1SY0SBpE6Y1qmS435Ifc4lA cO2dmNmPHoejguh9xAOnDU4KhDPlG0Ac1D/EbhTkLHooxFkyPfz1wWDleZdOKB8XYtDFyC2kUpGSz TDglO3xFI2kKEMplPuBsVDJOOIGk1v6J7Zr2/obo4/MH2+hcWPXAJbSgdEfCC2HwT93U=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/PVH: de-duplicate mappings for first Mb of Dom0 memory Message-Id: Date: Wed, 08 Sep 2021 12:55:25 +0000 commit 5a8b51e1ccad2c8528c78ab67ce5242d1641f112 Author: Jan Beulich AuthorDate: Wed Sep 8 14:46:30 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 8 14:46:30 2021 +0200 x86/PVH: de-duplicate mappings for first Mb of Dom0 memory One of the changes comprising the fixes for XSA-378 disallows replacing MMIO mappings by code paths not intended for this purpose. This means we need to be more careful about the mappings put in place in this range - mappings should be created exactly once: - iommu_hwdom_init() comes first; it should avoid the first Mb, - pvh_populate_p2m() should insert identity mappings only into ranges not populated as RAM, - pvh_setup_acpi() should again avoid the first Mb, which was already dealt with at that point. Fixes: 753cb68e6530 ("x86/p2m: guard (in particular) identity mapping entries") Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: 6b4f6a31ace125d658a581e8d10809e4fccdc272 master date: 2021-08-31 17:43:36 +0200 --- xen/arch/x86/hvm/dom0_build.c | 39 ++++++++++++++++++++++++++----------- xen/drivers/passthrough/x86/iommu.c | 8 +++++++- 2 files changed, 35 insertions(+), 12 deletions(-) diff --git a/xen/arch/x86/hvm/dom0_build.c b/xen/arch/x86/hvm/dom0_build.c index 878dc1d808..01b1356bd2 100644 --- a/xen/arch/x86/hvm/dom0_build.c +++ b/xen/arch/x86/hvm/dom0_build.c @@ -430,17 +430,6 @@ static int __init pvh_populate_p2m(struct domain *d) int rc; #define MB1_PAGES PFN_DOWN(MB(1)) - /* - * Memory below 1MB is identity mapped initially. RAM regions are - * populated and copied below, replacing the respective mappings. - */ - rc = modify_identity_mmio(d, 0, MB1_PAGES, true); - if ( rc ) - { - printk("Failed to identity map low 1MB: %d\n", rc); - return rc; - } - /* Populate memory map. */ for ( i = 0; i < d->arch.nr_e820; i++ ) { @@ -472,6 +461,23 @@ static int __init pvh_populate_p2m(struct domain *d) } } + /* Non-RAM regions of space below 1MB get identity mapped. */ + for ( i = rc = 0; i < MB1_PAGES; ++i ) + { + p2m_type_t p2mt; + + if ( mfn_eq(get_gfn_query(d, i, &p2mt), INVALID_MFN) ) + rc = set_mmio_p2m_entry(d, _gfn(i), _mfn(i), PAGE_ORDER_4K); + else + ASSERT(p2mt == p2m_ram_rw); + put_gfn(d, i); + if ( rc ) + { + printk("Failed to identity map PFN %x: %d\n", i, rc); + return rc; + } + } + if ( cpu_has_vmx && paging_mode_hap(d) && !vmx_unrestricted_guest(v) ) { /* @@ -1095,6 +1101,17 @@ static int __init pvh_setup_acpi(struct domain *d, paddr_t start_info) nr_pages = PFN_UP((d->arch.e820[i].addr & ~PAGE_MASK) + d->arch.e820[i].size); + /* Memory below 1MB has been dealt with by pvh_populate_p2m(). */ + if ( pfn < PFN_DOWN(MB(1)) ) + { + if ( pfn + nr_pages <= PFN_DOWN(MB(1)) ) + continue; + + /* This shouldn't happen, but is easy to deal with. */ + nr_pages -= PFN_DOWN(MB(1)) - pfn; + pfn = PFN_DOWN(MB(1)); + } + rc = modify_identity_mmio(d, pfn, nr_pages, true); if ( rc ) { diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index 21c14fab66..e83c6f2c61 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -336,7 +336,13 @@ void __hwdom_init arch_iommu_hwdom_init(struct domain *d) max_pfn = (GB(4) >> PAGE_SHIFT) - 1; top = max(max_pdx, pfn_to_pdx(max_pfn) + 1); - for ( i = 0; i < top; i++ ) + /* + * First Mb will get mapped in one go by pvh_populate_p2m(). Avoid + * setting up potentially conflicting mappings here. + */ + i = paging_mode_translate(d) ? PFN_DOWN(MB(1)) : 0; + + for ( ; i < top; i++ ) { unsigned long pfn = pdx_to_pfn(i); int rc; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Sep 08 12:55:37 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 08 Sep 2021 12:55:37 +0000 Received: from list by lists.xenproject.org with outflank-mailman.181940.329304 (Exim 4.92) (envelope-from ) id 1mNx73-0001pk-9O; Wed, 08 Sep 2021 12:55:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 181940.329304; Wed, 08 Sep 2021 12:55:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNx73-0001pc-6D; Wed, 08 Sep 2021 12:55:37 +0000 Received: by outflank-mailman (input) for mailman id 181940; Wed, 08 Sep 2021 12:55:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNx71-0001pL-QU for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 12:55:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNx71-0004xZ-Pq for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 12:55:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNx71-0001Zl-OK for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 12:55:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=gRg0WPpT8pn4HmCzujGAVGoh35BZil34EfGI8sv/iD4=; b=fjhl47NMeH98p4gNswqFzn1ocE zaeFVV4FoIjt8UMAF8SO1RlrHu6uq1NQjXkFtDAgSEpapozGw2UT55S/e7f0bbpjrh5F+M4Geqr4E P9g14BGKIHxqc8JjmmF0ESbWDwWeAHQiOgT+sWvD44CmAiOa2E+GfUB+2wGcdgtVJf6Q=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/P2M: relax guarding of MMIO entries Message-Id: Date: Wed, 08 Sep 2021 12:55:35 +0000 commit b6a2e26cd9931d1372ee737f68ee892356b91631 Author: Jan Beulich AuthorDate: Wed Sep 8 14:47:00 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 8 14:47:00 2021 +0200 x86/P2M: relax guarding of MMIO entries One of the changes comprising the fixes for XSA-378 disallows replacing MMIO mappings by code paths not intended for this purpose. At least in the case of PVH Dom0 hitting an RMRR covered by an E820 ACPI region, this is too strict. Generally short-circuit requests establishing the same kind of mapping (mfn, type), but allow permissions to differ. While there, also add a log message to the other domain_crash() invocation that did prevent PVH Dom0 from coming up after the XSA-378 changes. Fixes: 753cb68e6530 ("x86/p2m: guard (in particular) identity mapping entries") Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: 111469cc7b3f586c2335e70205320ed3c828b89e master date: 2021-09-07 09:39:38 +0200 --- xen/arch/x86/mm/p2m.c | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 3bdfc3f274..871f3a04e8 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -945,9 +945,13 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, if ( p2m_is_special(ot) ) { /* Don't permit unmapping grant/foreign/direct-MMIO this way. */ - domain_crash(d); p2m_unlock(p2m); - + printk(XENLOG_G_ERR + "%pd: GFN %#lx (%#lx,%u,%u) -> (%#lx,%u,%u) not permitted\n", + d, gfn_x(gfn) + i, + mfn_x(omfn), ot, a, + mfn_x(mfn) + i, t, p2m->default_access); + domain_crash(d); return -EPERM; } else if ( p2m_is_ram(ot) && !p2m_is_paged(ot) ) @@ -1291,9 +1295,24 @@ static int set_typed_p2m_entry(struct domain *d, unsigned long gfn_l, } if ( p2m_is_special(ot) ) { - gfn_unlock(p2m, gfn, order); - domain_crash(d); - return -EPERM; + /* Special-case (almost) identical mappings. */ + if ( !mfn_eq(mfn, omfn) || gfn_p2mt != ot ) + { + gfn_unlock(p2m, gfn, order); + printk(XENLOG_G_ERR + "%pd: GFN %#lx (%#lx,%u,%u,%u) -> (%#lx,%u,%u,%u) not permitted\n", + d, gfn_l, + mfn_x(omfn), cur_order, ot, a, + mfn_x(mfn), order, gfn_p2mt, access); + domain_crash(d); + return -EPERM; + } + + if ( access == a ) + { + gfn_unlock(p2m, gfn, order); + return 0; + } } else if ( p2m_is_ram(ot) ) { -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Sep 08 12:55:47 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 08 Sep 2021 12:55:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.181942.329309 (Exim 4.92) (envelope-from ) id 1mNx7D-0001t1-B2; Wed, 08 Sep 2021 12:55:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 181942.329309; Wed, 08 Sep 2021 12:55:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNx7D-0001st-85; Wed, 08 Sep 2021 12:55:47 +0000 Received: by outflank-mailman (input) for mailman id 181942; Wed, 08 Sep 2021 12:55:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNx7B-0001sX-U4 for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 12:55:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNx7B-0004y6-TG for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 12:55:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNx7B-0001bB-SP for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 12:55:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=CZh+yriFgMxTb43h1QmaUZROqI/SRBqll6LvMqzgyi0=; b=S6KpuQeYf0KwqDelCkLY2Npg0P MEjtQBamKwcGeRbb4p3PJTuo9TkS7tTKp2srJFtoIU9fRClmftyZFiIcOzMptyDlH/nQ56DNm7NlF OgzCeaH+9kDrAMFXA5vCxL1n2HVh6nI0Jxo//wnfCKj+8spmnykVR1K8YhN0u5HNsIP4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/p2m-pt: fix p2m_flags_to_access() Message-Id: Date: Wed, 08 Sep 2021 12:55:45 +0000 commit 60d5c31d999ed80159ad295dd5701cdf6173adff Author: Jan Beulich AuthorDate: Wed Sep 8 14:47:29 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 8 14:47:29 2021 +0200 x86/p2m-pt: fix p2m_flags_to_access() The initial if() was inverted, invalidating all output from this function. Which in turn means the mirroring of P2M mappings into the IOMMU didn't always work as intended: Mappings may have got updated when there was no need to. There would not have been too few (un)mappings; what saves us is that alongside the flags comparison MFNs also get compared, with non-present entries always having an MFN of 0 or INVALID_MFN while present entries always have MFNs different from these two (0 in the table also meant to cover INVALID_MFN): OLD NEW P W access MFN P W access MFN 0 0 r 0 0 0 n 0 0 1 rw 0 0 1 n 0 1 0 n non-0 1 0 r non-0 1 1 n non-0 1 1 rw non-0 present <-> non-present transitions are fine because the MFNs differ. present -> present transitions as well as non-present -> non-present ones are potentially causing too many map/unmap operations, but never too few, because in that case old (bogus) and new access differ. Fixes: d1bb6c97c31e ("IOMMU: also pass p2m_access_t to p2m_get_iommu_flags()) Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: e70a9a043a5ce6d4025420f729bc473f711bf5d1 master date: 2021-09-07 14:24:49 +0200 --- xen/arch/x86/mm/p2m-pt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/mm/p2m-pt.c b/xen/arch/x86/mm/p2m-pt.c index 7d691e616d..5a0c0f5ace 100644 --- a/xen/arch/x86/mm/p2m-pt.c +++ b/xen/arch/x86/mm/p2m-pt.c @@ -548,7 +548,7 @@ int p2m_pt_handle_deferred_changes(uint64_t gpa) /* Reconstruct a fake p2m_access_t from stored PTE flags. */ static p2m_access_t p2m_flags_to_access(unsigned int flags) { - if ( flags & _PAGE_PRESENT ) + if ( !(flags & _PAGE_PRESENT) ) return p2m_access_n; /* No need to look at _PAGE_NX for now. */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Sep 08 12:55:57 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 08 Sep 2021 12:55:57 +0000 Received: from list by lists.xenproject.org with outflank-mailman.181944.329313 (Exim 4.92) (envelope-from ) id 1mNx7N-0001w6-Ci; Wed, 08 Sep 2021 12:55:57 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 181944.329313; Wed, 08 Sep 2021 12:55:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNx7N-0001vw-9X; Wed, 08 Sep 2021 12:55:57 +0000 Received: by outflank-mailman (input) for mailman id 181944; Wed, 08 Sep 2021 12:55:56 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNx7M-0001vf-1y for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 12:55:56 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNx7M-0004yG-19 for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 12:55:56 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNx7M-0001c9-05 for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 12:55:56 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=wDn5jQBdRQzEWCKe/wHLTOXevXzwLgvxsnvFlA0+EDo=; b=A2XLrySjrxOLHreXFSucrZs6Eg 9sPdeRIJ6r9Fup6supwZp6uAVPLFRQ2j/zsPcFakWFCaAUGeXF9NUj6Ux1YSarve9vKm3t7POkJSs 8kPiTp384tnFw72VeA2SP/K8tSW3G/kLXRRHEcz/YxZHUGsu/R34Oq5C7CZyvVak7rvg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] gnttab: deal with status frame mapping race Message-Id: Date: Wed, 08 Sep 2021 12:55:56 +0000 commit 6f92f38419d6bd052da9076a7d89534b1f85ded9 Author: Jan Beulich AuthorDate: Wed Sep 8 14:48:32 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 8 14:48:32 2021 +0200 gnttab: deal with status frame mapping race Once gnttab_map_frame() drops the grant table lock, the MFN it reports back to its caller is free to other manipulation. In particular gnttab_unpopulate_status_frames() might free it, by a racing request on another CPU, thus resulting in a reference to a deallocated page getting added to a domain's P2M. Obtain a page reference in gnttab_map_frame() to prevent freeing of the page until xenmem_add_to_physmap_one() has actually completed its acting on the page. Do so uniformly, even if only strictly required for v2 status pages, to avoid extra conditionals (which then would all need to be kept in sync going forward). This is CVE-2021-28701 / XSA-384. Reported-by: Julien Grall Signed-off-by: Jan Beulich Reviewed-by: Julien Grall master commit: eb6bbf7b30da5bae87932514d54d0e3c68b23757 master date: 2021-09-08 14:37:45 +0200 --- xen/arch/arm/mm.c | 11 ++++++++--- xen/arch/x86/mm/p2m.c | 2 ++ xen/common/grant_table.c | 11 ++++++++++- 3 files changed, 20 insertions(+), 4 deletions(-) diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c index 59f8a3f15f..955b8a9337 100644 --- a/xen/arch/arm/mm.c +++ b/xen/arch/arm/mm.c @@ -1420,6 +1420,8 @@ int xenmem_add_to_physmap_one( if ( rc ) return rc; + /* Need to take care of the reference obtained in gnttab_map_frame(). */ + page = mfn_to_page(mfn); t = p2m_ram_rw; break; @@ -1487,9 +1489,12 @@ int xenmem_add_to_physmap_one( /* Map at new location. */ rc = guest_physmap_add_entry(d, gfn, mfn, 0, t); - /* If we fail to add the mapping, we need to drop the reference we - * took earlier on foreign pages */ - if ( rc && space == XENMAPSPACE_gmfn_foreign ) + /* + * For XENMAPSPACE_gmfn_foreign if we failed to add the mapping, we need + * to drop the reference we took earlier. In all other cases we need to + * drop any reference we took earlier (perhaps indirectly). + */ + if ( space == XENMAPSPACE_gmfn_foreign ? rc : page != NULL ) { ASSERT(page != NULL); put_page(page); diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 871f3a04e8..9936142917 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -2719,6 +2719,8 @@ int xenmem_add_to_physmap_one( rc = gnttab_map_frame(d, idx, gpfn, &mfn); if ( rc ) return rc; + /* Need to take care of the reference obtained in gnttab_map_frame(). */ + page = mfn_to_page(mfn); break; case XENMAPSPACE_gmfn: diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index fd66863abc..6f50e9de51 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -4166,7 +4166,16 @@ int gnttab_map_frame(struct domain *d, unsigned long idx, gfn_t gfn, mfn_t *mfn) } if ( !rc ) - gnttab_set_frame_gfn(gt, status, idx, gfn); + { + /* + * Make sure gnttab_unpopulate_status_frames() won't (successfully) + * free the page until our caller has completed its operation. + */ + if ( get_page(mfn_to_page(*mfn), d) ) + gnttab_set_frame_gfn(gt, status, idx, gfn); + else + rc = -EBUSY; + } grant_write_unlock(gt); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Sep 08 12:56:08 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 08 Sep 2021 12:56:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.181946.329317 (Exim 4.92) (envelope-from ) id 1mNx7Y-0001zK-EP; Wed, 08 Sep 2021 12:56:08 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 181946.329317; Wed, 08 Sep 2021 12:56:08 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNx7Y-0001zC-BA; Wed, 08 Sep 2021 12:56:08 +0000 Received: by outflank-mailman (input) for mailman id 181946; Wed, 08 Sep 2021 12:56:06 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNx7W-0001yv-NV for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 12:56:06 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNx7W-0004yd-Mm for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 12:56:06 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNx7W-0001eL-Ld for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 12:56:06 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=jmzqrdG4sch5sr+JK7tHICK1kBPiv5yUbmBf4xMDhMI=; b=H3+Hj4KjnHNj612dqhxymo9YOh 6RKBl6PLdnOPLJByXb8gnMpFPMCg/f26ixFUTI567fSE0dgxSlnO9HbZedqzsI6RkTDcOuGF5GfzU DSnjrUbDcQNCgq02gyx2wFRkCzV1RKkCP2NhBdpdm4/BlzPAvjMdFcSRFOhHYq9Oxr10=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] gnttab: avoid triggering assertion in radix_tree_ulong_to_ptr() Message-Id: Date: Wed, 08 Sep 2021 12:56:06 +0000 commit 76c7755ed5ebc0ade1711ffd6f435233b97e8332 Author: Jan Beulich AuthorDate: Wed Sep 8 14:50:39 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 8 14:50:39 2021 +0200 gnttab: avoid triggering assertion in radix_tree_ulong_to_ptr() Relevant quotes from the C11 standard: "Except where explicitly stated otherwise, for the purposes of this subclause unnamed members of objects of structure and union type do not participate in initialization. Unnamed members of structure objects have indeterminate value even after initialization." "If there are fewer initializers in a brace-enclosed list than there are elements or members of an aggregate, [...], the remainder of the aggregate shall be initialized implicitly the same as objects that have static storage duration." "If an object that has static or thread storage duration is not initialized explicitly, then: [...] — if it is an aggregate, every member is initialized (recursively) according to these rules, and any padding is initialized to zero bits; [...]" "A bit-field declaration with no declarator, but only a colon and a width, indicates an unnamed bit-field." Footnote: "An unnamed bit-field structure member is useful for padding to conform to externally imposed layouts." "There may be unnamed padding within a structure object, but not at its beginning." Which makes me conclude: - Whether an unnamed bit-field member is an unnamed member or padding is unclear, and hence also whether the last quote above would render the big endian case of the structure declaration invalid. - Whether the number of members of an aggregate includes unnamed ones is also not really clear. - The initializer in map_grant_ref() initializes all fields of the "cnt" sub-structure of the union, so assuming the second quote above applies here (indirectly), the compiler isn't required to implicitly initialize the rest (i.e. in particular any padding) like would happen for static storage duration objects. Gcc 7.4.1 can be observed (apparently in debug builds only) to translate aforementioned initializer to a read-modify-write operation of a stack variable, leaving unchanged the top two bits of whatever was previously in that stack slot. Clearly if either of the two bits were set, radix_tree_ulong_to_ptr()'s assertion would trigger. Therefore, to be on the safe side, add an explicit padding field for the non-big-endian-bitfields case and give a dummy name to both padding fields. Fixes: 9781b51efde2 ("gnttab: replace mapkind()") Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: b6da9d0414d69c2682214ee3ecf9816fcac500d0 master date: 2021-08-27 10:54:46 +0200 --- xen/common/grant_table.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 192db15c34..86e298dfc0 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -930,10 +930,13 @@ union maptrack_node { struct { /* Radix tree slot pointers use two of the bits. */ #ifdef __BIG_ENDIAN_BITFIELD - unsigned long : 2; + unsigned long _0 : 2; #endif unsigned long rd : BITS_PER_LONG / 2 - 1; unsigned long wr : BITS_PER_LONG / 2 - 1; +#ifndef __BIG_ENDIAN_BITFIELD + unsigned long _0 : 2; +#endif } cnt; unsigned long raw; }; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Sep 08 12:56:18 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 08 Sep 2021 12:56:18 +0000 Received: from list by lists.xenproject.org with outflank-mailman.181947.329321 (Exim 4.92) (envelope-from ) id 1mNx7i-00022I-G1; Wed, 08 Sep 2021 12:56:18 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 181947.329321; Wed, 08 Sep 2021 12:56:18 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNx7i-000229-Ck; Wed, 08 Sep 2021 12:56:18 +0000 Received: by outflank-mailman (input) for mailman id 181947; Wed, 08 Sep 2021 12:56:16 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNx7g-00021z-Qz for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 12:56:16 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNx7g-0004yl-QE for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 12:56:16 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNx7g-0001fr-PL for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 12:56:16 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Slx4UGQ4LLLNLd3WDPtaoDPRUzfV22jfrhNn57ys7RE=; b=oEzykwS8/n0jNeJo+l9UwL7OMO ktz4YX8fVdWMFRe5sFR0EsnjhAlZg1ZWbhIym1OTqSlcbtQ6yVUypWGCFcsvzThcyhgySV/vrAfcc rS5noUPvMVkjIzqCe2QE3HM+rrwdofDecRDI0+KOPQDD/aq+NBcvnz9Ki6zfmYcpCfKY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/PVH: de-duplicate mappings for first Mb of Dom0 memory Message-Id: Date: Wed, 08 Sep 2021 12:56:16 +0000 commit 0cfccfd7feffb51295d10bd4952a37bb06f0b53f Author: Jan Beulich AuthorDate: Wed Sep 8 14:51:24 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 8 14:51:24 2021 +0200 x86/PVH: de-duplicate mappings for first Mb of Dom0 memory One of the changes comprising the fixes for XSA-378 disallows replacing MMIO mappings by code paths not intended for this purpose. This means we need to be more careful about the mappings put in place in this range - mappings should be created exactly once: - iommu_hwdom_init() comes first; it should avoid the first Mb, - pvh_populate_p2m() should insert identity mappings only into ranges not populated as RAM, - pvh_setup_acpi() should again avoid the first Mb, which was already dealt with at that point. Fixes: 753cb68e6530 ("x86/p2m: guard (in particular) identity mapping entries") Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: 6b4f6a31ace125d658a581e8d10809e4fccdc272 master date: 2021-08-31 17:43:36 +0200 --- xen/arch/x86/hvm/dom0_build.c | 39 ++++++++++++++++++++++++++----------- xen/drivers/passthrough/x86/iommu.c | 8 +++++++- 2 files changed, 35 insertions(+), 12 deletions(-) diff --git a/xen/arch/x86/hvm/dom0_build.c b/xen/arch/x86/hvm/dom0_build.c index 12a82c9d7c..5ba0c80a89 100644 --- a/xen/arch/x86/hvm/dom0_build.c +++ b/xen/arch/x86/hvm/dom0_build.c @@ -430,17 +430,6 @@ static int __init pvh_populate_p2m(struct domain *d) int rc; #define MB1_PAGES PFN_DOWN(MB(1)) - /* - * Memory below 1MB is identity mapped initially. RAM regions are - * populated and copied below, replacing the respective mappings. - */ - rc = modify_identity_mmio(d, 0, MB1_PAGES, true); - if ( rc ) - { - printk("Failed to identity map low 1MB: %d\n", rc); - return rc; - } - /* Populate memory map. */ for ( i = 0; i < d->arch.nr_e820; i++ ) { @@ -472,6 +461,23 @@ static int __init pvh_populate_p2m(struct domain *d) } } + /* Non-RAM regions of space below 1MB get identity mapped. */ + for ( i = rc = 0; i < MB1_PAGES; ++i ) + { + p2m_type_t p2mt; + + if ( mfn_eq(get_gfn_query(d, i, &p2mt), INVALID_MFN) ) + rc = set_mmio_p2m_entry(d, _gfn(i), _mfn(i), PAGE_ORDER_4K); + else + ASSERT(p2mt == p2m_ram_rw); + put_gfn(d, i); + if ( rc ) + { + printk("Failed to identity map PFN %x: %d\n", i, rc); + return rc; + } + } + if ( cpu_has_vmx && paging_mode_hap(d) && !vmx_unrestricted_guest(v) ) { /* @@ -1080,6 +1086,17 @@ static int __init pvh_setup_acpi(struct domain *d, paddr_t start_info) nr_pages = PFN_UP((d->arch.e820[i].addr & ~PAGE_MASK) + d->arch.e820[i].size); + /* Memory below 1MB has been dealt with by pvh_populate_p2m(). */ + if ( pfn < PFN_DOWN(MB(1)) ) + { + if ( pfn + nr_pages <= PFN_DOWN(MB(1)) ) + continue; + + /* This shouldn't happen, but is easy to deal with. */ + nr_pages -= PFN_DOWN(MB(1)) - pfn; + pfn = PFN_DOWN(MB(1)); + } + rc = modify_identity_mmio(d, pfn, nr_pages, true); if ( rc ) { diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index 829334ed99..1d7cebcc06 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -325,7 +325,13 @@ void __hwdom_init arch_iommu_hwdom_init(struct domain *d) max_pfn = (GB(4) >> PAGE_SHIFT) - 1; top = max(max_pdx, pfn_to_pdx(max_pfn) + 1); - for ( i = 0; i < top; i++ ) + /* + * First Mb will get mapped in one go by pvh_populate_p2m(). Avoid + * setting up potentially conflicting mappings here. + */ + i = paging_mode_translate(d) ? PFN_DOWN(MB(1)) : 0; + + for ( ; i < top; i++ ) { unsigned long pfn = pdx_to_pfn(i); int rc; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Sep 08 12:56:28 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 08 Sep 2021 12:56:28 +0000 Received: from list by lists.xenproject.org with outflank-mailman.181949.329325 (Exim 4.92) (envelope-from ) id 1mNx7s-000256-HN; Wed, 08 Sep 2021 12:56:28 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 181949.329325; Wed, 08 Sep 2021 12:56:28 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNx7s-000250-EI; Wed, 08 Sep 2021 12:56:28 +0000 Received: by outflank-mailman (input) for mailman id 181949; Wed, 08 Sep 2021 12:56:27 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNx7q-00024g-UX for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 12:56:26 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNx7q-0004yz-Tl for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 12:56:26 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNx7q-0001h0-Su for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 12:56:26 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=I12Vx04lEhxjHTiAHVxlK05sONJE3ZgWoHuXkndr0/o=; b=WLHjlOeSDD9V6Yx6XjHv7DHEac 46NQLVHMa+DdpQ+8uvavKlWuN6ol02sl2GKGd0NOALgjUoA72Y7xTRE9Z+VZPGi58aKV6QNjaI2mf Vge4qeiiSmIwsN57g/iKx0nH17g+TjsZf2xQUA9CMiinPhNOXqpVTjGHttPXGP+WWWgA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/P2M: relax guarding of MMIO entries Message-Id: Date: Wed, 08 Sep 2021 12:56:26 +0000 commit 7bcd5478cccc3b1fc912097a9f534bf7e8fe94af Author: Jan Beulich AuthorDate: Wed Sep 8 14:51:48 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 8 14:51:48 2021 +0200 x86/P2M: relax guarding of MMIO entries One of the changes comprising the fixes for XSA-378 disallows replacing MMIO mappings by code paths not intended for this purpose. At least in the case of PVH Dom0 hitting an RMRR covered by an E820 ACPI region, this is too strict. Generally short-circuit requests establishing the same kind of mapping (mfn, type), but allow permissions to differ. While there, also add a log message to the other domain_crash() invocation that did prevent PVH Dom0 from coming up after the XSA-378 changes. Fixes: 753cb68e6530 ("x86/p2m: guard (in particular) identity mapping entries") Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: 111469cc7b3f586c2335e70205320ed3c828b89e master date: 2021-09-07 09:39:38 +0200 --- xen/arch/x86/mm/p2m.c | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 5005844b57..165efed3f2 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -939,9 +939,13 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, if ( p2m_is_special(ot) ) { /* Don't permit unmapping grant/foreign/direct-MMIO this way. */ - domain_crash(d); p2m_unlock(p2m); - + printk(XENLOG_G_ERR + "%pd: GFN %#lx (%#lx,%u,%u) -> (%#lx,%u,%u) not permitted\n", + d, gfn_x(gfn) + i, + mfn_x(omfn), ot, a, + mfn_x(mfn) + i, t, p2m->default_access); + domain_crash(d); return -EPERM; } else if ( p2m_is_ram(ot) && !p2m_is_paged(ot) ) @@ -1285,9 +1289,24 @@ static int set_typed_p2m_entry(struct domain *d, unsigned long gfn_l, } if ( p2m_is_special(ot) ) { - gfn_unlock(p2m, gfn, order); - domain_crash(d); - return -EPERM; + /* Special-case (almost) identical mappings. */ + if ( !mfn_eq(mfn, omfn) || gfn_p2mt != ot ) + { + gfn_unlock(p2m, gfn, order); + printk(XENLOG_G_ERR + "%pd: GFN %#lx (%#lx,%u,%u,%u) -> (%#lx,%u,%u,%u) not permitted\n", + d, gfn_l, + mfn_x(omfn), cur_order, ot, a, + mfn_x(mfn), order, gfn_p2mt, access); + domain_crash(d); + return -EPERM; + } + + if ( access == a ) + { + gfn_unlock(p2m, gfn, order); + return 0; + } } else if ( p2m_is_ram(ot) ) { -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Sep 08 12:56:38 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 08 Sep 2021 12:56:38 +0000 Received: from list by lists.xenproject.org with outflank-mailman.181951.329330 (Exim 4.92) (envelope-from ) id 1mNx82-00029D-KN; Wed, 08 Sep 2021 12:56:38 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 181951.329330; Wed, 08 Sep 2021 12:56:38 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNx82-000293-H4; Wed, 08 Sep 2021 12:56:38 +0000 Received: by outflank-mailman (input) for mailman id 181951; Wed, 08 Sep 2021 12:56:37 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNx81-00028r-1l for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 12:56:37 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNx81-0004zC-19 for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 12:56:37 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNx81-0001iH-0E for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 12:56:37 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=fIGitM0g92XFTpz5x7WSooKtY1tQxwJDatvVuDLdt0M=; b=uBs3P9ZgOUsQ1d8S2NtKc40OMJ MvS4EQT+xHkQccx7ga4394FLXCMmLrryX9S/6AuvjOktlEtYq/WVLwIe4yvS+K+C8BvUXiI24CRHI 264Mt3BLeJ62plohMTLN+INPEbv7aAyoY/EwaVSAccIYT5QEWrupGy1UR/za9gzIKNXA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/p2m-pt: fix p2m_flags_to_access() Message-Id: Date: Wed, 08 Sep 2021 12:56:37 +0000 commit 4ff1d3b86fe901ac558310f41ab0331ed4a249ea Author: Jan Beulich AuthorDate: Wed Sep 8 14:52:13 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 8 14:52:13 2021 +0200 x86/p2m-pt: fix p2m_flags_to_access() The initial if() was inverted, invalidating all output from this function. Which in turn means the mirroring of P2M mappings into the IOMMU didn't always work as intended: Mappings may have got updated when there was no need to. There would not have been too few (un)mappings; what saves us is that alongside the flags comparison MFNs also get compared, with non-present entries always having an MFN of 0 or INVALID_MFN while present entries always have MFNs different from these two (0 in the table also meant to cover INVALID_MFN): OLD NEW P W access MFN P W access MFN 0 0 r 0 0 0 n 0 0 1 rw 0 0 1 n 0 1 0 n non-0 1 0 r non-0 1 1 n non-0 1 1 rw non-0 present <-> non-present transitions are fine because the MFNs differ. present -> present transitions as well as non-present -> non-present ones are potentially causing too many map/unmap operations, but never too few, because in that case old (bogus) and new access differ. Fixes: d1bb6c97c31e ("IOMMU: also pass p2m_access_t to p2m_get_iommu_flags()) Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: e70a9a043a5ce6d4025420f729bc473f711bf5d1 master date: 2021-09-07 14:24:49 +0200 --- xen/arch/x86/mm/p2m-pt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/mm/p2m-pt.c b/xen/arch/x86/mm/p2m-pt.c index 68744b74a4..28d1875820 100644 --- a/xen/arch/x86/mm/p2m-pt.c +++ b/xen/arch/x86/mm/p2m-pt.c @@ -483,7 +483,7 @@ int p2m_pt_handle_deferred_changes(uint64_t gpa) /* Reconstruct a fake p2m_access_t from stored PTE flags. */ static p2m_access_t p2m_flags_to_access(unsigned int flags) { - if ( flags & _PAGE_PRESENT ) + if ( !(flags & _PAGE_PRESENT) ) return p2m_access_n; /* No need to look at _PAGE_NX for now. */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Sep 08 12:56:48 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 08 Sep 2021 12:56:48 +0000 Received: from list by lists.xenproject.org with outflank-mailman.181953.329335 (Exim 4.92) (envelope-from ) id 1mNx8C-0002C4-Mw; Wed, 08 Sep 2021 12:56:48 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 181953.329335; Wed, 08 Sep 2021 12:56:48 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNx8C-0002Bw-IS; Wed, 08 Sep 2021 12:56:48 +0000 Received: by outflank-mailman (input) for mailman id 181953; Wed, 08 Sep 2021 12:56:47 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNx8B-0002Bf-5r for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 12:56:47 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNx8B-0004zh-59 for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 12:56:47 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNx8B-0001jZ-4I for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 12:56:47 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=iTwtD+yACbLBbjvNGLD4srOLb48xSEZG+7Qb8Un4Kec=; b=1LvH8y5dx+uPGdREDgH1IiWTLv H9a1MQgQkAuzyY/y2fqNaX5H9MWGxweiuZTkLC1NEX4My6EVz8s7DFtlip35ZvNWgXxHhfDTSaQpL t91ouqczPAAhNS+yAmBEaxfxW6V7zy9Kz8XNWYzmBaJiXZ6lpfkf7FGQkzzYkX98lPPw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] gnttab: deal with status frame mapping race Message-Id: Date: Wed, 08 Sep 2021 12:56:47 +0000 commit ef6455a3707cf1c7c61ad8af12558811eeee4ba8 Author: Jan Beulich AuthorDate: Wed Sep 8 14:53:04 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 8 14:53:04 2021 +0200 gnttab: deal with status frame mapping race Once gnttab_map_frame() drops the grant table lock, the MFN it reports back to its caller is free to other manipulation. In particular gnttab_unpopulate_status_frames() might free it, by a racing request on another CPU, thus resulting in a reference to a deallocated page getting added to a domain's P2M. Obtain a page reference in gnttab_map_frame() to prevent freeing of the page until xenmem_add_to_physmap_one() has actually completed its acting on the page. Do so uniformly, even if only strictly required for v2 status pages, to avoid extra conditionals (which then would all need to be kept in sync going forward). This is CVE-2021-28701 / XSA-384. Reported-by: Julien Grall Signed-off-by: Jan Beulich Reviewed-by: Julien Grall master commit: eb6bbf7b30da5bae87932514d54d0e3c68b23757 master date: 2021-09-08 14:37:45 +0200 --- xen/arch/arm/mm.c | 11 ++++++++--- xen/arch/x86/mm.c | 2 ++ xen/common/grant_table.c | 11 ++++++++++- 3 files changed, 20 insertions(+), 4 deletions(-) diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c index 38200e2533..e6c0a0d353 100644 --- a/xen/arch/arm/mm.c +++ b/xen/arch/arm/mm.c @@ -1423,6 +1423,8 @@ int xenmem_add_to_physmap_one( if ( rc ) return rc; + /* Need to take care of the reference obtained in gnttab_map_frame(). */ + page = mfn_to_page(mfn); t = p2m_ram_rw; break; @@ -1490,9 +1492,12 @@ int xenmem_add_to_physmap_one( /* Map at new location. */ rc = guest_physmap_add_entry(d, gfn, mfn, 0, t); - /* If we fail to add the mapping, we need to drop the reference we - * took earlier on foreign pages */ - if ( rc && space == XENMAPSPACE_gmfn_foreign ) + /* + * For XENMAPSPACE_gmfn_foreign if we failed to add the mapping, we need + * to drop the reference we took earlier. In all other cases we need to + * drop any reference we took earlier (perhaps indirectly). + */ + if ( space == XENMAPSPACE_gmfn_foreign ? rc : page != NULL ) { ASSERT(page != NULL); put_page(page); diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 56bad5b3ea..689a430d3b 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -4620,6 +4620,8 @@ int xenmem_add_to_physmap_one( rc = gnttab_map_frame(d, idx, gpfn, &mfn); if ( rc ) return rc; + /* Need to take care of the ref obtained in gnttab_map_frame(). */ + page = mfn_to_page(mfn); break; case XENMAPSPACE_gmfn: { diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 86e298dfc0..f8486c3de7 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -4105,7 +4105,16 @@ int gnttab_map_frame(struct domain *d, unsigned long idx, gfn_t gfn, mfn_t *mfn) } if ( !rc ) - gnttab_set_frame_gfn(gt, status, idx, gfn); + { + /* + * Make sure gnttab_unpopulate_status_frames() won't (successfully) + * free the page until our caller has completed its operation. + */ + if ( get_page(mfn_to_page(*mfn), d) ) + gnttab_set_frame_gfn(gt, status, idx, gfn); + else + rc = -EBUSY; + } grant_write_unlock(gt); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Sep 08 13:00:09 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 08 Sep 2021 13:00:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.181956.329337 (Exim 4.92) (envelope-from ) id 1mNxBP-00032L-UK; Wed, 08 Sep 2021 13:00:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 181956.329337; Wed, 08 Sep 2021 13:00:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNxBP-00032D-RG; Wed, 08 Sep 2021 13:00:07 +0000 Received: by outflank-mailman (input) for mailman id 181956; Wed, 08 Sep 2021 13:00:06 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNxBO-0002yX-6H for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 13:00:06 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNxBO-00055V-2v for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 13:00:06 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNxBO-00029i-1r for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 13:00:06 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=zdUbSFNifIczg8gE4fiPhEHUnL3OsIm0phUaUzAMJME=; b=CikxGKpGMAU4NeXM0W718VKnKw YRnBMMPqirywOzmd17InNj0K3jW8+b4KhYklG3tpg+JMduC70D3g2ybxc92gTwFGuHw0Ed/F911Ye 4GU1QmhPghAElxrM3vCtmVaLjZ5rY8kortbWbRqEq2vZdMFh3KR5lf2btAGoW3a1Fzkg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] gnttab: avoid triggering assertion in radix_tree_ulong_to_ptr() Message-Id: Date: Wed, 08 Sep 2021 13:00:06 +0000 commit 5b853ec2c81755c69e0915d0a8cf51d32eb942ba Author: Jan Beulich AuthorDate: Wed Sep 8 14:55:00 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 8 14:55:00 2021 +0200 gnttab: avoid triggering assertion in radix_tree_ulong_to_ptr() Relevant quotes from the C11 standard: "Except where explicitly stated otherwise, for the purposes of this subclause unnamed members of objects of structure and union type do not participate in initialization. Unnamed members of structure objects have indeterminate value even after initialization." "If there are fewer initializers in a brace-enclosed list than there are elements or members of an aggregate, [...], the remainder of the aggregate shall be initialized implicitly the same as objects that have static storage duration." "If an object that has static or thread storage duration is not initialized explicitly, then: [...] — if it is an aggregate, every member is initialized (recursively) according to these rules, and any padding is initialized to zero bits; [...]" "A bit-field declaration with no declarator, but only a colon and a width, indicates an unnamed bit-field." Footnote: "An unnamed bit-field structure member is useful for padding to conform to externally imposed layouts." "There may be unnamed padding within a structure object, but not at its beginning." Which makes me conclude: - Whether an unnamed bit-field member is an unnamed member or padding is unclear, and hence also whether the last quote above would render the big endian case of the structure declaration invalid. - Whether the number of members of an aggregate includes unnamed ones is also not really clear. - The initializer in map_grant_ref() initializes all fields of the "cnt" sub-structure of the union, so assuming the second quote above applies here (indirectly), the compiler isn't required to implicitly initialize the rest (i.e. in particular any padding) like would happen for static storage duration objects. Gcc 7.4.1 can be observed (apparently in debug builds only) to translate aforementioned initializer to a read-modify-write operation of a stack variable, leaving unchanged the top two bits of whatever was previously in that stack slot. Clearly if either of the two bits were set, radix_tree_ulong_to_ptr()'s assertion would trigger. Therefore, to be on the safe side, add an explicit padding field for the non-big-endian-bitfields case and give a dummy name to both padding fields. Fixes: 9781b51efde2 ("gnttab: replace mapkind()") Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: b6da9d0414d69c2682214ee3ecf9816fcac500d0 master date: 2021-08-27 10:54:46 +0200 --- xen/common/grant_table.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index e1a67fc1c6..a02e906e94 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -889,10 +889,13 @@ union maptrack_node { struct { /* Radix tree slot pointers use two of the bits. */ #ifdef __BIG_ENDIAN_BITFIELD - unsigned long : 2; + unsigned long _0 : 2; #endif unsigned long rd : BITS_PER_LONG / 2 - 1; unsigned long wr : BITS_PER_LONG / 2 - 1; +#ifndef __BIG_ENDIAN_BITFIELD + unsigned long _0 : 2; +#endif } cnt; unsigned long raw; }; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Sep 08 13:00:19 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 08 Sep 2021 13:00:19 +0000 Received: from list by lists.xenproject.org with outflank-mailman.181957.329342 (Exim 4.92) (envelope-from ) id 1mNxBa-00034h-04; Wed, 08 Sep 2021 13:00:18 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 181957.329342; Wed, 08 Sep 2021 13:00:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNxBZ-00034X-Sw; Wed, 08 Sep 2021 13:00:17 +0000 Received: by outflank-mailman (input) for mailman id 181957; Wed, 08 Sep 2021 13:00:16 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNxBY-00034L-7e for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 13:00:16 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNxBY-00055k-6p for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 13:00:16 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNxBY-0002BI-5r for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 13:00:16 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=eAqX1Qq9KymcjI0T8PpZz8C4eGr9zgHM9guQmYCCb/g=; b=inWBnCvuQfENo9hVDkRIH7Mk0q /iVPkZgS98bcgq5jlsS03Fpa2hjma8DQ+5K0YmGoAmtYv9S9lM0PDWFlRjZF0AzVWLRkkHZOYjHwP jhlszUws4iUrGi7pFN5B6TpvireNLYj6RfVMiZ4M8T0RteGUZTddKuh4PQJD8T/BKPtY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] x86/PVH: de-duplicate mappings for first Mb of Dom0 memory Message-Id: Date: Wed, 08 Sep 2021 13:00:16 +0000 commit 8d8b4bde3e1ccdf17fb97998c69a4f116950d2a8 Author: Jan Beulich AuthorDate: Wed Sep 8 14:55:46 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 8 14:55:46 2021 +0200 x86/PVH: de-duplicate mappings for first Mb of Dom0 memory One of the changes comprising the fixes for XSA-378 disallows replacing MMIO mappings by code paths not intended for this purpose. This means we need to be more careful about the mappings put in place in this range - mappings should be created exactly once: - iommu_hwdom_init() comes first; it should avoid the first Mb, - pvh_populate_p2m() should insert identity mappings only into ranges not populated as RAM, - pvh_setup_acpi() should again avoid the first Mb, which was already dealt with at that point. Fixes: 753cb68e6530 ("x86/p2m: guard (in particular) identity mapping entries") Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: 6b4f6a31ace125d658a581e8d10809e4fccdc272 master date: 2021-08-31 17:43:36 +0200 --- xen/arch/x86/hvm/dom0_build.c | 40 +++++++++++++++++++++++++++---------- xen/drivers/passthrough/x86/iommu.c | 8 +++++++- 2 files changed, 36 insertions(+), 12 deletions(-) diff --git a/xen/arch/x86/hvm/dom0_build.c b/xen/arch/x86/hvm/dom0_build.c index 78042bd702..62958bf82c 100644 --- a/xen/arch/x86/hvm/dom0_build.c +++ b/xen/arch/x86/hvm/dom0_build.c @@ -430,17 +430,6 @@ static int __init pvh_populate_p2m(struct domain *d) int rc; #define MB1_PAGES PFN_DOWN(MB(1)) - /* - * Memory below 1MB is identity mapped initially. RAM regions are - * populated and copied below, replacing the respective mappings. - */ - rc = modify_identity_mmio(d, 0, MB1_PAGES, true); - if ( rc ) - { - printk("Failed to identity map low 1MB: %d\n", rc); - return rc; - } - /* Populate memory map. */ for ( i = 0; i < d->arch.nr_e820; i++ ) { @@ -472,6 +461,24 @@ static int __init pvh_populate_p2m(struct domain *d) } } + /* Non-RAM regions of space below 1MB get identity mapped. */ + for ( i = rc = 0; i < MB1_PAGES; ++i ) + { + p2m_type_t p2mt; + + if ( mfn_eq(get_gfn_query(d, i, &p2mt), INVALID_MFN) ) + rc = set_mmio_p2m_entry(d, _gfn(i), _mfn(i), PAGE_ORDER_4K, + p2m_get_hostp2m(d)->default_access); + else + ASSERT(p2mt == p2m_ram_rw); + put_gfn(d, i); + if ( rc ) + { + printk("Failed to identity map PFN %x: %d\n", i, rc); + return rc; + } + } + if ( cpu_has_vmx && paging_mode_hap(d) && !vmx_unrestricted_guest(v) ) { /* @@ -1080,6 +1087,17 @@ static int __init pvh_setup_acpi(struct domain *d, paddr_t start_info) nr_pages = PFN_UP((d->arch.e820[i].addr & ~PAGE_MASK) + d->arch.e820[i].size); + /* Memory below 1MB has been dealt with by pvh_populate_p2m(). */ + if ( pfn < PFN_DOWN(MB(1)) ) + { + if ( pfn + nr_pages <= PFN_DOWN(MB(1)) ) + continue; + + /* This shouldn't happen, but is easy to deal with. */ + nr_pages -= PFN_DOWN(MB(1)) - pfn; + pfn = PFN_DOWN(MB(1)); + } + rc = modify_identity_mmio(d, pfn, nr_pages, true); if ( rc ) { diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index c521ba5ad8..818d28f770 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -313,7 +313,13 @@ void __hwdom_init arch_iommu_hwdom_init(struct domain *d) max_pfn = (GB(4) >> PAGE_SHIFT) - 1; top = max(max_pdx, pfn_to_pdx(max_pfn) + 1); - for ( i = 0; i < top; i++ ) + /* + * First Mb will get mapped in one go by pvh_populate_p2m(). Avoid + * setting up potentially conflicting mappings here. + */ + i = paging_mode_translate(d) ? PFN_DOWN(MB(1)) : 0; + + for ( ; i < top; i++ ) { unsigned long pfn = pdx_to_pfn(i); int rc; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Sep 08 13:00:28 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 08 Sep 2021 13:00:28 +0000 Received: from list by lists.xenproject.org with outflank-mailman.181958.329345 (Exim 4.92) (envelope-from ) id 1mNxBk-00037J-17; Wed, 08 Sep 2021 13:00:28 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 181958.329345; Wed, 08 Sep 2021 13:00:28 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNxBj-00037B-US; Wed, 08 Sep 2021 13:00:27 +0000 Received: by outflank-mailman (input) for mailman id 181958; Wed, 08 Sep 2021 13:00:26 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNxBi-00036v-B4 for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 13:00:26 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNxBi-00055v-AH for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 13:00:26 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNxBi-0002CL-9N for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 13:00:26 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=a3B7NDAFkwCnBkfLQnFsLEl72kQIfa3JJSUbXlrFKkg=; b=ynocMUFs8TM+ZuoB0Rhcww6xoE 2weKcyHQWeL2DPgngA51V9cLsAicLUDTI0XIckVfcch1Ike5XG1WaI2VqMJAvXolTt8MMvvEiD99o ETYfsWlj82lU7P2lLl/FLVJtKQkBEHzHj2fpowqdy55T+K6fplE7Ee6S8TcOVnSQM6lo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] x86/P2M: relax guarding of MMIO entries Message-Id: Date: Wed, 08 Sep 2021 13:00:26 +0000 commit 3bac7235971f8d3469cba8eac7b32f00f540abad Author: Jan Beulich AuthorDate: Wed Sep 8 14:56:16 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 8 14:56:16 2021 +0200 x86/P2M: relax guarding of MMIO entries One of the changes comprising the fixes for XSA-378 disallows replacing MMIO mappings by code paths not intended for this purpose. At least in the case of PVH Dom0 hitting an RMRR covered by an E820 ACPI region, this is too strict. Generally short-circuit requests establishing the same kind of mapping (mfn, type), but allow permissions to differ. While there, also add a log message to the other domain_crash() invocation that did prevent PVH Dom0 from coming up after the XSA-378 changes. Fixes: 753cb68e6530 ("x86/p2m: guard (in particular) identity mapping entries") Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: 111469cc7b3f586c2335e70205320ed3c828b89e master date: 2021-09-07 09:39:38 +0200 --- xen/arch/x86/mm/p2m.c | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 2e4d6e52a2..a68b4fe526 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -938,9 +938,13 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, if ( p2m_is_special(ot) ) { /* Don't permit unmapping grant/foreign/direct-MMIO this way. */ - domain_crash(d); p2m_unlock(p2m); - + printk(XENLOG_G_ERR + "%pd: GFN %#lx (%#lx,%u,%u) -> (%#lx,%u,%u) not permitted\n", + d, gfn_x(gfn) + i, + mfn_x(omfn), ot, a, + mfn_x(mfn) + i, t, p2m->default_access); + domain_crash(d); return -EPERM; } else if ( p2m_is_ram(ot) && !p2m_is_paged(ot) ) @@ -1284,9 +1288,24 @@ static int set_typed_p2m_entry(struct domain *d, unsigned long gfn_l, } if ( p2m_is_special(ot) ) { - gfn_unlock(p2m, gfn, order); - domain_crash(d); - return -EPERM; + /* Special-case (almost) identical mappings. */ + if ( !mfn_eq(mfn, omfn) || gfn_p2mt != ot ) + { + gfn_unlock(p2m, gfn, order); + printk(XENLOG_G_ERR + "%pd: GFN %#lx (%#lx,%u,%u,%u) -> (%#lx,%u,%u,%u) not permitted\n", + d, gfn_l, + mfn_x(omfn), cur_order, ot, a, + mfn_x(mfn), order, gfn_p2mt, access); + domain_crash(d); + return -EPERM; + } + + if ( access == a ) + { + gfn_unlock(p2m, gfn, order); + return 0; + } } else if ( p2m_is_ram(ot) ) { -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Sep 08 13:00:38 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 08 Sep 2021 13:00:38 +0000 Received: from list by lists.xenproject.org with outflank-mailman.181961.329349 (Exim 4.92) (envelope-from ) id 1mNxBu-0003B1-32; Wed, 08 Sep 2021 13:00:38 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 181961.329349; Wed, 08 Sep 2021 13:00:38 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNxBt-0003At-W0; Wed, 08 Sep 2021 13:00:37 +0000 Received: by outflank-mailman (input) for mailman id 181961; Wed, 08 Sep 2021 13:00:36 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNxBs-0003Ad-EK for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 13:00:36 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNxBs-000568-De for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 13:00:36 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNxBs-0002Di-Cn for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 13:00:36 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OXXKr7QU2hKZonUyZUrgWoIeZuBLJu/xLTcdoH5QqOk=; b=aFLF8Uqt6PoPeP8SpfJ9k/fIFr xv9GN6Rq8CjQnIMSAL0ELJS6NFeNQz4ugv5VWBfu3ZPv4J5DL0qqa35hw50eGezPit9RIY9FNizso rXJ8zF7fOjyTdHTefI7b2b/6Dzv2Ci17+VShbfw8i99ihiAM58VI/HMS53iW3KuMgPsU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] x86/p2m-pt: fix p2m_flags_to_access() Message-Id: Date: Wed, 08 Sep 2021 13:00:36 +0000 commit a94d697376058c8043e7273c4d8d8e5cc86ebd3d Author: Jan Beulich AuthorDate: Wed Sep 8 14:56:47 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 8 14:56:47 2021 +0200 x86/p2m-pt: fix p2m_flags_to_access() The initial if() was inverted, invalidating all output from this function. Which in turn means the mirroring of P2M mappings into the IOMMU didn't always work as intended: Mappings may have got updated when there was no need to. There would not have been too few (un)mappings; what saves us is that alongside the flags comparison MFNs also get compared, with non-present entries always having an MFN of 0 or INVALID_MFN while present entries always have MFNs different from these two (0 in the table also meant to cover INVALID_MFN): OLD NEW P W access MFN P W access MFN 0 0 r 0 0 0 n 0 0 1 rw 0 0 1 n 0 1 0 n non-0 1 0 r non-0 1 1 n non-0 1 1 rw non-0 present <-> non-present transitions are fine because the MFNs differ. present -> present transitions as well as non-present -> non-present ones are potentially causing too many map/unmap operations, but never too few, because in that case old (bogus) and new access differ. Fixes: d1bb6c97c31e ("IOMMU: also pass p2m_access_t to p2m_get_iommu_flags()) Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: e70a9a043a5ce6d4025420f729bc473f711bf5d1 master date: 2021-09-07 14:24:49 +0200 --- xen/arch/x86/mm/p2m-pt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/mm/p2m-pt.c b/xen/arch/x86/mm/p2m-pt.c index 5c64008208..cf6d2a4c6a 100644 --- a/xen/arch/x86/mm/p2m-pt.c +++ b/xen/arch/x86/mm/p2m-pt.c @@ -483,7 +483,7 @@ int p2m_pt_handle_deferred_changes(uint64_t gpa) /* Reconstruct a fake p2m_access_t from stored PTE flags. */ static p2m_access_t p2m_flags_to_access(unsigned int flags) { - if ( flags & _PAGE_PRESENT ) + if ( !(flags & _PAGE_PRESENT) ) return p2m_access_n; /* No need to look at _PAGE_NX for now. */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Sep 08 13:00:48 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 08 Sep 2021 13:00:48 +0000 Received: from list by lists.xenproject.org with outflank-mailman.181963.329353 (Exim 4.92) (envelope-from ) id 1mNxC4-0003EZ-62; Wed, 08 Sep 2021 13:00:48 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 181963.329353; Wed, 08 Sep 2021 13:00:48 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNxC4-0003ER-2s; Wed, 08 Sep 2021 13:00:48 +0000 Received: by outflank-mailman (input) for mailman id 181963; Wed, 08 Sep 2021 13:00:46 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNxC2-0003Dv-IG for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 13:00:46 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNxC2-00056j-HY for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 13:00:46 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNxC2-0002Ex-Gi for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 13:00:46 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=v2+HhUWEVOFPa1Uq6RmaQ/sXJP9UQgGRJIxBaOhgOLw=; b=ITDa2OuKuZIkZZkNVONJ2QuMF9 oEQvhjpRAzOxTHsOinFyyG9p6cp0GzQIhiL4cUoyKxXvLe44CtsHCfwVOMpFKKFgRPFNZscr1jxMm EiyoRrw2yjZ+eL8t6w9NVdVsHJ99vDf9e0uqChuzeMLp+9Jey3jBmdXxDMj/rn1gouo8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] gnttab: deal with status frame mapping race Message-Id: Date: Wed, 08 Sep 2021 13:00:46 +0000 commit 9c4b19c110e1410e50a9f1dbd15d337b05e9cc9d Author: Jan Beulich AuthorDate: Wed Sep 8 14:57:31 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 8 14:57:31 2021 +0200 gnttab: deal with status frame mapping race Once gnttab_map_frame() drops the grant table lock, the MFN it reports back to its caller is free to other manipulation. In particular gnttab_unpopulate_status_frames() might free it, by a racing request on another CPU, thus resulting in a reference to a deallocated page getting added to a domain's P2M. Obtain a page reference in gnttab_map_frame() to prevent freeing of the page until xenmem_add_to_physmap_one() has actually completed its acting on the page. Do so uniformly, even if only strictly required for v2 status pages, to avoid extra conditionals (which then would all need to be kept in sync going forward). This is CVE-2021-28701 / XSA-384. Reported-by: Julien Grall Signed-off-by: Jan Beulich Reviewed-by: Julien Grall master commit: eb6bbf7b30da5bae87932514d54d0e3c68b23757 master date: 2021-09-08 14:37:45 +0200 --- xen/arch/arm/mm.c | 11 ++++++++--- xen/arch/x86/mm.c | 2 ++ xen/common/grant_table.c | 11 ++++++++++- 3 files changed, 20 insertions(+), 4 deletions(-) diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c index 67853d58d7..86fbdf8696 100644 --- a/xen/arch/arm/mm.c +++ b/xen/arch/arm/mm.c @@ -1426,6 +1426,8 @@ int xenmem_add_to_physmap_one( if ( rc ) return rc; + /* Need to take care of the reference obtained in gnttab_map_frame(). */ + page = mfn_to_page(mfn); t = p2m_ram_rw; break; @@ -1493,9 +1495,12 @@ int xenmem_add_to_physmap_one( /* Map at new location. */ rc = guest_physmap_add_entry(d, gfn, mfn, 0, t); - /* If we fail to add the mapping, we need to drop the reference we - * took earlier on foreign pages */ - if ( rc && space == XENMAPSPACE_gmfn_foreign ) + /* + * For XENMAPSPACE_gmfn_foreign if we failed to add the mapping, we need + * to drop the reference we took earlier. In all other cases we need to + * drop any reference we took earlier (perhaps indirectly). + */ + if ( space == XENMAPSPACE_gmfn_foreign ? rc : page != NULL ) { ASSERT(page != NULL); put_page(page); diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 7cdd23cd3c..ad89bfb45f 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -4738,6 +4738,8 @@ int xenmem_add_to_physmap_one( rc = gnttab_map_frame(d, idx, gpfn, &mfn); if ( rc ) return rc; + /* Need to take care of the ref obtained in gnttab_map_frame(). */ + page = mfn_to_page(mfn); break; case XENMAPSPACE_gmfn: { diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index a02e906e94..d2853a664a 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -4072,7 +4072,16 @@ int gnttab_map_frame(struct domain *d, unsigned long idx, gfn_t gfn, mfn_t *mfn) } if ( !rc ) - gnttab_set_frame_gfn(gt, status, idx, gfn); + { + /* + * Make sure gnttab_unpopulate_status_frames() won't (successfully) + * free the page until our caller has completed its operation. + */ + if ( get_page(mfn_to_page(*mfn), d) ) + gnttab_set_frame_gfn(gt, status, idx, gfn); + else + rc = -EBUSY; + } grant_write_unlock(gt); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Sep 08 13:11:11 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 08 Sep 2021 13:11:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.181997.329386 (Exim 4.92) (envelope-from ) id 1mNxM2-00063B-IC; Wed, 08 Sep 2021 13:11:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 181997.329386; Wed, 08 Sep 2021 13:11:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNxM2-000632-Es; Wed, 08 Sep 2021 13:11:06 +0000 Received: by outflank-mailman (input) for mailman id 181997; Wed, 08 Sep 2021 13:11:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNxM0-000629-OC for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 13:11:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNxM0-0005HR-Lu for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 13:11:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNxM0-0003Bq-Kn for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 13:11:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Sdfanpl8DDQ7EmqPyQ2fXf3l9+m2a4fnb7EjSdY2iH8=; b=FFvrowUavN42GKs4U25b8cG/AD 9as6d/54ynNjxVFCAz3UcYcIzFmHwFGi7O39L+SvrQsrx6VDJ8RYpIQ38hICVU7fMUOhCTbtesM8j pKwXhf63isuQkF2ywYWxHUwQb2+1+NXz2ZF1FUVza61PzZsq7aGzOygrzq1tjTEawZ+Y=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.12] gnttab: deal with status frame mapping race Message-Id: Date: Wed, 08 Sep 2021 13:11:04 +0000 commit 47193c78887734c2f95a50125684bf81419f1565 Author: Jan Beulich AuthorDate: Wed Sep 8 15:03:11 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 8 15:03:11 2021 +0200 gnttab: deal with status frame mapping race Once gnttab_map_frame() drops the grant table lock, the MFN it reports back to its caller is free to other manipulation. In particular gnttab_unpopulate_status_frames() might free it, by a racing request on another CPU, thus resulting in a reference to a deallocated page getting added to a domain's P2M. Obtain a page reference in gnttab_map_frame() to prevent freeing of the page until xenmem_add_to_physmap_one() has actually completed its acting on the page. Do so uniformly, even if only strictly required for v2 status pages, to avoid extra conditionals (which then would all need to be kept in sync going forward). This is CVE-2021-28701 / XSA-384. Reported-by: Julien Grall Signed-off-by: Jan Beulich Reviewed-by: Julien Grall master commit: eb6bbf7b30da5bae87932514d54d0e3c68b23757 master date: 2021-09-08 14:37:45 +0200 --- xen/arch/arm/mm.c | 11 ++++++++--- xen/arch/x86/mm.c | 2 ++ xen/common/grant_table.c | 11 ++++++++++- 3 files changed, 20 insertions(+), 4 deletions(-) diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c index de6009e54b..c4e1760988 100644 --- a/xen/arch/arm/mm.c +++ b/xen/arch/arm/mm.c @@ -1227,6 +1227,8 @@ int xenmem_add_to_physmap_one( if ( rc ) return rc; + /* Need to take care of the reference obtained in gnttab_map_frame(). */ + page = mfn_to_page(mfn); t = p2m_ram_rw; break; @@ -1294,9 +1296,12 @@ int xenmem_add_to_physmap_one( /* Map at new location. */ rc = guest_physmap_add_entry(d, gfn, mfn, 0, t); - /* If we fail to add the mapping, we need to drop the reference we - * took earlier on foreign pages */ - if ( rc && space == XENMAPSPACE_gmfn_foreign ) + /* + * For XENMAPSPACE_gmfn_foreign if we failed to add the mapping, we need + * to drop the reference we took earlier. In all other cases we need to + * drop any reference we took earlier (perhaps indirectly). + */ + if ( space == XENMAPSPACE_gmfn_foreign ? rc : page != NULL ) { ASSERT(page != NULL); put_page(page); diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index f3767387e6..8c0a9b0226 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -4777,6 +4777,8 @@ int xenmem_add_to_physmap_one( rc = gnttab_map_frame(d, idx, gpfn, &mfn); if ( rc ) return rc; + /* Need to take care of the ref obtained in gnttab_map_frame(). */ + page = mfn_to_page(mfn); break; case XENMAPSPACE_gmfn: { diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 3056454b95..2bc00f30a3 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -3986,7 +3986,16 @@ int gnttab_map_frame(struct domain *d, unsigned long idx, gfn_t gfn, mfn_t *mfn) } if ( !rc ) - gnttab_set_frame_gfn(gt, status, idx, gfn); + { + /* + * Make sure gnttab_unpopulate_status_frames() won't (successfully) + * free the page until our caller has completed its operation. + */ + if ( get_page(mfn_to_page(*mfn), d) ) + gnttab_set_frame_gfn(gt, status, idx, gfn); + else + rc = -EBUSY; + } grant_write_unlock(gt); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.12 From xen-changelog-bounces@lists.xenproject.org Wed Sep 08 13:44:11 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 08 Sep 2021 13:44:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.182047.329456 (Exim 4.92) (envelope-from ) id 1mNxry-00050t-Oz; Wed, 08 Sep 2021 13:44:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 182047.329456; Wed, 08 Sep 2021 13:44:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNxry-00050l-MC; Wed, 08 Sep 2021 13:44:06 +0000 Received: by outflank-mailman (input) for mailman id 182047; Wed, 08 Sep 2021 13:44:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNxrx-00050f-TG for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 13:44:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNxrx-0005tV-Mv for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 13:44:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNxrx-0005uF-LW for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 13:44:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=1j15wXbM4B4epeOpzolOsGcl159Yz7ao6MXZWmtmY4k=; b=6b2Z7wdSs+YNm+1nQ8Dg9v5HG1 qN6/AsSjcsNd1Kv+arEBWNo68zMuPixDIVs8f0wsbzFR48FKBIdzAqt0Vlr0/HEgud6J5NHed+LL4 +tIvpaRfEHRXFc5wboAFy4m6/bOxqnWRmiyQiGeAmpmHuWoyAT1PXofsjVT+masyBTtA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/spec-ctrl: Split the "Hardware features" diagnostic line Message-Id: Date: Wed, 08 Sep 2021 13:44:05 +0000 commit 565ebcda976c05b0c6191510d5e32b621a2b1867 Author: Andrew Cooper AuthorDate: Thu Jul 29 11:59:22 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Sep 8 14:16:19 2021 +0100 x86/spec-ctrl: Split the "Hardware features" diagnostic line Separate the read-only hints from the features requiring active actions on Xen's behalf. Also take the opportunity split the IBRS/IBPB and IBPB mess. More features with overlapping enumeration are on the way, and and it is not useful to split them like this. No practical change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/spec_ctrl.c | 41 ++++++++++++++++++++++++----------------- 1 file changed, 24 insertions(+), 17 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 750110e9df..c310a7f6ac 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -317,23 +317,30 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) printk("Speculative mitigation facilities:\n"); - /* Hardware features which pertain to speculative mitigations. */ - printk(" Hardware features:%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n", - (_7d0 & cpufeat_mask(X86_FEATURE_IBRSB)) ? " IBRS/IBPB" : "", - (_7d0 & cpufeat_mask(X86_FEATURE_STIBP)) ? " STIBP" : "", - (_7d0 & cpufeat_mask(X86_FEATURE_L1D_FLUSH)) ? " L1D_FLUSH" : "", - (_7d0 & cpufeat_mask(X86_FEATURE_SSBD)) ? " SSBD" : "", - (_7d0 & cpufeat_mask(X86_FEATURE_MD_CLEAR)) ? " MD_CLEAR" : "", - (_7d0 & cpufeat_mask(X86_FEATURE_SRBDS_CTRL)) ? " SRBDS_CTRL" : "", - (e8b & cpufeat_mask(X86_FEATURE_IBPB)) ? " IBPB" : "", - (caps & ARCH_CAPS_IBRS_ALL) ? " IBRS_ALL" : "", - (caps & ARCH_CAPS_RDCL_NO) ? " RDCL_NO" : "", - (caps & ARCH_CAPS_RSBA) ? " RSBA" : "", - (caps & ARCH_CAPS_SKIP_L1DFL) ? " SKIP_L1DFL": "", - (caps & ARCH_CAPS_SSB_NO) ? " SSB_NO" : "", - (caps & ARCH_CAPS_MDS_NO) ? " MDS_NO" : "", - (caps & ARCH_CAPS_TSX_CTRL) ? " TSX_CTRL" : "", - (caps & ARCH_CAPS_TAA_NO) ? " TAA_NO" : ""); + /* + * Hardware read-only information, stating immunity to certain issues, or + * suggestions of which mitigation to use. + */ + printk(" Hardware hints:%s%s%s%s%s%s%s\n", + (caps & ARCH_CAPS_RDCL_NO) ? " RDCL_NO" : "", + (caps & ARCH_CAPS_IBRS_ALL) ? " IBRS_ALL" : "", + (caps & ARCH_CAPS_RSBA) ? " RSBA" : "", + (caps & ARCH_CAPS_SKIP_L1DFL) ? " SKIP_L1DFL" : "", + (caps & ARCH_CAPS_SSB_NO) ? " SSB_NO" : "", + (caps & ARCH_CAPS_MDS_NO) ? " MDS_NO" : "", + (caps & ARCH_CAPS_TAA_NO) ? " TAA_NO" : ""); + + /* Hardware features which need driving to mitigate issues. */ + printk(" Hardware features:%s%s%s%s%s%s%s%s\n", + (e8b & cpufeat_mask(X86_FEATURE_IBPB)) || + (_7d0 & cpufeat_mask(X86_FEATURE_IBRSB)) ? " IBPB" : "", + (_7d0 & cpufeat_mask(X86_FEATURE_IBRSB)) ? " IBRS" : "", + (_7d0 & cpufeat_mask(X86_FEATURE_STIBP)) ? " STIBP" : "", + (_7d0 & cpufeat_mask(X86_FEATURE_SSBD)) ? " SSBD" : "", + (_7d0 & cpufeat_mask(X86_FEATURE_L1D_FLUSH)) ? " L1D_FLUSH" : "", + (_7d0 & cpufeat_mask(X86_FEATURE_MD_CLEAR)) ? " MD_CLEAR" : "", + (_7d0 & cpufeat_mask(X86_FEATURE_SRBDS_CTRL)) ? " SRBDS_CTRL" : "", + (caps & ARCH_CAPS_TSX_CTRL) ? " TSX_CTRL" : ""); /* Compiled-in support which pertains to mitigations. */ if ( IS_ENABLED(CONFIG_INDIRECT_THUNK) || IS_ENABLED(CONFIG_SHADOW_PAGING) ) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Sep 08 13:44:16 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 08 Sep 2021 13:44:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.182048.329461 (Exim 4.92) (envelope-from ) id 1mNxs8-00052z-RE; Wed, 08 Sep 2021 13:44:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 182048.329461; Wed, 08 Sep 2021 13:44:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNxs8-00052r-Ni; Wed, 08 Sep 2021 13:44:16 +0000 Received: by outflank-mailman (input) for mailman id 182048; Wed, 08 Sep 2021 13:44:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNxs7-00052g-Sd for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 13:44:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNxs7-0005tZ-Rq for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 13:44:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNxs7-0005vX-QV for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 13:44:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=RVy1yp40BqNV1Hib+tewm1XfeAJmF01k4ZdH38ccpl4=; b=RsEyXcYr/V9sTLswRdE6+ptyid j3oqxUDhV4WG46S4id/xN0KS2Twe1mnpT+jshHrglAIFg0sK+UyRoQl75ewZ4001ZFDkBZF5yT6rb nDxHcFud3CBjMdQcTwyDDLoL88Lm+eFG2dbWXoK8peBsKFuf6LwODlwJ1Y59NLyDct5I=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/amd: Enumeration for speculative features/hints Message-Id: Date: Wed, 08 Sep 2021 13:44:15 +0000 commit 747424c664bb164a04e7a9f2ffbf02d4a1630d7d Author: Andrew Cooper AuthorDate: Mon Jul 12 15:13:32 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Sep 8 14:16:19 2021 +0100 x86/amd: Enumeration for speculative features/hints There is a step change in speculation protections between the Zen1 and Zen2 microarchitectures. Zen1 and older have no special support. Control bits in non-architectural MSRs are used to make lfence be dispatch-serialising (Spectre v1), and to disable Memory Disambiguation (Speculative Store Bypass). IBPB was retrofitted in a microcode update, and software methods are required for Spectre v2 protections. Because the bit controlling Memory Disambiguation is model specific, hypervisors are expected to expose a MSR_VIRT_SPEC_CTRL interface which abstracts the model specific details. Zen2 and later implement the MSR_SPEC_CTRL interface in hardware, and virtualise the interface for HVM guests to use. A number of hint bits are specified too to help guide OS software to the most efficient mitigation strategy. Zen3 introduced a new feature, Predictive Store Forwarding, along with a control to disable it in sensitive code. Add CPUID and VMCB details for all the new functionality. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- tools/libs/light/libxl_cpuid.c | 10 ++++++++++ tools/misc/xen-cpuid.c | 8 +++++++- xen/arch/x86/hvm/svm/svm.c | 1 + xen/arch/x86/hvm/svm/vmcb.c | 1 + xen/include/asm-x86/cpufeature.h | 5 +++++ xen/include/asm-x86/hvm/svm/svm.h | 2 ++ xen/include/asm-x86/hvm/svm/vmcb.h | 4 +++- xen/include/asm-x86/msr-index.h | 3 +++ xen/include/public/arch-x86/cpufeatureset.h | 10 ++++++++++ 9 files changed, 42 insertions(+), 2 deletions(-) diff --git a/tools/libs/light/libxl_cpuid.c b/tools/libs/light/libxl_cpuid.c index d667c36f31..815498d4f3 100644 --- a/tools/libs/light/libxl_cpuid.c +++ b/tools/libs/light/libxl_cpuid.c @@ -274,8 +274,18 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str) {"rstr-fp-err-ptrs", 0x80000008, NA, CPUID_REG_EBX, 2, 1}, {"wbnoinvd", 0x80000008, NA, CPUID_REG_EBX, 9, 1}, {"ibpb", 0x80000008, NA, CPUID_REG_EBX, 12, 1}, + {"ibrs", 0x80000008, NA, CPUID_REG_EBX, 14, 1}, + {"amd-stibp", 0x80000008, NA, CPUID_REG_EBX, 15, 1}, + {"ibrs-always", 0x80000008, NA, CPUID_REG_EBX, 16, 1}, + {"stibp-always", 0x80000008, NA, CPUID_REG_EBX, 17, 1}, + {"ibrs-fast", 0x80000008, NA, CPUID_REG_EBX, 18, 1}, + {"ibrs-same-mode", 0x80000008, NA, CPUID_REG_EBX, 19, 1}, {"no-lmsl", 0x80000008, NA, CPUID_REG_EBX, 20, 1}, {"ppin", 0x80000008, NA, CPUID_REG_EBX, 23, 1}, + {"amd-ssbd", 0x80000008, NA, CPUID_REG_EBX, 24, 1}, + {"virt-ssbd", 0x80000008, NA, CPUID_REG_EBX, 25, 1}, + {"ssb-no", 0x80000008, NA, CPUID_REG_EBX, 26, 1}, + {"psfd", 0x80000008, NA, CPUID_REG_EBX, 28, 1}, {"nc", 0x80000008, NA, CPUID_REG_ECX, 0, 8}, {"apicidsize", 0x80000008, NA, CPUID_REG_ECX, 12, 4}, diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index d79e67ecfb..37989e4a12 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -148,12 +148,18 @@ static const char *const str_e8b[32] = [ 0] = "clzero", [ 2] = "rstr-fp-err-ptrs", - /* [ 8] */ [ 9] = "wbnoinvd", + /* [ 8] */ [ 9] = "wbnoinvd", [12] = "ibpb", + [14] = "ibrs", [15] = "amd-stibp", + [16] = "ibrs-always", [17] = "stibp-always", + [18] = "ibrs-fast", [19] = "ibrs-same-mode", [20] = "no-lmsl", /* [22] */ [23] = "ppin", + [24] = "amd-ssbd", [25] = "virt-ssbd", + [26] = "ssb-no", + [28] = "psfd", }; static const char *const str_7d0[32] = diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index 642a64b747..8dc92c8b9f 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -1659,6 +1659,7 @@ const struct hvm_function_table * __init start_svm(void) P(cpu_has_pause_thresh, "Pause-Intercept Filter Threshold"); P(cpu_has_tsc_ratio, "TSC Rate MSR"); P(cpu_has_svm_sss, "NPT Supervisor Shadow Stack"); + P(cpu_has_svm_spec_ctrl, "MSR_SPEC_CTRL virtualisation"); #undef P if ( !printed ) diff --git a/xen/arch/x86/hvm/svm/vmcb.c b/xen/arch/x86/hvm/svm/vmcb.c index 373d5d4af4..55da9302e5 100644 --- a/xen/arch/x86/hvm/svm/vmcb.c +++ b/xen/arch/x86/hvm/svm/vmcb.c @@ -271,6 +271,7 @@ static void __init __maybe_unused build_assertions(void) BUILD_BUG_ON(offsetof(typeof(vmcb), rsp) != 0x5d8); BUILD_BUG_ON(offsetof(typeof(vmcb), rax) != 0x5f8); BUILD_BUG_ON(offsetof(typeof(vmcb), _g_pat) != 0x668); + BUILD_BUG_ON(offsetof(typeof(vmcb), spec_ctrl) != 0x6e0); /* Check struct segment_register against the VMCB segment layout. */ BUILD_BUG_ON(sizeof(vmcb.es) != 16); diff --git a/xen/include/asm-x86/cpufeature.h b/xen/include/asm-x86/cpufeature.h index 4faf9bff29..94a485f99c 100644 --- a/xen/include/asm-x86/cpufeature.h +++ b/xen/include/asm-x86/cpufeature.h @@ -128,6 +128,11 @@ /* CPUID level 0x80000007.edx */ #define cpu_has_itsc boot_cpu_has(X86_FEATURE_ITSC) +/* CPUID level 0x80000008.ebx */ +#define cpu_has_amd_ssbd boot_cpu_has(X86_FEATURE_AMD_SSBD) +#define cpu_has_virt_ssbd boot_cpu_has(X86_FEATURE_VIRT_SSBD) +#define cpu_has_ssb_no boot_cpu_has(X86_FEATURE_SSB_NO) + /* CPUID level 0x00000007:0.edx */ #define cpu_has_avx512_4vnniw boot_cpu_has(X86_FEATURE_AVX512_4VNNIW) #define cpu_has_avx512_4fmaps boot_cpu_has(X86_FEATURE_AVX512_4FMAPS) diff --git a/xen/include/asm-x86/hvm/svm/svm.h b/xen/include/asm-x86/hvm/svm/svm.h index bee939156f..05e9685026 100644 --- a/xen/include/asm-x86/hvm/svm/svm.h +++ b/xen/include/asm-x86/hvm/svm/svm.h @@ -76,6 +76,7 @@ extern u32 svm_feature_flags; #define SVM_FEATURE_VLOADSAVE 15 /* virtual vmload/vmsave */ #define SVM_FEATURE_VGIF 16 /* Virtual GIF */ #define SVM_FEATURE_SSS 19 /* NPT Supervisor Shadow Stacks */ +#define SVM_FEATURE_SPEC_CTRL 20 /* MSR_SPEC_CTRL virtualisation */ #define cpu_has_svm_feature(f) (svm_feature_flags & (1u << (f))) #define cpu_has_svm_npt cpu_has_svm_feature(SVM_FEATURE_NPT) @@ -91,6 +92,7 @@ extern u32 svm_feature_flags; #define cpu_has_tsc_ratio cpu_has_svm_feature(SVM_FEATURE_TSCRATEMSR) #define cpu_has_svm_vloadsave cpu_has_svm_feature(SVM_FEATURE_VLOADSAVE) #define cpu_has_svm_sss cpu_has_svm_feature(SVM_FEATURE_SSS) +#define cpu_has_svm_spec_ctrl cpu_has_svm_feature(SVM_FEATURE_SPEC_CTRL) #define SVM_PAUSEFILTER_INIT 4000 #define SVM_PAUSETHRESH_INIT 1000 diff --git a/xen/include/asm-x86/hvm/svm/vmcb.h b/xen/include/asm-x86/hvm/svm/vmcb.h index 9e1e42f494..4fa2ddfb2f 100644 --- a/xen/include/asm-x86/hvm/svm/vmcb.h +++ b/xen/include/asm-x86/hvm/svm/vmcb.h @@ -521,7 +521,9 @@ struct vmcb_struct { u64 _lastbranchtoip; /* cleanbit 10 */ u64 _lastintfromip; /* cleanbit 10 */ u64 _lastinttoip; /* cleanbit 10 */ - u64 res17[301]; + u64 res17[9]; + u64 spec_ctrl; + u64 res18[291]; }; struct svm_domain { diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index a14841055f..903923e5a5 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -33,6 +33,7 @@ #define SPEC_CTRL_IBRS (_AC(1, ULL) << 0) #define SPEC_CTRL_STIBP (_AC(1, ULL) << 1) #define SPEC_CTRL_SSBD (_AC(1, ULL) << 2) +#define SPEC_CTRL_PSFD (_AC(1, ULL) << 7) #define MSR_PRED_CMD 0x00000049 #define PRED_CMD_IBPB (_AC(1, ULL) << 0) @@ -137,6 +138,8 @@ #define VM_CR_INIT_REDIRECTION (_AC(1, ULL) << 1) #define VM_CR_SVM_DISABLE (_AC(1, ULL) << 4) +#define MSR_VIRT_SPEC_CTRL 0xc001011f /* Layout matches MSR_SPEC_CTRL */ + /* * Legacy MSR constants in need of cleanup. No new MSRs below this comment. */ diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index f0e5fabfed..f11d5439ae 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -255,8 +255,18 @@ XEN_CPUFEATURE(CLZERO, 8*32+ 0) /*A CLZERO instruction */ XEN_CPUFEATURE(RSTR_FP_ERR_PTRS, 8*32+ 2) /*A (F)X{SAVE,RSTOR} always saves/restores FPU Error pointers */ XEN_CPUFEATURE(WBNOINVD, 8*32+ 9) /* WBNOINVD instruction */ XEN_CPUFEATURE(IBPB, 8*32+12) /*A IBPB support only (no IBRS, used by AMD) */ +XEN_CPUFEATURE(IBRS, 8*32+14) /* MSR_SPEC_CTRL.IBRS */ +XEN_CPUFEATURE(AMD_STIBP, 8*32+15) /* MSR_SPEC_CTRL.STIBP */ +XEN_CPUFEATURE(IBRS_ALWAYS, 8*32+16) /* IBRS preferred always on */ +XEN_CPUFEATURE(STIBP_ALWAYS, 8*32+17) /* STIBP preferred always on */ +XEN_CPUFEATURE(IBRS_FAST, 8*32+18) /* IBRS preferred over software options */ +XEN_CPUFEATURE(IBRS_SAME_MODE, 8*32+19) /* IBRS provides same-mode protection */ XEN_CPUFEATURE(NO_LMSL, 8*32+20) /*S EFER.LMSLE no longer supported. */ XEN_CPUFEATURE(AMD_PPIN, 8*32+23) /* Protected Processor Inventory Number */ +XEN_CPUFEATURE(AMD_SSBD, 8*32+24) /* MSR_SPEC_CTRL.SSBD available */ +XEN_CPUFEATURE(VIRT_SSBD, 8*32+25) /* MSR_VIRT_SPEC_CTRL.SSBD */ +XEN_CPUFEATURE(SSB_NO, 8*32+26) /* Hardware not vulnerable to SSB */ +XEN_CPUFEATURE(PSFD, 8*32+28) /* MSR_SPEC_CTRL.PSFD */ /* Intel-defined CPU features, CPUID level 0x00000007:0.edx, word 9 */ XEN_CPUFEATURE(AVX512_4VNNIW, 9*32+ 2) /*A AVX512 Neural Network Instructions */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Sep 08 13:44:26 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 08 Sep 2021 13:44:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.182049.329463 (Exim 4.92) (envelope-from ) id 1mNxsI-00056U-SJ; Wed, 08 Sep 2021 13:44:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 182049.329463; Wed, 08 Sep 2021 13:44:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNxsI-00056K-PK; Wed, 08 Sep 2021 13:44:26 +0000 Received: by outflank-mailman (input) for mailman id 182049; Wed, 08 Sep 2021 13:44:26 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNxsI-00055w-0P for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 13:44:26 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNxsH-0005tk-Vu for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 13:44:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNxsH-0005wM-Un for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 13:44:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=qEFHiA+POOv4o1eQZABZO9fXzsh8cZsZalmSgDla9I4=; b=tYVygmsi92NbuYfcu2mzRlr6LY /0UexeVAEaEmjwlknBDUnt5pCKasfQ4+4Mn+fhWM2cKL8geo1CKk/egNBy9NLIhBtu4aHotz+BjX7 MWele7drdDTGqJI5jnz8QsXdXpsQJUdyZ1howMTtbOQMvgGPdhZtQKPtRG8ZqrqImkXk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/amd: Use newer SSBD mechanisms if they exist Message-Id: Date: Wed, 08 Sep 2021 13:44:25 +0000 commit 2a4e6c4e4bea2e0bb720418c331ee28ff9c7632e Author: Andrew Cooper AuthorDate: Fri Nov 30 17:17:38 2018 +0000 Commit: Andrew Cooper CommitDate: Wed Sep 8 14:16:19 2021 +0100 x86/amd: Use newer SSBD mechanisms if they exist The opencoded legacy Memory Disambiguation logic in init_amd() neglected Fam19h for the Zen3 microarchitecture. Further more, all Zen2 based system have the architectural MSR_SPEC_CTRL and the SSBD bit within it, so shouldn't be using MSR_AMD64_LS_CFG. Implement the algorithm given in AMD's SSBD whitepaper, and leave a printk_once() behind in the case that no controls can be found. This now means that a user explicitly choosing `spec-ctrl=ssbd` will properly turn off Memory Disambiguation on Fam19h/Zen3 systems. This still remains a single system-wide setting (for now), and is not context switched between vCPUs. As such, it doesn't interact with Intel's use of MSR_SPEC_CTRL and default_xen_spec_ctrl (yet). Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/cpu/amd.c | 71 +++++++++++++++++++++++++++++++++++------------- xen/arch/x86/cpu/cpu.h | 1 + xen/arch/x86/cpu/hygon.c | 10 +------ xen/arch/x86/spec_ctrl.c | 5 +++- 4 files changed, 58 insertions(+), 29 deletions(-) diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index cb12861481..c4d84373a7 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -681,6 +681,56 @@ void amd_init_lfence(struct cpuinfo_x86 *c) c->x86_capability); } +/* + * Refer to the AMD Speculative Store Bypass whitepaper: + * https://developer.amd.com/wp-content/resources/124441_AMD64_SpeculativeStoreBypassDisable_Whitepaper_final.pdf + */ +void amd_init_ssbd(const struct cpuinfo_x86 *c) +{ + int bit = -1; + + if (cpu_has_ssb_no) + return; + + if (cpu_has_amd_ssbd) { + wrmsrl(MSR_SPEC_CTRL, opt_ssbd ? SPEC_CTRL_SSBD : 0); + return; + } + + if (cpu_has_virt_ssbd) { + wrmsrl(MSR_VIRT_SPEC_CTRL, opt_ssbd ? SPEC_CTRL_SSBD : 0); + return; + } + + switch (c->x86) { + case 0x15: bit = 54; break; + case 0x16: bit = 33; break; + case 0x17: + case 0x18: bit = 10; break; + } + + if (bit >= 0) { + uint64_t val, mask = 1ull << bit; + + if (rdmsr_safe(MSR_AMD64_LS_CFG, val) || + ({ + val &= ~mask; + if (opt_ssbd) + val |= mask; + false; + }) || + wrmsr_safe(MSR_AMD64_LS_CFG, val) || + ({ + rdmsrl(MSR_AMD64_LS_CFG, val); + (val & mask) != (opt_ssbd * mask); + })) + bit = -1; + } + + if (bit < 0) + printk_once(XENLOG_ERR "No SSBD controls available\n"); +} + void __init detect_zen2_null_seg_behaviour(void) { uint64_t base; @@ -744,30 +794,13 @@ static void init_amd(struct cpuinfo_x86 *c) else /* Implicily "== 0x10 || >= 0x12" by being 64bit. */ amd_init_lfence(c); + amd_init_ssbd(c); + /* Probe for NSCB on Zen2 CPUs when not virtualised */ if (!cpu_has_hypervisor && !cpu_has_nscb && c == &boot_cpu_data && c->x86 == 0x17) detect_zen2_null_seg_behaviour(); - /* - * If the user has explicitly chosen to disable Memory Disambiguation - * to mitigiate Speculative Store Bypass, poke the appropriate MSR. - */ - if (opt_ssbd) { - int bit = -1; - - switch (c->x86) { - case 0x15: bit = 54; break; - case 0x16: bit = 33; break; - case 0x17: bit = 10; break; - } - - if (bit >= 0 && !rdmsr_safe(MSR_AMD64_LS_CFG, value)) { - value |= 1ull << bit; - wrmsr_safe(MSR_AMD64_LS_CFG, value); - } - } - /* MFENCE stops RDTSC speculation */ if (!cpu_has_lfence_dispatch) __set_bit(X86_FEATURE_MFENCE_RDTSC, c->x86_capability); diff --git a/xen/arch/x86/cpu/cpu.h b/xen/arch/x86/cpu/cpu.h index 0dd1b762ff..b593bd85f0 100644 --- a/xen/arch/x86/cpu/cpu.h +++ b/xen/arch/x86/cpu/cpu.h @@ -21,4 +21,5 @@ extern bool detect_extended_topology(struct cpuinfo_x86 *c); void early_init_amd(struct cpuinfo_x86 *c); void amd_log_freq(const struct cpuinfo_x86 *c); void amd_init_lfence(struct cpuinfo_x86 *c); +void amd_init_ssbd(const struct cpuinfo_x86 *c); void detect_zen2_null_seg_behaviour(void); diff --git a/xen/arch/x86/cpu/hygon.c b/xen/arch/x86/cpu/hygon.c index d7a04af2bb..429d6601fc 100644 --- a/xen/arch/x86/cpu/hygon.c +++ b/xen/arch/x86/cpu/hygon.c @@ -33,21 +33,13 @@ static void init_hygon(struct cpuinfo_x86 *c) unsigned long long value; amd_init_lfence(c); + amd_init_ssbd(c); /* Probe for NSCB on Zen2 CPUs when not virtualised */ if (!cpu_has_hypervisor && !cpu_has_nscb && c == &boot_cpu_data && c->x86 == 0x18) detect_zen2_null_seg_behaviour(); - /* - * If the user has explicitly chosen to disable Memory Disambiguation - * to mitigiate Speculative Store Bypass, poke the appropriate MSR. - */ - if (opt_ssbd && !rdmsr_safe(MSR_AMD64_LS_CFG, value)) { - value |= 1ull << 10; - wrmsr_safe(MSR_AMD64_LS_CFG, value); - } - /* MFENCE stops RDTSC speculation */ if (!cpu_has_lfence_dispatch) __set_bit(X86_FEATURE_MFENCE_RDTSC, c->x86_capability); diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index c310a7f6ac..f0c67d41b8 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -326,20 +326,23 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (caps & ARCH_CAPS_IBRS_ALL) ? " IBRS_ALL" : "", (caps & ARCH_CAPS_RSBA) ? " RSBA" : "", (caps & ARCH_CAPS_SKIP_L1DFL) ? " SKIP_L1DFL" : "", + (e8b & cpufeat_mask(X86_FEATURE_SSB_NO)) || (caps & ARCH_CAPS_SSB_NO) ? " SSB_NO" : "", (caps & ARCH_CAPS_MDS_NO) ? " MDS_NO" : "", (caps & ARCH_CAPS_TAA_NO) ? " TAA_NO" : ""); /* Hardware features which need driving to mitigate issues. */ - printk(" Hardware features:%s%s%s%s%s%s%s%s\n", + printk(" Hardware features:%s%s%s%s%s%s%s%s%s\n", (e8b & cpufeat_mask(X86_FEATURE_IBPB)) || (_7d0 & cpufeat_mask(X86_FEATURE_IBRSB)) ? " IBPB" : "", (_7d0 & cpufeat_mask(X86_FEATURE_IBRSB)) ? " IBRS" : "", (_7d0 & cpufeat_mask(X86_FEATURE_STIBP)) ? " STIBP" : "", + (e8b & cpufeat_mask(X86_FEATURE_AMD_SSBD)) || (_7d0 & cpufeat_mask(X86_FEATURE_SSBD)) ? " SSBD" : "", (_7d0 & cpufeat_mask(X86_FEATURE_L1D_FLUSH)) ? " L1D_FLUSH" : "", (_7d0 & cpufeat_mask(X86_FEATURE_MD_CLEAR)) ? " MD_CLEAR" : "", (_7d0 & cpufeat_mask(X86_FEATURE_SRBDS_CTRL)) ? " SRBDS_CTRL" : "", + (e8b & cpufeat_mask(X86_FEATURE_VIRT_SSBD)) ? " VIRT_SSBD" : "", (caps & ARCH_CAPS_TSX_CTRL) ? " TSX_CTRL" : ""); /* Compiled-in support which pertains to mitigations. */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Sep 08 15:44:10 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 08 Sep 2021 15:44:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.182264.329756 (Exim 4.92) (envelope-from ) id 1mNzk6-0001LH-K9; Wed, 08 Sep 2021 15:44:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 182264.329756; Wed, 08 Sep 2021 15:44:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNzk6-0001L9-Gq; Wed, 08 Sep 2021 15:44:06 +0000 Received: by outflank-mailman (input) for mailman id 182264; Wed, 08 Sep 2021 15:44:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNzk5-0001L3-DA for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 15:44:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mNzk5-00087n-BP for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 15:44:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mNzk5-0008LE-AL for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 15:44:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Ks3MOpXBd6fq8XirMt2PdV6SRg5rge3cXdsLIMHhU4Y=; b=DCn6hBN6Gj3h66xVdjQ4VoBVQ5 vZfVYf2LWE8koOqyXkymJFVcKO/tXZwr7Ez03vRF0odkL6zkkMCR2uprOwRES5avSWzMEYwNYYz8c 171MtzpA9xDvBOC5qlbKRQuiMdaSuAFcHB1Fk0L8q7vleTKv5yQaRHZZC6j5D3PmspvU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] x86/PVH: Fix debug build following XSA-378 bugfix Message-Id: Date: Wed, 08 Sep 2021 15:44:05 +0000 commit 065fff7af08f7eaf300c9bef86ae3cec8150d3aa Author: Andrew Cooper AuthorDate: Wed Sep 8 17:39:42 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 8 17:39:42 2021 +0200 x86/PVH: Fix debug build following XSA-378 bugfix Fixes: 8d8b4bde3e1c ("x86/PVH: de-duplicate mappings for first Mb of Dom0 memory") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/hvm/dom0_build.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/hvm/dom0_build.c b/xen/arch/x86/hvm/dom0_build.c index 62958bf82c..c6eb86bfb7 100644 --- a/xen/arch/x86/hvm/dom0_build.c +++ b/xen/arch/x86/hvm/dom0_build.c @@ -467,7 +467,7 @@ static int __init pvh_populate_p2m(struct domain *d) p2m_type_t p2mt; if ( mfn_eq(get_gfn_query(d, i, &p2mt), INVALID_MFN) ) - rc = set_mmio_p2m_entry(d, _gfn(i), _mfn(i), PAGE_ORDER_4K, + rc = set_mmio_p2m_entry(d, i, _mfn(i), PAGE_ORDER_4K, p2m_get_hostp2m(d)->default_access); else ASSERT(p2mt == p2m_ram_rw); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Sep 08 17:00:14 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 08 Sep 2021 17:00:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.182324.329839 (Exim 4.92) (envelope-from ) id 1mO0vf-0006YN-Ri; Wed, 08 Sep 2021 17:00:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 182324.329839; Wed, 08 Sep 2021 17:00:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mO0vf-0006YF-Ok; Wed, 08 Sep 2021 17:00:07 +0000 Received: by outflank-mailman (input) for mailman id 182324; Wed, 08 Sep 2021 17:00:06 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mO0ve-0006U5-45 for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 17:00:06 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mO0ve-0001ex-2v for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 17:00:06 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mO0ve-0002AA-1t for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 17:00:06 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Cby19KhWkztVTIwV97Jr1PwbbS/m/k56vg+Ve0+Q9SU=; b=DKVScNL/h91lZNWDDyjyzauv7K Y2sAyE3RFG+A55+/qya5kWYTDylmPl4t/FN60D8TlY8dlb7Cj+Gp1ue5ABu9ZqV9KpIxOH9VkIYVY pXNz3ZqSj8VTHnb6PIcVvCBK63P+XzyfcRYEsl5BNJz8DK6vpGIRBE0GjF9YU+8VR+8A=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/msr: Clean up the MSR_EFER constants Message-Id: Date: Wed, 08 Sep 2021 17:00:06 +0000 commit 00d0fcf33c580ba4577a9a2ac274863c173bbe65 Author: Andrew Cooper AuthorDate: Fri May 25 16:12:05 2018 +0100 Commit: Andrew Cooper CommitDate: Wed Sep 8 17:54:21 2021 +0100 x86/msr: Clean up the MSR_EFER constants There are no remaining users of the bit position constants. Move the used constants into the cleaned-up area of msr-index.h and apply appropriate style. Rename EFER_NX to EFER_NXE to match both the Intel and AMD specs. Signed-off-by: Andrew Cooper Reviewed-by: Wei Liu Reviewed-by: Roger Pau Monné --- xen/arch/x86/boot/head.S | 2 +- xen/arch/x86/cpu/intel.c | 4 ++-- xen/arch/x86/efi/efi-boot.h | 2 +- xen/arch/x86/hvm/hvm.c | 4 ++-- xen/arch/x86/hvm/svm/svm.c | 4 ++-- xen/arch/x86/hvm/vmx/vmx.c | 4 ++-- xen/include/asm-x86/hvm/hvm.h | 2 +- xen/include/asm-x86/msr-index.h | 30 +++++++++++------------------- 8 files changed, 22 insertions(+), 30 deletions(-) diff --git a/xen/arch/x86/boot/head.S b/xen/arch/x86/boot/head.S index 150f7f90a2..dd1bea0d10 100644 --- a/xen/arch/x86/boot/head.S +++ b/xen/arch/x86/boot/head.S @@ -639,7 +639,7 @@ trampoline_setup: /* Check for NX. Adjust EFER setting if available. */ bt $cpufeat_bit(X86_FEATURE_NX), %edx jnc 1f - orb $EFER_NX >> 8, 1 + sym_esi(trampoline_efer) + orb $EFER_NXE >> 8, 1 + sym_esi(trampoline_efer) 1: /* Check for availability of long mode. */ diff --git a/xen/arch/x86/cpu/intel.c b/xen/arch/x86/cpu/intel.c index abf8e206d7..9b011c3446 100644 --- a/xen/arch/x86/cpu/intel.c +++ b/xen/arch/x86/cpu/intel.c @@ -270,14 +270,14 @@ static void early_init_intel(struct cpuinfo_x86 *c) if (disable) { wrmsrl(MSR_IA32_MISC_ENABLE, misc_enable & ~disable); bootsym(trampoline_misc_enable_off) |= disable; - bootsym(trampoline_efer) |= EFER_NX; + bootsym(trampoline_efer) |= EFER_NXE; } if (disable & MSR_IA32_MISC_ENABLE_LIMIT_CPUID) printk(KERN_INFO "revised cpuid level: %d\n", cpuid_eax(0)); if (disable & MSR_IA32_MISC_ENABLE_XD_DISABLE) { - write_efer(read_efer() | EFER_NX); + write_efer(read_efer() | EFER_NXE); printk(KERN_INFO "re-enabled NX (Execute Disable) protection\n"); } diff --git a/xen/arch/x86/efi/efi-boot.h b/xen/arch/x86/efi/efi-boot.h index fb217031ff..9b0cc29aae 100644 --- a/xen/arch/x86/efi/efi-boot.h +++ b/xen/arch/x86/efi/efi-boot.h @@ -692,7 +692,7 @@ static void __init efi_arch_cpu(void) caps[cpufeat_word(X86_FEATURE_SYSCALL)] = cpuid_edx(0x80000001); if ( cpu_has_nx ) - trampoline_efer |= EFER_NX; + trampoline_efer |= EFER_NXE; } } diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 5086773e5c..7b48a1b925 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -952,8 +952,8 @@ const char *hvm_efer_valid(const struct vcpu *v, uint64_t value, if ( (value & EFER_LMA) && (!(value & EFER_LME) || !cr0_pg) ) return "LMA/LME/CR0.PG inconsistency"; - if ( (value & EFER_NX) && !p->extd.nx ) - return "NX without feature"; + if ( (value & EFER_NXE) && !p->extd.nx ) + return "NXE without feature"; if ( (value & EFER_SVME) && (!p->extd.svm || !nestedhvm_enabled(d)) ) return "SVME without nested virt"; diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index 8dc92c8b9f..309912a234 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -563,8 +563,8 @@ static void svm_update_guest_efer(struct vcpu *v) if ( paging_mode_shadow(v->domain) ) { /* EFER.NX is a Xen-owned bit and is not under guest control. */ - guest_efer &= ~EFER_NX; - guest_efer |= xen_efer & EFER_NX; + guest_efer &= ~EFER_NXE; + guest_efer |= xen_efer & EFER_NXE; /* * CR0.PG is a Xen-owned bit, and remains set even when the guest has diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index e09b7e3af9..b0a42d05f8 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -1623,8 +1623,8 @@ static void vmx_update_guest_efer(struct vcpu *v) * When using shadow pagetables, EFER.NX is a Xen-owned bit and is not * under guest control. */ - guest_efer &= ~EFER_NX; - guest_efer |= xen_efer & EFER_NX; + guest_efer &= ~EFER_NXE; + guest_efer |= xen_efer & EFER_NXE; } if ( !vmx_unrestricted_guest(v) ) diff --git a/xen/include/asm-x86/hvm/hvm.h b/xen/include/asm-x86/hvm/hvm.h index 4a8fb571de..7e842f2dc2 100644 --- a/xen/include/asm-x86/hvm/hvm.h +++ b/xen/include/asm-x86/hvm/hvm.h @@ -376,7 +376,7 @@ int hvm_get_param(struct domain *d, uint32_t index, uint64_t *value); #define hvm_smap_enabled(v) \ (hvm_paging_enabled(v) && ((v)->arch.hvm.guest_cr[4] & X86_CR4_SMAP)) #define hvm_nx_enabled(v) \ - ((v)->arch.hvm.guest_efer & EFER_NX) + ((v)->arch.hvm.guest_efer & EFER_NXE) #define hvm_pku_enabled(v) \ (hvm_paging_enabled(v) && ((v)->arch.hvm.guest_cr[4] & X86_CR4_PKE)) diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index 903923e5a5..3fe14b820c 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -119,6 +119,17 @@ #define PASID_PASID_MASK 0x000fffff #define PASID_VALID (_AC(1, ULL) << 31) +#define MSR_EFER 0xc0000080 /* Extended Feature Enable Register */ +#define EFER_SCE (_AC(1, ULL) << 0) /* SYSCALL Enable */ +#define EFER_LME (_AC(1, ULL) << 8) /* Long Mode Enable */ +#define EFER_LMA (_AC(1, ULL) << 10) /* Long Mode Active */ +#define EFER_NXE (_AC(1, ULL) << 11) /* No Execute Enable */ +#define EFER_SVME (_AC(1, ULL) << 12) /* Secure Virtual Machine Enable */ +#define EFER_FFXSE (_AC(1, ULL) << 14) /* Fast FXSAVE/FXRSTOR */ + +#define EFER_KNOWN_MASK \ + (EFER_SCE | EFER_LME | EFER_LMA | EFER_NXE | EFER_SVME | EFER_FFXSE) + #define MSR_K8_SYSCFG 0xc0010010 #define SYSCFG_MTRR_FIX_DRAM_EN (_AC(1, ULL) << 18) #define SYSCFG_MTRR_FIX_DRAM_MOD_EN (_AC(1, ULL) << 19) @@ -145,7 +156,6 @@ */ /* x86-64 specific MSRs */ -#define MSR_EFER 0xc0000080 /* extended feature register */ #define MSR_STAR 0xc0000081 /* legacy mode SYSCALL target */ #define MSR_LSTAR 0xc0000082 /* long mode SYSCALL target */ #define MSR_CSTAR 0xc0000083 /* compat mode SYSCALL target */ @@ -155,24 +165,6 @@ #define MSR_SHADOW_GS_BASE 0xc0000102 /* SwapGS GS shadow */ #define MSR_TSC_AUX 0xc0000103 /* Auxiliary TSC */ -/* EFER bits: */ -#define _EFER_SCE 0 /* SYSCALL/SYSRET */ -#define _EFER_LME 8 /* Long mode enable */ -#define _EFER_LMA 10 /* Long mode active (read-only) */ -#define _EFER_NX 11 /* No execute enable */ -#define _EFER_SVME 12 /* AMD: SVM enable */ -#define _EFER_FFXSE 14 /* AMD: Fast FXSAVE/FXRSTOR enable */ - -#define EFER_SCE (1<<_EFER_SCE) -#define EFER_LME (1<<_EFER_LME) -#define EFER_LMA (1<<_EFER_LMA) -#define EFER_NX (1<<_EFER_NX) -#define EFER_SVME (1<<_EFER_SVME) -#define EFER_FFXSE (1<<_EFER_FFXSE) - -#define EFER_KNOWN_MASK (EFER_SCE | EFER_LME | EFER_LMA | EFER_NX | \ - EFER_SVME | EFER_FFXSE) - /* Intel MSRs. Some also available on other CPUs */ #define MSR_IA32_PERFCTR0 0x000000c1 #define MSR_IA32_A_PERFCTR0 0x000004c1 -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Sep 08 17:00:17 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 08 Sep 2021 17:00:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.182325.329843 (Exim 4.92) (envelope-from ) id 1mO0vp-0006aP-TZ; Wed, 08 Sep 2021 17:00:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 182325.329843; Wed, 08 Sep 2021 17:00:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mO0vp-0006aG-QH; Wed, 08 Sep 2021 17:00:17 +0000 Received: by outflank-mailman (input) for mailman id 182325; Wed, 08 Sep 2021 17:00:16 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mO0vo-0006a2-7H for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 17:00:16 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mO0vo-0001f4-6V for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 17:00:16 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mO0vo-0002Br-5Q for xen-changelog@lists.xenproject.org; Wed, 08 Sep 2021 17:00:16 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=qPHjK7vwJtq7cyuGZH0m7NaiI/EvEyZdAngkBfK8ll4=; b=03oZmogAbP2y83DQEk2Nq68jKd dOxY97UcgyPMb90ZJheJG8S2+dOf5l/T0oNS/3U+Ed6x5co7PATzhIKuMGiL8WyLPXChs/WgOsm4N Bt1PY9NIYJNnrV+bgCsVa1wqmdr/UOLlMQlt37EzlN0vrkdDsczX2lgYvDelCzFCYrHo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/msr: Cleanup of misc constants Message-Id: Date: Wed, 08 Sep 2021 17:00:16 +0000 commit 56abcf1a58bdaef18579cf2ce8645c8c72a2b749 Author: Andrew Cooper AuthorDate: Fri May 25 16:13:02 2018 +0100 Commit: Andrew Cooper CommitDate: Wed Sep 8 17:54:21 2021 +0100 x86/msr: Cleanup of misc constants Move two blocks of MSRs into the cleaned up section, updating the style as they move. Signed-off-by: Andrew Cooper Reviewed-by: Wei Liu Reviewed-by: Roger Pau Monné --- xen/include/asm-x86/msr-index.h | 39 +++++++++++++++++++-------------------- 1 file changed, 19 insertions(+), 20 deletions(-) diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index 3fe14b820c..90c0589cd6 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -115,6 +115,16 @@ #define MSR_PL3_SSP 0x000006a7 #define MSR_INTERRUPT_SSP_TABLE 0x000006a8 +#define MSR_X2APIC_FIRST 0x00000800 +#define MSR_X2APIC_LAST 0x00000bff + +#define MSR_X2APIC_TPR 0x00000808 +#define MSR_X2APIC_PPR 0x0000080a +#define MSR_X2APIC_EOI 0x0000080b +#define MSR_X2APIC_TMICT 0x00000838 +#define MSR_X2APIC_TMCCT 0x00000839 +#define MSR_X2APIC_SELF 0x0000083f + #define MSR_PASID 0x00000d93 #define PASID_PASID_MASK 0x000fffff #define PASID_VALID (_AC(1, ULL) << 31) @@ -130,6 +140,15 @@ #define EFER_KNOWN_MASK \ (EFER_SCE | EFER_LME | EFER_LMA | EFER_NXE | EFER_SVME | EFER_FFXSE) +#define MSR_STAR 0xc0000081 /* legacy mode SYSCALL target */ +#define MSR_LSTAR 0xc0000082 /* long mode SYSCALL target */ +#define MSR_CSTAR 0xc0000083 /* compat mode SYSCALL target */ +#define MSR_SYSCALL_MASK 0xc0000084 /* EFLAGS mask for syscall */ +#define MSR_FS_BASE 0xc0000100 /* 64bit FS base */ +#define MSR_GS_BASE 0xc0000101 /* 64bit GS base */ +#define MSR_SHADOW_GS_BASE 0xc0000102 /* SwapGS GS shadow */ +#define MSR_TSC_AUX 0xc0000103 /* Auxiliary TSC */ + #define MSR_K8_SYSCFG 0xc0010010 #define SYSCFG_MTRR_FIX_DRAM_EN (_AC(1, ULL) << 18) #define SYSCFG_MTRR_FIX_DRAM_MOD_EN (_AC(1, ULL) << 19) @@ -155,16 +174,6 @@ * Legacy MSR constants in need of cleanup. No new MSRs below this comment. */ -/* x86-64 specific MSRs */ -#define MSR_STAR 0xc0000081 /* legacy mode SYSCALL target */ -#define MSR_LSTAR 0xc0000082 /* long mode SYSCALL target */ -#define MSR_CSTAR 0xc0000083 /* compat mode SYSCALL target */ -#define MSR_SYSCALL_MASK 0xc0000084 /* EFLAGS mask for syscall */ -#define MSR_FS_BASE 0xc0000100 /* 64bit FS base */ -#define MSR_GS_BASE 0xc0000101 /* 64bit GS base */ -#define MSR_SHADOW_GS_BASE 0xc0000102 /* SwapGS GS shadow */ -#define MSR_TSC_AUX 0xc0000103 /* Auxiliary TSC */ - /* Intel MSRs. Some also available on other CPUs */ #define MSR_IA32_PERFCTR0 0x000000c1 #define MSR_IA32_A_PERFCTR0 0x000004c1 @@ -436,16 +445,6 @@ #define MSR_IA32_TSC_ADJUST 0x0000003b -#define MSR_X2APIC_FIRST 0x00000800 -#define MSR_X2APIC_LAST 0x00000bff - -#define MSR_X2APIC_TPR 0x00000808 -#define MSR_X2APIC_PPR 0x0000080a -#define MSR_X2APIC_EOI 0x0000080b -#define MSR_X2APIC_TMICT 0x00000838 -#define MSR_X2APIC_TMCCT 0x00000839 -#define MSR_X2APIC_SELF 0x0000083f - #define MSR_IA32_UCODE_WRITE 0x00000079 #define MSR_IA32_UCODE_REV 0x0000008b -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 07:00:10 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 07:00:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.182640.330306 (Exim 4.92) (envelope-from ) id 1mOE2V-0002YX-UH; Thu, 09 Sep 2021 07:00:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 182640.330306; Thu, 09 Sep 2021 07:00:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE2V-0002YK-Qi; Thu, 09 Sep 2021 07:00:03 +0000 Received: by outflank-mailman (input) for mailman id 182640; Thu, 09 Sep 2021 07:00:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE2V-0002Qz-36 for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:00:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE2V-0007KU-2G for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:00:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOE2V-0008NK-0w for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:00:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=AX76Q+LZoBf90VMKB060k9GevZoljRImX2W0snRIjyQ=; b=QUfPTlhukWe1TAtx2jNi1ybRCu HuDKkFxM7oDbuZ3KTMT8NXFlGIy5UYt7sVIXOAI4Z2cbpvQZka90nrjGzq3Omdeq5sNquw4jcLFAY DkGWivcAtkHqu+rvyN7i+1vRE7kzbRiBNkhc7os9oyjcYy7t/okpT2KeOB12IYy87hQ8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] libxl/x86: check return value of SHADOW_OP_SET_ALLOCATION domctl Message-Id: Date: Thu, 09 Sep 2021 07:00:03 +0000 commit 61f28060d5b899c502e2b3bf45a39b1dd2a1224c Author: Jan Beulich AuthorDate: Mon Jul 19 12:28:09 2021 +0200 Commit: Ian Jackson CommitDate: Thu Aug 19 17:47:20 2021 +0100 libxl/x86: check return value of SHADOW_OP_SET_ALLOCATION domctl The hypervisor may not have enough memory to satisfy the request. While there, make the unit of the value clear by renaming the local variable. Requested-by: Andrew Cooper Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper Reviewed-by: Anthony PERARD backport-requested-by: Jan Beulich (cherry picked from commit 0be5a00af590c97ea553aadb60f1e0b3af53d8f6) (cherry picked from commit 6bbdcefd205903b2181b3b4fdc9503709ecdb7c4) --- tools/libxl/libxl_x86.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/tools/libxl/libxl_x86.c b/tools/libxl/libxl_x86.c index e57f63282e..07c7b05e0d 100644 --- a/tools/libxl/libxl_x86.c +++ b/tools/libxl/libxl_x86.c @@ -516,10 +516,20 @@ int libxl__arch_domain_create(libxl__gc *gc, libxl_domain_config *d_config, xc_domain_set_time_offset(ctx->xch, domid, rtc_timeoffset); if (d_config->b_info.type != LIBXL_DOMAIN_TYPE_PV) { - unsigned long shadow = DIV_ROUNDUP(d_config->b_info.shadow_memkb, - 1024); - xc_shadow_control(ctx->xch, domid, XEN_DOMCTL_SHADOW_OP_SET_ALLOCATION, - NULL, 0, &shadow, 0, NULL); + unsigned long shadow_mb = DIV_ROUNDUP(d_config->b_info.shadow_memkb, + 1024); + int r = xc_shadow_control(ctx->xch, domid, + XEN_DOMCTL_SHADOW_OP_SET_ALLOCATION, + NULL, 0, &shadow_mb, 0, NULL); + + if (r) { + LOGED(ERROR, domid, + "Failed to set %lu MiB %s allocation", + shadow_mb, + libxl_defbool_val(d_config->c_info.hap) ? "HAP" : "shadow"); + ret = ERROR_FAIL; + goto out; + } } if (d_config->c_info.type == LIBXL_DOMAIN_TYPE_PV && -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 07:00:15 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 07:00:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.182641.330310 (Exim 4.92) (envelope-from ) id 1mOE2g-0002uC-Vd; Thu, 09 Sep 2021 07:00:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 182641.330310; Thu, 09 Sep 2021 07:00:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE2g-0002u4-SS; Thu, 09 Sep 2021 07:00:14 +0000 Received: by outflank-mailman (input) for mailman id 182641; Thu, 09 Sep 2021 07:00:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE2f-0002tp-7F for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:00:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE2f-0007MA-6H for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:00:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOE2f-0000r4-5I for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:00:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=9pVZJY/Zb4nmBVi+7zdQ3sTBQROWKqFoWSvn6VZq2qE=; b=o4CLw0Gug2A/b8HLVUtUk5em12 KILys+XXlsfwGYJnwoTdAxFBKXTCdQfRP1XnUpDPpXQsLjzLvmtpagGNQA6fVGkCljegjgt3Iq+ZT VTq0C8voQggvhrk5IaktfOcosU7WsKCVdE4s5PeKfWDFW3o2WgObqP/AslXnkGhGAQ4U=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86: work around build issue with GNU ld 2.37 Message-Id: Date: Thu, 09 Sep 2021 07:00:13 +0000 commit f7a973031675e0be4a31178bfae28ab4a305dbdf Author: Jan Beulich AuthorDate: Wed Aug 25 15:03:36 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:03:36 2021 +0200 x86: work around build issue with GNU ld 2.37 I suspect it is commit 40726f16a8d7 ("ld script expression parsing") which broke the hypervisor build, by no longer accepting section names with a dash in them inside ADDR() (and perhaps other script directives expecting just a section name, not an expression): .note.gnu.build-id is such a section. Quoting all section names passed to ADDR() via DECL_SECTION() works around the regression. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: 58ad654ebce7ccb272a3f4f3482c03aaad850d31 master date: 2021-07-27 15:03:29 +0100 --- xen/arch/x86/xen.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index 0273f79152..a02df18a25 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -18,7 +18,7 @@ ENTRY(efi_start) #else /* !EFI */ #define FORMAT "elf64-x86-64" -#define DECL_SECTION(x) x : AT(ADDR(x) - __XEN_VIRT_START) +#define DECL_SECTION(x) x : AT(ADDR(#x) - __XEN_VIRT_START) ENTRY(start_pa) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 07:00:25 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 07:00:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.182642.330314 (Exim 4.92) (envelope-from ) id 1mOE2r-0002yQ-1a; Thu, 09 Sep 2021 07:00:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 182642.330314; Thu, 09 Sep 2021 07:00:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE2q-0002yI-UG; Thu, 09 Sep 2021 07:00:24 +0000 Received: by outflank-mailman (input) for mailman id 182642; Thu, 09 Sep 2021 07:00:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE2p-0002xq-B1 for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:00:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE2p-0007MS-A9 for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:00:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOE2p-0001G4-8x for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:00:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ELGvp/6E+d9vPeZPBrwp0DPddku8ZCRXw5KCSSuFLXI=; b=vGiprrOuP44IgrVvCcqwH9VXx8 1OZMGlbBXrubhhJ8m33PqguivNkYWvZVtKqBwJQLQesH4nApHIvGGCe5Ej7Pv9OjSLJigQBQG9FO5 883g9GBFpcFkP//um+IrAHZVNRyrsMZnpMpzO/riSW9u4agVnHG1FrJaV2+DHGAEIbLk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] AMD/IOMMU: correct global exclusion range extending Message-Id: Date: Thu, 09 Sep 2021 07:00:23 +0000 commit 8da14912d229eeef969f0738ec98c61a29946d07 Author: Jan Beulich AuthorDate: Wed Aug 25 15:04:44 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:04:44 2021 +0200 AMD/IOMMU: correct global exclusion range extending Besides unity mapping regions, the AMD IOMMU spec also provides for exclusion ranges (areas of memory not to be subject to DMA translation) to be specified by firmware in the ACPI tables. The spec does not put any constraints on the number of such regions. Blindly assuming all addresses between any two such ranges should also be excluded can't be right. Since hardware has room for just a single such range (comprised of the Exclusion Base Register and the Exclusion Range Limit Register), combine only adjacent or overlapping regions (for now; this may require further adjustment in case table entries aren't sorted by address) with matching exclusion_allow_all settings. This requires bubbling up error indicators, such that IOMMU init can be failed when concatenation wasn't possible. Furthermore, since the exclusion range specified in IOMMU registers implies R/W access, reject requests asking for less permissions (this will be brought closer to the spec by a subsequent change). This is part of XSA-378 / CVE-2021-28695. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: b02c5c88982411be11e3413159862f255f1f39dc master date: 2021-08-25 14:12:13 +0200 --- xen/drivers/passthrough/amd/iommu_acpi.c | 45 +++++++++++++++++++++----------- 1 file changed, 30 insertions(+), 15 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c b/xen/drivers/passthrough/amd/iommu_acpi.c index f4abbfd9dc..b9ac78678c 100644 --- a/xen/drivers/passthrough/amd/iommu_acpi.c +++ b/xen/drivers/passthrough/amd/iommu_acpi.c @@ -117,12 +117,21 @@ static struct amd_iommu * __init find_iommu_from_bdf_cap( return NULL; } -static void __init reserve_iommu_exclusion_range( - struct amd_iommu *iommu, uint64_t base, uint64_t limit) +static int __init reserve_iommu_exclusion_range( + struct amd_iommu *iommu, uint64_t base, uint64_t limit, + bool all, bool iw, bool ir) { + if ( !ir || !iw ) + return -EPERM; + /* need to extend exclusion range? */ if ( iommu->exclusion_enable ) { + if ( iommu->exclusion_limit + PAGE_SIZE < base || + limit + PAGE_SIZE < iommu->exclusion_base || + iommu->exclusion_allow_all != all ) + return -EBUSY; + if ( iommu->exclusion_base < base ) base = iommu->exclusion_base; if ( iommu->exclusion_limit > limit ) @@ -130,16 +139,11 @@ static void __init reserve_iommu_exclusion_range( } iommu->exclusion_enable = IOMMU_CONTROL_ENABLED; + iommu->exclusion_allow_all = all; iommu->exclusion_base = base; iommu->exclusion_limit = limit; -} -static void __init reserve_iommu_exclusion_range_all( - struct amd_iommu *iommu, - unsigned long base, unsigned long limit) -{ - reserve_iommu_exclusion_range(iommu, base, limit); - iommu->exclusion_allow_all = IOMMU_CONTROL_ENABLED; + return 0; } static void __init reserve_unity_map_for_device( @@ -177,6 +181,7 @@ static int __init register_exclusion_range_for_all_devices( unsigned long range_top, iommu_top, length; struct amd_iommu *iommu; unsigned int bdf; + int rc = 0; /* is part of exclusion range inside of IOMMU virtual address space? */ /* note: 'limit' parameter is assumed to be page-aligned */ @@ -198,10 +203,15 @@ static int __init register_exclusion_range_for_all_devices( if ( limit >= iommu_top ) { for_each_amd_iommu( iommu ) - reserve_iommu_exclusion_range_all(iommu, base, limit); + { + rc = reserve_iommu_exclusion_range(iommu, base, limit, + true /* all */, iw, ir); + if ( rc ) + break; + } } - return 0; + return rc; } static int __init register_exclusion_range_for_device( @@ -212,6 +222,7 @@ static int __init register_exclusion_range_for_device( unsigned long range_top, iommu_top, length; struct amd_iommu *iommu; u16 req; + int rc = 0; iommu = find_iommu_for_device(seg, bdf); if ( !iommu ) @@ -241,12 +252,13 @@ static int __init register_exclusion_range_for_device( /* register IOMMU exclusion range settings for device */ if ( limit >= iommu_top ) { - reserve_iommu_exclusion_range(iommu, base, limit); + rc = reserve_iommu_exclusion_range(iommu, base, limit, + false /* all */, iw, ir); ivrs_mappings[bdf].dte_allow_exclusion = true; ivrs_mappings[req].dte_allow_exclusion = true; } - return 0; + return rc; } static int __init register_exclusion_range_for_iommu_devices( @@ -256,6 +268,7 @@ static int __init register_exclusion_range_for_iommu_devices( unsigned long range_top, iommu_top, length; unsigned int bdf; u16 req; + int rc = 0; /* is part of exclusion range inside of IOMMU virtual address space? */ /* note: 'limit' parameter is assumed to be page-aligned */ @@ -286,8 +299,10 @@ static int __init register_exclusion_range_for_iommu_devices( /* register IOMMU exclusion range settings */ if ( limit >= iommu_top ) - reserve_iommu_exclusion_range_all(iommu, base, limit); - return 0; + rc = reserve_iommu_exclusion_range(iommu, base, limit, + true /* all */, iw, ir); + + return rc; } static int __init parse_ivmd_device_select( -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 07:00:35 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 07:00:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.182645.330317 (Exim 4.92) (envelope-from ) id 1mOE31-00031t-58; Thu, 09 Sep 2021 07:00:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 182645.330317; Thu, 09 Sep 2021 07:00:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE31-00031m-2B; Thu, 09 Sep 2021 07:00:35 +0000 Received: by outflank-mailman (input) for mailman id 182645; Thu, 09 Sep 2021 07:00:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE2z-00031O-Ep for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:00:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE2z-0007Mh-Dy for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:00:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOE2z-0001HL-Cz for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:00:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=1vaC5OjBKVRxdFwG24bh+HSHJ+SJo9MRh0c6ugp6WGQ=; b=Fr4ErSo0VgvilqeYi09bmhwMXM hPS1UVNlydvGcL6G1MZbsZRBA64g1SnZne2ClfwB1YkjfHlF/ZbbNrlPrLJcLIXi9G6JYI7+6SZ9U 4wBa0OrWVSrGCZwF1MWJ7V902F8GohLYL1O95K6Fm6QySzBluYvqggfyLAiOiaEGY9io=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] AMD/IOMMU: correct device unity map handling Message-Id: Date: Thu, 09 Sep 2021 07:00:33 +0000 commit 100b2e2d5ee0ea5549113ad6b15f4b532c13bcd7 Author: Jan Beulich AuthorDate: Wed Aug 25 15:05:03 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:05:03 2021 +0200 AMD/IOMMU: correct device unity map handling Blindly assuming all addresses between any two such ranges, specified by firmware in the ACPI tables, should also be unity-mapped can't be right. Nor can it be correct to merge ranges with differing permissions. Track ranges individually; don't merge at all, but check for overlaps instead. This requires bubbling up error indicators, such that IOMMU init can be failed when allocation of a new tracking struct wasn't possible, or an overlap was detected. At this occasion also stop ignoring amd_iommu_reserve_domain_unity_map()'s return value. This is part of XSA-378 / CVE-2021-28695. Signed-off-by: Jan Beulich Reviewed-by: George Dunlap Reviewed-by: Paul Durrant master commit: 34750a3eb022462cdd1c36e8ef9049d3d73c824c master date: 2021-08-25 14:15:11 +0200 --- xen/drivers/passthrough/amd/iommu.h | 14 +++-- xen/drivers/passthrough/amd/iommu_acpi.c | 80 +++++++++++++++++------------ xen/drivers/passthrough/amd/pci_amd_iommu.c | 16 +++--- 3 files changed, 66 insertions(+), 44 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index 3489c2a015..a7a05a9b09 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -107,20 +107,24 @@ struct amd_iommu { struct list_head ats_devices; }; +struct ivrs_unity_map { + bool read:1; + bool write:1; + paddr_t addr; + unsigned long length; + struct ivrs_unity_map *next; +}; + struct ivrs_mappings { uint16_t dte_requestor_id; bool valid:1; bool dte_allow_exclusion:1; - bool unity_map_enable:1; - bool write_permission:1; - bool read_permission:1; /* ivhd device data settings */ uint8_t device_flags; - unsigned long addr_range_start; - unsigned long addr_range_length; struct amd_iommu *iommu; + struct ivrs_unity_map *unity_map; /* per device interrupt remapping table */ void *intremap_table; diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c b/xen/drivers/passthrough/amd/iommu_acpi.c index b9ac78678c..e2f46fa7b6 100644 --- a/xen/drivers/passthrough/amd/iommu_acpi.c +++ b/xen/drivers/passthrough/amd/iommu_acpi.c @@ -146,32 +146,48 @@ static int __init reserve_iommu_exclusion_range( return 0; } -static void __init reserve_unity_map_for_device( - u16 seg, u16 bdf, unsigned long base, - unsigned long length, u8 iw, u8 ir) +static int __init reserve_unity_map_for_device( + uint16_t seg, uint16_t bdf, unsigned long base, + unsigned long length, bool iw, bool ir) { struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(seg); - unsigned long old_top, new_top; + struct ivrs_unity_map *unity_map = ivrs_mappings[bdf].unity_map; - /* need to extend unity-mapped range? */ - if ( ivrs_mappings[bdf].unity_map_enable ) + /* Check for overlaps. */ + for ( ; unity_map; unity_map = unity_map->next ) { - old_top = ivrs_mappings[bdf].addr_range_start + - ivrs_mappings[bdf].addr_range_length; - new_top = base + length; - if ( old_top > new_top ) - new_top = old_top; - if ( ivrs_mappings[bdf].addr_range_start < base ) - base = ivrs_mappings[bdf].addr_range_start; - length = new_top - base; + /* + * Exact matches are okay. This can in particular happen when + * register_exclusion_range_for_device() calls here twice for the + * same (s,b,d,f). + */ + if ( base == unity_map->addr && length == unity_map->length && + ir == unity_map->read && iw == unity_map->write ) + return 0; + + if ( unity_map->addr + unity_map->length > base && + base + length > unity_map->addr ) + { + AMD_IOMMU_DEBUG("IVMD Error: overlap [%lx,%lx) vs [%lx,%lx)\n", + base, base + length, unity_map->addr, + unity_map->addr + unity_map->length); + return -EPERM; + } } - /* extend r/w permissioms and keep aggregate */ - ivrs_mappings[bdf].write_permission = iw; - ivrs_mappings[bdf].read_permission = ir; - ivrs_mappings[bdf].unity_map_enable = true; - ivrs_mappings[bdf].addr_range_start = base; - ivrs_mappings[bdf].addr_range_length = length; + /* Populate and insert a new unity map. */ + unity_map = xmalloc(struct ivrs_unity_map); + if ( !unity_map ) + return -ENOMEM; + + unity_map->read = ir; + unity_map->write = iw; + unity_map->addr = base; + unity_map->length = length; + unity_map->next = ivrs_mappings[bdf].unity_map; + ivrs_mappings[bdf].unity_map = unity_map; + + return 0; } static int __init register_exclusion_range_for_all_devices( @@ -194,13 +210,13 @@ static int __init register_exclusion_range_for_all_devices( length = range_top - base; /* reserve r/w unity-mapped page entries for devices */ /* note: these entries are part of the exclusion range */ - for ( bdf = 0; bdf < ivrs_bdf_entries; bdf++ ) - reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); + for ( bdf = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) + rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); /* push 'base' just outside of virtual address space */ base = iommu_top; } /* register IOMMU exclusion range settings */ - if ( limit >= iommu_top ) + if ( !rc && limit >= iommu_top ) { for_each_amd_iommu( iommu ) { @@ -242,15 +258,15 @@ static int __init register_exclusion_range_for_device( length = range_top - base; /* reserve unity-mapped page entries for device */ /* note: these entries are part of the exclusion range */ - reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); - reserve_unity_map_for_device(seg, req, base, length, iw, ir); + rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir) ?: + reserve_unity_map_for_device(seg, req, base, length, iw, ir); /* push 'base' just outside of virtual address space */ base = iommu_top; } /* register IOMMU exclusion range settings for device */ - if ( limit >= iommu_top ) + if ( !rc && limit >= iommu_top ) { rc = reserve_iommu_exclusion_range(iommu, base, limit, false /* all */, iw, ir); @@ -281,15 +297,15 @@ static int __init register_exclusion_range_for_iommu_devices( length = range_top - base; /* reserve r/w unity-mapped page entries for devices */ /* note: these entries are part of the exclusion range */ - for ( bdf = 0; bdf < ivrs_bdf_entries; bdf++ ) + for ( bdf = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) { if ( iommu == find_iommu_for_device(iommu->seg, bdf) ) { - reserve_unity_map_for_device(iommu->seg, bdf, base, length, - iw, ir); req = get_ivrs_mappings(iommu->seg)[bdf].dte_requestor_id; - reserve_unity_map_for_device(iommu->seg, req, base, length, - iw, ir); + rc = reserve_unity_map_for_device(iommu->seg, bdf, base, length, + iw, ir) ?: + reserve_unity_map_for_device(iommu->seg, req, base, length, + iw, ir); } } @@ -298,7 +314,7 @@ static int __init register_exclusion_range_for_iommu_devices( } /* register IOMMU exclusion range settings */ - if ( limit >= iommu_top ) + if ( !rc && limit >= iommu_top ) rc = reserve_iommu_exclusion_range(iommu, base, limit, true /* all */, iw, ir); diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index abf9395437..59ff5c29d5 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -366,15 +366,17 @@ static int amd_iommu_assign_device(struct domain *d, u8 devfn, struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); int bdf = PCI_BDF2(pdev->bus, devfn); int req_id = get_dma_requestor_id(pdev->seg, bdf); + const struct ivrs_unity_map *unity_map; - if ( ivrs_mappings[req_id].unity_map_enable ) + for ( unity_map = ivrs_mappings[req_id].unity_map; unity_map; + unity_map = unity_map->next ) { - amd_iommu_reserve_domain_unity_map( - d, - ivrs_mappings[req_id].addr_range_start, - ivrs_mappings[req_id].addr_range_length, - ivrs_mappings[req_id].write_permission, - ivrs_mappings[req_id].read_permission); + int rc = amd_iommu_reserve_domain_unity_map( + d, unity_map->addr, unity_map->length, + unity_map->write, unity_map->read); + + if ( rc ) + return rc; } return reassign_device(pdev->domain, d, devfn, pdev); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 07:00:45 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 07:00:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.182647.330322 (Exim 4.92) (envelope-from ) id 1mOE3B-00035O-79; Thu, 09 Sep 2021 07:00:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 182647.330322; Thu, 09 Sep 2021 07:00:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE3B-00035B-48; Thu, 09 Sep 2021 07:00:45 +0000 Received: by outflank-mailman (input) for mailman id 182647; Thu, 09 Sep 2021 07:00:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE39-00034g-Id for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:00:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE39-0007Mw-Hj for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:00:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOE39-0001Il-Gt for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:00:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=eshiI9/j9BbUo5ALXpN0ZY+0OVJgmASZL1eIwtXRUKM=; b=nkEUioAYDZmMwgKuCfc33ELdba OJa5QPaSqMy85W2OzK+q9QBzEKcyaL114JLpYKeqULOKxyqDcbNeFVmfNrl5BUEUmx1RoEbHevRTG rlxrF2hev2XynC6Gk6tl8Bia6wUngV8DoEa+UGx0vBFMoE853caBb2iZpyzUnQz01RLI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] IOMMU: also pass p2m_access_t to p2m_get_iommu_flags() Message-Id: Date: Thu, 09 Sep 2021 07:00:43 +0000 commit 4a244516f6c438f62f4fae287e20628e931cb4ce Author: Jan Beulich AuthorDate: Wed Aug 25 15:05:25 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:05:25 2021 +0200 IOMMU: also pass p2m_access_t to p2m_get_iommu_flags() A subsequent change will want to customize the IOMMU permissions based on this. This is part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: d1bb6c97c31ef754fb29b29eb307c090414e8022 master date: 2021-08-25 14:15:32 +0200 --- xen/arch/x86/mm/p2m-ept.c | 6 +++--- xen/arch/x86/mm/p2m-pt.c | 19 ++++++++++++++++--- xen/include/asm-x86/p2m.h | 3 ++- 3 files changed, 21 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/mm/p2m-ept.c b/xen/arch/x86/mm/p2m-ept.c index b8154a7ecc..a2b3a9b047 100644 --- a/xen/arch/x86/mm/p2m-ept.c +++ b/xen/arch/x86/mm/p2m-ept.c @@ -680,7 +680,7 @@ ept_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, uint8_t ipat = 0; bool_t need_modify_vtd_table = 1; bool_t vtd_pte_present = 0; - unsigned int iommu_flags = p2m_get_iommu_flags(p2mt, mfn); + unsigned int iommu_flags = p2m_get_iommu_flags(p2mt, p2ma, mfn); bool_t needs_sync = 1; ept_entry_t old_entry = { .epte = 0 }; ept_entry_t new_entry = { .epte = 0 }; @@ -808,8 +808,8 @@ ept_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, /* Safe to read-then-write because we hold the p2m lock */ if ( ept_entry->mfn == new_entry.mfn && - p2m_get_iommu_flags(ept_entry->sa_p2mt, _mfn(ept_entry->mfn)) == - iommu_flags ) + p2m_get_iommu_flags(ept_entry->sa_p2mt, ept_entry->access, + _mfn(ept_entry->mfn)) == iommu_flags ) need_modify_vtd_table = 0; ept_p2m_type_to_flags(p2m, &new_entry); diff --git a/xen/arch/x86/mm/p2m-pt.c b/xen/arch/x86/mm/p2m-pt.c index badb26bc34..68744b74a4 100644 --- a/xen/arch/x86/mm/p2m-pt.c +++ b/xen/arch/x86/mm/p2m-pt.c @@ -480,6 +480,16 @@ int p2m_pt_handle_deferred_changes(uint64_t gpa) return rc; } +/* Reconstruct a fake p2m_access_t from stored PTE flags. */ +static p2m_access_t p2m_flags_to_access(unsigned int flags) +{ + if ( flags & _PAGE_PRESENT ) + return p2m_access_n; + + /* No need to look at _PAGE_NX for now. */ + return flags & _PAGE_RW ? p2m_access_rw : p2m_access_r; +} + /* Checks only applicable to entries with order > PAGE_ORDER_4K */ static void check_entry(mfn_t mfn, p2m_type_t new, p2m_type_t old, unsigned int order) @@ -514,7 +524,7 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, l2_pgentry_t l2e_content; l3_pgentry_t l3e_content; int rc; - unsigned int iommu_pte_flags = p2m_get_iommu_flags(p2mt, mfn); + unsigned int iommu_pte_flags = p2m_get_iommu_flags(p2mt, p2ma, mfn); /* * old_mfn and iommu_old_flags control possible flush/update needs on the * IOMMU: We need to flush when MFN or flags (i.e. permissions) change. @@ -577,6 +587,7 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, old_mfn = l1e_get_pfn(*p2m_entry); iommu_old_flags = p2m_get_iommu_flags(p2m_flags_to_type(flags), + p2m_flags_to_access(flags), _mfn(old_mfn)); } else @@ -619,9 +630,10 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, 0, L1_PAGETABLE_ENTRIES); ASSERT(p2m_entry); old_mfn = l1e_get_pfn(*p2m_entry); + flags = l1e_get_flags(*p2m_entry); iommu_old_flags = - p2m_get_iommu_flags(p2m_flags_to_type(l1e_get_flags(*p2m_entry)), - _mfn(old_mfn)); + p2m_get_iommu_flags(p2m_flags_to_type(flags), + p2m_flags_to_access(flags), _mfn(old_mfn)); if ( mfn_valid(mfn) || p2m_allows_invalid_mfn(p2mt) ) entry_content = p2m_l1e_from_pfn(mfn_x(mfn), @@ -649,6 +661,7 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, old_mfn = l1e_get_pfn(*p2m_entry); iommu_old_flags = p2m_get_iommu_flags(p2m_flags_to_type(flags), + p2m_flags_to_access(flags), _mfn(old_mfn)); } else diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index 2883d8a2f0..025ee0d24b 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -903,7 +903,8 @@ static inline void p2m_altp2m_check(struct vcpu *v, uint16_t idx) {} /* * p2m type to IOMMU flags */ -static inline unsigned int p2m_get_iommu_flags(p2m_type_t p2mt, mfn_t mfn) +static inline unsigned int p2m_get_iommu_flags(p2m_type_t p2mt, + p2m_access_t p2ma, mfn_t mfn) { unsigned int flags; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 07:00:55 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 07:00:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.182649.330325 (Exim 4.92) (envelope-from ) id 1mOE3L-00038U-8v; Thu, 09 Sep 2021 07:00:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 182649.330325; Thu, 09 Sep 2021 07:00:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE3L-00038L-5j; Thu, 09 Sep 2021 07:00:55 +0000 Received: by outflank-mailman (input) for mailman id 182649; Thu, 09 Sep 2021 07:00:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE3J-00038A-ML for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:00:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE3J-0007Na-LW for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:00:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOE3J-0001KM-Ke for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:00:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=dxfr8YVSoKpy78IqpU8ZA5mJF7aOkcGCbV6urI5ra4s=; b=oxXjb0XgtzGOl46s7sAX2sYnGV fsP1Q8zDR8KDKNynqHMQ1+v75zRYG+8J5HAo2mswxREIU5FkPT5VFI8hM+agml0IBneRrXVz4+tTX /SSDQz1tMbB+m3whNs/oEdrIi9FcSayyIbcP5eaiwWNIq6eJjwUZvIJSxIHcT0Hk+77A=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] IOMMU: generalize VT-d's tracking of mapped RMRR regions Message-Id: Date: Thu, 09 Sep 2021 07:00:53 +0000 commit fe6da097d460ebcaa7158b6b3949a0d208cf3120 Author: Jan Beulich AuthorDate: Wed Aug 25 15:05:43 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:05:43 2021 +0200 IOMMU: generalize VT-d's tracking of mapped RMRR regions In order to re-use it elsewhere, move the logic to vendor independent code and strip it of RMRR specifics. Note that the prior "map" parameter gets folded into the new "p2ma" one (which AMD IOMMU code will want to make use of), assigning alternative meaning ("unmap") to p2m_access_x. Prepare set_identity_p2m_entry() and p2m_get_iommu_flags() for getting passed access types other than p2m_access_rw (in the latter case just for p2m_mmio_direct requests). Note also that, to be on the safe side, an overlap check gets added to the main loop of iommu_identity_mapping(). This is part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: c0e19d7c6c42f0bfccccd96b4f7b03b5515e10fc master date: 2021-08-25 14:15:57 +0200 --- xen/arch/x86/mm/p2m.c | 2 +- xen/drivers/passthrough/vtd/iommu.c | 98 +++++-------------------------------- xen/drivers/passthrough/x86/iommu.c | 95 ++++++++++++++++++++++++++++++++++- xen/include/asm-x86/iommu.h | 8 ++- xen/include/asm-x86/p2m.h | 35 +++++++++++-- 5 files changed, 147 insertions(+), 91 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index db7bde0230..a8d53d325e 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -1353,7 +1353,7 @@ int set_identity_p2m_entry(struct domain *d, unsigned long gfn_l, if ( !is_iommu_enabled(d) ) return 0; return iommu_legacy_map(d, _dfn(gfn_l), _mfn(gfn_l), PAGE_ORDER_4K, - IOMMUF_readable | IOMMUF_writable); + p2m_access_to_iommu_flags(p2ma)); } gfn_lock(p2m, gfn, 0); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index e125e3188a..ab3c5c1845 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -42,12 +42,6 @@ #include "vtd.h" #include "../ats.h" -struct mapped_rmrr { - struct list_head list; - u64 base, end; - unsigned int count; -}; - /* Possible unfiltered LAPIC/MSI messages from untrusted sources? */ bool __read_mostly untrusted_msi; @@ -1800,17 +1794,12 @@ out: static void iommu_domain_teardown(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); - struct mapped_rmrr *mrmrr, *tmp; const struct acpi_drhd_unit *drhd; if ( list_empty(&acpi_drhd_units) ) return; - list_for_each_entry_safe ( mrmrr, tmp, &hd->arch.mapped_rmrrs, list ) - { - list_del(&mrmrr->list); - xfree(mrmrr); - } + iommu_identity_map_teardown(d); ASSERT(is_iommu_enabled(d)); @@ -1966,74 +1955,6 @@ static void iommu_set_pgd(struct domain *d) pagetable_get_paddr(pagetable_from_mfn(pgd_mfn)); } -static int rmrr_identity_mapping(struct domain *d, bool_t map, - const struct acpi_rmrr_unit *rmrr, - u32 flag) -{ - unsigned long base_pfn = rmrr->base_address >> PAGE_SHIFT_4K; - unsigned long end_pfn = PAGE_ALIGN_4K(rmrr->end_address) >> PAGE_SHIFT_4K; - struct mapped_rmrr *mrmrr; - struct domain_iommu *hd = dom_iommu(d); - - ASSERT(pcidevs_locked()); - ASSERT(rmrr->base_address < rmrr->end_address); - - /* - * No need to acquire hd->arch.mapping_lock: Both insertion and removal - * get done while holding pcidevs_lock. - */ - list_for_each_entry( mrmrr, &hd->arch.mapped_rmrrs, list ) - { - if ( mrmrr->base == rmrr->base_address && - mrmrr->end == rmrr->end_address ) - { - int ret = 0; - - if ( map ) - { - ++mrmrr->count; - return 0; - } - - if ( --mrmrr->count ) - return 0; - - while ( base_pfn < end_pfn ) - { - if ( clear_identity_p2m_entry(d, base_pfn) ) - ret = -ENXIO; - base_pfn++; - } - - list_del(&mrmrr->list); - xfree(mrmrr); - return ret; - } - } - - if ( !map ) - return -ENOENT; - - while ( base_pfn < end_pfn ) - { - int err = set_identity_p2m_entry(d, base_pfn, p2m_access_rw, flag); - - if ( err ) - return err; - base_pfn++; - } - - mrmrr = xmalloc(struct mapped_rmrr); - if ( !mrmrr ) - return -ENOMEM; - mrmrr->base = rmrr->base_address; - mrmrr->end = rmrr->end_address; - mrmrr->count = 1; - list_add_tail(&mrmrr->list, &hd->arch.mapped_rmrrs); - - return 0; -} - static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) { struct acpi_rmrr_unit *rmrr; @@ -2065,7 +1986,9 @@ static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) * Since RMRRs are always reserved in the e820 map for the hardware * domain, there shouldn't be a conflict. */ - ret = rmrr_identity_mapping(pdev->domain, 1, rmrr, 0); + ret = iommu_identity_mapping(pdev->domain, p2m_access_rw, + rmrr->base_address, rmrr->end_address, + 0); if ( ret ) dprintk(XENLOG_ERR VTDPREFIX, "d%d: RMRR mapping failed\n", pdev->domain->domain_id); @@ -2110,7 +2033,8 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) * Any flag is nothing to clear these mappings but here * its always safe and strict to set 0. */ - rmrr_identity_mapping(pdev->domain, 0, rmrr, 0); + iommu_identity_mapping(pdev->domain, p2m_access_x, rmrr->base_address, + rmrr->end_address, 0); } return domain_context_unmap(pdev->domain, devfn, pdev); @@ -2309,7 +2233,8 @@ static void __hwdom_init setup_hwdom_rmrr(struct domain *d) * domain, there shouldn't be a conflict. So its always safe and * strict to set 0. */ - ret = rmrr_identity_mapping(d, 1, rmrr, 0); + ret = iommu_identity_mapping(d, p2m_access_rw, rmrr->base_address, + rmrr->end_address, 0); if ( ret ) dprintk(XENLOG_ERR VTDPREFIX, "IOMMU: mapping reserved region failed\n"); @@ -2480,7 +2405,9 @@ static int reassign_device_ownership( * Any RMRR flag is always ignored when remove a device, * but its always safe and strict to set 0. */ - ret = rmrr_identity_mapping(source, 0, rmrr, 0); + ret = iommu_identity_mapping(source, p2m_access_x, + rmrr->base_address, + rmrr->end_address, 0); if ( ret != -ENOENT ) return ret; } @@ -2577,7 +2504,8 @@ static int intel_iommu_assign_device( PCI_BUS(bdf) == bus && PCI_DEVFN2(bdf) == devfn ) { - ret = rmrr_identity_mapping(d, 1, rmrr, flag); + ret = iommu_identity_mapping(d, p2m_access_rw, rmrr->base_address, + rmrr->end_address, flag); if ( ret ) { int rc; diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index 3d7670e8c6..829334ed99 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -139,7 +139,7 @@ int arch_iommu_domain_init(struct domain *d) struct domain_iommu *hd = dom_iommu(d); spin_lock_init(&hd->arch.mapping_lock); - INIT_LIST_HEAD(&hd->arch.mapped_rmrrs); + INIT_LIST_HEAD(&hd->arch.identity_maps); return 0; } @@ -148,6 +148,99 @@ void arch_iommu_domain_destroy(struct domain *d) { } +struct identity_map { + struct list_head list; + paddr_t base, end; + p2m_access_t access; + unsigned int count; +}; + +int iommu_identity_mapping(struct domain *d, p2m_access_t p2ma, + paddr_t base, paddr_t end, + unsigned int flag) +{ + unsigned long base_pfn = base >> PAGE_SHIFT_4K; + unsigned long end_pfn = PAGE_ALIGN_4K(end) >> PAGE_SHIFT_4K; + struct identity_map *map; + struct domain_iommu *hd = dom_iommu(d); + + ASSERT(pcidevs_locked()); + ASSERT(base < end); + + /* + * No need to acquire hd->arch.mapping_lock: Both insertion and removal + * get done while holding pcidevs_lock. + */ + list_for_each_entry( map, &hd->arch.identity_maps, list ) + { + if ( map->base == base && map->end == end ) + { + int ret = 0; + + if ( p2ma != p2m_access_x ) + { + if ( map->access != p2ma ) + return -EADDRINUSE; + ++map->count; + return 0; + } + + if ( --map->count ) + return 0; + + while ( base_pfn < end_pfn ) + { + if ( clear_identity_p2m_entry(d, base_pfn) ) + ret = -ENXIO; + base_pfn++; + } + + list_del(&map->list); + xfree(map); + + return ret; + } + + if ( end >= map->base && map->end >= base ) + return -EADDRINUSE; + } + + if ( p2ma == p2m_access_x ) + return -ENOENT; + + while ( base_pfn < end_pfn ) + { + int err = set_identity_p2m_entry(d, base_pfn, p2ma, flag); + + if ( err ) + return err; + base_pfn++; + } + + map = xmalloc(struct identity_map); + if ( !map ) + return -ENOMEM; + map->base = base; + map->end = end; + map->access = p2ma; + map->count = 1; + list_add_tail(&map->list, &hd->arch.identity_maps); + + return 0; +} + +void iommu_identity_map_teardown(struct domain *d) +{ + struct domain_iommu *hd = dom_iommu(d); + struct identity_map *map, *tmp; + + list_for_each_entry_safe ( map, tmp, &hd->arch.identity_maps, list ) + { + list_del(&map->list); + xfree(map); + } +} + static bool __hwdom_init hwdom_iommu_map(const struct domain *d, unsigned long pfn, unsigned long max_pfn) diff --git a/xen/include/asm-x86/iommu.h b/xen/include/asm-x86/iommu.h index 6c9d5e5632..aaf9455b8e 100644 --- a/xen/include/asm-x86/iommu.h +++ b/xen/include/asm-x86/iommu.h @@ -16,6 +16,7 @@ #include #include +#include #include #include #include @@ -49,7 +50,7 @@ struct arch_iommu spinlock_t mapping_lock; /* io page table lock */ int agaw; /* adjusted guest address width, 0 is level 2 30-bit */ u64 iommu_bitmap; /* bitmap of iommu(s) that the domain uses */ - struct list_head mapped_rmrrs; + struct list_head identity_maps; /* amd iommu support */ int paging_mode; @@ -112,6 +113,11 @@ static inline void iommu_disable_x2apic(void) iommu_ops.disable_x2apic(); } +int iommu_identity_mapping(struct domain *d, p2m_access_t p2ma, + paddr_t base, paddr_t end, + unsigned int flag); +void iommu_identity_map_teardown(struct domain *d); + extern bool untrusted_msi; int pi_update_irte(const struct pi_desc *pi_desc, const struct pirq *pirq, diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index 025ee0d24b..092730aa1f 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -900,6 +900,34 @@ struct p2m_domain *p2m_get_altp2m(struct vcpu *v); static inline void p2m_altp2m_check(struct vcpu *v, uint16_t idx) {} #endif +/* p2m access to IOMMU flags */ +static inline unsigned int p2m_access_to_iommu_flags(p2m_access_t p2ma) +{ + switch ( p2ma ) + { + case p2m_access_rw: + case p2m_access_rwx: + return IOMMUF_readable | IOMMUF_writable; + + case p2m_access_r: + case p2m_access_rx: + case p2m_access_rx2rw: + return IOMMUF_readable; + + case p2m_access_w: + case p2m_access_wx: + return IOMMUF_writable; + + case p2m_access_n: + case p2m_access_x: + case p2m_access_n2rwx: + return 0; + } + + ASSERT_UNREACHABLE(); + return 0; +} + /* * p2m type to IOMMU flags */ @@ -921,9 +949,10 @@ static inline unsigned int p2m_get_iommu_flags(p2m_type_t p2mt, flags = IOMMUF_readable; break; case p2m_mmio_direct: - flags = IOMMUF_readable; - if ( !rangeset_contains_singleton(mmio_ro_ranges, mfn_x(mfn)) ) - flags |= IOMMUF_writable; + flags = p2m_access_to_iommu_flags(p2ma); + if ( (flags & IOMMUF_writable) && + rangeset_contains_singleton(mmio_ro_ranges, mfn_x(mfn)) ) + flags &= ~IOMMUF_writable; break; default: flags = 0; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 07:01:05 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 07:01:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.182651.330330 (Exim 4.92) (envelope-from ) id 1mOE3V-0003MB-Bn; Thu, 09 Sep 2021 07:01:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 182651.330330; Thu, 09 Sep 2021 07:01:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE3V-0003M3-8x; Thu, 09 Sep 2021 07:01:05 +0000 Received: by outflank-mailman (input) for mailman id 182651; Thu, 09 Sep 2021 07:01:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE3T-0003G5-Q5 for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:01:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE3T-0007O6-P5 for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:01:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOE3T-0001Lv-OF for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:01:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=tSJel2IyPMdaB0fSV+nMJ3qXbMcU9yl4D6jQsovzayU=; b=kVsF5J5CFCmcVqkB6PLSNOJFi0 7GHlZHOk0zG+XZp6X3FgoZyYJrv2+Qu9PA6pA0UeQkgltPpKKGdzzgI0fE0a8w7syVprRwLsOrTOf sC3hzvySa029dFov9gIQtTtFplOYHQniS46hrnqNPWqwstm3D1GNfwIzrJFQ341kSEKU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] AMD/IOMMU: re-arrange/complete re-assignment handling Message-Id: Date: Thu, 09 Sep 2021 07:01:03 +0000 commit 19587584f2f780547a8216b1b9d5cdf3dde29131 Author: Jan Beulich AuthorDate: Wed Aug 25 15:06:08 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:06:08 2021 +0200 AMD/IOMMU: re-arrange/complete re-assignment handling Prior to the assignment step having completed successfully, devices should not get associated with their new owner. Hand the device to DomIO (perhaps temporarily), until after the de-assignment step has completed. De-assignment of a device (from other than Dom0) as well as failure of reassign_device() during assignment should result in unity mappings getting torn down. This in turn requires switching to a refcounted mapping approach, as was already used by VT-d for its RMRRs, to prevent unmapping a region used by multiple devices. This is CVE-2021-28696 / part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: 899272539cbe1acda736a850015416fff653a1b6 master date: 2021-08-25 14:16:26 +0200 --- xen/drivers/passthrough/amd/iommu.h | 6 ++- xen/drivers/passthrough/amd/iommu_map.c | 63 +++++++++++++++++------------ xen/drivers/passthrough/amd/pci_amd_iommu.c | 54 +++++++++++++++++++------ 3 files changed, 83 insertions(+), 40 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index a7a05a9b09..b36a6cd698 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -232,8 +232,10 @@ int __must_check amd_iommu_unmap_page(struct domain *d, dfn_t dfn, unsigned int *flush_flags); int __must_check amd_iommu_alloc_root(struct domain_iommu *hd); int amd_iommu_reserve_domain_unity_map(struct domain *domain, - paddr_t phys_addr, unsigned long size, - int iw, int ir); + const struct ivrs_unity_map *map, + unsigned int flag); +int amd_iommu_reserve_domain_unity_unmap(struct domain *d, + const struct ivrs_unity_map *map); int __must_check amd_iommu_flush_iotlb_pages(struct domain *d, dfn_t dfn, unsigned int page_count, unsigned int flush_flags); diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 8924daef9b..cf4da2b00a 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -420,38 +420,49 @@ int amd_iommu_flush_iotlb_all(struct domain *d) return 0; } -int amd_iommu_reserve_domain_unity_map(struct domain *domain, - paddr_t phys_addr, - unsigned long size, int iw, int ir) +int amd_iommu_reserve_domain_unity_map(struct domain *d, + const struct ivrs_unity_map *map, + unsigned int flag) { - unsigned long npages, i; - unsigned long gfn; - unsigned int flags = !!ir; - unsigned int flush_flags = 0; - int rt = 0; - - if ( iw ) - flags |= IOMMUF_writable; - - npages = region_to_pages(phys_addr, size); - gfn = phys_addr >> PAGE_SHIFT; - for ( i = 0; i < npages; i++ ) + int rc; + + if ( d == dom_io ) + return 0; + + for ( rc = 0; !rc && map; map = map->next ) { - unsigned long frame = gfn + i; + p2m_access_t p2ma = p2m_access_n; - rt = amd_iommu_map_page(domain, _dfn(frame), _mfn(frame), flags, - &flush_flags); - if ( rt != 0 ) - break; + if ( map->read ) + p2ma |= p2m_access_r; + if ( map->write ) + p2ma |= p2m_access_w; + + rc = iommu_identity_mapping(d, p2ma, map->addr, + map->addr + map->length - 1, flag); } - /* Use while-break to avoid compiler warning */ - while ( flush_flags && - amd_iommu_flush_iotlb_pages(domain, _dfn(gfn), - npages, flush_flags) ) - break; + return rc; +} + +int amd_iommu_reserve_domain_unity_unmap(struct domain *d, + const struct ivrs_unity_map *map) +{ + int rc; + + if ( d == dom_io ) + return 0; + + for ( rc = 0; map; map = map->next ) + { + int ret = iommu_identity_mapping(d, p2m_access_x, map->addr, + map->addr + map->length - 1, 0); + + if ( ret && ret != -ENOENT && !rc ) + rc = ret; + } - return rt; + return rc; } int __init amd_iommu_quarantine_init(struct domain *d) diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 59ff5c29d5..de1b471ec6 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -327,6 +327,7 @@ static int reassign_device(struct domain *source, struct domain *target, struct amd_iommu *iommu; int bdf, rc; struct domain_iommu *t = dom_iommu(target); + const struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); bdf = PCI_BDF2(pdev->bus, pdev->devfn); iommu = find_iommu_for_device(pdev->seg, bdf); @@ -341,10 +342,24 @@ static int reassign_device(struct domain *source, struct domain *target, amd_iommu_disable_domain_device(source, iommu, devfn, pdev); - if ( devfn == pdev->devfn ) + /* + * If the device belongs to the hardware domain, and it has a unity mapping, + * don't remove it from the hardware domain, because BIOS may reference that + * mapping. + */ + if ( !is_hardware_domain(source) ) { - list_move(&pdev->domain_list, &target->pdev_list); - pdev->domain = target; + rc = amd_iommu_reserve_domain_unity_unmap( + source, + ivrs_mappings[get_dma_requestor_id(pdev->seg, bdf)].unity_map); + if ( rc ) + return rc; + } + + if ( devfn == pdev->devfn && pdev->domain != dom_io ) + { + list_move(&pdev->domain_list, &dom_io->pdev_list); + pdev->domain = dom_io; } rc = allocate_domain_resources(t); @@ -356,6 +371,12 @@ static int reassign_device(struct domain *source, struct domain *target, pdev->seg, pdev->bus, PCI_SLOT(devfn), PCI_FUNC(devfn), source->domain_id, target->domain_id); + if ( devfn == pdev->devfn && pdev->domain != target ) + { + list_move(&pdev->domain_list, &target->pdev_list); + pdev->domain = target; + } + return 0; } @@ -366,20 +387,28 @@ static int amd_iommu_assign_device(struct domain *d, u8 devfn, struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); int bdf = PCI_BDF2(pdev->bus, devfn); int req_id = get_dma_requestor_id(pdev->seg, bdf); - const struct ivrs_unity_map *unity_map; + int rc = amd_iommu_reserve_domain_unity_map( + d, ivrs_mappings[req_id].unity_map, flag); + + if ( !rc ) + rc = reassign_device(pdev->domain, d, devfn, pdev); - for ( unity_map = ivrs_mappings[req_id].unity_map; unity_map; - unity_map = unity_map->next ) + if ( rc && !is_hardware_domain(d) ) { - int rc = amd_iommu_reserve_domain_unity_map( - d, unity_map->addr, unity_map->length, - unity_map->write, unity_map->read); + int ret = amd_iommu_reserve_domain_unity_unmap( + d, ivrs_mappings[req_id].unity_map); - if ( rc ) - return rc; + if ( ret ) + { + printk(XENLOG_ERR "AMD-Vi: " + "unity-unmap for %pd/%04x:%02x:%02x.%u failed (%d)\n", + d, pdev->seg, pdev->bus, + PCI_SLOT(devfn), PCI_FUNC(devfn), ret); + domain_crash(d); + } } - return reassign_device(pdev->domain, d, devfn, pdev); + return rc; } static void deallocate_next_page_table(struct page_info *pg, int level) @@ -438,6 +467,7 @@ static void deallocate_iommu_page_tables(struct domain *d) static void amd_iommu_domain_destroy(struct domain *d) { + iommu_identity_map_teardown(d); deallocate_iommu_page_tables(d); amd_iommu_flush_all_pages(d); } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 07:01:15 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 07:01:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.182653.330334 (Exim 4.92) (envelope-from ) id 1mOE3f-0003Zw-Dq; Thu, 09 Sep 2021 07:01:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 182653.330334; Thu, 09 Sep 2021 07:01:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE3f-0003Zo-AY; Thu, 09 Sep 2021 07:01:15 +0000 Received: by outflank-mailman (input) for mailman id 182653; Thu, 09 Sep 2021 07:01:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE3d-0003ZX-Tr for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:01:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE3d-0007OH-T2 for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:01:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOE3d-0001NL-SE for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:01:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=luHfE+zk+cTVudVTdAYFz2JPDHqbPMofuKooNY3JdOI=; b=lOb3yO21mnxZTmHj2ReCLkCAiz mYVm1rOaaZ0JOTn0pWYCoIKxZXHeF1M6Zwpu0QdQ9HfSoivlGnuGnPOJIBuFoaXqL26X46HYSjOfw f2iiFqAOruwOYdh09W9wzmL92b+qkKkZj3VcQnjzTv/DVyx+Efwc/Sasv8n+1TfoGu+s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] AMD/IOMMU: re-arrange exclusion range and unity map recording Message-Id: Date: Thu, 09 Sep 2021 07:01:13 +0000 commit e4c23845c24718fa17a591e52bc13ae7f80b2125 Author: Jan Beulich AuthorDate: Wed Aug 25 15:06:21 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:06:21 2021 +0200 AMD/IOMMU: re-arrange exclusion range and unity map recording The spec makes no provisions for OS behavior here to depend on the amount of RAM found on the system. While the spec may not sufficiently clearly distinguish both kinds of regions, they are surely meant to be separate things: Only regions with ACPI_IVMD_EXCLUSION_RANGE set should be candidates for putting in the exclusion range registers. (As there's only a single such pair of registers per IOMMU, secondary non-adjacent regions with the flag set already get converted to unity mapped regions.) First of all, drop the dependency on max_page. With commit b4f042236ae0 ("AMD/IOMMU: Cease using a dynamic height for the IOMMU pagetables") the use of it here was stale anyway; it was bogus already before, as it didn't account for max_page getting increased later on. Simply try an exclusion range registration first, and if it fails (for being unsuitable or non-mergeable), register a unity mapping range. With this various local variables become unnecessary and hence get dropped at the same time. With the max_page boundary dropped for using unity maps, the minimum page table tree height now needs both recording and enforcing in amd_iommu_domain_init(). Since we can't predict which devices may get assigned to a domain, our only option is to uniformly force at least that height for all domains, now that the height isn't dynamic anymore. Further don't make use of the exclusion range unless ACPI data says so. Note that exclusion range registration in register_range_for_all_devices() is on a best effort basis. Hence unity map entries also registered are redundant when the former succeeded, but they also do no harm. Improvements in this area can be done later imo. Also adjust types where suitable without touching extra lines. This is part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: 8ea80530cd0dbb8ffa7ac92606a3ee29663fdc93 master date: 2021-08-25 14:16:46 +0200 --- xen/drivers/passthrough/amd/iommu.h | 2 + xen/drivers/passthrough/amd/iommu_acpi.c | 184 ++++++++++++---------------- xen/drivers/passthrough/amd/pci_amd_iommu.c | 12 +- 3 files changed, 90 insertions(+), 108 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index b36a6cd698..fc4fd051b8 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -308,6 +308,8 @@ extern struct hpet_sbdf { } init; } hpet_sbdf; +extern int amd_iommu_min_paging_mode; + extern void *shared_intremap_table; extern unsigned long *shared_intremap_inuse; diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c b/xen/drivers/passthrough/amd/iommu_acpi.c index e2f46fa7b6..4db60daeb9 100644 --- a/xen/drivers/passthrough/amd/iommu_acpi.c +++ b/xen/drivers/passthrough/amd/iommu_acpi.c @@ -118,12 +118,8 @@ static struct amd_iommu * __init find_iommu_from_bdf_cap( } static int __init reserve_iommu_exclusion_range( - struct amd_iommu *iommu, uint64_t base, uint64_t limit, - bool all, bool iw, bool ir) + struct amd_iommu *iommu, paddr_t base, paddr_t limit, bool all) { - if ( !ir || !iw ) - return -EPERM; - /* need to extend exclusion range? */ if ( iommu->exclusion_enable ) { @@ -152,14 +148,18 @@ static int __init reserve_unity_map_for_device( { struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(seg); struct ivrs_unity_map *unity_map = ivrs_mappings[bdf].unity_map; + int paging_mode = amd_iommu_get_paging_mode(PFN_UP(base + length)); + + if ( paging_mode < 0 ) + return paging_mode; /* Check for overlaps. */ for ( ; unity_map; unity_map = unity_map->next ) { /* * Exact matches are okay. This can in particular happen when - * register_exclusion_range_for_device() calls here twice for the - * same (s,b,d,f). + * register_range_for_device() calls here twice for the same + * (s,b,d,f). */ if ( base == unity_map->addr && length == unity_map->length && ir == unity_map->read && iw == unity_map->write ) @@ -187,55 +187,52 @@ static int __init reserve_unity_map_for_device( unity_map->next = ivrs_mappings[bdf].unity_map; ivrs_mappings[bdf].unity_map = unity_map; + if ( paging_mode > amd_iommu_min_paging_mode ) + amd_iommu_min_paging_mode = paging_mode; + return 0; } -static int __init register_exclusion_range_for_all_devices( - unsigned long base, unsigned long limit, u8 iw, u8 ir) +static int __init register_range_for_all_devices( + paddr_t base, paddr_t limit, bool iw, bool ir, bool exclusion) { int seg = 0; /* XXX */ - unsigned long range_top, iommu_top, length; struct amd_iommu *iommu; - unsigned int bdf; int rc = 0; /* is part of exclusion range inside of IOMMU virtual address space? */ /* note: 'limit' parameter is assumed to be page-aligned */ - range_top = limit + PAGE_SIZE; - iommu_top = max_page * PAGE_SIZE; - if ( base < iommu_top ) - { - if ( range_top > iommu_top ) - range_top = iommu_top; - length = range_top - base; - /* reserve r/w unity-mapped page entries for devices */ - /* note: these entries are part of the exclusion range */ - for ( bdf = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) - rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); - /* push 'base' just outside of virtual address space */ - base = iommu_top; - } - /* register IOMMU exclusion range settings */ - if ( !rc && limit >= iommu_top ) + if ( exclusion ) { for_each_amd_iommu( iommu ) { - rc = reserve_iommu_exclusion_range(iommu, base, limit, - true /* all */, iw, ir); - if ( rc ) - break; + int ret = reserve_iommu_exclusion_range(iommu, base, limit, + true /* all */); + + if ( ret && !rc ) + rc = ret; } } + if ( !exclusion || rc ) + { + paddr_t length = limit + PAGE_SIZE - base; + unsigned int bdf; + + /* reserve r/w unity-mapped page entries for devices */ + for ( bdf = rc = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) + rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); + } + return rc; } -static int __init register_exclusion_range_for_device( - u16 bdf, unsigned long base, unsigned long limit, u8 iw, u8 ir) +static int __init register_range_for_device( + unsigned int bdf, paddr_t base, paddr_t limit, + bool iw, bool ir, bool exclusion) { int seg = 0; /* XXX */ struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(seg); - unsigned long range_top, iommu_top, length; struct amd_iommu *iommu; u16 req; int rc = 0; @@ -249,27 +246,19 @@ static int __init register_exclusion_range_for_device( req = ivrs_mappings[bdf].dte_requestor_id; /* note: 'limit' parameter is assumed to be page-aligned */ - range_top = limit + PAGE_SIZE; - iommu_top = max_page * PAGE_SIZE; - if ( base < iommu_top ) + if ( exclusion ) + rc = reserve_iommu_exclusion_range(iommu, base, limit, + false /* all */); + if ( !exclusion || rc ) { - if ( range_top > iommu_top ) - range_top = iommu_top; - length = range_top - base; + paddr_t length = limit + PAGE_SIZE - base; + /* reserve unity-mapped page entries for device */ - /* note: these entries are part of the exclusion range */ rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir) ?: reserve_unity_map_for_device(seg, req, base, length, iw, ir); - - /* push 'base' just outside of virtual address space */ - base = iommu_top; } - - /* register IOMMU exclusion range settings for device */ - if ( !rc && limit >= iommu_top ) + else { - rc = reserve_iommu_exclusion_range(iommu, base, limit, - false /* all */, iw, ir); ivrs_mappings[bdf].dte_allow_exclusion = true; ivrs_mappings[req].dte_allow_exclusion = true; } @@ -277,53 +266,42 @@ static int __init register_exclusion_range_for_device( return rc; } -static int __init register_exclusion_range_for_iommu_devices( - struct amd_iommu *iommu, - unsigned long base, unsigned long limit, u8 iw, u8 ir) +static int __init register_range_for_iommu_devices( + struct amd_iommu *iommu, paddr_t base, paddr_t limit, + bool iw, bool ir, bool exclusion) { - unsigned long range_top, iommu_top, length; + /* note: 'limit' parameter is assumed to be page-aligned */ + paddr_t length = limit + PAGE_SIZE - base; unsigned int bdf; u16 req; - int rc = 0; + int rc; - /* is part of exclusion range inside of IOMMU virtual address space? */ - /* note: 'limit' parameter is assumed to be page-aligned */ - range_top = limit + PAGE_SIZE; - iommu_top = max_page * PAGE_SIZE; - if ( base < iommu_top ) + if ( exclusion ) { - if ( range_top > iommu_top ) - range_top = iommu_top; - length = range_top - base; - /* reserve r/w unity-mapped page entries for devices */ - /* note: these entries are part of the exclusion range */ - for ( bdf = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) - { - if ( iommu == find_iommu_for_device(iommu->seg, bdf) ) - { - req = get_ivrs_mappings(iommu->seg)[bdf].dte_requestor_id; - rc = reserve_unity_map_for_device(iommu->seg, bdf, base, length, - iw, ir) ?: - reserve_unity_map_for_device(iommu->seg, req, base, length, - iw, ir); - } - } - - /* push 'base' just outside of virtual address space */ - base = iommu_top; + rc = reserve_iommu_exclusion_range(iommu, base, limit, true /* all */); + if ( !rc ) + return 0; } - /* register IOMMU exclusion range settings */ - if ( !rc && limit >= iommu_top ) - rc = reserve_iommu_exclusion_range(iommu, base, limit, - true /* all */, iw, ir); + /* reserve unity-mapped page entries for devices */ + for ( bdf = rc = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) + { + if ( iommu != find_iommu_for_device(iommu->seg, bdf) ) + continue; + + req = get_ivrs_mappings(iommu->seg)[bdf].dte_requestor_id; + rc = reserve_unity_map_for_device(iommu->seg, bdf, base, length, + iw, ir) ?: + reserve_unity_map_for_device(iommu->seg, req, base, length, + iw, ir); + } return rc; } static int __init parse_ivmd_device_select( const struct acpi_ivrs_memory *ivmd_block, - unsigned long base, unsigned long limit, u8 iw, u8 ir) + paddr_t base, paddr_t limit, bool iw, bool ir, bool exclusion) { u16 bdf; @@ -334,12 +312,12 @@ static int __init parse_ivmd_device_select( return -ENODEV; } - return register_exclusion_range_for_device(bdf, base, limit, iw, ir); + return register_range_for_device(bdf, base, limit, iw, ir, exclusion); } static int __init parse_ivmd_device_range( const struct acpi_ivrs_memory *ivmd_block, - unsigned long base, unsigned long limit, u8 iw, u8 ir) + paddr_t base, paddr_t limit, bool iw, bool ir, bool exclusion) { unsigned int first_bdf, last_bdf, bdf; int error; @@ -361,15 +339,15 @@ static int __init parse_ivmd_device_range( } for ( bdf = first_bdf, error = 0; (bdf <= last_bdf) && !error; bdf++ ) - error = register_exclusion_range_for_device( - bdf, base, limit, iw, ir); + error = register_range_for_device( + bdf, base, limit, iw, ir, exclusion); return error; } static int __init parse_ivmd_device_iommu( const struct acpi_ivrs_memory *ivmd_block, - unsigned long base, unsigned long limit, u8 iw, u8 ir) + paddr_t base, paddr_t limit, bool iw, bool ir, bool exclusion) { int seg = 0; /* XXX */ struct amd_iommu *iommu; @@ -384,14 +362,14 @@ static int __init parse_ivmd_device_iommu( return -ENODEV; } - return register_exclusion_range_for_iommu_devices( - iommu, base, limit, iw, ir); + return register_range_for_iommu_devices( + iommu, base, limit, iw, ir, exclusion); } static int __init parse_ivmd_block(const struct acpi_ivrs_memory *ivmd_block) { unsigned long start_addr, mem_length, base, limit; - u8 iw, ir; + bool iw = true, ir = true, exclusion = false; if ( ivmd_block->header.length < sizeof(*ivmd_block) ) { @@ -408,13 +386,11 @@ static int __init parse_ivmd_block(const struct acpi_ivrs_memory *ivmd_block) ivmd_block->header.type, start_addr, mem_length); if ( ivmd_block->header.flags & ACPI_IVMD_EXCLUSION_RANGE ) - iw = ir = IOMMU_CONTROL_ENABLED; + exclusion = true; else if ( ivmd_block->header.flags & ACPI_IVMD_UNITY ) { - iw = ivmd_block->header.flags & ACPI_IVMD_READ ? - IOMMU_CONTROL_ENABLED : IOMMU_CONTROL_DISABLED; - ir = ivmd_block->header.flags & ACPI_IVMD_WRITE ? - IOMMU_CONTROL_ENABLED : IOMMU_CONTROL_DISABLED; + iw = ivmd_block->header.flags & ACPI_IVMD_READ; + ir = ivmd_block->header.flags & ACPI_IVMD_WRITE; } else { @@ -425,20 +401,20 @@ static int __init parse_ivmd_block(const struct acpi_ivrs_memory *ivmd_block) switch( ivmd_block->header.type ) { case ACPI_IVRS_TYPE_MEMORY_ALL: - return register_exclusion_range_for_all_devices( - base, limit, iw, ir); + return register_range_for_all_devices( + base, limit, iw, ir, exclusion); case ACPI_IVRS_TYPE_MEMORY_ONE: - return parse_ivmd_device_select(ivmd_block, - base, limit, iw, ir); + return parse_ivmd_device_select(ivmd_block, base, limit, + iw, ir, exclusion); case ACPI_IVRS_TYPE_MEMORY_RANGE: - return parse_ivmd_device_range(ivmd_block, - base, limit, iw, ir); + return parse_ivmd_device_range(ivmd_block, base, limit, + iw, ir, exclusion); case ACPI_IVRS_TYPE_MEMORY_IOMMU: - return parse_ivmd_device_iommu(ivmd_block, - base, limit, iw, ir); + return parse_ivmd_device_iommu(ivmd_block, base, limit, + iw, ir, exclusion); default: AMD_IOMMU_DEBUG("IVMD Error: Invalid Block Type!\n"); diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index de1b471ec6..3f632e5e10 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -231,6 +231,8 @@ static int __must_check allocate_domain_resources(struct domain_iommu *hd) return rc; } +int __read_mostly amd_iommu_min_paging_mode = 1; + static int amd_iommu_domain_init(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); @@ -242,11 +244,13 @@ static int amd_iommu_domain_init(struct domain *d) * - HVM could in principle use 3 or 4 depending on how much guest * physical address space we give it, but this isn't known yet so use 4 * unilaterally. + * - Unity maps may require an even higher number. */ - hd->arch.paging_mode = amd_iommu_get_paging_mode( - is_hvm_domain(d) - ? 1ul << (DEFAULT_DOMAIN_ADDRESS_WIDTH - PAGE_SHIFT) - : get_upper_mfn_bound() + 1); + hd->arch.paging_mode = max(amd_iommu_get_paging_mode( + is_hvm_domain(d) + ? 1ul << (DEFAULT_DOMAIN_ADDRESS_WIDTH - PAGE_SHIFT) + : get_upper_mfn_bound() + 1), + amd_iommu_min_paging_mode); return 0; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 07:01:25 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 07:01:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.182655.330338 (Exim 4.92) (envelope-from ) id 1mOE3p-0003dB-Fi; Thu, 09 Sep 2021 07:01:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 182655.330338; Thu, 09 Sep 2021 07:01:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE3p-0003d3-CC; Thu, 09 Sep 2021 07:01:25 +0000 Received: by outflank-mailman (input) for mailman id 182655; Thu, 09 Sep 2021 07:01:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE3o-0003cm-1T for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:01:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE3o-0007OT-0e for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:01:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOE3n-0001Om-Vt for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:01:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=uS5jkLF71VuHUJbG4TV1EijONpNNuPkSKZL0YNu8oNQ=; b=wmLejgvvbeCKiMD/WS5E1nu8M7 jugxLt2rOERt8cf7FMz7YoFip1u3qlpKCHzIqwnV9Pck1g4nKULaTRxGZEjf9RdMgBroOq2wlv/HK yH1LkfJhqSfE7eBsYvLliXQoq0i2xRFHKWDNfm2EGvRqJ2aeTU9x4k9wL7uvp0WQStPw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/p2m: introduce p2m_is_special() Message-Id: Date: Thu, 09 Sep 2021 07:01:23 +0000 commit 968526568c5519e32298b5cef8f05a6caee5f721 Author: Jan Beulich AuthorDate: Wed Aug 25 15:06:35 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:06:35 2021 +0200 x86/p2m: introduce p2m_is_special() Seeing the similarity of grant, foreign, and (subsequently) direct-MMIO handling, introduce a new P2M type group named "special" (as in "needing special accessors to create/destroy"). Also use -EPERM instead of other error codes on the two domain_crash() paths touched. This is part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: 0bf755e2c856628e11e93c76c3e12974e9964638 master date: 2021-08-25 14:17:07 +0200 --- xen/arch/x86/mm/p2m.c | 15 +++++++-------- xen/include/asm-x86/p2m.h | 5 +++++ 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index a8d53d325e..1877af8ac4 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -807,7 +807,7 @@ p2m_remove_page(struct p2m_domain *p2m, gfn_t gfn, mfn_t mfn, for ( i = 0; i < (1UL << page_order); i++ ) { p2m->get_entry(p2m, gfn_add(gfn, i), &t, &a, 0, NULL, NULL); - if ( !p2m_is_grant(t) && !p2m_is_shared(t) && !p2m_is_foreign(t) ) + if ( !p2m_is_special(t) && !p2m_is_shared(t) ) set_gpfn_from_mfn(mfn_x(mfn) + i, INVALID_M2P_ENTRY); } } @@ -935,13 +935,13 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, &ot, &a, 0, NULL, NULL); ASSERT(!p2m_is_shared(ot)); } - if ( p2m_is_grant(ot) || p2m_is_foreign(ot) ) + if ( p2m_is_special(ot) ) { - /* Really shouldn't be unmapping grant/foreign maps this way */ + /* Don't permit unmapping grant/foreign this way. */ domain_crash(d); p2m_unlock(p2m); - return -EINVAL; + return -EPERM; } else if ( p2m_is_ram(ot) && !p2m_is_paged(ot) ) { @@ -1035,8 +1035,7 @@ int p2m_change_type_one(struct domain *d, unsigned long gfn_l, struct p2m_domain *p2m = p2m_get_hostp2m(d); int rc; - BUG_ON(p2m_is_grant(ot) || p2m_is_grant(nt)); - BUG_ON(p2m_is_foreign(ot) || p2m_is_foreign(nt)); + BUG_ON(p2m_is_special(ot) || p2m_is_special(nt)); gfn_lock(p2m, gfn, 0); @@ -1283,11 +1282,11 @@ static int set_typed_p2m_entry(struct domain *d, unsigned long gfn_l, gfn_unlock(p2m, gfn, order); return cur_order + 1; } - if ( p2m_is_grant(ot) || p2m_is_foreign(ot) ) + if ( p2m_is_special(ot) ) { gfn_unlock(p2m, gfn, order); domain_crash(d); - return -ENOENT; + return -EPERM; } else if ( p2m_is_ram(ot) ) { diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index 092730aa1f..a06ccbc474 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -141,6 +141,10 @@ typedef unsigned int p2m_query_t; | p2m_to_mask(p2m_ram_logdirty) ) #define P2M_SHARED_TYPES (p2m_to_mask(p2m_ram_shared)) +/* Types established/cleaned up via special accessors. */ +#define P2M_SPECIAL_TYPES (P2M_GRANT_TYPES | \ + p2m_to_mask(p2m_map_foreign)) + /* Valid types not necessarily associated with a (valid) MFN. */ #define P2M_INVALID_MFN_TYPES (P2M_POD_TYPES \ | p2m_to_mask(p2m_mmio_direct) \ @@ -169,6 +173,7 @@ typedef unsigned int p2m_query_t; #define p2m_is_paged(_t) (p2m_to_mask(_t) & P2M_PAGED_TYPES) #define p2m_is_sharable(_t) (p2m_to_mask(_t) & P2M_SHARABLE_TYPES) #define p2m_is_shared(_t) (p2m_to_mask(_t) & P2M_SHARED_TYPES) +#define p2m_is_special(_t) (p2m_to_mask(_t) & P2M_SPECIAL_TYPES) #define p2m_is_broken(_t) (p2m_to_mask(_t) & P2M_BROKEN_TYPES) #define p2m_is_foreign(_t) (p2m_to_mask(_t) & p2m_to_mask(p2m_map_foreign)) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 07:01:35 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 07:01:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.182657.330342 (Exim 4.92) (envelope-from ) id 1mOE3z-0003h7-J3; Thu, 09 Sep 2021 07:01:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 182657.330342; Thu, 09 Sep 2021 07:01:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE3z-0003gy-Fq; Thu, 09 Sep 2021 07:01:35 +0000 Received: by outflank-mailman (input) for mailman id 182657; Thu, 09 Sep 2021 07:01:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE3y-0003gZ-6B for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:01:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE3y-0007Oh-5L for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:01:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOE3y-0001Q7-4R for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:01:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=baCVnbCP/hExmQinPFFwSfDIqtSy3b+n0SLFb2bdCOM=; b=UOJV9xSSh4zJ0Cpmlvni6ACqUa 4pe2GdnlRoXIWTV9BFP4iRkaChJsJZRB5SJirEED5X+u2/cOx8+cXP7l7Pb+qAQ6kNC6JOYeJxgnl QFuH03r4B3223h66XaS4EZvrX/T+OubooAZqd7puzvDDAa4lnA4g7euPjybpkfCunnG8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/p2m: guard (in particular) identity mapping entries Message-Id: Date: Thu, 09 Sep 2021 07:01:34 +0000 commit 6f4c2146893c10ec17e854242613428f96e86757 Author: Jan Beulich AuthorDate: Wed Aug 25 15:06:51 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:06:51 2021 +0200 x86/p2m: guard (in particular) identity mapping entries Such entries, created by set_identity_p2m_entry(), should only be destroyed by clear_identity_p2m_entry(). However, similarly, entries created by set_mmio_p2m_entry() should only be torn down by clear_mmio_p2m_entry(), so the logic gets based upon p2m_mmio_direct as the entry type (separation between "ordinary" and 1:1 mappings would require a further indicator to tell apart the two). As to the guest_remove_page() change, commit 48dfb297a20a ("x86/PVH: allow guest_remove_page to remove p2m_mmio_direct pages"), which introduced the call to clear_mmio_p2m_entry(), claimed this was done for hwdom only without this actually having been the case. However, this code shouldn't be there in the first place, as MMIO entries shouldn't be dropped this way. Avoid triggering the warning again that 48dfb297a20a silenced by an adjustment to xenmem_add_to_physmap_one() instead. Note that guest_physmap_mark_populate_on_demand() gets tightened beyond the immediate purpose of this change. Note also that I didn't inspect code which isn't security supported, e.g. sharing, paging, or altp2m. This is CVE-2021-28694 / part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: 753cb68e653002e89fdcd1c80e52905fdbfb78cb master date: 2021-08-25 14:17:32 +0200 --- xen/arch/x86/mm.c | 4 +++- xen/arch/x86/mm/p2m-pod.c | 12 ++++++------ xen/arch/x86/mm/p2m.c | 11 ++++++----- xen/common/memory.c | 11 ++++++++++- xen/include/asm-x86/p2m.h | 5 ++--- 5 files changed, 27 insertions(+), 16 deletions(-) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 61cf6a7b9b..1282ad1e87 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -4652,7 +4652,9 @@ int xenmem_add_to_physmap_one( /* Remove previously mapped page if it was present. */ prev_mfn = get_gfn(d, gfn_x(gpfn), &p2mt); - if ( mfn_valid(prev_mfn) ) + if ( p2mt == p2m_mmio_direct ) + rc = -EPERM; + else if ( mfn_valid(prev_mfn) ) { if ( is_special_page(mfn_to_page(prev_mfn)) ) /* Special pages are simply unhooked from this phys slot. */ diff --git a/xen/arch/x86/mm/p2m-pod.c b/xen/arch/x86/mm/p2m-pod.c index 48e609d1ed..b64f561fa7 100644 --- a/xen/arch/x86/mm/p2m-pod.c +++ b/xen/arch/x86/mm/p2m-pod.c @@ -1292,17 +1292,17 @@ guest_physmap_mark_populate_on_demand(struct domain *d, unsigned long gfn_l, p2m->get_entry(p2m, gfn_add(gfn, i), &ot, &a, 0, &cur_order, NULL); n = 1UL << min(order, cur_order); - if ( p2m_is_ram(ot) ) + if ( ot == p2m_populate_on_demand ) + { + /* Count how many PoD entries we'll be replacing if successful */ + pod_count += n; + } + else if ( ot != p2m_invalid && ot != p2m_mmio_dm ) { P2M_DEBUG("gfn_to_mfn returned type %d!\n", ot); rc = -EBUSY; goto out; } - else if ( ot == p2m_populate_on_demand ) - { - /* Count how man PoD entries we'll be replacing if successful */ - pod_count += n; - } } /* Now, actually do the two-way mapping */ diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 1877af8ac4..5005844b57 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -795,7 +795,8 @@ p2m_remove_page(struct p2m_domain *p2m, gfn_t gfn, mfn_t mfn, &cur_order, NULL); if ( p2m_is_valid(t) && - (!mfn_valid(mfn) || !mfn_eq(mfn_add(mfn, i), mfn_return)) ) + (!mfn_valid(mfn) || t == p2m_mmio_direct || + !mfn_eq(mfn_add(mfn, i), mfn_return)) ) return -EILSEQ; i += (1UL << cur_order) - @@ -893,7 +894,7 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, if ( p2m_is_foreign(t) ) return -EINVAL; - if ( !mfn_valid(mfn) ) + if ( !mfn_valid(mfn) || t == p2m_mmio_direct ) { ASSERT_UNREACHABLE(); return -EINVAL; @@ -937,7 +938,7 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, } if ( p2m_is_special(ot) ) { - /* Don't permit unmapping grant/foreign this way. */ + /* Don't permit unmapping grant/foreign/direct-MMIO this way. */ domain_crash(d); p2m_unlock(p2m); @@ -1387,8 +1388,8 @@ int set_identity_p2m_entry(struct domain *d, unsigned long gfn_l, * order+1 for caller to retry with order (guaranteed smaller than * the order value passed in) */ -int clear_mmio_p2m_entry(struct domain *d, unsigned long gfn_l, mfn_t mfn, - unsigned int order) +static int clear_mmio_p2m_entry(struct domain *d, unsigned long gfn_l, + mfn_t mfn, unsigned int order) { int rc = -EINVAL; gfn_t gfn = _gfn(gfn_l); diff --git a/xen/common/memory.c b/xen/common/memory.c index 5c5075ae41..2433e8ddf8 100644 --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -329,7 +329,7 @@ int guest_remove_page(struct domain *d, unsigned long gmfn) } if ( p2mt == p2m_mmio_direct ) { - rc = clear_mmio_p2m_entry(d, gmfn, mfn, PAGE_ORDER_4K); + rc = -EPERM; goto out_put_gfn; } #else @@ -1721,6 +1721,15 @@ int check_get_page_from_gfn(struct domain *d, gfn_t gfn, bool readonly, return -EAGAIN; } #endif +#ifdef CONFIG_X86 + if ( p2mt == p2m_mmio_direct ) + { + if ( page ) + put_page(page); + + return -EPERM; + } +#endif if ( !page ) return -EINVAL; diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index a06ccbc474..9be4a9c58e 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -143,7 +143,8 @@ typedef unsigned int p2m_query_t; /* Types established/cleaned up via special accessors. */ #define P2M_SPECIAL_TYPES (P2M_GRANT_TYPES | \ - p2m_to_mask(p2m_map_foreign)) + p2m_to_mask(p2m_map_foreign) | \ + p2m_to_mask(p2m_mmio_direct)) /* Valid types not necessarily associated with a (valid) MFN. */ #define P2M_INVALID_MFN_TYPES (P2M_POD_TYPES \ @@ -645,8 +646,6 @@ int set_foreign_p2m_entry(struct domain *d, unsigned long gfn, mfn_t mfn); /* Set mmio addresses in the p2m table (for pass-through) */ int set_mmio_p2m_entry(struct domain *d, gfn_t gfn, mfn_t mfn, unsigned int order); -int clear_mmio_p2m_entry(struct domain *d, unsigned long gfn, mfn_t mfn, - unsigned int order); /* Set identity addresses in the p2m table (for pass-through) */ int set_identity_p2m_entry(struct domain *d, unsigned long gfn, -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 07:01:44 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 07:01:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.182659.330347 (Exim 4.92) (envelope-from ) id 1mOE48-0003jz-Kh; Thu, 09 Sep 2021 07:01:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 182659.330347; Thu, 09 Sep 2021 07:01:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE48-0003jr-HU; Thu, 09 Sep 2021 07:01:44 +0000 Received: by outflank-mailman (input) for mailman id 182659; Thu, 09 Sep 2021 07:01:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE48-0003jd-AA for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:01:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE48-0007Or-9I for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:01:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOE48-0001RW-8K for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:01:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=9QOpN/QMATvK4b0XB6/5OE+RnKiDYenVqcgh9MQyJ4o=; b=TxmV/vq+cKxTo9xn5W8ay7Fp1W 3ecyBSZNTsZgMejU2VefFlAgXR8XA+qkDjV/4pOzaZd5LMAU4YKqcUm8NwqWk3hsnRcu00J46r8XI ddnC3u1k97B+1ITwEYXHqPR21kqnqFaBh+Vg7EgKYEhVJSPI5bXYeyuy5xw4W3/WRhFg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/mm: widen locked region in xenmem_add_to_physmap_one() Message-Id: Date: Thu, 09 Sep 2021 07:01:44 +0000 commit 98bcd536c24ea35dcaed84cc35ce0f6c938ba9d6 Author: Jan Beulich AuthorDate: Wed Aug 25 15:07:09 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:07:09 2021 +0200 x86/mm: widen locked region in xenmem_add_to_physmap_one() For pages which can be made part of the P2M by the guest, but which can also later be de-allocated (grant table v2 status pages being the present example), it is imperative that they be mapped at no more than a single GFN. We therefore need to make sure that of two parallel XENMAPSPACE_grant_table requests for the same status page one completes before the second checks at which other GFN the underlying MFN is presently mapped. Pull ahead the respective get_gfn() and push down the respective put_gfn(). This leverages that gfn_lock() really aliases p2m_lock(), but the function makes this assumption already anyway: In the XENMAPSPACE_gmfn case lock nesting constraints for both involved GFNs would otherwise need to be enforced to avoid ABBA deadlocks. This is CVE-2021-28697 / XSA-379. Signed-off-by: Jan Beulich Reviewed-by: Julien Grall master commit: f147422bf9476fb8161b43e35f5901571ed17c35 master date: 2021-08-25 14:17:56 +0200 --- xen/arch/x86/mm.c | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 1282ad1e87..56bad5b3ea 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -4650,8 +4650,20 @@ int xenmem_add_to_physmap_one( goto put_both; } - /* Remove previously mapped page if it was present. */ + /* + * Note that we're (ab)using GFN locking (to really be locking of the + * entire P2M) here in (at least) two ways: Finer grained locking would + * expose lock order violations in the XENMAPSPACE_gmfn case (due to the + * earlier get_gfn_unshare() above). Plus at the very least for the grant + * table v2 status page case we need to guarantee that the same page can + * only appear at a single GFN. While this is a property we want in + * general, for pages which can subsequently be freed this imperative: + * Upon freeing we wouldn't be able to find other mappings in the P2M + * (unless we did a brute force search). + */ prev_mfn = get_gfn(d, gfn_x(gpfn), &p2mt); + + /* Remove previously mapped page if it was present. */ if ( p2mt == p2m_mmio_direct ) rc = -EPERM; else if ( mfn_valid(prev_mfn) ) @@ -4663,27 +4675,21 @@ int xenmem_add_to_physmap_one( /* Normal domain memory is freed, to avoid leaking memory. */ rc = guest_remove_page(d, gfn_x(gpfn)); } - /* In the XENMAPSPACE_gmfn case we still hold a ref on the old page. */ - put_gfn(d, gfn_x(gpfn)); - - if ( rc ) - goto put_both; /* Unmap from old location, if any. */ old_gpfn = get_gpfn_from_mfn(mfn_x(mfn)); ASSERT(!SHARED_M2P(old_gpfn)); if ( space == XENMAPSPACE_gmfn && old_gpfn != gfn ) - { rc = -EXDEV; - goto put_both; - } - if ( old_gpfn != INVALID_M2P_ENTRY ) + else if ( !rc && old_gpfn != INVALID_M2P_ENTRY ) rc = guest_physmap_remove_page(d, _gfn(old_gpfn), mfn, PAGE_ORDER_4K); /* Map at new location. */ if ( !rc ) rc = guest_physmap_add_page(d, gpfn, mfn, PAGE_ORDER_4K); + put_gfn(d, gfn_x(gpfn)); + put_both: /* * In the XENMAPSPACE_gmfn case, we took a ref of the gfn at the top. -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 07:01:55 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 07:01:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.182661.330350 (Exim 4.92) (envelope-from ) id 1mOE4J-0003mw-Lt; Thu, 09 Sep 2021 07:01:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 182661.330350; Thu, 09 Sep 2021 07:01:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE4J-0003mo-J4; Thu, 09 Sep 2021 07:01:55 +0000 Received: by outflank-mailman (input) for mailman id 182661; Thu, 09 Sep 2021 07:01:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE4I-0003md-Dm for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:01:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE4I-0007PJ-D3 for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:01:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOE4I-0001T1-CG for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:01:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=eCuxWeB4jDdyXtehgvpp/P8MrY2lvuSnt217j//bePE=; b=Tt3LqrZhnB0DtB3/269DmZ8a4Z +whM5DXYx4kDqyMDE73i/YpL+OPq7uWQqUQjyoEjbl/jrwI1PqTMIQqXxjmB/AbyUx2TqG3NEUtDA TDYtonERyNyMHMxIkPSR5gFWtSDn1nsCHfIvbWUY2ea/1TN/QHnsbQ+tPBYSYbtAnHxg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] gnttab: add preemption check to gnttab_release_mappings() Message-Id: Date: Thu, 09 Sep 2021 07:01:54 +0000 commit 29aeeda345168a70facfd7c7ef16fbea6d447061 Author: Jan Beulich AuthorDate: Wed Aug 25 15:07:25 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:07:25 2021 +0200 gnttab: add preemption check to gnttab_release_mappings() A guest may die with many grant mappings still in place, or simply with a large maptrack table. Iterating through this may take more time than is reasonable without intermediate preemption (to run softirqs and perhaps the scheduler). Move the invocation of the function to the section where other restartable functions get invoked, and have the function itself check for preemption every once in a while. Have it iterate the table backwards, such that decreasing the maptrack limit is all it takes to convey restart information. In domain_teardown() introduce PROG_none such that inserting at the front will be easier going forward. This is part of CVE-2021-28698 / XSA-380. Reported-by: Andrew Cooper Signed-off-by: Jan Beulich Reviewed-by: Julien Grall master commit: b1ee10be5625b7d502cef1e6ee3818610ab0d29c master date: 2021-08-25 14:18:18 +0200 --- xen/common/domain.c | 4 +++- xen/common/grant_table.c | 46 ++++++++++++++++++++++++++++++++++++------- xen/include/xen/grant_table.h | 6 ++---- 3 files changed, 44 insertions(+), 12 deletions(-) diff --git a/xen/common/domain.c b/xen/common/domain.c index 7bacf7cfed..b556696c87 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -721,11 +721,13 @@ int domain_kill(struct domain *d) return domain_kill(d); d->is_dying = DOMDYING_dying; argo_destroy(d); - gnttab_release_mappings(d); vnuma_destroy(d->vnuma); domain_set_outstanding_pages(d, 0); /* fallthrough */ case DOMDYING_dying: + rc = gnttab_release_mappings(d); + if ( rc ) + break; rc = evtchn_destroy(d); if ( rc ) break; diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 5239d1395c..74c73e1ef6 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -64,7 +64,13 @@ struct grant_table { unsigned int nr_grant_frames; /* Number of grant status frames shared with guest (for version 2) */ unsigned int nr_status_frames; - /* Number of available maptrack entries. */ + /* + * Number of available maptrack entries. For cleanup purposes it is + * important to realize that this field and @maptrack further down will + * only ever be accessed by the local domain. Thus it is okay to clean + * up early, and to shrink the limit for the purpose of tracking cleanup + * progress. + */ unsigned int maptrack_limit; /* Shared grant table (see include/public/grant_table.h). */ union { @@ -3708,9 +3714,7 @@ do_grant_table_op( #include "compat/grant_table.c" #endif -void -gnttab_release_mappings( - struct domain *d) +int gnttab_release_mappings(struct domain *d) { struct grant_table *gt = d->grant_table, *rgt; struct grant_mapping *map; @@ -3724,10 +3728,34 @@ gnttab_release_mappings( BUG_ON(!d->is_dying); - for ( handle = 0; handle < gt->maptrack_limit; handle++ ) + if ( !gt || !gt->maptrack ) + return 0; + + for ( handle = gt->maptrack_limit; handle; ) { unsigned int clear_flags = 0; + /* + * Deal with full pages such that their freeing (in the body of the + * if()) remains simple. + */ + if ( handle < gt->maptrack_limit && !(handle % MAPTRACK_PER_PAGE) ) + { + /* + * Changing maptrack_limit alters nr_maptrack_frames()'es return + * value. Free the then excess trailing page right here, rather + * than leaving it to grant_table_destroy() (and in turn requiring + * to leave gt->maptrack_limit unaltered). + */ + gt->maptrack_limit = handle; + FREE_XENHEAP_PAGE(gt->maptrack[nr_maptrack_frames(gt)]); + + if ( hypercall_preempt_check() ) + return -ERESTART; + } + + --handle; + map = &maptrack_entry(gt, handle); if ( !(map->flags & (GNTMAP_device_map|GNTMAP_host_map)) ) continue; @@ -3818,6 +3846,11 @@ gnttab_release_mappings( map->flags = 0; } + + gt->maptrack_limit = 0; + FREE_XENHEAP_PAGE(gt->maptrack[0]); + + return 0; } void grant_table_warn_active_grants(struct domain *d) @@ -3881,8 +3914,7 @@ grant_table_destroy( free_xenheap_page(t->shared_raw[i]); xfree(t->shared_raw); - for ( i = 0; i < nr_maptrack_frames(t); i++ ) - free_xenheap_page(t->maptrack[i]); + ASSERT(!t->maptrack_limit); vfree(t->maptrack); for ( i = 0; i < nr_active_grant_frames(t); i++ ) diff --git a/xen/include/xen/grant_table.h b/xen/include/xen/grant_table.h index 98603604b8..ab4726bdc4 100644 --- a/xen/include/xen/grant_table.h +++ b/xen/include/xen/grant_table.h @@ -47,9 +47,7 @@ void grant_table_init_vcpu(struct vcpu *v); void grant_table_warn_active_grants(struct domain *d); /* Domain death release of granted mappings of other domains' memory. */ -void -gnttab_release_mappings( - struct domain *d); +int gnttab_release_mappings(struct domain *d); int mem_sharing_gref_to_gfn(struct grant_table *gt, grant_ref_t ref, gfn_t *gfn, uint16_t *status); @@ -78,7 +76,7 @@ static inline void grant_table_init_vcpu(struct vcpu *v) {} static inline void grant_table_warn_active_grants(struct domain *d) {} -static inline void gnttab_release_mappings(struct domain *d) {} +static inline int gnttab_release_mappings(struct domain *d) { return 0; } static inline int mem_sharing_gref_to_gfn(struct grant_table *gt, grant_ref_t ref, -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 07:02:05 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 07:02:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.182663.330354 (Exim 4.92) (envelope-from ) id 1mOE4T-0003pv-Na; Thu, 09 Sep 2021 07:02:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 182663.330354; Thu, 09 Sep 2021 07:02:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE4T-0003pn-Ke; Thu, 09 Sep 2021 07:02:05 +0000 Received: by outflank-mailman (input) for mailman id 182663; Thu, 09 Sep 2021 07:02:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE4S-0003pc-Hq for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:02:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE4S-0007Pj-H0 for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:02:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOE4S-0001U7-G9 for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:02:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=iRfByb5HNcN33loNh6ZJQGv00XGEo7FnZqDaPIG+ARM=; b=hnCz81ULxK7mu1+jZe0hgjrxeQ /hIZDjkMbkPCB42lY91YxjY9SclyYajuaCRWL2RI7hixDogBvcFsNn5RegwOAXvUBwP9tW8IXVMF5 6nDDfg4pHMmmX4N8cNWqJuWW59YVPLijFx6TNEKTXBO9TfQHx9/mwityawKEjl9CroEg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] gnttab: replace mapkind() Message-Id: Date: Thu, 09 Sep 2021 07:02:04 +0000 commit b81187fc4032be56be712f0126c7215f243093ed Author: Jan Beulich AuthorDate: Wed Aug 25 15:07:40 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:07:40 2021 +0200 gnttab: replace mapkind() mapkind() doesn't scale very well with larger maptrack entry counts, using a brute force linear search through all entries, with the only option of an early loop exit if a matching writable entry was found. Introduce a radix tree alongside the main maptrack table, thus allowing much faster MFN-based lookup. To avoid the need to actually allocate space for the individual nodes, encode the two counters in the node pointers themselves, thus limiting the number of permitted simultaneous r/o and r/w mappings of the same MFN to 2³¹-1 (64-bit) / 2¹⁵-1 (32-bit) each. To avoid enforcing an unnecessarily low bound on the number of simultaneous mappings of a single MFN, introduce radix_tree_{ulong_to_ptr,ptr_to_ulong} paralleling radix_tree_{int_to_ptr,ptr_to_int}. As a consequence locking changes are also applicable: With there no longer being any inspection of the remote domain's active entries, there's also no need anymore to hold the remote domain's grant table lock. And since we're no longer iterating over the local domain's map track table, the lock in map_grant_ref() can also be dropped before the new maptrack entry actually gets populated. As a nice side effect this also reduces the number of IOMMU operations in unmap_common(): Previously we would have "established" a readable mapping whenever we didn't find a writable entry anymore (yet, of course, at least one readable one). But we only need to do this if we actually dropped the last writable entry, not if there were none already before. This is part of CVE-2021-28698 / XSA-380. Signed-off-by: Jan Beulich Reviewed-by: Julien Grall master commit: 9781b51efde251efcc0291ddb1d9c7cefe2b2555 master date: 2021-08-25 14:18:39 +0200 --- xen/common/grant_table.c | 198 ++++++++++++++++++++++++------------------- xen/include/xen/radix-tree.h | 19 +++++ 2 files changed, 129 insertions(+), 88 deletions(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 74c73e1ef6..2d8e00409d 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -37,6 +37,7 @@ #include #include #include +#include #include #include #include @@ -82,8 +83,13 @@ struct grant_table { grant_status_t **status; /* Active grant table. */ struct active_grant_entry **active; - /* Mapping tracking table per vcpu. */ + /* Handle-indexed tracking table of mappings. */ struct grant_mapping **maptrack; + /* + * MFN-indexed tracking tree of mappings, if needed. Note that this is + * protected by @lock, not @maptrack_lock. + */ + struct radix_tree_root maptrack_tree; /* Domain to which this struct grant_table belongs. */ const struct domain *domain; @@ -501,34 +507,6 @@ static int get_paged_frame(unsigned long gfn, mfn_t *mfn, return GNTST_okay; } -static inline void -double_gt_lock(struct grant_table *lgt, struct grant_table *rgt) -{ - /* - * See mapkind() for why the write lock is also required for the - * remote domain. - */ - if ( lgt < rgt ) - { - grant_write_lock(lgt); - grant_write_lock(rgt); - } - else - { - if ( lgt != rgt ) - grant_write_lock(rgt); - grant_write_lock(lgt); - } -} - -static inline void -double_gt_unlock(struct grant_table *lgt, struct grant_table *rgt) -{ - grant_write_unlock(lgt); - if ( lgt != rgt ) - grant_write_unlock(rgt); -} - #define INVALID_MAPTRACK_HANDLE UINT_MAX static inline grant_handle_t @@ -948,41 +926,17 @@ static struct active_grant_entry *grant_map_exists(const struct domain *ld, return ERR_PTR(-EINVAL); } -#define MAPKIND_READ 1 -#define MAPKIND_WRITE 2 -static unsigned int mapkind( - struct grant_table *lgt, const struct domain *rd, mfn_t mfn) -{ - struct grant_mapping *map; - grant_handle_t handle, limit = lgt->maptrack_limit; - unsigned int kind = 0; - - /* - * Must have the local domain's grant table write lock when - * iterating over its maptrack entries. - */ - ASSERT(percpu_rw_is_write_locked(&lgt->lock)); - /* - * Must have the remote domain's grant table write lock while - * counting its active entries. - */ - ASSERT(percpu_rw_is_write_locked(&rd->grant_table->lock)); - - smp_rmb(); - - for ( handle = 0; !(kind & MAPKIND_WRITE) && handle < limit; handle++ ) - { - map = &maptrack_entry(lgt, handle); - if ( !(map->flags & (GNTMAP_device_map|GNTMAP_host_map)) || - map->domid != rd->domain_id ) - continue; - if ( mfn_eq(_active_entry(rd->grant_table, map->ref).mfn, mfn) ) - kind |= map->flags & GNTMAP_readonly ? - MAPKIND_READ : MAPKIND_WRITE; - } - - return kind; -} +union maptrack_node { + struct { + /* Radix tree slot pointers use two of the bits. */ +#ifdef __BIG_ENDIAN_BITFIELD + unsigned long : 2; +#endif + unsigned long rd : BITS_PER_LONG / 2 - 1; + unsigned long wr : BITS_PER_LONG / 2 - 1; + } cnt; + unsigned long raw; +}; static void map_grant_ref( @@ -1001,7 +955,6 @@ map_grant_ref( struct grant_mapping *mt; grant_entry_header_t *shah; uint16_t *status; - bool_t need_iommu; ld = current->domain; @@ -1220,31 +1173,75 @@ map_grant_ref( * as mem-sharing and IOMMU use are incompatible). The dom_io case would * need checking separately if we compared against owner here. */ - need_iommu = ld != rd && gnttab_need_iommu_mapping(ld); - if ( need_iommu ) + if ( ld != rd && gnttab_need_iommu_mapping(ld) ) { + union maptrack_node node = { + .cnt.rd = !!(op->flags & GNTMAP_readonly), + .cnt.wr = !(op->flags & GNTMAP_readonly), + }; + int err; + void **slot = NULL; unsigned int kind; - double_gt_lock(lgt, rgt); + grant_write_lock(lgt); + + err = radix_tree_insert(&lgt->maptrack_tree, mfn_x(mfn), + radix_tree_ulong_to_ptr(node.raw)); + if ( err == -EEXIST ) + { + slot = radix_tree_lookup_slot(&lgt->maptrack_tree, mfn_x(mfn)); + if ( likely(slot) ) + { + node.raw = radix_tree_ptr_to_ulong(*slot); + err = -EBUSY; + + /* Update node only when refcount doesn't overflow. */ + if ( op->flags & GNTMAP_readonly ? ++node.cnt.rd + : ++node.cnt.wr ) + { + radix_tree_replace_slot(slot, + radix_tree_ulong_to_ptr(node.raw)); + err = 0; + } + } + else + ASSERT_UNREACHABLE(); + } /* * We're not translated, so we know that dfns and mfns are * the same things, so the IOMMU entry is always 1-to-1. */ - kind = mapkind(lgt, rd, mfn); - if ( !(op->flags & GNTMAP_readonly) && - !(kind & MAPKIND_WRITE) ) + if ( !(op->flags & GNTMAP_readonly) && node.cnt.wr == 1 ) kind = IOMMUF_readable | IOMMUF_writable; - else if ( !kind ) + else if ( (op->flags & GNTMAP_readonly) && + node.cnt.rd == 1 && !node.cnt.wr ) kind = IOMMUF_readable; else kind = 0; - if ( kind && iommu_legacy_map(ld, _dfn(mfn_x(mfn)), mfn, 0, kind) ) + if ( err || + (kind && iommu_legacy_map(ld, _dfn(mfn_x(mfn)), mfn, 0, kind)) ) { - double_gt_unlock(lgt, rgt); + if ( !err ) + { + if ( slot ) + { + op->flags & GNTMAP_readonly ? node.cnt.rd-- + : node.cnt.wr--; + radix_tree_replace_slot(slot, + radix_tree_ulong_to_ptr(node.raw)); + } + else + radix_tree_delete(&lgt->maptrack_tree, mfn_x(mfn)); + } + rc = GNTST_general_error; - goto undo_out; } + + grant_write_unlock(lgt); + + if ( rc != GNTST_okay ) + goto undo_out; } TRACE_1D(TRC_MEM_PAGE_GRANT_MAP, op->dom); @@ -1252,10 +1249,6 @@ map_grant_ref( /* * All maptrack entry users check mt->flags first before using the * other fields so just ensure the flags field is stored last. - * - * However, if gnttab_need_iommu_mapping() then this would race - * with a concurrent mapkind() call (on an unmap, for example) - * and a lock is required. */ mt = &maptrack_entry(lgt, handle); mt->domid = op->dom; @@ -1263,9 +1256,6 @@ map_grant_ref( smp_wmb(); write_atomic(&mt->flags, op->flags); - if ( need_iommu ) - double_gt_unlock(lgt, rgt); - op->dev_bus_addr = mfn_to_maddr(mfn); op->handle = handle; op->status = GNTST_okay; @@ -1487,19 +1477,34 @@ unmap_common( /* See the respective comment in map_grant_ref(). */ if ( rc == GNTST_okay && ld != rd && gnttab_need_iommu_mapping(ld) ) { - unsigned int kind; + void **slot; + union maptrack_node node; int err = 0; - double_gt_lock(lgt, rgt); + grant_write_lock(lgt); + slot = radix_tree_lookup_slot(&lgt->maptrack_tree, mfn_x(op->mfn)); + node.raw = likely(slot) ? radix_tree_ptr_to_ulong(*slot) : 0; + + /* Refcount must not underflow. */ + if ( !(flags & GNTMAP_readonly ? node.cnt.rd-- + : node.cnt.wr--) ) + BUG(); - kind = mapkind(lgt, rd, op->mfn); - if ( !kind ) + if ( !node.raw ) err = iommu_legacy_unmap(ld, _dfn(mfn_x(op->mfn)), 0); - else if ( !(kind & MAPKIND_WRITE) ) + else if ( !(flags & GNTMAP_readonly) && !node.cnt.wr ) err = iommu_legacy_map(ld, _dfn(mfn_x(op->mfn)), op->mfn, 0, IOMMUF_readable); - double_gt_unlock(lgt, rgt); + if ( err ) + ; + else if ( !node.raw ) + radix_tree_delete(&lgt->maptrack_tree, mfn_x(op->mfn)); + else + radix_tree_replace_slot(slot, + radix_tree_ulong_to_ptr(node.raw)); + + grant_write_unlock(lgt); if ( err ) rc = GNTST_general_error; @@ -1951,6 +1956,8 @@ int grant_table_init(struct domain *d, int max_grant_frames, gt->maptrack = vzalloc(gt->max_maptrack_frames * sizeof(*gt->maptrack)); if ( gt->maptrack == NULL ) goto out; + + radix_tree_init(>->maptrack_tree); } /* Shared grant table. */ @@ -3734,6 +3741,7 @@ int gnttab_release_mappings(struct domain *d) for ( handle = gt->maptrack_limit; handle; ) { unsigned int clear_flags = 0; + mfn_t mfn; /* * Deal with full pages such that their freeing (in the body of the @@ -3839,17 +3847,31 @@ int gnttab_release_mappings(struct domain *d) if ( clear_flags ) gnttab_clear_flags(rd, clear_flags, status); + mfn = act->mfn; + active_entry_release(act); grant_read_unlock(rgt); rcu_unlock_domain(rd); map->flags = 0; + + /* + * This is excessive in that a single such call would suffice per + * mapped MFN (or none at all, if no entry was ever inserted). But it + * should be the common case for an MFN to be mapped just once, and + * this way we don't need to further maintain the counters. We also + * don't want to leave cleaning up of the tree as a whole to the end + * of the function, as this could take quite some time. + */ + radix_tree_delete(>->maptrack_tree, mfn_x(mfn)); } gt->maptrack_limit = 0; FREE_XENHEAP_PAGE(gt->maptrack[0]); + radix_tree_destroy(>->maptrack_tree, NULL); + return 0; } diff --git a/xen/include/xen/radix-tree.h b/xen/include/xen/radix-tree.h index ec40cf1d9e..58c40312e6 100644 --- a/xen/include/xen/radix-tree.h +++ b/xen/include/xen/radix-tree.h @@ -190,6 +190,25 @@ static inline int radix_tree_ptr_to_int(void *ptr) return (int)((long)ptr >> 2); } +/** + * radix_tree_{ulong_to_ptr,ptr_to_ulong}: + * + * Same for unsigned long values. Beware though that only BITS_PER_LONG-2 + * bits are actually usable for the value. + */ +static inline void *radix_tree_ulong_to_ptr(unsigned long val) +{ + unsigned long ptr = (val << 2) | 0x2; + ASSERT((ptr >> 2) == val); + return (void *)ptr; +} + +static inline unsigned long radix_tree_ptr_to_ulong(void *ptr) +{ + ASSERT(((unsigned long)ptr & 0x3) == 0x2); + return (unsigned long)ptr >> 2; +} + int radix_tree_insert(struct radix_tree_root *, unsigned long, void *); void *radix_tree_lookup(struct radix_tree_root *, unsigned long); void **radix_tree_lookup_slot(struct radix_tree_root *, unsigned long); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 07:02:15 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 07:02:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.182665.330358 (Exim 4.92) (envelope-from ) id 1mOE4d-0003v2-Qg; Thu, 09 Sep 2021 07:02:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 182665.330358; Thu, 09 Sep 2021 07:02:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE4d-0003uu-Na; Thu, 09 Sep 2021 07:02:15 +0000 Received: by outflank-mailman (input) for mailman id 182665; Thu, 09 Sep 2021 07:02:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE4c-0003uV-Lb for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:02:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE4c-0007Pu-Kq for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:02:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOE4c-0001VF-Js for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:02:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=azbd9BEW0XwZ0BsWiE12KKqFbUcVDx9Oie1ZR4UaCFc=; b=HVOzBh2fOOkA/Zy6n12tjckvNo CKPxytLM+gNJY714DZOYhTYiV1pg29XlWtqG2Ru/XV2dCCi+BglZiFQ1oGVEUo6kF64AKe1YBU7QO WV8tg9owbn59WlYUyvkYjccTj3lcasib7ouzsMURIxnVBC/Z5BKRBo4YS0YnwZdOQFlk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] gnttab: fix array capacity check in gnttab_get_status_frames() Message-Id: Date: Thu, 09 Sep 2021 07:02:14 +0000 commit 66f5e867c6e3d400af354ab72e924fa7b3ada733 Author: Jan Beulich AuthorDate: Wed Aug 25 15:08:09 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:08:09 2021 +0200 gnttab: fix array capacity check in gnttab_get_status_frames() The number of grant frames is of no interest here; converting the passed in op.nr_frames this way means we allow for 8 times as many GFNs to be written as actually fit in the array. We would corrupt xlat areas of higher vCPU-s (after having faulted many times while trying to write to the guard pages between any two areas) for 32-bit PV guests. For HVM guests we'd simply crash as soon as we hit the first guard page, as accesses to the xlat area are simply memcpy() there. This is CVE-2021-28699 / XSA-382. Fixes: 18b1be5e324b ("gnttab: make resource limits per domain") Signed-off-by: Jan Beulich master commit: ec820035b875cdbedce5e73f481ce65963ede9ed master date: 2021-08-25 14:19:09 +0200 --- xen/common/grant_table.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 2d8e00409d..192db15c34 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -3283,12 +3283,11 @@ gnttab_get_status_frames(XEN_GUEST_HANDLE_PARAM(gnttab_get_status_frames_t) uop, goto unlock; } - if ( unlikely(limit_max < grant_to_status_frames(op.nr_frames)) ) + if ( unlikely(limit_max < op.nr_frames) ) { gdprintk(XENLOG_WARNING, - "grant_to_status_frames(%u) for d%d is too large (%u,%u)\n", - op.nr_frames, d->domain_id, - grant_to_status_frames(op.nr_frames), limit_max); + "nr_status_frames for %pd is too large (%u,%u)\n", + d, op.nr_frames, limit_max); op.status = GNTST_general_error; goto unlock; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 07:02:25 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 07:02:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.182667.330361 (Exim 4.92) (envelope-from ) id 1mOE4n-0003yh-S3; Thu, 09 Sep 2021 07:02:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 182667.330361; Thu, 09 Sep 2021 07:02:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE4n-0003yZ-PA; Thu, 09 Sep 2021 07:02:25 +0000 Received: by outflank-mailman (input) for mailman id 182667; Thu, 09 Sep 2021 07:02:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE4m-0003yI-Pk for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:02:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE4m-0007Q5-OG for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:02:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOE4m-0001W9-NY for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:02:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=obOjV1YBN3S5G4NZGLy7IVzFRxUBHIL01K0bvVqMS3Q=; b=WKKnT3/gVPYdSPhu97qp3ZlNew EMvAvXlFvineyZJZzy9uRlpeI6W87KYYlVS6XL+oVxSxMUkYrzXkzQDKDCns6F3oHoUdXLC75D6WG HeWq4Y8fMbNGHXlRzgQ3U3ZnfvTF+ZYVv/hOxxlfg7LIuowhwxF/y3Hm9boKH+5Rt9UQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] xen/arm: Restrict the amount of memory that dom0less domU and dom0 can allocate Message-Id: Date: Thu, 09 Sep 2021 07:02:24 +0000 commit c439f5e97b0229851ba76249ccb224695a1baa29 Author: Julien Grall AuthorDate: Wed Aug 25 15:08:29 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:08:29 2021 +0200 xen/arm: Restrict the amount of memory that dom0less domU and dom0 can allocate Currently, both dom0less domUs and dom0 can allocate an "unlimited" amount of memory because d->max_pages is set to ~0U. In particular, the former are meant to be unprivileged. Therefore the memory they could allocate should be bounded. As the domain are not yet officially aware of Xen (we don't expose advertise it in the DT, yet the hypercalls are accessible), they should not need to allocate more than the initial amount. So cap set d->max_pages directly the amount of memory we are meant to allocate. Take the opportunity to also restrict the memory for dom0 as the domain is direct mapped (e.g. MFN == GFN) and therefore cannot allocate outside of the pre-allocated region. This is CVE-2021-28700 / XSA-383. Reported-by: Julien Grall Signed-off-by: Julien Grall Reviewed-by: Stefano Stabellini Tested-by: Stefano Stabellini master commit: c08d68cd2aacbc7cb56e73ada241bfe4639bbc68 master date: 2021-08-25 14:19:31 +0200 --- xen/arch/arm/domain_build.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index b07461f5d3..f49dbf1ca1 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -2439,7 +2439,8 @@ static int __init construct_domU(struct domain *d, if ( vcpu_create(d, 0) == NULL ) return -ENOMEM; - d->max_pages = ~0U; + + d->max_pages = ((paddr_t)mem * SZ_1K) >> PAGE_SHIFT; kinfo.d = d; @@ -2540,7 +2541,7 @@ int __init construct_dom0(struct domain *d) iommu_hwdom_init(d); - d->max_pages = ~0U; + d->max_pages = dom0_mem >> PAGE_SHIFT; kinfo.unassigned_mem = dom0_mem; kinfo.d = d; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 07:02:35 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 07:02:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.182669.330366 (Exim 4.92) (envelope-from ) id 1mOE4x-00041p-Tk; Thu, 09 Sep 2021 07:02:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 182669.330366; Thu, 09 Sep 2021 07:02:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE4x-00041h-Qd; Thu, 09 Sep 2021 07:02:35 +0000 Received: by outflank-mailman (input) for mailman id 182669; Thu, 09 Sep 2021 07:02:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE4w-00041Y-Sq for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:02:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE4w-0007QG-Rz for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:02:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOE4w-0001XT-RB for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:02:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OLh4A0hK0Zk5xlep/lOK2NyFWLin0HBDDI3TzskPu4g=; b=IB/gy1/qdVitdYLFxUnkn07ldN TcaIymHkKJ5T7sPWqNWcVR1HrvGH/c+xGCjYeXlbg6gPM3AtWupVGF0IvhqKVPQMlyBPtuY7Wt94b XYyipWQVO+lZZ8q5ld1gQbq1+oUxgpfPZ9QFm1TukMMehnaFEaMgGxb222NAWF/jP7Ec=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/hvm: Propagate real error information up through hvm_load() Message-Id: Date: Thu, 09 Sep 2021 07:02:34 +0000 commit 2255511a4ff4f73cdfe4dc1c3be20bde498df877 Author: Andrew Cooper AuthorDate: Wed Aug 25 15:10:18 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:10:18 2021 +0200 x86/hvm: Propagate real error information up through hvm_load() hvm_load() is currently a mix of -errno and -1 style error handling, which aliases -EPERM. This leads to the following confusing diagnostics: From userspace: xc: info: Restoring domain xc: error: Unable to restore HVM context (1 = Operation not permitted): Internal error xc: error: Restore failed (1 = Operation not permitted): Internal error xc_domain_restore: [1] Restore failed (1 = Operation not permitted) From Xen: (XEN) HVM10.0 restore: inconsistent xsave state (feat=0x2ff accum=0x21f xcr0=0x7 bv=0x3 err=-22) (XEN) HVM10 restore: failed to load entry 16/0 The actual error was a bad backport, but the -EINVAL got converted to -EPERM on the way out of the hypercall. The overwhelming majority of *_load() handlers already use -errno consistenty. Fix up the rest to be consistent, and fix a few other errors noticed along the way. * Failures of hvm_load_entry() indicate a truncated record or other bad data size. Use -ENODATA. * Don't use {g,}dprintk(). Omitting diagnostics in release builds is rude, and almost everything uses unconditional printk()'s. * Switch some errors for more appropriate ones. Reported-by: Igor Druzhinin Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich master commit: 96e5ad4c476e70688295b3cfb537847a3351d6fd master date: 2021-07-19 14:34:38 +0100 --- xen/arch/x86/cpu/mcheck/vmce.c | 6 +++--- xen/arch/x86/emul-i8254.c | 9 +++++---- xen/arch/x86/hvm/irq.c | 6 +++--- xen/arch/x86/hvm/save.c | 25 ++++++++++++++----------- xen/arch/x86/hvm/vioapic.c | 5 ++++- xen/arch/x86/hvm/vpic.c | 2 +- 6 files changed, 30 insertions(+), 23 deletions(-) diff --git a/xen/arch/x86/cpu/mcheck/vmce.c b/xen/arch/x86/cpu/mcheck/vmce.c index b1df9e9efd..eb6434a3ba 100644 --- a/xen/arch/x86/cpu/mcheck/vmce.c +++ b/xen/arch/x86/cpu/mcheck/vmce.c @@ -82,11 +82,11 @@ int vmce_restore_vcpu(struct vcpu *v, const struct hvm_vmce_vcpu *ctxt) if ( ctxt->caps & ~guest_mcg_cap & ~MCG_CAP_COUNT & ~MCG_CTL_P ) { - dprintk(XENLOG_G_ERR, "%s restore: unsupported MCA capabilities" - " %#" PRIx64 " for %pv (supported: %#Lx)\n", + printk(XENLOG_G_ERR + "%s restore: unsupported MCA capabilities %#"PRIx64" for %pv (supported: %#Lx)\n", is_hvm_vcpu(v) ? "HVM" : "PV", ctxt->caps, v, guest_mcg_cap & ~MCG_CAP_COUNT); - return -EPERM; + return -EINVAL; } v->arch.vmce.mcg_cap = ctxt->caps; diff --git a/xen/arch/x86/emul-i8254.c b/xen/arch/x86/emul-i8254.c index 73be4188ad..050c784702 100644 --- a/xen/arch/x86/emul-i8254.c +++ b/xen/arch/x86/emul-i8254.c @@ -412,7 +412,7 @@ static int pit_save(struct vcpu *v, hvm_domain_context_t *h) static int pit_load(struct domain *d, hvm_domain_context_t *h) { PITState *pit = domain_vpit(d); - int i; + int i, rc = 0; if ( !has_vpit(d) ) return -ENODEV; @@ -421,8 +421,8 @@ static int pit_load(struct domain *d, hvm_domain_context_t *h) if ( hvm_load_entry(PIT, h, &pit->hw) ) { - spin_unlock(&pit->lock); - return 1; + rc = -ENODATA; + goto out; } /* @@ -434,9 +434,10 @@ static int pit_load(struct domain *d, hvm_domain_context_t *h) for ( i = 0; i < 3; i++ ) pit_load_count(pit, i, pit->hw.channels[i].count); + out: spin_unlock(&pit->lock); - return 0; + return rc; } HVM_REGISTER_SAVE_RESTORE(PIT, pit_save, pit_load, 1, HVMSR_PER_DOM); diff --git a/xen/arch/x86/hvm/irq.c b/xen/arch/x86/hvm/irq.c index 38ac5fb6c7..52aae4565f 100644 --- a/xen/arch/x86/hvm/irq.c +++ b/xen/arch/x86/hvm/irq.c @@ -773,9 +773,9 @@ static int irq_load_link(struct domain *d, hvm_domain_context_t *h) for ( link = 0; link < 4; link++ ) if ( hvm_irq->pci_link.route[link] > 15 ) { - gdprintk(XENLOG_ERR, - "HVM restore: PCI-ISA link %u out of range (%u)\n", - link, hvm_irq->pci_link.route[link]); + printk(XENLOG_G_ERR + "HVM restore: PCI-ISA link %u out of range (%u)\n", + link, hvm_irq->pci_link.route[link]); return -EINVAL; } diff --git a/xen/arch/x86/hvm/save.c b/xen/arch/x86/hvm/save.c index a2c56fbc1e..405eac1c5a 100644 --- a/xen/arch/x86/hvm/save.c +++ b/xen/arch/x86/hvm/save.c @@ -50,14 +50,14 @@ int arch_hvm_load(struct domain *d, struct hvm_save_header *hdr) { printk(XENLOG_G_ERR "HVM%d restore: bad magic number %#"PRIx32"\n", d->domain_id, hdr->magic); - return -1; + return -EINVAL; } if ( hdr->version != HVM_FILE_VERSION ) { printk(XENLOG_G_ERR "HVM%d restore: unsupported version %u\n", d->domain_id, hdr->version); - return -1; + return -EINVAL; } cpuid(1, &eax, &ebx, &ecx, &edx); @@ -291,16 +291,18 @@ int hvm_load(struct domain *d, hvm_domain_context_t *h) struct hvm_save_descriptor *desc; hvm_load_handler handler; struct vcpu *v; + int rc; if ( d->is_dying ) return -EINVAL; /* Read the save header, which must be first */ if ( hvm_load_entry(HEADER, h, &hdr) != 0 ) - return -1; + return -ENODATA; - if ( arch_hvm_load(d, &hdr) ) - return -1; + rc = arch_hvm_load(d, &hdr); + if ( rc ) + return rc; /* Down all the vcpus: we only re-enable the ones that had state saved. */ for_each_vcpu(d, v) @@ -315,7 +317,7 @@ int hvm_load(struct domain *d, hvm_domain_context_t *h) printk(XENLOG_G_ERR "HVM%d restore: save did not end with a null entry\n", d->domain_id); - return -1; + return -ENODATA; } /* Read the typecode of the next entry and check for the end-marker */ @@ -329,17 +331,18 @@ int hvm_load(struct domain *d, hvm_domain_context_t *h) { printk(XENLOG_G_ERR "HVM%d restore: unknown entry typecode %u\n", d->domain_id, desc->typecode); - return -1; + return -EINVAL; } /* Load the entry */ printk(XENLOG_G_INFO "HVM%d restore: %s %"PRIu16"\n", d->domain_id, hvm_sr_handlers[desc->typecode].name, desc->instance); - if ( handler(d, h) != 0 ) + rc = handler(d, h); + if ( rc ) { - printk(XENLOG_G_ERR "HVM%d restore: failed to load entry %u/%u\n", - d->domain_id, desc->typecode, desc->instance); - return -1; + printk(XENLOG_G_ERR "HVM%d restore: failed to load entry %u/%u rc %d\n", + d->domain_id, desc->typecode, desc->instance, rc); + return rc; } } diff --git a/xen/arch/x86/hvm/vioapic.c b/xen/arch/x86/hvm/vioapic.c index 99e137df33..eac235eb55 100644 --- a/xen/arch/x86/hvm/vioapic.c +++ b/xen/arch/x86/hvm/vioapic.c @@ -619,7 +619,10 @@ static int ioapic_load(struct domain *d, hvm_domain_context_t *h) d->arch.hvm.nr_vioapics != 1 ) return -EOPNOTSUPP; - return hvm_load_entry(IOAPIC, h, &s->domU); + if ( hvm_load_entry(IOAPIC, h, &s->domU) ) + return -ENODATA; + + return 0; } HVM_REGISTER_SAVE_RESTORE(IOAPIC, ioapic_save, ioapic_load, 1, HVMSR_PER_DOM); diff --git a/xen/arch/x86/hvm/vpic.c b/xen/arch/x86/hvm/vpic.c index fcc3de5c0c..398c1d4efa 100644 --- a/xen/arch/x86/hvm/vpic.c +++ b/xen/arch/x86/hvm/vpic.c @@ -401,7 +401,7 @@ static int vpic_load(struct domain *d, hvm_domain_context_t *h) /* Which PIC is this? */ if ( inst > 1 ) - return -EINVAL; + return -ENOENT; s = &d->arch.hvm.vpic[inst]; /* Load the state */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 07:02:46 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 07:02:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.182671.330370 (Exim 4.92) (envelope-from ) id 1mOE57-00044N-VT; Thu, 09 Sep 2021 07:02:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 182671.330370; Thu, 09 Sep 2021 07:02:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE57-00044F-SF; Thu, 09 Sep 2021 07:02:45 +0000 Received: by outflank-mailman (input) for mailman id 182671; Thu, 09 Sep 2021 07:02:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE57-000446-0A for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:02:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE56-0007QO-Vh for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:02:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOE56-0001Yh-Uq for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:02:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xqlaNABIJ4doUnbEgRiryQj9xpcG9Rfo25EK6Hglt5k=; b=W+XUaTTZBQCYUHQdTAR8HRimKO f7GmSs5NnaLI6PS5fws62phnwiszejeIbH6XdcTsmMNSO8hCTM3tP1M9u8LBkUOF9pxhUIqZiKZcm /Ib5n2/Wk5ba7fXeYFeA6l3YPIo0FmZzKGyXWbPxbZlf4ZfVXHffFCL3NS0D95pKjQOM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] xen/lib: Fix strcmp() and strncmp() Message-Id: Date: Thu, 09 Sep 2021 07:02:44 +0000 commit 8df03ef746dec2d4612ef7ea1933e8066783ad27 Author: Jane Malalane AuthorDate: Wed Aug 25 15:10:32 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:10:32 2021 +0200 xen/lib: Fix strcmp() and strncmp() The C standard requires that each character be compared as unsigned char. Xen's current behaviour compares as signed char, which changes the answer when chars with a value greater than 0x7f are used. Suggested-by: Andrew Cooper Signed-off-by: Jane Malalane Reviewed-by: Ian Jackson master commit: 3747a2bb67daa5a8baeff6cda57dc98a5ef79c3e master date: 2021-07-30 10:52:46 +0100 --- xen/common/string.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/xen/common/string.c b/xen/common/string.c index af3d96ad0f..43624b1b45 100644 --- a/xen/common/string.c +++ b/xen/common/string.c @@ -119,14 +119,16 @@ EXPORT_SYMBOL(strlcat); */ int (strcmp)(const char *cs, const char *ct) { - register signed char __res; + unsigned char *csu = (unsigned char *)cs; + unsigned char *ctu = (unsigned char *)ct; + int res; while (1) { - if ((__res = *cs - *ct++) != 0 || !*cs++) + if ((res = *csu - *ctu++) != 0 || !*csu++) break; } - return __res; + return res; } #endif @@ -139,15 +141,17 @@ int (strcmp)(const char *cs, const char *ct) */ int (strncmp)(const char *cs, const char *ct, size_t count) { - register signed char __res = 0; + unsigned char *csu = (unsigned char *)cs; + unsigned char *ctu = (unsigned char *)ct; + int res = 0; while (count) { - if ((__res = *cs - *ct++) != 0 || !*cs++) + if ((res = *csu - *ctu++) != 0 || !*csu++) break; count--; } - return __res; + return res; } #endif -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 07:02:56 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 07:02:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.182673.330374 (Exim 4.92) (envelope-from ) id 1mOE5I-00047Q-0K; Thu, 09 Sep 2021 07:02:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 182673.330374; Thu, 09 Sep 2021 07:02:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE5H-00047I-Tk; Thu, 09 Sep 2021 07:02:55 +0000 Received: by outflank-mailman (input) for mailman id 182673; Thu, 09 Sep 2021 07:02:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE5H-000479-45 for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:02:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE5H-0007Qv-3G for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:02:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOE5H-0001Zh-2M for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:02:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=CqUMg5XyB6xWGz1i5UqZH97LbIVot4123j3jwgjy67w=; b=CFB4UW+Oc2kynPWLMDJMSNAV99 A6vWffDU2w0xRki0kgR4SFirh7+Vemua7RSNqb9oxOE0s6k+ToXbH8NL/CAZKGy5y53hKQrEKgJMw JEybw1LB33Im/Je1IvVYlZMfsxDNDo5PlCG/tiJvPETfa57aybCIPirZu5lh+JLRvJ4g=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] credit2: avoid picking a spurious idle unit when caps are used Message-Id: Date: Thu, 09 Sep 2021 07:02:55 +0000 commit 58570591db5e29dd111db0aac4e8551b60718ae4 Author: Dario Faggioli AuthorDate: Wed Aug 25 15:10:45 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:10:45 2021 +0200 credit2: avoid picking a spurious idle unit when caps are used Commit 07b0eb5d0ef0 ("credit2: make sure we pick a runnable unit from the runq if there is one") did not fix completely the problem of potentially selecting a scheduling unit that will then not be able to run. In fact, in case caps are used and the unit we are currently looking at, during the runqueue scan, does not have enough budget for being run, we should continue looking instead than giving up and picking the idle unit. Suggested-by: George Dunlap Signed-off-by: Dario Faggioli Reviewed-by: Jan Beulich master commit: 0f742839ae57e10687e7a573070c37430f31068c master date: 2021-08-10 09:29:10 +0200 --- xen/common/sched/credit2.c | 32 +++++++++++++++++++++++++------- 1 file changed, 25 insertions(+), 7 deletions(-) diff --git a/xen/common/sched/credit2.c b/xen/common/sched/credit2.c index ebb09ea43a..6396b38e04 100644 --- a/xen/common/sched/credit2.c +++ b/xen/common/sched/credit2.c @@ -3463,6 +3463,15 @@ runq_candidate(struct csched2_runqueue_data *rqd, (unsigned char *)&d); } + /* + * If the unit in the runqueue has more credits than current (or than + * idle, if current is not runnable) or if current is yielding, we may + * want to pick it up. Otherwise, there's no need to keep scanning the + * runqueue any further. + */ + if ( !yield && svc->credit <= snext->credit ) + break; + /* Skip non runnable units that we (temporarily) have in the runq */ if ( unlikely(!unit_runnable_state(svc->unit)) ) continue; @@ -3494,16 +3503,25 @@ runq_candidate(struct csched2_runqueue_data *rqd, } /* - * If the one in the runqueue has more credit than current (or idle, - * if current is not runnable), or if current is yielding, and also - * if the one in runqueue either is not capped, or is capped but has - * some budget, then choose it. + * If we are here, we are almost sure we want to pick the unit in + * the runqueue. Last thing we need to check is that it either is + * not capped or, if it is, it has some budget. + * + * Note that budget availability must be the very last check that + * we do in this loop, due to the side effects that unit_grab_budget() + * causes. + * + * In fact, if there is budget available in the unit's domain's + * budget pool, the function will pick some for running this unit. + * And we clearly want to do that only if we're otherwise sure that + * the unit will actually run, consume it, and return the leftover + * (if any) in the usual way. */ - if ( (yield || svc->credit > snext->credit) && - (!has_cap(svc) || unit_grab_budget(svc)) ) - snext = svc; + if ( has_cap(svc) && !unit_grab_budget(svc) ) + continue; /* In any case, if we got this far, break. */ + snext = svc; break; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 07:03:06 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 07:03:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.182675.330378 (Exim 4.92) (envelope-from ) id 1mOE5S-0004AY-2J; Thu, 09 Sep 2021 07:03:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 182675.330378; Thu, 09 Sep 2021 07:03:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE5R-0004AO-VG; Thu, 09 Sep 2021 07:03:05 +0000 Received: by outflank-mailman (input) for mailman id 182675; Thu, 09 Sep 2021 07:03:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE5R-0004AG-7y for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:03:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE5R-0007RJ-7F for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:03:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOE5R-0001cA-6L for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:03:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=6TrB2qfOtn+GlNRx08clmPPp1/8k4bPt8rVGPWeE7wU=; b=ksTSpZzvzzjPX+c4E1WR/+B6wh EW3xWbh7ZAPatYHMB7T12K0w378l4wSJhNnshh6OZ8/2bIKeZe3yvhV1TTh8Zz+sJ6yCdNo/FYHmD etz+X00LFr0uBOcMKA6qBLrFGF0WjSAUpAqH0DrKHp4bKbGYKs5fg9d+H87xrE1dj2rM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/cet: Fix shskt manipulation error with BUGFRAME_{warn,run_fn} Message-Id: Date: Thu, 09 Sep 2021 07:03:05 +0000 commit a9d7c2541415dad9b9707ab1e302691d2844f271 Author: Andrew Cooper AuthorDate: Wed Aug 25 15:10:58 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:10:58 2021 +0200 x86/cet: Fix shskt manipulation error with BUGFRAME_{warn,run_fn} This was a clear oversight in the original CET work. The BUGFRAME_run_fn and BUGFRAME_warn paths update regs->rip without an equivalent adjustment to the shadow stack, causing IRET to suffer #CP because of the mismatch. One subtle, and therefore fragile, aspect of extable_shstk_fixup() was that it required regs->rip to have its old value as a cross-check that the right word in the shadow stack was being edited. Rework extable_shstk_fixup() into fixup_exception_return() which takes ownership of the update to both the regular and shadow stacks, ensuring that the regs->rip update is ordered correctly. Use the new fixup_exception_return() for BUGFRAME_run_fn and BUGFRAME_warn to ensure that the shadow stack is updated too. Fixes: 209fb9919b50 ("x86/extable: Adjust extable handling to be shadow stack compatible") Reported-by: Marek Marczykowski-Górecki Signed-off-by: Andrew Cooper Tested-by: Marek Marczykowski-Górecki Reviewed-by: Jan Beulich x86/cet: Fix build on newer versions of GCC Some versions of GCC complain with: traps.c:405:22: error: 'get_shstk_bottom' defined but not used [-Werror=unused-function] static unsigned long get_shstk_bottom(unsigned long sp) ^~~~~~~~~~~~~~~~ cc1: all warnings being treated as errors Change #ifdef to if ( IS_ENABLED(...) ) to make the sole user of get_shstk_bottom() visible to the compiler. Fixes: 35727551c070 ("x86/cet: Fix shskt manipulation error with BUGFRAME_{warn,run_fn}") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich Compile-tested-by: Jan Beulich Tested-by: Marek Marczykowski-Górecki master commit: 35727551c0703493a2240e967cffc3063b13d49c master date: 2021-08-16 16:03:20 +0100 master commit: 54c9736382e0d558a6acd820e44185e020131c48 master date: 2021-08-17 12:55:48 +0100 --- xen/arch/x86/traps.c | 96 ++++++++++++++++++++++++++++------------------------ 1 file changed, 51 insertions(+), 45 deletions(-) diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index bc5b8f8ea3..a38f10ad28 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -775,53 +775,62 @@ static void do_reserved_trap(struct cpu_user_regs *regs) trapnr, vec_name(trapnr), regs->error_code); } -static void extable_shstk_fixup(struct cpu_user_regs *regs, unsigned long fixup) +static void fixup_exception_return(struct cpu_user_regs *regs, + unsigned long fixup) { - unsigned long ssp, *ptr, *base; + if ( IS_ENABLED(CONFIG_XEN_SHSTK) ) + { + unsigned long ssp, *ptr, *base; - asm ( "rdsspq %0" : "=r" (ssp) : "0" (1) ); - if ( ssp == 1 ) - return; + asm ( "rdsspq %0" : "=r" (ssp) : "0" (1) ); + if ( ssp == 1 ) + goto shstk_done; - ptr = _p(ssp); - base = _p(get_shstk_bottom(ssp)); + ptr = _p(ssp); + base = _p(get_shstk_bottom(ssp)); - for ( ; ptr < base; ++ptr ) - { - /* - * Search for %rip. The shstk currently looks like this: - * - * ... [Likely pointed to by SSP] - * %cs [== regs->cs] - * %rip [== regs->rip] - * SSP [Likely points to 3 slots higher, above %cs] - * ... [call tree to this function, likely 2/3 slots] - * - * and we want to overwrite %rip with fixup. There are two - * complications: - * 1) We cant depend on SSP values, because they won't differ by 3 - * slots if the exception is taken on an IST stack. - * 2) There are synthetic (unrealistic but not impossible) scenarios - * where %rip can end up in the call tree to this function, so we - * can't check against regs->rip alone. - * - * Check for both regs->rip and regs->cs matching. - */ - if ( ptr[0] == regs->rip && ptr[1] == regs->cs ) + for ( ; ptr < base; ++ptr ) { - asm ( "wrssq %[fix], %[stk]" - : [stk] "=m" (ptr[0]) - : [fix] "r" (fixup) ); - return; + /* + * Search for %rip. The shstk currently looks like this: + * + * ... [Likely pointed to by SSP] + * %cs [== regs->cs] + * %rip [== regs->rip] + * SSP [Likely points to 3 slots higher, above %cs] + * ... [call tree to this function, likely 2/3 slots] + * + * and we want to overwrite %rip with fixup. There are two + * complications: + * 1) We cant depend on SSP values, because they won't differ by + * 3 slots if the exception is taken on an IST stack. + * 2) There are synthetic (unrealistic but not impossible) + * scenarios where %rip can end up in the call tree to this + * function, so we can't check against regs->rip alone. + * + * Check for both regs->rip and regs->cs matching. + */ + if ( ptr[0] == regs->rip && ptr[1] == regs->cs ) + { + asm ( "wrssq %[fix], %[stk]" + : [stk] "=m" (ptr[0]) + : [fix] "r" (fixup) ); + goto shstk_done; + } } + + /* + * We failed to locate and fix up the shadow IRET frame. This could + * be due to shadow stack corruption, or bad logic above. We cannot + * continue executing the interrupted context. + */ + BUG(); + } + shstk_done: - /* - * We failed to locate and fix up the shadow IRET frame. This could be - * due to shadow stack corruption, or bad logic above. We cannot continue - * executing the interrupted context. - */ - BUG(); + /* Fixup the regular stack. */ + regs->rip = fixup; } static bool extable_fixup(struct cpu_user_regs *regs, bool print) @@ -840,10 +849,7 @@ static bool extable_fixup(struct cpu_user_regs *regs, bool print) vec_name(regs->entry_vector), regs->error_code, _p(regs->rip), _p(regs->rip), _p(fixup)); - if ( IS_ENABLED(CONFIG_XEN_SHSTK) ) - extable_shstk_fixup(regs, fixup); - - regs->rip = fixup; + fixup_exception_return(regs, fixup); this_cpu(last_extable_addr) = regs->rip; return true; @@ -1127,7 +1133,7 @@ void do_invalid_op(struct cpu_user_regs *regs) void (*fn)(struct cpu_user_regs *) = bug_ptr(bug); fn(regs); - regs->rip = (unsigned long)eip; + fixup_exception_return(regs, (unsigned long)eip); return; } @@ -1148,7 +1154,7 @@ void do_invalid_op(struct cpu_user_regs *regs) case BUGFRAME_warn: printk("Xen WARN at %s%s:%d\n", prefix, filename, lineno); show_execution_state(regs); - regs->rip = (unsigned long)eip; + fixup_exception_return(regs, (unsigned long)eip); return; case BUGFRAME_bug: -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 07:03:16 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 07:03:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.182677.330382 (Exim 4.92) (envelope-from ) id 1mOE5c-0004Dx-4z; Thu, 09 Sep 2021 07:03:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 182677.330382; Thu, 09 Sep 2021 07:03:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE5c-0004Dp-22; Thu, 09 Sep 2021 07:03:16 +0000 Received: by outflank-mailman (input) for mailman id 182677; Thu, 09 Sep 2021 07:03:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE5b-0004Di-BX for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:03:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE5b-0007RV-Am for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:03:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOE5b-0001dF-A4 for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:03:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=tK00732J3FZcl75kH2riF6Qf6S5BO9r+b+es18iwgcA=; b=UbCS1n0UIuDYa7N2F7m6vOrL+Q bF6SqBQP3cfyE9j7EFSk0Xu+9i+d+y4gGjYUuPNbkuS1tBq38f/EFWBZOSnfEZhYWl01rnrXBxmZa Xx9dg/MUErOOMaYG3oPnSzMSL7/C5agK2Wx6caDDVoSJK/MGkDEo6y1bCYxVEnoYNNOM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] VT-d: Tylersburg errata apply to further steppings Message-Id: Date: Thu, 09 Sep 2021 07:03:15 +0000 commit 26b885cbdd2458b32434a4d20b921b49bd623adb Author: Jan Beulich AuthorDate: Wed Aug 25 15:11:11 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:11:11 2021 +0200 VT-d: Tylersburg errata apply to further steppings While for 5500 and 5520 chipsets only B3 and C2 are mentioned in the spec update, X58's also mentions B2, and searching the internet suggests systems with this stepping are actually in use. Even worse, for X58 erratum #69 is marked applicable even to C2. Split the check to cover all applicable steppings and to also report applicable errata numbers in the log message. The splitting requires using the DMI port instead of the System Management Registers device, but that's then in line (also revision checking wise) with the spec updates. Fixes: 6890cebc6a98 ("VT-d: deal with 5500/5520/X58 errata") Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian master commit: 517a90d1ca09ce00e50d46ac25566cc3bd2eb34d master date: 2021-08-18 09:44:14 +0200 --- xen/drivers/passthrough/vtd/quirks.c | 34 +++++++++++++++++++++++++--------- 1 file changed, 25 insertions(+), 9 deletions(-) diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c index 5594270678..1de2578378 100644 --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -268,26 +268,42 @@ static int __init parse_snb_timeout(const char *s) } custom_param("snb_igd_quirk", parse_snb_timeout); -/* 5500/5520/X58 Chipset Interrupt remapping errata, for stepping B-3. - * Fixed in stepping C-2. */ +/* + * 5500/5520/X58 chipset interrupt remapping errata, for steppings B2 and B3. + * Fixed in stepping C2 except on X58. + */ static void __init tylersburg_intremap_quirk(void) { - uint32_t bus, device; + unsigned int bus; uint8_t rev; for ( bus = 0; bus < 0x100; bus++ ) { - /* Match on System Management Registers on Device 20 Function 0 */ - device = pci_conf_read32(PCI_SBDF(0, bus, 20, 0), PCI_VENDOR_ID); - rev = pci_conf_read8(PCI_SBDF(0, bus, 20, 0), PCI_REVISION_ID); + /* Match on DMI port (Device 0 Function 0) */ + rev = pci_conf_read8(PCI_SBDF(0, bus, 0, 0), PCI_REVISION_ID); - if ( rev == 0x13 && device == 0x342e8086 ) + switch ( pci_conf_read32(PCI_SBDF(0, bus, 0, 0), PCI_VENDOR_ID) ) { + default: + continue; + + case 0x34038086: case 0x34068086: + if ( rev >= 0x22 ) + continue; + printk(XENLOG_WARNING VTDPREFIX + "Disabling IOMMU due to Intel 5500/5520 chipset errata #47 and #53\n"); + iommu_enable = false; + break; + + case 0x34058086: printk(XENLOG_WARNING VTDPREFIX - "Disabling IOMMU due to Intel 5500/5520/X58 Chipset errata #47, #53\n"); - iommu_enable = 0; + "Disabling IOMMU due to Intel X58 chipset %s\n", + rev < 0x22 ? "errata #62 and #69" : "erratum #69"); + iommu_enable = false; break; } + + break; } } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 07:03:26 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 07:03:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.182679.330386 (Exim 4.92) (envelope-from ) id 1mOE5m-0004HC-6O; Thu, 09 Sep 2021 07:03:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 182679.330386; Thu, 09 Sep 2021 07:03:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE5m-0004H4-3Y; Thu, 09 Sep 2021 07:03:26 +0000 Received: by outflank-mailman (input) for mailman id 182679; Thu, 09 Sep 2021 07:03:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE5l-0004Gy-F7 for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:03:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE5l-0007Ri-EP for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:03:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOE5l-0001e9-Db for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:03:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0XQQ/X980yXcszvDe6QIv5kwJ8ZZnVu4Y7d+dnYG3tg=; b=0LGotWL1i/j3ZEuOC6CjweeuSt OwDdxpXqg0qmPAuFR0GCHAJcVe2/dvsA8u3dO3idvxqwEq66Ty7CpYsLurXEnmjzqyx6LBRgDL1Vm FuBSM+q3s/T35YtvSgd5OSHl5DZmsT/H3rOzVIrW/Lt9m8KhAbLf1KDH6TSfo3kOyYEs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] xen/sched: fix get_cpu_idle_time() for smt=0 suspend/resume Message-Id: Date: Thu, 09 Sep 2021 07:03:25 +0000 commit da7254738899da02049dce79bde5af8c27df2481 Author: Juergen Gross AuthorDate: Wed Aug 25 15:11:24 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:11:24 2021 +0200 xen/sched: fix get_cpu_idle_time() for smt=0 suspend/resume With smt=0 during a suspend/resume cycle of the machine the threads which have been parked before will briefly come up again. This can result in problems e.g. with cpufreq driver being active as this will call into get_cpu_idle_time() for a cpu without initialized scheduler data. Fix that by letting get_cpu_idle_time() deal with this case. Drop a redundant check in exchange. Fixes: 132cbe8f35632fb2 ("sched: fix get_cpu_idle_time() with core scheduling") Reported-by: Marek Marczykowski-Górecki Signed-off-by: Juergen Gross Tested-by: Marek Marczykowski-Górecki Reviewed-by: Jan Beulich Acked-by: Dario Faggioli master commit: 5293470a77ad980dce2af9b7e6c3f11eeebf1b64 master date: 2021-08-19 13:38:31 +0200 --- xen/common/sched/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/common/sched/core.c b/xen/common/sched/core.c index 1bd63c9de6..229ed85f48 100644 --- a/xen/common/sched/core.c +++ b/xen/common/sched/core.c @@ -337,7 +337,7 @@ uint64_t get_cpu_idle_time(unsigned int cpu) struct vcpu_runstate_info state = { 0 }; const struct vcpu *v = idle_vcpu[cpu]; - if ( cpu_online(cpu) && v ) + if ( cpu_online(cpu) && get_sched_res(cpu) ) vcpu_runstate_get(v, &state); return state.time[RUNSTATE_running]; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 07:03:36 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 07:03:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.182681.330390 (Exim 4.92) (envelope-from ) id 1mOE5w-0004K7-7y; Thu, 09 Sep 2021 07:03:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 182681.330390; Thu, 09 Sep 2021 07:03:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE5w-0004Jz-55; Thu, 09 Sep 2021 07:03:36 +0000 Received: by outflank-mailman (input) for mailman id 182681; Thu, 09 Sep 2021 07:03:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE5v-0004Jh-Im for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:03:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE5v-0007Rw-I3 for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:03:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOE5v-0001fB-HL for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:03:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ML7Rjz124/PoFrpQ5RIkV3/IVGtuzZTnR4nvh+FJuDs=; b=0tX2sZPw3m4GLgtBYMdasdeT7m yM3racTsdkl2Kj/Aiq23V81GWsg+YXLoPgccp7rldJLZ1LMH31goXeDIU+FAmy1WeqHApPxrOxbA5 xWln5a5kDfIGseRpjvbye5nb6Pd7UuAoVIOMzAt63bMnu+zgJPRNSiXJh59TqSiDcRNs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] AMD/IOMMU: don't leave page table mapped when unmapping ... Message-Id: Date: Thu, 09 Sep 2021 07:03:35 +0000 commit 301ea7a89d1a31fd1732d22b5eb3f78058fdd5dc Author: Jan Beulich AuthorDate: Wed Aug 25 15:11:37 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:11:37 2021 +0200 AMD/IOMMU: don't leave page table mapped when unmapping ... ... an already not mapped page. With all other exit paths doing the unmap, I have no idea how I managed to miss that aspect at the time. Fixes: ad591454f069 ("AMD/IOMMU: don't needlessly trigger errors/crashes when unmapping a page") Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: 3cfec6a6aa7a7bf68f8e19e21f450c2febe9acb4 master date: 2021-08-20 12:30:35 +0200 --- xen/drivers/passthrough/amd/iommu_map.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index cf4da2b00a..90c6e8b93e 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -256,7 +256,10 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, else if ( !pde->pr ) { if ( !map ) + { + unmap_domain_page(next_table_vaddr); return 0; + } if ( next_table_mfn == 0 ) { -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 07:03:47 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 07:03:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.182683.330393 (Exim 4.92) (envelope-from ) id 1mOE67-0004NN-9V; Thu, 09 Sep 2021 07:03:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 182683.330393; Thu, 09 Sep 2021 07:03:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE67-0004NF-6Z; Thu, 09 Sep 2021 07:03:47 +0000 Received: by outflank-mailman (input) for mailman id 182683; Thu, 09 Sep 2021 07:03:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE65-0004Mt-MT for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:03:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE65-0007S6-Lg for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:03:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOE65-0001g3-Ku for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:03:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Q9C19sZG+9dgfIwBRpNm25TxA2tBf3gxnTF1HCETCV0=; b=0mVCOMydMZLRnTkwfho2EscwyX t/kKNPUAvdsNHKWgBsejWfV5wEzAcq3O2zXyDgdz3kg7WsdCpGcsq09EeNUaQakYHJpkZeP4kvyfM zZUSHOW/T8vTaABuB1OD+l7Rp8IMuDrPLBY13mUrvlI1SG1cnX5XnJxkLjt9O5ow3nGw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] tools/firmware/ovmf: Use OvmfXen platform file is exist Message-Id: Date: Thu, 09 Sep 2021 07:03:45 +0000 commit 74e93071826fe3aaab32e469280a3253a39147f6 Author: Anthony PERARD AuthorDate: Tue Jun 1 11:28:03 2021 +0100 Commit: Ian Jackson CommitDate: Wed Aug 25 14:29:17 2021 +0100 tools/firmware/ovmf: Use OvmfXen platform file is exist A platform introduced in EDK II named OvmfXen is now the one to use for Xen instead of OvmfX64. It comes with PVH support. Also, the Xen support in OvmfX64 is deprecated, "deprecation notice: *dynamic* multi-VMM (QEMU vs. Xen) support in OvmfPkg" https://edk2.groups.io/g/devel/message/75498 Signed-off-by: Anthony PERARD Acked-by: Ian Jackson (cherry picked from commit aad7b5c11d51d57659978e04702ac970906894e8) (cherry picked from commit 7988ef515a5eabe74bb5468c8c692e03ee9db8bc) --- tools/firmware/ovmf-makefile | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/tools/firmware/ovmf-makefile b/tools/firmware/ovmf-makefile index 55f9992145..637ee509c3 100644 --- a/tools/firmware/ovmf-makefile +++ b/tools/firmware/ovmf-makefile @@ -17,8 +17,14 @@ all: build .PHONY: build build: if test -e .git ; then $(GIT) submodule update --init --recursive ; fi - OvmfPkg/build.sh -a X64 -b $(TARGET) -n 4 - cp Build/OvmfX64/$(TARGET)_GCC*/FV/OVMF.fd ovmf.bin + set -ex; \ + if test -e OvmfPkg/OvmfXen.dsc; then \ + OvmfPkg/build.sh -a X64 -b $(TARGET) -n 4 -p OvmfPkg/OvmfXen.dsc; \ + cp Build/OvmfXen/$(TARGET)_GCC*/FV/OVMF.fd ovmf.bin; \ + else \ + OvmfPkg/build.sh -a X64 -b $(TARGET) -n 4; \ + cp Build/OvmfX64/$(TARGET)_GCC*/FV/OVMF.fd ovmf.bin; \ + fi .PHONY: clean clean: -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 07:03:57 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 07:03:57 +0000 Received: from list by lists.xenproject.org with outflank-mailman.182685.330398 (Exim 4.92) (envelope-from ) id 1mOE6H-0004Q8-B8; Thu, 09 Sep 2021 07:03:57 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 182685.330398; Thu, 09 Sep 2021 07:03:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE6H-0004Q0-87; Thu, 09 Sep 2021 07:03:57 +0000 Received: by outflank-mailman (input) for mailman id 182685; Thu, 09 Sep 2021 07:03:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE6F-0004PU-SL for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:03:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE6F-0007SX-PR for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:03:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOE6F-0001hM-OR for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:03:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=zvaYM0dgGIfZC+bXWfwkgaeGwOSIeofHEgjCUN01EEw=; b=3JFzBDc8hMSPVBzFMbeFqoT0aB zSVkBEQ3xqKhCB5RhlOViXhvWitvvU+hSbUFYreNPBmcBcQkkuxTZ5Z8BExw7TUF4/Ka5l/ojt05+ PHh5XnqJgPyncz9VlW7g4QaB1EQgOO2FL+2UEwzVpXw21QVvpKuql/i7XEJY6we3yXG8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] gnttab: avoid triggering assertion in radix_tree_ulong_to_ptr() Message-Id: Date: Thu, 09 Sep 2021 07:03:55 +0000 commit 76c7755ed5ebc0ade1711ffd6f435233b97e8332 Author: Jan Beulich AuthorDate: Wed Sep 8 14:50:39 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 8 14:50:39 2021 +0200 gnttab: avoid triggering assertion in radix_tree_ulong_to_ptr() Relevant quotes from the C11 standard: "Except where explicitly stated otherwise, for the purposes of this subclause unnamed members of objects of structure and union type do not participate in initialization. Unnamed members of structure objects have indeterminate value even after initialization." "If there are fewer initializers in a brace-enclosed list than there are elements or members of an aggregate, [...], the remainder of the aggregate shall be initialized implicitly the same as objects that have static storage duration." "If an object that has static or thread storage duration is not initialized explicitly, then: [...] — if it is an aggregate, every member is initialized (recursively) according to these rules, and any padding is initialized to zero bits; [...]" "A bit-field declaration with no declarator, but only a colon and a width, indicates an unnamed bit-field." Footnote: "An unnamed bit-field structure member is useful for padding to conform to externally imposed layouts." "There may be unnamed padding within a structure object, but not at its beginning." Which makes me conclude: - Whether an unnamed bit-field member is an unnamed member or padding is unclear, and hence also whether the last quote above would render the big endian case of the structure declaration invalid. - Whether the number of members of an aggregate includes unnamed ones is also not really clear. - The initializer in map_grant_ref() initializes all fields of the "cnt" sub-structure of the union, so assuming the second quote above applies here (indirectly), the compiler isn't required to implicitly initialize the rest (i.e. in particular any padding) like would happen for static storage duration objects. Gcc 7.4.1 can be observed (apparently in debug builds only) to translate aforementioned initializer to a read-modify-write operation of a stack variable, leaving unchanged the top two bits of whatever was previously in that stack slot. Clearly if either of the two bits were set, radix_tree_ulong_to_ptr()'s assertion would trigger. Therefore, to be on the safe side, add an explicit padding field for the non-big-endian-bitfields case and give a dummy name to both padding fields. Fixes: 9781b51efde2 ("gnttab: replace mapkind()") Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: b6da9d0414d69c2682214ee3ecf9816fcac500d0 master date: 2021-08-27 10:54:46 +0200 --- xen/common/grant_table.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 192db15c34..86e298dfc0 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -930,10 +930,13 @@ union maptrack_node { struct { /* Radix tree slot pointers use two of the bits. */ #ifdef __BIG_ENDIAN_BITFIELD - unsigned long : 2; + unsigned long _0 : 2; #endif unsigned long rd : BITS_PER_LONG / 2 - 1; unsigned long wr : BITS_PER_LONG / 2 - 1; +#ifndef __BIG_ENDIAN_BITFIELD + unsigned long _0 : 2; +#endif } cnt; unsigned long raw; }; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 07:04:07 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 07:04:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.182688.330402 (Exim 4.92) (envelope-from ) id 1mOE6R-0004TH-Ct; Thu, 09 Sep 2021 07:04:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 182688.330402; Thu, 09 Sep 2021 07:04:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE6R-0004T7-9l; Thu, 09 Sep 2021 07:04:07 +0000 Received: by outflank-mailman (input) for mailman id 182688; Thu, 09 Sep 2021 07:04:06 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE6Q-0004Se-1T for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:04:06 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE6P-0007Sz-Sw for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:04:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOE6P-0001iZ-S2 for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:04:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=E1HNGKkA+hSfHLbBEjob3t7drupo7cMrsaDdXcwfVYM=; b=oMT05CzpI18QTHqBsTbSBUBZ/A eSTImRCgCSUPRmYaItov9GGMEs7wlEFrwVk2n/bWKOc24qdRyNkEjE760nBrl+QZJSLA5va4qGcgN ZQAe9CzG6aUsBBMtmbqgV/OhlREio+9c0t+ANXS/+ir/GOnAgvwxDnIzFU9sML7Z+inc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/PVH: de-duplicate mappings for first Mb of Dom0 memory Message-Id: Date: Thu, 09 Sep 2021 07:04:05 +0000 commit 0cfccfd7feffb51295d10bd4952a37bb06f0b53f Author: Jan Beulich AuthorDate: Wed Sep 8 14:51:24 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 8 14:51:24 2021 +0200 x86/PVH: de-duplicate mappings for first Mb of Dom0 memory One of the changes comprising the fixes for XSA-378 disallows replacing MMIO mappings by code paths not intended for this purpose. This means we need to be more careful about the mappings put in place in this range - mappings should be created exactly once: - iommu_hwdom_init() comes first; it should avoid the first Mb, - pvh_populate_p2m() should insert identity mappings only into ranges not populated as RAM, - pvh_setup_acpi() should again avoid the first Mb, which was already dealt with at that point. Fixes: 753cb68e6530 ("x86/p2m: guard (in particular) identity mapping entries") Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: 6b4f6a31ace125d658a581e8d10809e4fccdc272 master date: 2021-08-31 17:43:36 +0200 --- xen/arch/x86/hvm/dom0_build.c | 39 ++++++++++++++++++++++++++----------- xen/drivers/passthrough/x86/iommu.c | 8 +++++++- 2 files changed, 35 insertions(+), 12 deletions(-) diff --git a/xen/arch/x86/hvm/dom0_build.c b/xen/arch/x86/hvm/dom0_build.c index 12a82c9d7c..5ba0c80a89 100644 --- a/xen/arch/x86/hvm/dom0_build.c +++ b/xen/arch/x86/hvm/dom0_build.c @@ -430,17 +430,6 @@ static int __init pvh_populate_p2m(struct domain *d) int rc; #define MB1_PAGES PFN_DOWN(MB(1)) - /* - * Memory below 1MB is identity mapped initially. RAM regions are - * populated and copied below, replacing the respective mappings. - */ - rc = modify_identity_mmio(d, 0, MB1_PAGES, true); - if ( rc ) - { - printk("Failed to identity map low 1MB: %d\n", rc); - return rc; - } - /* Populate memory map. */ for ( i = 0; i < d->arch.nr_e820; i++ ) { @@ -472,6 +461,23 @@ static int __init pvh_populate_p2m(struct domain *d) } } + /* Non-RAM regions of space below 1MB get identity mapped. */ + for ( i = rc = 0; i < MB1_PAGES; ++i ) + { + p2m_type_t p2mt; + + if ( mfn_eq(get_gfn_query(d, i, &p2mt), INVALID_MFN) ) + rc = set_mmio_p2m_entry(d, _gfn(i), _mfn(i), PAGE_ORDER_4K); + else + ASSERT(p2mt == p2m_ram_rw); + put_gfn(d, i); + if ( rc ) + { + printk("Failed to identity map PFN %x: %d\n", i, rc); + return rc; + } + } + if ( cpu_has_vmx && paging_mode_hap(d) && !vmx_unrestricted_guest(v) ) { /* @@ -1080,6 +1086,17 @@ static int __init pvh_setup_acpi(struct domain *d, paddr_t start_info) nr_pages = PFN_UP((d->arch.e820[i].addr & ~PAGE_MASK) + d->arch.e820[i].size); + /* Memory below 1MB has been dealt with by pvh_populate_p2m(). */ + if ( pfn < PFN_DOWN(MB(1)) ) + { + if ( pfn + nr_pages <= PFN_DOWN(MB(1)) ) + continue; + + /* This shouldn't happen, but is easy to deal with. */ + nr_pages -= PFN_DOWN(MB(1)) - pfn; + pfn = PFN_DOWN(MB(1)); + } + rc = modify_identity_mmio(d, pfn, nr_pages, true); if ( rc ) { diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index 829334ed99..1d7cebcc06 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -325,7 +325,13 @@ void __hwdom_init arch_iommu_hwdom_init(struct domain *d) max_pfn = (GB(4) >> PAGE_SHIFT) - 1; top = max(max_pdx, pfn_to_pdx(max_pfn) + 1); - for ( i = 0; i < top; i++ ) + /* + * First Mb will get mapped in one go by pvh_populate_p2m(). Avoid + * setting up potentially conflicting mappings here. + */ + i = paging_mode_translate(d) ? PFN_DOWN(MB(1)) : 0; + + for ( ; i < top; i++ ) { unsigned long pfn = pdx_to_pfn(i); int rc; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 07:04:17 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 07:04:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.182690.330407 (Exim 4.92) (envelope-from ) id 1mOE6b-0004WH-GP; Thu, 09 Sep 2021 07:04:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 182690.330407; Thu, 09 Sep 2021 07:04:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE6b-0004W3-BE; Thu, 09 Sep 2021 07:04:17 +0000 Received: by outflank-mailman (input) for mailman id 182690; Thu, 09 Sep 2021 07:04:16 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE6a-0004Vk-0t for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:04:16 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE6a-0007T9-08 for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:04:16 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOE6Z-0001k2-Vc for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:04:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=HmxqdeGvr1wPX0f/D+ClhK2vVzbjVSh4BOSpO9yI7v4=; b=Xp1k+5/aBDMgdcV/WniMiN2jUB eHXf7+pvq04xM7H7xMSIlP05hJ8M83M3ExGlEjmxQJjfqZxgh4xBGlPmXaecykvNjSjPFX83E1QDM k3YS72ofFG1kpLg3Pw49KqV9kUoe3pn3gFsY+1z0YUjJJXk47TTO0TlerdCxf6j8edTU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/P2M: relax guarding of MMIO entries Message-Id: Date: Thu, 09 Sep 2021 07:04:15 +0000 commit 7bcd5478cccc3b1fc912097a9f534bf7e8fe94af Author: Jan Beulich AuthorDate: Wed Sep 8 14:51:48 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 8 14:51:48 2021 +0200 x86/P2M: relax guarding of MMIO entries One of the changes comprising the fixes for XSA-378 disallows replacing MMIO mappings by code paths not intended for this purpose. At least in the case of PVH Dom0 hitting an RMRR covered by an E820 ACPI region, this is too strict. Generally short-circuit requests establishing the same kind of mapping (mfn, type), but allow permissions to differ. While there, also add a log message to the other domain_crash() invocation that did prevent PVH Dom0 from coming up after the XSA-378 changes. Fixes: 753cb68e6530 ("x86/p2m: guard (in particular) identity mapping entries") Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: 111469cc7b3f586c2335e70205320ed3c828b89e master date: 2021-09-07 09:39:38 +0200 --- xen/arch/x86/mm/p2m.c | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 5005844b57..165efed3f2 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -939,9 +939,13 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, if ( p2m_is_special(ot) ) { /* Don't permit unmapping grant/foreign/direct-MMIO this way. */ - domain_crash(d); p2m_unlock(p2m); - + printk(XENLOG_G_ERR + "%pd: GFN %#lx (%#lx,%u,%u) -> (%#lx,%u,%u) not permitted\n", + d, gfn_x(gfn) + i, + mfn_x(omfn), ot, a, + mfn_x(mfn) + i, t, p2m->default_access); + domain_crash(d); return -EPERM; } else if ( p2m_is_ram(ot) && !p2m_is_paged(ot) ) @@ -1285,9 +1289,24 @@ static int set_typed_p2m_entry(struct domain *d, unsigned long gfn_l, } if ( p2m_is_special(ot) ) { - gfn_unlock(p2m, gfn, order); - domain_crash(d); - return -EPERM; + /* Special-case (almost) identical mappings. */ + if ( !mfn_eq(mfn, omfn) || gfn_p2mt != ot ) + { + gfn_unlock(p2m, gfn, order); + printk(XENLOG_G_ERR + "%pd: GFN %#lx (%#lx,%u,%u,%u) -> (%#lx,%u,%u,%u) not permitted\n", + d, gfn_l, + mfn_x(omfn), cur_order, ot, a, + mfn_x(mfn), order, gfn_p2mt, access); + domain_crash(d); + return -EPERM; + } + + if ( access == a ) + { + gfn_unlock(p2m, gfn, order); + return 0; + } } else if ( p2m_is_ram(ot) ) { -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 07:04:27 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 07:04:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.182692.330411 (Exim 4.92) (envelope-from ) id 1mOE6l-0004Zu-ID; Thu, 09 Sep 2021 07:04:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 182692.330411; Thu, 09 Sep 2021 07:04:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE6l-0004Zm-Em; Thu, 09 Sep 2021 07:04:27 +0000 Received: by outflank-mailman (input) for mailman id 182692; Thu, 09 Sep 2021 07:04:26 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE6k-0004ZX-4F for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:04:26 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE6k-0007TJ-3X for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:04:26 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOE6k-0001lS-2q for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:04:26 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=r4EpmktqNWNdG5R9h6YAidcPGMxXyfcjIPK6Ga8cB1E=; b=uGGmIf3I+2AoBl+fMVeVD5mlQD 2lFZf9be0zU2oo0hF2at9pw5NNTc3zQSlQFS0Z4/TmvCtm5EICQFY+0f4oEytaW6kljUIRFwPSAbd n2FTl9IYy1odqJHmXV1gXgeda7KBAHeDDWIzlYMmqT5jeAe8j9OuZSO4Rudrjq0zOgHE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/p2m-pt: fix p2m_flags_to_access() Message-Id: Date: Thu, 09 Sep 2021 07:04:26 +0000 commit 4ff1d3b86fe901ac558310f41ab0331ed4a249ea Author: Jan Beulich AuthorDate: Wed Sep 8 14:52:13 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 8 14:52:13 2021 +0200 x86/p2m-pt: fix p2m_flags_to_access() The initial if() was inverted, invalidating all output from this function. Which in turn means the mirroring of P2M mappings into the IOMMU didn't always work as intended: Mappings may have got updated when there was no need to. There would not have been too few (un)mappings; what saves us is that alongside the flags comparison MFNs also get compared, with non-present entries always having an MFN of 0 or INVALID_MFN while present entries always have MFNs different from these two (0 in the table also meant to cover INVALID_MFN): OLD NEW P W access MFN P W access MFN 0 0 r 0 0 0 n 0 0 1 rw 0 0 1 n 0 1 0 n non-0 1 0 r non-0 1 1 n non-0 1 1 rw non-0 present <-> non-present transitions are fine because the MFNs differ. present -> present transitions as well as non-present -> non-present ones are potentially causing too many map/unmap operations, but never too few, because in that case old (bogus) and new access differ. Fixes: d1bb6c97c31e ("IOMMU: also pass p2m_access_t to p2m_get_iommu_flags()) Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: e70a9a043a5ce6d4025420f729bc473f711bf5d1 master date: 2021-09-07 14:24:49 +0200 --- xen/arch/x86/mm/p2m-pt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/mm/p2m-pt.c b/xen/arch/x86/mm/p2m-pt.c index 68744b74a4..28d1875820 100644 --- a/xen/arch/x86/mm/p2m-pt.c +++ b/xen/arch/x86/mm/p2m-pt.c @@ -483,7 +483,7 @@ int p2m_pt_handle_deferred_changes(uint64_t gpa) /* Reconstruct a fake p2m_access_t from stored PTE flags. */ static p2m_access_t p2m_flags_to_access(unsigned int flags) { - if ( flags & _PAGE_PRESENT ) + if ( !(flags & _PAGE_PRESENT) ) return p2m_access_n; /* No need to look at _PAGE_NX for now. */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 07:04:37 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 07:04:37 +0000 Received: from list by lists.xenproject.org with outflank-mailman.182694.330415 (Exim 4.92) (envelope-from ) id 1mOE6v-0004cw-K6; Thu, 09 Sep 2021 07:04:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 182694.330415; Thu, 09 Sep 2021 07:04:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE6v-0004cl-GM; Thu, 09 Sep 2021 07:04:37 +0000 Received: by outflank-mailman (input) for mailman id 182694; Thu, 09 Sep 2021 07:04:36 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE6u-0004cL-8F for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:04:36 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOE6u-0007Ta-7R for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:04:36 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOE6u-0001md-6i for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 07:04:36 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=teZWiC8se4pkHhngr6xY16/WvYduwnkziON5SpwwVtM=; b=09aSG7Vjc4f3mlA951+zepdpfD LFFC40uBxK+niAAbJTHCvXwXqAMbP3UUDrqqe2Axa9E4WTPKpwSidD0rd/72nQ+5dNqPiEQmVCOhy +Fg5M0WmhM+kdL4drnGQv3XoIBlB9KGZoD033u9itl6RK5mtrBWCvmNL0MKCxQT+320U=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] gnttab: deal with status frame mapping race Message-Id: Date: Thu, 09 Sep 2021 07:04:36 +0000 commit ef6455a3707cf1c7c61ad8af12558811eeee4ba8 Author: Jan Beulich AuthorDate: Wed Sep 8 14:53:04 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 8 14:53:04 2021 +0200 gnttab: deal with status frame mapping race Once gnttab_map_frame() drops the grant table lock, the MFN it reports back to its caller is free to other manipulation. In particular gnttab_unpopulate_status_frames() might free it, by a racing request on another CPU, thus resulting in a reference to a deallocated page getting added to a domain's P2M. Obtain a page reference in gnttab_map_frame() to prevent freeing of the page until xenmem_add_to_physmap_one() has actually completed its acting on the page. Do so uniformly, even if only strictly required for v2 status pages, to avoid extra conditionals (which then would all need to be kept in sync going forward). This is CVE-2021-28701 / XSA-384. Reported-by: Julien Grall Signed-off-by: Jan Beulich Reviewed-by: Julien Grall master commit: eb6bbf7b30da5bae87932514d54d0e3c68b23757 master date: 2021-09-08 14:37:45 +0200 --- xen/arch/arm/mm.c | 11 ++++++++--- xen/arch/x86/mm.c | 2 ++ xen/common/grant_table.c | 11 ++++++++++- 3 files changed, 20 insertions(+), 4 deletions(-) diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c index 38200e2533..e6c0a0d353 100644 --- a/xen/arch/arm/mm.c +++ b/xen/arch/arm/mm.c @@ -1423,6 +1423,8 @@ int xenmem_add_to_physmap_one( if ( rc ) return rc; + /* Need to take care of the reference obtained in gnttab_map_frame(). */ + page = mfn_to_page(mfn); t = p2m_ram_rw; break; @@ -1490,9 +1492,12 @@ int xenmem_add_to_physmap_one( /* Map at new location. */ rc = guest_physmap_add_entry(d, gfn, mfn, 0, t); - /* If we fail to add the mapping, we need to drop the reference we - * took earlier on foreign pages */ - if ( rc && space == XENMAPSPACE_gmfn_foreign ) + /* + * For XENMAPSPACE_gmfn_foreign if we failed to add the mapping, we need + * to drop the reference we took earlier. In all other cases we need to + * drop any reference we took earlier (perhaps indirectly). + */ + if ( space == XENMAPSPACE_gmfn_foreign ? rc : page != NULL ) { ASSERT(page != NULL); put_page(page); diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 56bad5b3ea..689a430d3b 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -4620,6 +4620,8 @@ int xenmem_add_to_physmap_one( rc = gnttab_map_frame(d, idx, gpfn, &mfn); if ( rc ) return rc; + /* Need to take care of the ref obtained in gnttab_map_frame(). */ + page = mfn_to_page(mfn); break; case XENMAPSPACE_gmfn: { diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 86e298dfc0..f8486c3de7 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -4105,7 +4105,16 @@ int gnttab_map_frame(struct domain *d, unsigned long idx, gfn_t gfn, mfn_t *mfn) } if ( !rc ) - gnttab_set_frame_gfn(gt, status, idx, gfn); + { + /* + * Make sure gnttab_unpopulate_status_frames() won't (successfully) + * free the page until our caller has completed its operation. + */ + if ( get_page(mfn_to_page(*mfn), d) ) + gnttab_set_frame_gfn(gt, status, idx, gfn); + else + rc = -EBUSY; + } grant_write_unlock(gt); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 11:44:10 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 11:44:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183028.330952 (Exim 4.92) (envelope-from ) id 1mOITN-0005CK-Rf; Thu, 09 Sep 2021 11:44:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183028.330952; Thu, 09 Sep 2021 11:44:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOITN-0005CA-Oa; Thu, 09 Sep 2021 11:44:05 +0000 Received: by outflank-mailman (input) for mailman id 183028; Thu, 09 Sep 2021 11:44:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOITM-0005Bo-QP for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 11:44:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOITM-0004dT-Oe for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 11:44:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOITM-0001Q4-N8 for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 11:44:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=WTQes19krHk3WypU3PC3GTJXO92zlCSLiAuJgymy9U4=; b=2eipKXSSqidiGA0IqFq5nVqfob GN+KEWcrG+V3y0X9RjUtNqxoQa3DJY6hPYSHZ4/Xb+r7O7zDkfP7h92kCnYIyp0nwWf+kSo8DIZ9u vMuqXLh/ck1M+wLFzxb7zdRKq6mMlacZFmLF2OQGkajKA5zLr3dX0blMSXowGDoAQU78=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/spec-ctrl: Print all AMD speculative hints/features Message-Id: Date: Thu, 09 Sep 2021 11:44:04 +0000 commit 3d189f16a11d5a209fb47fa3635847608d43745c Author: Andrew Cooper AuthorDate: Wed Sep 8 18:21:10 2021 +0100 Commit: Andrew Cooper CommitDate: Thu Sep 9 12:36:17 2021 +0100 x86/spec-ctrl: Print all AMD speculative hints/features We already print Intel features that aren't yet implemented/used, so be consistent on AMD too. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/spec_ctrl.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index f0c67d41b8..16d2a1d172 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -321,7 +321,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) * Hardware read-only information, stating immunity to certain issues, or * suggestions of which mitigation to use. */ - printk(" Hardware hints:%s%s%s%s%s%s%s\n", + printk(" Hardware hints:%s%s%s%s%s%s%s%s%s%s%s\n", (caps & ARCH_CAPS_RDCL_NO) ? " RDCL_NO" : "", (caps & ARCH_CAPS_IBRS_ALL) ? " IBRS_ALL" : "", (caps & ARCH_CAPS_RSBA) ? " RSBA" : "", @@ -329,16 +329,23 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (e8b & cpufeat_mask(X86_FEATURE_SSB_NO)) || (caps & ARCH_CAPS_SSB_NO) ? " SSB_NO" : "", (caps & ARCH_CAPS_MDS_NO) ? " MDS_NO" : "", - (caps & ARCH_CAPS_TAA_NO) ? " TAA_NO" : ""); + (caps & ARCH_CAPS_TAA_NO) ? " TAA_NO" : "", + (e8b & cpufeat_mask(X86_FEATURE_IBRS_ALWAYS)) ? " IBRS_ALWAYS" : "", + (e8b & cpufeat_mask(X86_FEATURE_STIBP_ALWAYS)) ? " STIBP_ALWAYS" : "", + (e8b & cpufeat_mask(X86_FEATURE_IBRS_FAST)) ? " IBRS_FAST" : "", + (e8b & cpufeat_mask(X86_FEATURE_IBRS_SAME_MODE)) ? " IBRS_SAME_MODE" : ""); /* Hardware features which need driving to mitigate issues. */ - printk(" Hardware features:%s%s%s%s%s%s%s%s%s\n", + printk(" Hardware features:%s%s%s%s%s%s%s%s%s%s\n", (e8b & cpufeat_mask(X86_FEATURE_IBPB)) || (_7d0 & cpufeat_mask(X86_FEATURE_IBRSB)) ? " IBPB" : "", + (e8b & cpufeat_mask(X86_FEATURE_IBRS)) || (_7d0 & cpufeat_mask(X86_FEATURE_IBRSB)) ? " IBRS" : "", + (e8b & cpufeat_mask(X86_FEATURE_AMD_STIBP)) || (_7d0 & cpufeat_mask(X86_FEATURE_STIBP)) ? " STIBP" : "", (e8b & cpufeat_mask(X86_FEATURE_AMD_SSBD)) || (_7d0 & cpufeat_mask(X86_FEATURE_SSBD)) ? " SSBD" : "", + (e8b & cpufeat_mask(X86_FEATURE_PSFD)) ? " PSFD" : "", (_7d0 & cpufeat_mask(X86_FEATURE_L1D_FLUSH)) ? " L1D_FLUSH" : "", (_7d0 & cpufeat_mask(X86_FEATURE_MD_CLEAR)) ? " MD_CLEAR" : "", (_7d0 & cpufeat_mask(X86_FEATURE_SRBDS_CTRL)) ? " SRBDS_CTRL" : "", -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 11:44:15 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 11:44:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183031.330956 (Exim 4.92) (envelope-from ) id 1mOITX-0005Iv-TG; Thu, 09 Sep 2021 11:44:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183031.330956; Thu, 09 Sep 2021 11:44:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOITX-0005Il-Q7; Thu, 09 Sep 2021 11:44:15 +0000 Received: by outflank-mailman (input) for mailman id 183031; Thu, 09 Sep 2021 11:44:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOITW-0005IV-TN for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 11:44:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOITW-0004dd-Sd for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 11:44:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOITW-0001Qq-RS for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 11:44:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=wEuxdjLQ2FBs8+AjXQ1MPbOz/fA2bm1wqtBfqoMr7tU=; b=w28Wvyb8CHb40wXzA98AN2otAm /l2TRUqJ6stq28oKapSd5AYDhSN17KjYdhxumaRKMyzxBS+flO2A50sma9haYfrmID1b89ciJ1dzq UoRK9pjv+Q8Lcsu4ZeJ66T1YAPMOFNHQq8rskTmZ4QTk+wHNqh7EQ/PaioZg21UhU+hw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/svm: Intercept and terminate RDPRU with #UD Message-Id: Date: Thu, 09 Sep 2021 11:44:14 +0000 commit 2e2e22c7d50392fa5cced3e0334b217426f48b7a Author: Andrew Cooper AuthorDate: Mon Aug 19 16:40:06 2019 +0100 Commit: Andrew Cooper CommitDate: Thu Sep 9 12:36:17 2021 +0100 x86/svm: Intercept and terminate RDPRU with #UD The RDPRU instruction isn't supported at all (and it is unclear how this can ever be offered safely to guests). However, a guest which ignores CPUID and blindly executes RDPRU will find that it functions. Use the intercept and terminate with #UD. While at it, fold SKINIT into the same "unconditionally disabled" path. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/hvm/svm/svm.c | 5 ++--- xen/arch/x86/hvm/svm/vmcb.c | 3 ++- xen/include/asm-x86/hvm/svm/vmcb.h | 4 +++- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index 309912a234..afb1ccb342 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -2945,6 +2945,8 @@ void svm_vmexit_handler(struct cpu_user_regs *regs) case VMEXIT_MONITOR: case VMEXIT_MWAIT: + case VMEXIT_SKINIT: + case VMEXIT_RDPRU: hvm_inject_hw_exception(TRAP_invalid_op, X86_EVENT_NO_EC); break; @@ -2963,9 +2965,6 @@ void svm_vmexit_handler(struct cpu_user_regs *regs) case VMEXIT_CLGI: svm_vmexit_do_clgi(regs, v); break; - case VMEXIT_SKINIT: - hvm_inject_hw_exception(TRAP_invalid_op, X86_EVENT_NO_EC); - break; case VMEXIT_XSETBV: if ( vmcb_get_cpl(vmcb) ) diff --git a/xen/arch/x86/hvm/svm/vmcb.c b/xen/arch/x86/hvm/svm/vmcb.c index 55da9302e5..565e997155 100644 --- a/xen/arch/x86/hvm/svm/vmcb.c +++ b/xen/arch/x86/hvm/svm/vmcb.c @@ -70,7 +70,8 @@ static int construct_vmcb(struct vcpu *v) GENERAL2_INTERCEPT_STGI | GENERAL2_INTERCEPT_CLGI | GENERAL2_INTERCEPT_SKINIT | GENERAL2_INTERCEPT_MWAIT | GENERAL2_INTERCEPT_WBINVD | GENERAL2_INTERCEPT_MONITOR | - GENERAL2_INTERCEPT_XSETBV | GENERAL2_INTERCEPT_ICEBP; + GENERAL2_INTERCEPT_XSETBV | GENERAL2_INTERCEPT_ICEBP | + GENERAL2_INTERCEPT_RDPRU; /* Intercept all debug-register writes. */ vmcb->_dr_intercepts = ~0u; diff --git a/xen/include/asm-x86/hvm/svm/vmcb.h b/xen/include/asm-x86/hvm/svm/vmcb.h index 4fa2ddfb2f..ed7cebea71 100644 --- a/xen/include/asm-x86/hvm/svm/vmcb.h +++ b/xen/include/asm-x86/hvm/svm/vmcb.h @@ -74,7 +74,8 @@ enum GenericIntercept2bits GENERAL2_INTERCEPT_MONITOR = 1 << 10, GENERAL2_INTERCEPT_MWAIT = 1 << 11, GENERAL2_INTERCEPT_MWAIT_CONDITIONAL = 1 << 12, - GENERAL2_INTERCEPT_XSETBV = 1 << 13 + GENERAL2_INTERCEPT_XSETBV = 1 << 13, + GENERAL2_INTERCEPT_RDPRU = 1 << 14, }; @@ -300,6 +301,7 @@ enum VMEXIT_EXITCODE VMEXIT_MWAIT = 139, /* 0x8b */ VMEXIT_MWAIT_CONDITIONAL= 140, /* 0x8c */ VMEXIT_XSETBV = 141, /* 0x8d */ + VMEXIT_RDPRU = 142, /* 0x8e */ VMEXIT_NPF = 1024, /* 0x400, nested paging fault */ VMEXIT_INVALID = -1 }; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 12:22:07 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 12:22:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183105.331051 (Exim 4.92) (envelope-from ) id 1mOJ47-0006oN-O7; Thu, 09 Sep 2021 12:22:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183105.331051; Thu, 09 Sep 2021 12:22:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ47-0006oF-Ko; Thu, 09 Sep 2021 12:22:03 +0000 Received: by outflank-mailman (input) for mailman id 183105; Thu, 09 Sep 2021 12:22:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ47-0006o9-05 for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:22:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ46-0005NG-VX for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:22:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOJ46-00049S-U7 for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:22:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=l6oN0o2bUW4FD4WFxSS59OESuzLFhnwFhMzPlya7stY=; b=46uemRt//UmZuwk3omE+zIZXeQ vX5xKdIGrdAi3J92i8QfKehBSkcNqBeKb54YPl+Idr5rbw8rWNYbI9xx0G04r/mvf3RNzKCyS+Dwu ykgYzu4PHpaKPx9p+ELnt6mSvWEiMF/tGHUMcjyWTnQAoRi4Ut4AMBXJvV6r/IV43KQM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] tools/libs/ctrl: fix xc_core_arch_map_p2m() to support linear p2m table Message-Id: Date: Thu, 09 Sep 2021 12:22:02 +0000 commit 2b23bb664ff661eb5ca8bb79498b9df55c4d59cf Author: Juergen Gross AuthorDate: Fri Jul 2 16:29:44 2021 +0200 Commit: Ian Jackson CommitDate: Thu Aug 19 17:12:10 2021 +0100 tools/libs/ctrl: fix xc_core_arch_map_p2m() to support linear p2m table The core of a pv linux guest produced via "xl dump-core" is not usable as since kernel 4.14 only the linear p2m table is kept if Xen indicates it is supporting that. Unfortunately xc_core_arch_map_p2m() is still supporting the 3-level p2m tree only. Fix that by copying the functionality of map_p2m() from libxenguest to libxenctrl. Additionally the mapped p2m isn't of a fixed length now, so the interface to the mapping functions needs to be adapted. In order not to add even more parameters, expand struct domain_info_context and use a pointer to that as a parameter. This is a backport of upstream commit bd7a29c3d0b937ab542a. As the original patch includes a modification of a data structure passed via pointer to a library function, the related function in the library is renamed in order to be able to spot any external users of that function. Note that it is extremely unlikely any such users outside the Xen git tree are existing, so the risk to break any existing programs is very unlikely. In case such a user is existing, changing the name of xc_map_domain_meminfo() will at least avoid silent breakage. Fixes: dc6d60937121 ("libxc: set flag for support of linear p2m list in domain builder") Signed-off-by: Juergen Gross Reviewed-by: Ian Jackson --- tools/include/xenguest.h | 2 + tools/libs/ctrl/xc_core.c | 5 +- tools/libs/ctrl/xc_core.h | 8 +- tools/libs/ctrl/xc_core_arm.c | 23 ++-- tools/libs/ctrl/xc_core_x86.c | 256 ++++++++++++++++++++++++++++++++++-------- tools/libs/ctrl/xc_private.h | 1 + tools/libs/guest/xg_domain.c | 17 +-- 7 files changed, 234 insertions(+), 78 deletions(-) diff --git a/tools/include/xenguest.h b/tools/include/xenguest.h index 217022b6e7..36a26deba4 100644 --- a/tools/include/xenguest.h +++ b/tools/include/xenguest.h @@ -700,8 +700,10 @@ struct xc_domain_meminfo { xen_pfn_t *pfn_type; xen_pfn_t *p2m_table; unsigned long p2m_size; + unsigned int p2m_frames; }; +#define xc_map_domain_meminfo xc_map_domain_meminfo_mod int xc_map_domain_meminfo(xc_interface *xch, uint32_t domid, struct xc_domain_meminfo *minfo); diff --git a/tools/libs/ctrl/xc_core.c b/tools/libs/ctrl/xc_core.c index b47ab2f6d8..9576bec5a3 100644 --- a/tools/libs/ctrl/xc_core.c +++ b/tools/libs/ctrl/xc_core.c @@ -574,8 +574,7 @@ xc_domain_dumpcore_via_callback(xc_interface *xch, goto out; } - sts = xc_core_arch_map_p2m(xch, dinfo->guest_width, &info, live_shinfo, - &p2m, &dinfo->p2m_size); + sts = xc_core_arch_map_p2m(xch, dinfo, &info, live_shinfo, &p2m); if ( sts != 0 ) goto out; @@ -945,7 +944,7 @@ out: if ( memory_map != NULL ) free(memory_map); if ( p2m != NULL ) - munmap(p2m, PAGE_SIZE * P2M_FL_ENTRIES); + munmap(p2m, PAGE_SIZE * dinfo->p2m_frames); if ( p2m_array != NULL ) free(p2m_array); if ( pfn_array != NULL ) diff --git a/tools/libs/ctrl/xc_core.h b/tools/libs/ctrl/xc_core.h index 36fb755da2..8ea1f93a10 100644 --- a/tools/libs/ctrl/xc_core.h +++ b/tools/libs/ctrl/xc_core.h @@ -138,14 +138,14 @@ int xc_core_arch_memory_map_get(xc_interface *xch, xc_dominfo_t *info, shared_info_any_t *live_shinfo, xc_core_memory_map_t **mapp, unsigned int *nr_entries); -int xc_core_arch_map_p2m(xc_interface *xch, unsigned int guest_width, +int xc_core_arch_map_p2m(xc_interface *xch, struct domain_info_context *dinfo, xc_dominfo_t *info, shared_info_any_t *live_shinfo, - xen_pfn_t **live_p2m, unsigned long *pfnp); + xen_pfn_t **live_p2m); -int xc_core_arch_map_p2m_writable(xc_interface *xch, unsigned int guest_width, +int xc_core_arch_map_p2m_writable(xc_interface *xch, struct domain_info_context *dinfo, xc_dominfo_t *info, shared_info_any_t *live_shinfo, - xen_pfn_t **live_p2m, unsigned long *pfnp); + xen_pfn_t **live_p2m); int xc_core_arch_get_scratch_gpfn(xc_interface *xch, uint32_t domid, xen_pfn_t *gpfn); diff --git a/tools/libs/ctrl/xc_core_arm.c b/tools/libs/ctrl/xc_core_arm.c index 7b587b4cc5..93765a565f 100644 --- a/tools/libs/ctrl/xc_core_arm.c +++ b/tools/libs/ctrl/xc_core_arm.c @@ -66,33 +66,24 @@ xc_core_arch_memory_map_get(xc_interface *xch, struct xc_core_arch_context *unus static int xc_core_arch_map_p2m_rw(xc_interface *xch, struct domain_info_context *dinfo, xc_dominfo_t *info, - shared_info_any_t *live_shinfo, xen_pfn_t **live_p2m, - unsigned long *pfnp, int rw) + shared_info_any_t *live_shinfo, xen_pfn_t **live_p2m, int rw) { errno = ENOSYS; return -1; } int -xc_core_arch_map_p2m(xc_interface *xch, unsigned int guest_width, xc_dominfo_t *info, - shared_info_any_t *live_shinfo, xen_pfn_t **live_p2m, - unsigned long *pfnp) +xc_core_arch_map_p2m(xc_interface *xch, struct domain_info_context *dinfo, xc_dominfo_t *info, + shared_info_any_t *live_shinfo, xen_pfn_t **live_p2m) { - struct domain_info_context _dinfo = { .guest_width = guest_width }; - struct domain_info_context *dinfo = &_dinfo; - return xc_core_arch_map_p2m_rw(xch, dinfo, info, - live_shinfo, live_p2m, pfnp, 0); + return xc_core_arch_map_p2m_rw(xch, dinfo, info, live_shinfo, live_p2m, 0); } int -xc_core_arch_map_p2m_writable(xc_interface *xch, unsigned int guest_width, xc_dominfo_t *info, - shared_info_any_t *live_shinfo, xen_pfn_t **live_p2m, - unsigned long *pfnp) +xc_core_arch_map_p2m_writable(xc_interface *xch, struct domain_info_context *dinfo, xc_dominfo_t *info, + shared_info_any_t *live_shinfo, xen_pfn_t **live_p2m) { - struct domain_info_context _dinfo = { .guest_width = guest_width }; - struct domain_info_context *dinfo = &_dinfo; - return xc_core_arch_map_p2m_rw(xch, dinfo, info, - live_shinfo, live_p2m, pfnp, 1); + return xc_core_arch_map_p2m_rw(xch, dinfo, info, live_shinfo, live_p2m, 1); } int diff --git a/tools/libs/ctrl/xc_core_x86.c b/tools/libs/ctrl/xc_core_x86.c index cb76e6207b..c8f71d4b75 100644 --- a/tools/libs/ctrl/xc_core_x86.c +++ b/tools/libs/ctrl/xc_core_x86.c @@ -17,6 +17,7 @@ * */ +#include #include "xc_private.h" #include "xc_core.h" #include @@ -65,34 +66,169 @@ xc_core_arch_memory_map_get(xc_interface *xch, struct xc_core_arch_context *unus return 0; } -static int -xc_core_arch_map_p2m_rw(xc_interface *xch, struct domain_info_context *dinfo, xc_dominfo_t *info, - shared_info_any_t *live_shinfo, xen_pfn_t **live_p2m, - unsigned long *pfnp, int rw) +static inline bool is_canonical_address(uint64_t vaddr) { - /* Double and single indirect references to the live P2M table */ - xen_pfn_t *live_p2m_frame_list_list = NULL; - xen_pfn_t *live_p2m_frame_list = NULL; - /* Copies of the above. */ - xen_pfn_t *p2m_frame_list_list = NULL; - xen_pfn_t *p2m_frame_list = NULL; + return ((int64_t)vaddr >> 47) == ((int64_t)vaddr >> 63); +} - uint32_t dom = info->domid; - int ret = -1; - int err; - int i; +/* Virtual address ranges reserved for hypervisor. */ +#define HYPERVISOR_VIRT_START_X86_64 0xFFFF800000000000ULL +#define HYPERVISOR_VIRT_END_X86_64 0xFFFF87FFFFFFFFFFULL - if ( xc_domain_nr_gpfns(xch, info->domid, &dinfo->p2m_size) < 0 ) +#define HYPERVISOR_VIRT_START_X86_32 0x00000000F5800000ULL +#define HYPERVISOR_VIRT_END_X86_32 0x00000000FFFFFFFFULL + +static xen_pfn_t * +xc_core_arch_map_p2m_list_rw(xc_interface *xch, struct domain_info_context *dinfo, + uint32_t dom, shared_info_any_t *live_shinfo, + uint64_t p2m_cr3) +{ + uint64_t p2m_vaddr, p2m_end, mask, off; + xen_pfn_t p2m_mfn, mfn, saved_mfn, max_pfn; + uint64_t *ptes = NULL; + xen_pfn_t *mfns = NULL; + unsigned int fpp, n_pages, level, n_levels, shift, + idx_start, idx_end, idx, saved_idx; + + p2m_vaddr = GET_FIELD(live_shinfo, arch.p2m_vaddr, dinfo->guest_width); + fpp = PAGE_SIZE / dinfo->guest_width; + dinfo->p2m_frames = (dinfo->p2m_size - 1) / fpp + 1; + p2m_end = p2m_vaddr + dinfo->p2m_frames * PAGE_SIZE - 1; + + if ( dinfo->guest_width == 8 ) { - ERROR("Could not get maximum GPFN!"); - goto out; + mask = 0x0000ffffffffffffULL; + n_levels = 4; + p2m_mfn = p2m_cr3 >> 12; + if ( !is_canonical_address(p2m_vaddr) || + !is_canonical_address(p2m_end) || + p2m_end < p2m_vaddr || + (p2m_vaddr <= HYPERVISOR_VIRT_END_X86_64 && + p2m_end > HYPERVISOR_VIRT_START_X86_64) ) + { + ERROR("Bad virtual p2m address range %#" PRIx64 "-%#" PRIx64, + p2m_vaddr, p2m_end); + errno = ERANGE; + goto out; + } + } + else + { + mask = 0x00000000ffffffffULL; + n_levels = 3; + if ( p2m_cr3 & ~mask ) + p2m_mfn = ~0UL; + else + p2m_mfn = (uint32_t)((p2m_cr3 >> 12) | (p2m_cr3 << 20)); + if ( p2m_vaddr > mask || p2m_end > mask || p2m_end < p2m_vaddr || + (p2m_vaddr <= HYPERVISOR_VIRT_END_X86_32 && + p2m_end > HYPERVISOR_VIRT_START_X86_32) ) + { + ERROR("Bad virtual p2m address range %#" PRIx64 "-%#" PRIx64, + p2m_vaddr, p2m_end); + errno = ERANGE; + goto out; + } } - if ( dinfo->p2m_size < info->nr_pages ) + mfns = malloc(sizeof(*mfns)); + if ( !mfns ) { - ERROR("p2m_size < nr_pages -1 (%lx < %lx", dinfo->p2m_size, info->nr_pages - 1); + ERROR("Cannot allocate memory for array of %u mfns", 1); goto out; } + mfns[0] = p2m_mfn; + off = 0; + saved_mfn = 0; + idx_start = idx_end = saved_idx = 0; + + for ( level = n_levels; level > 0; level-- ) + { + n_pages = idx_end - idx_start + 1; + ptes = xc_map_foreign_pages(xch, dom, PROT_READ, mfns, n_pages); + if ( !ptes ) + { + PERROR("Failed to map %u page table pages for p2m list", n_pages); + goto out; + } + free(mfns); + + shift = level * 9 + 3; + idx_start = ((p2m_vaddr - off) & mask) >> shift; + idx_end = ((p2m_end - off) & mask) >> shift; + idx = idx_end - idx_start + 1; + mfns = malloc(sizeof(*mfns) * idx); + if ( !mfns ) + { + ERROR("Cannot allocate memory for array of %u mfns", idx); + goto out; + } + + for ( idx = idx_start; idx <= idx_end; idx++ ) + { + mfn = (ptes[idx] & 0x000ffffffffff000ULL) >> PAGE_SHIFT; + if ( mfn == 0 ) + { + ERROR("Bad mfn %#lx during page table walk for vaddr %#" PRIx64 " at level %d of p2m list", + mfn, off + ((uint64_t)idx << shift), level); + errno = ERANGE; + goto out; + } + mfns[idx - idx_start] = mfn; + + /* Maximum pfn check at level 2. Same reasoning as for p2m tree. */ + if ( level == 2 ) + { + if ( mfn != saved_mfn ) + { + saved_mfn = mfn; + saved_idx = idx - idx_start; + } + } + } + + if ( level == 2 ) + { + if ( saved_idx == idx_end ) + saved_idx++; + max_pfn = ((xen_pfn_t)saved_idx << 9) * fpp; + if ( max_pfn < dinfo->p2m_size ) + { + dinfo->p2m_size = max_pfn; + dinfo->p2m_frames = (dinfo->p2m_size + fpp - 1) / fpp; + p2m_end = p2m_vaddr + dinfo->p2m_frames * PAGE_SIZE - 1; + idx_end = idx_start + saved_idx; + } + } + + munmap(ptes, n_pages * PAGE_SIZE); + ptes = NULL; + off = p2m_vaddr & ((mask >> shift) << shift); + } + + return mfns; + + out: + free(mfns); + if ( ptes ) + munmap(ptes, n_pages * PAGE_SIZE); + + return NULL; +} + +static xen_pfn_t * +xc_core_arch_map_p2m_tree_rw(xc_interface *xch, struct domain_info_context *dinfo, + uint32_t dom, shared_info_any_t *live_shinfo) +{ + /* Double and single indirect references to the live P2M table */ + xen_pfn_t *live_p2m_frame_list_list; + xen_pfn_t *live_p2m_frame_list = NULL; + /* Copies of the above. */ + xen_pfn_t *p2m_frame_list_list = NULL; + xen_pfn_t *p2m_frame_list; + + int err; + int i; live_p2m_frame_list_list = xc_map_foreign_range(xch, dom, PAGE_SIZE, PROT_READ, @@ -151,10 +287,60 @@ xc_core_arch_map_p2m_rw(xc_interface *xch, struct domain_info_context *dinfo, xc for ( i = P2M_FL_ENTRIES - 1; i >= 0; i-- ) p2m_frame_list[i] = ((uint32_t *)p2m_frame_list)[i]; + dinfo->p2m_frames = P2M_FL_ENTRIES; + + return p2m_frame_list; + + out: + err = errno; + + if ( live_p2m_frame_list_list ) + munmap(live_p2m_frame_list_list, PAGE_SIZE); + + if ( live_p2m_frame_list ) + munmap(live_p2m_frame_list, P2M_FLL_ENTRIES * PAGE_SIZE); + + free(p2m_frame_list_list); + + errno = err; + + return NULL; +} + +static int +xc_core_arch_map_p2m_rw(xc_interface *xch, struct domain_info_context *dinfo, xc_dominfo_t *info, + shared_info_any_t *live_shinfo, xen_pfn_t **live_p2m, int rw) +{ + xen_pfn_t *p2m_frame_list = NULL; + uint64_t p2m_cr3; + uint32_t dom = info->domid; + int ret = -1; + int err; + + if ( xc_domain_nr_gpfns(xch, info->domid, &dinfo->p2m_size) < 0 ) + { + ERROR("Could not get maximum GPFN!"); + goto out; + } + + if ( dinfo->p2m_size < info->nr_pages ) + { + ERROR("p2m_size < nr_pages -1 (%lx < %lx", dinfo->p2m_size, info->nr_pages - 1); + goto out; + } + + p2m_cr3 = GET_FIELD(live_shinfo, arch.p2m_cr3, dinfo->guest_width); + + p2m_frame_list = p2m_cr3 ? xc_core_arch_map_p2m_list_rw(xch, dinfo, dom, live_shinfo, p2m_cr3) + : xc_core_arch_map_p2m_tree_rw(xch, dinfo, dom, live_shinfo); + + if ( !p2m_frame_list ) + goto out; + *live_p2m = xc_map_foreign_pages(xch, dom, rw ? (PROT_READ | PROT_WRITE) : PROT_READ, p2m_frame_list, - P2M_FL_ENTRIES); + dinfo->p2m_frames); if ( !*live_p2m ) { @@ -162,21 +348,11 @@ xc_core_arch_map_p2m_rw(xc_interface *xch, struct domain_info_context *dinfo, xc goto out; } - *pfnp = dinfo->p2m_size; - ret = 0; out: err = errno; - if ( live_p2m_frame_list_list ) - munmap(live_p2m_frame_list_list, PAGE_SIZE); - - if ( live_p2m_frame_list ) - munmap(live_p2m_frame_list, P2M_FLL_ENTRIES * PAGE_SIZE); - - free(p2m_frame_list_list); - free(p2m_frame_list); errno = err; @@ -184,25 +360,17 @@ out: } int -xc_core_arch_map_p2m(xc_interface *xch, unsigned int guest_width, xc_dominfo_t *info, - shared_info_any_t *live_shinfo, xen_pfn_t **live_p2m, - unsigned long *pfnp) +xc_core_arch_map_p2m(xc_interface *xch, struct domain_info_context *dinfo, xc_dominfo_t *info, + shared_info_any_t *live_shinfo, xen_pfn_t **live_p2m) { - struct domain_info_context _dinfo = { .guest_width = guest_width }; - struct domain_info_context *dinfo = &_dinfo; - return xc_core_arch_map_p2m_rw(xch, dinfo, info, - live_shinfo, live_p2m, pfnp, 0); + return xc_core_arch_map_p2m_rw(xch, dinfo, info, live_shinfo, live_p2m, 0); } int -xc_core_arch_map_p2m_writable(xc_interface *xch, unsigned int guest_width, xc_dominfo_t *info, - shared_info_any_t *live_shinfo, xen_pfn_t **live_p2m, - unsigned long *pfnp) +xc_core_arch_map_p2m_writable(xc_interface *xch, struct domain_info_context *dinfo, xc_dominfo_t *info, + shared_info_any_t *live_shinfo, xen_pfn_t **live_p2m) { - struct domain_info_context _dinfo = { .guest_width = guest_width }; - struct domain_info_context *dinfo = &_dinfo; - return xc_core_arch_map_p2m_rw(xch, dinfo, info, - live_shinfo, live_p2m, pfnp, 1); + return xc_core_arch_map_p2m_rw(xch, dinfo, info, live_shinfo, live_p2m, 1); } int diff --git a/tools/libs/ctrl/xc_private.h b/tools/libs/ctrl/xc_private.h index f0b5f83ac8..8ebc0b59da 100644 --- a/tools/libs/ctrl/xc_private.h +++ b/tools/libs/ctrl/xc_private.h @@ -79,6 +79,7 @@ struct iovec { struct domain_info_context { unsigned int guest_width; + unsigned int p2m_frames; unsigned long p2m_size; }; diff --git a/tools/libs/guest/xg_domain.c b/tools/libs/guest/xg_domain.c index 5019c84e0e..dd7db2cbd8 100644 --- a/tools/libs/guest/xg_domain.c +++ b/tools/libs/guest/xg_domain.c @@ -24,13 +24,9 @@ int xc_unmap_domain_meminfo(xc_interface *xch, struct xc_domain_meminfo *minfo) { - struct domain_info_context _di = { .guest_width = minfo->guest_width, - .p2m_size = minfo->p2m_size}; - struct domain_info_context *dinfo = &_di; - free(minfo->pfn_type); if ( minfo->p2m_table ) - munmap(minfo->p2m_table, P2M_FL_ENTRIES * PAGE_SIZE); + munmap(minfo->p2m_table, minfo->p2m_frames * PAGE_SIZE); minfo->p2m_table = NULL; return 0; @@ -40,7 +36,6 @@ int xc_map_domain_meminfo(xc_interface *xch, uint32_t domid, struct xc_domain_meminfo *minfo) { struct domain_info_context _di; - struct domain_info_context *dinfo = &_di; xc_dominfo_t info; shared_info_any_t *live_shinfo; @@ -96,16 +91,16 @@ int xc_map_domain_meminfo(xc_interface *xch, uint32_t domid, return -1; } - if ( xc_core_arch_map_p2m_writable(xch, minfo->guest_width, &info, - live_shinfo, &minfo->p2m_table, - &minfo->p2m_size) ) + if ( xc_core_arch_map_p2m_writable(xch, &_di, &info, + live_shinfo, &minfo->p2m_table) ) { PERROR("Could not map the P2M table"); munmap(live_shinfo, PAGE_SIZE); return -1; } munmap(live_shinfo, PAGE_SIZE); - _di.p2m_size = minfo->p2m_size; + minfo->p2m_size = _di.p2m_size; + minfo->p2m_frames = _di.p2m_frames; /* Make space and prepare for getting the PFN types */ minfo->pfn_type = calloc(sizeof(*minfo->pfn_type), minfo->p2m_size); @@ -141,7 +136,7 @@ failed: } if ( minfo->p2m_table ) { - munmap(minfo->p2m_table, P2M_FL_ENTRIES * PAGE_SIZE); + munmap(minfo->p2m_table, minfo->p2m_frames * PAGE_SIZE); minfo->p2m_table = NULL; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 12:22:13 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 12:22:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183106.331055 (Exim 4.92) (envelope-from ) id 1mOJ4H-0006s3-QN; Thu, 09 Sep 2021 12:22:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183106.331055; Thu, 09 Sep 2021 12:22:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ4H-0006rv-MW; Thu, 09 Sep 2021 12:22:13 +0000 Received: by outflank-mailman (input) for mailman id 183106; Thu, 09 Sep 2021 12:22:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ4H-0006rm-5K for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:22:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ4H-0005NM-4V for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:22:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOJ4H-0004A3-21 for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:22:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=KKU1cR4ObIcmbqaXG6lHDxqTlmH0ZqfE/o2TW4qlZfk=; b=VH7JimWTfuNP4UR+8mdeyHntIU xJM2g3KkRyiQPbx4H1fvKI+5I4/b40WUd/HqwEtiMnpXJdGbZOObQ6Ks6dJ3tQ7xzmISkNPiKHt0c +oXrFG5syuUXL7CrfmnhSatpmvwVqHqWminfueuJMt/COwAgRjMIrm/pEo5+H3BW3jcI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] libxl: Replace deprecated QMP command by "query-cpus-fast" Message-Id: Date: Thu, 09 Sep 2021 12:22:13 +0000 commit 99633c514ddc3a719d3af5ef9e8184ed6d2f44ab Author: Anthony PERARD AuthorDate: Tue May 11 10:28:03 2021 +0100 Commit: Ian Jackson CommitDate: Thu Aug 19 17:16:41 2021 +0100 libxl: Replace deprecated QMP command by "query-cpus-fast" We use the deprecated QMP command "query-cpus" which is removed in the QEMU 6.0 release. There's a replacement which is "query-cpus-fast", and have been available since QEMU 2.12 (April 2018). This patch try the new command first and when the command isn't available, it fall back to the deprecated one so libxl still works with older QEMU versions. Signed-off-by: Anthony PERARD Reviewed-by: Jason Andryuk Backport-requested-by: Anthony PERARD Acked-by: Ian Jackson --- tools/libs/light/libxl_domain.c | 103 ++++++++++++++++++++++++++++++++++++++-- 1 file changed, 98 insertions(+), 5 deletions(-) diff --git a/tools/libs/light/libxl_domain.c b/tools/libs/light/libxl_domain.c index 5d4ec90711..8c003aa7cb 100644 --- a/tools/libs/light/libxl_domain.c +++ b/tools/libs/light/libxl_domain.c @@ -1740,6 +1740,35 @@ out: return rc; } +static int qmp_parse_query_cpus_fast(libxl__gc *gc, + libxl_domid domid, + const libxl__json_object *response, + libxl_bitmap *const map) +{ + int i; + const libxl__json_object *cpu; + + libxl_bitmap_set_none(map); + /* Parse response to QMP command "query-cpus-fast": + * [ { 'cpu-index': 'int',...} ] + */ + for (i = 0; (cpu = libxl__json_array_get(response, i)); i++) { + unsigned int cpu_index; + const libxl__json_object *o; + + o = libxl__json_map_get("cpu-index", cpu, JSON_INTEGER); + if (!o) { + LOGD(ERROR, domid, "Failed to retrieve CPU index."); + return ERROR_QEMU_API; + } + + cpu_index = libxl__json_object_get_integer(o); + libxl_bitmap_set(map, cpu_index); + } + + return 0; +} + static int qmp_parse_query_cpus(libxl__gc *gc, libxl_domid domid, const libxl__json_object *response, @@ -1778,8 +1807,13 @@ typedef struct set_vcpuonline_state { int index; /* for loop on final_map */ } set_vcpuonline_state; +static void set_vcpuonline_qmp_cpus_fast_queried(libxl__egc *, + libxl__ev_qmp *, const libxl__json_object *, int rc); static void set_vcpuonline_qmp_cpus_queried(libxl__egc *, libxl__ev_qmp *, const libxl__json_object *, int rc); +static void set_vcpuonline_qmp_query_cpus_parse(libxl__egc *, + libxl__ev_qmp *qmp, const libxl__json_object *, + bool query_cpus_fast, int rc); static void set_vcpuonline_qmp_add_cpu(libxl__egc *, libxl__ev_qmp *, const libxl__json_object *response, int rc); static void set_vcpuonline_timeout(libxl__egc *egc, @@ -1840,8 +1874,8 @@ int libxl_set_vcpuonline(libxl_ctx *ctx, uint32_t domid, set_vcpuonline_timeout, LIBXL_QMP_CMD_TIMEOUT * 1000); if (rc) goto out; - qmp->callback = set_vcpuonline_qmp_cpus_queried; - rc = libxl__ev_qmp_send(egc, qmp, "query-cpus", NULL); + qmp->callback = set_vcpuonline_qmp_cpus_fast_queried; + rc = libxl__ev_qmp_send(egc, qmp, "query-cpus-fast", NULL); if (rc) goto out; return AO_INPROGRESS; default: @@ -1860,11 +1894,39 @@ out: return AO_INPROGRESS; } +static void set_vcpuonline_qmp_cpus_fast_queried(libxl__egc *egc, + libxl__ev_qmp *qmp, const libxl__json_object *response, int rc) +{ + EGC_GC; + set_vcpuonline_state *svos = CONTAINER_OF(qmp, *svos, qmp); + + if (rc == ERROR_QMP_COMMAND_NOT_FOUND) { + /* Try again, we probably talking to a QEMU older than 2.12 */ + qmp->callback = set_vcpuonline_qmp_cpus_queried; + rc = libxl__ev_qmp_send(egc, qmp, "query-cpus", NULL); + if (rc) goto out; + return; + } + +out: + set_vcpuonline_qmp_query_cpus_parse(egc, qmp, response, true, rc); +} + static void set_vcpuonline_qmp_cpus_queried(libxl__egc *egc, libxl__ev_qmp *qmp, const libxl__json_object *response, int rc) { EGC_GC; set_vcpuonline_state *svos = CONTAINER_OF(qmp, *svos, qmp); + + set_vcpuonline_qmp_query_cpus_parse(egc, qmp, response, false, rc); +} + +static void set_vcpuonline_qmp_query_cpus_parse(libxl__egc *egc, + libxl__ev_qmp *qmp, const libxl__json_object *response, + bool query_cpus_fast, int rc) +{ + EGC_GC; + set_vcpuonline_state *svos = CONTAINER_OF(qmp, *svos, qmp); int i; libxl_bitmap current_map; @@ -1876,7 +1938,11 @@ static void set_vcpuonline_qmp_cpus_queried(libxl__egc *egc, if (rc) goto out; libxl_bitmap_alloc(CTX, ¤t_map, svos->info.vcpu_max_id + 1); - rc = qmp_parse_query_cpus(gc, qmp->domid, response, ¤t_map); + if (query_cpus_fast) { + rc = qmp_parse_query_cpus_fast(gc, qmp->domid, response, ¤t_map); + } else { + rc = qmp_parse_query_cpus(gc, qmp->domid, response, ¤t_map); + } if (rc) goto out; libxl_bitmap_copy_alloc(CTX, final_map, svos->cpumap); @@ -2121,6 +2187,9 @@ typedef struct { static void retrieve_domain_configuration_lock_acquired( libxl__egc *egc, libxl__ev_slowlock *, int rc); +static void retrieve_domain_configuration_cpu_fast_queried( + libxl__egc *egc, libxl__ev_qmp *qmp, + const libxl__json_object *response, int rc); static void retrieve_domain_configuration_cpu_queried( libxl__egc *egc, libxl__ev_qmp *qmp, const libxl__json_object *response, int rc); @@ -2198,8 +2267,8 @@ static void retrieve_domain_configuration_lock_acquired( if (rc) goto out; libxl_bitmap_alloc(CTX, &rdcs->qemuu_cpus, d_config->b_info.max_vcpus); - rdcs->qmp.callback = retrieve_domain_configuration_cpu_queried; - rc = libxl__ev_qmp_send(egc, &rdcs->qmp, "query-cpus", NULL); + rdcs->qmp.callback = retrieve_domain_configuration_cpu_fast_queried; + rc = libxl__ev_qmp_send(egc, &rdcs->qmp, "query-cpus-fast", NULL); if (rc) goto out; has_callback = true; } @@ -2210,6 +2279,30 @@ out: retrieve_domain_configuration_end(egc, rdcs, rc); } +static void retrieve_domain_configuration_cpu_fast_queried( + libxl__egc *egc, libxl__ev_qmp *qmp, + const libxl__json_object *response, int rc) +{ + EGC_GC; + retrieve_domain_configuration_state *rdcs = + CONTAINER_OF(qmp, *rdcs, qmp); + + if (rc == ERROR_QMP_COMMAND_NOT_FOUND) { + /* Try again, we probably talking to a QEMU older than 2.12 */ + rdcs->qmp.callback = retrieve_domain_configuration_cpu_queried; + rc = libxl__ev_qmp_send(egc, &rdcs->qmp, "query-cpus", NULL); + if (rc) goto out; + return; + } + + if (rc) goto out; + + rc = qmp_parse_query_cpus_fast(gc, qmp->domid, response, &rdcs->qemuu_cpus); + +out: + retrieve_domain_configuration_end(egc, rdcs, rc); +} + static void retrieve_domain_configuration_cpu_queried( libxl__egc *egc, libxl__ev_qmp *qmp, const libxl__json_object *response, int rc) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 12:22:23 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 12:22:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183108.331059 (Exim 4.92) (envelope-from ) id 1mOJ4R-0006wR-T3; Thu, 09 Sep 2021 12:22:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183108.331059; Thu, 09 Sep 2021 12:22:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ4R-0006wG-Pr; Thu, 09 Sep 2021 12:22:23 +0000 Received: by outflank-mailman (input) for mailman id 183108; Thu, 09 Sep 2021 12:22:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ4R-0006w4-9A for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:22:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ4R-0005NY-8O for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:22:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOJ4R-0004An-7P for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:22:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=XKlFxpDt41JCemQZHzBnLP8aOn9uJ0D1jNoj4wnORpw=; b=hcG/qRsVypW+ecrL58iAMcpDfH 7BpQmaS+wzDJSJBpyRVc69RYxBJxodoS+j/Di1jjnTEfzoj9mBTHeTx7fQH2AOOXnXcvQPSHdTpvi 2WS3ntasaYAjeMNe51jQxy6SSa3EaGFizJfXyt9bOZBMXnc2PmY8sjLtVQoQLmWTwOPU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] libxl: Replace QEMU's command line short-form boolean option Message-Id: Date: Thu, 09 Sep 2021 12:22:23 +0000 commit 17dca162e08ad5bdbd96f7e4e2ff274fc2b83104 Author: Anthony PERARD AuthorDate: Tue May 11 10:28:04 2021 +0100 Commit: Ian Jackson CommitDate: Thu Aug 19 17:17:43 2021 +0100 libxl: Replace QEMU's command line short-form boolean option Short-form boolean options are deprecated in QEMU 6.0. Upstream commit that deprecate those: ccd3b3b8112b ("qemu-option: warn for short-form boolean options"). Signed-off-by: Anthony PERARD Reviewed-by: Jason Andryuk --- tools/libs/light/libxl_dm.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tools/libs/light/libxl_dm.c b/tools/libs/light/libxl_dm.c index 5309496c58..21fe33d3e2 100644 --- a/tools/libs/light/libxl_dm.c +++ b/tools/libs/light/libxl_dm.c @@ -977,14 +977,14 @@ static char *dm_spice_options(libxl__gc *gc, if (spice->host) opt = GCSPRINTF("%s,addr=%s", opt, spice->host); if (libxl_defbool_val(spice->disable_ticketing)) - opt = GCSPRINTF("%s,disable-ticketing", opt); + opt = GCSPRINTF("%s,disable-ticketing=on", opt); else opt = GCSPRINTF("%s,password=%s", opt, spice->passwd); opt = GCSPRINTF("%s,agent-mouse=%s", opt, libxl_defbool_val(spice->agent_mouse) ? "on" : "off"); if (!libxl_defbool_val(spice->clipboard_sharing)) - opt = GCSPRINTF("%s,disable-copy-paste", opt); + opt = GCSPRINTF("%s,disable-copy-paste=on", opt); if (spice->image_compression) opt = GCSPRINTF("%s,image-compression=%s", opt, @@ -1224,7 +1224,7 @@ static int libxl__build_device_model_args_new(libxl__gc *gc, flexarray_append(dm_args, "-chardev"); if (state->dm_monitor_fd >= 0) { flexarray_append(dm_args, - GCSPRINTF("socket,id=libxl-cmd,fd=%d,server,nowait", + GCSPRINTF("socket,id=libxl-cmd,fd=%d,server=on,wait=off", state->dm_monitor_fd)); /* @@ -1237,7 +1237,7 @@ static int libxl__build_device_model_args_new(libxl__gc *gc, } else { flexarray_append(dm_args, GCSPRINTF("socket,id=libxl-cmd," - "path=%s,server,nowait", + "path=%s,server=on,wait=off", libxl__qemu_qmp_path(gc, guest_domid))); } @@ -1247,7 +1247,7 @@ static int libxl__build_device_model_args_new(libxl__gc *gc, flexarray_append(dm_args, "-chardev"); flexarray_append(dm_args, GCSPRINTF("socket,id=libxenstat-cmd," - "path=%s/qmp-libxenstat-%d,server,nowait", + "path=%s/qmp-libxenstat-%d,server=on,wait=off", libxl__run_dir_path(), guest_domid)); flexarray_append(dm_args, "-mon"); @@ -1264,7 +1264,7 @@ static int libxl__build_device_model_args_new(libxl__gc *gc, case LIBXL_CHANNEL_CONNECTION_SOCKET: path = guest_config->channels[i].u.socket.path; chardev = GCSPRINTF("socket,id=libxl-channel%d,path=%s," - "server,nowait", devid, path); + "server=on,wait=off", devid, path); break; default: /* We've forgotten to add the clause */ @@ -1577,7 +1577,7 @@ static int libxl__build_device_model_args_new(libxl__gc *gc, nics[i].colo_##sock_port) { \ flexarray_append(dm_args, "-chardev"); \ flexarray_append(dm_args, \ - GCSPRINTF("socket,id=%s,host=%s,port=%s,server,nowait", \ + GCSPRINTF("socket,id=%s,host=%s,port=%s,server=on,wait=off", \ nics[i].colo_##sock_id, \ nics[i].colo_##sock_ip, \ nics[i].colo_##sock_port)); \ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 12:22:33 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 12:22:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183110.331063 (Exim 4.92) (envelope-from ) id 1mOJ4b-0006zq-Ua; Thu, 09 Sep 2021 12:22:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183110.331063; Thu, 09 Sep 2021 12:22:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ4b-0006zh-RQ; Thu, 09 Sep 2021 12:22:33 +0000 Received: by outflank-mailman (input) for mailman id 183110; Thu, 09 Sep 2021 12:22:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ4b-0006zT-Cw for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:22:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ4b-0005Nq-CB for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:22:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOJ4b-0004BT-B4 for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:22:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ptN50DsnvVx4n5Bf/4M3zNurvE1tDTU/Dpx2B4aMhA8=; b=DXKudzaB9HGfhBM/zvZz4ViptA YAeOvDzyAzRRxT/qRvc3GT4YioDM0f4mlaj+S96I0n7dpdyGhlxfvCf17B2EhpGcET9aJb4x3xlIt BDqhItNfc6JQQPQy5e4WD6RrFhfdZ7wbk1H+IV86OAR1ddF5pkZkTKNIOtJ8DIIusEWY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] libxl: Replace deprecated "cpu-add" QMP command by "device_add" Message-Id: Date: Thu, 09 Sep 2021 12:22:33 +0000 commit da659f61c79f3adb7a4ab23e64fd21d2d9f801c1 Author: Anthony PERARD AuthorDate: Tue May 11 10:28:05 2021 +0100 Commit: Ian Jackson CommitDate: Thu Aug 19 17:18:04 2021 +0100 libxl: Replace deprecated "cpu-add" QMP command by "device_add" The command "cpu-add" for CPU hotplug is deprecated and has been removed from QEMU 6.0 (April 2021). We need to add cpus with the command "device_add" now. In order to find out which parameters to pass to "device_add" we first make a call to "query-hotpluggable-cpus" which list the cpus drivers and properties. The algorithm to figure out which CPU to add, and by extension if any CPU needs to be hotplugged, is in the function that adds the cpus. Because of that, the command "query-hotpluggable-cpus" is always called, even when not needed. In case we are using a version of QEMU older than 2.7 (Sept 2016) which don't have "query-hotpluggable-cpus", we fallback to using "cpu-add". Signed-off-by: Anthony PERARD Reviewed-by: Jason Andryuk Backport-requested-by: Anthony PERARD Acked-by: Ian Jackson --- tools/libs/light/libxl_domain.c | 89 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 87 insertions(+), 2 deletions(-) diff --git a/tools/libs/light/libxl_domain.c b/tools/libs/light/libxl_domain.c index 8c003aa7cb..c00c36c928 100644 --- a/tools/libs/light/libxl_domain.c +++ b/tools/libs/light/libxl_domain.c @@ -1805,6 +1805,7 @@ typedef struct set_vcpuonline_state { libxl_dominfo info; libxl_bitmap final_map; int index; /* for loop on final_map */ + const char *cpu_driver; } set_vcpuonline_state; static void set_vcpuonline_qmp_cpus_fast_queried(libxl__egc *, @@ -1814,6 +1815,10 @@ static void set_vcpuonline_qmp_cpus_queried(libxl__egc *, static void set_vcpuonline_qmp_query_cpus_parse(libxl__egc *, libxl__ev_qmp *qmp, const libxl__json_object *, bool query_cpus_fast, int rc); +static void set_vcpuonline_qmp_query_hotpluggable_cpus(libxl__egc *egc, + libxl__ev_qmp *qmp, const libxl__json_object *response, int rc); +static void set_vcpuonline_qmp_device_add_cpu(libxl__egc *, + libxl__ev_qmp *, const libxl__json_object *response, int rc); static void set_vcpuonline_qmp_add_cpu(libxl__egc *, libxl__ev_qmp *, const libxl__json_object *response, int rc); static void set_vcpuonline_timeout(libxl__egc *egc, @@ -1951,13 +1956,54 @@ static void set_vcpuonline_qmp_query_cpus_parse(libxl__egc *egc, libxl_bitmap_reset(final_map, i); } + qmp->callback = set_vcpuonline_qmp_query_hotpluggable_cpus; + rc = libxl__ev_qmp_send(egc, qmp, "query-hotpluggable-cpus", NULL); + out: libxl_bitmap_dispose(¤t_map); + if (rc) + set_vcpuonline_done(egc, svos, rc); /* must be last */ +} + +static void set_vcpuonline_qmp_query_hotpluggable_cpus(libxl__egc *egc, + libxl__ev_qmp *qmp, const libxl__json_object *response, int rc) +{ + set_vcpuonline_state *svos = CONTAINER_OF(qmp, *svos, qmp); + const libxl__json_object *cpu; + const libxl__json_object *cpu_driver; + + if (rc == ERROR_QMP_COMMAND_NOT_FOUND) { + /* We are probably connected to a version of QEMU older than 2.7, + * let's fallback to using "cpu-add" command. */ + svos->index = -1; + set_vcpuonline_qmp_add_cpu(egc, qmp, NULL, 0); /* must be last */ + return; + } + + if (rc) goto out; + + /* Parse response to QMP command "query-hotpluggable-cpus" + * [ { 'type': 'str', ... ] + * + * We are looking for the driver name for CPU to be hotplug. We'll + * assume that cpus property are core-id=0, thread-id=0 and + * socket-id=$cpu_index, as we start qemu with "-smp %d,maxcpus=%d", so + * we don't parse the properties listed for each hotpluggable cpus. + */ + + cpu = libxl__json_array_get(response, 0); + cpu_driver = libxl__json_map_get("type", cpu, JSON_STRING); + svos->cpu_driver = libxl__json_object_get_string(cpu_driver); + + if (!svos->cpu_driver) + rc = ERROR_QEMU_API; + +out: svos->index = -1; - set_vcpuonline_qmp_add_cpu(egc, qmp, NULL, rc); /* must be last */ + set_vcpuonline_qmp_device_add_cpu(egc, qmp, NULL, rc); /* must be last */ } -static void set_vcpuonline_qmp_add_cpu(libxl__egc *egc, +static void set_vcpuonline_qmp_device_add_cpu(libxl__egc *egc, libxl__ev_qmp *qmp, const libxl__json_object *response, int rc) { STATE_AO_GC(qmp->ao); @@ -1969,6 +2015,45 @@ static void set_vcpuonline_qmp_add_cpu(libxl__egc *egc, if (rc) goto out; + while (libxl_bitmap_cpu_valid(map, ++svos->index)) { + if (libxl_bitmap_test(map, svos->index)) { + qmp->callback = set_vcpuonline_qmp_device_add_cpu; + libxl__qmp_param_add_string(gc, &args, "id", GCSPRINTF("cpu-%d", svos->index)); + libxl__qmp_param_add_string(gc, &args, "driver", svos->cpu_driver); + /* We'll assume that we start QEMU with -smp %d,maxcpus=%d, so + * that "core-id" and "thread-id" are always 0 so that + * "socket-id" correspond the cpu index. + * Those properties are otherwise listed by + * "query-hotpluggable-cpus". */ + libxl__qmp_param_add_integer(gc, &args, "socket-id", svos->index); + libxl__qmp_param_add_integer(gc, &args, "core-id", 0); + libxl__qmp_param_add_integer(gc, &args, "thread-id", 0); + rc = libxl__ev_qmp_send(egc, qmp, "device_add", args); + if (rc) goto out; + return; + } + } + +out: + set_vcpuonline_done(egc, svos, rc); +} + +/* Fallback function for QEMU older than 2.7, when + * 'query-hotpluggable-cpus' wasn't available and vcpu object couldn't be + * added with 'device_add'. */ +static void set_vcpuonline_qmp_add_cpu(libxl__egc *egc, libxl__ev_qmp *qmp, + const libxl__json_object *response, + int rc) +{ + STATE_AO_GC(qmp->ao); + set_vcpuonline_state *svos = CONTAINER_OF(qmp, *svos, qmp); + libxl__json_object *args = NULL; + + /* Convenience aliases */ + libxl_bitmap *map = &svos->final_map; + + if (rc) goto out; + while (libxl_bitmap_cpu_valid(map, ++svos->index)) { if (libxl_bitmap_test(map, svos->index)) { qmp->callback = set_vcpuonline_qmp_add_cpu; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 12:22:45 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 12:22:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183112.331067 (Exim 4.92) (envelope-from ) id 1mOJ4n-00072e-03; Thu, 09 Sep 2021 12:22:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183112.331067; Thu, 09 Sep 2021 12:22:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ4m-00072X-T9; Thu, 09 Sep 2021 12:22:44 +0000 Received: by outflank-mailman (input) for mailman id 183112; Thu, 09 Sep 2021 12:22:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ4l-00072I-HF for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:22:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ4l-0005O3-GV for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:22:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOJ4l-0004C2-Eu for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:22:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=3Y6OE5jvUzVRCmqXOMN7yQXoCi2bf58WMTqOo75wiNY=; b=VmMMjSQtZasA77A+sTKgVsbWRK BKJ2BddKQ2y22SjeXpTuMn2rYlp/Hjov6IqQAaPb3sHe/0XuNKLVbIjPSXqapslWm2rACBl3Qdtg2 DlUvPEMkKcwzdKVXiyJBc35AmN+YSLzLjE5oTX6MDFf6YI/f/pMVsPR5rbmNXXSScg3Q=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] libxl: Use -device for cd-rom drives Message-Id: Date: Thu, 09 Sep 2021 12:22:43 +0000 commit 6165dcfe7e5283c7776f3f40cc905f29ed39486c Author: Anthony PERARD AuthorDate: Tue May 11 10:28:06 2021 +0100 Commit: Ian Jackson CommitDate: Thu Aug 19 17:18:07 2021 +0100 libxl: Use -device for cd-rom drives This allows to set an `id` on the device instead of only the drive. We are going to need the `id` with the "eject" and "blockdev-change-media" QMP command as using `device` parameter on those is deprecated. (`device` is the `id` of the `-drive` on the command line). We set the same `id` on both -device and -drive as QEMU doesn't complain and we can then either do "eject id=$id" or "eject device=$id". Using "-drive + -device" instead of only "-drive" has been available since at least QEMU 0.15, and seems to be the preferred way as it separates the host part (-drive which describe the disk image location and format) from the guest part (-device which describe the emulated device). More information in qemu.git/docs/qdev-device-use.txt . Changing the command line during migration for the cdrom seems fine. Also the documentation about migration in QEMU explains that the device state ID is "been formed from a bus name and device address", so second IDE bus and first device address on bus is still thus and doesn't matter if written "-drive if=ide,index=2" or "-drive ide-cd,bus=ide.1,unit=0". See qemu.git/docs/devel/migration.rst . Signed-off-by: Anthony PERARD Reviewed-by: Jason Andryuk Backport-requested-by: Anthony PERARD Acked-by: Ian Jackson --- tools/libs/light/libxl_dm.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/tools/libs/light/libxl_dm.c b/tools/libs/light/libxl_dm.c index 21fe33d3e2..1e16f9e5b6 100644 --- a/tools/libs/light/libxl_dm.c +++ b/tools/libs/light/libxl_dm.c @@ -1913,6 +1913,7 @@ static int libxl__build_device_model_args_new(libxl__gc *gc, } if (disks[i].is_cdrom) { + const char *drive_id; if (disk > 4) { LOGD(WARN, guest_domid, "Emulated CDROM can be only one of the first 4 disks.\n" "Disk %s will be available via PV drivers but not as an " @@ -1920,13 +1921,22 @@ static int libxl__build_device_model_args_new(libxl__gc *gc, disks[i].vdev); continue; } - drive = libxl__sprintf(gc, - "if=ide,index=%d,readonly=on,media=cdrom,id=ide-%i", - disk, dev_number); + + drive_id = GCSPRINTF("ide-%i", dev_number); + drive = GCSPRINTF("if=none,readonly=on,id=%s", drive_id); if (target_path) drive = libxl__sprintf(gc, "%s,file=%s,format=%s", drive, target_path, format); + + flexarray_vappend(dm_args, + "-drive", drive, + "-device", + GCSPRINTF("ide-cd,id=%s,drive=%s,bus=ide.%u,unit=%u", + drive_id, drive_id, + disk / 2, disk % 2), + NULL); + continue; } else { /* * Explicit sd disks are passed through as is. -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 12:22:55 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 12:22:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183114.331072 (Exim 4.92) (envelope-from ) id 1mOJ4x-00075l-21; Thu, 09 Sep 2021 12:22:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183114.331072; Thu, 09 Sep 2021 12:22:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ4w-00075c-Ut; Thu, 09 Sep 2021 12:22:54 +0000 Received: by outflank-mailman (input) for mailman id 183114; Thu, 09 Sep 2021 12:22:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ4v-00075S-L2 for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:22:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ4v-0005OW-KI for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:22:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOJ4v-0004Cu-JD for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:22:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=lM0AF5MZ4TLCDuOp4T3jVPpRuZqv6f/OLzdm6nYJZ0Y=; b=LjnLAlwf0KOzpa95Unxe4z7xys WyKWC8ZcnQZNQni7URz6a1skeKc931eV3KvpCxojaDuaWaU4FO1RBvRy0ZihzZZ7MB9Olv7A674v4 gjt65iCIMyj27MA1DrIUCMcUmbE3kldO9d0mElZpvv7GWLIRh53VMz9AoU1kHgnQP+XE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] libxl: Assert qmp_ev's state in qmp_ev_qemu_compare_version Message-Id: Date: Thu, 09 Sep 2021 12:22:53 +0000 commit 9cb597a5456fb88f1a3b48090e914bd05a60e740 Author: Anthony PERARD AuthorDate: Tue May 11 10:28:07 2021 +0100 Commit: Ian Jackson CommitDate: Thu Aug 19 17:18:09 2021 +0100 libxl: Assert qmp_ev's state in qmp_ev_qemu_compare_version We are supposed to read the version information only when qmp_ev is in state "Connected" (that correspond to state==qmp_state_connected), assert it so that the function isn't used too early. Signed-off-by: Anthony PERARD Reviewed-by: Jason Andryuk Backport-requested-by: Anthony PERARD Acked-by: Ian Jackson --- tools/libs/light/libxl_qmp.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/libs/light/libxl_qmp.c b/tools/libs/light/libxl_qmp.c index 9b638e6f54..d0967c9f02 100644 --- a/tools/libs/light/libxl_qmp.c +++ b/tools/libs/light/libxl_qmp.c @@ -292,6 +292,8 @@ static int qmp_handle_response(libxl__gc *gc, libxl__qmp_handler *qmp, static int qmp_ev_qemu_compare_version(libxl__ev_qmp *ev, int major, int minor, int micro) { + assert(ev->state == qmp_state_connected); + #define CHECK_VERSION(level) do { \ if (ev->qemu_version.level > (level)) return +1; \ if (ev->qemu_version.level < (level)) return -1; \ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 12:23:05 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 12:23:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183115.331076 (Exim 4.92) (envelope-from ) id 1mOJ57-00078n-3q; Thu, 09 Sep 2021 12:23:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183115.331076; Thu, 09 Sep 2021 12:23:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ57-00078f-0C; Thu, 09 Sep 2021 12:23:05 +0000 Received: by outflank-mailman (input) for mailman id 183115; Thu, 09 Sep 2021 12:23:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ55-00078P-Ol for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:23:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ55-0005Ow-O1 for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:23:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOJ55-0004FN-NA for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:23:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=EZqkpi1S7HA5R5AlclHfWqS7xFDxrJAM0lJnez/qJ6A=; b=vh7XtufQz8hi1518NsvbE+snYw vulIEKJflWzp76Nnart6tWOd7LP6w5WERpRbJ+FdVRV0E8G/WWgnYKhEWftGAOg6c9YxMAJSo/lX+ 4r4ye50FhGcIM7uC40c+6OOXzcr1Si6eiNZs+GBt8fsHi+lQEdj2y/uy2e5XZOflJ09w=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] libxl: Export libxl__qmp_ev_qemu_compare_version Message-Id: Date: Thu, 09 Sep 2021 12:23:03 +0000 commit e949445ce9d8075ff6c784c31f59bac224c1d8e7 Author: Anthony PERARD AuthorDate: Tue May 11 10:28:08 2021 +0100 Commit: Ian Jackson CommitDate: Thu Aug 19 17:18:12 2021 +0100 libxl: Export libxl__qmp_ev_qemu_compare_version We are going to want to check QEMU's version in other places where we can use libxl__ev_qmp_send. Signed-off-by: Anthony PERARD Reviewed-by: Jason Andryuk Backport-requested-by: Anthony PERARD Acked-by: Ian Jackson --- tools/libs/light/libxl_internal.h | 8 ++++++++ tools/libs/light/libxl_qmp.c | 4 ++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/tools/libs/light/libxl_internal.h b/tools/libs/light/libxl_internal.h index c6a4a187f5..c114f6d399 100644 --- a/tools/libs/light/libxl_internal.h +++ b/tools/libs/light/libxl_internal.h @@ -492,6 +492,14 @@ _hidden int libxl__ev_qmp_send(libxl__egc *egc, libxl__ev_qmp *ev, const char *cmd, libxl__json_object *args); _hidden void libxl__ev_qmp_dispose(libxl__gc *gc, libxl__ev_qmp *ev); +/* return values: + * < 0 if qemu's version < asked version + * = 0 if qemu's version == asked version + * > 0 if qemu's version > asked version + */ +_hidden int libxl__qmp_ev_qemu_compare_version(libxl__ev_qmp *ev, int major, + int minor, int micro); + typedef enum { /* initial state */ qmp_state_disconnected = 1, diff --git a/tools/libs/light/libxl_qmp.c b/tools/libs/light/libxl_qmp.c index d0967c9f02..fb146a54cb 100644 --- a/tools/libs/light/libxl_qmp.c +++ b/tools/libs/light/libxl_qmp.c @@ -289,7 +289,7 @@ static int qmp_handle_response(libxl__gc *gc, libxl__qmp_handler *qmp, * = 0 if qemu's version == asked version * > 0 if qemu's version > asked version */ -static int qmp_ev_qemu_compare_version(libxl__ev_qmp *ev, int major, +int libxl__qmp_ev_qemu_compare_version(libxl__ev_qmp *ev, int major, int minor, int micro) { assert(ev->state == qmp_state_connected); @@ -1073,7 +1073,7 @@ static void dm_state_save_to_fdset(libxl__egc *egc, libxl__ev_qmp *ev, int fdset /* The `live` parameter was added to QEMU 2.11. It signals QEMU that * the save operation is for a live migration rather than for taking a * snapshot. */ - if (qmp_ev_qemu_compare_version(ev, 2, 11, 0) >= 0) + if (libxl__qmp_ev_qemu_compare_version(ev, 2, 11, 0) >= 0) libxl__qmp_param_add_bool(gc, &args, "live", dsps->live); QMP_PARAMETERS_SPRINTF(&args, "filename", "/dev/fdset/%d", fdset); rc = libxl__ev_qmp_send(egc, ev, "xen-save-devices-state", args); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 12:23:15 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 12:23:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183117.331078 (Exim 4.92) (envelope-from ) id 1mOJ5H-0007Bn-5E; Thu, 09 Sep 2021 12:23:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183117.331078; Thu, 09 Sep 2021 12:23:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ5H-0007Be-1q; Thu, 09 Sep 2021 12:23:15 +0000 Received: by outflank-mailman (input) for mailman id 183117; Thu, 09 Sep 2021 12:23:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ5F-0007BQ-SL for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:23:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ5F-0005P8-Ra for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:23:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOJ5F-0004G0-Qo for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:23:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Dl7TW4k+Hj3lQ6P67RuLD8hKEoJQ+sxbuaGqlauDNfs=; b=fHrjKteQCmmO38+ic4rRfAdPZx uorQJH/edEZr+sZI5hVyRKNZJA5ydO7BgUrXFXPNMplJmEHvBrVg8W0lg3JUEJF4bhk2xATVX+Fy+ //owJqfxzILxmh1+Bim9SyeF4HXniuhtjOGkG2DoZ1sUSTmIcjnLHRurnHlz7YYocnH8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] libxl: Use `id` with the "eject" QMP command Message-Id: Date: Thu, 09 Sep 2021 12:23:13 +0000 commit 4b60715241f2beec1d243ba41476d6e2b7d5c6e5 Author: Anthony PERARD AuthorDate: Tue May 11 10:28:09 2021 +0100 Commit: Ian Jackson CommitDate: Thu Aug 19 17:18:15 2021 +0100 libxl: Use `id` with the "eject" QMP command `device` parameter is deprecated since QEMU 2.8. This requires changes to the command line introduced by: "libxl: Use -device for cd-rom drives" Signed-off-by: Anthony PERARD Reviewed-by: Jason Andryuk Backport-requested-by: Anthony PERARD Acked-by: Ian Jackson --- tools/libs/light/libxl_disk.c | 43 ++++++++++++++++++++++++++++++++++++------- 1 file changed, 36 insertions(+), 7 deletions(-) diff --git a/tools/libs/light/libxl_disk.c b/tools/libs/light/libxl_disk.c index 411ffeaca6..faabdea7a4 100644 --- a/tools/libs/light/libxl_disk.c +++ b/tools/libs/light/libxl_disk.c @@ -656,6 +656,8 @@ typedef struct { static void cdrom_insert_lock_acquired(libxl__egc *, libxl__ev_slowlock *, int rc); +static void cdrom_insert_qmp_connected(libxl__egc *, libxl__ev_qmp *, + const libxl__json_object *, int rc); static void cdrom_insert_ejected(libxl__egc *egc, libxl__ev_qmp *, const libxl__json_object *, int rc); static void cdrom_insert_addfd_cb(libxl__egc *egc, libxl__ev_qmp *, @@ -770,13 +772,12 @@ static void cdrom_insert_lock_acquired(libxl__egc *egc, */ if (cis->dm_ver == LIBXL_DEVICE_MODEL_VERSION_QEMU_XEN) { - libxl__json_object *args = NULL; - int devid = libxl__device_disk_dev_number(cis->disk->vdev, - NULL, NULL); - - QMP_PARAMETERS_SPRINTF(&args, "device", "ide-%i", devid); - cis->qmp.callback = cdrom_insert_ejected; - rc = libxl__ev_qmp_send(egc, &cis->qmp, "eject", args); + /* Before running the "eject" command, we need to know QEMU's + * version to find out which command to issue. + * cis->qmp isn't in Connected state yet, so run a dummy command + * to have QEMU's version available. */ + cis->qmp.callback = cdrom_insert_qmp_connected; + rc = libxl__ev_qmp_send(egc, &cis->qmp, "query-version", NULL); if (rc) goto out; } else { cdrom_insert_ejected(egc, &cis->qmp, NULL, 0); /* must be last */ @@ -787,6 +788,34 @@ out: cdrom_insert_done(egc, cis, rc); /* must be last */ } +static void cdrom_insert_qmp_connected(libxl__egc *egc, libxl__ev_qmp *qmp, + const libxl__json_object *response, + int rc) +{ + libxl__cdrom_insert_state *cis = CONTAINER_OF(qmp, *cis, qmp); + STATE_AO_GC(cis->ao); + libxl__json_object *args = NULL; + int devid = libxl__device_disk_dev_number(cis->disk->vdev, + NULL, NULL); + + if (rc) goto out; + + /* Using `device` parameter is deprecated since QEMU 2.8, we should + * use `id` now. They both have different meaning but we set the + * same `id` on -drive and -device on the command line. + */ + if (libxl__qmp_ev_qemu_compare_version(qmp, 2, 8, 0) >= 0) + QMP_PARAMETERS_SPRINTF(&args, "id", "ide-%i", devid); + else + QMP_PARAMETERS_SPRINTF(&args, "device", "ide-%i", devid); + qmp->callback = cdrom_insert_ejected; + rc = libxl__ev_qmp_send(egc, qmp, "eject", args); + if (rc) goto out; + return; +out: + cdrom_insert_done(egc, cis, rc); /* must be last */ +} + static void cdrom_insert_ejected(libxl__egc *egc, libxl__ev_qmp *qmp, const libxl__json_object *response, -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 12:23:25 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 12:23:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183119.331083 (Exim 4.92) (envelope-from ) id 1mOJ5R-0007FJ-8U; Thu, 09 Sep 2021 12:23:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183119.331083; Thu, 09 Sep 2021 12:23:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ5R-0007FB-5f; Thu, 09 Sep 2021 12:23:25 +0000 Received: by outflank-mailman (input) for mailman id 183119; Thu, 09 Sep 2021 12:23:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ5P-0007F2-Vo for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:23:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ5P-0005PD-VB for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:23:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOJ5P-0004GZ-UM for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:23:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Dn3Z9bdhESgaJztZt0ODP2Wn9o+VK/677YJt24z7qPY=; b=gB4iPA9FjzjDSSooYrTNiWCwzV sasytlh1YyIn6mLtuM/4ubzn5IKV3/PQlSU27cvWnx3Zqy4j+c7R5DXNMSw4XflcW0hg/l+sf2qJe FvdT8DO5pEslOSqHye0CeBJCOCgQbE9iLNXRRAUxXjGnU/SS2reVa7P9Mhek8kMo9NMk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] libxl: Replace QMP command "change" by "blockdev-change-media" Message-Id: Date: Thu, 09 Sep 2021 12:23:23 +0000 commit e3f5318546c2ecde18184f3b4a9ff1685cf3fe30 Author: Anthony PERARD AuthorDate: Tue May 11 10:28:10 2021 +0100 Commit: Ian Jackson CommitDate: Thu Aug 19 17:18:17 2021 +0100 libxl: Replace QMP command "change" by "blockdev-change-media" "change" command as been removed in QEMU 6.0. We can use "blockdev-change-medium" instead. Using `id` with "blockdev-change-medium" requires a change to the QEMU command line, introduced by: "libxl: Use -device for cd-rom drives" Signed-off-by: Anthony PERARD Reviewed-by: Jason Andryuk Backport-requested-by: Anthony PERARD Acked-by: Ian Jackson --- tools/libs/light/libxl_disk.c | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/tools/libs/light/libxl_disk.c b/tools/libs/light/libxl_disk.c index faabdea7a4..93936d0dd0 100644 --- a/tools/libs/light/libxl_disk.c +++ b/tools/libs/light/libxl_disk.c @@ -962,12 +962,26 @@ static void cdrom_insert_addfd_cb(libxl__egc *egc, fdset = libxl__json_object_get_integer(o); devid = libxl__device_disk_dev_number(disk->vdev, NULL, NULL); - QMP_PARAMETERS_SPRINTF(&args, "device", "ide-%i", devid); - QMP_PARAMETERS_SPRINTF(&args, "target", "/dev/fdset/%d", fdset); - libxl__qmp_param_add_string(gc, &args, "arg", - libxl__qemu_disk_format_string(disk->format)); qmp->callback = cdrom_insert_inserted; - rc = libxl__ev_qmp_send(egc, qmp, "change", args); + + /* "change" is deprecated since QEMU 2.5 and the `device` parameter for + * for "blockdev-change-medium" is deprecated in QEMU 2.8. + * But `id` is only available in 2.8 we'll start using the new command + * with `id` with QEMU 2.8. + */ + if (libxl__qmp_ev_qemu_compare_version(qmp, 2, 8, 0) >= 0) { + QMP_PARAMETERS_SPRINTF(&args, "id", "ide-%i", devid); + QMP_PARAMETERS_SPRINTF(&args, "filename", "/dev/fdset/%d", fdset); + libxl__qmp_param_add_string(gc, &args, "format", + libxl__qemu_disk_format_string(disk->format)); + rc = libxl__ev_qmp_send(egc, qmp, "blockdev-change-medium", args); + } else { + QMP_PARAMETERS_SPRINTF(&args, "device", "ide-%i", devid); + QMP_PARAMETERS_SPRINTF(&args, "target", "/dev/fdset/%d", fdset); + libxl__qmp_param_add_string(gc, &args, "arg", + libxl__qemu_disk_format_string(disk->format)); + rc = libxl__ev_qmp_send(egc, qmp, "change", args); + } out: if (rc) cdrom_insert_done(egc, cis, rc); /* must be last */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 12:23:35 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 12:23:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183122.331087 (Exim 4.92) (envelope-from ) id 1mOJ5b-0007Ib-AK; Thu, 09 Sep 2021 12:23:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183122.331087; Thu, 09 Sep 2021 12:23:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ5b-0007IS-78; Thu, 09 Sep 2021 12:23:35 +0000 Received: by outflank-mailman (input) for mailman id 183122; Thu, 09 Sep 2021 12:23:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ5a-0007II-2x for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:23:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ5a-0005PO-2G for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:23:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOJ5a-0004HL-1a for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:23:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=PzMrkoYuuGRC3eT/VTge62QsMeNJDkRNfl8lrooXg0k=; b=1RPCHNfI9myO6LDSovqDg31quC n503vvqq5fGexeMEvmIBITWcq2ZhehxZfTjO9NxC4/QoHJ9w6bx7QZUj4siGUTAXBaRuxQooYrSRr rncmeOD2i92Lf00iSu4yIVzc9nnLKmK6ddcmPCoDAokBZ0obdSJVD0sr/5a8vYV4KXC8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] libxl: Replace short-form boolean for QEMU's -vnc Message-Id: Date: Thu, 09 Sep 2021 12:23:34 +0000 commit 0e419e446f1d8e75bf27c35d4e82906168499d23 Author: Anthony PERARD AuthorDate: Mon Jun 28 11:01:56 2021 +0100 Commit: Ian Jackson CommitDate: Thu Aug 19 17:19:38 2021 +0100 libxl: Replace short-form boolean for QEMU's -vnc f3f778c81769 forgot one boolean parameter. Fixes: f3f778c81769 ("libxl: Replace QEMU's command line short-form boolean option") Signed-off-by: Anthony PERARD Reviewed-by: Jason Andryuk (cherry picked from commit 217eef30f7b9b85ba6e27c81a791dae8f6fcdbe7) Backport-requested-by: Anthony PERARD Acked-by: Ian Jackson --- tools/libs/light/libxl_dm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/libs/light/libxl_dm.c b/tools/libs/light/libxl_dm.c index 1e16f9e5b6..0b4c6be3f9 100644 --- a/tools/libs/light/libxl_dm.c +++ b/tools/libs/light/libxl_dm.c @@ -1324,7 +1324,7 @@ static int libxl__build_device_model_args_new(libxl__gc *gc, vncarg = GCSPRINTF("127.0.0.1:%d", vnc->display); if (vnc->passwd && vnc->passwd[0]) { - vncarg = GCSPRINTF("%s,password", vncarg); + vncarg = GCSPRINTF("%s,password=on", vncarg); } if (libxl_defbool_val(vnc->findunused)) { -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 12:23:45 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 12:23:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183124.331090 (Exim 4.92) (envelope-from ) id 1mOJ5l-0007LE-BT; Thu, 09 Sep 2021 12:23:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183124.331090; Thu, 09 Sep 2021 12:23:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ5l-0007L6-8X; Thu, 09 Sep 2021 12:23:45 +0000 Received: by outflank-mailman (input) for mailman id 183124; Thu, 09 Sep 2021 12:23:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ5k-0007Kw-6q for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:23:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ5k-0005PY-64 for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:23:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOJ5k-0004I9-56 for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:23:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=EsURbzhDGClrtgAUWndIdMLfSV55Twzpbbw4qYZb40Y=; b=w1EtD8OU6MR+Ond0Pd2jywzre/ r/YVHESzQGinFkjgB+cCK4EofXPLwlhO7eVmk75zOLMgAxHBYJ9dbgcaeX2ePt7U6PGvI2kD6DxcE PQxUUt/1C/B+KWl4iaeUTmr5zU8RRdblKCu4CsD+v8L+oOqsnfGVAY8cYtgdcQA5Oyfw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] libxl: Fix QEMU cmdline for scsi device Message-Id: Date: Thu, 09 Sep 2021 12:23:44 +0000 commit 00bd594d6c686b8cd6dbe8868932f1884ab640fe Author: Anthony PERARD AuthorDate: Mon Jun 28 11:01:57 2021 +0100 Commit: Ian Jackson CommitDate: Thu Aug 19 17:19:48 2021 +0100 libxl: Fix QEMU cmdline for scsi device Usage of 'scsi-disk' device is deprecated and removed from QEMU, instead we need to use 'scsi-hd' for hard drives. See QEMU 879be3af49 (hw/scsi: remove 'scsi-disk' device) Signed-off-by: Anthony PERARD Reviewed-by: Jason Andryuk (cherry picked from commit 3bc3be978fd61f8099797864136c5f447c0e4aae) Backport-requested-by: Anthony PERARD Acked-by: Ian Jackson --- tools/libs/light/libxl_dm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/libs/light/libxl_dm.c b/tools/libs/light/libxl_dm.c index 0b4c6be3f9..9949632eb8 100644 --- a/tools/libs/light/libxl_dm.c +++ b/tools/libs/light/libxl_dm.c @@ -1972,7 +1972,7 @@ static int libxl__build_device_model_args_new(libxl__gc *gc, &drive_id), flexarray_vappend(dm_args, "-drive", drive, - "-device", GCSPRINTF("scsi-disk,drive=%s,scsi-id=%d", + "-device", GCSPRINTF("scsi-hd,drive=%s,scsi-id=%d", drive_id, disk), NULL); continue; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 12:23:55 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 12:23:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183126.331095 (Exim 4.92) (envelope-from ) id 1mOJ5v-0007Oa-D6; Thu, 09 Sep 2021 12:23:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183126.331095; Thu, 09 Sep 2021 12:23:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ5v-0007OS-A3; Thu, 09 Sep 2021 12:23:55 +0000 Received: by outflank-mailman (input) for mailman id 183126; Thu, 09 Sep 2021 12:23:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ5u-0007OM-AD for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:23:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ5u-0005Pz-9Y for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:23:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOJ5u-0004JG-8o for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:23:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=KQ+t3nNBrSRI9yx1HC1a2CHmBPDfPYWm4iOjtyTeDOQ=; b=zjYF/GUWPZSm5GbL5IuhiUQaPg Hi2YTeAuYzTMCw8q9OVWktSl7M+idwu8bbubdwBUNHS1i5E/OVfdUOz/m+9jGD11Hvi34egCjEqwq f5UPnCOoU7vE2eHvXEmJcsJeQ1uTqS61nwjVWabBPMQGcqyYNZ94YVD6MdNEN9MJ2C6w=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/HVM: wire up multicalls Message-Id: Date: Thu, 09 Sep 2021 12:23:54 +0000 commit 0f1002d40644841295578b2189c1489b0a9276ec Author: Jan Beulich AuthorDate: Thu Jun 24 16:35:39 2021 +0200 Commit: Ian Jackson CommitDate: Thu Aug 19 17:33:28 2021 +0100 x86/HVM: wire up multicalls To be able to use them from, in particular, the tool stack, they need to be supported for all guest types. Note that xc_resource_op() already does, so would not work without this on PVH Dom0. Signed-off-by: Jan Beulich Begrudingly acked-by: Andrew Cooper Acked-by: Ian Jackson Backport-requested-by: Jan Beulich (cherry picked from commit 198a2bc6f149ca41e16d90fc73de2c81affe4490) --- xen/arch/x86/hvm/hypercall.c | 35 +++++++++++++++++++++++++++++++++++ xen/arch/x86/hypercall.c | 14 ++++++++++---- xen/arch/x86/pv/hypercall.c | 3 ++- xen/include/asm-x86/multicall.h | 12 ++++++++++++ 4 files changed, 59 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/hvm/hypercall.c b/xen/arch/x86/hvm/hypercall.c index b084afcbce..01846b0718 100644 --- a/xen/arch/x86/hvm/hypercall.c +++ b/xen/arch/x86/hvm/hypercall.c @@ -26,6 +26,7 @@ #include #include #include +#include #include #include @@ -123,6 +124,7 @@ static long hvm_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) static const hypercall_table_t hvm_hypercall_table[] = { HVM_CALL(memory_op), + COMPAT_CALL(multicall), #ifdef CONFIG_GRANT_TABLE HVM_CALL(grant_table_op), #endif @@ -332,6 +334,39 @@ int hvm_hypercall(struct cpu_user_regs *regs) return curr->hcall_preempted ? HVM_HCALL_preempted : HVM_HCALL_completed; } +enum mc_disposition hvm_do_multicall_call(struct mc_state *state) +{ + struct vcpu *curr = current; + hypercall_fn_t *func = NULL; + + if ( hvm_guest_x86_mode(curr) == 8 ) + { + struct multicall_entry *call = &state->call; + + if ( call->op < ARRAY_SIZE(hvm_hypercall_table) ) + func = array_access_nospec(hvm_hypercall_table, call->op).native; + if ( func ) + call->result = func(call->args[0], call->args[1], call->args[2], + call->args[3], call->args[4], call->args[5]); + else + call->result = -ENOSYS; + } + else + { + struct compat_multicall_entry *call = &state->compat_call; + + if ( call->op < ARRAY_SIZE(hvm_hypercall_table) ) + func = array_access_nospec(hvm_hypercall_table, call->op).compat; + if ( func ) + call->result = func(call->args[0], call->args[1], call->args[2], + call->args[3], call->args[4], call->args[5]); + else + call->result = -ENOSYS; + } + + return !hvm_get_cpl(curr) ? mc_continue : mc_preempt; +} + /* * Local variables: * mode: C diff --git a/xen/arch/x86/hypercall.c b/xen/arch/x86/hypercall.c index 14da9bc4ad..791b4c7585 100644 --- a/xen/arch/x86/hypercall.c +++ b/xen/arch/x86/hypercall.c @@ -20,6 +20,7 @@ */ #include +#include #define ARGS(x, n) \ [ __HYPERVISOR_ ## x ] = { n, n } @@ -264,13 +265,18 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int nr, return rc; } -#ifndef CONFIG_PV -/* Stub for arch_do_multicall_call */ -enum mc_disposition arch_do_multicall_call(struct mc_state *mc) +enum mc_disposition arch_do_multicall_call(struct mc_state *state) { + const struct domain *currd = current->domain; + + if ( is_pv_domain(currd) ) + return pv_do_multicall_call(state); + + if ( is_hvm_domain(currd) ) + return hvm_do_multicall_call(state); + return mc_exit; } -#endif /* * Local variables: diff --git a/xen/arch/x86/pv/hypercall.c b/xen/arch/x86/pv/hypercall.c index 20795b4b57..73ccbe05ce 100644 --- a/xen/arch/x86/pv/hypercall.c +++ b/xen/arch/x86/pv/hypercall.c @@ -23,6 +23,7 @@ #include #include #include +#include #include #define HYPERCALL(x) \ @@ -237,7 +238,7 @@ void pv_hypercall(struct cpu_user_regs *regs) perfc_incr(hypercalls); } -enum mc_disposition arch_do_multicall_call(struct mc_state *state) +enum mc_disposition pv_do_multicall_call(struct mc_state *state) { struct vcpu *curr = current; unsigned long op; diff --git a/xen/include/asm-x86/multicall.h b/xen/include/asm-x86/multicall.h new file mode 100644 index 0000000000..7e1d4c121a --- /dev/null +++ b/xen/include/asm-x86/multicall.h @@ -0,0 +1,12 @@ +/****************************************************************************** + * asm-x86/multicall.h + */ + +#ifndef __ASM_X86_MULTICALL_H__ +#define __ASM_X86_MULTICALL_H__ + +#include + +typeof(arch_do_multicall_call) pv_do_multicall_call, hvm_do_multicall_call; + +#endif /* __ASM_X86_MULTICALL_H__ */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 12:24:05 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 12:24:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183128.331099 (Exim 4.92) (envelope-from ) id 1mOJ65-0007RX-EX; Thu, 09 Sep 2021 12:24:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183128.331099; Thu, 09 Sep 2021 12:24:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ65-0007RP-BY; Thu, 09 Sep 2021 12:24:05 +0000 Received: by outflank-mailman (input) for mailman id 183128; Thu, 09 Sep 2021 12:24:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ64-0007RE-E8 for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:24:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ64-0005QQ-DS for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:24:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOJ64-0004K0-Cd for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:24:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=N6Zgpa1KMRbHtG13hCPe9j1ur8rek/UPRUCdnsJ8w+8=; b=F4Oy+ehUk8pCOeeD2mcLR9rVpE UgkFgJ7iK81Sr7nGiorSiSKroP50tCPXxupUYbOYDKF9bmbfaOK3OIW+Skrjhj3fX1r4VKw2txLyn OW3w57AnMkoGdo1GYAkjUIna75V9kYS1uCwmoZZkz/ssUQ7bIXmjwD1kG3eqIdrhkedA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] libxencall: osdep_hypercall() should return long Message-Id: Date: Thu, 09 Sep 2021 12:24:04 +0000 commit c773053bdbf3780cd2aa2ebe61837afc3de36bd0 Author: Jan Beulich AuthorDate: Thu Jun 24 16:38:37 2021 +0200 Commit: Ian Jackson CommitDate: Thu Aug 19 17:33:40 2021 +0100 libxencall: osdep_hypercall() should return long Some hypercalls, memory-op in particular, can return values requiring more than 31 bits to represent. Hence the underlying layers need to make sure they won't truncate such values. (Note that for Solaris the function also gets renamed, to match the other OSes.) Due to them merely propagating ioctl()'s return value, this change is benign on Linux and Solaris. IOW there's an actual effect here only for the BSDs and MiniOS, but even then further adjustments are needed at the xencall() level. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper Acked-by: Ian Jackson Backport-requested-by: Jan Beulich (cherry picked from commit 6409210a5f51860cb17b5e0f97debe164dab26d7) --- tools/libs/call/freebsd.c | 2 +- tools/libs/call/linux.c | 2 +- tools/libs/call/minios.c | 2 +- tools/libs/call/netbsd.c | 2 +- tools/libs/call/private.h | 2 +- tools/libs/call/solaris.c | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/tools/libs/call/freebsd.c b/tools/libs/call/freebsd.c index 28bfd852c1..6d2e8704b3 100644 --- a/tools/libs/call/freebsd.c +++ b/tools/libs/call/freebsd.c @@ -62,7 +62,7 @@ int osdep_xencall_close(xencall_handle *xcall) return close(fd); } -int osdep_hypercall(xencall_handle *xcall, privcmd_hypercall_t *hypercall) +long osdep_hypercall(xencall_handle *xcall, privcmd_hypercall_t *hypercall) { int fd = xcall->fd; int ret; diff --git a/tools/libs/call/linux.c b/tools/libs/call/linux.c index 51fa4899eb..6d588e6bea 100644 --- a/tools/libs/call/linux.c +++ b/tools/libs/call/linux.c @@ -80,7 +80,7 @@ int osdep_xencall_close(xencall_handle *xcall) return 0; } -int osdep_hypercall(xencall_handle *xcall, privcmd_hypercall_t *hypercall) +long osdep_hypercall(xencall_handle *xcall, privcmd_hypercall_t *hypercall) { return ioctl(xcall->fd, IOCTL_PRIVCMD_HYPERCALL, hypercall); } diff --git a/tools/libs/call/minios.c b/tools/libs/call/minios.c index 9f7a96995f..3f33b83578 100644 --- a/tools/libs/call/minios.c +++ b/tools/libs/call/minios.c @@ -38,7 +38,7 @@ int osdep_xencall_close(xencall_handle *xcall) return 0; } -int osdep_hypercall(xencall_handle *xcall, privcmd_hypercall_t *hypercall) +long osdep_hypercall(xencall_handle *xcall, privcmd_hypercall_t *hypercall) { multicall_entry_t call; int i, ret; diff --git a/tools/libs/call/netbsd.c b/tools/libs/call/netbsd.c index 4dcc2919ba..91ae68357e 100644 --- a/tools/libs/call/netbsd.c +++ b/tools/libs/call/netbsd.c @@ -96,7 +96,7 @@ void osdep_free_pages(xencall_handle *xcall, void *ptr, size_t npages) free(ptr); } -int osdep_hypercall(xencall_handle *xcall, privcmd_hypercall_t *hypercall) +long osdep_hypercall(xencall_handle *xcall, privcmd_hypercall_t *hypercall) { int fd = xcall->fd; int error = ioctl(fd, IOCTL_PRIVCMD_HYPERCALL, hypercall); diff --git a/tools/libs/call/private.h b/tools/libs/call/private.h index 7944ac5baf..9c3aa432ef 100644 --- a/tools/libs/call/private.h +++ b/tools/libs/call/private.h @@ -55,7 +55,7 @@ struct xencall_handle { int osdep_xencall_open(xencall_handle *xcall); int osdep_xencall_close(xencall_handle *xcall); -int osdep_hypercall(xencall_handle *xcall, privcmd_hypercall_t *hypercall); +long osdep_hypercall(xencall_handle *xcall, privcmd_hypercall_t *hypercall); void *osdep_alloc_pages(xencall_handle *xcall, size_t nr_pages); void osdep_free_pages(xencall_handle *xcall, void *p, size_t nr_pages); diff --git a/tools/libs/call/solaris.c b/tools/libs/call/solaris.c index c63b6a329a..304262bd05 100644 --- a/tools/libs/call/solaris.c +++ b/tools/libs/call/solaris.c @@ -80,7 +80,7 @@ void osdep_free_hypercall_buffer(xencall_handle *xcall, void *ptr, free(ptr); } -int do_xen_hypercall(xencall_handle *xcall, privcmd_hypercall_t *hypercall) +long osdep_hypercall(xencall_handle *xcall, privcmd_hypercall_t *hypercall) { int fd = xcall->fd; return ioctl(fd, IOCTL_PRIVCMD_HYPERCALL, hypercall); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 12:24:15 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 12:24:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183130.331103 (Exim 4.92) (envelope-from ) id 1mOJ6F-0007UP-G9; Thu, 09 Sep 2021 12:24:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183130.331103; Thu, 09 Sep 2021 12:24:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ6F-0007UH-D1; Thu, 09 Sep 2021 12:24:15 +0000 Received: by outflank-mailman (input) for mailman id 183130; Thu, 09 Sep 2021 12:24:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ6E-0007U9-Ho for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:24:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ6E-0005Qb-HB for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:24:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOJ6E-0004MN-G9 for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:24:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=15gmTtQ1tpV3xxggIuoqoi2OfV4daDLGuLOzcpKPAhw=; b=sWNmQXINPv9j5C6CYAUn1x4z8K Zr97edKuNz684/DRxTOoRem6h9PcljA7CaKvbDQXmcaB0hFh1kPegkGVguXp/S6QKXkApzDldbVzw 8QxvH/D7xbAthg93aZ7KFTWQGqAJjKzp9CaEgANI5KAJptQvYoG8CCijEEZEvTkTqIVs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] libxencall: introduce variant of xencall2() returning long Message-Id: Date: Thu, 09 Sep 2021 12:24:14 +0000 commit e0da171fc15557ebdf4ee75638cbea81a5d47f0a Author: Jan Beulich AuthorDate: Thu Jun 24 16:39:02 2021 +0200 Commit: Ian Jackson CommitDate: Thu Aug 19 17:33:40 2021 +0100 libxencall: introduce variant of xencall2() returning long Some hypercalls, memory-op in particular, can return values requiring more than 31 bits to represent. Hence the underlying layers need to make sure they won't truncate such values. Signed-off-by: Jan Beulich Acked-by: Ian Jackson Acked-by: Andrew Cooper Backport-requested-by: Jan Beulich (cherry picked from commit bef64f2c0019f828824a67f918604fe40768b1de) --- tools/include/xencall.h | 4 ++++ tools/libs/call/core.c | 11 +++++++++++ tools/libs/call/libxencall.map | 5 +++++ 3 files changed, 20 insertions(+) diff --git a/tools/include/xencall.h b/tools/include/xencall.h index 2d0c42ad5e..fc95ed0fe5 100644 --- a/tools/include/xencall.h +++ b/tools/include/xencall.h @@ -113,6 +113,10 @@ int xencall5(xencall_handle *xcall, unsigned int op, uint64_t arg1, uint64_t arg2, uint64_t arg3, uint64_t arg4, uint64_t arg5); +/* Variant(s) of the above, as needed, returning "long" instead of "int". */ +long xencall2L(xencall_handle *xcall, unsigned int op, + uint64_t arg1, uint64_t arg2); + /* * Allocate and free memory which is suitable for use as a pointer * argument to a hypercall. diff --git a/tools/libs/call/core.c b/tools/libs/call/core.c index 57d3a33e6b..02c4f8e1ae 100644 --- a/tools/libs/call/core.c +++ b/tools/libs/call/core.c @@ -127,6 +127,17 @@ int xencall2(xencall_handle *xcall, unsigned int op, return osdep_hypercall(xcall, &call); } +long xencall2L(xencall_handle *xcall, unsigned int op, + uint64_t arg1, uint64_t arg2) +{ + privcmd_hypercall_t call = { + .op = op, + .arg = { arg1, arg2 }, + }; + + return osdep_hypercall(xcall, &call); +} + int xencall3(xencall_handle *xcall, unsigned int op, uint64_t arg1, uint64_t arg2, uint64_t arg3) { diff --git a/tools/libs/call/libxencall.map b/tools/libs/call/libxencall.map index 6922b96511..ad7518b0e0 100644 --- a/tools/libs/call/libxencall.map +++ b/tools/libs/call/libxencall.map @@ -27,3 +27,8 @@ VERS_1.2 { global: xencall_fd; } VERS_1.1; + +VERS_1.3 { + global: + xencall2L; +} VERS_1.2; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 12:24:26 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 12:24:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183132.331107 (Exim 4.92) (envelope-from ) id 1mOJ6Q-0007YQ-J9; Thu, 09 Sep 2021 12:24:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183132.331107; Thu, 09 Sep 2021 12:24:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ6Q-0007YI-G1; Thu, 09 Sep 2021 12:24:26 +0000 Received: by outflank-mailman (input) for mailman id 183132; Thu, 09 Sep 2021 12:24:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ6O-0007Xj-NG for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:24:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ6O-0005Qm-MW for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:24:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOJ6O-0004VC-Jw for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:24:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=7pH0+lO0drW8URcxGOmcgyTaSFgeQW4IhuqFZqu3dP4=; b=t03QFX1XR5wSVBKQZppT9SH6hU Lz9ZhhnIlTNcT97b+GHHQl6rJwrawolCt8HPsBv7TIwra9WduC4dEd3S3NM7khQ5BOus+pUmH7YUV K9AZmZksLtXOc6vZgNVJnp4DxcxyUU7n3AqJ0T/JHvLHhntiMhYvyL698l2AXNKuR7hA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] libxencall: Bump SONAME following new functionality Message-Id: Date: Thu, 09 Sep 2021 12:24:24 +0000 commit c3cf33b071081cab85c9bcea2e87f2db49dc644d Author: Andrew Cooper AuthorDate: Thu Jun 24 18:49:14 2021 +0100 Commit: Ian Jackson CommitDate: Thu Aug 19 17:33:40 2021 +0100 libxencall: Bump SONAME following new functionality Fixes: bef64f2c00 ("libxencall: introduce variant of xencall2() returning long") Signed-off-by: Andrew Cooper Reviewed-by: Ian Jackson Backport-requested-by: Jan Beulich (cherry picked from commit 01a2d001dea2219c9702afbe2d6fd1b0af539203) --- tools/libs/call/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/libs/call/Makefile b/tools/libs/call/Makefile index 4ed201b3b3..93d404b79e 100644 --- a/tools/libs/call/Makefile +++ b/tools/libs/call/Makefile @@ -2,7 +2,7 @@ XEN_ROOT = $(CURDIR)/../../.. include $(XEN_ROOT)/tools/Rules.mk MAJOR = 1 -MINOR = 2 +MINOR = 3 SRCS-y += core.c buffer.c SRCS-$(CONFIG_Linux) += linux.c -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 12:24:36 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 12:24:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183134.331111 (Exim 4.92) (envelope-from ) id 1mOJ6a-0007b1-KZ; Thu, 09 Sep 2021 12:24:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183134.331111; Thu, 09 Sep 2021 12:24:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ6a-0007au-Hf; Thu, 09 Sep 2021 12:24:36 +0000 Received: by outflank-mailman (input) for mailman id 183134; Thu, 09 Sep 2021 12:24:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ6Y-0007aT-Qm for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:24:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ6Y-0005R3-Q0 for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:24:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOJ6Y-0004W4-P3 for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:24:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Kjpiw2XF9Wtn/PV0WpInBhSfMivRMR/0oA0JSUkkVCs=; b=JI7qhwe713E2fR2kLuSV2jNAQB E3B+FU5UvtCuSl5jyB8TW1XyIcR5GrTSP0Cxzv1BYlG1O/+4RlnmMV93A62SkQyXZYsYseAWxKdPi 6g5mcbmjJRv/nHQbo9h8u7UnChnavCJusqr9PHB27bF4c4JqO6TQCPofqmKKXa6d2RO8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] libxc: use multicall for memory-op on Linux (and Solaris) Message-Id: Date: Thu, 09 Sep 2021 12:24:34 +0000 commit abfbb29830a25ddf31298d0eebd60e1d576a33c5 Author: Jan Beulich AuthorDate: Thu Jun 24 16:39:26 2021 +0200 Commit: Ian Jackson CommitDate: Thu Aug 19 17:33:40 2021 +0100 libxc: use multicall for memory-op on Linux (and Solaris) Some sub-functions, XENMEM_maximum_gpfn and XENMEM_maximum_ram_page in particular, can return values requiring more than 31 bits to represent. Hence we cannot issue the hypercall directly when the return value of ioctl() is used to propagate this value. This is the case for Linux and Solaris (and hence needs changing), while the BSDs avoid using the return value for dual purposes altogether, and MiniOS already wraps all hypercalls in a multicall. Suggested-by: Jürgen Groß Signed-off-by: Jan Beulich Acked-by: Ian Jackson Acked-by: Andrew Cooper Backport-requested-by: Jan Beulich (cherry picked from commit 6f02d1ea4a109a32f346a5d1de63a42b291c354c) --- tools/libs/ctrl/xc_private.c | 43 +++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 41 insertions(+), 2 deletions(-) diff --git a/tools/libs/ctrl/xc_private.c b/tools/libs/ctrl/xc_private.c index d94f846686..c0422662f0 100644 --- a/tools/libs/ctrl/xc_private.c +++ b/tools/libs/ctrl/xc_private.c @@ -337,8 +337,47 @@ long do_memory_op(xc_interface *xch, int cmd, void *arg, size_t len) goto out1; } - ret = xencall2(xch->xcall, __HYPERVISOR_memory_op, - cmd, HYPERCALL_BUFFER_AS_ARG(arg)); +#if defined(__linux__) || defined(__sun__) + /* + * Some sub-ops return values which don't fit in "int". On platforms + * without a specific hypercall return value field in the privcmd + * interface structure, issue the request as a single-element multicall, + * to be able to capture the full return value. + */ + if ( sizeof(long) > sizeof(int) ) + { + multicall_entry_t multicall = { + .op = __HYPERVISOR_memory_op, + .args[0] = cmd, + .args[1] = HYPERCALL_BUFFER_AS_ARG(arg), + }, *call = &multicall; + DECLARE_HYPERCALL_BOUNCE(call, sizeof(*call), + XC_HYPERCALL_BUFFER_BOUNCE_BOTH); + + if ( xc_hypercall_bounce_pre(xch, call) ) + { + PERROR("Could not bounce buffer for memory_op hypercall"); + goto out1; + } + + ret = do_multicall_op(xch, HYPERCALL_BUFFER(call), 1); + + xc_hypercall_bounce_post(xch, call); + + if ( !ret ) + { + ret = multicall.result; + if ( multicall.result > ~0xfffUL ) + { + errno = -ret; + ret = -1; + } + } + } + else +#endif + ret = xencall2L(xch->xcall, __HYPERVISOR_memory_op, + cmd, HYPERCALL_BUFFER_AS_ARG(arg)); xc_hypercall_bounce_post(xch, arg); out1: -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 12:24:46 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 12:24:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183136.331114 (Exim 4.92) (envelope-from ) id 1mOJ6k-0007e1-MM; Thu, 09 Sep 2021 12:24:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183136.331114; Thu, 09 Sep 2021 12:24:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ6k-0007dt-JW; Thu, 09 Sep 2021 12:24:46 +0000 Received: by outflank-mailman (input) for mailman id 183136; Thu, 09 Sep 2021 12:24:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ6i-0007dk-UW for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:24:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ6i-0005RK-Tg for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:24:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOJ6i-0004X4-St for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:24:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=zH8XDw+OVTwzldsNVEls9iLN4EB/Z8IFtGksl/ztJQw=; b=cxYfHkBZSqDtM712XTbrdaOgE4 ENRY1n6v0ppHxUGcAAnzDbTqQ7K3IwLLeK2jV6qv/RUxZ+y2iz8oWrO4JRNd7fSPa/JWiiMgvq4cr bs62ZMwWnj76y2JvMidf2xPrLiQOeBIdJ1C4czarO1hiJ8gCgDcEvI2XubeJb4/8HQLQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] libxl/x86: check return value of SHADOW_OP_SET_ALLOCATION domctl Message-Id: Date: Thu, 09 Sep 2021 12:24:44 +0000 commit 6bbdcefd205903b2181b3b4fdc9503709ecdb7c4 Author: Jan Beulich AuthorDate: Mon Jul 19 12:28:09 2021 +0200 Commit: Ian Jackson CommitDate: Thu Aug 19 17:46:59 2021 +0100 libxl/x86: check return value of SHADOW_OP_SET_ALLOCATION domctl The hypervisor may not have enough memory to satisfy the request. While there, make the unit of the value clear by renaming the local variable. Requested-by: Andrew Cooper Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper Reviewed-by: Anthony PERARD backport-requested-by: Jan Beulich (cherry picked from commit 0be5a00af590c97ea553aadb60f1e0b3af53d8f6) --- tools/libs/light/libxl_x86.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/tools/libs/light/libxl_x86.c b/tools/libs/light/libxl_x86.c index ac09897a63..18c3c77ccd 100644 --- a/tools/libs/light/libxl_x86.c +++ b/tools/libs/light/libxl_x86.c @@ -529,10 +529,20 @@ int libxl__arch_domain_create(libxl__gc *gc, xc_domain_set_time_offset(ctx->xch, domid, rtc_timeoffset); if (d_config->b_info.type != LIBXL_DOMAIN_TYPE_PV) { - unsigned long shadow = DIV_ROUNDUP(d_config->b_info.shadow_memkb, - 1024); - xc_shadow_control(ctx->xch, domid, XEN_DOMCTL_SHADOW_OP_SET_ALLOCATION, - NULL, 0, &shadow, 0, NULL); + unsigned long shadow_mb = DIV_ROUNDUP(d_config->b_info.shadow_memkb, + 1024); + int r = xc_shadow_control(ctx->xch, domid, + XEN_DOMCTL_SHADOW_OP_SET_ALLOCATION, + NULL, 0, &shadow_mb, 0, NULL); + + if (r) { + LOGED(ERROR, domid, + "Failed to set %lu MiB %s allocation", + shadow_mb, + libxl_defbool_val(d_config->c_info.hap) ? "HAP" : "shadow"); + ret = ERROR_FAIL; + goto out; + } } if (d_config->c_info.type == LIBXL_DOMAIN_TYPE_PV && -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 12:24:56 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 12:24:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183138.331118 (Exim 4.92) (envelope-from ) id 1mOJ6u-0007hH-O0; Thu, 09 Sep 2021 12:24:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183138.331118; Thu, 09 Sep 2021 12:24:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ6u-0007h9-L6; Thu, 09 Sep 2021 12:24:56 +0000 Received: by outflank-mailman (input) for mailman id 183138; Thu, 09 Sep 2021 12:24:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ6t-0007gn-1q for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:24:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ6t-0005Rn-1A for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:24:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOJ6t-0004Xr-0G for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:24:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=GFL6gwOUrCaqXUuAEtX3CoAyUxhNvUC5DrSO7GSTzWg=; b=vUPbWGPU6DRnT4VL1s7WD4PqSx vV0+ewaILkI8cxs7NBFm+AoFLVEcsab+kMlWvtSdCbxHw2teLmHmUyE7ckezOwFIiiQXaDhEwDw1N V6zOfO27VmBRJtmurtS7qOgdxnWCwr6uMmIkXMk6vWhjcOb9RZ8I7lu7pZG8gicDxxMU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86: work around build issue with GNU ld 2.37 Message-Id: Date: Thu, 09 Sep 2021 12:24:55 +0000 commit 1beb196decd86e6512f1e3cbcfd693dace99cc38 Author: Jan Beulich AuthorDate: Wed Aug 25 14:40:12 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:40:12 2021 +0200 x86: work around build issue with GNU ld 2.37 I suspect it is commit 40726f16a8d7 ("ld script expression parsing") which broke the hypervisor build, by no longer accepting section names with a dash in them inside ADDR() (and perhaps other script directives expecting just a section name, not an expression): .note.gnu.build-id is such a section. Quoting all section names passed to ADDR() via DECL_SECTION() works around the regression. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: 58ad654ebce7ccb272a3f4f3482c03aaad850d31 master date: 2021-07-27 15:03:29 +0100 --- xen/arch/x86/xen.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index 0273f79152..a02df18a25 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -18,7 +18,7 @@ ENTRY(efi_start) #else /* !EFI */ #define FORMAT "elf64-x86-64" -#define DECL_SECTION(x) x : AT(ADDR(x) - __XEN_VIRT_START) +#define DECL_SECTION(x) x : AT(ADDR(#x) - __XEN_VIRT_START) ENTRY(start_pa) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 12:25:06 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 12:25:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183140.331123 (Exim 4.92) (envelope-from ) id 1mOJ74-0007k3-Pg; Thu, 09 Sep 2021 12:25:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183140.331123; Thu, 09 Sep 2021 12:25:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ74-0007jv-Mf; Thu, 09 Sep 2021 12:25:06 +0000 Received: by outflank-mailman (input) for mailman id 183140; Thu, 09 Sep 2021 12:25:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ73-0007jf-62 for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:25:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ73-0005TV-5O for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:25:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOJ73-0004Yx-3z for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:25:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=eqUDto1MnBgH+LNTHO/HbmiQkq6iaQ1CalG38kLLAy8=; b=ZW389RykK8x4uavP5Mb+webYGP B8pqFgmMnFf2qPShCZqCodNZzSl4F8B6M32ZInP4NsLNvXangQ4pO2Z0zMBwPgBFlliSjxVNwtpH2 tw/VkMp/EkMH6wy/gVxOTxGp3fR1HZusH1IWVZj5JZTRzGun6QEINyr5g5mzhQWLdsxs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] AMD/IOMMU: correct global exclusion range extending Message-Id: Date: Thu, 09 Sep 2021 12:25:05 +0000 commit 92c8b9274db6b0c4e22ed0dff19b2611cf057921 Author: Jan Beulich AuthorDate: Wed Aug 25 14:41:15 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:41:15 2021 +0200 AMD/IOMMU: correct global exclusion range extending Besides unity mapping regions, the AMD IOMMU spec also provides for exclusion ranges (areas of memory not to be subject to DMA translation) to be specified by firmware in the ACPI tables. The spec does not put any constraints on the number of such regions. Blindly assuming all addresses between any two such ranges should also be excluded can't be right. Since hardware has room for just a single such range (comprised of the Exclusion Base Register and the Exclusion Range Limit Register), combine only adjacent or overlapping regions (for now; this may require further adjustment in case table entries aren't sorted by address) with matching exclusion_allow_all settings. This requires bubbling up error indicators, such that IOMMU init can be failed when concatenation wasn't possible. Furthermore, since the exclusion range specified in IOMMU registers implies R/W access, reject requests asking for less permissions (this will be brought closer to the spec by a subsequent change). This is part of XSA-378 / CVE-2021-28695. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: b02c5c88982411be11e3413159862f255f1f39dc master date: 2021-08-25 14:12:13 +0200 --- xen/drivers/passthrough/amd/iommu_acpi.c | 45 +++++++++++++++++++++----------- 1 file changed, 30 insertions(+), 15 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c b/xen/drivers/passthrough/amd/iommu_acpi.c index 1f6b004260..63fc22af01 100644 --- a/xen/drivers/passthrough/amd/iommu_acpi.c +++ b/xen/drivers/passthrough/amd/iommu_acpi.c @@ -116,12 +116,21 @@ static struct amd_iommu * __init find_iommu_from_bdf_cap( return NULL; } -static void __init reserve_iommu_exclusion_range( - struct amd_iommu *iommu, uint64_t base, uint64_t limit) +static int __init reserve_iommu_exclusion_range( + struct amd_iommu *iommu, uint64_t base, uint64_t limit, + bool all, bool iw, bool ir) { + if ( !ir || !iw ) + return -EPERM; + /* need to extend exclusion range? */ if ( iommu->exclusion_enable ) { + if ( iommu->exclusion_limit + PAGE_SIZE < base || + limit + PAGE_SIZE < iommu->exclusion_base || + iommu->exclusion_allow_all != all ) + return -EBUSY; + if ( iommu->exclusion_base < base ) base = iommu->exclusion_base; if ( iommu->exclusion_limit > limit ) @@ -129,16 +138,11 @@ static void __init reserve_iommu_exclusion_range( } iommu->exclusion_enable = IOMMU_CONTROL_ENABLED; + iommu->exclusion_allow_all = all; iommu->exclusion_base = base; iommu->exclusion_limit = limit; -} -static void __init reserve_iommu_exclusion_range_all( - struct amd_iommu *iommu, - unsigned long base, unsigned long limit) -{ - reserve_iommu_exclusion_range(iommu, base, limit); - iommu->exclusion_allow_all = IOMMU_CONTROL_ENABLED; + return 0; } static void __init reserve_unity_map_for_device( @@ -176,6 +180,7 @@ static int __init register_exclusion_range_for_all_devices( unsigned long range_top, iommu_top, length; struct amd_iommu *iommu; unsigned int bdf; + int rc = 0; /* is part of exclusion range inside of IOMMU virtual address space? */ /* note: 'limit' parameter is assumed to be page-aligned */ @@ -197,10 +202,15 @@ static int __init register_exclusion_range_for_all_devices( if ( limit >= iommu_top ) { for_each_amd_iommu( iommu ) - reserve_iommu_exclusion_range_all(iommu, base, limit); + { + rc = reserve_iommu_exclusion_range(iommu, base, limit, + true /* all */, iw, ir); + if ( rc ) + break; + } } - return 0; + return rc; } static int __init register_exclusion_range_for_device( @@ -211,6 +221,7 @@ static int __init register_exclusion_range_for_device( unsigned long range_top, iommu_top, length; struct amd_iommu *iommu; u16 req; + int rc = 0; iommu = find_iommu_for_device(seg, bdf); if ( !iommu ) @@ -240,12 +251,13 @@ static int __init register_exclusion_range_for_device( /* register IOMMU exclusion range settings for device */ if ( limit >= iommu_top ) { - reserve_iommu_exclusion_range(iommu, base, limit); + rc = reserve_iommu_exclusion_range(iommu, base, limit, + false /* all */, iw, ir); ivrs_mappings[bdf].dte_allow_exclusion = true; ivrs_mappings[req].dte_allow_exclusion = true; } - return 0; + return rc; } static int __init register_exclusion_range_for_iommu_devices( @@ -255,6 +267,7 @@ static int __init register_exclusion_range_for_iommu_devices( unsigned long range_top, iommu_top, length; unsigned int bdf; u16 req; + int rc = 0; /* is part of exclusion range inside of IOMMU virtual address space? */ /* note: 'limit' parameter is assumed to be page-aligned */ @@ -285,8 +298,10 @@ static int __init register_exclusion_range_for_iommu_devices( /* register IOMMU exclusion range settings */ if ( limit >= iommu_top ) - reserve_iommu_exclusion_range_all(iommu, base, limit); - return 0; + rc = reserve_iommu_exclusion_range(iommu, base, limit, + true /* all */, iw, ir); + + return rc; } static int __init parse_ivmd_device_select( -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 12:25:16 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 12:25:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183142.331126 (Exim 4.92) (envelope-from ) id 1mOJ7E-0007mq-R9; Thu, 09 Sep 2021 12:25:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183142.331126; Thu, 09 Sep 2021 12:25:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ7E-0007mi-OE; Thu, 09 Sep 2021 12:25:16 +0000 Received: by outflank-mailman (input) for mailman id 183142; Thu, 09 Sep 2021 12:25:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ7D-0007mV-9x for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:25:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ7D-0005Tu-9D for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:25:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOJ7D-0004Zl-8O for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:25:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=NhKUhJT+1NvXOB5xzJ5ows8V1PCHat8v6K5Z9ZWw8ZA=; b=H+I2XCV3/Mbu2B9SvNNYlsaxCd E5UGV9v26US+/JPCo/97YVlkhcF6H4i9p4FrkikSG+dCradwL/EVtypoDcnEBxhfQDOxemffuyADS +KNsqo2nGkyVt7VlKrgu24jMWHFqsDqZNflhZYo97R+CYGVsyTXBDbZtDzfGg/AlJj1E=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] AMD/IOMMU: correct device unity map handling Message-Id: Date: Thu, 09 Sep 2021 12:25:15 +0000 commit 29a6cf118ce82afea292e23d8bbe329dc1e7bcb9 Author: Jan Beulich AuthorDate: Wed Aug 25 14:41:30 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:41:30 2021 +0200 AMD/IOMMU: correct device unity map handling Blindly assuming all addresses between any two such ranges, specified by firmware in the ACPI tables, should also be unity-mapped can't be right. Nor can it be correct to merge ranges with differing permissions. Track ranges individually; don't merge at all, but check for overlaps instead. This requires bubbling up error indicators, such that IOMMU init can be failed when allocation of a new tracking struct wasn't possible, or an overlap was detected. At this occasion also stop ignoring amd_iommu_reserve_domain_unity_map()'s return value. This is part of XSA-378 / CVE-2021-28695. Signed-off-by: Jan Beulich Reviewed-by: George Dunlap Reviewed-by: Paul Durrant master commit: 34750a3eb022462cdd1c36e8ef9049d3d73c824c master date: 2021-08-25 14:15:11 +0200 --- xen/drivers/passthrough/amd/iommu.h | 14 +++-- xen/drivers/passthrough/amd/iommu_acpi.c | 80 +++++++++++++++++------------ xen/drivers/passthrough/amd/pci_amd_iommu.c | 16 +++--- 3 files changed, 66 insertions(+), 44 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index ad089cb095..f0e3e5b1a4 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -107,20 +107,24 @@ struct amd_iommu { struct list_head ats_devices; }; +struct ivrs_unity_map { + bool read:1; + bool write:1; + paddr_t addr; + unsigned long length; + struct ivrs_unity_map *next; +}; + struct ivrs_mappings { uint16_t dte_requestor_id; bool valid:1; bool dte_allow_exclusion:1; - bool unity_map_enable:1; - bool write_permission:1; - bool read_permission:1; /* ivhd device data settings */ uint8_t device_flags; - unsigned long addr_range_start; - unsigned long addr_range_length; struct amd_iommu *iommu; + struct ivrs_unity_map *unity_map; /* per device interrupt remapping table */ void *intremap_table; diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c b/xen/drivers/passthrough/amd/iommu_acpi.c index 63fc22af01..f98a936ecd 100644 --- a/xen/drivers/passthrough/amd/iommu_acpi.c +++ b/xen/drivers/passthrough/amd/iommu_acpi.c @@ -145,32 +145,48 @@ static int __init reserve_iommu_exclusion_range( return 0; } -static void __init reserve_unity_map_for_device( - u16 seg, u16 bdf, unsigned long base, - unsigned long length, u8 iw, u8 ir) +static int __init reserve_unity_map_for_device( + uint16_t seg, uint16_t bdf, unsigned long base, + unsigned long length, bool iw, bool ir) { struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(seg); - unsigned long old_top, new_top; + struct ivrs_unity_map *unity_map = ivrs_mappings[bdf].unity_map; - /* need to extend unity-mapped range? */ - if ( ivrs_mappings[bdf].unity_map_enable ) + /* Check for overlaps. */ + for ( ; unity_map; unity_map = unity_map->next ) { - old_top = ivrs_mappings[bdf].addr_range_start + - ivrs_mappings[bdf].addr_range_length; - new_top = base + length; - if ( old_top > new_top ) - new_top = old_top; - if ( ivrs_mappings[bdf].addr_range_start < base ) - base = ivrs_mappings[bdf].addr_range_start; - length = new_top - base; + /* + * Exact matches are okay. This can in particular happen when + * register_exclusion_range_for_device() calls here twice for the + * same (s,b,d,f). + */ + if ( base == unity_map->addr && length == unity_map->length && + ir == unity_map->read && iw == unity_map->write ) + return 0; + + if ( unity_map->addr + unity_map->length > base && + base + length > unity_map->addr ) + { + AMD_IOMMU_DEBUG("IVMD Error: overlap [%lx,%lx) vs [%lx,%lx)\n", + base, base + length, unity_map->addr, + unity_map->addr + unity_map->length); + return -EPERM; + } } - /* extend r/w permissioms and keep aggregate */ - ivrs_mappings[bdf].write_permission = iw; - ivrs_mappings[bdf].read_permission = ir; - ivrs_mappings[bdf].unity_map_enable = true; - ivrs_mappings[bdf].addr_range_start = base; - ivrs_mappings[bdf].addr_range_length = length; + /* Populate and insert a new unity map. */ + unity_map = xmalloc(struct ivrs_unity_map); + if ( !unity_map ) + return -ENOMEM; + + unity_map->read = ir; + unity_map->write = iw; + unity_map->addr = base; + unity_map->length = length; + unity_map->next = ivrs_mappings[bdf].unity_map; + ivrs_mappings[bdf].unity_map = unity_map; + + return 0; } static int __init register_exclusion_range_for_all_devices( @@ -193,13 +209,13 @@ static int __init register_exclusion_range_for_all_devices( length = range_top - base; /* reserve r/w unity-mapped page entries for devices */ /* note: these entries are part of the exclusion range */ - for ( bdf = 0; bdf < ivrs_bdf_entries; bdf++ ) - reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); + for ( bdf = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) + rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); /* push 'base' just outside of virtual address space */ base = iommu_top; } /* register IOMMU exclusion range settings */ - if ( limit >= iommu_top ) + if ( !rc && limit >= iommu_top ) { for_each_amd_iommu( iommu ) { @@ -241,15 +257,15 @@ static int __init register_exclusion_range_for_device( length = range_top - base; /* reserve unity-mapped page entries for device */ /* note: these entries are part of the exclusion range */ - reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); - reserve_unity_map_for_device(seg, req, base, length, iw, ir); + rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir) ?: + reserve_unity_map_for_device(seg, req, base, length, iw, ir); /* push 'base' just outside of virtual address space */ base = iommu_top; } /* register IOMMU exclusion range settings for device */ - if ( limit >= iommu_top ) + if ( !rc && limit >= iommu_top ) { rc = reserve_iommu_exclusion_range(iommu, base, limit, false /* all */, iw, ir); @@ -280,15 +296,15 @@ static int __init register_exclusion_range_for_iommu_devices( length = range_top - base; /* reserve r/w unity-mapped page entries for devices */ /* note: these entries are part of the exclusion range */ - for ( bdf = 0; bdf < ivrs_bdf_entries; bdf++ ) + for ( bdf = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) { if ( iommu == find_iommu_for_device(iommu->seg, bdf) ) { - reserve_unity_map_for_device(iommu->seg, bdf, base, length, - iw, ir); req = get_ivrs_mappings(iommu->seg)[bdf].dte_requestor_id; - reserve_unity_map_for_device(iommu->seg, req, base, length, - iw, ir); + rc = reserve_unity_map_for_device(iommu->seg, bdf, base, length, + iw, ir) ?: + reserve_unity_map_for_device(iommu->seg, req, base, length, + iw, ir); } } @@ -297,7 +313,7 @@ static int __init register_exclusion_range_for_iommu_devices( } /* register IOMMU exclusion range settings */ - if ( limit >= iommu_top ) + if ( !rc && limit >= iommu_top ) rc = reserve_iommu_exclusion_range(iommu, base, limit, true /* all */, iw, ir); diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 085fe2f577..adcc23fc43 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -367,15 +367,17 @@ static int amd_iommu_assign_device(struct domain *d, u8 devfn, struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); int bdf = PCI_BDF2(pdev->bus, devfn); int req_id = get_dma_requestor_id(pdev->seg, bdf); + const struct ivrs_unity_map *unity_map; - if ( ivrs_mappings[req_id].unity_map_enable ) + for ( unity_map = ivrs_mappings[req_id].unity_map; unity_map; + unity_map = unity_map->next ) { - amd_iommu_reserve_domain_unity_map( - d, - ivrs_mappings[req_id].addr_range_start, - ivrs_mappings[req_id].addr_range_length, - ivrs_mappings[req_id].write_permission, - ivrs_mappings[req_id].read_permission); + int rc = amd_iommu_reserve_domain_unity_map( + d, unity_map->addr, unity_map->length, + unity_map->write, unity_map->read); + + if ( rc ) + return rc; } return reassign_device(pdev->domain, d, devfn, pdev); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 12:25:26 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 12:25:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183144.331132 (Exim 4.92) (envelope-from ) id 1mOJ7O-0007qh-Uz; Thu, 09 Sep 2021 12:25:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183144.331132; Thu, 09 Sep 2021 12:25:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ7O-0007qV-RB; Thu, 09 Sep 2021 12:25:26 +0000 Received: by outflank-mailman (input) for mailman id 183144; Thu, 09 Sep 2021 12:25:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ7N-0007qH-Da for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:25:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ7N-0005U6-Cu for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:25:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOJ7N-0004aK-C8 for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:25:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=zUv1KW9RkR2pfhJQ611ZQqSUANMQrfw3Hrejpgj/Imk=; b=ytD5WKbUjxn2u+MGT/v+Jnkdwu JbjYvzNuJ5E9kHHgh3Ju+jCa1sNav3j1o3LbC1SpVHwRV216JMcRIgOd4XAVedjJESdiT+Cw+cAbl Pja/LbPYFRnyxidzL465esfK51SEmcr05lzMz61uIY/YHlyGPw95hMkF3fW/DVmihCdM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] IOMMU: also pass p2m_access_t to p2m_get_iommu_flags() Message-Id: Date: Thu, 09 Sep 2021 12:25:25 +0000 commit 34d141e27eea77d0ec8f2d19789bba314d24144a Author: Jan Beulich AuthorDate: Wed Aug 25 14:41:44 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:41:44 2021 +0200 IOMMU: also pass p2m_access_t to p2m_get_iommu_flags() A subsequent change will want to customize the IOMMU permissions based on this. This is part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: d1bb6c97c31ef754fb29b29eb307c090414e8022 master date: 2021-08-25 14:15:32 +0200 --- xen/arch/x86/mm/p2m-ept.c | 6 +++--- xen/arch/x86/mm/p2m-pt.c | 19 ++++++++++++++++--- xen/include/asm-x86/p2m.h | 3 ++- 3 files changed, 21 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/mm/p2m-ept.c b/xen/arch/x86/mm/p2m-ept.c index 23d411f01d..eda2999210 100644 --- a/xen/arch/x86/mm/p2m-ept.c +++ b/xen/arch/x86/mm/p2m-ept.c @@ -681,7 +681,7 @@ ept_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, uint8_t ipat = 0; bool_t need_modify_vtd_table = 1; bool_t vtd_pte_present = 0; - unsigned int iommu_flags = p2m_get_iommu_flags(p2mt, mfn); + unsigned int iommu_flags = p2m_get_iommu_flags(p2mt, p2ma, mfn); bool_t needs_sync = 1; ept_entry_t old_entry = { .epte = 0 }; ept_entry_t new_entry = { .epte = 0 }; @@ -809,8 +809,8 @@ ept_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, /* Safe to read-then-write because we hold the p2m lock */ if ( ept_entry->mfn == new_entry.mfn && - p2m_get_iommu_flags(ept_entry->sa_p2mt, _mfn(ept_entry->mfn)) == - iommu_flags ) + p2m_get_iommu_flags(ept_entry->sa_p2mt, ept_entry->access, + _mfn(ept_entry->mfn)) == iommu_flags ) need_modify_vtd_table = 0; ept_p2m_type_to_flags(p2m, &new_entry); diff --git a/xen/arch/x86/mm/p2m-pt.c b/xen/arch/x86/mm/p2m-pt.c index f2afcf49a3..7d691e616d 100644 --- a/xen/arch/x86/mm/p2m-pt.c +++ b/xen/arch/x86/mm/p2m-pt.c @@ -545,6 +545,16 @@ int p2m_pt_handle_deferred_changes(uint64_t gpa) return rc; } +/* Reconstruct a fake p2m_access_t from stored PTE flags. */ +static p2m_access_t p2m_flags_to_access(unsigned int flags) +{ + if ( flags & _PAGE_PRESENT ) + return p2m_access_n; + + /* No need to look at _PAGE_NX for now. */ + return flags & _PAGE_RW ? p2m_access_rw : p2m_access_r; +} + /* Checks only applicable to entries with order > PAGE_ORDER_4K */ static void check_entry(mfn_t mfn, p2m_type_t new, p2m_type_t old, unsigned int order) @@ -579,7 +589,7 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, l2_pgentry_t l2e_content; l3_pgentry_t l3e_content; int rc; - unsigned int iommu_pte_flags = p2m_get_iommu_flags(p2mt, mfn); + unsigned int iommu_pte_flags = p2m_get_iommu_flags(p2mt, p2ma, mfn); /* * old_mfn and iommu_old_flags control possible flush/update needs on the * IOMMU: We need to flush when MFN or flags (i.e. permissions) change. @@ -642,6 +652,7 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, old_mfn = l1e_get_pfn(*p2m_entry); iommu_old_flags = p2m_get_iommu_flags(p2m_flags_to_type(flags), + p2m_flags_to_access(flags), _mfn(old_mfn)); } else @@ -684,9 +695,10 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, 0, L1_PAGETABLE_ENTRIES); ASSERT(p2m_entry); old_mfn = l1e_get_pfn(*p2m_entry); + flags = l1e_get_flags(*p2m_entry); iommu_old_flags = - p2m_get_iommu_flags(p2m_flags_to_type(l1e_get_flags(*p2m_entry)), - _mfn(old_mfn)); + p2m_get_iommu_flags(p2m_flags_to_type(flags), + p2m_flags_to_access(flags), _mfn(old_mfn)); if ( mfn_valid(mfn) || p2m_allows_invalid_mfn(p2mt) ) entry_content = p2m_l1e_from_pfn(mfn_x(mfn), @@ -714,6 +726,7 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, old_mfn = l1e_get_pfn(*p2m_entry); iommu_old_flags = p2m_get_iommu_flags(p2m_flags_to_type(flags), + p2m_flags_to_access(flags), _mfn(old_mfn)); } else diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index 3514f1e1a3..b3168f426b 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -915,7 +915,8 @@ static inline void p2m_altp2m_check(struct vcpu *v, uint16_t idx) {} /* * p2m type to IOMMU flags */ -static inline unsigned int p2m_get_iommu_flags(p2m_type_t p2mt, mfn_t mfn) +static inline unsigned int p2m_get_iommu_flags(p2m_type_t p2mt, + p2m_access_t p2ma, mfn_t mfn) { unsigned int flags; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 12:25:37 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 12:25:37 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183146.331135 (Exim 4.92) (envelope-from ) id 1mOJ7Y-0007tc-Vn; Thu, 09 Sep 2021 12:25:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183146.331135; Thu, 09 Sep 2021 12:25:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ7Y-0007tS-Sh; Thu, 09 Sep 2021 12:25:36 +0000 Received: by outflank-mailman (input) for mailman id 183146; Thu, 09 Sep 2021 12:25:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ7X-0007tI-Ie for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:25:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ7X-0005UL-Hv for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:25:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOJ7X-0004av-Fi for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:25:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Sct92TP2Pjoof/LoqCqkltIXd6G3zw03NMORBssJJdA=; b=3IethdZ5U0n7K86rYy+c53+GbW PLADpC0budxqeGa5HzghZ87OG8zq6G3jDgfIZSXXjB0wLiV7NVoGfVUMbA0KWkw46zExYxCIB0BqP AGhuwwO0Xw8HZJXAqArUhCvILEK891tA8QoXf97Jt5fSGr/auiynmwXs00nAidPmGMwU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] IOMMU: generalize VT-d's tracking of mapped RMRR regions Message-Id: Date: Thu, 09 Sep 2021 12:25:35 +0000 commit 711aeb1106dafb7680093f32ea549fa5f333acf1 Author: Jan Beulich AuthorDate: Wed Aug 25 14:42:16 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:42:16 2021 +0200 IOMMU: generalize VT-d's tracking of mapped RMRR regions In order to re-use it elsewhere, move the logic to vendor independent code and strip it of RMRR specifics. Note that the prior "map" parameter gets folded into the new "p2ma" one (which AMD IOMMU code will want to make use of), assigning alternative meaning ("unmap") to p2m_access_x. Prepare set_identity_p2m_entry() and p2m_get_iommu_flags() for getting passed access types other than p2m_access_rw (in the latter case just for p2m_mmio_direct requests). Note also that, to be on the safe side, an overlap check gets added to the main loop of iommu_identity_mapping(). This is part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: c0e19d7c6c42f0bfccccd96b4f7b03b5515e10fc master date: 2021-08-25 14:15:57 +0200 --- xen/arch/x86/mm/p2m.c | 2 +- xen/drivers/passthrough/vtd/iommu.c | 99 +++++-------------------------------- xen/drivers/passthrough/x86/iommu.c | 94 +++++++++++++++++++++++++++++++++++ xen/include/asm-x86/iommu.h | 9 +++- xen/include/asm-x86/p2m.h | 35 +++++++++++-- 5 files changed, 148 insertions(+), 91 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 3840f167b0..d058e5b6ed 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -1365,7 +1365,7 @@ int set_identity_p2m_entry(struct domain *d, unsigned long gfn_l, return 0; return iommu_legacy_map(d, _dfn(gfn_l), _mfn(gfn_l), 1ul << PAGE_ORDER_4K, - IOMMUF_readable | IOMMUF_writable); + p2m_access_to_iommu_flags(p2ma)); } gfn_lock(p2m, gfn, 0); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 3fcd7208f0..3dac8ad79f 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -42,12 +42,6 @@ #include "vtd.h" #include "../ats.h" -struct mapped_rmrr { - struct list_head list; - u64 base, end; - unsigned int count; -}; - /* Possible unfiltered LAPIC/MSI messages from untrusted sources? */ bool __read_mostly untrusted_msi; @@ -1311,7 +1305,6 @@ static int intel_iommu_domain_init(struct domain *d) struct domain_iommu *hd = dom_iommu(d); hd->arch.vtd.agaw = width_to_agaw(DEFAULT_DOMAIN_ADDRESS_WIDTH); - INIT_LIST_HEAD(&hd->arch.vtd.mapped_rmrrs); return 0; } @@ -1788,17 +1781,12 @@ static void iommu_clear_root_pgtable(struct domain *d) static void iommu_domain_teardown(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); - struct mapped_rmrr *mrmrr, *tmp; const struct acpi_drhd_unit *drhd; if ( list_empty(&acpi_drhd_units) ) return; - list_for_each_entry_safe ( mrmrr, tmp, &hd->arch.vtd.mapped_rmrrs, list ) - { - list_del(&mrmrr->list); - xfree(mrmrr); - } + iommu_identity_map_teardown(d); ASSERT(!hd->arch.vtd.pgd_maddr); @@ -1946,74 +1934,6 @@ static int __init vtd_ept_page_compatible(struct vtd_iommu *iommu) (ept_has_1gb(ept_cap) && opt_hap_1gb) <= cap_sps_1gb(vtd_cap); } -static int rmrr_identity_mapping(struct domain *d, bool_t map, - const struct acpi_rmrr_unit *rmrr, - u32 flag) -{ - unsigned long base_pfn = rmrr->base_address >> PAGE_SHIFT_4K; - unsigned long end_pfn = PAGE_ALIGN_4K(rmrr->end_address) >> PAGE_SHIFT_4K; - struct mapped_rmrr *mrmrr; - struct domain_iommu *hd = dom_iommu(d); - - ASSERT(pcidevs_locked()); - ASSERT(rmrr->base_address < rmrr->end_address); - - /* - * No need to acquire hd->arch.mapping_lock: Both insertion and removal - * get done while holding pcidevs_lock. - */ - list_for_each_entry( mrmrr, &hd->arch.vtd.mapped_rmrrs, list ) - { - if ( mrmrr->base == rmrr->base_address && - mrmrr->end == rmrr->end_address ) - { - int ret = 0; - - if ( map ) - { - ++mrmrr->count; - return 0; - } - - if ( --mrmrr->count ) - return 0; - - while ( base_pfn < end_pfn ) - { - if ( clear_identity_p2m_entry(d, base_pfn) ) - ret = -ENXIO; - base_pfn++; - } - - list_del(&mrmrr->list); - xfree(mrmrr); - return ret; - } - } - - if ( !map ) - return -ENOENT; - - while ( base_pfn < end_pfn ) - { - int err = set_identity_p2m_entry(d, base_pfn, p2m_access_rw, flag); - - if ( err ) - return err; - base_pfn++; - } - - mrmrr = xmalloc(struct mapped_rmrr); - if ( !mrmrr ) - return -ENOMEM; - mrmrr->base = rmrr->base_address; - mrmrr->end = rmrr->end_address; - mrmrr->count = 1; - list_add_tail(&mrmrr->list, &hd->arch.vtd.mapped_rmrrs); - - return 0; -} - static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) { struct acpi_rmrr_unit *rmrr; @@ -2045,7 +1965,9 @@ static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) * Since RMRRs are always reserved in the e820 map for the hardware * domain, there shouldn't be a conflict. */ - ret = rmrr_identity_mapping(pdev->domain, 1, rmrr, 0); + ret = iommu_identity_mapping(pdev->domain, p2m_access_rw, + rmrr->base_address, rmrr->end_address, + 0); if ( ret ) dprintk(XENLOG_ERR VTDPREFIX, "d%d: RMRR mapping failed\n", pdev->domain->domain_id); @@ -2090,7 +2012,8 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) * Any flag is nothing to clear these mappings but here * its always safe and strict to set 0. */ - rmrr_identity_mapping(pdev->domain, 0, rmrr, 0); + iommu_identity_mapping(pdev->domain, p2m_access_x, rmrr->base_address, + rmrr->end_address, 0); } return domain_context_unmap(pdev->domain, devfn, pdev); @@ -2289,7 +2212,8 @@ static void __hwdom_init setup_hwdom_rmrr(struct domain *d) * domain, there shouldn't be a conflict. So its always safe and * strict to set 0. */ - ret = rmrr_identity_mapping(d, 1, rmrr, 0); + ret = iommu_identity_mapping(d, p2m_access_rw, rmrr->base_address, + rmrr->end_address, 0); if ( ret ) dprintk(XENLOG_ERR VTDPREFIX, "IOMMU: mapping reserved region failed\n"); @@ -2460,7 +2384,9 @@ static int reassign_device_ownership( * Any RMRR flag is always ignored when remove a device, * but its always safe and strict to set 0. */ - ret = rmrr_identity_mapping(source, 0, rmrr, 0); + ret = iommu_identity_mapping(source, p2m_access_x, + rmrr->base_address, + rmrr->end_address, 0); if ( ret != -ENOENT ) return ret; } @@ -2556,7 +2482,8 @@ static int intel_iommu_assign_device( PCI_BUS(bdf) == bus && PCI_DEVFN2(bdf) == devfn ) { - ret = rmrr_identity_mapping(d, 1, rmrr, flag); + ret = iommu_identity_mapping(d, p2m_access_rw, rmrr->base_address, + rmrr->end_address, flag); if ( ret ) { int rc; diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index b90bb31bfe..21c14fab66 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -143,6 +143,7 @@ int arch_iommu_domain_init(struct domain *d) INIT_PAGE_LIST_HEAD(&hd->arch.pgtables.list); spin_lock_init(&hd->arch.pgtables.lock); + INIT_LIST_HEAD(&hd->arch.identity_maps); return 0; } @@ -158,6 +159,99 @@ void arch_iommu_domain_destroy(struct domain *d) page_list_empty(&dom_iommu(d)->arch.pgtables.list)); } +struct identity_map { + struct list_head list; + paddr_t base, end; + p2m_access_t access; + unsigned int count; +}; + +int iommu_identity_mapping(struct domain *d, p2m_access_t p2ma, + paddr_t base, paddr_t end, + unsigned int flag) +{ + unsigned long base_pfn = base >> PAGE_SHIFT_4K; + unsigned long end_pfn = PAGE_ALIGN_4K(end) >> PAGE_SHIFT_4K; + struct identity_map *map; + struct domain_iommu *hd = dom_iommu(d); + + ASSERT(pcidevs_locked()); + ASSERT(base < end); + + /* + * No need to acquire hd->arch.mapping_lock: Both insertion and removal + * get done while holding pcidevs_lock. + */ + list_for_each_entry( map, &hd->arch.identity_maps, list ) + { + if ( map->base == base && map->end == end ) + { + int ret = 0; + + if ( p2ma != p2m_access_x ) + { + if ( map->access != p2ma ) + return -EADDRINUSE; + ++map->count; + return 0; + } + + if ( --map->count ) + return 0; + + while ( base_pfn < end_pfn ) + { + if ( clear_identity_p2m_entry(d, base_pfn) ) + ret = -ENXIO; + base_pfn++; + } + + list_del(&map->list); + xfree(map); + + return ret; + } + + if ( end >= map->base && map->end >= base ) + return -EADDRINUSE; + } + + if ( p2ma == p2m_access_x ) + return -ENOENT; + + while ( base_pfn < end_pfn ) + { + int err = set_identity_p2m_entry(d, base_pfn, p2ma, flag); + + if ( err ) + return err; + base_pfn++; + } + + map = xmalloc(struct identity_map); + if ( !map ) + return -ENOMEM; + map->base = base; + map->end = end; + map->access = p2ma; + map->count = 1; + list_add_tail(&map->list, &hd->arch.identity_maps); + + return 0; +} + +void iommu_identity_map_teardown(struct domain *d) +{ + struct domain_iommu *hd = dom_iommu(d); + struct identity_map *map, *tmp; + + list_for_each_entry_safe ( map, tmp, &hd->arch.identity_maps, list ) + { + list_del(&map->list); + xfree(map); + } +} + static bool __hwdom_init hwdom_iommu_map(const struct domain *d, unsigned long pfn, unsigned long max_pfn) diff --git a/xen/include/asm-x86/iommu.h b/xen/include/asm-x86/iommu.h index 970eb06ffa..33f11f33de 100644 --- a/xen/include/asm-x86/iommu.h +++ b/xen/include/asm-x86/iommu.h @@ -16,6 +16,7 @@ #include #include +#include #include #include #include @@ -51,13 +52,14 @@ struct arch_iommu spinlock_t lock; } pgtables; + struct list_head identity_maps; + union { /* Intel VT-d */ struct { uint64_t pgd_maddr; /* io page directory machine address */ unsigned int agaw; /* adjusted guest address width, 0 is level 2 30-bit */ uint64_t iommu_bitmap; /* bitmap of iommu(s) that the domain uses */ - struct list_head mapped_rmrrs; } vtd; /* AMD IOMMU */ struct { @@ -123,6 +125,11 @@ static inline void iommu_disable_x2apic(void) iommu_ops.disable_x2apic(); } +int iommu_identity_mapping(struct domain *d, p2m_access_t p2ma, + paddr_t base, paddr_t end, + unsigned int flag); +void iommu_identity_map_teardown(struct domain *d); + extern bool untrusted_msi; int pi_update_irte(const struct pi_desc *pi_desc, const struct pirq *pirq, diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index b3168f426b..6a7bb40fdb 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -912,6 +912,34 @@ struct p2m_domain *p2m_get_altp2m(struct vcpu *v); static inline void p2m_altp2m_check(struct vcpu *v, uint16_t idx) {} #endif +/* p2m access to IOMMU flags */ +static inline unsigned int p2m_access_to_iommu_flags(p2m_access_t p2ma) +{ + switch ( p2ma ) + { + case p2m_access_rw: + case p2m_access_rwx: + return IOMMUF_readable | IOMMUF_writable; + + case p2m_access_r: + case p2m_access_rx: + case p2m_access_rx2rw: + return IOMMUF_readable; + + case p2m_access_w: + case p2m_access_wx: + return IOMMUF_writable; + + case p2m_access_n: + case p2m_access_x: + case p2m_access_n2rwx: + return 0; + } + + ASSERT_UNREACHABLE(); + return 0; +} + /* * p2m type to IOMMU flags */ @@ -933,9 +961,10 @@ static inline unsigned int p2m_get_iommu_flags(p2m_type_t p2mt, flags = IOMMUF_readable; break; case p2m_mmio_direct: - flags = IOMMUF_readable; - if ( !rangeset_contains_singleton(mmio_ro_ranges, mfn_x(mfn)) ) - flags |= IOMMUF_writable; + flags = p2m_access_to_iommu_flags(p2ma); + if ( (flags & IOMMUF_writable) && + rangeset_contains_singleton(mmio_ro_ranges, mfn_x(mfn)) ) + flags &= ~IOMMUF_writable; break; default: flags = 0; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 12:25:47 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 12:25:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183148.331139 (Exim 4.92) (envelope-from ) id 1mOJ7j-0007wa-25; Thu, 09 Sep 2021 12:25:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183148.331139; Thu, 09 Sep 2021 12:25:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ7i-0007wK-UX; Thu, 09 Sep 2021 12:25:46 +0000 Received: by outflank-mailman (input) for mailman id 183148; Thu, 09 Sep 2021 12:25:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ7h-0007w0-Ow for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:25:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ7h-0005UZ-LU for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:25:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOJ7h-0004bT-Kj for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:25:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=zp/AVvyo/AwhBc6EBAkyM/iHPaCC+IF/48Y8t6j0yD4=; b=y8gzf7QEOXlmQcWrqS2JI8OLvW Z8d4OTq83EDIvZbb7k8heoAFJNjukX++UzQp4XhtHp20xSjZ4mMcebmYlB/OIh1AzSB7ralpuk3m1 CWkIW4TDBAZdOd0Ut0uxkPJR2jkb6EBd35XmKfSq1485EgCrSr9AN/k/lHfj/udJdh7s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] AMD/IOMMU: re-arrange/complete re-assignment handling Message-Id: Date: Thu, 09 Sep 2021 12:25:45 +0000 commit d39756f0539cfe85742687e8134fdf1181139390 Author: Jan Beulich AuthorDate: Wed Aug 25 14:42:54 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:42:54 2021 +0200 AMD/IOMMU: re-arrange/complete re-assignment handling Prior to the assignment step having completed successfully, devices should not get associated with their new owner. Hand the device to DomIO (perhaps temporarily), until after the de-assignment step has completed. De-assignment of a device (from other than Dom0) as well as failure of reassign_device() during assignment should result in unity mappings getting torn down. This in turn requires switching to a refcounted mapping approach, as was already used by VT-d for its RMRRs, to prevent unmapping a region used by multiple devices. This is CVE-2021-28696 / part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: 899272539cbe1acda736a850015416fff653a1b6 master date: 2021-08-25 14:16:26 +0200 --- xen/drivers/passthrough/amd/iommu.h | 6 ++- xen/drivers/passthrough/amd/iommu_map.c | 63 +++++++++++++++++------------ xen/drivers/passthrough/amd/pci_amd_iommu.c | 54 +++++++++++++++++++------ 3 files changed, 83 insertions(+), 40 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index f0e3e5b1a4..b2852594ec 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -232,8 +232,10 @@ int __must_check amd_iommu_unmap_page(struct domain *d, dfn_t dfn, unsigned int *flush_flags); int __must_check amd_iommu_alloc_root(struct domain *d); int amd_iommu_reserve_domain_unity_map(struct domain *domain, - paddr_t phys_addr, unsigned long size, - int iw, int ir); + const struct ivrs_unity_map *map, + unsigned int flag); +int amd_iommu_reserve_domain_unity_unmap(struct domain *d, + const struct ivrs_unity_map *map); int __must_check amd_iommu_flush_iotlb_pages(struct domain *d, dfn_t dfn, unsigned long page_count, unsigned int flush_flags); diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 560af54b76..2e7916b1e6 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -419,38 +419,49 @@ int amd_iommu_flush_iotlb_all(struct domain *d) return 0; } -int amd_iommu_reserve_domain_unity_map(struct domain *domain, - paddr_t phys_addr, - unsigned long size, int iw, int ir) +int amd_iommu_reserve_domain_unity_map(struct domain *d, + const struct ivrs_unity_map *map, + unsigned int flag) { - unsigned long npages, i; - unsigned long gfn; - unsigned int flags = !!ir; - unsigned int flush_flags = 0; - int rt = 0; - - if ( iw ) - flags |= IOMMUF_writable; - - npages = region_to_pages(phys_addr, size); - gfn = phys_addr >> PAGE_SHIFT; - for ( i = 0; i < npages; i++ ) + int rc; + + if ( d == dom_io ) + return 0; + + for ( rc = 0; !rc && map; map = map->next ) { - unsigned long frame = gfn + i; + p2m_access_t p2ma = p2m_access_n; - rt = amd_iommu_map_page(domain, _dfn(frame), _mfn(frame), flags, - &flush_flags); - if ( rt != 0 ) - break; + if ( map->read ) + p2ma |= p2m_access_r; + if ( map->write ) + p2ma |= p2m_access_w; + + rc = iommu_identity_mapping(d, p2ma, map->addr, + map->addr + map->length - 1, flag); } - /* Use while-break to avoid compiler warning */ - while ( flush_flags && - amd_iommu_flush_iotlb_pages(domain, _dfn(gfn), - npages, flush_flags) ) - break; + return rc; +} + +int amd_iommu_reserve_domain_unity_unmap(struct domain *d, + const struct ivrs_unity_map *map) +{ + int rc; + + if ( d == dom_io ) + return 0; + + for ( rc = 0; map; map = map->next ) + { + int ret = iommu_identity_mapping(d, p2m_access_x, map->addr, + map->addr + map->length - 1, 0); + + if ( ret && ret != -ENOENT && !rc ) + rc = ret; + } - return rt; + return rc; } int __init amd_iommu_quarantine_init(struct domain *d) diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index adcc23fc43..7c3966ef52 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -329,6 +329,7 @@ static int reassign_device(struct domain *source, struct domain *target, { struct amd_iommu *iommu; int bdf, rc; + const struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); bdf = PCI_BDF2(pdev->bus, pdev->devfn); iommu = find_iommu_for_device(pdev->seg, bdf); @@ -343,10 +344,24 @@ static int reassign_device(struct domain *source, struct domain *target, amd_iommu_disable_domain_device(source, iommu, devfn, pdev); - if ( devfn == pdev->devfn ) + /* + * If the device belongs to the hardware domain, and it has a unity mapping, + * don't remove it from the hardware domain, because BIOS may reference that + * mapping. + */ + if ( !is_hardware_domain(source) ) { - list_move(&pdev->domain_list, &target->pdev_list); - pdev->domain = target; + rc = amd_iommu_reserve_domain_unity_unmap( + source, + ivrs_mappings[get_dma_requestor_id(pdev->seg, bdf)].unity_map); + if ( rc ) + return rc; + } + + if ( devfn == pdev->devfn && pdev->domain != dom_io ) + { + list_move(&pdev->domain_list, &dom_io->pdev_list); + pdev->domain = dom_io; } rc = allocate_domain_resources(target); @@ -357,6 +372,12 @@ static int reassign_device(struct domain *source, struct domain *target, AMD_IOMMU_DEBUG("Re-assign %pp from dom%d to dom%d\n", &pdev->sbdf, source->domain_id, target->domain_id); + if ( devfn == pdev->devfn && pdev->domain != target ) + { + list_move(&pdev->domain_list, &target->pdev_list); + pdev->domain = target; + } + return 0; } @@ -367,20 +388,28 @@ static int amd_iommu_assign_device(struct domain *d, u8 devfn, struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); int bdf = PCI_BDF2(pdev->bus, devfn); int req_id = get_dma_requestor_id(pdev->seg, bdf); - const struct ivrs_unity_map *unity_map; + int rc = amd_iommu_reserve_domain_unity_map( + d, ivrs_mappings[req_id].unity_map, flag); + + if ( !rc ) + rc = reassign_device(pdev->domain, d, devfn, pdev); - for ( unity_map = ivrs_mappings[req_id].unity_map; unity_map; - unity_map = unity_map->next ) + if ( rc && !is_hardware_domain(d) ) { - int rc = amd_iommu_reserve_domain_unity_map( - d, unity_map->addr, unity_map->length, - unity_map->write, unity_map->read); + int ret = amd_iommu_reserve_domain_unity_unmap( + d, ivrs_mappings[req_id].unity_map); - if ( rc ) - return rc; + if ( ret ) + { + printk(XENLOG_ERR "AMD-Vi: " + "unity-unmap for %pd/%04x:%02x:%02x.%u failed (%d)\n", + d, pdev->seg, pdev->bus, + PCI_SLOT(devfn), PCI_FUNC(devfn), ret); + domain_crash(d); + } } - return reassign_device(pdev->domain, d, devfn, pdev); + return rc; } static void amd_iommu_clear_root_pgtable(struct domain *d) @@ -394,6 +423,7 @@ static void amd_iommu_clear_root_pgtable(struct domain *d) static void amd_iommu_domain_destroy(struct domain *d) { + iommu_identity_map_teardown(d); ASSERT(!dom_iommu(d)->arch.amd.root_table); } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 12:25:57 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 12:25:57 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183150.331143 (Exim 4.92) (envelope-from ) id 1mOJ7t-0007zp-4j; Thu, 09 Sep 2021 12:25:57 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183150.331143; Thu, 09 Sep 2021 12:25:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ7t-0007zf-1p; Thu, 09 Sep 2021 12:25:57 +0000 Received: by outflank-mailman (input) for mailman id 183150; Thu, 09 Sep 2021 12:25:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ7r-0007zV-Pj for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:25:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ7r-0005V0-Oy for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:25:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOJ7r-0004c6-OB for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:25:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=le9pyWBYLfO3azgCSeKMdl707I3BK8Zzy4xQVWSN3x8=; b=eHg5gVB991fV50HGbAkZPCV5kp aSWxQBjsByigGaweZwAu8PYB9SgKtIgqPMclBGaWhifjlZzjx+PiUe3RNYozZS4GXEKEvwzp47usC 0FZgej+++xBwaGWqQCcCp1oNFXOrA4fQg+mPCaylRp0ib8ZVHPdeRFHsfhVjlX8Ty2O4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] AMD/IOMMU: re-arrange exclusion range and unity map recording Message-Id: Date: Thu, 09 Sep 2021 12:25:55 +0000 commit 27bc41d712fe546be7bcccfa324005b67f167137 Author: Jan Beulich AuthorDate: Wed Aug 25 14:43:09 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:43:09 2021 +0200 AMD/IOMMU: re-arrange exclusion range and unity map recording The spec makes no provisions for OS behavior here to depend on the amount of RAM found on the system. While the spec may not sufficiently clearly distinguish both kinds of regions, they are surely meant to be separate things: Only regions with ACPI_IVMD_EXCLUSION_RANGE set should be candidates for putting in the exclusion range registers. (As there's only a single such pair of registers per IOMMU, secondary non-adjacent regions with the flag set already get converted to unity mapped regions.) First of all, drop the dependency on max_page. With commit b4f042236ae0 ("AMD/IOMMU: Cease using a dynamic height for the IOMMU pagetables") the use of it here was stale anyway; it was bogus already before, as it didn't account for max_page getting increased later on. Simply try an exclusion range registration first, and if it fails (for being unsuitable or non-mergeable), register a unity mapping range. With this various local variables become unnecessary and hence get dropped at the same time. With the max_page boundary dropped for using unity maps, the minimum page table tree height now needs both recording and enforcing in amd_iommu_domain_init(). Since we can't predict which devices may get assigned to a domain, our only option is to uniformly force at least that height for all domains, now that the height isn't dynamic anymore. Further don't make use of the exclusion range unless ACPI data says so. Note that exclusion range registration in register_range_for_all_devices() is on a best effort basis. Hence unity map entries also registered are redundant when the former succeeded, but they also do no harm. Improvements in this area can be done later imo. Also adjust types where suitable without touching extra lines. This is part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: 8ea80530cd0dbb8ffa7ac92606a3ee29663fdc93 master date: 2021-08-25 14:16:46 +0200 --- xen/drivers/passthrough/amd/iommu.h | 2 + xen/drivers/passthrough/amd/iommu_acpi.c | 184 ++++++++++++---------------- xen/drivers/passthrough/amd/pci_amd_iommu.c | 12 +- 3 files changed, 90 insertions(+), 108 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index b2852594ec..61374b6de4 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -304,6 +304,8 @@ extern struct hpet_sbdf { } init; } hpet_sbdf; +extern int amd_iommu_min_paging_mode; + extern void *shared_intremap_table; extern unsigned long *shared_intremap_inuse; diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c b/xen/drivers/passthrough/amd/iommu_acpi.c index f98a936ecd..2fdebd2d74 100644 --- a/xen/drivers/passthrough/amd/iommu_acpi.c +++ b/xen/drivers/passthrough/amd/iommu_acpi.c @@ -117,12 +117,8 @@ static struct amd_iommu * __init find_iommu_from_bdf_cap( } static int __init reserve_iommu_exclusion_range( - struct amd_iommu *iommu, uint64_t base, uint64_t limit, - bool all, bool iw, bool ir) + struct amd_iommu *iommu, paddr_t base, paddr_t limit, bool all) { - if ( !ir || !iw ) - return -EPERM; - /* need to extend exclusion range? */ if ( iommu->exclusion_enable ) { @@ -151,14 +147,18 @@ static int __init reserve_unity_map_for_device( { struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(seg); struct ivrs_unity_map *unity_map = ivrs_mappings[bdf].unity_map; + int paging_mode = amd_iommu_get_paging_mode(PFN_UP(base + length)); + + if ( paging_mode < 0 ) + return paging_mode; /* Check for overlaps. */ for ( ; unity_map; unity_map = unity_map->next ) { /* * Exact matches are okay. This can in particular happen when - * register_exclusion_range_for_device() calls here twice for the - * same (s,b,d,f). + * register_range_for_device() calls here twice for the same + * (s,b,d,f). */ if ( base == unity_map->addr && length == unity_map->length && ir == unity_map->read && iw == unity_map->write ) @@ -186,55 +186,52 @@ static int __init reserve_unity_map_for_device( unity_map->next = ivrs_mappings[bdf].unity_map; ivrs_mappings[bdf].unity_map = unity_map; + if ( paging_mode > amd_iommu_min_paging_mode ) + amd_iommu_min_paging_mode = paging_mode; + return 0; } -static int __init register_exclusion_range_for_all_devices( - unsigned long base, unsigned long limit, u8 iw, u8 ir) +static int __init register_range_for_all_devices( + paddr_t base, paddr_t limit, bool iw, bool ir, bool exclusion) { int seg = 0; /* XXX */ - unsigned long range_top, iommu_top, length; struct amd_iommu *iommu; - unsigned int bdf; int rc = 0; /* is part of exclusion range inside of IOMMU virtual address space? */ /* note: 'limit' parameter is assumed to be page-aligned */ - range_top = limit + PAGE_SIZE; - iommu_top = max_page * PAGE_SIZE; - if ( base < iommu_top ) - { - if ( range_top > iommu_top ) - range_top = iommu_top; - length = range_top - base; - /* reserve r/w unity-mapped page entries for devices */ - /* note: these entries are part of the exclusion range */ - for ( bdf = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) - rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); - /* push 'base' just outside of virtual address space */ - base = iommu_top; - } - /* register IOMMU exclusion range settings */ - if ( !rc && limit >= iommu_top ) + if ( exclusion ) { for_each_amd_iommu( iommu ) { - rc = reserve_iommu_exclusion_range(iommu, base, limit, - true /* all */, iw, ir); - if ( rc ) - break; + int ret = reserve_iommu_exclusion_range(iommu, base, limit, + true /* all */); + + if ( ret && !rc ) + rc = ret; } } + if ( !exclusion || rc ) + { + paddr_t length = limit + PAGE_SIZE - base; + unsigned int bdf; + + /* reserve r/w unity-mapped page entries for devices */ + for ( bdf = rc = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) + rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); + } + return rc; } -static int __init register_exclusion_range_for_device( - u16 bdf, unsigned long base, unsigned long limit, u8 iw, u8 ir) +static int __init register_range_for_device( + unsigned int bdf, paddr_t base, paddr_t limit, + bool iw, bool ir, bool exclusion) { int seg = 0; /* XXX */ struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(seg); - unsigned long range_top, iommu_top, length; struct amd_iommu *iommu; u16 req; int rc = 0; @@ -248,27 +245,19 @@ static int __init register_exclusion_range_for_device( req = ivrs_mappings[bdf].dte_requestor_id; /* note: 'limit' parameter is assumed to be page-aligned */ - range_top = limit + PAGE_SIZE; - iommu_top = max_page * PAGE_SIZE; - if ( base < iommu_top ) + if ( exclusion ) + rc = reserve_iommu_exclusion_range(iommu, base, limit, + false /* all */); + if ( !exclusion || rc ) { - if ( range_top > iommu_top ) - range_top = iommu_top; - length = range_top - base; + paddr_t length = limit + PAGE_SIZE - base; + /* reserve unity-mapped page entries for device */ - /* note: these entries are part of the exclusion range */ rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir) ?: reserve_unity_map_for_device(seg, req, base, length, iw, ir); - - /* push 'base' just outside of virtual address space */ - base = iommu_top; } - - /* register IOMMU exclusion range settings for device */ - if ( !rc && limit >= iommu_top ) + else { - rc = reserve_iommu_exclusion_range(iommu, base, limit, - false /* all */, iw, ir); ivrs_mappings[bdf].dte_allow_exclusion = true; ivrs_mappings[req].dte_allow_exclusion = true; } @@ -276,53 +265,42 @@ static int __init register_exclusion_range_for_device( return rc; } -static int __init register_exclusion_range_for_iommu_devices( - struct amd_iommu *iommu, - unsigned long base, unsigned long limit, u8 iw, u8 ir) +static int __init register_range_for_iommu_devices( + struct amd_iommu *iommu, paddr_t base, paddr_t limit, + bool iw, bool ir, bool exclusion) { - unsigned long range_top, iommu_top, length; + /* note: 'limit' parameter is assumed to be page-aligned */ + paddr_t length = limit + PAGE_SIZE - base; unsigned int bdf; u16 req; - int rc = 0; + int rc; - /* is part of exclusion range inside of IOMMU virtual address space? */ - /* note: 'limit' parameter is assumed to be page-aligned */ - range_top = limit + PAGE_SIZE; - iommu_top = max_page * PAGE_SIZE; - if ( base < iommu_top ) + if ( exclusion ) { - if ( range_top > iommu_top ) - range_top = iommu_top; - length = range_top - base; - /* reserve r/w unity-mapped page entries for devices */ - /* note: these entries are part of the exclusion range */ - for ( bdf = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) - { - if ( iommu == find_iommu_for_device(iommu->seg, bdf) ) - { - req = get_ivrs_mappings(iommu->seg)[bdf].dte_requestor_id; - rc = reserve_unity_map_for_device(iommu->seg, bdf, base, length, - iw, ir) ?: - reserve_unity_map_for_device(iommu->seg, req, base, length, - iw, ir); - } - } - - /* push 'base' just outside of virtual address space */ - base = iommu_top; + rc = reserve_iommu_exclusion_range(iommu, base, limit, true /* all */); + if ( !rc ) + return 0; } - /* register IOMMU exclusion range settings */ - if ( !rc && limit >= iommu_top ) - rc = reserve_iommu_exclusion_range(iommu, base, limit, - true /* all */, iw, ir); + /* reserve unity-mapped page entries for devices */ + for ( bdf = rc = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) + { + if ( iommu != find_iommu_for_device(iommu->seg, bdf) ) + continue; + + req = get_ivrs_mappings(iommu->seg)[bdf].dte_requestor_id; + rc = reserve_unity_map_for_device(iommu->seg, bdf, base, length, + iw, ir) ?: + reserve_unity_map_for_device(iommu->seg, req, base, length, + iw, ir); + } return rc; } static int __init parse_ivmd_device_select( const struct acpi_ivrs_memory *ivmd_block, - unsigned long base, unsigned long limit, u8 iw, u8 ir) + paddr_t base, paddr_t limit, bool iw, bool ir, bool exclusion) { u16 bdf; @@ -333,12 +311,12 @@ static int __init parse_ivmd_device_select( return -ENODEV; } - return register_exclusion_range_for_device(bdf, base, limit, iw, ir); + return register_range_for_device(bdf, base, limit, iw, ir, exclusion); } static int __init parse_ivmd_device_range( const struct acpi_ivrs_memory *ivmd_block, - unsigned long base, unsigned long limit, u8 iw, u8 ir) + paddr_t base, paddr_t limit, bool iw, bool ir, bool exclusion) { unsigned int first_bdf, last_bdf, bdf; int error; @@ -360,15 +338,15 @@ static int __init parse_ivmd_device_range( } for ( bdf = first_bdf, error = 0; (bdf <= last_bdf) && !error; bdf++ ) - error = register_exclusion_range_for_device( - bdf, base, limit, iw, ir); + error = register_range_for_device( + bdf, base, limit, iw, ir, exclusion); return error; } static int __init parse_ivmd_device_iommu( const struct acpi_ivrs_memory *ivmd_block, - unsigned long base, unsigned long limit, u8 iw, u8 ir) + paddr_t base, paddr_t limit, bool iw, bool ir, bool exclusion) { int seg = 0; /* XXX */ struct amd_iommu *iommu; @@ -383,14 +361,14 @@ static int __init parse_ivmd_device_iommu( return -ENODEV; } - return register_exclusion_range_for_iommu_devices( - iommu, base, limit, iw, ir); + return register_range_for_iommu_devices( + iommu, base, limit, iw, ir, exclusion); } static int __init parse_ivmd_block(const struct acpi_ivrs_memory *ivmd_block) { unsigned long start_addr, mem_length, base, limit; - u8 iw, ir; + bool iw = true, ir = true, exclusion = false; if ( ivmd_block->header.length < sizeof(*ivmd_block) ) { @@ -407,13 +385,11 @@ static int __init parse_ivmd_block(const struct acpi_ivrs_memory *ivmd_block) ivmd_block->header.type, start_addr, mem_length); if ( ivmd_block->header.flags & ACPI_IVMD_EXCLUSION_RANGE ) - iw = ir = IOMMU_CONTROL_ENABLED; + exclusion = true; else if ( ivmd_block->header.flags & ACPI_IVMD_UNITY ) { - iw = ivmd_block->header.flags & ACPI_IVMD_READ ? - IOMMU_CONTROL_ENABLED : IOMMU_CONTROL_DISABLED; - ir = ivmd_block->header.flags & ACPI_IVMD_WRITE ? - IOMMU_CONTROL_ENABLED : IOMMU_CONTROL_DISABLED; + iw = ivmd_block->header.flags & ACPI_IVMD_READ; + ir = ivmd_block->header.flags & ACPI_IVMD_WRITE; } else { @@ -424,20 +400,20 @@ static int __init parse_ivmd_block(const struct acpi_ivrs_memory *ivmd_block) switch( ivmd_block->header.type ) { case ACPI_IVRS_TYPE_MEMORY_ALL: - return register_exclusion_range_for_all_devices( - base, limit, iw, ir); + return register_range_for_all_devices( + base, limit, iw, ir, exclusion); case ACPI_IVRS_TYPE_MEMORY_ONE: - return parse_ivmd_device_select(ivmd_block, - base, limit, iw, ir); + return parse_ivmd_device_select(ivmd_block, base, limit, + iw, ir, exclusion); case ACPI_IVRS_TYPE_MEMORY_RANGE: - return parse_ivmd_device_range(ivmd_block, - base, limit, iw, ir); + return parse_ivmd_device_range(ivmd_block, base, limit, + iw, ir, exclusion); case ACPI_IVRS_TYPE_MEMORY_IOMMU: - return parse_ivmd_device_iommu(ivmd_block, - base, limit, iw, ir); + return parse_ivmd_device_iommu(ivmd_block, base, limit, + iw, ir, exclusion); default: AMD_IOMMU_DEBUG("IVMD Error: Invalid Block Type!\n"); diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 7c3966ef52..c8e76d4077 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -234,6 +234,8 @@ static int __must_check allocate_domain_resources(struct domain *d) return rc; } +int __read_mostly amd_iommu_min_paging_mode = 1; + static int amd_iommu_domain_init(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); @@ -245,11 +247,13 @@ static int amd_iommu_domain_init(struct domain *d) * - HVM could in principle use 3 or 4 depending on how much guest * physical address space we give it, but this isn't known yet so use 4 * unilaterally. + * - Unity maps may require an even higher number. */ - hd->arch.amd.paging_mode = amd_iommu_get_paging_mode( - is_hvm_domain(d) - ? 1ul << (DEFAULT_DOMAIN_ADDRESS_WIDTH - PAGE_SHIFT) - : get_upper_mfn_bound() + 1); + hd->arch.amd.paging_mode = max(amd_iommu_get_paging_mode( + is_hvm_domain(d) + ? 1ul << (DEFAULT_DOMAIN_ADDRESS_WIDTH - PAGE_SHIFT) + : get_upper_mfn_bound() + 1), + amd_iommu_min_paging_mode); return 0; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 12:26:07 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 12:26:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183152.331147 (Exim 4.92) (envelope-from ) id 1mOJ83-00082X-6a; Thu, 09 Sep 2021 12:26:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183152.331147; Thu, 09 Sep 2021 12:26:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ83-00082P-3Y; Thu, 09 Sep 2021 12:26:07 +0000 Received: by outflank-mailman (input) for mailman id 183152; Thu, 09 Sep 2021 12:26:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ81-00082H-Te for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:26:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ81-0005VQ-Sx for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:26:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOJ81-0004dC-S4 for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:26:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=iIVD/+ul3GIDFcSlUi8HdOZCgzrak5w0S3RD/7aPjFk=; b=tEE1vki+V89QAOg4XK7F/dJ9cL sgVg9tVu1Exrxm3nj4z900Ga3fiamWwepzhmA8GgMs/8woGfZCZkgQu3sW/B2SfReWzDfUNdvg3rm mB9tOqofiMGNuakBgNEzi9qgpJ5TZYfmme4ah/vnHe841zo1tLOzB/fOKPK9bX7uKna0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/p2m: introduce p2m_is_special() Message-Id: Date: Thu, 09 Sep 2021 12:26:05 +0000 commit 9f44ed133f303f73a40b2447a9e39d39f879e96f Author: Jan Beulich AuthorDate: Wed Aug 25 14:43:22 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:43:22 2021 +0200 x86/p2m: introduce p2m_is_special() Seeing the similarity of grant, foreign, and (subsequently) direct-MMIO handling, introduce a new P2M type group named "special" (as in "needing special accessors to create/destroy"). Also use -EPERM instead of other error codes on the two domain_crash() paths touched. This is part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: 0bf755e2c856628e11e93c76c3e12974e9964638 master date: 2021-08-25 14:17:07 +0200 --- xen/arch/x86/mm/p2m.c | 15 +++++++-------- xen/include/asm-x86/p2m.h | 5 +++++ 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index d058e5b6ed..59764c6073 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -811,7 +811,7 @@ p2m_remove_page(struct p2m_domain *p2m, gfn_t gfn, mfn_t mfn, for ( i = 0; i < (1UL << page_order); i++ ) { p2m->get_entry(p2m, gfn_add(gfn, i), &t, &a, 0, NULL, NULL); - if ( !p2m_is_grant(t) && !p2m_is_shared(t) && !p2m_is_foreign(t) ) + if ( !p2m_is_special(t) && !p2m_is_shared(t) ) set_gpfn_from_mfn(mfn_x(mfn) + i, INVALID_M2P_ENTRY); } } @@ -941,13 +941,13 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, &ot, &a, 0, NULL, NULL); ASSERT(!p2m_is_shared(ot)); } - if ( p2m_is_grant(ot) || p2m_is_foreign(ot) ) + if ( p2m_is_special(ot) ) { - /* Really shouldn't be unmapping grant/foreign maps this way */ + /* Don't permit unmapping grant/foreign this way. */ domain_crash(d); p2m_unlock(p2m); - return -EINVAL; + return -EPERM; } else if ( p2m_is_ram(ot) && !p2m_is_paged(ot) ) { @@ -1041,8 +1041,7 @@ int p2m_change_type_one(struct domain *d, unsigned long gfn_l, struct p2m_domain *p2m = p2m_get_hostp2m(d); int rc; - BUG_ON(p2m_is_grant(ot) || p2m_is_grant(nt)); - BUG_ON(p2m_is_foreign(ot) || p2m_is_foreign(nt)); + BUG_ON(p2m_is_special(ot) || p2m_is_special(nt)); gfn_lock(p2m, gfn, 0); @@ -1289,11 +1288,11 @@ static int set_typed_p2m_entry(struct domain *d, unsigned long gfn_l, gfn_unlock(p2m, gfn, order); return cur_order + 1; } - if ( p2m_is_grant(ot) || p2m_is_foreign(ot) ) + if ( p2m_is_special(ot) ) { gfn_unlock(p2m, gfn, order); domain_crash(d); - return -ENOENT; + return -EPERM; } else if ( p2m_is_ram(ot) ) { diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index 6a7bb40fdb..18c3c42e9d 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -149,6 +149,10 @@ typedef unsigned int p2m_query_t; | p2m_to_mask(p2m_ram_logdirty) ) #define P2M_SHARED_TYPES (p2m_to_mask(p2m_ram_shared)) +/* Types established/cleaned up via special accessors. */ +#define P2M_SPECIAL_TYPES (P2M_GRANT_TYPES | \ + p2m_to_mask(p2m_map_foreign)) + /* Valid types not necessarily associated with a (valid) MFN. */ #define P2M_INVALID_MFN_TYPES (P2M_POD_TYPES \ | p2m_to_mask(p2m_mmio_direct) \ @@ -177,6 +181,7 @@ typedef unsigned int p2m_query_t; #define p2m_is_paged(_t) (p2m_to_mask(_t) & P2M_PAGED_TYPES) #define p2m_is_sharable(_t) (p2m_to_mask(_t) & P2M_SHARABLE_TYPES) #define p2m_is_shared(_t) (p2m_to_mask(_t) & P2M_SHARED_TYPES) +#define p2m_is_special(_t) (p2m_to_mask(_t) & P2M_SPECIAL_TYPES) #define p2m_is_broken(_t) (p2m_to_mask(_t) & P2M_BROKEN_TYPES) #define p2m_is_foreign(_t) (p2m_to_mask(_t) & p2m_to_mask(p2m_map_foreign)) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 12:26:17 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 12:26:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183154.331151 (Exim 4.92) (envelope-from ) id 1mOJ8D-000860-8K; Thu, 09 Sep 2021 12:26:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183154.331151; Thu, 09 Sep 2021 12:26:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ8D-00085q-5F; Thu, 09 Sep 2021 12:26:17 +0000 Received: by outflank-mailman (input) for mailman id 183154; Thu, 09 Sep 2021 12:26:16 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ8C-00085Y-1F for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:26:16 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ8C-0005Vc-0a for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:26:16 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOJ8B-0004dz-W5 for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:26:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=CG1HoSL/LU0pzi7s7oBCb1otWYlBzVMeu6n4YnyyX3U=; b=plFZX2G6IALoRLdEq851lWeEj9 jezejek7xMntSAvHc10sIJZzyp+4pVReXfRtEnKxeJqY0CulKACq7+p7NP1t08tj0HnfS7LOHUYa5 JcbfkTdfwIl1NbvTpQHKBIWBGsERvZMIVh68XmZh7br3Y4ViGpgW07/1kTlrmUPEw1xU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/p2m: guard (in particular) identity mapping entries Message-Id: Date: Thu, 09 Sep 2021 12:26:15 +0000 commit 7850fe53a59f73fbb0a61c36141c6a6563e3eeca Author: Jan Beulich AuthorDate: Wed Aug 25 14:43:45 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:43:45 2021 +0200 x86/p2m: guard (in particular) identity mapping entries Such entries, created by set_identity_p2m_entry(), should only be destroyed by clear_identity_p2m_entry(). However, similarly, entries created by set_mmio_p2m_entry() should only be torn down by clear_mmio_p2m_entry(), so the logic gets based upon p2m_mmio_direct as the entry type (separation between "ordinary" and 1:1 mappings would require a further indicator to tell apart the two). As to the guest_remove_page() change, commit 48dfb297a20a ("x86/PVH: allow guest_remove_page to remove p2m_mmio_direct pages"), which introduced the call to clear_mmio_p2m_entry(), claimed this was done for hwdom only without this actually having been the case. However, this code shouldn't be there in the first place, as MMIO entries shouldn't be dropped this way. Avoid triggering the warning again that 48dfb297a20a silenced by an adjustment to xenmem_add_to_physmap_one() instead. Note that guest_physmap_mark_populate_on_demand() gets tightened beyond the immediate purpose of this change. Note also that I didn't inspect code which isn't security supported, e.g. sharing, paging, or altp2m. This is CVE-2021-28694 / part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: 753cb68e653002e89fdcd1c80e52905fdbfb78cb master date: 2021-08-25 14:17:32 +0200 --- xen/arch/x86/mm/p2m-pod.c | 12 ++++++------ xen/arch/x86/mm/p2m.c | 15 +++++++++------ xen/common/memory.c | 11 ++++++++++- xen/include/asm-x86/p2m.h | 5 ++--- 4 files changed, 27 insertions(+), 16 deletions(-) diff --git a/xen/arch/x86/mm/p2m-pod.c b/xen/arch/x86/mm/p2m-pod.c index ae153fa6e6..8abc57265c 100644 --- a/xen/arch/x86/mm/p2m-pod.c +++ b/xen/arch/x86/mm/p2m-pod.c @@ -1299,17 +1299,17 @@ guest_physmap_mark_populate_on_demand(struct domain *d, unsigned long gfn_l, p2m->get_entry(p2m, gfn_add(gfn, i), &ot, &a, 0, &cur_order, NULL); n = 1UL << min(order, cur_order); - if ( p2m_is_ram(ot) ) + if ( ot == p2m_populate_on_demand ) + { + /* Count how many PoD entries we'll be replacing if successful */ + pod_count += n; + } + else if ( ot != p2m_invalid && ot != p2m_mmio_dm ) { P2M_DEBUG("gfn_to_mfn returned type %d!\n", ot); rc = -EBUSY; goto out; } - else if ( ot == p2m_populate_on_demand ) - { - /* Count how man PoD entries we'll be replacing if successful */ - pod_count += n; - } } /* Now, actually do the two-way mapping */ diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 59764c6073..4cbb177aa9 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -799,7 +799,8 @@ p2m_remove_page(struct p2m_domain *p2m, gfn_t gfn, mfn_t mfn, &cur_order, NULL); if ( p2m_is_valid(t) && - (!mfn_valid(mfn) || !mfn_eq(mfn_add(mfn, i), mfn_return)) ) + (!mfn_valid(mfn) || t == p2m_mmio_direct || + !mfn_eq(mfn_add(mfn, i), mfn_return)) ) return -EILSEQ; i += (1UL << cur_order) - @@ -899,7 +900,7 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, if ( p2m_is_foreign(t) ) return -EINVAL; - if ( !mfn_valid(mfn) ) + if ( !mfn_valid(mfn) || t == p2m_mmio_direct ) { ASSERT_UNREACHABLE(); return -EINVAL; @@ -943,7 +944,7 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, } if ( p2m_is_special(ot) ) { - /* Don't permit unmapping grant/foreign this way. */ + /* Don't permit unmapping grant/foreign/direct-MMIO this way. */ domain_crash(d); p2m_unlock(p2m); @@ -1399,8 +1400,8 @@ int set_identity_p2m_entry(struct domain *d, unsigned long gfn_l, * order+1 for caller to retry with order (guaranteed smaller than * the order value passed in) */ -int clear_mmio_p2m_entry(struct domain *d, unsigned long gfn_l, mfn_t mfn, - unsigned int order) +static int clear_mmio_p2m_entry(struct domain *d, unsigned long gfn_l, + mfn_t mfn, unsigned int order) { int rc = -EINVAL; gfn_t gfn = _gfn(gfn_l); @@ -2731,7 +2732,9 @@ int xenmem_add_to_physmap_one( /* Remove previously mapped page if it was present. */ prev_mfn = get_gfn(d, gfn_x(gpfn), &p2mt); - if ( mfn_valid(prev_mfn) ) + if ( p2mt == p2m_mmio_direct ) + rc = -EPERM; + else if ( mfn_valid(prev_mfn) ) { if ( is_special_page(mfn_to_page(prev_mfn)) ) /* Special pages are simply unhooked from this phys slot. */ diff --git a/xen/common/memory.c b/xen/common/memory.c index 76b9f58478..297b98a562 100644 --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -330,7 +330,7 @@ int guest_remove_page(struct domain *d, unsigned long gmfn) } if ( p2mt == p2m_mmio_direct ) { - rc = clear_mmio_p2m_entry(d, gmfn, mfn, PAGE_ORDER_4K); + rc = -EPERM; goto out_put_gfn; } #else @@ -1875,6 +1875,15 @@ int check_get_page_from_gfn(struct domain *d, gfn_t gfn, bool readonly, return -EAGAIN; } #endif +#ifdef CONFIG_X86 + if ( p2mt == p2m_mmio_direct ) + { + if ( page ) + put_page(page); + + return -EPERM; + } +#endif if ( !page ) return -EINVAL; diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index 18c3c42e9d..422a8b228f 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -151,7 +151,8 @@ typedef unsigned int p2m_query_t; /* Types established/cleaned up via special accessors. */ #define P2M_SPECIAL_TYPES (P2M_GRANT_TYPES | \ - p2m_to_mask(p2m_map_foreign)) + p2m_to_mask(p2m_map_foreign) | \ + p2m_to_mask(p2m_mmio_direct)) /* Valid types not necessarily associated with a (valid) MFN. */ #define P2M_INVALID_MFN_TYPES (P2M_POD_TYPES \ @@ -666,8 +667,6 @@ int p2m_is_logdirty_range(struct p2m_domain *, unsigned long start, /* Set mmio addresses in the p2m table (for pass-through) */ int set_mmio_p2m_entry(struct domain *d, gfn_t gfn, mfn_t mfn, unsigned int order); -int clear_mmio_p2m_entry(struct domain *d, unsigned long gfn, mfn_t mfn, - unsigned int order); /* Set identity addresses in the p2m table (for pass-through) */ int set_identity_p2m_entry(struct domain *d, unsigned long gfn, -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 12:26:27 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 12:26:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183156.331155 (Exim 4.92) (envelope-from ) id 1mOJ8N-00089n-C2; Thu, 09 Sep 2021 12:26:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183156.331155; Thu, 09 Sep 2021 12:26:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ8N-00089f-8X; Thu, 09 Sep 2021 12:26:27 +0000 Received: by outflank-mailman (input) for mailman id 183156; Thu, 09 Sep 2021 12:26:26 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ8M-00089P-4x for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:26:26 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ8M-0005Vr-4G for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:26:26 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOJ8M-0004ed-3Q for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:26:26 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=F3mXSjWwYf4GfaR3TH0LolM3OhtccDGSz+nqxYFM0xA=; b=pZOzKKKmIE/shV0uXAWHGIgChc T8BbNWSMa7cPM5et/ZaUM2GbmR6ZY1VahxidmIOeRzTvIhUk+YjEXWT7O/cu+uuXU5IGbwROzGD7w 85sTWtjWRpa2PTkk/t1sZb3xGv7uyqT0JxHr0MSim8vVM0HbWwJ4PLCb8DqN+CxmLBHE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/mm: widen locked region in xenmem_add_to_physmap_one() Message-Id: Date: Thu, 09 Sep 2021 12:26:26 +0000 commit d40287a000ec20252006d92c51a69f14be808fd5 Author: Jan Beulich AuthorDate: Wed Aug 25 14:44:05 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:44:05 2021 +0200 x86/mm: widen locked region in xenmem_add_to_physmap_one() For pages which can be made part of the P2M by the guest, but which can also later be de-allocated (grant table v2 status pages being the present example), it is imperative that they be mapped at no more than a single GFN. We therefore need to make sure that of two parallel XENMAPSPACE_grant_table requests for the same status page one completes before the second checks at which other GFN the underlying MFN is presently mapped. Pull ahead the respective get_gfn() and push down the respective put_gfn(). This leverages that gfn_lock() really aliases p2m_lock(), but the function makes this assumption already anyway: In the XENMAPSPACE_gmfn case lock nesting constraints for both involved GFNs would otherwise need to be enforced to avoid ABBA deadlocks. This is CVE-2021-28697 / XSA-379. Signed-off-by: Jan Beulich Reviewed-by: Julien Grall master commit: f147422bf9476fb8161b43e35f5901571ed17c35 master date: 2021-08-25 14:17:56 +0200 --- xen/arch/x86/mm/p2m.c | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 4cbb177aa9..3bdfc3f274 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -2730,8 +2730,20 @@ int xenmem_add_to_physmap_one( goto put_both; } - /* Remove previously mapped page if it was present. */ + /* + * Note that we're (ab)using GFN locking (to really be locking of the + * entire P2M) here in (at least) two ways: Finer grained locking would + * expose lock order violations in the XENMAPSPACE_gmfn case (due to the + * earlier get_gfn_unshare() above). Plus at the very least for the grant + * table v2 status page case we need to guarantee that the same page can + * only appear at a single GFN. While this is a property we want in + * general, for pages which can subsequently be freed this imperative: + * Upon freeing we wouldn't be able to find other mappings in the P2M + * (unless we did a brute force search). + */ prev_mfn = get_gfn(d, gfn_x(gpfn), &p2mt); + + /* Remove previously mapped page if it was present. */ if ( p2mt == p2m_mmio_direct ) rc = -EPERM; else if ( mfn_valid(prev_mfn) ) @@ -2743,27 +2755,21 @@ int xenmem_add_to_physmap_one( /* Normal domain memory is freed, to avoid leaking memory. */ rc = guest_remove_page(d, gfn_x(gpfn)); } - /* In the XENMAPSPACE_gmfn case we still hold a ref on the old page. */ - put_gfn(d, gfn_x(gpfn)); - - if ( rc ) - goto put_both; /* Unmap from old location, if any. */ old_gpfn = get_gpfn_from_mfn(mfn_x(mfn)); ASSERT(!SHARED_M2P(old_gpfn)); if ( space == XENMAPSPACE_gmfn && old_gpfn != gfn ) - { rc = -EXDEV; - goto put_both; - } - if ( old_gpfn != INVALID_M2P_ENTRY ) + else if ( !rc && old_gpfn != INVALID_M2P_ENTRY ) rc = guest_physmap_remove_page(d, _gfn(old_gpfn), mfn, PAGE_ORDER_4K); /* Map at new location. */ if ( !rc ) rc = guest_physmap_add_page(d, gpfn, mfn, PAGE_ORDER_4K); + put_gfn(d, gfn_x(gpfn)); + put_both: /* * In the XENMAPSPACE_gmfn case, we took a ref of the gfn at the top. -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 12:26:37 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 12:26:37 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183158.331159 (Exim 4.92) (envelope-from ) id 1mOJ8X-0008Cm-DP; Thu, 09 Sep 2021 12:26:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183158.331159; Thu, 09 Sep 2021 12:26:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ8X-0008Ce-AP; Thu, 09 Sep 2021 12:26:37 +0000 Received: by outflank-mailman (input) for mailman id 183158; Thu, 09 Sep 2021 12:26:36 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ8W-0008CU-8k for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:26:36 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ8W-0005W2-84 for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:26:36 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOJ8W-0004fK-7E for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:26:36 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=PE/j9XQlO9nAVeUk0fca4b4UOaR1wumtDPIWLMQIYJc=; b=O0QJtKREw9qdUd6lTw6BS2o8Os bqtM4CrOLpeCH2S0BbJpg0DVVCz3ZZAJ+Ez3p2Q/9+4LSvUd0UVG817+bkY3rADKSFiBxUM3foH+D B9ihTNntdGPSJ5+u5CQ9X26B0V4szRPFuIGASOycIzfKAEdVl3nKZSwEvgUhzQLDjOnQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] gnttab: add preemption check to gnttab_release_mappings() Message-Id: Date: Thu, 09 Sep 2021 12:26:36 +0000 commit 9bfbde40bc268dc479dde785d2435fd5a2e61efd Author: Jan Beulich AuthorDate: Wed Aug 25 14:44:23 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:44:23 2021 +0200 gnttab: add preemption check to gnttab_release_mappings() A guest may die with many grant mappings still in place, or simply with a large maptrack table. Iterating through this may take more time than is reasonable without intermediate preemption (to run softirqs and perhaps the scheduler). Move the invocation of the function to the section where other restartable functions get invoked, and have the function itself check for preemption every once in a while. Have it iterate the table backwards, such that decreasing the maptrack limit is all it takes to convey restart information. In domain_teardown() introduce PROG_none such that inserting at the front will be easier going forward. This is part of CVE-2021-28698 / XSA-380. Reported-by: Andrew Cooper Signed-off-by: Jan Beulich Reviewed-by: Julien Grall master commit: b1ee10be5625b7d502cef1e6ee3818610ab0d29c master date: 2021-08-25 14:18:18 +0200 --- xen/common/domain.c | 12 ++++++++--- xen/common/grant_table.c | 46 ++++++++++++++++++++++++++++++++++++------- xen/include/xen/grant_table.h | 6 ++---- 3 files changed, 50 insertions(+), 14 deletions(-) diff --git a/xen/common/domain.c b/xen/common/domain.c index d85984638a..dabb15a06c 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -412,11 +412,18 @@ static int domain_teardown(struct domain *d) v = d->teardown.vcpu enum { - PROG_vcpu_teardown = 1, + PROG_none, + PROG_gnttab_mappings, + PROG_vcpu_teardown, PROG_done, }; - case 0: + case PROG_none: + rc = gnttab_release_mappings(d); + if ( rc ) + return rc; + + PROGRESS(gnttab_mappings): for_each_vcpu ( d, v ) { PROGRESS_VCPU(teardown); @@ -908,7 +915,6 @@ int domain_kill(struct domain *d) return domain_kill(d); d->is_dying = DOMDYING_dying; argo_destroy(d); - gnttab_release_mappings(d); vnuma_destroy(d->vnuma); domain_set_outstanding_pages(d, 0); /* fallthrough */ diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index ab30e2e8cf..e43ff7df4f 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -64,7 +64,13 @@ struct grant_table { unsigned int nr_grant_frames; /* Number of grant status frames shared with guest (for version 2) */ unsigned int nr_status_frames; - /* Number of available maptrack entries. */ + /* + * Number of available maptrack entries. For cleanup purposes it is + * important to realize that this field and @maptrack further down will + * only ever be accessed by the local domain. Thus it is okay to clean + * up early, and to shrink the limit for the purpose of tracking cleanup + * progress. + */ unsigned int maptrack_limit; /* Shared grant table (see include/public/grant_table.h). */ union { @@ -3691,9 +3697,7 @@ do_grant_table_op( #include "compat/grant_table.c" #endif -void -gnttab_release_mappings( - struct domain *d) +int gnttab_release_mappings(struct domain *d) { struct grant_table *gt = d->grant_table, *rgt; struct grant_mapping *map; @@ -3707,8 +3711,32 @@ gnttab_release_mappings( BUG_ON(!d->is_dying); - for ( handle = 0; handle < gt->maptrack_limit; handle++ ) + if ( !gt || !gt->maptrack ) + return 0; + + for ( handle = gt->maptrack_limit; handle; ) { + /* + * Deal with full pages such that their freeing (in the body of the + * if()) remains simple. + */ + if ( handle < gt->maptrack_limit && !(handle % MAPTRACK_PER_PAGE) ) + { + /* + * Changing maptrack_limit alters nr_maptrack_frames()'es return + * value. Free the then excess trailing page right here, rather + * than leaving it to grant_table_destroy() (and in turn requiring + * to leave gt->maptrack_limit unaltered). + */ + gt->maptrack_limit = handle; + FREE_XENHEAP_PAGE(gt->maptrack[nr_maptrack_frames(gt)]); + + if ( hypercall_preempt_check() ) + return -ERESTART; + } + + --handle; + map = &maptrack_entry(gt, handle); if ( !(map->flags & (GNTMAP_device_map|GNTMAP_host_map)) ) continue; @@ -3792,6 +3820,11 @@ gnttab_release_mappings( map->flags = 0; } + + gt->maptrack_limit = 0; + FREE_XENHEAP_PAGE(gt->maptrack[0]); + + return 0; } void grant_table_warn_active_grants(struct domain *d) @@ -3855,8 +3888,7 @@ grant_table_destroy( free_xenheap_page(t->shared_raw[i]); xfree(t->shared_raw); - for ( i = 0; i < nr_maptrack_frames(t); i++ ) - free_xenheap_page(t->maptrack[i]); + ASSERT(!t->maptrack_limit); vfree(t->maptrack); for ( i = 0; i < nr_active_grant_frames(t); i++ ) diff --git a/xen/include/xen/grant_table.h b/xen/include/xen/grant_table.h index 63b6dc78f4..cbd1ce37db 100644 --- a/xen/include/xen/grant_table.h +++ b/xen/include/xen/grant_table.h @@ -46,9 +46,7 @@ void grant_table_init_vcpu(struct vcpu *v); void grant_table_warn_active_grants(struct domain *d); /* Domain death release of granted mappings of other domains' memory. */ -void -gnttab_release_mappings( - struct domain *d); +int gnttab_release_mappings(struct domain *d); int mem_sharing_gref_to_gfn(struct grant_table *gt, grant_ref_t ref, gfn_t *gfn, uint16_t *status); @@ -79,7 +77,7 @@ static inline void grant_table_init_vcpu(struct vcpu *v) {} static inline void grant_table_warn_active_grants(struct domain *d) {} -static inline void gnttab_release_mappings(struct domain *d) {} +static inline int gnttab_release_mappings(struct domain *d) { return 0; } static inline int mem_sharing_gref_to_gfn(struct grant_table *gt, grant_ref_t ref, -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 12:26:47 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 12:26:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183160.331165 (Exim 4.92) (envelope-from ) id 1mOJ8h-0008Ff-HP; Thu, 09 Sep 2021 12:26:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183160.331165; Thu, 09 Sep 2021 12:26:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ8h-0008FS-C4; Thu, 09 Sep 2021 12:26:47 +0000 Received: by outflank-mailman (input) for mailman id 183160; Thu, 09 Sep 2021 12:26:46 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ8g-0008FF-CL for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:26:46 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ8g-0005WD-Bd for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:26:46 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOJ8g-0004fr-Ap for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:26:46 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=e2Jfn1/w33sS6mcyIzmcV+6aluAOaSfnsmnm44alA1U=; b=qtG6LXdbeZkyD5lgq2mekSRdBH qARywEMK19hhJrwKU/0LqSrcpZ7MX4E2iYXnKKf5g5XJvJfn9zNIMvu9gmDvQ2eGkU3DCyaxciirp +jCiuu3nSTuaSIBwoAp+qfK3xTVcZj64/6zybsn4AkoJYoSRo/vfJItdrsNs0Zs6ZQ1Y=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] gnttab: replace mapkind() Message-Id: Date: Thu, 09 Sep 2021 12:26:46 +0000 commit 2f6ebcec023be0b0873a5e67ce3a0ab301dbac4f Author: Jan Beulich AuthorDate: Wed Aug 25 14:44:48 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:44:48 2021 +0200 gnttab: replace mapkind() mapkind() doesn't scale very well with larger maptrack entry counts, using a brute force linear search through all entries, with the only option of an early loop exit if a matching writable entry was found. Introduce a radix tree alongside the main maptrack table, thus allowing much faster MFN-based lookup. To avoid the need to actually allocate space for the individual nodes, encode the two counters in the node pointers themselves, thus limiting the number of permitted simultaneous r/o and r/w mappings of the same MFN to 2³¹-1 (64-bit) / 2¹⁵-1 (32-bit) each. To avoid enforcing an unnecessarily low bound on the number of simultaneous mappings of a single MFN, introduce radix_tree_{ulong_to_ptr,ptr_to_ulong} paralleling radix_tree_{int_to_ptr,ptr_to_int}. As a consequence locking changes are also applicable: With there no longer being any inspection of the remote domain's active entries, there's also no need anymore to hold the remote domain's grant table lock. And since we're no longer iterating over the local domain's map track table, the lock in map_grant_ref() can also be dropped before the new maptrack entry actually gets populated. As a nice side effect this also reduces the number of IOMMU operations in unmap_common(): Previously we would have "established" a readable mapping whenever we didn't find a writable entry anymore (yet, of course, at least one readable one). But we only need to do this if we actually dropped the last writable entry, not if there were none already before. This is part of CVE-2021-28698 / XSA-380. Signed-off-by: Jan Beulich Reviewed-by: Julien Grall master commit: 9781b51efde251efcc0291ddb1d9c7cefe2b2555 master date: 2021-08-25 14:18:39 +0200 --- xen/common/grant_table.c | 201 ++++++++++++++++++++++++------------------- xen/include/xen/radix-tree.h | 19 ++++ 2 files changed, 131 insertions(+), 89 deletions(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index e43ff7df4f..7422872dec 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -37,6 +37,7 @@ #include #include #include +#include #include #include #include @@ -82,8 +83,13 @@ struct grant_table { grant_status_t **status; /* Active grant table. */ struct active_grant_entry **active; - /* Mapping tracking table per vcpu. */ + /* Handle-indexed tracking table of mappings. */ struct grant_mapping **maptrack; + /* + * MFN-indexed tracking tree of mappings, if needed. Note that this is + * protected by @lock, not @maptrack_lock. + */ + struct radix_tree_root maptrack_tree; /* Domain to which this struct grant_table belongs. */ const struct domain *domain; @@ -516,34 +522,6 @@ static int get_paged_frame(unsigned long gfn, mfn_t *mfn, return GNTST_okay; } -static inline void -double_gt_lock(struct grant_table *lgt, struct grant_table *rgt) -{ - /* - * See mapkind() for why the write lock is also required for the - * remote domain. - */ - if ( lgt < rgt ) - { - grant_write_lock(lgt); - grant_write_lock(rgt); - } - else - { - if ( lgt != rgt ) - grant_write_lock(rgt); - grant_write_lock(lgt); - } -} - -static inline void -double_gt_unlock(struct grant_table *lgt, struct grant_table *rgt) -{ - grant_write_unlock(lgt); - if ( lgt != rgt ) - grant_write_unlock(rgt); -} - #define INVALID_MAPTRACK_HANDLE UINT_MAX static inline grant_handle_t @@ -982,41 +960,17 @@ static struct active_grant_entry *grant_map_exists(const struct domain *ld, return ERR_PTR(-EINVAL); } -#define MAPKIND_READ 1 -#define MAPKIND_WRITE 2 -static unsigned int mapkind( - struct grant_table *lgt, const struct domain *rd, mfn_t mfn) -{ - struct grant_mapping *map; - grant_handle_t handle, limit = lgt->maptrack_limit; - unsigned int kind = 0; - - /* - * Must have the local domain's grant table write lock when - * iterating over its maptrack entries. - */ - ASSERT(percpu_rw_is_write_locked(&lgt->lock)); - /* - * Must have the remote domain's grant table write lock while - * counting its active entries. - */ - ASSERT(percpu_rw_is_write_locked(&rd->grant_table->lock)); - - smp_rmb(); - - for ( handle = 0; !(kind & MAPKIND_WRITE) && handle < limit; handle++ ) - { - map = &maptrack_entry(lgt, handle); - if ( !(map->flags & (GNTMAP_device_map|GNTMAP_host_map)) || - map->domid != rd->domain_id ) - continue; - if ( mfn_eq(_active_entry(rd->grant_table, map->ref).mfn, mfn) ) - kind |= map->flags & GNTMAP_readonly ? - MAPKIND_READ : MAPKIND_WRITE; - } - - return kind; -} +union maptrack_node { + struct { + /* Radix tree slot pointers use two of the bits. */ +#ifdef __BIG_ENDIAN_BITFIELD + unsigned long : 2; +#endif + unsigned long rd : BITS_PER_LONG / 2 - 1; + unsigned long wr : BITS_PER_LONG / 2 - 1; + } cnt; + unsigned long raw; +}; static void map_grant_ref( @@ -1035,7 +989,6 @@ map_grant_ref( struct grant_mapping *mt; grant_entry_header_t *shah; uint16_t *status; - bool_t need_iommu; ld = current->domain; @@ -1256,31 +1209,75 @@ map_grant_ref( * as mem-sharing and IOMMU use are incompatible). The dom_io case would * need checking separately if we compared against owner here. */ - need_iommu = ld != rd && gnttab_need_iommu_mapping(ld); - if ( need_iommu ) - { + if ( ld != rd && gnttab_need_iommu_mapping(ld) ) + { + union maptrack_node node = { + .cnt.rd = !!(op->flags & GNTMAP_readonly), + .cnt.wr = !(op->flags & GNTMAP_readonly), + }; + int err; + void **slot = NULL; unsigned int kind; - double_gt_lock(lgt, rgt); + grant_write_lock(lgt); + + err = radix_tree_insert(&lgt->maptrack_tree, mfn_x(mfn), + radix_tree_ulong_to_ptr(node.raw)); + if ( err == -EEXIST ) + { + slot = radix_tree_lookup_slot(&lgt->maptrack_tree, mfn_x(mfn)); + if ( likely(slot) ) + { + node.raw = radix_tree_ptr_to_ulong(*slot); + err = -EBUSY; + + /* Update node only when refcount doesn't overflow. */ + if ( op->flags & GNTMAP_readonly ? ++node.cnt.rd + : ++node.cnt.wr ) + { + radix_tree_replace_slot(slot, + radix_tree_ulong_to_ptr(node.raw)); + err = 0; + } + } + else + ASSERT_UNREACHABLE(); + } /* * We're not translated, so we know that dfns and mfns are * the same things, so the IOMMU entry is always 1-to-1. */ - kind = mapkind(lgt, rd, mfn); - if ( !(op->flags & GNTMAP_readonly) && - !(kind & MAPKIND_WRITE) ) + if ( !(op->flags & GNTMAP_readonly) && node.cnt.wr == 1 ) kind = IOMMUF_readable | IOMMUF_writable; - else if ( !kind ) + else if ( (op->flags & GNTMAP_readonly) && + node.cnt.rd == 1 && !node.cnt.wr ) kind = IOMMUF_readable; else kind = 0; - if ( kind && iommu_legacy_map(ld, _dfn(mfn_x(mfn)), mfn, 1, kind) ) + if ( err || + (kind && iommu_legacy_map(ld, _dfn(mfn_x(mfn)), mfn, 1, kind)) ) { - double_gt_unlock(lgt, rgt); + if ( !err ) + { + if ( slot ) + { + op->flags & GNTMAP_readonly ? node.cnt.rd-- + : node.cnt.wr--; + radix_tree_replace_slot(slot, + radix_tree_ulong_to_ptr(node.raw)); + } + else + radix_tree_delete(&lgt->maptrack_tree, mfn_x(mfn)); + } + rc = GNTST_general_error; - goto undo_out; } + + grant_write_unlock(lgt); + + if ( rc != GNTST_okay ) + goto undo_out; } TRACE_1D(TRC_MEM_PAGE_GRANT_MAP, op->dom); @@ -1288,10 +1285,6 @@ map_grant_ref( /* * All maptrack entry users check mt->flags first before using the * other fields so just ensure the flags field is stored last. - * - * However, if gnttab_need_iommu_mapping() then this would race - * with a concurrent mapkind() call (on an unmap, for example) - * and a lock is required. */ mt = &maptrack_entry(lgt, handle); mt->domid = op->dom; @@ -1299,9 +1292,6 @@ map_grant_ref( smp_wmb(); write_atomic(&mt->flags, op->flags); - if ( need_iommu ) - double_gt_unlock(lgt, rgt); - op->dev_bus_addr = mfn_to_maddr(mfn); op->handle = handle; op->status = GNTST_okay; @@ -1509,19 +1499,34 @@ unmap_common( /* See the respective comment in map_grant_ref(). */ if ( rc == GNTST_okay && ld != rd && gnttab_need_iommu_mapping(ld) ) { - unsigned int kind; + void **slot; + union maptrack_node node; int err = 0; - double_gt_lock(lgt, rgt); + grant_write_lock(lgt); + slot = radix_tree_lookup_slot(&lgt->maptrack_tree, mfn_x(op->mfn)); + node.raw = likely(slot) ? radix_tree_ptr_to_ulong(*slot) : 0; + + /* Refcount must not underflow. */ + if ( !(flags & GNTMAP_readonly ? node.cnt.rd-- + : node.cnt.wr--) ) + BUG(); - kind = mapkind(lgt, rd, op->mfn); - if ( !kind ) + if ( !node.raw ) err = iommu_legacy_unmap(ld, _dfn(mfn_x(op->mfn)), 1); - else if ( !(kind & MAPKIND_WRITE) ) + else if ( !(flags & GNTMAP_readonly) && !node.cnt.wr ) err = iommu_legacy_map(ld, _dfn(mfn_x(op->mfn)), op->mfn, 1, IOMMUF_readable); - double_gt_unlock(lgt, rgt); + if ( err ) + ; + else if ( !node.raw ) + radix_tree_delete(&lgt->maptrack_tree, mfn_x(op->mfn)); + else + radix_tree_replace_slot(slot, + radix_tree_ulong_to_ptr(node.raw)); + + grant_write_unlock(lgt); if ( err ) rc = GNTST_general_error; @@ -1968,6 +1973,8 @@ int grant_table_init(struct domain *d, int max_grant_frames, gt->maptrack = vzalloc(gt->max_maptrack_frames * sizeof(*gt->maptrack)); if ( gt->maptrack == NULL ) goto out; + + radix_tree_init(>->maptrack_tree); } /* Shared grant table. */ @@ -3716,6 +3723,8 @@ int gnttab_release_mappings(struct domain *d) for ( handle = gt->maptrack_limit; handle; ) { + mfn_t mfn; + /* * Deal with full pages such that their freeing (in the body of the * if()) remains simple. @@ -3813,17 +3822,31 @@ int gnttab_release_mappings(struct domain *d) reduce_status_for_pin(rd, act, status, map->flags & GNTMAP_readonly); + mfn = act->mfn; + active_entry_release(act); grant_read_unlock(rgt); rcu_unlock_domain(rd); map->flags = 0; + + /* + * This is excessive in that a single such call would suffice per + * mapped MFN (or none at all, if no entry was ever inserted). But it + * should be the common case for an MFN to be mapped just once, and + * this way we don't need to further maintain the counters. We also + * don't want to leave cleaning up of the tree as a whole to the end + * of the function, as this could take quite some time. + */ + radix_tree_delete(>->maptrack_tree, mfn_x(mfn)); } gt->maptrack_limit = 0; FREE_XENHEAP_PAGE(gt->maptrack[0]); + radix_tree_destroy(>->maptrack_tree, NULL); + return 0; } diff --git a/xen/include/xen/radix-tree.h b/xen/include/xen/radix-tree.h index ec40cf1d9e..58c40312e6 100644 --- a/xen/include/xen/radix-tree.h +++ b/xen/include/xen/radix-tree.h @@ -190,6 +190,25 @@ static inline int radix_tree_ptr_to_int(void *ptr) return (int)((long)ptr >> 2); } +/** + * radix_tree_{ulong_to_ptr,ptr_to_ulong}: + * + * Same for unsigned long values. Beware though that only BITS_PER_LONG-2 + * bits are actually usable for the value. + */ +static inline void *radix_tree_ulong_to_ptr(unsigned long val) +{ + unsigned long ptr = (val << 2) | 0x2; + ASSERT((ptr >> 2) == val); + return (void *)ptr; +} + +static inline unsigned long radix_tree_ptr_to_ulong(void *ptr) +{ + ASSERT(((unsigned long)ptr & 0x3) == 0x2); + return (unsigned long)ptr >> 2; +} + int radix_tree_insert(struct radix_tree_root *, unsigned long, void *); void *radix_tree_lookup(struct radix_tree_root *, unsigned long); void **radix_tree_lookup_slot(struct radix_tree_root *, unsigned long); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 12:26:57 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 12:26:57 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183162.331168 (Exim 4.92) (envelope-from ) id 1mOJ8r-0008IB-H9; Thu, 09 Sep 2021 12:26:57 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183162.331168; Thu, 09 Sep 2021 12:26:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ8r-0008Hz-Dc; Thu, 09 Sep 2021 12:26:57 +0000 Received: by outflank-mailman (input) for mailman id 183162; Thu, 09 Sep 2021 12:26:56 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ8q-0008Hq-GJ for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:26:56 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ8q-0005Wh-Ff for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:26:56 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOJ8q-0004gU-En for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:26:56 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=JbJqFUKCLY05/bD4XwVSvSlksYNlZeXc3KX51VkSTiU=; b=qBPqIMwAbITsrt/xw2vncE3SoU ITeABpSlNxHuJwrovKFZHWjFjmOj6H3c/ckcHf2agq44VrE//RLh0MbPsu///cJZ16FhAPPHEjmjR spJroSvsqYrOIBkaUmZjSSJ38g4srlvsZHqfL7RUnE+C8kG052ZjTOqOKXBDc2IAeqq4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] gnttab: fix array capacity check in gnttab_get_status_frames() Message-Id: Date: Thu, 09 Sep 2021 12:26:56 +0000 commit 8a8b16c44e3e4cae097224511b72dfd7b059152b Author: Jan Beulich AuthorDate: Wed Aug 25 14:45:24 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:45:24 2021 +0200 gnttab: fix array capacity check in gnttab_get_status_frames() The number of grant frames is of no interest here; converting the passed in op.nr_frames this way means we allow for 8 times as many GFNs to be written as actually fit in the array. We would corrupt xlat areas of higher vCPU-s (after having faulted many times while trying to write to the guard pages between any two areas) for 32-bit PV guests. For HVM guests we'd simply crash as soon as we hit the first guard page, as accesses to the xlat area are simply memcpy() there. This is CVE-2021-28699 / XSA-382. Fixes: 18b1be5e324b ("gnttab: make resource limits per domain") Signed-off-by: Jan Beulich master commit: ec820035b875cdbedce5e73f481ce65963ede9ed master date: 2021-08-25 14:19:09 +0200 --- xen/common/grant_table.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 7422872dec..d3f8dc8c4d 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -3266,12 +3266,11 @@ gnttab_get_status_frames(XEN_GUEST_HANDLE_PARAM(gnttab_get_status_frames_t) uop, goto unlock; } - if ( unlikely(limit_max < grant_to_status_frames(op.nr_frames)) ) + if ( unlikely(limit_max < op.nr_frames) ) { gdprintk(XENLOG_WARNING, - "grant_to_status_frames(%u) for d%d is too large (%u,%u)\n", - op.nr_frames, d->domain_id, - grant_to_status_frames(op.nr_frames), limit_max); + "nr_status_frames for %pd is too large (%u,%u)\n", + d, op.nr_frames, limit_max); op.status = GNTST_general_error; goto unlock; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 12:27:10 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 12:27:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183164.331171 (Exim 4.92) (envelope-from ) id 1mOJ91-0008LV-Jz; Thu, 09 Sep 2021 12:27:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183164.331171; Thu, 09 Sep 2021 12:27:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ91-0008LM-Gd; Thu, 09 Sep 2021 12:27:07 +0000 Received: by outflank-mailman (input) for mailman id 183164; Thu, 09 Sep 2021 12:27:06 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ90-0008L4-Jr for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:27:06 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ90-0005X6-J8 for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:27:06 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOJ90-0004hI-IO for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:27:06 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=hyVkZc/hlK1lGApdxzlgM/ElJG8uIr0DpFEll2uBVRY=; b=q17Nvkz6svPorsUVqLIOvBQJfO KPwDDLN5ht1OBM8M9f1h51MnQrmoDQmMD5MjXUAaZOhlC+MX6qyTVjY7QXe95f1ols7To3TRAzfCp SSJ7rqtru6F+L2p7EzCgtMBHOLM2eSUqLQ7KBmcZC/PrxDbMt/ShfscIX+Fy/KYlKRxM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] xen/arm: Restrict the amount of memory that dom0less domU and dom0 can allocate Message-Id: Date: Thu, 09 Sep 2021 12:27:06 +0000 commit 9bc2a681274b94639902d7c021d300384662a29a Author: Julien Grall AuthorDate: Wed Aug 25 14:45:45 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:45:45 2021 +0200 xen/arm: Restrict the amount of memory that dom0less domU and dom0 can allocate Currently, both dom0less domUs and dom0 can allocate an "unlimited" amount of memory because d->max_pages is set to ~0U. In particular, the former are meant to be unprivileged. Therefore the memory they could allocate should be bounded. As the domain are not yet officially aware of Xen (we don't expose advertise it in the DT, yet the hypercalls are accessible), they should not need to allocate more than the initial amount. So cap set d->max_pages directly the amount of memory we are meant to allocate. Take the opportunity to also restrict the memory for dom0 as the domain is direct mapped (e.g. MFN == GFN) and therefore cannot allocate outside of the pre-allocated region. This is CVE-2021-28700 / XSA-383. Reported-by: Julien Grall Signed-off-by: Julien Grall Reviewed-by: Stefano Stabellini Tested-by: Stefano Stabellini master commit: c08d68cd2aacbc7cb56e73ada241bfe4639bbc68 master date: 2021-08-25 14:19:31 +0200 --- xen/arch/arm/domain_build.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index 4203ddcca0..26c1342948 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -2439,7 +2439,8 @@ static int __init construct_domU(struct domain *d, if ( vcpu_create(d, 0) == NULL ) return -ENOMEM; - d->max_pages = ~0U; + + d->max_pages = ((paddr_t)mem * SZ_1K) >> PAGE_SHIFT; kinfo.d = d; @@ -2540,7 +2541,7 @@ int __init construct_dom0(struct domain *d) iommu_hwdom_init(d); - d->max_pages = ~0U; + d->max_pages = dom0_mem >> PAGE_SHIFT; kinfo.unassigned_mem = dom0_mem; kinfo.d = d; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 12:27:17 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 12:27:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183166.331175 (Exim 4.92) (envelope-from ) id 1mOJ9B-0008Q3-L6; Thu, 09 Sep 2021 12:27:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183166.331175; Thu, 09 Sep 2021 12:27:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ9B-0008Pv-IC; Thu, 09 Sep 2021 12:27:17 +0000 Received: by outflank-mailman (input) for mailman id 183166; Thu, 09 Sep 2021 12:27:16 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ9A-0008PZ-Nh for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:27:16 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ9A-0005XH-Mw for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:27:16 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOJ9A-0004hr-Lz for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:27:16 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=VysbqgNQbmgNOYvIvbdQemp+2XNhNmhb6S2zbb7+y2M=; b=uH8yAsUxyagCJ5qEjvwS2LBQM2 KZzoaruTQo9l/fBCtjz1aTAbWEIMICJIYfbagbqcP5IHOGgJXhSY9/qfYCUY3B8BK8T4bJsReKq7s +v2KS+Xc1zLTzw8oKxnk/ua1JX4GORlM6ZSFFfvFUXkUW/4x2pkzL/ycnrSwDFLU9yA4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/AMD: expose SYSCFG, TOM, TOM2, and IORRs to Dom0 Message-Id: Date: Thu, 09 Sep 2021 12:27:16 +0000 commit 9ab1714708ed23f7709a10ba839ebcb203ef1657 Author: Jan Beulich AuthorDate: Wed Aug 25 14:49:02 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:49:02 2021 +0200 x86/AMD: expose SYSCFG, TOM, TOM2, and IORRs to Dom0 Sufficiently old Linux (3.12-ish) accesses these MSRs (with the exception of IORRs) in an unguarded manner. Furthermore these same MSRs, at least on Fam11 and older CPUs, are also consulted by modern Linux, and their (bogus) built-in zapping of #GP faults from MSR accesses leads to it effectively reading zero instead of the intended values, which are relevant for PCI BAR placement (which ought to all live in MMIO-type space, not in DRAM-type one). For SYSCFG, only certain bits get exposed. Since MtrrVarDramEn also covers the IORRs, expose them as well. Introduce (consistently named) constants for the bits we're interested in and use them in pre-existing code as well. While there also drop the unused and somewhat questionable K8_MTRR_RDMEM_WRMEM_MASK. To complete the set of memory type and DRAM vs MMIO controlling MSRs, also expose TSEG_{BASE,MASK} (the former also gets read by Linux, dealing with which was already the subject of 6eef0a99262c ["x86/PV: conditionally avoid raising #GP for early guest MSR reads"]). As a welcome side effect, verbosity on/of debug builds gets (perhaps significantly) reduced. Note that at least as far as those MSR accesses by Linux are concerned, there's no similar issue for DomU-s, as the accesses sit behind PCI device matching logic. The checked for devices would never be exposed to DomU-s in the first place. Nevertheless I think that at least for HVM we should return sensible values, not 0 (as svm_msr_read_intercept() does right now). The intended values may, however, need to be determined by hvmloader, and then get made known to Xen. Fixes: 322ec7c89f66 ("x86/pv: disallow access to unknown MSRs") Reported-by: Olaf Hering Signed-off-by: Jan Beulich x86/AMD: adjust SYSCFG, TOM, etc exposure to deal with running nested In the original change I neglected to consider the case of us running as L1 under another Xen. In this case we're not Dom0, so the underlying Xen wouldn't permit us access to these MSRs. As an immediate workaround use rdmsr_safe(); I don't view this as the final solution though, as the original problem the earlier change tried to address also applies when running nested. Yet it is then unclear to me how to properly address the issue: We shouldn't generally expose the MSR values, but handing back zero (or effectively any other static value) doesn't look appropriate either. Fixes: bfcdaae9c210 ("x86/AMD: expose SYSCFG, TOM, TOM2, and IORRs to Dom0") Signed-off-by: Jan Beulich Reviewed-by: Julien Grall master commit: bfcdaae9c210bd7984d7691285aaf43deb1b0604 master date: 2021-07-09 08:28:14 +0200 master commit: 471383ddd1843700fdd7d74242ba0e5f314dc678 master date: 2021-07-19 12:28:50 +0200 --- xen/arch/x86/cpu/amd.c | 4 ++-- xen/arch/x86/cpu/mtrr/generic.c | 2 +- xen/arch/x86/msr.c | 20 ++++++++++++++++++++ xen/arch/x86/x86_64/mmconf-fam10h.c | 2 +- xen/include/asm-x86/msr-index.h | 20 +++++++++++++++----- 5 files changed, 39 insertions(+), 9 deletions(-) diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index 8bc51bec10..db6916c1fd 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -468,14 +468,14 @@ static void check_syscfg_dram_mod_en(void) return; rdmsrl(MSR_K8_SYSCFG, syscfg); - if (!(syscfg & K8_MTRRFIXRANGE_DRAM_MODIFY)) + if (!(syscfg & SYSCFG_MTRR_FIX_DRAM_MOD_EN)) return; if (!test_and_set_bool(printed)) printk(KERN_ERR "MTRR: SYSCFG[MtrrFixDramModEn] not " "cleared by BIOS, clearing this bit\n"); - syscfg &= ~K8_MTRRFIXRANGE_DRAM_MODIFY; + syscfg &= ~SYSCFG_MTRR_FIX_DRAM_MOD_EN; wrmsrl(MSR_K8_SYSCFG, syscfg); } diff --git a/xen/arch/x86/cpu/mtrr/generic.c b/xen/arch/x86/cpu/mtrr/generic.c index 06fa0c0420..883e3398ff 100644 --- a/xen/arch/x86/cpu/mtrr/generic.c +++ b/xen/arch/x86/cpu/mtrr/generic.c @@ -224,7 +224,7 @@ static void __init print_mtrr_state(const char *level) uint64_t syscfg, tom2; rdmsrl(MSR_K8_SYSCFG, syscfg); - if (syscfg & (1 << 21)) { + if (syscfg & SYSCFG_MTRR_TOM2_EN) { rdmsrl(MSR_K8_TOP_MEM2, tom2); printk("%sTOM2: %012"PRIx64"%s\n", level, tom2, syscfg & (1 << 22) ? " (WB)" : ""); diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index 374f92b2c5..75b89777a2 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -339,6 +339,26 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) *val = msrs->tsc_aux; break; + case MSR_K8_SYSCFG: + case MSR_K8_TOP_MEM1: + case MSR_K8_TOP_MEM2: + case MSR_K8_IORR_BASE0: + case MSR_K8_IORR_MASK0: + case MSR_K8_IORR_BASE1: + case MSR_K8_IORR_MASK1: + case MSR_K8_TSEG_BASE: + case MSR_K8_TSEG_MASK: + if ( !(cp->x86_vendor & (X86_VENDOR_AMD | X86_VENDOR_HYGON)) ) + goto gp_fault; + if ( !is_hardware_domain(d) ) + return X86EMUL_UNHANDLEABLE; + if ( rdmsr_safe(msr, *val) ) + goto gp_fault; + if ( msr == MSR_K8_SYSCFG ) + *val &= (SYSCFG_TOM2_FORCE_WB | SYSCFG_MTRR_TOM2_EN | + SYSCFG_MTRR_VAR_DRAM_EN | SYSCFG_MTRR_FIX_DRAM_EN); + break; + case MSR_K8_HWCR: if ( !(cp->x86_vendor & (X86_VENDOR_AMD | X86_VENDOR_HYGON)) ) goto gp_fault; diff --git a/xen/arch/x86/x86_64/mmconf-fam10h.c b/xen/arch/x86/x86_64/mmconf-fam10h.c index 3b57d2b5ca..a834ab3149 100644 --- a/xen/arch/x86/x86_64/mmconf-fam10h.c +++ b/xen/arch/x86/x86_64/mmconf-fam10h.c @@ -69,7 +69,7 @@ static void __init get_fam10h_pci_mmconf_base(void) rdmsrl(address, val); /* TOP_MEM2 is not enabled? */ - if (!(val & (1<<21))) { + if (!(val & SYSCFG_MTRR_TOM2_EN)) { tom2 = 1ULL << 32; } else { /* TOP_MEM2 */ diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index 9a772c12b8..7e38c257d8 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -118,6 +118,21 @@ #define PASID_PASID_MASK 0x000fffff #define PASID_VALID (_AC(1, ULL) << 31) +#define MSR_K8_SYSCFG 0xc0010010 +#define SYSCFG_MTRR_FIX_DRAM_EN (_AC(1, ULL) << 18) +#define SYSCFG_MTRR_FIX_DRAM_MOD_EN (_AC(1, ULL) << 19) +#define SYSCFG_MTRR_VAR_DRAM_EN (_AC(1, ULL) << 20) +#define SYSCFG_MTRR_TOM2_EN (_AC(1, ULL) << 21) +#define SYSCFG_TOM2_FORCE_WB (_AC(1, ULL) << 22) + +#define MSR_K8_IORR_BASE0 0xc0010016 +#define MSR_K8_IORR_MASK0 0xc0010017 +#define MSR_K8_IORR_BASE1 0xc0010018 +#define MSR_K8_IORR_MASK1 0xc0010019 + +#define MSR_K8_TSEG_BASE 0xc0010112 /* AMD doc: SMMAddr */ +#define MSR_K8_TSEG_MASK 0xc0010113 /* AMD doc: SMMMask */ + #define MSR_K8_VM_CR 0xc0010114 #define VM_CR_INIT_REDIRECTION (_AC(1, ULL) << 1) #define VM_CR_SVM_DISABLE (_AC(1, ULL) << 4) @@ -281,11 +296,6 @@ #define MSR_K8_TOP_MEM1 0xc001001a #define MSR_K7_CLK_CTL 0xc001001b #define MSR_K8_TOP_MEM2 0xc001001d -#define MSR_K8_SYSCFG 0xc0010010 - -#define K8_MTRRFIXRANGE_DRAM_ENABLE 0x00040000 /* MtrrFixDramEn bit */ -#define K8_MTRRFIXRANGE_DRAM_MODIFY 0x00080000 /* MtrrFixDramModEn bit */ -#define K8_MTRR_RDMEM_WRMEM_MASK 0x18181818 /* Mask: RdMem|WrMem */ #define MSR_K7_HWCR 0xc0010015 #define MSR_K8_HWCR 0xc0010015 -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 12:27:27 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 12:27:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183168.331179 (Exim 4.92) (envelope-from ) id 1mOJ9L-0008TZ-Mu; Thu, 09 Sep 2021 12:27:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183168.331179; Thu, 09 Sep 2021 12:27:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ9L-0008TP-Jk; Thu, 09 Sep 2021 12:27:27 +0000 Received: by outflank-mailman (input) for mailman id 183168; Thu, 09 Sep 2021 12:27:26 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ9K-0008TJ-RH for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:27:26 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ9K-0005XS-QW for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:27:26 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOJ9K-0004iS-Pi for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:27:26 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=MeMQZCX1ho4dLmXNjUfDbGcgGbPBulCa2kABxJWo6zU=; b=EX4GE+I0nM9/fKvExX77ICgSMD OuJ27ve2MxQpGk9PoGk2z3qygjl4TB7mwFJiM+8LtUgQtGWVT67+/OP2be2gt6clJ4ciqGU4hRiMN MGOtqD+9pXxr3UGpk28AQ2otng/zirgvtmo1xJUthoMxApjf2CmEPTAELkEfnaZ2f29Q=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/hvm: Propagate real error information up through hvm_load() Message-Id: Date: Thu, 09 Sep 2021 12:27:26 +0000 commit 2a4ca6dda164e3d70ec88cb1a234bab5bff242c2 Author: Andrew Cooper AuthorDate: Wed Aug 25 14:49:29 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:49:29 2021 +0200 x86/hvm: Propagate real error information up through hvm_load() hvm_load() is currently a mix of -errno and -1 style error handling, which aliases -EPERM. This leads to the following confusing diagnostics: From userspace: xc: info: Restoring domain xc: error: Unable to restore HVM context (1 = Operation not permitted): Internal error xc: error: Restore failed (1 = Operation not permitted): Internal error xc_domain_restore: [1] Restore failed (1 = Operation not permitted) From Xen: (XEN) HVM10.0 restore: inconsistent xsave state (feat=0x2ff accum=0x21f xcr0=0x7 bv=0x3 err=-22) (XEN) HVM10 restore: failed to load entry 16/0 The actual error was a bad backport, but the -EINVAL got converted to -EPERM on the way out of the hypercall. The overwhelming majority of *_load() handlers already use -errno consistenty. Fix up the rest to be consistent, and fix a few other errors noticed along the way. * Failures of hvm_load_entry() indicate a truncated record or other bad data size. Use -ENODATA. * Don't use {g,}dprintk(). Omitting diagnostics in release builds is rude, and almost everything uses unconditional printk()'s. * Switch some errors for more appropriate ones. Reported-by: Igor Druzhinin Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich master commit: 96e5ad4c476e70688295b3cfb537847a3351d6fd master date: 2021-07-19 14:34:38 +0100 --- xen/arch/x86/cpu/mcheck/vmce.c | 6 +++--- xen/arch/x86/emul-i8254.c | 9 +++++---- xen/arch/x86/hvm/irq.c | 6 +++--- xen/arch/x86/hvm/save.c | 25 ++++++++++++++----------- xen/arch/x86/hvm/vioapic.c | 5 ++++- xen/arch/x86/hvm/vpic.c | 2 +- 6 files changed, 30 insertions(+), 23 deletions(-) diff --git a/xen/arch/x86/cpu/mcheck/vmce.c b/xen/arch/x86/cpu/mcheck/vmce.c index b1df9e9efd..eb6434a3ba 100644 --- a/xen/arch/x86/cpu/mcheck/vmce.c +++ b/xen/arch/x86/cpu/mcheck/vmce.c @@ -82,11 +82,11 @@ int vmce_restore_vcpu(struct vcpu *v, const struct hvm_vmce_vcpu *ctxt) if ( ctxt->caps & ~guest_mcg_cap & ~MCG_CAP_COUNT & ~MCG_CTL_P ) { - dprintk(XENLOG_G_ERR, "%s restore: unsupported MCA capabilities" - " %#" PRIx64 " for %pv (supported: %#Lx)\n", + printk(XENLOG_G_ERR + "%s restore: unsupported MCA capabilities %#"PRIx64" for %pv (supported: %#Lx)\n", is_hvm_vcpu(v) ? "HVM" : "PV", ctxt->caps, v, guest_mcg_cap & ~MCG_CAP_COUNT); - return -EPERM; + return -EINVAL; } v->arch.vmce.mcg_cap = ctxt->caps; diff --git a/xen/arch/x86/emul-i8254.c b/xen/arch/x86/emul-i8254.c index 73be4188ad..050c784702 100644 --- a/xen/arch/x86/emul-i8254.c +++ b/xen/arch/x86/emul-i8254.c @@ -412,7 +412,7 @@ static int pit_save(struct vcpu *v, hvm_domain_context_t *h) static int pit_load(struct domain *d, hvm_domain_context_t *h) { PITState *pit = domain_vpit(d); - int i; + int i, rc = 0; if ( !has_vpit(d) ) return -ENODEV; @@ -421,8 +421,8 @@ static int pit_load(struct domain *d, hvm_domain_context_t *h) if ( hvm_load_entry(PIT, h, &pit->hw) ) { - spin_unlock(&pit->lock); - return 1; + rc = -ENODATA; + goto out; } /* @@ -434,9 +434,10 @@ static int pit_load(struct domain *d, hvm_domain_context_t *h) for ( i = 0; i < 3; i++ ) pit_load_count(pit, i, pit->hw.channels[i].count); + out: spin_unlock(&pit->lock); - return 0; + return rc; } HVM_REGISTER_SAVE_RESTORE(PIT, pit_save, pit_load, 1, HVMSR_PER_DOM); diff --git a/xen/arch/x86/hvm/irq.c b/xen/arch/x86/hvm/irq.c index 38ac5fb6c7..52aae4565f 100644 --- a/xen/arch/x86/hvm/irq.c +++ b/xen/arch/x86/hvm/irq.c @@ -773,9 +773,9 @@ static int irq_load_link(struct domain *d, hvm_domain_context_t *h) for ( link = 0; link < 4; link++ ) if ( hvm_irq->pci_link.route[link] > 15 ) { - gdprintk(XENLOG_ERR, - "HVM restore: PCI-ISA link %u out of range (%u)\n", - link, hvm_irq->pci_link.route[link]); + printk(XENLOG_G_ERR + "HVM restore: PCI-ISA link %u out of range (%u)\n", + link, hvm_irq->pci_link.route[link]); return -EINVAL; } diff --git a/xen/arch/x86/hvm/save.c b/xen/arch/x86/hvm/save.c index 584620985b..86c82cbd74 100644 --- a/xen/arch/x86/hvm/save.c +++ b/xen/arch/x86/hvm/save.c @@ -51,14 +51,14 @@ int arch_hvm_load(struct domain *d, struct hvm_save_header *hdr) { printk(XENLOG_G_ERR "HVM%d restore: bad magic number %#"PRIx32"\n", d->domain_id, hdr->magic); - return -1; + return -EINVAL; } if ( hdr->version != HVM_FILE_VERSION ) { printk(XENLOG_G_ERR "HVM%d restore: unsupported version %u\n", d->domain_id, hdr->version); - return -1; + return -EINVAL; } cpuid(1, &eax, &ebx, &ecx, &edx); @@ -294,16 +294,18 @@ int hvm_load(struct domain *d, hvm_domain_context_t *h) struct hvm_save_descriptor *desc; hvm_load_handler handler; struct vcpu *v; + int rc; if ( d->is_dying ) return -EINVAL; /* Read the save header, which must be first */ if ( hvm_load_entry(HEADER, h, &hdr) != 0 ) - return -1; + return -ENODATA; - if ( arch_hvm_load(d, &hdr) ) - return -1; + rc = arch_hvm_load(d, &hdr); + if ( rc ) + return rc; /* Down all the vcpus: we only re-enable the ones that had state saved. */ for_each_vcpu(d, v) @@ -318,7 +320,7 @@ int hvm_load(struct domain *d, hvm_domain_context_t *h) printk(XENLOG_G_ERR "HVM%d restore: save did not end with a null entry\n", d->domain_id); - return -1; + return -ENODATA; } /* Read the typecode of the next entry and check for the end-marker */ @@ -332,17 +334,18 @@ int hvm_load(struct domain *d, hvm_domain_context_t *h) { printk(XENLOG_G_ERR "HVM%d restore: unknown entry typecode %u\n", d->domain_id, desc->typecode); - return -1; + return -EINVAL; } /* Load the entry */ printk(XENLOG_G_INFO "HVM%d restore: %s %"PRIu16"\n", d->domain_id, hvm_sr_handlers[desc->typecode].name, desc->instance); - if ( handler(d, h) != 0 ) + rc = handler(d, h); + if ( rc ) { - printk(XENLOG_G_ERR "HVM%d restore: failed to load entry %u/%u\n", - d->domain_id, desc->typecode, desc->instance); - return -1; + printk(XENLOG_G_ERR "HVM%d restore: failed to load entry %u/%u rc %d\n", + d->domain_id, desc->typecode, desc->instance, rc); + return rc; } process_pending_softirqs(); } diff --git a/xen/arch/x86/hvm/vioapic.c b/xen/arch/x86/hvm/vioapic.c index 804bc77279..d090fd729c 100644 --- a/xen/arch/x86/hvm/vioapic.c +++ b/xen/arch/x86/hvm/vioapic.c @@ -601,7 +601,10 @@ static int ioapic_load(struct domain *d, hvm_domain_context_t *h) d->arch.hvm.nr_vioapics != 1 ) return -EOPNOTSUPP; - return hvm_load_entry(IOAPIC, h, &s->domU); + if ( hvm_load_entry(IOAPIC, h, &s->domU) ) + return -ENODATA; + + return 0; } HVM_REGISTER_SAVE_RESTORE(IOAPIC, ioapic_save, ioapic_load, 1, HVMSR_PER_DOM); diff --git a/xen/arch/x86/hvm/vpic.c b/xen/arch/x86/hvm/vpic.c index c1c1de7fd0..01cb7f668f 100644 --- a/xen/arch/x86/hvm/vpic.c +++ b/xen/arch/x86/hvm/vpic.c @@ -403,7 +403,7 @@ static int vpic_load(struct domain *d, hvm_domain_context_t *h) /* Which PIC is this? */ if ( inst > 1 ) - return -EINVAL; + return -ENOENT; s = &d->arch.hvm.vpic[inst]; /* Load the state */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 12:27:37 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 12:27:37 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183170.331183 (Exim 4.92) (envelope-from ) id 1mOJ9V-000055-OS; Thu, 09 Sep 2021 12:27:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183170.331183; Thu, 09 Sep 2021 12:27:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ9V-00004r-LK; Thu, 09 Sep 2021 12:27:37 +0000 Received: by outflank-mailman (input) for mailman id 183170; Thu, 09 Sep 2021 12:27:37 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ9U-0008WN-Un for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:27:36 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ9U-0005Xf-U6 for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:27:36 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOJ9U-0004j9-TE for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:27:36 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Uq6l3JcigO1ggL3XRa0XvMeHnfybl3lwPC5yN30qxw0=; b=RVUq7PQLJTpBA70WHvzs57FIp8 sl/szW50pUtJlD5X4TfYrqw6RNzX4/hyw3szUzmgrZ+WosZti4jJqKBRL3N30dHLSkzG1G529TKcZ UCmI7pL7CJuw2F+DvD5wvoe9hRPIE1RKzJ0yoB6AiEdkW+wY1WUvjkpunXsLbO+dnr9g=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] xen/lib: Fix strcmp() and strncmp() Message-Id: Date: Thu, 09 Sep 2021 12:27:36 +0000 commit 8c3a80b14e0056bcae7c691b71be370c39a32f47 Author: Jane Malalane AuthorDate: Wed Aug 25 14:49:47 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:49:47 2021 +0200 xen/lib: Fix strcmp() and strncmp() The C standard requires that each character be compared as unsigned char. Xen's current behaviour compares as signed char, which changes the answer when chars with a value greater than 0x7f are used. Suggested-by: Andrew Cooper Signed-off-by: Jane Malalane Reviewed-by: Ian Jackson master commit: 3747a2bb67daa5a8baeff6cda57dc98a5ef79c3e master date: 2021-07-30 10:52:46 +0100 --- xen/common/string.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/xen/common/string.c b/xen/common/string.c index af3d96ad0f..43624b1b45 100644 --- a/xen/common/string.c +++ b/xen/common/string.c @@ -119,14 +119,16 @@ EXPORT_SYMBOL(strlcat); */ int (strcmp)(const char *cs, const char *ct) { - register signed char __res; + unsigned char *csu = (unsigned char *)cs; + unsigned char *ctu = (unsigned char *)ct; + int res; while (1) { - if ((__res = *cs - *ct++) != 0 || !*cs++) + if ((res = *csu - *ctu++) != 0 || !*csu++) break; } - return __res; + return res; } #endif @@ -139,15 +141,17 @@ int (strcmp)(const char *cs, const char *ct) */ int (strncmp)(const char *cs, const char *ct, size_t count) { - register signed char __res = 0; + unsigned char *csu = (unsigned char *)cs; + unsigned char *ctu = (unsigned char *)ct; + int res = 0; while (count) { - if ((__res = *cs - *ct++) != 0 || !*cs++) + if ((res = *csu - *ctu++) != 0 || !*csu++) break; count--; } - return __res; + return res; } #endif -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 12:27:47 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 12:27:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183172.331186 (Exim 4.92) (envelope-from ) id 1mOJ9f-00008R-Pi; Thu, 09 Sep 2021 12:27:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183172.331186; Thu, 09 Sep 2021 12:27:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ9f-00008F-Ms; Thu, 09 Sep 2021 12:27:47 +0000 Received: by outflank-mailman (input) for mailman id 183172; Thu, 09 Sep 2021 12:27:47 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ9f-00007z-1w for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:27:47 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ9f-0005Xp-1I for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:27:47 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOJ9f-0004ju-0b for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:27:47 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=9mBHUMhusVJPdaLoAEwup631aWOLLFY/aBeW2PyOzk4=; b=e06vZ8kQbPazqvJOIPEskIfgaR OD97F48p4QBXrF7oU9S8PQYz9UNyWZ69qBTzl6pFJk7NVMqOkyGBiPkgDpXcC4pvDHB5wSO69BpAi WsGesmnqlwjmKNprxnsOtwEzqnvxxAEVsetn9bb0K3iMO2RSwJsUXaF3YM4yJlElA+Ng=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] credit2: avoid picking a spurious idle unit when caps are used Message-Id: Date: Thu, 09 Sep 2021 12:27:47 +0000 commit b11a694067a993f5fa57012922fd04f2a489e233 Author: Dario Faggioli AuthorDate: Wed Aug 25 14:50:00 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:50:00 2021 +0200 credit2: avoid picking a spurious idle unit when caps are used Commit 07b0eb5d0ef0 ("credit2: make sure we pick a runnable unit from the runq if there is one") did not fix completely the problem of potentially selecting a scheduling unit that will then not be able to run. In fact, in case caps are used and the unit we are currently looking at, during the runqueue scan, does not have enough budget for being run, we should continue looking instead than giving up and picking the idle unit. Suggested-by: George Dunlap Signed-off-by: Dario Faggioli Reviewed-by: Jan Beulich master commit: 0f742839ae57e10687e7a573070c37430f31068c master date: 2021-08-10 09:29:10 +0200 --- xen/common/sched/credit2.c | 32 +++++++++++++++++++++++++------- 1 file changed, 25 insertions(+), 7 deletions(-) diff --git a/xen/common/sched/credit2.c b/xen/common/sched/credit2.c index ebb09ea43a..6396b38e04 100644 --- a/xen/common/sched/credit2.c +++ b/xen/common/sched/credit2.c @@ -3463,6 +3463,15 @@ runq_candidate(struct csched2_runqueue_data *rqd, (unsigned char *)&d); } + /* + * If the unit in the runqueue has more credits than current (or than + * idle, if current is not runnable) or if current is yielding, we may + * want to pick it up. Otherwise, there's no need to keep scanning the + * runqueue any further. + */ + if ( !yield && svc->credit <= snext->credit ) + break; + /* Skip non runnable units that we (temporarily) have in the runq */ if ( unlikely(!unit_runnable_state(svc->unit)) ) continue; @@ -3494,16 +3503,25 @@ runq_candidate(struct csched2_runqueue_data *rqd, } /* - * If the one in the runqueue has more credit than current (or idle, - * if current is not runnable), or if current is yielding, and also - * if the one in runqueue either is not capped, or is capped but has - * some budget, then choose it. + * If we are here, we are almost sure we want to pick the unit in + * the runqueue. Last thing we need to check is that it either is + * not capped or, if it is, it has some budget. + * + * Note that budget availability must be the very last check that + * we do in this loop, due to the side effects that unit_grab_budget() + * causes. + * + * In fact, if there is budget available in the unit's domain's + * budget pool, the function will pick some for running this unit. + * And we clearly want to do that only if we're otherwise sure that + * the unit will actually run, consume it, and return the leftover + * (if any) in the usual way. */ - if ( (yield || svc->credit > snext->credit) && - (!has_cap(svc) || unit_grab_budget(svc)) ) - snext = svc; + if ( has_cap(svc) && !unit_grab_budget(svc) ) + continue; /* In any case, if we got this far, break. */ + snext = svc; break; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 12:27:58 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 12:27:58 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183175.331191 (Exim 4.92) (envelope-from ) id 1mOJ9q-0000C7-T4; Thu, 09 Sep 2021 12:27:58 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183175.331191; Thu, 09 Sep 2021 12:27:58 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ9q-0000Bz-Ps; Thu, 09 Sep 2021 12:27:58 +0000 Received: by outflank-mailman (input) for mailman id 183175; Thu, 09 Sep 2021 12:27:57 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ9p-0000BP-5f for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:27:57 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ9p-0005YG-4v for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:27:57 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOJ9p-0004lS-3u for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:27:57 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=jMuc/i6KIU9HOR+IvPFBniyf6oUVJlgnHBeW8XXmHfk=; b=3XLMkH5T7Y7RbmDsAZoIz/+aQ0 q8ZIaMOejlmPv5QYN+XAgY0L50ei3FjgZYEF7QBpe1a+kxMEDv5zTj3bMkrXmPGP9gN3II1zhDs2Y UlXmmE4oHOYDnzLuhXSOO6YkSvGEllB9lCJs+bCP1U6bT5js9SMSbvoVjfhFafYq7b1k=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/cet: Fix shskt manipulation error with BUGFRAME_{warn,run_fn} Message-Id: Date: Thu, 09 Sep 2021 12:27:57 +0000 commit 45cf6ad5e5606eb33e041dc93625b3bf8f346793 Author: Andrew Cooper AuthorDate: Wed Aug 25 14:50:16 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:50:16 2021 +0200 x86/cet: Fix shskt manipulation error with BUGFRAME_{warn,run_fn} This was a clear oversight in the original CET work. The BUGFRAME_run_fn and BUGFRAME_warn paths update regs->rip without an equivalent adjustment to the shadow stack, causing IRET to suffer #CP because of the mismatch. One subtle, and therefore fragile, aspect of extable_shstk_fixup() was that it required regs->rip to have its old value as a cross-check that the right word in the shadow stack was being edited. Rework extable_shstk_fixup() into fixup_exception_return() which takes ownership of the update to both the regular and shadow stacks, ensuring that the regs->rip update is ordered correctly. Use the new fixup_exception_return() for BUGFRAME_run_fn and BUGFRAME_warn to ensure that the shadow stack is updated too. Fixes: 209fb9919b50 ("x86/extable: Adjust extable handling to be shadow stack compatible") Reported-by: Marek Marczykowski-Górecki Signed-off-by: Andrew Cooper Tested-by: Marek Marczykowski-Górecki Reviewed-by: Jan Beulich x86/cet: Fix build on newer versions of GCC Some versions of GCC complain with: traps.c:405:22: error: 'get_shstk_bottom' defined but not used [-Werror=unused-function] static unsigned long get_shstk_bottom(unsigned long sp) ^~~~~~~~~~~~~~~~ cc1: all warnings being treated as errors Change #ifdef to if ( IS_ENABLED(...) ) to make the sole user of get_shstk_bottom() visible to the compiler. Fixes: 35727551c070 ("x86/cet: Fix shskt manipulation error with BUGFRAME_{warn,run_fn}") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich Compile-tested-by: Jan Beulich Tested-by: Marek Marczykowski-Górecki master commit: 35727551c0703493a2240e967cffc3063b13d49c master date: 2021-08-16 16:03:20 +0100 master commit: 54c9736382e0d558a6acd820e44185e020131c48 master date: 2021-08-17 12:55:48 +0100 --- xen/arch/x86/traps.c | 96 ++++++++++++++++++++++++++++------------------------ 1 file changed, 51 insertions(+), 45 deletions(-) diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index 3c2e563cce..939c91a0ca 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -777,53 +777,62 @@ static void do_reserved_trap(struct cpu_user_regs *regs) trapnr, vec_name(trapnr), regs->error_code); } -static void extable_shstk_fixup(struct cpu_user_regs *regs, unsigned long fixup) +static void fixup_exception_return(struct cpu_user_regs *regs, + unsigned long fixup) { - unsigned long ssp, *ptr, *base; + if ( IS_ENABLED(CONFIG_XEN_SHSTK) ) + { + unsigned long ssp, *ptr, *base; - asm ( "rdsspq %0" : "=r" (ssp) : "0" (1) ); - if ( ssp == 1 ) - return; + asm ( "rdsspq %0" : "=r" (ssp) : "0" (1) ); + if ( ssp == 1 ) + goto shstk_done; - ptr = _p(ssp); - base = _p(get_shstk_bottom(ssp)); + ptr = _p(ssp); + base = _p(get_shstk_bottom(ssp)); - for ( ; ptr < base; ++ptr ) - { - /* - * Search for %rip. The shstk currently looks like this: - * - * ... [Likely pointed to by SSP] - * %cs [== regs->cs] - * %rip [== regs->rip] - * SSP [Likely points to 3 slots higher, above %cs] - * ... [call tree to this function, likely 2/3 slots] - * - * and we want to overwrite %rip with fixup. There are two - * complications: - * 1) We cant depend on SSP values, because they won't differ by 3 - * slots if the exception is taken on an IST stack. - * 2) There are synthetic (unrealistic but not impossible) scenarios - * where %rip can end up in the call tree to this function, so we - * can't check against regs->rip alone. - * - * Check for both regs->rip and regs->cs matching. - */ - if ( ptr[0] == regs->rip && ptr[1] == regs->cs ) + for ( ; ptr < base; ++ptr ) { - asm ( "wrssq %[fix], %[stk]" - : [stk] "=m" (ptr[0]) - : [fix] "r" (fixup) ); - return; + /* + * Search for %rip. The shstk currently looks like this: + * + * ... [Likely pointed to by SSP] + * %cs [== regs->cs] + * %rip [== regs->rip] + * SSP [Likely points to 3 slots higher, above %cs] + * ... [call tree to this function, likely 2/3 slots] + * + * and we want to overwrite %rip with fixup. There are two + * complications: + * 1) We cant depend on SSP values, because they won't differ by + * 3 slots if the exception is taken on an IST stack. + * 2) There are synthetic (unrealistic but not impossible) + * scenarios where %rip can end up in the call tree to this + * function, so we can't check against regs->rip alone. + * + * Check for both regs->rip and regs->cs matching. + */ + if ( ptr[0] == regs->rip && ptr[1] == regs->cs ) + { + asm ( "wrssq %[fix], %[stk]" + : [stk] "=m" (ptr[0]) + : [fix] "r" (fixup) ); + goto shstk_done; + } } + + /* + * We failed to locate and fix up the shadow IRET frame. This could + * be due to shadow stack corruption, or bad logic above. We cannot + * continue executing the interrupted context. + */ + BUG(); + } + shstk_done: - /* - * We failed to locate and fix up the shadow IRET frame. This could be - * due to shadow stack corruption, or bad logic above. We cannot continue - * executing the interrupted context. - */ - BUG(); + /* Fixup the regular stack. */ + regs->rip = fixup; } static bool extable_fixup(struct cpu_user_regs *regs, bool print) @@ -842,10 +851,7 @@ static bool extable_fixup(struct cpu_user_regs *regs, bool print) vec_name(regs->entry_vector), regs->error_code, _p(regs->rip), _p(regs->rip), _p(fixup)); - if ( IS_ENABLED(CONFIG_XEN_SHSTK) ) - extable_shstk_fixup(regs, fixup); - - regs->rip = fixup; + fixup_exception_return(regs, fixup); this_cpu(last_extable_addr) = regs->rip; return true; @@ -1136,7 +1142,7 @@ void do_invalid_op(struct cpu_user_regs *regs) void (*fn)(struct cpu_user_regs *) = bug_ptr(bug); fn(regs); - regs->rip = (unsigned long)eip; + fixup_exception_return(regs, (unsigned long)eip); return; } @@ -1157,7 +1163,7 @@ void do_invalid_op(struct cpu_user_regs *regs) case BUGFRAME_warn: printk("Xen WARN at %s%s:%d\n", prefix, filename, lineno); show_execution_state(regs); - regs->rip = (unsigned long)eip; + fixup_exception_return(regs, (unsigned long)eip); return; case BUGFRAME_bug: -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 12:28:08 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 12:28:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183177.331195 (Exim 4.92) (envelope-from ) id 1mOJA0-0000FB-Ua; Thu, 09 Sep 2021 12:28:08 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183177.331195; Thu, 09 Sep 2021 12:28:08 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJA0-0000F3-Rg; Thu, 09 Sep 2021 12:28:08 +0000 Received: by outflank-mailman (input) for mailman id 183177; Thu, 09 Sep 2021 12:28:07 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ9z-0000Eq-9R for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:28:07 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJ9z-0005Yd-8i for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:28:07 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOJ9z-0004n3-7n for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:28:07 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Wpmiypi1oJ0ljAEEdPrLGmIElZT9yFcnHegaOa54Q28=; b=J3fgtBOJsHwWAEhxKKPNCnn+ot vEWgMH76ypLMW0t0ugLDqPYWxWC++VX18AsVhfCXiZHecEGA/pflFo4XwSbF+i4smI67S7TfbUji1 1iCPD8dxDWRzwPIOQCgi34nQYjb18YQNpSci490n9b/mjJBGbMZePTWRn+Yj6Nms0yHY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] VT-d: Tylersburg errata apply to further steppings Message-Id: Date: Thu, 09 Sep 2021 12:28:07 +0000 commit 9e027b88d91cd64d70da3c1ea07a88c4b460cfbf Author: Jan Beulich AuthorDate: Wed Aug 25 14:50:30 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:50:30 2021 +0200 VT-d: Tylersburg errata apply to further steppings While for 5500 and 5520 chipsets only B3 and C2 are mentioned in the spec update, X58's also mentions B2, and searching the internet suggests systems with this stepping are actually in use. Even worse, for X58 erratum #69 is marked applicable even to C2. Split the check to cover all applicable steppings and to also report applicable errata numbers in the log message. The splitting requires using the DMI port instead of the System Management Registers device, but that's then in line (also revision checking wise) with the spec updates. Fixes: 6890cebc6a98 ("VT-d: deal with 5500/5520/X58 errata") Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian master commit: 517a90d1ca09ce00e50d46ac25566cc3bd2eb34d master date: 2021-08-18 09:44:14 +0200 --- xen/drivers/passthrough/vtd/quirks.c | 34 +++++++++++++++++++++++++--------- 1 file changed, 25 insertions(+), 9 deletions(-) diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c index 8a81d9c930..2ad76a0ae7 100644 --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -268,26 +268,42 @@ static int __init parse_snb_timeout(const char *s) } custom_param("snb_igd_quirk", parse_snb_timeout); -/* 5500/5520/X58 Chipset Interrupt remapping errata, for stepping B-3. - * Fixed in stepping C-2. */ +/* + * 5500/5520/X58 chipset interrupt remapping errata, for steppings B2 and B3. + * Fixed in stepping C2 except on X58. + */ static void __init tylersburg_intremap_quirk(void) { - uint32_t bus, device; + unsigned int bus; uint8_t rev; for ( bus = 0; bus < 0x100; bus++ ) { - /* Match on System Management Registers on Device 20 Function 0 */ - device = pci_conf_read32(PCI_SBDF(0, bus, 20, 0), PCI_VENDOR_ID); - rev = pci_conf_read8(PCI_SBDF(0, bus, 20, 0), PCI_REVISION_ID); + /* Match on DMI port (Device 0 Function 0) */ + rev = pci_conf_read8(PCI_SBDF(0, bus, 0, 0), PCI_REVISION_ID); - if ( rev == 0x13 && device == 0x342e8086 ) + switch ( pci_conf_read32(PCI_SBDF(0, bus, 0, 0), PCI_VENDOR_ID) ) { + default: + continue; + + case 0x34038086: case 0x34068086: + if ( rev >= 0x22 ) + continue; + printk(XENLOG_WARNING VTDPREFIX + "Disabling IOMMU due to Intel 5500/5520 chipset errata #47 and #53\n"); + iommu_enable = false; + break; + + case 0x34058086: printk(XENLOG_WARNING VTDPREFIX - "Disabling IOMMU due to Intel 5500/5520/X58 Chipset errata #47, #53\n"); - iommu_enable = 0; + "Disabling IOMMU due to Intel X58 chipset %s\n", + rev < 0x22 ? "errata #62 and #69" : "erratum #69"); + iommu_enable = false; break; } + + break; } } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 12:28:19 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 12:28:19 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183179.331200 (Exim 4.92) (envelope-from ) id 1mOJAB-0000IJ-0M; Thu, 09 Sep 2021 12:28:19 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183179.331200; Thu, 09 Sep 2021 12:28:18 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJAA-0000IB-TB; Thu, 09 Sep 2021 12:28:18 +0000 Received: by outflank-mailman (input) for mailman id 183179; Thu, 09 Sep 2021 12:28:17 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJA9-0000Ho-Cy for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:28:17 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJA9-0005Yq-CJ for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:28:17 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOJA9-0004nq-BQ for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:28:17 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Ny74g/olcinBHPb7LaISKU/qDKNJexZCywfNuduH4aY=; b=MAtpGI0nOGcEFmSl0VKS82OHNK cEFg9XA3fqcxM5pc6HvSuB5lI4KHOuW6ZLb0XVE3HmLAy5UthZ3cEsi+8gpWT3KpxBlCeIjCpYmsn UKmVUhGCkJKJFiFT5/EL0G72V+3HsZzeefconqAEOca10YYzumkWHbC5YJ6QoLSJ3ThY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] xen/sched: fix get_cpu_idle_time() for smt=0 suspend/resume Message-Id: Date: Thu, 09 Sep 2021 12:28:17 +0000 commit b654bb2ed2f35339ab03966e5dd64cf341cec8b1 Author: Juergen Gross AuthorDate: Wed Aug 25 14:50:43 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:50:43 2021 +0200 xen/sched: fix get_cpu_idle_time() for smt=0 suspend/resume With smt=0 during a suspend/resume cycle of the machine the threads which have been parked before will briefly come up again. This can result in problems e.g. with cpufreq driver being active as this will call into get_cpu_idle_time() for a cpu without initialized scheduler data. Fix that by letting get_cpu_idle_time() deal with this case. Drop a redundant check in exchange. Fixes: 132cbe8f35632fb2 ("sched: fix get_cpu_idle_time() with core scheduling") Reported-by: Marek Marczykowski-Górecki Signed-off-by: Juergen Gross Tested-by: Marek Marczykowski-Górecki Reviewed-by: Jan Beulich Acked-by: Dario Faggioli master commit: 5293470a77ad980dce2af9b7e6c3f11eeebf1b64 master date: 2021-08-19 13:38:31 +0200 --- xen/common/sched/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/common/sched/core.c b/xen/common/sched/core.c index 6d34764d38..8d178baf3d 100644 --- a/xen/common/sched/core.c +++ b/xen/common/sched/core.c @@ -337,7 +337,7 @@ uint64_t get_cpu_idle_time(unsigned int cpu) struct vcpu_runstate_info state = { 0 }; const struct vcpu *v = idle_vcpu[cpu]; - if ( cpu_online(cpu) && v ) + if ( cpu_online(cpu) && get_sched_res(cpu) ) vcpu_runstate_get(v, &state); return state.time[RUNSTATE_running]; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 12:28:29 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 12:28:29 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183181.331203 (Exim 4.92) (envelope-from ) id 1mOJAL-0000M0-1J; Thu, 09 Sep 2021 12:28:29 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183181.331203; Thu, 09 Sep 2021 12:28:29 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJAK-0000Ls-Uf; Thu, 09 Sep 2021 12:28:28 +0000 Received: by outflank-mailman (input) for mailman id 183181; Thu, 09 Sep 2021 12:28:27 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJAJ-0000Lj-Gq for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:28:27 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJAJ-0005Z1-G7 for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:28:27 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOJAJ-0004od-FB for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:28:27 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=sZ8Uqd18zHUg3qQSku4h78qiD7vuOLlFb8x7UMCYWf8=; b=VQc4OW1wksYIh87aHBRAn41ICE MFTG2+fOAp8Dnu8+H37MHbWTMsLpgL/jYUIru7RK7Kw4pMURRatX/36EvtKMhSDoETN39tgBC0Y0b DbtcuGbJxCMowIUBT9gJtsp0ZcoK227wh6POGl0Crc/vfejLxQe2VbeBbGuYmsxJJn7g=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] AMD/IOMMU: don't leave page table mapped when unmapping ... Message-Id: Date: Thu, 09 Sep 2021 12:28:27 +0000 commit 96894c14ca582b2d6ef50428ef3a24a89104faab Author: Jan Beulich AuthorDate: Wed Aug 25 14:50:57 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 14:50:57 2021 +0200 AMD/IOMMU: don't leave page table mapped when unmapping ... ... an already not mapped page. With all other exit paths doing the unmap, I have no idea how I managed to miss that aspect at the time. Fixes: ad591454f069 ("AMD/IOMMU: don't needlessly trigger errors/crashes when unmapping a page") Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: 3cfec6a6aa7a7bf68f8e19e21f450c2febe9acb4 master date: 2021-08-20 12:30:35 +0200 --- xen/drivers/passthrough/amd/iommu_map.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 2e7916b1e6..fdfffe8f92 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -243,7 +243,10 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, else if ( !pde->pr ) { if ( !map ) + { + unmap_domain_page(next_table_vaddr); return 0; + } if ( next_table_mfn == 0 ) { -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 12:28:39 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 12:28:39 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183183.331207 (Exim 4.92) (envelope-from ) id 1mOJAV-0000Ov-3C; Thu, 09 Sep 2021 12:28:39 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183183.331207; Thu, 09 Sep 2021 12:28:39 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJAU-0000Ol-WD; Thu, 09 Sep 2021 12:28:38 +0000 Received: by outflank-mailman (input) for mailman id 183183; Thu, 09 Sep 2021 12:28:37 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJAT-0000OY-KX for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:28:37 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJAT-0005ZD-Jr for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:28:37 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOJAT-0004pG-J2 for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:28:37 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=n150lTv/s8CkRWxf9u4caUQz9x65VXE7gTQJZ7H2NVs=; b=LnnNtHcUUvse//SFUrWybMSrh9 U/AJjezZH2pwW0G94HacIVKPNQ0r5y/g73tyhhQGq9eVpIqmjXB7mQ6HzKnLUPJLbR0rpVNAnZcqG +5H4RcJeIHhIfsQ71befc2TjE8CdYSbVaTRcq6SrMMUnldvNme6opfZmSFKvW78cdh0c=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] tools/firmware/ovmf: Use OvmfXen platform file is exist Message-Id: Date: Thu, 09 Sep 2021 12:28:37 +0000 commit 91bb9e9b0c0e2af926ab08958f3d65f07a105cb6 Author: Anthony PERARD AuthorDate: Tue Jun 1 11:28:03 2021 +0100 Commit: Ian Jackson CommitDate: Wed Aug 25 14:29:35 2021 +0100 tools/firmware/ovmf: Use OvmfXen platform file is exist A platform introduced in EDK II named OvmfXen is now the one to use for Xen instead of OvmfX64. It comes with PVH support. Also, the Xen support in OvmfX64 is deprecated, "deprecation notice: *dynamic* multi-VMM (QEMU vs. Xen) support in OvmfPkg" https://edk2.groups.io/g/devel/message/75498 Signed-off-by: Anthony PERARD Acked-by: Ian Jackson (cherry picked from commit aad7b5c11d51d57659978e04702ac970906894e8) --- tools/firmware/ovmf-makefile | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/tools/firmware/ovmf-makefile b/tools/firmware/ovmf-makefile index 55f9992145..637ee509c3 100644 --- a/tools/firmware/ovmf-makefile +++ b/tools/firmware/ovmf-makefile @@ -17,8 +17,14 @@ all: build .PHONY: build build: if test -e .git ; then $(GIT) submodule update --init --recursive ; fi - OvmfPkg/build.sh -a X64 -b $(TARGET) -n 4 - cp Build/OvmfX64/$(TARGET)_GCC*/FV/OVMF.fd ovmf.bin + set -ex; \ + if test -e OvmfPkg/OvmfXen.dsc; then \ + OvmfPkg/build.sh -a X64 -b $(TARGET) -n 4 -p OvmfPkg/OvmfXen.dsc; \ + cp Build/OvmfXen/$(TARGET)_GCC*/FV/OVMF.fd ovmf.bin; \ + else \ + OvmfPkg/build.sh -a X64 -b $(TARGET) -n 4; \ + cp Build/OvmfX64/$(TARGET)_GCC*/FV/OVMF.fd ovmf.bin; \ + fi .PHONY: clean clean: -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 12:28:49 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 12:28:49 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183185.331211 (Exim 4.92) (envelope-from ) id 1mOJAf-0000Rq-4Z; Thu, 09 Sep 2021 12:28:49 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183185.331211; Thu, 09 Sep 2021 12:28:49 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJAf-0000Ri-1V; Thu, 09 Sep 2021 12:28:49 +0000 Received: by outflank-mailman (input) for mailman id 183185; Thu, 09 Sep 2021 12:28:47 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJAd-0000RR-O6 for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:28:47 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJAd-0005ZO-NM for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:28:47 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOJAd-0004px-Md for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:28:47 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=4rjYiH695ZtPJz8MHbP1Z+mJYGk2jSfbBf8rMGWbyGM=; b=C8Y2BVm+dbBpQFB+s1sHotCg+8 b1qeO/fSHb5qmhqnlklrmv12Ut5UbGzZDn3XlB0sNqmMjDT4tBUCxdmpFBayVxCnlkGANzAk6NfmN ifANT3pl808wEhrOA+jNPp7aVt2ZQyiBIfIiCJIoZrTn1aQ9weJKJCmFdQSb0ZdA/vnI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] gnttab: avoid triggering assertion in radix_tree_ulong_to_ptr() Message-Id: Date: Thu, 09 Sep 2021 12:28:47 +0000 commit e58edae768bff17e1af652e3fae716c29b14c6e4 Author: Jan Beulich AuthorDate: Wed Sep 8 14:45:18 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 8 14:45:18 2021 +0200 gnttab: avoid triggering assertion in radix_tree_ulong_to_ptr() Relevant quotes from the C11 standard: "Except where explicitly stated otherwise, for the purposes of this subclause unnamed members of objects of structure and union type do not participate in initialization. Unnamed members of structure objects have indeterminate value even after initialization." "If there are fewer initializers in a brace-enclosed list than there are elements or members of an aggregate, [...], the remainder of the aggregate shall be initialized implicitly the same as objects that have static storage duration." "If an object that has static or thread storage duration is not initialized explicitly, then: [...] — if it is an aggregate, every member is initialized (recursively) according to these rules, and any padding is initialized to zero bits; [...]" "A bit-field declaration with no declarator, but only a colon and a width, indicates an unnamed bit-field." Footnote: "An unnamed bit-field structure member is useful for padding to conform to externally imposed layouts." "There may be unnamed padding within a structure object, but not at its beginning." Which makes me conclude: - Whether an unnamed bit-field member is an unnamed member or padding is unclear, and hence also whether the last quote above would render the big endian case of the structure declaration invalid. - Whether the number of members of an aggregate includes unnamed ones is also not really clear. - The initializer in map_grant_ref() initializes all fields of the "cnt" sub-structure of the union, so assuming the second quote above applies here (indirectly), the compiler isn't required to implicitly initialize the rest (i.e. in particular any padding) like would happen for static storage duration objects. Gcc 7.4.1 can be observed (apparently in debug builds only) to translate aforementioned initializer to a read-modify-write operation of a stack variable, leaving unchanged the top two bits of whatever was previously in that stack slot. Clearly if either of the two bits were set, radix_tree_ulong_to_ptr()'s assertion would trigger. Therefore, to be on the safe side, add an explicit padding field for the non-big-endian-bitfields case and give a dummy name to both padding fields. Fixes: 9781b51efde2 ("gnttab: replace mapkind()") Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: b6da9d0414d69c2682214ee3ecf9816fcac500d0 master date: 2021-08-27 10:54:46 +0200 --- xen/common/grant_table.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index d3f8dc8c4d..fd66863abc 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -964,10 +964,13 @@ union maptrack_node { struct { /* Radix tree slot pointers use two of the bits. */ #ifdef __BIG_ENDIAN_BITFIELD - unsigned long : 2; + unsigned long _0 : 2; #endif unsigned long rd : BITS_PER_LONG / 2 - 1; unsigned long wr : BITS_PER_LONG / 2 - 1; +#ifndef __BIG_ENDIAN_BITFIELD + unsigned long _0 : 2; +#endif } cnt; unsigned long raw; }; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 12:28:59 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 12:28:59 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183187.331215 (Exim 4.92) (envelope-from ) id 1mOJAp-0000VB-7M; Thu, 09 Sep 2021 12:28:59 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183187.331215; Thu, 09 Sep 2021 12:28:59 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJAp-0000V3-4O; Thu, 09 Sep 2021 12:28:59 +0000 Received: by outflank-mailman (input) for mailman id 183187; Thu, 09 Sep 2021 12:28:57 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJAn-0000Ug-RR for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:28:57 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJAn-0005Zs-Qj for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:28:57 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOJAn-0004qn-Pu for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:28:57 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Wcx1QBvmn9fDe4sgEwsc0gV2gacb5Lye0HowVDqGBlk=; b=k4pSIcQz4mLc3U+AAz5RYmh6k6 H+ZjPZNC1UnvE/N/TunG59NLCZWnpYK9pWYnei37b57jlrsKQFaoBGyp0v6axsyf69Xw4rh1rxbil 3P708KP2XPD+NzibR9vMMIFCJgGqPSFM6pZeUlcnR4Lon4VUEfj/pBQOHZ7gAtymSEmU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] xen/domain: Fix label position in domain_teardown() Message-Id: Date: Thu, 09 Sep 2021 12:28:57 +0000 commit c0832c75315d73c47d59b45f7ce271f4425d2f1d Author: Andrew Cooper AuthorDate: Wed Sep 8 14:46:04 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 8 14:46:04 2021 +0200 xen/domain: Fix label position in domain_teardown() As explained in the comments, a progress label wants to be before the function it refers to for the higher level logic to make sense. As it happens, the effects are benign because gnttab_mappings is immediately adjacent to teardown in terms of co-routine exit points. There is and will always be a corner case with 0. Help alleviate this visually (at least slightly) with a BUILD_BUG_ON() to ensure the property which makes this function do anything useful. There is also a visual corner case when changing from PROGRESS() to PROGRESS_VCPU(). The important detail is to check that there is a "return rc;" logically between each PROGRESS*() marker. Fixes: b1ee10be5625 ("gnttab: add preemption check to gnttab_release_mappings()") Signed-off-by: Andrew Cooper Acked-by: Jan Beulich master commit: 8064488062641ae505b2a7369611c38057a7788b master date: 2021-08-27 15:12:05 +0100 --- xen/common/domain.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/xen/common/domain.c b/xen/common/domain.c index dabb15a06c..fe39fb9177 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -419,11 +419,13 @@ static int domain_teardown(struct domain *d) }; case PROG_none: + BUILD_BUG_ON(PROG_none != 0); + + PROGRESS(gnttab_mappings): rc = gnttab_release_mappings(d); if ( rc ) return rc; - PROGRESS(gnttab_mappings): for_each_vcpu ( d, v ) { PROGRESS_VCPU(teardown); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 12:29:09 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 12:29:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183189.331219 (Exim 4.92) (envelope-from ) id 1mOJAz-0000Y7-8s; Thu, 09 Sep 2021 12:29:09 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183189.331219; Thu, 09 Sep 2021 12:29:09 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJAz-0000Xz-5r; Thu, 09 Sep 2021 12:29:09 +0000 Received: by outflank-mailman (input) for mailman id 183189; Thu, 09 Sep 2021 12:29:08 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJAx-0000Xk-V8 for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:29:07 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJAx-0005aJ-UH for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:29:07 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOJAx-0004rV-TQ for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:29:07 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=2dzCHZHoisEZhe8OXo6UCiz8LbABQPTyGvxeVqpbSYY=; b=g63EZu75WqBDvEBauIy4G93Bw5 EFIb5p86mqIbrD852LGIH26C+2WDH8hwnrGrSU4h/dEg1HDkWEd7vT5Wf67/X26f7qLydx2zPuyyZ CHdUviEboz7gkba8a0WqIua4Q7c9Pmbx5sxbzW8S13yCYcTTNHn6s0F99/bQcbKfXwls=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/PVH: de-duplicate mappings for first Mb of Dom0 memory Message-Id: Date: Thu, 09 Sep 2021 12:29:07 +0000 commit 5a8b51e1ccad2c8528c78ab67ce5242d1641f112 Author: Jan Beulich AuthorDate: Wed Sep 8 14:46:30 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 8 14:46:30 2021 +0200 x86/PVH: de-duplicate mappings for first Mb of Dom0 memory One of the changes comprising the fixes for XSA-378 disallows replacing MMIO mappings by code paths not intended for this purpose. This means we need to be more careful about the mappings put in place in this range - mappings should be created exactly once: - iommu_hwdom_init() comes first; it should avoid the first Mb, - pvh_populate_p2m() should insert identity mappings only into ranges not populated as RAM, - pvh_setup_acpi() should again avoid the first Mb, which was already dealt with at that point. Fixes: 753cb68e6530 ("x86/p2m: guard (in particular) identity mapping entries") Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: 6b4f6a31ace125d658a581e8d10809e4fccdc272 master date: 2021-08-31 17:43:36 +0200 --- xen/arch/x86/hvm/dom0_build.c | 39 ++++++++++++++++++++++++++----------- xen/drivers/passthrough/x86/iommu.c | 8 +++++++- 2 files changed, 35 insertions(+), 12 deletions(-) diff --git a/xen/arch/x86/hvm/dom0_build.c b/xen/arch/x86/hvm/dom0_build.c index 878dc1d808..01b1356bd2 100644 --- a/xen/arch/x86/hvm/dom0_build.c +++ b/xen/arch/x86/hvm/dom0_build.c @@ -430,17 +430,6 @@ static int __init pvh_populate_p2m(struct domain *d) int rc; #define MB1_PAGES PFN_DOWN(MB(1)) - /* - * Memory below 1MB is identity mapped initially. RAM regions are - * populated and copied below, replacing the respective mappings. - */ - rc = modify_identity_mmio(d, 0, MB1_PAGES, true); - if ( rc ) - { - printk("Failed to identity map low 1MB: %d\n", rc); - return rc; - } - /* Populate memory map. */ for ( i = 0; i < d->arch.nr_e820; i++ ) { @@ -472,6 +461,23 @@ static int __init pvh_populate_p2m(struct domain *d) } } + /* Non-RAM regions of space below 1MB get identity mapped. */ + for ( i = rc = 0; i < MB1_PAGES; ++i ) + { + p2m_type_t p2mt; + + if ( mfn_eq(get_gfn_query(d, i, &p2mt), INVALID_MFN) ) + rc = set_mmio_p2m_entry(d, _gfn(i), _mfn(i), PAGE_ORDER_4K); + else + ASSERT(p2mt == p2m_ram_rw); + put_gfn(d, i); + if ( rc ) + { + printk("Failed to identity map PFN %x: %d\n", i, rc); + return rc; + } + } + if ( cpu_has_vmx && paging_mode_hap(d) && !vmx_unrestricted_guest(v) ) { /* @@ -1095,6 +1101,17 @@ static int __init pvh_setup_acpi(struct domain *d, paddr_t start_info) nr_pages = PFN_UP((d->arch.e820[i].addr & ~PAGE_MASK) + d->arch.e820[i].size); + /* Memory below 1MB has been dealt with by pvh_populate_p2m(). */ + if ( pfn < PFN_DOWN(MB(1)) ) + { + if ( pfn + nr_pages <= PFN_DOWN(MB(1)) ) + continue; + + /* This shouldn't happen, but is easy to deal with. */ + nr_pages -= PFN_DOWN(MB(1)) - pfn; + pfn = PFN_DOWN(MB(1)); + } + rc = modify_identity_mmio(d, pfn, nr_pages, true); if ( rc ) { diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index 21c14fab66..e83c6f2c61 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -336,7 +336,13 @@ void __hwdom_init arch_iommu_hwdom_init(struct domain *d) max_pfn = (GB(4) >> PAGE_SHIFT) - 1; top = max(max_pdx, pfn_to_pdx(max_pfn) + 1); - for ( i = 0; i < top; i++ ) + /* + * First Mb will get mapped in one go by pvh_populate_p2m(). Avoid + * setting up potentially conflicting mappings here. + */ + i = paging_mode_translate(d) ? PFN_DOWN(MB(1)) : 0; + + for ( ; i < top; i++ ) { unsigned long pfn = pdx_to_pfn(i); int rc; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 12:29:19 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 12:29:19 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183190.331223 (Exim 4.92) (envelope-from ) id 1mOJB9-0000b7-Al; Thu, 09 Sep 2021 12:29:19 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183190.331223; Thu, 09 Sep 2021 12:29:19 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJB9-0000av-7I; Thu, 09 Sep 2021 12:29:19 +0000 Received: by outflank-mailman (input) for mailman id 183190; Thu, 09 Sep 2021 12:29:18 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJB8-0000ac-2F for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:29:18 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJB8-0005aU-1W for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:29:18 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOJB8-0004s0-0m for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:29:18 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=yR6SOxXY3hrpcypv+ofewQ8jWv6Yu0VN3tF1m5rpXd4=; b=raoBh2T8jtGINsscbikwOkDD8L cjzrM2hirUElusKY/AewL2B8/MX8WeU6gaLiXSxDKt7ZFZHeF9PPHW1vc2pJbbKxC6OI8Vi7jwT39 NXU/VebGiEa2/E4147DpgY0bGOAgqq+0DIqC1rz1k2j+wub5kT0hv748D57hF0+n1/Lw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/P2M: relax guarding of MMIO entries Message-Id: Date: Thu, 09 Sep 2021 12:29:18 +0000 commit b6a2e26cd9931d1372ee737f68ee892356b91631 Author: Jan Beulich AuthorDate: Wed Sep 8 14:47:00 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 8 14:47:00 2021 +0200 x86/P2M: relax guarding of MMIO entries One of the changes comprising the fixes for XSA-378 disallows replacing MMIO mappings by code paths not intended for this purpose. At least in the case of PVH Dom0 hitting an RMRR covered by an E820 ACPI region, this is too strict. Generally short-circuit requests establishing the same kind of mapping (mfn, type), but allow permissions to differ. While there, also add a log message to the other domain_crash() invocation that did prevent PVH Dom0 from coming up after the XSA-378 changes. Fixes: 753cb68e6530 ("x86/p2m: guard (in particular) identity mapping entries") Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: 111469cc7b3f586c2335e70205320ed3c828b89e master date: 2021-09-07 09:39:38 +0200 --- xen/arch/x86/mm/p2m.c | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 3bdfc3f274..871f3a04e8 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -945,9 +945,13 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, if ( p2m_is_special(ot) ) { /* Don't permit unmapping grant/foreign/direct-MMIO this way. */ - domain_crash(d); p2m_unlock(p2m); - + printk(XENLOG_G_ERR + "%pd: GFN %#lx (%#lx,%u,%u) -> (%#lx,%u,%u) not permitted\n", + d, gfn_x(gfn) + i, + mfn_x(omfn), ot, a, + mfn_x(mfn) + i, t, p2m->default_access); + domain_crash(d); return -EPERM; } else if ( p2m_is_ram(ot) && !p2m_is_paged(ot) ) @@ -1291,9 +1295,24 @@ static int set_typed_p2m_entry(struct domain *d, unsigned long gfn_l, } if ( p2m_is_special(ot) ) { - gfn_unlock(p2m, gfn, order); - domain_crash(d); - return -EPERM; + /* Special-case (almost) identical mappings. */ + if ( !mfn_eq(mfn, omfn) || gfn_p2mt != ot ) + { + gfn_unlock(p2m, gfn, order); + printk(XENLOG_G_ERR + "%pd: GFN %#lx (%#lx,%u,%u,%u) -> (%#lx,%u,%u,%u) not permitted\n", + d, gfn_l, + mfn_x(omfn), cur_order, ot, a, + mfn_x(mfn), order, gfn_p2mt, access); + domain_crash(d); + return -EPERM; + } + + if ( access == a ) + { + gfn_unlock(p2m, gfn, order); + return 0; + } } else if ( p2m_is_ram(ot) ) { -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 12:29:29 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 12:29:29 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183192.331227 (Exim 4.92) (envelope-from ) id 1mOJBJ-0000eS-Bm; Thu, 09 Sep 2021 12:29:29 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183192.331227; Thu, 09 Sep 2021 12:29:29 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJBJ-0000eK-8o; Thu, 09 Sep 2021 12:29:29 +0000 Received: by outflank-mailman (input) for mailman id 183192; Thu, 09 Sep 2021 12:29:28 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJBI-0000e9-6F for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:29:28 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJBI-0005aj-5a for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:29:28 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOJBI-0004sX-4B for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:29:28 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=r4L4EvfIER8yc6enhs4v17bcTL7ofQl7/EZW8HrLuwM=; b=wk4XtdHDeQK84mxBLrne7/Vr0d 8yO/igjxiwxQUgJ0AQdxyAw0gXzVQm1mAoxelo+EG9HRkiy26LAfmmxCZcV+k7Hh+9LxVz/wV14Et 8bFedLiGtiERNtmYliej1xXUOPduwj3KAClYdKYWAnUkm+iOEb2s32ISj0ppZ3wV+JOo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/p2m-pt: fix p2m_flags_to_access() Message-Id: Date: Thu, 09 Sep 2021 12:29:28 +0000 commit 60d5c31d999ed80159ad295dd5701cdf6173adff Author: Jan Beulich AuthorDate: Wed Sep 8 14:47:29 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 8 14:47:29 2021 +0200 x86/p2m-pt: fix p2m_flags_to_access() The initial if() was inverted, invalidating all output from this function. Which in turn means the mirroring of P2M mappings into the IOMMU didn't always work as intended: Mappings may have got updated when there was no need to. There would not have been too few (un)mappings; what saves us is that alongside the flags comparison MFNs also get compared, with non-present entries always having an MFN of 0 or INVALID_MFN while present entries always have MFNs different from these two (0 in the table also meant to cover INVALID_MFN): OLD NEW P W access MFN P W access MFN 0 0 r 0 0 0 n 0 0 1 rw 0 0 1 n 0 1 0 n non-0 1 0 r non-0 1 1 n non-0 1 1 rw non-0 present <-> non-present transitions are fine because the MFNs differ. present -> present transitions as well as non-present -> non-present ones are potentially causing too many map/unmap operations, but never too few, because in that case old (bogus) and new access differ. Fixes: d1bb6c97c31e ("IOMMU: also pass p2m_access_t to p2m_get_iommu_flags()) Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: e70a9a043a5ce6d4025420f729bc473f711bf5d1 master date: 2021-09-07 14:24:49 +0200 --- xen/arch/x86/mm/p2m-pt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/mm/p2m-pt.c b/xen/arch/x86/mm/p2m-pt.c index 7d691e616d..5a0c0f5ace 100644 --- a/xen/arch/x86/mm/p2m-pt.c +++ b/xen/arch/x86/mm/p2m-pt.c @@ -548,7 +548,7 @@ int p2m_pt_handle_deferred_changes(uint64_t gpa) /* Reconstruct a fake p2m_access_t from stored PTE flags. */ static p2m_access_t p2m_flags_to_access(unsigned int flags) { - if ( flags & _PAGE_PRESENT ) + if ( !(flags & _PAGE_PRESENT) ) return p2m_access_n; /* No need to look at _PAGE_NX for now. */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 12:29:39 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 12:29:39 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183194.331231 (Exim 4.92) (envelope-from ) id 1mOJBT-0000h3-DG; Thu, 09 Sep 2021 12:29:39 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183194.331231; Thu, 09 Sep 2021 12:29:39 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJBT-0000gy-AD; Thu, 09 Sep 2021 12:29:39 +0000 Received: by outflank-mailman (input) for mailman id 183194; Thu, 09 Sep 2021 12:29:38 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJBS-0000gc-A0 for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:29:38 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOJBS-0005az-9N for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:29:38 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOJBS-0004tV-8Y for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 12:29:38 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=A/SrEJ4lkfXv7mZZyQ+YCguscYnCncEixe9vmIRazVw=; b=dlCJQExqDbwJawiHwN3MGfnwy2 pPGYtl8EVIAPrmZzGHKrvzdxpUsHr+BZPefwTVF9Agb8+xrnyHPaIyNQKh6Sb5TV2hjbvP8naAELO Wei5njj51VG+t+hxWPx5a5HS6Veh35OnZf9R49Koc0NvUqYy8esTh/QnEzd3SWh1n73o=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] gnttab: deal with status frame mapping race Message-Id: Date: Thu, 09 Sep 2021 12:29:38 +0000 commit 6f92f38419d6bd052da9076a7d89534b1f85ded9 Author: Jan Beulich AuthorDate: Wed Sep 8 14:48:32 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 8 14:48:32 2021 +0200 gnttab: deal with status frame mapping race Once gnttab_map_frame() drops the grant table lock, the MFN it reports back to its caller is free to other manipulation. In particular gnttab_unpopulate_status_frames() might free it, by a racing request on another CPU, thus resulting in a reference to a deallocated page getting added to a domain's P2M. Obtain a page reference in gnttab_map_frame() to prevent freeing of the page until xenmem_add_to_physmap_one() has actually completed its acting on the page. Do so uniformly, even if only strictly required for v2 status pages, to avoid extra conditionals (which then would all need to be kept in sync going forward). This is CVE-2021-28701 / XSA-384. Reported-by: Julien Grall Signed-off-by: Jan Beulich Reviewed-by: Julien Grall master commit: eb6bbf7b30da5bae87932514d54d0e3c68b23757 master date: 2021-09-08 14:37:45 +0200 --- xen/arch/arm/mm.c | 11 ++++++++--- xen/arch/x86/mm/p2m.c | 2 ++ xen/common/grant_table.c | 11 ++++++++++- 3 files changed, 20 insertions(+), 4 deletions(-) diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c index 59f8a3f15f..955b8a9337 100644 --- a/xen/arch/arm/mm.c +++ b/xen/arch/arm/mm.c @@ -1420,6 +1420,8 @@ int xenmem_add_to_physmap_one( if ( rc ) return rc; + /* Need to take care of the reference obtained in gnttab_map_frame(). */ + page = mfn_to_page(mfn); t = p2m_ram_rw; break; @@ -1487,9 +1489,12 @@ int xenmem_add_to_physmap_one( /* Map at new location. */ rc = guest_physmap_add_entry(d, gfn, mfn, 0, t); - /* If we fail to add the mapping, we need to drop the reference we - * took earlier on foreign pages */ - if ( rc && space == XENMAPSPACE_gmfn_foreign ) + /* + * For XENMAPSPACE_gmfn_foreign if we failed to add the mapping, we need + * to drop the reference we took earlier. In all other cases we need to + * drop any reference we took earlier (perhaps indirectly). + */ + if ( space == XENMAPSPACE_gmfn_foreign ? rc : page != NULL ) { ASSERT(page != NULL); put_page(page); diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 871f3a04e8..9936142917 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -2719,6 +2719,8 @@ int xenmem_add_to_physmap_one( rc = gnttab_map_frame(d, idx, gpfn, &mfn); if ( rc ) return rc; + /* Need to take care of the reference obtained in gnttab_map_frame(). */ + page = mfn_to_page(mfn); break; case XENMAPSPACE_gmfn: diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index fd66863abc..6f50e9de51 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -4166,7 +4166,16 @@ int gnttab_map_frame(struct domain *d, unsigned long idx, gfn_t gfn, mfn_t *mfn) } if ( !rc ) - gnttab_set_frame_gfn(gt, status, idx, gfn); + { + /* + * Make sure gnttab_unpopulate_status_frames() won't (successfully) + * free the page until our caller has completed its operation. + */ + if ( get_page(mfn_to_page(*mfn), d) ) + gnttab_set_frame_gfn(gt, status, idx, gfn); + else + rc = -EBUSY; + } grant_write_unlock(gt); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 20:55:09 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 20:55:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183535.331766 (Exim 4.92) (envelope-from ) id 1mOR4Z-0001ka-KC; Thu, 09 Sep 2021 20:55:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183535.331766; Thu, 09 Sep 2021 20:55:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOR4Z-0001kS-H4; Thu, 09 Sep 2021 20:55:03 +0000 Received: by outflank-mailman (input) for mailman id 183535; Thu, 09 Sep 2021 20:55:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOR4Y-0001kM-DM for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 20:55:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOR4Y-0006oR-6j for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 20:55:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOR4Y-0001So-5R for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 20:55:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=9unSVempXPNCg5o5S61niRTT/vWuL8LQZHvwuthq1PI=; b=cliszBIZr5apD31uDTkp7GeImy YIfv82VOUTvrHZTFyq0lHttDph+wiLbIkJ/Z1gSxGorbiBjSGWdQQmx18A2XMHMkCswqNJsgRxr0R Y2B/9xrw3Yb9dOmN6skNFg4TzmsK5KK6RM811ECVUuRdn279gEdXqAM06U6YnUE5mvdE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] gnttab: deal with status frame mapping race Message-Id: Date: Thu, 09 Sep 2021 20:55:02 +0000 commit eb6bbf7b30da5bae87932514d54d0e3c68b23757 Author: Jan Beulich AuthorDate: Wed Sep 8 14:37:45 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 8 14:37:45 2021 +0200 gnttab: deal with status frame mapping race Once gnttab_map_frame() drops the grant table lock, the MFN it reports back to its caller is free to other manipulation. In particular gnttab_unpopulate_status_frames() might free it, by a racing request on another CPU, thus resulting in a reference to a deallocated page getting added to a domain's P2M. Obtain a page reference in gnttab_map_frame() to prevent freeing of the page until xenmem_add_to_physmap_one() has actually completed its acting on the page. Do so uniformly, even if only strictly required for v2 status pages, to avoid extra conditionals (which then would all need to be kept in sync going forward). This is CVE-2021-28701 / XSA-384. Reported-by: Julien Grall Signed-off-by: Jan Beulich Reviewed-by: Julien Grall --- xen/arch/arm/mm.c | 11 ++++++++--- xen/arch/x86/mm/p2m.c | 2 ++ xen/common/grant_table.c | 11 ++++++++++- 3 files changed, 20 insertions(+), 4 deletions(-) diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c index 0e07335291..eea926d823 100644 --- a/xen/arch/arm/mm.c +++ b/xen/arch/arm/mm.c @@ -1420,6 +1420,8 @@ int xenmem_add_to_physmap_one( if ( rc ) return rc; + /* Need to take care of the reference obtained in gnttab_map_frame(). */ + page = mfn_to_page(mfn); t = p2m_ram_rw; break; @@ -1487,9 +1489,12 @@ int xenmem_add_to_physmap_one( /* Map at new location. */ rc = guest_physmap_add_entry(d, gfn, mfn, 0, t); - /* If we fail to add the mapping, we need to drop the reference we - * took earlier on foreign pages */ - if ( rc && space == XENMAPSPACE_gmfn_foreign ) + /* + * For XENMAPSPACE_gmfn_foreign if we failed to add the mapping, we need + * to drop the reference we took earlier. In all other cases we need to + * drop any reference we took earlier (perhaps indirectly). + */ + if ( space == XENMAPSPACE_gmfn_foreign ? rc : page != NULL ) { ASSERT(page != NULL); put_page(page); diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 0be252cc4b..674a6f4fe9 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -2745,6 +2745,8 @@ int xenmem_add_to_physmap_one( rc = gnttab_map_frame(d, idx, gpfn, &mfn); if ( rc ) return rc; + /* Need to take care of the reference obtained in gnttab_map_frame(). */ + page = mfn_to_page(mfn); break; case XENMAPSPACE_gmfn: diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index ee61603a97..e80f8d044d 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -4153,7 +4153,16 @@ int gnttab_map_frame(struct domain *d, unsigned long idx, gfn_t gfn, mfn_t *mfn) } if ( !rc ) - gnttab_set_frame_gfn(gt, status, idx, gfn); + { + /* + * Make sure gnttab_unpopulate_status_frames() won't (successfully) + * free the page until our caller has completed its operation. + */ + if ( get_page(mfn_to_page(*mfn), d) ) + gnttab_set_frame_gfn(gt, status, idx, gfn); + else + rc = -EBUSY; + } grant_write_unlock(gt); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 20:55:13 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 20:55:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183536.331770 (Exim 4.92) (envelope-from ) id 1mOR4j-0001mo-Mz; Thu, 09 Sep 2021 20:55:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183536.331770; Thu, 09 Sep 2021 20:55:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOR4j-0001mg-Jx; Thu, 09 Sep 2021 20:55:13 +0000 Received: by outflank-mailman (input) for mailman id 183536; Thu, 09 Sep 2021 20:55:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOR4i-0001mV-BP for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 20:55:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOR4i-0006q5-AZ for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 20:55:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOR4i-0001U7-9T for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 20:55:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=pwz4dPESds5PC6v/7wZbtqQk3FDw2E3ds4RbtwNw8SY=; b=qwBmIuJdsw3EVLJBa1BuyNCd1C LLrR3r+vkruilsR3unZyFzFtKDtUz7kdqAIN9W5oSZBRWTLHPHWfh7RV81RiX5jOPEtBkekQ0pSU5 aL8nUGfYKAc5pUbG446EGZFd0V8J/Nr0b2jG3yjZmBjlhJWGFFYMPD/5cGeX4bW1EAYM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] domain: try to address Coverity pointing out a missing "break" in domain_teardown() Message-Id: Date: Thu, 09 Sep 2021 20:55:12 +0000 commit 7429e08d9c1cabec3ce1c7c246fb711f6e225275 Author: Jan Beulich AuthorDate: Wed Sep 8 14:38:33 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 8 14:38:33 2021 +0200 domain: try to address Coverity pointing out a missing "break" in domain_teardown() Commit 806448806264 ("xen/domain: Fix label position in domain_teardown()" has caused Coverity to report a _new_ supposedly un-annotated fall-through in a switch(). I find this (once again) puzzling; I'm having an increasingly hard time figuring what patterns the tool is actually after. I would have expected that the tool would either have spotted an issue also before this change, or not at all. Yet if it had spotted one before, the statistics report should have included an eliminated instance alongside the new one (because then the issue would simply have moved by a few lines). Hence the only thing I could guess is that the treatment of comments in macro expansions might be subtly different. Therefore try whether switching the comments to the still relatively new "fallthrough" pseudo keyword actually helps. Coverity-ID: 1490865 Signed-off-by: Jan Beulich Reviewed-by: Bertrand Marquis Acked-by: Julien Grall --- xen/common/domain.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/common/domain.c b/xen/common/domain.c index 0d3385ad5a..6ee5d033b0 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -401,13 +401,13 @@ static int domain_teardown(struct domain *d) */ #define PROGRESS(x) \ d->teardown.val = PROG_ ## x; \ - /* Fallthrough */ \ + fallthrough; \ case PROG_ ## x #define PROGRESS_VCPU(x) \ d->teardown.val = PROG_vcpu_ ## x; \ d->teardown.vcpu = v; \ - /* Fallthrough */ \ + fallthrough; \ case PROG_vcpu_ ## x: \ v = d->teardown.vcpu -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 20:55:23 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 20:55:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183537.331774 (Exim 4.92) (envelope-from ) id 1mOR4t-0001pt-OE; Thu, 09 Sep 2021 20:55:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183537.331774; Thu, 09 Sep 2021 20:55:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOR4t-0001pl-LQ; Thu, 09 Sep 2021 20:55:23 +0000 Received: by outflank-mailman (input) for mailman id 183537; Thu, 09 Sep 2021 20:55:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOR4s-0001pW-FF for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 20:55:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOR4s-0006qN-EM for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 20:55:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOR4s-0001V3-DM for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 20:55:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=G4uPWIflOSG3ViULbOzJIbFb0gzWvZ1LgRs2JygvZnA=; b=ysIc2WK+j6bdpzTqyiDl4p1zYx 07ngbvyZUniqsEc4EKG3SIe5/qt2lA6hclXAZXe3lReffjugZCiTr5CnrL6g0coS5stRqaVD00zWv g1hOK0N09nlYJq32dhq8ztvWW3hZseTSKkVMtoTywi/uA2pkyBddPc+2j1c/gqlP3+Go=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/cpuid: detect null segment behaviour on Zen2 CPUs Message-Id: Date: Thu, 09 Sep 2021 20:55:22 +0000 commit 5074b0c1c048ce7af3f33ab0885c610b7b2fcea0 Author: Jane Malalane AuthorDate: Wed Sep 8 14:39:18 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 8 14:39:18 2021 +0200 x86/cpuid: detect null segment behaviour on Zen2 CPUs All Zen2 CPUs actually have this behaviour, but the CPUID bit couldn't be introduced into Zen2 due to a lack of leaves. So, it was added in a new leaf in Zen3. Nonetheless, hypervisors can synthesize the CPUID bit in software. So, Xen probes for NSCB (NullSelectorClearsBit) and synthesizes the bit, if the behaviour is present. Suggested-by: Andrew Cooper Signed-off-by: Jane Malalane Reviewed-by: Jan Beulich --- xen/arch/x86/cpu/amd.c | 18 ++++++++++++++++++ xen/arch/x86/cpu/cpu.h | 1 + xen/arch/x86/cpu/hygon.c | 5 +++++ xen/include/asm-x86/cpufeature.h | 1 + 4 files changed, 25 insertions(+) diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index 2260eef3aa..cb12861481 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -681,6 +681,19 @@ void amd_init_lfence(struct cpuinfo_x86 *c) c->x86_capability); } +void __init detect_zen2_null_seg_behaviour(void) +{ + uint64_t base; + + wrmsrl(MSR_FS_BASE, 1); + asm volatile ( "mov %0, %%fs" :: "rm" (0) ); + rdmsrl(MSR_FS_BASE, base); + + if (base == 0) + setup_force_cpu_cap(X86_FEATURE_NSCB); + +} + static void init_amd(struct cpuinfo_x86 *c) { u32 l, h; @@ -731,6 +744,11 @@ static void init_amd(struct cpuinfo_x86 *c) else /* Implicily "== 0x10 || >= 0x12" by being 64bit. */ amd_init_lfence(c); + /* Probe for NSCB on Zen2 CPUs when not virtualised */ + if (!cpu_has_hypervisor && !cpu_has_nscb && c == &boot_cpu_data && + c->x86 == 0x17) + detect_zen2_null_seg_behaviour(); + /* * If the user has explicitly chosen to disable Memory Disambiguation * to mitigiate Speculative Store Bypass, poke the appropriate MSR. diff --git a/xen/arch/x86/cpu/cpu.h b/xen/arch/x86/cpu/cpu.h index 1ac3b2867a..0dd1b762ff 100644 --- a/xen/arch/x86/cpu/cpu.h +++ b/xen/arch/x86/cpu/cpu.h @@ -21,3 +21,4 @@ extern bool detect_extended_topology(struct cpuinfo_x86 *c); void early_init_amd(struct cpuinfo_x86 *c); void amd_log_freq(const struct cpuinfo_x86 *c); void amd_init_lfence(struct cpuinfo_x86 *c); +void detect_zen2_null_seg_behaviour(void); diff --git a/xen/arch/x86/cpu/hygon.c b/xen/arch/x86/cpu/hygon.c index 67e23c5df9..d7a04af2bb 100644 --- a/xen/arch/x86/cpu/hygon.c +++ b/xen/arch/x86/cpu/hygon.c @@ -34,6 +34,11 @@ static void init_hygon(struct cpuinfo_x86 *c) amd_init_lfence(c); + /* Probe for NSCB on Zen2 CPUs when not virtualised */ + if (!cpu_has_hypervisor && !cpu_has_nscb && c == &boot_cpu_data && + c->x86 == 0x18) + detect_zen2_null_seg_behaviour(); + /* * If the user has explicitly chosen to disable Memory Disambiguation * to mitigiate Speculative Store Bypass, poke the appropriate MSR. diff --git a/xen/include/asm-x86/cpufeature.h b/xen/include/asm-x86/cpufeature.h index 5f6b83f71c..4faf9bff29 100644 --- a/xen/include/asm-x86/cpufeature.h +++ b/xen/include/asm-x86/cpufeature.h @@ -146,6 +146,7 @@ #define cpu_has_cpuid_faulting boot_cpu_has(X86_FEATURE_CPUID_FAULTING) #define cpu_has_aperfmperf boot_cpu_has(X86_FEATURE_APERFMPERF) #define cpu_has_lfence_dispatch boot_cpu_has(X86_FEATURE_LFENCE_DISPATCH) +#define cpu_has_nscb boot_cpu_has(X86_FEATURE_NSCB) #define cpu_has_xen_lbr boot_cpu_has(X86_FEATURE_XEN_LBR) #define cpu_has_xen_shstk boot_cpu_has(X86_FEATURE_XEN_SHSTK) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 20:55:33 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 20:55:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183540.331778 (Exim 4.92) (envelope-from ) id 1mOR53-0001tX-Q4; Thu, 09 Sep 2021 20:55:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183540.331778; Thu, 09 Sep 2021 20:55:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOR53-0001tP-Mw; Thu, 09 Sep 2021 20:55:33 +0000 Received: by outflank-mailman (input) for mailman id 183540; Thu, 09 Sep 2021 20:55:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOR52-0001tA-Is for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 20:55:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOR52-0006qd-Hw for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 20:55:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOR52-0001WC-H5 for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 20:55:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=AH0Q7qikkGk5TktOeiHHDI3MpYj1XOjiHYsB9GFjraM=; b=UJSJc3/W+LQeQ2EO7DjfavC4KE j138G9CKwY4Joxb9DQ0u+Lt1tD6cZVVdxawRUM3czKIBvwOSXxoJBiNqI+AyO4rUw201ovPCg0REx +bU9rFp2kzC/geXrIAK41qs0wmCqRPDq/2aLgECjjbfpaEf7mZu+DQdO0mb2fubi9wNI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] build: set policy filename on make command line Message-Id: Date: Thu, 09 Sep 2021 20:55:32 +0000 commit c81e7efe2146c8f381fbdbb037b9d46866a6451e Author: Anthony PERARD AuthorDate: Wed Sep 8 14:40:00 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 8 14:40:00 2021 +0200 build: set policy filename on make command line In order to avoid flask/Makefile.common calling `make xenversion`, we override POLICY_FILENAME with the value we are going to use anyway. Signed-off-by: Anthony PERARD Acked-by: Jan Beulich --- xen/xsm/flask/Makefile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/xen/xsm/flask/Makefile b/xen/xsm/flask/Makefile index 637159ad82..af95697ed9 100644 --- a/xen/xsm/flask/Makefile +++ b/xen/xsm/flask/Makefile @@ -42,7 +42,9 @@ FLASK_BUILD_DIR := $(CURDIR) POLICY_SRC := $(FLASK_BUILD_DIR)/xenpolicy-$(XEN_FULLVERSION) policy.bin: FORCE - $(MAKE) -f $(XEN_ROOT)/tools/flask/policy/Makefile.common -C $(XEN_ROOT)/tools/flask/policy FLASK_BUILD_DIR=$(FLASK_BUILD_DIR) + $(MAKE) -f $(XEN_ROOT)/tools/flask/policy/Makefile.common \ + -C $(XEN_ROOT)/tools/flask/policy \ + FLASK_BUILD_DIR=$(FLASK_BUILD_DIR) POLICY_FILENAME=$(POLICY_SRC) cmp -s $(POLICY_SRC) $@ || cp $(POLICY_SRC) $@ .PHONY: clean -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 20:55:43 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 20:55:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183542.331782 (Exim 4.92) (envelope-from ) id 1mOR5D-0001wj-RW; Thu, 09 Sep 2021 20:55:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183542.331782; Thu, 09 Sep 2021 20:55:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOR5D-0001wa-OV; Thu, 09 Sep 2021 20:55:43 +0000 Received: by outflank-mailman (input) for mailman id 183542; Thu, 09 Sep 2021 20:55:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOR5C-0001wM-MX for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 20:55:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOR5C-0006qq-Ld for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 20:55:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOR5C-0001XG-KZ for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 20:55:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=XD3hjiW85Za8JCtc/uUrqHRUEcpj67q8enclxmCQmrI=; b=QDHo1v6Kt5ZGWukk+g4tIly2FB PE2o/83vSybHncLI5SgUWVncYFZEWmhXJlbETIyoCOoeXuu5cJPqFMqJAfCgxweqsRg8Twuk0KcDd QKvIlP22eWWjSYT8YTTcn47vsPiq7wVQK6X7A61qkpLFu3jFX/61B/U4F2Csa5XLsqrg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/spec-ctrl: Split the "Hardware features" diagnostic line Message-Id: Date: Thu, 09 Sep 2021 20:55:42 +0000 commit 565ebcda976c05b0c6191510d5e32b621a2b1867 Author: Andrew Cooper AuthorDate: Thu Jul 29 11:59:22 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Sep 8 14:16:19 2021 +0100 x86/spec-ctrl: Split the "Hardware features" diagnostic line Separate the read-only hints from the features requiring active actions on Xen's behalf. Also take the opportunity split the IBRS/IBPB and IBPB mess. More features with overlapping enumeration are on the way, and and it is not useful to split them like this. No practical change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/spec_ctrl.c | 41 ++++++++++++++++++++++++----------------- 1 file changed, 24 insertions(+), 17 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 750110e9df..c310a7f6ac 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -317,23 +317,30 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) printk("Speculative mitigation facilities:\n"); - /* Hardware features which pertain to speculative mitigations. */ - printk(" Hardware features:%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n", - (_7d0 & cpufeat_mask(X86_FEATURE_IBRSB)) ? " IBRS/IBPB" : "", - (_7d0 & cpufeat_mask(X86_FEATURE_STIBP)) ? " STIBP" : "", - (_7d0 & cpufeat_mask(X86_FEATURE_L1D_FLUSH)) ? " L1D_FLUSH" : "", - (_7d0 & cpufeat_mask(X86_FEATURE_SSBD)) ? " SSBD" : "", - (_7d0 & cpufeat_mask(X86_FEATURE_MD_CLEAR)) ? " MD_CLEAR" : "", - (_7d0 & cpufeat_mask(X86_FEATURE_SRBDS_CTRL)) ? " SRBDS_CTRL" : "", - (e8b & cpufeat_mask(X86_FEATURE_IBPB)) ? " IBPB" : "", - (caps & ARCH_CAPS_IBRS_ALL) ? " IBRS_ALL" : "", - (caps & ARCH_CAPS_RDCL_NO) ? " RDCL_NO" : "", - (caps & ARCH_CAPS_RSBA) ? " RSBA" : "", - (caps & ARCH_CAPS_SKIP_L1DFL) ? " SKIP_L1DFL": "", - (caps & ARCH_CAPS_SSB_NO) ? " SSB_NO" : "", - (caps & ARCH_CAPS_MDS_NO) ? " MDS_NO" : "", - (caps & ARCH_CAPS_TSX_CTRL) ? " TSX_CTRL" : "", - (caps & ARCH_CAPS_TAA_NO) ? " TAA_NO" : ""); + /* + * Hardware read-only information, stating immunity to certain issues, or + * suggestions of which mitigation to use. + */ + printk(" Hardware hints:%s%s%s%s%s%s%s\n", + (caps & ARCH_CAPS_RDCL_NO) ? " RDCL_NO" : "", + (caps & ARCH_CAPS_IBRS_ALL) ? " IBRS_ALL" : "", + (caps & ARCH_CAPS_RSBA) ? " RSBA" : "", + (caps & ARCH_CAPS_SKIP_L1DFL) ? " SKIP_L1DFL" : "", + (caps & ARCH_CAPS_SSB_NO) ? " SSB_NO" : "", + (caps & ARCH_CAPS_MDS_NO) ? " MDS_NO" : "", + (caps & ARCH_CAPS_TAA_NO) ? " TAA_NO" : ""); + + /* Hardware features which need driving to mitigate issues. */ + printk(" Hardware features:%s%s%s%s%s%s%s%s\n", + (e8b & cpufeat_mask(X86_FEATURE_IBPB)) || + (_7d0 & cpufeat_mask(X86_FEATURE_IBRSB)) ? " IBPB" : "", + (_7d0 & cpufeat_mask(X86_FEATURE_IBRSB)) ? " IBRS" : "", + (_7d0 & cpufeat_mask(X86_FEATURE_STIBP)) ? " STIBP" : "", + (_7d0 & cpufeat_mask(X86_FEATURE_SSBD)) ? " SSBD" : "", + (_7d0 & cpufeat_mask(X86_FEATURE_L1D_FLUSH)) ? " L1D_FLUSH" : "", + (_7d0 & cpufeat_mask(X86_FEATURE_MD_CLEAR)) ? " MD_CLEAR" : "", + (_7d0 & cpufeat_mask(X86_FEATURE_SRBDS_CTRL)) ? " SRBDS_CTRL" : "", + (caps & ARCH_CAPS_TSX_CTRL) ? " TSX_CTRL" : ""); /* Compiled-in support which pertains to mitigations. */ if ( IS_ENABLED(CONFIG_INDIRECT_THUNK) || IS_ENABLED(CONFIG_SHADOW_PAGING) ) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 20:55:53 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 20:55:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183544.331786 (Exim 4.92) (envelope-from ) id 1mOR5N-0001zk-Sv; Thu, 09 Sep 2021 20:55:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183544.331786; Thu, 09 Sep 2021 20:55:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOR5N-0001zc-Q1; Thu, 09 Sep 2021 20:55:53 +0000 Received: by outflank-mailman (input) for mailman id 183544; Thu, 09 Sep 2021 20:55:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOR5M-0001zM-QH for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 20:55:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOR5M-0006rA-PT for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 20:55:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOR5M-0001Y9-OU for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 20:55:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=p3QqMfWfX/WxxJx/k2vnyQb2K7b2w/v3fn2ZwQNQbEg=; b=1+lXRVqXNDIx+jp0M06pXzIvNH t2Owd+p3ODC/p8a3NfZpr0X1lrSBTQBqcJugVTSTQM/bf6xKH8gzBmPI5lXqYqqfXbU+sTKR0OTPa Fuy71HW6ABe3Fg+hkfzv3tUOIssMKAbKZxfiN1W50iMQgN/zrUjqXz2T5ymhPGdbj+nY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/amd: Enumeration for speculative features/hints Message-Id: Date: Thu, 09 Sep 2021 20:55:52 +0000 commit 747424c664bb164a04e7a9f2ffbf02d4a1630d7d Author: Andrew Cooper AuthorDate: Mon Jul 12 15:13:32 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Sep 8 14:16:19 2021 +0100 x86/amd: Enumeration for speculative features/hints There is a step change in speculation protections between the Zen1 and Zen2 microarchitectures. Zen1 and older have no special support. Control bits in non-architectural MSRs are used to make lfence be dispatch-serialising (Spectre v1), and to disable Memory Disambiguation (Speculative Store Bypass). IBPB was retrofitted in a microcode update, and software methods are required for Spectre v2 protections. Because the bit controlling Memory Disambiguation is model specific, hypervisors are expected to expose a MSR_VIRT_SPEC_CTRL interface which abstracts the model specific details. Zen2 and later implement the MSR_SPEC_CTRL interface in hardware, and virtualise the interface for HVM guests to use. A number of hint bits are specified too to help guide OS software to the most efficient mitigation strategy. Zen3 introduced a new feature, Predictive Store Forwarding, along with a control to disable it in sensitive code. Add CPUID and VMCB details for all the new functionality. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- tools/libs/light/libxl_cpuid.c | 10 ++++++++++ tools/misc/xen-cpuid.c | 8 +++++++- xen/arch/x86/hvm/svm/svm.c | 1 + xen/arch/x86/hvm/svm/vmcb.c | 1 + xen/include/asm-x86/cpufeature.h | 5 +++++ xen/include/asm-x86/hvm/svm/svm.h | 2 ++ xen/include/asm-x86/hvm/svm/vmcb.h | 4 +++- xen/include/asm-x86/msr-index.h | 3 +++ xen/include/public/arch-x86/cpufeatureset.h | 10 ++++++++++ 9 files changed, 42 insertions(+), 2 deletions(-) diff --git a/tools/libs/light/libxl_cpuid.c b/tools/libs/light/libxl_cpuid.c index d667c36f31..815498d4f3 100644 --- a/tools/libs/light/libxl_cpuid.c +++ b/tools/libs/light/libxl_cpuid.c @@ -274,8 +274,18 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str) {"rstr-fp-err-ptrs", 0x80000008, NA, CPUID_REG_EBX, 2, 1}, {"wbnoinvd", 0x80000008, NA, CPUID_REG_EBX, 9, 1}, {"ibpb", 0x80000008, NA, CPUID_REG_EBX, 12, 1}, + {"ibrs", 0x80000008, NA, CPUID_REG_EBX, 14, 1}, + {"amd-stibp", 0x80000008, NA, CPUID_REG_EBX, 15, 1}, + {"ibrs-always", 0x80000008, NA, CPUID_REG_EBX, 16, 1}, + {"stibp-always", 0x80000008, NA, CPUID_REG_EBX, 17, 1}, + {"ibrs-fast", 0x80000008, NA, CPUID_REG_EBX, 18, 1}, + {"ibrs-same-mode", 0x80000008, NA, CPUID_REG_EBX, 19, 1}, {"no-lmsl", 0x80000008, NA, CPUID_REG_EBX, 20, 1}, {"ppin", 0x80000008, NA, CPUID_REG_EBX, 23, 1}, + {"amd-ssbd", 0x80000008, NA, CPUID_REG_EBX, 24, 1}, + {"virt-ssbd", 0x80000008, NA, CPUID_REG_EBX, 25, 1}, + {"ssb-no", 0x80000008, NA, CPUID_REG_EBX, 26, 1}, + {"psfd", 0x80000008, NA, CPUID_REG_EBX, 28, 1}, {"nc", 0x80000008, NA, CPUID_REG_ECX, 0, 8}, {"apicidsize", 0x80000008, NA, CPUID_REG_ECX, 12, 4}, diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index d79e67ecfb..37989e4a12 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -148,12 +148,18 @@ static const char *const str_e8b[32] = [ 0] = "clzero", [ 2] = "rstr-fp-err-ptrs", - /* [ 8] */ [ 9] = "wbnoinvd", + /* [ 8] */ [ 9] = "wbnoinvd", [12] = "ibpb", + [14] = "ibrs", [15] = "amd-stibp", + [16] = "ibrs-always", [17] = "stibp-always", + [18] = "ibrs-fast", [19] = "ibrs-same-mode", [20] = "no-lmsl", /* [22] */ [23] = "ppin", + [24] = "amd-ssbd", [25] = "virt-ssbd", + [26] = "ssb-no", + [28] = "psfd", }; static const char *const str_7d0[32] = diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index 642a64b747..8dc92c8b9f 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -1659,6 +1659,7 @@ const struct hvm_function_table * __init start_svm(void) P(cpu_has_pause_thresh, "Pause-Intercept Filter Threshold"); P(cpu_has_tsc_ratio, "TSC Rate MSR"); P(cpu_has_svm_sss, "NPT Supervisor Shadow Stack"); + P(cpu_has_svm_spec_ctrl, "MSR_SPEC_CTRL virtualisation"); #undef P if ( !printed ) diff --git a/xen/arch/x86/hvm/svm/vmcb.c b/xen/arch/x86/hvm/svm/vmcb.c index 373d5d4af4..55da9302e5 100644 --- a/xen/arch/x86/hvm/svm/vmcb.c +++ b/xen/arch/x86/hvm/svm/vmcb.c @@ -271,6 +271,7 @@ static void __init __maybe_unused build_assertions(void) BUILD_BUG_ON(offsetof(typeof(vmcb), rsp) != 0x5d8); BUILD_BUG_ON(offsetof(typeof(vmcb), rax) != 0x5f8); BUILD_BUG_ON(offsetof(typeof(vmcb), _g_pat) != 0x668); + BUILD_BUG_ON(offsetof(typeof(vmcb), spec_ctrl) != 0x6e0); /* Check struct segment_register against the VMCB segment layout. */ BUILD_BUG_ON(sizeof(vmcb.es) != 16); diff --git a/xen/include/asm-x86/cpufeature.h b/xen/include/asm-x86/cpufeature.h index 4faf9bff29..94a485f99c 100644 --- a/xen/include/asm-x86/cpufeature.h +++ b/xen/include/asm-x86/cpufeature.h @@ -128,6 +128,11 @@ /* CPUID level 0x80000007.edx */ #define cpu_has_itsc boot_cpu_has(X86_FEATURE_ITSC) +/* CPUID level 0x80000008.ebx */ +#define cpu_has_amd_ssbd boot_cpu_has(X86_FEATURE_AMD_SSBD) +#define cpu_has_virt_ssbd boot_cpu_has(X86_FEATURE_VIRT_SSBD) +#define cpu_has_ssb_no boot_cpu_has(X86_FEATURE_SSB_NO) + /* CPUID level 0x00000007:0.edx */ #define cpu_has_avx512_4vnniw boot_cpu_has(X86_FEATURE_AVX512_4VNNIW) #define cpu_has_avx512_4fmaps boot_cpu_has(X86_FEATURE_AVX512_4FMAPS) diff --git a/xen/include/asm-x86/hvm/svm/svm.h b/xen/include/asm-x86/hvm/svm/svm.h index bee939156f..05e9685026 100644 --- a/xen/include/asm-x86/hvm/svm/svm.h +++ b/xen/include/asm-x86/hvm/svm/svm.h @@ -76,6 +76,7 @@ extern u32 svm_feature_flags; #define SVM_FEATURE_VLOADSAVE 15 /* virtual vmload/vmsave */ #define SVM_FEATURE_VGIF 16 /* Virtual GIF */ #define SVM_FEATURE_SSS 19 /* NPT Supervisor Shadow Stacks */ +#define SVM_FEATURE_SPEC_CTRL 20 /* MSR_SPEC_CTRL virtualisation */ #define cpu_has_svm_feature(f) (svm_feature_flags & (1u << (f))) #define cpu_has_svm_npt cpu_has_svm_feature(SVM_FEATURE_NPT) @@ -91,6 +92,7 @@ extern u32 svm_feature_flags; #define cpu_has_tsc_ratio cpu_has_svm_feature(SVM_FEATURE_TSCRATEMSR) #define cpu_has_svm_vloadsave cpu_has_svm_feature(SVM_FEATURE_VLOADSAVE) #define cpu_has_svm_sss cpu_has_svm_feature(SVM_FEATURE_SSS) +#define cpu_has_svm_spec_ctrl cpu_has_svm_feature(SVM_FEATURE_SPEC_CTRL) #define SVM_PAUSEFILTER_INIT 4000 #define SVM_PAUSETHRESH_INIT 1000 diff --git a/xen/include/asm-x86/hvm/svm/vmcb.h b/xen/include/asm-x86/hvm/svm/vmcb.h index 9e1e42f494..4fa2ddfb2f 100644 --- a/xen/include/asm-x86/hvm/svm/vmcb.h +++ b/xen/include/asm-x86/hvm/svm/vmcb.h @@ -521,7 +521,9 @@ struct vmcb_struct { u64 _lastbranchtoip; /* cleanbit 10 */ u64 _lastintfromip; /* cleanbit 10 */ u64 _lastinttoip; /* cleanbit 10 */ - u64 res17[301]; + u64 res17[9]; + u64 spec_ctrl; + u64 res18[291]; }; struct svm_domain { diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index a14841055f..903923e5a5 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -33,6 +33,7 @@ #define SPEC_CTRL_IBRS (_AC(1, ULL) << 0) #define SPEC_CTRL_STIBP (_AC(1, ULL) << 1) #define SPEC_CTRL_SSBD (_AC(1, ULL) << 2) +#define SPEC_CTRL_PSFD (_AC(1, ULL) << 7) #define MSR_PRED_CMD 0x00000049 #define PRED_CMD_IBPB (_AC(1, ULL) << 0) @@ -137,6 +138,8 @@ #define VM_CR_INIT_REDIRECTION (_AC(1, ULL) << 1) #define VM_CR_SVM_DISABLE (_AC(1, ULL) << 4) +#define MSR_VIRT_SPEC_CTRL 0xc001011f /* Layout matches MSR_SPEC_CTRL */ + /* * Legacy MSR constants in need of cleanup. No new MSRs below this comment. */ diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index f0e5fabfed..f11d5439ae 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -255,8 +255,18 @@ XEN_CPUFEATURE(CLZERO, 8*32+ 0) /*A CLZERO instruction */ XEN_CPUFEATURE(RSTR_FP_ERR_PTRS, 8*32+ 2) /*A (F)X{SAVE,RSTOR} always saves/restores FPU Error pointers */ XEN_CPUFEATURE(WBNOINVD, 8*32+ 9) /* WBNOINVD instruction */ XEN_CPUFEATURE(IBPB, 8*32+12) /*A IBPB support only (no IBRS, used by AMD) */ +XEN_CPUFEATURE(IBRS, 8*32+14) /* MSR_SPEC_CTRL.IBRS */ +XEN_CPUFEATURE(AMD_STIBP, 8*32+15) /* MSR_SPEC_CTRL.STIBP */ +XEN_CPUFEATURE(IBRS_ALWAYS, 8*32+16) /* IBRS preferred always on */ +XEN_CPUFEATURE(STIBP_ALWAYS, 8*32+17) /* STIBP preferred always on */ +XEN_CPUFEATURE(IBRS_FAST, 8*32+18) /* IBRS preferred over software options */ +XEN_CPUFEATURE(IBRS_SAME_MODE, 8*32+19) /* IBRS provides same-mode protection */ XEN_CPUFEATURE(NO_LMSL, 8*32+20) /*S EFER.LMSLE no longer supported. */ XEN_CPUFEATURE(AMD_PPIN, 8*32+23) /* Protected Processor Inventory Number */ +XEN_CPUFEATURE(AMD_SSBD, 8*32+24) /* MSR_SPEC_CTRL.SSBD available */ +XEN_CPUFEATURE(VIRT_SSBD, 8*32+25) /* MSR_VIRT_SPEC_CTRL.SSBD */ +XEN_CPUFEATURE(SSB_NO, 8*32+26) /* Hardware not vulnerable to SSB */ +XEN_CPUFEATURE(PSFD, 8*32+28) /* MSR_SPEC_CTRL.PSFD */ /* Intel-defined CPU features, CPUID level 0x00000007:0.edx, word 9 */ XEN_CPUFEATURE(AVX512_4VNNIW, 9*32+ 2) /*A AVX512 Neural Network Instructions */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 20:56:04 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 20:56:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183546.331790 (Exim 4.92) (envelope-from ) id 1mOR5X-000239-Vy; Thu, 09 Sep 2021 20:56:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183546.331790; Thu, 09 Sep 2021 20:56:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOR5X-000231-Sv; Thu, 09 Sep 2021 20:56:03 +0000 Received: by outflank-mailman (input) for mailman id 183546; Thu, 09 Sep 2021 20:56:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOR5W-00022f-UD for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 20:56:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOR5W-0006ro-TL for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 20:56:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOR5W-0001ZN-SQ for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 20:56:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=CU6wZPvIbHGikSWXePfHB0RDAvAkyRU93eDazwWfTsw=; b=X5NwqccikrJGa4D49C8eUjmuoX F8O88iewtRSmH/BtgAbhn1tFPlc31UQlDY4w3fA3hxPZ2ZOtZnFFpJ1PTHGUu25XKMmxpg0YQG0hL NHUJZwHWC/MEC+X2wH6Zmu6df0M4GhZZ/QldeCWyFdIlRR/tqW2yVs3DAQvLWmyt/NQw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/amd: Use newer SSBD mechanisms if they exist Message-Id: Date: Thu, 09 Sep 2021 20:56:02 +0000 commit 2a4e6c4e4bea2e0bb720418c331ee28ff9c7632e Author: Andrew Cooper AuthorDate: Fri Nov 30 17:17:38 2018 +0000 Commit: Andrew Cooper CommitDate: Wed Sep 8 14:16:19 2021 +0100 x86/amd: Use newer SSBD mechanisms if they exist The opencoded legacy Memory Disambiguation logic in init_amd() neglected Fam19h for the Zen3 microarchitecture. Further more, all Zen2 based system have the architectural MSR_SPEC_CTRL and the SSBD bit within it, so shouldn't be using MSR_AMD64_LS_CFG. Implement the algorithm given in AMD's SSBD whitepaper, and leave a printk_once() behind in the case that no controls can be found. This now means that a user explicitly choosing `spec-ctrl=ssbd` will properly turn off Memory Disambiguation on Fam19h/Zen3 systems. This still remains a single system-wide setting (for now), and is not context switched between vCPUs. As such, it doesn't interact with Intel's use of MSR_SPEC_CTRL and default_xen_spec_ctrl (yet). Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/cpu/amd.c | 71 +++++++++++++++++++++++++++++++++++------------- xen/arch/x86/cpu/cpu.h | 1 + xen/arch/x86/cpu/hygon.c | 10 +------ xen/arch/x86/spec_ctrl.c | 5 +++- 4 files changed, 58 insertions(+), 29 deletions(-) diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index cb12861481..c4d84373a7 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -681,6 +681,56 @@ void amd_init_lfence(struct cpuinfo_x86 *c) c->x86_capability); } +/* + * Refer to the AMD Speculative Store Bypass whitepaper: + * https://developer.amd.com/wp-content/resources/124441_AMD64_SpeculativeStoreBypassDisable_Whitepaper_final.pdf + */ +void amd_init_ssbd(const struct cpuinfo_x86 *c) +{ + int bit = -1; + + if (cpu_has_ssb_no) + return; + + if (cpu_has_amd_ssbd) { + wrmsrl(MSR_SPEC_CTRL, opt_ssbd ? SPEC_CTRL_SSBD : 0); + return; + } + + if (cpu_has_virt_ssbd) { + wrmsrl(MSR_VIRT_SPEC_CTRL, opt_ssbd ? SPEC_CTRL_SSBD : 0); + return; + } + + switch (c->x86) { + case 0x15: bit = 54; break; + case 0x16: bit = 33; break; + case 0x17: + case 0x18: bit = 10; break; + } + + if (bit >= 0) { + uint64_t val, mask = 1ull << bit; + + if (rdmsr_safe(MSR_AMD64_LS_CFG, val) || + ({ + val &= ~mask; + if (opt_ssbd) + val |= mask; + false; + }) || + wrmsr_safe(MSR_AMD64_LS_CFG, val) || + ({ + rdmsrl(MSR_AMD64_LS_CFG, val); + (val & mask) != (opt_ssbd * mask); + })) + bit = -1; + } + + if (bit < 0) + printk_once(XENLOG_ERR "No SSBD controls available\n"); +} + void __init detect_zen2_null_seg_behaviour(void) { uint64_t base; @@ -744,30 +794,13 @@ static void init_amd(struct cpuinfo_x86 *c) else /* Implicily "== 0x10 || >= 0x12" by being 64bit. */ amd_init_lfence(c); + amd_init_ssbd(c); + /* Probe for NSCB on Zen2 CPUs when not virtualised */ if (!cpu_has_hypervisor && !cpu_has_nscb && c == &boot_cpu_data && c->x86 == 0x17) detect_zen2_null_seg_behaviour(); - /* - * If the user has explicitly chosen to disable Memory Disambiguation - * to mitigiate Speculative Store Bypass, poke the appropriate MSR. - */ - if (opt_ssbd) { - int bit = -1; - - switch (c->x86) { - case 0x15: bit = 54; break; - case 0x16: bit = 33; break; - case 0x17: bit = 10; break; - } - - if (bit >= 0 && !rdmsr_safe(MSR_AMD64_LS_CFG, value)) { - value |= 1ull << bit; - wrmsr_safe(MSR_AMD64_LS_CFG, value); - } - } - /* MFENCE stops RDTSC speculation */ if (!cpu_has_lfence_dispatch) __set_bit(X86_FEATURE_MFENCE_RDTSC, c->x86_capability); diff --git a/xen/arch/x86/cpu/cpu.h b/xen/arch/x86/cpu/cpu.h index 0dd1b762ff..b593bd85f0 100644 --- a/xen/arch/x86/cpu/cpu.h +++ b/xen/arch/x86/cpu/cpu.h @@ -21,4 +21,5 @@ extern bool detect_extended_topology(struct cpuinfo_x86 *c); void early_init_amd(struct cpuinfo_x86 *c); void amd_log_freq(const struct cpuinfo_x86 *c); void amd_init_lfence(struct cpuinfo_x86 *c); +void amd_init_ssbd(const struct cpuinfo_x86 *c); void detect_zen2_null_seg_behaviour(void); diff --git a/xen/arch/x86/cpu/hygon.c b/xen/arch/x86/cpu/hygon.c index d7a04af2bb..429d6601fc 100644 --- a/xen/arch/x86/cpu/hygon.c +++ b/xen/arch/x86/cpu/hygon.c @@ -33,21 +33,13 @@ static void init_hygon(struct cpuinfo_x86 *c) unsigned long long value; amd_init_lfence(c); + amd_init_ssbd(c); /* Probe for NSCB on Zen2 CPUs when not virtualised */ if (!cpu_has_hypervisor && !cpu_has_nscb && c == &boot_cpu_data && c->x86 == 0x18) detect_zen2_null_seg_behaviour(); - /* - * If the user has explicitly chosen to disable Memory Disambiguation - * to mitigiate Speculative Store Bypass, poke the appropriate MSR. - */ - if (opt_ssbd && !rdmsr_safe(MSR_AMD64_LS_CFG, value)) { - value |= 1ull << 10; - wrmsr_safe(MSR_AMD64_LS_CFG, value); - } - /* MFENCE stops RDTSC speculation */ if (!cpu_has_lfence_dispatch) __set_bit(X86_FEATURE_MFENCE_RDTSC, c->x86_capability); diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index c310a7f6ac..f0c67d41b8 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -326,20 +326,23 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (caps & ARCH_CAPS_IBRS_ALL) ? " IBRS_ALL" : "", (caps & ARCH_CAPS_RSBA) ? " RSBA" : "", (caps & ARCH_CAPS_SKIP_L1DFL) ? " SKIP_L1DFL" : "", + (e8b & cpufeat_mask(X86_FEATURE_SSB_NO)) || (caps & ARCH_CAPS_SSB_NO) ? " SSB_NO" : "", (caps & ARCH_CAPS_MDS_NO) ? " MDS_NO" : "", (caps & ARCH_CAPS_TAA_NO) ? " TAA_NO" : ""); /* Hardware features which need driving to mitigate issues. */ - printk(" Hardware features:%s%s%s%s%s%s%s%s\n", + printk(" Hardware features:%s%s%s%s%s%s%s%s%s\n", (e8b & cpufeat_mask(X86_FEATURE_IBPB)) || (_7d0 & cpufeat_mask(X86_FEATURE_IBRSB)) ? " IBPB" : "", (_7d0 & cpufeat_mask(X86_FEATURE_IBRSB)) ? " IBRS" : "", (_7d0 & cpufeat_mask(X86_FEATURE_STIBP)) ? " STIBP" : "", + (e8b & cpufeat_mask(X86_FEATURE_AMD_SSBD)) || (_7d0 & cpufeat_mask(X86_FEATURE_SSBD)) ? " SSBD" : "", (_7d0 & cpufeat_mask(X86_FEATURE_L1D_FLUSH)) ? " L1D_FLUSH" : "", (_7d0 & cpufeat_mask(X86_FEATURE_MD_CLEAR)) ? " MD_CLEAR" : "", (_7d0 & cpufeat_mask(X86_FEATURE_SRBDS_CTRL)) ? " SRBDS_CTRL" : "", + (e8b & cpufeat_mask(X86_FEATURE_VIRT_SSBD)) ? " VIRT_SSBD" : "", (caps & ARCH_CAPS_TSX_CTRL) ? " TSX_CTRL" : ""); /* Compiled-in support which pertains to mitigations. */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 20:56:14 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 20:56:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183548.331794 (Exim 4.92) (envelope-from ) id 1mOR5i-000274-14; Thu, 09 Sep 2021 20:56:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183548.331794; Thu, 09 Sep 2021 20:56:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOR5h-00026w-UN; Thu, 09 Sep 2021 20:56:13 +0000 Received: by outflank-mailman (input) for mailman id 183548; Thu, 09 Sep 2021 20:56:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOR5h-00025p-2U for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 20:56:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOR5h-0006ry-1g for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 20:56:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOR5h-0001aL-0V for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 20:56:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=UhGkEprAownVB278k+AzVFlIIL58vbSqbCWns3yB5HQ=; b=ns9r014JfTLc9OpjAt3hHcruli AQWso+dgufbP3ndwh3eZ/W2kucKX5ZW8f6ky9TdMmu0cC+BjOsDTTfqbStQBmkscCvXB2jf07v9qY B8wQkrRtCU5NAzrw9zwx7bNrQ8H96o5/C9LGVogSGlUlFp1FIdRjxYb/qudC0+tqoAk8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/msr: Clean up the MSR_EFER constants Message-Id: Date: Thu, 09 Sep 2021 20:56:13 +0000 commit 00d0fcf33c580ba4577a9a2ac274863c173bbe65 Author: Andrew Cooper AuthorDate: Fri May 25 16:12:05 2018 +0100 Commit: Andrew Cooper CommitDate: Wed Sep 8 17:54:21 2021 +0100 x86/msr: Clean up the MSR_EFER constants There are no remaining users of the bit position constants. Move the used constants into the cleaned-up area of msr-index.h and apply appropriate style. Rename EFER_NX to EFER_NXE to match both the Intel and AMD specs. Signed-off-by: Andrew Cooper Reviewed-by: Wei Liu Reviewed-by: Roger Pau Monné --- xen/arch/x86/boot/head.S | 2 +- xen/arch/x86/cpu/intel.c | 4 ++-- xen/arch/x86/efi/efi-boot.h | 2 +- xen/arch/x86/hvm/hvm.c | 4 ++-- xen/arch/x86/hvm/svm/svm.c | 4 ++-- xen/arch/x86/hvm/vmx/vmx.c | 4 ++-- xen/include/asm-x86/hvm/hvm.h | 2 +- xen/include/asm-x86/msr-index.h | 30 +++++++++++------------------- 8 files changed, 22 insertions(+), 30 deletions(-) diff --git a/xen/arch/x86/boot/head.S b/xen/arch/x86/boot/head.S index 150f7f90a2..dd1bea0d10 100644 --- a/xen/arch/x86/boot/head.S +++ b/xen/arch/x86/boot/head.S @@ -639,7 +639,7 @@ trampoline_setup: /* Check for NX. Adjust EFER setting if available. */ bt $cpufeat_bit(X86_FEATURE_NX), %edx jnc 1f - orb $EFER_NX >> 8, 1 + sym_esi(trampoline_efer) + orb $EFER_NXE >> 8, 1 + sym_esi(trampoline_efer) 1: /* Check for availability of long mode. */ diff --git a/xen/arch/x86/cpu/intel.c b/xen/arch/x86/cpu/intel.c index abf8e206d7..9b011c3446 100644 --- a/xen/arch/x86/cpu/intel.c +++ b/xen/arch/x86/cpu/intel.c @@ -270,14 +270,14 @@ static void early_init_intel(struct cpuinfo_x86 *c) if (disable) { wrmsrl(MSR_IA32_MISC_ENABLE, misc_enable & ~disable); bootsym(trampoline_misc_enable_off) |= disable; - bootsym(trampoline_efer) |= EFER_NX; + bootsym(trampoline_efer) |= EFER_NXE; } if (disable & MSR_IA32_MISC_ENABLE_LIMIT_CPUID) printk(KERN_INFO "revised cpuid level: %d\n", cpuid_eax(0)); if (disable & MSR_IA32_MISC_ENABLE_XD_DISABLE) { - write_efer(read_efer() | EFER_NX); + write_efer(read_efer() | EFER_NXE); printk(KERN_INFO "re-enabled NX (Execute Disable) protection\n"); } diff --git a/xen/arch/x86/efi/efi-boot.h b/xen/arch/x86/efi/efi-boot.h index fb217031ff..9b0cc29aae 100644 --- a/xen/arch/x86/efi/efi-boot.h +++ b/xen/arch/x86/efi/efi-boot.h @@ -692,7 +692,7 @@ static void __init efi_arch_cpu(void) caps[cpufeat_word(X86_FEATURE_SYSCALL)] = cpuid_edx(0x80000001); if ( cpu_has_nx ) - trampoline_efer |= EFER_NX; + trampoline_efer |= EFER_NXE; } } diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 5086773e5c..7b48a1b925 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -952,8 +952,8 @@ const char *hvm_efer_valid(const struct vcpu *v, uint64_t value, if ( (value & EFER_LMA) && (!(value & EFER_LME) || !cr0_pg) ) return "LMA/LME/CR0.PG inconsistency"; - if ( (value & EFER_NX) && !p->extd.nx ) - return "NX without feature"; + if ( (value & EFER_NXE) && !p->extd.nx ) + return "NXE without feature"; if ( (value & EFER_SVME) && (!p->extd.svm || !nestedhvm_enabled(d)) ) return "SVME without nested virt"; diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index 8dc92c8b9f..309912a234 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -563,8 +563,8 @@ static void svm_update_guest_efer(struct vcpu *v) if ( paging_mode_shadow(v->domain) ) { /* EFER.NX is a Xen-owned bit and is not under guest control. */ - guest_efer &= ~EFER_NX; - guest_efer |= xen_efer & EFER_NX; + guest_efer &= ~EFER_NXE; + guest_efer |= xen_efer & EFER_NXE; /* * CR0.PG is a Xen-owned bit, and remains set even when the guest has diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index e09b7e3af9..b0a42d05f8 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -1623,8 +1623,8 @@ static void vmx_update_guest_efer(struct vcpu *v) * When using shadow pagetables, EFER.NX is a Xen-owned bit and is not * under guest control. */ - guest_efer &= ~EFER_NX; - guest_efer |= xen_efer & EFER_NX; + guest_efer &= ~EFER_NXE; + guest_efer |= xen_efer & EFER_NXE; } if ( !vmx_unrestricted_guest(v) ) diff --git a/xen/include/asm-x86/hvm/hvm.h b/xen/include/asm-x86/hvm/hvm.h index 4a8fb571de..7e842f2dc2 100644 --- a/xen/include/asm-x86/hvm/hvm.h +++ b/xen/include/asm-x86/hvm/hvm.h @@ -376,7 +376,7 @@ int hvm_get_param(struct domain *d, uint32_t index, uint64_t *value); #define hvm_smap_enabled(v) \ (hvm_paging_enabled(v) && ((v)->arch.hvm.guest_cr[4] & X86_CR4_SMAP)) #define hvm_nx_enabled(v) \ - ((v)->arch.hvm.guest_efer & EFER_NX) + ((v)->arch.hvm.guest_efer & EFER_NXE) #define hvm_pku_enabled(v) \ (hvm_paging_enabled(v) && ((v)->arch.hvm.guest_cr[4] & X86_CR4_PKE)) diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index 903923e5a5..3fe14b820c 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -119,6 +119,17 @@ #define PASID_PASID_MASK 0x000fffff #define PASID_VALID (_AC(1, ULL) << 31) +#define MSR_EFER 0xc0000080 /* Extended Feature Enable Register */ +#define EFER_SCE (_AC(1, ULL) << 0) /* SYSCALL Enable */ +#define EFER_LME (_AC(1, ULL) << 8) /* Long Mode Enable */ +#define EFER_LMA (_AC(1, ULL) << 10) /* Long Mode Active */ +#define EFER_NXE (_AC(1, ULL) << 11) /* No Execute Enable */ +#define EFER_SVME (_AC(1, ULL) << 12) /* Secure Virtual Machine Enable */ +#define EFER_FFXSE (_AC(1, ULL) << 14) /* Fast FXSAVE/FXRSTOR */ + +#define EFER_KNOWN_MASK \ + (EFER_SCE | EFER_LME | EFER_LMA | EFER_NXE | EFER_SVME | EFER_FFXSE) + #define MSR_K8_SYSCFG 0xc0010010 #define SYSCFG_MTRR_FIX_DRAM_EN (_AC(1, ULL) << 18) #define SYSCFG_MTRR_FIX_DRAM_MOD_EN (_AC(1, ULL) << 19) @@ -145,7 +156,6 @@ */ /* x86-64 specific MSRs */ -#define MSR_EFER 0xc0000080 /* extended feature register */ #define MSR_STAR 0xc0000081 /* legacy mode SYSCALL target */ #define MSR_LSTAR 0xc0000082 /* long mode SYSCALL target */ #define MSR_CSTAR 0xc0000083 /* compat mode SYSCALL target */ @@ -155,24 +165,6 @@ #define MSR_SHADOW_GS_BASE 0xc0000102 /* SwapGS GS shadow */ #define MSR_TSC_AUX 0xc0000103 /* Auxiliary TSC */ -/* EFER bits: */ -#define _EFER_SCE 0 /* SYSCALL/SYSRET */ -#define _EFER_LME 8 /* Long mode enable */ -#define _EFER_LMA 10 /* Long mode active (read-only) */ -#define _EFER_NX 11 /* No execute enable */ -#define _EFER_SVME 12 /* AMD: SVM enable */ -#define _EFER_FFXSE 14 /* AMD: Fast FXSAVE/FXRSTOR enable */ - -#define EFER_SCE (1<<_EFER_SCE) -#define EFER_LME (1<<_EFER_LME) -#define EFER_LMA (1<<_EFER_LMA) -#define EFER_NX (1<<_EFER_NX) -#define EFER_SVME (1<<_EFER_SVME) -#define EFER_FFXSE (1<<_EFER_FFXSE) - -#define EFER_KNOWN_MASK (EFER_SCE | EFER_LME | EFER_LMA | EFER_NX | \ - EFER_SVME | EFER_FFXSE) - /* Intel MSRs. Some also available on other CPUs */ #define MSR_IA32_PERFCTR0 0x000000c1 #define MSR_IA32_A_PERFCTR0 0x000004c1 -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Sep 09 20:56:24 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 09 Sep 2021 20:56:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183550.331798 (Exim 4.92) (envelope-from ) id 1mOR5s-00029r-2q; Thu, 09 Sep 2021 20:56:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183550.331798; Thu, 09 Sep 2021 20:56:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOR5r-00029j-Vx; Thu, 09 Sep 2021 20:56:23 +0000 Received: by outflank-mailman (input) for mailman id 183550; Thu, 09 Sep 2021 20:56:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOR5r-00029X-6L for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 20:56:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOR5r-0006sD-5Y for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 20:56:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOR5r-0001bT-4c for xen-changelog@lists.xenproject.org; Thu, 09 Sep 2021 20:56:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=AXZ2rwDnYzMNLYFKMfqvWKpDqbqloW7+avXfepHuwMA=; b=5MNK7txux7dKqhLaAFNCxecEdP aLB4F4IWBTbFlZ8/SjyzMznp0MbmLlADKEyci0ZR3ZwefsTUf1pMu1t7dIIj8VInEfW9Gd5CB/RNg oKcpEcnCT4bc1GhU/WPWhEvv9+0jHDnvW9hw54gqITvmHkoZrYJOOfNlGA04Ba3Kzf30=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/msr: Cleanup of misc constants Message-Id: Date: Thu, 09 Sep 2021 20:56:23 +0000 commit 56abcf1a58bdaef18579cf2ce8645c8c72a2b749 Author: Andrew Cooper AuthorDate: Fri May 25 16:13:02 2018 +0100 Commit: Andrew Cooper CommitDate: Wed Sep 8 17:54:21 2021 +0100 x86/msr: Cleanup of misc constants Move two blocks of MSRs into the cleaned up section, updating the style as they move. Signed-off-by: Andrew Cooper Reviewed-by: Wei Liu Reviewed-by: Roger Pau Monné --- xen/include/asm-x86/msr-index.h | 39 +++++++++++++++++++-------------------- 1 file changed, 19 insertions(+), 20 deletions(-) diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index 3fe14b820c..90c0589cd6 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -115,6 +115,16 @@ #define MSR_PL3_SSP 0x000006a7 #define MSR_INTERRUPT_SSP_TABLE 0x000006a8 +#define MSR_X2APIC_FIRST 0x00000800 +#define MSR_X2APIC_LAST 0x00000bff + +#define MSR_X2APIC_TPR 0x00000808 +#define MSR_X2APIC_PPR 0x0000080a +#define MSR_X2APIC_EOI 0x0000080b +#define MSR_X2APIC_TMICT 0x00000838 +#define MSR_X2APIC_TMCCT 0x00000839 +#define MSR_X2APIC_SELF 0x0000083f + #define MSR_PASID 0x00000d93 #define PASID_PASID_MASK 0x000fffff #define PASID_VALID (_AC(1, ULL) << 31) @@ -130,6 +140,15 @@ #define EFER_KNOWN_MASK \ (EFER_SCE | EFER_LME | EFER_LMA | EFER_NXE | EFER_SVME | EFER_FFXSE) +#define MSR_STAR 0xc0000081 /* legacy mode SYSCALL target */ +#define MSR_LSTAR 0xc0000082 /* long mode SYSCALL target */ +#define MSR_CSTAR 0xc0000083 /* compat mode SYSCALL target */ +#define MSR_SYSCALL_MASK 0xc0000084 /* EFLAGS mask for syscall */ +#define MSR_FS_BASE 0xc0000100 /* 64bit FS base */ +#define MSR_GS_BASE 0xc0000101 /* 64bit GS base */ +#define MSR_SHADOW_GS_BASE 0xc0000102 /* SwapGS GS shadow */ +#define MSR_TSC_AUX 0xc0000103 /* Auxiliary TSC */ + #define MSR_K8_SYSCFG 0xc0010010 #define SYSCFG_MTRR_FIX_DRAM_EN (_AC(1, ULL) << 18) #define SYSCFG_MTRR_FIX_DRAM_MOD_EN (_AC(1, ULL) << 19) @@ -155,16 +174,6 @@ * Legacy MSR constants in need of cleanup. No new MSRs below this comment. */ -/* x86-64 specific MSRs */ -#define MSR_STAR 0xc0000081 /* legacy mode SYSCALL target */ -#define MSR_LSTAR 0xc0000082 /* long mode SYSCALL target */ -#define MSR_CSTAR 0xc0000083 /* compat mode SYSCALL target */ -#define MSR_SYSCALL_MASK 0xc0000084 /* EFLAGS mask for syscall */ -#define MSR_FS_BASE 0xc0000100 /* 64bit FS base */ -#define MSR_GS_BASE 0xc0000101 /* 64bit GS base */ -#define MSR_SHADOW_GS_BASE 0xc0000102 /* SwapGS GS shadow */ -#define MSR_TSC_AUX 0xc0000103 /* Auxiliary TSC */ - /* Intel MSRs. Some also available on other CPUs */ #define MSR_IA32_PERFCTR0 0x000000c1 #define MSR_IA32_A_PERFCTR0 0x000004c1 @@ -436,16 +445,6 @@ #define MSR_IA32_TSC_ADJUST 0x0000003b -#define MSR_X2APIC_FIRST 0x00000800 -#define MSR_X2APIC_LAST 0x00000bff - -#define MSR_X2APIC_TPR 0x00000808 -#define MSR_X2APIC_PPR 0x0000080a -#define MSR_X2APIC_EOI 0x0000080b -#define MSR_X2APIC_TMICT 0x00000838 -#define MSR_X2APIC_TMCCT 0x00000839 -#define MSR_X2APIC_SELF 0x0000083f - #define MSR_IA32_UCODE_WRITE 0x00000079 #define MSR_IA32_UCODE_REV 0x0000008b -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Sep 10 05:11:09 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 10 Sep 2021 05:11:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183959.332383 (Exim 4.92) (envelope-from ) id 1mOYoa-0003j8-GE; Fri, 10 Sep 2021 05:11:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183959.332383; Fri, 10 Sep 2021 05:11:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYoa-0003iC-D4; Fri, 10 Sep 2021 05:11:04 +0000 Received: by outflank-mailman (input) for mailman id 183959; Fri, 10 Sep 2021 05:11:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYoY-0003X0-OS for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:11:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYoY-0006O3-Nf for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:11:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOYoY-0005R3-MX for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:11:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=zPcqPN/6T3aOqoVAE9h2+86Gu6mdwpG1gpaGaXsuH5Y=; b=zE6ugorBujXynNt4vrV1Pz2udt LfYEv9HfO1GQ4bxwpLkirPal3IX/CkWFjpQtft7n5YAu8mOoCrinFvEPYQpGpkp85ylWf4fegfNbu pzA/P1VnDjdxTcmbuHeibGOkDEz1O0o6SwAXGjpEkgNSpHKDCl8qcAvgDeK6OQ84m3/E=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] libxl/x86: check return value of SHADOW_OP_SET_ALLOCATION domctl Message-Id: Date: Fri, 10 Sep 2021 05:11:02 +0000 commit 3cdc7b6b35106180c9021c1742cafacfa764fdad Author: Jan Beulich AuthorDate: Mon Jul 19 12:28:09 2021 +0200 Commit: Ian Jackson CommitDate: Thu Aug 19 17:47:32 2021 +0100 libxl/x86: check return value of SHADOW_OP_SET_ALLOCATION domctl The hypervisor may not have enough memory to satisfy the request. While there, make the unit of the value clear by renaming the local variable. Requested-by: Andrew Cooper Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper Reviewed-by: Anthony PERARD backport-requested-by: Jan Beulich (cherry picked from commit 0be5a00af590c97ea553aadb60f1e0b3af53d8f6) (cherry picked from commit 6bbdcefd205903b2181b3b4fdc9503709ecdb7c4) (cherry picked from commit 61f28060d5b899c502e2b3bf45a39b1dd2a1224c) --- tools/libxl/libxl_x86.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/tools/libxl/libxl_x86.c b/tools/libxl/libxl_x86.c index 8b804537ba..f34c0edc10 100644 --- a/tools/libxl/libxl_x86.c +++ b/tools/libxl/libxl_x86.c @@ -345,10 +345,20 @@ int libxl__arch_domain_create(libxl__gc *gc, libxl_domain_config *d_config, xc_domain_set_time_offset(ctx->xch, domid, rtc_timeoffset); if (d_config->b_info.type != LIBXL_DOMAIN_TYPE_PV) { - unsigned long shadow = DIV_ROUNDUP(d_config->b_info.shadow_memkb, - 1024); - xc_shadow_control(ctx->xch, domid, XEN_DOMCTL_SHADOW_OP_SET_ALLOCATION, - NULL, 0, &shadow, 0, NULL); + unsigned long shadow_mb = DIV_ROUNDUP(d_config->b_info.shadow_memkb, + 1024); + int r = xc_shadow_control(ctx->xch, domid, + XEN_DOMCTL_SHADOW_OP_SET_ALLOCATION, + NULL, 0, &shadow_mb, 0, NULL); + + if (r) { + LOGED(ERROR, domid, + "Failed to set %lu MiB %s allocation", + shadow_mb, + libxl_defbool_val(d_config->c_info.hap) ? "HAP" : "shadow"); + ret = ERROR_FAIL; + goto out; + } } if (d_config->c_info.type == LIBXL_DOMAIN_TYPE_PV && -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Fri Sep 10 05:11:14 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 10 Sep 2021 05:11:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183960.332386 (Exim 4.92) (envelope-from ) id 1mOYok-0003ss-HV; Fri, 10 Sep 2021 05:11:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183960.332386; Fri, 10 Sep 2021 05:11:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYok-0003sl-Ee; Fri, 10 Sep 2021 05:11:14 +0000 Received: by outflank-mailman (input) for mailman id 183960; Fri, 10 Sep 2021 05:11:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYoi-0003sZ-SJ for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:11:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYoi-0006Ox-RS for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:11:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOYoi-0005Rk-QN for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:11:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OVfAbF4KpBjFdQ1novOwbKjxtLsIDRwnXr+q5YYLKfs=; b=XVQjVHXZnmlhELhI2SNS0L5m0H KSbK4+XoPiWxcL3jXvyd6aFoERlpbpGvAxN+zFfXJy7MNRbO+Fd3vVXPOZJQWj6RHdAQCcV4SUHjJ RWCjy/TDurR+aT2+o3xJfXewQ5H+u89Mpqea55FijvokfzQj2R5gjEkKjTv5Rwo01XHo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] x86: work around build issue with GNU ld 2.37 Message-Id: Date: Fri, 10 Sep 2021 05:11:12 +0000 commit 85dc71b610128054ad49661c0c791c750d215b70 Author: Jan Beulich AuthorDate: Wed Aug 25 15:19:03 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:19:03 2021 +0200 x86: work around build issue with GNU ld 2.37 I suspect it is commit 40726f16a8d7 ("ld script expression parsing") which broke the hypervisor build, by no longer accepting section names with a dash in them inside ADDR() (and perhaps other script directives expecting just a section name, not an expression): .note.gnu.build-id is such a section. Quoting all section names passed to ADDR() via DECL_SECTION() works around the regression. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: 58ad654ebce7ccb272a3f4f3482c03aaad850d31 master date: 2021-07-27 15:03:29 +0100 --- xen/arch/x86/xen.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index 111edb5360..8fda0dd0a6 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -18,7 +18,7 @@ ENTRY(efi_start) #else /* !EFI */ #define FORMAT "elf64-x86-64" -#define DECL_SECTION(x) x : AT(ADDR(x) - __XEN_VIRT_START) +#define DECL_SECTION(x) x : AT(ADDR(#x) - __XEN_VIRT_START) ENTRY(start_pa) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Fri Sep 10 05:11:24 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 10 Sep 2021 05:11:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183962.332391 (Exim 4.92) (envelope-from ) id 1mOYou-0003wv-LD; Fri, 10 Sep 2021 05:11:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183962.332391; Fri, 10 Sep 2021 05:11:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYou-0003wl-Hu; Fri, 10 Sep 2021 05:11:24 +0000 Received: by outflank-mailman (input) for mailman id 183962; Fri, 10 Sep 2021 05:11:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYos-0003wX-W0 for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:11:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYos-0006Pi-VF for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:11:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOYos-0005SU-UP for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:11:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=FYjfji/mUJhB9D2NwIfNk7dh1CRqeue5yjDKYk1hTEs=; b=NJZIA7q+ETiB9xkhdY4f4r2tU8 Q0IeFC/R1YJBRYS/p5Xw8u3fwKoN8G27Yi9wxHJONC33APQM+pykgzqdTnEs3QnVpyJXD7YdtXFxf PXSU/AyPaga3RcCizBCpow2eJk91GtkvOGl8VOxip992KMr39hYLAD9ELaiqd2udWzLg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] x86/p2m: fix PoD accounting in guest_physmap_add_entry() Message-Id: Date: Fri, 10 Sep 2021 05:11:22 +0000 commit 4fa8b13aa6731bfcbb126129df025cb608f93dfe Author: Jan Beulich AuthorDate: Wed Aug 25 15:20:30 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:20:30 2021 +0200 x86/p2m: fix PoD accounting in guest_physmap_add_entry() The initial observation was that the mfn_valid() check comes too late: Neither mfn_add() nor mfn_to_page() (let alone de-referencing the result of the latter) are valid for MFNs failing this check. Move it up and - noticing that there's no caller doing so - also add an assertion that this should never produce "false" here. In turn this would have meant that the "else" to that if() could now go away, which didn't seem right at all. And indeed, considering callers like memory_exchange() or various grant table functions, the PoD accounting should have been outside of that if() from the very beginning. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: aea270e3f7c0db696c88a0e94b1ece7abd339c84 master date: 2020-02-21 17:14:38 +0100 --- xen/arch/x86/mm/p2m.c | 32 ++++++++++++-------------------- 1 file changed, 12 insertions(+), 20 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 4039630761..ab9d61a89e 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -881,6 +881,12 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, if ( p2m_is_foreign(t) ) return -EINVAL; + if ( !mfn_valid(mfn) ) + { + ASSERT_UNREACHABLE(); + return -EINVAL; + } + p2m_lock(p2m); P2M_DEBUG("adding gfn=%#lx mfn=%#lx\n", gfn_x(gfn), mfn_x(mfn)); @@ -981,12 +987,13 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, } /* Now, actually do the two-way mapping */ - if ( mfn_valid(mfn) ) + rc = p2m_set_entry(p2m, gfn, mfn, page_order, t, p2m->default_access); + if ( rc == 0 ) { - rc = p2m_set_entry(p2m, gfn, mfn, page_order, t, - p2m->default_access); - if ( rc ) - goto out; /* Failed to update p2m, bail without updating m2p. */ + pod_lock(p2m); + p2m->pod.entry_count -= pod_count; + BUG_ON(p2m->pod.entry_count < 0); + pod_unlock(p2m); if ( !p2m_is_grant(t) ) { @@ -995,22 +1002,7 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, gfn_x(gfn_add(gfn, i))); } } - else - { - gdprintk(XENLOG_WARNING, "Adding bad mfn to p2m map (%#lx -> %#lx)\n", - gfn_x(gfn), mfn_x(mfn)); - rc = p2m_set_entry(p2m, gfn, INVALID_MFN, page_order, - p2m_invalid, p2m->default_access); - if ( rc == 0 ) - { - pod_lock(p2m); - p2m->pod.entry_count -= pod_count; - BUG_ON(p2m->pod.entry_count < 0); - pod_unlock(p2m); - } - } -out: p2m_unlock(p2m); return rc; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Fri Sep 10 05:11:34 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 10 Sep 2021 05:11:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183964.332395 (Exim 4.92) (envelope-from ) id 1mOYp4-0003zh-MQ; Fri, 10 Sep 2021 05:11:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183964.332395; Fri, 10 Sep 2021 05:11:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYp4-0003zZ-JN; Fri, 10 Sep 2021 05:11:34 +0000 Received: by outflank-mailman (input) for mailman id 183964; Fri, 10 Sep 2021 05:11:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYp3-0003zM-3a for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:11:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYp3-0006Pw-2p for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:11:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOYp3-0005T2-1j for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:11:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=PArU8dJ36C9xi4XjRZjbJBT0xfPCJxlFB68ePwwUHJI=; b=bmnadDqD8LMaMu91sy77vuTfSa 9PsLfN8ILvd/4xxu3vye2Si9QZt2wcJ2Ri9BvYjf6UzzpuJWdftX1PwMsLfYghPQJ9CdJg0kvXrUb 7RfXogU5xfduo3O8/0voC654MJumKHhMc4bnRynLm+v5ArCKPn+stcMMJjwewuhbZKq4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] x86/p2m: don't ignore p2m_remove_page()'s return value Message-Id: Date: Fri, 10 Sep 2021 05:11:33 +0000 commit 75bb9fe846a0cbc839fc03d8acc84879d47bb73e Author: Jan Beulich AuthorDate: Wed Aug 25 15:20:45 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:20:45 2021 +0200 x86/p2m: don't ignore p2m_remove_page()'s return value It's not very nice to return from guest_physmap_add_entry() after perhaps already having made some changes to the P2M, but this is pre- existing practice in the function, and imo better than ignoring errors. Take the liberty and replace an mfn_add() instance with a local variable already holding the result (as proven by the check immediately ahead). Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Acked-by: Andrew Cooper master commit: a6b051a87a586347969bfbaa6925ac0f0c845413 master date: 2020-04-03 10:56:10 +0200 --- xen/arch/x86/mm/p2m.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index ab9d61a89e..ddb038ffde 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -773,8 +773,7 @@ void p2m_final_teardown(struct domain *d) p2m_teardown_hostp2m(d); } - -static int +static int __must_check p2m_remove_page(struct p2m_domain *p2m, unsigned long gfn_l, unsigned long mfn, unsigned int page_order) { @@ -979,9 +978,9 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, ASSERT(mfn_valid(omfn)); P2M_DEBUG("old gfn=%#lx -> mfn %#lx\n", gfn_x(ogfn) , mfn_x(omfn)); - if ( mfn_eq(omfn, mfn_add(mfn, i)) ) - p2m_remove_page(p2m, gfn_x(ogfn), mfn_x(mfn_add(mfn, i)), - 0); + if ( mfn_eq(omfn, mfn_add(mfn, i)) && + (rc = p2m_remove_page(p2m, gfn_x(ogfn), mfn_x(omfn), 0)) ) + goto out; } } } @@ -1003,6 +1002,7 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, } } + out: p2m_unlock(p2m); return rc; @@ -2690,9 +2690,9 @@ int p2m_change_altp2m_gfn(struct domain *d, unsigned int idx, if ( gfn_eq(new_gfn, INVALID_GFN) ) { mfn = ap2m->get_entry(ap2m, old_gfn, &t, &a, 0, NULL, NULL); - if ( mfn_valid(mfn) ) - p2m_remove_page(ap2m, gfn_x(old_gfn), mfn_x(mfn), PAGE_ORDER_4K); - rc = 0; + rc = mfn_valid(mfn) + ? p2m_remove_page(ap2m, gfn_x(old_gfn), mfn_x(mfn), PAGE_ORDER_4K) + : 0; goto out; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Fri Sep 10 05:11:44 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 10 Sep 2021 05:11:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183966.332400 (Exim 4.92) (envelope-from ) id 1mOYpE-00043J-OW; Fri, 10 Sep 2021 05:11:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183966.332400; Fri, 10 Sep 2021 05:11:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYpE-00043B-Kt; Fri, 10 Sep 2021 05:11:44 +0000 Received: by outflank-mailman (input) for mailman id 183966; Fri, 10 Sep 2021 05:11:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYpD-00042w-7S for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:11:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYpD-0006Q7-6c for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:11:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOYpD-0005Tl-5c for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:11:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Rx1X9AWCrndtjr6xA447F4X52DJ1IhqSydS1Xdqu+3U=; b=fkd08n2AFwFVbvzxud5V4ya/bg toD0ZREPJPBdaOUQ+tLPHUQSXyssVcGQMl7RLkaYMqTFzaFugTqQHPipQj2fn4HArf9NpQRTyfRh5 PjgT9m3TLRaX8RAT6NMv1PDMbF8YebVid8YxO7eWX59J6OQIDuVSjWey2uOAOMPc9yBY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] x86/p2m: don't assert that the passed in MFN matches for a remove Message-Id: Date: Fri, 10 Sep 2021 05:11:43 +0000 commit f50fbddbae81fcccae56d27317bd71cc0e678ba2 Author: Jan Beulich AuthorDate: Wed Aug 25 15:20:59 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:20:59 2021 +0200 x86/p2m: don't assert that the passed in MFN matches for a remove guest_physmap_remove_page() gets handed an MFN from the outside, yet takes the necessary lock to prevent further changes to the GFN <-> MFN mapping itself. While some callers, in particular guest_remove_page() (by way of having called get_gfn_query()), hold the GFN lock already, various others (most notably perhaps the 2nd instance in xenmem_add_to_physmap_one()) don't. While it also is an option to fix all the callers, deal with the issue in p2m_remove_page() instead: Replace the ASSERT() by a conditional and split the loop into two, such that all checking gets done before any modification would occur. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Acked-by: Andrew Cooper master commit: c65ea16dbcafbe4fe21693b18f8c2a3c5d14600e master date: 2020-04-03 10:56:55 +0200 --- xen/arch/x86/mm/p2m.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index ddb038ffde..7c042f72d4 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -779,7 +779,6 @@ p2m_remove_page(struct p2m_domain *p2m, unsigned long gfn_l, unsigned long mfn, { unsigned long i; gfn_t gfn = _gfn(gfn_l); - mfn_t mfn_return; p2m_type_t t; p2m_access_t a; @@ -790,15 +789,26 @@ p2m_remove_page(struct p2m_domain *p2m, unsigned long gfn_l, unsigned long mfn, ASSERT(gfn_locked_by_me(p2m, gfn)); P2M_DEBUG("removing gfn=%#lx mfn=%#lx\n", gfn_l, mfn); + for ( i = 0; i < (1UL << page_order); ) + { + unsigned int cur_order; + mfn_t mfn_return = p2m->get_entry(p2m, gfn_add(gfn, i), &t, &a, 0, + &cur_order, NULL); + + if ( p2m_is_valid(t) && + (!mfn_valid(_mfn(mfn)) || mfn + i != mfn_x(mfn_return)) ) + return -EILSEQ; + + i += (1UL << cur_order) - ((gfn_l + i) & ((1UL << cur_order) - 1)); + } + if ( mfn_valid(_mfn(mfn)) ) { for ( i = 0; i < (1UL << page_order); i++ ) { - mfn_return = p2m->get_entry(p2m, gfn_add(gfn, i), &t, &a, 0, - NULL, NULL); + p2m->get_entry(p2m, gfn_add(gfn, i), &t, &a, 0, NULL, NULL); if ( !p2m_is_grant(t) && !p2m_is_shared(t) && !p2m_is_foreign(t) ) set_gpfn_from_mfn(mfn+i, INVALID_M2P_ENTRY); - ASSERT( !p2m_is_valid(t) || mfn + i == mfn_x(mfn_return) ); } } return p2m_set_entry(p2m, gfn, INVALID_MFN, page_order, p2m_invalid, -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Fri Sep 10 05:11:54 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 10 Sep 2021 05:11:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183968.332403 (Exim 4.92) (envelope-from ) id 1mOYpO-00046C-QB; Fri, 10 Sep 2021 05:11:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183968.332403; Fri, 10 Sep 2021 05:11:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYpO-000464-NB; Fri, 10 Sep 2021 05:11:54 +0000 Received: by outflank-mailman (input) for mailman id 183968; Fri, 10 Sep 2021 05:11:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYpN-00045r-B1 for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:11:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYpN-0006QI-AE for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:11:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOYpN-0005UW-9K for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:11:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ogbLQwFIVA05FiUuClvhN2p4888jM4nBiOF8ONWoNjY=; b=jnjcOsfAKiir/Fb806Wf4NKN9z GaT/H1MXvb1jxWEWwWzwpevWJ9Q4rR3ebShbKAXhY8mNeLDCcLZadkRolRpFehh4BhLbcSr3Vygbd 614qg1LZFOlMtJt4kOs6G3aEjWPlFeebiUyDb4XdD4DKGtTH23v+HNo3WuAZAioDbr6Q=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] AMD/IOMMU: correct global exclusion range extending Message-Id: Date: Fri, 10 Sep 2021 05:11:53 +0000 commit ecb4697c50a00c29c8bfc784be7a308862b1c8a9 Author: Jan Beulich AuthorDate: Wed Aug 25 15:21:46 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:21:46 2021 +0200 AMD/IOMMU: correct global exclusion range extending Besides unity mapping regions, the AMD IOMMU spec also provides for exclusion ranges (areas of memory not to be subject to DMA translation) to be specified by firmware in the ACPI tables. The spec does not put any constraints on the number of such regions. Blindly assuming all addresses between any two such ranges should also be excluded can't be right. Since hardware has room for just a single such range (comprised of the Exclusion Base Register and the Exclusion Range Limit Register), combine only adjacent or overlapping regions (for now; this may require further adjustment in case table entries aren't sorted by address) with matching exclusion_allow_all settings. This requires bubbling up error indicators, such that IOMMU init can be failed when concatenation wasn't possible. Furthermore, since the exclusion range specified in IOMMU registers implies R/W access, reject requests asking for less permissions (this will be brought closer to the spec by a subsequent change). This is part of XSA-378 / CVE-2021-28695. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: b02c5c88982411be11e3413159862f255f1f39dc master date: 2021-08-25 14:12:13 +0200 --- xen/drivers/passthrough/amd/iommu_acpi.c | 45 +++++++++++++++++++++----------- 1 file changed, 30 insertions(+), 15 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c b/xen/drivers/passthrough/amd/iommu_acpi.c index 9fbc343c58..8ea2b12a40 100644 --- a/xen/drivers/passthrough/amd/iommu_acpi.c +++ b/xen/drivers/passthrough/amd/iommu_acpi.c @@ -117,12 +117,21 @@ static struct amd_iommu * __init find_iommu_from_bdf_cap( return NULL; } -static void __init reserve_iommu_exclusion_range( - struct amd_iommu *iommu, uint64_t base, uint64_t limit) +static int __init reserve_iommu_exclusion_range( + struct amd_iommu *iommu, uint64_t base, uint64_t limit, + bool all, bool iw, bool ir) { + if ( !ir || !iw ) + return -EPERM; + /* need to extend exclusion range? */ if ( iommu->exclusion_enable ) { + if ( iommu->exclusion_limit + PAGE_SIZE < base || + limit + PAGE_SIZE < iommu->exclusion_base || + iommu->exclusion_allow_all != all ) + return -EBUSY; + if ( iommu->exclusion_base < base ) base = iommu->exclusion_base; if ( iommu->exclusion_limit > limit ) @@ -130,16 +139,11 @@ static void __init reserve_iommu_exclusion_range( } iommu->exclusion_enable = IOMMU_CONTROL_ENABLED; + iommu->exclusion_allow_all = all; iommu->exclusion_base = base; iommu->exclusion_limit = limit; -} -static void __init reserve_iommu_exclusion_range_all( - struct amd_iommu *iommu, - unsigned long base, unsigned long limit) -{ - reserve_iommu_exclusion_range(iommu, base, limit); - iommu->exclusion_allow_all = IOMMU_CONTROL_ENABLED; + return 0; } static void __init reserve_unity_map_for_device( @@ -177,6 +181,7 @@ static int __init register_exclusion_range_for_all_devices( unsigned long range_top, iommu_top, length; struct amd_iommu *iommu; unsigned int bdf; + int rc = 0; /* is part of exclusion range inside of IOMMU virtual address space? */ /* note: 'limit' parameter is assumed to be page-aligned */ @@ -198,10 +203,15 @@ static int __init register_exclusion_range_for_all_devices( if ( limit >= iommu_top ) { for_each_amd_iommu( iommu ) - reserve_iommu_exclusion_range_all(iommu, base, limit); + { + rc = reserve_iommu_exclusion_range(iommu, base, limit, + true /* all */, iw, ir); + if ( rc ) + break; + } } - return 0; + return rc; } static int __init register_exclusion_range_for_device( @@ -212,6 +222,7 @@ static int __init register_exclusion_range_for_device( unsigned long range_top, iommu_top, length; struct amd_iommu *iommu; u16 req; + int rc = 0; iommu = find_iommu_for_device(seg, bdf); if ( !iommu ) @@ -241,12 +252,13 @@ static int __init register_exclusion_range_for_device( /* register IOMMU exclusion range settings for device */ if ( limit >= iommu_top ) { - reserve_iommu_exclusion_range(iommu, base, limit); + rc = reserve_iommu_exclusion_range(iommu, base, limit, + false /* all */, iw, ir); ivrs_mappings[bdf].dte_allow_exclusion = true; ivrs_mappings[req].dte_allow_exclusion = true; } - return 0; + return rc; } static int __init register_exclusion_range_for_iommu_devices( @@ -256,6 +268,7 @@ static int __init register_exclusion_range_for_iommu_devices( unsigned long range_top, iommu_top, length; unsigned int bdf; u16 req; + int rc = 0; /* is part of exclusion range inside of IOMMU virtual address space? */ /* note: 'limit' parameter is assumed to be page-aligned */ @@ -286,8 +299,10 @@ static int __init register_exclusion_range_for_iommu_devices( /* register IOMMU exclusion range settings */ if ( limit >= iommu_top ) - reserve_iommu_exclusion_range_all(iommu, base, limit); - return 0; + rc = reserve_iommu_exclusion_range(iommu, base, limit, + true /* all */, iw, ir); + + return rc; } static int __init parse_ivmd_device_select( -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Fri Sep 10 05:12:04 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 10 Sep 2021 05:12:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183970.332407 (Exim 4.92) (envelope-from ) id 1mOYpY-00049L-SC; Fri, 10 Sep 2021 05:12:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183970.332407; Fri, 10 Sep 2021 05:12:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYpY-00049D-On; Fri, 10 Sep 2021 05:12:04 +0000 Received: by outflank-mailman (input) for mailman id 183970; Fri, 10 Sep 2021 05:12:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYpX-000490-FG for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:12:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYpX-0006Qh-EA for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:12:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOYpX-0005VS-D9 for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:12:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=E6TXMc8TFw7SPdh01YZjXe32/hxfE83YFBoZ+R26Frc=; b=UwRQsRo0NSWgY9HUFGJs/tjIYw aU2B10YwqUt/fMq85rUjJTdVfgwuLgPy5Ec3CwLZzQkbVjz9tATMeQpMAf07LUf4st1wuZep98sPh LvCSdcCoj3jO4Zp3VGQDLkoRwVDd71Txk7zSeJ01pwK1rLbRzyYiNnN6vv7//UenZFnc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] AMD/IOMMU: correct device unity map handling Message-Id: Date: Fri, 10 Sep 2021 05:12:03 +0000 commit 0ed0cdd17ffabd8aeb5a8db06bd21b0f0130a9f0 Author: Jan Beulich AuthorDate: Wed Aug 25 15:22:32 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:22:32 2021 +0200 AMD/IOMMU: correct device unity map handling Blindly assuming all addresses between any two such ranges, specified by firmware in the ACPI tables, should also be unity-mapped can't be right. Nor can it be correct to merge ranges with differing permissions. Track ranges individually; don't merge at all, but check for overlaps instead. This requires bubbling up error indicators, such that IOMMU init can be failed when allocation of a new tracking struct wasn't possible, or an overlap was detected. At this occasion also stop ignoring amd_iommu_reserve_domain_unity_map()'s return value. This is part of XSA-378 / CVE-2021-28695. Signed-off-by: Jan Beulich Reviewed-by: George Dunlap Reviewed-by: Paul Durrant master commit: 34750a3eb022462cdd1c36e8ef9049d3d73c824c master date: 2021-08-25 14:15:11 +0200 --- xen/drivers/passthrough/amd/iommu_acpi.c | 80 +++++++++++++++++------------ xen/drivers/passthrough/amd/pci_amd_iommu.c | 16 +++--- xen/include/asm-x86/amd-iommu.h | 14 +++-- 3 files changed, 66 insertions(+), 44 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c b/xen/drivers/passthrough/amd/iommu_acpi.c index 8ea2b12a40..f933242a3d 100644 --- a/xen/drivers/passthrough/amd/iommu_acpi.c +++ b/xen/drivers/passthrough/amd/iommu_acpi.c @@ -146,32 +146,48 @@ static int __init reserve_iommu_exclusion_range( return 0; } -static void __init reserve_unity_map_for_device( - u16 seg, u16 bdf, unsigned long base, - unsigned long length, u8 iw, u8 ir) +static int __init reserve_unity_map_for_device( + uint16_t seg, uint16_t bdf, unsigned long base, + unsigned long length, bool iw, bool ir) { struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(seg); - unsigned long old_top, new_top; + struct ivrs_unity_map *unity_map = ivrs_mappings[bdf].unity_map; - /* need to extend unity-mapped range? */ - if ( ivrs_mappings[bdf].unity_map_enable ) + /* Check for overlaps. */ + for ( ; unity_map; unity_map = unity_map->next ) { - old_top = ivrs_mappings[bdf].addr_range_start + - ivrs_mappings[bdf].addr_range_length; - new_top = base + length; - if ( old_top > new_top ) - new_top = old_top; - if ( ivrs_mappings[bdf].addr_range_start < base ) - base = ivrs_mappings[bdf].addr_range_start; - length = new_top - base; + /* + * Exact matches are okay. This can in particular happen when + * register_exclusion_range_for_device() calls here twice for the + * same (s,b,d,f). + */ + if ( base == unity_map->addr && length == unity_map->length && + ir == unity_map->read && iw == unity_map->write ) + return 0; + + if ( unity_map->addr + unity_map->length > base && + base + length > unity_map->addr ) + { + AMD_IOMMU_DEBUG("IVMD Error: overlap [%lx,%lx) vs [%lx,%lx)\n", + base, base + length, unity_map->addr, + unity_map->addr + unity_map->length); + return -EPERM; + } } - /* extend r/w permissioms and keep aggregate */ - ivrs_mappings[bdf].write_permission = iw; - ivrs_mappings[bdf].read_permission = ir; - ivrs_mappings[bdf].unity_map_enable = true; - ivrs_mappings[bdf].addr_range_start = base; - ivrs_mappings[bdf].addr_range_length = length; + /* Populate and insert a new unity map. */ + unity_map = xmalloc(struct ivrs_unity_map); + if ( !unity_map ) + return -ENOMEM; + + unity_map->read = ir; + unity_map->write = iw; + unity_map->addr = base; + unity_map->length = length; + unity_map->next = ivrs_mappings[bdf].unity_map; + ivrs_mappings[bdf].unity_map = unity_map; + + return 0; } static int __init register_exclusion_range_for_all_devices( @@ -194,13 +210,13 @@ static int __init register_exclusion_range_for_all_devices( length = range_top - base; /* reserve r/w unity-mapped page entries for devices */ /* note: these entries are part of the exclusion range */ - for ( bdf = 0; bdf < ivrs_bdf_entries; bdf++ ) - reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); + for ( bdf = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) + rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); /* push 'base' just outside of virtual address space */ base = iommu_top; } /* register IOMMU exclusion range settings */ - if ( limit >= iommu_top ) + if ( !rc && limit >= iommu_top ) { for_each_amd_iommu( iommu ) { @@ -242,15 +258,15 @@ static int __init register_exclusion_range_for_device( length = range_top - base; /* reserve unity-mapped page entries for device */ /* note: these entries are part of the exclusion range */ - reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); - reserve_unity_map_for_device(seg, req, base, length, iw, ir); + rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir) ?: + reserve_unity_map_for_device(seg, req, base, length, iw, ir); /* push 'base' just outside of virtual address space */ base = iommu_top; } /* register IOMMU exclusion range settings for device */ - if ( limit >= iommu_top ) + if ( !rc && limit >= iommu_top ) { rc = reserve_iommu_exclusion_range(iommu, base, limit, false /* all */, iw, ir); @@ -281,15 +297,15 @@ static int __init register_exclusion_range_for_iommu_devices( length = range_top - base; /* reserve r/w unity-mapped page entries for devices */ /* note: these entries are part of the exclusion range */ - for ( bdf = 0; bdf < ivrs_bdf_entries; bdf++ ) + for ( bdf = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) { if ( iommu == find_iommu_for_device(iommu->seg, bdf) ) { - reserve_unity_map_for_device(iommu->seg, bdf, base, length, - iw, ir); req = get_ivrs_mappings(iommu->seg)[bdf].dte_requestor_id; - reserve_unity_map_for_device(iommu->seg, req, base, length, - iw, ir); + rc = reserve_unity_map_for_device(iommu->seg, bdf, base, length, + iw, ir) ?: + reserve_unity_map_for_device(iommu->seg, req, base, length, + iw, ir); } } @@ -298,7 +314,7 @@ static int __init register_exclusion_range_for_iommu_devices( } /* register IOMMU exclusion range settings */ - if ( limit >= iommu_top ) + if ( !rc && limit >= iommu_top ) rc = reserve_iommu_exclusion_range(iommu, base, limit, true /* all */, iw, ir); diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 46b1d367ec..8cd5394e6b 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -369,15 +369,17 @@ static int amd_iommu_assign_device(struct domain *d, u8 devfn, struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); int bdf = PCI_BDF2(pdev->bus, devfn); int req_id = get_dma_requestor_id(pdev->seg, bdf); + const struct ivrs_unity_map *unity_map; - if ( ivrs_mappings[req_id].unity_map_enable ) + for ( unity_map = ivrs_mappings[req_id].unity_map; unity_map; + unity_map = unity_map->next ) { - amd_iommu_reserve_domain_unity_map( - d, - ivrs_mappings[req_id].addr_range_start, - ivrs_mappings[req_id].addr_range_length, - ivrs_mappings[req_id].write_permission, - ivrs_mappings[req_id].read_permission); + int rc = amd_iommu_reserve_domain_unity_map( + d, unity_map->addr, unity_map->length, + unity_map->write, unity_map->read); + + if ( rc ) + return rc; } return reassign_device(pdev->domain, d, devfn, pdev); diff --git a/xen/include/asm-x86/amd-iommu.h b/xen/include/asm-x86/amd-iommu.h index 83ababdc8c..829e1b1755 100644 --- a/xen/include/asm-x86/amd-iommu.h +++ b/xen/include/asm-x86/amd-iommu.h @@ -105,20 +105,24 @@ struct amd_iommu { struct list_head ats_devices; }; +struct ivrs_unity_map { + bool read:1; + bool write:1; + paddr_t addr; + unsigned long length; + struct ivrs_unity_map *next; +}; + struct ivrs_mappings { uint16_t dte_requestor_id; bool valid:1; bool dte_allow_exclusion:1; - bool unity_map_enable:1; - bool write_permission:1; - bool read_permission:1; /* ivhd device data settings */ uint8_t device_flags; - unsigned long addr_range_start; - unsigned long addr_range_length; struct amd_iommu *iommu; + struct ivrs_unity_map *unity_map; /* per device interrupt remapping table */ void *intremap_table; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Fri Sep 10 05:12:15 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 10 Sep 2021 05:12:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183972.332411 (Exim 4.92) (envelope-from ) id 1mOYpi-0004ED-Us; Fri, 10 Sep 2021 05:12:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183972.332411; Fri, 10 Sep 2021 05:12:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYpi-0004E5-Rr; Fri, 10 Sep 2021 05:12:14 +0000 Received: by outflank-mailman (input) for mailman id 183972; Fri, 10 Sep 2021 05:12:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYph-0004Dq-Ir for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:12:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYph-0006R6-I2 for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:12:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOYph-0005WJ-HC for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:12:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=nkzOgFiBHsjbA0Rl76M76mplqwXbXvffYpGH+WTNGis=; b=pxgo7cT5WfJGfMhjZ+XNO+SuhI ELUFI3tNAfeSmDcc2jxwkhIljs9ytcVoocj9NENV4RM7iI2uXZucoXEV45tOyLnJq5NyHHvRLeYOI 1C8E2L7H64y3zQC2axR9F49GI0IYOt3B/M6ulUmqChCqz4vDH2n3EE7Is6t3Ac2ESyYg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] IOMMU: also pass p2m_access_t to p2m_get_iommu_flags() Message-Id: Date: Fri, 10 Sep 2021 05:12:13 +0000 commit 41200e052a61bebfed3b2ff114bed3366e6c34ec Author: Jan Beulich AuthorDate: Wed Aug 25 15:22:52 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:22:52 2021 +0200 IOMMU: also pass p2m_access_t to p2m_get_iommu_flags() A subsequent change will want to customize the IOMMU permissions based on this. This is part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: d1bb6c97c31ef754fb29b29eb307c090414e8022 master date: 2021-08-25 14:15:32 +0200 --- xen/arch/x86/mm/p2m-ept.c | 6 +++--- xen/arch/x86/mm/p2m-pt.c | 19 ++++++++++++++++--- xen/include/asm-x86/p2m.h | 3 ++- 3 files changed, 21 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/mm/p2m-ept.c b/xen/arch/x86/mm/p2m-ept.c index 9c1627dbb3..884a06d0a8 100644 --- a/xen/arch/x86/mm/p2m-ept.c +++ b/xen/arch/x86/mm/p2m-ept.c @@ -678,7 +678,7 @@ ept_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, uint8_t ipat = 0; bool_t need_modify_vtd_table = 1; bool_t vtd_pte_present = 0; - unsigned int iommu_flags = p2m_get_iommu_flags(p2mt, mfn); + unsigned int iommu_flags = p2m_get_iommu_flags(p2mt, p2ma, mfn); bool_t needs_sync = 1; ept_entry_t old_entry = { .epte = 0 }; ept_entry_t new_entry = { .epte = 0 }; @@ -805,8 +805,8 @@ ept_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, /* Safe to read-then-write because we hold the p2m lock */ if ( ept_entry->mfn == new_entry.mfn && - p2m_get_iommu_flags(ept_entry->sa_p2mt, _mfn(ept_entry->mfn)) == - iommu_flags ) + p2m_get_iommu_flags(ept_entry->sa_p2mt, ept_entry->access, + _mfn(ept_entry->mfn)) == iommu_flags ) need_modify_vtd_table = 0; ept_p2m_type_to_flags(p2m, &new_entry, p2mt, p2ma); diff --git a/xen/arch/x86/mm/p2m-pt.c b/xen/arch/x86/mm/p2m-pt.c index 2b74726e39..5c64008208 100644 --- a/xen/arch/x86/mm/p2m-pt.c +++ b/xen/arch/x86/mm/p2m-pt.c @@ -480,6 +480,16 @@ int p2m_pt_handle_deferred_changes(uint64_t gpa) return rc; } +/* Reconstruct a fake p2m_access_t from stored PTE flags. */ +static p2m_access_t p2m_flags_to_access(unsigned int flags) +{ + if ( flags & _PAGE_PRESENT ) + return p2m_access_n; + + /* No need to look at _PAGE_NX for now. */ + return flags & _PAGE_RW ? p2m_access_rw : p2m_access_r; +} + /* Checks only applicable to entries with order > PAGE_ORDER_4K */ static void check_entry(mfn_t mfn, p2m_type_t new, p2m_type_t old, unsigned int order) @@ -514,7 +524,7 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, l2_pgentry_t l2e_content; l3_pgentry_t l3e_content; int rc; - unsigned int iommu_pte_flags = p2m_get_iommu_flags(p2mt, mfn); + unsigned int iommu_pte_flags = p2m_get_iommu_flags(p2mt, p2ma, mfn); /* * old_mfn and iommu_old_flags control possible flush/update needs on the * IOMMU: We need to flush when MFN or flags (i.e. permissions) change. @@ -577,6 +587,7 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, old_mfn = l1e_get_pfn(*p2m_entry); iommu_old_flags = p2m_get_iommu_flags(p2m_flags_to_type(flags), + p2m_flags_to_access(flags), _mfn(old_mfn)); } else @@ -619,9 +630,10 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, 0, L1_PAGETABLE_ENTRIES); ASSERT(p2m_entry); old_mfn = l1e_get_pfn(*p2m_entry); + flags = l1e_get_flags(*p2m_entry); iommu_old_flags = - p2m_get_iommu_flags(p2m_flags_to_type(l1e_get_flags(*p2m_entry)), - _mfn(old_mfn)); + p2m_get_iommu_flags(p2m_flags_to_type(flags), + p2m_flags_to_access(flags), _mfn(old_mfn)); if ( mfn_valid(mfn) || p2m_allows_invalid_mfn(p2mt) ) entry_content = p2m_l1e_from_pfn(mfn_x(mfn), @@ -649,6 +661,7 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, old_mfn = l1e_get_pfn(*p2m_entry); iommu_old_flags = p2m_get_iommu_flags(p2m_flags_to_type(flags), + p2m_flags_to_access(flags), _mfn(old_mfn)); } else diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index 2358954039..4cc29e51f2 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -908,7 +908,8 @@ static inline void p2m_altp2m_check(struct vcpu *v, uint16_t idx) {} /* * p2m type to IOMMU flags */ -static inline unsigned int p2m_get_iommu_flags(p2m_type_t p2mt, mfn_t mfn) +static inline unsigned int p2m_get_iommu_flags(p2m_type_t p2mt, + p2m_access_t p2ma, mfn_t mfn) { unsigned int flags; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Fri Sep 10 05:12:25 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 10 Sep 2021 05:12:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183974.332415 (Exim 4.92) (envelope-from ) id 1mOYpt-0004HN-0U; Fri, 10 Sep 2021 05:12:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183974.332415; Fri, 10 Sep 2021 05:12:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYps-0004HE-TL; Fri, 10 Sep 2021 05:12:24 +0000 Received: by outflank-mailman (input) for mailman id 183974; Fri, 10 Sep 2021 05:12:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYpr-0004Gk-NT for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:12:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYpr-0006RK-Mj for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:12:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOYpr-0005XK-La for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:12:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ajILDKMpqN/GTaKvImGtA9hrJjqo9Qc0WgazsvDu1V0=; b=zRGBBIAbwudyj93Rzbf4jVMgy7 7r1e7CmohuYxOiRlUwZ/aQ+Z7tq4dzpqybW065s329Pefr9HX2zqor5NDM3BcA+IYWmeKCdeGrw+P syMdS6VN4c3u398md029IinALyo6MR7Vr7PypIAvNc9yEmZ82if+0JFf1Rs5rJ+fLCmI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] IOMMU: generalize VT-d's tracking of mapped RMRR regions Message-Id: Date: Fri, 10 Sep 2021 05:12:23 +0000 commit 18fe877620e428c1d12b3ec4b3385dace07f686f Author: Jan Beulich AuthorDate: Wed Aug 25 15:23:12 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:23:12 2021 +0200 IOMMU: generalize VT-d's tracking of mapped RMRR regions In order to re-use it elsewhere, move the logic to vendor independent code and strip it of RMRR specifics. Note that the prior "map" parameter gets folded into the new "p2ma" one (which AMD IOMMU code will want to make use of), assigning alternative meaning ("unmap") to p2m_access_x. Prepare set_identity_p2m_entry() and p2m_get_iommu_flags() for getting passed access types other than p2m_access_rw (in the latter case just for p2m_mmio_direct requests). Note also that, to be on the safe side, an overlap check gets added to the main loop of iommu_identity_mapping(). This is part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: c0e19d7c6c42f0bfccccd96b4f7b03b5515e10fc master date: 2021-08-25 14:15:57 +0200 --- xen/arch/x86/mm/p2m.c | 2 +- xen/drivers/passthrough/vtd/iommu.c | 98 +++++-------------------------------- xen/drivers/passthrough/x86/iommu.c | 95 ++++++++++++++++++++++++++++++++++- xen/include/asm-x86/iommu.h | 8 ++- xen/include/asm-x86/p2m.h | 35 +++++++++++-- 5 files changed, 147 insertions(+), 91 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 7c042f72d4..01402cfc5d 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -1351,7 +1351,7 @@ int set_identity_p2m_entry(struct domain *d, unsigned long gfn_l, if ( !is_iommu_enabled(d) ) return 0; return iommu_legacy_map(d, _dfn(gfn_l), _mfn(gfn_l), PAGE_ORDER_4K, - IOMMUF_readable | IOMMUF_writable); + p2m_access_to_iommu_flags(p2ma)); } gfn_lock(p2m, gfn, 0); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 38719cf8ec..98787ce3a8 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -42,12 +42,6 @@ #include "vtd.h" #include "../ats.h" -struct mapped_rmrr { - struct list_head list; - u64 base, end; - unsigned int count; -}; - /* Possible unfiltered LAPIC/MSI messages from untrusted sources? */ bool __read_mostly untrusted_msi; @@ -1799,17 +1793,12 @@ out: static void iommu_domain_teardown(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); - struct mapped_rmrr *mrmrr, *tmp; const struct acpi_drhd_unit *drhd; if ( list_empty(&acpi_drhd_units) ) return; - list_for_each_entry_safe ( mrmrr, tmp, &hd->arch.mapped_rmrrs, list ) - { - list_del(&mrmrr->list); - xfree(mrmrr); - } + iommu_identity_map_teardown(d); ASSERT(is_iommu_enabled(d)); @@ -1963,74 +1952,6 @@ static void iommu_set_pgd(struct domain *d) pagetable_get_paddr(pagetable_from_mfn(pgd_mfn)); } -static int rmrr_identity_mapping(struct domain *d, bool_t map, - const struct acpi_rmrr_unit *rmrr, - u32 flag) -{ - unsigned long base_pfn = rmrr->base_address >> PAGE_SHIFT_4K; - unsigned long end_pfn = PAGE_ALIGN_4K(rmrr->end_address) >> PAGE_SHIFT_4K; - struct mapped_rmrr *mrmrr; - struct domain_iommu *hd = dom_iommu(d); - - ASSERT(pcidevs_locked()); - ASSERT(rmrr->base_address < rmrr->end_address); - - /* - * No need to acquire hd->arch.mapping_lock: Both insertion and removal - * get done while holding pcidevs_lock. - */ - list_for_each_entry( mrmrr, &hd->arch.mapped_rmrrs, list ) - { - if ( mrmrr->base == rmrr->base_address && - mrmrr->end == rmrr->end_address ) - { - int ret = 0; - - if ( map ) - { - ++mrmrr->count; - return 0; - } - - if ( --mrmrr->count ) - return 0; - - while ( base_pfn < end_pfn ) - { - if ( clear_identity_p2m_entry(d, base_pfn) ) - ret = -ENXIO; - base_pfn++; - } - - list_del(&mrmrr->list); - xfree(mrmrr); - return ret; - } - } - - if ( !map ) - return -ENOENT; - - while ( base_pfn < end_pfn ) - { - int err = set_identity_p2m_entry(d, base_pfn, p2m_access_rw, flag); - - if ( err ) - return err; - base_pfn++; - } - - mrmrr = xmalloc(struct mapped_rmrr); - if ( !mrmrr ) - return -ENOMEM; - mrmrr->base = rmrr->base_address; - mrmrr->end = rmrr->end_address; - mrmrr->count = 1; - list_add_tail(&mrmrr->list, &hd->arch.mapped_rmrrs); - - return 0; -} - static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) { struct acpi_rmrr_unit *rmrr; @@ -2062,7 +1983,9 @@ static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) * Since RMRRs are always reserved in the e820 map for the hardware * domain, there shouldn't be a conflict. */ - ret = rmrr_identity_mapping(pdev->domain, 1, rmrr, 0); + ret = iommu_identity_mapping(pdev->domain, p2m_access_rw, + rmrr->base_address, rmrr->end_address, + 0); if ( ret ) dprintk(XENLOG_ERR VTDPREFIX, "d%d: RMRR mapping failed\n", pdev->domain->domain_id); @@ -2107,7 +2030,8 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) * Any flag is nothing to clear these mappings but here * its always safe and strict to set 0. */ - rmrr_identity_mapping(pdev->domain, 0, rmrr, 0); + iommu_identity_mapping(pdev->domain, p2m_access_x, rmrr->base_address, + rmrr->end_address, 0); } return domain_context_unmap(pdev->domain, devfn, pdev); @@ -2306,7 +2230,8 @@ static void __hwdom_init setup_hwdom_rmrr(struct domain *d) * domain, there shouldn't be a conflict. So its always safe and * strict to set 0. */ - ret = rmrr_identity_mapping(d, 1, rmrr, 0); + ret = iommu_identity_mapping(d, p2m_access_rw, rmrr->base_address, + rmrr->end_address, 0); if ( ret ) dprintk(XENLOG_ERR VTDPREFIX, "IOMMU: mapping reserved region failed\n"); @@ -2465,7 +2390,9 @@ static int reassign_device_ownership( * Any RMRR flag is always ignored when remove a device, * but its always safe and strict to set 0. */ - ret = rmrr_identity_mapping(source, 0, rmrr, 0); + ret = iommu_identity_mapping(source, p2m_access_x, + rmrr->base_address, + rmrr->end_address, 0); if ( ret != -ENOENT ) return ret; } @@ -2562,7 +2489,8 @@ static int intel_iommu_assign_device( PCI_BUS(bdf) == bus && PCI_DEVFN2(bdf) == devfn ) { - ret = rmrr_identity_mapping(d, 1, rmrr, flag); + ret = iommu_identity_mapping(d, p2m_access_rw, rmrr->base_address, + rmrr->end_address, flag); if ( ret ) { int rc; diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index 2cf528e760..c521ba5ad8 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -127,7 +127,7 @@ int arch_iommu_domain_init(struct domain *d) struct domain_iommu *hd = dom_iommu(d); spin_lock_init(&hd->arch.mapping_lock); - INIT_LIST_HEAD(&hd->arch.mapped_rmrrs); + INIT_LIST_HEAD(&hd->arch.identity_maps); return 0; } @@ -136,6 +136,99 @@ void arch_iommu_domain_destroy(struct domain *d) { } +struct identity_map { + struct list_head list; + paddr_t base, end; + p2m_access_t access; + unsigned int count; +}; + +int iommu_identity_mapping(struct domain *d, p2m_access_t p2ma, + paddr_t base, paddr_t end, + unsigned int flag) +{ + unsigned long base_pfn = base >> PAGE_SHIFT_4K; + unsigned long end_pfn = PAGE_ALIGN_4K(end) >> PAGE_SHIFT_4K; + struct identity_map *map; + struct domain_iommu *hd = dom_iommu(d); + + ASSERT(pcidevs_locked()); + ASSERT(base < end); + + /* + * No need to acquire hd->arch.mapping_lock: Both insertion and removal + * get done while holding pcidevs_lock. + */ + list_for_each_entry( map, &hd->arch.identity_maps, list ) + { + if ( map->base == base && map->end == end ) + { + int ret = 0; + + if ( p2ma != p2m_access_x ) + { + if ( map->access != p2ma ) + return -EADDRINUSE; + ++map->count; + return 0; + } + + if ( --map->count ) + return 0; + + while ( base_pfn < end_pfn ) + { + if ( clear_identity_p2m_entry(d, base_pfn) ) + ret = -ENXIO; + base_pfn++; + } + + list_del(&map->list); + xfree(map); + + return ret; + } + + if ( end >= map->base && map->end >= base ) + return -EADDRINUSE; + } + + if ( p2ma == p2m_access_x ) + return -ENOENT; + + while ( base_pfn < end_pfn ) + { + int err = set_identity_p2m_entry(d, base_pfn, p2ma, flag); + + if ( err ) + return err; + base_pfn++; + } + + map = xmalloc(struct identity_map); + if ( !map ) + return -ENOMEM; + map->base = base; + map->end = end; + map->access = p2ma; + map->count = 1; + list_add_tail(&map->list, &hd->arch.identity_maps); + + return 0; +} + +void iommu_identity_map_teardown(struct domain *d) +{ + struct domain_iommu *hd = dom_iommu(d); + struct identity_map *map, *tmp; + + list_for_each_entry_safe ( map, tmp, &hd->arch.identity_maps, list ) + { + list_del(&map->list); + xfree(map); + } +} + static bool __hwdom_init hwdom_iommu_map(const struct domain *d, unsigned long pfn, unsigned long max_pfn) diff --git a/xen/include/asm-x86/iommu.h b/xen/include/asm-x86/iommu.h index 6c9d5e5632..aaf9455b8e 100644 --- a/xen/include/asm-x86/iommu.h +++ b/xen/include/asm-x86/iommu.h @@ -16,6 +16,7 @@ #include #include +#include #include #include #include @@ -49,7 +50,7 @@ struct arch_iommu spinlock_t mapping_lock; /* io page table lock */ int agaw; /* adjusted guest address width, 0 is level 2 30-bit */ u64 iommu_bitmap; /* bitmap of iommu(s) that the domain uses */ - struct list_head mapped_rmrrs; + struct list_head identity_maps; /* amd iommu support */ int paging_mode; @@ -112,6 +113,11 @@ static inline void iommu_disable_x2apic(void) iommu_ops.disable_x2apic(); } +int iommu_identity_mapping(struct domain *d, p2m_access_t p2ma, + paddr_t base, paddr_t end, + unsigned int flag); +void iommu_identity_map_teardown(struct domain *d); + extern bool untrusted_msi; int pi_update_irte(const struct pi_desc *pi_desc, const struct pirq *pirq, diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index 4cc29e51f2..3492542af7 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -905,6 +905,34 @@ struct p2m_domain *p2m_get_altp2m(struct vcpu *v); static inline void p2m_altp2m_check(struct vcpu *v, uint16_t idx) {} #endif +/* p2m access to IOMMU flags */ +static inline unsigned int p2m_access_to_iommu_flags(p2m_access_t p2ma) +{ + switch ( p2ma ) + { + case p2m_access_rw: + case p2m_access_rwx: + return IOMMUF_readable | IOMMUF_writable; + + case p2m_access_r: + case p2m_access_rx: + case p2m_access_rx2rw: + return IOMMUF_readable; + + case p2m_access_w: + case p2m_access_wx: + return IOMMUF_writable; + + case p2m_access_n: + case p2m_access_x: + case p2m_access_n2rwx: + return 0; + } + + ASSERT_UNREACHABLE(); + return 0; +} + /* * p2m type to IOMMU flags */ @@ -926,9 +954,10 @@ static inline unsigned int p2m_get_iommu_flags(p2m_type_t p2mt, flags = IOMMUF_readable; break; case p2m_mmio_direct: - flags = IOMMUF_readable; - if ( !rangeset_contains_singleton(mmio_ro_ranges, mfn_x(mfn)) ) - flags |= IOMMUF_writable; + flags = p2m_access_to_iommu_flags(p2ma); + if ( (flags & IOMMUF_writable) && + rangeset_contains_singleton(mmio_ro_ranges, mfn_x(mfn)) ) + flags &= ~IOMMUF_writable; break; default: flags = 0; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Fri Sep 10 05:12:36 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 10 Sep 2021 05:12:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183976.332419 (Exim 4.92) (envelope-from ) id 1mOYq4-0004KL-2I; Fri, 10 Sep 2021 05:12:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183976.332419; Fri, 10 Sep 2021 05:12:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYq3-0004KD-V1; Fri, 10 Sep 2021 05:12:35 +0000 Received: by outflank-mailman (input) for mailman id 183976; Fri, 10 Sep 2021 05:12:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYq1-0004Ju-RS for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:12:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYq1-0006RS-Qd for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:12:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOYq1-0005Y8-Ph for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:12:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=7yG4dMeloNJa+QGYX6um/GVW8X0mFOcioKUv3CUArac=; b=3J0d9+VcRInbynoxsH1rT/ZkzW LmqmyDR7obDA9TxZVEiOsmtIL9XcDqUOsAvM553WMU9PHFjmW8gMRY9KwsLu9+0+lDI5p8oYOKsco 2FPOlXXQA+S6sSm55XB17/fEk8Km9NhicfAKqdgycqEn5RDSMx2jzcRLjiFuOz0lGHI4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] AMD/IOMMU: re-arrange/complete re-assignment handling Message-Id: Date: Fri, 10 Sep 2021 05:12:33 +0000 commit 2357043846efeaa7a8b14791413103bb693dca52 Author: Jan Beulich AuthorDate: Wed Aug 25 15:23:43 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:23:43 2021 +0200 AMD/IOMMU: re-arrange/complete re-assignment handling Prior to the assignment step having completed successfully, devices should not get associated with their new owner. Hand the device to DomIO (perhaps temporarily), until after the de-assignment step has completed. De-assignment of a device (from other than Dom0) as well as failure of reassign_device() during assignment should result in unity mappings getting torn down. This in turn requires switching to a refcounted mapping approach, as was already used by VT-d for its RMRRs, to prevent unmapping a region used by multiple devices. This is CVE-2021-28696 / part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: 899272539cbe1acda736a850015416fff653a1b6 master date: 2021-08-25 14:16:26 +0200 --- xen/drivers/passthrough/amd/iommu_map.c | 63 ++++++++++++++++----------- xen/drivers/passthrough/amd/pci_amd_iommu.c | 54 ++++++++++++++++++----- xen/include/asm-x86/hvm/svm/amd-iommu-proto.h | 6 ++- 3 files changed, 83 insertions(+), 40 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 85b8df9abd..927d6224a9 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -430,38 +430,49 @@ int amd_iommu_flush_iotlb_all(struct domain *d) return 0; } -int amd_iommu_reserve_domain_unity_map(struct domain *domain, - paddr_t phys_addr, - unsigned long size, int iw, int ir) +int amd_iommu_reserve_domain_unity_map(struct domain *d, + const struct ivrs_unity_map *map, + unsigned int flag) { - unsigned long npages, i; - unsigned long gfn; - unsigned int flags = !!ir; - unsigned int flush_flags = 0; - int rt = 0; - - if ( iw ) - flags |= IOMMUF_writable; - - npages = region_to_pages(phys_addr, size); - gfn = phys_addr >> PAGE_SHIFT; - for ( i = 0; i < npages; i++ ) + int rc; + + if ( d == dom_io ) + return 0; + + for ( rc = 0; !rc && map; map = map->next ) { - unsigned long frame = gfn + i; + p2m_access_t p2ma = p2m_access_n; - rt = amd_iommu_map_page(domain, _dfn(frame), _mfn(frame), flags, - &flush_flags); - if ( rt != 0 ) - break; + if ( map->read ) + p2ma |= p2m_access_r; + if ( map->write ) + p2ma |= p2m_access_w; + + rc = iommu_identity_mapping(d, p2ma, map->addr, + map->addr + map->length - 1, flag); } - /* Use while-break to avoid compiler warning */ - while ( flush_flags && - amd_iommu_flush_iotlb_pages(domain, _dfn(gfn), - npages, flush_flags) ) - break; + return rc; +} + +int amd_iommu_reserve_domain_unity_unmap(struct domain *d, + const struct ivrs_unity_map *map) +{ + int rc; + + if ( d == dom_io ) + return 0; + + for ( rc = 0; map; map = map->next ) + { + int ret = iommu_identity_mapping(d, p2m_access_x, map->addr, + map->addr + map->length - 1, 0); + + if ( ret && ret != -ENOENT && !rc ) + rc = ret; + } - return rt; + return rc; } int __init amd_iommu_quarantine_init(struct domain *d) diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 8cd5394e6b..6c730f1a72 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -330,6 +330,7 @@ static int reassign_device(struct domain *source, struct domain *target, struct amd_iommu *iommu; int bdf, rc; struct domain_iommu *t = dom_iommu(target); + const struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); bdf = PCI_BDF2(pdev->bus, pdev->devfn); iommu = find_iommu_for_device(pdev->seg, bdf); @@ -344,10 +345,24 @@ static int reassign_device(struct domain *source, struct domain *target, amd_iommu_disable_domain_device(source, iommu, devfn, pdev); - if ( devfn == pdev->devfn ) + /* + * If the device belongs to the hardware domain, and it has a unity mapping, + * don't remove it from the hardware domain, because BIOS may reference that + * mapping. + */ + if ( !is_hardware_domain(source) ) { - list_move(&pdev->domain_list, &target->pdev_list); - pdev->domain = target; + rc = amd_iommu_reserve_domain_unity_unmap( + source, + ivrs_mappings[get_dma_requestor_id(pdev->seg, bdf)].unity_map); + if ( rc ) + return rc; + } + + if ( devfn == pdev->devfn && pdev->domain != dom_io ) + { + list_move(&pdev->domain_list, &dom_io->pdev_list); + pdev->domain = dom_io; } rc = allocate_domain_resources(t); @@ -359,6 +374,12 @@ static int reassign_device(struct domain *source, struct domain *target, pdev->seg, pdev->bus, PCI_SLOT(devfn), PCI_FUNC(devfn), source->domain_id, target->domain_id); + if ( devfn == pdev->devfn && pdev->domain != target ) + { + list_move(&pdev->domain_list, &target->pdev_list); + pdev->domain = target; + } + return 0; } @@ -369,20 +390,28 @@ static int amd_iommu_assign_device(struct domain *d, u8 devfn, struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); int bdf = PCI_BDF2(pdev->bus, devfn); int req_id = get_dma_requestor_id(pdev->seg, bdf); - const struct ivrs_unity_map *unity_map; + int rc = amd_iommu_reserve_domain_unity_map( + d, ivrs_mappings[req_id].unity_map, flag); + + if ( !rc ) + rc = reassign_device(pdev->domain, d, devfn, pdev); - for ( unity_map = ivrs_mappings[req_id].unity_map; unity_map; - unity_map = unity_map->next ) + if ( rc && !is_hardware_domain(d) ) { - int rc = amd_iommu_reserve_domain_unity_map( - d, unity_map->addr, unity_map->length, - unity_map->write, unity_map->read); + int ret = amd_iommu_reserve_domain_unity_unmap( + d, ivrs_mappings[req_id].unity_map); - if ( rc ) - return rc; + if ( ret ) + { + printk(XENLOG_ERR "AMD-Vi: " + "unity-unmap for %pd/%04x:%02x:%02x.%u failed (%d)\n", + d, pdev->seg, pdev->bus, + PCI_SLOT(devfn), PCI_FUNC(devfn), ret); + domain_crash(d); + } } - return reassign_device(pdev->domain, d, devfn, pdev); + return rc; } static void deallocate_next_page_table(struct page_info *pg, int level) @@ -441,6 +470,7 @@ static void deallocate_iommu_page_tables(struct domain *d) static void amd_iommu_domain_destroy(struct domain *d) { + iommu_identity_map_teardown(d); deallocate_iommu_page_tables(d); amd_iommu_flush_all_pages(d); } diff --git a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h index 94e288f52d..8726e62558 100644 --- a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h +++ b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h @@ -64,8 +64,10 @@ int __must_check amd_iommu_unmap_page(struct domain *d, dfn_t dfn, unsigned int *flush_flags); int __must_check amd_iommu_alloc_root(struct domain_iommu *hd); int amd_iommu_reserve_domain_unity_map(struct domain *domain, - paddr_t phys_addr, unsigned long size, - int iw, int ir); + const struct ivrs_unity_map *map, + unsigned int flag); +int amd_iommu_reserve_domain_unity_unmap(struct domain *d, + const struct ivrs_unity_map *map); int __must_check amd_iommu_flush_iotlb_pages(struct domain *d, dfn_t dfn, unsigned int page_count, unsigned int flush_flags); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Fri Sep 10 05:12:45 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 10 Sep 2021 05:12:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183978.332423 (Exim 4.92) (envelope-from ) id 1mOYqD-0004Nm-60; Fri, 10 Sep 2021 05:12:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183978.332423; Fri, 10 Sep 2021 05:12:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYqD-0004Ne-2r; Fri, 10 Sep 2021 05:12:45 +0000 Received: by outflank-mailman (input) for mailman id 183978; Fri, 10 Sep 2021 05:12:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYqB-0004NW-V3 for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:12:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYqB-0006Rd-UL for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:12:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOYqB-0005Z1-TS for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:12:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Etw80gHpymkj0h6AwQn+yzrMxHEci3mxJ4spVOSPcWU=; b=uvHliTt2GrOuQvxD1U/K1axNI5 KkX6LCDfPVG2uzh+li5T/sl5Vw3yY/fzCv2jipXAATOcUTZy5MYfYV6SLrQhMbrQiRvfhOxiQwn6c krPpaoc6KhThGF8iq/ygiwPdHZl+Oh/OAru8a5mk5j79sjDNg7wA5NDH1p+0c++9NNd0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] AMD/IOMMU: re-arrange exclusion range and unity map recording Message-Id: Date: Fri, 10 Sep 2021 05:12:43 +0000 commit ebeb9ec0ad4dd63ec3b5d5d092ea56bc6fe0170f Author: Jan Beulich AuthorDate: Wed Aug 25 15:24:02 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:24:02 2021 +0200 AMD/IOMMU: re-arrange exclusion range and unity map recording The spec makes no provisions for OS behavior here to depend on the amount of RAM found on the system. While the spec may not sufficiently clearly distinguish both kinds of regions, they are surely meant to be separate things: Only regions with ACPI_IVMD_EXCLUSION_RANGE set should be candidates for putting in the exclusion range registers. (As there's only a single such pair of registers per IOMMU, secondary non-adjacent regions with the flag set already get converted to unity mapped regions.) First of all, drop the dependency on max_page. With commit b4f042236ae0 ("AMD/IOMMU: Cease using a dynamic height for the IOMMU pagetables") the use of it here was stale anyway; it was bogus already before, as it didn't account for max_page getting increased later on. Simply try an exclusion range registration first, and if it fails (for being unsuitable or non-mergeable), register a unity mapping range. With this various local variables become unnecessary and hence get dropped at the same time. With the max_page boundary dropped for using unity maps, the minimum page table tree height now needs both recording and enforcing in amd_iommu_domain_init(). Since we can't predict which devices may get assigned to a domain, our only option is to uniformly force at least that height for all domains, now that the height isn't dynamic anymore. Further don't make use of the exclusion range unless ACPI data says so. Note that exclusion range registration in register_range_for_all_devices() is on a best effort basis. Hence unity map entries also registered are redundant when the former succeeded, but they also do no harm. Improvements in this area can be done later imo. Also adjust types where suitable without touching extra lines. This is part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: 8ea80530cd0dbb8ffa7ac92606a3ee29663fdc93 master date: 2021-08-25 14:16:46 +0200 --- xen/drivers/passthrough/amd/iommu_acpi.c | 184 +++++++++++--------------- xen/drivers/passthrough/amd/pci_amd_iommu.c | 12 +- xen/include/asm-x86/hvm/svm/amd-iommu-proto.h | 2 + 3 files changed, 90 insertions(+), 108 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c b/xen/drivers/passthrough/amd/iommu_acpi.c index f933242a3d..ccc66c11d0 100644 --- a/xen/drivers/passthrough/amd/iommu_acpi.c +++ b/xen/drivers/passthrough/amd/iommu_acpi.c @@ -118,12 +118,8 @@ static struct amd_iommu * __init find_iommu_from_bdf_cap( } static int __init reserve_iommu_exclusion_range( - struct amd_iommu *iommu, uint64_t base, uint64_t limit, - bool all, bool iw, bool ir) + struct amd_iommu *iommu, paddr_t base, paddr_t limit, bool all) { - if ( !ir || !iw ) - return -EPERM; - /* need to extend exclusion range? */ if ( iommu->exclusion_enable ) { @@ -152,14 +148,18 @@ static int __init reserve_unity_map_for_device( { struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(seg); struct ivrs_unity_map *unity_map = ivrs_mappings[bdf].unity_map; + int paging_mode = amd_iommu_get_paging_mode(PFN_UP(base + length)); + + if ( paging_mode < 0 ) + return paging_mode; /* Check for overlaps. */ for ( ; unity_map; unity_map = unity_map->next ) { /* * Exact matches are okay. This can in particular happen when - * register_exclusion_range_for_device() calls here twice for the - * same (s,b,d,f). + * register_range_for_device() calls here twice for the same + * (s,b,d,f). */ if ( base == unity_map->addr && length == unity_map->length && ir == unity_map->read && iw == unity_map->write ) @@ -187,55 +187,52 @@ static int __init reserve_unity_map_for_device( unity_map->next = ivrs_mappings[bdf].unity_map; ivrs_mappings[bdf].unity_map = unity_map; + if ( paging_mode > amd_iommu_min_paging_mode ) + amd_iommu_min_paging_mode = paging_mode; + return 0; } -static int __init register_exclusion_range_for_all_devices( - unsigned long base, unsigned long limit, u8 iw, u8 ir) +static int __init register_range_for_all_devices( + paddr_t base, paddr_t limit, bool iw, bool ir, bool exclusion) { int seg = 0; /* XXX */ - unsigned long range_top, iommu_top, length; struct amd_iommu *iommu; - unsigned int bdf; int rc = 0; /* is part of exclusion range inside of IOMMU virtual address space? */ /* note: 'limit' parameter is assumed to be page-aligned */ - range_top = limit + PAGE_SIZE; - iommu_top = max_page * PAGE_SIZE; - if ( base < iommu_top ) - { - if ( range_top > iommu_top ) - range_top = iommu_top; - length = range_top - base; - /* reserve r/w unity-mapped page entries for devices */ - /* note: these entries are part of the exclusion range */ - for ( bdf = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) - rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); - /* push 'base' just outside of virtual address space */ - base = iommu_top; - } - /* register IOMMU exclusion range settings */ - if ( !rc && limit >= iommu_top ) + if ( exclusion ) { for_each_amd_iommu( iommu ) { - rc = reserve_iommu_exclusion_range(iommu, base, limit, - true /* all */, iw, ir); - if ( rc ) - break; + int ret = reserve_iommu_exclusion_range(iommu, base, limit, + true /* all */); + + if ( ret && !rc ) + rc = ret; } } + if ( !exclusion || rc ) + { + paddr_t length = limit + PAGE_SIZE - base; + unsigned int bdf; + + /* reserve r/w unity-mapped page entries for devices */ + for ( bdf = rc = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) + rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); + } + return rc; } -static int __init register_exclusion_range_for_device( - u16 bdf, unsigned long base, unsigned long limit, u8 iw, u8 ir) +static int __init register_range_for_device( + unsigned int bdf, paddr_t base, paddr_t limit, + bool iw, bool ir, bool exclusion) { int seg = 0; /* XXX */ struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(seg); - unsigned long range_top, iommu_top, length; struct amd_iommu *iommu; u16 req; int rc = 0; @@ -249,27 +246,19 @@ static int __init register_exclusion_range_for_device( req = ivrs_mappings[bdf].dte_requestor_id; /* note: 'limit' parameter is assumed to be page-aligned */ - range_top = limit + PAGE_SIZE; - iommu_top = max_page * PAGE_SIZE; - if ( base < iommu_top ) + if ( exclusion ) + rc = reserve_iommu_exclusion_range(iommu, base, limit, + false /* all */); + if ( !exclusion || rc ) { - if ( range_top > iommu_top ) - range_top = iommu_top; - length = range_top - base; + paddr_t length = limit + PAGE_SIZE - base; + /* reserve unity-mapped page entries for device */ - /* note: these entries are part of the exclusion range */ rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir) ?: reserve_unity_map_for_device(seg, req, base, length, iw, ir); - - /* push 'base' just outside of virtual address space */ - base = iommu_top; } - - /* register IOMMU exclusion range settings for device */ - if ( !rc && limit >= iommu_top ) + else { - rc = reserve_iommu_exclusion_range(iommu, base, limit, - false /* all */, iw, ir); ivrs_mappings[bdf].dte_allow_exclusion = true; ivrs_mappings[req].dte_allow_exclusion = true; } @@ -277,53 +266,42 @@ static int __init register_exclusion_range_for_device( return rc; } -static int __init register_exclusion_range_for_iommu_devices( - struct amd_iommu *iommu, - unsigned long base, unsigned long limit, u8 iw, u8 ir) +static int __init register_range_for_iommu_devices( + struct amd_iommu *iommu, paddr_t base, paddr_t limit, + bool iw, bool ir, bool exclusion) { - unsigned long range_top, iommu_top, length; + /* note: 'limit' parameter is assumed to be page-aligned */ + paddr_t length = limit + PAGE_SIZE - base; unsigned int bdf; u16 req; - int rc = 0; + int rc; - /* is part of exclusion range inside of IOMMU virtual address space? */ - /* note: 'limit' parameter is assumed to be page-aligned */ - range_top = limit + PAGE_SIZE; - iommu_top = max_page * PAGE_SIZE; - if ( base < iommu_top ) + if ( exclusion ) { - if ( range_top > iommu_top ) - range_top = iommu_top; - length = range_top - base; - /* reserve r/w unity-mapped page entries for devices */ - /* note: these entries are part of the exclusion range */ - for ( bdf = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) - { - if ( iommu == find_iommu_for_device(iommu->seg, bdf) ) - { - req = get_ivrs_mappings(iommu->seg)[bdf].dte_requestor_id; - rc = reserve_unity_map_for_device(iommu->seg, bdf, base, length, - iw, ir) ?: - reserve_unity_map_for_device(iommu->seg, req, base, length, - iw, ir); - } - } - - /* push 'base' just outside of virtual address space */ - base = iommu_top; + rc = reserve_iommu_exclusion_range(iommu, base, limit, true /* all */); + if ( !rc ) + return 0; } - /* register IOMMU exclusion range settings */ - if ( !rc && limit >= iommu_top ) - rc = reserve_iommu_exclusion_range(iommu, base, limit, - true /* all */, iw, ir); + /* reserve unity-mapped page entries for devices */ + for ( bdf = rc = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) + { + if ( iommu != find_iommu_for_device(iommu->seg, bdf) ) + continue; + + req = get_ivrs_mappings(iommu->seg)[bdf].dte_requestor_id; + rc = reserve_unity_map_for_device(iommu->seg, bdf, base, length, + iw, ir) ?: + reserve_unity_map_for_device(iommu->seg, req, base, length, + iw, ir); + } return rc; } static int __init parse_ivmd_device_select( const struct acpi_ivrs_memory *ivmd_block, - unsigned long base, unsigned long limit, u8 iw, u8 ir) + paddr_t base, paddr_t limit, bool iw, bool ir, bool exclusion) { u16 bdf; @@ -334,12 +312,12 @@ static int __init parse_ivmd_device_select( return -ENODEV; } - return register_exclusion_range_for_device(bdf, base, limit, iw, ir); + return register_range_for_device(bdf, base, limit, iw, ir, exclusion); } static int __init parse_ivmd_device_range( const struct acpi_ivrs_memory *ivmd_block, - unsigned long base, unsigned long limit, u8 iw, u8 ir) + paddr_t base, paddr_t limit, bool iw, bool ir, bool exclusion) { unsigned int first_bdf, last_bdf, bdf; int error; @@ -361,15 +339,15 @@ static int __init parse_ivmd_device_range( } for ( bdf = first_bdf, error = 0; (bdf <= last_bdf) && !error; bdf++ ) - error = register_exclusion_range_for_device( - bdf, base, limit, iw, ir); + error = register_range_for_device( + bdf, base, limit, iw, ir, exclusion); return error; } static int __init parse_ivmd_device_iommu( const struct acpi_ivrs_memory *ivmd_block, - unsigned long base, unsigned long limit, u8 iw, u8 ir) + paddr_t base, paddr_t limit, bool iw, bool ir, bool exclusion) { int seg = 0; /* XXX */ struct amd_iommu *iommu; @@ -384,14 +362,14 @@ static int __init parse_ivmd_device_iommu( return -ENODEV; } - return register_exclusion_range_for_iommu_devices( - iommu, base, limit, iw, ir); + return register_range_for_iommu_devices( + iommu, base, limit, iw, ir, exclusion); } static int __init parse_ivmd_block(const struct acpi_ivrs_memory *ivmd_block) { unsigned long start_addr, mem_length, base, limit; - u8 iw, ir; + bool iw = true, ir = true, exclusion = false; if ( ivmd_block->header.length < sizeof(*ivmd_block) ) { @@ -408,13 +386,11 @@ static int __init parse_ivmd_block(const struct acpi_ivrs_memory *ivmd_block) ivmd_block->header.type, start_addr, mem_length); if ( ivmd_block->header.flags & ACPI_IVMD_EXCLUSION_RANGE ) - iw = ir = IOMMU_CONTROL_ENABLED; + exclusion = true; else if ( ivmd_block->header.flags & ACPI_IVMD_UNITY ) { - iw = ivmd_block->header.flags & ACPI_IVMD_READ ? - IOMMU_CONTROL_ENABLED : IOMMU_CONTROL_DISABLED; - ir = ivmd_block->header.flags & ACPI_IVMD_WRITE ? - IOMMU_CONTROL_ENABLED : IOMMU_CONTROL_DISABLED; + iw = ivmd_block->header.flags & ACPI_IVMD_READ; + ir = ivmd_block->header.flags & ACPI_IVMD_WRITE; } else { @@ -425,20 +401,20 @@ static int __init parse_ivmd_block(const struct acpi_ivrs_memory *ivmd_block) switch( ivmd_block->header.type ) { case ACPI_IVRS_TYPE_MEMORY_ALL: - return register_exclusion_range_for_all_devices( - base, limit, iw, ir); + return register_range_for_all_devices( + base, limit, iw, ir, exclusion); case ACPI_IVRS_TYPE_MEMORY_ONE: - return parse_ivmd_device_select(ivmd_block, - base, limit, iw, ir); + return parse_ivmd_device_select(ivmd_block, base, limit, + iw, ir, exclusion); case ACPI_IVRS_TYPE_MEMORY_RANGE: - return parse_ivmd_device_range(ivmd_block, - base, limit, iw, ir); + return parse_ivmd_device_range(ivmd_block, base, limit, + iw, ir, exclusion); case ACPI_IVRS_TYPE_MEMORY_IOMMU: - return parse_ivmd_device_iommu(ivmd_block, - base, limit, iw, ir); + return parse_ivmd_device_iommu(ivmd_block, base, limit, + iw, ir, exclusion); default: AMD_IOMMU_DEBUG("IVMD Error: Invalid Block Type!\n"); diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 6c730f1a72..beafb0171d 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -234,6 +234,8 @@ static int __must_check allocate_domain_resources(struct domain_iommu *hd) return rc; } +int __read_mostly amd_iommu_min_paging_mode = 1; + static int amd_iommu_domain_init(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); @@ -245,11 +247,13 @@ static int amd_iommu_domain_init(struct domain *d) * - HVM could in principle use 3 or 4 depending on how much guest * physical address space we give it, but this isn't known yet so use 4 * unilaterally. + * - Unity maps may require an even higher number. */ - hd->arch.paging_mode = amd_iommu_get_paging_mode( - is_hvm_domain(d) - ? 1ul << (DEFAULT_DOMAIN_ADDRESS_WIDTH - PAGE_SHIFT) - : get_upper_mfn_bound() + 1); + hd->arch.paging_mode = max(amd_iommu_get_paging_mode( + is_hvm_domain(d) + ? 1ul << (DEFAULT_DOMAIN_ADDRESS_WIDTH - PAGE_SHIFT) + : get_upper_mfn_bound() + 1), + amd_iommu_min_paging_mode); return 0; } diff --git a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h index 8726e62558..3983293540 100644 --- a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h +++ b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h @@ -140,6 +140,8 @@ extern struct hpet_sbdf { } init; } hpet_sbdf; +extern int amd_iommu_min_paging_mode; + extern void *shared_intremap_table; extern unsigned long *shared_intremap_inuse; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Fri Sep 10 05:12:55 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 10 Sep 2021 05:12:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183980.332428 (Exim 4.92) (envelope-from ) id 1mOYqN-0004Qq-7j; Fri, 10 Sep 2021 05:12:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183980.332428; Fri, 10 Sep 2021 05:12:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYqN-0004Qf-4W; Fri, 10 Sep 2021 05:12:55 +0000 Received: by outflank-mailman (input) for mailman id 183980; Fri, 10 Sep 2021 05:12:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYqM-0004QT-34 for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:12:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYqM-0006Ro-2G for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:12:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOYqM-0005a2-1B for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:12:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=pMpWual+AhAvoNIOjxlJt4zbifPB0qcnQOIhoIP7Pvg=; b=nJHNYWj0D3/HY9Flt1BHTsv+py +0tXtVwIgus1N2MhcqV9+081UzUP2cWmQ5THkZ4Cu36WsjetmaM8llIwqI28xFp9iKhrzJyB+CZUM An0+Xk2ltWgrw2BhOv3zX/QiwbsYN0m6g58mzHgAX6VHSigQMictBrVjE+SKFRAl8lsk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] x86/p2m: introduce p2m_is_special() Message-Id: Date: Fri, 10 Sep 2021 05:12:54 +0000 commit f762403ed349df1b04468100dbffd0a6b6fe3303 Author: Jan Beulich AuthorDate: Wed Aug 25 15:24:18 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:24:18 2021 +0200 x86/p2m: introduce p2m_is_special() Seeing the similarity of grant, foreign, and (subsequently) direct-MMIO handling, introduce a new P2M type group named "special" (as in "needing special accessors to create/destroy"). Also use -EPERM instead of other error codes on the two domain_crash() paths touched. This is part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: 0bf755e2c856628e11e93c76c3e12974e9964638 master date: 2021-08-25 14:17:07 +0200 --- xen/arch/x86/mm/p2m.c | 15 +++++++-------- xen/include/asm-x86/p2m.h | 5 +++++ 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 01402cfc5d..96fbed8ce1 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -807,7 +807,7 @@ p2m_remove_page(struct p2m_domain *p2m, unsigned long gfn_l, unsigned long mfn, for ( i = 0; i < (1UL << page_order); i++ ) { p2m->get_entry(p2m, gfn_add(gfn, i), &t, &a, 0, NULL, NULL); - if ( !p2m_is_grant(t) && !p2m_is_shared(t) && !p2m_is_foreign(t) ) + if ( !p2m_is_special(t) && !p2m_is_shared(t) ) set_gpfn_from_mfn(mfn+i, INVALID_M2P_ENTRY); } } @@ -934,13 +934,13 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, &ot, &a, 0, NULL, NULL); ASSERT(!p2m_is_shared(ot)); } - if ( p2m_is_grant(ot) || p2m_is_foreign(ot) ) + if ( p2m_is_special(ot) ) { - /* Really shouldn't be unmapping grant/foreign maps this way */ + /* Don't permit unmapping grant/foreign this way. */ domain_crash(d); p2m_unlock(p2m); - return -EINVAL; + return -EPERM; } else if ( p2m_is_ram(ot) && !p2m_is_paged(ot) ) { @@ -1034,8 +1034,7 @@ int p2m_change_type_one(struct domain *d, unsigned long gfn_l, struct p2m_domain *p2m = p2m_get_hostp2m(d); int rc; - BUG_ON(p2m_is_grant(ot) || p2m_is_grant(nt)); - BUG_ON(p2m_is_foreign(ot) || p2m_is_foreign(nt)); + BUG_ON(p2m_is_special(ot) || p2m_is_special(nt)); gfn_lock(p2m, gfn, 0); @@ -1282,11 +1281,11 @@ static int set_typed_p2m_entry(struct domain *d, unsigned long gfn_l, gfn_unlock(p2m, gfn, order); return cur_order + 1; } - if ( p2m_is_grant(ot) || p2m_is_foreign(ot) ) + if ( p2m_is_special(ot) ) { gfn_unlock(p2m, gfn, order); domain_crash(d); - return -ENOENT; + return -EPERM; } else if ( p2m_is_ram(ot) ) { diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index 3492542af7..3b28d2a1b8 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -141,6 +141,10 @@ typedef unsigned int p2m_query_t; | p2m_to_mask(p2m_ram_logdirty) ) #define P2M_SHARED_TYPES (p2m_to_mask(p2m_ram_shared)) +/* Types established/cleaned up via special accessors. */ +#define P2M_SPECIAL_TYPES (P2M_GRANT_TYPES | \ + p2m_to_mask(p2m_map_foreign)) + /* Valid types not necessarily associated with a (valid) MFN. */ #define P2M_INVALID_MFN_TYPES (P2M_POD_TYPES \ | p2m_to_mask(p2m_mmio_direct) \ @@ -169,6 +173,7 @@ typedef unsigned int p2m_query_t; #define p2m_is_paged(_t) (p2m_to_mask(_t) & P2M_PAGED_TYPES) #define p2m_is_sharable(_t) (p2m_to_mask(_t) & P2M_SHARABLE_TYPES) #define p2m_is_shared(_t) (p2m_to_mask(_t) & P2M_SHARED_TYPES) +#define p2m_is_special(_t) (p2m_to_mask(_t) & P2M_SPECIAL_TYPES) #define p2m_is_broken(_t) (p2m_to_mask(_t) & P2M_BROKEN_TYPES) #define p2m_is_foreign(_t) (p2m_to_mask(_t) & p2m_to_mask(p2m_map_foreign)) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Fri Sep 10 05:13:05 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 10 Sep 2021 05:13:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183983.332431 (Exim 4.92) (envelope-from ) id 1mOYqX-0004Tx-9D; Fri, 10 Sep 2021 05:13:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183983.332431; Fri, 10 Sep 2021 05:13:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYqX-0004Tp-64; Fri, 10 Sep 2021 05:13:05 +0000 Received: by outflank-mailman (input) for mailman id 183983; Fri, 10 Sep 2021 05:13:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYqW-0004Ta-7t for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:13:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYqW-0006SF-72 for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:13:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOYqW-0005ce-5z for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:13:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=QYAtJQg4ynr7pV93XRaQOxiyH7hdsrBpDL5T0Q2veQQ=; b=iAHV2DLSt3O3kHnpZv4zTrVGTv WI+n63Q7SY2lb1ZXjhhbtDp+vtgCkygivuNOFoXSiuvRodgSW+Sn2kmptimr1FoIuO9rST4Ipq5KE +YYbvIE276yl07RpYpcvHqR+7Tjoiaj4v5BLz7CzrFUdwIOLOVWYkYusv9+z/c72Neg4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] x86/p2m: guard (in particular) identity mapping entries Message-Id: Date: Fri, 10 Sep 2021 05:13:04 +0000 commit 89d40f0682f9ad37091cc53685f3ecf63a44bb72 Author: Jan Beulich AuthorDate: Wed Aug 25 15:24:37 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:24:37 2021 +0200 x86/p2m: guard (in particular) identity mapping entries Such entries, created by set_identity_p2m_entry(), should only be destroyed by clear_identity_p2m_entry(). However, similarly, entries created by set_mmio_p2m_entry() should only be torn down by clear_mmio_p2m_entry(), so the logic gets based upon p2m_mmio_direct as the entry type (separation between "ordinary" and 1:1 mappings would require a further indicator to tell apart the two). As to the guest_remove_page() change, commit 48dfb297a20a ("x86/PVH: allow guest_remove_page to remove p2m_mmio_direct pages"), which introduced the call to clear_mmio_p2m_entry(), claimed this was done for hwdom only without this actually having been the case. However, this code shouldn't be there in the first place, as MMIO entries shouldn't be dropped this way. Avoid triggering the warning again that 48dfb297a20a silenced by an adjustment to xenmem_add_to_physmap_one() instead. Note that guest_physmap_mark_populate_on_demand() gets tightened beyond the immediate purpose of this change. Note also that I didn't inspect code which isn't security supported, e.g. sharing, paging, or altp2m. This is CVE-2021-28694 / part of XSA-378. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: 753cb68e653002e89fdcd1c80e52905fdbfb78cb master date: 2021-08-25 14:17:32 +0200 --- xen/arch/x86/mm.c | 4 +++- xen/arch/x86/mm/p2m-pod.c | 12 ++++++------ xen/arch/x86/mm/p2m.c | 11 ++++++----- xen/common/memory.c | 11 ++++++++++- xen/include/asm-x86/p2m.h | 5 ++--- 5 files changed, 27 insertions(+), 16 deletions(-) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index e56cd4bc65..1f3b12d447 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -4770,7 +4770,9 @@ int xenmem_add_to_physmap_one( /* Remove previously mapped page if it was present. */ prev_mfn = get_gfn(d, gfn_x(gpfn), &p2mt); - if ( mfn_valid(prev_mfn) ) + if ( p2mt == p2m_mmio_direct ) + rc = -EPERM; + else if ( mfn_valid(prev_mfn) ) { if ( is_xen_heap_mfn(prev_mfn) ) /* Xen heap frames are simply unhooked from this phys slot. */ diff --git a/xen/arch/x86/mm/p2m-pod.c b/xen/arch/x86/mm/p2m-pod.c index 096e2773fb..007cdd87d0 100644 --- a/xen/arch/x86/mm/p2m-pod.c +++ b/xen/arch/x86/mm/p2m-pod.c @@ -1295,17 +1295,17 @@ guest_physmap_mark_populate_on_demand(struct domain *d, unsigned long gfn_l, p2m->get_entry(p2m, gfn_add(gfn, i), &ot, &a, 0, &cur_order, NULL); n = 1UL << min(order, cur_order); - if ( p2m_is_ram(ot) ) + if ( ot == p2m_populate_on_demand ) + { + /* Count how many PoD entries we'll be replacing if successful */ + pod_count += n; + } + else if ( ot != p2m_invalid && ot != p2m_mmio_dm ) { P2M_DEBUG("gfn_to_mfn returned type %d!\n", ot); rc = -EBUSY; goto out; } - else if ( ot == p2m_populate_on_demand ) - { - /* Count how man PoD entries we'll be replacing if successful */ - pod_count += n; - } } /* Now, actually do the two-way mapping */ diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 96fbed8ce1..2e4d6e52a2 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -796,7 +796,8 @@ p2m_remove_page(struct p2m_domain *p2m, unsigned long gfn_l, unsigned long mfn, &cur_order, NULL); if ( p2m_is_valid(t) && - (!mfn_valid(_mfn(mfn)) || mfn + i != mfn_x(mfn_return)) ) + (!mfn_valid(_mfn(mfn)) || t == p2m_mmio_direct || + mfn + i != mfn_x(mfn_return)) ) return -EILSEQ; i += (1UL << cur_order) - ((gfn_l + i) & ((1UL << cur_order) - 1)); @@ -890,7 +891,7 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, if ( p2m_is_foreign(t) ) return -EINVAL; - if ( !mfn_valid(mfn) ) + if ( !mfn_valid(mfn) || t == p2m_mmio_direct ) { ASSERT_UNREACHABLE(); return -EINVAL; @@ -936,7 +937,7 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, } if ( p2m_is_special(ot) ) { - /* Don't permit unmapping grant/foreign this way. */ + /* Don't permit unmapping grant/foreign/direct-MMIO this way. */ domain_crash(d); p2m_unlock(p2m); @@ -1385,8 +1386,8 @@ int set_identity_p2m_entry(struct domain *d, unsigned long gfn_l, * order+1 for caller to retry with order (guaranteed smaller than * the order value passed in) */ -int clear_mmio_p2m_entry(struct domain *d, unsigned long gfn_l, mfn_t mfn, - unsigned int order) +static int clear_mmio_p2m_entry(struct domain *d, unsigned long gfn_l, + mfn_t mfn, unsigned int order) { int rc = -EINVAL; gfn_t gfn = _gfn(gfn_l); diff --git a/xen/common/memory.c b/xen/common/memory.c index 4c982f3db7..7c394b3640 100644 --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -328,7 +328,7 @@ int guest_remove_page(struct domain *d, unsigned long gmfn) } if ( p2mt == p2m_mmio_direct ) { - rc = clear_mmio_p2m_entry(d, gmfn, mfn, PAGE_ORDER_4K); + rc = -EPERM; goto out_put_gfn; } #else @@ -1720,6 +1720,15 @@ int check_get_page_from_gfn(struct domain *d, gfn_t gfn, bool readonly, return -EAGAIN; } #endif +#ifdef CONFIG_X86 + if ( p2mt == p2m_mmio_direct ) + { + if ( page ) + put_page(page); + + return -EPERM; + } +#endif if ( !page ) return -EINVAL; diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index 3b28d2a1b8..807dc4b1a9 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -143,7 +143,8 @@ typedef unsigned int p2m_query_t; /* Types established/cleaned up via special accessors. */ #define P2M_SPECIAL_TYPES (P2M_GRANT_TYPES | \ - p2m_to_mask(p2m_map_foreign)) + p2m_to_mask(p2m_map_foreign) | \ + p2m_to_mask(p2m_mmio_direct)) /* Valid types not necessarily associated with a (valid) MFN. */ #define P2M_INVALID_MFN_TYPES (P2M_POD_TYPES \ @@ -649,8 +650,6 @@ int set_foreign_p2m_entry(struct domain *d, unsigned long gfn, mfn_t mfn); /* Set mmio addresses in the p2m table (for pass-through) */ int set_mmio_p2m_entry(struct domain *d, unsigned long gfn, mfn_t mfn, unsigned int order, p2m_access_t access); -int clear_mmio_p2m_entry(struct domain *d, unsigned long gfn, mfn_t mfn, - unsigned int order); /* Set identity addresses in the p2m table (for pass-through) */ int set_identity_p2m_entry(struct domain *d, unsigned long gfn, -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Fri Sep 10 05:13:15 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 10 Sep 2021 05:13:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183985.332435 (Exim 4.92) (envelope-from ) id 1mOYqh-0004XO-DU; Fri, 10 Sep 2021 05:13:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183985.332435; Fri, 10 Sep 2021 05:13:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYqh-0004XG-AW; Fri, 10 Sep 2021 05:13:15 +0000 Received: by outflank-mailman (input) for mailman id 183985; Fri, 10 Sep 2021 05:13:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYqg-0004X4-BX for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:13:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYqg-0006Sn-Ap for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:13:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOYqg-0005dQ-9u for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:13:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=kr1EJ0yLK1NVnDJJjuJ2NOjc2DEjdZORQiDYU+EAM4A=; b=Fr0hYOpqZwqh73i9Ar8IbOoeRq 8TDBNpqjEiJib2PETj9t0h5Pm0A5aq0H6LeNJgdJQUfkNonIKT9Ke5pCHOfvr1+Uc8uKv7cwBbmAU zr1GoUECSy79pOOYjeOHgWBWMNj1VP39EHqPIy8XFrLDeJoUJToPXDxiGu6nbHXHLNMQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] x86/mm: widen locked region in xenmem_add_to_physmap_one() Message-Id: Date: Fri, 10 Sep 2021 05:13:14 +0000 commit 53e797c042df61c99cbca6d7e6aecaa568821bb6 Author: Jan Beulich AuthorDate: Wed Aug 25 15:25:18 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:25:18 2021 +0200 x86/mm: widen locked region in xenmem_add_to_physmap_one() For pages which can be made part of the P2M by the guest, but which can also later be de-allocated (grant table v2 status pages being the present example), it is imperative that they be mapped at no more than a single GFN. We therefore need to make sure that of two parallel XENMAPSPACE_grant_table requests for the same status page one completes before the second checks at which other GFN the underlying MFN is presently mapped. Pull ahead the respective get_gfn() and push down the respective put_gfn(). This leverages that gfn_lock() really aliases p2m_lock(), but the function makes this assumption already anyway: In the XENMAPSPACE_gmfn case lock nesting constraints for both involved GFNs would otherwise need to be enforced to avoid ABBA deadlocks. This is CVE-2021-28697 / XSA-379. Signed-off-by: Jan Beulich Reviewed-by: Julien Grall master commit: f147422bf9476fb8161b43e35f5901571ed17c35 master date: 2021-08-25 14:17:56 +0200 --- xen/arch/x86/mm.c | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 1f3b12d447..7cdd23cd3c 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -4768,8 +4768,20 @@ int xenmem_add_to_physmap_one( goto put_both; } - /* Remove previously mapped page if it was present. */ + /* + * Note that we're (ab)using GFN locking (to really be locking of the + * entire P2M) here in (at least) two ways: Finer grained locking would + * expose lock order violations in the XENMAPSPACE_gmfn case (due to the + * earlier get_gfn_unshare() above). Plus at the very least for the grant + * table v2 status page case we need to guarantee that the same page can + * only appear at a single GFN. While this is a property we want in + * general, for pages which can subsequently be freed this imperative: + * Upon freeing we wouldn't be able to find other mappings in the P2M + * (unless we did a brute force search). + */ prev_mfn = get_gfn(d, gfn_x(gpfn), &p2mt); + + /* Remove previously mapped page if it was present. */ if ( p2mt == p2m_mmio_direct ) rc = -EPERM; else if ( mfn_valid(prev_mfn) ) @@ -4781,27 +4793,21 @@ int xenmem_add_to_physmap_one( /* Normal domain memory is freed, to avoid leaking memory. */ rc = guest_remove_page(d, gfn_x(gpfn)); } - /* In the XENMAPSPACE_gmfn case we still hold a ref on the old page. */ - put_gfn(d, gfn_x(gpfn)); - - if ( rc ) - goto put_both; /* Unmap from old location, if any. */ old_gpfn = get_gpfn_from_mfn(mfn_x(mfn)); ASSERT(!SHARED_M2P(old_gpfn)); if ( space == XENMAPSPACE_gmfn && old_gpfn != gfn ) - { rc = -EXDEV; - goto put_both; - } - if ( old_gpfn != INVALID_M2P_ENTRY ) + else if ( !rc && old_gpfn != INVALID_M2P_ENTRY ) rc = guest_physmap_remove_page(d, _gfn(old_gpfn), mfn, PAGE_ORDER_4K); /* Map at new location. */ if ( !rc ) rc = guest_physmap_add_page(d, gpfn, mfn, PAGE_ORDER_4K); + put_gfn(d, gfn_x(gpfn)); + put_both: /* * In the XENMAPSPACE_gmfn case, we took a ref of the gfn at the top. -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Fri Sep 10 05:13:25 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 10 Sep 2021 05:13:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183987.332439 (Exim 4.92) (envelope-from ) id 1mOYqr-0004aL-Ew; Fri, 10 Sep 2021 05:13:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183987.332439; Fri, 10 Sep 2021 05:13:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYqr-0004aD-C1; Fri, 10 Sep 2021 05:13:25 +0000 Received: by outflank-mailman (input) for mailman id 183987; Fri, 10 Sep 2021 05:13:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYqq-0004Zv-Fx for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:13:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYqq-0006Sz-FD for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:13:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOYqq-0005eC-ED for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:13:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=8/XgSl5pJAwzIzpZO2ZZoSuxPa0LvHOyPrbv1w+SLag=; b=u1t1cE3vuZzvoQACCQP55/6oZq QTFw0S9/AxtF/lvKTGGJl8NGBLr3cBmQCA6HskZC2RApqTUY+YyGvAxNsdZBxqX1ZBLN3wiz5dN0v 0OOrUfeNBGqBp/DzYWSBPEe1C21/vZPlmUK81QXdHTS/7HF/lkBB5DaG2XWgZamhYuoA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] gnttab: add preemption check to gnttab_release_mappings() Message-Id: Date: Fri, 10 Sep 2021 05:13:24 +0000 commit 9d954c8c1a3e3cd70cddf9dbf7da7305de9b1173 Author: Jan Beulich AuthorDate: Wed Aug 25 15:25:39 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:25:39 2021 +0200 gnttab: add preemption check to gnttab_release_mappings() A guest may die with many grant mappings still in place, or simply with a large maptrack table. Iterating through this may take more time than is reasonable without intermediate preemption (to run softirqs and perhaps the scheduler). Move the invocation of the function to the section where other restartable functions get invoked, and have the function itself check for preemption every once in a while. Have it iterate the table backwards, such that decreasing the maptrack limit is all it takes to convey restart information. In domain_teardown() introduce PROG_none such that inserting at the front will be easier going forward. This is part of CVE-2021-28698 / XSA-380. Reported-by: Andrew Cooper Signed-off-by: Jan Beulich Reviewed-by: Julien Grall master commit: b1ee10be5625b7d502cef1e6ee3818610ab0d29c master date: 2021-08-25 14:18:18 +0200 --- xen/common/domain.c | 4 +++- xen/common/grant_table.c | 46 ++++++++++++++++++++++++++++++++++++------- xen/include/xen/grant_table.h | 6 ++---- 3 files changed, 44 insertions(+), 12 deletions(-) diff --git a/xen/common/domain.c b/xen/common/domain.c index ee9c604118..bd28f15f83 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -776,11 +776,13 @@ int domain_kill(struct domain *d) return domain_kill(d); d->is_dying = DOMDYING_dying; argo_destroy(d); - gnttab_release_mappings(d); vnuma_destroy(d->vnuma); domain_set_outstanding_pages(d, 0); /* fallthrough */ case DOMDYING_dying: + rc = gnttab_release_mappings(d); + if ( rc ) + break; rc = evtchn_destroy(d); if ( rc ) break; diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index b15e978d06..cf37f0d532 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -63,7 +63,13 @@ struct grant_table { unsigned int nr_grant_frames; /* Number of grant status frames shared with guest (for version 2) */ unsigned int nr_status_frames; - /* Number of available maptrack entries. */ + /* + * Number of available maptrack entries. For cleanup purposes it is + * important to realize that this field and @maptrack further down will + * only ever be accessed by the local domain. Thus it is okay to clean + * up early, and to shrink the limit for the purpose of tracking cleanup + * progress. + */ unsigned int maptrack_limit; /* Shared grant table (see include/public/grant_table.h). */ union { @@ -3675,9 +3681,7 @@ do_grant_table_op( #include "compat/grant_table.c" #endif -void -gnttab_release_mappings( - struct domain *d) +int gnttab_release_mappings(struct domain *d) { struct grant_table *gt = d->grant_table, *rgt; struct grant_mapping *map; @@ -3691,10 +3695,34 @@ gnttab_release_mappings( BUG_ON(!d->is_dying); - for ( handle = 0; handle < gt->maptrack_limit; handle++ ) + if ( !gt || !gt->maptrack ) + return 0; + + for ( handle = gt->maptrack_limit; handle; ) { unsigned int clear_flags = 0; + /* + * Deal with full pages such that their freeing (in the body of the + * if()) remains simple. + */ + if ( handle < gt->maptrack_limit && !(handle % MAPTRACK_PER_PAGE) ) + { + /* + * Changing maptrack_limit alters nr_maptrack_frames()'es return + * value. Free the then excess trailing page right here, rather + * than leaving it to grant_table_destroy() (and in turn requiring + * to leave gt->maptrack_limit unaltered). + */ + gt->maptrack_limit = handle; + FREE_XENHEAP_PAGE(gt->maptrack[nr_maptrack_frames(gt)]); + + if ( hypercall_preempt_check() ) + return -ERESTART; + } + + --handle; + map = &maptrack_entry(gt, handle); if ( !(map->flags & (GNTMAP_device_map|GNTMAP_host_map)) ) continue; @@ -3785,6 +3813,11 @@ gnttab_release_mappings( map->flags = 0; } + + gt->maptrack_limit = 0; + FREE_XENHEAP_PAGE(gt->maptrack[0]); + + return 0; } void grant_table_warn_active_grants(struct domain *d) @@ -3848,8 +3881,7 @@ grant_table_destroy( free_xenheap_page(t->shared_raw[i]); xfree(t->shared_raw); - for ( i = 0; i < nr_maptrack_frames(t); i++ ) - free_xenheap_page(t->maptrack[i]); + ASSERT(!t->maptrack_limit); vfree(t->maptrack); for ( i = 0; i < nr_active_grant_frames(t); i++ ) diff --git a/xen/include/xen/grant_table.h b/xen/include/xen/grant_table.h index 98603604b8..ab4726bdc4 100644 --- a/xen/include/xen/grant_table.h +++ b/xen/include/xen/grant_table.h @@ -47,9 +47,7 @@ void grant_table_init_vcpu(struct vcpu *v); void grant_table_warn_active_grants(struct domain *d); /* Domain death release of granted mappings of other domains' memory. */ -void -gnttab_release_mappings( - struct domain *d); +int gnttab_release_mappings(struct domain *d); int mem_sharing_gref_to_gfn(struct grant_table *gt, grant_ref_t ref, gfn_t *gfn, uint16_t *status); @@ -78,7 +76,7 @@ static inline void grant_table_init_vcpu(struct vcpu *v) {} static inline void grant_table_warn_active_grants(struct domain *d) {} -static inline void gnttab_release_mappings(struct domain *d) {} +static inline int gnttab_release_mappings(struct domain *d) { return 0; } static inline int mem_sharing_gref_to_gfn(struct grant_table *gt, grant_ref_t ref, -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Fri Sep 10 05:13:35 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 10 Sep 2021 05:13:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183989.332443 (Exim 4.92) (envelope-from ) id 1mOYr1-0004cv-Gl; Fri, 10 Sep 2021 05:13:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183989.332443; Fri, 10 Sep 2021 05:13:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYr1-0004cn-DY; Fri, 10 Sep 2021 05:13:35 +0000 Received: by outflank-mailman (input) for mailman id 183989; Fri, 10 Sep 2021 05:13:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYr0-0004cg-Lq for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:13:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYr0-0006TA-JF for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:13:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOYr0-0005fR-IH for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:13:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=4uzsNahyKQZDjw6VIMLsKoWJJ+Z8pCaIkXreD/8T38I=; b=lur3Rss4Yz/rZCdsB3W2glFG3/ ogPXMEJPnQEWAd3io/mlGCuXIUKxGiVprBsOBKX8I4vQzAjsrc6YeWJBLPdzeEx4CfGWzmYcq7tix xvn/JypxOzs49AlJcpI6Uoif4lncBmSt9ErU8ap7zlY1RaMVU2l/Q68KDfHPo5keMo1k=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] gnttab: replace mapkind() Message-Id: Date: Fri, 10 Sep 2021 05:13:34 +0000 commit 4d65fe936a8b99603e9f2457e1b3ec6b6a1a2b60 Author: Jan Beulich AuthorDate: Wed Aug 25 15:25:59 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:25:59 2021 +0200 gnttab: replace mapkind() mapkind() doesn't scale very well with larger maptrack entry counts, using a brute force linear search through all entries, with the only option of an early loop exit if a matching writable entry was found. Introduce a radix tree alongside the main maptrack table, thus allowing much faster MFN-based lookup. To avoid the need to actually allocate space for the individual nodes, encode the two counters in the node pointers themselves, thus limiting the number of permitted simultaneous r/o and r/w mappings of the same MFN to 2³¹-1 (64-bit) / 2¹⁵-1 (32-bit) each. To avoid enforcing an unnecessarily low bound on the number of simultaneous mappings of a single MFN, introduce radix_tree_{ulong_to_ptr,ptr_to_ulong} paralleling radix_tree_{int_to_ptr,ptr_to_int}. As a consequence locking changes are also applicable: With there no longer being any inspection of the remote domain's active entries, there's also no need anymore to hold the remote domain's grant table lock. And since we're no longer iterating over the local domain's map track table, the lock in map_grant_ref() can also be dropped before the new maptrack entry actually gets populated. As a nice side effect this also reduces the number of IOMMU operations in unmap_common(): Previously we would have "established" a readable mapping whenever we didn't find a writable entry anymore (yet, of course, at least one readable one). But we only need to do this if we actually dropped the last writable entry, not if there were none already before. This is part of CVE-2021-28698 / XSA-380. Signed-off-by: Jan Beulich Reviewed-by: Julien Grall master commit: 9781b51efde251efcc0291ddb1d9c7cefe2b2555 master date: 2021-08-25 14:18:39 +0200 --- xen/common/grant_table.c | 200 ++++++++++++++++++++++++------------------- xen/include/xen/radix-tree.h | 19 ++++ 2 files changed, 130 insertions(+), 89 deletions(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index cf37f0d532..edc2c9f2b5 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -36,6 +36,7 @@ #include #include #include +#include #include #include #include @@ -81,8 +82,13 @@ struct grant_table { grant_status_t **status; /* Active grant table. */ struct active_grant_entry **active; - /* Mapping tracking table per vcpu. */ + /* Handle-indexed tracking table of mappings. */ struct grant_mapping **maptrack; + /* + * MFN-indexed tracking tree of mappings, if needed. Note that this is + * protected by @lock, not @maptrack_lock. + */ + struct radix_tree_root maptrack_tree; /* Domain to which this struct grant_table belongs. */ const struct domain *domain; @@ -460,34 +466,6 @@ static int get_paged_frame(unsigned long gfn, mfn_t *mfn, return GNTST_okay; } -static inline void -double_gt_lock(struct grant_table *lgt, struct grant_table *rgt) -{ - /* - * See mapkind() for why the write lock is also required for the - * remote domain. - */ - if ( lgt < rgt ) - { - grant_write_lock(lgt); - grant_write_lock(rgt); - } - else - { - if ( lgt != rgt ) - grant_write_lock(rgt); - grant_write_lock(lgt); - } -} - -static inline void -double_gt_unlock(struct grant_table *lgt, struct grant_table *rgt) -{ - grant_write_unlock(lgt); - if ( lgt != rgt ) - grant_write_unlock(rgt); -} - #define INVALID_MAPTRACK_HANDLE UINT_MAX static inline grant_handle_t @@ -907,41 +885,17 @@ static struct active_grant_entry *grant_map_exists(const struct domain *ld, return ERR_PTR(-EINVAL); } -#define MAPKIND_READ 1 -#define MAPKIND_WRITE 2 -static unsigned int mapkind( - struct grant_table *lgt, const struct domain *rd, mfn_t mfn) -{ - struct grant_mapping *map; - grant_handle_t handle, limit = lgt->maptrack_limit; - unsigned int kind = 0; - - /* - * Must have the local domain's grant table write lock when - * iterating over its maptrack entries. - */ - ASSERT(percpu_rw_is_write_locked(&lgt->lock)); - /* - * Must have the remote domain's grant table write lock while - * counting its active entries. - */ - ASSERT(percpu_rw_is_write_locked(&rd->grant_table->lock)); - - smp_rmb(); - - for ( handle = 0; !(kind & MAPKIND_WRITE) && handle < limit; handle++ ) - { - map = &maptrack_entry(lgt, handle); - if ( !(map->flags & (GNTMAP_device_map|GNTMAP_host_map)) || - map->domid != rd->domain_id ) - continue; - if ( mfn_eq(_active_entry(rd->grant_table, map->ref).mfn, mfn) ) - kind |= map->flags & GNTMAP_readonly ? - MAPKIND_READ : MAPKIND_WRITE; - } - - return kind; -} +union maptrack_node { + struct { + /* Radix tree slot pointers use two of the bits. */ +#ifdef __BIG_ENDIAN_BITFIELD + unsigned long : 2; +#endif + unsigned long rd : BITS_PER_LONG / 2 - 1; + unsigned long wr : BITS_PER_LONG / 2 - 1; + } cnt; + unsigned long raw; +}; static void map_grant_ref( @@ -961,7 +915,6 @@ map_grant_ref( struct grant_mapping *mt; grant_entry_header_t *shah; uint16_t *status; - bool_t need_iommu; led = current; ld = led->domain; @@ -1181,31 +1134,75 @@ map_grant_ref( * as mem-sharing and IOMMU use are incompatible). The dom_io case would * need checking separately if we compared against owner here. */ - need_iommu = ld != rd && gnttab_need_iommu_mapping(ld); - if ( need_iommu ) - { + if ( ld != rd && gnttab_need_iommu_mapping(ld) ) + { + union maptrack_node node = { + .cnt.rd = !!(op->flags & GNTMAP_readonly), + .cnt.wr = !(op->flags & GNTMAP_readonly), + }; + int err; + void **slot = NULL; unsigned int kind; - double_gt_lock(lgt, rgt); + grant_write_lock(lgt); + + err = radix_tree_insert(&lgt->maptrack_tree, mfn_x(mfn), + radix_tree_ulong_to_ptr(node.raw)); + if ( err == -EEXIST ) + { + slot = radix_tree_lookup_slot(&lgt->maptrack_tree, mfn_x(mfn)); + if ( likely(slot) ) + { + node.raw = radix_tree_ptr_to_ulong(*slot); + err = -EBUSY; + + /* Update node only when refcount doesn't overflow. */ + if ( op->flags & GNTMAP_readonly ? ++node.cnt.rd + : ++node.cnt.wr ) + { + radix_tree_replace_slot(slot, + radix_tree_ulong_to_ptr(node.raw)); + err = 0; + } + } + else + ASSERT_UNREACHABLE(); + } /* * We're not translated, so we know that dfns and mfns are * the same things, so the IOMMU entry is always 1-to-1. */ - kind = mapkind(lgt, rd, mfn); - if ( !(op->flags & GNTMAP_readonly) && - !(kind & MAPKIND_WRITE) ) + if ( !(op->flags & GNTMAP_readonly) && node.cnt.wr == 1 ) kind = IOMMUF_readable | IOMMUF_writable; - else if ( !kind ) + else if ( (op->flags & GNTMAP_readonly) && + node.cnt.rd == 1 && !node.cnt.wr ) kind = IOMMUF_readable; else kind = 0; - if ( kind && iommu_legacy_map(ld, _dfn(mfn_x(mfn)), mfn, 0, kind) ) + if ( err || + (kind && iommu_legacy_map(ld, _dfn(mfn_x(mfn)), mfn, 0, kind)) ) { - double_gt_unlock(lgt, rgt); + if ( !err ) + { + if ( slot ) + { + op->flags & GNTMAP_readonly ? node.cnt.rd-- + : node.cnt.wr--; + radix_tree_replace_slot(slot, + radix_tree_ulong_to_ptr(node.raw)); + } + else + radix_tree_delete(&lgt->maptrack_tree, mfn_x(mfn)); + } + rc = GNTST_general_error; - goto undo_out; } + + grant_write_unlock(lgt); + + if ( rc != GNTST_okay ) + goto undo_out; } TRACE_1D(TRC_MEM_PAGE_GRANT_MAP, op->dom); @@ -1213,10 +1210,6 @@ map_grant_ref( /* * All maptrack entry users check mt->flags first before using the * other fields so just ensure the flags field is stored last. - * - * However, if gnttab_need_iommu_mapping() then this would race - * with a concurrent mapkind() call (on an unmap, for example) - * and a lock is required. */ mt = &maptrack_entry(lgt, handle); mt->domid = op->dom; @@ -1224,9 +1217,6 @@ map_grant_ref( smp_wmb(); write_atomic(&mt->flags, op->flags); - if ( need_iommu ) - double_gt_unlock(lgt, rgt); - op->dev_bus_addr = mfn_to_maddr(mfn); op->handle = handle; op->status = GNTST_okay; @@ -1448,19 +1438,34 @@ unmap_common( /* See the respective comment in map_grant_ref(). */ if ( rc == GNTST_okay && ld != rd && gnttab_need_iommu_mapping(ld) ) { - unsigned int kind; + void **slot; + union maptrack_node node; int err = 0; - double_gt_lock(lgt, rgt); + grant_write_lock(lgt); + slot = radix_tree_lookup_slot(&lgt->maptrack_tree, mfn_x(op->mfn)); + node.raw = likely(slot) ? radix_tree_ptr_to_ulong(*slot) : 0; + + /* Refcount must not underflow. */ + if ( !(flags & GNTMAP_readonly ? node.cnt.rd-- + : node.cnt.wr--) ) + BUG(); - kind = mapkind(lgt, rd, op->mfn); - if ( !kind ) + if ( !node.raw ) err = iommu_legacy_unmap(ld, _dfn(mfn_x(op->mfn)), 0); - else if ( !(kind & MAPKIND_WRITE) ) + else if ( !(flags & GNTMAP_readonly) && !node.cnt.wr ) err = iommu_legacy_map(ld, _dfn(mfn_x(op->mfn)), op->mfn, 0, IOMMUF_readable); - double_gt_unlock(lgt, rgt); + if ( err ) + ; + else if ( !node.raw ) + radix_tree_delete(&lgt->maptrack_tree, mfn_x(op->mfn)); + else + radix_tree_replace_slot(slot, + radix_tree_ulong_to_ptr(node.raw)); + + grant_write_unlock(lgt); if ( err ) rc = GNTST_general_error; @@ -1918,6 +1923,8 @@ int grant_table_init(struct domain *d, int max_grant_frames, gt->maptrack = vzalloc(gt->max_maptrack_frames * sizeof(*gt->maptrack)); if ( gt->maptrack == NULL ) goto out; + + radix_tree_init(>->maptrack_tree); } /* Shared grant table. */ @@ -3701,6 +3708,7 @@ int gnttab_release_mappings(struct domain *d) for ( handle = gt->maptrack_limit; handle; ) { unsigned int clear_flags = 0; + mfn_t mfn; /* * Deal with full pages such that their freeing (in the body of the @@ -3806,17 +3814,31 @@ int gnttab_release_mappings(struct domain *d) if ( clear_flags ) gnttab_clear_flags(rd, clear_flags, status); + mfn = act->mfn; + active_entry_release(act); grant_read_unlock(rgt); rcu_unlock_domain(rd); map->flags = 0; + + /* + * This is excessive in that a single such call would suffice per + * mapped MFN (or none at all, if no entry was ever inserted). But it + * should be the common case for an MFN to be mapped just once, and + * this way we don't need to further maintain the counters. We also + * don't want to leave cleaning up of the tree as a whole to the end + * of the function, as this could take quite some time. + */ + radix_tree_delete(>->maptrack_tree, mfn_x(mfn)); } gt->maptrack_limit = 0; FREE_XENHEAP_PAGE(gt->maptrack[0]); + radix_tree_destroy(>->maptrack_tree, NULL); + return 0; } diff --git a/xen/include/xen/radix-tree.h b/xen/include/xen/radix-tree.h index ec40cf1d9e..58c40312e6 100644 --- a/xen/include/xen/radix-tree.h +++ b/xen/include/xen/radix-tree.h @@ -190,6 +190,25 @@ static inline int radix_tree_ptr_to_int(void *ptr) return (int)((long)ptr >> 2); } +/** + * radix_tree_{ulong_to_ptr,ptr_to_ulong}: + * + * Same for unsigned long values. Beware though that only BITS_PER_LONG-2 + * bits are actually usable for the value. + */ +static inline void *radix_tree_ulong_to_ptr(unsigned long val) +{ + unsigned long ptr = (val << 2) | 0x2; + ASSERT((ptr >> 2) == val); + return (void *)ptr; +} + +static inline unsigned long radix_tree_ptr_to_ulong(void *ptr) +{ + ASSERT(((unsigned long)ptr & 0x3) == 0x2); + return (unsigned long)ptr >> 2; +} + int radix_tree_insert(struct radix_tree_root *, unsigned long, void *); void *radix_tree_lookup(struct radix_tree_root *, unsigned long); void **radix_tree_lookup_slot(struct radix_tree_root *, unsigned long); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Fri Sep 10 05:13:45 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 10 Sep 2021 05:13:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183991.332447 (Exim 4.92) (envelope-from ) id 1mOYrB-0004g6-IU; Fri, 10 Sep 2021 05:13:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183991.332447; Fri, 10 Sep 2021 05:13:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYrB-0004fy-FL; Fri, 10 Sep 2021 05:13:45 +0000 Received: by outflank-mailman (input) for mailman id 183991; Fri, 10 Sep 2021 05:13:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYrA-0004fo-Np for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:13:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYrA-0006TI-N9 for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:13:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOYrA-0005gR-M5 for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:13:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=iEcfr5eTdaDxYYRlr7SH1RaZI8fUOsvoawRFWZekM/U=; b=hVngVKa4bISpQS227RuNgSXD6s oQ0npii0gFpovFl5lD4DjLQBfDEFkg0gpK28C4+vkHBkMOgaHJ0n3LYzMs0wbZ0exhPqxbqOWeABT eX+GGregO3ZfT+AuASs6FdcBUdGS1cID++ivijov4LEHWebHxRQggepzN0lH3DIQY7SQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] gnttab: fix array capacity check in gnttab_get_status_frames() Message-Id: Date: Fri, 10 Sep 2021 05:13:44 +0000 commit 985b3e50cda925fb2755b49b3c4a1c7a339d8ae4 Author: Jan Beulich AuthorDate: Wed Aug 25 15:26:32 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:26:32 2021 +0200 gnttab: fix array capacity check in gnttab_get_status_frames() The number of grant frames is of no interest here; converting the passed in op.nr_frames this way means we allow for 8 times as many GFNs to be written as actually fit in the array. We would corrupt xlat areas of higher vCPU-s (after having faulted many times while trying to write to the guard pages between any two areas) for 32-bit PV guests. For HVM guests we'd simply crash as soon as we hit the first guard page, as accesses to the xlat area are simply memcpy() there. This is CVE-2021-28699 / XSA-382. Fixes: 18b1be5e324b ("gnttab: make resource limits per domain") Signed-off-by: Jan Beulich master commit: ec820035b875cdbedce5e73f481ce65963ede9ed master date: 2021-08-25 14:19:09 +0200 --- xen/common/grant_table.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index edc2c9f2b5..e1a67fc1c6 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -3250,12 +3250,11 @@ gnttab_get_status_frames(XEN_GUEST_HANDLE_PARAM(gnttab_get_status_frames_t) uop, goto unlock; } - if ( unlikely(limit_max < grant_to_status_frames(op.nr_frames)) ) + if ( unlikely(limit_max < op.nr_frames) ) { gdprintk(XENLOG_WARNING, - "grant_to_status_frames(%u) for d%d is too large (%u,%u)\n", - op.nr_frames, d->domain_id, - grant_to_status_frames(op.nr_frames), limit_max); + "nr_status_frames for %pd is too large (%u,%u)\n", + d, op.nr_frames, limit_max); op.status = GNTST_general_error; goto unlock; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Fri Sep 10 05:13:55 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 10 Sep 2021 05:13:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183993.332450 (Exim 4.92) (envelope-from ) id 1mOYrL-0004jy-L1; Fri, 10 Sep 2021 05:13:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183993.332450; Fri, 10 Sep 2021 05:13:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYrL-0004jr-IA; Fri, 10 Sep 2021 05:13:55 +0000 Received: by outflank-mailman (input) for mailman id 183993; Fri, 10 Sep 2021 05:13:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYrK-0004jd-Rf for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:13:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYrK-0006TS-Qx for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:13:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOYrK-0005hD-Q4 for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:13:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rvZjhqwYE58ya3j0TGFh07OVIBltrwURiYRon6m1ll8=; b=nOqhfnX5VY4SeZC/VeqyKPSo4r 9xb/UqPQFtkvBcIGWNN4fpvboKC9xRNWP0Kj33nUPHbvcM/pCQnP4VGYbaUZXPAWG6p6bilLzVNJ4 HlizpVISv8X+2CStI057xBBUf8n8FuIC3Z7sM6EwEfmi++0Ww/wIw3E8CY26VRnZJp1I=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] xen/arm: Restrict the amount of memory that dom0less domU and dom0 can allocate Message-Id: Date: Fri, 10 Sep 2021 05:13:54 +0000 commit bdb84809402266816449120101fe14a0732d373c Author: Julien Grall AuthorDate: Wed Aug 25 15:26:54 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:26:54 2021 +0200 xen/arm: Restrict the amount of memory that dom0less domU and dom0 can allocate Currently, both dom0less domUs and dom0 can allocate an "unlimited" amount of memory because d->max_pages is set to ~0U. In particular, the former are meant to be unprivileged. Therefore the memory they could allocate should be bounded. As the domain are not yet officially aware of Xen (we don't expose advertise it in the DT, yet the hypercalls are accessible), they should not need to allocate more than the initial amount. So cap set d->max_pages directly the amount of memory we are meant to allocate. Take the opportunity to also restrict the memory for dom0 as the domain is direct mapped (e.g. MFN == GFN) and therefore cannot allocate outside of the pre-allocated region. This is CVE-2021-28700 / XSA-383. Reported-by: Julien Grall Signed-off-by: Julien Grall Reviewed-by: Stefano Stabellini Tested-by: Stefano Stabellini master commit: c08d68cd2aacbc7cb56e73ada241bfe4639bbc68 master date: 2021-08-25 14:19:31 +0200 --- xen/arch/arm/domain_build.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index 2b37ea019d..ce7f61e825 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -2433,7 +2433,8 @@ static int __init construct_domU(struct domain *d, if ( vcpu_create(d, 0) == NULL ) return -ENOMEM; - d->max_pages = ~0U; + + d->max_pages = ((paddr_t)mem * SZ_1K) >> PAGE_SHIFT; kinfo.d = d; @@ -2533,7 +2534,7 @@ int __init construct_dom0(struct domain *d) iommu_hwdom_init(d); - d->max_pages = ~0U; + d->max_pages = dom0_mem >> PAGE_SHIFT; kinfo.unassigned_mem = dom0_mem; kinfo.d = d; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Fri Sep 10 05:14:05 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 10 Sep 2021 05:14:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183995.332455 (Exim 4.92) (envelope-from ) id 1mOYrV-0004mk-NY; Fri, 10 Sep 2021 05:14:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183995.332455; Fri, 10 Sep 2021 05:14:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYrV-0004mY-Jl; Fri, 10 Sep 2021 05:14:05 +0000 Received: by outflank-mailman (input) for mailman id 183995; Fri, 10 Sep 2021 05:14:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYrU-0004mF-VR for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:14:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYrU-0006UC-Uh for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:14:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOYrU-0005i1-Tu for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:14:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=wAyHl1Sxilz4eI9wTr0Z7NzHEkL65uSFoZ6Xsi7pnPs=; b=OK2a8mOvArbTkIGlcdIRvbKvEZ BwvYfKivbUULa4rEhIki1XB5M1rN2HsbO7zHjgYWlkl29iCNGEJEF2HOWBn5/+tFPJara3nIZoltb 9TtLRcBAaFCZLxlbmvBMWcJPQLxnxsn2cpYIhrQ5jXZB7J0EgHiRikZh63QoBkVIhbhE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] x86/hvm: Propagate real error information up through hvm_load() Message-Id: Date: Fri, 10 Sep 2021 05:14:04 +0000 commit 331cfaeb7fc486ea4e03d7e7063648f41e59e949 Author: Andrew Cooper AuthorDate: Wed Aug 25 15:27:41 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:27:41 2021 +0200 x86/hvm: Propagate real error information up through hvm_load() hvm_load() is currently a mix of -errno and -1 style error handling, which aliases -EPERM. This leads to the following confusing diagnostics: From userspace: xc: info: Restoring domain xc: error: Unable to restore HVM context (1 = Operation not permitted): Internal error xc: error: Restore failed (1 = Operation not permitted): Internal error xc_domain_restore: [1] Restore failed (1 = Operation not permitted) From Xen: (XEN) HVM10.0 restore: inconsistent xsave state (feat=0x2ff accum=0x21f xcr0=0x7 bv=0x3 err=-22) (XEN) HVM10 restore: failed to load entry 16/0 The actual error was a bad backport, but the -EINVAL got converted to -EPERM on the way out of the hypercall. The overwhelming majority of *_load() handlers already use -errno consistenty. Fix up the rest to be consistent, and fix a few other errors noticed along the way. * Failures of hvm_load_entry() indicate a truncated record or other bad data size. Use -ENODATA. * Don't use {g,}dprintk(). Omitting diagnostics in release builds is rude, and almost everything uses unconditional printk()'s. * Switch some errors for more appropriate ones. Reported-by: Igor Druzhinin Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich master commit: 96e5ad4c476e70688295b3cfb537847a3351d6fd master date: 2021-07-19 14:34:38 +0100 --- xen/arch/x86/cpu/mcheck/vmce.c | 6 +++--- xen/arch/x86/emul-i8254.c | 9 +++++---- xen/arch/x86/hvm/irq.c | 6 +++--- xen/arch/x86/hvm/save.c | 25 ++++++++++++++----------- xen/arch/x86/hvm/vioapic.c | 5 ++++- xen/arch/x86/hvm/vpic.c | 2 +- 6 files changed, 30 insertions(+), 23 deletions(-) diff --git a/xen/arch/x86/cpu/mcheck/vmce.c b/xen/arch/x86/cpu/mcheck/vmce.c index 4f5de07e01..abf486067a 100644 --- a/xen/arch/x86/cpu/mcheck/vmce.c +++ b/xen/arch/x86/cpu/mcheck/vmce.c @@ -81,11 +81,11 @@ int vmce_restore_vcpu(struct vcpu *v, const struct hvm_vmce_vcpu *ctxt) if ( ctxt->caps & ~guest_mcg_cap & ~MCG_CAP_COUNT & ~MCG_CTL_P ) { - dprintk(XENLOG_G_ERR, "%s restore: unsupported MCA capabilities" - " %#" PRIx64 " for %pv (supported: %#Lx)\n", + printk(XENLOG_G_ERR + "%s restore: unsupported MCA capabilities %#"PRIx64" for %pv (supported: %#Lx)\n", is_hvm_vcpu(v) ? "HVM" : "PV", ctxt->caps, v, guest_mcg_cap & ~MCG_CAP_COUNT); - return -EPERM; + return -EINVAL; } v->arch.vmce.mcg_cap = ctxt->caps; diff --git a/xen/arch/x86/emul-i8254.c b/xen/arch/x86/emul-i8254.c index 73be4188ad..050c784702 100644 --- a/xen/arch/x86/emul-i8254.c +++ b/xen/arch/x86/emul-i8254.c @@ -412,7 +412,7 @@ static int pit_save(struct vcpu *v, hvm_domain_context_t *h) static int pit_load(struct domain *d, hvm_domain_context_t *h) { PITState *pit = domain_vpit(d); - int i; + int i, rc = 0; if ( !has_vpit(d) ) return -ENODEV; @@ -421,8 +421,8 @@ static int pit_load(struct domain *d, hvm_domain_context_t *h) if ( hvm_load_entry(PIT, h, &pit->hw) ) { - spin_unlock(&pit->lock); - return 1; + rc = -ENODATA; + goto out; } /* @@ -434,9 +434,10 @@ static int pit_load(struct domain *d, hvm_domain_context_t *h) for ( i = 0; i < 3; i++ ) pit_load_count(pit, i, pit->hw.channels[i].count); + out: spin_unlock(&pit->lock); - return 0; + return rc; } HVM_REGISTER_SAVE_RESTORE(PIT, pit_save, pit_load, 1, HVMSR_PER_DOM); diff --git a/xen/arch/x86/hvm/irq.c b/xen/arch/x86/hvm/irq.c index d2bfb6d05d..2ba0a5618f 100644 --- a/xen/arch/x86/hvm/irq.c +++ b/xen/arch/x86/hvm/irq.c @@ -772,9 +772,9 @@ static int irq_load_link(struct domain *d, hvm_domain_context_t *h) for ( link = 0; link < 4; link++ ) if ( hvm_irq->pci_link.route[link] > 15 ) { - gdprintk(XENLOG_ERR, - "HVM restore: PCI-ISA link %u out of range (%u)\n", - link, hvm_irq->pci_link.route[link]); + printk(XENLOG_G_ERR + "HVM restore: PCI-ISA link %u out of range (%u)\n", + link, hvm_irq->pci_link.route[link]); return -EINVAL; } diff --git a/xen/arch/x86/hvm/save.c b/xen/arch/x86/hvm/save.c index 0fc59d3487..73193cce99 100644 --- a/xen/arch/x86/hvm/save.c +++ b/xen/arch/x86/hvm/save.c @@ -50,14 +50,14 @@ int arch_hvm_load(struct domain *d, struct hvm_save_header *hdr) { printk(XENLOG_G_ERR "HVM%d restore: bad magic number %#"PRIx32"\n", d->domain_id, hdr->magic); - return -1; + return -EINVAL; } if ( hdr->version != HVM_FILE_VERSION ) { printk(XENLOG_G_ERR "HVM%d restore: unsupported version %u\n", d->domain_id, hdr->version); - return -1; + return -EINVAL; } cpuid(1, &eax, &ebx, &ecx, &edx); @@ -291,16 +291,18 @@ int hvm_load(struct domain *d, hvm_domain_context_t *h) struct hvm_save_descriptor *desc; hvm_load_handler handler; struct vcpu *v; + int rc; if ( d->is_dying ) return -EINVAL; /* Read the save header, which must be first */ if ( hvm_load_entry(HEADER, h, &hdr) != 0 ) - return -1; + return -ENODATA; - if ( arch_hvm_load(d, &hdr) ) - return -1; + rc = arch_hvm_load(d, &hdr); + if ( rc ) + return rc; /* Down all the vcpus: we only re-enable the ones that had state saved. */ for_each_vcpu(d, v) @@ -315,7 +317,7 @@ int hvm_load(struct domain *d, hvm_domain_context_t *h) printk(XENLOG_G_ERR "HVM%d restore: save did not end with a null entry\n", d->domain_id); - return -1; + return -ENODATA; } /* Read the typecode of the next entry and check for the end-marker */ @@ -329,17 +331,18 @@ int hvm_load(struct domain *d, hvm_domain_context_t *h) { printk(XENLOG_G_ERR "HVM%d restore: unknown entry typecode %u\n", d->domain_id, desc->typecode); - return -1; + return -EINVAL; } /* Load the entry */ printk(XENLOG_G_INFO "HVM%d restore: %s %"PRIu16"\n", d->domain_id, hvm_sr_handlers[desc->typecode].name, desc->instance); - if ( handler(d, h) != 0 ) + rc = handler(d, h); + if ( rc ) { - printk(XENLOG_G_ERR "HVM%d restore: failed to load entry %u/%u\n", - d->domain_id, desc->typecode, desc->instance); - return -1; + printk(XENLOG_G_ERR "HVM%d restore: failed to load entry %u/%u rc %d\n", + d->domain_id, desc->typecode, desc->instance, rc); + return rc; } } diff --git a/xen/arch/x86/hvm/vioapic.c b/xen/arch/x86/hvm/vioapic.c index 35717edf73..9360f333c9 100644 --- a/xen/arch/x86/hvm/vioapic.c +++ b/xen/arch/x86/hvm/vioapic.c @@ -619,7 +619,10 @@ static int ioapic_load(struct domain *d, hvm_domain_context_t *h) d->arch.hvm.nr_vioapics != 1 ) return -EOPNOTSUPP; - return hvm_load_entry(IOAPIC, h, &s->domU); + if ( hvm_load_entry(IOAPIC, h, &s->domU) ) + return -ENODATA; + + return 0; } HVM_REGISTER_SAVE_RESTORE(IOAPIC, ioapic_save, ioapic_load, 1, HVMSR_PER_DOM); diff --git a/xen/arch/x86/hvm/vpic.c b/xen/arch/x86/hvm/vpic.c index 9ec4652222..6ad2f85578 100644 --- a/xen/arch/x86/hvm/vpic.c +++ b/xen/arch/x86/hvm/vpic.c @@ -401,7 +401,7 @@ static int vpic_load(struct domain *d, hvm_domain_context_t *h) /* Which PIC is this? */ if ( inst > 1 ) - return -EINVAL; + return -ENOENT; s = &d->arch.hvm.vpic[inst]; /* Load the state */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Fri Sep 10 05:14:16 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 10 Sep 2021 05:14:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183997.332459 (Exim 4.92) (envelope-from ) id 1mOYrg-0004pQ-P4; Fri, 10 Sep 2021 05:14:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183997.332459; Fri, 10 Sep 2021 05:14:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYrg-0004pI-LR; Fri, 10 Sep 2021 05:14:16 +0000 Received: by outflank-mailman (input) for mailman id 183997; Fri, 10 Sep 2021 05:14:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYrf-0004oz-34 for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:14:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYrf-0006UN-2L for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:14:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOYrf-0005iu-1K for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:14:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=YaLQwmQq9Jp9dSDLlX/mfTC/Vxs2lAB1cjTm8knHnDQ=; b=scDAyY1PTBb5ptuudpHdYfuFJa PlEk++RgCid7csvpGmEFnWJ1nbVuNiU7mGeL3t6AqIL8UvkuipMLAOl7kwBnD7ovHL68gmInwuXrn oha5B5qHk083DAXyeR9ggiX8FbIvtHPB+qFNOZiyZyUbdQ45lr0FxC9qzrL4S6ViFc/U=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] xen/lib: Fix strcmp() and strncmp() Message-Id: Date: Fri, 10 Sep 2021 05:14:15 +0000 commit 9d53da2e640f37d76f56287997065070059a6ae6 Author: Jane Malalane AuthorDate: Wed Aug 25 15:27:58 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:27:58 2021 +0200 xen/lib: Fix strcmp() and strncmp() The C standard requires that each character be compared as unsigned char. Xen's current behaviour compares as signed char, which changes the answer when chars with a value greater than 0x7f are used. Suggested-by: Andrew Cooper Signed-off-by: Jane Malalane Reviewed-by: Ian Jackson master commit: 3747a2bb67daa5a8baeff6cda57dc98a5ef79c3e master date: 2021-07-30 10:52:46 +0100 --- xen/common/string.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/xen/common/string.c b/xen/common/string.c index af3d96ad0f..43624b1b45 100644 --- a/xen/common/string.c +++ b/xen/common/string.c @@ -119,14 +119,16 @@ EXPORT_SYMBOL(strlcat); */ int (strcmp)(const char *cs, const char *ct) { - register signed char __res; + unsigned char *csu = (unsigned char *)cs; + unsigned char *ctu = (unsigned char *)ct; + int res; while (1) { - if ((__res = *cs - *ct++) != 0 || !*cs++) + if ((res = *csu - *ctu++) != 0 || !*csu++) break; } - return __res; + return res; } #endif @@ -139,15 +141,17 @@ int (strcmp)(const char *cs, const char *ct) */ int (strncmp)(const char *cs, const char *ct, size_t count) { - register signed char __res = 0; + unsigned char *csu = (unsigned char *)cs; + unsigned char *ctu = (unsigned char *)ct; + int res = 0; while (count) { - if ((__res = *cs - *ct++) != 0 || !*cs++) + if ((res = *csu - *ctu++) != 0 || !*csu++) break; count--; } - return __res; + return res; } #endif -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Fri Sep 10 05:14:26 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 10 Sep 2021 05:14:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.183999.332463 (Exim 4.92) (envelope-from ) id 1mOYrq-0004rz-Py; Fri, 10 Sep 2021 05:14:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 183999.332463; Fri, 10 Sep 2021 05:14:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYrq-0004rr-NB; Fri, 10 Sep 2021 05:14:26 +0000 Received: by outflank-mailman (input) for mailman id 183999; Fri, 10 Sep 2021 05:14:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYrp-0004rU-6z for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:14:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYrp-0006UY-6G for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:14:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOYrp-0005je-5L for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:14:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=SsMQmQ+7HhpBE+BMn3c7jDsxRU/BqfRCGall7k5H+8Y=; b=co1AOlcskI8B1r/vn7A9SV5JZ/ pS1G/khgb1lUWKahm1HNOUnCfxjvWK/nUwVy7iK/jHK0uSy0o8RfgCvvdL03FTpfZoIQZ9QpuWZu9 Kv0Sf4bs3427pjoAL45j1yOy83kk49cG+Hre/R4G/EI/dXggEQE3JPQtjreLJg9SNuIs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] credit2: avoid picking a spurious idle unit when caps are used Message-Id: Date: Fri, 10 Sep 2021 05:14:25 +0000 commit dd9785568f2ab5acef988d155dcb8fea3c8a5a2f Author: Dario Faggioli AuthorDate: Wed Aug 25 15:28:13 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:28:13 2021 +0200 credit2: avoid picking a spurious idle unit when caps are used Commit 07b0eb5d0ef0 ("credit2: make sure we pick a runnable unit from the runq if there is one") did not fix completely the problem of potentially selecting a scheduling unit that will then not be able to run. In fact, in case caps are used and the unit we are currently looking at, during the runqueue scan, does not have enough budget for being run, we should continue looking instead than giving up and picking the idle unit. Suggested-by: George Dunlap Signed-off-by: Dario Faggioli Reviewed-by: Jan Beulich master commit: 0f742839ae57e10687e7a573070c37430f31068c master date: 2021-08-10 09:29:10 +0200 --- xen/common/sched_credit2.c | 32 +++++++++++++++++++++++++------- 1 file changed, 25 insertions(+), 7 deletions(-) diff --git a/xen/common/sched_credit2.c b/xen/common/sched_credit2.c index 8ba741e379..0aef547aec 100644 --- a/xen/common/sched_credit2.c +++ b/xen/common/sched_credit2.c @@ -3368,6 +3368,15 @@ runq_candidate(struct csched2_runqueue_data *rqd, (unsigned char *)&d); } + /* + * If the unit in the runqueue has more credits than current (or than + * idle, if current is not runnable) or if current is yielding, we may + * want to pick it up. Otherwise, there's no need to keep scanning the + * runqueue any further. + */ + if ( !yield && svc->credit <= snext->credit ) + break; + /* Skip non runnable units that we (temporarily) have in the runq */ if ( unlikely(!unit_runnable_state(svc->unit)) ) continue; @@ -3399,16 +3408,25 @@ runq_candidate(struct csched2_runqueue_data *rqd, } /* - * If the one in the runqueue has more credit than current (or idle, - * if current is not runnable), or if current is yielding, and also - * if the one in runqueue either is not capped, or is capped but has - * some budget, then choose it. + * If we are here, we are almost sure we want to pick the unit in + * the runqueue. Last thing we need to check is that it either is + * not capped or, if it is, it has some budget. + * + * Note that budget availability must be the very last check that + * we do in this loop, due to the side effects that unit_grab_budget() + * causes. + * + * In fact, if there is budget available in the unit's domain's + * budget pool, the function will pick some for running this unit. + * And we clearly want to do that only if we're otherwise sure that + * the unit will actually run, consume it, and return the leftover + * (if any) in the usual way. */ - if ( (yield || svc->credit > snext->credit) && - (!has_cap(svc) || unit_grab_budget(svc)) ) - snext = svc; + if ( has_cap(svc) && !unit_grab_budget(svc) ) + continue; /* In any case, if we got this far, break. */ + snext = svc; break; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Fri Sep 10 05:14:36 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 10 Sep 2021 05:14:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.184001.332466 (Exim 4.92) (envelope-from ) id 1mOYs0-0004uq-S2; Fri, 10 Sep 2021 05:14:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 184001.332466; Fri, 10 Sep 2021 05:14:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYs0-0004ui-Oz; Fri, 10 Sep 2021 05:14:36 +0000 Received: by outflank-mailman (input) for mailman id 184001; Fri, 10 Sep 2021 05:14:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYrz-0004uF-Aw for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:14:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYrz-0006Uo-AA for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:14:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOYrz-0005kK-9J for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:14:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=d+iPPvhGlJu8s5LdvWHsKICGuCDv9Ndxsom2Ktdpuuo=; b=PIllQYEio9I+AVxSc8NW/9nqPr wCQv0s5NdW5jshhK+QRsBARTj2qAqGQtGLzHwevQDODcUkfVPbqnPqN4MBn0KU0I3MbO969tG7Cnj lJNRbsHUA8pJBHz1MgYW4/MF26y76FHHlipGFJWhSuf9ulJVGwFP3QAXtyYYqWqIGLXY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] VT-d: Tylersburg errata apply to further steppings Message-Id: Date: Fri, 10 Sep 2021 05:14:35 +0000 commit d1e19217362762b2c4a6d22a08bb22f90ddc9a82 Author: Jan Beulich AuthorDate: Wed Aug 25 15:28:33 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:28:33 2021 +0200 VT-d: Tylersburg errata apply to further steppings While for 5500 and 5520 chipsets only B3 and C2 are mentioned in the spec update, X58's also mentions B2, and searching the internet suggests systems with this stepping are actually in use. Even worse, for X58 erratum #69 is marked applicable even to C2. Split the check to cover all applicable steppings and to also report applicable errata numbers in the log message. The splitting requires using the DMI port instead of the System Management Registers device, but that's then in line (also revision checking wise) with the spec updates. Fixes: 6890cebc6a98 ("VT-d: deal with 5500/5520/X58 errata") Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian master commit: 517a90d1ca09ce00e50d46ac25566cc3bd2eb34d master date: 2021-08-18 09:44:14 +0200 --- xen/drivers/passthrough/vtd/quirks.c | 34 +++++++++++++++++++++++++--------- 1 file changed, 25 insertions(+), 9 deletions(-) diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c index 4dadd9523f..435e449ca3 100644 --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -267,26 +267,42 @@ static int __init parse_snb_timeout(const char *s) } custom_param("snb_igd_quirk", parse_snb_timeout); -/* 5500/5520/X58 Chipset Interrupt remapping errata, for stepping B-3. - * Fixed in stepping C-2. */ +/* + * 5500/5520/X58 chipset interrupt remapping errata, for steppings B2 and B3. + * Fixed in stepping C2 except on X58. + */ static void __init tylersburg_intremap_quirk(void) { - uint32_t bus, device; + unsigned int bus; uint8_t rev; for ( bus = 0; bus < 0x100; bus++ ) { - /* Match on System Management Registers on Device 20 Function 0 */ - device = pci_conf_read32(PCI_SBDF(0, bus, 20, 0), PCI_VENDOR_ID); - rev = pci_conf_read8(PCI_SBDF(0, bus, 20, 0), PCI_REVISION_ID); + /* Match on DMI port (Device 0 Function 0) */ + rev = pci_conf_read8(PCI_SBDF(0, bus, 0, 0), PCI_REVISION_ID); - if ( rev == 0x13 && device == 0x342e8086 ) + switch ( pci_conf_read32(PCI_SBDF(0, bus, 0, 0), PCI_VENDOR_ID) ) { + default: + continue; + + case 0x34038086: case 0x34068086: + if ( rev >= 0x22 ) + continue; + printk(XENLOG_WARNING VTDPREFIX + "Disabling IOMMU due to Intel 5500/5520 chipset errata #47 and #53\n"); + iommu_enable = false; + break; + + case 0x34058086: printk(XENLOG_WARNING VTDPREFIX - "Disabling IOMMU due to Intel 5500/5520/X58 Chipset errata #47, #53\n"); - iommu_enable = 0; + "Disabling IOMMU due to Intel X58 chipset %s\n", + rev < 0x22 ? "errata #62 and #69" : "erratum #69"); + iommu_enable = false; break; } + + break; } } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Fri Sep 10 05:14:46 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 10 Sep 2021 05:14:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.184003.332473 (Exim 4.92) (envelope-from ) id 1mOYsA-0004xv-Tz; Fri, 10 Sep 2021 05:14:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 184003.332473; Fri, 10 Sep 2021 05:14:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYsA-0004xn-QS; Fri, 10 Sep 2021 05:14:46 +0000 Received: by outflank-mailman (input) for mailman id 184003; Fri, 10 Sep 2021 05:14:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYs9-0004xV-EG for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:14:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYs9-0006V6-Dc for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:14:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOYs9-0005lK-Ct for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:14:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/8sI8vDotmNakrilzJnbbhGcNC6XQ6Abyu2UkRymiSc=; b=MXCZYXCy+72hxpqizqo9lRUW20 wq7Ug76CJLu5rj6Idw43vjiRLg+48VUpOcxiEjJTMBo7EDRtHD7mkkTSkZeAALl0T5EfwjrfDkSeT 6+ddf2zdvp3KEFodX4J21CzqzXr62D7P+vTU+CZ36vsZNz+tr0STE4hxo+KxS1CuEfSs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] xen/sched: fix get_cpu_idle_time() for smt=0 suspend/resume Message-Id: Date: Fri, 10 Sep 2021 05:14:45 +0000 commit 6dda306223a2dd86ec2847d87a4a2ef8170d5fe0 Author: Juergen Gross AuthorDate: Wed Aug 25 15:28:49 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:28:49 2021 +0200 xen/sched: fix get_cpu_idle_time() for smt=0 suspend/resume With smt=0 during a suspend/resume cycle of the machine the threads which have been parked before will briefly come up again. This can result in problems e.g. with cpufreq driver being active as this will call into get_cpu_idle_time() for a cpu without initialized scheduler data. Fix that by letting get_cpu_idle_time() deal with this case. Drop a redundant check in exchange. Fixes: 132cbe8f35632fb2 ("sched: fix get_cpu_idle_time() with core scheduling") Reported-by: Marek Marczykowski-Górecki Signed-off-by: Juergen Gross Tested-by: Marek Marczykowski-Górecki Reviewed-by: Jan Beulich Acked-by: Dario Faggioli master commit: 5293470a77ad980dce2af9b7e6c3f11eeebf1b64 master date: 2021-08-19 13:38:31 +0200 --- xen/common/schedule.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/common/schedule.c b/xen/common/schedule.c index a698a13698..8ccdb2c4d8 100644 --- a/xen/common/schedule.c +++ b/xen/common/schedule.c @@ -334,7 +334,7 @@ uint64_t get_cpu_idle_time(unsigned int cpu) struct vcpu_runstate_info state = { 0 }; struct vcpu *v = idle_vcpu[cpu]; - if ( cpu_online(cpu) && v ) + if ( cpu_online(cpu) && get_sched_res(cpu) ) vcpu_runstate_get(v, &state); return state.time[RUNSTATE_running]; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Fri Sep 10 05:14:57 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 10 Sep 2021 05:14:57 +0000 Received: from list by lists.xenproject.org with outflank-mailman.184007.332475 (Exim 4.92) (envelope-from ) id 1mOYsL-00051Q-15; Fri, 10 Sep 2021 05:14:57 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 184007.332475; Fri, 10 Sep 2021 05:14:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYsK-00051I-US; Fri, 10 Sep 2021 05:14:56 +0000 Received: by outflank-mailman (input) for mailman id 184007; Fri, 10 Sep 2021 05:14:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYsJ-000517-I3 for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:14:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYsJ-0006VK-HI for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:14:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOYsJ-0005mI-GL for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:14:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=7GeROCnL30V1PrNv9P4M3OS8cm/97GiucAsGFEtd5sY=; b=Ju7QpJogTe2z6lLCHs5QXt4hoT dFYZNcu3DjifWb8JQY4XLsjOfhnReRBOb0wXP4emj7e3RLe54PnseEY5KBj96TCkMydk23kCRHojU UgiGj5gdIF2o4KQPJV7X3kdOb2TPObPAm5Jr5sRLfjgPtcgMuJrkHj77Bsdrr/ItnZSQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] AMD/IOMMU: don't leave page table mapped when unmapping ... Message-Id: Date: Fri, 10 Sep 2021 05:14:55 +0000 commit 523f3ca8721e0bd683474c3b3995f0642b453162 Author: Jan Beulich AuthorDate: Wed Aug 25 15:29:07 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:29:07 2021 +0200 AMD/IOMMU: don't leave page table mapped when unmapping ... ... an already not mapped page. With all other exit paths doing the unmap, I have no idea how I managed to miss that aspect at the time. Fixes: ad591454f069 ("AMD/IOMMU: don't needlessly trigger errors/crashes when unmapping a page") Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: 3cfec6a6aa7a7bf68f8e19e21f450c2febe9acb4 master date: 2021-08-20 12:30:35 +0200 --- xen/drivers/passthrough/amd/iommu_map.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 927d6224a9..ac30cac05b 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -266,7 +266,10 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, else if ( !pde->pr ) { if ( !map ) + { + unmap_domain_page(next_table_vaddr); return 0; + } if ( next_table_mfn == 0 ) { -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Fri Sep 10 05:15:07 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 10 Sep 2021 05:15:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.184009.332479 (Exim 4.92) (envelope-from ) id 1mOYsV-00054H-2n; Fri, 10 Sep 2021 05:15:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 184009.332479; Fri, 10 Sep 2021 05:15:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYsU-000549-W0; Fri, 10 Sep 2021 05:15:06 +0000 Received: by outflank-mailman (input) for mailman id 184009; Fri, 10 Sep 2021 05:15:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYsT-00053o-Mu for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:15:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYsT-0006Xn-MB for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:15:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOYsT-0005np-LL for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:15:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ZRmBjTZoeHeNcKwYMjC86H9+NxsvQYJ6QYbzPlldaE4=; b=R8ZH2MosE3IdAl9i7HKTguNhxe R+3ITlDgpAEXAD2sg6UZeqKwN9RVV6trMhs4AuuOITYtmUMg5KdHLnQsFSD55WRQ3K+lDGwCTKVlx t9MY1yYeVU3lPa2/M6NUEhOmaM6XWp2XesBJSExVQB9wN8FSeE+ZKSP8cb8POIGLyvD4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] tools/firmware/ovmf: Use OvmfXen platform file is exist Message-Id: Date: Fri, 10 Sep 2021 05:15:05 +0000 commit b335a5314f251c570f991376a1500737d3e02bb8 Author: Anthony PERARD AuthorDate: Tue Jun 1 11:28:03 2021 +0100 Commit: Ian Jackson CommitDate: Wed Aug 25 13:19:58 2021 +0100 tools/firmware/ovmf: Use OvmfXen platform file is exist A platform introduced in EDK II named OvmfXen is now the one to use for Xen instead of OvmfX64. It comes with PVH support. Also, the Xen support in OvmfX64 is deprecated, "deprecation notice: *dynamic* multi-VMM (QEMU vs. Xen) support in OvmfPkg" https://edk2.groups.io/g/devel/message/75498 Signed-off-by: Anthony PERARD Acked-by: Ian Jackson (cherry picked from commit aad7b5c11d51d57659978e04702ac970906894e8) (cherry picked from commit 7988ef515a5eabe74bb5468c8c692e03ee9db8bc) (cherry picked from commit 0aabe44d9c454c265b2bfc1030d58bd8f9ca8c94) --- tools/firmware/ovmf-makefile | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/tools/firmware/ovmf-makefile b/tools/firmware/ovmf-makefile index 55f9992145..637ee509c3 100644 --- a/tools/firmware/ovmf-makefile +++ b/tools/firmware/ovmf-makefile @@ -17,8 +17,14 @@ all: build .PHONY: build build: if test -e .git ; then $(GIT) submodule update --init --recursive ; fi - OvmfPkg/build.sh -a X64 -b $(TARGET) -n 4 - cp Build/OvmfX64/$(TARGET)_GCC*/FV/OVMF.fd ovmf.bin + set -ex; \ + if test -e OvmfPkg/OvmfXen.dsc; then \ + OvmfPkg/build.sh -a X64 -b $(TARGET) -n 4 -p OvmfPkg/OvmfXen.dsc; \ + cp Build/OvmfXen/$(TARGET)_GCC*/FV/OVMF.fd ovmf.bin; \ + else \ + OvmfPkg/build.sh -a X64 -b $(TARGET) -n 4; \ + cp Build/OvmfX64/$(TARGET)_GCC*/FV/OVMF.fd ovmf.bin; \ + fi .PHONY: clean clean: -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Fri Sep 10 05:15:17 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 10 Sep 2021 05:15:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.184010.332483 (Exim 4.92) (envelope-from ) id 1mOYsf-000573-4E; Fri, 10 Sep 2021 05:15:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 184010.332483; Fri, 10 Sep 2021 05:15:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYsf-00056v-1H; Fri, 10 Sep 2021 05:15:17 +0000 Received: by outflank-mailman (input) for mailman id 184010; Fri, 10 Sep 2021 05:15:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYsd-00056m-Ql for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:15:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYsd-0006Y1-Q4 for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:15:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOYsd-0005oq-PB for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:15:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ttLQqWLqxKret3CTSCohqQdBoFd2WpCh8MUp815sCoc=; b=ThMglb4gL/HqdnOxDR19dBfojm zQXUqYV/Idb/crKhiZF5GK0gdzGqecpzkB7QuN+zTByIkUp484fwOuYJkZtBryaOA4cpk3qzPBCqG kn3gNs0Dom7x0rJU+C1Q5S6/xeX8H6SfvMY9hBPFYS4Wy7Xyo0P8nJiMJlFCoN6pGaP4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] Merge branch 'staging-4.13' of xenbits.xen.org:/home/xen/git/xen into staging-4.13 Message-Id: Date: Fri, 10 Sep 2021 05:15:15 +0000 commit dd29f4f4961d5c99660874c7ff090bd3c2ef6e5b Merge: 523f3ca8721e0bd683474c3b3995f0642b453162 b335a5314f251c570f991376a1500737d3e02bb8 Author: Jan Beulich AuthorDate: Wed Aug 25 15:30:25 2021 +0200 Commit: Jan Beulich CommitDate: Wed Aug 25 15:30:25 2021 +0200 Merge branch 'staging-4.13' of xenbits.xen.org:/home/xen/git/xen into staging-4.13 tools/firmware/ovmf-makefile | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Fri Sep 10 05:15:27 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 10 Sep 2021 05:15:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.184011.332487 (Exim 4.92) (envelope-from ) id 1mOYsp-00059a-5t; Fri, 10 Sep 2021 05:15:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 184011.332487; Fri, 10 Sep 2021 05:15:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYsp-00059S-2p; Fri, 10 Sep 2021 05:15:27 +0000 Received: by outflank-mailman (input) for mailman id 184011; Fri, 10 Sep 2021 05:15:26 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYsn-00059E-UX for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:15:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYsn-0006YD-Tt for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:15:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOYsn-0005pe-T4 for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:15:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=VPrWX031r4ByKT/h8RvAEqxWBOfFLKbYcHHrVFuXQmk=; b=sAKw2QOb7psggjXgEvzxzTKtSk mP5GSPlFM5eGa4M8F1d6n/MEpd2wRM7x4n48NnlX1IWpEsB30bnHHtDv9vjeLFE1HINKWzUNUW6mU QiPd4rrgOb/S/bOCQnf6lzh3ygW7q/vojdaayDeE6Hv7oOtHxNV28BxOXwyk+8zQu1DQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] gnttab: avoid triggering assertion in radix_tree_ulong_to_ptr() Message-Id: Date: Fri, 10 Sep 2021 05:15:25 +0000 commit 5b853ec2c81755c69e0915d0a8cf51d32eb942ba Author: Jan Beulich AuthorDate: Wed Sep 8 14:55:00 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 8 14:55:00 2021 +0200 gnttab: avoid triggering assertion in radix_tree_ulong_to_ptr() Relevant quotes from the C11 standard: "Except where explicitly stated otherwise, for the purposes of this subclause unnamed members of objects of structure and union type do not participate in initialization. Unnamed members of structure objects have indeterminate value even after initialization." "If there are fewer initializers in a brace-enclosed list than there are elements or members of an aggregate, [...], the remainder of the aggregate shall be initialized implicitly the same as objects that have static storage duration." "If an object that has static or thread storage duration is not initialized explicitly, then: [...] — if it is an aggregate, every member is initialized (recursively) according to these rules, and any padding is initialized to zero bits; [...]" "A bit-field declaration with no declarator, but only a colon and a width, indicates an unnamed bit-field." Footnote: "An unnamed bit-field structure member is useful for padding to conform to externally imposed layouts." "There may be unnamed padding within a structure object, but not at its beginning." Which makes me conclude: - Whether an unnamed bit-field member is an unnamed member or padding is unclear, and hence also whether the last quote above would render the big endian case of the structure declaration invalid. - Whether the number of members of an aggregate includes unnamed ones is also not really clear. - The initializer in map_grant_ref() initializes all fields of the "cnt" sub-structure of the union, so assuming the second quote above applies here (indirectly), the compiler isn't required to implicitly initialize the rest (i.e. in particular any padding) like would happen for static storage duration objects. Gcc 7.4.1 can be observed (apparently in debug builds only) to translate aforementioned initializer to a read-modify-write operation of a stack variable, leaving unchanged the top two bits of whatever was previously in that stack slot. Clearly if either of the two bits were set, radix_tree_ulong_to_ptr()'s assertion would trigger. Therefore, to be on the safe side, add an explicit padding field for the non-big-endian-bitfields case and give a dummy name to both padding fields. Fixes: 9781b51efde2 ("gnttab: replace mapkind()") Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: b6da9d0414d69c2682214ee3ecf9816fcac500d0 master date: 2021-08-27 10:54:46 +0200 --- xen/common/grant_table.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index e1a67fc1c6..a02e906e94 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -889,10 +889,13 @@ union maptrack_node { struct { /* Radix tree slot pointers use two of the bits. */ #ifdef __BIG_ENDIAN_BITFIELD - unsigned long : 2; + unsigned long _0 : 2; #endif unsigned long rd : BITS_PER_LONG / 2 - 1; unsigned long wr : BITS_PER_LONG / 2 - 1; +#ifndef __BIG_ENDIAN_BITFIELD + unsigned long _0 : 2; +#endif } cnt; unsigned long raw; }; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Fri Sep 10 05:15:37 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 10 Sep 2021 05:15:37 +0000 Received: from list by lists.xenproject.org with outflank-mailman.184012.332491 (Exim 4.92) (envelope-from ) id 1mOYsz-0005DH-7X; Fri, 10 Sep 2021 05:15:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 184012.332491; Fri, 10 Sep 2021 05:15:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYsz-0005D9-4R; Fri, 10 Sep 2021 05:15:37 +0000 Received: by outflank-mailman (input) for mailman id 184012; Fri, 10 Sep 2021 05:15:36 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYsy-0005Ca-28 for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:15:36 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYsy-0006YR-1Q for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:15:36 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOYsy-0005qb-0b for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:15:36 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=E8OpmtOoaJgdrmvXYQr0mTYytFlMoabnjLmdg0PgV40=; b=svapaaMrpMFFApxiYiNY0Vnf53 4sB5n5tb0KPSot/X70vhG/DjTmBSvA5XGYzYXhQ0co+hTG/gsv9UwKQ4blgvsOOQ4kRKoFhH4VgZM awjwsa5uer9dxgUIi4BRl6NX4Q75kiGZQ8wwLxd5XV3rLNZpDEaHp8pWzZYmEzyyuQZY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] x86/PVH: de-duplicate mappings for first Mb of Dom0 memory Message-Id: Date: Fri, 10 Sep 2021 05:15:36 +0000 commit 8d8b4bde3e1ccdf17fb97998c69a4f116950d2a8 Author: Jan Beulich AuthorDate: Wed Sep 8 14:55:46 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 8 14:55:46 2021 +0200 x86/PVH: de-duplicate mappings for first Mb of Dom0 memory One of the changes comprising the fixes for XSA-378 disallows replacing MMIO mappings by code paths not intended for this purpose. This means we need to be more careful about the mappings put in place in this range - mappings should be created exactly once: - iommu_hwdom_init() comes first; it should avoid the first Mb, - pvh_populate_p2m() should insert identity mappings only into ranges not populated as RAM, - pvh_setup_acpi() should again avoid the first Mb, which was already dealt with at that point. Fixes: 753cb68e6530 ("x86/p2m: guard (in particular) identity mapping entries") Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: 6b4f6a31ace125d658a581e8d10809e4fccdc272 master date: 2021-08-31 17:43:36 +0200 --- xen/arch/x86/hvm/dom0_build.c | 40 +++++++++++++++++++++++++++---------- xen/drivers/passthrough/x86/iommu.c | 8 +++++++- 2 files changed, 36 insertions(+), 12 deletions(-) diff --git a/xen/arch/x86/hvm/dom0_build.c b/xen/arch/x86/hvm/dom0_build.c index 78042bd702..62958bf82c 100644 --- a/xen/arch/x86/hvm/dom0_build.c +++ b/xen/arch/x86/hvm/dom0_build.c @@ -430,17 +430,6 @@ static int __init pvh_populate_p2m(struct domain *d) int rc; #define MB1_PAGES PFN_DOWN(MB(1)) - /* - * Memory below 1MB is identity mapped initially. RAM regions are - * populated and copied below, replacing the respective mappings. - */ - rc = modify_identity_mmio(d, 0, MB1_PAGES, true); - if ( rc ) - { - printk("Failed to identity map low 1MB: %d\n", rc); - return rc; - } - /* Populate memory map. */ for ( i = 0; i < d->arch.nr_e820; i++ ) { @@ -472,6 +461,24 @@ static int __init pvh_populate_p2m(struct domain *d) } } + /* Non-RAM regions of space below 1MB get identity mapped. */ + for ( i = rc = 0; i < MB1_PAGES; ++i ) + { + p2m_type_t p2mt; + + if ( mfn_eq(get_gfn_query(d, i, &p2mt), INVALID_MFN) ) + rc = set_mmio_p2m_entry(d, _gfn(i), _mfn(i), PAGE_ORDER_4K, + p2m_get_hostp2m(d)->default_access); + else + ASSERT(p2mt == p2m_ram_rw); + put_gfn(d, i); + if ( rc ) + { + printk("Failed to identity map PFN %x: %d\n", i, rc); + return rc; + } + } + if ( cpu_has_vmx && paging_mode_hap(d) && !vmx_unrestricted_guest(v) ) { /* @@ -1080,6 +1087,17 @@ static int __init pvh_setup_acpi(struct domain *d, paddr_t start_info) nr_pages = PFN_UP((d->arch.e820[i].addr & ~PAGE_MASK) + d->arch.e820[i].size); + /* Memory below 1MB has been dealt with by pvh_populate_p2m(). */ + if ( pfn < PFN_DOWN(MB(1)) ) + { + if ( pfn + nr_pages <= PFN_DOWN(MB(1)) ) + continue; + + /* This shouldn't happen, but is easy to deal with. */ + nr_pages -= PFN_DOWN(MB(1)) - pfn; + pfn = PFN_DOWN(MB(1)); + } + rc = modify_identity_mmio(d, pfn, nr_pages, true); if ( rc ) { diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index c521ba5ad8..818d28f770 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -313,7 +313,13 @@ void __hwdom_init arch_iommu_hwdom_init(struct domain *d) max_pfn = (GB(4) >> PAGE_SHIFT) - 1; top = max(max_pdx, pfn_to_pdx(max_pfn) + 1); - for ( i = 0; i < top; i++ ) + /* + * First Mb will get mapped in one go by pvh_populate_p2m(). Avoid + * setting up potentially conflicting mappings here. + */ + i = paging_mode_translate(d) ? PFN_DOWN(MB(1)) : 0; + + for ( ; i < top; i++ ) { unsigned long pfn = pdx_to_pfn(i); int rc; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Fri Sep 10 05:15:47 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 10 Sep 2021 05:15:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.184013.332496 (Exim 4.92) (envelope-from ) id 1mOYt9-0005GI-9d; Fri, 10 Sep 2021 05:15:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 184013.332496; Fri, 10 Sep 2021 05:15:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYt9-0005GA-63; Fri, 10 Sep 2021 05:15:47 +0000 Received: by outflank-mailman (input) for mailman id 184013; Fri, 10 Sep 2021 05:15:46 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYt8-0005Fs-6F for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:15:46 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYt8-0006Yh-5a for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:15:46 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOYt8-0005rY-4c for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:15:46 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=EnOrzD+bUOmRzdj6T6b/h4pD3aClw1lPbE2e6sawSQ4=; b=YpZUzLgxi6IhX5euqElbRo08YG S+twp2AY6oIU0ZQZGGm5+bQCPU5iXtj8te3HrjHxUHjFtGu1MXFePoYgCQlLM9HOenVjUUHz7/RmA 8Lche+sUHMBLCqRH6EVf6ZJ+4T0lYOBLbVN6wkgxv6VHxz9xb/3qAxTCqOlX80jJ+4cg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] x86/P2M: relax guarding of MMIO entries Message-Id: Date: Fri, 10 Sep 2021 05:15:46 +0000 commit 3bac7235971f8d3469cba8eac7b32f00f540abad Author: Jan Beulich AuthorDate: Wed Sep 8 14:56:16 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 8 14:56:16 2021 +0200 x86/P2M: relax guarding of MMIO entries One of the changes comprising the fixes for XSA-378 disallows replacing MMIO mappings by code paths not intended for this purpose. At least in the case of PVH Dom0 hitting an RMRR covered by an E820 ACPI region, this is too strict. Generally short-circuit requests establishing the same kind of mapping (mfn, type), but allow permissions to differ. While there, also add a log message to the other domain_crash() invocation that did prevent PVH Dom0 from coming up after the XSA-378 changes. Fixes: 753cb68e6530 ("x86/p2m: guard (in particular) identity mapping entries") Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: 111469cc7b3f586c2335e70205320ed3c828b89e master date: 2021-09-07 09:39:38 +0200 --- xen/arch/x86/mm/p2m.c | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 2e4d6e52a2..a68b4fe526 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -938,9 +938,13 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, if ( p2m_is_special(ot) ) { /* Don't permit unmapping grant/foreign/direct-MMIO this way. */ - domain_crash(d); p2m_unlock(p2m); - + printk(XENLOG_G_ERR + "%pd: GFN %#lx (%#lx,%u,%u) -> (%#lx,%u,%u) not permitted\n", + d, gfn_x(gfn) + i, + mfn_x(omfn), ot, a, + mfn_x(mfn) + i, t, p2m->default_access); + domain_crash(d); return -EPERM; } else if ( p2m_is_ram(ot) && !p2m_is_paged(ot) ) @@ -1284,9 +1288,24 @@ static int set_typed_p2m_entry(struct domain *d, unsigned long gfn_l, } if ( p2m_is_special(ot) ) { - gfn_unlock(p2m, gfn, order); - domain_crash(d); - return -EPERM; + /* Special-case (almost) identical mappings. */ + if ( !mfn_eq(mfn, omfn) || gfn_p2mt != ot ) + { + gfn_unlock(p2m, gfn, order); + printk(XENLOG_G_ERR + "%pd: GFN %#lx (%#lx,%u,%u,%u) -> (%#lx,%u,%u,%u) not permitted\n", + d, gfn_l, + mfn_x(omfn), cur_order, ot, a, + mfn_x(mfn), order, gfn_p2mt, access); + domain_crash(d); + return -EPERM; + } + + if ( access == a ) + { + gfn_unlock(p2m, gfn, order); + return 0; + } } else if ( p2m_is_ram(ot) ) { -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Fri Sep 10 05:15:58 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 10 Sep 2021 05:15:58 +0000 Received: from list by lists.xenproject.org with outflank-mailman.184014.332498 (Exim 4.92) (envelope-from ) id 1mOYtK-0005Jc-Ah; Fri, 10 Sep 2021 05:15:58 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 184014.332498; Fri, 10 Sep 2021 05:15:58 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYtK-0005JS-7f; Fri, 10 Sep 2021 05:15:58 +0000 Received: by outflank-mailman (input) for mailman id 184014; Fri, 10 Sep 2021 05:15:56 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYtI-0005J6-A9 for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:15:56 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYtI-0006Ys-9S for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:15:56 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOYtI-0005si-8X for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:15:56 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=n3ISDxsT0tE/S069BBSx3pioh2jpnwBF+D4SSFjty8w=; b=7OYzU0qAlSzlcvrrUrvxA9JZIO JNuVfoxA6gPVWXFFglNmMXzQdfAIIKgCPXvN7TOZgvfWyfWND7RkT6xpvkYiYj1457RTUK1wg68EF ZJhztIpKZBIQnhSvoCsF2ipbRk61CTFguHzFVEAYNzH4iEoV4T3Aig9nu7VvGxi8SM18=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] x86/p2m-pt: fix p2m_flags_to_access() Message-Id: Date: Fri, 10 Sep 2021 05:15:56 +0000 commit a94d697376058c8043e7273c4d8d8e5cc86ebd3d Author: Jan Beulich AuthorDate: Wed Sep 8 14:56:47 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 8 14:56:47 2021 +0200 x86/p2m-pt: fix p2m_flags_to_access() The initial if() was inverted, invalidating all output from this function. Which in turn means the mirroring of P2M mappings into the IOMMU didn't always work as intended: Mappings may have got updated when there was no need to. There would not have been too few (un)mappings; what saves us is that alongside the flags comparison MFNs also get compared, with non-present entries always having an MFN of 0 or INVALID_MFN while present entries always have MFNs different from these two (0 in the table also meant to cover INVALID_MFN): OLD NEW P W access MFN P W access MFN 0 0 r 0 0 0 n 0 0 1 rw 0 0 1 n 0 1 0 n non-0 1 0 r non-0 1 1 n non-0 1 1 rw non-0 present <-> non-present transitions are fine because the MFNs differ. present -> present transitions as well as non-present -> non-present ones are potentially causing too many map/unmap operations, but never too few, because in that case old (bogus) and new access differ. Fixes: d1bb6c97c31e ("IOMMU: also pass p2m_access_t to p2m_get_iommu_flags()) Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: e70a9a043a5ce6d4025420f729bc473f711bf5d1 master date: 2021-09-07 14:24:49 +0200 --- xen/arch/x86/mm/p2m-pt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/mm/p2m-pt.c b/xen/arch/x86/mm/p2m-pt.c index 5c64008208..cf6d2a4c6a 100644 --- a/xen/arch/x86/mm/p2m-pt.c +++ b/xen/arch/x86/mm/p2m-pt.c @@ -483,7 +483,7 @@ int p2m_pt_handle_deferred_changes(uint64_t gpa) /* Reconstruct a fake p2m_access_t from stored PTE flags. */ static p2m_access_t p2m_flags_to_access(unsigned int flags) { - if ( flags & _PAGE_PRESENT ) + if ( !(flags & _PAGE_PRESENT) ) return p2m_access_n; /* No need to look at _PAGE_NX for now. */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Fri Sep 10 05:16:10 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 10 Sep 2021 05:16:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.184015.332503 (Exim 4.92) (envelope-from ) id 1mOYtU-0005N4-DQ; Fri, 10 Sep 2021 05:16:08 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 184015.332503; Fri, 10 Sep 2021 05:16:08 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYtU-0005Mw-AP; Fri, 10 Sep 2021 05:16:08 +0000 Received: by outflank-mailman (input) for mailman id 184015; Fri, 10 Sep 2021 05:16:06 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYtS-0005MY-EF for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:16:06 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYtS-0006ZW-Db for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:16:06 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOYtS-0005tl-Cf for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:16:06 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=on9E4xTkv/+bAnoDXqapkMU1Ic2gnsLQ5I4LA8MRtdM=; b=Cx3fJE8r57Tj6+fWK1kosrLFDr yAxQqRvqMmo/Whq4VvCCNNrg0Td6nqqGHS9jZGNK8CAEWGz2ZxGVFIAcK+KRRonuR0WPlKauP5ijI jrnNLvvgF9og+jIMjt3wyZRn4jGabGnnTjYEi09PqM6TGT61RfkpGkANSwmzS8ya+moI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] gnttab: deal with status frame mapping race Message-Id: Date: Fri, 10 Sep 2021 05:16:06 +0000 commit 9c4b19c110e1410e50a9f1dbd15d337b05e9cc9d Author: Jan Beulich AuthorDate: Wed Sep 8 14:57:31 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 8 14:57:31 2021 +0200 gnttab: deal with status frame mapping race Once gnttab_map_frame() drops the grant table lock, the MFN it reports back to its caller is free to other manipulation. In particular gnttab_unpopulate_status_frames() might free it, by a racing request on another CPU, thus resulting in a reference to a deallocated page getting added to a domain's P2M. Obtain a page reference in gnttab_map_frame() to prevent freeing of the page until xenmem_add_to_physmap_one() has actually completed its acting on the page. Do so uniformly, even if only strictly required for v2 status pages, to avoid extra conditionals (which then would all need to be kept in sync going forward). This is CVE-2021-28701 / XSA-384. Reported-by: Julien Grall Signed-off-by: Jan Beulich Reviewed-by: Julien Grall master commit: eb6bbf7b30da5bae87932514d54d0e3c68b23757 master date: 2021-09-08 14:37:45 +0200 --- xen/arch/arm/mm.c | 11 ++++++++--- xen/arch/x86/mm.c | 2 ++ xen/common/grant_table.c | 11 ++++++++++- 3 files changed, 20 insertions(+), 4 deletions(-) diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c index 67853d58d7..86fbdf8696 100644 --- a/xen/arch/arm/mm.c +++ b/xen/arch/arm/mm.c @@ -1426,6 +1426,8 @@ int xenmem_add_to_physmap_one( if ( rc ) return rc; + /* Need to take care of the reference obtained in gnttab_map_frame(). */ + page = mfn_to_page(mfn); t = p2m_ram_rw; break; @@ -1493,9 +1495,12 @@ int xenmem_add_to_physmap_one( /* Map at new location. */ rc = guest_physmap_add_entry(d, gfn, mfn, 0, t); - /* If we fail to add the mapping, we need to drop the reference we - * took earlier on foreign pages */ - if ( rc && space == XENMAPSPACE_gmfn_foreign ) + /* + * For XENMAPSPACE_gmfn_foreign if we failed to add the mapping, we need + * to drop the reference we took earlier. In all other cases we need to + * drop any reference we took earlier (perhaps indirectly). + */ + if ( space == XENMAPSPACE_gmfn_foreign ? rc : page != NULL ) { ASSERT(page != NULL); put_page(page); diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 7cdd23cd3c..ad89bfb45f 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -4738,6 +4738,8 @@ int xenmem_add_to_physmap_one( rc = gnttab_map_frame(d, idx, gpfn, &mfn); if ( rc ) return rc; + /* Need to take care of the ref obtained in gnttab_map_frame(). */ + page = mfn_to_page(mfn); break; case XENMAPSPACE_gmfn: { diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index a02e906e94..d2853a664a 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -4072,7 +4072,16 @@ int gnttab_map_frame(struct domain *d, unsigned long idx, gfn_t gfn, mfn_t *mfn) } if ( !rc ) - gnttab_set_frame_gfn(gt, status, idx, gfn); + { + /* + * Make sure gnttab_unpopulate_status_frames() won't (successfully) + * free the page until our caller has completed its operation. + */ + if ( get_page(mfn_to_page(*mfn), d) ) + gnttab_set_frame_gfn(gt, status, idx, gfn); + else + rc = -EBUSY; + } grant_write_unlock(gt); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Fri Sep 10 05:16:18 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 10 Sep 2021 05:16:18 +0000 Received: from list by lists.xenproject.org with outflank-mailman.184016.332508 (Exim 4.92) (envelope-from ) id 1mOYte-0005Pt-FF; Fri, 10 Sep 2021 05:16:18 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 184016.332508; Fri, 10 Sep 2021 05:16:18 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYte-0005Ph-Bs; Fri, 10 Sep 2021 05:16:18 +0000 Received: by outflank-mailman (input) for mailman id 184016; Fri, 10 Sep 2021 05:16:16 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYtc-0005PF-I8 for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:16:16 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOYtc-0006Zg-HT for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:16:16 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOYtc-0005uc-GL for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 05:16:16 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=5TNoTedLKkXBphktMu8YnN1KHjH7Co0GIOMu34zS3QM=; b=sdNITodgu6cpfVe1Kuh67KsBTo KLZdH0HN34Toz7XxLzkAVYP3rGhmaB/3NL24P3+Bhe5J58GtQ8cND80HS6iXMVcZMcdpB4TBQw9dq ef/KqiW4RYiJHcW0OFvyD0vwBlFrW8tyRVw2truZNwHDI5pzWct6NoKNVZuZFqKMa0zM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] x86/PVH: Fix debug build following XSA-378 bugfix Message-Id: Date: Fri, 10 Sep 2021 05:16:16 +0000 commit 065fff7af08f7eaf300c9bef86ae3cec8150d3aa Author: Andrew Cooper AuthorDate: Wed Sep 8 17:39:42 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 8 17:39:42 2021 +0200 x86/PVH: Fix debug build following XSA-378 bugfix Fixes: 8d8b4bde3e1c ("x86/PVH: de-duplicate mappings for first Mb of Dom0 memory") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/hvm/dom0_build.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/hvm/dom0_build.c b/xen/arch/x86/hvm/dom0_build.c index 62958bf82c..c6eb86bfb7 100644 --- a/xen/arch/x86/hvm/dom0_build.c +++ b/xen/arch/x86/hvm/dom0_build.c @@ -467,7 +467,7 @@ static int __init pvh_populate_p2m(struct domain *d) p2m_type_t p2mt; if ( mfn_eq(get_gfn_query(d, i, &p2mt), INVALID_MFN) ) - rc = set_mmio_p2m_entry(d, _gfn(i), _mfn(i), PAGE_ORDER_4K, + rc = set_mmio_p2m_entry(d, i, _mfn(i), PAGE_ORDER_4K, p2m_get_hostp2m(d)->default_access); else ASSERT(p2mt == p2m_ram_rw); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Fri Sep 10 07:11:11 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 10 Sep 2021 07:11:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.184103.332653 (Exim 4.92) (envelope-from ) id 1mOagk-0001KH-8s; Fri, 10 Sep 2021 07:11:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 184103.332653; Fri, 10 Sep 2021 07:11:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOagk-0001K9-5u; Fri, 10 Sep 2021 07:11:06 +0000 Received: by outflank-mailman (input) for mailman id 184103; Fri, 10 Sep 2021 07:11:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOagj-0001K3-16 for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 07:11:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOagi-0000DJ-Ve for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 07:11:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOagi-0000xm-US for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 07:11:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=wLoH9yqJfV9kHPq3SAwJ4LCijfn/F/H/qqOQNxARaAI=; b=0T8ljYXjFLgPJk3B1+hv4JnbtO CAUETT9WEwdHOkSF9PUXpvdOi6ETegzk3BxJIOTWYGSXaWkuMwddZTbhau7t049BlaXQEdoGJAeoU iQdV2OU9oa6Jlg21kvTDeM5kBfrhyxnkyCS1wOay7AuIJfLu3snus5E3oklErIwJKVDM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] update Xen version to 4.15.1 Message-Id: Date: Fri, 10 Sep 2021 07:11:04 +0000 commit 84fa99099b920f7bcde8899e1a9b756078719d7d Author: Jan Beulich AuthorDate: Fri Sep 10 09:03:24 2021 +0200 Commit: Jan Beulich CommitDate: Fri Sep 10 09:03:24 2021 +0200 update Xen version to 4.15.1 --- Config.mk | 8 +++----- xen/Makefile | 2 +- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/Config.mk b/Config.mk index 2ff1ed2ce3..84817f47a1 100644 --- a/Config.mk +++ b/Config.mk @@ -245,17 +245,15 @@ SEABIOS_UPSTREAM_URL ?= git://xenbits.xen.org/seabios.git MINIOS_UPSTREAM_URL ?= git://xenbits.xen.org/mini-os.git endif OVMF_UPSTREAM_REVISION ?= a3741780fe3535e19e02efa869a7cac481891129 -QEMU_UPSTREAM_REVISION ?= qemu-xen-4.15.0 -MINIOS_UPSTREAM_REVISION ?= xen-RELEASE-4.15.0 +QEMU_UPSTREAM_REVISION ?= qemu-xen-4.15.1 +MINIOS_UPSTREAM_REVISION ?= xen-RELEASE-4.15.1 SEABIOS_UPSTREAM_REVISION ?= rel-1.14.0 ETHERBOOT_NICS ?= rtl8139 8086100e -QEMU_TRADITIONAL_REVISION ?= xen-4.15.0 -# Wed Jul 15 10:01:40 2020 +0100 -# qemu-trad: remove Xen path dependencies +QEMU_TRADITIONAL_REVISION ?= xen-4.15.1 # Specify which qemu-dm to use. This may be `ioemu' to use the old # Mercurial in-tree version, or a local directory, or a git URL. diff --git a/xen/Makefile b/xen/Makefile index ae2fa0fda3..5d5a1a0fa6 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -2,7 +2,7 @@ # All other places this is stored (eg. compile.h) should be autogenerated. export XEN_VERSION = 4 export XEN_SUBVERSION = 15 -export XEN_EXTRAVERSION ?= .1-pre$(XEN_VENDORVERSION) +export XEN_EXTRAVERSION ?= .1$(XEN_VENDORVERSION) export XEN_FULLVERSION = $(XEN_VERSION).$(XEN_SUBVERSION)$(XEN_EXTRAVERSION) -include xen-version -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Sep 10 07:11:16 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 10 Sep 2021 07:11:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.184105.332657 (Exim 4.92) (envelope-from ) id 1mOagu-0001Z0-AX; Fri, 10 Sep 2021 07:11:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 184105.332657; Fri, 10 Sep 2021 07:11:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOagu-0001Ys-7P; Fri, 10 Sep 2021 07:11:16 +0000 Received: by outflank-mailman (input) for mailman id 184105; Fri, 10 Sep 2021 07:11:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOagt-0001Yc-BE for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 07:11:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOagt-0000Eo-AO for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 07:11:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOagt-0000yq-9M for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 07:11:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=zuoJ5fJkO/U5oBCDFP2YIlXElpmfRi+3O9C93VH5C7g=; b=tIrk0ohhSog/ConO9lfyVwsggV bf73AnsJyCpApilSC1yIvIdbfWqD27ua3gY6VdpsgODPuoG5yM/++GUNOyT4nfgHz60oq7+h1bGKp biNRoNU1UP+embRmgr7iA16rB/dJu20p4BesOJ6daWFbWtjGhOKpxrUthvYiFxdwa8Lk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] update Xen version to 4.13.4 Message-Id: Date: Fri, 10 Sep 2021 07:11:15 +0000 commit 6e2fc128eb1a7d8ff8c36123a0a03e4e60a4a44c Author: Jan Beulich AuthorDate: Fri Sep 10 09:04:55 2021 +0200 Commit: Jan Beulich CommitDate: Fri Sep 10 09:04:55 2021 +0200 update Xen version to 4.13.4 --- Config.mk | 6 +++--- xen/Makefile | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Config.mk b/Config.mk index 53f2fa76e4..da96fe34cd 100644 --- a/Config.mk +++ b/Config.mk @@ -288,15 +288,15 @@ SEABIOS_UPSTREAM_URL ?= git://xenbits.xen.org/seabios.git MINIOS_UPSTREAM_URL ?= git://xenbits.xen.org/mini-os.git endif OVMF_UPSTREAM_REVISION ?= 20d2e5a125e34fc8501026613a71549b2a1a3e54 -QEMU_UPSTREAM_REVISION ?= qemu-xen-4.13.3 -MINIOS_UPSTREAM_REVISION ?= xen-RELEASE-4.13.3 +QEMU_UPSTREAM_REVISION ?= qemu-xen-4.13.4 +MINIOS_UPSTREAM_REVISION ?= xen-RELEASE-4.13.4 SEABIOS_UPSTREAM_REVISION ?= rel-1.12.1 ETHERBOOT_NICS ?= rtl8139 8086100e -QEMU_TRADITIONAL_REVISION ?= xen-4.13.3 +QEMU_TRADITIONAL_REVISION ?= xen-4.13.4 # Wed Oct 10 18:52:54 2018 +0000 # xen/pt: allow QEMU to request MSI unmasking at bind time diff --git a/xen/Makefile b/xen/Makefile index ef1d388efe..f88e068559 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -2,7 +2,7 @@ # All other places this is stored (eg. compile.h) should be autogenerated. export XEN_VERSION = 4 export XEN_SUBVERSION = 13 -export XEN_EXTRAVERSION ?= .4-pre$(XEN_VENDORVERSION) +export XEN_EXTRAVERSION ?= .4$(XEN_VENDORVERSION) export XEN_FULLVERSION = $(XEN_VERSION).$(XEN_SUBVERSION)$(XEN_EXTRAVERSION) -include xen-version -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Fri Sep 10 12:33:12 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 10 Sep 2021 12:33:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.184344.332946 (Exim 4.92) (envelope-from ) id 1mOfiN-0004yO-9Z; Fri, 10 Sep 2021 12:33:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 184344.332946; Fri, 10 Sep 2021 12:33:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOfiN-0004yG-6a; Fri, 10 Sep 2021 12:33:07 +0000 Received: by outflank-mailman (input) for mailman id 184344; Fri, 10 Sep 2021 12:33:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOfiL-0004yA-P6 for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 12:33:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOfiL-0006ZN-LN for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 12:33:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOfiL-0007ky-KA for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 12:33:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=fFYSDvxnUDA+b5HYx/xFuUDVBAHakTE16OHSlPpn3H8=; b=jjtBrUMEfzC9y2kqMusxWDqheP RwhFCPNKMByzOjaoD4nCq+IStdW7VvX45pgKFVMvXEyA/ljwnNVEJzUlrzRjnvYeIApd8iD7Qbq68 IainPfoQ4k8VX5AiHZsam5WbucJJC8HPTToBw/uZiQKtL1aV/A6WlSfsXgCxgFeQEaGM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] tools/libacpi: Use 64-byte alignment for FACS Message-Id: Date: Fri, 10 Sep 2021 12:33:05 +0000 commit c76cfada1cfad05aaf64ce3ad305c5467650e782 Author: Kevin Stefanov AuthorDate: Thu Sep 9 17:34:39 2021 +0100 Commit: Andrew Cooper CommitDate: Fri Sep 10 13:27:08 2021 +0100 tools/libacpi: Use 64-byte alignment for FACS The spec requires 64-byte alignment, not 16. Signed-off-by: Kevin Stefanov Reviewed-by: Jan Beulich --- tools/libacpi/build.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/libacpi/build.c b/tools/libacpi/build.c index a61dd5583a..fe2db66a62 100644 --- a/tools/libacpi/build.c +++ b/tools/libacpi/build.c @@ -532,7 +532,7 @@ int acpi_build_tables(struct acpi_ctxt *ctxt, struct acpi_config *config) * Fill in high-memory data structures, starting at @buf. */ - facs = ctxt->mem_ops.alloc(ctxt, sizeof(struct acpi_20_facs), 16); + facs = ctxt->mem_ops.alloc(ctxt, sizeof(struct acpi_20_facs), 64); if (!facs) goto oom; memcpy(facs, &Facs, sizeof(struct acpi_20_facs)); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Sep 10 12:33:17 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 10 Sep 2021 12:33:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.184345.332950 (Exim 4.92) (envelope-from ) id 1mOfiX-000509-At; Fri, 10 Sep 2021 12:33:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 184345.332950; Fri, 10 Sep 2021 12:33:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOfiX-000501-82; Fri, 10 Sep 2021 12:33:17 +0000 Received: by outflank-mailman (input) for mailman id 184345; Fri, 10 Sep 2021 12:33:16 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOfiW-0004zo-0r for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 12:33:16 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOfiW-0006Zm-0G for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 12:33:16 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOfiV-0007mQ-VJ for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 12:33:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=n5wa02wGRcrPtfEKOa0ODhLwBz3fCSl7SAUbqgdUF3I=; b=CZn4kzWH5vaGxREQt2/ka9/x6z KCpXVUAgcsF4iL+shtIg9ZMdI/vrv79WpeI4VuAWia7RjBSuUenCxwReh2EHMONw6R7BV3IXG4qPT 1bAkBvzs3Aub13BXGqsTHYZ+bV75E8GhcNssYVN6ppnHy0Ho+Ej55RyRzsWcpmL1wUw0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] update Xen version to 4.14.3 Message-Id: Date: Fri, 10 Sep 2021 12:33:15 +0000 commit 9f2b6c5ec2ded4c1caf149743e862c5f15d6d083 Author: Jan Beulich AuthorDate: Fri Sep 10 14:30:40 2021 +0200 Commit: Jan Beulich CommitDate: Fri Sep 10 14:30:40 2021 +0200 update Xen version to 4.14.3 --- Config.mk | 6 +++--- xen/Makefile | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Config.mk b/Config.mk index 5c2eeef30f..0dab3b75d9 100644 --- a/Config.mk +++ b/Config.mk @@ -245,15 +245,15 @@ SEABIOS_UPSTREAM_URL ?= git://xenbits.xen.org/seabios.git MINIOS_UPSTREAM_URL ?= git://xenbits.xen.org/mini-os.git endif OVMF_UPSTREAM_REVISION ?= 20d2e5a125e34fc8501026613a71549b2a1a3e54 -QEMU_UPSTREAM_REVISION ?= qemu-xen-4.14.2 -MINIOS_UPSTREAM_REVISION ?= xen-RELEASE-4.14.2 +QEMU_UPSTREAM_REVISION ?= qemu-xen-4.14.3 +MINIOS_UPSTREAM_REVISION ?= xen-RELEASE-4.14.3 SEABIOS_UPSTREAM_REVISION ?= rel-1.13.0 ETHERBOOT_NICS ?= rtl8139 8086100e -QEMU_TRADITIONAL_REVISION ?= xen-4.14.2 +QEMU_TRADITIONAL_REVISION ?= xen-4.14.3 # Specify which qemu-dm to use. This may be `ioemu' to use the old # Mercurial in-tree version, or a local directory, or a git URL. diff --git a/xen/Makefile b/xen/Makefile index 22362d7348..661f78741e 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -2,7 +2,7 @@ # All other places this is stored (eg. compile.h) should be autogenerated. export XEN_VERSION = 4 export XEN_SUBVERSION = 14 -export XEN_EXTRAVERSION ?= .3-pre$(XEN_VENDORVERSION) +export XEN_EXTRAVERSION ?= .3$(XEN_VENDORVERSION) export XEN_FULLVERSION = $(XEN_VERSION).$(XEN_SUBVERSION)$(XEN_EXTRAVERSION) -include xen-version -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Sep 10 19:44:12 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 10 Sep 2021 19:44:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.184768.333491 (Exim 4.92) (envelope-from ) id 1mOmRS-0000rP-8o; Fri, 10 Sep 2021 19:44:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 184768.333491; Fri, 10 Sep 2021 19:44:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOmRS-0000rH-5o; Fri, 10 Sep 2021 19:44:06 +0000 Received: by outflank-mailman (input) for mailman id 184768; Fri, 10 Sep 2021 19:44:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOmRR-0000rB-57 for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 19:44:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOmRR-0006Ss-0P for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 19:44:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOmRQ-0005u0-VW for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 19:44:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=y0zq0mfKzEQiI/UfT0qspIa6gTzSq+Cd78ubiOrOlAM=; b=SB6Sr3LBpfz4n6HYcXfErf5bxp dm6w3oo1MxZxwtO7QAP9XaVEhjvGtkxLZMcSCHt8AVapf5LtW0HGjVAdg+shzTnPz2uNYQR/fJhmr BwzySSaf8ph8UOj2rqmDSXwYPP2KXEtAIyyevQ805mbj70nLxPtshmk+BgElwhjjG/m8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen: Implement xen/alternative-call.h for use in common code Message-Id: Date: Fri, 10 Sep 2021 19:44:04 +0000 commit f26bb285949b8c233816c4c6a87237ee14a06ebc Author: Andrew Cooper AuthorDate: Fri Sep 10 16:12:56 2021 -0400 Commit: Andrew Cooper CommitDate: Fri Sep 10 20:30:26 2021 +0100 xen: Implement xen/alternative-call.h for use in common code The alternative call infrastructure is x86-only for now, but the common iommu code has a variant and more common code wants to use the infrastructure. Introduce CONFIG_ALTERNATIVE_CALL and a conditional implementation so common code can use the optimisation when available, without requiring all architectures to implement no-op stubs. Write some documentation, which was thus far entirely absent, covering the requirements for an architecture to implement this optimisation, and how to use the infrastructure in general code. Signed-off-by: Andrew Cooper Signed-off-by: Daniel P. Smith Acked-by: Jan Beulich --- xen/arch/x86/Kconfig | 1 + xen/common/Kconfig | 3 ++ xen/include/xen/alternative-call.h | 63 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 67 insertions(+) diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index 9b164db641..1f83518ee0 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -6,6 +6,7 @@ config X86 def_bool y select ACPI select ACPI_LEGACY_TABLES_LOOKUP + select ALTERNATIVE_CALL select ARCH_SUPPORTS_INT128 select CORE_PARKING select HAS_ALTERNATIVE diff --git a/xen/common/Kconfig b/xen/common/Kconfig index 0ddd18e11a..ac5491b1cc 100644 --- a/xen/common/Kconfig +++ b/xen/common/Kconfig @@ -22,6 +22,9 @@ config GRANT_TABLE If unsure, say Y. +config ALTERNATIVE_CALL + bool + config HAS_ALTERNATIVE bool diff --git a/xen/include/xen/alternative-call.h b/xen/include/xen/alternative-call.h new file mode 100644 index 0000000000..c2d3b70e31 --- /dev/null +++ b/xen/include/xen/alternative-call.h @@ -0,0 +1,63 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef XEN_ALTERNATIVE_CALL +#define XEN_ALTERNATIVE_CALL + +/* + * Some subsystems in Xen may have multiple implementations, which can be + * resolved to a single implementation at boot time. By default, this will + * result in the use of function pointers. + * + * Some architectures may have mechanisms for dynamically modifying .text. + * Using this mechanism, function pointers can be converted to direct calls + * which are typically more efficient at runtime. + * + * For architectures to support: + * + * - Implement alternative_{,v}call() in asm/alternative.h. Code generation + * requirements are to emit a function pointer call at build time, and stash + * enough metadata to simplify the call at boot once the implementation has + * been resolved. + * - Select ALTERNATIVE_CALL in Kconfig. + * + * To use: + * + * Consider the following simplified example. + * + * 1) struct foo_ops __alt_call_maybe_initdata ops; + * + * 2) const struct foo_ops __initconstrel foo_a_ops = { ... }; + * const struct foo_ops __initconstrel foo_b_ops = { ... }; + * + * void __init foo_init(void) + * { + * ... + * if ( use_impl_a ) + * ops = *foo_a_ops; + * else if ( use_impl_b ) + * ops = *foo_b_ops; + * ... + * } + * + * 3) alternative_call(ops.bar, ...); + * + * There needs to a single ops object (1) which will eventually contain the + * function pointers. This should be populated in foo's init() function (2) + * by one of the available implementations. To call functions, use + * alternative_{,v}call() referencing the main ops object (3). + */ + +#ifdef CONFIG_ALTERNATIVE_CALL + +#include + +#define __alt_call_maybe_initdata __initdata + +#else + +#define alternative_call(func, args...) (func)(args) +#define alternative_vcall(func, args...) (func)(args) + +#define __alt_call_maybe_initdata __read_mostly + +#endif /* !CONFIG_ALTERNATIVE_CALL */ +#endif /* XEN_ALTERNATIVE_CALL */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Sep 10 19:44:17 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 10 Sep 2021 19:44:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.184769.333495 (Exim 4.92) (envelope-from ) id 1mOmRd-0000t7-AB; Fri, 10 Sep 2021 19:44:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 184769.333495; Fri, 10 Sep 2021 19:44:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOmRd-0000sz-7O; Fri, 10 Sep 2021 19:44:17 +0000 Received: by outflank-mailman (input) for mailman id 184769; Fri, 10 Sep 2021 19:44:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOmRb-0000sl-76 for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 19:44:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOmRb-0006TC-6G for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 19:44:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOmRb-0005uq-3f for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 19:44:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=wuXgBW94xMrt1lu0oOviN+N1OxT9BG9FxGYxh9fnNfs=; b=lFDZ+vFfomqWR10aDHcV5rPtyF z5Dm1PEz7iIlaNXkjHxQ2IgZELibqcBDxdCbhdHaKUA4EF90qc1nX9xH5f1O9PPeOzEeoRCVvqO0p bJDrMhI6eivc+LpMBActJpTgcA7Zq+58eUeRvco4lIR9hahcs3O9k+fhpoAzZKMuoE/A=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xsm: remove the ability to disable flask Message-Id: Date: Fri, 10 Sep 2021 19:44:15 +0000 commit 4624912c0b5505387e53a12ef3417d001431a29d Author: Daniel P. Smith AuthorDate: Fri Sep 10 16:12:57 2021 -0400 Commit: Andrew Cooper CommitDate: Fri Sep 10 20:30:26 2021 +0100 xsm: remove the ability to disable flask On Linux when SELinux is put into permissive mode the discretionary access controls are still in place. Whereas for Xen when the enforcing state of flask is set to permissive, all operations for all domains would succeed, i.e. it does not fall back to the default access controls. To provide a means to mimic a similar but not equivalent behaviour, a flask op is present to allow a one-time switch back to the default access controls, aka the "dummy policy". While this may be desirable for an OS, Xen is a hypervisor and should not allow the switching of which security policy framework is being enforced after boot. This patch removes the flask op to enforce the desired XSM usage model requiring a reboot of Xen to change the XSM policy module in use. Signed-off-by: Daniel P. Smith Acked-by: Andrew Cooper --- xen/include/public/xsm/flask_op.h | 2 +- xen/xsm/flask/flask_op.c | 30 ------------------------------ 2 files changed, 1 insertion(+), 31 deletions(-) diff --git a/xen/include/public/xsm/flask_op.h b/xen/include/public/xsm/flask_op.h index 16af7bc22f..b41dd6dac8 100644 --- a/xen/include/public/xsm/flask_op.h +++ b/xen/include/public/xsm/flask_op.h @@ -188,7 +188,7 @@ struct xen_flask_op { #define FLASK_SETBOOL 12 #define FLASK_COMMITBOOLS 13 #define FLASK_MLS 14 -#define FLASK_DISABLE 15 +#define FLASK_DISABLE 15 /* No longer implemented */ #define FLASK_GETAVC_THRESHOLD 16 #define FLASK_SETAVC_THRESHOLD 17 #define FLASK_AVC_HASHSTATS 18 diff --git a/xen/xsm/flask/flask_op.c b/xen/xsm/flask/flask_op.c index 01e52138a1..f41c025391 100644 --- a/xen/xsm/flask/flask_op.c +++ b/xen/xsm/flask/flask_op.c @@ -223,32 +223,6 @@ static int flask_security_sid(struct xen_flask_sid_context *arg) #ifndef COMPAT -static int flask_disable(void) -{ - static int flask_disabled = 0; - - if ( ss_initialized ) - { - /* Not permitted after initial policy load. */ - return -EINVAL; - } - - if ( flask_disabled ) - { - /* Only do this once. */ - return -EINVAL; - } - - printk("Flask: Disabled at runtime.\n"); - - flask_disabled = 1; - - /* Reset xsm_ops to the original module. */ - xsm_ops = &dummy_xsm_ops; - - return 0; -} - static int flask_security_setavc_threshold(struct xen_flask_setavc_threshold *arg) { int rv = 0; @@ -698,10 +672,6 @@ ret_t do_flask_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) u_flask_op) rv = flask_mls_enabled; break; - case FLASK_DISABLE: - rv = flask_disable(); - break; - case FLASK_GETAVC_THRESHOLD: rv = avc_cache_threshold; break; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Sep 10 19:44:27 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 10 Sep 2021 19:44:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.184770.333499 (Exim 4.92) (envelope-from ) id 1mOmRn-0000wK-Bd; Fri, 10 Sep 2021 19:44:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 184770.333499; Fri, 10 Sep 2021 19:44:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOmRn-0000wC-8r; Fri, 10 Sep 2021 19:44:27 +0000 Received: by outflank-mailman (input) for mailman id 184770; Fri, 10 Sep 2021 19:44:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOmRl-0000vb-Am for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 19:44:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOmRl-0006TN-A1 for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 19:44:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOmRl-0005vj-8x for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 19:44:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=hqiiO6Mxvfj8K+nyausuEgRQnx+cM1x3ymnMwduZmLY=; b=ZHECprOyTa6HoZCQC/ljLmcOzU K3hI99ah+Q5QYifMg4J/Tr97GqECJGNvv4YbQXeWjfjG56DQSjX0N2LZ2pi0p1KqCZ28ev68lhYUJ eyFsmd5L7hNcsEyIyQrILuUgUOBO0hxiuQoMzioDOeKk00uztaV1n/aVQtBptN4xheQo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xsm: remove remnants of xsm_memtype hook Message-Id: Date: Fri, 10 Sep 2021 19:44:25 +0000 commit 2928c1d250b157fd4585ca47ba36ad4792723f1f Author: Daniel P. Smith AuthorDate: Fri Sep 10 16:12:58 2021 -0400 Commit: Andrew Cooper CommitDate: Fri Sep 10 20:30:26 2021 +0100 xsm: remove remnants of xsm_memtype hook In c/s fcb8baddf00e the xsm_memtype hook was removed but some remnants were left behind. This commit cleans up those remnants. Signed-off-by: Daniel P. Smith Acked-by: Jan Beulich --- xen/include/xsm/xsm.h | 6 ------ 1 file changed, 6 deletions(-) diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h index ad3cddbf7d..335ba1b022 100644 --- a/xen/include/xsm/xsm.h +++ b/xen/include/xsm/xsm.h @@ -161,7 +161,6 @@ struct xsm_operations { int (*shadow_control) (struct domain *d, uint32_t op); int (*mem_sharing_op) (struct domain *d, struct domain *cd, int op); int (*apic) (struct domain *d, int cmd); - int (*memtype) (uint32_t access); int (*machine_memory_map) (void); int (*domain_memory_map) (struct domain *d); #define XSM_MMU_UPDATE_READ 1 @@ -632,11 +631,6 @@ static inline int xsm_apic (xsm_default_t def, struct domain *d, int cmd) return xsm_ops->apic(d, cmd); } -static inline int xsm_memtype (xsm_default_t def, uint32_t access) -{ - return xsm_ops->memtype(access); -} - static inline int xsm_machine_memory_map(xsm_default_t def) { return xsm_ops->machine_memory_map(); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Sep 10 19:44:37 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 10 Sep 2021 19:44:37 +0000 Received: from list by lists.xenproject.org with outflank-mailman.184771.333503 (Exim 4.92) (envelope-from ) id 1mOmRx-0000zX-DJ; Fri, 10 Sep 2021 19:44:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 184771.333503; Fri, 10 Sep 2021 19:44:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOmRx-0000zP-AM; Fri, 10 Sep 2021 19:44:37 +0000 Received: by outflank-mailman (input) for mailman id 184771; Fri, 10 Sep 2021 19:44:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOmRv-0000z5-FC for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 19:44:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOmRv-0006Td-EK for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 19:44:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOmRv-0005wq-DA for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 19:44:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Bz/AYzRYvqyp0/vQzPKsqlZA0iNlXyukd7xwGsopzQA=; b=sqmr0SHm48Hb1EvfeAg2UsK7f2 MrUtRDLGHc2FGku/55FeqMylNTQ4MCr4GpZTaCVCa+uzo+3B/+vOtzFqBZb9ZcdG7RXgtXHVQp7Kn 7OowF76Yq6NeNCukqcwiwjzTukt2IudTuLC20dDs0cqV7L3+lqGY6BkRFnu4LuYwZBuw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xsm: drop dubious xsm_op_t type Message-Id: Date: Fri, 10 Sep 2021 19:44:35 +0000 commit 6d45368a0a89e01a3a01d156af61fea565db96cc Author: Daniel P. Smith AuthorDate: Fri Sep 10 16:12:59 2021 -0400 Commit: Andrew Cooper CommitDate: Fri Sep 10 20:30:26 2021 +0100 xsm: drop dubious xsm_op_t type The type xsm_op_t masks the use of void pointers. This commit drops the xsm_op_t type and replaces it and all its uses with an explicit void. Signed-off-by: Daniel P. Smith Acked-by: Andrew Cooper --- xen/include/xen/hypercall.h | 4 ++-- xen/include/xsm/dummy.h | 4 ++-- xen/include/xsm/xsm.h | 11 ++++------- xen/xsm/flask/flask_op.c | 2 +- xen/xsm/flask/hooks.c | 4 ++-- xen/xsm/xsm_core.c | 4 ++-- 6 files changed, 13 insertions(+), 16 deletions(-) diff --git a/xen/include/xen/hypercall.h b/xen/include/xen/hypercall.h index 34b7f1fed6..3771487a30 100644 --- a/xen/include/xen/hypercall.h +++ b/xen/include/xen/hypercall.h @@ -127,7 +127,7 @@ do_kexec_op( extern long do_xsm_op( - XEN_GUEST_HANDLE_PARAM(xsm_op_t) u_xsm_op); + XEN_GUEST_HANDLE_PARAM(void) u_xsm_op); #ifdef CONFIG_ARGO extern long do_argo_op( @@ -198,7 +198,7 @@ compat_set_timer_op( s32 hi); extern int compat_xsm_op( - XEN_GUEST_HANDLE_PARAM(xsm_op_t) op); + XEN_GUEST_HANDLE_PARAM(void) op); extern int compat_kexec_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) uarg); diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h index 363c6d7798..214b5408b1 100644 --- a/xen/include/xsm/dummy.h +++ b/xen/include/xsm/dummy.h @@ -442,13 +442,13 @@ static XSM_INLINE int xsm_hypfs_op(XSM_DEFAULT_VOID) return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE long xsm_do_xsm_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) op) +static XSM_INLINE long xsm_do_xsm_op(XEN_GUEST_HANDLE_PARAM(void) op) { return -ENOSYS; } #ifdef CONFIG_COMPAT -static XSM_INLINE int xsm_do_compat_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) op) +static XSM_INLINE int xsm_do_compat_op(XEN_GUEST_HANDLE_PARAM(void) op) { return -ENOSYS; } diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h index 335ba1b022..16b90be2c5 100644 --- a/xen/include/xsm/xsm.h +++ b/xen/include/xsm/xsm.h @@ -18,9 +18,6 @@ #include #include -typedef void xsm_op_t; -DEFINE_XEN_GUEST_HANDLE(xsm_op_t); - /* policy magic number (defined by XSM_MAGIC) */ typedef u32 xsm_magic_t; @@ -129,9 +126,9 @@ struct xsm_operations { int (*page_offline)(uint32_t cmd); int (*hypfs_op)(void); - long (*do_xsm_op) (XEN_GUEST_HANDLE_PARAM(xsm_op_t) op); + long (*do_xsm_op) (XEN_GUEST_HANDLE_PARAM(void) op); #ifdef CONFIG_COMPAT - int (*do_compat_op) (XEN_GUEST_HANDLE_PARAM(xsm_op_t) op); + int (*do_compat_op) (XEN_GUEST_HANDLE_PARAM(void) op); #endif int (*hvm_param) (struct domain *d, unsigned long op); @@ -542,13 +539,13 @@ static inline int xsm_hypfs_op(xsm_default_t def) return xsm_ops->hypfs_op(); } -static inline long xsm_do_xsm_op (XEN_GUEST_HANDLE_PARAM(xsm_op_t) op) +static inline long xsm_do_xsm_op (XEN_GUEST_HANDLE_PARAM(void) op) { return xsm_ops->do_xsm_op(op); } #ifdef CONFIG_COMPAT -static inline int xsm_do_compat_op (XEN_GUEST_HANDLE_PARAM(xsm_op_t) op) +static inline int xsm_do_compat_op (XEN_GUEST_HANDLE_PARAM(void) op) { return xsm_ops->do_compat_op(op); } diff --git a/xen/xsm/flask/flask_op.c b/xen/xsm/flask/flask_op.c index f41c025391..221ff00fd3 100644 --- a/xen/xsm/flask/flask_op.c +++ b/xen/xsm/flask/flask_op.c @@ -607,7 +607,7 @@ static int flask_relabel_domain(struct xen_flask_relabel *arg) #endif /* !COMPAT */ -ret_t do_flask_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) u_flask_op) +ret_t do_flask_op(XEN_GUEST_HANDLE_PARAM(void) u_flask_op) { xen_flask_op_t op; int rv; diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index f1a1217c98..1465db125a 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -1742,8 +1742,8 @@ static int flask_argo_send(const struct domain *d, const struct domain *t) #endif -long do_flask_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) u_flask_op); -int compat_flask_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) u_flask_op); +long do_flask_op(XEN_GUEST_HANDLE_PARAM(void) u_flask_op); +int compat_flask_op(XEN_GUEST_HANDLE_PARAM(void) u_flask_op); static struct xsm_operations flask_ops = { .security_domaininfo = flask_security_domaininfo, diff --git a/xen/xsm/xsm_core.c b/xen/xsm/xsm_core.c index 5eab21e1b1..ac553f9c0d 100644 --- a/xen/xsm/xsm_core.c +++ b/xen/xsm/xsm_core.c @@ -213,13 +213,13 @@ int __init register_xsm(struct xsm_operations *ops) #endif -long do_xsm_op (XEN_GUEST_HANDLE_PARAM(xsm_op_t) op) +long do_xsm_op(XEN_GUEST_HANDLE_PARAM(void) op) { return xsm_do_xsm_op(op); } #ifdef CONFIG_COMPAT -int compat_xsm_op (XEN_GUEST_HANDLE_PARAM(xsm_op_t) op) +int compat_xsm_op(XEN_GUEST_HANDLE_PARAM(void) op) { return xsm_do_compat_op(op); } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Sep 10 21:22:05 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 10 Sep 2021 21:22:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.184805.333554 (Exim 4.92) (envelope-from ) id 1mOnyE-0006f9-Jr; Fri, 10 Sep 2021 21:22:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 184805.333554; Fri, 10 Sep 2021 21:22:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOnyE-0006f1-H0; Fri, 10 Sep 2021 21:22:02 +0000 Received: by outflank-mailman (input) for mailman id 184805; Fri, 10 Sep 2021 21:22:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOnyD-0006ev-Oq for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 21:22:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOnyD-0008Jp-Nx for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 21:22:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOnyD-0006bE-MY for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 21:22:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=jqL274V7FXQMa4YCvOR5OUI1usvRGt8l7S2VW+dwWww=; b=fvlzFjyt5Aao38rhxLHT+PZ1iG e6lVkfKNKbYwAcBuIyuoqo/7rbTGePEVjYkAC+Psng8vPKskPwnRrZYqNUtMHmBG2CS29OStR2tiv 6T+/k0kFq3RjLwc1ll94z89o6Q8cj2NiXbCAvW8VDC6c7pttKdtX0pUwfvOcAUH0H0Uk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/spec-ctrl: Print all AMD speculative hints/features Message-Id: Date: Fri, 10 Sep 2021 21:22:01 +0000 commit 3d189f16a11d5a209fb47fa3635847608d43745c Author: Andrew Cooper AuthorDate: Wed Sep 8 18:21:10 2021 +0100 Commit: Andrew Cooper CommitDate: Thu Sep 9 12:36:17 2021 +0100 x86/spec-ctrl: Print all AMD speculative hints/features We already print Intel features that aren't yet implemented/used, so be consistent on AMD too. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/spec_ctrl.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index f0c67d41b8..16d2a1d172 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -321,7 +321,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) * Hardware read-only information, stating immunity to certain issues, or * suggestions of which mitigation to use. */ - printk(" Hardware hints:%s%s%s%s%s%s%s\n", + printk(" Hardware hints:%s%s%s%s%s%s%s%s%s%s%s\n", (caps & ARCH_CAPS_RDCL_NO) ? " RDCL_NO" : "", (caps & ARCH_CAPS_IBRS_ALL) ? " IBRS_ALL" : "", (caps & ARCH_CAPS_RSBA) ? " RSBA" : "", @@ -329,16 +329,23 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (e8b & cpufeat_mask(X86_FEATURE_SSB_NO)) || (caps & ARCH_CAPS_SSB_NO) ? " SSB_NO" : "", (caps & ARCH_CAPS_MDS_NO) ? " MDS_NO" : "", - (caps & ARCH_CAPS_TAA_NO) ? " TAA_NO" : ""); + (caps & ARCH_CAPS_TAA_NO) ? " TAA_NO" : "", + (e8b & cpufeat_mask(X86_FEATURE_IBRS_ALWAYS)) ? " IBRS_ALWAYS" : "", + (e8b & cpufeat_mask(X86_FEATURE_STIBP_ALWAYS)) ? " STIBP_ALWAYS" : "", + (e8b & cpufeat_mask(X86_FEATURE_IBRS_FAST)) ? " IBRS_FAST" : "", + (e8b & cpufeat_mask(X86_FEATURE_IBRS_SAME_MODE)) ? " IBRS_SAME_MODE" : ""); /* Hardware features which need driving to mitigate issues. */ - printk(" Hardware features:%s%s%s%s%s%s%s%s%s\n", + printk(" Hardware features:%s%s%s%s%s%s%s%s%s%s\n", (e8b & cpufeat_mask(X86_FEATURE_IBPB)) || (_7d0 & cpufeat_mask(X86_FEATURE_IBRSB)) ? " IBPB" : "", + (e8b & cpufeat_mask(X86_FEATURE_IBRS)) || (_7d0 & cpufeat_mask(X86_FEATURE_IBRSB)) ? " IBRS" : "", + (e8b & cpufeat_mask(X86_FEATURE_AMD_STIBP)) || (_7d0 & cpufeat_mask(X86_FEATURE_STIBP)) ? " STIBP" : "", (e8b & cpufeat_mask(X86_FEATURE_AMD_SSBD)) || (_7d0 & cpufeat_mask(X86_FEATURE_SSBD)) ? " SSBD" : "", + (e8b & cpufeat_mask(X86_FEATURE_PSFD)) ? " PSFD" : "", (_7d0 & cpufeat_mask(X86_FEATURE_L1D_FLUSH)) ? " L1D_FLUSH" : "", (_7d0 & cpufeat_mask(X86_FEATURE_MD_CLEAR)) ? " MD_CLEAR" : "", (_7d0 & cpufeat_mask(X86_FEATURE_SRBDS_CTRL)) ? " SRBDS_CTRL" : "", -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Sep 10 21:22:12 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 10 Sep 2021 21:22:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.184806.333558 (Exim 4.92) (envelope-from ) id 1mOnyO-0006ja-N1; Fri, 10 Sep 2021 21:22:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 184806.333558; Fri, 10 Sep 2021 21:22:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOnyO-0006jQ-Jy; Fri, 10 Sep 2021 21:22:12 +0000 Received: by outflank-mailman (input) for mailman id 184806; Fri, 10 Sep 2021 21:22:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOnyN-0006jK-T1 for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 21:22:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOnyN-0008Jz-SA for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 21:22:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOnyN-0006cP-R2 for xen-changelog@lists.xenproject.org; Fri, 10 Sep 2021 21:22:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=sm/lYPP6wPpNBVeKPFQQX/xii4ZWjVZoFqOfTs58WQQ=; b=5PrzjUGfGiJRyycXnf3c9gG8Sv FhyGCky6/G0CjF4GAGAv6JhSmkaIlHUlLqwIujCjaUACDrA2CTnatYsaxd5NeqLDm6lVuewgiRRYJ xfVDnfzzyZOcNw7UtwX6uxuVBZfc+XiB6LpF0mBhsfQ0E7Kk7ja6ojVHlR7I/maAYPUQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/svm: Intercept and terminate RDPRU with #UD Message-Id: Date: Fri, 10 Sep 2021 21:22:11 +0000 commit 2e2e22c7d50392fa5cced3e0334b217426f48b7a Author: Andrew Cooper AuthorDate: Mon Aug 19 16:40:06 2019 +0100 Commit: Andrew Cooper CommitDate: Thu Sep 9 12:36:17 2021 +0100 x86/svm: Intercept and terminate RDPRU with #UD The RDPRU instruction isn't supported at all (and it is unclear how this can ever be offered safely to guests). However, a guest which ignores CPUID and blindly executes RDPRU will find that it functions. Use the intercept and terminate with #UD. While at it, fold SKINIT into the same "unconditionally disabled" path. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/hvm/svm/svm.c | 5 ++--- xen/arch/x86/hvm/svm/vmcb.c | 3 ++- xen/include/asm-x86/hvm/svm/vmcb.h | 4 +++- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index 309912a234..afb1ccb342 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -2945,6 +2945,8 @@ void svm_vmexit_handler(struct cpu_user_regs *regs) case VMEXIT_MONITOR: case VMEXIT_MWAIT: + case VMEXIT_SKINIT: + case VMEXIT_RDPRU: hvm_inject_hw_exception(TRAP_invalid_op, X86_EVENT_NO_EC); break; @@ -2963,9 +2965,6 @@ void svm_vmexit_handler(struct cpu_user_regs *regs) case VMEXIT_CLGI: svm_vmexit_do_clgi(regs, v); break; - case VMEXIT_SKINIT: - hvm_inject_hw_exception(TRAP_invalid_op, X86_EVENT_NO_EC); - break; case VMEXIT_XSETBV: if ( vmcb_get_cpl(vmcb) ) diff --git a/xen/arch/x86/hvm/svm/vmcb.c b/xen/arch/x86/hvm/svm/vmcb.c index 55da9302e5..565e997155 100644 --- a/xen/arch/x86/hvm/svm/vmcb.c +++ b/xen/arch/x86/hvm/svm/vmcb.c @@ -70,7 +70,8 @@ static int construct_vmcb(struct vcpu *v) GENERAL2_INTERCEPT_STGI | GENERAL2_INTERCEPT_CLGI | GENERAL2_INTERCEPT_SKINIT | GENERAL2_INTERCEPT_MWAIT | GENERAL2_INTERCEPT_WBINVD | GENERAL2_INTERCEPT_MONITOR | - GENERAL2_INTERCEPT_XSETBV | GENERAL2_INTERCEPT_ICEBP; + GENERAL2_INTERCEPT_XSETBV | GENERAL2_INTERCEPT_ICEBP | + GENERAL2_INTERCEPT_RDPRU; /* Intercept all debug-register writes. */ vmcb->_dr_intercepts = ~0u; diff --git a/xen/include/asm-x86/hvm/svm/vmcb.h b/xen/include/asm-x86/hvm/svm/vmcb.h index 4fa2ddfb2f..ed7cebea71 100644 --- a/xen/include/asm-x86/hvm/svm/vmcb.h +++ b/xen/include/asm-x86/hvm/svm/vmcb.h @@ -74,7 +74,8 @@ enum GenericIntercept2bits GENERAL2_INTERCEPT_MONITOR = 1 << 10, GENERAL2_INTERCEPT_MWAIT = 1 << 11, GENERAL2_INTERCEPT_MWAIT_CONDITIONAL = 1 << 12, - GENERAL2_INTERCEPT_XSETBV = 1 << 13 + GENERAL2_INTERCEPT_XSETBV = 1 << 13, + GENERAL2_INTERCEPT_RDPRU = 1 << 14, }; @@ -300,6 +301,7 @@ enum VMEXIT_EXITCODE VMEXIT_MWAIT = 139, /* 0x8b */ VMEXIT_MWAIT_CONDITIONAL= 140, /* 0x8c */ VMEXIT_XSETBV = 141, /* 0x8d */ + VMEXIT_RDPRU = 142, /* 0x8e */ VMEXIT_NPF = 1024, /* 0x400, nested paging fault */ VMEXIT_INVALID = -1 }; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Sep 11 00:44:06 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 11 Sep 2021 00:44:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.184917.333736 (Exim 4.92) (envelope-from ) id 1mOr7i-0005vd-Sf; Sat, 11 Sep 2021 00:44:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 184917.333736; Sat, 11 Sep 2021 00:44:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOr7i-0005vV-Pi; Sat, 11 Sep 2021 00:44:02 +0000 Received: by outflank-mailman (input) for mailman id 184917; Sat, 11 Sep 2021 00:44:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOr7h-0005vP-IS for xen-changelog@lists.xenproject.org; Sat, 11 Sep 2021 00:44:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOr7h-0003tW-HY for xen-changelog@lists.xenproject.org; Sat, 11 Sep 2021 00:44:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOr7h-0007MV-GS for xen-changelog@lists.xenproject.org; Sat, 11 Sep 2021 00:44:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=TBJFzxgzHug245IeNgPawsLARIQj2kj0ARKTsr9gF+4=; b=JvOje8TlvQitCO+HgrfWAlNyEH 98jqzGb8DyeFMi4iZvkR8zOSzh77jxxcUodvDbi+BnCecHnV1eQVnp1lFlXYEjlV3VUe49mhRbqzL H4AwSN+2rvOXH36XpHT0yB9cnP0PxPFvggZiv48ArYemfQr6s5h/IQdlXjnadCcBkGQI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.12] gnttab: deal with status frame mapping race Message-Id: Date: Sat, 11 Sep 2021 00:44:01 +0000 commit 47193c78887734c2f95a50125684bf81419f1565 Author: Jan Beulich AuthorDate: Wed Sep 8 15:03:11 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 8 15:03:11 2021 +0200 gnttab: deal with status frame mapping race Once gnttab_map_frame() drops the grant table lock, the MFN it reports back to its caller is free to other manipulation. In particular gnttab_unpopulate_status_frames() might free it, by a racing request on another CPU, thus resulting in a reference to a deallocated page getting added to a domain's P2M. Obtain a page reference in gnttab_map_frame() to prevent freeing of the page until xenmem_add_to_physmap_one() has actually completed its acting on the page. Do so uniformly, even if only strictly required for v2 status pages, to avoid extra conditionals (which then would all need to be kept in sync going forward). This is CVE-2021-28701 / XSA-384. Reported-by: Julien Grall Signed-off-by: Jan Beulich Reviewed-by: Julien Grall master commit: eb6bbf7b30da5bae87932514d54d0e3c68b23757 master date: 2021-09-08 14:37:45 +0200 --- xen/arch/arm/mm.c | 11 ++++++++--- xen/arch/x86/mm.c | 2 ++ xen/common/grant_table.c | 11 ++++++++++- 3 files changed, 20 insertions(+), 4 deletions(-) diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c index de6009e54b..c4e1760988 100644 --- a/xen/arch/arm/mm.c +++ b/xen/arch/arm/mm.c @@ -1227,6 +1227,8 @@ int xenmem_add_to_physmap_one( if ( rc ) return rc; + /* Need to take care of the reference obtained in gnttab_map_frame(). */ + page = mfn_to_page(mfn); t = p2m_ram_rw; break; @@ -1294,9 +1296,12 @@ int xenmem_add_to_physmap_one( /* Map at new location. */ rc = guest_physmap_add_entry(d, gfn, mfn, 0, t); - /* If we fail to add the mapping, we need to drop the reference we - * took earlier on foreign pages */ - if ( rc && space == XENMAPSPACE_gmfn_foreign ) + /* + * For XENMAPSPACE_gmfn_foreign if we failed to add the mapping, we need + * to drop the reference we took earlier. In all other cases we need to + * drop any reference we took earlier (perhaps indirectly). + */ + if ( space == XENMAPSPACE_gmfn_foreign ? rc : page != NULL ) { ASSERT(page != NULL); put_page(page); diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index f3767387e6..8c0a9b0226 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -4777,6 +4777,8 @@ int xenmem_add_to_physmap_one( rc = gnttab_map_frame(d, idx, gpfn, &mfn); if ( rc ) return rc; + /* Need to take care of the ref obtained in gnttab_map_frame(). */ + page = mfn_to_page(mfn); break; case XENMAPSPACE_gmfn: { diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 3056454b95..2bc00f30a3 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -3986,7 +3986,16 @@ int gnttab_map_frame(struct domain *d, unsigned long idx, gfn_t gfn, mfn_t *mfn) } if ( !rc ) - gnttab_set_frame_gfn(gt, status, idx, gfn); + { + /* + * Make sure gnttab_unpopulate_status_frames() won't (successfully) + * free the page until our caller has completed its operation. + */ + if ( get_page(mfn_to_page(*mfn), d) ) + gnttab_set_frame_gfn(gt, status, idx, gfn); + else + rc = -EBUSY; + } grant_write_unlock(gt); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.12 From xen-changelog-bounces@lists.xenproject.org Sat Sep 11 03:44:08 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 11 Sep 2021 03:44:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.184937.333754 (Exim 4.92) (envelope-from ) id 1mOtvu-0000Zk-UZ; Sat, 11 Sep 2021 03:44:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 184937.333754; Sat, 11 Sep 2021 03:44:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOtvu-0000Zc-Rc; Sat, 11 Sep 2021 03:44:02 +0000 Received: by outflank-mailman (input) for mailman id 184937; Sat, 11 Sep 2021 03:44:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOtvt-0000ZW-V3 for xen-changelog@lists.xenproject.org; Sat, 11 Sep 2021 03:44:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOtvt-0005Dl-OR for xen-changelog@lists.xenproject.org; Sat, 11 Sep 2021 03:44:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOtvt-0000O4-N5 for xen-changelog@lists.xenproject.org; Sat, 11 Sep 2021 03:44:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=8/lfsdOE/XC0+wlI6e8GbgmJER1ZM72uSG9DAyMWrX0=; b=eXRHK0kPPvtRnueROfgDXCsdZC 4fIUFJED36Eowqx05OAFOJNLlrXMIo2PQsdAWcUeMQ2vNr7J5UnoRbmEMeqwjXv108fOUq/E/ANWD PmCEpTpkVKAxPMiUHrk9oYQgfi0DbED/Psq961RoLLTn3oh7CC57QMf8r8XII43vk3NI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] update Xen version to 4.15.1 Message-Id: Date: Sat, 11 Sep 2021 03:44:01 +0000 commit 84fa99099b920f7bcde8899e1a9b756078719d7d Author: Jan Beulich AuthorDate: Fri Sep 10 09:03:24 2021 +0200 Commit: Jan Beulich CommitDate: Fri Sep 10 09:03:24 2021 +0200 update Xen version to 4.15.1 --- Config.mk | 8 +++----- xen/Makefile | 2 +- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/Config.mk b/Config.mk index 2ff1ed2ce3..84817f47a1 100644 --- a/Config.mk +++ b/Config.mk @@ -245,17 +245,15 @@ SEABIOS_UPSTREAM_URL ?= git://xenbits.xen.org/seabios.git MINIOS_UPSTREAM_URL ?= git://xenbits.xen.org/mini-os.git endif OVMF_UPSTREAM_REVISION ?= a3741780fe3535e19e02efa869a7cac481891129 -QEMU_UPSTREAM_REVISION ?= qemu-xen-4.15.0 -MINIOS_UPSTREAM_REVISION ?= xen-RELEASE-4.15.0 +QEMU_UPSTREAM_REVISION ?= qemu-xen-4.15.1 +MINIOS_UPSTREAM_REVISION ?= xen-RELEASE-4.15.1 SEABIOS_UPSTREAM_REVISION ?= rel-1.14.0 ETHERBOOT_NICS ?= rtl8139 8086100e -QEMU_TRADITIONAL_REVISION ?= xen-4.15.0 -# Wed Jul 15 10:01:40 2020 +0100 -# qemu-trad: remove Xen path dependencies +QEMU_TRADITIONAL_REVISION ?= xen-4.15.1 # Specify which qemu-dm to use. This may be `ioemu' to use the old # Mercurial in-tree version, or a local directory, or a git URL. diff --git a/xen/Makefile b/xen/Makefile index ae2fa0fda3..5d5a1a0fa6 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -2,7 +2,7 @@ # All other places this is stored (eg. compile.h) should be autogenerated. export XEN_VERSION = 4 export XEN_SUBVERSION = 15 -export XEN_EXTRAVERSION ?= .1-pre$(XEN_VENDORVERSION) +export XEN_EXTRAVERSION ?= .1$(XEN_VENDORVERSION) export XEN_FULLVERSION = $(XEN_VERSION).$(XEN_SUBVERSION)$(XEN_EXTRAVERSION) -include xen-version -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Sat Sep 11 08:22:09 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 11 Sep 2021 08:22:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.184971.333758 (Exim 4.92) (envelope-from ) id 1mOyGy-0000IT-0m; Sat, 11 Sep 2021 08:22:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 184971.333758; Sat, 11 Sep 2021 08:22:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOyGx-0000IL-To; Sat, 11 Sep 2021 08:22:03 +0000 Received: by outflank-mailman (input) for mailman id 184971; Sat, 11 Sep 2021 08:22:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOyGv-0000IF-Tv for xen-changelog@lists.xenproject.org; Sat, 11 Sep 2021 08:22:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mOyGv-0002Se-Hw for xen-changelog@lists.xenproject.org; Sat, 11 Sep 2021 08:22:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mOyGv-0007BI-GV for xen-changelog@lists.xenproject.org; Sat, 11 Sep 2021 08:22:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=A6WY9pxhupC3bPDCVAkuO3Ycdl6mBShRxkD9K+yX8/Y=; b=yIKpEY1RiJUiK1HPEfhYYb5Zu+ xWPMnCMnXn50BxhR4dDBIMXEklIG+xSvK0oi6E6RJPGj6suozrl+n/2eLCj4cxoklRazCuDfRrQC9 gD9ofqCfhbDv/Hn8QTmhOKuJg50Yhl+DAuA+fsowISS6jV9muO4FyivwWXbvUyu3EOOg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] update Xen version to 4.13.4 Message-Id: Date: Sat, 11 Sep 2021 08:22:01 +0000 commit 6e2fc128eb1a7d8ff8c36123a0a03e4e60a4a44c Author: Jan Beulich AuthorDate: Fri Sep 10 09:04:55 2021 +0200 Commit: Jan Beulich CommitDate: Fri Sep 10 09:04:55 2021 +0200 update Xen version to 4.13.4 --- Config.mk | 6 +++--- xen/Makefile | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Config.mk b/Config.mk index 53f2fa76e4..da96fe34cd 100644 --- a/Config.mk +++ b/Config.mk @@ -288,15 +288,15 @@ SEABIOS_UPSTREAM_URL ?= git://xenbits.xen.org/seabios.git MINIOS_UPSTREAM_URL ?= git://xenbits.xen.org/mini-os.git endif OVMF_UPSTREAM_REVISION ?= 20d2e5a125e34fc8501026613a71549b2a1a3e54 -QEMU_UPSTREAM_REVISION ?= qemu-xen-4.13.3 -MINIOS_UPSTREAM_REVISION ?= xen-RELEASE-4.13.3 +QEMU_UPSTREAM_REVISION ?= qemu-xen-4.13.4 +MINIOS_UPSTREAM_REVISION ?= xen-RELEASE-4.13.4 SEABIOS_UPSTREAM_REVISION ?= rel-1.12.1 ETHERBOOT_NICS ?= rtl8139 8086100e -QEMU_TRADITIONAL_REVISION ?= xen-4.13.3 +QEMU_TRADITIONAL_REVISION ?= xen-4.13.4 # Wed Oct 10 18:52:54 2018 +0000 # xen/pt: allow QEMU to request MSI unmasking at bind time diff --git a/xen/Makefile b/xen/Makefile index ef1d388efe..f88e068559 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -2,7 +2,7 @@ # All other places this is stored (eg. compile.h) should be autogenerated. export XEN_VERSION = 4 export XEN_SUBVERSION = 13 -export XEN_EXTRAVERSION ?= .4-pre$(XEN_VENDORVERSION) +export XEN_EXTRAVERSION ?= .4$(XEN_VENDORVERSION) export XEN_FULLVERSION = $(XEN_VERSION).$(XEN_SUBVERSION)$(XEN_EXTRAVERSION) -include xen-version -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Sat Sep 11 20:22:06 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 11 Sep 2021 20:22:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.185099.333818 (Exim 4.92) (envelope-from ) id 1mP9Vi-0007Pm-JZ; Sat, 11 Sep 2021 20:22:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 185099.333818; Sat, 11 Sep 2021 20:22:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mP9Vi-0007Pe-Ge; Sat, 11 Sep 2021 20:22:02 +0000 Received: by outflank-mailman (input) for mailman id 185099; Sat, 11 Sep 2021 20:22:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mP9Vh-0007PY-KR for xen-changelog@lists.xenproject.org; Sat, 11 Sep 2021 20:22:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mP9Vh-0006o3-Jh for xen-changelog@lists.xenproject.org; Sat, 11 Sep 2021 20:22:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mP9Vh-00056H-IZ for xen-changelog@lists.xenproject.org; Sat, 11 Sep 2021 20:22:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=HeYRfnPz7m6fAAQ7JFoyqkpUnn8qzGAlGbHGbFwLT/g=; b=333Y1SJX0on+UJA+4bJnig6z0r C8UDLgYZNQCQwE1feQudzYJYwW9tH/5yvAUWwHMOgWn4XVTNiwwfoUmdI0hSMQ92TtlhfN+gePM96 bm3JTst8D0Fhs+/YAFbdXyq5EpSXEaIDJ8zZqmNJH5XgP1A07uGo7gogdRH1PnJrPmvM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] update Xen version to 4.14.3 Message-Id: Date: Sat, 11 Sep 2021 20:22:01 +0000 commit 9f2b6c5ec2ded4c1caf149743e862c5f15d6d083 Author: Jan Beulich AuthorDate: Fri Sep 10 14:30:40 2021 +0200 Commit: Jan Beulich CommitDate: Fri Sep 10 14:30:40 2021 +0200 update Xen version to 4.14.3 --- Config.mk | 6 +++--- xen/Makefile | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Config.mk b/Config.mk index 5c2eeef30f..0dab3b75d9 100644 --- a/Config.mk +++ b/Config.mk @@ -245,15 +245,15 @@ SEABIOS_UPSTREAM_URL ?= git://xenbits.xen.org/seabios.git MINIOS_UPSTREAM_URL ?= git://xenbits.xen.org/mini-os.git endif OVMF_UPSTREAM_REVISION ?= 20d2e5a125e34fc8501026613a71549b2a1a3e54 -QEMU_UPSTREAM_REVISION ?= qemu-xen-4.14.2 -MINIOS_UPSTREAM_REVISION ?= xen-RELEASE-4.14.2 +QEMU_UPSTREAM_REVISION ?= qemu-xen-4.14.3 +MINIOS_UPSTREAM_REVISION ?= xen-RELEASE-4.14.3 SEABIOS_UPSTREAM_REVISION ?= rel-1.13.0 ETHERBOOT_NICS ?= rtl8139 8086100e -QEMU_TRADITIONAL_REVISION ?= xen-4.14.2 +QEMU_TRADITIONAL_REVISION ?= xen-4.14.3 # Specify which qemu-dm to use. This may be `ioemu' to use the old # Mercurial in-tree version, or a local directory, or a git URL. diff --git a/xen/Makefile b/xen/Makefile index 22362d7348..661f78741e 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -2,7 +2,7 @@ # All other places this is stored (eg. compile.h) should be autogenerated. export XEN_VERSION = 4 export XEN_SUBVERSION = 14 -export XEN_EXTRAVERSION ?= .3-pre$(XEN_VENDORVERSION) +export XEN_EXTRAVERSION ?= .3$(XEN_VENDORVERSION) export XEN_FULLVERSION = $(XEN_VERSION).$(XEN_SUBVERSION)$(XEN_EXTRAVERSION) -include xen-version -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Sun Sep 12 00:11:09 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sun, 12 Sep 2021 00:11:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.185130.333861 (Exim 4.92) (envelope-from ) id 1mPD5L-0000oU-HV; Sun, 12 Sep 2021 00:11:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 185130.333861; Sun, 12 Sep 2021 00:11:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mPD5L-0000oK-ER; Sun, 12 Sep 2021 00:11:03 +0000 Received: by outflank-mailman (input) for mailman id 185130; Sun, 12 Sep 2021 00:11:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mPD5J-0000o8-Rh for xen-changelog@lists.xenproject.org; Sun, 12 Sep 2021 00:11:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mPD5J-0002qw-Nw for xen-changelog@lists.xenproject.org; Sun, 12 Sep 2021 00:11:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mPD5J-0003AD-Mu for xen-changelog@lists.xenproject.org; Sun, 12 Sep 2021 00:11:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=tPPPZGhjhW/KFF64pu2eOYTxq2Ed9Fu4Z5JBqTXis3c=; b=qtn3UcVBRAuWolzZdBVRWOOvaW 3GP/55xOaioEndaxCvO7ZME9iyPkEuiXYC4edJf2n2wQei1FKY2cy+ylDR+2TLavlw6T49J2SoZpJ Sn3UlleDUsdJcSI41QN/5GUtqwFfdSZDLQP0z+MdlijtWBsWyO/qS2tM9vX708PrvdJE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] tools/libacpi: Use 64-byte alignment for FACS Message-Id: Date: Sun, 12 Sep 2021 00:11:01 +0000 commit c76cfada1cfad05aaf64ce3ad305c5467650e782 Author: Kevin Stefanov AuthorDate: Thu Sep 9 17:34:39 2021 +0100 Commit: Andrew Cooper CommitDate: Fri Sep 10 13:27:08 2021 +0100 tools/libacpi: Use 64-byte alignment for FACS The spec requires 64-byte alignment, not 16. Signed-off-by: Kevin Stefanov Reviewed-by: Jan Beulich --- tools/libacpi/build.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/libacpi/build.c b/tools/libacpi/build.c index a61dd5583a..fe2db66a62 100644 --- a/tools/libacpi/build.c +++ b/tools/libacpi/build.c @@ -532,7 +532,7 @@ int acpi_build_tables(struct acpi_ctxt *ctxt, struct acpi_config *config) * Fill in high-memory data structures, starting at @buf. */ - facs = ctxt->mem_ops.alloc(ctxt, sizeof(struct acpi_20_facs), 16); + facs = ctxt->mem_ops.alloc(ctxt, sizeof(struct acpi_20_facs), 64); if (!facs) goto oom; memcpy(facs, &Facs, sizeof(struct acpi_20_facs)); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Sep 13 12:44:10 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 13 Sep 2021 12:44:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.185660.334339 (Exim 4.92) (envelope-from ) id 1mPlJe-0001Yh-E1; Mon, 13 Sep 2021 12:44:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 185660.334339; Mon, 13 Sep 2021 12:44:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mPlJe-0001YZ-B7; Mon, 13 Sep 2021 12:44:06 +0000 Received: by outflank-mailman (input) for mailman id 185660; Mon, 13 Sep 2021 12:44:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mPlJc-0001YT-Ur for xen-changelog@lists.xenproject.org; Mon, 13 Sep 2021 12:44:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mPlJc-0004zR-U3 for xen-changelog@lists.xenproject.org; Mon, 13 Sep 2021 12:44:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mPlJc-0000mN-TF for xen-changelog@lists.xenproject.org; Mon, 13 Sep 2021 12:44:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Pk0M5zyvree8vDNmRYq8qXmoA+by4Xvq68SbsYSrqK4=; b=d8Nt3cAFT6fVm13ntnotjIcq8c XsbSiWJH4PAFp7r9RpEE/cQcGNCKav4hbOGdPvX4WlU7vA459cmq6NppmIDTawA/M4lPzNuEEgBFe +T8N1RsEUtKDqrpFF4eY51emhLOM+LhMykcYmqC5fNVmYRjk2yMHlaKm0qc+gUFVjlV0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] tools/go: honor append build flags Message-Id: Date: Mon, 13 Sep 2021 12:44:04 +0000 commit a89bcd9737757e4d671783588a6041a84a5e1754 Author: Roger Pau Monne AuthorDate: Wed Jul 7 09:15:31 2021 +0200 Commit: Ian Jackson CommitDate: Mon Sep 13 13:38:36 2021 +0100 tools/go: honor append build flags Make the go build use APPEND_{C/LD}FLAGS when necessary, just like other parts of the build. Reported-by: Ting-Wei Lan Signed-off-by: Roger Pau Monné Acked-by: Nick Rosbrook Acked-by: Ian Jackson --- tools/golang/xenlight/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/golang/xenlight/Makefile b/tools/golang/xenlight/Makefile index e394ef9b2b..64671f246c 100644 --- a/tools/golang/xenlight/Makefile +++ b/tools/golang/xenlight/Makefile @@ -27,7 +27,7 @@ GOXL_GEN_FILES = types.gen.go helpers.gen.go # so that it can find the actual library. .PHONY: build build: xenlight.go $(GOXL_GEN_FILES) - CGO_CFLAGS="$(CFLAGS_libxenlight) $(CFLAGS_libxentoollog)" CGO_LDFLAGS="$(LDLIBS_libxenlight) $(LDLIBS_libxentoollog) -L$(XEN_libxenlight) -L$(XEN_libxentoollog)" $(GO) build -x + CGO_CFLAGS="$(CFLAGS_libxenlight) $(CFLAGS_libxentoollog) $(APPEND_CFLAGS)" CGO_LDFLAGS="$(LDLIBS_libxenlight) $(LDLIBS_libxentoollog) -L$(XEN_libxenlight) -L$(XEN_libxentoollog) $(APPEND_LDFLAGS)" $(GO) build -x .PHONY: install install: build -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Sep 15 00:55:13 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 15 Sep 2021 00:55:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.187122.335862 (Exim 4.92) (envelope-from ) id 1mQJCc-0002lS-8x; Wed, 15 Sep 2021 00:55:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 187122.335862; Wed, 15 Sep 2021 00:55:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQJCc-0002lK-64; Wed, 15 Sep 2021 00:55:06 +0000 Received: by outflank-mailman (input) for mailman id 187122; Wed, 15 Sep 2021 00:55:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQJCa-0002lE-Jz for xen-changelog@lists.xenproject.org; Wed, 15 Sep 2021 00:55:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQJCa-0002kS-HR for xen-changelog@lists.xenproject.org; Wed, 15 Sep 2021 00:55:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mQJCa-0004ge-EU for xen-changelog@lists.xenproject.org; Wed, 15 Sep 2021 00:55:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=WgaEOf7G9Mm6bB5KezHUaZf0upviafb6tudMsv9s1nM=; b=S302xcXupQMeLDEwtD43V+qKXF X1/CBZJnj/+6zbpkTAsgcFqhv40Zmq4up/u410rASlkmMAsFi0P5+QiJXavx/U9i8gdjv6cxrQvSK vboNf4AYP+Kk/XQCMVzU6rMGGiUXu2IoLOFuYYsGU1RR0MAmVYOMoXZ/3kRm5iMyVf5Y=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: introduce new helper device_tree_get_meminfo Message-Id: Date: Wed, 15 Sep 2021 00:55:04 +0000 commit 904ba3ce2e46e59080dc09676cede5df63b59f20 Author: Penny Zheng AuthorDate: Fri Sep 10 02:52:09 2021 +0000 Commit: Stefano Stabellini CommitDate: Mon Sep 13 14:10:11 2021 -0700 xen/arm: introduce new helper device_tree_get_meminfo This commit creates a new helper device_tree_get_meminfo to iterate over a device tree property to get memory info, like "reg". Signed-off-by: Penny Zheng Reviewed-by: Stefano Stabellini --- xen/arch/arm/bootfdt.c | 83 ++++++++++++++++++++++++++++---------------------- 1 file changed, 47 insertions(+), 36 deletions(-) diff --git a/xen/arch/arm/bootfdt.c b/xen/arch/arm/bootfdt.c index 476e32e0f5..b01badda3e 100644 --- a/xen/arch/arm/bootfdt.c +++ b/xen/arch/arm/bootfdt.c @@ -63,6 +63,52 @@ void __init device_tree_get_reg(const __be32 **cell, u32 address_cells, *size = dt_next_cell(size_cells, cell); } +static int __init device_tree_get_meminfo(const void *fdt, int node, + const char *prop_name, + u32 address_cells, u32 size_cells, + void *data) +{ + const struct fdt_property *prop; + unsigned int i, banks; + const __be32 *cell; + u32 reg_cells = address_cells + size_cells; + paddr_t start, size; + struct meminfo *mem = data; + + if ( address_cells < 1 || size_cells < 1 ) + { + printk("fdt: property `%s': invalid #address-cells or #size-cells", + prop_name); + return -EINVAL; + } + + prop = fdt_get_property(fdt, node, prop_name, NULL); + if ( !prop ) + return -ENOENT; + + cell = (const __be32 *)prop->data; + banks = fdt32_to_cpu(prop->len) / (reg_cells * sizeof (u32)); + + for ( i = 0; i < banks && mem->nr_banks < NR_MEM_BANKS; i++ ) + { + device_tree_get_reg(&cell, address_cells, size_cells, &start, &size); + /* Some DT may describe empty bank, ignore them */ + if ( !size ) + continue; + mem->bank[mem->nr_banks].start = start; + mem->bank[mem->nr_banks].size = size; + mem->nr_banks++; + } + + if ( i < banks ) + { + printk("Warning: Max number of supported memory regions reached.\n"); + return -ENOSPC; + } + + return 0; +} + u32 __init device_tree_get_u32(const void *fdt, int node, const char *prop_name, u32 dflt) { @@ -139,42 +185,7 @@ static int __init process_memory_node(const void *fdt, int node, u32 address_cells, u32 size_cells, void *data) { - const struct fdt_property *prop; - int i; - int banks; - const __be32 *cell; - paddr_t start, size; - u32 reg_cells = address_cells + size_cells; - struct meminfo *mem = data; - - if ( address_cells < 1 || size_cells < 1 ) - { - printk("fdt: node `%s': invalid #address-cells or #size-cells", - name); - return -EINVAL; - } - - prop = fdt_get_property(fdt, node, "reg", NULL); - if ( !prop ) - return -ENOENT; - - cell = (const __be32 *)prop->data; - banks = fdt32_to_cpu(prop->len) / (reg_cells * sizeof (u32)); - - for ( i = 0; i < banks && mem->nr_banks < NR_MEM_BANKS; i++ ) - { - device_tree_get_reg(&cell, address_cells, size_cells, &start, &size); - /* Some DT may describe empty bank, ignore them */ - if ( !size ) - continue; - mem->bank[mem->nr_banks].start = start; - mem->bank[mem->nr_banks].size = size; - mem->nr_banks++; - } - - if ( i < banks ) - return -ENOSPC; - return 0; + return device_tree_get_meminfo(fdt, node, "reg", address_cells, size_cells, data); } static int __init process_reserved_memory_node(const void *fdt, int node, -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Sep 15 00:55:16 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 15 Sep 2021 00:55:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.187123.335866 (Exim 4.92) (envelope-from ) id 1mQJCm-0002nF-Ab; Wed, 15 Sep 2021 00:55:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 187123.335866; Wed, 15 Sep 2021 00:55:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQJCm-0002n5-7T; Wed, 15 Sep 2021 00:55:16 +0000 Received: by outflank-mailman (input) for mailman id 187123; Wed, 15 Sep 2021 00:55:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQJCk-0002mr-Lj for xen-changelog@lists.xenproject.org; Wed, 15 Sep 2021 00:55:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQJCk-0002kW-Kx for xen-changelog@lists.xenproject.org; Wed, 15 Sep 2021 00:55:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mQJCk-0004hH-Jp for xen-changelog@lists.xenproject.org; Wed, 15 Sep 2021 00:55:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=yXRZhhdkV86dt8eM5DjqgfCTN+wWE23PUqcmXRiBw4Y=; b=RSz86mw5hWnou5MNjE57bXObK1 HdFuKVRn1hj/mmejYcXBHNUUMsh7Kgl0Q47Uj/1IO5VNLp5hNhCyoQ9JSKsdydNx7BZhMcWcQaGEc T4H2L0UVOMyJlxdCXeMjyPhjBrfSUhzNhPKnGwWLU+g05qsuhBgihjkthSFdVfFWeOFA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: introduce domain on Static Allocation Message-Id: Date: Wed, 15 Sep 2021 00:55:14 +0000 commit 41c031ff437b66cfac4b120bd7698ca039850690 Author: Penny Zheng AuthorDate: Fri Sep 10 02:52:10 2021 +0000 Commit: Stefano Stabellini CommitDate: Mon Sep 13 14:10:14 2021 -0700 xen/arm: introduce domain on Static Allocation Static Allocation refers to system or sub-system(domains) for which memory areas are pre-defined by configuration using physical address ranges. Those pre-defined memory, -- Static Memory, as parts of RAM reserved in the beginning, shall never go to heap allocator or boot allocator for any use. Memory can be statically allocated to a domain using the property "xen,static- mem" defined in the domain configuration. The number of cells for the address and the size must be defined using respectively the properties "#xen,static-mem-address-cells" and "#xen,static-mem-size-cells". The property 'memory' is still needed and should match the amount of memory given to the guest. Currently, it either comes from static memory or lets Xen allocate from heap. *Mixing* is not supported. The static memory will be mapped in the guest at the usual guest memory addresses (GUEST_RAM0_BASE, GUEST_RAM1_BASE) defined by xen/include/public/arch-arm.h. This patch introduces this new `xen,static-mem` feature, and also documents and parses this new attribute at boot time. This patch also introduces a new field "bool xen_domain" in "struct membank" to tell whether the memory bank is reserved as the whole hardware resource, or bind to a xen domain node, through "xen,static-mem" Signed-off-by: Penny Zheng Reviewed-by: Stefano Stabellini --- docs/misc/arm/device-tree/booting.txt | 42 +++++++++++++++++++++++++++++++++++ xen/arch/arm/bootfdt.c | 30 +++++++++++++++++++++++-- xen/include/asm-arm/setup.h | 1 + 3 files changed, 71 insertions(+), 2 deletions(-) diff --git a/docs/misc/arm/device-tree/booting.txt b/docs/misc/arm/device-tree/booting.txt index 5243bc7fd3..44cd9e1a9a 100644 --- a/docs/misc/arm/device-tree/booting.txt +++ b/docs/misc/arm/device-tree/booting.txt @@ -268,3 +268,45 @@ The DTB fragment is loaded at 0xc000000 in the example above. It should follow the convention explained in docs/misc/arm/passthrough.txt. The DTB fragment will be added to the guest device tree, so that the guest kernel will be able to discover the device. + + +Static Allocation +============= + +Static Allocation refers to system or sub-system(domains) for which memory +areas are pre-defined by configuration using physical address ranges. + +Memory can be statically allocated to a domain using the property "xen,static- +mem" defined in the domain configuration. The number of cells for the address +and the size must be defined using respectively the properties +"#xen,static-mem-address-cells" and "#xen,static-mem-size-cells". + +The property 'memory' is still needed and should match the amount of memory +given to the guest. Currently, it either comes from static memory or lets Xen +allocate from heap. *Mixing* is not supported. + +The static memory will be mapped in the guest at the usual guest memory +addresses (GUEST_RAM0_BASE, GUEST_RAM1_BASE) defined by +xen/include/public/arch-arm.h. + +Below is an example on how to specify the static memory region in the +device-tree: + + / { + chosen { + domU1 { + compatible = "xen,domain"; + #address-cells = <0x2>; + #size-cells = <0x2>; + cpus = <2>; + memory = <0x0 0x80000>; + #xen,static-mem-address-cells = <0x1>; + #xen,static-mem-size-cells = <0x1>; + xen,static-mem = <0x30000000 0x20000000>; + ... + }; + }; + }; + +This will reserve a 512MB region starting at the host physical address +0x30000000 to be exclusively used by DomU1. diff --git a/xen/arch/arm/bootfdt.c b/xen/arch/arm/bootfdt.c index b01badda3e..afaa0e249b 100644 --- a/xen/arch/arm/bootfdt.c +++ b/xen/arch/arm/bootfdt.c @@ -66,7 +66,7 @@ void __init device_tree_get_reg(const __be32 **cell, u32 address_cells, static int __init device_tree_get_meminfo(const void *fdt, int node, const char *prop_name, u32 address_cells, u32 size_cells, - void *data) + void *data, bool xen_domain) { const struct fdt_property *prop; unsigned int i, banks; @@ -97,6 +97,7 @@ static int __init device_tree_get_meminfo(const void *fdt, int node, continue; mem->bank[mem->nr_banks].start = start; mem->bank[mem->nr_banks].size = size; + mem->bank[mem->nr_banks].xen_domain = xen_domain; mem->nr_banks++; } @@ -185,7 +186,8 @@ static int __init process_memory_node(const void *fdt, int node, u32 address_cells, u32 size_cells, void *data) { - return device_tree_get_meminfo(fdt, node, "reg", address_cells, size_cells, data); + return device_tree_get_meminfo(fdt, node, "reg", address_cells, size_cells, + data, false); } static int __init process_reserved_memory_node(const void *fdt, int node, @@ -339,6 +341,28 @@ static void __init process_chosen_node(const void *fdt, int node, add_boot_module(BOOTMOD_RAMDISK, start, end-start, false); } +static int __init process_domain_node(const void *fdt, int node, + const char *name, + u32 address_cells, u32 size_cells) +{ + const struct fdt_property *prop; + + printk("Checking for \"xen,static-mem\" in domain node\n"); + + prop = fdt_get_property(fdt, node, "xen,static-mem", NULL); + if ( !prop ) + /* No "xen,static-mem" present. */ + return 0; + + address_cells = device_tree_get_u32(fdt, node, + "#xen,static-mem-address-cells", 0); + size_cells = device_tree_get_u32(fdt, node, + "#xen,static-mem-size-cells", 0); + + return device_tree_get_meminfo(fdt, node, "xen,static-mem", address_cells, + size_cells, &bootinfo.reserved_mem, true); +} + static int __init early_scan_node(const void *fdt, int node, const char *name, int depth, u32 address_cells, u32 size_cells, @@ -357,6 +381,8 @@ static int __init early_scan_node(const void *fdt, process_multiboot_node(fdt, node, name, address_cells, size_cells); else if ( depth == 1 && device_tree_node_matches(fdt, node, "chosen") ) process_chosen_node(fdt, node, name, address_cells, size_cells); + else if ( depth == 2 && device_tree_node_compatible(fdt, node, "xen,domain") ) + rc = process_domain_node(fdt, node, name, address_cells, size_cells); if ( rc < 0 ) printk("fdt: node `%s': parsing failed\n", name); diff --git a/xen/include/asm-arm/setup.h b/xen/include/asm-arm/setup.h index c4b6af6029..95da0b7ab9 100644 --- a/xen/include/asm-arm/setup.h +++ b/xen/include/asm-arm/setup.h @@ -24,6 +24,7 @@ typedef enum { struct membank { paddr_t start; paddr_t size; + bool xen_domain; /* whether the memory bank is bound to a Xen domain. */ }; struct meminfo { -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Sep 15 00:55:26 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 15 Sep 2021 00:55:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.187124.335870 (Exim 4.92) (envelope-from ) id 1mQJCw-0002qG-CD; Wed, 15 Sep 2021 00:55:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 187124.335870; Wed, 15 Sep 2021 00:55:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQJCw-0002q8-9D; Wed, 15 Sep 2021 00:55:26 +0000 Received: by outflank-mailman (input) for mailman id 187124; Wed, 15 Sep 2021 00:55:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQJCu-0002pg-P1 for xen-changelog@lists.xenproject.org; Wed, 15 Sep 2021 00:55:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQJCu-0002ks-OC for xen-changelog@lists.xenproject.org; Wed, 15 Sep 2021 00:55:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mQJCu-0004i3-N5 for xen-changelog@lists.xenproject.org; Wed, 15 Sep 2021 00:55:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Vmv/a86GnYsRNfRZhtuhIKGzYR5YadGbnu1j22MFPgQ=; b=pTdAWFhhyF9DUsPR7Yy/Tc2Akj xDjxGgmR+j4x7eEa6bUqvHn7EHBVwbB5Tova2DZ0S8EBeqCtD1EcsEKdBCvrHt87gl1SJJU2REzes rK2RHFwR4L1CmUpZFsI6J7a84crrI195hEDkNPBH2DQXIFr+2QHqBeuhU9FIFxOEb+6g=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen: introduce mark_page_free Message-Id: Date: Wed, 15 Sep 2021 00:55:24 +0000 commit 540a637c3410780b519fc055f432afe271f642f8 Author: Penny Zheng AuthorDate: Fri Sep 10 02:52:11 2021 +0000 Commit: Stefano Stabellini CommitDate: Mon Sep 13 14:10:17 2021 -0700 xen: introduce mark_page_free This commit defines a new helper mark_page_free to extract common code, like following the same cache/TLB coherency policy, between free_heap_pages and the new function free_staticmem_pages, which will be introduced later. The PDX compression makes that conversion between the MFN and the page can be potentially non-trivial. As the function is internal, pass the MFN and the page. They are both expected to match. Signed-off-by: Penny Zheng Acked-by: Jan Beulich Reviewed-by: Julien Grall --- xen/common/page_alloc.c | 89 ++++++++++++++++++++++++++----------------------- 1 file changed, 48 insertions(+), 41 deletions(-) diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index 958ba0cd92..a3ee5eca9e 100644 --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -1376,6 +1376,53 @@ bool scrub_free_pages(void) return node_to_scrub(false) != NUMA_NO_NODE; } +static void mark_page_free(struct page_info *pg, mfn_t mfn) +{ + ASSERT(mfn_x(mfn) == mfn_x(page_to_mfn(pg))); + + /* + * Cannot assume that count_info == 0, as there are some corner cases + * where it isn't the case and yet it isn't a bug: + * 1. page_get_owner() is NULL + * 2. page_get_owner() is a domain that was never accessible by + * its domid (e.g., failed to fully construct the domain). + * 3. page was never addressable by the guest (e.g., it's an + * auto-translate-physmap guest and the page was never included + * in its pseudophysical address space). + * In all the above cases there can be no guest mappings of this page. + */ + switch ( pg->count_info & PGC_state ) + { + case PGC_state_inuse: + BUG_ON(pg->count_info & PGC_broken); + pg->count_info = PGC_state_free; + break; + + case PGC_state_offlining: + pg->count_info = (pg->count_info & PGC_broken) | + PGC_state_offlined; + tainted = 1; + break; + + default: + printk(XENLOG_ERR + "pg MFN %"PRI_mfn" c=%#lx o=%u v=%#lx t=%#x\n", + mfn_x(mfn), + pg->count_info, pg->v.free.order, + pg->u.free.val, pg->tlbflush_timestamp); + BUG(); + } + + /* If a page has no owner it will need no safety TLB flush. */ + pg->u.free.need_tlbflush = (page_get_owner(pg) != NULL); + if ( pg->u.free.need_tlbflush ) + page_set_tlbflush_timestamp(pg); + + /* This page is not a guest frame any more. */ + page_set_owner(pg, NULL); /* set_gpfn_from_mfn snoops pg owner */ + set_gpfn_from_mfn(mfn_x(mfn), INVALID_M2P_ENTRY); +} + /* Free 2^@order set of pages. */ static void free_heap_pages( struct page_info *pg, unsigned int order, bool need_scrub) @@ -1392,47 +1439,7 @@ static void free_heap_pages( for ( i = 0; i < (1 << order); i++ ) { - /* - * Cannot assume that count_info == 0, as there are some corner cases - * where it isn't the case and yet it isn't a bug: - * 1. page_get_owner() is NULL - * 2. page_get_owner() is a domain that was never accessible by - * its domid (e.g., failed to fully construct the domain). - * 3. page was never addressable by the guest (e.g., it's an - * auto-translate-physmap guest and the page was never included - * in its pseudophysical address space). - * In all the above cases there can be no guest mappings of this page. - */ - switch ( pg[i].count_info & PGC_state ) - { - case PGC_state_inuse: - BUG_ON(pg[i].count_info & PGC_broken); - pg[i].count_info = PGC_state_free; - break; - - case PGC_state_offlining: - pg[i].count_info = (pg[i].count_info & PGC_broken) | - PGC_state_offlined; - tainted = 1; - break; - - default: - printk(XENLOG_ERR - "pg[%u] MFN %"PRI_mfn" c=%#lx o=%u v=%#lx t=%#x\n", - i, mfn_x(mfn) + i, - pg[i].count_info, pg[i].v.free.order, - pg[i].u.free.val, pg[i].tlbflush_timestamp); - BUG(); - } - - /* If a page has no owner it will need no safety TLB flush. */ - pg[i].u.free.need_tlbflush = (page_get_owner(&pg[i]) != NULL); - if ( pg[i].u.free.need_tlbflush ) - page_set_tlbflush_timestamp(&pg[i]); - - /* This page is not a guest frame any more. */ - page_set_owner(&pg[i], NULL); /* set_gpfn_from_mfn snoops pg owner */ - set_gpfn_from_mfn(mfn_x(mfn) + i, INVALID_M2P_ENTRY); + mark_page_free(&pg[i], mfn_add(mfn, i)); if ( need_scrub ) { -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Sep 15 00:55:36 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 15 Sep 2021 00:55:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.187125.335874 (Exim 4.92) (envelope-from ) id 1mQJD6-0002t7-Dg; Wed, 15 Sep 2021 00:55:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 187125.335874; Wed, 15 Sep 2021 00:55:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQJD6-0002sz-An; Wed, 15 Sep 2021 00:55:36 +0000 Received: by outflank-mailman (input) for mailman id 187125; Wed, 15 Sep 2021 00:55:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQJD4-0002sp-SZ for xen-changelog@lists.xenproject.org; Wed, 15 Sep 2021 00:55:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQJD4-0002l6-Rl for xen-changelog@lists.xenproject.org; Wed, 15 Sep 2021 00:55:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mQJD4-0004ip-Qi for xen-changelog@lists.xenproject.org; Wed, 15 Sep 2021 00:55:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=L+OJRyTkVtsvK3VB7KpRkilwOKbCG29KJZfcHi0ZkzY=; b=aeYX5PC/D877SGZynFxWwh7AV5 QhSi2c1UBIIeFK2c1I2M1L2h8pUR4MbhpIq/1sdIGheoTvdKcmPCHzDqfSzfZWOmcLb1Uo5X7W2rm KPZ+faa+gvpl0vPzZRys9J9F1q6ROjwlaHHb0renCANDlGgjVunm5ewKz8TlRKqgP7v8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: static memory initialization Message-Id: Date: Wed, 15 Sep 2021 00:55:34 +0000 commit 4a9e73e6e53e9d8bc005a08c3968ec36d793f140 Author: Penny Zheng AuthorDate: Fri Sep 10 02:52:12 2021 +0000 Commit: Stefano Stabellini CommitDate: Mon Sep 13 14:10:22 2021 -0700 xen/arm: static memory initialization This patch introduces static memory initialization, during system boot-up. The new function init_staticmem_pages is responsible for static memory initialization. Helper free_staticmem_pages is the equivalent of free_heap_pages, to free nr_mfns pages of static memory. This commit also introduces a new CONFIG_STATIC_MEMORY option to wrap all static-allocation-related code. Put asynchronously scrubbing pages of static memory in TODO list. Signed-off-by: Penny Zheng Reviewed-by: Stefano Stabellini --- xen/arch/arm/setup.c | 27 +++++++++++++++++++++++++++ xen/common/Kconfig | 13 +++++++++++++ xen/common/page_alloc.c | 21 +++++++++++++++++++++ xen/include/xen/mm.h | 6 ++++++ 4 files changed, 67 insertions(+) diff --git a/xen/arch/arm/setup.c b/xen/arch/arm/setup.c index 63a908e325..5be7f2b0c2 100644 --- a/xen/arch/arm/setup.c +++ b/xen/arch/arm/setup.c @@ -609,6 +609,29 @@ static void __init init_pdx(void) } } +/* Static memory initialization */ +static void __init init_staticmem_pages(void) +{ +#ifdef CONFIG_STATIC_MEMORY + unsigned int bank; + + for ( bank = 0 ; bank < bootinfo.reserved_mem.nr_banks; bank++ ) + { + if ( bootinfo.reserved_mem.bank[bank].xen_domain ) + { + mfn_t bank_start = _mfn(PFN_UP(bootinfo.reserved_mem.bank[bank].start)); + unsigned long bank_pages = PFN_DOWN(bootinfo.reserved_mem.bank[bank].size); + mfn_t bank_end = mfn_add(bank_start, bank_pages); + + if ( mfn_x(bank_end) <= mfn_x(bank_start) ) + return; + + free_staticmem_pages(mfn_to_page(bank_start), bank_pages, false); + } + } +#endif +} + #ifdef CONFIG_ARM_32 static void __init setup_mm(void) { @@ -736,6 +759,8 @@ static void __init setup_mm(void) /* Add xenheap memory that was not already added to the boot allocator. */ init_xenheap_pages(mfn_to_maddr(xenheap_mfn_start), mfn_to_maddr(xenheap_mfn_end)); + + init_staticmem_pages(); } #else /* CONFIG_ARM_64 */ static void __init setup_mm(void) @@ -789,6 +814,8 @@ static void __init setup_mm(void) setup_frametable_mappings(ram_start, ram_end); max_page = PFN_DOWN(ram_end); + + init_staticmem_pages(); } #endif diff --git a/xen/common/Kconfig b/xen/common/Kconfig index ac5491b1cc..db687b1785 100644 --- a/xen/common/Kconfig +++ b/xen/common/Kconfig @@ -70,6 +70,19 @@ config MEM_ACCESS config NEEDS_LIBELF bool +config STATIC_MEMORY + bool "Static Allocation Support (UNSUPPORTED)" if UNSUPPORTED + depends on ARM + help + Static Allocation refers to system or sub-system(domains) for + which memory areas are pre-defined by configuration using physical + address ranges. + + When enabled, memory can be statically allocated to a domain using + the property "xen,static-mem" defined in the domain configuration. + + If unsure, say N. + menu "Speculative hardening" config SPECULATIVE_HARDEN_ARRAY diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index a3ee5eca9e..ba7adc80db 100644 --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -2604,6 +2604,27 @@ struct domain *get_pg_owner(domid_t domid) return pg_owner; } +#ifdef CONFIG_STATIC_MEMORY +/* Equivalent of free_heap_pages to free nr_mfns pages of static memory. */ +void __init free_staticmem_pages(struct page_info *pg, unsigned long nr_mfns, + bool need_scrub) +{ + mfn_t mfn = page_to_mfn(pg); + unsigned long i; + + for ( i = 0; i < nr_mfns; i++ ) + { + mark_page_free(&pg[i], mfn_add(mfn, i)); + + if ( need_scrub ) + { + /* TODO: asynchronous scrubbing for pages of static memory. */ + scrub_one_page(pg); + } + } +} +#endif + /* * Local variables: * mode: C diff --git a/xen/include/xen/mm.h b/xen/include/xen/mm.h index 667f9dac83..8e8fb5a615 100644 --- a/xen/include/xen/mm.h +++ b/xen/include/xen/mm.h @@ -85,6 +85,12 @@ bool scrub_free_pages(void); } while ( false ) #define FREE_XENHEAP_PAGE(p) FREE_XENHEAP_PAGES(p, 0) +#ifdef CONFIG_STATIC_MEMORY +/* These functions are for static memory */ +void free_staticmem_pages(struct page_info *pg, unsigned long nr_mfns, + bool need_scrub); +#endif + /* Map machine page range in Xen virtual address space. */ int map_pages_to_xen( unsigned long virt, -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Sep 15 00:55:46 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 15 Sep 2021 00:55:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.187126.335878 (Exim 4.92) (envelope-from ) id 1mQJDG-0002vU-Fe; Wed, 15 Sep 2021 00:55:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 187126.335878; Wed, 15 Sep 2021 00:55:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQJDG-0002vM-CF; Wed, 15 Sep 2021 00:55:46 +0000 Received: by outflank-mailman (input) for mailman id 187126; Wed, 15 Sep 2021 00:55:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQJDF-0002v7-01 for xen-changelog@lists.xenproject.org; Wed, 15 Sep 2021 00:55:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQJDE-0002lH-VT for xen-changelog@lists.xenproject.org; Wed, 15 Sep 2021 00:55:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mQJDE-0004jo-UR for xen-changelog@lists.xenproject.org; Wed, 15 Sep 2021 00:55:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=873kfKK9ugzXAEfXTAHbbb1ENM7Ex2MRXmnjhew8IAU=; b=yIOKuKWM3FJ+Ehk4mQvuTSO5DH kTLjlgETW5b+Iy9R8ua1lqJvhVFSgjNAfFpCXBhg7rxUcmN/p1+m98GXfNxrP0YgOr8doddYJ7e/9 Cdy96K3hm3ZLXOtmlvQ7KxsEUbhTn7ULXg7tQ3urg4ThYV+ZQ9MPO9DcTx3ygerqEF0c=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen: re-define assign_pages and introduce a new function assign_page Message-Id: Date: Wed, 15 Sep 2021 00:55:44 +0000 commit 5260e8fb93f0e1f094de4142b2abad45844ab89c Author: Penny Zheng AuthorDate: Fri Sep 10 02:52:13 2021 +0000 Commit: Stefano Stabellini CommitDate: Mon Sep 13 14:12:59 2021 -0700 xen: re-define assign_pages and introduce a new function assign_page In order to deal with the trouble of count-to-order conversion when page number is not in a power-of-two, this commit re-define assign_pages for nr pages and assign_page for original page with a single order. Backporting confusion could be helped by altering the order of assign_pages parameters, such that the compiler would point out that adjustments at call sites are needed. [stefano: switch to unsigned int for nr] Signed-off-by: Penny Zheng Signed-off-by: Stefano Stabellini Reviewed-by: Stefano Stabellini --- xen/arch/x86/pv/dom0_build.c | 2 +- xen/common/grant_table.c | 2 +- xen/common/memory.c | 6 +++--- xen/common/page_alloc.c | 23 ++++++++++++++--------- xen/include/xen/mm.h | 6 ++++++ 5 files changed, 25 insertions(+), 14 deletions(-) diff --git a/xen/arch/x86/pv/dom0_build.c b/xen/arch/x86/pv/dom0_build.c index d7f9e04b28..77efd3918c 100644 --- a/xen/arch/x86/pv/dom0_build.c +++ b/xen/arch/x86/pv/dom0_build.c @@ -568,7 +568,7 @@ int __init dom0_construct_pv(struct domain *d, else { while ( count-- ) - if ( assign_pages(d, mfn_to_page(_mfn(mfn++)), 0, 0) ) + if ( assign_pages(mfn_to_page(_mfn(mfn++)), 1, d, 0) ) BUG(); } initrd->mod_end = 0; diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index e80f8d044d..fe1fc11b22 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -2358,7 +2358,7 @@ gnttab_transfer( * is respected and speculative execution is blocked accordingly */ if ( unlikely(!evaluate_nospec(okay)) || - unlikely(assign_pages(e, page, 0, MEMF_no_refcount)) ) + unlikely(assign_pages(page, 1, e, MEMF_no_refcount)) ) { bool drop_dom_ref; diff --git a/xen/common/memory.c b/xen/common/memory.c index 74babb0bd7..63642278fd 100644 --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -728,8 +728,8 @@ static long memory_exchange(XEN_GUEST_HANDLE_PARAM(xen_memory_exchange_t) arg) /* Assign each output page to the domain. */ for ( j = 0; (page = page_list_remove_head(&out_chunk_list)); ++j ) { - if ( assign_pages(d, page, exch.out.extent_order, - MEMF_no_refcount) ) + if ( assign_page(page, exch.out.extent_order, d, + MEMF_no_refcount) ) { unsigned long dec_count; bool_t drop_dom_ref; @@ -797,7 +797,7 @@ static long memory_exchange(XEN_GUEST_HANDLE_PARAM(xen_memory_exchange_t) arg) * cleared PGC_allocated. */ while ( (page = page_list_remove_head(&in_chunk_list)) ) - if ( assign_pages(d, page, 0, MEMF_no_refcount) ) + if ( assign_pages(page, 1, d, MEMF_no_refcount) ) { BUG_ON(!d->is_dying); free_domheap_page(page); diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index ba7adc80db..14ba89428b 100644 --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -2259,9 +2259,9 @@ void init_domheap_pages(paddr_t ps, paddr_t pe) int assign_pages( - struct domain *d, struct page_info *pg, - unsigned int order, + unsigned int nr, + struct domain *d, unsigned int memflags) { int rc = 0; @@ -2281,7 +2281,7 @@ int assign_pages( { unsigned int extra_pages = 0; - for ( i = 0; i < (1ul << order); i++ ) + for ( i = 0; i < nr; i++ ) { ASSERT(!(pg[i].count_info & ~PGC_extra)); if ( pg[i].count_info & PGC_extra ) @@ -2290,18 +2290,18 @@ int assign_pages( ASSERT(!extra_pages || ((memflags & MEMF_no_refcount) && - extra_pages == 1u << order)); + extra_pages == nr)); } #endif if ( pg[0].count_info & PGC_extra ) { - d->extra_pages += 1u << order; + d->extra_pages += nr; memflags &= ~MEMF_no_refcount; } else if ( !(memflags & MEMF_no_refcount) ) { - unsigned int tot_pages = domain_tot_pages(d) + (1 << order); + unsigned int tot_pages = domain_tot_pages(d) + nr; if ( unlikely(tot_pages > d->max_pages) ) { @@ -2313,10 +2313,10 @@ int assign_pages( } if ( !(memflags & MEMF_no_refcount) && - unlikely(domain_adjust_tot_pages(d, 1 << order) == (1 << order)) ) + unlikely(domain_adjust_tot_pages(d, nr) == nr) ) get_knownalive_domain(d); - for ( i = 0; i < (1 << order); i++ ) + for ( i = 0; i < nr; i++ ) { ASSERT(page_get_owner(&pg[i]) == NULL); page_set_owner(&pg[i], d); @@ -2331,6 +2331,11 @@ int assign_pages( return rc; } +int assign_page(struct page_info *pg, unsigned int order, struct domain *d, + unsigned int memflags) +{ + return assign_pages(pg, 1UL << order, d, memflags); +} struct page_info *alloc_domheap_pages( struct domain *d, unsigned int order, unsigned int memflags) @@ -2373,7 +2378,7 @@ struct page_info *alloc_domheap_pages( pg[i].count_info = PGC_extra; } } - if ( assign_pages(d, pg, order, memflags) ) + if ( assign_page(pg, order, d, memflags) ) { free_heap_pages(pg, order, memflags & MEMF_no_scrub); return NULL; diff --git a/xen/include/xen/mm.h b/xen/include/xen/mm.h index 8e8fb5a615..2b7c5d580c 100644 --- a/xen/include/xen/mm.h +++ b/xen/include/xen/mm.h @@ -132,9 +132,15 @@ int query_page_offline(mfn_t mfn, uint32_t *status); void heap_init_late(void); int assign_pages( + struct page_info *pg, + unsigned int nr, struct domain *d, + unsigned int memflags); + +int assign_page( struct page_info *pg, unsigned int order, + struct domain *d, unsigned int memflags); /* Dump info to serial console */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Sep 15 00:55:56 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 15 Sep 2021 00:55:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.187127.335882 (Exim 4.92) (envelope-from ) id 1mQJDQ-0002ze-If; Wed, 15 Sep 2021 00:55:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 187127.335882; Wed, 15 Sep 2021 00:55:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQJDQ-0002zW-Fi; Wed, 15 Sep 2021 00:55:56 +0000 Received: by outflank-mailman (input) for mailman id 187127; Wed, 15 Sep 2021 00:55:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQJDP-0002z9-3B for xen-changelog@lists.xenproject.org; Wed, 15 Sep 2021 00:55:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQJDP-0002ll-2M for xen-changelog@lists.xenproject.org; Wed, 15 Sep 2021 00:55:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mQJDP-0004kj-1a for xen-changelog@lists.xenproject.org; Wed, 15 Sep 2021 00:55:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=P3UaB8WRiE35C2T3TPuDVBtScZPddV5oKYoaIcJR3IY=; b=hrDtRkCZ6/tL1JlpczYUrQrOEQ +Ia0xTyQdvcgvNqGZ7Zpk+3D8pVezu9iQVgAC7Vn8jq9P/ZCQIupgDHBPzxUvsXnzcV4OAAQSQoSr hK5t0S2u4ENcKoJYhjOW86fHDlZ3tm1vSHcV1Chb1dZhbsRUJagHGEi6zertGJBSkzls=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: introduce acquire_staticmem_pages and acquire_domstatic_pages Message-Id: Date: Wed, 15 Sep 2021 00:55:55 +0000 commit c7fe462c0d274ffa30c9448c0a80affa075d789d Author: Penny Zheng AuthorDate: Fri Sep 10 02:52:14 2021 +0000 Commit: Stefano Stabellini CommitDate: Mon Sep 13 14:15:03 2021 -0700 xen/arm: introduce acquire_staticmem_pages and acquire_domstatic_pages New function acquire_staticmem_pages aims to acquire nr_mfns contiguous pages of static memory, starting at #smfn. And it is the equivalent of alloc_heap_pages for static memory. For each page, it shall check if the page is reserved(PGC_reserved) and free. It shall also do a set of necessary initialization, which are mostly the same ones in alloc_heap_pages, like, following the same cache-coherency policy and turning page status into PGC_state_inuse, etc. New function acquire_domstatic_pages is the equivalent of alloc_domheap_pages for static memory, and it is to acquire nr_mfns contiguous pages of static memory and assign them to one specific domain. It uses acquire_staticmem_pages to acquire nr_mfns pages of static memory. Then on success, it will use assign_pages to assign those pages to one specific domain. In order to differentiate pages of static memory from those allocated from heap, this patch introduces a new page flag PGC_reserved, then mark pages of static memory PGC_reserved when initializing them. Signed-off-by: Penny Zheng Reviewed-by: Stefano Stabellini --- xen/common/page_alloc.c | 118 ++++++++++++++++++++++++++++++++++++++++++++++- xen/include/asm-arm/mm.h | 3 ++ xen/include/xen/mm.h | 2 + 3 files changed, 121 insertions(+), 2 deletions(-) diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index 14ba89428b..b9441cb06f 100644 --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -151,6 +151,10 @@ #define p2m_pod_offline_or_broken_replace(pg) BUG_ON(pg != NULL) #endif +#ifndef PGC_reserved +#define PGC_reserved 0 +#endif + /* * Comma-separated list of hexadecimal page numbers containing bad bytes. * e.g. 'badpage=0x3f45,0x8a321'. @@ -2283,7 +2287,7 @@ int assign_pages( for ( i = 0; i < nr; i++ ) { - ASSERT(!(pg[i].count_info & ~PGC_extra)); + ASSERT(!(pg[i].count_info & ~(PGC_extra | PGC_reserved))); if ( pg[i].count_info & PGC_extra ) extra_pages++; } @@ -2322,7 +2326,8 @@ int assign_pages( page_set_owner(&pg[i], d); smp_wmb(); /* Domain pointer must be visible before updating refcnt. */ pg[i].count_info = - (pg[i].count_info & PGC_extra) | PGC_allocated | 1; + (pg[i].count_info & (PGC_extra | PGC_reserved)) | PGC_allocated | 1; + page_list_add_tail(&pg[i], page_to_list(d, &pg[i])); } @@ -2626,8 +2631,117 @@ void __init free_staticmem_pages(struct page_info *pg, unsigned long nr_mfns, /* TODO: asynchronous scrubbing for pages of static memory. */ scrub_one_page(pg); } + + /* In case initializing page of static memory, mark it PGC_reserved. */ + pg[i].count_info |= PGC_reserved; } } + +/* + * Acquire nr_mfns contiguous reserved pages, starting at #smfn, of + * static memory. + * This function needs to be reworked if used outside of boot. + */ +static struct page_info * __init acquire_staticmem_pages(mfn_t smfn, + unsigned long nr_mfns, + unsigned int memflags) +{ + bool need_tlbflush = false; + uint32_t tlbflush_timestamp = 0; + unsigned long i; + struct page_info *pg; + + ASSERT(nr_mfns); + for ( i = 0; i < nr_mfns; i++ ) + if ( !mfn_valid(mfn_add(smfn, i)) ) + return NULL; + + pg = mfn_to_page(smfn); + + spin_lock(&heap_lock); + + for ( i = 0; i < nr_mfns; i++ ) + { + /* The page should be reserved and not yet allocated. */ + if ( pg[i].count_info != (PGC_state_free | PGC_reserved) ) + { + printk(XENLOG_ERR + "pg[%lu] Static MFN %"PRI_mfn" c=%#lx t=%#x\n", + i, mfn_x(smfn) + i, + pg[i].count_info, pg[i].tlbflush_timestamp); + goto out_err; + } + + if ( !(memflags & MEMF_no_tlbflush) ) + accumulate_tlbflush(&need_tlbflush, &pg[i], + &tlbflush_timestamp); + + /* + * Preserve flag PGC_reserved and change page state + * to PGC_state_inuse. + */ + pg[i].count_info = PGC_reserved | PGC_state_inuse; + /* Initialise fields which have other uses for free pages. */ + pg[i].u.inuse.type_info = 0; + page_set_owner(&pg[i], NULL); + } + + spin_unlock(&heap_lock); + + if ( need_tlbflush ) + filtered_flush_tlb_mask(tlbflush_timestamp); + + /* + * Ensure cache and RAM are consistent for platforms where the guest + * can control its own visibility of/through the cache. + */ + for ( i = 0; i < nr_mfns; i++ ) + flush_page_to_ram(mfn_x(smfn) + i, !(memflags & MEMF_no_icache_flush)); + + return pg; + + out_err: + while ( i-- ) + pg[i].count_info = PGC_reserved | PGC_state_free; + + spin_unlock(&heap_lock); + + return NULL; +} + +/* + * Acquire nr_mfns contiguous pages, starting at #smfn, of static memory, + * then assign them to one specific domain #d. + */ +int __init acquire_domstatic_pages(struct domain *d, mfn_t smfn, + unsigned long nr_mfns, unsigned int memflags) +{ + struct page_info *pg; + + ASSERT(!in_irq()); + + pg = acquire_staticmem_pages(smfn, nr_mfns, memflags); + if ( !pg ) + return -ENOENT; + + if ( !d || (memflags & (MEMF_no_owner | MEMF_no_refcount)) ) + { + /* + * Respective handling omitted here because right now + * acquired static memory is only for guest RAM. + */ + ASSERT_UNREACHABLE(); + return -EINVAL; + } + + if ( assign_pages(pg, nr_mfns, d, memflags) ) + { + free_staticmem_pages(pg, nr_mfns, memflags & MEMF_no_scrub); + return -EINVAL; + } + + return 0; +} #endif /* diff --git a/xen/include/asm-arm/mm.h b/xen/include/asm-arm/mm.h index ded74d29da..7b5e7b7f69 100644 --- a/xen/include/asm-arm/mm.h +++ b/xen/include/asm-arm/mm.h @@ -108,6 +108,9 @@ struct page_info /* Page is Xen heap? */ #define _PGC_xen_heap PG_shift(2) #define PGC_xen_heap PG_mask(1, 2) + /* Page is reserved */ +#define _PGC_reserved PG_shift(3) +#define PGC_reserved PG_mask(1, 3) /* ... */ /* Page is broken? */ #define _PGC_broken PG_shift(7) diff --git a/xen/include/xen/mm.h b/xen/include/xen/mm.h index 2b7c5d580c..dd49237e86 100644 --- a/xen/include/xen/mm.h +++ b/xen/include/xen/mm.h @@ -89,6 +89,8 @@ bool scrub_free_pages(void); /* These functions are for static memory */ void free_staticmem_pages(struct page_info *pg, unsigned long nr_mfns, bool need_scrub); +int acquire_domstatic_pages(struct domain *d, mfn_t smfn, unsigned long nr_mfns, + unsigned int memflags); #endif /* Map machine page range in Xen virtual address space. */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Sep 15 00:56:06 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 15 Sep 2021 00:56:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.187129.335886 (Exim 4.92) (envelope-from ) id 1mQJDa-00032k-Jy; Wed, 15 Sep 2021 00:56:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 187129.335886; Wed, 15 Sep 2021 00:56:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQJDa-00032c-H8; Wed, 15 Sep 2021 00:56:06 +0000 Received: by outflank-mailman (input) for mailman id 187129; Wed, 15 Sep 2021 00:56:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQJDZ-00032F-6h for xen-changelog@lists.xenproject.org; Wed, 15 Sep 2021 00:56:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQJDZ-0002mC-5a for xen-changelog@lists.xenproject.org; Wed, 15 Sep 2021 00:56:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mQJDZ-0004lm-4x for xen-changelog@lists.xenproject.org; Wed, 15 Sep 2021 00:56:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=QzZ8zqbJhAdQcjo/x23So9/mWL+BRnGcKG6X7pZEVEw=; b=3KVvMRS2ucT0uuhFGQ4n4uUcDU Y29lzJ7UB2EtJbnmDI+PsFpv0Zni++/wzNDlHC2Otk6giQYpEy3Ye5NSVR0GJeH6RSOeHU1BRpzar qVXP1Nbwa1TXKGs6Om+mDpqZB3JdODvpijT3D0/mMxDjoyXL9yuQvnun2hlT8H4hdgG4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: introduce allocate_static_memory Message-Id: Date: Wed, 15 Sep 2021 00:56:05 +0000 commit 487975df53b5298316b594550c79934d646701bd Author: Penny Zheng AuthorDate: Fri Sep 10 02:52:15 2021 +0000 Commit: Stefano Stabellini CommitDate: Mon Sep 13 14:15:04 2021 -0700 xen/arm: introduce allocate_static_memory This commit introduces a new function allocate_static_memory to allocate static memory as guest RAM for domains on Static Allocation. It uses acquire_domstatic_pages to acquire pre-configured static memory for the domain, and uses guest_physmap_add_pages to set up the P2M table. These pre-defined static memory banks shall be mapped to the usual guest memory addresses (GUEST_RAM0_BASE, GUEST_RAM1_BASE) defined by xen/include/public/arch-arm.h. In order to deal with the trouble of count-to-order conversion when page number is not in a power-of-two, this commit exports p2m_insert_mapping and introduce a new function guest_physmap_add_pages to cope with adding guest RAM p2m mapping with nr_pages. Signed-off-by: Penny Zheng Reviewed-by: Stefano Stabellini --- xen/arch/arm/domain_build.c | 161 +++++++++++++++++++++++++++++++++++++++++++- xen/arch/arm/p2m.c | 7 +- xen/include/asm-arm/p2m.h | 11 +++ 3 files changed, 173 insertions(+), 6 deletions(-) diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index 206038d1c0..62ab7d0ead 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -480,6 +480,162 @@ fail: (unsigned long)kinfo->unassigned_mem >> 10); } +#ifdef CONFIG_STATIC_MEMORY +static bool __init append_static_memory_to_bank(struct domain *d, + struct membank *bank, + mfn_t smfn, + paddr_t size) +{ + int res; + unsigned int nr_pages = PFN_DOWN(size); + /* Infer next GFN. */ + gfn_t sgfn = gaddr_to_gfn(bank->start + bank->size); + + res = guest_physmap_add_pages(d, sgfn, smfn, nr_pages); + if ( res ) + { + dprintk(XENLOG_ERR, "Failed to map pages to DOMU: %d", res); + return false; + } + + bank->size = bank->size + size; + + return true; +} + +/* Allocate memory from static memory as RAM for one specific domain d. */ +static void __init allocate_static_memory(struct domain *d, + struct kernel_info *kinfo, + const struct dt_device_node *node) +{ + const struct dt_property *prop; + u32 addr_cells, size_cells, reg_cells; + unsigned int nr_banks, gbank, bank = 0; + const uint64_t rambase[] = GUEST_RAM_BANK_BASES; + const uint64_t ramsize[] = GUEST_RAM_BANK_SIZES; + const __be32 *cell; + u64 tot_size = 0; + paddr_t pbase, psize, gsize; + mfn_t smfn; + int res; + + prop = dt_find_property(node, "xen,static-mem", NULL); + if ( !dt_property_read_u32(node, "#xen,static-mem-address-cells", + &addr_cells) ) + { + printk(XENLOG_ERR + "%pd: failed to read \"#xen,static-mem-address-cells\".\n", d); + goto fail; + } + + if ( !dt_property_read_u32(node, "#xen,static-mem-size-cells", + &size_cells) ) + { + printk(XENLOG_ERR + "%pd: failed to read \"#xen,static-mem-size-cells\".\n", d); + goto fail; + } + reg_cells = addr_cells + size_cells; + + /* + * The static memory will be mapped in the guest at the usual guest memory + * addresses (GUEST_RAM0_BASE, GUEST_RAM1_BASE) defined by + * xen/include/public/arch-arm.h. + */ + gbank = 0; + gsize = ramsize[gbank]; + kinfo->mem.bank[gbank].start = rambase[gbank]; + + cell = (const __be32 *)prop->value; + nr_banks = (prop->length) / (reg_cells * sizeof (u32)); + + for ( ; bank < nr_banks; bank++ ) + { + device_tree_get_reg(&cell, addr_cells, size_cells, &pbase, &psize); + ASSERT(IS_ALIGNED(pbase, PAGE_SIZE) && IS_ALIGNED(psize, PAGE_SIZE)); + + smfn = maddr_to_mfn(pbase); + res = acquire_domstatic_pages(d, smfn, PFN_DOWN(psize), 0); + if ( res ) + { + printk(XENLOG_ERR + "%pd: failed to acquire static memory: %d.\n", d, res); + goto fail; + } + + printk(XENLOG_INFO "%pd: STATIC BANK[%u] %#"PRIpaddr"-%#"PRIpaddr"\n", + d, bank, pbase, pbase + psize); + + while ( 1 ) + { + /* Map as much as possible the static range to the guest bank */ + if ( !append_static_memory_to_bank(d, &kinfo->mem.bank[gbank], smfn, + min(psize, gsize)) ) + goto fail; + + /* + * The current physical bank is fully mapped. + * Handle the next physical bank. + */ + if ( gsize >= psize ) + { + gsize = gsize - psize; + break; + } + /* + * When current guest bank is not enough to map, exhaust + * the current one and seek to the next. + * Before seeking to the next, check if we still have available + * guest bank. + */ + else if ( (gbank + 1) >= GUEST_RAM_BANKS ) + { + printk(XENLOG_ERR "Exhausted all possible guest banks.\n"); + goto fail; + } + else + { + psize = psize - gsize; + smfn = mfn_add(smfn, gsize >> PAGE_SHIFT); + /* Update to the next guest bank. */ + gbank++; + gsize = ramsize[gbank]; + kinfo->mem.bank[gbank].start = rambase[gbank]; + } + } + + tot_size += psize; + } + + kinfo->mem.nr_banks = ++gbank; + + kinfo->unassigned_mem -= tot_size; + /* + * The property 'memory' should match the amount of memory given to the + * guest. + * Currently, it is only possible to either acquire static memory or let + * Xen allocate. *Mixing* is not supported. + */ + if ( kinfo->unassigned_mem ) + { + printk(XENLOG_ERR + "Size of \"memory\" property doesn't match up with the sum-up of \"xen,static-mem\". Unsupported configuration.\n"); + goto fail; + } + + return; + + fail: + panic("Failed to allocate requested static memory for domain %pd.", d); +} +#else +static void __init allocate_static_memory(struct domain *d, + struct kernel_info *kinfo, + const struct dt_device_node *node) +{ +} +#endif + static int __init write_properties(struct domain *d, struct kernel_info *kinfo, const struct dt_device_node *node) { @@ -2453,7 +2609,10 @@ static int __init construct_domU(struct domain *d, /* type must be set before allocate memory */ d->arch.type = kinfo.type; #endif - allocate_memory(d, &kinfo); + if ( !dt_find_property(node, "xen,static-mem", NULL) ) + allocate_memory(d, &kinfo); + else + allocate_static_memory(d, &kinfo, node); rc = prepare_dtb_domU(d, &kinfo); if ( rc < 0 ) diff --git a/xen/arch/arm/p2m.c b/xen/arch/arm/p2m.c index eff9a105e7..6e01e83967 100644 --- a/xen/arch/arm/p2m.c +++ b/xen/arch/arm/p2m.c @@ -1293,11 +1293,8 @@ out: return resolved; } -static inline int p2m_insert_mapping(struct domain *d, - gfn_t start_gfn, - unsigned long nr, - mfn_t mfn, - p2m_type_t t) +int p2m_insert_mapping(struct domain *d, gfn_t start_gfn, unsigned long nr, + mfn_t mfn, p2m_type_t t) { struct p2m_domain *p2m = p2m_get_hostp2m(d); int rc; diff --git a/xen/include/asm-arm/p2m.h b/xen/include/asm-arm/p2m.h index 6a2108398f..f885cc522b 100644 --- a/xen/include/asm-arm/p2m.h +++ b/xen/include/asm-arm/p2m.h @@ -300,6 +300,9 @@ int map_dev_mmio_region(struct domain *d, unsigned long nr, mfn_t mfn); +int p2m_insert_mapping(struct domain *d, gfn_t start_gfn, unsigned long nr, + mfn_t mfn, p2m_type_t t); + int guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, @@ -315,6 +318,14 @@ static inline int guest_physmap_add_page(struct domain *d, return guest_physmap_add_entry(d, gfn, mfn, page_order, p2m_ram_rw); } +static inline int guest_physmap_add_pages(struct domain *d, + gfn_t gfn, + mfn_t mfn, + unsigned int nr_pages) +{ + return p2m_insert_mapping(d, gfn, nr_pages, mfn, p2m_ram_rw); +} + mfn_t gfn_to_mfn(struct domain *d, gfn_t gfn); /* Look up a GFN and take a reference count on the backing page. */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Sep 15 09:11:10 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 15 Sep 2021 09:11:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.187360.336182 (Exim 4.92) (envelope-from ) id 1mQQwb-0007GV-8X; Wed, 15 Sep 2021 09:11:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 187360.336182; Wed, 15 Sep 2021 09:11:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQQwb-0007GM-5P; Wed, 15 Sep 2021 09:11:05 +0000 Received: by outflank-mailman (input) for mailman id 187360; Wed, 15 Sep 2021 09:11:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQQwa-0007GG-JP for xen-changelog@lists.xenproject.org; Wed, 15 Sep 2021 09:11:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQQwa-0002Ad-Fr for xen-changelog@lists.xenproject.org; Wed, 15 Sep 2021 09:11:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mQQwa-0006MA-En for xen-changelog@lists.xenproject.org; Wed, 15 Sep 2021 09:11:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=PgpnxYM8Ylyx9RkKmSAB7ey7JOkajUxxugrIA4XApfE=; b=Bh57Qd4ilz4eAIfrjzm6Sbdboj 5lqjQVmarA/1DAAv9Xk60C/iPHBq+MZiNOL0Habw4W/39K+wypvZlO22UX/rV3yCs/KmCzhcCfRsu bbrtr1R1P7Hh9h/74SDt3XX6MlqsnckrpYvGxjnPZuCabpwWlgdYmUzVFguDomBepVCQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] sched: fix sched_move_domain() for domain without vcpus Message-Id: Date: Wed, 15 Sep 2021 09:11:04 +0000 commit 999e1582f289cfb8d59e2e58927c1cba0ac2ada3 Author: Juergen Gross AuthorDate: Wed Sep 15 10:57:47 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 15 10:57:47 2021 +0200 sched: fix sched_move_domain() for domain without vcpus In case a domain is created with a cpupool other than Pool-0 specified it will be moved to that cpupool before any vcpus are allocated. This will lead to a NULL pointer dereference in sched_move_domain(). Fix that by tolerating vcpus not being allocated yet. Fixes: 70fadc41635b9b6 ("xen/cpupool: support moving domain between cpupools with different granularity") Reported-by: Bertrand Marquis Signed-off-by: Juergen Gross Reviewed-by: Dario Faggioli --- xen/common/sched/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/common/sched/core.c b/xen/common/sched/core.c index 8d178baf3d..8f4b1ca10d 100644 --- a/xen/common/sched/core.c +++ b/xen/common/sched/core.c @@ -651,7 +651,7 @@ int sched_move_domain(struct domain *d, struct cpupool *c) struct scheduler *old_ops = dom_scheduler(d); void *old_domdata; unsigned int gran = cpupool_get_granularity(c); - unsigned int n_units = DIV_ROUND_UP(d->max_vcpus, gran); + unsigned int n_units = d->vcpu[0] ? DIV_ROUND_UP(d->max_vcpus, gran) : 0; int ret = 0; for_each_vcpu ( d, v ) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Sep 15 09:11:15 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 15 Sep 2021 09:11:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.187361.336186 (Exim 4.92) (envelope-from ) id 1mQQwl-0007Ip-9n; Wed, 15 Sep 2021 09:11:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 187361.336186; Wed, 15 Sep 2021 09:11:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQQwl-0007Ih-6q; Wed, 15 Sep 2021 09:11:15 +0000 Received: by outflank-mailman (input) for mailman id 187361; Wed, 15 Sep 2021 09:11:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQQwk-0007IX-K4 for xen-changelog@lists.xenproject.org; Wed, 15 Sep 2021 09:11:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQQwk-0002Al-JD for xen-changelog@lists.xenproject.org; Wed, 15 Sep 2021 09:11:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mQQwk-0006NP-I6 for xen-changelog@lists.xenproject.org; Wed, 15 Sep 2021 09:11:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Ay/b6USKTuZokeeMaRVkgJWgp/gmPL9PnnzJDFZ+ak0=; b=k/7y0MWL2lCYIggws3XmADbdm0 Jdr4c5e2G85vqze+wskg9FzBrEm3nLdunGZcWYZblUvKHJLx5rfLlbYnpv0ihd28nJGWfGLGzuwr6 dvP8nDHpZKq1vPw02bzoEL8pq/8W/dI5guzHqgF5+QeTQRxVBLkIiwxjyz9sbVu6UEzw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/ACPI: ignore processors which cannot be brought online Message-Id: Date: Wed, 15 Sep 2021 09:11:14 +0000 commit 0a7ebb1861062f795bab53272789ed2802d84ec0 Author: Jan Beulich AuthorDate: Wed Sep 15 11:00:40 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 15 11:00:40 2021 +0200 x86/ACPI: ignore processors which cannot be brought online ACPI 6.3 introduced a flag allowing to tell MADT entries describing hotpluggable processors from ones which are simply placeholders (often used by firmware writers to simplify handling there). Inspired by a Linux patch by Mario Limonciello . Requested-by: Andrew Cooper Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné --- xen/arch/x86/acpi/boot.c | 16 ++++++++++++++++ xen/include/acpi/actbl1.h | 3 ++- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/acpi/boot.c b/xen/arch/x86/acpi/boot.c index 8fe2d6fe0f..5e38b4b17c 100644 --- a/xen/arch/x86/acpi/boot.c +++ b/xen/arch/x86/acpi/boot.c @@ -53,6 +53,8 @@ bool __initdata acpi_ioapic; static bool __initdata acpi_skip_timer_override; boolean_param("acpi_skip_timer_override", acpi_skip_timer_override); +static uint8_t __initdata madt_revision; + static u64 acpi_lapic_addr __initdata = APIC_DEFAULT_PHYS_BASE; /* -------------------------------------------------------------------------- @@ -64,6 +66,8 @@ static int __init acpi_parse_madt(struct acpi_table_header *table) struct acpi_table_madt *madt = container_of(table, struct acpi_table_madt, header); + madt_revision = madt->header.revision; + if (madt->address) { acpi_lapic_addr = (u64) madt->address; @@ -86,6 +90,12 @@ acpi_parse_x2apic(struct acpi_subtable_header *header, const unsigned long end) if (BAD_MADT_ENTRY(processor, end)) return -EINVAL; + /* Don't register processors that cannot be onlined. */ + if (madt_revision >= 5 && + !(processor->lapic_flags & ACPI_MADT_ENABLED) && + !(processor->lapic_flags & ACPI_MADT_ONLINE_CAPABLE)) + return 0; + if ((processor->lapic_flags & ACPI_MADT_ENABLED) || processor->local_apic_id != 0xffffffff || opt_cpu_info) { acpi_table_print_madt_entry(header); @@ -136,6 +146,12 @@ acpi_parse_lapic(struct acpi_subtable_header * header, const unsigned long end) if (BAD_MADT_ENTRY(processor, end)) return -EINVAL; + /* Don't register processors that cannot be onlined. */ + if (madt_revision >= 5 && + !(processor->lapic_flags & ACPI_MADT_ENABLED) && + !(processor->lapic_flags & ACPI_MADT_ONLINE_CAPABLE)) + return 0; + if ((processor->lapic_flags & ACPI_MADT_ENABLED) || processor->id != 0xff || opt_cpu_info) acpi_table_print_madt_entry(header); diff --git a/xen/include/acpi/actbl1.h b/xen/include/acpi/actbl1.h index e1991362dc..923641fc9e 100644 --- a/xen/include/acpi/actbl1.h +++ b/xen/include/acpi/actbl1.h @@ -858,7 +858,8 @@ struct acpi_madt_generic_translator { /* MADT Local APIC flags */ -#define ACPI_MADT_ENABLED (1) /* 00: Processor is usable if set */ +#define ACPI_MADT_ENABLED (1 << 0) /* 00: Processor is usable if set */ +#define ACPI_MADT_ONLINE_CAPABLE (1 << 1) /* 01: Processor can be onlined */ /* MADT MPS INTI flags (inti_flags) */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Sep 15 09:11:25 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 15 Sep 2021 09:11:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.187363.336201 (Exim 4.92) (envelope-from ) id 1mQQwv-0007fD-JL; Wed, 15 Sep 2021 09:11:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 187363.336201; Wed, 15 Sep 2021 09:11:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQQwv-0007f5-Fv; Wed, 15 Sep 2021 09:11:25 +0000 Received: by outflank-mailman (input) for mailman id 187363; Wed, 15 Sep 2021 09:11:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQQwu-0007eU-N5 for xen-changelog@lists.xenproject.org; Wed, 15 Sep 2021 09:11:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQQwu-0002B4-MJ for xen-changelog@lists.xenproject.org; Wed, 15 Sep 2021 09:11:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mQQwu-0006Px-LT for xen-changelog@lists.xenproject.org; Wed, 15 Sep 2021 09:11:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=K3wZnivzG1Aa4q8J60ol9zxuYGITLsJ8UzRwhB2fSMQ=; b=N7bZihDkAceu4xFZkoziSm3Ovu F/mLT/gC4LclPy4ugzI0f68AI5pjCSg7f07sOVj376T3YdBDROc8E+6af2Ko8OHSbfzqaIoGHipfK yZ8BoWLLa16VdVqJ/uda6++0P7bLG3wdiE7kmjpkNufQevSpZiPRvEe0PIwBqHfyk2kI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/boot: properly "ignore" early evaluated "no-real-mode" Message-Id: Date: Wed, 15 Sep 2021 09:11:24 +0000 commit e5046fc6e99db83e2c21ff8d9bfa92a0b6d328ad Author: Jan Beulich AuthorDate: Wed Sep 15 11:01:29 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 15 11:01:29 2021 +0200 x86/boot: properly "ignore" early evaluated "no-real-mode" The option parser takes off "no-" prefixes before matching, so they also shouldn't be specified to match against. Fixes: e44d98608476 ("x86/setup: Ignore early boot parameters like no-real-mode") Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- xen/arch/x86/setup.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 8105dc36bb..b101565f14 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -692,7 +692,7 @@ static void __init noreturn reinit_bsp_stack(void) * has options that are only used during the very initial boot process, * so they can be ignored now. */ -ignore_param("no-real-mode"); +ignore_param("real-mode"); ignore_param("edd"); ignore_param("edid"); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Sep 15 09:11:35 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 15 Sep 2021 09:11:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.187367.336205 (Exim 4.92) (envelope-from ) id 1mQQx5-0007s5-Lu; Wed, 15 Sep 2021 09:11:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 187367.336205; Wed, 15 Sep 2021 09:11:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQQx5-0007rx-Ih; Wed, 15 Sep 2021 09:11:35 +0000 Received: by outflank-mailman (input) for mailman id 187367; Wed, 15 Sep 2021 09:11:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQQx4-0007rR-QC for xen-changelog@lists.xenproject.org; Wed, 15 Sep 2021 09:11:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQQx4-0002BI-PP for xen-changelog@lists.xenproject.org; Wed, 15 Sep 2021 09:11:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mQQx4-0006Qf-OV for xen-changelog@lists.xenproject.org; Wed, 15 Sep 2021 09:11:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=umk6GUqzS6W1bLm7mOaBxvXEtGWye+ciCJ4wYEZ1Dmo=; b=BN4f24Wwu/I83d3DZ3ZJVpqF+n r7NS7ibADQCHODj3zOLBa2crBURKuhhRtHHGSXb4PTMzqYcOEGGmznG7PRqqpRxVN7/kkuoPKnzdw 90uXHT5bu06oLS7El1Qvx6OdmaWT6W+oZXzOVCxF50EkFHZbzwVCpYWqHbAYsKEv4+Lg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86: quote section names when defining them in linker script Message-Id: Date: Wed, 15 Sep 2021 09:11:34 +0000 commit 6254920587c33bcc7ab884e6c9a11cfc0d5867ab Author: Roger Pau Monné AuthorDate: Wed Sep 15 11:02:21 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 15 11:02:21 2021 +0200 x86: quote section names when defining them in linker script LLVM ld seems to require section names to be quoted at both definition and when referencing them for a match to happen, or else we get the following errors: ld: error: xen.lds:45: undefined section ".text" ld: error: xen.lds:69: undefined section ".rodata" ld: error: xen.lds:104: undefined section ".note.gnu.build-id" [...] The original fix for GNU ld 2.37 only quoted the section name when referencing it in the ADDR function. Fix by also quoting the section names when declaring them. Fixes: 58ad654ebce7 ("x86: work around build issue with GNU ld 2.37") Reported-by: Andrew Cooper Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich --- xen/arch/x86/xen.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index 955d5cf4a0..11b1da2154 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -18,7 +18,7 @@ ENTRY(efi_start) #else /* !EFI */ #define FORMAT "elf64-x86-64" -#define DECL_SECTION(x) x : AT(ADDR(#x) - __XEN_VIRT_START) +#define DECL_SECTION(x) #x : AT(ADDR(#x) - __XEN_VIRT_START) ENTRY(start_pa) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Sep 15 13:22:15 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 15 Sep 2021 13:22:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.187590.336508 (Exim 4.92) (envelope-from ) id 1mQUrW-0005UJ-Kc; Wed, 15 Sep 2021 13:22:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 187590.336508; Wed, 15 Sep 2021 13:22:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQUrW-0005UB-HY; Wed, 15 Sep 2021 13:22:06 +0000 Received: by outflank-mailman (input) for mailman id 187590; Wed, 15 Sep 2021 13:22:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQUrV-0005U5-2f for xen-changelog@lists.xenproject.org; Wed, 15 Sep 2021 13:22:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQUrU-0006cV-KA for xen-changelog@lists.xenproject.org; Wed, 15 Sep 2021 13:22:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mQUrU-0002S3-Ih for xen-changelog@lists.xenproject.org; Wed, 15 Sep 2021 13:22:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=WJkLgXmXkU6r6zWb6M5vTsINtPaVmeB32njaHLRrlDY=; b=o2P11kDD2EjGPKBLI1T/m+xQO6 jwdUr9Q1/mI1jUvvpc+5cfbZN1ZQztCwnilJJzXxGJkuseUG6VM4Tgfg2t7gKKKFDIKAX5ThB/kHs KFLdgcW0jglJLcctOAE1v84rQBnuWqmsjZlNHwRgsBDanR9w70awhXS8SgC/duSKN3iE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/p2m: fix xenmem_add_to_physmap_one double page removal Message-Id: Date: Wed, 15 Sep 2021 13:22:04 +0000 commit 3e910b648b99393561e7c523756c1ea49a6c1305 Author: Roger Pau Monné AuthorDate: Wed Sep 15 15:13:14 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 15 15:13:14 2021 +0200 x86/p2m: fix xenmem_add_to_physmap_one double page removal If the new gfn matches the previous one (ie: gpfn == old_gpfn) xenmem_add_to_physmap_one will issue a duplicated call to guest_physmap_remove_page with the same guest frame number, because the get_gpfn_from_mfn call has been moved by commit f8582da041 to be performed before the original page is removed. This leads to the second guest_physmap_remove_page failing, which was not the case before commit f8582da041. Fix this by adding a check that prevents a second call to guest_physmap_remove_page if the previous one has already removed the backing page from that gfn. Fixes: f8582da041 ('x86/mm: pull a sanity check earlier in xenmem_add_to_physmap_one()') Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich --- xen/arch/x86/mm/p2m.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 674a6f4fe9..2bd4d37286 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -2813,7 +2813,7 @@ int xenmem_add_to_physmap_one( } /* Unmap from old location, if any. */ - if ( !rc && old_gpfn != INVALID_M2P_ENTRY ) + if ( !rc && old_gpfn != INVALID_M2P_ENTRY && !gfn_eq(_gfn(old_gpfn), gpfn) ) rc = guest_physmap_remove_page(d, _gfn(old_gpfn), mfn, PAGE_ORDER_4K); /* Map at new location. */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Sep 16 09:11:13 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 16 Sep 2021 09:11:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.188268.337357 (Exim 4.92) (envelope-from ) id 1mQnQ9-0002aV-LK; Thu, 16 Sep 2021 09:11:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 188268.337357; Thu, 16 Sep 2021 09:11:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQnQ9-0002aN-IQ; Thu, 16 Sep 2021 09:11:05 +0000 Received: by outflank-mailman (input) for mailman id 188268; Thu, 16 Sep 2021 09:11:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQnQ8-0002aH-8r for xen-changelog@lists.xenproject.org; Thu, 16 Sep 2021 09:11:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQnQ8-0002Ti-65 for xen-changelog@lists.xenproject.org; Thu, 16 Sep 2021 09:11:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mQnQ8-0008CX-52 for xen-changelog@lists.xenproject.org; Thu, 16 Sep 2021 09:11:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=WA2+frnDh4YzJ7XCjgmTZgQaM/u4Bru7K91HT1Nv3HU=; b=W7R0Ufz5aT2cgzQ0DKlvxb1o8l ccLf6T+3vLNxrseghktxxiifWTEPAQxcx9MxJ9efYCTkN8hH2PbupPPeu+66GM+VyAvwI4EY0vkio nasiGJ9dCHna9IVtuzAFo3is2Sc7wjga4OClt5UlehA1aAB5j0n+XVX+5qBzUaJpT62s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] IOMMU: page table dumping adjustments Message-Id: Date: Thu, 16 Sep 2021 09:11:04 +0000 commit fd7e0b14a82b36bfb7941150f1cc84e682780525 Author: Jan Beulich AuthorDate: Thu Sep 16 10:56:25 2021 +0200 Commit: Jan Beulich CommitDate: Thu Sep 16 10:56:25 2021 +0200 IOMMU: page table dumping adjustments For one none of the three IOMMU implementations on Arm specify a dumping hook. Generalize VT-d's "don't dump shared page tables" to cover for this. Further in the past I was told that on Arm in principle there could be multiple different IOMMUs, and hence different domains' platform_ops pointers could differ. Use each domain's ops for calling the dump hook. (In the long run all uses of iommu_get_ops() would likely need to disappear for this reason.) Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian --- xen/drivers/passthrough/iommu.c | 11 +++++++---- xen/drivers/passthrough/vtd/iommu.c | 6 ------ 2 files changed, 7 insertions(+), 10 deletions(-) diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c index fd2578d30a..6334370109 100644 --- a/xen/drivers/passthrough/iommu.c +++ b/xen/drivers/passthrough/iommu.c @@ -587,12 +587,9 @@ bool_t iommu_has_feature(struct domain *d, enum iommu_feature feature) static void iommu_dump_page_tables(unsigned char key) { struct domain *d; - const struct iommu_ops *ops; ASSERT(iommu_enabled); - ops = iommu_get_ops(); - rcu_read_lock(&domlist_read_lock); for_each_domain(d) @@ -600,7 +597,13 @@ static void iommu_dump_page_tables(unsigned char key) if ( is_hardware_domain(d) || !is_iommu_enabled(d) ) continue; - ops->dump_page_tables(d); + if ( iommu_use_hap_pt(d) ) + { + printk("%pd sharing page tables\n", d); + continue; + } + + dom_iommu(d)->platform_ops->dump_page_tables(d); } rcu_read_unlock(&domlist_read_lock); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 2034a95a87..08890c66d4 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -2668,12 +2668,6 @@ static void vtd_dump_page_tables(struct domain *d) { const struct domain_iommu *hd = dom_iommu(d); - if ( iommu_use_hap_pt(d) ) - { - printk(VTDPREFIX " %pd sharing EPT table\n", d); - return; - } - printk(VTDPREFIX" %pd table has %d levels\n", d, agaw_to_level(hd->arch.vtd.agaw)); vtd_dump_page_table_level(hd->arch.vtd.pgd_maddr, -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Sep 16 09:11:15 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 16 Sep 2021 09:11:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.188269.337361 (Exim 4.92) (envelope-from ) id 1mQnQJ-0002cH-Mv; Thu, 16 Sep 2021 09:11:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 188269.337361; Thu, 16 Sep 2021 09:11:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQnQJ-0002c9-Jw; Thu, 16 Sep 2021 09:11:15 +0000 Received: by outflank-mailman (input) for mailman id 188269; Thu, 16 Sep 2021 09:11:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQnQI-0002bw-AX for xen-changelog@lists.xenproject.org; Thu, 16 Sep 2021 09:11:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQnQI-0002Tm-9n for xen-changelog@lists.xenproject.org; Thu, 16 Sep 2021 09:11:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mQnQI-0008D8-8k for xen-changelog@lists.xenproject.org; Thu, 16 Sep 2021 09:11:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=JBLrA5tOWHPsEsBgEBqOWAL2pDH5OMSzjFWlX6v8EIE=; b=cxz1yEvdxt6g5LJz8+KYkglLvG 6IEMI1LL84mybJS1Fb80l0PxPZ/3DcCvetjWT0wi/fOZBjzzqhEs8kwGgavSaEOTtd2xZKMQ+AHyR RTg+rO80q7ef4lV+DbkbgJBULssLtmGIxQRKS9pYx5KRRo84McoAlLJzw+1NcVZa0Mms=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] VT-d: show permissions during page table walks Message-Id: Date: Thu, 16 Sep 2021 09:11:14 +0000 commit 8f009f13e9c71159fd718fb438bad63b48d7695c Author: Jan Beulich AuthorDate: Thu Sep 16 10:57:09 2021 +0200 Commit: Jan Beulich CommitDate: Thu Sep 16 10:57:09 2021 +0200 VT-d: show permissions during page table walks Besides the addresses this is the next crucial bit of information one might be after. Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian --- xen/drivers/passthrough/vtd/iommu.c | 6 ++++-- xen/drivers/passthrough/vtd/utils.c | 11 ++++------- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 08890c66d4..fc55f16343 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -2655,10 +2655,12 @@ static void vtd_dump_page_table_level(paddr_t pt_maddr, int level, paddr_t gpa, vtd_dump_page_table_level(dma_pte_addr(*pte), next_level, address, indent + 1); else - printk("%*sdfn: %08lx mfn: %08lx\n", + printk("%*sdfn: %08lx mfn: %08lx %c%c\n", indent, "", (unsigned long)(address >> PAGE_SHIFT_4K), - (unsigned long)(dma_pte_addr(*pte) >> PAGE_SHIFT_4K)); + (unsigned long)(dma_pte_addr(*pte) >> PAGE_SHIFT_4K), + dma_pte_read(*pte) ? 'r' : '-', + dma_pte_write(*pte) ? 'w' : '-'); } unmap_vtd_domain_page(pt_vaddr); diff --git a/xen/drivers/passthrough/vtd/utils.c b/xen/drivers/passthrough/vtd/utils.c index 70add3cc8e..788cbdeee4 100644 --- a/xen/drivers/passthrough/vtd/utils.c +++ b/xen/drivers/passthrough/vtd/utils.c @@ -159,14 +159,11 @@ void print_vtd_entries(struct vtd_iommu *iommu, int bus, int devfn, u64 gmfn) l_index = get_level_index(gmfn, level); pte.val = l[l_index]; unmap_vtd_domain_page(l); - printk(" l%u[%03x] = %"PRIx64"\n", level, l_index, pte.val); + printk(" l%u[%03x] = %"PRIx64" %c%c\n", level, l_index, pte.val, + dma_pte_read(pte) ? 'r' : '-', + dma_pte_write(pte) ? 'w' : '-'); - if ( !dma_pte_present(pte) ) - { - printk(" l%u[%03x] not present\n", level, l_index); - break; - } - if ( dma_pte_superpage(pte) ) + if ( !dma_pte_present(pte) || dma_pte_superpage(pte) ) break; val = dma_pte_addr(pte); } while ( --level ); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Sep 16 09:11:26 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 16 Sep 2021 09:11:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.188270.337368 (Exim 4.92) (envelope-from ) id 1mQnQU-0002hZ-13; Thu, 16 Sep 2021 09:11:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 188270.337368; Thu, 16 Sep 2021 09:11:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQnQT-0002hB-Tf; Thu, 16 Sep 2021 09:11:25 +0000 Received: by outflank-mailman (input) for mailman id 188270; Thu, 16 Sep 2021 09:11:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQnQS-0002eb-Ds for xen-changelog@lists.xenproject.org; Thu, 16 Sep 2021 09:11:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQnQS-0002UI-D5 for xen-changelog@lists.xenproject.org; Thu, 16 Sep 2021 09:11:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mQnQS-0008Fb-C1 for xen-changelog@lists.xenproject.org; Thu, 16 Sep 2021 09:11:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=EQSL7gAoX2fQknhd37gOw7uXjqcUU25dzVF3W/A0HIw=; b=xlBvbMJVmpN4giav1X4ZsyFcrr XARYBQxbTmnJI8h3oRbl4vhzYCB7ALe1fo8Bl4R4Ehnjd3eATxb7L8XdxyFC/+vNJ5zN3dV4eB3lg m3JBsowy0c0L4pObe0taxkPEAs3Aw4gtCXu5W4IvNiETpotEibf2qt5/gh7MePhNXfQY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] IOMMU/x86: drop pointless NULL checks Message-Id: Date: Thu, 16 Sep 2021 09:11:24 +0000 commit 893335807d5b11d0899e7b7bb3cb45c5af289767 Author: Jan Beulich AuthorDate: Thu Sep 16 10:58:03 2021 +0200 Commit: Jan Beulich CommitDate: Thu Sep 16 10:58:03 2021 +0200 IOMMU/x86: drop pointless NULL checks map_domain_page() et al never fail; no need to check their return values against NULL, and no need to carry dead printk()s. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper Reviewed-by: Kevin Tian --- xen/drivers/passthrough/amd/pci_amd_iommu.c | 6 ------ xen/drivers/passthrough/vtd/iommu.c | 6 ------ xen/drivers/passthrough/vtd/utils.c | 15 --------------- 3 files changed, 27 deletions(-) diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 342fce6fff..819b5a6cc3 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -566,12 +566,6 @@ static void amd_dump_page_table_level(struct page_info *pg, int level, return; table_vaddr = __map_domain_page(pg); - if ( table_vaddr == NULL ) - { - printk("AMD IOMMU failed to map domain page %"PRIpaddr"\n", - page_to_maddr(pg)); - return; - } for ( index = 0; index < PTE_PER_TABLE_SIZE; index++ ) { diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index fc55f16343..bab19d79e8 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -2633,12 +2633,6 @@ static void vtd_dump_page_table_level(paddr_t pt_maddr, int level, paddr_t gpa, return; pt_vaddr = map_vtd_domain_page(pt_maddr); - if ( pt_vaddr == NULL ) - { - printk(VTDPREFIX " failed to map domain page %"PRIpaddr"\n", - pt_maddr); - return; - } next_level = level - 1; for ( i = 0; i < PTE_NUM; i++ ) diff --git a/xen/drivers/passthrough/vtd/utils.c b/xen/drivers/passthrough/vtd/utils.c index 788cbdeee4..56dfdff9bd 100644 --- a/xen/drivers/passthrough/vtd/utils.c +++ b/xen/drivers/passthrough/vtd/utils.c @@ -106,11 +106,6 @@ void print_vtd_entries(struct vtd_iommu *iommu, int bus, int devfn, u64 gmfn) } root_entry = (struct root_entry *)map_vtd_domain_page(iommu->root_maddr); - if ( root_entry == NULL ) - { - printk(" root_entry == NULL\n"); - return; - } printk(" root_entry[%02x] = %"PRIx64"\n", bus, root_entry[bus].val); if ( !root_present(root_entry[bus]) ) @@ -123,11 +118,6 @@ void print_vtd_entries(struct vtd_iommu *iommu, int bus, int devfn, u64 gmfn) val = root_entry[bus].val; unmap_vtd_domain_page(root_entry); ctxt_entry = map_vtd_domain_page(val); - if ( ctxt_entry == NULL ) - { - printk(" ctxt_entry == NULL\n"); - return; - } val = ctxt_entry[devfn].lo; printk(" context[%02x] = %"PRIx64"_%"PRIx64"\n", @@ -151,11 +141,6 @@ void print_vtd_entries(struct vtd_iommu *iommu, int bus, int devfn, u64 gmfn) do { l = map_vtd_domain_page(val); - if ( l == NULL ) - { - printk(" l%u == NULL\n", level); - break; - } l_index = get_level_index(gmfn, level); pte.val = l[l_index]; unmap_vtd_domain_page(l); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Sep 16 09:11:36 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 16 Sep 2021 09:11:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.188272.337380 (Exim 4.92) (envelope-from ) id 1mQnQe-00032k-2l; Thu, 16 Sep 2021 09:11:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 188272.337380; Thu, 16 Sep 2021 09:11:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQnQd-00032c-VG; Thu, 16 Sep 2021 09:11:35 +0000 Received: by outflank-mailman (input) for mailman id 188272; Thu, 16 Sep 2021 09:11:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQnQc-00031f-HI for xen-changelog@lists.xenproject.org; Thu, 16 Sep 2021 09:11:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQnQc-0002UW-GA for xen-changelog@lists.xenproject.org; Thu, 16 Sep 2021 09:11:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mQnQc-0008GQ-FI for xen-changelog@lists.xenproject.org; Thu, 16 Sep 2021 09:11:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Gjume+tywWVcKQpzds0zhRSGd7nPe8cHxMPFApbeD3M=; b=hKvsI2U2bWPLzW9R9E+9ACZGTB 5SV/NFpkcMe+wtXPlSTgj+p+/uRy2Dvrx3c5unj4Tp/3e4Y26jZV6Xp9q0g+1ptaExsWhiEyOboIi yKPtITywa6AUFWllVJJ5nOwHq/fkwz4Lum9zhxnTkeHdpxnMMGOOgMx4z0bO8kSnjXUM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xsm: apply coding style Message-Id: Date: Thu, 16 Sep 2021 09:11:34 +0000 commit b17546d7f33e95103922470b1ae422b60a04ec06 Author: Daniel P. Smith AuthorDate: Thu Sep 16 10:58:59 2021 +0200 Commit: Jan Beulich CommitDate: Thu Sep 16 10:58:59 2021 +0200 xsm: apply coding style Instead of intermixing coding style changes with code changes as they are come upon in this patch set, moving all coding style changes into a single commit. The focus of coding style changes here are, - move trailing comments to line above - ensuring line length does not exceed 80 chars - ensuring proper indentation for 80 char wrapping - covert u32 type statements to uint32_t - remove space between closing and opening parens - drop extern on function declarations Signed-off-by: Daniel P. Smith Acked-by: Jan Beulich --- xen/include/xsm/dummy.h | 190 ++++++++++++------- xen/include/xsm/xsm.h | 495 ++++++++++++++++++++++++++---------------------- xen/xsm/xsm_core.c | 8 +- xen/xsm/xsm_policy.c | 7 +- 4 files changed, 396 insertions(+), 304 deletions(-) diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h index 214b5408b1..3b1b378b58 100644 --- a/xen/include/xsm/dummy.h +++ b/xen/include/xsm/dummy.h @@ -19,7 +19,8 @@ #include #include -/* Cannot use BUILD_BUG_ON here because the expressions we check are not +/* + * Cannot use BUILD_BUG_ON here because the expressions we check are not * considered constant at compile time. Instead, rely on constant propagation to * inline out the calls to this invalid function, which will cause linker errors * if references remain at link time. @@ -44,7 +45,8 @@ void __xsm_action_mismatch_detected(void); #ifdef CONFIG_XSM -/* In CONFIG_XSM builds, this header file is included from xsm/dummy.c, and +/* + * In CONFIG_XSM builds, this header file is included from xsm/dummy.c, and * contains static (not inline) functions compiled to the dummy XSM module. * There is no xsm_default_t argument available, so the value from the assertion * is used to initialize the variable. @@ -57,7 +59,8 @@ void __xsm_action_mismatch_detected(void); #else /* CONFIG_XSM */ -/* In !CONFIG_XSM builds, this header file is included from xsm/xsm.h, and +/* + * In !CONFIG_XSM builds, this header file is included from xsm/xsm.h, and * contains inline functions for each XSM hook. These functions also perform * compile-time checks on the xsm_default_t argument to ensure that the behavior * of the dummy XSM module is the same as the behavior with XSM disabled. @@ -98,13 +101,14 @@ static always_inline int xsm_default_action( } } -static XSM_INLINE void xsm_security_domaininfo(struct domain *d, - struct xen_domctl_getdomaininfo *info) +static XSM_INLINE void xsm_security_domaininfo( + struct domain *d, struct xen_domctl_getdomaininfo *info) { return; } -static XSM_INLINE int xsm_domain_create(XSM_DEFAULT_ARG struct domain *d, u32 ssidref) +static XSM_INLINE int xsm_domain_create( + XSM_DEFAULT_ARG struct domain *d, uint32_t ssidref) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); @@ -116,7 +120,8 @@ static XSM_INLINE int xsm_getdomaininfo(XSM_DEFAULT_ARG struct domain *d) return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_domctl_scheduler_op(XSM_DEFAULT_ARG struct domain *d, int cmd) +static XSM_INLINE int xsm_domctl_scheduler_op( + XSM_DEFAULT_ARG struct domain *d, int cmd) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); @@ -128,7 +133,8 @@ static XSM_INLINE int xsm_sysctl_scheduler_op(XSM_DEFAULT_ARG int cmd) return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_set_target(XSM_DEFAULT_ARG struct domain *d, struct domain *e) +static XSM_INLINE int xsm_set_target( + XSM_DEFAULT_ARG struct domain *d, struct domain *e) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, NULL); @@ -173,38 +179,43 @@ static XSM_INLINE void xsm_free_security_domain(struct domain *d) return; } -static XSM_INLINE int xsm_grant_mapref(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2, - uint32_t flags) +static XSM_INLINE int xsm_grant_mapref( + XSM_DEFAULT_ARG struct domain *d1, struct domain *d2, uint32_t flags) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_grant_unmapref(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) +static XSM_INLINE int xsm_grant_unmapref( + XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_grant_setup(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) +static XSM_INLINE int xsm_grant_setup( + XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_grant_transfer(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) +static XSM_INLINE int xsm_grant_transfer( + XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_grant_copy(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) +static XSM_INLINE int xsm_grant_copy( + XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_grant_query_size(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) +static XSM_INLINE int xsm_grant_query_size( + XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d1, d2); @@ -216,14 +227,15 @@ static XSM_INLINE int xsm_memory_exchange(XSM_DEFAULT_ARG struct domain *d) return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_memory_adjust_reservation(XSM_DEFAULT_ARG struct domain *d1, - struct domain *d2) +static XSM_INLINE int xsm_memory_adjust_reservation( + XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_memory_stat_reservation(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) +static XSM_INLINE int xsm_memory_stat_reservation( + XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d1, d2); @@ -253,14 +265,16 @@ static XSM_INLINE int xsm_kexec(XSM_DEFAULT_VOID) return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_schedop_shutdown(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) +static XSM_INLINE int xsm_schedop_shutdown( + XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { XSM_ASSERT_ACTION(XSM_DM_PRIV); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_memory_pin_page(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2, - struct page_info *page) +static XSM_INLINE int xsm_memory_pin_page( + XSM_DEFAULT_ARG struct domain *d1, struct domain *d2, + struct page_info *page) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, d1, d2); @@ -272,15 +286,16 @@ static XSM_INLINE int xsm_claim_pages(XSM_DEFAULT_ARG struct domain *d) return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_evtchn_unbound(XSM_DEFAULT_ARG struct domain *d, struct evtchn *chn, - domid_t id2) +static XSM_INLINE int xsm_evtchn_unbound( + XSM_DEFAULT_ARG struct domain *d, struct evtchn *chn, domid_t id2) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_evtchn_interdomain(XSM_DEFAULT_ARG struct domain *d1, struct evtchn - *chan1, struct domain *d2, struct evtchn *chan2) +static XSM_INLINE int xsm_evtchn_interdomain( + XSM_DEFAULT_ARG struct domain *d1, struct evtchn *chan1, struct domain *d2, + struct evtchn *chan2) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, d1, d2); @@ -291,19 +306,22 @@ static XSM_INLINE void xsm_evtchn_close_post(struct evtchn *chn) return; } -static XSM_INLINE int xsm_evtchn_send(XSM_DEFAULT_ARG struct domain *d, struct evtchn *chn) +static XSM_INLINE int xsm_evtchn_send( + XSM_DEFAULT_ARG struct domain *d, struct evtchn *chn) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, d, NULL); } -static XSM_INLINE int xsm_evtchn_status(XSM_DEFAULT_ARG struct domain *d, struct evtchn *chn) +static XSM_INLINE int xsm_evtchn_status( + XSM_DEFAULT_ARG struct domain *d, struct evtchn *chn) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_evtchn_reset(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) +static XSM_INLINE int xsm_evtchn_reset( + XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d1, d2); @@ -321,7 +339,8 @@ static XSM_INLINE void xsm_free_security_evtchns( return; } -static XSM_INLINE char *xsm_show_security_evtchn(struct domain *d, const struct evtchn *chn) +static XSM_INLINE char *xsm_show_security_evtchn( + struct domain *d, const struct evtchn *chn) { return NULL; } @@ -357,13 +376,15 @@ static XSM_INLINE int xsm_get_device_group(XSM_DEFAULT_ARG uint32_t machine_bdf) return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_assign_device(XSM_DEFAULT_ARG struct domain *d, uint32_t machine_bdf) +static XSM_INLINE int xsm_assign_device( + XSM_DEFAULT_ARG struct domain *d, uint32_t machine_bdf) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_deassign_device(XSM_DEFAULT_ARG struct domain *d, uint32_t machine_bdf) +static XSM_INLINE int xsm_deassign_device( + XSM_DEFAULT_ARG struct domain *d, uint32_t machine_bdf) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); @@ -372,15 +393,15 @@ static XSM_INLINE int xsm_deassign_device(XSM_DEFAULT_ARG struct domain *d, uint #endif /* HAS_PASSTHROUGH && HAS_PCI */ #if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_DEVICE_TREE) -static XSM_INLINE int xsm_assign_dtdevice(XSM_DEFAULT_ARG struct domain *d, - const char *dtpath) +static XSM_INLINE int xsm_assign_dtdevice( + XSM_DEFAULT_ARG struct domain *d, const char *dtpath) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_deassign_dtdevice(XSM_DEFAULT_ARG struct domain *d, - const char *dtpath) +static XSM_INLINE int xsm_deassign_dtdevice( + XSM_DEFAULT_ARG struct domain *d, const char *dtpath) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); @@ -400,19 +421,22 @@ static XSM_INLINE int xsm_resource_unplug_core(XSM_DEFAULT_VOID) return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_resource_plug_pci(XSM_DEFAULT_ARG uint32_t machine_bdf) +static XSM_INLINE int xsm_resource_plug_pci( + XSM_DEFAULT_ARG uint32_t machine_bdf) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_resource_unplug_pci(XSM_DEFAULT_ARG uint32_t machine_bdf) +static XSM_INLINE int xsm_resource_unplug_pci( + XSM_DEFAULT_ARG uint32_t machine_bdf) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_resource_setup_pci(XSM_DEFAULT_ARG uint32_t machine_bdf) +static XSM_INLINE int xsm_resource_setup_pci( + XSM_DEFAULT_ARG uint32_t machine_bdf) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, NULL); @@ -465,8 +489,8 @@ static XSM_INLINE int xsm_map_domain_pirq(XSM_DEFAULT_ARG struct domain *d) return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_map_domain_irq(XSM_DEFAULT_ARG struct domain *d, - int irq, const void *data) +static XSM_INLINE int xsm_map_domain_irq( + XSM_DEFAULT_ARG struct domain *d, int irq, const void *data) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); @@ -478,76 +502,86 @@ static XSM_INLINE int xsm_unmap_domain_pirq(XSM_DEFAULT_ARG struct domain *d) return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_bind_pt_irq(XSM_DEFAULT_ARG struct domain *d, struct xen_domctl_bind_pt_irq *bind) +static XSM_INLINE int xsm_bind_pt_irq( + XSM_DEFAULT_ARG struct domain *d, struct xen_domctl_bind_pt_irq *bind) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_unbind_pt_irq(XSM_DEFAULT_ARG struct domain *d, struct xen_domctl_bind_pt_irq *bind) +static XSM_INLINE int xsm_unbind_pt_irq( + XSM_DEFAULT_ARG struct domain *d, struct xen_domctl_bind_pt_irq *bind) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_unmap_domain_irq(XSM_DEFAULT_ARG struct domain *d, - int irq, const void *data) +static XSM_INLINE int xsm_unmap_domain_irq( + XSM_DEFAULT_ARG struct domain *d, int irq, const void *data) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_irq_permission(XSM_DEFAULT_ARG struct domain *d, int pirq, uint8_t allow) +static XSM_INLINE int xsm_irq_permission( + XSM_DEFAULT_ARG struct domain *d, int pirq, uint8_t allow) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_iomem_permission(XSM_DEFAULT_ARG struct domain *d, uint64_t s, uint64_t e, uint8_t allow) +static XSM_INLINE int xsm_iomem_permission( + XSM_DEFAULT_ARG struct domain *d, uint64_t s, uint64_t e, uint8_t allow) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_iomem_mapping(XSM_DEFAULT_ARG struct domain *d, uint64_t s, uint64_t e, uint8_t allow) +static XSM_INLINE int xsm_iomem_mapping( + XSM_DEFAULT_ARG struct domain *d, uint64_t s, uint64_t e, uint8_t allow) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_pci_config_permission(XSM_DEFAULT_ARG struct domain *d, uint32_t machine_bdf, - uint16_t start, uint16_t end, - uint8_t access) +static XSM_INLINE int xsm_pci_config_permission( + XSM_DEFAULT_ARG struct domain *d, uint32_t machine_bdf, uint16_t start, + uint16_t end, uint8_t access) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_add_to_physmap(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) +static XSM_INLINE int xsm_add_to_physmap( + XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_remove_from_physmap(XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) +static XSM_INLINE int xsm_remove_from_physmap( + XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_map_gmfn_foreign(XSM_DEFAULT_ARG struct domain *d, struct domain *t) +static XSM_INLINE int xsm_map_gmfn_foreign( + XSM_DEFAULT_ARG struct domain *d, struct domain *t) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d, t); } -static XSM_INLINE int xsm_hvm_param(XSM_DEFAULT_ARG struct domain *d, unsigned long op) +static XSM_INLINE int xsm_hvm_param( + XSM_DEFAULT_ARG struct domain *d, unsigned long op) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_hvm_control(XSM_DEFAULT_ARG struct domain *d, unsigned long op) +static XSM_INLINE int xsm_hvm_control( + XSM_DEFAULT_ARG struct domain *d, unsigned long op) { XSM_ASSERT_ACTION(XSM_DM_PRIV); return xsm_default_action(action, current->domain, d); @@ -559,7 +593,8 @@ static XSM_INLINE int xsm_hvm_param_altp2mhvm(XSM_DEFAULT_ARG struct domain *d) return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_hvm_altp2mhvm_op(XSM_DEFAULT_ARG struct domain *d, uint64_t mode, uint32_t op) +static XSM_INLINE int xsm_hvm_altp2mhvm_op( + XSM_DEFAULT_ARG struct domain *d, uint64_t mode, uint32_t op) { XSM_ASSERT_ACTION(XSM_OTHER); @@ -578,7 +613,8 @@ static XSM_INLINE int xsm_hvm_altp2mhvm_op(XSM_DEFAULT_ARG struct domain *d, uin } } -static XSM_INLINE int xsm_vm_event_control(XSM_DEFAULT_ARG struct domain *d, int mode, int op) +static XSM_INLINE int xsm_vm_event_control( + XSM_DEFAULT_ARG struct domain *d, int mode, int op) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, d); @@ -621,13 +657,15 @@ static XSM_INLINE int xsm_do_mca(XSM_DEFAULT_VOID) return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_shadow_control(XSM_DEFAULT_ARG struct domain *d, uint32_t op) +static XSM_INLINE int xsm_shadow_control( + XSM_DEFAULT_ARG struct domain *d, uint32_t op) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_mem_sharing_op(XSM_DEFAULT_ARG struct domain *d, struct domain *cd, int op) +static XSM_INLINE int xsm_mem_sharing_op( + XSM_DEFAULT_ARG struct domain *d, struct domain *cd, int op) { XSM_ASSERT_ACTION(XSM_DM_PRIV); return xsm_default_action(action, current->domain, cd); @@ -651,8 +689,9 @@ static XSM_INLINE int xsm_domain_memory_map(XSM_DEFAULT_ARG struct domain *d) return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_mmu_update(XSM_DEFAULT_ARG struct domain *d, struct domain *t, - struct domain *f, uint32_t flags) +static XSM_INLINE int xsm_mmu_update( + XSM_DEFAULT_ARG struct domain *d, struct domain *t, struct domain *f, + uint32_t flags) { int rc = 0; XSM_ASSERT_ACTION(XSM_TARGET); @@ -663,38 +702,43 @@ static XSM_INLINE int xsm_mmu_update(XSM_DEFAULT_ARG struct domain *d, struct do return rc; } -static XSM_INLINE int xsm_mmuext_op(XSM_DEFAULT_ARG struct domain *d, struct domain *f) +static XSM_INLINE int xsm_mmuext_op( + XSM_DEFAULT_ARG struct domain *d, struct domain *f) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d, f); } -static XSM_INLINE int xsm_update_va_mapping(XSM_DEFAULT_ARG struct domain *d, struct domain *f, - l1_pgentry_t pte) +static XSM_INLINE int xsm_update_va_mapping( + XSM_DEFAULT_ARG struct domain *d, struct domain *f, l1_pgentry_t pte) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d, f); } -static XSM_INLINE int xsm_priv_mapping(XSM_DEFAULT_ARG struct domain *d, struct domain *t) +static XSM_INLINE int xsm_priv_mapping( + XSM_DEFAULT_ARG struct domain *d, struct domain *t) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d, t); } -static XSM_INLINE int xsm_ioport_permission(XSM_DEFAULT_ARG struct domain *d, uint32_t s, uint32_t e, uint8_t allow) +static XSM_INLINE int xsm_ioport_permission( + XSM_DEFAULT_ARG struct domain *d, uint32_t s, uint32_t e, uint8_t allow) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_ioport_mapping(XSM_DEFAULT_ARG struct domain *d, uint32_t s, uint32_t e, uint8_t allow) +static XSM_INLINE int xsm_ioport_mapping( + XSM_DEFAULT_ARG struct domain *d, uint32_t s, uint32_t e, uint8_t allow) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_pmu_op (XSM_DEFAULT_ARG struct domain *d, unsigned int op) +static XSM_INLINE int xsm_pmu_op( + XSM_DEFAULT_ARG struct domain *d, unsigned int op) { XSM_ASSERT_ACTION(XSM_OTHER); switch ( op ) @@ -723,8 +767,8 @@ static XSM_INLINE int xsm_argo_enable(const struct domain *d) return 0; } -static XSM_INLINE int xsm_argo_register_single_source(const struct domain *d, - const struct domain *t) +static XSM_INLINE int xsm_argo_register_single_source( + const struct domain *d, const struct domain *t) { return 0; } @@ -734,8 +778,8 @@ static XSM_INLINE int xsm_argo_register_any_source(const struct domain *d) return 0; } -static XSM_INLINE int xsm_argo_send(const struct domain *d, - const struct domain *t) +static XSM_INLINE int xsm_argo_send( + const struct domain *d, const struct domain *t) { return 0; } @@ -743,7 +787,7 @@ static XSM_INLINE int xsm_argo_send(const struct domain *d, #endif /* CONFIG_ARGO */ #include -static XSM_INLINE int xsm_xen_version (XSM_DEFAULT_ARG uint32_t op) +static XSM_INLINE int xsm_xen_version(XSM_DEFAULT_ARG uint32_t op) { XSM_ASSERT_ACTION(XSM_OTHER); switch ( op ) diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h index 16b90be2c5..7673d605a6 100644 --- a/xen/include/xsm/xsm.h +++ b/xen/include/xsm/xsm.h @@ -19,7 +19,7 @@ #include /* policy magic number (defined by XSM_MAGIC) */ -typedef u32 xsm_magic_t; +typedef uint32_t xsm_magic_t; #ifdef CONFIG_XSM_FLASK #define XSM_MAGIC 0xf97cff8c @@ -27,7 +27,8 @@ typedef u32 xsm_magic_t; #define XSM_MAGIC 0x0 #endif -/* These annotations are used by callers and in dummy.h to document the +/* + * These annotations are used by callers and in dummy.h to document the * default actions of XSM hooks. They should be compiled out otherwise. */ enum xsm_default { @@ -41,147 +42,154 @@ enum xsm_default { typedef enum xsm_default xsm_default_t; struct xsm_operations { - void (*security_domaininfo) (struct domain *d, - struct xen_domctl_getdomaininfo *info); - int (*domain_create) (struct domain *d, u32 ssidref); - int (*getdomaininfo) (struct domain *d); - int (*domctl_scheduler_op) (struct domain *d, int op); - int (*sysctl_scheduler_op) (int op); - int (*set_target) (struct domain *d, struct domain *e); - int (*domctl) (struct domain *d, int cmd); - int (*sysctl) (int cmd); - int (*readconsole) (uint32_t clear); - - int (*evtchn_unbound) (struct domain *d, struct evtchn *chn, domid_t id2); - int (*evtchn_interdomain) (struct domain *d1, struct evtchn *chn1, - struct domain *d2, struct evtchn *chn2); - void (*evtchn_close_post) (struct evtchn *chn); - int (*evtchn_send) (struct domain *d, struct evtchn *chn); - int (*evtchn_status) (struct domain *d, struct evtchn *chn); - int (*evtchn_reset) (struct domain *d1, struct domain *d2); - - int (*grant_mapref) (struct domain *d1, struct domain *d2, uint32_t flags); - int (*grant_unmapref) (struct domain *d1, struct domain *d2); - int (*grant_setup) (struct domain *d1, struct domain *d2); - int (*grant_transfer) (struct domain *d1, struct domain *d2); - int (*grant_copy) (struct domain *d1, struct domain *d2); - int (*grant_query_size) (struct domain *d1, struct domain *d2); - - int (*alloc_security_domain) (struct domain *d); - void (*free_security_domain) (struct domain *d); - int (*alloc_security_evtchns) (struct evtchn chn[], unsigned int nr); - void (*free_security_evtchns) (struct evtchn chn[], unsigned int nr); - char *(*show_security_evtchn) (struct domain *d, const struct evtchn *chn); - int (*init_hardware_domain) (struct domain *d); - - int (*get_pod_target) (struct domain *d); - int (*set_pod_target) (struct domain *d); - int (*memory_exchange) (struct domain *d); - int (*memory_adjust_reservation) (struct domain *d1, struct domain *d2); - int (*memory_stat_reservation) (struct domain *d1, struct domain *d2); - int (*memory_pin_page) (struct domain *d1, struct domain *d2, struct page_info *page); - int (*add_to_physmap) (struct domain *d1, struct domain *d2); - int (*remove_from_physmap) (struct domain *d1, struct domain *d2); - int (*map_gmfn_foreign) (struct domain *d, struct domain *t); - int (*claim_pages) (struct domain *d); - - int (*console_io) (struct domain *d, int cmd); - - int (*profile) (struct domain *d, int op); - - int (*kexec) (void); - int (*schedop_shutdown) (struct domain *d1, struct domain *d2); - - char *(*show_irq_sid) (int irq); - int (*map_domain_pirq) (struct domain *d); - int (*map_domain_irq) (struct domain *d, int irq, const void *data); - int (*unmap_domain_pirq) (struct domain *d); - int (*unmap_domain_irq) (struct domain *d, int irq, const void *data); - int (*bind_pt_irq) (struct domain *d, struct xen_domctl_bind_pt_irq *bind); - int (*unbind_pt_irq) (struct domain *d, struct xen_domctl_bind_pt_irq *bind); - int (*irq_permission) (struct domain *d, int pirq, uint8_t allow); - int (*iomem_permission) (struct domain *d, uint64_t s, uint64_t e, uint8_t allow); - int (*iomem_mapping) (struct domain *d, uint64_t s, uint64_t e, uint8_t allow); - int (*pci_config_permission) (struct domain *d, uint32_t machine_bdf, uint16_t start, uint16_t end, uint8_t access); + void (*security_domaininfo)(struct domain *d, + struct xen_domctl_getdomaininfo *info); + int (*domain_create)(struct domain *d, uint32_t ssidref); + int (*getdomaininfo)(struct domain *d); + int (*domctl_scheduler_op)(struct domain *d, int op); + int (*sysctl_scheduler_op)(int op); + int (*set_target)(struct domain *d, struct domain *e); + int (*domctl)(struct domain *d, int cmd); + int (*sysctl)(int cmd); + int (*readconsole)(uint32_t clear); + + int (*evtchn_unbound)(struct domain *d, struct evtchn *chn, domid_t id2); + int (*evtchn_interdomain)(struct domain *d1, struct evtchn *chn1, + struct domain *d2, struct evtchn *chn2); + void (*evtchn_close_post)(struct evtchn *chn); + int (*evtchn_send)(struct domain *d, struct evtchn *chn); + int (*evtchn_status)(struct domain *d, struct evtchn *chn); + int (*evtchn_reset)(struct domain *d1, struct domain *d2); + + int (*grant_mapref)(struct domain *d1, struct domain *d2, uint32_t flags); + int (*grant_unmapref)(struct domain *d1, struct domain *d2); + int (*grant_setup)(struct domain *d1, struct domain *d2); + int (*grant_transfer)(struct domain *d1, struct domain *d2); + int (*grant_copy)(struct domain *d1, struct domain *d2); + int (*grant_query_size)(struct domain *d1, struct domain *d2); + + int (*alloc_security_domain)(struct domain *d); + void (*free_security_domain)(struct domain *d); + int (*alloc_security_evtchns)(struct evtchn chn[], unsigned int nr); + void (*free_security_evtchns)(struct evtchn chn[], unsigned int nr); + char *(*show_security_evtchn)(struct domain *d, const struct evtchn *chn); + int (*init_hardware_domain)(struct domain *d); + + int (*get_pod_target)(struct domain *d); + int (*set_pod_target)(struct domain *d); + int (*memory_exchange)(struct domain *d); + int (*memory_adjust_reservation)(struct domain *d1, struct domain *d2); + int (*memory_stat_reservation)(struct domain *d1, struct domain *d2); + int (*memory_pin_page)(struct domain *d1, struct domain *d2, + struct page_info *page); + int (*add_to_physmap)(struct domain *d1, struct domain *d2); + int (*remove_from_physmap)(struct domain *d1, struct domain *d2); + int (*map_gmfn_foreign)(struct domain *d, struct domain *t); + int (*claim_pages)(struct domain *d); + + int (*console_io)(struct domain *d, int cmd); + + int (*profile)(struct domain *d, int op); + + int (*kexec)(void); + int (*schedop_shutdown)(struct domain *d1, struct domain *d2); + + char *(*show_irq_sid)(int irq); + int (*map_domain_pirq)(struct domain *d); + int (*map_domain_irq)(struct domain *d, int irq, const void *data); + int (*unmap_domain_pirq)(struct domain *d); + int (*unmap_domain_irq)(struct domain *d, int irq, const void *data); + int (*bind_pt_irq)(struct domain *d, struct xen_domctl_bind_pt_irq *bind); + int (*unbind_pt_irq)(struct domain *d, struct xen_domctl_bind_pt_irq *bind); + int (*irq_permission)(struct domain *d, int pirq, uint8_t allow); + int (*iomem_permission)(struct domain *d, uint64_t s, uint64_t e, + uint8_t allow); + int (*iomem_mapping)(struct domain *d, uint64_t s, uint64_t e, + uint8_t allow); + int (*pci_config_permission)(struct domain *d, uint32_t machine_bdf, + uint16_t start, uint16_t end, uint8_t access); #if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_PCI) - int (*get_device_group) (uint32_t machine_bdf); - int (*assign_device) (struct domain *d, uint32_t machine_bdf); - int (*deassign_device) (struct domain *d, uint32_t machine_bdf); + int (*get_device_group)(uint32_t machine_bdf); + int (*assign_device)(struct domain *d, uint32_t machine_bdf); + int (*deassign_device)(struct domain *d, uint32_t machine_bdf); #endif #if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_DEVICE_TREE) - int (*assign_dtdevice) (struct domain *d, const char *dtpath); - int (*deassign_dtdevice) (struct domain *d, const char *dtpath); + int (*assign_dtdevice)(struct domain *d, const char *dtpath); + int (*deassign_dtdevice)(struct domain *d, const char *dtpath); #endif - int (*resource_plug_core) (void); - int (*resource_unplug_core) (void); - int (*resource_plug_pci) (uint32_t machine_bdf); - int (*resource_unplug_pci) (uint32_t machine_bdf); - int (*resource_setup_pci) (uint32_t machine_bdf); - int (*resource_setup_gsi) (int gsi); - int (*resource_setup_misc) (void); + int (*resource_plug_core)(void); + int (*resource_unplug_core)(void); + int (*resource_plug_pci)(uint32_t machine_bdf); + int (*resource_unplug_pci)(uint32_t machine_bdf); + int (*resource_setup_pci)(uint32_t machine_bdf); + int (*resource_setup_gsi)(int gsi); + int (*resource_setup_misc)(void); int (*page_offline)(uint32_t cmd); int (*hypfs_op)(void); - long (*do_xsm_op) (XEN_GUEST_HANDLE_PARAM(void) op); + long (*do_xsm_op)(XEN_GUEST_HANDLE_PARAM(void) op); #ifdef CONFIG_COMPAT - int (*do_compat_op) (XEN_GUEST_HANDLE_PARAM(void) op); + int (*do_compat_op)(XEN_GUEST_HANDLE_PARAM(void) op); #endif - int (*hvm_param) (struct domain *d, unsigned long op); - int (*hvm_control) (struct domain *d, unsigned long op); - int (*hvm_param_altp2mhvm) (struct domain *d); - int (*hvm_altp2mhvm_op) (struct domain *d, uint64_t mode, uint32_t op); - int (*get_vnumainfo) (struct domain *d); + int (*hvm_param)(struct domain *d, unsigned long op); + int (*hvm_control)(struct domain *d, unsigned long op); + int (*hvm_param_altp2mhvm)(struct domain *d); + int (*hvm_altp2mhvm_op)(struct domain *d, uint64_t mode, uint32_t op); + int (*get_vnumainfo)(struct domain *d); - int (*vm_event_control) (struct domain *d, int mode, int op); + int (*vm_event_control)(struct domain *d, int mode, int op); #ifdef CONFIG_MEM_ACCESS - int (*mem_access) (struct domain *d); + int (*mem_access)(struct domain *d); #endif #ifdef CONFIG_MEM_PAGING - int (*mem_paging) (struct domain *d); + int (*mem_paging)(struct domain *d); #endif #ifdef CONFIG_MEM_SHARING - int (*mem_sharing) (struct domain *d); + int (*mem_sharing)(struct domain *d); #endif - int (*platform_op) (uint32_t cmd); + int (*platform_op)(uint32_t cmd); #ifdef CONFIG_X86 - int (*do_mca) (void); - int (*shadow_control) (struct domain *d, uint32_t op); - int (*mem_sharing_op) (struct domain *d, struct domain *cd, int op); - int (*apic) (struct domain *d, int cmd); - int (*machine_memory_map) (void); - int (*domain_memory_map) (struct domain *d); + int (*do_mca)(void); + int (*shadow_control)(struct domain *d, uint32_t op); + int (*mem_sharing_op)(struct domain *d, struct domain *cd, int op); + int (*apic)(struct domain *d, int cmd); + int (*machine_memory_map)(void); + int (*domain_memory_map)(struct domain *d); #define XSM_MMU_UPDATE_READ 1 #define XSM_MMU_UPDATE_WRITE 2 #define XSM_MMU_NORMAL_UPDATE 4 #define XSM_MMU_MACHPHYS_UPDATE 8 - int (*mmu_update) (struct domain *d, struct domain *t, - struct domain *f, uint32_t flags); - int (*mmuext_op) (struct domain *d, struct domain *f); - int (*update_va_mapping) (struct domain *d, struct domain *f, l1_pgentry_t pte); - int (*priv_mapping) (struct domain *d, struct domain *t); - int (*ioport_permission) (struct domain *d, uint32_t s, uint32_t e, uint8_t allow); - int (*ioport_mapping) (struct domain *d, uint32_t s, uint32_t e, uint8_t allow); - int (*pmu_op) (struct domain *d, unsigned int op); + int (*mmu_update)(struct domain *d, struct domain *t, + struct domain *f, uint32_t flags); + int (*mmuext_op)(struct domain *d, struct domain *f); + int (*update_va_mapping)(struct domain *d, struct domain *f, + l1_pgentry_t pte); + int (*priv_mapping)(struct domain *d, struct domain *t); + int (*ioport_permission)(struct domain *d, uint32_t s, uint32_t e, + uint8_t allow); + int (*ioport_mapping)(struct domain *d, uint32_t s, uint32_t e, + uint8_t allow); + int (*pmu_op)(struct domain *d, unsigned int op); #endif - int (*dm_op) (struct domain *d); - int (*xen_version) (uint32_t cmd); - int (*domain_resource_map) (struct domain *d); + int (*dm_op)(struct domain *d); + int (*xen_version)(uint32_t cmd); + int (*domain_resource_map)(struct domain *d); #ifdef CONFIG_ARGO - int (*argo_enable) (const struct domain *d); - int (*argo_register_single_source) (const struct domain *d, - const struct domain *t); - int (*argo_register_any_source) (const struct domain *d); - int (*argo_send) (const struct domain *d, const struct domain *t); + int (*argo_enable)(const struct domain *d); + int (*argo_register_single_source)(const struct domain *d, + const struct domain *t); + int (*argo_register_any_source)(const struct domain *d); + int (*argo_send)(const struct domain *d, const struct domain *t); #endif }; @@ -191,121 +199,133 @@ extern struct xsm_operations *xsm_ops; #ifndef XSM_NO_WRAPPERS -static inline void xsm_security_domaininfo (struct domain *d, - struct xen_domctl_getdomaininfo *info) +static inline void xsm_security_domaininfo( + struct domain *d, struct xen_domctl_getdomaininfo *info) { xsm_ops->security_domaininfo(d, info); } -static inline int xsm_domain_create (xsm_default_t def, struct domain *d, u32 ssidref) +static inline int xsm_domain_create( + xsm_default_t def, struct domain *d, uint32_t ssidref) { return xsm_ops->domain_create(d, ssidref); } -static inline int xsm_getdomaininfo (xsm_default_t def, struct domain *d) +static inline int xsm_getdomaininfo(xsm_default_t def, struct domain *d) { return xsm_ops->getdomaininfo(d); } -static inline int xsm_domctl_scheduler_op (xsm_default_t def, struct domain *d, int cmd) +static inline int xsm_domctl_scheduler_op( + xsm_default_t def, struct domain *d, int cmd) { return xsm_ops->domctl_scheduler_op(d, cmd); } -static inline int xsm_sysctl_scheduler_op (xsm_default_t def, int cmd) +static inline int xsm_sysctl_scheduler_op(xsm_default_t def, int cmd) { return xsm_ops->sysctl_scheduler_op(cmd); } -static inline int xsm_set_target (xsm_default_t def, struct domain *d, struct domain *e) +static inline int xsm_set_target( + xsm_default_t def, struct domain *d, struct domain *e) { return xsm_ops->set_target(d, e); } -static inline int xsm_domctl (xsm_default_t def, struct domain *d, int cmd) +static inline int xsm_domctl(xsm_default_t def, struct domain *d, int cmd) { return xsm_ops->domctl(d, cmd); } -static inline int xsm_sysctl (xsm_default_t def, int cmd) +static inline int xsm_sysctl(xsm_default_t def, int cmd) { return xsm_ops->sysctl(cmd); } -static inline int xsm_readconsole (xsm_default_t def, uint32_t clear) +static inline int xsm_readconsole(xsm_default_t def, uint32_t clear) { return xsm_ops->readconsole(clear); } -static inline int xsm_evtchn_unbound (xsm_default_t def, struct domain *d1, struct evtchn *chn, - domid_t id2) +static inline int xsm_evtchn_unbound( + xsm_default_t def, struct domain *d1, struct evtchn *chn, domid_t id2) { return xsm_ops->evtchn_unbound(d1, chn, id2); } -static inline int xsm_evtchn_interdomain (xsm_default_t def, struct domain *d1, - struct evtchn *chan1, struct domain *d2, struct evtchn *chan2) +static inline int xsm_evtchn_interdomain( + xsm_default_t def, struct domain *d1, struct evtchn *chan1, + struct domain *d2, struct evtchn *chan2) { return xsm_ops->evtchn_interdomain(d1, chan1, d2, chan2); } -static inline void xsm_evtchn_close_post (struct evtchn *chn) +static inline void xsm_evtchn_close_post(struct evtchn *chn) { xsm_ops->evtchn_close_post(chn); } -static inline int xsm_evtchn_send (xsm_default_t def, struct domain *d, struct evtchn *chn) +static inline int xsm_evtchn_send( + xsm_default_t def, struct domain *d, struct evtchn *chn) { return xsm_ops->evtchn_send(d, chn); } -static inline int xsm_evtchn_status (xsm_default_t def, struct domain *d, struct evtchn *chn) +static inline int xsm_evtchn_status( + xsm_default_t def, struct domain *d, struct evtchn *chn) { return xsm_ops->evtchn_status(d, chn); } -static inline int xsm_evtchn_reset (xsm_default_t def, struct domain *d1, struct domain *d2) +static inline int xsm_evtchn_reset( + xsm_default_t def, struct domain *d1, struct domain *d2) { return xsm_ops->evtchn_reset(d1, d2); } -static inline int xsm_grant_mapref (xsm_default_t def, struct domain *d1, struct domain *d2, - uint32_t flags) +static inline int xsm_grant_mapref( + xsm_default_t def, struct domain *d1, struct domain *d2, uint32_t flags) { return xsm_ops->grant_mapref(d1, d2, flags); } -static inline int xsm_grant_unmapref (xsm_default_t def, struct domain *d1, struct domain *d2) +static inline int xsm_grant_unmapref( + xsm_default_t def, struct domain *d1, struct domain *d2) { return xsm_ops->grant_unmapref(d1, d2); } -static inline int xsm_grant_setup (xsm_default_t def, struct domain *d1, struct domain *d2) +static inline int xsm_grant_setup( + xsm_default_t def, struct domain *d1, struct domain *d2) { return xsm_ops->grant_setup(d1, d2); } -static inline int xsm_grant_transfer (xsm_default_t def, struct domain *d1, struct domain *d2) +static inline int xsm_grant_transfer( + xsm_default_t def, struct domain *d1, struct domain *d2) { return xsm_ops->grant_transfer(d1, d2); } -static inline int xsm_grant_copy (xsm_default_t def, struct domain *d1, struct domain *d2) +static inline int xsm_grant_copy( + xsm_default_t def, struct domain *d1, struct domain *d2) { return xsm_ops->grant_copy(d1, d2); } -static inline int xsm_grant_query_size (xsm_default_t def, struct domain *d1, struct domain *d2) +static inline int xsm_grant_query_size( + xsm_default_t def, struct domain *d1, struct domain *d2) { return xsm_ops->grant_query_size(d1, d2); } -static inline int xsm_alloc_security_domain (struct domain *d) +static inline int xsm_alloc_security_domain(struct domain *d) { return xsm_ops->alloc_security_domain(d); } -static inline void xsm_free_security_domain (struct domain *d) +static inline void xsm_free_security_domain(struct domain *d) { xsm_ops->free_security_domain(d); } @@ -322,60 +342,65 @@ static inline void xsm_free_security_evtchns( xsm_ops->free_security_evtchns(chn, nr); } -static inline char *xsm_show_security_evtchn (struct domain *d, const struct evtchn *chn) +static inline char *xsm_show_security_evtchn( + struct domain *d, const struct evtchn *chn) { return xsm_ops->show_security_evtchn(d, chn); } -static inline int xsm_init_hardware_domain (xsm_default_t def, struct domain *d) +static inline int xsm_init_hardware_domain(xsm_default_t def, struct domain *d) { return xsm_ops->init_hardware_domain(d); } -static inline int xsm_get_pod_target (xsm_default_t def, struct domain *d) +static inline int xsm_get_pod_target(xsm_default_t def, struct domain *d) { return xsm_ops->get_pod_target(d); } -static inline int xsm_set_pod_target (xsm_default_t def, struct domain *d) +static inline int xsm_set_pod_target(xsm_default_t def, struct domain *d) { return xsm_ops->set_pod_target(d); } -static inline int xsm_memory_exchange (xsm_default_t def, struct domain *d) +static inline int xsm_memory_exchange(xsm_default_t def, struct domain *d) { return xsm_ops->memory_exchange(d); } -static inline int xsm_memory_adjust_reservation (xsm_default_t def, struct domain *d1, struct - domain *d2) +static inline int xsm_memory_adjust_reservation( + xsm_default_t def, struct domain *d1, struct domain *d2) { return xsm_ops->memory_adjust_reservation(d1, d2); } -static inline int xsm_memory_stat_reservation (xsm_default_t def, struct domain *d1, - struct domain *d2) +static inline int xsm_memory_stat_reservation( + xsm_default_t def, struct domain *d1, struct domain *d2) { return xsm_ops->memory_stat_reservation(d1, d2); } -static inline int xsm_memory_pin_page(xsm_default_t def, struct domain *d1, struct domain *d2, - struct page_info *page) +static inline int xsm_memory_pin_page( + xsm_default_t def, struct domain *d1, struct domain *d2, + struct page_info *page) { return xsm_ops->memory_pin_page(d1, d2, page); } -static inline int xsm_add_to_physmap(xsm_default_t def, struct domain *d1, struct domain *d2) +static inline int xsm_add_to_physmap( + xsm_default_t def, struct domain *d1, struct domain *d2) { return xsm_ops->add_to_physmap(d1, d2); } -static inline int xsm_remove_from_physmap(xsm_default_t def, struct domain *d1, struct domain *d2) +static inline int xsm_remove_from_physmap( + xsm_default_t def, struct domain *d1, struct domain *d2) { return xsm_ops->remove_from_physmap(d1, d2); } -static inline int xsm_map_gmfn_foreign (xsm_default_t def, struct domain *d, struct domain *t) +static inline int xsm_map_gmfn_foreign( + xsm_default_t def, struct domain *d, struct domain *t) { return xsm_ops->map_gmfn_foreign(d, t); } @@ -385,79 +410,87 @@ static inline int xsm_claim_pages(xsm_default_t def, struct domain *d) return xsm_ops->claim_pages(d); } -static inline int xsm_console_io (xsm_default_t def, struct domain *d, int cmd) +static inline int xsm_console_io(xsm_default_t def, struct domain *d, int cmd) { return xsm_ops->console_io(d, cmd); } -static inline int xsm_profile (xsm_default_t def, struct domain *d, int op) +static inline int xsm_profile(xsm_default_t def, struct domain *d, int op) { return xsm_ops->profile(d, op); } -static inline int xsm_kexec (xsm_default_t def) +static inline int xsm_kexec(xsm_default_t def) { return xsm_ops->kexec(); } -static inline int xsm_schedop_shutdown (xsm_default_t def, struct domain *d1, struct domain *d2) +static inline int xsm_schedop_shutdown( + xsm_default_t def, struct domain *d1, struct domain *d2) { return xsm_ops->schedop_shutdown(d1, d2); } -static inline char *xsm_show_irq_sid (int irq) +static inline char *xsm_show_irq_sid(int irq) { return xsm_ops->show_irq_sid(irq); } -static inline int xsm_map_domain_pirq (xsm_default_t def, struct domain *d) +static inline int xsm_map_domain_pirq(xsm_default_t def, struct domain *d) { return xsm_ops->map_domain_pirq(d); } -static inline int xsm_map_domain_irq (xsm_default_t def, struct domain *d, int irq, void *data) +static inline int xsm_map_domain_irq( + xsm_default_t def, struct domain *d, int irq, void *data) { return xsm_ops->map_domain_irq(d, irq, data); } -static inline int xsm_unmap_domain_pirq (xsm_default_t def, struct domain *d) +static inline int xsm_unmap_domain_pirq(xsm_default_t def, struct domain *d) { return xsm_ops->unmap_domain_pirq(d); } -static inline int xsm_unmap_domain_irq (xsm_default_t def, struct domain *d, int irq, void *data) +static inline int xsm_unmap_domain_irq( + xsm_default_t def, struct domain *d, int irq, void *data) { return xsm_ops->unmap_domain_irq(d, irq, data); } -static inline int xsm_bind_pt_irq(xsm_default_t def, struct domain *d, - struct xen_domctl_bind_pt_irq *bind) +static inline int xsm_bind_pt_irq( + xsm_default_t def, struct domain *d, struct xen_domctl_bind_pt_irq *bind) { return xsm_ops->bind_pt_irq(d, bind); } -static inline int xsm_unbind_pt_irq(xsm_default_t def, struct domain *d, - struct xen_domctl_bind_pt_irq *bind) +static inline int xsm_unbind_pt_irq( + xsm_default_t def, struct domain *d, struct xen_domctl_bind_pt_irq *bind) { return xsm_ops->unbind_pt_irq(d, bind); } -static inline int xsm_irq_permission (xsm_default_t def, struct domain *d, int pirq, uint8_t allow) +static inline int xsm_irq_permission( + xsm_default_t def, struct domain *d, int pirq, uint8_t allow) { return xsm_ops->irq_permission(d, pirq, allow); } -static inline int xsm_iomem_permission (xsm_default_t def, struct domain *d, uint64_t s, uint64_t e, uint8_t allow) +static inline int xsm_iomem_permission( + xsm_default_t def, struct domain *d, uint64_t s, uint64_t e, uint8_t allow) { return xsm_ops->iomem_permission(d, s, e, allow); } -static inline int xsm_iomem_mapping (xsm_default_t def, struct domain *d, uint64_t s, uint64_t e, uint8_t allow) +static inline int xsm_iomem_mapping( + xsm_default_t def, struct domain *d, uint64_t s, uint64_t e, uint8_t allow) { return xsm_ops->iomem_mapping(d, s, e, allow); } -static inline int xsm_pci_config_permission (xsm_default_t def, struct domain *d, uint32_t machine_bdf, uint16_t start, uint16_t end, uint8_t access) +static inline int xsm_pci_config_permission( + xsm_default_t def, struct domain *d, uint32_t machine_bdf, uint16_t start, + uint16_t end, uint8_t access) { return xsm_ops->pci_config_permission(d, machine_bdf, start, end, access); } @@ -468,63 +501,67 @@ static inline int xsm_get_device_group(xsm_default_t def, uint32_t machine_bdf) return xsm_ops->get_device_group(machine_bdf); } -static inline int xsm_assign_device(xsm_default_t def, struct domain *d, uint32_t machine_bdf) +static inline int xsm_assign_device( + xsm_default_t def, struct domain *d, uint32_t machine_bdf) { return xsm_ops->assign_device(d, machine_bdf); } -static inline int xsm_deassign_device(xsm_default_t def, struct domain *d, uint32_t machine_bdf) +static inline int xsm_deassign_device( + xsm_default_t def, struct domain *d, uint32_t machine_bdf) { return xsm_ops->deassign_device(d, machine_bdf); } #endif /* HAS_PASSTHROUGH && HAS_PCI) */ #if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_DEVICE_TREE) -static inline int xsm_assign_dtdevice(xsm_default_t def, struct domain *d, - const char *dtpath) +static inline int xsm_assign_dtdevice( + xsm_default_t def, struct domain *d, const char *dtpath) { return xsm_ops->assign_dtdevice(d, dtpath); } -static inline int xsm_deassign_dtdevice(xsm_default_t def, struct domain *d, - const char *dtpath) +static inline int xsm_deassign_dtdevice( + xsm_default_t def, struct domain *d, const char *dtpath) { return xsm_ops->deassign_dtdevice(d, dtpath); } #endif /* HAS_PASSTHROUGH && HAS_DEVICE_TREE */ -static inline int xsm_resource_plug_pci (xsm_default_t def, uint32_t machine_bdf) +static inline int xsm_resource_plug_pci(xsm_default_t def, uint32_t machine_bdf) { return xsm_ops->resource_plug_pci(machine_bdf); } -static inline int xsm_resource_unplug_pci (xsm_default_t def, uint32_t machine_bdf) +static inline int xsm_resource_unplug_pci( + xsm_default_t def, uint32_t machine_bdf) { return xsm_ops->resource_unplug_pci(machine_bdf); } -static inline int xsm_resource_plug_core (xsm_default_t def) +static inline int xsm_resource_plug_core(xsm_default_t def) { return xsm_ops->resource_plug_core(); } -static inline int xsm_resource_unplug_core (xsm_default_t def) +static inline int xsm_resource_unplug_core(xsm_default_t def) { return xsm_ops->resource_unplug_core(); } -static inline int xsm_resource_setup_pci (xsm_default_t def, uint32_t machine_bdf) +static inline int xsm_resource_setup_pci( + xsm_default_t def, uint32_t machine_bdf) { return xsm_ops->resource_setup_pci(machine_bdf); } -static inline int xsm_resource_setup_gsi (xsm_default_t def, int gsi) +static inline int xsm_resource_setup_gsi(xsm_default_t def, int gsi) { return xsm_ops->resource_setup_gsi(gsi); } -static inline int xsm_resource_setup_misc (xsm_default_t def) +static inline int xsm_resource_setup_misc(xsm_default_t def) { return xsm_ops->resource_setup_misc(); } @@ -539,70 +576,74 @@ static inline int xsm_hypfs_op(xsm_default_t def) return xsm_ops->hypfs_op(); } -static inline long xsm_do_xsm_op (XEN_GUEST_HANDLE_PARAM(void) op) +static inline long xsm_do_xsm_op(XEN_GUEST_HANDLE_PARAM(void) op) { return xsm_ops->do_xsm_op(op); } #ifdef CONFIG_COMPAT -static inline int xsm_do_compat_op (XEN_GUEST_HANDLE_PARAM(void) op) +static inline int xsm_do_compat_op(XEN_GUEST_HANDLE_PARAM(void) op) { return xsm_ops->do_compat_op(op); } #endif -static inline int xsm_hvm_param (xsm_default_t def, struct domain *d, unsigned long op) +static inline int xsm_hvm_param( + xsm_default_t def, struct domain *d, unsigned long op) { return xsm_ops->hvm_param(d, op); } -static inline int xsm_hvm_control(xsm_default_t def, struct domain *d, unsigned long op) +static inline int xsm_hvm_control( + xsm_default_t def, struct domain *d, unsigned long op) { return xsm_ops->hvm_control(d, op); } -static inline int xsm_hvm_param_altp2mhvm (xsm_default_t def, struct domain *d) +static inline int xsm_hvm_param_altp2mhvm(xsm_default_t def, struct domain *d) { return xsm_ops->hvm_param_altp2mhvm(d); } -static inline int xsm_hvm_altp2mhvm_op (xsm_default_t def, struct domain *d, uint64_t mode, uint32_t op) +static inline int xsm_hvm_altp2mhvm_op( + xsm_default_t def, struct domain *d, uint64_t mode, uint32_t op) { return xsm_ops->hvm_altp2mhvm_op(d, mode, op); } -static inline int xsm_get_vnumainfo (xsm_default_t def, struct domain *d) +static inline int xsm_get_vnumainfo(xsm_default_t def, struct domain *d) { return xsm_ops->get_vnumainfo(d); } -static inline int xsm_vm_event_control (xsm_default_t def, struct domain *d, int mode, int op) +static inline int xsm_vm_event_control( + xsm_default_t def, struct domain *d, int mode, int op) { return xsm_ops->vm_event_control(d, mode, op); } #ifdef CONFIG_MEM_ACCESS -static inline int xsm_mem_access (xsm_default_t def, struct domain *d) +static inline int xsm_mem_access(xsm_default_t def, struct domain *d) { return xsm_ops->mem_access(d); } #endif #ifdef CONFIG_MEM_PAGING -static inline int xsm_mem_paging (xsm_default_t def, struct domain *d) +static inline int xsm_mem_paging(xsm_default_t def, struct domain *d) { return xsm_ops->mem_paging(d); } #endif #ifdef CONFIG_MEM_SHARING -static inline int xsm_mem_sharing (xsm_default_t def, struct domain *d) +static inline int xsm_mem_sharing(xsm_default_t def, struct domain *d) { return xsm_ops->mem_sharing(d); } #endif -static inline int xsm_platform_op (xsm_default_t def, uint32_t op) +static inline int xsm_platform_op(xsm_default_t def, uint32_t op) { return xsm_ops->platform_op(op); } @@ -613,17 +654,19 @@ static inline int xsm_do_mca(xsm_default_t def) return xsm_ops->do_mca(); } -static inline int xsm_shadow_control (xsm_default_t def, struct domain *d, uint32_t op) +static inline int xsm_shadow_control( + xsm_default_t def, struct domain *d, uint32_t op) { return xsm_ops->shadow_control(d, op); } -static inline int xsm_mem_sharing_op (xsm_default_t def, struct domain *d, struct domain *cd, int op) +static inline int xsm_mem_sharing_op( + xsm_default_t def, struct domain *d, struct domain *cd, int op) { return xsm_ops->mem_sharing_op(d, cd, op); } -static inline int xsm_apic (xsm_default_t def, struct domain *d, int cmd) +static inline int xsm_apic(xsm_default_t def, struct domain *d, int cmd) { return xsm_ops->apic(d, cmd); } @@ -638,39 +681,45 @@ static inline int xsm_domain_memory_map(xsm_default_t def, struct domain *d) return xsm_ops->domain_memory_map(d); } -static inline int xsm_mmu_update (xsm_default_t def, struct domain *d, struct domain *t, - struct domain *f, uint32_t flags) +static inline int xsm_mmu_update( + xsm_default_t def, struct domain *d, struct domain *t, struct domain *f, + uint32_t flags) { return xsm_ops->mmu_update(d, t, f, flags); } -static inline int xsm_mmuext_op (xsm_default_t def, struct domain *d, struct domain *f) +static inline int xsm_mmuext_op( + xsm_default_t def, struct domain *d, struct domain *f) { return xsm_ops->mmuext_op(d, f); } -static inline int xsm_update_va_mapping(xsm_default_t def, struct domain *d, struct domain *f, - l1_pgentry_t pte) +static inline int xsm_update_va_mapping( + xsm_default_t def, struct domain *d, struct domain *f, l1_pgentry_t pte) { return xsm_ops->update_va_mapping(d, f, pte); } -static inline int xsm_priv_mapping(xsm_default_t def, struct domain *d, struct domain *t) +static inline int xsm_priv_mapping( + xsm_default_t def, struct domain *d, struct domain *t) { return xsm_ops->priv_mapping(d, t); } -static inline int xsm_ioport_permission (xsm_default_t def, struct domain *d, uint32_t s, uint32_t e, uint8_t allow) +static inline int xsm_ioport_permission( + xsm_default_t def, struct domain *d, uint32_t s, uint32_t e, uint8_t allow) { return xsm_ops->ioport_permission(d, s, e, allow); } -static inline int xsm_ioport_mapping (xsm_default_t def, struct domain *d, uint32_t s, uint32_t e, uint8_t allow) +static inline int xsm_ioport_mapping( + xsm_default_t def, struct domain *d, uint32_t s, uint32_t e, uint8_t allow) { return xsm_ops->ioport_mapping(d, s, e, allow); } -static inline int xsm_pmu_op (xsm_default_t def, struct domain *d, unsigned int op) +static inline int xsm_pmu_op( + xsm_default_t def, struct domain *d, unsigned int op) { return xsm_ops->pmu_op(d, op); } @@ -682,7 +731,7 @@ static inline int xsm_dm_op(xsm_default_t def, struct domain *d) return xsm_ops->dm_op(d); } -static inline int xsm_xen_version (xsm_default_t def, uint32_t op) +static inline int xsm_xen_version(xsm_default_t def, uint32_t op) { return xsm_ops->xen_version(op); } @@ -698,8 +747,8 @@ static inline int xsm_argo_enable(const struct domain *d) return xsm_ops->argo_enable(d); } -static inline int xsm_argo_register_single_source(const struct domain *d, - const struct domain *t) +static inline int xsm_argo_register_single_source( + const struct domain *d, const struct domain *t) { return xsm_ops->argo_register_single_source(d, t); } @@ -719,12 +768,11 @@ static inline int xsm_argo_send(const struct domain *d, const struct domain *t) #endif /* XSM_NO_WRAPPERS */ #ifdef CONFIG_MULTIBOOT -extern int xsm_multiboot_init(unsigned long *module_map, - const multiboot_info_t *mbi); -extern int xsm_multiboot_policy_init(unsigned long *module_map, - const multiboot_info_t *mbi, - void **policy_buffer, - size_t *policy_size); +int xsm_multiboot_init( + unsigned long *module_map, const multiboot_info_t *mbi); +int xsm_multiboot_policy_init( + unsigned long *module_map, const multiboot_info_t *mbi, + void **policy_buffer, size_t *policy_size); #endif #ifdef CONFIG_HAS_DEVICE_TREE @@ -733,18 +781,19 @@ extern int xsm_multiboot_policy_init(unsigned long *module_map, * * On success, return 1 if using SILO mode else 0. */ -extern int xsm_dt_init(void); -extern int xsm_dt_policy_init(void **policy_buffer, size_t *policy_size); -extern bool has_xsm_magic(paddr_t); +int xsm_dt_init(void); +int xsm_dt_policy_init(void **policy_buffer, size_t *policy_size); +bool has_xsm_magic(paddr_t); #endif -extern int register_xsm(struct xsm_operations *ops); +int register_xsm(struct xsm_operations *ops); extern struct xsm_operations dummy_xsm_ops; -extern void xsm_fixup_ops(struct xsm_operations *ops); + +void xsm_fixup_ops(struct xsm_operations *ops); #ifdef CONFIG_XSM_FLASK -extern void flask_init(const void *policy_buffer, size_t policy_size); +void flask_init(const void *policy_buffer, size_t policy_size); #else static inline void flask_init(const void *policy_buffer, size_t policy_size) { @@ -757,7 +806,7 @@ extern const unsigned int xsm_flask_init_policy_size; #endif #ifdef CONFIG_XSM_SILO -extern void silo_init(void); +void silo_init(void); #else static inline void silo_init(void) {} #endif @@ -767,8 +816,8 @@ static inline void silo_init(void) {} #include #ifdef CONFIG_MULTIBOOT -static inline int xsm_multiboot_init (unsigned long *module_map, - const multiboot_info_t *mbi) +static inline int xsm_multiboot_init ( + unsigned long *module_map, const multiboot_info_t *mbi) { return 0; } diff --git a/xen/xsm/xsm_core.c b/xen/xsm/xsm_core.c index ac553f9c0d..ac8560aade 100644 --- a/xen/xsm/xsm_core.c +++ b/xen/xsm/xsm_core.c @@ -117,8 +117,8 @@ static int __init xsm_core_init(const void *policy_buffer, size_t policy_size) } #ifdef CONFIG_MULTIBOOT -int __init xsm_multiboot_init(unsigned long *module_map, - const multiboot_info_t *mbi) +int __init xsm_multiboot_init( + unsigned long *module_map, const multiboot_info_t *mbi) { int ret = 0; void *policy_buffer = NULL; @@ -128,8 +128,8 @@ int __init xsm_multiboot_init(unsigned long *module_map, if ( XSM_MAGIC ) { - ret = xsm_multiboot_policy_init(module_map, mbi, - &policy_buffer, &policy_size); + ret = xsm_multiboot_policy_init(module_map, mbi, &policy_buffer, + &policy_size); if ( ret ) { bootstrap_map(NULL); diff --git a/xen/xsm/xsm_policy.c b/xen/xsm/xsm_policy.c index 33ab37717f..8dafbc9381 100644 --- a/xen/xsm/xsm_policy.c +++ b/xen/xsm/xsm_policy.c @@ -30,10 +30,9 @@ #endif #ifdef CONFIG_MULTIBOOT -int __init xsm_multiboot_policy_init(unsigned long *module_map, - const multiboot_info_t *mbi, - void **policy_buffer, - size_t *policy_size) +int __init xsm_multiboot_policy_init( + unsigned long *module_map, const multiboot_info_t *mbi, + void **policy_buffer, size_t *policy_size) { int i; module_t *mod = (module_t *)__va(mbi->mods_addr); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Sep 16 09:11:46 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 16 Sep 2021 09:11:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.188276.337383 (Exim 4.92) (envelope-from ) id 1mQnQo-0003F4-6H; Thu, 16 Sep 2021 09:11:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 188276.337383; Thu, 16 Sep 2021 09:11:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQnQo-0003Eu-39; Thu, 16 Sep 2021 09:11:46 +0000 Received: by outflank-mailman (input) for mailman id 188276; Thu, 16 Sep 2021 09:11:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQnQm-0003EN-Kz for xen-changelog@lists.xenproject.org; Thu, 16 Sep 2021 09:11:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQnQm-0002Ue-Jh for xen-changelog@lists.xenproject.org; Thu, 16 Sep 2021 09:11:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mQnQm-0008H6-Ij for xen-changelog@lists.xenproject.org; Thu, 16 Sep 2021 09:11:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=HP4pnBPdtfTukTwCEiVY1yhIDFeewmSaLix0CJF1NzQ=; b=HFCWM/COYSBU7HAt44ZQ8PpFZZ fcsEY6sojfcy5he9MlMEo9mU7hUP6W9L5QSJTAvKUYWd29OZCaqSeUGoRwzKCkTCNiNUF2QrfwuCr dGRobwzXpWPU0EFq4D5oOd9BrdLo/N2qLd9l9bPm8XWAq7OM+cVMqLT7Zt+Wqw2WsstE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xsm: refactor xsm_ops handling Message-Id: Date: Thu, 16 Sep 2021 09:11:44 +0000 commit 164a0b9653f49ba2a2dfc4e42b99f988212d0c64 Author: Daniel P. Smith AuthorDate: Thu Sep 16 10:59:40 2021 +0200 Commit: Jan Beulich CommitDate: Thu Sep 16 10:59:40 2021 +0200 xsm: refactor xsm_ops handling This renames the `struct xsm_operations` to the shorter `struct xsm_ops` and converts the global xsm_ops from being a pointer to an explicit instance. As part of this conversion, it reworks the XSM modules init function to return their xsm_ops struct which is copied in to the global xsm_ops instance. Signed-off-by: Daniel P. Smith Acked-by: Andrew Cooper --- xen/include/xsm/xsm.h | 220 +++++++++++++++++++++++++------------------------- xen/xsm/dummy.c | 4 +- xen/xsm/flask/hooks.c | 12 +-- xen/xsm/silo.c | 7 +- xen/xsm/xsm_core.c | 72 +++++++++-------- 5 files changed, 161 insertions(+), 154 deletions(-) diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h index 7673d605a6..556903aa21 100644 --- a/xen/include/xsm/xsm.h +++ b/xen/include/xsm/xsm.h @@ -41,7 +41,7 @@ enum xsm_default { }; typedef enum xsm_default xsm_default_t; -struct xsm_operations { +struct xsm_ops { void (*security_domaininfo)(struct domain *d, struct xen_domctl_getdomaininfo *info); int (*domain_create)(struct domain *d, uint32_t ssidref); @@ -195,322 +195,322 @@ struct xsm_operations { #ifdef CONFIG_XSM -extern struct xsm_operations *xsm_ops; +extern struct xsm_ops xsm_ops; #ifndef XSM_NO_WRAPPERS static inline void xsm_security_domaininfo( struct domain *d, struct xen_domctl_getdomaininfo *info) { - xsm_ops->security_domaininfo(d, info); + xsm_ops.security_domaininfo(d, info); } static inline int xsm_domain_create( xsm_default_t def, struct domain *d, uint32_t ssidref) { - return xsm_ops->domain_create(d, ssidref); + return xsm_ops.domain_create(d, ssidref); } static inline int xsm_getdomaininfo(xsm_default_t def, struct domain *d) { - return xsm_ops->getdomaininfo(d); + return xsm_ops.getdomaininfo(d); } static inline int xsm_domctl_scheduler_op( xsm_default_t def, struct domain *d, int cmd) { - return xsm_ops->domctl_scheduler_op(d, cmd); + return xsm_ops.domctl_scheduler_op(d, cmd); } static inline int xsm_sysctl_scheduler_op(xsm_default_t def, int cmd) { - return xsm_ops->sysctl_scheduler_op(cmd); + return xsm_ops.sysctl_scheduler_op(cmd); } static inline int xsm_set_target( xsm_default_t def, struct domain *d, struct domain *e) { - return xsm_ops->set_target(d, e); + return xsm_ops.set_target(d, e); } static inline int xsm_domctl(xsm_default_t def, struct domain *d, int cmd) { - return xsm_ops->domctl(d, cmd); + return xsm_ops.domctl(d, cmd); } static inline int xsm_sysctl(xsm_default_t def, int cmd) { - return xsm_ops->sysctl(cmd); + return xsm_ops.sysctl(cmd); } static inline int xsm_readconsole(xsm_default_t def, uint32_t clear) { - return xsm_ops->readconsole(clear); + return xsm_ops.readconsole(clear); } static inline int xsm_evtchn_unbound( xsm_default_t def, struct domain *d1, struct evtchn *chn, domid_t id2) { - return xsm_ops->evtchn_unbound(d1, chn, id2); + return xsm_ops.evtchn_unbound(d1, chn, id2); } static inline int xsm_evtchn_interdomain( xsm_default_t def, struct domain *d1, struct evtchn *chan1, struct domain *d2, struct evtchn *chan2) { - return xsm_ops->evtchn_interdomain(d1, chan1, d2, chan2); + return xsm_ops.evtchn_interdomain(d1, chan1, d2, chan2); } static inline void xsm_evtchn_close_post(struct evtchn *chn) { - xsm_ops->evtchn_close_post(chn); + xsm_ops.evtchn_close_post(chn); } static inline int xsm_evtchn_send( xsm_default_t def, struct domain *d, struct evtchn *chn) { - return xsm_ops->evtchn_send(d, chn); + return xsm_ops.evtchn_send(d, chn); } static inline int xsm_evtchn_status( xsm_default_t def, struct domain *d, struct evtchn *chn) { - return xsm_ops->evtchn_status(d, chn); + return xsm_ops.evtchn_status(d, chn); } static inline int xsm_evtchn_reset( xsm_default_t def, struct domain *d1, struct domain *d2) { - return xsm_ops->evtchn_reset(d1, d2); + return xsm_ops.evtchn_reset(d1, d2); } static inline int xsm_grant_mapref( xsm_default_t def, struct domain *d1, struct domain *d2, uint32_t flags) { - return xsm_ops->grant_mapref(d1, d2, flags); + return xsm_ops.grant_mapref(d1, d2, flags); } static inline int xsm_grant_unmapref( xsm_default_t def, struct domain *d1, struct domain *d2) { - return xsm_ops->grant_unmapref(d1, d2); + return xsm_ops.grant_unmapref(d1, d2); } static inline int xsm_grant_setup( xsm_default_t def, struct domain *d1, struct domain *d2) { - return xsm_ops->grant_setup(d1, d2); + return xsm_ops.grant_setup(d1, d2); } static inline int xsm_grant_transfer( xsm_default_t def, struct domain *d1, struct domain *d2) { - return xsm_ops->grant_transfer(d1, d2); + return xsm_ops.grant_transfer(d1, d2); } static inline int xsm_grant_copy( xsm_default_t def, struct domain *d1, struct domain *d2) { - return xsm_ops->grant_copy(d1, d2); + return xsm_ops.grant_copy(d1, d2); } static inline int xsm_grant_query_size( xsm_default_t def, struct domain *d1, struct domain *d2) { - return xsm_ops->grant_query_size(d1, d2); + return xsm_ops.grant_query_size(d1, d2); } static inline int xsm_alloc_security_domain(struct domain *d) { - return xsm_ops->alloc_security_domain(d); + return xsm_ops.alloc_security_domain(d); } static inline void xsm_free_security_domain(struct domain *d) { - xsm_ops->free_security_domain(d); + xsm_ops.free_security_domain(d); } static inline int xsm_alloc_security_evtchns( struct evtchn chn[], unsigned int nr) { - return xsm_ops->alloc_security_evtchns(chn, nr); + return xsm_ops.alloc_security_evtchns(chn, nr); } static inline void xsm_free_security_evtchns( struct evtchn chn[], unsigned int nr) { - xsm_ops->free_security_evtchns(chn, nr); + xsm_ops.free_security_evtchns(chn, nr); } static inline char *xsm_show_security_evtchn( struct domain *d, const struct evtchn *chn) { - return xsm_ops->show_security_evtchn(d, chn); + return xsm_ops.show_security_evtchn(d, chn); } static inline int xsm_init_hardware_domain(xsm_default_t def, struct domain *d) { - return xsm_ops->init_hardware_domain(d); + return xsm_ops.init_hardware_domain(d); } static inline int xsm_get_pod_target(xsm_default_t def, struct domain *d) { - return xsm_ops->get_pod_target(d); + return xsm_ops.get_pod_target(d); } static inline int xsm_set_pod_target(xsm_default_t def, struct domain *d) { - return xsm_ops->set_pod_target(d); + return xsm_ops.set_pod_target(d); } static inline int xsm_memory_exchange(xsm_default_t def, struct domain *d) { - return xsm_ops->memory_exchange(d); + return xsm_ops.memory_exchange(d); } static inline int xsm_memory_adjust_reservation( xsm_default_t def, struct domain *d1, struct domain *d2) { - return xsm_ops->memory_adjust_reservation(d1, d2); + return xsm_ops.memory_adjust_reservation(d1, d2); } static inline int xsm_memory_stat_reservation( xsm_default_t def, struct domain *d1, struct domain *d2) { - return xsm_ops->memory_stat_reservation(d1, d2); + return xsm_ops.memory_stat_reservation(d1, d2); } static inline int xsm_memory_pin_page( xsm_default_t def, struct domain *d1, struct domain *d2, struct page_info *page) { - return xsm_ops->memory_pin_page(d1, d2, page); + return xsm_ops.memory_pin_page(d1, d2, page); } static inline int xsm_add_to_physmap( xsm_default_t def, struct domain *d1, struct domain *d2) { - return xsm_ops->add_to_physmap(d1, d2); + return xsm_ops.add_to_physmap(d1, d2); } static inline int xsm_remove_from_physmap( xsm_default_t def, struct domain *d1, struct domain *d2) { - return xsm_ops->remove_from_physmap(d1, d2); + return xsm_ops.remove_from_physmap(d1, d2); } static inline int xsm_map_gmfn_foreign( xsm_default_t def, struct domain *d, struct domain *t) { - return xsm_ops->map_gmfn_foreign(d, t); + return xsm_ops.map_gmfn_foreign(d, t); } static inline int xsm_claim_pages(xsm_default_t def, struct domain *d) { - return xsm_ops->claim_pages(d); + return xsm_ops.claim_pages(d); } static inline int xsm_console_io(xsm_default_t def, struct domain *d, int cmd) { - return xsm_ops->console_io(d, cmd); + return xsm_ops.console_io(d, cmd); } static inline int xsm_profile(xsm_default_t def, struct domain *d, int op) { - return xsm_ops->profile(d, op); + return xsm_ops.profile(d, op); } static inline int xsm_kexec(xsm_default_t def) { - return xsm_ops->kexec(); + return xsm_ops.kexec(); } static inline int xsm_schedop_shutdown( xsm_default_t def, struct domain *d1, struct domain *d2) { - return xsm_ops->schedop_shutdown(d1, d2); + return xsm_ops.schedop_shutdown(d1, d2); } static inline char *xsm_show_irq_sid(int irq) { - return xsm_ops->show_irq_sid(irq); + return xsm_ops.show_irq_sid(irq); } static inline int xsm_map_domain_pirq(xsm_default_t def, struct domain *d) { - return xsm_ops->map_domain_pirq(d); + return xsm_ops.map_domain_pirq(d); } static inline int xsm_map_domain_irq( xsm_default_t def, struct domain *d, int irq, void *data) { - return xsm_ops->map_domain_irq(d, irq, data); + return xsm_ops.map_domain_irq(d, irq, data); } static inline int xsm_unmap_domain_pirq(xsm_default_t def, struct domain *d) { - return xsm_ops->unmap_domain_pirq(d); + return xsm_ops.unmap_domain_pirq(d); } static inline int xsm_unmap_domain_irq( xsm_default_t def, struct domain *d, int irq, void *data) { - return xsm_ops->unmap_domain_irq(d, irq, data); + return xsm_ops.unmap_domain_irq(d, irq, data); } static inline int xsm_bind_pt_irq( xsm_default_t def, struct domain *d, struct xen_domctl_bind_pt_irq *bind) { - return xsm_ops->bind_pt_irq(d, bind); + return xsm_ops.bind_pt_irq(d, bind); } static inline int xsm_unbind_pt_irq( xsm_default_t def, struct domain *d, struct xen_domctl_bind_pt_irq *bind) { - return xsm_ops->unbind_pt_irq(d, bind); + return xsm_ops.unbind_pt_irq(d, bind); } static inline int xsm_irq_permission( xsm_default_t def, struct domain *d, int pirq, uint8_t allow) { - return xsm_ops->irq_permission(d, pirq, allow); + return xsm_ops.irq_permission(d, pirq, allow); } static inline int xsm_iomem_permission( xsm_default_t def, struct domain *d, uint64_t s, uint64_t e, uint8_t allow) { - return xsm_ops->iomem_permission(d, s, e, allow); + return xsm_ops.iomem_permission(d, s, e, allow); } static inline int xsm_iomem_mapping( xsm_default_t def, struct domain *d, uint64_t s, uint64_t e, uint8_t allow) { - return xsm_ops->iomem_mapping(d, s, e, allow); + return xsm_ops.iomem_mapping(d, s, e, allow); } static inline int xsm_pci_config_permission( xsm_default_t def, struct domain *d, uint32_t machine_bdf, uint16_t start, uint16_t end, uint8_t access) { - return xsm_ops->pci_config_permission(d, machine_bdf, start, end, access); + return xsm_ops.pci_config_permission(d, machine_bdf, start, end, access); } #if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_PCI) static inline int xsm_get_device_group(xsm_default_t def, uint32_t machine_bdf) { - return xsm_ops->get_device_group(machine_bdf); + return xsm_ops.get_device_group(machine_bdf); } static inline int xsm_assign_device( xsm_default_t def, struct domain *d, uint32_t machine_bdf) { - return xsm_ops->assign_device(d, machine_bdf); + return xsm_ops.assign_device(d, machine_bdf); } static inline int xsm_deassign_device( xsm_default_t def, struct domain *d, uint32_t machine_bdf) { - return xsm_ops->deassign_device(d, machine_bdf); + return xsm_ops.deassign_device(d, machine_bdf); } #endif /* HAS_PASSTHROUGH && HAS_PCI) */ @@ -518,249 +518,249 @@ static inline int xsm_deassign_device( static inline int xsm_assign_dtdevice( xsm_default_t def, struct domain *d, const char *dtpath) { - return xsm_ops->assign_dtdevice(d, dtpath); + return xsm_ops.assign_dtdevice(d, dtpath); } static inline int xsm_deassign_dtdevice( xsm_default_t def, struct domain *d, const char *dtpath) { - return xsm_ops->deassign_dtdevice(d, dtpath); + return xsm_ops.deassign_dtdevice(d, dtpath); } #endif /* HAS_PASSTHROUGH && HAS_DEVICE_TREE */ static inline int xsm_resource_plug_pci(xsm_default_t def, uint32_t machine_bdf) { - return xsm_ops->resource_plug_pci(machine_bdf); + return xsm_ops.resource_plug_pci(machine_bdf); } static inline int xsm_resource_unplug_pci( xsm_default_t def, uint32_t machine_bdf) { - return xsm_ops->resource_unplug_pci(machine_bdf); + return xsm_ops.resource_unplug_pci(machine_bdf); } static inline int xsm_resource_plug_core(xsm_default_t def) { - return xsm_ops->resource_plug_core(); + return xsm_ops.resource_plug_core(); } static inline int xsm_resource_unplug_core(xsm_default_t def) { - return xsm_ops->resource_unplug_core(); + return xsm_ops.resource_unplug_core(); } static inline int xsm_resource_setup_pci( xsm_default_t def, uint32_t machine_bdf) { - return xsm_ops->resource_setup_pci(machine_bdf); + return xsm_ops.resource_setup_pci(machine_bdf); } static inline int xsm_resource_setup_gsi(xsm_default_t def, int gsi) { - return xsm_ops->resource_setup_gsi(gsi); + return xsm_ops.resource_setup_gsi(gsi); } static inline int xsm_resource_setup_misc(xsm_default_t def) { - return xsm_ops->resource_setup_misc(); + return xsm_ops.resource_setup_misc(); } static inline int xsm_page_offline(xsm_default_t def, uint32_t cmd) { - return xsm_ops->page_offline(cmd); + return xsm_ops.page_offline(cmd); } static inline int xsm_hypfs_op(xsm_default_t def) { - return xsm_ops->hypfs_op(); + return xsm_ops.hypfs_op(); } static inline long xsm_do_xsm_op(XEN_GUEST_HANDLE_PARAM(void) op) { - return xsm_ops->do_xsm_op(op); + return xsm_ops.do_xsm_op(op); } #ifdef CONFIG_COMPAT static inline int xsm_do_compat_op(XEN_GUEST_HANDLE_PARAM(void) op) { - return xsm_ops->do_compat_op(op); + return xsm_ops.do_compat_op(op); } #endif static inline int xsm_hvm_param( xsm_default_t def, struct domain *d, unsigned long op) { - return xsm_ops->hvm_param(d, op); + return xsm_ops.hvm_param(d, op); } static inline int xsm_hvm_control( xsm_default_t def, struct domain *d, unsigned long op) { - return xsm_ops->hvm_control(d, op); + return xsm_ops.hvm_control(d, op); } static inline int xsm_hvm_param_altp2mhvm(xsm_default_t def, struct domain *d) { - return xsm_ops->hvm_param_altp2mhvm(d); + return xsm_ops.hvm_param_altp2mhvm(d); } static inline int xsm_hvm_altp2mhvm_op( xsm_default_t def, struct domain *d, uint64_t mode, uint32_t op) { - return xsm_ops->hvm_altp2mhvm_op(d, mode, op); + return xsm_ops.hvm_altp2mhvm_op(d, mode, op); } static inline int xsm_get_vnumainfo(xsm_default_t def, struct domain *d) { - return xsm_ops->get_vnumainfo(d); + return xsm_ops.get_vnumainfo(d); } static inline int xsm_vm_event_control( xsm_default_t def, struct domain *d, int mode, int op) { - return xsm_ops->vm_event_control(d, mode, op); + return xsm_ops.vm_event_control(d, mode, op); } #ifdef CONFIG_MEM_ACCESS static inline int xsm_mem_access(xsm_default_t def, struct domain *d) { - return xsm_ops->mem_access(d); + return xsm_ops.mem_access(d); } #endif #ifdef CONFIG_MEM_PAGING static inline int xsm_mem_paging(xsm_default_t def, struct domain *d) { - return xsm_ops->mem_paging(d); + return xsm_ops.mem_paging(d); } #endif #ifdef CONFIG_MEM_SHARING static inline int xsm_mem_sharing(xsm_default_t def, struct domain *d) { - return xsm_ops->mem_sharing(d); + return xsm_ops.mem_sharing(d); } #endif static inline int xsm_platform_op(xsm_default_t def, uint32_t op) { - return xsm_ops->platform_op(op); + return xsm_ops.platform_op(op); } #ifdef CONFIG_X86 static inline int xsm_do_mca(xsm_default_t def) { - return xsm_ops->do_mca(); + return xsm_ops.do_mca(); } static inline int xsm_shadow_control( xsm_default_t def, struct domain *d, uint32_t op) { - return xsm_ops->shadow_control(d, op); + return xsm_ops.shadow_control(d, op); } static inline int xsm_mem_sharing_op( xsm_default_t def, struct domain *d, struct domain *cd, int op) { - return xsm_ops->mem_sharing_op(d, cd, op); + return xsm_ops.mem_sharing_op(d, cd, op); } static inline int xsm_apic(xsm_default_t def, struct domain *d, int cmd) { - return xsm_ops->apic(d, cmd); + return xsm_ops.apic(d, cmd); } static inline int xsm_machine_memory_map(xsm_default_t def) { - return xsm_ops->machine_memory_map(); + return xsm_ops.machine_memory_map(); } static inline int xsm_domain_memory_map(xsm_default_t def, struct domain *d) { - return xsm_ops->domain_memory_map(d); + return xsm_ops.domain_memory_map(d); } static inline int xsm_mmu_update( xsm_default_t def, struct domain *d, struct domain *t, struct domain *f, uint32_t flags) { - return xsm_ops->mmu_update(d, t, f, flags); + return xsm_ops.mmu_update(d, t, f, flags); } static inline int xsm_mmuext_op( xsm_default_t def, struct domain *d, struct domain *f) { - return xsm_ops->mmuext_op(d, f); + return xsm_ops.mmuext_op(d, f); } static inline int xsm_update_va_mapping( xsm_default_t def, struct domain *d, struct domain *f, l1_pgentry_t pte) { - return xsm_ops->update_va_mapping(d, f, pte); + return xsm_ops.update_va_mapping(d, f, pte); } static inline int xsm_priv_mapping( xsm_default_t def, struct domain *d, struct domain *t) { - return xsm_ops->priv_mapping(d, t); + return xsm_ops.priv_mapping(d, t); } static inline int xsm_ioport_permission( xsm_default_t def, struct domain *d, uint32_t s, uint32_t e, uint8_t allow) { - return xsm_ops->ioport_permission(d, s, e, allow); + return xsm_ops.ioport_permission(d, s, e, allow); } static inline int xsm_ioport_mapping( xsm_default_t def, struct domain *d, uint32_t s, uint32_t e, uint8_t allow) { - return xsm_ops->ioport_mapping(d, s, e, allow); + return xsm_ops.ioport_mapping(d, s, e, allow); } static inline int xsm_pmu_op( xsm_default_t def, struct domain *d, unsigned int op) { - return xsm_ops->pmu_op(d, op); + return xsm_ops.pmu_op(d, op); } #endif /* CONFIG_X86 */ static inline int xsm_dm_op(xsm_default_t def, struct domain *d) { - return xsm_ops->dm_op(d); + return xsm_ops.dm_op(d); } static inline int xsm_xen_version(xsm_default_t def, uint32_t op) { - return xsm_ops->xen_version(op); + return xsm_ops.xen_version(op); } static inline int xsm_domain_resource_map(xsm_default_t def, struct domain *d) { - return xsm_ops->domain_resource_map(d); + return xsm_ops.domain_resource_map(d); } #ifdef CONFIG_ARGO static inline int xsm_argo_enable(const struct domain *d) { - return xsm_ops->argo_enable(d); + return xsm_ops.argo_enable(d); } static inline int xsm_argo_register_single_source( const struct domain *d, const struct domain *t) { - return xsm_ops->argo_register_single_source(d, t); + return xsm_ops.argo_register_single_source(d, t); } static inline int xsm_argo_register_any_source(const struct domain *d) { - return xsm_ops->argo_register_any_source(d); + return xsm_ops.argo_register_any_source(d); } static inline int xsm_argo_send(const struct domain *d, const struct domain *t) { - return xsm_ops->argo_send(d, t); + return xsm_ops.argo_send(d, t); } #endif /* CONFIG_ARGO */ @@ -786,17 +786,18 @@ int xsm_dt_policy_init(void **policy_buffer, size_t *policy_size); bool has_xsm_magic(paddr_t); #endif -int register_xsm(struct xsm_operations *ops); +extern struct xsm_ops dummy_xsm_ops; -extern struct xsm_operations dummy_xsm_ops; - -void xsm_fixup_ops(struct xsm_operations *ops); +void xsm_fixup_ops(struct xsm_ops *ops); #ifdef CONFIG_XSM_FLASK -void flask_init(const void *policy_buffer, size_t policy_size); +extern const struct xsm_ops *flask_init(const void *policy_buffer, + size_t policy_size); #else -static inline void flask_init(const void *policy_buffer, size_t policy_size) +static const inline struct xsm_ops *flask_init(const void *policy_buffer, + size_t policy_size) { + return NULL; } #endif @@ -806,9 +807,12 @@ extern const unsigned int xsm_flask_init_policy_size; #endif #ifdef CONFIG_XSM_SILO -void silo_init(void); +extern const struct xsm_ops *silo_init(void); #else -static inline void silo_init(void) {} +static const inline struct xsm_ops *silo_init(void) +{ + return NULL; +} #endif #else /* CONFIG_XSM */ diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c index de44b10130..d8c935328e 100644 --- a/xen/xsm/dummy.c +++ b/xen/xsm/dummy.c @@ -13,15 +13,13 @@ #define XSM_NO_WRAPPERS #include -struct xsm_operations dummy_xsm_ops; - #define set_to_dummy_if_null(ops, function) \ do { \ if ( !ops->function ) \ ops->function = xsm_##function; \ } while (0) -void __init xsm_fixup_ops (struct xsm_operations *ops) +void __init xsm_fixup_ops (struct xsm_ops *ops) { set_to_dummy_if_null(ops, security_domaininfo); set_to_dummy_if_null(ops, domain_create); diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index 1465db125a..25e87180b4 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -1745,7 +1745,7 @@ static int flask_argo_send(const struct domain *d, const struct domain *t) long do_flask_op(XEN_GUEST_HANDLE_PARAM(void) u_flask_op); int compat_flask_op(XEN_GUEST_HANDLE_PARAM(void) u_flask_op); -static struct xsm_operations flask_ops = { +static const struct xsm_ops __initconstrel flask_ops = { .security_domaininfo = flask_security_domaininfo, .domain_create = flask_domain_create, .getdomaininfo = flask_getdomaininfo, @@ -1883,7 +1883,8 @@ static struct xsm_operations flask_ops = { #endif }; -void __init flask_init(const void *policy_buffer, size_t policy_size) +const struct xsm_ops *__init flask_init(const void *policy_buffer, + size_t policy_size) { int ret = -ENOENT; @@ -1891,7 +1892,7 @@ void __init flask_init(const void *policy_buffer, size_t policy_size) { case FLASK_BOOTPARAM_DISABLED: printk(XENLOG_INFO "Flask: Disabled at boot.\n"); - return; + return NULL; case FLASK_BOOTPARAM_PERMISSIVE: flask_enforcing = 0; @@ -1908,9 +1909,6 @@ void __init flask_init(const void *policy_buffer, size_t policy_size) avc_init(); - if ( register_xsm(&flask_ops) ) - panic("Flask: Unable to register with XSM\n"); - if ( policy_size && flask_bootparam != FLASK_BOOTPARAM_LATELOAD ) ret = security_load_policy(policy_buffer, policy_size); @@ -1923,6 +1921,8 @@ void __init flask_init(const void *policy_buffer, size_t policy_size) printk(XENLOG_INFO "Flask: Starting in enforcing mode.\n"); else printk(XENLOG_INFO "Flask: Starting in permissive mode.\n"); + + return &flask_ops; } /* diff --git a/xen/xsm/silo.c b/xen/xsm/silo.c index fc2ca5cd2d..3550dded7b 100644 --- a/xen/xsm/silo.c +++ b/xen/xsm/silo.c @@ -100,7 +100,7 @@ static int silo_argo_send(const struct domain *d1, const struct domain *d2) #endif -static struct xsm_operations silo_xsm_ops = { +static const struct xsm_ops __initconstrel silo_xsm_ops = { .evtchn_unbound = silo_evtchn_unbound, .evtchn_interdomain = silo_evtchn_interdomain, .grant_mapref = silo_grant_mapref, @@ -112,12 +112,11 @@ static struct xsm_operations silo_xsm_ops = { #endif }; -void __init silo_init(void) +const struct xsm_ops *__init silo_init(void) { printk("Initialising XSM SILO mode\n"); - if ( register_xsm(&silo_xsm_ops) ) - panic("SILO: Unable to register with XSM\n"); + return &silo_xsm_ops; } /* diff --git a/xen/xsm/xsm_core.c b/xen/xsm/xsm_core.c index ac8560aade..21fffbcb41 100644 --- a/xen/xsm/xsm_core.c +++ b/xen/xsm/xsm_core.c @@ -28,9 +28,17 @@ #include #endif -#define XSM_FRAMEWORK_VERSION "1.0.0" +#define XSM_FRAMEWORK_VERSION "1.0.1" -struct xsm_operations *xsm_ops; +struct xsm_ops __read_mostly xsm_ops; + +enum xsm_ops_state { + XSM_OPS_UNREGISTERED, + XSM_OPS_REG_FAILED, + XSM_OPS_REGISTERED, +}; + +static enum xsm_ops_state __initdata xsm_ops_registered = XSM_OPS_UNREGISTERED; enum xsm_bootparam { XSM_BOOTPARAM_DUMMY, @@ -68,17 +76,10 @@ static int __init parse_xsm_param(const char *s) } custom_param("xsm", parse_xsm_param); -static inline int verify(struct xsm_operations *ops) -{ - /* verify the security_operations structure exists */ - if ( !ops ) - return -EINVAL; - xsm_fixup_ops(ops); - return 0; -} - static int __init xsm_core_init(const void *policy_buffer, size_t policy_size) { + const struct xsm_ops *ops = NULL; + #ifdef CONFIG_XSM_FLASK_POLICY if ( policy_size == 0 ) { @@ -87,25 +88,25 @@ static int __init xsm_core_init(const void *policy_buffer, size_t policy_size) } #endif - if ( verify(&dummy_xsm_ops) ) + if ( xsm_ops_registered != XSM_OPS_UNREGISTERED ) { - printk(XENLOG_ERR "Could not verify dummy_xsm_ops structure\n"); + printk(XENLOG_ERR + "Could not init XSM, xsm_ops register already attempted\n"); return -EIO; } - xsm_ops = &dummy_xsm_ops; - switch ( xsm_bootparam ) { case XSM_BOOTPARAM_DUMMY: + xsm_ops_registered = XSM_OPS_REGISTERED; break; case XSM_BOOTPARAM_FLASK: - flask_init(policy_buffer, policy_size); + ops = flask_init(policy_buffer, policy_size); break; case XSM_BOOTPARAM_SILO: - silo_init(); + ops = silo_init(); break; default: @@ -113,6 +114,27 @@ static int __init xsm_core_init(const void *policy_buffer, size_t policy_size) break; } + if ( ops ) + { + xsm_ops_registered = XSM_OPS_REGISTERED; + xsm_ops = *ops; + } + /* + * This handles three cases, + * - dummy policy module was selected + * - a policy module does not provide all handlers + * - a policy module failed to init + */ + xsm_fixup_ops(&xsm_ops); + + if ( xsm_ops_registered != XSM_OPS_REGISTERED ) + { + xsm_ops_registered = XSM_OPS_REG_FAILED; + printk(XENLOG_ERR + "Could not init XSM, xsm_ops register failed\n"); + return -EFAULT; + } + return 0; } @@ -195,22 +217,6 @@ bool __init has_xsm_magic(paddr_t start) } #endif -int __init register_xsm(struct xsm_operations *ops) -{ - if ( verify(ops) ) - { - printk(XENLOG_ERR "Could not verify xsm_operations structure\n"); - return -EINVAL; - } - - if ( xsm_ops != &dummy_xsm_ops ) - return -EAGAIN; - - xsm_ops = ops; - - return 0; -} - #endif long do_xsm_op(XEN_GUEST_HANDLE_PARAM(void) op) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Sep 16 09:11:56 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 16 Sep 2021 09:11:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.188279.337389 (Exim 4.92) (envelope-from ) id 1mQnQy-0003Mf-9G; Thu, 16 Sep 2021 09:11:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 188279.337389; Thu, 16 Sep 2021 09:11:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQnQy-0003MW-4n; Thu, 16 Sep 2021 09:11:56 +0000 Received: by outflank-mailman (input) for mailman id 188279; Thu, 16 Sep 2021 09:11:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQnQw-0003Ky-Nv for xen-changelog@lists.xenproject.org; Thu, 16 Sep 2021 09:11:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQnQw-0002Ut-N4 for xen-changelog@lists.xenproject.org; Thu, 16 Sep 2021 09:11:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mQnQw-0008Hr-Lz for xen-changelog@lists.xenproject.org; Thu, 16 Sep 2021 09:11:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=a42hQ/QOUcvhfq+o5z/v6E5xu+2A4WTpbSJsW8okPyA=; b=W2GhZ2MoaxNcrB979AG7+vyIw7 jPAVboiLx7FRx7fr5TquVgO2gNk3IMcVPNisgbIxZQPvW/ILTEofOrXVZGdpsjCCUYbYc3O/EzQdk d8PFI1+/wQnj9CWk3vedDFcyG1UIFzBDS7y+OwaObI7lQ827TOc5xUVgC+aXWh4RAHmU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xsm: convert xsm_ops hook calls to alternative call Message-Id: Date: Thu, 16 Sep 2021 09:11:54 +0000 commit 737190abb174422b3a49c9ef2de7cd5bfb1bc991 Author: Daniel P. Smith AuthorDate: Thu Sep 16 11:00:17 2021 +0200 Commit: Jan Beulich CommitDate: Thu Sep 16 11:00:17 2021 +0200 xsm: convert xsm_ops hook calls to alternative call To reduce retpolines convert all the pointer function calls of the xsm_ops hooks over to the alternative_call infrastructure. Signed-off-by: Daniel P. Smith Acked-by: Andrew Cooper --- xen/include/xsm/xsm.h | 191 +++++++++++++++++++++++++------------------------- 1 file changed, 96 insertions(+), 95 deletions(-) diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h index 556903aa21..c101e653f6 100644 --- a/xen/include/xsm/xsm.h +++ b/xen/include/xsm/xsm.h @@ -15,6 +15,7 @@ #ifndef __XSM_H__ #define __XSM_H__ +#include #include #include @@ -202,315 +203,315 @@ extern struct xsm_ops xsm_ops; static inline void xsm_security_domaininfo( struct domain *d, struct xen_domctl_getdomaininfo *info) { - xsm_ops.security_domaininfo(d, info); + alternative_vcall(xsm_ops.security_domaininfo, d, info); } static inline int xsm_domain_create( xsm_default_t def, struct domain *d, uint32_t ssidref) { - return xsm_ops.domain_create(d, ssidref); + return alternative_call(xsm_ops.domain_create, d, ssidref); } static inline int xsm_getdomaininfo(xsm_default_t def, struct domain *d) { - return xsm_ops.getdomaininfo(d); + return alternative_call(xsm_ops.getdomaininfo, d); } static inline int xsm_domctl_scheduler_op( xsm_default_t def, struct domain *d, int cmd) { - return xsm_ops.domctl_scheduler_op(d, cmd); + return alternative_call(xsm_ops.domctl_scheduler_op, d, cmd); } static inline int xsm_sysctl_scheduler_op(xsm_default_t def, int cmd) { - return xsm_ops.sysctl_scheduler_op(cmd); + return alternative_call(xsm_ops.sysctl_scheduler_op, cmd); } static inline int xsm_set_target( xsm_default_t def, struct domain *d, struct domain *e) { - return xsm_ops.set_target(d, e); + return alternative_call(xsm_ops.set_target, d, e); } static inline int xsm_domctl(xsm_default_t def, struct domain *d, int cmd) { - return xsm_ops.domctl(d, cmd); + return alternative_call(xsm_ops.domctl, d, cmd); } static inline int xsm_sysctl(xsm_default_t def, int cmd) { - return xsm_ops.sysctl(cmd); + return alternative_call(xsm_ops.sysctl, cmd); } static inline int xsm_readconsole(xsm_default_t def, uint32_t clear) { - return xsm_ops.readconsole(clear); + return alternative_call(xsm_ops.readconsole, clear); } static inline int xsm_evtchn_unbound( xsm_default_t def, struct domain *d1, struct evtchn *chn, domid_t id2) { - return xsm_ops.evtchn_unbound(d1, chn, id2); + return alternative_call(xsm_ops.evtchn_unbound, d1, chn, id2); } static inline int xsm_evtchn_interdomain( xsm_default_t def, struct domain *d1, struct evtchn *chan1, struct domain *d2, struct evtchn *chan2) { - return xsm_ops.evtchn_interdomain(d1, chan1, d2, chan2); + return alternative_call(xsm_ops.evtchn_interdomain, d1, chan1, d2, chan2); } static inline void xsm_evtchn_close_post(struct evtchn *chn) { - xsm_ops.evtchn_close_post(chn); + alternative_vcall(xsm_ops.evtchn_close_post, chn); } static inline int xsm_evtchn_send( xsm_default_t def, struct domain *d, struct evtchn *chn) { - return xsm_ops.evtchn_send(d, chn); + return alternative_call(xsm_ops.evtchn_send, d, chn); } static inline int xsm_evtchn_status( xsm_default_t def, struct domain *d, struct evtchn *chn) { - return xsm_ops.evtchn_status(d, chn); + return alternative_call(xsm_ops.evtchn_status, d, chn); } static inline int xsm_evtchn_reset( xsm_default_t def, struct domain *d1, struct domain *d2) { - return xsm_ops.evtchn_reset(d1, d2); + return alternative_call(xsm_ops.evtchn_reset, d1, d2); } static inline int xsm_grant_mapref( xsm_default_t def, struct domain *d1, struct domain *d2, uint32_t flags) { - return xsm_ops.grant_mapref(d1, d2, flags); + return alternative_call(xsm_ops.grant_mapref, d1, d2, flags); } static inline int xsm_grant_unmapref( xsm_default_t def, struct domain *d1, struct domain *d2) { - return xsm_ops.grant_unmapref(d1, d2); + return alternative_call(xsm_ops.grant_unmapref, d1, d2); } static inline int xsm_grant_setup( xsm_default_t def, struct domain *d1, struct domain *d2) { - return xsm_ops.grant_setup(d1, d2); + return alternative_call(xsm_ops.grant_setup, d1, d2); } static inline int xsm_grant_transfer( xsm_default_t def, struct domain *d1, struct domain *d2) { - return xsm_ops.grant_transfer(d1, d2); + return alternative_call(xsm_ops.grant_transfer, d1, d2); } static inline int xsm_grant_copy( xsm_default_t def, struct domain *d1, struct domain *d2) { - return xsm_ops.grant_copy(d1, d2); + return alternative_call(xsm_ops.grant_copy, d1, d2); } static inline int xsm_grant_query_size( xsm_default_t def, struct domain *d1, struct domain *d2) { - return xsm_ops.grant_query_size(d1, d2); + return alternative_call(xsm_ops.grant_query_size, d1, d2); } static inline int xsm_alloc_security_domain(struct domain *d) { - return xsm_ops.alloc_security_domain(d); + return alternative_call(xsm_ops.alloc_security_domain, d); } static inline void xsm_free_security_domain(struct domain *d) { - xsm_ops.free_security_domain(d); + alternative_vcall(xsm_ops.free_security_domain, d); } static inline int xsm_alloc_security_evtchns( struct evtchn chn[], unsigned int nr) { - return xsm_ops.alloc_security_evtchns(chn, nr); + return alternative_call(xsm_ops.alloc_security_evtchns, chn, nr); } static inline void xsm_free_security_evtchns( struct evtchn chn[], unsigned int nr) { - xsm_ops.free_security_evtchns(chn, nr); + alternative_vcall(xsm_ops.free_security_evtchns, chn, nr); } static inline char *xsm_show_security_evtchn( struct domain *d, const struct evtchn *chn) { - return xsm_ops.show_security_evtchn(d, chn); + return alternative_call(xsm_ops.show_security_evtchn, d, chn); } static inline int xsm_init_hardware_domain(xsm_default_t def, struct domain *d) { - return xsm_ops.init_hardware_domain(d); + return alternative_call(xsm_ops.init_hardware_domain, d); } static inline int xsm_get_pod_target(xsm_default_t def, struct domain *d) { - return xsm_ops.get_pod_target(d); + return alternative_call(xsm_ops.get_pod_target, d); } static inline int xsm_set_pod_target(xsm_default_t def, struct domain *d) { - return xsm_ops.set_pod_target(d); + return alternative_call(xsm_ops.set_pod_target, d); } static inline int xsm_memory_exchange(xsm_default_t def, struct domain *d) { - return xsm_ops.memory_exchange(d); + return alternative_call(xsm_ops.memory_exchange, d); } static inline int xsm_memory_adjust_reservation( xsm_default_t def, struct domain *d1, struct domain *d2) { - return xsm_ops.memory_adjust_reservation(d1, d2); + return alternative_call(xsm_ops.memory_adjust_reservation, d1, d2); } static inline int xsm_memory_stat_reservation( xsm_default_t def, struct domain *d1, struct domain *d2) { - return xsm_ops.memory_stat_reservation(d1, d2); + return alternative_call(xsm_ops.memory_stat_reservation, d1, d2); } static inline int xsm_memory_pin_page( xsm_default_t def, struct domain *d1, struct domain *d2, struct page_info *page) { - return xsm_ops.memory_pin_page(d1, d2, page); + return alternative_call(xsm_ops.memory_pin_page, d1, d2, page); } static inline int xsm_add_to_physmap( xsm_default_t def, struct domain *d1, struct domain *d2) { - return xsm_ops.add_to_physmap(d1, d2); + return alternative_call(xsm_ops.add_to_physmap, d1, d2); } static inline int xsm_remove_from_physmap( xsm_default_t def, struct domain *d1, struct domain *d2) { - return xsm_ops.remove_from_physmap(d1, d2); + return alternative_call(xsm_ops.remove_from_physmap, d1, d2); } static inline int xsm_map_gmfn_foreign( xsm_default_t def, struct domain *d, struct domain *t) { - return xsm_ops.map_gmfn_foreign(d, t); + return alternative_call(xsm_ops.map_gmfn_foreign, d, t); } static inline int xsm_claim_pages(xsm_default_t def, struct domain *d) { - return xsm_ops.claim_pages(d); + return alternative_call(xsm_ops.claim_pages, d); } static inline int xsm_console_io(xsm_default_t def, struct domain *d, int cmd) { - return xsm_ops.console_io(d, cmd); + return alternative_call(xsm_ops.console_io, d, cmd); } static inline int xsm_profile(xsm_default_t def, struct domain *d, int op) { - return xsm_ops.profile(d, op); + return alternative_call(xsm_ops.profile, d, op); } static inline int xsm_kexec(xsm_default_t def) { - return xsm_ops.kexec(); + return alternative_call(xsm_ops.kexec); } static inline int xsm_schedop_shutdown( xsm_default_t def, struct domain *d1, struct domain *d2) { - return xsm_ops.schedop_shutdown(d1, d2); + return alternative_call(xsm_ops.schedop_shutdown, d1, d2); } static inline char *xsm_show_irq_sid(int irq) { - return xsm_ops.show_irq_sid(irq); + return alternative_call(xsm_ops.show_irq_sid, irq); } static inline int xsm_map_domain_pirq(xsm_default_t def, struct domain *d) { - return xsm_ops.map_domain_pirq(d); + return alternative_call(xsm_ops.map_domain_pirq, d); } static inline int xsm_map_domain_irq( xsm_default_t def, struct domain *d, int irq, void *data) { - return xsm_ops.map_domain_irq(d, irq, data); + return alternative_call(xsm_ops.map_domain_irq, d, irq, data); } static inline int xsm_unmap_domain_pirq(xsm_default_t def, struct domain *d) { - return xsm_ops.unmap_domain_pirq(d); + return alternative_call(xsm_ops.unmap_domain_pirq, d); } static inline int xsm_unmap_domain_irq( xsm_default_t def, struct domain *d, int irq, void *data) { - return xsm_ops.unmap_domain_irq(d, irq, data); + return alternative_call(xsm_ops.unmap_domain_irq, d, irq, data); } static inline int xsm_bind_pt_irq( xsm_default_t def, struct domain *d, struct xen_domctl_bind_pt_irq *bind) { - return xsm_ops.bind_pt_irq(d, bind); + return alternative_call(xsm_ops.bind_pt_irq, d, bind); } static inline int xsm_unbind_pt_irq( xsm_default_t def, struct domain *d, struct xen_domctl_bind_pt_irq *bind) { - return xsm_ops.unbind_pt_irq(d, bind); + return alternative_call(xsm_ops.unbind_pt_irq, d, bind); } static inline int xsm_irq_permission( xsm_default_t def, struct domain *d, int pirq, uint8_t allow) { - return xsm_ops.irq_permission(d, pirq, allow); + return alternative_call(xsm_ops.irq_permission, d, pirq, allow); } static inline int xsm_iomem_permission( xsm_default_t def, struct domain *d, uint64_t s, uint64_t e, uint8_t allow) { - return xsm_ops.iomem_permission(d, s, e, allow); + return alternative_call(xsm_ops.iomem_permission, d, s, e, allow); } static inline int xsm_iomem_mapping( xsm_default_t def, struct domain *d, uint64_t s, uint64_t e, uint8_t allow) { - return xsm_ops.iomem_mapping(d, s, e, allow); + return alternative_call(xsm_ops.iomem_mapping, d, s, e, allow); } static inline int xsm_pci_config_permission( xsm_default_t def, struct domain *d, uint32_t machine_bdf, uint16_t start, uint16_t end, uint8_t access) { - return xsm_ops.pci_config_permission(d, machine_bdf, start, end, access); + return alternative_call(xsm_ops.pci_config_permission, d, machine_bdf, start, end, access); } #if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_PCI) static inline int xsm_get_device_group(xsm_default_t def, uint32_t machine_bdf) { - return xsm_ops.get_device_group(machine_bdf); + return alternative_call(xsm_ops.get_device_group, machine_bdf); } static inline int xsm_assign_device( xsm_default_t def, struct domain *d, uint32_t machine_bdf) { - return xsm_ops.assign_device(d, machine_bdf); + return alternative_call(xsm_ops.assign_device, d, machine_bdf); } static inline int xsm_deassign_device( xsm_default_t def, struct domain *d, uint32_t machine_bdf) { - return xsm_ops.deassign_device(d, machine_bdf); + return alternative_call(xsm_ops.deassign_device, d, machine_bdf); } #endif /* HAS_PASSTHROUGH && HAS_PCI) */ @@ -518,62 +519,62 @@ static inline int xsm_deassign_device( static inline int xsm_assign_dtdevice( xsm_default_t def, struct domain *d, const char *dtpath) { - return xsm_ops.assign_dtdevice(d, dtpath); + return alternative_call(xsm_ops.assign_dtdevice, d, dtpath); } static inline int xsm_deassign_dtdevice( xsm_default_t def, struct domain *d, const char *dtpath) { - return xsm_ops.deassign_dtdevice(d, dtpath); + return alternative_call(xsm_ops.deassign_dtdevice, d, dtpath); } #endif /* HAS_PASSTHROUGH && HAS_DEVICE_TREE */ static inline int xsm_resource_plug_pci(xsm_default_t def, uint32_t machine_bdf) { - return xsm_ops.resource_plug_pci(machine_bdf); + return alternative_call(xsm_ops.resource_plug_pci, machine_bdf); } static inline int xsm_resource_unplug_pci( xsm_default_t def, uint32_t machine_bdf) { - return xsm_ops.resource_unplug_pci(machine_bdf); + return alternative_call(xsm_ops.resource_unplug_pci, machine_bdf); } static inline int xsm_resource_plug_core(xsm_default_t def) { - return xsm_ops.resource_plug_core(); + return alternative_call(xsm_ops.resource_plug_core); } static inline int xsm_resource_unplug_core(xsm_default_t def) { - return xsm_ops.resource_unplug_core(); + return alternative_call(xsm_ops.resource_unplug_core); } static inline int xsm_resource_setup_pci( xsm_default_t def, uint32_t machine_bdf) { - return xsm_ops.resource_setup_pci(machine_bdf); + return alternative_call(xsm_ops.resource_setup_pci, machine_bdf); } static inline int xsm_resource_setup_gsi(xsm_default_t def, int gsi) { - return xsm_ops.resource_setup_gsi(gsi); + return alternative_call(xsm_ops.resource_setup_gsi, gsi); } static inline int xsm_resource_setup_misc(xsm_default_t def) { - return xsm_ops.resource_setup_misc(); + return alternative_call(xsm_ops.resource_setup_misc); } static inline int xsm_page_offline(xsm_default_t def, uint32_t cmd) { - return xsm_ops.page_offline(cmd); + return alternative_call(xsm_ops.page_offline, cmd); } static inline int xsm_hypfs_op(xsm_default_t def) { - return xsm_ops.hypfs_op(); + return alternative_call(xsm_ops.hypfs_op); } static inline long xsm_do_xsm_op(XEN_GUEST_HANDLE_PARAM(void) op) @@ -591,107 +592,107 @@ static inline int xsm_do_compat_op(XEN_GUEST_HANDLE_PARAM(void) op) static inline int xsm_hvm_param( xsm_default_t def, struct domain *d, unsigned long op) { - return xsm_ops.hvm_param(d, op); + return alternative_call(xsm_ops.hvm_param, d, op); } static inline int xsm_hvm_control( xsm_default_t def, struct domain *d, unsigned long op) { - return xsm_ops.hvm_control(d, op); + return alternative_call(xsm_ops.hvm_control, d, op); } static inline int xsm_hvm_param_altp2mhvm(xsm_default_t def, struct domain *d) { - return xsm_ops.hvm_param_altp2mhvm(d); + return alternative_call(xsm_ops.hvm_param_altp2mhvm, d); } static inline int xsm_hvm_altp2mhvm_op( xsm_default_t def, struct domain *d, uint64_t mode, uint32_t op) { - return xsm_ops.hvm_altp2mhvm_op(d, mode, op); + return alternative_call(xsm_ops.hvm_altp2mhvm_op, d, mode, op); } static inline int xsm_get_vnumainfo(xsm_default_t def, struct domain *d) { - return xsm_ops.get_vnumainfo(d); + return alternative_call(xsm_ops.get_vnumainfo, d); } static inline int xsm_vm_event_control( xsm_default_t def, struct domain *d, int mode, int op) { - return xsm_ops.vm_event_control(d, mode, op); + return alternative_call(xsm_ops.vm_event_control, d, mode, op); } #ifdef CONFIG_MEM_ACCESS static inline int xsm_mem_access(xsm_default_t def, struct domain *d) { - return xsm_ops.mem_access(d); + return alternative_call(xsm_ops.mem_access, d); } #endif #ifdef CONFIG_MEM_PAGING static inline int xsm_mem_paging(xsm_default_t def, struct domain *d) { - return xsm_ops.mem_paging(d); + return alternative_call(xsm_ops.mem_paging, d); } #endif #ifdef CONFIG_MEM_SHARING static inline int xsm_mem_sharing(xsm_default_t def, struct domain *d) { - return xsm_ops.mem_sharing(d); + return alternative_call(xsm_ops.mem_sharing, d); } #endif static inline int xsm_platform_op(xsm_default_t def, uint32_t op) { - return xsm_ops.platform_op(op); + return alternative_call(xsm_ops.platform_op, op); } #ifdef CONFIG_X86 static inline int xsm_do_mca(xsm_default_t def) { - return xsm_ops.do_mca(); + return alternative_call(xsm_ops.do_mca); } static inline int xsm_shadow_control( xsm_default_t def, struct domain *d, uint32_t op) { - return xsm_ops.shadow_control(d, op); + return alternative_call(xsm_ops.shadow_control, d, op); } static inline int xsm_mem_sharing_op( xsm_default_t def, struct domain *d, struct domain *cd, int op) { - return xsm_ops.mem_sharing_op(d, cd, op); + return alternative_call(xsm_ops.mem_sharing_op, d, cd, op); } static inline int xsm_apic(xsm_default_t def, struct domain *d, int cmd) { - return xsm_ops.apic(d, cmd); + return alternative_call(xsm_ops.apic, d, cmd); } static inline int xsm_machine_memory_map(xsm_default_t def) { - return xsm_ops.machine_memory_map(); + return alternative_call(xsm_ops.machine_memory_map); } static inline int xsm_domain_memory_map(xsm_default_t def, struct domain *d) { - return xsm_ops.domain_memory_map(d); + return alternative_call(xsm_ops.domain_memory_map, d); } static inline int xsm_mmu_update( xsm_default_t def, struct domain *d, struct domain *t, struct domain *f, uint32_t flags) { - return xsm_ops.mmu_update(d, t, f, flags); + return alternative_call(xsm_ops.mmu_update, d, t, f, flags); } static inline int xsm_mmuext_op( xsm_default_t def, struct domain *d, struct domain *f) { - return xsm_ops.mmuext_op(d, f); + return alternative_call(xsm_ops.mmuext_op, d, f); } static inline int xsm_update_va_mapping( @@ -703,64 +704,64 @@ static inline int xsm_update_va_mapping( static inline int xsm_priv_mapping( xsm_default_t def, struct domain *d, struct domain *t) { - return xsm_ops.priv_mapping(d, t); + return alternative_call(xsm_ops.priv_mapping, d, t); } static inline int xsm_ioport_permission( xsm_default_t def, struct domain *d, uint32_t s, uint32_t e, uint8_t allow) { - return xsm_ops.ioport_permission(d, s, e, allow); + return alternative_call(xsm_ops.ioport_permission, d, s, e, allow); } static inline int xsm_ioport_mapping( xsm_default_t def, struct domain *d, uint32_t s, uint32_t e, uint8_t allow) { - return xsm_ops.ioport_mapping(d, s, e, allow); + return alternative_call(xsm_ops.ioport_mapping, d, s, e, allow); } static inline int xsm_pmu_op( xsm_default_t def, struct domain *d, unsigned int op) { - return xsm_ops.pmu_op(d, op); + return alternative_call(xsm_ops.pmu_op, d, op); } #endif /* CONFIG_X86 */ static inline int xsm_dm_op(xsm_default_t def, struct domain *d) { - return xsm_ops.dm_op(d); + return alternative_call(xsm_ops.dm_op, d); } static inline int xsm_xen_version(xsm_default_t def, uint32_t op) { - return xsm_ops.xen_version(op); + return alternative_call(xsm_ops.xen_version, op); } static inline int xsm_domain_resource_map(xsm_default_t def, struct domain *d) { - return xsm_ops.domain_resource_map(d); + return alternative_call(xsm_ops.domain_resource_map, d); } #ifdef CONFIG_ARGO static inline int xsm_argo_enable(const struct domain *d) { - return xsm_ops.argo_enable(d); + return alternative_call(xsm_ops.argo_enable, d); } static inline int xsm_argo_register_single_source( const struct domain *d, const struct domain *t) { - return xsm_ops.argo_register_single_source(d, t); + return alternative_call(xsm_ops.argo_register_single_source, d, t); } static inline int xsm_argo_register_any_source(const struct domain *d) { - return xsm_ops.argo_register_any_source(d); + return alternative_call(xsm_ops.argo_register_any_source, d); } static inline int xsm_argo_send(const struct domain *d, const struct domain *t) { - return xsm_ops.argo_send(d, t); + return alternative_call(xsm_ops.argo_send, d, t); } #endif /* CONFIG_ARGO */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Sep 16 09:12:05 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 16 Sep 2021 09:12:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.188281.337393 (Exim 4.92) (envelope-from ) id 1mQnR7-0003QL-B9; Thu, 16 Sep 2021 09:12:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 188281.337393; Thu, 16 Sep 2021 09:12:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQnR7-0003Q9-7u; Thu, 16 Sep 2021 09:12:05 +0000 Received: by outflank-mailman (input) for mailman id 188281; Thu, 16 Sep 2021 09:12:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQnR6-0003Q1-R0 for xen-changelog@lists.xenproject.org; Thu, 16 Sep 2021 09:12:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQnR6-0002VG-QB for xen-changelog@lists.xenproject.org; Thu, 16 Sep 2021 09:12:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mQnR6-0008IX-PP for xen-changelog@lists.xenproject.org; Thu, 16 Sep 2021 09:12:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=XYiNtLvTp1R9o+iADcI6lZZqXNhfC/VrHnyJC68TNqI=; b=NlJmGddbrkcoszWQsZ1/h/icdr u/n1NrzmoepNdmn34KbHlmeFniZup2ak9sniBI+SpG0r7qqrc9tFaFrfZCFP3lMXQO8Eaeyb95Z6c VZl6ZqK0QAyWNssVD/ijlAhIf3C792qqTXA/aQ3ns1ygRn3ldAejy9Lxpep5KRuO1nsk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] VT-d: defer "no DRHD" check when (un)mapping devices Message-Id: Date: Thu, 16 Sep 2021 09:12:04 +0000 commit 418b4d57416428c5bb5a3e796214367cbdcd9423 Author: Jan Beulich AuthorDate: Thu Sep 16 11:02:08 2021 +0200 Commit: Jan Beulich CommitDate: Thu Sep 16 11:02:08 2021 +0200 VT-d: defer "no DRHD" check when (un)mapping devices If devices are to be skipped anyway (which is the case in particular for host bridges), there's no point complaining about a missing DRHD (and hence a missing association with an IOMMU). While there convert assignments to initializers and constify "drhd" local variables. Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian --- xen/drivers/passthrough/vtd/iommu.c | 29 ++++++++++++++++------------- 1 file changed, 16 insertions(+), 13 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index bab19d79e8..9827ab184d 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1460,14 +1460,10 @@ static int domain_context_unmap(struct domain *d, uint8_t devfn, static int domain_context_mapping(struct domain *domain, u8 devfn, struct pci_dev *pdev) { - struct acpi_drhd_unit *drhd; + const struct acpi_drhd_unit *drhd = acpi_find_matched_drhd_unit(pdev); int ret = 0; u8 seg = pdev->seg, bus = pdev->bus, secbus; - drhd = acpi_find_matched_drhd_unit(pdev); - if ( !drhd ) - return -ENODEV; - /* * Generally we assume only devices from one node to get assigned to a * given guest. But even if not, by replacing the prior value here we @@ -1476,7 +1472,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, * this or other devices may be penalized then, but some would also be * if we left other than NUMA_NO_NODE untouched here. */ - if ( drhd->iommu->node != NUMA_NO_NODE ) + if ( drhd && drhd->iommu->node != NUMA_NO_NODE ) dom_iommu(domain)->node = drhd->iommu->node; ASSERT(pcidevs_locked()); @@ -1497,6 +1493,9 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, break; case DEV_TYPE_PCIe_ENDPOINT: + if ( !drhd ) + return -ENODEV; + if ( iommu_debug ) printk(VTDPREFIX "%pd:PCIe: map %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); @@ -1508,6 +1507,9 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, break; case DEV_TYPE_PCI: + if ( !drhd ) + return -ENODEV; + if ( iommu_debug ) printk(VTDPREFIX "%pd:PCI: map %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); @@ -1651,17 +1653,12 @@ int domain_context_unmap_one( static int domain_context_unmap(struct domain *domain, u8 devfn, struct pci_dev *pdev) { - struct acpi_drhd_unit *drhd; - struct vtd_iommu *iommu; + const struct acpi_drhd_unit *drhd = acpi_find_matched_drhd_unit(pdev); + struct vtd_iommu *iommu = drhd ? drhd->iommu : NULL; int ret; u8 seg = pdev->seg, bus = pdev->bus, tmp_bus, tmp_devfn, secbus; int found = 0; - drhd = acpi_find_matched_drhd_unit(pdev); - if ( !drhd ) - return -ENODEV; - iommu = drhd->iommu; - switch ( pdev->type ) { case DEV_TYPE_PCI_HOST_BRIDGE: @@ -1676,6 +1673,9 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, return 0; case DEV_TYPE_PCIe_ENDPOINT: + if ( !iommu ) + return -ENODEV; + if ( iommu_debug ) printk(VTDPREFIX "%pd:PCIe: unmap %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); @@ -1686,6 +1686,9 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, break; case DEV_TYPE_PCI: + if ( !iommu ) + return -ENODEV; + if ( iommu_debug ) printk(VTDPREFIX "%pd:PCI: unmap %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Sep 16 09:12:15 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 16 Sep 2021 09:12:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.188282.337396 (Exim 4.92) (envelope-from ) id 1mQnRH-0003Tr-CR; Thu, 16 Sep 2021 09:12:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 188282.337396; Thu, 16 Sep 2021 09:12:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQnRH-0003Ti-9P; Thu, 16 Sep 2021 09:12:15 +0000 Received: by outflank-mailman (input) for mailman id 188282; Thu, 16 Sep 2021 09:12:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQnRG-0003TP-UE for xen-changelog@lists.xenproject.org; Thu, 16 Sep 2021 09:12:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQnRG-0002VQ-TO for xen-changelog@lists.xenproject.org; Thu, 16 Sep 2021 09:12:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mQnRG-0008J5-Sa for xen-changelog@lists.xenproject.org; Thu, 16 Sep 2021 09:12:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=tIOS3bSLtuL9COHKXsLSemGPYFB7nf4LTDG8+73OYno=; b=Dara0nyMydLEZdc2IFvBPoCZkC /ZEJB1RoSJM8wl24dOBZfA+0apu0lU1Tg7cpVzIiYB67NRyimKqpfv2ibAAArdsYQDKQl3ACJKLOP /DXsTfwf0mfy9zvMRAmu4PPp2B8BaN/3vKQcjamvQzqhqeiHsXRdRIDElDfv9eNBzgLY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] VT-d: skip IOMMU bitmap cleanup for phantom devices Message-Id: Date: Thu, 16 Sep 2021 09:12:14 +0000 commit 9d92140d0255e14d8c3eaba7edc931327eb96fd0 Author: Jan Beulich AuthorDate: Thu Sep 16 11:02:48 2021 +0200 Commit: Jan Beulich CommitDate: Thu Sep 16 11:02:48 2021 +0200 VT-d: skip IOMMU bitmap cleanup for phantom devices Doing the cleanup also for phantom devices is at best redundant with doing it for the corresponding real device. I couldn't force myself into checking all the code paths whether it really is: It seems better to explicitly skip this step in such cases. Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian --- xen/drivers/passthrough/vtd/iommu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 9827ab184d..aeb1dddc88 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1733,7 +1733,7 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, return -EINVAL; } - if ( ret || QUARANTINE_SKIP(domain) ) + if ( ret || QUARANTINE_SKIP(domain) || pdev->devfn != devfn ) return ret; /* -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Sep 16 21:22:12 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 16 Sep 2021 21:22:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.188753.338033 (Exim 4.92) (envelope-from ) id 1mQypa-0003is-H0; Thu, 16 Sep 2021 21:22:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 188753.338033; Thu, 16 Sep 2021 21:22:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQypa-0003ik-DH; Thu, 16 Sep 2021 21:22:06 +0000 Received: by outflank-mailman (input) for mailman id 188753; Thu, 16 Sep 2021 21:22:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQypZ-0003iS-32 for xen-changelog@lists.xenproject.org; Thu, 16 Sep 2021 21:22:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQypZ-0007SS-1I for xen-changelog@lists.xenproject.org; Thu, 16 Sep 2021 21:22:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mQypZ-0006yq-06 for xen-changelog@lists.xenproject.org; Thu, 16 Sep 2021 21:22:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=O/Y9i/mKfcDMcclyx3G8Pg+AK0Y81aYu0KRWRpVsgo0=; b=ONl6u3GxFzOa8Fhdm4pXf5psXS yfxBvFq/HpzpX35YchkeZdhpMeFe8S0hLxLIjtMvhF0AtKLx+EPO14tCCcjplgZv8n2MkYF/dociB 8DyxFyYiPa7r0Yd73El8XxSozIUnxt8UYhQ2XaLlUEarXEHigoc6I3LK87gWH4ubSOio=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: Import ID registers definitions from Linux Message-Id: Date: Thu, 16 Sep 2021 21:22:05 +0000 commit b1cbe8c8ef5c9cac77edbf42c32e2cf16826b85d Author: Bertrand Marquis AuthorDate: Thu Sep 16 07:25:34 2021 +0100 Commit: Stefano Stabellini CommitDate: Thu Sep 16 14:15:40 2021 -0700 xen/arm: Import ID registers definitions from Linux Import some ID registers definitions from Linux sysreg header to have required shift definitions for all ID registers fields. Those are required to reuse the cpufeature sanitization system from Linux kernel. Signed-off-by: Bertrand Marquis Acked-by: Julien Grall --- xen/include/asm-arm/arm64/sysregs.h | 312 ++++++++++++++++++++++++++++++++++++ 1 file changed, 312 insertions(+) diff --git a/xen/include/asm-arm/arm64/sysregs.h b/xen/include/asm-arm/arm64/sysregs.h index 795901e1ba..d7e4772f21 100644 --- a/xen/include/asm-arm/arm64/sysregs.h +++ b/xen/include/asm-arm/arm64/sysregs.h @@ -85,6 +85,318 @@ #define ID_DFR1_EL1 S3_0_C0_C3_5 #endif +/* ID registers (imported from arm64/include/asm/sysreg.h in Linux) */ + +/* id_aa64isar0 */ +#define ID_AA64ISAR0_RNDR_SHIFT 60 +#define ID_AA64ISAR0_TLB_SHIFT 56 +#define ID_AA64ISAR0_TS_SHIFT 52 +#define ID_AA64ISAR0_FHM_SHIFT 48 +#define ID_AA64ISAR0_DP_SHIFT 44 +#define ID_AA64ISAR0_SM4_SHIFT 40 +#define ID_AA64ISAR0_SM3_SHIFT 36 +#define ID_AA64ISAR0_SHA3_SHIFT 32 +#define ID_AA64ISAR0_RDM_SHIFT 28 +#define ID_AA64ISAR0_ATOMICS_SHIFT 20 +#define ID_AA64ISAR0_CRC32_SHIFT 16 +#define ID_AA64ISAR0_SHA2_SHIFT 12 +#define ID_AA64ISAR0_SHA1_SHIFT 8 +#define ID_AA64ISAR0_AES_SHIFT 4 + +#define ID_AA64ISAR0_TLB_RANGE_NI 0x0 +#define ID_AA64ISAR0_TLB_RANGE 0x2 + +/* id_aa64isar1 */ +#define ID_AA64ISAR1_I8MM_SHIFT 52 +#define ID_AA64ISAR1_DGH_SHIFT 48 +#define ID_AA64ISAR1_BF16_SHIFT 44 +#define ID_AA64ISAR1_SPECRES_SHIFT 40 +#define ID_AA64ISAR1_SB_SHIFT 36 +#define ID_AA64ISAR1_FRINTTS_SHIFT 32 +#define ID_AA64ISAR1_GPI_SHIFT 28 +#define ID_AA64ISAR1_GPA_SHIFT 24 +#define ID_AA64ISAR1_LRCPC_SHIFT 20 +#define ID_AA64ISAR1_FCMA_SHIFT 16 +#define ID_AA64ISAR1_JSCVT_SHIFT 12 +#define ID_AA64ISAR1_API_SHIFT 8 +#define ID_AA64ISAR1_APA_SHIFT 4 +#define ID_AA64ISAR1_DPB_SHIFT 0 + +#define ID_AA64ISAR1_APA_NI 0x0 +#define ID_AA64ISAR1_APA_ARCHITECTED 0x1 +#define ID_AA64ISAR1_APA_ARCH_EPAC 0x2 +#define ID_AA64ISAR1_APA_ARCH_EPAC2 0x3 +#define ID_AA64ISAR1_APA_ARCH_EPAC2_FPAC 0x4 +#define ID_AA64ISAR1_APA_ARCH_EPAC2_FPAC_CMB 0x5 +#define ID_AA64ISAR1_API_NI 0x0 +#define ID_AA64ISAR1_API_IMP_DEF 0x1 +#define ID_AA64ISAR1_API_IMP_DEF_EPAC 0x2 +#define ID_AA64ISAR1_API_IMP_DEF_EPAC2 0x3 +#define ID_AA64ISAR1_API_IMP_DEF_EPAC2_FPAC 0x4 +#define ID_AA64ISAR1_API_IMP_DEF_EPAC2_FPAC_CMB 0x5 +#define ID_AA64ISAR1_GPA_NI 0x0 +#define ID_AA64ISAR1_GPA_ARCHITECTED 0x1 +#define ID_AA64ISAR1_GPI_NI 0x0 +#define ID_AA64ISAR1_GPI_IMP_DEF 0x1 + +/* id_aa64pfr0 */ +#define ID_AA64PFR0_CSV3_SHIFT 60 +#define ID_AA64PFR0_CSV2_SHIFT 56 +#define ID_AA64PFR0_DIT_SHIFT 48 +#define ID_AA64PFR0_AMU_SHIFT 44 +#define ID_AA64PFR0_MPAM_SHIFT 40 +#define ID_AA64PFR0_SEL2_SHIFT 36 +#define ID_AA64PFR0_SVE_SHIFT 32 +#define ID_AA64PFR0_RAS_SHIFT 28 +#define ID_AA64PFR0_GIC_SHIFT 24 +#define ID_AA64PFR0_ASIMD_SHIFT 20 +#define ID_AA64PFR0_FP_SHIFT 16 +#define ID_AA64PFR0_EL3_SHIFT 12 +#define ID_AA64PFR0_EL2_SHIFT 8 +#define ID_AA64PFR0_EL1_SHIFT 4 +#define ID_AA64PFR0_EL0_SHIFT 0 + +#define ID_AA64PFR0_AMU 0x1 +#define ID_AA64PFR0_SVE 0x1 +#define ID_AA64PFR0_RAS_V1 0x1 +#define ID_AA64PFR0_FP_NI 0xf +#define ID_AA64PFR0_FP_SUPPORTED 0x0 +#define ID_AA64PFR0_ASIMD_NI 0xf +#define ID_AA64PFR0_ASIMD_SUPPORTED 0x0 +#define ID_AA64PFR0_EL1_64BIT_ONLY 0x1 +#define ID_AA64PFR0_EL1_32BIT_64BIT 0x2 +#define ID_AA64PFR0_EL0_64BIT_ONLY 0x1 +#define ID_AA64PFR0_EL0_32BIT_64BIT 0x2 + +/* id_aa64pfr1 */ +#define ID_AA64PFR1_MPAMFRAC_SHIFT 16 +#define ID_AA64PFR1_RASFRAC_SHIFT 12 +#define ID_AA64PFR1_MTE_SHIFT 8 +#define ID_AA64PFR1_SSBS_SHIFT 4 +#define ID_AA64PFR1_BT_SHIFT 0 + +#define ID_AA64PFR1_SSBS_PSTATE_NI 0 +#define ID_AA64PFR1_SSBS_PSTATE_ONLY 1 +#define ID_AA64PFR1_SSBS_PSTATE_INSNS 2 +#define ID_AA64PFR1_BT_BTI 0x1 + +#define ID_AA64PFR1_MTE_NI 0x0 +#define ID_AA64PFR1_MTE_EL0 0x1 +#define ID_AA64PFR1_MTE 0x2 + +/* id_aa64zfr0 */ +#define ID_AA64ZFR0_F64MM_SHIFT 56 +#define ID_AA64ZFR0_F32MM_SHIFT 52 +#define ID_AA64ZFR0_I8MM_SHIFT 44 +#define ID_AA64ZFR0_SM4_SHIFT 40 +#define ID_AA64ZFR0_SHA3_SHIFT 32 +#define ID_AA64ZFR0_BF16_SHIFT 20 +#define ID_AA64ZFR0_BITPERM_SHIFT 16 +#define ID_AA64ZFR0_AES_SHIFT 4 +#define ID_AA64ZFR0_SVEVER_SHIFT 0 + +#define ID_AA64ZFR0_F64MM 0x1 +#define ID_AA64ZFR0_F32MM 0x1 +#define ID_AA64ZFR0_I8MM 0x1 +#define ID_AA64ZFR0_BF16 0x1 +#define ID_AA64ZFR0_SM4 0x1 +#define ID_AA64ZFR0_SHA3 0x1 +#define ID_AA64ZFR0_BITPERM 0x1 +#define ID_AA64ZFR0_AES 0x1 +#define ID_AA64ZFR0_AES_PMULL 0x2 +#define ID_AA64ZFR0_SVEVER_SVE2 0x1 + +/* id_aa64mmfr0 */ +#define ID_AA64MMFR0_ECV_SHIFT 60 +#define ID_AA64MMFR0_FGT_SHIFT 56 +#define ID_AA64MMFR0_EXS_SHIFT 44 +#define ID_AA64MMFR0_TGRAN4_2_SHIFT 40 +#define ID_AA64MMFR0_TGRAN64_2_SHIFT 36 +#define ID_AA64MMFR0_TGRAN16_2_SHIFT 32 +#define ID_AA64MMFR0_TGRAN4_SHIFT 28 +#define ID_AA64MMFR0_TGRAN64_SHIFT 24 +#define ID_AA64MMFR0_TGRAN16_SHIFT 20 +#define ID_AA64MMFR0_BIGENDEL0_SHIFT 16 +#define ID_AA64MMFR0_SNSMEM_SHIFT 12 +#define ID_AA64MMFR0_BIGENDEL_SHIFT 8 +#define ID_AA64MMFR0_ASID_SHIFT 4 +#define ID_AA64MMFR0_PARANGE_SHIFT 0 + +#define ID_AA64MMFR0_TGRAN4_NI 0xf +#define ID_AA64MMFR0_TGRAN4_SUPPORTED 0x0 +#define ID_AA64MMFR0_TGRAN64_NI 0xf +#define ID_AA64MMFR0_TGRAN64_SUPPORTED 0x0 +#define ID_AA64MMFR0_TGRAN16_NI 0x0 +#define ID_AA64MMFR0_TGRAN16_SUPPORTED 0x1 +#define ID_AA64MMFR0_PARANGE_48 0x5 +#define ID_AA64MMFR0_PARANGE_52 0x6 + +/* id_aa64mmfr1 */ +#define ID_AA64MMFR1_ETS_SHIFT 36 +#define ID_AA64MMFR1_TWED_SHIFT 32 +#define ID_AA64MMFR1_XNX_SHIFT 28 +#define ID_AA64MMFR1_SPECSEI_SHIFT 24 +#define ID_AA64MMFR1_PAN_SHIFT 20 +#define ID_AA64MMFR1_LOR_SHIFT 16 +#define ID_AA64MMFR1_HPD_SHIFT 12 +#define ID_AA64MMFR1_VHE_SHIFT 8 +#define ID_AA64MMFR1_VMIDBITS_SHIFT 4 +#define ID_AA64MMFR1_HADBS_SHIFT 0 + +#define ID_AA64MMFR1_VMIDBITS_8 0 +#define ID_AA64MMFR1_VMIDBITS_16 2 + +/* id_aa64mmfr2 */ +#define ID_AA64MMFR2_E0PD_SHIFT 60 +#define ID_AA64MMFR2_EVT_SHIFT 56 +#define ID_AA64MMFR2_BBM_SHIFT 52 +#define ID_AA64MMFR2_TTL_SHIFT 48 +#define ID_AA64MMFR2_FWB_SHIFT 40 +#define ID_AA64MMFR2_IDS_SHIFT 36 +#define ID_AA64MMFR2_AT_SHIFT 32 +#define ID_AA64MMFR2_ST_SHIFT 28 +#define ID_AA64MMFR2_NV_SHIFT 24 +#define ID_AA64MMFR2_CCIDX_SHIFT 20 +#define ID_AA64MMFR2_LVA_SHIFT 16 +#define ID_AA64MMFR2_IESB_SHIFT 12 +#define ID_AA64MMFR2_LSM_SHIFT 8 +#define ID_AA64MMFR2_UAO_SHIFT 4 +#define ID_AA64MMFR2_CNP_SHIFT 0 + +/* id_aa64dfr0 */ +#define ID_AA64DFR0_DOUBLELOCK_SHIFT 36 +#define ID_AA64DFR0_PMSVER_SHIFT 32 +#define ID_AA64DFR0_CTX_CMPS_SHIFT 28 +#define ID_AA64DFR0_WRPS_SHIFT 20 +#define ID_AA64DFR0_BRPS_SHIFT 12 +#define ID_AA64DFR0_PMUVER_SHIFT 8 +#define ID_AA64DFR0_TRACEVER_SHIFT 4 +#define ID_AA64DFR0_DEBUGVER_SHIFT 0 + +#define ID_AA64DFR0_PMUVER_8_0 0x1 +#define ID_AA64DFR0_PMUVER_8_1 0x4 +#define ID_AA64DFR0_PMUVER_8_4 0x5 +#define ID_AA64DFR0_PMUVER_8_5 0x6 +#define ID_AA64DFR0_PMUVER_IMP_DEF 0xf + +#define ID_DFR0_PERFMON_SHIFT 24 + +#define ID_DFR0_PERFMON_8_1 0x4 + +#define ID_ISAR4_SWP_FRAC_SHIFT 28 +#define ID_ISAR4_PSR_M_SHIFT 24 +#define ID_ISAR4_SYNCH_PRIM_FRAC_SHIFT 20 +#define ID_ISAR4_BARRIER_SHIFT 16 +#define ID_ISAR4_SMC_SHIFT 12 +#define ID_ISAR4_WRITEBACK_SHIFT 8 +#define ID_ISAR4_WITHSHIFTS_SHIFT 4 +#define ID_ISAR4_UNPRIV_SHIFT 0 + +#define ID_DFR1_MTPMU_SHIFT 0 + +#define ID_ISAR0_DIVIDE_SHIFT 24 +#define ID_ISAR0_DEBUG_SHIFT 20 +#define ID_ISAR0_COPROC_SHIFT 16 +#define ID_ISAR0_CMPBRANCH_SHIFT 12 +#define ID_ISAR0_BITFIELD_SHIFT 8 +#define ID_ISAR0_BITCOUNT_SHIFT 4 +#define ID_ISAR0_SWAP_SHIFT 0 + +#define ID_ISAR5_RDM_SHIFT 24 +#define ID_ISAR5_CRC32_SHIFT 16 +#define ID_ISAR5_SHA2_SHIFT 12 +#define ID_ISAR5_SHA1_SHIFT 8 +#define ID_ISAR5_AES_SHIFT 4 +#define ID_ISAR5_SEVL_SHIFT 0 + +#define ID_ISAR6_I8MM_SHIFT 24 +#define ID_ISAR6_BF16_SHIFT 20 +#define ID_ISAR6_SPECRES_SHIFT 16 +#define ID_ISAR6_SB_SHIFT 12 +#define ID_ISAR6_FHM_SHIFT 8 +#define ID_ISAR6_DP_SHIFT 4 +#define ID_ISAR6_JSCVT_SHIFT 0 + +#define ID_MMFR0_INNERSHR_SHIFT 28 +#define ID_MMFR0_FCSE_SHIFT 24 +#define ID_MMFR0_AUXREG_SHIFT 20 +#define ID_MMFR0_TCM_SHIFT 16 +#define ID_MMFR0_SHARELVL_SHIFT 12 +#define ID_MMFR0_OUTERSHR_SHIFT 8 +#define ID_MMFR0_PMSA_SHIFT 4 +#define ID_MMFR0_VMSA_SHIFT 0 + +#define ID_MMFR4_EVT_SHIFT 28 +#define ID_MMFR4_CCIDX_SHIFT 24 +#define ID_MMFR4_LSM_SHIFT 20 +#define ID_MMFR4_HPDS_SHIFT 16 +#define ID_MMFR4_CNP_SHIFT 12 +#define ID_MMFR4_XNX_SHIFT 8 +#define ID_MMFR4_AC2_SHIFT 4 +#define ID_MMFR4_SPECSEI_SHIFT 0 + +#define ID_MMFR5_ETS_SHIFT 0 + +#define ID_PFR0_DIT_SHIFT 24 +#define ID_PFR0_CSV2_SHIFT 16 +#define ID_PFR0_STATE3_SHIFT 12 +#define ID_PFR0_STATE2_SHIFT 8 +#define ID_PFR0_STATE1_SHIFT 4 +#define ID_PFR0_STATE0_SHIFT 0 + +#define ID_DFR0_PERFMON_SHIFT 24 +#define ID_DFR0_MPROFDBG_SHIFT 20 +#define ID_DFR0_MMAPTRC_SHIFT 16 +#define ID_DFR0_COPTRC_SHIFT 12 +#define ID_DFR0_MMAPDBG_SHIFT 8 +#define ID_DFR0_COPSDBG_SHIFT 4 +#define ID_DFR0_COPDBG_SHIFT 0 + +#define ID_PFR2_SSBS_SHIFT 4 +#define ID_PFR2_CSV3_SHIFT 0 + +#define MVFR0_FPROUND_SHIFT 28 +#define MVFR0_FPSHVEC_SHIFT 24 +#define MVFR0_FPSQRT_SHIFT 20 +#define MVFR0_FPDIVIDE_SHIFT 16 +#define MVFR0_FPTRAP_SHIFT 12 +#define MVFR0_FPDP_SHIFT 8 +#define MVFR0_FPSP_SHIFT 4 +#define MVFR0_SIMD_SHIFT 0 + +#define MVFR1_SIMDFMAC_SHIFT 28 +#define MVFR1_FPHP_SHIFT 24 +#define MVFR1_SIMDHP_SHIFT 20 +#define MVFR1_SIMDSP_SHIFT 16 +#define MVFR1_SIMDINT_SHIFT 12 +#define MVFR1_SIMDLS_SHIFT 8 +#define MVFR1_FPDNAN_SHIFT 4 +#define MVFR1_FPFTZ_SHIFT 0 + +#define ID_PFR1_GIC_SHIFT 28 +#define ID_PFR1_VIRT_FRAC_SHIFT 24 +#define ID_PFR1_SEC_FRAC_SHIFT 20 +#define ID_PFR1_GENTIMER_SHIFT 16 +#define ID_PFR1_VIRTUALIZATION_SHIFT 12 +#define ID_PFR1_MPROGMOD_SHIFT 8 +#define ID_PFR1_SECURITY_SHIFT 4 +#define ID_PFR1_PROGMOD_SHIFT 0 + +#define MVFR2_FPMISC_SHIFT 4 +#define MVFR2_SIMDMISC_SHIFT 0 + +#define DCZID_DZP_SHIFT 4 +#define DCZID_BS_SHIFT 0 + +/* + * The ZCR_ELx_LEN_* definitions intentionally include bits [8:4] which + * are reserved by the SVE architecture for future expansion of the LEN + * field, with compatible semantics. + */ +#define ZCR_ELx_LEN_SHIFT 0 +#define ZCR_ELx_LEN_SIZE 9 +#define ZCR_ELx_LEN_MASK 0x1ff + /* Access to system registers */ #define WRITE_SYSREG64(v, name) do { \ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Sep 16 21:22:16 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 16 Sep 2021 21:22:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.188754.338035 (Exim 4.92) (envelope-from ) id 1mQypk-0003ln-IQ; Thu, 16 Sep 2021 21:22:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 188754.338035; Thu, 16 Sep 2021 21:22:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQypk-0003lf-FJ; Thu, 16 Sep 2021 21:22:16 +0000 Received: by outflank-mailman (input) for mailman id 188754; Thu, 16 Sep 2021 21:22:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQypj-0003lR-7U for xen-changelog@lists.xenproject.org; Thu, 16 Sep 2021 21:22:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQypj-0007Sa-6W for xen-changelog@lists.xenproject.org; Thu, 16 Sep 2021 21:22:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mQypj-0006zk-3f for xen-changelog@lists.xenproject.org; Thu, 16 Sep 2021 21:22:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=BdaYaF41HsYPAtwkGVLSgvRhF94p6MSWbMjxzNf/G9Q=; b=GUDLllHEmYs6XMB6p8DCkc3Imd BRrbZWRglQmo/FdLgr4WsHdd2kkMDzaLQeZAHuMlIk1DfyUL7QPpJFmY+wS9YRSrxhAwf7L5IMOMI hLI3hQedV1eps7yDntMS6fhOyR627PlLNocA+Lkx2goUU9cBSAkXxotcGJNqLsDFfgzQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: Import ID features sanitize from linux Message-Id: Date: Thu, 16 Sep 2021 21:22:15 +0000 commit 3918da3abd41d5b08ba4484711a70c1441ae4110 Author: Bertrand Marquis AuthorDate: Thu Sep 16 07:25:35 2021 +0100 Commit: Stefano Stabellini CommitDate: Thu Sep 16 14:15:41 2021 -0700 xen/arm: Import ID features sanitize from linux Import structures declared in Linux file arch/arm64/kernel/cpufeature.c and the required types from arch/arm64/include/asm/cpufeature.h. Current code has been imported from Linux 5.13-rc5 (Commit ID cd1245d75ce93b8fd206f4b34eb58bcfe156d5e9) and copied into cpufeature.c in arm64 code and cpufeature.h in arm64 specific headers. Those structure will be used to sanitize the cpu features available to the ones availble on all cores of a system even if we are on an heterogeneous platform (from example a big/LITTLE). For each feature field of all ID registers, those structures define what is the safest value and if we can allow to have different values in different cores. This patch is introducing Linux code without any changes to it. Signed-off-by: Bertrand Marquis Reviewed-by: Stefano Stabellini --- xen/arch/arm/arm64/cpufeature.c | 514 +++++++++++++++++++++++++++++++++ xen/include/asm-arm/arm64/cpufeature.h | 104 +++++++ 2 files changed, 618 insertions(+) diff --git a/xen/arch/arm/arm64/cpufeature.c b/xen/arch/arm/arm64/cpufeature.c new file mode 100644 index 0000000000..152086dc9d --- /dev/null +++ b/xen/arch/arm/arm64/cpufeature.c @@ -0,0 +1,514 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Contains CPU feature definitions + * + * The following structures have been imported directly from Linux kernel and + * should be kept in sync. + * The current version has been imported from arch/arm64/kernel/cpufeature.c + * from kernel version 5.13-rc5 together with the required structures and + * macros from arch/arm64/include/asm/cpufeature.h which are stored in + * include/asm-arm/arm64/cpufeature.h + * + * Copyright (C) 2021 Arm Ltd. + * based on code from the Linux kernel, which is: + * Copyright (C) 2015 ARM Ltd. + * + * A note for the weary kernel hacker: the code here is confusing and hard to + * follow! That's partly because it's solving a nasty problem, but also because + * there's a little bit of over-abstraction that tends to obscure what's going + * on behind a maze of helper functions and macros. + * + * The basic problem is that hardware folks have started gluing together CPUs + * with distinct architectural features; in some cases even creating SoCs where + * user-visible instructions are available only on a subset of the available + * cores. We try to address this by snapshotting the feature registers of the + * boot CPU and comparing these with the feature registers of each secondary + * CPU when bringing them up. If there is a mismatch, then we update the + * snapshot state to indicate the lowest-common denominator of the feature, + * known as the "safe" value. This snapshot state can be queried to view the + * "sanitised" value of a feature register. + * + * The sanitised register values are used to decide which capabilities we + * have in the system. These may be in the form of traditional "hwcaps" + * advertised to userspace or internal "cpucaps" which are used to configure + * things like alternative patching and static keys. While a feature mismatch + * may result in a TAINT_CPU_OUT_OF_SPEC kernel taint, a capability mismatch + * may prevent a CPU from being onlined at all. + * + * Some implementation details worth remembering: + * + * - Mismatched features are *always* sanitised to a "safe" value, which + * usually indicates that the feature is not supported. + * + * - A mismatched feature marked with FTR_STRICT will cause a "SANITY CHECK" + * warning when onlining an offending CPU and the kernel will be tainted + * with TAINT_CPU_OUT_OF_SPEC. + * + * - Features marked as FTR_VISIBLE have their sanitised value visible to + * userspace. FTR_VISIBLE features in registers that are only visible + * to EL0 by trapping *must* have a corresponding HWCAP so that late + * onlining of CPUs cannot lead to features disappearing at runtime. + * + * - A "feature" is typically a 4-bit register field. A "capability" is the + * high-level description derived from the sanitised field value. + * + * - Read the Arm ARM (DDI 0487F.a) section D13.1.3 ("Principles of the ID + * scheme for fields in ID registers") to understand when feature fields + * may be signed or unsigned (FTR_SIGNED and FTR_UNSIGNED accordingly). + * + * - KVM exposes its own view of the feature registers to guest operating + * systems regardless of FTR_VISIBLE. This is typically driven from the + * sanitised register values to allow virtual CPUs to be migrated between + * arbitrary physical CPUs, but some features not present on the host are + * also advertised and emulated. Look at sys_reg_descs[] for the gory + * details. + * + * - If the arm64_ftr_bits[] for a register has a missing field, then this + * field is treated as STRICT RES0, including for read_sanitised_ftr_reg(). + * This is stronger than FTR_HIDDEN and can be used to hide features from + * KVM guests. + */ + +#include +#include +#include +#include +#include + +#define __ARM64_FTR_BITS(SIGNED, VISIBLE, STRICT, TYPE, SHIFT, WIDTH, SAFE_VAL) \ + { \ + .sign = SIGNED, \ + .visible = VISIBLE, \ + .strict = STRICT, \ + .type = TYPE, \ + .shift = SHIFT, \ + .width = WIDTH, \ + .safe_val = SAFE_VAL, \ + } + +/* Define a feature with unsigned values */ +#define ARM64_FTR_BITS(VISIBLE, STRICT, TYPE, SHIFT, WIDTH, SAFE_VAL) \ + __ARM64_FTR_BITS(FTR_UNSIGNED, VISIBLE, STRICT, TYPE, SHIFT, WIDTH, SAFE_VAL) + +/* Define a feature with a signed value */ +#define S_ARM64_FTR_BITS(VISIBLE, STRICT, TYPE, SHIFT, WIDTH, SAFE_VAL) \ + __ARM64_FTR_BITS(FTR_SIGNED, VISIBLE, STRICT, TYPE, SHIFT, WIDTH, SAFE_VAL) + +#define ARM64_FTR_END \ + { \ + .width = 0, \ + } + +/* + * NOTE: Any changes to the visibility of features should be kept in + * sync with the documentation of the CPU feature register ABI. + */ +static const struct arm64_ftr_bits ftr_id_aa64isar0[] = { + ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR0_RNDR_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR0_TLB_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR0_TS_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR0_FHM_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR0_DP_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR0_SM4_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR0_SM3_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR0_SHA3_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR0_RDM_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR0_ATOMICS_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR0_CRC32_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR0_SHA2_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR0_SHA1_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR0_AES_SHIFT, 4, 0), + ARM64_FTR_END, +}; + +static const struct arm64_ftr_bits ftr_id_aa64isar1[] = { + ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_I8MM_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_DGH_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_BF16_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_SPECRES_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_SB_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_FRINTTS_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_PTR_AUTH), + FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_GPI_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_PTR_AUTH), + FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_GPA_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_LRCPC_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_FCMA_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_JSCVT_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_PTR_AUTH), + FTR_STRICT, FTR_EXACT, ID_AA64ISAR1_API_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_PTR_AUTH), + FTR_STRICT, FTR_EXACT, ID_AA64ISAR1_APA_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_DPB_SHIFT, 4, 0), + ARM64_FTR_END, +}; + +static const struct arm64_ftr_bits ftr_id_aa64pfr0[] = { + ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_AA64PFR0_CSV3_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_AA64PFR0_CSV2_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR0_DIT_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_AA64PFR0_AMU_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR0_MPAM_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_AA64PFR0_SEL2_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_SVE), + FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR0_SVE_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR0_RAS_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR0_GIC_SHIFT, 4, 0), + S_ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR0_ASIMD_SHIFT, 4, ID_AA64PFR0_ASIMD_NI), + S_ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR0_FP_SHIFT, 4, ID_AA64PFR0_FP_NI), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_AA64PFR0_EL3_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_AA64PFR0_EL2_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_AA64PFR0_EL1_SHIFT, 4, ID_AA64PFR0_EL1_64BIT_ONLY), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_AA64PFR0_EL0_SHIFT, 4, ID_AA64PFR0_EL0_64BIT_ONLY), + ARM64_FTR_END, +}; + +static const struct arm64_ftr_bits ftr_id_aa64pfr1[] = { + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_MPAMFRAC_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_RASFRAC_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_MTE), + FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_MTE_SHIFT, 4, ID_AA64PFR1_MTE_NI), + ARM64_FTR_BITS(FTR_VISIBLE, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_AA64PFR1_SSBS_SHIFT, 4, ID_AA64PFR1_SSBS_PSTATE_NI), + ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_BTI), + FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_BT_SHIFT, 4, 0), + ARM64_FTR_END, +}; + +static const struct arm64_ftr_bits ftr_id_aa64zfr0[] = { + ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_SVE), + FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ZFR0_F64MM_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_SVE), + FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ZFR0_F32MM_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_SVE), + FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ZFR0_I8MM_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_SVE), + FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ZFR0_SM4_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_SVE), + FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ZFR0_SHA3_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_SVE), + FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ZFR0_BF16_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_SVE), + FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ZFR0_BITPERM_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_SVE), + FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ZFR0_AES_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_SVE), + FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ZFR0_SVEVER_SHIFT, 4, 0), + ARM64_FTR_END, +}; + +static const struct arm64_ftr_bits ftr_id_aa64mmfr0[] = { + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR0_ECV_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR0_FGT_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR0_EXS_SHIFT, 4, 0), + /* + * Page size not being supported at Stage-2 is not fatal. You + * just give up KVM if PAGE_SIZE isn't supported there. Go fix + * your favourite nesting hypervisor. + * + * There is a small corner case where the hypervisor explicitly + * advertises a given granule size at Stage-2 (value 2) on some + * vCPUs, and uses the fallback to Stage-1 (value 0) for other + * vCPUs. Although this is not forbidden by the architecture, it + * indicates that the hypervisor is being silly (or buggy). + * + * We make no effort to cope with this and pretend that if these + * fields are inconsistent across vCPUs, then it isn't worth + * trying to bring KVM up. + */ + ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_EXACT, ID_AA64MMFR0_TGRAN4_2_SHIFT, 4, 1), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_EXACT, ID_AA64MMFR0_TGRAN64_2_SHIFT, 4, 1), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_EXACT, ID_AA64MMFR0_TGRAN16_2_SHIFT, 4, 1), + /* + * We already refuse to boot CPUs that don't support our configured + * page size, so we can only detect mismatches for a page size other + * than the one we're currently using. Unfortunately, SoCs like this + * exist in the wild so, even though we don't like it, we'll have to go + * along with it and treat them as non-strict. + */ + S_ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_AA64MMFR0_TGRAN4_SHIFT, 4, ID_AA64MMFR0_TGRAN4_NI), + S_ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_AA64MMFR0_TGRAN64_SHIFT, 4, ID_AA64MMFR0_TGRAN64_NI), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_AA64MMFR0_TGRAN16_SHIFT, 4, ID_AA64MMFR0_TGRAN16_NI), + + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR0_BIGENDEL0_SHIFT, 4, 0), + /* Linux shouldn't care about secure memory */ + ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_AA64MMFR0_SNSMEM_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR0_BIGENDEL_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR0_ASID_SHIFT, 4, 0), + /* + * Differing PARange is fine as long as all peripherals and memory are mapped + * within the minimum PARange of all CPUs + */ + ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_AA64MMFR0_PARANGE_SHIFT, 4, 0), + ARM64_FTR_END, +}; + +static const struct arm64_ftr_bits ftr_id_aa64mmfr1[] = { + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR1_ETS_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR1_TWED_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR1_XNX_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_HIGHER_SAFE, ID_AA64MMFR1_SPECSEI_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR1_PAN_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR1_LOR_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR1_HPD_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR1_VHE_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR1_VMIDBITS_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR1_HADBS_SHIFT, 4, 0), + ARM64_FTR_END, +}; + +static const struct arm64_ftr_bits ftr_id_aa64mmfr2[] = { + ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_AA64MMFR2_E0PD_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR2_EVT_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR2_BBM_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR2_TTL_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR2_FWB_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR2_IDS_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR2_AT_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR2_ST_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR2_NV_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR2_CCIDX_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR2_LVA_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_AA64MMFR2_IESB_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR2_LSM_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR2_UAO_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR2_CNP_SHIFT, 4, 0), + ARM64_FTR_END, +}; + +static const struct arm64_ftr_bits ftr_ctr[] = { + ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_EXACT, 31, 1, 1), /* RES1 */ + ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, CTR_DIC_SHIFT, 1, 1), + ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, CTR_IDC_SHIFT, 1, 1), + ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_HIGHER_OR_ZERO_SAFE, CTR_CWG_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_HIGHER_OR_ZERO_SAFE, CTR_ERG_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, CTR_DMINLINE_SHIFT, 4, 1), + /* + * Linux can handle differing I-cache policies. Userspace JITs will + * make use of *minLine. + * If we have differing I-cache policies, report it as the weakest - VIPT. + */ + ARM64_FTR_BITS(FTR_VISIBLE, FTR_NONSTRICT, FTR_EXACT, CTR_L1IP_SHIFT, 2, ICACHE_POLICY_VIPT), /* L1Ip */ + ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, CTR_IMINLINE_SHIFT, 4, 0), + ARM64_FTR_END, +}; + +static const struct arm64_ftr_bits ftr_id_mmfr0[] = { + S_ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_MMFR0_INNERSHR_SHIFT, 4, 0xf), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_MMFR0_FCSE_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_MMFR0_AUXREG_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_MMFR0_TCM_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_MMFR0_SHARELVL_SHIFT, 4, 0), + S_ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_MMFR0_OUTERSHR_SHIFT, 4, 0xf), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_MMFR0_PMSA_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_MMFR0_VMSA_SHIFT, 4, 0), + ARM64_FTR_END, +}; + +static const struct arm64_ftr_bits ftr_id_aa64dfr0[] = { + S_ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64DFR0_DOUBLELOCK_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_AA64DFR0_PMSVER_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64DFR0_CTX_CMPS_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64DFR0_WRPS_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64DFR0_BRPS_SHIFT, 4, 0), + /* + * We can instantiate multiple PMU instances with different levels + * of support. + */ + S_ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_EXACT, ID_AA64DFR0_PMUVER_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_EXACT, ID_AA64DFR0_DEBUGVER_SHIFT, 4, 0x6), + ARM64_FTR_END, +}; + +static const struct arm64_ftr_bits ftr_mvfr2[] = { + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, MVFR2_FPMISC_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, MVFR2_SIMDMISC_SHIFT, 4, 0), + ARM64_FTR_END, +}; + +static const struct arm64_ftr_bits ftr_dczid[] = { + ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_EXACT, DCZID_DZP_SHIFT, 1, 1), + ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, DCZID_BS_SHIFT, 4, 0), + ARM64_FTR_END, +}; + +static const struct arm64_ftr_bits ftr_id_isar0[] = { + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_ISAR0_DIVIDE_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_ISAR0_DEBUG_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_ISAR0_COPROC_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_ISAR0_CMPBRANCH_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_ISAR0_BITFIELD_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_ISAR0_BITCOUNT_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_ISAR0_SWAP_SHIFT, 4, 0), + ARM64_FTR_END, +}; + +static const struct arm64_ftr_bits ftr_id_isar5[] = { + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_ISAR5_RDM_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_ISAR5_CRC32_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_ISAR5_SHA2_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_ISAR5_SHA1_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_ISAR5_AES_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_ISAR5_SEVL_SHIFT, 4, 0), + ARM64_FTR_END, +}; + +static const struct arm64_ftr_bits ftr_id_mmfr4[] = { + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_MMFR4_EVT_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_MMFR4_CCIDX_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_MMFR4_LSM_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_MMFR4_HPDS_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_MMFR4_CNP_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_MMFR4_XNX_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_MMFR4_AC2_SHIFT, 4, 0), + + /* + * SpecSEI = 1 indicates that the PE might generate an SError on an + * external abort on speculative read. It is safe to assume that an + * SError might be generated than it will not be. Hence it has been + * classified as FTR_HIGHER_SAFE. + */ + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_HIGHER_SAFE, ID_MMFR4_SPECSEI_SHIFT, 4, 0), + ARM64_FTR_END, +}; + +static const struct arm64_ftr_bits ftr_id_isar4[] = { + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_ISAR4_SWP_FRAC_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_ISAR4_PSR_M_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_ISAR4_SYNCH_PRIM_FRAC_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_ISAR4_BARRIER_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_ISAR4_SMC_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_ISAR4_WRITEBACK_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_ISAR4_WITHSHIFTS_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_ISAR4_UNPRIV_SHIFT, 4, 0), + ARM64_FTR_END, +}; + +static const struct arm64_ftr_bits ftr_id_mmfr5[] = { + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_MMFR5_ETS_SHIFT, 4, 0), + ARM64_FTR_END, +}; + +static const struct arm64_ftr_bits ftr_id_isar6[] = { + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_ISAR6_I8MM_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_ISAR6_BF16_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_ISAR6_SPECRES_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_ISAR6_SB_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_ISAR6_FHM_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_ISAR6_DP_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_ISAR6_JSCVT_SHIFT, 4, 0), + ARM64_FTR_END, +}; + +static const struct arm64_ftr_bits ftr_id_pfr0[] = { + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_PFR0_DIT_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_PFR0_CSV2_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_PFR0_STATE3_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_PFR0_STATE2_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_PFR0_STATE1_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_PFR0_STATE0_SHIFT, 4, 0), + ARM64_FTR_END, +}; + +static const struct arm64_ftr_bits ftr_id_pfr1[] = { + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_PFR1_GIC_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_PFR1_VIRT_FRAC_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_PFR1_SEC_FRAC_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_PFR1_GENTIMER_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_PFR1_VIRTUALIZATION_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_PFR1_MPROGMOD_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_PFR1_SECURITY_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_PFR1_PROGMOD_SHIFT, 4, 0), + ARM64_FTR_END, +}; + +static const struct arm64_ftr_bits ftr_id_pfr2[] = { + ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_PFR2_SSBS_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_PFR2_CSV3_SHIFT, 4, 0), + ARM64_FTR_END, +}; + +static const struct arm64_ftr_bits ftr_id_dfr0[] = { + /* [31:28] TraceFilt */ + S_ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_DFR0_PERFMON_SHIFT, 4, 0xf), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_DFR0_MPROFDBG_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_DFR0_MMAPTRC_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_DFR0_COPTRC_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_DFR0_MMAPDBG_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_DFR0_COPSDBG_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_DFR0_COPDBG_SHIFT, 4, 0), + ARM64_FTR_END, +}; + +static const struct arm64_ftr_bits ftr_id_dfr1[] = { + S_ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_DFR1_MTPMU_SHIFT, 4, 0), + ARM64_FTR_END, +}; + +static const struct arm64_ftr_bits ftr_zcr[] = { + ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, + ZCR_ELx_LEN_SHIFT, ZCR_ELx_LEN_SIZE, 0), /* LEN */ + ARM64_FTR_END, +}; + +/* + * Common ftr bits for a 32bit register with all hidden, strict + * attributes, with 4bit feature fields and a default safe value of + * 0. Covers the following 32bit registers: + * id_isar[1-4], id_mmfr[1-3], id_pfr1, mvfr[0-1] + */ +static const struct arm64_ftr_bits ftr_generic_32bits[] = { + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, 28, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, 24, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, 20, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, 16, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, 12, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, 8, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, 4, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, 0, 4, 0), + ARM64_FTR_END, +}; + +static const struct arm64_ftr_bits ftr_raz[] = { + ARM64_FTR_END, +}; + +static u64 arm64_ftr_set_value(const struct arm64_ftr_bits *ftrp, s64 reg, + s64 ftr_val) +{ + u64 mask = arm64_ftr_mask(ftrp); + + reg &= ~mask; + reg |= (ftr_val << ftrp->shift) & mask; + return reg; +} + +static s64 arm64_ftr_safe_value(const struct arm64_ftr_bits *ftrp, s64 new, + s64 cur) +{ + s64 ret = 0; + + switch (ftrp->type) { + case FTR_EXACT: + ret = ftrp->safe_val; + break; + case FTR_LOWER_SAFE: + ret = min(new, cur); + break; + case FTR_HIGHER_OR_ZERO_SAFE: + if (!cur || !new) + break; + fallthrough; + case FTR_HIGHER_SAFE: + ret = max(new, cur); + break; + default: + BUG(); + } + + return ret; +} + +/* + * End of imported linux structures and code + */ + diff --git a/xen/include/asm-arm/arm64/cpufeature.h b/xen/include/asm-arm/arm64/cpufeature.h new file mode 100644 index 0000000000..d9b9fa77cb --- /dev/null +++ b/xen/include/asm-arm/arm64/cpufeature.h @@ -0,0 +1,104 @@ +#ifndef __ASM_ARM_ARM64_CPUFEATURES_H +#define __ASM_ARM_ARM64_CPUFEATURES_H + +/* + * CPU feature register tracking + * + * The safe value of a CPUID feature field is dependent on the implications + * of the values assigned to it by the architecture. Based on the relationship + * between the values, the features are classified into 3 types - LOWER_SAFE, + * HIGHER_SAFE and EXACT. + * + * The lowest value of all the CPUs is chosen for LOWER_SAFE and highest + * for HIGHER_SAFE. It is expected that all CPUs have the same value for + * a field when EXACT is specified, failing which, the safe value specified + * in the table is chosen. + */ + +enum ftr_type { + FTR_EXACT, /* Use a predefined safe value */ + FTR_LOWER_SAFE, /* Smaller value is safe */ + FTR_HIGHER_SAFE, /* Bigger value is safe */ + FTR_HIGHER_OR_ZERO_SAFE, /* Bigger value is safe, but 0 is biggest */ +}; + +#define FTR_STRICT true /* SANITY check strict matching required */ +#define FTR_NONSTRICT false /* SANITY check ignored */ + +#define FTR_SIGNED true /* Value should be treated as signed */ +#define FTR_UNSIGNED false /* Value should be treated as unsigned */ + +#define FTR_VISIBLE true /* Feature visible to the user space */ +#define FTR_HIDDEN false /* Feature is hidden from the user */ + +#define FTR_VISIBLE_IF_IS_ENABLED(config) \ + (IS_ENABLED(config) ? FTR_VISIBLE : FTR_HIDDEN) + +struct arm64_ftr_bits { + bool sign; /* Value is signed ? */ + bool visible; + bool strict; /* CPU Sanity check: strict matching required ? */ + enum ftr_type type; + u8 shift; + u8 width; + s64 safe_val; /* safe value for FTR_EXACT features */ +}; + +static inline int __attribute_const__ +cpuid_feature_extract_signed_field_width(u64 features, int field, int width) +{ + return (s64)(features << (64 - width - field)) >> (64 - width); +} + +static inline int __attribute_const__ +cpuid_feature_extract_signed_field(u64 features, int field) +{ + return cpuid_feature_extract_signed_field_width(features, field, 4); +} + +static inline unsigned int __attribute_const__ +cpuid_feature_extract_unsigned_field_width(u64 features, int field, int width) +{ + return (u64)(features << (64 - width - field)) >> (64 - width); +} + +static inline unsigned int __attribute_const__ +cpuid_feature_extract_unsigned_field(u64 features, int field) +{ + return cpuid_feature_extract_unsigned_field_width(features, field, 4); +} + +static inline u64 arm64_ftr_mask(const struct arm64_ftr_bits *ftrp) +{ + return (u64)GENMASK(ftrp->shift + ftrp->width - 1, ftrp->shift); +} + +static inline int __attribute_const__ +cpuid_feature_extract_field_width(u64 features, int field, int width, bool sign) +{ + return (sign) ? + cpuid_feature_extract_signed_field_width(features, field, width) : + cpuid_feature_extract_unsigned_field_width(features, field, width); +} + +static inline int __attribute_const__ +cpuid_feature_extract_field(u64 features, int field, bool sign) +{ + return cpuid_feature_extract_field_width(features, field, 4, sign); +} + +static inline s64 arm64_ftr_value(const struct arm64_ftr_bits *ftrp, u64 val) +{ + return (s64)cpuid_feature_extract_field_width(val, ftrp->shift, ftrp->width, ftrp->sign); +} + +#endif /* _ASM_ARM_ARM64_CPUFEATURES_H */ + +/* + * Local variables: + * mode: C + * c-file-style: "BSD" + * c-basic-offset: 4 + * indent-tabs-mode: nil + * End: + */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Sep 16 21:22:26 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 16 Sep 2021 21:22:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.188755.338040 (Exim 4.92) (envelope-from ) id 1mQypu-0003qe-Li; Thu, 16 Sep 2021 21:22:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 188755.338040; Thu, 16 Sep 2021 21:22:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQypu-0003qX-Ip; Thu, 16 Sep 2021 21:22:26 +0000 Received: by outflank-mailman (input) for mailman id 188755; Thu, 16 Sep 2021 21:22:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQypt-0003qE-Am for xen-changelog@lists.xenproject.org; Thu, 16 Sep 2021 21:22:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQypt-0007T4-9p for xen-changelog@lists.xenproject.org; Thu, 16 Sep 2021 21:22:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mQypt-00070R-96 for xen-changelog@lists.xenproject.org; Thu, 16 Sep 2021 21:22:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=McJ3K8XbqpUtVTMihCA1/SljLYWANEwNNwHyo8bWdzs=; b=egjZUIDhCNDyCoyLoaQR1LvAOS LeLDQyLW9cKhvg+H+NjmiIXR4Lg9zLnpFuThdp7UMmpwE26GZ2LR+5C7WZvReOcbSg8V/y94obbv+ PmLCoSTtHpMe2vfdtbv84wK0UHvr8Rl345TfPNabEX4tVpdxDsjsTMOZ0xcrwOuLUJYA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: Rename cpu_boot_data to system_cpuinfo Message-Id: Date: Thu, 16 Sep 2021 21:22:25 +0000 commit 3b78e2774a00c0341e99527179715e8cffcb0f36 Author: Bertrand Marquis AuthorDate: Thu Sep 16 07:25:36 2021 +0100 Commit: Stefano Stabellini CommitDate: Thu Sep 16 14:15:43 2021 -0700 xen/arm: Rename cpu_boot_data to system_cpuinfo As we will sanitize the content of boot_cpu_data it will not really contain the boot cpu information but the system sanitize information. Rename the structure to system_cpuinfo so the user is informed that this is the system wide available feature and not anymore the features of the boot cpu. The original boot cpu data is still available in cpu_data. Signed-off-by: Bertrand Marquis Reviewed-by: Stefano Stabellini --- xen/arch/arm/cpufeature.c | 8 ++------ xen/arch/arm/setup.c | 34 +++++++++++++++++++--------------- xen/arch/arm/smpboot.c | 6 +++--- xen/include/asm-arm/cpufeature.h | 6 +++--- 4 files changed, 27 insertions(+), 27 deletions(-) diff --git a/xen/arch/arm/cpufeature.c b/xen/arch/arm/cpufeature.c index 1d88783809..f600a611bd 100644 --- a/xen/arch/arm/cpufeature.c +++ b/xen/arch/arm/cpufeature.c @@ -169,12 +169,8 @@ void identify_cpu(struct cpuinfo_arm *c) */ static int __init create_guest_cpuinfo(void) { - /* - * TODO: The code is currently using only the features detected on the boot - * core. In the long term we should try to compute values containing only - * features supported by all cores. - */ - guest_cpuinfo = boot_cpu_data; + /* Use the sanitized cpuinfo as initial guest cpuinfo */ + guest_cpuinfo = system_cpuinfo; #ifdef CONFIG_ARM_64 /* Hide MPAM support as xen does not support it */ diff --git a/xen/arch/arm/setup.c b/xen/arch/arm/setup.c index 5be7f2b0c2..4ab13d0fbe 100644 --- a/xen/arch/arm/setup.c +++ b/xen/arch/arm/setup.c @@ -56,7 +56,11 @@ struct bootinfo __initdata bootinfo; -struct cpuinfo_arm __read_mostly boot_cpu_data; +/* + * Sanitized version of cpuinfo containing only features available on all + * cores (only on arm64 as there is no sanitization support on arm32). + */ +struct cpuinfo_arm __read_mostly system_cpuinfo; #ifdef CONFIG_ACPI bool __read_mostly acpi_disabled; @@ -100,7 +104,7 @@ static const char * __initdata processor_implementers[] = { static void __init processor_id(void) { const char *implementer = "Unknown"; - struct cpuinfo_arm *c = &boot_cpu_data; + struct cpuinfo_arm *c = &system_cpuinfo; identify_cpu(c); current_cpu_data = *c; @@ -120,7 +124,7 @@ static void __init processor_id(void) #if defined(CONFIG_ARM_64) printk("64-bit Execution:\n"); printk(" Processor Features: %016"PRIx64" %016"PRIx64"\n", - boot_cpu_data.pfr64.bits[0], boot_cpu_data.pfr64.bits[1]); + system_cpuinfo.pfr64.bits[0], system_cpuinfo.pfr64.bits[1]); printk(" Exception Levels: EL3:%s EL2:%s EL1:%s EL0:%s\n", cpu_has_el3_32 ? "64+32" : cpu_has_el3_64 ? "64" : "No", cpu_has_el2_32 ? "64+32" : cpu_has_el2_64 ? "64" : "No", @@ -144,13 +148,13 @@ static void __init processor_id(void) boot_cpu_feature64(simd)); printk(" Debug Features: %016"PRIx64" %016"PRIx64"\n", - boot_cpu_data.dbg64.bits[0], boot_cpu_data.dbg64.bits[1]); + system_cpuinfo.dbg64.bits[0], system_cpuinfo.dbg64.bits[1]); printk(" Auxiliary Features: %016"PRIx64" %016"PRIx64"\n", - boot_cpu_data.aux64.bits[0], boot_cpu_data.aux64.bits[1]); + system_cpuinfo.aux64.bits[0], system_cpuinfo.aux64.bits[1]); printk(" Memory Model Features: %016"PRIx64" %016"PRIx64"\n", - boot_cpu_data.mm64.bits[0], boot_cpu_data.mm64.bits[1]); + system_cpuinfo.mm64.bits[0], system_cpuinfo.mm64.bits[1]); printk(" ISA Features: %016"PRIx64" %016"PRIx64"\n", - boot_cpu_data.isa64.bits[0], boot_cpu_data.isa64.bits[1]); + system_cpuinfo.isa64.bits[0], system_cpuinfo.isa64.bits[1]); #endif /* @@ -161,7 +165,7 @@ static void __init processor_id(void) { printk("32-bit Execution:\n"); printk(" Processor Features: %"PRIregister":%"PRIregister"\n", - boot_cpu_data.pfr32.bits[0], boot_cpu_data.pfr32.bits[1]); + system_cpuinfo.pfr32.bits[0], system_cpuinfo.pfr32.bits[1]); printk(" Instruction Sets:%s%s%s%s%s%s\n", cpu_has_aarch32 ? " AArch32" : "", cpu_has_arm ? " A32" : "", @@ -174,18 +178,18 @@ static void __init processor_id(void) cpu_has_security ? " Security" : ""); printk(" Debug Features: %"PRIregister"\n", - boot_cpu_data.dbg32.bits[0]); + system_cpuinfo.dbg32.bits[0]); printk(" Auxiliary Features: %"PRIregister"\n", - boot_cpu_data.aux32.bits[0]); + system_cpuinfo.aux32.bits[0]); printk(" Memory Model Features: %"PRIregister" %"PRIregister"\n" " %"PRIregister" %"PRIregister"\n", - boot_cpu_data.mm32.bits[0], boot_cpu_data.mm32.bits[1], - boot_cpu_data.mm32.bits[2], boot_cpu_data.mm32.bits[3]); + system_cpuinfo.mm32.bits[0], system_cpuinfo.mm32.bits[1], + system_cpuinfo.mm32.bits[2], system_cpuinfo.mm32.bits[3]); printk(" ISA Features: %"PRIregister" %"PRIregister" %"PRIregister"\n" " %"PRIregister" %"PRIregister" %"PRIregister"\n", - boot_cpu_data.isa32.bits[0], boot_cpu_data.isa32.bits[1], - boot_cpu_data.isa32.bits[2], boot_cpu_data.isa32.bits[3], - boot_cpu_data.isa32.bits[4], boot_cpu_data.isa32.bits[5]); + system_cpuinfo.isa32.bits[0], system_cpuinfo.isa32.bits[1], + system_cpuinfo.isa32.bits[2], system_cpuinfo.isa32.bits[3], + system_cpuinfo.isa32.bits[4], system_cpuinfo.isa32.bits[5]); } else { diff --git a/xen/arch/arm/smpboot.c b/xen/arch/arm/smpboot.c index a1ee3146ef..c9f2827d56 100644 --- a/xen/arch/arm/smpboot.c +++ b/xen/arch/arm/smpboot.c @@ -124,7 +124,7 @@ static void __init dt_smp_init_cpus(void) bool bootcpu_valid = false; int rc; - mpidr = boot_cpu_data.mpidr.bits & MPIDR_HWID_MASK; + mpidr = system_cpuinfo.mpidr.bits & MPIDR_HWID_MASK; if ( !cpus ) { @@ -319,13 +319,13 @@ void start_secondary(void) * now. */ if ( !opt_hmp_unsafe && - current_cpu_data.midr.bits != boot_cpu_data.midr.bits ) + current_cpu_data.midr.bits != system_cpuinfo.midr.bits ) { printk(XENLOG_ERR "CPU%u MIDR (0x%"PRIregister") does not match boot CPU MIDR (0x%"PRIregister"),\n" XENLOG_ERR "disable cpu (see big.LITTLE.txt under docs/).\n", smp_processor_id(), current_cpu_data.midr.bits, - boot_cpu_data.midr.bits); + system_cpuinfo.midr.bits); stop_cpu(); } diff --git a/xen/include/asm-arm/cpufeature.h b/xen/include/asm-arm/cpufeature.h index ba48db3eac..8f2b8e7830 100644 --- a/xen/include/asm-arm/cpufeature.h +++ b/xen/include/asm-arm/cpufeature.h @@ -3,7 +3,7 @@ #ifdef CONFIG_ARM_64 #define cpu_feature64(c, feat) ((c)->pfr64.feat) -#define boot_cpu_feature64(feat) (boot_cpu_data.pfr64.feat) +#define boot_cpu_feature64(feat) (system_cpuinfo.pfr64.feat) #define cpu_feature64_has_el0_32(c) (cpu_feature64(c, el0) == 2) @@ -21,7 +21,7 @@ #endif #define cpu_feature32(c, feat) ((c)->pfr32.feat) -#define boot_cpu_feature32(feat) (boot_cpu_data.pfr32.feat) +#define boot_cpu_feature32(feat) (system_cpuinfo.pfr32.feat) #define cpu_has_arm (boot_cpu_feature32(arm) == 1) #define cpu_has_thumb (boot_cpu_feature32(thumb) >= 1) @@ -326,7 +326,7 @@ struct cpuinfo_arm { } mvfr; }; -extern struct cpuinfo_arm boot_cpu_data; +extern struct cpuinfo_arm system_cpuinfo; extern void identify_cpu(struct cpuinfo_arm *); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Sep 16 21:22:36 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 16 Sep 2021 21:22:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.188756.338044 (Exim 4.92) (envelope-from ) id 1mQyq4-0003tu-O4; Thu, 16 Sep 2021 21:22:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 188756.338044; Thu, 16 Sep 2021 21:22:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQyq4-0003tm-Kb; Thu, 16 Sep 2021 21:22:36 +0000 Received: by outflank-mailman (input) for mailman id 188756; Thu, 16 Sep 2021 21:22:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQyq3-0003tc-Dv for xen-changelog@lists.xenproject.org; Thu, 16 Sep 2021 21:22:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQyq3-0007TE-D9 for xen-changelog@lists.xenproject.org; Thu, 16 Sep 2021 21:22:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mQyq3-00070y-CH for xen-changelog@lists.xenproject.org; Thu, 16 Sep 2021 21:22:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=SnFHe/B3p5Er1Gszqi12pBePE5Qnc2wGiNncRzbuky8=; b=NzCXxBVn1afZ0/mjTHpyQnOTAh QbGKde7TBIuF80ABZ7qUmNJOi9mG/WQToqjgVlSU5XA2xQypWu9XEaOlU75Z3FmyCbdNLSgIM2iYL DzdAgGmLV3u12MpzD4D/GitrxW6d9Y2VCvnLr+c2ZcIxbhebuNF6Mb6fx7SiElOeKC+s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: Sanitize cpuinfo ID registers fields Message-Id: Date: Thu, 16 Sep 2021 21:22:35 +0000 commit 0bf9efb9ee4cc6cdafbe0a0ed1529449bb9d6825 Author: Bertrand Marquis AuthorDate: Thu Sep 16 07:25:37 2021 +0100 Commit: Stefano Stabellini CommitDate: Thu Sep 16 14:15:44 2021 -0700 xen/arm: Sanitize cpuinfo ID registers fields Define a sanitize_cpu function to be called on secondary cores to sanitize the system cpuinfo structure. The safest value is taken when possible and the system is marked tainted if we encounter values which are incompatible with each other. Call the update_system_features function on all secondary cores that are kept running and taint the system if different midr are found between cores but hmp-unsafe=true was passed on Xen command line. This is only supported on arm64 so update_system_features is an empty static inline on arm32. The patch is adding a new TAINT_CPU_OUT_OF_SPEC to warn the user if Xen is running on a system with features differences between cores which are not supported. The patch is disabling CTR_EL0, DCZID_EL0 and ZCRusing #if 0 with a TODO as this patch is not handling sanitization of those registers. CTR_EL0/DCZID will be handled in a future patch to properly handle different cache attributes when possible. ZCR should be sanitize once we add support for SVE in Xen. Signed-off-by: Bertrand Marquis Reviewed-by: Stefano Stabellini --- xen/arch/arm/arm64/Makefile | 1 + xen/arch/arm/arm64/cpufeature.c | 117 +++++++++++++++++++++++++++++++++++++++ xen/arch/arm/smpboot.c | 34 +++++++++--- xen/common/kernel.c | 6 +- xen/include/asm-arm/cpufeature.h | 9 +++ xen/include/xen/lib.h | 1 + 6 files changed, 158 insertions(+), 10 deletions(-) diff --git a/xen/arch/arm/arm64/Makefile b/xen/arch/arm/arm64/Makefile index 40642ff574..701d66883d 100644 --- a/xen/arch/arm/arm64/Makefile +++ b/xen/arch/arm/arm64/Makefile @@ -1,6 +1,7 @@ obj-y += lib/ obj-y += cache.o +obj-y += cpufeature.o obj-$(CONFIG_HARDEN_BRANCH_PREDICTOR) += bpi.o obj-$(CONFIG_EARLY_PRINTK) += debug.o obj-y += domctl.o diff --git a/xen/arch/arm/arm64/cpufeature.c b/xen/arch/arm/arm64/cpufeature.c index 152086dc9d..58596495a8 100644 --- a/xen/arch/arm/arm64/cpufeature.c +++ b/xen/arch/arm/arm64/cpufeature.c @@ -275,6 +275,9 @@ static const struct arm64_ftr_bits ftr_id_aa64mmfr2[] = { ARM64_FTR_END, }; +#if 0 +/* TODO: use this to sanitize the cache line size among cores */ + static const struct arm64_ftr_bits ftr_ctr[] = { ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_EXACT, 31, 1, 1), /* RES1 */ ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, CTR_DIC_SHIFT, 1, 1), @@ -291,6 +294,7 @@ static const struct arm64_ftr_bits ftr_ctr[] = { ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, CTR_IMINLINE_SHIFT, 4, 0), ARM64_FTR_END, }; +#endif static const struct arm64_ftr_bits ftr_id_mmfr0[] = { S_ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_MMFR0_INNERSHR_SHIFT, 4, 0xf), @@ -325,11 +329,14 @@ static const struct arm64_ftr_bits ftr_mvfr2[] = { ARM64_FTR_END, }; +#if 0 +/* TODO: handle this when sanitizing cache related registers */ static const struct arm64_ftr_bits ftr_dczid[] = { ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_EXACT, DCZID_DZP_SHIFT, 1, 1), ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, DCZID_BS_SHIFT, 4, 0), ARM64_FTR_END, }; +#endif static const struct arm64_ftr_bits ftr_id_isar0[] = { ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_ISAR0_DIVIDE_SHIFT, 4, 0), @@ -444,11 +451,15 @@ static const struct arm64_ftr_bits ftr_id_dfr1[] = { ARM64_FTR_END, }; +#if 0 +/* TODO: use this to sanitize SVE once we support it */ + static const struct arm64_ftr_bits ftr_zcr[] = { ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ZCR_ELx_LEN_SHIFT, ZCR_ELx_LEN_SIZE, 0), /* LEN */ ARM64_FTR_END, }; +#endif /* * Common ftr bits for a 32bit register with all hidden, strict @@ -512,3 +523,109 @@ static s64 arm64_ftr_safe_value(const struct arm64_ftr_bits *ftrp, s64 new, * End of imported linux structures and code */ +static void sanitize_reg(u64 *cur_reg, u64 new_reg, const char *reg_name, + const struct arm64_ftr_bits *ftrp) +{ + int taint = 0; + u64 old_reg = *cur_reg; + + for (;ftrp->width != 0;ftrp++) + { + s64 cur_field = arm64_ftr_value(ftrp, *cur_reg); + s64 new_field = arm64_ftr_value(ftrp, new_reg); + + if (cur_field == new_field) + continue; + + if (ftrp->strict) + taint = 1; + + *cur_reg = arm64_ftr_set_value(ftrp, *cur_reg, + arm64_ftr_safe_value(ftrp, new_field, cur_field)); + } + + if (old_reg != new_reg) + printk(XENLOG_DEBUG "SANITY DIF: %s 0x%"PRIx64" -> 0x%"PRIx64"\n", + reg_name, old_reg, new_reg); + if (old_reg != *cur_reg) + printk(XENLOG_DEBUG "SANITY FIX: %s 0x%"PRIx64" -> 0x%"PRIx64"\n", + reg_name, old_reg, *cur_reg); + + if (taint) + { + printk(XENLOG_WARNING "SANITY CHECK: Unexpected variation in %s.\n", + reg_name); + add_taint(TAINT_CPU_OUT_OF_SPEC); + } +} + + +/* + * This function should be called on secondary cores to sanitize the boot cpu + * cpuinfo. + */ +void update_system_features(const struct cpuinfo_arm *new) +{ + +#define SANITIZE_REG(field, num, reg) \ + sanitize_reg(&system_cpuinfo.field.bits[num], new->field.bits[num], \ + #reg, ftr_##reg) + +#define SANITIZE_ID_REG(field, num, reg) \ + sanitize_reg(&system_cpuinfo.field.bits[num], new->field.bits[num], \ + #reg, ftr_id_##reg) + +#define SANITIZE_RAZ_REG(field, num, reg) \ + sanitize_reg(&system_cpuinfo.field.bits[num], new->field.bits[num], \ + #reg, ftr_raz) + +#define SANITIZE_GENERIC_REG(field, num, reg) \ + sanitize_reg(&system_cpuinfo.field.bits[num], new->field.bits[num], \ + #reg, ftr_generic_32bits) + + SANITIZE_ID_REG(pfr64, 0, aa64pfr0); + SANITIZE_ID_REG(pfr64, 1, aa64pfr1); + + SANITIZE_ID_REG(dbg64, 0, aa64dfr0); + SANITIZE_RAZ_REG(dbg64, 1, aa64dfr1); + + SANITIZE_ID_REG(mm64, 0, aa64mmfr0); + SANITIZE_ID_REG(mm64, 1, aa64mmfr1); + SANITIZE_ID_REG(mm64, 2, aa64mmfr2); + + SANITIZE_ID_REG(isa64, 0, aa64isar0); + SANITIZE_ID_REG(isa64, 1, aa64isar1); + + SANITIZE_ID_REG(zfr64, 0, aa64zfr0); + + if ( cpu_feature64_has_el0_32(&system_cpuinfo) ) + { + SANITIZE_ID_REG(pfr32, 0, pfr0); + SANITIZE_ID_REG(pfr32, 1, pfr1); + SANITIZE_ID_REG(pfr32, 2, pfr2); + + SANITIZE_ID_REG(dbg32, 0, dfr0); + SANITIZE_ID_REG(dbg32, 1, dfr1); + + SANITIZE_ID_REG(mm32, 0, mmfr0); + SANITIZE_GENERIC_REG(mm32, 1, mmfr1); + SANITIZE_GENERIC_REG(mm32, 2, mmfr2); + SANITIZE_GENERIC_REG(mm32, 3, mmfr3); + SANITIZE_ID_REG(mm32, 4, mmfr4); + SANITIZE_ID_REG(mm32, 5, mmfr5); + + SANITIZE_ID_REG(isa32, 0, isar0); + SANITIZE_GENERIC_REG(isa32, 1, isar1); + SANITIZE_GENERIC_REG(isa32, 2, isar2); + SANITIZE_GENERIC_REG(isa32, 3, isar3); + SANITIZE_ID_REG(isa32, 4, isar4); + SANITIZE_ID_REG(isa32, 5, isar5); + SANITIZE_ID_REG(isa32, 6, isar6); + + SANITIZE_GENERIC_REG(mvfr, 0, mvfr0); + SANITIZE_GENERIC_REG(mvfr, 1, mvfr1); +#ifndef MVFR2_MAYBE_UNDEFINED + SANITIZE_REG(mvfr, 2, mvfr2); +#endif + } +} diff --git a/xen/arch/arm/smpboot.c b/xen/arch/arm/smpboot.c index c9f2827d56..60c0e82fc5 100644 --- a/xen/arch/arm/smpboot.c +++ b/xen/arch/arm/smpboot.c @@ -318,15 +318,26 @@ void start_secondary(void) * is manually specified for all domains). Better to park them for * now. */ - if ( !opt_hmp_unsafe && - current_cpu_data.midr.bits != system_cpuinfo.midr.bits ) + if ( current_cpu_data.midr.bits != system_cpuinfo.midr.bits ) { - printk(XENLOG_ERR - "CPU%u MIDR (0x%"PRIregister") does not match boot CPU MIDR (0x%"PRIregister"),\n" - XENLOG_ERR "disable cpu (see big.LITTLE.txt under docs/).\n", - smp_processor_id(), current_cpu_data.midr.bits, - system_cpuinfo.midr.bits); - stop_cpu(); + if ( !opt_hmp_unsafe ) + { + printk(XENLOG_ERR + "CPU%u MIDR (0x%"PRIregister") does not match boot CPU MIDR (0x%"PRIregister"),\n" + XENLOG_ERR "disable cpu (see big.LITTLE.txt under docs/).\n", + smp_processor_id(), current_cpu_data.midr.bits, + system_cpuinfo.midr.bits); + stop_cpu(); + } + else + { + printk(XENLOG_ERR + "CPU%u MIDR (0x%"PRIregister") does not match boot CPU MIDR (0x%"PRIregister"),\n" + XENLOG_ERR "hmp-unsafe turned on so tainting Xen and keep core on!!\n", + smp_processor_id(), current_cpu_data.midr.bits, + system_cpuinfo.midr.bits); + add_taint(TAINT_CPU_OUT_OF_SPEC); + } } if ( dcache_line_bytes != read_dcache_line_bytes() ) @@ -337,6 +348,13 @@ void start_secondary(void) stop_cpu(); } + /* + * system features must be updated only if we do not stop the core or + * we might disable features due to a non used core (for example when + * booting on big cores on a big.LITTLE system with hmp_unsafe) + */ + update_system_features(¤t_cpu_data); + mmu_init_secondary_cpu(); gic_init_secondary_cpu(); diff --git a/xen/common/kernel.c b/xen/common/kernel.c index d77756a81e..e119e5401f 100644 --- a/xen/common/kernel.c +++ b/xen/common/kernel.c @@ -327,6 +327,7 @@ unsigned int tainted; * 'H' - HVM forced emulation prefix is permitted. * 'M' - Machine had a machine check experience. * 'U' - Platform is unsecure (usually due to an errata on the platform). + * 'S' - Out of spec CPU (One core has a feature incompatible with others). * * The string is overwritten by the next call to print_taint(). */ @@ -334,12 +335,13 @@ char *print_tainted(char *str) { if ( tainted ) { - snprintf(str, TAINT_STRING_MAX_LEN, "Tainted: %c%c%c%c%c", + snprintf(str, TAINT_STRING_MAX_LEN, "Tainted: %c%c%c%c%c%c", tainted & TAINT_MACHINE_UNSECURE ? 'U' : ' ', tainted & TAINT_MACHINE_CHECK ? 'M' : ' ', tainted & TAINT_SYNC_CONSOLE ? 'C' : ' ', tainted & TAINT_ERROR_INJECT ? 'E' : ' ', - tainted & TAINT_HVM_FEP ? 'H' : ' '); + tainted & TAINT_HVM_FEP ? 'H' : ' ', + tainted & TAINT_CPU_OUT_OF_SPEC ? 'S' : ' '); } else { diff --git a/xen/include/asm-arm/cpufeature.h b/xen/include/asm-arm/cpufeature.h index 8f2b8e7830..52cb3133e0 100644 --- a/xen/include/asm-arm/cpufeature.h +++ b/xen/include/asm-arm/cpufeature.h @@ -330,6 +330,15 @@ extern struct cpuinfo_arm system_cpuinfo; extern void identify_cpu(struct cpuinfo_arm *); +#ifdef CONFIG_ARM_64 +extern void update_system_features(const struct cpuinfo_arm *); +#else +static inline void update_system_features(const struct cpuinfo_arm *cpuinfo) +{ + /* Not supported on arm32 */ +} +#endif + extern struct cpuinfo_arm cpu_data[]; #define current_cpu_data cpu_data[smp_processor_id()] diff --git a/xen/include/xen/lib.h b/xen/include/xen/lib.h index 1198c7c0b2..c6987973bf 100644 --- a/xen/include/xen/lib.h +++ b/xen/include/xen/lib.h @@ -192,6 +192,7 @@ uint64_t muldiv64(uint64_t a, uint32_t b, uint32_t c); #define TAINT_ERROR_INJECT (1u << 2) #define TAINT_HVM_FEP (1u << 3) #define TAINT_MACHINE_UNSECURE (1u << 4) +#define TAINT_CPU_OUT_OF_SPEC (1u << 5) extern unsigned int tainted; #define TAINT_STRING_MAX_LEN 20 extern char *print_tainted(char *str); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Sep 16 21:22:46 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 16 Sep 2021 21:22:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.188757.338049 (Exim 4.92) (envelope-from ) id 1mQyqE-0003wh-Po; Thu, 16 Sep 2021 21:22:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 188757.338049; Thu, 16 Sep 2021 21:22:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQyqE-0003wX-MO; Thu, 16 Sep 2021 21:22:46 +0000 Received: by outflank-mailman (input) for mailman id 188757; Thu, 16 Sep 2021 21:22:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQyqD-0003wL-HO for xen-changelog@lists.xenproject.org; Thu, 16 Sep 2021 21:22:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQyqD-0007TY-GS for xen-changelog@lists.xenproject.org; Thu, 16 Sep 2021 21:22:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mQyqD-00071c-Fa for xen-changelog@lists.xenproject.org; Thu, 16 Sep 2021 21:22:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Hok9iIDv/BPYT+vN9BpdA1iKDKxAafUJdeBLWzgGoME=; b=GoUXAD4t0VdIZPJkRDjossOikU 6mlxLFL55ipSAvG4nQFyzXxkeoQO4l3ygm1ddYMpHBa/l8DCdt8qPoxFXVNdmikV13Y8MVDmzBbI0 1R2WJsLHIujTJov1xmsrAZfk3/ZJDtFoM+U4YhFc1CXKg7NA9pVhJvAlcRWQ8psdsywA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: Use sanitize values for p2m Message-Id: Date: Thu, 16 Sep 2021 21:22:45 +0000 commit 442d54c4459236bdb7379f89a8ebe7e7dcb4d1de Author: Bertrand Marquis AuthorDate: Thu Sep 16 07:25:38 2021 +0100 Commit: Stefano Stabellini CommitDate: Thu Sep 16 14:15:50 2021 -0700 xen/arm: Use sanitize values for p2m Replace the code in p2m trying to find a sane value for the VMID size supported and the PAR to use. We are now using the boot cpuinfo as the values there are sanitized during boot and the value for those parameters is now the safest possible value on the system. Signed-off-by: Bertrand Marquis Reviewed-by: Stefano Stabellini --- xen/arch/arm/p2m.c | 30 ++++++++++-------------------- 1 file changed, 10 insertions(+), 20 deletions(-) diff --git a/xen/arch/arm/p2m.c b/xen/arch/arm/p2m.c index 6e01e83967..8b20b43077 100644 --- a/xen/arch/arm/p2m.c +++ b/xen/arch/arm/p2m.c @@ -2042,31 +2042,21 @@ void __init setup_virt_paging(void) [7] = { 0 } /* Invalid */ }; - unsigned int i, cpu; + unsigned int i; unsigned int pa_range = 0x10; /* Larger than any possible value */ - bool vmid_8_bit = false; - - for_each_online_cpu ( cpu ) - { - const struct cpuinfo_arm *info = &cpu_data[cpu]; - /* - * Restrict "p2m_ipa_bits" if needed. As P2M table is always configured - * with IPA bits == PA bits, compare against "pabits". - */ - if ( pa_range_info[info->mm64.pa_range].pabits < p2m_ipa_bits ) - p2m_ipa_bits = pa_range_info[info->mm64.pa_range].pabits; - - /* Set a flag if the current cpu does not support 16 bit VMIDs. */ - if ( info->mm64.vmid_bits != MM64_VMID_16_BITS_SUPPORT ) - vmid_8_bit = true; - } + /* + * Restrict "p2m_ipa_bits" if needed. As P2M table is always configured + * with IPA bits == PA bits, compare against "pabits". + */ + if ( pa_range_info[system_cpuinfo.mm64.pa_range].pabits < p2m_ipa_bits ) + p2m_ipa_bits = pa_range_info[system_cpuinfo.mm64.pa_range].pabits; /* - * If the flag is not set then it means all CPUs support 16-bit - * VMIDs. + * cpu info sanitization made sure we support 16bits VMID only if all + * cores are supporting it. */ - if ( !vmid_8_bit ) + if ( system_cpuinfo.mm64.vmid_bits == MM64_VMID_16_BITS_SUPPORT ) max_vmid = MAX_VMID_16_BIT; /* Choose suitable "pa_range" according to the resulted "p2m_ipa_bits". */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Sep 16 21:22:56 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 16 Sep 2021 21:22:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.188758.338051 (Exim 4.92) (envelope-from ) id 1mQyqO-0003zh-RI; Thu, 16 Sep 2021 21:22:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 188758.338051; Thu, 16 Sep 2021 21:22:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQyqO-0003zZ-O0; Thu, 16 Sep 2021 21:22:56 +0000 Received: by outflank-mailman (input) for mailman id 188758; Thu, 16 Sep 2021 21:22:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQyqN-0003zO-KI for xen-changelog@lists.xenproject.org; Thu, 16 Sep 2021 21:22:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQyqN-0007Ts-JQ for xen-changelog@lists.xenproject.org; Thu, 16 Sep 2021 21:22:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mQyqN-00072K-Im for xen-changelog@lists.xenproject.org; Thu, 16 Sep 2021 21:22:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=6DfHf4PZIf8xTVZ7/LeOvvOzC03wUsecxOUkDRA0qpk=; b=qNnQveY5x4Y97QN1RS/DyzoT/a FLc1S22gOo2K7ZJsBWnKQqBuuPlZubVAt2wGMvZKJLJMadZCHn2P4z5KG01rZcZARcd10+eisW+JU e2BEkY2eKJXbbbmKtUm7vHKccrzTl5WBipduXXsJj4du+JXhc2WVUuBxykzI/c6ER+GE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: Taint Xen on incompatible DCZID values Message-Id: Date: Thu, 16 Sep 2021 21:22:55 +0000 commit ef17eb9d3a89bea120ba3949b73cd482c6173648 Author: Bertrand Marquis AuthorDate: Thu Sep 16 07:25:39 2021 +0100 Commit: Stefano Stabellini CommitDate: Thu Sep 16 14:15:51 2021 -0700 xen/arm: Taint Xen on incompatible DCZID values Use arm64 cpu feature sanitization to TAINT Xen if different DCZID values are found (ftr_dczid is using only STRICT method). In this case actual memory being cleaned by DC ZVA operations would be different depending on the cores which could make a guest zeroing too much or too little memory if it is merged between CPUs. We could, on processors supporting it, trap access to DCZID_EL0 register using HFGRTR_EL2 register but this would not solve the case where a process is being migrated during a copy or if it cached the value of the register. Signed-off-by: Bertrand Marquis Reviewed-by: Stefano Stabellini --- xen/arch/arm/arm64/cpufeature.c | 14 +++++++++++--- xen/arch/arm/cpufeature.c | 2 ++ xen/include/asm-arm/cpufeature.h | 8 ++++++++ 3 files changed, 21 insertions(+), 3 deletions(-) diff --git a/xen/arch/arm/arm64/cpufeature.c b/xen/arch/arm/arm64/cpufeature.c index 58596495a8..d4679f5df3 100644 --- a/xen/arch/arm/arm64/cpufeature.c +++ b/xen/arch/arm/arm64/cpufeature.c @@ -329,14 +329,11 @@ static const struct arm64_ftr_bits ftr_mvfr2[] = { ARM64_FTR_END, }; -#if 0 -/* TODO: handle this when sanitizing cache related registers */ static const struct arm64_ftr_bits ftr_dczid[] = { ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_EXACT, DCZID_DZP_SHIFT, 1, 1), ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, DCZID_BS_SHIFT, 4, 0), ARM64_FTR_END, }; -#endif static const struct arm64_ftr_bits ftr_id_isar0[] = { ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_ISAR0_DIVIDE_SHIFT, 4, 0), @@ -598,6 +595,17 @@ void update_system_features(const struct cpuinfo_arm *new) SANITIZE_ID_REG(zfr64, 0, aa64zfr0); + /* + * Comment from Linux: + * Userspace may perform DC ZVA instructions. Mismatched block sizes + * could result in too much or too little memory being zeroed if a + * process is preempted and migrated between CPUs. + * + * ftr_dczid is using STRICT comparison so we will taint Xen if different + * values are found. + */ + SANITIZE_REG(dczid, 0, dczid); + if ( cpu_feature64_has_el0_32(&system_cpuinfo) ) { SANITIZE_ID_REG(pfr32, 0, pfr0); diff --git a/xen/arch/arm/cpufeature.c b/xen/arch/arm/cpufeature.c index f600a611bd..113f20f601 100644 --- a/xen/arch/arm/cpufeature.c +++ b/xen/arch/arm/cpufeature.c @@ -125,6 +125,8 @@ void identify_cpu(struct cpuinfo_arm *c) c->zfr64.bits[0] = READ_SYSREG(ID_AA64ZFR0_EL1); + c->dczid.bits[0] = READ_SYSREG(DCZID_EL0); + aarch32_el0 = cpu_feature64_has_el0_32(c); #endif diff --git a/xen/include/asm-arm/cpufeature.h b/xen/include/asm-arm/cpufeature.h index 52cb3133e0..5219fd3bab 100644 --- a/xen/include/asm-arm/cpufeature.h +++ b/xen/include/asm-arm/cpufeature.h @@ -259,6 +259,14 @@ struct cpuinfo_arm { register_t bits[1]; } zfr64; + /* + * DCZID is only used to check for incoherent values between cores + * and taint Xen in this case + */ + struct { + register_t bits[1]; + } dczid; + #endif /* -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Sep 16 21:23:06 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 16 Sep 2021 21:23:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.188759.338056 (Exim 4.92) (envelope-from ) id 1mQyqY-000435-VB; Thu, 16 Sep 2021 21:23:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 188759.338056; Thu, 16 Sep 2021 21:23:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQyqY-00042x-S2; Thu, 16 Sep 2021 21:23:06 +0000 Received: by outflank-mailman (input) for mailman id 188759; Thu, 16 Sep 2021 21:23:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQyqX-00042n-NQ for xen-changelog@lists.xenproject.org; Thu, 16 Sep 2021 21:23:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQyqX-0007Vq-Mf for xen-changelog@lists.xenproject.org; Thu, 16 Sep 2021 21:23:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mQyqX-00073C-Lm for xen-changelog@lists.xenproject.org; Thu, 16 Sep 2021 21:23:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ftkwiiCkbkrFsj/NqzfbCMOdKT/gsJ8c3xTPQZocJXw=; b=P0tFZBqImfjrkX6S2ZSPzFoTu+ ZLFMnxd2EpAtJnep50kmRu+FHpa29jrfwKqibtrkEU3CiWwtTb5KiQUql1C0NWSQY6nUPk4c0SCP6 qiL+D45Oat0FDnFZaOXwrpuT/Llqinj64VQOx7a21dJPA2I3MUX944YBmupSvXAhjt2Q=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: Sanitize CTR_EL0 Message-Id: Date: Thu, 16 Sep 2021 21:23:05 +0000 commit 98f176b62b6136f696da88032f9c12a244ac9aed Author: Bertrand Marquis AuthorDate: Thu Sep 16 07:25:40 2021 +0100 Commit: Stefano Stabellini CommitDate: Thu Sep 16 14:15:52 2021 -0700 xen/arm: Sanitize CTR_EL0 Sanitize CTR_EL0 value between cores and taint Xen if incompatible values are found. In the case of different i-cache types, the sanitize ctr_el0 will have a sanitize value but this is currently not used or exposed to guest which are seeing the original ctr_el0 value. Use the opportunity to rename CTR_L1Ip to use an upper case name like Linux does. The patch is also defining ICACHE_POLICY_xxx instead of only having CTR_L1IP_xxx to sync the definitions with Linux and is updating the code using those accordingly (arm32 setup). On platforms with only the same type of cores, this patch should not modify the current Xen behaviour. Signed-off-by: Bertrand Marquis Signed-off-by: Stefano Stabellini Reviewed-by: Stefano Stabellini --- xen/arch/arm/arm64/cpufeature.c | 6 ++---- xen/arch/arm/cpufeature.c | 2 ++ xen/arch/arm/setup.c | 2 +- xen/include/asm-arm/cpufeature.h | 8 ++++++++ xen/include/asm-arm/processor.h | 18 +++++++++++++++--- 5 files changed, 28 insertions(+), 8 deletions(-) diff --git a/xen/arch/arm/arm64/cpufeature.c b/xen/arch/arm/arm64/cpufeature.c index d4679f5df3..6e5d30dc7b 100644 --- a/xen/arch/arm/arm64/cpufeature.c +++ b/xen/arch/arm/arm64/cpufeature.c @@ -275,9 +275,6 @@ static const struct arm64_ftr_bits ftr_id_aa64mmfr2[] = { ARM64_FTR_END, }; -#if 0 -/* TODO: use this to sanitize the cache line size among cores */ - static const struct arm64_ftr_bits ftr_ctr[] = { ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_EXACT, 31, 1, 1), /* RES1 */ ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, CTR_DIC_SHIFT, 1, 1), @@ -294,7 +291,6 @@ static const struct arm64_ftr_bits ftr_ctr[] = { ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, CTR_IMINLINE_SHIFT, 4, 0), ARM64_FTR_END, }; -#endif static const struct arm64_ftr_bits ftr_id_mmfr0[] = { S_ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_MMFR0_INNERSHR_SHIFT, 4, 0xf), @@ -606,6 +602,8 @@ void update_system_features(const struct cpuinfo_arm *new) */ SANITIZE_REG(dczid, 0, dczid); + SANITIZE_REG(ctr, 0, ctr); + if ( cpu_feature64_has_el0_32(&system_cpuinfo) ) { SANITIZE_ID_REG(pfr32, 0, pfr0); diff --git a/xen/arch/arm/cpufeature.c b/xen/arch/arm/cpufeature.c index 113f20f601..6e51f530a8 100644 --- a/xen/arch/arm/cpufeature.c +++ b/xen/arch/arm/cpufeature.c @@ -127,6 +127,8 @@ void identify_cpu(struct cpuinfo_arm *c) c->dczid.bits[0] = READ_SYSREG(DCZID_EL0); + c->ctr.bits[0] = READ_SYSREG(CTR_EL0); + aarch32_el0 = cpu_feature64_has_el0_32(c); #endif diff --git a/xen/arch/arm/setup.c b/xen/arch/arm/setup.c index 4ab13d0fbe..49dc90d198 100644 --- a/xen/arch/arm/setup.c +++ b/xen/arch/arm/setup.c @@ -650,7 +650,7 @@ static void __init setup_mm(void) panic("No memory bank\n"); /* We only supports instruction caches implementing the IVIPT extension. */ - if ( ((ctr >> CTR_L1Ip_SHIFT) & CTR_L1Ip_MASK) == CTR_L1Ip_AIVIVT ) + if ( ((ctr >> CTR_L1IP_SHIFT) & CTR_L1IP_MASK) == ICACHE_POLICY_AIVIVT ) panic("AIVIVT instruction cache not supported\n"); init_pdx(); diff --git a/xen/include/asm-arm/cpufeature.h b/xen/include/asm-arm/cpufeature.h index 5219fd3bab..5ca09b0bff 100644 --- a/xen/include/asm-arm/cpufeature.h +++ b/xen/include/asm-arm/cpufeature.h @@ -267,6 +267,14 @@ struct cpuinfo_arm { register_t bits[1]; } dczid; + /* + * CTR is only used to check for different cache types or policies and + * taint Xen in this case + */ + struct { + register_t bits[1]; + } ctr; + #endif /* diff --git a/xen/include/asm-arm/processor.h b/xen/include/asm-arm/processor.h index 2058b69447..8ab2940f68 100644 --- a/xen/include/asm-arm/processor.h +++ b/xen/include/asm-arm/processor.h @@ -7,9 +7,21 @@ #include /* CTR Cache Type Register */ -#define CTR_L1Ip_MASK 0x3 -#define CTR_L1Ip_SHIFT 14 -#define CTR_L1Ip_AIVIVT 0x1 +#define CTR_L1IP_MASK 0x3 +#define CTR_L1IP_SHIFT 14 +#define CTR_DMINLINE_SHIFT 16 +#define CTR_IMINLINE_SHIFT 0 +#define CTR_IMINLINE_MASK 0xf +#define CTR_ERG_SHIFT 20 +#define CTR_CWG_SHIFT 24 +#define CTR_CWG_MASK 15 +#define CTR_IDC_SHIFT 28 +#define CTR_DIC_SHIFT 29 + +#define ICACHE_POLICY_VPIPT 0 +#define ICACHE_POLICY_AIVIVT 1 +#define ICACHE_POLICY_VIPT 2 +#define ICACHE_POLICY_PIPT 3 /* MIDR Main ID Register */ #define MIDR_REVISION_MASK 0xf -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Sep 17 13:00:12 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 17 Sep 2021 13:00:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.189376.339039 (Exim 4.92) (envelope-from ) id 1mRDTK-00087X-KB; Fri, 17 Sep 2021 13:00:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 189376.339039; Fri, 17 Sep 2021 13:00:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mRDTK-00087N-FF; Fri, 17 Sep 2021 13:00:06 +0000 Received: by outflank-mailman (input) for mailman id 189376; Fri, 17 Sep 2021 13:00:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mRDTJ-000808-CH for xen-changelog@lists.xenproject.org; Fri, 17 Sep 2021 13:00:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mRDTJ-0006n3-BV for xen-changelog@lists.xenproject.org; Fri, 17 Sep 2021 13:00:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mRDTJ-0004PC-AQ for xen-changelog@lists.xenproject.org; Fri, 17 Sep 2021 13:00:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=m8qt2QcC/e8qMwOf+g1ZljRTDO378Uxtj0xuIB1X5Rg=; b=D3RzbtkumnuiEkvEGEaGWRb9Cn nc96NhFZJaBDR1CktqJjeZhUV6VhhFKIlibHkMSJHKSQeULPVM8sIEtpcOioVUNIH7bBDVXrq2dAE ypL5swo8EuofZHJEshjV1FZRMM/gZR0VDtjUMeJyeZXHSBORQvpJa5xT1e0kRlWkmpAY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/amd: Introduce and use X86_BUG_NULL_SEG Message-Id: Date: Fri, 17 Sep 2021 13:00:05 +0000 commit 48a160f46251f9752bd39a854ca74d80fbbbe90c Author: Andrew Cooper AuthorDate: Thu Dec 27 15:13:58 2018 +0000 Commit: Andrew Cooper CommitDate: Fri Sep 17 13:27:06 2021 +0100 x86/amd: Introduce and use X86_BUG_NULL_SEG AMD/Hygon processors before the Zen2 microarchitecture don't clear the base or limit fields when loading a NULL segment. Express the logic in terms of cpu_bug_null_seg, and adjust the workaround in do_set_segment_base(). Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/cpu/amd.c | 7 +++++++ xen/arch/x86/cpu/hygon.c | 7 +++++++ xen/arch/x86/pv/misc-hypercalls.c | 3 +-- xen/include/asm-x86/cpufeature.h | 1 + xen/include/asm-x86/cpufeatures.h | 1 + 5 files changed, 17 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index c4d84373a7..f87484b7ce 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -801,6 +801,13 @@ static void init_amd(struct cpuinfo_x86 *c) c->x86 == 0x17) detect_zen2_null_seg_behaviour(); + /* + * AMD CPUs before Zen2 don't clear segment bases/limits when loading + * a NULL selector. + */ + if (c == &boot_cpu_data && !cpu_has_nscb) + setup_force_cpu_cap(X86_BUG_NULL_SEG); + /* MFENCE stops RDTSC speculation */ if (!cpu_has_lfence_dispatch) __set_bit(X86_FEATURE_MFENCE_RDTSC, c->x86_capability); diff --git a/xen/arch/x86/cpu/hygon.c b/xen/arch/x86/cpu/hygon.c index 429d6601fc..cdc94130dd 100644 --- a/xen/arch/x86/cpu/hygon.c +++ b/xen/arch/x86/cpu/hygon.c @@ -40,6 +40,13 @@ static void init_hygon(struct cpuinfo_x86 *c) c->x86 == 0x18) detect_zen2_null_seg_behaviour(); + /* + * Hygon CPUs before Zen2 don't clear segment bases/limits when + * loading a NULL selector. + */ + if (c == &boot_cpu_data && !cpu_has_nscb) + setup_force_cpu_cap(X86_BUG_NULL_SEG); + /* MFENCE stops RDTSC speculation */ if (!cpu_has_lfence_dispatch) __set_bit(X86_FEATURE_MFENCE_RDTSC, c->x86_capability); diff --git a/xen/arch/x86/pv/misc-hypercalls.c b/xen/arch/x86/pv/misc-hypercalls.c index 3a4e4aa460..5dade24726 100644 --- a/xen/arch/x86/pv/misc-hypercalls.c +++ b/xen/arch/x86/pv/misc-hypercalls.c @@ -227,8 +227,7 @@ long do_set_segment_base(unsigned int which, unsigned long base) if ( sel > 3 ) /* Fix up RPL for non-NUL selectors. */ sel |= 3; - else if ( boot_cpu_data.x86_vendor & - (X86_VENDOR_AMD | X86_VENDOR_HYGON) ) + else if ( cpu_bug_null_seg ) /* Work around NUL segment behaviour on AMD hardware. */ asm volatile ( "mov %[sel], %%gs" :: [sel] "r" (FLAT_USER_DS32) ); diff --git a/xen/include/asm-x86/cpufeature.h b/xen/include/asm-x86/cpufeature.h index 94a485f99c..802d9257b0 100644 --- a/xen/include/asm-x86/cpufeature.h +++ b/xen/include/asm-x86/cpufeature.h @@ -159,6 +159,7 @@ /* Bugs. */ #define cpu_bug_fpu_ptrs boot_cpu_has(X86_BUG_FPU_PTRS) +#define cpu_bug_null_seg boot_cpu_has(X86_BUG_NULL_SEG) enum _cache_type { CACHE_TYPE_NULL = 0, diff --git a/xen/include/asm-x86/cpufeatures.h b/xen/include/asm-x86/cpufeatures.h index 6c8f432aee..72beb7babc 100644 --- a/xen/include/asm-x86/cpufeatures.h +++ b/xen/include/asm-x86/cpufeatures.h @@ -45,6 +45,7 @@ XEN_CPUFEATURE(XEN_SHSTK, X86_SYNTH(26)) /* Xen uses CET Shadow Stacks * #define X86_BUG(x) ((FSCAPINTS + X86_NR_SYNTH) * 32 + (x)) #define X86_BUG_FPU_PTRS X86_BUG( 0) /* (F)X{SAVE,RSTOR} doesn't save/restore FOP/FIP/FDP. */ +#define X86_BUG_NULL_SEG X86_BUG( 1) /* NULL-ing a selector preserves the base and limit. */ /* Total number of capability words, inc synth and bug words. */ #define NCAPINTS (FSCAPINTS + X86_NR_SYNTH + X86_NR_BUG) /* N 32-bit words worth of info */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Sep 17 19:11:12 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 17 Sep 2021 19:11:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.189679.339520 (Exim 4.92) (envelope-from ) id 1mRJGL-0006xC-QA; Fri, 17 Sep 2021 19:11:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 189679.339520; Fri, 17 Sep 2021 19:11:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mRJGL-0006x4-NG; Fri, 17 Sep 2021 19:11:05 +0000 Received: by outflank-mailman (input) for mailman id 189679; Fri, 17 Sep 2021 19:11:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mRJGK-0006wy-FZ for xen-changelog@lists.xenproject.org; Fri, 17 Sep 2021 19:11:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mRJGK-0005Tb-CZ for xen-changelog@lists.xenproject.org; Fri, 17 Sep 2021 19:11:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mRJGK-00026V-BX for xen-changelog@lists.xenproject.org; Fri, 17 Sep 2021 19:11:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ZNqYsyOqjH+CjDN88v2NXmSSuWlmq1Zd9f2lTJvOGJM=; b=ZEjA4MBrtMt0DirN5a2QOl+/1A sRR5GYl2vJr8y2pSEUTqCU5UmyDff+T4ckmaNlysMyzyOQxFjCvrXm8WFTHBPCkDsGHlJ7xaLKXy2 jk0B10xBk45QVncy2k3Fr6srjDfJW1ctwPqztoayTv/Fqg5ZERiEqW90FtRh+bxfm5sc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] modify acquire_domstatic_pages to take an unsigned int size parameter Message-Id: Date: Fri, 17 Sep 2021 19:11:04 +0000 commit 437e88417bdea0d5cd012fe9d69a3e0f8a0c13e8 Author: Stefano Stabellini AuthorDate: Thu Sep 16 13:47:11 2021 -0700 Commit: Stefano Stabellini CommitDate: Fri Sep 17 12:04:40 2021 -0700 modify acquire_domstatic_pages to take an unsigned int size parameter acquire_domstatic_pages currently takes an unsigned long nr_mfns parameter, but actually it cannot handle anything larger than an unsigned int nr_mfns. That's because acquire_domstatic_pages is based on assign_pages which also takes an unsigned int nr parameter. So modify the nr_mfns parameter of acquire_domstatic_pages to be unsigned int. There is only one caller in xen/arch/arm/domain_build.c:allocate_static_memory. Check that the value to be passed to acquire_domstatic_pages is no larger than UINT_MAX. If it is, print an error and goto fail. Signed-off-by: Stefano Stabellini Acked-by: Jan Beulich Reviewed-by: Bertrand Marquis --- xen/arch/arm/domain_build.c | 6 ++++++ xen/common/page_alloc.c | 2 +- xen/include/xen/mm.h | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index 62ab7d0ead..d233d634c1 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -554,6 +554,12 @@ static void __init allocate_static_memory(struct domain *d, device_tree_get_reg(&cell, addr_cells, size_cells, &pbase, &psize); ASSERT(IS_ALIGNED(pbase, PAGE_SIZE) && IS_ALIGNED(psize, PAGE_SIZE)); + if ( PFN_DOWN(psize) > UINT_MAX ) + { + printk(XENLOG_ERR "%pd: static memory size too large: %#"PRIpaddr, + d, psize); + goto fail; + } smfn = maddr_to_mfn(pbase); res = acquire_domstatic_pages(d, smfn, PFN_DOWN(psize), 0); if ( res ) diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index b9441cb06f..b64c07ae92 100644 --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -2714,7 +2714,7 @@ static struct page_info * __init acquire_staticmem_pages(mfn_t smfn, * then assign them to one specific domain #d. */ int __init acquire_domstatic_pages(struct domain *d, mfn_t smfn, - unsigned long nr_mfns, unsigned int memflags) + unsigned int nr_mfns, unsigned int memflags) { struct page_info *pg; diff --git a/xen/include/xen/mm.h b/xen/include/xen/mm.h index dd49237e86..5db26ed477 100644 --- a/xen/include/xen/mm.h +++ b/xen/include/xen/mm.h @@ -89,7 +89,7 @@ bool scrub_free_pages(void); /* These functions are for static memory */ void free_staticmem_pages(struct page_info *pg, unsigned long nr_mfns, bool need_scrub); -int acquire_domstatic_pages(struct domain *d, mfn_t smfn, unsigned long nr_mfns, +int acquire_domstatic_pages(struct domain *d, mfn_t smfn, unsigned int nr_mfns, unsigned int memflags); #endif -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Sep 20 08:33:10 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 20 Sep 2021 08:33:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.190336.340184 (Exim 4.92) (envelope-from ) id 1mSEjZ-0007Jd-D1; Mon, 20 Sep 2021 08:33:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 190336.340184; Mon, 20 Sep 2021 08:33:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mSEjZ-0007JX-A0; Mon, 20 Sep 2021 08:33:05 +0000 Received: by outflank-mailman (input) for mailman id 190336; Mon, 20 Sep 2021 08:33:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mSEjY-0007J7-7a for xen-changelog@lists.xenproject.org; Mon, 20 Sep 2021 08:33:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mSEjY-0002ZV-5D for xen-changelog@lists.xenproject.org; Mon, 20 Sep 2021 08:33:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mSEjY-0001lM-40 for xen-changelog@lists.xenproject.org; Mon, 20 Sep 2021 08:33:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=PzP2bL0KSy63ictezPTBAP66QCwMJCRlEQZgRlGqct0=; b=idhRPpmkFP9ksQk7v9sA0KRh13 NeHC8D3Gbkk4KMzCFxj511/R4blyf1n8gU8nSsRH1vRxONYVNEeln8W51uX0srooiOq6E9CVYhXU0 kqLBdtvB/S3usSpGLVixOBVEOlrR2ijIwLiKrDHxhyeIWIEIHFehZM3EHDiVj+iYZDEw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] page-alloc: further adjust assign_page{,s}() Message-Id: Date: Mon, 20 Sep 2021 08:33:04 +0000 commit da2c65815c062fd012b7b77eee76be0905eb29f6 Author: Jan Beulich AuthorDate: Mon Sep 20 10:23:08 2021 +0200 Commit: Jan Beulich CommitDate: Mon Sep 20 10:23:08 2021 +0200 page-alloc: further adjust assign_page{,s}() The on-commit editing of 5260e8fb93f0 ("xen: re-define assign_pages and introduce a new function assign_page") didn't go quite far enough: A local variable and a function argument also would have wanted adjusting. Signed-off-by: Jan Beulich Reviewed-by: Bertrand Marquis Reviewed-by: Stefano Stabellini --- xen/common/page_alloc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index b64c07ae92..6142c7bb6a 100644 --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -2269,7 +2269,7 @@ int assign_pages( unsigned int memflags) { int rc = 0; - unsigned long i; + unsigned int i; spin_lock(&d->page_alloc_lock); @@ -2339,7 +2339,7 @@ int assign_pages( int assign_page(struct page_info *pg, unsigned int order, struct domain *d, unsigned int memflags) { - return assign_pages(pg, 1UL << order, d, memflags); + return assign_pages(pg, 1U << order, d, memflags); } struct page_info *alloc_domheap_pages( -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Sep 20 08:33:15 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 20 Sep 2021 08:33:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.190339.340189 (Exim 4.92) (envelope-from ) id 1mSEjj-0007SL-Eo; Mon, 20 Sep 2021 08:33:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 190339.340189; Mon, 20 Sep 2021 08:33:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mSEjj-0007SD-Bk; Mon, 20 Sep 2021 08:33:15 +0000 Received: by outflank-mailman (input) for mailman id 190339; Mon, 20 Sep 2021 08:33:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mSEji-0007QI-9o for xen-changelog@lists.xenproject.org; Mon, 20 Sep 2021 08:33:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mSEji-0002Zj-8f for xen-changelog@lists.xenproject.org; Mon, 20 Sep 2021 08:33:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mSEji-0001mk-7g for xen-changelog@lists.xenproject.org; Mon, 20 Sep 2021 08:33:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=lWk8vGd9+kB0lr14nWQZrFjWlJAx6G4nK7GlkLjCdQY=; b=20WymFPyJM1QvUjlyKjxr0ABCL Rkl0wfXktTRs/PWreg3X94ugFsDOXplYn/DmTL6kT/c5q2bR0d6iJLyxaaiGdzCAOidDPcAt7+DK3 EpXXeSWk2vmZA0IEpNjqk0VsYHT+AZw/T7pK7xLyTDZf9r6Glm+1PIrryrMyZyPrdqfo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] VT-d: consider hidden devices when unmapping Message-Id: Date: Mon, 20 Sep 2021 08:33:14 +0000 commit 75bfe6ec4844f83b300b9807bceaed1e2fe23270 Author: Jan Beulich AuthorDate: Mon Sep 20 10:24:27 2021 +0200 Commit: Jan Beulich CommitDate: Mon Sep 20 10:24:27 2021 +0200 VT-d: consider hidden devices when unmapping Whether to clear an IOMMU's bit in the domain's bitmap should depend on all devices the domain can control. For the hardware domain this includes hidden devices, which are associated with DomXEN. While touching related logic - convert the "current device" exclusion check to a simple pointer comparison, - convert "found" to "bool", - adjust style and correct a typo in an existing comment. Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian --- xen/drivers/passthrough/vtd/iommu.c | 48 ++++++++++++++++++++++++------------- 1 file changed, 32 insertions(+), 16 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index aeb1dddc88..859e6ddf62 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1650,6 +1650,27 @@ int domain_context_unmap_one( return rc; } +static bool any_pdev_behind_iommu(const struct domain *d, + const struct pci_dev *exclude, + const struct vtd_iommu *iommu) +{ + const struct pci_dev *pdev; + + for_each_pdev ( d, pdev ) + { + const struct acpi_drhd_unit *drhd; + + if ( pdev == exclude ) + continue; + + drhd = acpi_find_matched_drhd_unit(pdev); + if ( drhd && drhd->iommu == iommu ) + return true; + } + + return false; +} + static int domain_context_unmap(struct domain *domain, u8 devfn, struct pci_dev *pdev) { @@ -1657,7 +1678,7 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, struct vtd_iommu *iommu = drhd ? drhd->iommu : NULL; int ret; u8 seg = pdev->seg, bus = pdev->bus, tmp_bus, tmp_devfn, secbus; - int found = 0; + bool found; switch ( pdev->type ) { @@ -1737,23 +1758,18 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, return ret; /* - * if no other devices under the same iommu owned by this domain, - * clear iommu in iommu_bitmap and clear domain_id in domid_bitmp + * If no other devices under the same iommu owned by this domain, + * clear iommu in iommu_bitmap and clear domain_id in domid_bitmap. */ - for_each_pdev ( domain, pdev ) - { - if ( pdev->seg == seg && pdev->bus == bus && pdev->devfn == devfn ) - continue; - - drhd = acpi_find_matched_drhd_unit(pdev); - if ( drhd && drhd->iommu == iommu ) - { - found = 1; - break; - } - } + found = any_pdev_behind_iommu(domain, pdev, iommu); + /* + * Hidden devices are associated with DomXEN but usable by the hardware + * domain. Hence they need considering here as well. + */ + if ( !found && is_hardware_domain(domain) ) + found = any_pdev_behind_iommu(dom_xen, pdev, iommu); - if ( found == 0 ) + if ( !found ) { clear_bit(iommu->index, &dom_iommu(domain)->arch.vtd.iommu_bitmap); cleanup_domid_map(domain, iommu); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Sep 20 08:33:25 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 20 Sep 2021 08:33:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.190343.340192 (Exim 4.92) (envelope-from ) id 1mSEjt-0007cc-GH; Mon, 20 Sep 2021 08:33:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 190343.340192; Mon, 20 Sep 2021 08:33:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mSEjt-0007cU-DB; Mon, 20 Sep 2021 08:33:25 +0000 Received: by outflank-mailman (input) for mailman id 190343; Mon, 20 Sep 2021 08:33:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mSEjs-0007az-Ck for xen-changelog@lists.xenproject.org; Mon, 20 Sep 2021 08:33:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mSEjs-0002aC-Bw for xen-changelog@lists.xenproject.org; Mon, 20 Sep 2021 08:33:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mSEjs-0001nt-Az for xen-changelog@lists.xenproject.org; Mon, 20 Sep 2021 08:33:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=p8l6efnbSoUIwVT0kr6wQ/kqFoFsqxL3/0xpQcujSVY=; b=YLbNz+256/Pqe5loFiy4JT+qL/ 9jqYet3YEIOQxDm+7YA9JAbWHQnHU/mWeqOc+TDW68Dh5ILNnTxfSP3LyGN57y22naBC2Pmf0Wfpq Dxq3XMyyLRjjzQx7grOV73XKpQCjpgcirxQQVrSaMPDjqwnqw9P2/EhUOAZJ56fB7rio=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] VT-d: PCI segment numbers are up to 16 bits wide Message-Id: Date: Mon, 20 Sep 2021 08:33:24 +0000 commit a3dd33e63c2c8c51102f223e6efe2e3d3bdcbec1 Author: Jan Beulich AuthorDate: Mon Sep 20 10:25:03 2021 +0200 Commit: Jan Beulich CommitDate: Mon Sep 20 10:25:03 2021 +0200 VT-d: PCI segment numbers are up to 16 bits wide We shouldn't silently truncate respective values. Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian --- xen/drivers/passthrough/vtd/iommu.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 859e6ddf62..611c22fd52 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1462,7 +1462,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, { const struct acpi_drhd_unit *drhd = acpi_find_matched_drhd_unit(pdev); int ret = 0; - u8 seg = pdev->seg, bus = pdev->bus, secbus; + uint16_t seg = pdev->seg; + uint8_t bus = pdev->bus, secbus; /* * Generally we assume only devices from one node to get assigned to a @@ -1677,7 +1678,8 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, const struct acpi_drhd_unit *drhd = acpi_find_matched_drhd_unit(pdev); struct vtd_iommu *iommu = drhd ? drhd->iommu : NULL; int ret; - u8 seg = pdev->seg, bus = pdev->bus, tmp_bus, tmp_devfn, secbus; + uint16_t seg = pdev->seg; + uint8_t bus = pdev->bus, tmp_bus, tmp_devfn, secbus; bool found; switch ( pdev->type ) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Sep 21 18:55:16 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 21 Sep 2021 18:55:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.191872.342005 (Exim 4.92) (envelope-from ) id 1mSkvD-00046R-RO; Tue, 21 Sep 2021 18:55:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 191872.342005; Tue, 21 Sep 2021 18:55:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mSkvD-00046J-Nv; Tue, 21 Sep 2021 18:55:15 +0000 Received: by outflank-mailman (input) for mailman id 191872; Tue, 21 Sep 2021 18:55:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mSkvC-00046D-HT for xen-changelog@lists.xenproject.org; Tue, 21 Sep 2021 18:55:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mSkvC-0005gN-Gc for xen-changelog@lists.xenproject.org; Tue, 21 Sep 2021 18:55:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mSkvC-0001Ac-FN for xen-changelog@lists.xenproject.org; Tue, 21 Sep 2021 18:55:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+qosI7yuoS2dOoqei0OlGsfZxsE3P57zdLMwkRm682E=; b=af+eNsqrf1KWh2ZKNyu+mok18R pXXI5EVyeiUwSrEagOvCjgI44px88hmNBTC1jNsHwExrPbdieZNZ1cZOGL8sG6I6VHUyn1zm/tG0g ACkn7GZiRz8uXcVtIhbb634YOK4Y0Pk1rSTv2brl8MJQVt48fGwKTYV3JOaatTFg3558=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/hvm: Remove duplicate calls caused by tracing Message-Id: Date: Tue, 21 Sep 2021 18:55:14 +0000 commit 91bac8ad7c062e2779b97649eb0dca9035bc56be Author: Andrew Cooper AuthorDate: Sat Sep 18 00:32:12 2021 +0100 Commit: Andrew Cooper CommitDate: Tue Sep 21 19:41:12 2021 +0100 x86/hvm: Remove duplicate calls caused by tracing 1) vpic_ack_pending_irq() calls vlapic_accept_pic_intr() twice, once in the TRACE_2D() instantiation and once "for real". Make the call only once. 2) vlapic_accept_pic_intr() similarly calls __vlapic_accept_pic_intr() twice, although this is more complicated to disentangle. v cannot be NULL because it has already been dereferenced in the function, causing the ternary expression to always call __vlapic_accept_pic_intr(). However, the return expression of the function takes care to skip the call if this vCPU isn't the PIC target. As __vlapic_accept_pic_intr() is far from trivial, make the TRACE_2D() semantics match the return semantics by only calling __vlapic_accept_pic_intr() when the vCPU is the PIC target. 3) hpet_set_timer() duplicates calls to hpet_tick_to_ns(). Pull the logic out which simplifies both the TRACE and create_periodic_time() calls. 4) lapic_rearm() makes multiple calls to vlapic_lvtt_period(). Pull it out into a local variable. vlapic_accept_pic_intr() is called on every VMEntry, so this is a reduction in VMEntry complexity across the board. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/hvm/hpet.c | 14 ++++++++------ xen/arch/x86/hvm/vlapic.c | 23 +++++++++++++++-------- xen/arch/x86/hvm/vpic.c | 9 +++++---- 3 files changed, 28 insertions(+), 18 deletions(-) diff --git a/xen/arch/x86/hvm/hpet.c b/xen/arch/x86/hvm/hpet.c index ee756abb82..8267f0b8a2 100644 --- a/xen/arch/x86/hvm/hpet.c +++ b/xen/arch/x86/hvm/hpet.c @@ -240,6 +240,7 @@ static void hpet_set_timer(HPETState *h, unsigned int tn, uint64_t tn_cmp, cur_tick, diff; unsigned int irq; unsigned int oneshot; + s_time_t diff_ns, period_ns = 0; ASSERT(tn < HPET_TIMER_NUM); ASSERT(rw_is_write_locked(&h->lock)); @@ -311,13 +312,14 @@ static void hpet_set_timer(HPETState *h, unsigned int tn, * status register) before another interrupt can be delivered. */ oneshot = !timer_is_periodic(h, tn) || timer_level(h, tn); + diff_ns = hpet_tick_to_ns(h, diff); + if ( !oneshot ) + period_ns = hpet_tick_to_ns(h, h->hpet.period[tn]); + TRACE_2_LONG_4D(TRC_HVM_EMUL_HPET_START_TIMER, tn, irq, - TRC_PAR_LONG(hpet_tick_to_ns(h, diff)), - TRC_PAR_LONG(oneshot ? 0LL : - hpet_tick_to_ns(h, h->hpet.period[tn]))); - create_periodic_time(vhpet_vcpu(h), &h->pt[tn], - hpet_tick_to_ns(h, diff), - oneshot ? 0 : hpet_tick_to_ns(h, h->hpet.period[tn]), + TRC_PAR_LONG(diff_ns), TRC_PAR_LONG(period_ns)); + + create_periodic_time(vhpet_vcpu(h), &h->pt[tn], diff_ns, period_ns, irq, timer_level(h, tn) ? hpet_timer_fired : NULL, timer_level(h, tn) ? (void *)(unsigned long)tn : NULL, timer_level(h, tn)); diff --git a/xen/arch/x86/hvm/vlapic.c b/xen/arch/x86/hvm/vlapic.c index 5e21fb4937..b8c84458ff 100644 --- a/xen/arch/x86/hvm/vlapic.c +++ b/xen/arch/x86/hvm/vlapic.c @@ -1267,15 +1267,18 @@ static int __vlapic_accept_pic_intr(struct vcpu *v) int vlapic_accept_pic_intr(struct vcpu *v) { + bool target, accept = false; + if ( vlapic_hw_disabled(vcpu_vlapic(v)) || !has_vpic(v->domain) ) return 0; - TRACE_2D(TRC_HVM_EMUL_LAPIC_PIC_INTR, - (v == v->domain->arch.hvm.i8259_target), - v ? __vlapic_accept_pic_intr(v) : -1); + target = v == v->domain->arch.hvm.i8259_target; + if ( target ) + accept = __vlapic_accept_pic_intr(v); + + TRACE_2D(TRC_HVM_EMUL_LAPIC_PIC_INTR, target, accept); - return ((v == v->domain->arch.hvm.i8259_target) && - __vlapic_accept_pic_intr(v)); + return target && accept; } void vlapic_adjust_i8259_target(struct domain *d) @@ -1449,6 +1452,7 @@ static void lapic_rearm(struct vlapic *s) { unsigned long tmict; uint64_t period, tdt_msr; + bool is_periodic; s->pt.irq = vlapic_get_reg(s, APIC_LVTT) & APIC_VECTOR_MASK; @@ -1464,12 +1468,15 @@ static void lapic_rearm(struct vlapic *s) period = ((uint64_t)APIC_BUS_CYCLE_NS * (uint32_t)tmict * s->hw.timer_divisor); + is_periodic = vlapic_lvtt_period(s); + TRACE_2_LONG_3D(TRC_HVM_EMUL_LAPIC_START_TIMER, TRC_PAR_LONG(period), - TRC_PAR_LONG(vlapic_lvtt_period(s) ? period : 0LL), s->pt.irq); + TRC_PAR_LONG(is_periodic ? period : 0LL), s->pt.irq); + create_periodic_time(vlapic_vcpu(s), &s->pt, period, - vlapic_lvtt_period(s) ? period : 0, + is_periodic ? period : 0, s->pt.irq, - vlapic_lvtt_period(s) ? vlapic_pt_cb : NULL, + is_periodic ? vlapic_pt_cb : NULL, &s->timer_last_update, false); s->timer_last_update = s->pt.last_plt_gtime; } diff --git a/xen/arch/x86/hvm/vpic.c b/xen/arch/x86/hvm/vpic.c index af988a868c..91c2c69833 100644 --- a/xen/arch/x86/hvm/vpic.c +++ b/xen/arch/x86/hvm/vpic.c @@ -512,14 +512,15 @@ void vpic_irq_negative_edge(struct domain *d, int irq) int vpic_ack_pending_irq(struct vcpu *v) { - int irq; + int irq, accept; struct hvm_hw_vpic *vpic = &v->domain->arch.hvm.vpic[0]; ASSERT(has_vpic(v->domain)); - TRACE_2D(TRC_HVM_EMUL_PIC_PEND_IRQ_CALL, vlapic_accept_pic_intr(v), - vpic->int_output); - if ( !vlapic_accept_pic_intr(v) || !vpic->int_output ) + accept = vlapic_accept_pic_intr(v); + + TRACE_2D(TRC_HVM_EMUL_PIC_PEND_IRQ_CALL, accept, vpic->int_output); + if ( !accept || !vpic->int_output ) return -1; irq = vpic_intack(vpic); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Sep 21 18:55:16 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 21 Sep 2021 18:55:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.191871.342001 (Exim 4.92) (envelope-from ) id 1mSkv3-00044k-PI; Tue, 21 Sep 2021 18:55:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 191871.342001; Tue, 21 Sep 2021 18:55:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mSkv3-00044c-MN; Tue, 21 Sep 2021 18:55:05 +0000 Received: by outflank-mailman (input) for mailman id 191871; Tue, 21 Sep 2021 18:55:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mSkv2-00044W-F1 for xen-changelog@lists.xenproject.org; Tue, 21 Sep 2021 18:55:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mSkv2-0005gJ-Cj for xen-changelog@lists.xenproject.org; Tue, 21 Sep 2021 18:55:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mSkv2-00019n-Bm for xen-changelog@lists.xenproject.org; Tue, 21 Sep 2021 18:55:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=4ygR4tXwo5Q+z2gTuS2wCr2WMujunw/seSMRDs36T2g=; b=48exTtaQL7M+Vt2Hg9UQnxxEaR NB09D32JYA086bK8uKWIeLESEHzshW4oJgSQCzZOzi9p7GfZ4e/5LTenvhME2q6VC7jRyFqxxynam veuTHrIvpDQdUsFY1ZlqVe2JU8qrwqPf2AF5Yf8iuFD3F7RIqK9V7wbD73bOp8CVjw9c=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/hvm: Reduce stack usage from HVMTRACE_ND() Message-Id: Date: Tue, 21 Sep 2021 18:55:04 +0000 commit e083d753924b954f0185b907001de411a03ca495 Author: Andrew Cooper AuthorDate: Wed Sep 15 17:04:00 2021 +0100 Commit: Andrew Cooper CommitDate: Tue Sep 21 19:41:12 2021 +0100 x86/hvm: Reduce stack usage from HVMTRACE_ND() It is pointless to write all 6 entries and only consume the useful subset. bloat-o-meter shows quite how obscene the overhead is in vmx_vmexit_handler(), weighing in at 12% of the function arranging unread zeroes on the stack, and 8% for svm_vmexit_handler(). add/remove: 0/0 grow/shrink: 0/20 up/down: 0/-1929 (-1929) Function old new delta hvm_msr_write_intercept 1049 1033 -16 vmx_enable_intr_window 238 214 -24 svm_enable_intr_window 337 313 -24 hvmemul_write_xcr 115 91 -24 hvmemul_write_cr 350 326 -24 hvmemul_read_xcr 115 91 -24 hvmemul_read_cr 146 122 -24 hvm_mov_to_cr 438 414 -24 hvm_mov_from_cr 253 229 -24 vmx_intr_assist 1150 1118 -32 svm_intr_assist 459 427 -32 hvm_rdtsc_intercept 138 106 -32 hvm_msr_read_intercept 898 866 -32 vmx_vmenter_helper 1142 1094 -48 vmx_inject_event 813 765 -48 svm_vmenter_helper 238 187 -51 hvm_hlt 197 146 -51 svm_inject_event 1678 1614 -64 svm_vmexit_handler 5880 5392 -488 vmx_vmexit_handler 7281 6438 -843 Total: Before=3644277, After=3642348, chg -0.05% Adjust all users of HVMTRACE_ND(), using TRC_PAR_LONG() where appropriate instead of opencoding it. The 0 case needs a little help. All object in C must have a unique address and _d is passed by pointer. Explicitly permit the optimiser to drop the array. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/hvm/svm/svm.c | 8 +++----- xen/arch/x86/hvm/vmx/vmx.c | 9 ++++----- xen/include/asm-x86/hvm/trace.h | 28 ++++++++++------------------ 3 files changed, 17 insertions(+), 28 deletions(-) diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index afb1ccb342..f0e10dec04 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -1052,7 +1052,7 @@ void svm_vmenter_helper(const struct cpu_user_regs *regs) if ( unlikely(tb_init_done) ) HVMTRACE_ND(VMENTRY, nestedhvm_vcpu_in_guestmode(curr) ? TRC_HVM_NESTEDFLAG : 0, - 1/*cycles*/, 0, 0, 0, 0, 0, 0, 0); + 1/*cycles*/); svm_sync_vmcb(curr, vmcb_needs_vmsave); @@ -2565,12 +2565,10 @@ void svm_vmexit_handler(struct cpu_user_regs *regs) if ( hvm_long_mode_active(v) ) HVMTRACE_ND(VMEXIT64, vcpu_guestmode ? TRC_HVM_NESTEDFLAG : 0, - 1/*cycles*/, 3, exit_reason, - regs->eip, regs->rip >> 32, 0, 0, 0); + 1/*cycles*/, exit_reason, TRC_PAR_LONG(regs->rip)); else HVMTRACE_ND(VMEXIT, vcpu_guestmode ? TRC_HVM_NESTEDFLAG : 0, - 1/*cycles*/, 2, exit_reason, - regs->eip, 0, 0, 0, 0); + 1/*cycles*/, exit_reason, regs->eip); if ( vcpu_guestmode ) { diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index b0a42d05f8..d403e2d806 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -3864,11 +3864,10 @@ void vmx_vmexit_handler(struct cpu_user_regs *regs) __vmread(VM_EXIT_REASON, &exit_reason); if ( hvm_long_mode_active(v) ) - HVMTRACE_ND(VMEXIT64, 0, 1/*cycles*/, 3, exit_reason, - regs->eip, regs->rip >> 32, 0, 0, 0); + HVMTRACE_ND(VMEXIT64, 0, 1/*cycles*/, exit_reason, + TRC_PAR_LONG(regs->rip)); else - HVMTRACE_ND(VMEXIT, 0, 1/*cycles*/, 2, exit_reason, - regs->eip, 0, 0, 0, 0); + HVMTRACE_ND(VMEXIT, 0, 1/*cycles*/, exit_reason, regs->eip); perfc_incra(vmexits, exit_reason); @@ -4645,7 +4644,7 @@ bool vmx_vmenter_helper(const struct cpu_user_regs *regs) if ( unlikely(curr->arch.hvm.vmx.lbr_flags & LBR_FIXUP_MASK) ) lbr_fixup(); - HVMTRACE_ND(VMENTRY, 0, 1/*cycles*/, 0, 0, 0, 0, 0, 0, 0); + HVMTRACE_ND(VMENTRY, 0, 1/*cycles*/); __vmwrite(GUEST_RIP, regs->rip); __vmwrite(GUEST_RSP, regs->rsp); diff --git a/xen/include/asm-x86/hvm/trace.h b/xen/include/asm-x86/hvm/trace.h index 5cd459b855..145b59f6ac 100644 --- a/xen/include/asm-x86/hvm/trace.h +++ b/xen/include/asm-x86/hvm/trace.h @@ -67,38 +67,30 @@ #define TRACE_2_LONG_4D(_e, d1, d2, d3, d4, ...) \ TRACE_6D(_e, d1, d2, d3, d4) -#define HVMTRACE_ND(evt, modifier, cycles, count, d1, d2, d3, d4, d5, d6) \ +#define HVMTRACE_ND(evt, modifier, cycles, ...) \ do { \ if ( unlikely(tb_init_done) && DO_TRC_HVM_ ## evt ) \ { \ - struct { \ - u32 d[6]; \ - } _d; \ - _d.d[0]=(d1); \ - _d.d[1]=(d2); \ - _d.d[2]=(d3); \ - _d.d[3]=(d4); \ - _d.d[4]=(d5); \ - _d.d[5]=(d6); \ + uint32_t _d[] = { __VA_ARGS__ }; \ __trace_var(TRC_HVM_ ## evt | (modifier), cycles, \ - sizeof(*_d.d) * count, &_d); \ + sizeof(_d), sizeof(_d) ? _d : NULL); \ } \ } while(0) #define HVMTRACE_6D(evt, d1, d2, d3, d4, d5, d6) \ - HVMTRACE_ND(evt, 0, 0, 6, d1, d2, d3, d4, d5, d6) + HVMTRACE_ND(evt, 0, 0, d1, d2, d3, d4, d5, d6) #define HVMTRACE_5D(evt, d1, d2, d3, d4, d5) \ - HVMTRACE_ND(evt, 0, 0, 5, d1, d2, d3, d4, d5, 0) + HVMTRACE_ND(evt, 0, 0, d1, d2, d3, d4, d5) #define HVMTRACE_4D(evt, d1, d2, d3, d4) \ - HVMTRACE_ND(evt, 0, 0, 4, d1, d2, d3, d4, 0, 0) + HVMTRACE_ND(evt, 0, 0, d1, d2, d3, d4) #define HVMTRACE_3D(evt, d1, d2, d3) \ - HVMTRACE_ND(evt, 0, 0, 3, d1, d2, d3, 0, 0, 0) + HVMTRACE_ND(evt, 0, 0, d1, d2, d3) #define HVMTRACE_2D(evt, d1, d2) \ - HVMTRACE_ND(evt, 0, 0, 2, d1, d2, 0, 0, 0, 0) + HVMTRACE_ND(evt, 0, 0, d1, d2) #define HVMTRACE_1D(evt, d1) \ - HVMTRACE_ND(evt, 0, 0, 1, d1, 0, 0, 0, 0, 0) + HVMTRACE_ND(evt, 0, 0, d1) #define HVMTRACE_0D(evt) \ - HVMTRACE_ND(evt, 0, 0, 0, 0, 0, 0, 0, 0, 0) + HVMTRACE_ND(evt, 0, 0) #define HVMTRACE_LONG_1D(evt, d1) \ HVMTRACE_2D(evt ## 64, (d1) & 0xFFFFFFFF, (d1) >> 32) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Sep 21 18:55:25 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 21 Sep 2021 18:55:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.191873.342009 (Exim 4.92) (envelope-from ) id 1mSkvN-00049R-Sc; Tue, 21 Sep 2021 18:55:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 191873.342009; Tue, 21 Sep 2021 18:55:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mSkvN-00049J-PR; Tue, 21 Sep 2021 18:55:25 +0000 Received: by outflank-mailman (input) for mailman id 191873; Tue, 21 Sep 2021 18:55:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mSkvM-00048u-LE for xen-changelog@lists.xenproject.org; Tue, 21 Sep 2021 18:55:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mSkvM-0005gc-KI for xen-changelog@lists.xenproject.org; Tue, 21 Sep 2021 18:55:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mSkvM-0001BI-JC for xen-changelog@lists.xenproject.org; Tue, 21 Sep 2021 18:55:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=feeaIgF+qZzAVYOfy/19y2bBSORAfxIzVGVjHs183cY=; b=HEnqi5zAPr97jbrEQig5AVq1jl OiKT7sxBuXAcFabZAxX09SxYnCQEhEBFSBkzN6fD0GTx9k/HbhBW0WxXBZmJMS+7+9kb3FZ0wa8U3 FYp14vDMvItvFAUMJ8pldIJRdjVBrz9lFZa6BRuWaM/F4Sh1U4W3Ur1cVVz8o/hZKf0s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/pv: Move x86/trace.c to x86/pv/trace.c Message-Id: Date: Tue, 21 Sep 2021 18:55:24 +0000 commit 8aae4f376ca59174a25938e95dc41e9883ee675c Author: Andrew Cooper AuthorDate: Mon Sep 20 15:02:32 2021 +0100 Commit: Andrew Cooper CommitDate: Tue Sep 21 19:41:12 2021 +0100 x86/pv: Move x86/trace.c to x86/pv/trace.c This entire file is pv-only, and not excluded from the build by CONFIG_TRACEBUFFER. Move it into the pv/ directory, build it conditionally, and drop unused includes. Also move the contents of asm/trace.h to asm/pv/trace.h to avoid the functions being declared across the entire hypervisor. One caller in fixup_page_fault() is effectively PV only, but is not subject to dead code elimination. Add an additional IS_ENABLED(CONFIG_PV) to keep the build happy. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/Makefile | 1 - xen/arch/x86/pv/Makefile | 1 + xen/arch/x86/pv/emul-inv-op.c | 2 +- xen/arch/x86/pv/emul-priv-op.c | 1 + xen/arch/x86/pv/ro-page-fault.c | 2 +- xen/arch/x86/pv/trace.c | 156 +++++++++++++++++++++++++++++++++++++++ xen/arch/x86/pv/traps.c | 2 +- xen/arch/x86/trace.c | 159 ---------------------------------------- xen/arch/x86/traps.c | 3 +- xen/include/asm-x86/pv/trace.h | 48 ++++++++++++ xen/include/asm-x86/trace.h | 42 ----------- 11 files changed, 211 insertions(+), 206 deletions(-) diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index 202d4d2782..82dd4e18bd 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -61,7 +61,6 @@ obj-y += spec_ctrl.o obj-y += srat.o obj-y += string.o obj-y += time.o -obj-y += trace.o obj-y += traps.o obj-y += tsx.o obj-y += usercopy.o diff --git a/xen/arch/x86/pv/Makefile b/xen/arch/x86/pv/Makefile index 75b01b0062..6cda354cc4 100644 --- a/xen/arch/x86/pv/Makefile +++ b/xen/arch/x86/pv/Makefile @@ -12,6 +12,7 @@ obj-y += misc-hypercalls.o obj-y += mm.o obj-y += ro-page-fault.o obj-$(CONFIG_PV_SHIM) += shim.o +obj-$(CONFIG_TRACEBUFFER) += trace.o obj-y += traps.o obj-bin-y += dom0_build.init.o diff --git a/xen/arch/x86/pv/emul-inv-op.c b/xen/arch/x86/pv/emul-inv-op.c index b15f302bca..2c07eed9a0 100644 --- a/xen/arch/x86/pv/emul-inv-op.c +++ b/xen/arch/x86/pv/emul-inv-op.c @@ -19,7 +19,7 @@ * along with this program; If not, see . */ -#include +#include #include "emulate.h" diff --git a/xen/arch/x86/pv/emul-priv-op.c b/xen/arch/x86/pv/emul-priv-op.c index 11467a1e3a..d0df5bc616 100644 --- a/xen/arch/x86/pv/emul-priv-op.c +++ b/xen/arch/x86/pv/emul-priv-op.c @@ -30,6 +30,7 @@ #include #include #include +#include #include #include diff --git a/xen/arch/x86/pv/ro-page-fault.c b/xen/arch/x86/pv/ro-page-fault.c index 335aa8dc5d..ac5b66870c 100644 --- a/xen/arch/x86/pv/ro-page-fault.c +++ b/xen/arch/x86/pv/ro-page-fault.c @@ -20,7 +20,7 @@ * along with this program; If not, see . */ -#include +#include #include #include "emulate.h" diff --git a/xen/arch/x86/pv/trace.c b/xen/arch/x86/pv/trace.c new file mode 100644 index 0000000000..550c22765b --- /dev/null +++ b/xen/arch/x86/pv/trace.c @@ -0,0 +1,156 @@ +#include + +#include + +void __trace_pv_trap(int trapnr, unsigned long eip, + int use_error_code, unsigned error_code) +{ + if ( is_pv_32bit_vcpu(current) ) + { + struct __packed { + unsigned eip:32, + trapnr:15, + use_error_code:1, + error_code:16; + } d; + + d.eip = eip; + d.trapnr = trapnr; + d.error_code = error_code; + d.use_error_code=!!use_error_code; + + __trace_var(TRC_PV_TRAP, 1, sizeof(d), &d); + } + else + { + struct __packed { + unsigned long eip; + unsigned trapnr:15, + use_error_code:1, + error_code:16; + } d; + unsigned event; + + d.eip = eip; + d.trapnr = trapnr; + d.error_code = error_code; + d.use_error_code=!!use_error_code; + + event = TRC_PV_TRAP; + event |= TRC_64_FLAG; + __trace_var(event, 1, sizeof(d), &d); + } +} + +void __trace_pv_page_fault(unsigned long addr, unsigned error_code) +{ + unsigned long eip = guest_cpu_user_regs()->rip; + + if ( is_pv_32bit_vcpu(current) ) + { + struct __packed { + u32 eip, addr, error_code; + } d; + + d.eip = eip; + d.addr = addr; + d.error_code = error_code; + + __trace_var(TRC_PV_PAGE_FAULT, 1, sizeof(d), &d); + } + else + { + struct __packed { + unsigned long eip, addr; + u32 error_code; + } d; + unsigned event; + + d.eip = eip; + d.addr = addr; + d.error_code = error_code; + event = TRC_PV_PAGE_FAULT; + event |= TRC_64_FLAG; + __trace_var(event, 1, sizeof(d), &d); + } +} + +void __trace_trap_one_addr(unsigned event, unsigned long va) +{ + if ( is_pv_32bit_vcpu(current) ) + { + u32 d = va; + __trace_var(event, 1, sizeof(d), &d); + } + else + { + event |= TRC_64_FLAG; + __trace_var(event, 1, sizeof(va), &va); + } +} + +void __trace_trap_two_addr(unsigned event, unsigned long va1, + unsigned long va2) +{ + if ( is_pv_32bit_vcpu(current) ) + { + struct __packed { + u32 va1, va2; + } d; + d.va1=va1; + d.va2=va2; + __trace_var(event, 1, sizeof(d), &d); + } + else + { + struct __packed { + unsigned long va1, va2; + } d; + d.va1=va1; + d.va2=va2; + event |= TRC_64_FLAG; + __trace_var(event, 1, sizeof(d), &d); + } +} + +void __trace_ptwr_emulation(unsigned long addr, l1_pgentry_t npte) +{ + unsigned long eip = guest_cpu_user_regs()->rip; + + /* We have a couple of different modes to worry about: + * - 32-on-32: 32-bit pte, 32-bit virtual addresses + * - pae-on-pae, pae-on-64: 64-bit pte, 32-bit virtual addresses + * - 64-on-64: 64-bit pte, 64-bit virtual addresses + * pae-on-64 is the only one that requires extra code; in all other + * cases, "unsigned long" is the size of a guest virtual address. + */ + + if ( is_pv_32bit_vcpu(current) ) + { + struct __packed { + l1_pgentry_t pte; + u32 addr, eip; + } d; + d.addr = addr; + d.eip = eip; + d.pte = npte; + + __trace_var(TRC_PV_PTWR_EMULATION_PAE, 1, sizeof(d), &d); + } + else + { + struct { + l1_pgentry_t pte; + unsigned long addr, eip; + } d; + unsigned event; + + d.addr = addr; + d.eip = eip; + d.pte = npte; + + event = TRC_PV_PTWR_EMULATION; + event |= TRC_64_FLAG; + __trace_var(event, 1/*tsc*/, sizeof(d), &d); + } +} diff --git a/xen/arch/x86/pv/traps.c b/xen/arch/x86/pv/traps.c index 7439b76df8..764773c021 100644 --- a/xen/arch/x86/pv/traps.c +++ b/xen/arch/x86/pv/traps.c @@ -22,10 +22,10 @@ #include #include #include -#include #include #include +#include #include #include #include diff --git a/xen/arch/x86/trace.c b/xen/arch/x86/trace.c deleted file mode 100644 index 4a953c5b2f..0000000000 --- a/xen/arch/x86/trace.c +++ /dev/null @@ -1,159 +0,0 @@ -#include -#include -#include -#include -#include -#include - -void __trace_pv_trap(int trapnr, unsigned long eip, - int use_error_code, unsigned error_code) -{ - if ( is_pv_32bit_vcpu(current) ) - { - struct __packed { - unsigned eip:32, - trapnr:15, - use_error_code:1, - error_code:16; - } d; - - d.eip = eip; - d.trapnr = trapnr; - d.error_code = error_code; - d.use_error_code=!!use_error_code; - - __trace_var(TRC_PV_TRAP, 1, sizeof(d), &d); - } - else - { - struct __packed { - unsigned long eip; - unsigned trapnr:15, - use_error_code:1, - error_code:16; - } d; - unsigned event; - - d.eip = eip; - d.trapnr = trapnr; - d.error_code = error_code; - d.use_error_code=!!use_error_code; - - event = TRC_PV_TRAP; - event |= TRC_64_FLAG; - __trace_var(event, 1, sizeof(d), &d); - } -} - -void __trace_pv_page_fault(unsigned long addr, unsigned error_code) -{ - unsigned long eip = guest_cpu_user_regs()->rip; - - if ( is_pv_32bit_vcpu(current) ) - { - struct __packed { - u32 eip, addr, error_code; - } d; - - d.eip = eip; - d.addr = addr; - d.error_code = error_code; - - __trace_var(TRC_PV_PAGE_FAULT, 1, sizeof(d), &d); - } - else - { - struct __packed { - unsigned long eip, addr; - u32 error_code; - } d; - unsigned event; - - d.eip = eip; - d.addr = addr; - d.error_code = error_code; - event = TRC_PV_PAGE_FAULT; - event |= TRC_64_FLAG; - __trace_var(event, 1, sizeof(d), &d); - } -} - -void __trace_trap_one_addr(unsigned event, unsigned long va) -{ - if ( is_pv_32bit_vcpu(current) ) - { - u32 d = va; - __trace_var(event, 1, sizeof(d), &d); - } - else - { - event |= TRC_64_FLAG; - __trace_var(event, 1, sizeof(va), &va); - } -} - -void __trace_trap_two_addr(unsigned event, unsigned long va1, - unsigned long va2) -{ - if ( is_pv_32bit_vcpu(current) ) - { - struct __packed { - u32 va1, va2; - } d; - d.va1=va1; - d.va2=va2; - __trace_var(event, 1, sizeof(d), &d); - } - else - { - struct __packed { - unsigned long va1, va2; - } d; - d.va1=va1; - d.va2=va2; - event |= TRC_64_FLAG; - __trace_var(event, 1, sizeof(d), &d); - } -} - -void __trace_ptwr_emulation(unsigned long addr, l1_pgentry_t npte) -{ - unsigned long eip = guest_cpu_user_regs()->rip; - - /* We have a couple of different modes to worry about: - * - 32-on-32: 32-bit pte, 32-bit virtual addresses - * - pae-on-pae, pae-on-64: 64-bit pte, 32-bit virtual addresses - * - 64-on-64: 64-bit pte, 64-bit virtual addresses - * pae-on-64 is the only one that requires extra code; in all other - * cases, "unsigned long" is the size of a guest virtual address. - */ - - if ( is_pv_32bit_vcpu(current) ) - { - struct __packed { - l1_pgentry_t pte; - u32 addr, eip; - } d; - d.addr = addr; - d.eip = eip; - d.pte = npte; - - __trace_var(TRC_PV_PTWR_EMULATION_PAE, 1, sizeof(d), &d); - } - else - { - struct { - l1_pgentry_t pte; - unsigned long addr, eip; - } d; - unsigned event; - - d.addr = addr; - d.eip = eip; - d.pte = npte; - - event = TRC_PV_PTWR_EMULATION; - event |= TRC_64_FLAG; - __trace_var(event, 1/*tsc*/, sizeof(d), &d); - } -} diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index 4a0e498b4c..0cc1ee95cb 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -82,6 +82,7 @@ #include #include #include +#include #include /* @@ -1480,7 +1481,7 @@ static int fixup_page_fault(unsigned long addr, struct cpu_user_regs *regs) { int ret = paging_fault(addr, regs); - if ( ret == EXCRET_fault_fixed ) + if ( IS_ENABLED(CONFIG_PV) && ret == EXCRET_fault_fixed ) trace_trap_two_addr(TRC_PV_PAGING_FIXUP, regs->rip, addr); return ret; } diff --git a/xen/include/asm-x86/pv/trace.h b/xen/include/asm-x86/pv/trace.h new file mode 100644 index 0000000000..c616206eeb --- /dev/null +++ b/xen/include/asm-x86/pv/trace.h @@ -0,0 +1,48 @@ +#ifndef XEN_X86_PV_TRACE_H +#define XEN_X86_PV_TRACE_H + +#include + +#include + +void __trace_pv_trap(int trapnr, unsigned long eip, + int use_error_code, unsigned error_code); +static inline void trace_pv_trap(int trapnr, unsigned long eip, + int use_error_code, unsigned error_code) +{ + if ( unlikely(tb_init_done) ) + __trace_pv_trap(trapnr, eip, use_error_code, error_code); +} + +void __trace_pv_page_fault(unsigned long addr, unsigned error_code); +static inline void trace_pv_page_fault(unsigned long addr, + unsigned error_code) +{ + if ( unlikely(tb_init_done) ) + __trace_pv_page_fault(addr, error_code); +} + +void __trace_trap_one_addr(unsigned event, unsigned long va); +static inline void trace_trap_one_addr(unsigned event, unsigned long va) +{ + if ( unlikely(tb_init_done) ) + __trace_trap_one_addr(event, va); +} + +void __trace_trap_two_addr(unsigned event, unsigned long va1, + unsigned long va2); +static inline void trace_trap_two_addr(unsigned event, unsigned long va1, + unsigned long va2) +{ + if ( unlikely(tb_init_done) ) + __trace_trap_two_addr(event, va1, va2); +} + +void __trace_ptwr_emulation(unsigned long addr, l1_pgentry_t npte); +static inline void trace_ptwr_emulation(unsigned long addr, l1_pgentry_t npte) +{ + if ( unlikely(tb_init_done) ) + __trace_ptwr_emulation(addr, npte); +} + +#endif /* XEN_X86_PV_TRACE_H */ diff --git a/xen/include/asm-x86/trace.h b/xen/include/asm-x86/trace.h index e65b5de6ee..edef1bb099 100644 --- a/xen/include/asm-x86/trace.h +++ b/xen/include/asm-x86/trace.h @@ -1,46 +1,4 @@ #ifndef __ASM_TRACE_H__ #define __ASM_TRACE_H__ -#include - -void __trace_pv_trap(int trapnr, unsigned long eip, - int use_error_code, unsigned error_code); -static inline void trace_pv_trap(int trapnr, unsigned long eip, - int use_error_code, unsigned error_code) -{ - if ( unlikely(tb_init_done) ) - __trace_pv_trap(trapnr, eip, use_error_code, error_code); -} - -void __trace_pv_page_fault(unsigned long addr, unsigned error_code); -static inline void trace_pv_page_fault(unsigned long addr, - unsigned error_code) -{ - if ( unlikely(tb_init_done) ) - __trace_pv_page_fault(addr, error_code); -} - -void __trace_trap_one_addr(unsigned event, unsigned long va); -static inline void trace_trap_one_addr(unsigned event, unsigned long va) -{ - if ( unlikely(tb_init_done) ) - __trace_trap_one_addr(event, va); -} - -void __trace_trap_two_addr(unsigned event, unsigned long va1, - unsigned long va2); -static inline void trace_trap_two_addr(unsigned event, unsigned long va1, - unsigned long va2) -{ - if ( unlikely(tb_init_done) ) - __trace_trap_two_addr(event, va1, va2); -} - -void __trace_ptwr_emulation(unsigned long addr, l1_pgentry_t npte); -static inline void trace_ptwr_emulation(unsigned long addr, l1_pgentry_t npte) -{ - if ( unlikely(tb_init_done) ) - __trace_ptwr_emulation(addr, npte); -} - #endif /* __ASM_TRACE_H__ */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Sep 21 18:55:36 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 21 Sep 2021 18:55:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.191874.342012 (Exim 4.92) (envelope-from ) id 1mSkvX-0004DW-Vf; Tue, 21 Sep 2021 18:55:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 191874.342012; Tue, 21 Sep 2021 18:55:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mSkvX-0004DQ-Sr; Tue, 21 Sep 2021 18:55:35 +0000 Received: by outflank-mailman (input) for mailman id 191874; Tue, 21 Sep 2021 18:55:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mSkvW-0004Cx-P5 for xen-changelog@lists.xenproject.org; Tue, 21 Sep 2021 18:55:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mSkvW-0005gq-OA for xen-changelog@lists.xenproject.org; Tue, 21 Sep 2021 18:55:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mSkvW-0001Bx-N0 for xen-changelog@lists.xenproject.org; Tue, 21 Sep 2021 18:55:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=bx3Q2esWgJEcjNyaNX+k2DJKKQXlnC/7vZRcqLU1eug=; b=bbTjRW2JgCxh+dNDNoiv51YLNY 15rms/hF3KLIVgKyWhQgydazTMwBnpVdvbF89rrxyRULZZXhJVU7gP9ReZkzekSpymJVuc73PigbD WIuLfCeTf5jw1Uu98UyGT/HthVCJ9HVarwNNyhwvghDqy1c2rmPWZjDeA8eU3kZ+wq6I=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/trace: Clean up trace handling Message-Id: Date: Tue, 21 Sep 2021 18:55:34 +0000 commit 4e467d390eaf6736377766adae0166711866fac3 Author: Andrew Cooper AuthorDate: Mon Sep 20 14:30:49 2021 +0100 Commit: Andrew Cooper CommitDate: Tue Sep 21 19:41:12 2021 +0100 x86/trace: Clean up trace handling Use more appropriate types. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/irq.c | 4 +- xen/arch/x86/mm/p2m-pt.c | 6 +- xen/arch/x86/mm/shadow/multi.c | 2 +- xen/arch/x86/pv/trace.c | 159 +++++++++++++++++++---------------------- 4 files changed, 78 insertions(+), 93 deletions(-) diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c index a1693f92dd..67cbf6b979 100644 --- a/xen/arch/x86/irq.c +++ b/xen/arch/x86/irq.c @@ -130,8 +130,8 @@ static void _trace_irq_mask(uint32_t event, int irq, int vector, const cpumask_t *mask) { struct { - unsigned int irq:16, vec:16; - unsigned int mask[6]; + uint16_t irq, vec; + uint32_t mask[6]; } d = { .irq = irq, .vec = vector, diff --git a/xen/arch/x86/mm/p2m-pt.c b/xen/arch/x86/mm/p2m-pt.c index 5a0c0f5ace..09c99d78aa 100644 --- a/xen/arch/x86/mm/p2m-pt.c +++ b/xen/arch/x86/mm/p2m-pt.c @@ -609,9 +609,9 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, if ( tb_init_done ) { struct { - u64 gfn, mfn; - int p2mt; - int d:16,order:16; + uint64_t gfn, mfn; + uint32_t p2mt; + uint16_t d, order; } t; t.gfn = gfn; diff --git a/xen/arch/x86/mm/shadow/multi.c b/xen/arch/x86/mm/shadow/multi.c index 8bb028c2e2..15265fc81d 100644 --- a/xen/arch/x86/mm/shadow/multi.c +++ b/xen/arch/x86/mm/shadow/multi.c @@ -2118,7 +2118,7 @@ static inline void trace_shadow_emulate(guest_l1e_t gl1e, unsigned long va) so put it first for alignment sake. */ guest_l1e_t gl1e, write_val; guest_va_t va; - unsigned flags:29, emulation_count:3; + uint32_t flags:29, emulation_count:3; } d; u32 event; diff --git a/xen/arch/x86/pv/trace.c b/xen/arch/x86/pv/trace.c index 550c22765b..cf3897061e 100644 --- a/xen/arch/x86/pv/trace.c +++ b/xen/arch/x86/pv/trace.c @@ -7,38 +7,35 @@ void __trace_pv_trap(int trapnr, unsigned long eip, { if ( is_pv_32bit_vcpu(current) ) { - struct __packed { - unsigned eip:32, - trapnr:15, - use_error_code:1, - error_code:16; - } d; - - d.eip = eip; - d.trapnr = trapnr; - d.error_code = error_code; - d.use_error_code=!!use_error_code; + struct { + uint32_t eip; + uint16_t trapnr:15; + bool use_error_code:1; + uint16_t error_code; + } d = { + .eip = eip, + .trapnr = trapnr, + .use_error_code = use_error_code, + .error_code = error_code, + }; __trace_var(TRC_PV_TRAP, 1, sizeof(d), &d); } else { struct __packed { - unsigned long eip; - unsigned trapnr:15, - use_error_code:1, - error_code:16; - } d; - unsigned event; - - d.eip = eip; - d.trapnr = trapnr; - d.error_code = error_code; - d.use_error_code=!!use_error_code; - - event = TRC_PV_TRAP; - event |= TRC_64_FLAG; - __trace_var(event, 1, sizeof(d), &d); + uint64_t rip; + uint16_t trapnr:15; + bool use_error_code:1; + uint16_t error_code; + } d = { + .rip = eip, + .trapnr = trapnr, + .use_error_code = use_error_code, + .error_code = error_code, + }; + + __trace_var(TRC_PV_TRAP | TRC_64_FLAG, 1, sizeof(d), &d); } } @@ -48,30 +45,28 @@ void __trace_pv_page_fault(unsigned long addr, unsigned error_code) if ( is_pv_32bit_vcpu(current) ) { - struct __packed { - u32 eip, addr, error_code; - } d; - - d.eip = eip; - d.addr = addr; - d.error_code = error_code; + struct { + uint32_t eip, addr, error_code; + } d = { + .eip = eip, + .addr = addr, + .error_code = error_code, + }; __trace_var(TRC_PV_PAGE_FAULT, 1, sizeof(d), &d); } else { struct __packed { - unsigned long eip, addr; - u32 error_code; - } d; - unsigned event; - - d.eip = eip; - d.addr = addr; - d.error_code = error_code; - event = TRC_PV_PAGE_FAULT; - event |= TRC_64_FLAG; - __trace_var(event, 1, sizeof(d), &d); + uint64_t rip, addr; + uint32_t error_code; + } d = { + .rip = eip, + .addr = addr, + .error_code = error_code, + }; + + __trace_var(TRC_PV_PAGE_FAULT | TRC_64_FLAG, 1, sizeof(d), &d); } } @@ -83,10 +78,7 @@ void __trace_trap_one_addr(unsigned event, unsigned long va) __trace_var(event, 1, sizeof(d), &d); } else - { - event |= TRC_64_FLAG; - __trace_var(event, 1, sizeof(va), &va); - } + __trace_var(event | TRC_64_FLAG, 1, sizeof(va), &va); } void __trace_trap_two_addr(unsigned event, unsigned long va1, @@ -94,22 +86,25 @@ void __trace_trap_two_addr(unsigned event, unsigned long va1, { if ( is_pv_32bit_vcpu(current) ) { - struct __packed { - u32 va1, va2; - } d; - d.va1=va1; - d.va2=va2; + struct { + uint32_t va1, va2; + } d = { + .va1 = va1, + .va2 = va2, + }; + __trace_var(event, 1, sizeof(d), &d); } else { - struct __packed { - unsigned long va1, va2; - } d; - d.va1=va1; - d.va2=va2; - event |= TRC_64_FLAG; - __trace_var(event, 1, sizeof(d), &d); + struct { + uint64_t va1, va2; + } d = { + .va1 = va1, + .va2 = va2, + }; + + __trace_var(event | TRC_64_FLAG, 1, sizeof(d), &d); } } @@ -117,40 +112,30 @@ void __trace_ptwr_emulation(unsigned long addr, l1_pgentry_t npte) { unsigned long eip = guest_cpu_user_regs()->rip; - /* We have a couple of different modes to worry about: - * - 32-on-32: 32-bit pte, 32-bit virtual addresses - * - pae-on-pae, pae-on-64: 64-bit pte, 32-bit virtual addresses - * - 64-on-64: 64-bit pte, 64-bit virtual addresses - * pae-on-64 is the only one that requires extra code; in all other - * cases, "unsigned long" is the size of a guest virtual address. - */ - if ( is_pv_32bit_vcpu(current) ) { - struct __packed { - l1_pgentry_t pte; - u32 addr, eip; - } d; - d.addr = addr; - d.eip = eip; - d.pte = npte; + struct { + uint64_t pte; + uint32_t addr, eip; + } d = { + .pte = l1e_get_intpte(npte), + .addr = addr, + .eip = eip, + }; __trace_var(TRC_PV_PTWR_EMULATION_PAE, 1, sizeof(d), &d); } else { struct { - l1_pgentry_t pte; - unsigned long addr, eip; - } d; - unsigned event; - - d.addr = addr; - d.eip = eip; - d.pte = npte; - - event = TRC_PV_PTWR_EMULATION; - event |= TRC_64_FLAG; - __trace_var(event, 1/*tsc*/, sizeof(d), &d); + uint64_t pte; + uint64_t addr, rip; + } d = { + .pte = l1e_get_intpte(npte), + .addr = addr, + .rip = eip, + }; + + __trace_var(TRC_PV_PTWR_EMULATION | TRC_64_FLAG, 1, sizeof(d), &d); } } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Sep 22 14:22:11 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 22 Sep 2021 14:22:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.192830.343486 (Exim 4.92) (envelope-from ) id 1mT38P-0006QU-BC; Wed, 22 Sep 2021 14:22:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 192830.343486; Wed, 22 Sep 2021 14:22:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mT38P-0006QM-83; Wed, 22 Sep 2021 14:22:05 +0000 Received: by outflank-mailman (input) for mailman id 192830; Wed, 22 Sep 2021 14:22:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mT38O-0006QG-LK for xen-changelog@lists.xenproject.org; Wed, 22 Sep 2021 14:22:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mT38O-0000ko-Je for xen-changelog@lists.xenproject.org; Wed, 22 Sep 2021 14:22:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mT38O-0004Tb-Ig for xen-changelog@lists.xenproject.org; Wed, 22 Sep 2021 14:22:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=RuYXmWGhhHDqwv+lE+7kqm2e+24jYv6LBMSGH4yNbzM=; b=WFyl0HNsPLTGdaBNjr/pEYxjk2 zdPNuC32MvH2f1d4dqe02v1ulaefDJsWUHISpLphC5KKvHAHm0xMVlvYY7OZiBPmKEqT5U0IZNtkJ RCN0rWTA5Caz2ZQSubkutk5A/0vmPN5o4ZfGSA0/L0WjAVnv5hw4vj/YAWqdDfJc17nY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] AMD/IOMMU: check / convert IVMD ranges for being / to be reserved Message-Id: Date: Wed, 22 Sep 2021 14:22:04 +0000 commit ed6c77ebf0c1f865b45596c3e793fe87160251a6 Author: Jan Beulich AuthorDate: Wed Sep 22 16:14:19 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 22 16:14:19 2021 +0200 AMD/IOMMU: check / convert IVMD ranges for being / to be reserved While the specification doesn't say so, just like for VT-d's RMRRs no good can come from these ranges being e.g. conventional RAM or entirely unmarked and hence usable for placing e.g. PCI device BARs. Check whether they are, and put in some limited effort to convert to reserved. (More advanced logic can be added if actual problems are found with this simplistic variant.) Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant --- xen/drivers/passthrough/amd/iommu_acpi.c | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c b/xen/drivers/passthrough/amd/iommu_acpi.c index 2fdebd2d74..bc3c946fe5 100644 --- a/xen/drivers/passthrough/amd/iommu_acpi.c +++ b/xen/drivers/passthrough/amd/iommu_acpi.c @@ -384,6 +384,38 @@ static int __init parse_ivmd_block(const struct acpi_ivrs_memory *ivmd_block) AMD_IOMMU_DEBUG("IVMD Block: type %#x phys %#lx len %#lx\n", ivmd_block->header.type, start_addr, mem_length); + if ( !e820_all_mapped(base, limit + PAGE_SIZE, E820_RESERVED) ) + { + paddr_t addr; + + AMD_IOMMU_DEBUG("IVMD: [%lx,%lx) is not (entirely) in reserved memory\n", + base, limit + PAGE_SIZE); + + for ( addr = base; addr <= limit; addr += PAGE_SIZE ) + { + unsigned int type = page_get_ram_type(maddr_to_mfn(addr)); + + if ( type == RAM_TYPE_UNKNOWN ) + { + if ( e820_add_range(&e820, addr, addr + PAGE_SIZE, + E820_RESERVED) ) + continue; + AMD_IOMMU_DEBUG("IVMD Error: Page at %lx couldn't be reserved\n", + addr); + return -EIO; + } + + /* Types which won't be handed out are considered good enough. */ + if ( !(type & (RAM_TYPE_RESERVED | RAM_TYPE_ACPI | + RAM_TYPE_UNUSABLE)) ) + continue; + + AMD_IOMMU_DEBUG("IVMD Error: Page at %lx can't be converted\n", + addr); + return -EIO; + } + } + if ( ivmd_block->header.flags & ACPI_IVMD_EXCLUSION_RANGE ) exclusion = true; else if ( ivmd_block->header.flags & ACPI_IVMD_UNITY ) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Sep 22 14:22:15 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 22 Sep 2021 14:22:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.192831.343490 (Exim 4.92) (envelope-from ) id 1mT38Z-0006SP-CT; Wed, 22 Sep 2021 14:22:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 192831.343490; Wed, 22 Sep 2021 14:22:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mT38Z-0006SH-9U; Wed, 22 Sep 2021 14:22:15 +0000 Received: by outflank-mailman (input) for mailman id 192831; Wed, 22 Sep 2021 14:22:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mT38Y-0006S4-Nf for xen-changelog@lists.xenproject.org; Wed, 22 Sep 2021 14:22:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mT38Y-0000ks-Ms for xen-changelog@lists.xenproject.org; Wed, 22 Sep 2021 14:22:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mT38Y-0004Ue-Lt for xen-changelog@lists.xenproject.org; Wed, 22 Sep 2021 14:22:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=EF1k/UZavqvDU7fLKC0IzFyMutcN+M4w8zEBH94Ea8w=; b=2jHtDOfUMn91cE3AMSvZXT/DTR yucBuzIRNXG5GRpKv90hMlSbMPrCwmPk3xwyQ0vB1HbTEJG3GG5mjlo3R6iavxTXjy3jnjG92Rx6t a3QxC8BH4QeCTiO3A+BlDW3fVuAjvGJEhguZSx928hi++nHKN7yIO6Gpxu2HRhFUDFDM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] AMD/IOMMU: also insert IVMD ranges into Dom0's page tables Message-Id: Date: Wed, 22 Sep 2021 14:22:14 +0000 commit a0fe9a1e8c1f28ac528625bd3be99e14a74253ee Author: Jan Beulich AuthorDate: Wed Sep 22 16:15:29 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 22 16:15:29 2021 +0200 AMD/IOMMU: also insert IVMD ranges into Dom0's page tables So far only one region would be taken care of, if it can be placed in the exclusion range registers of the IOMMU. Take care of further ranges as well. Seeing that we've been doing fine without this, make both insertion and removal best effort only. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant --- xen/drivers/passthrough/amd/pci_amd_iommu.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 819b5a6cc3..d2678b365a 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -513,6 +513,14 @@ static int amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) amd_iommu_flush_device(iommu, bdf); } + if ( amd_iommu_reserve_domain_unity_map( + pdev->domain, + ivrs_mappings[ivrs_mappings[bdf].dte_requestor_id].unity_map, + 0) ) + AMD_IOMMU_DEBUG("%pd: unity mapping failed for %04x:%02x:%02x.%u\n", + pdev->domain, pdev->seg, pdev->bus, PCI_SLOT(devfn), + PCI_FUNC(devfn)); + return amd_iommu_setup_domain_device(pdev->domain, iommu, devfn, pdev); } @@ -538,6 +546,14 @@ static int amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) ivrs_mappings = get_ivrs_mappings(pdev->seg); bdf = PCI_BDF2(pdev->bus, devfn); + + if ( amd_iommu_reserve_domain_unity_unmap( + pdev->domain, + ivrs_mappings[ivrs_mappings[bdf].dte_requestor_id].unity_map) ) + AMD_IOMMU_DEBUG("%pd: unity unmapping failed for %04x:%02x:%02x.%u\n", + pdev->domain, pdev->seg, pdev->bus, PCI_SLOT(devfn), + PCI_FUNC(devfn)); + if ( amd_iommu_perdev_intremap && ivrs_mappings[bdf].dte_requestor_id == bdf && ivrs_mappings[bdf].intremap_table ) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Sep 22 14:22:26 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 22 Sep 2021 14:22:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.192832.343494 (Exim 4.92) (envelope-from ) id 1mT38k-0006W1-E2; Wed, 22 Sep 2021 14:22:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 192832.343494; Wed, 22 Sep 2021 14:22:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mT38k-0006Vt-BC; Wed, 22 Sep 2021 14:22:26 +0000 Received: by outflank-mailman (input) for mailman id 192832; Wed, 22 Sep 2021 14:22:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mT38i-0006Vg-RD for xen-changelog@lists.xenproject.org; Wed, 22 Sep 2021 14:22:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mT38i-0000lA-QE for xen-changelog@lists.xenproject.org; Wed, 22 Sep 2021 14:22:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mT38i-0004VW-PH for xen-changelog@lists.xenproject.org; Wed, 22 Sep 2021 14:22:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=cNorky7QyucaLcPA9KkCgPiLgCX81vgDK1ufB6X89oI=; b=ie8y1768FXJt0zOHRdWZ5sazFE NAMfItzbvBpUj7n5k6SToj08LQQNsfbi1QB1VK4MkL9QvgE5zYMOzuSixY6FA4/ai8IYQWjVIJo55 80a0pMg6AQ9b5hPfHIVA1YDLW8Emq9uBB8UBw12I9ALRyoJ80olQN/letbTvvQ0/tx54=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] AMD/IOMMU: provide function backing XENMEM_reserved_device_memory_map Message-Id: Date: Wed, 22 Sep 2021 14:22:24 +0000 commit 2209c36007ec209ab1189ac0bfd5144a2db80090 Author: Jan Beulich AuthorDate: Wed Sep 22 16:16:28 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 22 16:16:28 2021 +0200 AMD/IOMMU: provide function backing XENMEM_reserved_device_memory_map Just like for VT-d, exclusion / unity map ranges would better be reflected in e.g. the guest's E820 map. The reporting infrastructure was put in place still pretty tailored to VT-d's needs; extend get_reserved_device_memory() to allow vendor specific code to probe whether a particular (seg,bus,dev,func) tuple would get its data actually recorded. I admit the de-duplication of entries is quite limited for now, but considering our trouble to find a system surfacing _any_ IVMD this is likely not a critical issue for this initial implementation. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant --- xen/common/memory.c | 3 ++ xen/drivers/passthrough/amd/iommu.h | 2 + xen/drivers/passthrough/amd/iommu_acpi.c | 20 +++++--- xen/drivers/passthrough/amd/iommu_map.c | 75 +++++++++++++++++++++++++++++ xen/drivers/passthrough/amd/pci_amd_iommu.c | 1 + 5 files changed, 95 insertions(+), 6 deletions(-) diff --git a/xen/common/memory.c b/xen/common/memory.c index 63642278fd..f333c994c8 100644 --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -1042,6 +1042,9 @@ static int get_reserved_device_memory(xen_pfn_t start, xen_ulong_t nr, if ( !(grdm->map.flags & XENMEM_RDM_ALL) && (sbdf != id) ) return 0; + if ( !nr ) + return 1; + if ( grdm->used_entries < grdm->map.nr_entries ) { struct xen_reserved_device_memory rdm = { diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index 721d0c395b..b0e6322906 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -110,6 +110,7 @@ struct amd_iommu { struct ivrs_unity_map { bool read:1; bool write:1; + bool global:1; paddr_t addr; unsigned long length; struct ivrs_unity_map *next; @@ -236,6 +237,7 @@ int amd_iommu_reserve_domain_unity_map(struct domain *domain, unsigned int flag); int amd_iommu_reserve_domain_unity_unmap(struct domain *d, const struct ivrs_unity_map *map); +int amd_iommu_get_reserved_device_memory(iommu_grdm_t *func, void *ctxt); int __must_check amd_iommu_flush_iotlb_pages(struct domain *d, dfn_t dfn, unsigned long page_count, unsigned int flush_flags); diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c b/xen/drivers/passthrough/amd/iommu_acpi.c index bc3c946fe5..0860b23c88 100644 --- a/xen/drivers/passthrough/amd/iommu_acpi.c +++ b/xen/drivers/passthrough/amd/iommu_acpi.c @@ -143,7 +143,7 @@ static int __init reserve_iommu_exclusion_range( static int __init reserve_unity_map_for_device( uint16_t seg, uint16_t bdf, unsigned long base, - unsigned long length, bool iw, bool ir) + unsigned long length, bool iw, bool ir, bool global) { struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(seg); struct ivrs_unity_map *unity_map = ivrs_mappings[bdf].unity_map; @@ -162,7 +162,11 @@ static int __init reserve_unity_map_for_device( */ if ( base == unity_map->addr && length == unity_map->length && ir == unity_map->read && iw == unity_map->write ) + { + if ( global ) + unity_map->global = true; return 0; + } if ( unity_map->addr + unity_map->length > base && base + length > unity_map->addr ) @@ -181,6 +185,7 @@ static int __init reserve_unity_map_for_device( unity_map->read = ir; unity_map->write = iw; + unity_map->global = global; unity_map->addr = base; unity_map->length = length; unity_map->next = ivrs_mappings[bdf].unity_map; @@ -220,7 +225,8 @@ static int __init register_range_for_all_devices( /* reserve r/w unity-mapped page entries for devices */ for ( bdf = rc = 0; !rc && bdf < ivrs_bdf_entries; bdf++ ) - rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir); + rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir, + true); } return rc; @@ -253,8 +259,10 @@ static int __init register_range_for_device( paddr_t length = limit + PAGE_SIZE - base; /* reserve unity-mapped page entries for device */ - rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir) ?: - reserve_unity_map_for_device(seg, req, base, length, iw, ir); + rc = reserve_unity_map_for_device(seg, bdf, base, length, iw, ir, + false) ?: + reserve_unity_map_for_device(seg, req, base, length, iw, ir, + false); } else { @@ -290,9 +298,9 @@ static int __init register_range_for_iommu_devices( req = get_ivrs_mappings(iommu->seg)[bdf].dte_requestor_id; rc = reserve_unity_map_for_device(iommu->seg, bdf, base, length, - iw, ir) ?: + iw, ir, false) ?: reserve_unity_map_for_device(iommu->seg, req, base, length, - iw, ir); + iw, ir, false); } return rc; diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 10fda5519c..93501ee2c5 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -462,6 +462,81 @@ int amd_iommu_reserve_domain_unity_unmap(struct domain *d, return rc; } +int amd_iommu_get_reserved_device_memory(iommu_grdm_t *func, void *ctxt) +{ + unsigned int seg = 0 /* XXX */, bdf; + const struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(seg); + /* At least for global entries, avoid reporting them multiple times. */ + enum { pending, processing, done } global = pending; + + for ( bdf = 0; bdf < ivrs_bdf_entries; ++bdf ) + { + pci_sbdf_t sbdf = PCI_SBDF2(seg, bdf); + const struct ivrs_unity_map *um = ivrs_mappings[bdf].unity_map; + unsigned int req = ivrs_mappings[bdf].dte_requestor_id; + const struct amd_iommu *iommu = ivrs_mappings[bdf].iommu; + int rc; + + if ( !iommu ) + { + /* May need to trigger the workaround in find_iommu_for_device(). */ + const struct pci_dev *pdev; + + pcidevs_lock(); + pdev = pci_get_pdev(seg, sbdf.bus, sbdf.devfn); + pcidevs_unlock(); + + if ( pdev ) + iommu = find_iommu_for_device(seg, bdf); + if ( !iommu ) + continue; + } + + if ( func(0, 0, sbdf.sbdf, ctxt) ) + { + /* + * When the caller processes a XENMEM_RDM_ALL request, don't report + * multiple times the same range(s) for perhaps many devices with + * the same alias ID. + */ + if ( bdf != req && ivrs_mappings[req].iommu && + func(0, 0, PCI_SBDF2(seg, req).sbdf, ctxt) ) + continue; + + if ( global == pending ) + global = processing; + } + + if ( iommu->exclusion_enable && + (iommu->exclusion_allow_all ? + global == processing : + ivrs_mappings[bdf].dte_allow_exclusion) ) + { + rc = func(PFN_DOWN(iommu->exclusion_base), + PFN_UP(iommu->exclusion_limit | 1) - + PFN_DOWN(iommu->exclusion_base), sbdf.sbdf, ctxt); + if ( unlikely(rc < 0) ) + return rc; + } + + for ( ; um; um = um->next ) + { + if ( um->global && global != processing ) + continue; + + rc = func(PFN_DOWN(um->addr), PFN_DOWN(um->length), + sbdf.sbdf, ctxt); + if ( unlikely(rc < 0) ) + return rc; + } + + if ( global == processing ) + global = done; + } + + return 0; +} + int __init amd_iommu_quarantine_init(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index d2678b365a..86e4864e5d 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -652,6 +652,7 @@ static const struct iommu_ops __initconstrel _iommu_ops = { .suspend = amd_iommu_suspend, .resume = amd_iommu_resume, .crash_shutdown = amd_iommu_crash_shutdown, + .get_reserved_device_memory = amd_iommu_get_reserved_device_memory, .dump_page_tables = amd_dump_page_tables, }; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Sep 22 14:22:36 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 22 Sep 2021 14:22:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.192833.343498 (Exim 4.92) (envelope-from ) id 1mT38u-0006Yj-Fg; Wed, 22 Sep 2021 14:22:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 192833.343498; Wed, 22 Sep 2021 14:22:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mT38u-0006Yb-Cs; Wed, 22 Sep 2021 14:22:36 +0000 Received: by outflank-mailman (input) for mailman id 192833; Wed, 22 Sep 2021 14:22:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mT38s-0006YK-VN for xen-changelog@lists.xenproject.org; Wed, 22 Sep 2021 14:22:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mT38s-0000lL-UR for xen-changelog@lists.xenproject.org; Wed, 22 Sep 2021 14:22:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mT38s-0004WN-Sv for xen-changelog@lists.xenproject.org; Wed, 22 Sep 2021 14:22:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=mAEaraU7oMETPrtVCPe5piohivWPZfzM5vLy5zh5Cu4=; b=hbrDP2OzBUPlanFZ2XN+nk3SqY w+7/QbCDu/yds+F1JeW2Lx6CdCwHsqSm7zX6T9JAabpb2kVcL0yeC1FEW961fVQUINIxEf45jR6YY C+tlBWb+es+XVX/3rD/xjvjav3ZxbGCX65dxurJiuuP/9+VAStbu3en81Hc5DQ9DmY3Q=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] AMD/IOMMU: add "ivmd=" command line option Message-Id: Date: Wed, 22 Sep 2021 14:22:34 +0000 commit c7146535d1b230d4ab0b4ad2a06327e0208ad8b9 Author: Jan Beulich AuthorDate: Wed Sep 22 16:17:04 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 22 16:17:04 2021 +0200 AMD/IOMMU: add "ivmd=" command line option Just like VT-d's "rmrr=" it can be used to cover for firmware omissions. Since systems surfacing IVMDs seem to be rare, it is also meant to allow testing of the involved code. Only the IVMD flavors actually understood by the IVMD parsing logic can be generated, and for this initial implementation there's also no way to control the flags field - unity r/w mappings are assumed. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant --- docs/misc/xen-command-line.pandoc | 29 ++++++++++- xen/drivers/passthrough/amd/iommu_acpi.c | 88 +++++++++++++++++++++++++++++++- 2 files changed, 114 insertions(+), 3 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index b175645fde..177e656f12 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -836,12 +836,12 @@ Controls for the dom0 IOMMU setup. Typically, some devices in a system use bits of RAM for communication, and these areas should be listed as reserved in the E820 table and identified - via RMRR or IVMD entries in the APCI tables, so Xen can ensure that they + via RMRR or IVMD entries in the ACPI tables, so Xen can ensure that they are identity-mapped in the IOMMU. However, some firmware makes mistakes, and this option is a coarse-grain workaround for those errors. Where possible, finer grain corrections should be made with the `rmrr=`, - `ivrs_hpet=` or `ivrs_ioapic=` command line options. + `ivmd=`, `ivrs_hpet[]=`, or `ivrs_ioapic[]=` command line options. This option is disabled by default, and deprecated and intended for removal in future versions of Xen. If specifying `map-inclusive` is the @@ -1523,6 +1523,31 @@ _dom0-iommu=map-inclusive_ - using both options in combination is undefined.** > `= ` ### irq_vector_map (x86) + +### ivmd (x86) +> `= [-][=[-][,[-][,...]]][;...]` + +Define IVMD-like ranges that are missing from ACPI tables along with the +device(s) they belong to, and use them for 1:1 mapping. End addresses can be +omitted when exactly one page is meant. The ranges are inclusive when start +and end are specified. Note that only PCI segment 0 is supported at this time, +but it is fine to specify it explicitly. + +'start' and 'end' values are page numbers (not full physical addresses), +in hexadecimal format (can optionally be preceded by "0x"). + +Omitting the optional (range of) BDF spcifiers signals that the range is to +be applied to all devices. + +Usage example: If device 0:0:1d.0 requires one page (0xd5d45) to be +reserved, and devices 0:0:1a.0...0:0:1a.3 collectively require three pages +(0xd5d46 thru 0xd5d48) to be reserved, one usage would be: + +ivmd=d5d45=0:1d.0;0xd5d46-0xd5d48=0:1a.0-0:1a.3 + +Note: grub2 requires to escape or quote special characters, like ';' when +multiple ranges are specified - refer to the grub2 documentation. + ### ivrs_hpet[``] (AMD) > `=[:]:.` diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c b/xen/drivers/passthrough/amd/iommu_acpi.c index 0860b23c88..53f4b61d0d 100644 --- a/xen/drivers/passthrough/amd/iommu_acpi.c +++ b/xen/drivers/passthrough/amd/iommu_acpi.c @@ -1049,6 +1049,9 @@ static void __init dump_acpi_table_header(struct acpi_table_header *table) } +static struct acpi_ivrs_memory __initdata user_ivmds[8]; +static unsigned int __initdata nr_ivmd; + #define to_ivhd_block(hdr) \ container_of(hdr, const struct acpi_ivrs_hardware, header) #define to_ivmd_block(hdr) \ @@ -1072,7 +1075,7 @@ static int __init parse_ivrs_table(struct acpi_table_header *table) { const struct acpi_ivrs_header *ivrs_block; unsigned long length; - unsigned int apic; + unsigned int apic, i; bool_t sb_ioapic = !iommu_intremap; int error = 0; @@ -1107,6 +1110,12 @@ static int __init parse_ivrs_table(struct acpi_table_header *table) length += ivrs_block->length; } + /* Add command line specified IVMD-equivalents. */ + if ( nr_ivmd ) + AMD_IOMMU_DEBUG("IVMD: %u command line provided entries\n", nr_ivmd); + for ( i = 0; !error && i < nr_ivmd; ++i ) + error = parse_ivmd_block(user_ivmds + i); + /* Each IO-APIC must have been mentioned in the table. */ for ( apic = 0; !error && iommu_intremap && apic < nr_ioapics; ++apic ) { @@ -1348,3 +1357,80 @@ int __init amd_iommu_get_supported_ivhd_type(void) { return acpi_table_parse(ACPI_SIG_IVRS, get_supported_ivhd_type); } + +/* + * Parse "ivmd" command line option to later add the parsed devices / regions + * into unity mapping lists, just like IVMDs parsed from ACPI. + * Format: + * ivmd=[-][=[-'][,[-'][,...]]][;...] + */ +static int __init parse_ivmd_param(const char *s) +{ + do { + unsigned long start, end; + const char *cur; + + if ( nr_ivmd >= ARRAY_SIZE(user_ivmds) ) + return -E2BIG; + + start = simple_strtoul(cur = s, &s, 16); + if ( cur == s ) + return -EINVAL; + + if ( *s == '-' ) + { + end = simple_strtoul(cur = s + 1, &s, 16); + if ( cur == s || end < start ) + return -EINVAL; + } + else + end = start; + + if ( *s != '=' ) + { + user_ivmds[nr_ivmd].start_address = start << PAGE_SHIFT; + user_ivmds[nr_ivmd].memory_length = (end - start + 1) << PAGE_SHIFT; + user_ivmds[nr_ivmd].header.flags = ACPI_IVMD_UNITY | + ACPI_IVMD_READ | ACPI_IVMD_WRITE; + user_ivmds[nr_ivmd].header.length = sizeof(*user_ivmds); + user_ivmds[nr_ivmd].header.type = ACPI_IVRS_TYPE_MEMORY_ALL; + ++nr_ivmd; + continue; + } + + do { + unsigned int seg, bus, dev, func; + + if ( nr_ivmd >= ARRAY_SIZE(user_ivmds) ) + return -E2BIG; + + s = parse_pci(s + 1, &seg, &bus, &dev, &func); + if ( !s || seg ) + return -EINVAL; + + user_ivmds[nr_ivmd].start_address = start << PAGE_SHIFT; + user_ivmds[nr_ivmd].memory_length = (end - start + 1) << PAGE_SHIFT; + user_ivmds[nr_ivmd].header.flags = ACPI_IVMD_UNITY | + ACPI_IVMD_READ | ACPI_IVMD_WRITE; + user_ivmds[nr_ivmd].header.length = sizeof(*user_ivmds); + user_ivmds[nr_ivmd].header.device_id = PCI_BDF(bus, dev, func); + user_ivmds[nr_ivmd].header.type = ACPI_IVRS_TYPE_MEMORY_ONE; + + if ( *s == '-' ) + { + s = parse_pci(s + 1, &seg, &bus, &dev, &func); + if ( !s || seg ) + return -EINVAL; + + user_ivmds[nr_ivmd].aux_data = PCI_BDF(bus, dev, func); + if ( user_ivmds[nr_ivmd].aux_data < + user_ivmds[nr_ivmd].header.device_id ) + return -EINVAL; + user_ivmds[nr_ivmd].header.type = ACPI_IVRS_TYPE_MEMORY_RANGE; + } + } while ( ++nr_ivmd, *s == ',' ); + } while ( *s++ == ';' ); + + return s[-1] ? -EINVAL : 0; +} +custom_param("ivmd", parse_ivmd_param); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Sep 22 14:22:46 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 22 Sep 2021 14:22:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.192834.343502 (Exim 4.92) (envelope-from ) id 1mT394-0006bR-HV; Wed, 22 Sep 2021 14:22:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 192834.343502; Wed, 22 Sep 2021 14:22:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mT394-0006bJ-ET; Wed, 22 Sep 2021 14:22:46 +0000 Received: by outflank-mailman (input) for mailman id 192834; Wed, 22 Sep 2021 14:22:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mT393-0006az-2B for xen-changelog@lists.xenproject.org; Wed, 22 Sep 2021 14:22:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mT393-0000lb-1I for xen-changelog@lists.xenproject.org; Wed, 22 Sep 2021 14:22:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mT393-0004XM-0R for xen-changelog@lists.xenproject.org; Wed, 22 Sep 2021 14:22:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=YjGaxuPh5CjOgSm3cJoHS82mHFRzWIacjVN8K7XJVhc=; b=x0faIyXJymOAW2ptqilVVgJ+aZ 4dDkfrcEdCv5wNtQOXYQ7utQI5XLkPeLbIPbbuDEVYaahKZqimLa8rQ2Q/aXOy8dVwt9BN0MMQ8Tw wX3O/jpjhUwDrYEjl+m/vUNlNnSTebM0vwPPquvwy5jQgwk2U8E0XOkScrDTvV5lA37A=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/mem_sharing: don't lock parent during fork reset Message-Id: Date: Wed, 22 Sep 2021 14:22:45 +0000 commit 01a8a51412343b8243403bbbaf0859db9a1edfab Author: Tamas K Lengyel AuthorDate: Wed Sep 22 16:17:54 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 22 16:17:54 2021 +0200 x86/mem_sharing: don't lock parent during fork reset During fork reset operation the parent domain doesn't need to be gathered using rcu_lock_live_remote_domain_by_id, the fork already has the parent pointer. Signed-off-by: Tamas K Lengyel Reviewed-by: Jan Beulich --- xen/arch/x86/mm/mem_sharing.c | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/xen/arch/x86/mm/mem_sharing.c b/xen/arch/x86/mm/mem_sharing.c index 8d5d44bdbc..74d2869c0e 100644 --- a/xen/arch/x86/mm/mem_sharing.c +++ b/xen/arch/x86/mm/mem_sharing.c @@ -1861,9 +1861,9 @@ static int fork(struct domain *cd, struct domain *d) done: if ( rc && rc != -ERESTART ) { + cd->parent = NULL; domain_unpause(d); put_domain(d); - cd->parent = NULL; } return rc; @@ -1879,9 +1879,10 @@ static int fork(struct domain *cd, struct domain *d) * footprints the hypercall continuation should be implemented (or if this * feature needs to be become "stable"). */ -static int mem_sharing_fork_reset(struct domain *d, struct domain *pd) +static int mem_sharing_fork_reset(struct domain *d) { int rc; + struct domain *pd = d->parent; struct p2m_domain *p2m = p2m_get_hostp2m(d); struct page_info *page, *tmp; @@ -2226,8 +2227,6 @@ int mem_sharing_memop(XEN_GUEST_HANDLE_PARAM(xen_mem_sharing_op_t) arg) case XENMEM_sharing_op_fork_reset: { - struct domain *pd; - rc = -EINVAL; if ( mso.u.fork.pad || mso.u.fork.flags ) goto out; @@ -2236,13 +2235,7 @@ int mem_sharing_memop(XEN_GUEST_HANDLE_PARAM(xen_mem_sharing_op_t) arg) if ( !d->parent ) goto out; - rc = rcu_lock_live_remote_domain_by_id(d->parent->domain_id, &pd); - if ( rc ) - goto out; - - rc = mem_sharing_fork_reset(d, pd); - - rcu_unlock_domain(pd); + rc = mem_sharing_fork_reset(d); break; } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Sep 22 14:22:56 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 22 Sep 2021 14:22:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.192836.343517 (Exim 4.92) (envelope-from ) id 1mT39E-0006ye-U0; Wed, 22 Sep 2021 14:22:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 192836.343517; Wed, 22 Sep 2021 14:22:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mT39E-0006yW-Qn; Wed, 22 Sep 2021 14:22:56 +0000 Received: by outflank-mailman (input) for mailman id 192836; Wed, 22 Sep 2021 14:22:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mT39D-0006wu-5N for xen-changelog@lists.xenproject.org; Wed, 22 Sep 2021 14:22:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mT39D-0000m5-4d for xen-changelog@lists.xenproject.org; Wed, 22 Sep 2021 14:22:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mT39D-0004Y9-3i for xen-changelog@lists.xenproject.org; Wed, 22 Sep 2021 14:22:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=T2iSTu9i0oCgh8xVSBI1oIPssEp4tNwIaOqXQRbaeT0=; b=T4PiL2RpOSvYXXatSFdgTg0hv+ 4/1+9T6bAAfhMyAC8juQsX8SaM4a5W2RplUYs1H5x3R52Veh9HDMii4Um0+XHlQsAHug8sJMmHK5H tegEYB6Ztm+5+yGX5TYbOi3eM/AFUz3ZodwdJOA2LTJcEMgvZ9M8/TVx89dWZ9cMQCTc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] mm: fix broken tainted value in mark_page_free Message-Id: Date: Wed, 22 Sep 2021 14:22:55 +0000 commit 289610483fc43e4082f0fc00c0ea8bca571b7ee5 Author: Penny Zheng AuthorDate: Wed Sep 22 16:18:30 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 22 16:18:30 2021 +0200 mm: fix broken tainted value in mark_page_free Commit 540a637c3410780b519fc055f432afe271f642f8 defines a new helper mark_page_free to extract common codes, while it accidently breaks the local variable "tainted". This patch fix it by letting mark_page_free() return bool of whether the page is offlined and rename local variable "tainted" to "pg_offlined". Coverity ID: 1491872 Fixes: 540a637c3410 ("xen: introduce mark_page_free") Signed-off-by: Penny Zheng Acked-by: Jan Beulich --- xen/common/page_alloc.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index 6142c7bb6a..5801358b4b 100644 --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -1380,8 +1380,10 @@ bool scrub_free_pages(void) return node_to_scrub(false) != NUMA_NO_NODE; } -static void mark_page_free(struct page_info *pg, mfn_t mfn) +static bool mark_page_free(struct page_info *pg, mfn_t mfn) { + bool pg_offlined = false; + ASSERT(mfn_x(mfn) == mfn_x(page_to_mfn(pg))); /* @@ -1405,7 +1407,7 @@ static void mark_page_free(struct page_info *pg, mfn_t mfn) case PGC_state_offlining: pg->count_info = (pg->count_info & PGC_broken) | PGC_state_offlined; - tainted = 1; + pg_offlined = true; break; default: @@ -1425,6 +1427,8 @@ static void mark_page_free(struct page_info *pg, mfn_t mfn) /* This page is not a guest frame any more. */ page_set_owner(pg, NULL); /* set_gpfn_from_mfn snoops pg owner */ set_gpfn_from_mfn(mfn_x(mfn), INVALID_M2P_ENTRY); + + return pg_offlined; } /* Free 2^@order set of pages. */ @@ -1433,7 +1437,7 @@ static void free_heap_pages( { unsigned long mask; mfn_t mfn = page_to_mfn(pg); - unsigned int i, node = phys_to_nid(mfn_to_maddr(mfn)), tainted = 0; + unsigned int i, node = phys_to_nid(mfn_to_maddr(mfn)), pg_offlined = 0; unsigned int zone = page_to_zone(pg); ASSERT(order <= MAX_ORDER); @@ -1443,7 +1447,8 @@ static void free_heap_pages( for ( i = 0; i < (1 << order); i++ ) { - mark_page_free(&pg[i], mfn_add(mfn, i)); + if ( mark_page_free(&pg[i], mfn_add(mfn, i)) ) + pg_offlined = 1; if ( need_scrub ) { @@ -1517,7 +1522,7 @@ static void free_heap_pages( page_list_add_scrub(pg, node, zone, order, pg->u.free.first_dirty); - if ( tainted ) + if ( pg_offlined ) reserve_offlined_page(pg); spin_unlock(&heap_lock); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Sep 22 14:23:07 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 22 Sep 2021 14:23:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.192839.343523 (Exim 4.92) (envelope-from ) id 1mT39O-0007Aj-W3; Wed, 22 Sep 2021 14:23:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 192839.343523; Wed, 22 Sep 2021 14:23:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mT39O-0007AZ-SQ; Wed, 22 Sep 2021 14:23:06 +0000 Received: by outflank-mailman (input) for mailman id 192839; Wed, 22 Sep 2021 14:23:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mT39N-00077c-8r for xen-changelog@lists.xenproject.org; Wed, 22 Sep 2021 14:23:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mT39N-0000o2-85 for xen-changelog@lists.xenproject.org; Wed, 22 Sep 2021 14:23:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mT39N-0004Z6-6y for xen-changelog@lists.xenproject.org; Wed, 22 Sep 2021 14:23:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0wDz9g+Vhid63fdQYPDsrwWw+kdD7eoapvgAAqHR+Nk=; b=N2dQsjCXXQfQ1/7ywDxdOFydBM R9abixnSW96P31SON7s96YKLyw2eUhUwAALvkB+SaT79lDd3pVViWRUBNg1Bf+hGfWuDecGbxo/r5 Ge2LJCm8EXXZ9G3deIOMW0jG3qfLAetZFWs6MOoIkbWIDVOP5lmG04f6McDsp6bZEI3s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86: drop a bogus SHARED_M2P() check from PV Dom0 building code Message-Id: Date: Wed, 22 Sep 2021 14:23:05 +0000 commit 604be1b333b1b66052ab9b0133f156890549a4f0 Author: Jan Beulich AuthorDate: Wed Sep 22 16:19:21 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 22 16:19:21 2021 +0200 x86: drop a bogus SHARED_M2P() check from PV Dom0 building code If anything, a check covering a wider range of invalid M2P entries ought to be used (e.g. VALID_M2P()). But since everything is fully under Xen's control at this stage, simply remove the BUG_ON(). Signed-off-by: Jan Beulich Acked-by: Roger Pau Monné --- xen/arch/x86/pv/dom0_build.c | 1 - 1 file changed, 1 deletion(-) diff --git a/xen/arch/x86/pv/dom0_build.c b/xen/arch/x86/pv/dom0_build.c index 77efd3918c..cb68da75c1 100644 --- a/xen/arch/x86/pv/dom0_build.c +++ b/xen/arch/x86/pv/dom0_build.c @@ -821,7 +821,6 @@ int __init dom0_construct_pv(struct domain *d, page_list_for_each ( page, &d->page_list ) { mfn = mfn_x(page_to_mfn(page)); - BUG_ON(SHARED_M2P(get_gpfn_from_mfn(mfn))); if ( get_gpfn_from_mfn(mfn) >= count ) { BUG_ON(compat); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Sep 24 09:11:10 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 24 Sep 2021 09:11:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.195049.347521 (Exim 4.92) (envelope-from ) id 1mThEX-0006Xw-Mf; Fri, 24 Sep 2021 09:11:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 195049.347521; Fri, 24 Sep 2021 09:11:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mThEX-0006Xo-Jd; Fri, 24 Sep 2021 09:11:05 +0000 Received: by outflank-mailman (input) for mailman id 195049; Fri, 24 Sep 2021 09:11:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mThEW-0006Xg-GK for xen-changelog@lists.xenproject.org; Fri, 24 Sep 2021 09:11:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mThEW-0005gE-E3 for xen-changelog@lists.xenproject.org; Fri, 24 Sep 2021 09:11:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mThEW-0006KI-Cy for xen-changelog@lists.xenproject.org; Fri, 24 Sep 2021 09:11:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ylmUTIT48fM2eXtJQkQRnUjP4vUVnbKO9QRy6BxShY0=; b=LAdoBYD1IOMGNt+4M0DCcZga8z NeIg/ijgMi/dg9CQ1Q23ZAuM/N8F2IqDaPhQsxPA8PJ2WGlCLAOs18BRWQl66rnnX790Sd5QE12+1 13OB4IZfs8BLUhseH3BQ9zLizn6THbCGc1UoJQ4XB9V35Wu9byEoTC5lH5Z/KOHoUYPY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] common: guest_physmap_add_page()'s return value needs checking Message-Id: Date: Fri, 24 Sep 2021 09:11:04 +0000 commit a16cf950fc22fe269d9bbbae270203811bafab67 Author: Jan Beulich AuthorDate: Fri Sep 24 11:00:30 2021 +0200 Commit: Jan Beulich CommitDate: Fri Sep 24 11:00:30 2021 +0200 common: guest_physmap_add_page()'s return value needs checking The function may fail; it is not correct to indicate "success" in this case up the call stack. Mark the function must-check to prove all cases have been caught (and no new ones will get introduced). Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné Acked-by: Ian Jackson Acked-by: Stefano Stabellini --- xen/common/grant_table.c | 6 +++--- xen/common/memory.c | 7 ++++--- xen/include/asm-arm/p2m.h | 7 +++---- xen/include/asm-x86/p2m.h | 4 ++-- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index fe1fc11b22..e510395d08 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -2394,7 +2394,7 @@ gnttab_transfer( { grant_entry_v1_t *sha = &shared_entry_v1(e->grant_table, gop.ref); - guest_physmap_add_page(e, _gfn(sha->frame), mfn, 0); + rc = guest_physmap_add_page(e, _gfn(sha->frame), mfn, 0); if ( !paging_mode_translate(e) ) sha->frame = mfn_x(mfn); } @@ -2402,7 +2402,7 @@ gnttab_transfer( { grant_entry_v2_t *sha = &shared_entry_v2(e->grant_table, gop.ref); - guest_physmap_add_page(e, _gfn(sha->full_page.frame), mfn, 0); + rc = guest_physmap_add_page(e, _gfn(sha->full_page.frame), mfn, 0); if ( !paging_mode_translate(e) ) sha->full_page.frame = mfn_x(mfn); } @@ -2415,7 +2415,7 @@ gnttab_transfer( rcu_unlock_domain(e); - gop.status = GNTST_okay; + gop.status = rc ? GNTST_general_error : GNTST_okay; copyback: if ( unlikely(__copy_field_to_guest(uop, &gop, status)) ) diff --git a/xen/common/memory.c b/xen/common/memory.c index f333c994c8..30d255da35 100644 --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -268,7 +268,8 @@ static void populate_physmap(struct memop_args *a) mfn = page_to_mfn(page); } - guest_physmap_add_page(d, _gfn(gpfn), mfn, a->extent_order); + if ( guest_physmap_add_page(d, _gfn(gpfn), mfn, a->extent_order) ) + goto out; if ( !paging_mode_translate(d) && /* Inform the domain of the new page's machine address. */ @@ -765,8 +766,8 @@ static long memory_exchange(XEN_GUEST_HANDLE_PARAM(xen_memory_exchange_t) arg) } mfn = page_to_mfn(page); - guest_physmap_add_page(d, _gfn(gpfn), mfn, - exch.out.extent_order); + rc = guest_physmap_add_page(d, _gfn(gpfn), mfn, + exch.out.extent_order) ?: rc; if ( !paging_mode_translate(d) && __copy_mfn_to_guest_offset(exch.out.extent_start, diff --git a/xen/include/asm-arm/p2m.h b/xen/include/asm-arm/p2m.h index f885cc522b..8f11d9c97b 100644 --- a/xen/include/asm-arm/p2m.h +++ b/xen/include/asm-arm/p2m.h @@ -310,10 +310,9 @@ int guest_physmap_add_entry(struct domain *d, p2m_type_t t); /* Untyped version for RAM only, for compatibility */ -static inline int guest_physmap_add_page(struct domain *d, - gfn_t gfn, - mfn_t mfn, - unsigned int page_order) +static inline int __must_check +guest_physmap_add_page(struct domain *d, gfn_t gfn, mfn_t mfn, + unsigned int page_order) { return guest_physmap_add_entry(d, gfn, mfn, page_order, p2m_ram_rw); } diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index c6d41ac0b6..357a808748 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -583,8 +583,8 @@ int guest_physmap_add_entry(struct domain *d, gfn_t gfn, p2m_type_t t); /* Untyped version for RAM only, for compatibility and PV. */ -int guest_physmap_add_page(struct domain *d, gfn_t gfn, mfn_t mfn, - unsigned int page_order); +int __must_check guest_physmap_add_page(struct domain *d, gfn_t gfn, mfn_t mfn, + unsigned int page_order); /* Set a p2m range as populate-on-demand */ int guest_physmap_mark_populate_on_demand(struct domain *d, unsigned long gfn, -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Sep 24 09:11:15 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 24 Sep 2021 09:11:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.195051.347525 (Exim 4.92) (envelope-from ) id 1mThEh-0006be-O1; Fri, 24 Sep 2021 09:11:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 195051.347525; Fri, 24 Sep 2021 09:11:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mThEh-0006bW-L8; Fri, 24 Sep 2021 09:11:15 +0000 Received: by outflank-mailman (input) for mailman id 195051; Fri, 24 Sep 2021 09:11:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mThEg-0006bJ-II for xen-changelog@lists.xenproject.org; Fri, 24 Sep 2021 09:11:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mThEg-0005gL-HY for xen-changelog@lists.xenproject.org; Fri, 24 Sep 2021 09:11:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mThEg-0006Le-GO for xen-changelog@lists.xenproject.org; Fri, 24 Sep 2021 09:11:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=wxoyinj0GgM/7HG9bqiRvSQfQOT2HaIXO3rkdK1vZUI=; b=DsptqqV/wRSsqnC36dXQnbFNM9 txIM/8js0HRCIRQgOoHL2CFkyIzo0/1ZCN3XETfR1bXloXpHJGlUMyBaiUYxqFKd3FdTiWNzAU8vR 3F3eaadbzWSizWTfwtpIIGvVUFNcIsupoukjwY3ooUPUpb+/ltLWwcj4AtQikEPEE8+I=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86: initialize memnodemapsize while faking NUMA node Message-Id: Date: Fri, 24 Sep 2021 09:11:14 +0000 commit 728998f6f2b7e1420e771236efec65cbf6143b7b Author: Wei Chen AuthorDate: Fri Sep 24 11:02:20 2021 +0200 Commit: Jan Beulich CommitDate: Fri Sep 24 11:02:20 2021 +0200 x86: initialize memnodemapsize while faking NUMA node When system turns NUMA off or system lacks of NUMA support, Xen will fake a NUMA node to make system works as a single node NUMA system. In this case the memory node map doesn't need to be allocated from boot pages, it will use the _memnodemap directly. But memnodemapsize hasn't been set. Xen should assert in phys_to_nid. Because x86 was using an empty macro "VIRTUAL_BUG_ON" to replace ASSERT, this bug will not be triggered on x86. Actually, Xen will only use 1 slot of memnodemap in this case. So we set memnodemap[0] to 0 and memnodemapsize to 1 in this patch to fix it. Signed-off-by: Wei Chen Acked-by: Jan Beulich --- xen/arch/x86/numa.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/xen/arch/x86/numa.c b/xen/arch/x86/numa.c index f1066c59c7..ce79ee44ce 100644 --- a/xen/arch/x86/numa.c +++ b/xen/arch/x86/numa.c @@ -270,6 +270,10 @@ void __init numa_initmem_init(unsigned long start_pfn, unsigned long end_pfn) /* setup dummy node covering all memory */ memnode_shift = BITS_PER_LONG - 1; memnodemap = _memnodemap; + /* Dummy node only uses 1 slot in reality */ + memnodemap[0] = 0; + memnodemapsize = 1; + nodes_clear(node_online_map); node_set_online(0); for ( i = 0; i < nr_cpu_ids; i++ ) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Sep 24 10:11:07 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 24 Sep 2021 10:11:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.195211.347821 (Exim 4.92) (envelope-from ) id 1mTiAa-00058T-Ng; Fri, 24 Sep 2021 10:11:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 195211.347821; Fri, 24 Sep 2021 10:11:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mTiAa-00058L-Kk; Fri, 24 Sep 2021 10:11:04 +0000 Received: by outflank-mailman (input) for mailman id 195211; Fri, 24 Sep 2021 10:11:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mTiAZ-00058F-Vq for xen-changelog@lists.xenproject.org; Fri, 24 Sep 2021 10:11:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mTiAZ-0006u2-UJ for xen-changelog@lists.xenproject.org; Fri, 24 Sep 2021 10:11:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mTiAZ-0003oo-TO for xen-changelog@lists.xenproject.org; Fri, 24 Sep 2021 10:11:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=75OAbRig6HzwNQ8aXJhXbFkzNC693CGt8x6q6eUM5bA=; b=OovBgzLJ1b+OeUiex7JNFqIahk 3lsCpjZIR7qnJ0+kkRubjNFvPDTfzgZoaztdERaAMNEPWLc65cCH4DD6l6wkATTiu8l4Mt8COtHfa jMcpt9EnrG6+gLbvRsx7+B4OY4zVdClekpg3+9009WNIjd2a3rClUhP8mSU/fqKnupkg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] tools/libxl: Correctly align the ACPI tables Message-Id: Date: Fri, 24 Sep 2021 10:11:03 +0000 commit dd6c062a7a4abdb662c18af03d1396325969d155 Author: Kevin Stefanov AuthorDate: Wed Sep 15 15:30:00 2021 +0100 Commit: Ian Jackson CommitDate: Fri Sep 24 11:07:50 2021 +0100 tools/libxl: Correctly align the ACPI tables The memory allocator currently calculates alignment in libxl's virtual address space, rather than guest physical address space. This results in the FACS being commonly misaligned. Furthermore, the allocator has several other bugs. The opencoded align-up calculation is currently susceptible to a bug that occurs in the corner case that the buffer is already aligned to begin with. In that case, an align-sized memory hole is introduced. The while loop is dead logic because its effects are entirely and unconditionally overwritten immediately after it. Rework the memory allocator to align in guest physical address space instead of libxl's virtual memory and improve the calculation, drop errant extra page in allocated buffer for ACPI tables, and give some of the variables better names/types. Fixes: 14c0d328da2b ("libxl/acpi: Build ACPI tables for HVMlite guests") Signed-off-by: Kevin Stefanov Reviewed-by: Jan Beulich Acked-by: Ian Jackson --- tools/libs/light/libxl_x86_acpi.c | 49 +++++++++++++++------------------------ 1 file changed, 19 insertions(+), 30 deletions(-) diff --git a/tools/libs/light/libxl_x86_acpi.c b/tools/libs/light/libxl_x86_acpi.c index 3eca1c7a9f..57a6b63790 100644 --- a/tools/libs/light/libxl_x86_acpi.c +++ b/tools/libs/light/libxl_x86_acpi.c @@ -20,6 +20,7 @@ /* Number of pages holding ACPI tables */ #define NUM_ACPI_PAGES 16 +#define ALIGN(p, a) (((p) + ((a) - 1)) & ~((a) - 1)) struct libxl_acpi_ctxt { struct acpi_ctxt c; @@ -28,10 +29,10 @@ struct libxl_acpi_ctxt { unsigned int page_shift; /* Memory allocator */ - unsigned long alloc_base_paddr; - unsigned long alloc_base_vaddr; - unsigned long alloc_currp; - unsigned long alloc_end; + unsigned long guest_start; + unsigned long guest_curr; + unsigned long guest_end; + void *buf; }; extern const unsigned char dsdt_pvh[]; @@ -43,8 +44,7 @@ static unsigned long virt_to_phys(struct acpi_ctxt *ctxt, void *v) struct libxl_acpi_ctxt *libxl_ctxt = CONTAINER_OF(ctxt, struct libxl_acpi_ctxt, c); - return (((unsigned long)v - libxl_ctxt->alloc_base_vaddr) + - libxl_ctxt->alloc_base_paddr); + return libxl_ctxt->guest_start + (v - libxl_ctxt->buf); } static void *mem_alloc(struct acpi_ctxt *ctxt, @@ -58,20 +58,16 @@ static void *mem_alloc(struct acpi_ctxt *ctxt, if (align < 16) align = 16; - s = (libxl_ctxt->alloc_currp + align) & ~((unsigned long)align - 1); + s = ALIGN(libxl_ctxt->guest_curr, align); e = s + size - 1; /* TODO: Reallocate memory */ - if ((e < s) || (e >= libxl_ctxt->alloc_end)) + if ((e < s) || (e >= libxl_ctxt->guest_end)) return NULL; - while (libxl_ctxt->alloc_currp >> libxl_ctxt->page_shift != - e >> libxl_ctxt->page_shift) - libxl_ctxt->alloc_currp += libxl_ctxt->page_size; + libxl_ctxt->guest_curr = e; - libxl_ctxt->alloc_currp = e; - - return (void *)s; + return libxl_ctxt->buf + (s - libxl_ctxt->guest_start); } static void acpi_mem_free(struct acpi_ctxt *ctxt, @@ -163,15 +159,12 @@ int libxl__dom_load_acpi(libxl__gc *gc, struct acpi_config config = {0}; struct libxl_acpi_ctxt libxl_ctxt; int rc = 0, acpi_pages_num; - void *acpi_pages; - unsigned long page_mask; if (b_info->type != LIBXL_DOMAIN_TYPE_PVH) goto out; libxl_ctxt.page_size = XC_DOM_PAGE_SIZE(dom); libxl_ctxt.page_shift = XC_DOM_PAGE_SHIFT(dom); - page_mask = (1UL << libxl_ctxt.page_shift) - 1; libxl_ctxt.c.mem_ops.alloc = mem_alloc; libxl_ctxt.c.mem_ops.v2p = virt_to_phys; @@ -186,19 +179,17 @@ int libxl__dom_load_acpi(libxl__gc *gc, config.rsdp = (unsigned long)libxl__malloc(gc, libxl_ctxt.page_size); config.infop = (unsigned long)libxl__malloc(gc, libxl_ctxt.page_size); /* Pages to hold ACPI tables */ - acpi_pages = libxl__malloc(gc, (NUM_ACPI_PAGES + 1) * - libxl_ctxt.page_size); + libxl_ctxt.buf = libxl__malloc(gc, NUM_ACPI_PAGES * + libxl_ctxt.page_size); /* * Set up allocator memory. * Start next to acpi_info page to avoid fracturing e820. */ - libxl_ctxt.alloc_base_paddr = ACPI_INFO_PHYSICAL_ADDRESS + - libxl_ctxt.page_size; - libxl_ctxt.alloc_base_vaddr = libxl_ctxt.alloc_currp = - (unsigned long)acpi_pages; - libxl_ctxt.alloc_end = (unsigned long)acpi_pages + - (NUM_ACPI_PAGES * libxl_ctxt.page_size); + libxl_ctxt.guest_start = libxl_ctxt.guest_curr = libxl_ctxt.guest_end = + ACPI_INFO_PHYSICAL_ADDRESS + libxl_ctxt.page_size; + + libxl_ctxt.guest_end += NUM_ACPI_PAGES * libxl_ctxt.page_size; /* Build the tables. */ rc = acpi_build_tables(&libxl_ctxt.c, &config); @@ -208,10 +199,8 @@ int libxl__dom_load_acpi(libxl__gc *gc, } /* Calculate how many pages are needed for the tables. */ - acpi_pages_num = - ((libxl_ctxt.alloc_currp - (unsigned long)acpi_pages) - >> libxl_ctxt.page_shift) + - ((libxl_ctxt.alloc_currp & page_mask) ? 1 : 0); + acpi_pages_num = (ALIGN(libxl_ctxt.guest_curr, libxl_ctxt.page_size) - + libxl_ctxt.guest_start) >> libxl_ctxt.page_shift; dom->acpi_modules[0].data = (void *)config.rsdp; dom->acpi_modules[0].length = 64; @@ -231,7 +220,7 @@ int libxl__dom_load_acpi(libxl__gc *gc, dom->acpi_modules[1].length = 4096; dom->acpi_modules[1].guest_addr_out = ACPI_INFO_PHYSICAL_ADDRESS; - dom->acpi_modules[2].data = acpi_pages; + dom->acpi_modules[2].data = libxl_ctxt.buf; dom->acpi_modules[2].length = acpi_pages_num << libxl_ctxt.page_shift; dom->acpi_modules[2].guest_addr_out = ACPI_INFO_PHYSICAL_ADDRESS + libxl_ctxt.page_size; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Sep 27 14:44:08 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 27 Sep 2021 14:44:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.197030.349963 (Exim 4.92) (envelope-from ) id 1mUrrS-0003yg-4v; Mon, 27 Sep 2021 14:44:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 197030.349963; Mon, 27 Sep 2021 14:44:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mUrrS-0003yY-1w; Mon, 27 Sep 2021 14:44:06 +0000 Received: by outflank-mailman (input) for mailman id 197030; Mon, 27 Sep 2021 14:44:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mUrrQ-0003yI-CL for xen-changelog@lists.xenproject.org; Mon, 27 Sep 2021 14:44:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mUrrQ-0001YV-BY for xen-changelog@lists.xenproject.org; Mon, 27 Sep 2021 14:44:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mUrrQ-0005ZW-Ag for xen-changelog@lists.xenproject.org; Mon, 27 Sep 2021 14:44:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=sR1JIzp+0XvXzhsbFQbYCv1IPSBSB6yGVW+0CoenUFs=; b=GcWG/zoAKRI+lmkflRMO1GtYmD eKTSysavhwKM50njqBzqcKDkayTbGmF6cQoy6+0CrgrJYdD8nziyWllEfMCy+DiFQmL7inQXepABy lBEbXJqBhPNcVqTDpWRS4iV1HdfVOymNWGZWcPUts86zimPSYr6XMRv1kuc+7hsHCG/4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] Config: use Mini-OS commit 9f09744aa3e5982 for xen-unstable Message-Id: Date: Mon, 27 Sep 2021 14:44:04 +0000 commit afacb0a98fca2c9848b67a60aea4f1ce8c5268a9 Author: Juergen Gross AuthorDate: Wed Sep 8 14:52:32 2021 +0200 Commit: Ian Jackson CommitDate: Mon Sep 27 15:34:56 2021 +0100 Config: use Mini-OS commit 9f09744aa3e5982 for xen-unstable Switch the used Mini-OS commit to 9f09744aa3e5982 in xen-unstable. [ 9f09744aa3e5982 is current mini-os.git#master -iwj. ] Signed-off-by: Juergen Gross Acked-by: Ian Jackson --- Config.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Config.mk b/Config.mk index 4d723eec1d..e85bf18654 100644 --- a/Config.mk +++ b/Config.mk @@ -246,7 +246,7 @@ MINIOS_UPSTREAM_URL ?= git://xenbits.xen.org/mini-os.git endif OVMF_UPSTREAM_REVISION ?= b37cfdd2807181aed2fee1e17bd7ec1190db266a QEMU_UPSTREAM_REVISION ?= master -MINIOS_UPSTREAM_REVISION ?= 051b87bb9c19609976fb038f386920e1ce5454c5 +MINIOS_UPSTREAM_REVISION ?= 9f09744aa3e5982a083ecf8e9cd2123f477081f9 SEABIOS_UPSTREAM_REVISION ?= rel-1.14.0 -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Sep 27 14:44:16 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 27 Sep 2021 14:44:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.197033.349978 (Exim 4.92) (envelope-from ) id 1mUrrc-0004Ll-Gt; Mon, 27 Sep 2021 14:44:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 197033.349978; Mon, 27 Sep 2021 14:44:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mUrrc-0004Ld-Dd; Mon, 27 Sep 2021 14:44:16 +0000 Received: by outflank-mailman (input) for mailman id 197033; Mon, 27 Sep 2021 14:44:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mUrra-0004Jw-FW for xen-changelog@lists.xenproject.org; Mon, 27 Sep 2021 14:44:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mUrra-0001Z9-El for xen-changelog@lists.xenproject.org; Mon, 27 Sep 2021 14:44:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mUrra-0005bK-Dr for xen-changelog@lists.xenproject.org; Mon, 27 Sep 2021 14:44:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=LFv1yKhImrqssvWI6+Hs4nVCW5aINWSxMv6rdflgDm8=; b=2Enz8LQkz2Y41AZbj4vCgz8pwY 9k1YAJhNcCAr9LJRoWxhBh3fh7uUGOKdxjCThyjGkY0g891LTy9wflOK8zf07d1ICTqiag44QnP/5 SwpDevcmyK+KUbEuRMIt0NPLA/tAk0V7gqKRe1K1/9QMMD4jgFRJDx2uxx3eDOOt4X/E=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] tools/libs: fix build of stubdoms Message-Id: Date: Mon, 27 Sep 2021 14:44:14 +0000 commit 2e46d73b4c7562f7b104e9e10fe302316af13959 Author: Juergen Gross AuthorDate: Wed Sep 8 14:43:03 2021 +0200 Commit: Ian Jackson CommitDate: Mon Sep 27 15:36:18 2021 +0100 tools/libs: fix build of stubdoms In case abi-dumper is available the stubdom builds will fail due to a false dependency on dynamic loadable libraries. Fix that. Fixes: d7c9f7a7a3959913b4 ("tools/libs: Write out an ABI analysis when abi-dumper is available") Signed-off-by: Juergen Gross Acked-by: Andrew Cooper --- tools/libs/libs.mk | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/libs/libs.mk b/tools/libs/libs.mk index 84130ccbaf..ebdb2a4782 100644 --- a/tools/libs/libs.mk +++ b/tools/libs/libs.mk @@ -98,10 +98,12 @@ lib$(LIB_FILE_NAME).so.$(MAJOR).$(MINOR): $(PIC_OBJS) libxen$(LIBNAME).map # If abi-dumper is available, write out the ABI analysis ifneq ($(ABI_DUMPER),) +ifneq ($(nosharedlibs),y) libs: $(PKG_ABI) $(PKG_ABI): lib$(LIB_FILE_NAME).so.$(MAJOR).$(MINOR) headers.lst $(ABI_DUMPER) $< -o $@ -public-headers headers.lst -lver $(MAJOR).$(MINOR) endif +endif .PHONY: install install: build -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Sep 28 04:55:10 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 28 Sep 2021 04:55:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.197442.350481 (Exim 4.92) (envelope-from ) id 1mV58z-00080Y-JU; Tue, 28 Sep 2021 04:55:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 197442.350481; Tue, 28 Sep 2021 04:55:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mV58z-00080P-GO; Tue, 28 Sep 2021 04:55:05 +0000 Received: by outflank-mailman (input) for mailman id 197442; Tue, 28 Sep 2021 04:55:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mV58y-00080J-RX for xen-changelog@lists.xenproject.org; Tue, 28 Sep 2021 04:55:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mV58y-00072E-Pw for xen-changelog@lists.xenproject.org; Tue, 28 Sep 2021 04:55:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mV58y-0004iA-Ol for xen-changelog@lists.xenproject.org; Tue, 28 Sep 2021 04:55:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=NAIwstwg62rQOJIgBZd8jUg9xGxkaCClaqv/QPP1ZUs=; b=oFl8BlCMRgljMLPgz/aNKyCpsT N42SzQUdi1804cZIbtA8LkIa00oxDZTu4F9lm3ixQl09PpQWL9tUtaPae72RCoy4Hs1R6JvsW0rrR 5F7l8EvIxpVnBG6DaPVrQwxWmhIa5oKcwBdxoo9jg4uWgw1beDk4XcciOJscSD41XZiw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: optee: Fix arm_smccc_smc's a0 for OPTEE_SMC_DISABLE_SHM_CACHE Message-Id: Date: Tue, 28 Sep 2021 04:55:04 +0000 commit 1c3ed9c908732d19660fbe83580674d585464d4c Author: Oleksandr Tyshchenko AuthorDate: Mon Sep 27 16:54:10 2021 +0300 Commit: Stefano Stabellini CommitDate: Mon Sep 27 21:49:54 2021 -0700 xen/arm: optee: Fix arm_smccc_smc's a0 for OPTEE_SMC_DISABLE_SHM_CACHE Fix a possible copy-paste error in arm_smccc_smc's first argument (a0) for OPTEE_SMC_DISABLE_SHM_CACHE case. This error causes Linux > v5.14-rc5 (b5c10dd04b7418793517e3286cde5c04759a86de optee: Clear stale cache entries during initialization) to stuck repeatedly issuing OPTEE_SMC_DISABLE_SHM_CACHE call and waiting for the result to be OPTEE_SMC_RETURN_ENOTAVAIL which will never happen. Signed-off-by: Oleksandr Tyshchenko Reviewed-by: Bertrand Marquis Reviewed-by: Volodymyr Babchuk Acked-by: Stefano Stabellini Fixes: 2e35cdf9b2ca ("xen/arm: optee: add OP-TEE mediator skeleton") Backport: 4.13+ --- xen/arch/arm/tee/optee.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/arm/tee/optee.c b/xen/arch/arm/tee/optee.c index 345361566e..6df0d44eb9 100644 --- a/xen/arch/arm/tee/optee.c +++ b/xen/arch/arm/tee/optee.c @@ -1692,7 +1692,7 @@ static bool optee_handle_call(struct cpu_user_regs *regs) return true; case OPTEE_SMC_DISABLE_SHM_CACHE: - arm_smccc_smc(OPTEE_SMC_ENABLE_SHM_CACHE, 0, 0, 0, 0, 0, 0, + arm_smccc_smc(OPTEE_SMC_DISABLE_SHM_CACHE, 0, 0, 0, 0, 0, 0, OPTEE_CLIENT_ID(current->domain), &resp); set_user_reg(regs, 0, resp.a0); if ( resp.a0 == OPTEE_SMC_RETURN_OK ) { -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Sep 28 11:55:14 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 28 Sep 2021 11:55:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.197947.351209 (Exim 4.92) (envelope-from ) id 1mVBhS-0007AG-Jf; Tue, 28 Sep 2021 11:55:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 197947.351209; Tue, 28 Sep 2021 11:55:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mVBhS-0007A8-Gl; Tue, 28 Sep 2021 11:55:06 +0000 Received: by outflank-mailman (input) for mailman id 197947; Tue, 28 Sep 2021 11:55:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mVBhR-0007A2-1H for xen-changelog@lists.xenproject.org; Tue, 28 Sep 2021 11:55:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mVBhR-0006xH-0W for xen-changelog@lists.xenproject.org; Tue, 28 Sep 2021 11:55:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mVBhQ-0000bd-Vl for xen-changelog@lists.xenproject.org; Tue, 28 Sep 2021 11:55:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=BgZZECktIOjLfCasN3phvxr8V9bOfDvMH3BKx2VlbPM=; b=hLONggSwN5w1Xd66UKO7DpSNtz x+3Mx3uZP5LSC1SI2fqaJ02Mne5Bs+uD61+bteDpOm7CsvY/cwl1cc0g6fMSbZpMrUOCw7s4dCwof e/R2aS8y5fl3vpYmOb8IPt2+fr77Zs2yhGS3/C79UKUws+CXcB6d2RqkogmMijGnayx4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] Config.mk: update OVMF to edk2-stable202108 Message-Id: Date: Tue, 28 Sep 2021 11:55:04 +0000 commit 8d73459193ad5d3e6bd220f3092643f3b1e44df2 Author: Anthony PERARD AuthorDate: Tue Aug 31 13:36:37 2021 +0100 Commit: Ian Jackson CommitDate: Tue Sep 28 12:47:50 2021 +0100 Config.mk: update OVMF to edk2-stable202108 Update to the latest stable tag. Signed-off-by: Anthony PERARD --- Config.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Config.mk b/Config.mk index 4d723eec1d..82b0c7c227 100644 --- a/Config.mk +++ b/Config.mk @@ -244,7 +244,7 @@ QEMU_TRADITIONAL_URL ?= git://xenbits.xen.org/qemu-xen-traditional.git SEABIOS_UPSTREAM_URL ?= git://xenbits.xen.org/seabios.git MINIOS_UPSTREAM_URL ?= git://xenbits.xen.org/mini-os.git endif -OVMF_UPSTREAM_REVISION ?= b37cfdd2807181aed2fee1e17bd7ec1190db266a +OVMF_UPSTREAM_REVISION ?= 7b4a99be8a39c12d3a7fc4b8db9f0eab4ac688d5 QEMU_UPSTREAM_REVISION ?= master MINIOS_UPSTREAM_REVISION ?= 051b87bb9c19609976fb038f386920e1ce5454c5 -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Sep 28 11:55:16 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 28 Sep 2021 11:55:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.197948.351213 (Exim 4.92) (envelope-from ) id 1mVBhc-0007Bx-LE; Tue, 28 Sep 2021 11:55:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 197948.351213; Tue, 28 Sep 2021 11:55:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mVBhc-0007Bp-IK; Tue, 28 Sep 2021 11:55:16 +0000 Received: by outflank-mailman (input) for mailman id 197948; Tue, 28 Sep 2021 11:55:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mVBhb-0007Bd-4U for xen-changelog@lists.xenproject.org; Tue, 28 Sep 2021 11:55:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mVBhb-0006xL-3j for xen-changelog@lists.xenproject.org; Tue, 28 Sep 2021 11:55:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mVBhb-0000cg-30 for xen-changelog@lists.xenproject.org; Tue, 28 Sep 2021 11:55:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=28joi+1pSmv3azj2THtS7VWwnOoY3GW3eeDaDGf9yJ0=; b=wFAy8C2/3QkWBD8Tr9Qd2TMspH gtp2qNKxfw8zk57yQv7AwwJb3J4YgwBhjHv35akRp8W/EmcLips1vWnOGqyouLDgRjUpaaStZWZ6u 9IA1x1yqlHOagJVV4M/rmw/8JRda4fbfk4Kl1kN21YapoPdmpeEELb/3ceSfIZ0wVpLo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] Merge remote-tracking branch 'origin/staging' into staging Message-Id: Date: Tue, 28 Sep 2021 11:55:15 +0000 commit 890ceb9453171c85e881103e65dbb5cdcf81659e Merge: 8d73459193ad5d3e6bd220f3092643f3b1e44df2 1c3ed9c908732d19660fbe83580674d585464d4c Author: Ian Jackson AuthorDate: Tue Sep 28 12:51:00 2021 +0100 Commit: Ian Jackson CommitDate: Tue Sep 28 12:51:00 2021 +0100 Merge remote-tracking branch 'origin/staging' into staging Config.mk | 2 +- tools/libs/libs.mk | 2 ++ xen/arch/arm/tee/optee.c | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --cc Config.mk index 82b0c7c227,e85bf18654..e7af4a402d --- a/Config.mk +++ b/Config.mk @@@ -244,9 -244,9 +244,9 @@@ QEMU_TRADITIONAL_URL ?= git://xenbits.x SEABIOS_UPSTREAM_URL ?= git://xenbits.xen.org/seabios.git MINIOS_UPSTREAM_URL ?= git://xenbits.xen.org/mini-os.git endif -OVMF_UPSTREAM_REVISION ?= b37cfdd2807181aed2fee1e17bd7ec1190db266a +OVMF_UPSTREAM_REVISION ?= 7b4a99be8a39c12d3a7fc4b8db9f0eab4ac688d5 QEMU_UPSTREAM_REVISION ?= master - MINIOS_UPSTREAM_REVISION ?= 051b87bb9c19609976fb038f386920e1ce5454c5 + MINIOS_UPSTREAM_REVISION ?= 9f09744aa3e5982a083ecf8e9cd2123f477081f9 SEABIOS_UPSTREAM_REVISION ?= rel-1.14.0 -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Sep 28 14:11:10 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 28 Sep 2021 14:11:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.198030.351319 (Exim 4.92) (envelope-from ) id 1mVDp4-0001gv-4M; Tue, 28 Sep 2021 14:11:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 198030.351319; Tue, 28 Sep 2021 14:11:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mVDp4-0001gn-1W; Tue, 28 Sep 2021 14:11:06 +0000 Received: by outflank-mailman (input) for mailman id 198030; Tue, 28 Sep 2021 14:11:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mVDp2-0001gh-FQ for xen-changelog@lists.xenproject.org; Tue, 28 Sep 2021 14:11:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mVDp2-0000xW-Bx for xen-changelog@lists.xenproject.org; Tue, 28 Sep 2021 14:11:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mVDp2-0007PO-AU for xen-changelog@lists.xenproject.org; Tue, 28 Sep 2021 14:11:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=w1bz3XZyEotXuu6OzeWnQH/CWFl8BtR5Bc+XdzPg0CU=; b=oPfejMFHdzHNRGau0q0nymo3gX 3VjR67ngVeVD4grEjlaZKMaPne9EXme4ukIx1dcgKquXECbxnblvNzW+jWrSpiQzYcyGEB/XLwvkz HX3p+lAD6ITRaw4iETqTpHALbLKEhZcfj5HIY72q3TPR04vi2mWF0LeK5VRWUsEGKR2s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/PVH: actually show Dom0's register state from debug key '0' Message-Id: Date: Tue, 28 Sep 2021 14:11:04 +0000 commit 1578322ac6bc4d66800a5a3caf6685f556b64054 Author: Jan Beulich AuthorDate: Tue Sep 28 16:03:38 2021 +0200 Commit: Jan Beulich CommitDate: Tue Sep 28 16:03:38 2021 +0200 x86/PVH: actually show Dom0's register state from debug key '0' vcpu_show_registers() didn't do anything for HVM so far. Note though that some extra hackery is needed for VMX - see the code comment. Note further that the show_guest_stack() invocation is left alone here: While strictly speaking guest_kernel_mode() should be predicated by a PV / !HVM check, show_guest_stack() itself will bail immediately for HVM. While there and despite not being PVH-specific, take the opportunity and filter offline vCPU-s: There's not really any register state associated with them, so avoid spamming the log with useless information while still leaving an indication of the fact. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné --- xen/arch/x86/traps.c | 26 +++++++++++++ xen/arch/x86/x86_64/traps.c | 95 ++++++++++++++++++++++++++++----------------- 2 files changed, 86 insertions(+), 35 deletions(-) diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index 0cc1ee95cb..c2e2603c39 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -632,6 +632,12 @@ void vcpu_show_execution_state(struct vcpu *v) { unsigned long flags; + if ( test_bit(_VPF_down, &v->pause_flags) ) + { + printk("*** %pv is offline ***\n", v); + return; + } + printk("*** Dumping Dom%d vcpu#%d state: ***\n", v->domain->domain_id, v->vcpu_id); @@ -643,6 +649,21 @@ void vcpu_show_execution_state(struct vcpu *v) vcpu_pause(v); /* acceptably dangerous */ +#ifdef CONFIG_HVM + /* + * For VMX special care is needed: Reading some of the register state will + * require VMCS accesses. Engaging foreign VMCSes involves acquiring of a + * lock, which check_lock() would object to when done from an IRQs-disabled + * region. Despite this being a layering violation, engage the VMCS right + * here. This then also avoids doing so several times in close succession. + */ + if ( cpu_has_vmx && is_hvm_vcpu(v) ) + { + ASSERT(!in_irq()); + vmx_vmcs_enter(v); + } +#endif + /* Prevent interleaving of output. */ flags = console_lock_recursive_irqsave(); @@ -652,6 +673,11 @@ void vcpu_show_execution_state(struct vcpu *v) console_unlock_recursive_irqrestore(flags); +#ifdef CONFIG_HVM + if ( cpu_has_vmx && is_hvm_vcpu(v) ) + vmx_vmcs_exit(v); +#endif + vcpu_unpause(v); } diff --git a/xen/arch/x86/x86_64/traps.c b/xen/arch/x86/x86_64/traps.c index 4116ecb9c0..d661d7ffca 100644 --- a/xen/arch/x86/x86_64/traps.c +++ b/xen/arch/x86/x86_64/traps.c @@ -49,6 +49,39 @@ static void read_registers(struct cpu_user_regs *regs, unsigned long crs[8]) crs[7] = read_gs_shadow(); } +static void get_hvm_registers(struct vcpu *v, struct cpu_user_regs *regs, + unsigned long crs[8]) +{ + struct segment_register sreg; + + crs[0] = v->arch.hvm.guest_cr[0]; + crs[2] = v->arch.hvm.guest_cr[2]; + crs[3] = v->arch.hvm.guest_cr[3]; + crs[4] = v->arch.hvm.guest_cr[4]; + + hvm_get_segment_register(v, x86_seg_cs, &sreg); + regs->cs = sreg.sel; + + hvm_get_segment_register(v, x86_seg_ds, &sreg); + regs->ds = sreg.sel; + + hvm_get_segment_register(v, x86_seg_es, &sreg); + regs->es = sreg.sel; + + hvm_get_segment_register(v, x86_seg_fs, &sreg); + regs->fs = sreg.sel; + crs[5] = sreg.base; + + hvm_get_segment_register(v, x86_seg_gs, &sreg); + regs->gs = sreg.sel; + crs[6] = sreg.base; + + hvm_get_segment_register(v, x86_seg_ss, &sreg); + regs->ss = sreg.sel; + + crs[7] = hvm_get_shadow_gs_base(v); +} + static void _show_registers( const struct cpu_user_regs *regs, unsigned long crs[8], enum context context, const struct vcpu *v) @@ -99,27 +132,8 @@ void show_registers(const struct cpu_user_regs *regs) if ( guest_mode(regs) && is_hvm_vcpu(v) ) { - struct segment_register sreg; + get_hvm_registers(v, &fault_regs, fault_crs); context = CTXT_hvm_guest; - fault_crs[0] = v->arch.hvm.guest_cr[0]; - fault_crs[2] = v->arch.hvm.guest_cr[2]; - fault_crs[3] = v->arch.hvm.guest_cr[3]; - fault_crs[4] = v->arch.hvm.guest_cr[4]; - hvm_get_segment_register(v, x86_seg_cs, &sreg); - fault_regs.cs = sreg.sel; - hvm_get_segment_register(v, x86_seg_ds, &sreg); - fault_regs.ds = sreg.sel; - hvm_get_segment_register(v, x86_seg_es, &sreg); - fault_regs.es = sreg.sel; - hvm_get_segment_register(v, x86_seg_fs, &sreg); - fault_regs.fs = sreg.sel; - fault_crs[5] = sreg.base; - hvm_get_segment_register(v, x86_seg_gs, &sreg); - fault_regs.gs = sreg.sel; - fault_crs[6] = sreg.base; - hvm_get_segment_register(v, x86_seg_ss, &sreg); - fault_regs.ss = sreg.sel; - fault_crs[7] = hvm_get_shadow_gs_base(v); } else { @@ -159,24 +173,35 @@ void show_registers(const struct cpu_user_regs *regs) void vcpu_show_registers(const struct vcpu *v) { const struct cpu_user_regs *regs = &v->arch.user_regs; - bool kernel = guest_kernel_mode(v, regs); + struct cpu_user_regs aux_regs; + enum context context; unsigned long crs[8]; - /* Only handle PV guests for now */ - if ( !is_pv_vcpu(v) ) - return; + if ( is_hvm_vcpu(v) ) + { + aux_regs = *regs; + get_hvm_registers(v->domain->vcpu[v->vcpu_id], &aux_regs, crs); + regs = &aux_regs; + context = CTXT_hvm_guest; + } + else + { + bool kernel = guest_kernel_mode(v, regs); + + crs[0] = v->arch.pv.ctrlreg[0]; + crs[2] = arch_get_cr2(v); + crs[3] = pagetable_get_paddr(kernel ? + v->arch.guest_table : + v->arch.guest_table_user); + crs[4] = v->arch.pv.ctrlreg[4]; + crs[5] = v->arch.pv.fs_base; + crs[6 + !kernel] = v->arch.pv.gs_base_kernel; + crs[7 - !kernel] = v->arch.pv.gs_base_user; + + context = CTXT_pv_guest; + } - crs[0] = v->arch.pv.ctrlreg[0]; - crs[2] = arch_get_cr2(v); - crs[3] = pagetable_get_paddr(kernel ? - v->arch.guest_table : - v->arch.guest_table_user); - crs[4] = v->arch.pv.ctrlreg[4]; - crs[5] = v->arch.pv.fs_base; - crs[6 + !kernel] = v->arch.pv.gs_base_kernel; - crs[7 - !kernel] = v->arch.pv.gs_base_user; - - _show_registers(regs, crs, CTXT_pv_guest, v); + _show_registers(regs, crs, context, v); } void show_page_walk(unsigned long addr) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Sep 28 14:11:16 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 28 Sep 2021 14:11:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.198031.351323 (Exim 4.92) (envelope-from ) id 1mVDpE-0001io-65; Tue, 28 Sep 2021 14:11:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 198031.351323; Tue, 28 Sep 2021 14:11:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mVDpE-0001if-30; Tue, 28 Sep 2021 14:11:16 +0000 Received: by outflank-mailman (input) for mailman id 198031; Tue, 28 Sep 2021 14:11:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mVDpC-0001iU-GJ for xen-changelog@lists.xenproject.org; Tue, 28 Sep 2021 14:11:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mVDpC-0000xd-FQ for xen-changelog@lists.xenproject.org; Tue, 28 Sep 2021 14:11:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mVDpC-0007Ql-EH for xen-changelog@lists.xenproject.org; Tue, 28 Sep 2021 14:11:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=pd64sOEqb19nqzI3cIFv8s2Yus0ObIFcQvkqMoCphnA=; b=uWYBO5C6fpnZx5gFYpP0U4lM8d 3VypJPCaq2WJKbS+MacmVhcoeNi4q6ZAGwZ7hyCYxgyPp3ODLp1MgYy41WPqsc1OS4UWCI4dIWHCn Z9HLtwOGVws439qpYnhOC4q72TWzfUWsZCjQknvR7nLqSydzPU5QFfgDfEgebteG7lr8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] pci: fix handling of PCI bridges with subordinate bus number 0xff Message-Id: Date: Tue, 28 Sep 2021 14:11:14 +0000 commit 9c3b9800e2019c93ab22da69e4a0b22d6fb059ec Author: Igor Druzhinin AuthorDate: Tue Sep 28 16:04:50 2021 +0200 Commit: Jan Beulich CommitDate: Tue Sep 28 16:04:50 2021 +0200 pci: fix handling of PCI bridges with subordinate bus number 0xff Bus number 0xff is valid according to the PCI spec. Using u8 typed sub_bus and assigning 0xff to it will result in the following loop getting stuck. for ( ; sec_bus <= sub_bus; sec_bus++ ) {...} Just change its type to unsigned int similarly to what is already done in dmar_scope_add_buses(). Signed-off-by: Igor Druzhinin Reviewed-by: Jan Beulich Reviewed-by: Bertrand Marquis --- xen/drivers/passthrough/pci.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index fc4fa2e5c3..d65cda856b 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -363,8 +363,7 @@ static struct pci_dev *alloc_pdev(struct pci_seg *pseg, u8 bus, u8 devfn) /* update bus2bridge */ switch ( pdev->type = pdev_type(pseg->nr, bus, devfn) ) { - u16 cap; - u8 sec_bus, sub_bus; + unsigned int cap, sec_bus, sub_bus; case DEV_TYPE_PCIe2PCI_BRIDGE: case DEV_TYPE_LEGACY_PCI_BRIDGE: @@ -431,7 +430,7 @@ static void free_pdev(struct pci_seg *pseg, struct pci_dev *pdev) /* update bus2bridge */ switch ( pdev->type ) { - uint8_t sec_bus, sub_bus; + unsigned int sec_bus, sub_bus; case DEV_TYPE_PCIe2PCI_BRIDGE: case DEV_TYPE_LEGACY_PCI_BRIDGE: -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Sep 29 10:00:11 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 29 Sep 2021 10:00:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.198990.352772 (Exim 4.92) (envelope-from ) id 1mVWNi-0008Tc-Hh; Wed, 29 Sep 2021 10:00:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 198990.352772; Wed, 29 Sep 2021 10:00:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mVWNi-0008TU-EB; Wed, 29 Sep 2021 10:00:06 +0000 Received: by outflank-mailman (input) for mailman id 198990; Wed, 29 Sep 2021 10:00:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mVWNg-0008Gw-Qi for xen-changelog@lists.xenproject.org; Wed, 29 Sep 2021 10:00:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mVWNg-0005Xz-P3 for xen-changelog@lists.xenproject.org; Wed, 29 Sep 2021 10:00:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mVWNg-00066G-O9 for xen-changelog@lists.xenproject.org; Wed, 29 Sep 2021 10:00:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Y8piSdWvKCyW+VusMkV1BXR5/WFsykahcy2LFsHEWdA=; b=XRc2H8F6GFu0iF9RJQbSXfdfOy pFHWYjHYsxxe+1LiKC0rTr0kF5biGtp+oQuPmKzcwX3hZ+sS6+jRGeAgDZP4+HKW2kbvOMMDp0TlC SPnafPkGHrU8cm5eme2m3z/q6bXHM9IPAVaSujQOdEUIz5FxzR1XcCTnx8RWgrIK+YRA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/HVM: convert hvm_virtual_to_linear_addr() to be remote-capable Message-Id: Date: Wed, 29 Sep 2021 10:00:04 +0000 commit dffe59c12444a97d9af82db6e6e4df7e2143c5f5 Author: Jan Beulich AuthorDate: Wed Sep 29 11:56:18 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 29 11:56:18 2021 +0200 x86/HVM: convert hvm_virtual_to_linear_addr() to be remote-capable While all present callers want to act on "current", stack dumping for HVM vCPU-s will require the function to be able to act on a remote vCPU. To avoid touching all present callers, convert the existing function to an inline wrapper around the extend new one. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné --- xen/arch/x86/hvm/hvm.c | 20 ++++++++++++-------- xen/include/asm-x86/hvm/hvm.h | 17 ++++++++++++++++- 2 files changed, 28 insertions(+), 9 deletions(-) diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 7b48a1b925..c8c86dd6a6 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -2526,7 +2526,8 @@ int hvm_set_cr4(unsigned long value, bool may_defer) return X86EMUL_OKAY; } -bool_t hvm_virtual_to_linear_addr( +bool hvm_vcpu_virtual_to_linear( + struct vcpu *v, enum x86_segment seg, const struct segment_register *reg, unsigned long offset, @@ -2535,9 +2536,12 @@ bool_t hvm_virtual_to_linear_addr( const struct segment_register *active_cs, unsigned long *linear_addr) { - const struct vcpu *curr = current; unsigned long addr = offset, last_byte; - bool_t okay = 0; + const struct cpu_user_regs *regs = v == current ? guest_cpu_user_regs() + : &v->arch.user_regs; + bool okay = false; + + ASSERT(v == current || !vcpu_runnable(v)); /* * These checks are for a memory access through an active segment. @@ -2547,7 +2551,7 @@ bool_t hvm_virtual_to_linear_addr( */ ASSERT(seg < x86_seg_none); - if ( !(curr->arch.hvm.guest_cr[0] & X86_CR0_PE) ) + if ( !(v->arch.hvm.guest_cr[0] & X86_CR0_PE) ) { /* * REAL MODE: Don't bother with segment access checks. @@ -2555,7 +2559,7 @@ bool_t hvm_virtual_to_linear_addr( */ addr = (uint32_t)(addr + reg->base); } - else if ( (guest_cpu_user_regs()->eflags & X86_EFLAGS_VM) && + else if ( (regs->eflags & X86_EFLAGS_VM) && is_x86_user_segment(seg) ) { /* VM86 MODE: Fixed 64k limits on all user segments. */ @@ -2564,7 +2568,7 @@ bool_t hvm_virtual_to_linear_addr( if ( max(offset, last_byte) >> 16 ) goto out; } - else if ( hvm_long_mode_active(curr) && + else if ( hvm_long_mode_active(v) && (is_x86_system_segment(seg) || active_cs->l) ) { /* @@ -2636,12 +2640,12 @@ bool_t hvm_virtual_to_linear_addr( else if ( last_byte > reg->limit ) goto out; /* last byte is beyond limit */ else if ( last_byte < offset && - curr->domain->arch.cpuid->x86_vendor == X86_VENDOR_AMD ) + v->domain->arch.cpuid->x86_vendor == X86_VENDOR_AMD ) goto out; /* access wraps */ } /* All checks ok. */ - okay = 1; + okay = true; out: /* diff --git a/xen/include/asm-x86/hvm/hvm.h b/xen/include/asm-x86/hvm/hvm.h index 7e842f2dc2..bd2cbb0e7b 100644 --- a/xen/include/asm-x86/hvm/hvm.h +++ b/xen/include/asm-x86/hvm/hvm.h @@ -314,7 +314,9 @@ enum hvm_access_type { hvm_access_read, hvm_access_write }; -bool_t hvm_virtual_to_linear_addr( + +bool hvm_vcpu_virtual_to_linear( + struct vcpu *v, enum x86_segment seg, const struct segment_register *reg, unsigned long offset, @@ -323,6 +325,19 @@ bool_t hvm_virtual_to_linear_addr( const struct segment_register *active_cs, unsigned long *linear_addr); +static inline bool hvm_virtual_to_linear_addr( + enum x86_segment seg, + const struct segment_register *reg, + unsigned long offset, + unsigned int bytes, + enum hvm_access_type access_type, + const struct segment_register *active_cs, + unsigned long *linear) +{ + return hvm_vcpu_virtual_to_linear(current, seg, reg, offset, bytes, + access_type, active_cs, linear); +} + void *hvm_map_guest_frame_rw(unsigned long gfn, bool_t permanent, bool_t *writable); void *hvm_map_guest_frame_ro(unsigned long gfn, bool_t permanent); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Sep 29 10:00:16 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 29 Sep 2021 10:00:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.198991.352775 (Exim 4.92) (envelope-from ) id 1mVWNs-00008Q-Ih; Wed, 29 Sep 2021 10:00:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 198991.352775; Wed, 29 Sep 2021 10:00:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mVWNs-00008H-Fm; Wed, 29 Sep 2021 10:00:16 +0000 Received: by outflank-mailman (input) for mailman id 198991; Wed, 29 Sep 2021 10:00:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mVWNq-000080-TS for xen-changelog@lists.xenproject.org; Wed, 29 Sep 2021 10:00:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mVWNq-0005Y7-Sd for xen-changelog@lists.xenproject.org; Wed, 29 Sep 2021 10:00:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mVWNq-00067z-Rl for xen-changelog@lists.xenproject.org; Wed, 29 Sep 2021 10:00:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Bg06hlTUbXNOygTvnfM11IH8nvuYGmuZzx9BsBEL+nc=; b=bj11JxrjQwE4u6TOewGQnQ0yN9 TzoH1OWYwuZMTQ5gzho0drQHKW2+1jbaztgSxN9omffEzDozKqFu6keYBy0mcgqrxXb1z89RbNH5j a/nArulfGOclJVTrr1IHH5pRROY8hmmhGzmZY+qb+dW0JYD7+/3UeJfJS1ccdA/bs34g=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/PVH: actually show Dom0's stacks from debug key '0' Message-Id: Date: Wed, 29 Sep 2021 10:00:14 +0000 commit cae8e262727bd5763210dd0e7ae314b39fde998b Author: Jan Beulich AuthorDate: Wed Sep 29 11:57:22 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 29 11:57:22 2021 +0200 x86/PVH: actually show Dom0's stacks from debug key '0' show_guest_stack() does nothing for HVM. Introduce a HVM-specific dumping function, paralleling the 64- and 32-bit PV ones. We don't know the real stack size, so only dump up to the next page boundary. Rather than adding a vcpu parameter to hvm_copy_from_guest_linear(), introduce hvm_copy_from_vcpu_linear() which - for now at least - in return won't need a "pfinfo" parameter. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné --- xen/arch/x86/hvm/hvm.c | 9 ++++ xen/arch/x86/traps.c | 87 +++++++++++++++++++++++++++++++++++++-- xen/include/asm-x86/hvm/support.h | 3 ++ 3 files changed, 95 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index c8c86dd6a6..aa418a3ca1 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -3410,6 +3410,15 @@ enum hvm_translation_result hvm_copy_from_guest_linear( PFEC_page_present | pfec, pfinfo); } +enum hvm_translation_result hvm_copy_from_vcpu_linear( + void *buf, unsigned long addr, unsigned int size, struct vcpu *v, + unsigned int pfec) +{ + return __hvm_copy(buf, addr, size, v, + HVMCOPY_from_guest | HVMCOPY_linear, + PFEC_page_present | pfec, NULL); +} + unsigned int copy_to_user_hvm(void *to, const void *from, unsigned int len) { int rc; diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index c2e2603c39..64f3396f20 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -365,6 +365,71 @@ static void show_guest_stack(struct vcpu *v, const struct cpu_user_regs *regs) printk("\n"); } +static void show_hvm_stack(struct vcpu *v, const struct cpu_user_regs *regs) +{ +#ifdef CONFIG_HVM + unsigned long sp = regs->rsp, addr; + unsigned int i, bytes, words_per_line, pfec = PFEC_page_present; + struct segment_register ss, cs; + + hvm_get_segment_register(v, x86_seg_ss, &ss); + hvm_get_segment_register(v, x86_seg_cs, &cs); + + if ( hvm_long_mode_active(v) && cs.l ) + i = 16, bytes = 8; + else + { + sp = ss.db ? (uint32_t)sp : (uint16_t)sp; + i = ss.db ? 8 : 4; + bytes = cs.db ? 4 : 2; + } + + if ( bytes == 8 || (ss.db && !ss.base) ) + printk("Guest stack trace from sp=%0*lx:", i, sp); + else + printk("Guest stack trace from ss:sp=%04x:%0*lx:", ss.sel, i, sp); + + if ( !hvm_vcpu_virtual_to_linear(v, x86_seg_ss, &ss, sp, bytes, + hvm_access_read, &cs, &addr) ) + { + printk(" Guest-inaccessible memory\n"); + return; + } + + if ( ss.dpl == 3 ) + pfec |= PFEC_user_mode; + + words_per_line = stack_words_per_line * (sizeof(void *) / bytes); + for ( i = 0; i < debug_stack_lines * words_per_line; ) + { + unsigned long val = 0; + + if ( (addr ^ (addr + bytes - 1)) & PAGE_SIZE ) + break; + + if ( !(i++ % words_per_line) ) + printk("\n "); + + if ( hvm_copy_from_vcpu_linear(&val, addr, bytes, v, + pfec) != HVMTRANS_okay ) + { + printk(" Fault while accessing guest memory."); + break; + } + + printk(" %0*lx", 2 * bytes, val); + + addr += bytes; + if ( !(addr & (PAGE_SIZE - 1)) ) + break; + } + + if ( !i ) + printk(" Stack empty."); + printk("\n"); +#endif +} + /* * Notes for get_{stack,shstk}*_bottom() helpers * @@ -630,7 +695,7 @@ void show_execution_state(const struct cpu_user_regs *regs) void vcpu_show_execution_state(struct vcpu *v) { - unsigned long flags; + unsigned long flags = 0; if ( test_bit(_VPF_down, &v->pause_flags) ) { @@ -668,10 +733,24 @@ void vcpu_show_execution_state(struct vcpu *v) flags = console_lock_recursive_irqsave(); vcpu_show_registers(v); - if ( guest_kernel_mode(v, &v->arch.user_regs) ) - show_guest_stack(v, &v->arch.user_regs); - console_unlock_recursive_irqrestore(flags); + if ( is_hvm_vcpu(v) ) + { + /* + * Stop interleaving prevention: The necessary P2M lookups involve + * locking, which has to occur with IRQs enabled. + */ + console_unlock_recursive_irqrestore(flags); + + show_hvm_stack(v, &v->arch.user_regs); + } + else + { + if ( guest_kernel_mode(v, &v->arch.user_regs) ) + show_guest_stack(v, &v->arch.user_regs); + + console_unlock_recursive_irqrestore(flags); + } #ifdef CONFIG_HVM if ( cpu_has_vmx && is_hvm_vcpu(v) ) diff --git a/xen/include/asm-x86/hvm/support.h b/xen/include/asm-x86/hvm/support.h index a4950e3d4b..6b583738ec 100644 --- a/xen/include/asm-x86/hvm/support.h +++ b/xen/include/asm-x86/hvm/support.h @@ -101,6 +101,9 @@ enum hvm_translation_result hvm_copy_to_guest_linear( enum hvm_translation_result hvm_copy_from_guest_linear( void *buf, unsigned long addr, unsigned int size, uint32_t pfec, pagefault_info_t *pfinfo); +enum hvm_translation_result hvm_copy_from_vcpu_linear( + void *buf, unsigned long addr, unsigned int size, struct vcpu *v, + unsigned int pfec); /* * Get a reference on the page under an HVM physical or linear address. If -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Sep 29 10:00:26 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 29 Sep 2021 10:00:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.198992.352779 (Exim 4.92) (envelope-from ) id 1mVWO2-0000Bo-KG; Wed, 29 Sep 2021 10:00:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 198992.352779; Wed, 29 Sep 2021 10:00:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mVWO2-0000Bd-HG; Wed, 29 Sep 2021 10:00:26 +0000 Received: by outflank-mailman (input) for mailman id 198992; Wed, 29 Sep 2021 10:00:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mVWO1-0000Aw-0E for xen-changelog@lists.xenproject.org; Wed, 29 Sep 2021 10:00:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mVWO0-0005YT-Vj for xen-changelog@lists.xenproject.org; Wed, 29 Sep 2021 10:00:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mVWO0-00069A-Us for xen-changelog@lists.xenproject.org; Wed, 29 Sep 2021 10:00:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=cpuJ3xfvZPQYfUwGtMn7KMoVBys+7Dakg+3lmR1BL8k=; b=0NocJ8Uv2nsZCQ16dBoP8Mz+B0 llNfbMIUjA19CBUmxSQ45sMcFsPv8h7mQyzClKif5uAfaKfyDZtpMiMcci0J4IBWD1g8PvbOkj//I LhJTzguLGYBTt5kBJKlNnCH6XBDZg7+006TBXbj1NqFcxdMMkxzWwRkoIMzSj3zRSpSo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen: rework `checkpolicy` detection when using "randconfig" Message-Id: Date: Wed, 29 Sep 2021 10:00:24 +0000 commit 0b000a2ce8131df442d6444d2d3e0a8c7f9a1cf5 Author: Anthony PERARD AuthorDate: Wed Sep 29 11:58:15 2021 +0200 Commit: Jan Beulich CommitDate: Wed Sep 29 11:58:15 2021 +0200 xen: rework `checkpolicy` detection when using "randconfig" This patch allows to easily add more override which depends on the environment. Also, move the check out of Config.mk and into xen/ build system. Nothing in tools/ is using that information as it's done by ./configure. We named the new file ".allconfig.tmp" as ".*.tmp" are already ignored via .gitignore. Signed-off-by: Anthony PERARD Reviewed-by: Luca Fancellu Reviewed-by: Jan Beulich --- Config.mk | 6 ------ xen/Makefile | 20 +++++++++++++++++--- 2 files changed, 17 insertions(+), 9 deletions(-) diff --git a/Config.mk b/Config.mk index e7af4a402d..6587c7d626 100644 --- a/Config.mk +++ b/Config.mk @@ -137,12 +137,6 @@ export XEN_HAS_BUILD_ID=y build_id_linker := --build-id=sha1 endif -ifndef XEN_HAS_CHECKPOLICY - CHECKPOLICY ?= checkpolicy - XEN_HAS_CHECKPOLICY := $(shell $(CHECKPOLICY) -h 2>&1 | grep -q xen && echo y || echo n) - export XEN_HAS_CHECKPOLICY -endif - define buildmakevars2shellvars export PREFIX="$(prefix)"; \ export XEN_SCRIPT_DIR="$(XEN_SCRIPT_DIR)"; \ diff --git a/xen/Makefile b/xen/Makefile index f47423dacd..7c2ffce0fc 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -17,6 +17,8 @@ export XEN_BUILD_HOST ?= $(shell hostname) PYTHON_INTERPRETER := $(word 1,$(shell which python3 python python2 2>/dev/null) python) export PYTHON ?= $(PYTHON_INTERPRETER) +export CHECKPOLICY ?= checkpolicy + export BASEDIR := $(CURDIR) export XEN_ROOT := $(BASEDIR)/.. @@ -178,6 +180,8 @@ CFLAGS += $(CLANG_FLAGS) export CLANG_FLAGS endif +export XEN_HAS_CHECKPOLICY := $(call success,$(CHECKPOLICY) -h 2>&1 | grep -q xen) + export root-make-done := y endif # root-make-done @@ -189,14 +193,24 @@ ifeq ($(config-build),y) # *config targets only - make sure prerequisites are updated, and descend # in tools/kconfig to make the *config target +# Create a file for KCONFIG_ALLCONFIG which depends on the environment. +# This will be use by kconfig targets allyesconfig/allmodconfig/allnoconfig/randconfig +filechk_kconfig_allconfig = \ + $(if $(findstring n,$(XEN_HAS_CHECKPOLICY)), echo 'CONFIG_XSM_FLASK_POLICY=n';) \ + $(if $(KCONFIG_ALLCONFIG), cat $(KCONFIG_ALLCONFIG);) \ + : + +.allconfig.tmp: FORCE + set -e; { $(call filechk_kconfig_allconfig); } > $@ + config: FORCE $(MAKE) $(kconfig) $@ # Config.mk tries to include .config file, don't try to remake it %/.config: ; -%config: FORCE - $(MAKE) $(kconfig) $@ +%config: .allconfig.tmp FORCE + $(MAKE) $(kconfig) KCONFIG_ALLCONFIG=$< $@ else # !config-build @@ -368,7 +382,7 @@ _clean: delete-unfresh-files -o -name "*.gcno" -o -name ".*.cmd" -o -name "lib.a" \) -exec rm -f {} \; rm -f include/asm $(TARGET) $(TARGET).gz $(TARGET).efi $(TARGET).efi.map $(TARGET)-syms $(TARGET)-syms.map *~ core rm -f asm-offsets.s include/asm-*/asm-offsets.h - rm -f .banner + rm -f .banner .allconfig.tmp .PHONY: _distclean _distclean: clean -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Sep 29 14:33:14 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 29 Sep 2021 14:33:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.199214.353125 (Exim 4.92) (envelope-from ) id 1mVadu-0004UH-6B; Wed, 29 Sep 2021 14:33:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 199214.353125; Wed, 29 Sep 2021 14:33:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mVadu-0004U9-3G; Wed, 29 Sep 2021 14:33:06 +0000 Received: by outflank-mailman (input) for mailman id 199214; Wed, 29 Sep 2021 14:33:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mVads-0004U3-SO for xen-changelog@lists.xenproject.org; Wed, 29 Sep 2021 14:33:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mVads-0001wU-LE for xen-changelog@lists.xenproject.org; Wed, 29 Sep 2021 14:33:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mVads-00072m-KK for xen-changelog@lists.xenproject.org; Wed, 29 Sep 2021 14:33:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=BErBqY7NmI+Ns3TtvqffwLyi5/Ov0pCVlVBKB175Eng=; b=f96214/Zg/AUTV73PoKKLrZoEf /OZi9V4ow1s+g2kLmHmQ6S2MaD4CnSrepuxtnVKg70v+dqUPl2mO36hbe9xWNDA4Qv5kzbdB1epiV UrL0BpY1fUOx8WVYyN5NokMRrDYPQ9HomYiPvqs3N487kH/amN1l7QsWhRO/S2hdu4yg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] build: add --full to version.sh to guess $(XEN_FULLVERSION) Message-Id: Date: Wed, 29 Sep 2021 14:33:04 +0000 commit ab4a83023eda9f04ad864877c1956b087ec6fc4f Author: Anthony PERARD AuthorDate: Thu Sep 9 15:33:06 2021 +0100 Commit: Ian Jackson CommitDate: Wed Sep 29 15:29:55 2021 +0100 build: add --full to version.sh to guess $(XEN_FULLVERSION) Running $(MAKE) like that in a $(shell ) while parsing the Makefile doesn't work reliably. In some case, make will complain with "jobserver unavailable: using -j1. Add '+' to parent make rule.". Also, it isn't possible to distinguish between the output produced by the target "xenversion" and `make`'s own output. Instead of running make, this patch "improve" `version.sh` to try to guess the output of `make xenversion`. In order to have version.sh works in more scenario, it will use XEN_EXTRAVERSION and XEN_VENDORVERSION from the environment when present. As for the cases were those two variables are overridden by a make command line arguments, we export them when invoking version.sh via a new $(XEN_FULLVERSION) macro. That should hopefully get us to having ./version.sh returning the same value that `make xenversion` would. This fix GitLab CI's build job "debian-unstable-gcc-arm64". Signed-off-by: Anthony PERARD Reviewed-by: Daniel P. Smith Reviewed-by: Ian Jackson --- tools/Rules.mk | 5 +++++ tools/flask/policy/Makefile.common | 2 +- version.sh | 18 +++++++++++++++++- 3 files changed, 23 insertions(+), 2 deletions(-) diff --git a/tools/Rules.mk b/tools/Rules.mk index 2907ed2d39..b022da3336 100644 --- a/tools/Rules.mk +++ b/tools/Rules.mk @@ -6,6 +6,11 @@ all: -include $(XEN_ROOT)/config/Tools.mk include $(XEN_ROOT)/Config.mk +XEN_FULLVERSION=$(shell env \ + XEN_EXTRAVERSION=$(XEN_EXTRAVERSION) \ + XEN_VENDORVERSION=$(XEN_VENDORVERSION) \ + $(SHELL) $(XEN_ROOT)/version.sh --full $(XEN_ROOT)/xen/Makefile) + export _INSTALL := $(INSTALL) INSTALL = $(XEN_ROOT)/tools/cross-install diff --git a/tools/flask/policy/Makefile.common b/tools/flask/policy/Makefile.common index bea5ba4b6a..e5ed58200e 100644 --- a/tools/flask/policy/Makefile.common +++ b/tools/flask/policy/Makefile.common @@ -35,7 +35,7 @@ OUTPUT_POLICY ?= $(BEST_POLICY_VER) # ######################################## -POLICY_FILENAME = $(FLASK_BUILD_DIR)/xenpolicy-$(shell $(MAKE) -C $(XEN_ROOT)/xen xenversion --no-print-directory) +POLICY_FILENAME = $(FLASK_BUILD_DIR)/xenpolicy-$(XEN_FULLVERSION) POLICY_LOADPATH = /boot # List of policy versions supported by the hypervisor diff --git a/version.sh b/version.sh index e894ee7e04..c6a5692c19 100755 --- a/version.sh +++ b/version.sh @@ -1,5 +1,21 @@ #!/bin/sh +opt_full=false +while [ $# -gt 1 ]; do + case "$1" in + --full) opt_full=true ;; + *) break ;; + esac + shift +done + MAJOR=`grep "export XEN_VERSION" $1 | sed 's/.*=//g' | tr -s " "` MINOR=`grep "export XEN_SUBVERSION" $1 | sed 's/.*=//g' | tr -s " "` -printf "%d.%d" $MAJOR $MINOR + +if $opt_full; then + extraversion=$(grep "export XEN_EXTRAVERSION" $1 | sed 's/^.* ?=\s\+//; s/\$([^)]*)//g; s/ //g') + : ${XEN_EXTRAVERSION:=${extraversion}${XEN_VENDORVERSION}} +else + unset XEN_EXTRAVERSION +fi +printf "%d.%d%s" $MAJOR $MINOR $XEN_EXTRAVERSION -- generated by git-patchbot for /home/xen/git/xen.git#staging